[ { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "chromium" }, "ranges": [ { "events": [ { "fixed": "142.0.7444.134" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "ungoogled-chromium" }, "ranges": [ { "events": [ { "fixed": "142.0.7444.134" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://chromereleases.googleblog.com/2025/11/stable-channel-update-for-desktop.html" ], "discovery": "2025-11-05T00:00:00Z", "references": { "cvename": [ "CVE-2025-12725", "CVE-2025-12726", "CVE-2025-12727", "CVE-2025-12728", "CVE-2025-12729" ] }, "vid": "93ff3ebe-bba8-11f0-b3f7-a8a1599412c6" }, "details": "Chrome Releases reports:\n\n> This update includes 5 security fixes:\n>\n> - \\[443906252\\] High CVE-2025-12725: Out of bounds write in WebGPU.\n> Reported by Anonymous on 2025-09-09\n> - \\[447172715\\] High CVE-2025-12726: Inappropriate implementation in\n> Views. Reported by Alesandro Ortiz on 2025-09-25\n> - \\[454485895\\] High CVE-2025-12727: Inappropriate implementation in\n> V8. Reported by 303f06e3 on 2025-10-23\n> - \\[452392032\\] Medium CVE-2025-12728: Inappropriate implementation in\n> Omnibox. Reported by Hafiizh on 2025-10-16\n> - \\[454354281\\] Medium CVE-2025-12729: Inappropriate implementation in\n> Omnibox. Reported by Khalil Zhani on 2025-10-23\n", "id": "FreeBSD-2025-0377", "modified": "2025-11-07T00:00:00Z", "published": "2025-11-07T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://chromereleases.googleblog.com/2025/11/stable-channel-update-for-desktop.html" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2025-12725" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2025-12726" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2025-12727" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2025-12728" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2025-12729" }, { "type": "WEB", "url": "https://chromereleases.googleblog.com/2025/11/stable-channel-update-for-desktop.html" } ], "schema_version": "1.7.0", "summary": "chromium -- multiple security fixes" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "openjph" }, "ranges": [ { "events": [ { "fixed": "0.24.5" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://github.com/aous72/OpenJPH/releases" ], "discovery": "2025-10-29T00:00:00Z", "vid": "77bac392-ba98-11f0-aada-f59a8ea34d12" }, "details": "Aous Naman reports several vulnerabilities fixed in OpenJPH versions up\nto 0.24.5 and credits Cary Phillips for reporting them from the OSS-fuzz\nproject.\n\n> \\[0.24.5\\] Addresses OpenEXR OSS-fuzz issue 5747129672073216 that can\n> cause heap corruption.\n>\n> \\[0.24.4\\...\\] we now check that the ATK marker segment length (Latk)\n> makes sense. The issue was identified in OpenEXR fuzzing.\n>\n> \\[0.24.3\\] This is an important bug fix. It protects against illegally\n> long QCD and QCC marker segments. It was discovered during OpenEXR\n> fussing; thanx to \\[Cary Phillips\\].\n", "id": "FreeBSD-2025-0376", "modified": "2025-11-05T00:00:00Z", "published": "2025-11-05T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://github.com/aous72/OpenJPH/releases" }, { "type": "WEB", "url": "https://github.com/aous72/OpenJPH/releases" } ], "schema_version": "1.7.0", "summary": "OpenJPH < 0.24.5 -- multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "openexr" }, "ranges": [ { "events": [ { "fixed": "3.4.3" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://github.com/AcademySoftwareFoundation/openexr/releases/tag/v3.4.3" ], "discovery": "2025-10-29T00:00:00Z", "vid": "c71a3914-ba96-11f0-aada-f59a8ea34d12" }, "details": "Cary Phillips reports:\n\n> Patch release that addresses several bugs, primarily involving\n> properly rejecting corrupt input data.\n\nHe goes on to report various relevant items including heap buffer\noverflows, use-after-free, use of uninitialized memory and other bugs,\nseveral of them found by OSS-fuzz, and some also found in OpenJPH.\n", "id": "FreeBSD-2025-0375", "modified": "2025-11-05T00:00:00Z", "published": "2025-11-05T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://github.com/AcademySoftwareFoundation/openexr/releases/tag/v3.4.3" }, { "type": "WEB", "url": "https://github.com/AcademySoftwareFoundation/openexr/releases/tag/v3.4.3" } ], "schema_version": "1.7.0", "summary": "OpenEXR < 3.4.3 -- multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "mongodb70" }, "ranges": [ { "events": [ { "fixed": "7.0.22" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://jira.mongodb.org/browse/SERVER-101230" ], "discovery": "2025-11-03T00:00:00Z", "references": { "cvename": [ "CVE-2025-12657" ] }, "vid": "970159e6-ba60-11f0-8447-b42e991fc52e" }, "details": "https://jira.mongodb.org/browse/SERVER-101230 reports:\n\n> The KMIP response parser built into mongo binaries is overly tolerant\n> of certain malformed packets, and may parse them into invalid objects.\n> Later reads of this object can result in read access violations.\n", "id": "FreeBSD-2025-0374", "modified": "2025-11-05T00:00:00Z", "published": "2025-11-05T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://jira.mongodb.org/browse/SERVER-101230" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2025-12657" }, { "type": "WEB", "url": "https://cveawg.mitre.org/api/cve/CVE-2025-12657" } ], "schema_version": "1.7.0", "summary": "MongoDB -- Improper Check for Unusual or Exceptional Conditions" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "xorg-server" }, "ranges": [ { "events": [ { "fixed": "21.1.19,1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "xwayland" }, "ranges": [ { "events": [ { "fixed": "24.1.9,1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://access.redhat.com/errata/RHSA-2025:19432" ], "discovery": "2025-10-30T00:00:00Z", "references": { "cvename": [ "CVE-2025-62229", "CVE-2025-62230", "CVE-2025-62231" ] }, "vid": "e99a32c8-b8e2-11f0-8510-b42e991fc52e" }, "details": "https://access.redhat.com/errata/RHSA-2025:19432 reports:\n\n> CVE-2025-62229: A flaw was found in the X.Org X server and Xwayland\n> when processing X11 Present extension notifications. Improper error\n> handling during notification creation can leave dangling pointers that\n> lead to a use-after-free condition. This can cause memory corruption\n> or a crash, potentially allowing an attacker to execute arbitrary code\n> or cause a denial of service.\n>\n> CVE-2025-62230: A flaw was discovered in the X.Org X servers X\n> Keyboard (Xkb) extension when handling client resource cleanup. The\n> software frees certain data structures without properly detaching\n> related resources, leading to a use-after-free condition. This can\n> cause memory corruption or a crash when affected clients disconnect.\n>\n> CVE-2025-62231: A flaw was identified in the X.Org X servers X\n> Keyboard (Xkb) extension where improper bounds checking in the\n> XkbSetCompatMap() function can cause an unsigned short overflow. If an\n> attacker sends specially crafted input data, the value calculation may\n> overflow, leading to memory corruption or a crash.\n", "id": "FreeBSD-2025-0373", "modified": "2025-11-03T00:00:00Z", "published": "2025-11-03T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://access.redhat.com/errata/RHSA-2025:19432" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2025-62229" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2025-62230" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2025-62231" }, { "type": "WEB", "url": "https://cveawg.mitre.org/api/cve/CVE-2025-62229" } ], "schema_version": "1.7.0", "summary": "Xorg -- multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "redis" }, "ranges": [ { "events": [ { "introduced": "8.2.0" }, { "fixed": "8.2.3" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://github.com/redis/redis/security/advisories/GHSA-jhjx-x4cf-4vm8" ], "discovery": "2025-11-03T00:00:00Z", "references": { "cvename": [ "CVE-2025-62507" ] }, "vid": "5523394e-b889-11f0-9446-f02f7497ecda" }, "details": "Google Big Sleep reports:\n\n> A user can run the XACKDEL command with multiple ID\\'s and trigger a\n> stack buffer overflow, which may potentially lead to remote code\n> execution. The problem exists in Redis 8.2 or newer. The code doesn\\'t\n> handle the case where the number of ID\\'s exceeds the\n> STREAMID_STATIC_VECTOR_LEN, and skips a reallocation, which leads to a\n> stack buffer overflow. An additional workaround to mitigate the\n> problem without patching the redis-server executable is to prevent\n> users from executing XACKDEL operation. This can be done using ACL to\n> restrict XACKDEL command.\n", "id": "FreeBSD-2025-0372", "modified": "2025-11-03T00:00:00Z", "published": "2025-11-03T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://github.com/redis/redis/security/advisories/GHSA-jhjx-x4cf-4vm8" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2025-62507" } ], "schema_version": "1.7.0", "summary": "redis -- Bug in XACKDEL may lead to stack overflow and potential RCE" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "firefox" }, "ranges": [ { "events": [ { "fixed": "142.0.0,2" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "firefox-esr" }, "ranges": [ { "events": [ { "fixed": "140.2.0" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "thunderbird" }, "ranges": [ { "events": [ { "fixed": "142.0.0" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://bugzilla.mozilla.org/show_bug.cgi?id=1975837" ], "discovery": "2025-08-19T00:00:00Z", "references": { "cvename": [ "CVE-2025-9182" ] }, "vid": "1ba0b62b-b80a-11f0-8016-b42e991fc52e" }, "details": "https://bugzilla.mozilla.org/show_bug.cgi?id=1975837 reports:\n\n> Denial-of-service due to out-of-memory in the Graphics: WebRender\n> component.\n", "id": "FreeBSD-2025-0371", "modified": "2025-11-02T00:00:00Z", "published": "2025-11-02T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1975837" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2025-9182" }, { "type": "WEB", "url": "https://cveawg.mitre.org/api/cve/CVE-2025-9182" } ], "schema_version": "1.7.0", "summary": "Mozilla -- Denial-of-service due to out-of-memory" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "firefox" }, "ranges": [ { "events": [ { "fixed": "142.0.0,2" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "firefox-esr" }, "ranges": [ { "events": [ { "fixed": "140.2.0" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "thunderbird" }, "ranges": [ { "events": [ { "fixed": "142.0.0" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "thunderbird" }, "ranges": [ { "events": [ { "fixed": "140.2.0" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://bugzilla.mozilla.org/show_bug.cgi?id=1979782" ], "discovery": "2025-08-19T00:00:00Z", "references": { "cvename": [ "CVE-2025-9180" ] }, "vid": "0723a60e-b80a-11f0-8016-b42e991fc52e" }, "details": "https://bugzilla.mozilla.org/show_bug.cgi?id=1979782 reports:\n\n> Same-origin policy bypass in the Graphics: Canvas2D component.\n", "id": "FreeBSD-2025-0370", "modified": "2025-11-02T00:00:00Z", "published": "2025-11-02T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1979782" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2025-9180" }, { "type": "WEB", "url": "https://cveawg.mitre.org/api/cve/CVE-2025-9180" } ], "schema_version": "1.7.0", "summary": "Mozilla -- Same-origin policy bypass in the Graphics: Canvas2D component" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "firefox" }, "ranges": [ { "events": [ { "fixed": "143.0.3,2" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://bugzilla.mozilla.org/show_bug.cgi?id=1987246" ], "discovery": "2025-09-30T00:00:00Z", "references": { "cvename": [ "CVE-2025-11152" ] }, "vid": "f752879f-b809-11f0-8016-b42e991fc52e" }, "details": "https://bugzilla.mozilla.org/show_bug.cgi?id=1987246 reports:\n\n> Sandbox escape due to integer overflow in the Graphics: Canvas2D\n> component.\n", "id": "FreeBSD-2025-0369", "modified": "2025-11-02T00:00:00Z", "published": "2025-11-02T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1987246" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2025-11152" }, { "type": "WEB", "url": "https://cveawg.mitre.org/api/cve/CVE-2025-11152" } ], "schema_version": "1.7.0", "summary": "Firefox -- Sandbox escape due to integer overflow" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "firefox" }, "ranges": [ { "events": [ { "fixed": "143.0.0,2" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "firefox-esr" }, "ranges": [ { "events": [ { "fixed": "140.3.0" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "thunderbird" }, "ranges": [ { "events": [ { "fixed": "143.0.0" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://bugzilla.mozilla.org/show_bug.cgi?id=1981502" ], "discovery": "2025-09-16T00:00:00Z", "references": { "cvename": [ "CVE-2025-10536" ] }, "vid": "ea017037-b808-11f0-8016-b42e991fc52e" }, "details": "https://bugzilla.mozilla.org/show_bug.cgi?id=1981502 reports:\n\n> Information disclosure in the Networking: Cache component.\n", "id": "FreeBSD-2025-0368", "modified": "2025-11-02T00:00:00Z", "published": "2025-11-02T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1981502" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2025-10536" }, { "type": "WEB", "url": "https://cveawg.mitre.org/api/cve/CVE-2025-10536" } ], "schema_version": "1.7.0", "summary": "Firefox -- Information disclosure in the Networking: Cache component" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "firefox" }, "ranges": [ { "events": [ { "fixed": "143.0.0,2" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "thunderbird" }, "ranges": [ { "events": [ { "fixed": "143.0.0" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://bugzilla.mozilla.org/show_bug.cgi?id=1665334" ], "discovery": "2025-09-16T00:00:00Z", "references": { "cvename": [ "CVE-2025-10534" ] }, "vid": "d09efc3b-b808-11f0-8016-b42e991fc52e" }, "details": "https://bugzilla.mozilla.org/show_bug.cgi?id=1665334 reports:\n\n> Spoofing issue in the Site Permissions component.\n", "id": "FreeBSD-2025-0367", "modified": "2025-11-02T00:00:00Z", "published": "2025-11-02T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1665334" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2025-10534" }, { "type": "WEB", "url": "https://cveawg.mitre.org/api/cve/CVE-2025-10534" } ], "schema_version": "1.7.0", "summary": "Firefox -- Spoofing issue in the Site Permissions component" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "firefox" }, "ranges": [ { "events": [ { "fixed": "143.0.0,2" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "firefox-esr" }, "ranges": [ { "events": [ { "fixed": "140.3.0" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "thunderbird" }, "ranges": [ { "events": [ { "fixed": "143.0.0" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://bugzilla.mozilla.org/show_bug.cgi?id=1980788" ], "discovery": "2025-09-16T00:00:00Z", "references": { "cvename": [ "CVE-2025-10533" ] }, "vid": "c80baae7-b808-11f0-8016-b42e991fc52e" }, "details": "https://bugzilla.mozilla.org/show_bug.cgi?id=1980788 reports:\n\n> Integer overflow in the SVG component.\n", "id": "FreeBSD-2025-0366", "modified": "2025-11-02T00:00:00Z", "published": "2025-11-02T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1980788" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2025-10533" }, { "type": "WEB", "url": "https://cveawg.mitre.org/api/cve/CVE-2025-10533" } ], "schema_version": "1.7.0", "summary": "Firefox -- Integer overflow in the SVG component" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "firefox" }, "ranges": [ { "events": [ { "fixed": "143.0.0,2" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "firefox-esr" }, "ranges": [ { "events": [ { "fixed": "140.3.0" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "thunderbird" }, "ranges": [ { "events": [ { "fixed": "143" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://bugzilla.mozilla.org/show_bug.cgi?id=1979502" ], "discovery": "2025-09-16T00:00:00Z", "references": { "cvename": [ "CVE-2025-10532" ] }, "vid": "af9c5b99-b808-11f0-8016-b42e991fc52e" }, "details": "https://bugzilla.mozilla.org/show_bug.cgi?id=1979502 reports:\n\n> Incorrect boundary conditions in the JavaScript: GC component.\n", "id": "FreeBSD-2025-0365", "modified": "2025-11-02T00:00:00Z", "published": "2025-11-02T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1979502" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2025-10532" }, { "type": "WEB", "url": "https://cveawg.mitre.org/api/cve/CVE-2025-10532" } ], "schema_version": "1.7.0", "summary": "Firefox -- Incorrect boundary conditions" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "firefox" }, "ranges": [ { "events": [ { "fixed": "143.0.0,2" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "thunderbird" }, "ranges": [ { "events": [ { "fixed": "143.0.0" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://bugzilla.mozilla.org/show_bug.cgi?id=1978453" ], "discovery": "2025-09-16T00:00:00Z", "references": { "cvename": [ "CVE-2025-10531" ] }, "vid": "a4bebda9-b808-11f0-8016-b42e991fc52e" }, "details": "https://bugzilla.mozilla.org/show_bug.cgi?id=1978453 reports:\n\n> Mitigation bypass in the Web Compatibility: Tooling component.\n", "id": "FreeBSD-2025-0364", "modified": "2025-11-02T00:00:00Z", "published": "2025-11-02T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1978453" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2025-10531" }, { "type": "WEB", "url": "https://cveawg.mitre.org/api/cve/CVE-2025-10531" } ], "schema_version": "1.7.0", "summary": "Firefox -- Mitigation bypass" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "firefox" }, "ranges": [ { "events": [ { "fixed": "143.0.0,2" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "firefox-esr" }, "ranges": [ { "events": [ { "fixed": "140.3.0" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "thunderbird" }, "ranges": [ { "events": [ { "fixed": "143.0.0" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "thunderbird" }, "ranges": [ { "events": [ { "fixed": "140.3.0" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://bugzilla.mozilla.org/show_bug.cgi?id=1970490" ], "discovery": "2025-09-16T00:00:00Z", "references": { "cvename": [ "CVE-2025-10529" ] }, "vid": "944d968c-b808-11f0-8016-b42e991fc52e" }, "details": "https://bugzilla.mozilla.org/show_bug.cgi?id=1970490 reports:\n\n> Same-origin policy bypass in the Layout component.\n", "id": "FreeBSD-2025-0363", "modified": "2025-11-02T00:00:00Z", "published": "2025-11-02T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1970490" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2025-10529" }, { "type": "WEB", "url": "https://cveawg.mitre.org/api/cve/CVE-2025-10529" } ], "schema_version": "1.7.0", "summary": "Firefox -- Same-origin policy bypass" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "firefox" }, "ranges": [ { "events": [ { "fixed": "143.0.0,2" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "firefox-esr" }, "ranges": [ { "events": [ { "fixed": "140.3.0" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "thunderbird" }, "ranges": [ { "events": [ { "fixed": "143.0.0" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "thunderbird" }, "ranges": [ { "events": [ { "fixed": "140.3.0" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://bugzilla.mozilla.org/show_bug.cgi?id=1986185" ], "discovery": "2025-09-16T00:00:00Z", "references": { "cvename": [ "CVE-2025-10528" ] }, "vid": "8b5f4eb3-b808-11f0-8016-b42e991fc52e" }, "details": "https://bugzilla.mozilla.org/show_bug.cgi?id=1986185 reports:\n\n> Sandbox escape due to undefined behavior, invalid pointer in the\n> Graphics: Canvas2D component.\n", "id": "FreeBSD-2025-0362", "modified": "2025-11-02T00:00:00Z", "published": "2025-11-02T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1986185" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2025-10528" }, { "type": "WEB", "url": "https://cveawg.mitre.org/api/cve/CVE-2025-10528" } ], "schema_version": "1.7.0", "summary": "Firefox -- Sandbox escape due to undefined behavior" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "firefox" }, "ranges": [ { "events": [ { "fixed": "143.0.0,2" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "firefox-esr" }, "ranges": [ { "events": [ { "fixed": "140.3.0" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "thunderbird" }, "ranges": [ { "events": [ { "fixed": "143.0.0" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://bugzilla.mozilla.org/show_bug.cgi?id=1984825" ], "discovery": "2025-09-16T00:00:00Z", "references": { "cvename": [ "CVE-2025-10527" ] }, "vid": "82595339-b808-11f0-8016-b42e991fc52e" }, "details": "https://bugzilla.mozilla.org/show_bug.cgi?id=1984825 reports:\n\n> Sandbox escape due to use-after-free in the Graphics: Canvas2D\n> component.\n", "id": "FreeBSD-2025-0361", "modified": "2025-11-02T00:00:00Z", "published": "2025-11-02T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1984825" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2025-10527" }, { "type": "WEB", "url": "https://cveawg.mitre.org/api/cve/CVE-2025-10527" } ], "schema_version": "1.7.0", "summary": "Firefox -- Sandbox escape due to use-after-free" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "python39" }, "ranges": [ { "events": [ { "introduced": "3" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://devguide.python.org/versions/" ], "discovery": "2020-10-05T00:00:00Z", "vid": "77a0f93a-b71e-11f0-8d86-d7789240c8c2" }, "details": "> Unsupported versions: \\[\\...\\] End of life: 2025-10-31.\n", "id": "FreeBSD-2025-0360", "modified": "2025-11-01T00:00:00Z", "published": "2025-11-01T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://devguide.python.org/versions/" }, { "type": "WEB", "url": "https://devguide.python.org/versions/" } ], "schema_version": "1.7.0", "summary": "python 3.9 -- end of life, not receiving security support" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "powerdns_recursor" }, "ranges": [ { "events": [ { "fixed": "5.3.0" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://blog.powerdns.com/powerdns-security-advisory-2025-06-2025-10-22" ], "discovery": "2025-10-15T00:00:00Z", "references": { "cvename": [ "CVE-2025-59023", "CVE-2025-59024" ] }, "vid": "c4fb21e4-b579-11f0-871c-6805ca2fa271" }, "details": "PowerDNS Team reports:\n\n> It has been brought to our attention that the Recursor does not apply\n> strict enough validation of received delegation information. The\n> malicious delegation information can be sent by an attacker spoofing\n> packets.\n", "id": "FreeBSD-2025-0359", "modified": "2025-10-30T00:00:00Z", "published": "2025-10-30T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://blog.powerdns.com/powerdns-security-advisory-2025-06-2025-10-22" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2025-59023" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2025-59024" }, { "type": "WEB", "url": "https://doc.powerdns.com/recursor/security-advisories/powerdns-advisory-2025-06.html" } ], "schema_version": "1.7.0", "summary": "powerdns-recursor -- cache pollution" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "chromium" }, "ranges": [ { "events": [ { "fixed": "142.0.7444.59" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "ungoogled-chromium" }, "ranges": [ { "events": [ { "fixed": "142.0.7444.59" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://chromereleases.googleblog.com/2025/10/stable-channel-update-for-desktop_28.html" ], "discovery": "2025-10-29T00:00:00Z", "references": { "cvename": [ "CVE-2025-12036", "CVE-2025-12428", "CVE-2025-12429", "CVE-2025-12430", "CVE-2025-12431", "CVE-2025-12432", "CVE-2025-12433", "CVE-2025-12434", "CVE-2025-12435", "CVE-2025-12436", "CVE-2025-12437", "CVE-2025-12438", "CVE-2025-12439", "CVE-2025-12440", "CVE-2025-12441", "CVE-2025-12443", "CVE-2025-12444", "CVE-2025-12445", "CVE-2025-12446", "CVE-2025-12447" ] }, "vid": "7c09fcb7-b5d6-11f0-b3f7-a8a1599412c6" }, "details": "Chrome Releases reports:\n\n> This update includes 20 security fixes:\n>\n> - \\[447613211\\] High CVE-2025-12428: Type Confusion in V8. Reported by\n> Man Yue Mo of GitHub Security Lab on 2025-09-26\n> - \\[450618029\\] High CVE-2025-12429: Inappropriate implementation in\n> V8. Reported by Aorui Zhang on 2025-10-10\n> - \\[442860743\\] High CVE-2025-12430: Object lifecycle issue in Media.\n> Reported by round.about on 2025-09-04\n> - \\[436887350\\] High CVE-2025-12431: Inappropriate implementation in\n> Extensions. Reported by Alesandro Ortiz on 2025-08-06\n> - \\[439522866\\] High CVE-2025-12432: Race in V8. Reported by Google\n> Big Sleep on 2025-08-18\n> - \\[449760249\\] High CVE-2025-12433: Inappropriate implementation in\n> V8. Reported by Google Big Sleep on 2025-10-07\n> - \\[452296415\\] High CVE-2025-12036: Inappropriate implementation in\n> V8. Reported by Google Big Sleep on 2025-10-15\n> - \\[337356054\\] Medium CVE-2025-12434: Race in Storage. Reported by\n> Lijo A.T on 2024-04-27\n> - \\[446463993\\] Medium CVE-2025-12435: Incorrect security UI in\n> Omnibox. Reported by Hafiizh on 2025-09-21\n> - \\[40054742\\] Medium CVE-2025-12436: Policy bypass in Extensions.\n> Reported by Luan Herrera (@lbherrera\\_) on 2021-02-08\n> - \\[446294487\\] Medium CVE-2025-12437: Use after free in PageInfo.\n> Reported by Umar Farooq on 2025-09-20\n> - \\[433027577\\] Medium CVE-2025-12438: Use after free in Ozone.\n> Reported by Wei Yuan of MoyunSec VLab on 2025-07-20\n> - \\[382234536\\] Medium CVE-2025-12439: Inappropriate implementation in\n> App-Bound Encryption. Reported by Ari Novick on 2024-12-04\n> - \\[430555440\\] Low CVE-2025-12440: Inappropriate implementation in\n> Autofill. Reported by Khalil Zhani on 2025-07-09\n> - \\[444049512\\] Medium CVE-2025-12441: Out of bounds read in V8.\n> Reported by Google Big Sleep on 2025-09-10\n> - \\[452071845\\] Medium CVE-2025-12443: Out of bounds read in WebXR.\n> Reported by Aisle Research on 2025-10-15\n> - \\[390571618\\] Low CVE-2025-12444: Incorrect security UI in\n> Fullscreen UI. Reported by syrf on 2025-01-18\n> - \\[428397712\\] Low CVE-2025-12445: Policy bypass in Extensions.\n> Reported by Thomas Greiner on 2025-06-29\n> - \\[444932667\\] Low CVE-2025-12446: Incorrect security UI in\n> SplitView. Reported by Hafiizh on 2025-09-14\n> - \\[442636157\\] Low CVE-2025-12447: Incorrect security UI in Omnibox.\n> Reported by Khalil Zhani on 2025-09-03\n", "id": "FreeBSD-2025-0358", "modified": "2025-10-30T00:00:00Z", "published": "2025-10-30T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://chromereleases.googleblog.com/2025/10/stable-channel-update-for-desktop_28.html" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2025-12036" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2025-12428" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2025-12429" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2025-12430" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2025-12431" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2025-12432" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2025-12433" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2025-12434" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2025-12435" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2025-12436" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2025-12437" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2025-12438" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2025-12439" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2025-12440" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2025-12441" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2025-12443" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2025-12444" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2025-12445" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2025-12446" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2025-12447" }, { "type": "WEB", "url": "https://chromereleases.googleblog.com/2025/10/stable-channel-update-for-desktop_28.html" } ], "schema_version": "1.7.0", "summary": "chromium -- multiple security fixes" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "firefox" }, "ranges": [ { "events": [ { "fixed": "144.0.2,2" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://bugzilla.mozilla.org/show_bug.cgi?id=1993113" ], "discovery": "2025-10-28T00:00:00Z", "references": { "cvename": [ "CVE-2025-12380" ] }, "vid": "291773e6-b5b2-11f0-8f61-b42e991fc52e" }, "details": "https://bugzilla.mozilla.org/show_bug.cgi?id=1993113 reports:\n\n> Starting with Firefox 142, it was possible for a compromised child\n> process to trigger a use-after-free in the GPU or browser process\n> using WebGPU-related IPC calls. This may have been usable to escape\n> the child process sandbox.\n", "id": "FreeBSD-2025-0357", "modified": "2025-10-30T00:00:00Z", "published": "2025-10-30T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1993113" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2025-12380" }, { "type": "WEB", "url": "https://cveawg.mitre.org/api/cve/CVE-2025-12380" } ], "schema_version": "1.7.0", "summary": "Firefox -- use-after-free in the GPU or browser process" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "erlang" }, "ranges": [ { "events": [ { "introduced": "17.0" }, { "fixed": "26.2.5.13,4" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "erlang-runtime26" }, "ranges": [ { "events": [ { "fixed": "26.2.5.13" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "erlang-runtime27" }, "ranges": [ { "events": [ { "fixed": "27.3.4.1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "erlang-runtime28" }, "ranges": [ { "events": [ { "fixed": "28.0.1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://github.com/erlang/otp/security/advisories/GHSA-9g37-pgj9-wrhc" ], "discovery": "2025-06-16T00:00:00Z", "references": { "cvename": [ "CVE-2025-4748" ] }, "vid": "237f4f57-b50f-11f0-ae9b-b42e991fc52e" }, "details": "https://github.com/erlang/otp/security/advisories/GHSA-9g37-pgj9-wrhc\nreports:\n\n> Improper Limitation of a Pathname to a Restricted Directory (\\'Path\n> Traversal\\') vulnerability in Erlang OTP (stdlib modules) allows\n> Absolute Path Traversal, File Manipulation. This vulnerability is\n> associated with program files lib/stdlib/src/zip.erl and program\n> routines zip:unzip/1, zip:unzip/2, zip:extract/1, zip:extract/2unless\n> the memory option is passed. This issue affects OTP from OTP 17.0\n> until OTP28.0.1, OTP27.3.4.1 and OTP26.2.5.13, corresponding to stdlib\n> from 2.0 until 7.0.1, 6.2.2.1 and 5.2.3.4.\n", "id": "FreeBSD-2025-0356", "modified": "2025-10-29T00:00:00Z", "published": "2025-10-29T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://github.com/erlang/otp/security/advisories/GHSA-9g37-pgj9-wrhc" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2025-4748" }, { "type": "WEB", "url": "https://cveawg.mitre.org/api/cve/CVE-2025-4748" } ], "schema_version": "1.7.0", "summary": "Erlang - Absolute Path in Zip Module" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "kea" }, "ranges": [ { "events": [ { "introduced": "3.0.1" }, { "fixed": "3.0.2" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "kea-devel" }, "ranges": [ { "events": [ { "introduced": "3.1.1" }, { "fixed": "3.1.3" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://kb.isc.org/docs/cve-2025-11232" ], "discovery": "2025-10-29T00:00:00Z", "references": { "cvename": [ "CVE-2025-11232" ] }, "vid": "55c4e822-b4e4-11f0-8438-001b217e4ee5" }, "details": "Internet Systems Consortium, Inc. reports:\n\n> To trigger the issue, three configuration parameters must have\n> specific settings: \\\"hostname-char-set\\\" must be left at the default\n> setting, which is \\\"\\[\\^A-Za-z0-9.-\\]\\\"; \\\"hostname-char-replacement\\\"\n> must be empty (the default); and \\\"ddns-qualifying-suffix\\\" must NOT\n> be empty (the default is empty). DDNS updates do not need to be\n> enabled for this issue to manifest. A client that sends certain option\n> content would then cause kea-dhcp4 to exit unexpectedly. This\n> addresses CVE-2025-11232 \\[#4142, #4155\\].\n", "id": "FreeBSD-2025-0355", "modified": "2025-10-29T00:00:00Z", "published": "2025-10-29T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://kb.isc.org/docs/cve-2025-11232" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2025-11232" }, { "type": "WEB", "url": "https://kb.isc.org/docs/cve-2025-11232" } ], "schema_version": "1.7.0", "summary": "ISC KEA -- Invalid characters cause assert" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "sqlite3" }, "ranges": [ { "events": [ { "introduced": "3.49.1,1" }, { "fixed": "3.50.3,1" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "linux_base-rl9" }, "ranges": [ { "events": [ { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "linux-c7-sqlite" }, "ranges": [ { "events": [ { "fixed": "3.50.3" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://github.com/google/security-research/security/advisories/GHSA-v2c8-vqqp-hv3g" ], "discovery": "2025-07-15T00:00:00Z", "references": { "cvename": [ "CVE-2025-7709" ] }, "vid": "c5889223-b4e1-11f0-ae9b-b42e991fc52e" }, "details": "https://github.com/google/security-research/security/advisories/GHSA-v2c8-vqqp-hv3g\nreports:\n\n> An integer overflow exists in the FTS5 https://sqlite.org/fts5.html\n> extension. It occurs when the size of an array of tombstone pointers\n> is calculated and truncated into a 32-bit integer. A pointer to\n> partially controlled data can then be written out of bounds.\n\nThe FreeBSD build enables the FTS5 extension by default.\n", "id": "FreeBSD-2025-0354", "modified": "2025-11-07T00:00:00Z", "published": "2025-10-29T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://github.com/google/security-research/security/advisories/GHSA-v2c8-vqqp-hv3g" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2025-7709" }, { "type": "WEB", "url": "https://cveawg.mitre.org/api/cve/CVE-2025-7709" } ], "schema_version": "1.7.0", "summary": "SQLite < 3.50.3 -- CWE-190 Integer Overflow or Wraparound in FTS5 module" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "py39-social-auth-app-django" }, "ranges": [ { "events": [ { "fixed": "5.4.3_1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "py310-social-auth-app-django" }, "ranges": [ { "events": [ { "fixed": "5.4.3_1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "py311-social-auth-app-django" }, "ranges": [ { "events": [ { "fixed": "5.4.3_1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "py312-social-auth-app-django" }, "ranges": [ { "events": [ { "fixed": "5.4.3_1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "py310-dj51-social-auth-app-django" }, "ranges": [ { "events": [ { "fixed": "5.6.0" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "py311-dj51-social-auth-app-django" }, "ranges": [ { "events": [ { "fixed": "5.6.0" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "py312-dj51-social-auth-app-django" }, "ranges": [ { "events": [ { "fixed": "5.6.0" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "py310-dj52-social-auth-app-django" }, "ranges": [ { "events": [ { "fixed": "5.6.0" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "py311-dj52-social-auth-app-django" }, "ranges": [ { "events": [ { "fixed": "5.6.0" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "py312-dj52-social-auth-app-django" }, "ranges": [ { "events": [ { "fixed": "5.6.0" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://github.com/python-social-auth/social-app-django/security/advisories/GHSA-wv4w-6qv2-qqfg" ], "discovery": "2025-10-09T00:00:00Z", "references": { "cvename": [ "CVE-2025-61783" ] }, "vid": "3116b6f3-b433-11f0-82ac-901b0edee044" }, "details": "Michal \u010ciha\u0159 reports:\n\n> Upon authentication, the user could be associated by e-mail even if\n> the associate_by_email pipeline was not included. This could lead to\n> account compromise when a third-party authentication service does not\n> validate provided e-mail addresses or doesn\\'t require unique e-mail\n> addresses.\n", "id": "FreeBSD-2025-0353", "modified": "2025-10-29T00:00:00Z", "published": "2025-10-29T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://github.com/python-social-auth/social-app-django/security/advisories/GHSA-wv4w-6qv2-qqfg" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2025-61783" }, { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61783" } ], "schema_version": "1.7.0", "summary": "py-social-auth-app-django -- Unsafe account association" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "sqlite3" }, "ranges": [ { "events": [ { "fixed": "3.50.1,1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "linux_base-rl9-9.6" }, "ranges": [ { "events": [ { "last_affected": "9.6_1" }, { "fixed": "9.6_1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "linux-c7-sqlite" }, "ranges": [ { "events": [ { "fixed": "3.50.1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "http://sqlite3.com" ], "discovery": "2025-10-24T00:00:00Z", "references": { "cvename": [ "CVE-2025-52099" ] }, "vid": "2cd61f76-b41b-11f0-bf21-b42e991fc52e" }, "details": "http://sqlite3.com reports:\n\n> Integer Overflow vulnerability in SQLite SQLite3 v.3.50.0 allows a\n> remote attacker to cause a denial of service via the setupLookaside\n> function\n", "id": "FreeBSD-2025-0352", "modified": "2025-10-28T00:00:00Z", "published": "2025-10-28T00:00:00Z", "references": [ { "type": "REPORT", "url": "http://sqlite3.com" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2025-52099" }, { "type": "WEB", "url": "https://cveawg.mitre.org/api/cve/CVE-2025-52099" } ], "schema_version": "1.7.0", "summary": "SQLite -- Integer Overflow vulnerability" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "privatebin" }, "ranges": [ { "events": [ { "fixed": "2.0.2" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://privatebin.info/reports/vulnerability-2025-10-28.html" ], "discovery": "2025-10-23T00:00:00Z", "references": { "cvename": [ "CVE-2025-62796" ] }, "vid": "a8dacd4b-b416-11f0-9f23-ecf4bbefc954" }, "details": "PrivateBin reports:\n\n> We\\'ve identified an HTML injection/XSS vulnerability in the\n> PrivateBin service that allows the injection of arbitrary HTML markup\n> via the attached filename.\n", "id": "FreeBSD-2025-0351", "modified": "2025-10-28T00:00:00Z", "published": "2025-10-28T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://privatebin.info/reports/vulnerability-2025-10-28.html" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2025-62796" }, { "type": "WEB", "url": "https://www.cve.org/CVERecord?id=CVE-2025-62796" } ], "schema_version": "1.7.0", "summary": "privatebin - Missing HTML sanitisation of attached filename in file size hint enabling persistent XSS" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "strongswan" }, "ranges": [ { "events": [ { "introduced": "4.2.12" }, { "fixed": "6.0.3" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://www.strongswan.org/blog/2025/10/27/strongswan-vulnerability-(cve-2025-62291).html" ], "discovery": "2025-10-27T00:00:00Z", "references": { "cvename": [ "CVE-2025-62291" ] }, "vid": "1f1cf967-b35c-11f0-bce7-bc2411002f50" }, "details": "Xu Biang reports:\n\n> The eap-mschapv2 plugin doesn\\'t correctly check the length of an\n> EAP-MSCHAPv2 Failure Request packet on the client, which can cause an\n> integer underflow that leads to a crash and, depending on the compiler\n> options, even a heap-based buffer overflow that\\'s potentially\n> exploitable for remote code execution. Affected are all strongSwan\n> versions since 4.2.12.\n", "id": "FreeBSD-2025-0350", "modified": "2025-10-27T00:00:00Z", "published": "2025-10-27T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://www.strongswan.org/blog/2025/10/27/strongswan-vulnerability-(cve-2025-62291).html" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2025-62291" }, { "type": "WEB", "url": "https://www.cve.org/CVERecord?id=CVE-2025-62291" } ], "schema_version": "1.7.0", "summary": "strongSwan -- Heap-based buffer overflow in eap-mschapv2 plugin due to improper handling of failure request packets" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "chromium" }, "ranges": [ { "events": [ { "fixed": "141.0.7390.122" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "ungoogled-chromium" }, "ranges": [ { "events": [ { "fixed": "141.0.7390.122" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://chromereleases.googleblog.com/2025/10/stable-channel-update-for-desktop_21.html" ], "discovery": "2025-10-21T00:00:00Z", "references": { "cvename": [ "CVE-2025-12036" ] }, "vid": "823b4e48-b340-11f0-b3f7-a8a1599412c6" }, "details": "Chrome Releases reports:\n\n> This update includes 1 security fix:\n>\n> - \\[452296415\\] High CVE-2025-12036: Inappropriate implementation in\n> V8. Reported by Google Big Sleep on 2025-10-15\n", "id": "FreeBSD-2025-0349", "modified": "2025-10-27T00:00:00Z", "published": "2025-10-27T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://chromereleases.googleblog.com/2025/10/stable-channel-update-for-desktop_21.html" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2025-12036" }, { "type": "WEB", "url": "https://chromereleases.googleblog.com/2025/10/stable-channel-update-for-desktop_21.html" } ], "schema_version": "1.7.0", "summary": "chromium -- security fix" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "unbound" }, "ranges": [ { "events": [ { "fixed": "1.24.1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://www.nlnetlabs.nl/downloads/unbound/CVE-2025-11411.txt" ], "discovery": "2025-10-22T00:00:00Z", "references": { "cvename": [ "CVE-2025-11411" ] }, "vid": "ea1c485f-b025-11f0-bce7-bc2411002f50" }, "details": "sep@nlnetlabs.nl reports:\n\n> NLnet Labs Unbound up to and including version 1.24.0 is vulnerable to\n> possible domain hijack attacks. Promiscuous NS RRSets that complement\n> positive DNS replies in the authority section can be used to trick\n> resolvers to update their delegation information for the zone. Usually\n> these RRSets are used to update the resolver\\'s knowledge of the\n> zone\\'s name servers. A malicious actor can exploit the possible\n> poisonous effect by injecting NS RRSets (and possibly their respective\n> address records) in a reply. This could be done for example by trying\n> to spoof a packet or fragmentation attacks. Unbound would then proceed\n> to update the NS RRSet data it already has since the new data has\n> enough trust for it, i.e., in-zone data for the delegation point.\n> Unbound 1.24.1 includes a fix that scrubs unsolicited NS RRSets (and\n> their respective address records) from replies mitigating the possible\n> poison effect.\n", "id": "FreeBSD-2025-0348", "modified": "2025-10-23T00:00:00Z", "published": "2025-10-23T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://www.nlnetlabs.nl/downloads/unbound/CVE-2025-11411.txt" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2025-11411" }, { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-11411" } ], "schema_version": "1.7.0", "summary": "unbound -- Possible domain hijacking via promiscuous records in the authority section" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "rt60" }, "ranges": [ { "events": [ { "introduced": "6.0.0" }, { "fixed": "6.0.2" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "5.0.4" }, { "fixed": "5.0.9" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "rt50" }, "ranges": [ { "events": [ { "introduced": "6.0.0" }, { "fixed": "6.0.2" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "5.0.4" }, { "fixed": "5.0.9" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://github.com/bestpractical/rt/releases/tag/rt-6.0.2" ], "discovery": "2025-10-23T00:00:00Z", "references": { "cvename": [ "CVE-2025-9158" ] }, "vid": "269c2de7-afaa-11f0-b4c8-792b26d8a051" }, "details": "Mateusz Szymaniec and CERT Polska Reports:\n\n> RT is vulnerable to XSS via calendar invitations added to a ticket.\n> Thanks to Mateusz Szymaniec and CERT Polska for reporting this\n> finding.\n", "id": "FreeBSD-2025-0347", "modified": "2025-10-23T00:00:00Z", "published": "2025-10-23T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://github.com/bestpractical/rt/releases/tag/rt-6.0.2" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2025-9158" }, { "type": "WEB", "url": "https://github.com/bestpractical/rt/releases/tag/rt-6.0.2" } ], "schema_version": "1.7.0", "summary": "RT -- XSS via calendar invitations" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "rt60" }, "ranges": [ { "events": [ { "introduced": "6.0.0" }, { "fixed": "6.0.2" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "5.0.0" }, { "fixed": "5.0.9" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "4.4.0" }, { "fixed": "4.4.9" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "rt50" }, "ranges": [ { "events": [ { "introduced": "6.0.0" }, { "fixed": "6.0.2" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "5.0.0" }, { "fixed": "5.0.9" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "4.4.0" }, { "fixed": "4.4.9" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "rt44" }, "ranges": [ { "events": [ { "introduced": "6.0.0" }, { "fixed": "6.0.2" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "5.0.0" }, { "fixed": "5.0.9" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "4.4.0" }, { "fixed": "4.4.9" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://github.com/bestpractical/rt/releases/tag/rt-6.0.2" ], "discovery": "2025-10-23T00:00:00Z", "references": { "cvename": [ "CVE-2025-61873" ] }, "vid": "b374df95-afa8-11f0-b4c8-792b26d8a051" }, "details": "Gareth Watkin-Jones from 4armed reports:\n\n> RT is vulnerable to CSV injection via ticket values with special\n> characters that are exported to a TSV from search results. Thanks to\n> Gareth Watkin-Jones from 4armed for reporting this finding.\n", "id": "FreeBSD-2025-0346", "modified": "2025-10-23T00:00:00Z", "published": "2025-10-23T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://github.com/bestpractical/rt/releases/tag/rt-6.0.2" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2025-61873" }, { "type": "WEB", "url": "https://github.com/bestpractical/rt/releases/tag/rt-6.0.2" } ], "schema_version": "1.7.0", "summary": "RT -- CSV injection" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:kernel", "name": "FreeBSD-kernel" }, "ranges": [ { "events": [ { "introduced": "14.3" }, { "fixed": "14.3_5" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "13.5" }, { "fixed": "13.5_6" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "discovery": "2025-10-22T00:00:00Z", "references": { "cvename": [ "CVE-2025-24934" ], "freebsdsa": [ "SA-25:09.netinet" ] }, "vid": "114cc98b-afad-11f0-af12-bc241121aa0a" }, "details": "# Problem Description:\n\nConnected sockets are not intended to belong to load-balancing groups.\nHowever, the kernel failed to check the connection state of sockets when\nadding them to load-balancing groups. Furthermore, when looking up the\ndestination socket for an incoming packet, the kernel will match a\nsocket belonging to a load-balancing group even if it is connected.\n\nConnected sockets are only supposed to receive packets originating from\nthe connected host. The above behavior violates this contract.\n\n# Impact:\n\nSoftware which sets SO_REUSEPORT_LB on a socket and then connects it to\na host will not observe any problems. However, due to its membership in\na load-balancing group, that socket will receive packets originating\nfrom any host. This breaks the contract of the connect(2) and implied\nconnect via sendto(2), and may leave the application vulnerable to\nspoofing attacks.\n", "id": "FreeBSD-2025-0345", "modified": "2025-10-23T00:00:00Z", "published": "2025-10-23T00:00:00Z", "references": [ { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2025-24934" }, { "type": "ADVISORY", "url": "https://www.freebsd.org/security/advisories/FreeBSD-SA-25:09.netinet.asc" } ], "schema_version": "1.7.0", "summary": "FreeBSD -- SO_REUSEPORT_LB breaks connect(2) for UDP sockets" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "gitlab-ce" }, "ranges": [ { "events": [ { "introduced": "18.5.0" }, { "fixed": "18.5.1" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "18.4.0" }, { "fixed": "18.4.3" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "10.6.0" }, { "fixed": "18.3.5" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "gitlab-ee" }, "ranges": [ { "events": [ { "introduced": "18.5.0" }, { "fixed": "18.5.1" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "18.4.0" }, { "fixed": "18.4.3" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "10.6.0" }, { "fixed": "18.3.5" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://about.gitlab.com/releases/2025/10/22/patch-release-gitlab-18-5-1-released/" ], "discovery": "2025-10-22T00:00:00Z", "references": { "cvename": [ "CVE-2025-11702", "CVE-2025-10497", "CVE-2025-11447", "CVE-2025-11974", "CVE-2025-11971", "CVE-2025-6601", "CVE-2025-11989" ] }, "vid": "f741ea93-af61-11f0-98b5-2cf05da270f3" }, "details": "Gitlab reports:\n\n> Improper access control issue in runner API impacts GitLab EE\n>\n> Denial of service issue in event collection impacts GitLab CE/EE\n>\n> Denial of service issue in JSON validation impacts GitLab CE/EE\n>\n> Denial of service issue in upload impacts GitLab CE/EE\n>\n> Incorrect Authorization issue in pipeline builds impacts GitLab CE\n>\n> Business logic error issue in group memberships impacts GitLab EE\n>\n> Missing authorization issue in quick actions impacts GitLab EE\n", "id": "FreeBSD-2025-0344", "modified": "2025-10-22T00:00:00Z", "published": "2025-10-22T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://about.gitlab.com/releases/2025/10/22/patch-release-gitlab-18-5-1-released/" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2025-11702" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2025-10497" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2025-11447" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2025-11974" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2025-11971" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2025-6601" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2025-11989" }, { "type": "WEB", "url": "https://about.gitlab.com/releases/2025/10/22/patch-release-gitlab-18-5-1-released/" } ], "schema_version": "1.7.0", "summary": "Gitlab -- vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "chromium" }, "ranges": [ { "events": [ { "fixed": "141.0.7390.107" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "ungoogled-chromium" }, "ranges": [ { "events": [ { "fixed": "141.0.7390.107" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://chromereleases.googleblog.com/2025/10/stable-channel-update-for-desktop_14.html" ], "discovery": "2025-10-14T00:00:00Z", "references": { "cvename": [ "CVE-2025-11756" ] }, "vid": "88f34edb-ae9b-11f0-b3f7-a8a1599412c6" }, "details": "Chrome Releases reports:\n\n> This update includes 1 security fix:\n>\n> - \\[447192722\\] High CVE-2025-11756: Use after free in Safe Browsing.\n> Reported by asnine on 2025-09-25\n", "id": "FreeBSD-2025-0343", "modified": "2025-10-21T00:00:00Z", "published": "2025-10-21T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://chromereleases.googleblog.com/2025/10/stable-channel-update-for-desktop_14.html" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2025-11756" }, { "type": "WEB", "url": "https://chromereleases.googleblog.com/2025/10/stable-channel-update-for-desktop_14.html" } ], "schema_version": "1.7.0", "summary": "chromium -- multiple security fixes" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "chromium" }, "ranges": [ { "events": [ { "fixed": "141.0.7390.65" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "ungoogled-chromium" }, "ranges": [ { "events": [ { "fixed": "141.0.7390.65" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://chromereleases.googleblog.com/2025/10/stable-channel-update-for-desktop.html" ], "discovery": "2025-10-07T00:00:00Z", "references": { "cvename": [ "CVE-2025-11458", "CVE-2025-11460", "CVE-2025-11211" ] }, "vid": "60ddafd2-ae9e-11f0-b3f7-a8a1599412c6" }, "details": "Chrome Releases reports:\n\n> This update includes 3 security fixes:\n>\n> - \\[443196747\\] High CVE-2025-11458: Heap buffer overflow in Sync.\n> Reported by raven at KunLun lab on 2025-09-05\n> - \\[446722008\\] High CVE-2025-11460: Use after free in Storage.\n> Reported by Sombra on 2025-09-23\n> - \\[441917796\\] Medium CVE-2025-11211: Out of bounds read in\n> WebCodecs. Reported by Jakob Ko\u0161ir on 2025-08-29\n", "id": "FreeBSD-2025-0342", "modified": "2025-10-21T00:00:00Z", "published": "2025-10-21T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://chromereleases.googleblog.com/2025/10/stable-channel-update-for-desktop.html" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2025-11458" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2025-11460" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2025-11211" }, { "type": "WEB", "url": "https://chromereleases.googleblog.com/2025/10/stable-channel-update-for-desktop.html" } ], "schema_version": "1.7.0", "summary": "chromium -- multiple security fixes" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "mongodb70" }, "ranges": [ { "events": [ { "fixed": "7.0.25" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "mongodb80" }, "ranges": [ { "events": [ { "fixed": "8.0.15" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://jira.mongodb.org/browse/SERVER-105873" ], "discovery": "2025-10-20T00:00:00Z", "references": { "cvename": [ "CVE-2025-11979" ] }, "vid": "cdf2abf7-ae83-11f0-b5fb-b42e991fc52e" }, "details": "cna@mongodb.com reports:\n\n> An authorized user may crash the MongoDB server by causing buffer\n> over-read. This can be done by issuing a DDL operation while queries\n> are being issued, under some conditions.\n", "id": "FreeBSD-2025-0341", "modified": "2025-10-21T00:00:00Z", "published": "2025-10-21T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://jira.mongodb.org/browse/SERVER-105873" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2025-11979" }, { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-11979" } ], "schema_version": "1.7.0", "summary": "Mongodb -- Use-after-free in the MongoDB" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "icingaweb2-module-icingadb-php81" }, "ranges": [ { "events": [ { "fixed": "1.1.4" }, { "introduced": "0" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "1.2" }, { "fixed": "1.2.3,1" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "icingaweb2-module-icingadb-php82" }, "ranges": [ { "events": [ { "fixed": "1.1.4" }, { "introduced": "0" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "1.2" }, { "fixed": "1.2.3,1" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "icingaweb2-module-icingadb-php83" }, "ranges": [ { "events": [ { "fixed": "1.1.4" }, { "introduced": "0" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "1.2" }, { "fixed": "1.2.3,1" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "icingaweb2-module-icingadb-php84" }, "ranges": [ { "events": [ { "fixed": "1.1.4" }, { "introduced": "0" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "1.2" }, { "fixed": "1.2.3,1" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "icingaweb2-module-icingadb-php85" }, "ranges": [ { "events": [ { "fixed": "1.1.4" }, { "introduced": "0" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "1.2" }, { "fixed": "1.2.3,1" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://github.com/Icinga/icingadb-web/security/advisories/GHSA-w57j-28jc-8429" ], "discovery": "2025-10-16T00:00:00Z", "references": { "cvename": [ "CVE-2025-61789" ] }, "vid": "4553e4b3-addf-11f0-9b8d-40a6b7c3b3b8" }, "details": "Icinga reports:\n\n> An authorized user with access to Icinga DB Web, can use a custom\n> variable in a filter that is either protected by\n> icingadb/protect/variables or hidden by icingadb/denylist/variables,\n> to guess values assigned to it.\n", "id": "FreeBSD-2025-0340", "modified": "2025-10-20T00:00:00Z", "published": "2025-10-20T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://github.com/Icinga/icingadb-web/security/advisories/GHSA-w57j-28jc-8429" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2025-61789" }, { "type": "WEB", "url": "https://github.com/Icinga/icingadb-web/security/advisories/GHSA-w57j-28jc-8429" } ], "schema_version": "1.7.0", "summary": "Hidden/Protected custom variables are prone to filter enumeration" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "firefox" }, "ranges": [ { "events": [ { "fixed": "144.0.0,2" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "firefox-esr" }, "ranges": [ { "events": [ { "fixed": "140.4.0" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "thunderbird" }, "ranges": [ { "events": [ { "fixed": "144.0.0" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://bugzilla.mozilla.org/show_bug.cgi?id=1979536" ], "discovery": "2025-10-14T00:00:00Z", "references": { "cvename": [ "CVE-2025-11712" ] }, "vid": "4355ce42-ad06-11f0-b2aa-b42e991fc52e" }, "details": "security@mozilla.org reports:\n\n> A malicious page could have used the type attribute of an OBJECT tag\n> to override the default browser behavior when encountering a web\n> resource served without a content-type. This could have contributed to\n> an XSS on a site that unsafely serves files without a content-type\n> header.\n", "id": "FreeBSD-2025-0339", "modified": "2025-10-19T00:00:00Z", "published": "2025-10-19T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1979536" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2025-11712" }, { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-11712" } ], "schema_version": "1.7.0", "summary": "Mozilla -- XSS in sites without content-type header" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "firefox" }, "ranges": [ { "events": [ { "fixed": "144.0.0,2" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "firefox-esr" }, "ranges": [ { "events": [ { "fixed": "140.4.0" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "thunderbird" }, "ranges": [ { "events": [ { "fixed": "144.0.0" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://bugzilla.mozilla.org/show_bug.cgi?id=1989978" ], "discovery": "2025-10-14T00:00:00Z", "references": { "cvename": [ "CVE-2025-11711" ] }, "vid": "fff839db-ad04-11f0-b2aa-b42e991fc52e" }, "details": "security@mozilla.org reports:\n\n> There was a way to change the value of JavaScript Object properties\n> that were supposed to be non-writeable.\n", "id": "FreeBSD-2025-0338", "modified": "2025-10-19T00:00:00Z", "published": "2025-10-19T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1989978" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2025-11711" }, { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-11711" } ], "schema_version": "1.7.0", "summary": "Mozilla -- JavaScript Object property overriding" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "firefox" }, "ranges": [ { "events": [ { "fixed": "144.0.0,2" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "firefox-esr" }, "ranges": [ { "events": [ { "fixed": "140.4.0" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "thunderbird" }, "ranges": [ { "events": [ { "fixed": "144.0.0" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://bugzilla.mozilla.org/show_bug.cgi?id=1989899" ], "discovery": "2025-10-14T00:00:00Z", "references": { "cvename": [ "CVE-2025-11710" ] }, "vid": "f7047dfc-ad02-11f0-b2aa-b42e991fc52e" }, "details": "security@mozilla.org reports:\n\n> A compromised web process using malicious IPC messages could have\n> caused the privileged browser process to reveal blocks of its memory\n> to the compromised process.\n", "id": "FreeBSD-2025-0337", "modified": "2025-10-19T00:00:00Z", "published": "2025-10-19T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1989899" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2025-11710" }, { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-11710" } ], "schema_version": "1.7.0", "summary": "Mozilla -- Memory disclosure" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "firefox" }, "ranges": [ { "events": [ { "fixed": "144.0.0,2" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "firefox-esr" }, "ranges": [ { "events": [ { "fixed": "140.4.0" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "thunderbird" }, "ranges": [ { "events": [ { "fixed": "144.0.0" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://bugzilla.mozilla.org/show_bug.cgi?id=1989127" ], "discovery": "2025-10-14T00:00:00Z", "references": { "cvename": [ "CVE-2025-11709" ] }, "vid": "b760c618-ad02-11f0-b2aa-b42e991fc52e" }, "details": "security@mozilla.org reports:\n\n> A compromised web process was able to trigger out of bounds reads and\n> writes in a more privileged process using manipulated WebGL textures.\n", "id": "FreeBSD-2025-0336", "modified": "2025-10-19T00:00:00Z", "published": "2025-10-19T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1989127" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2025-11709" }, { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-11709" } ], "schema_version": "1.7.0", "summary": "Mozilla -- Out-of-bounds reads and writes" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "firefox" }, "ranges": [ { "events": [ { "fixed": "144.0.0,2" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "firefox-esr" }, "ranges": [ { "events": [ { "fixed": "140.4.0" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "thunderbird" }, "ranges": [ { "events": [ { "fixed": "144.0.0" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://bugzilla.mozilla.org/show_bug.cgi?id=1988931" ], "discovery": "2025-10-14T00:00:00Z", "references": { "cvename": [ "CVE-2025-11708" ] }, "vid": "85c17eb8-ad02-11f0-b2aa-b42e991fc52e" }, "details": "security@mozilla.org reports:\n\n> Use-after-free in MediaTrackGraphImpl::GetInstance()\n", "id": "FreeBSD-2025-0335", "modified": "2025-10-19T00:00:00Z", "published": "2025-10-19T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1988931" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2025-11708" }, { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-11708" } ], "schema_version": "1.7.0", "summary": "Mozilla -- Use-after-free" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "firefox" }, "ranges": [ { "events": [ { "fixed": "144.0.0,2" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "firefox-esr" }, "ranges": [ { "events": [ { "fixed": "140.4" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "thunderbird" }, "ranges": [ { "events": [ { "fixed": "144.0.0" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://bugzilla.mozilla.org/buglist.cgi?bug_id=1973699%2C1989945%2C1990970%2C1991040%2C1992113" ], "discovery": "2025-10-14T00:00:00Z", "references": { "cvename": [ "CVE-2025-11714" ] }, "vid": "247bc43f-ad02-11f0-b2aa-b42e991fc52e" }, "details": "security@mozilla.org reports:\n\n> Memory safety bugs. Some of these bugs showed evidence of memory\n> corruption and we presume that with enough effort some of these could\n> have been exploited to run arbitrary code.\n", "id": "FreeBSD-2025-0334", "modified": "2025-10-19T00:00:00Z", "published": "2025-10-19T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://bugzilla.mozilla.org/buglist.cgi?bug_id=1973699%2C1989945%2C1990970%2C1991040%2C1992113" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2025-11714" }, { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-11714" } ], "schema_version": "1.7.0", "summary": "Mozilla -- Memory safety bugs" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "firefox" }, "ranges": [ { "events": [ { "fixed": "144.0.0,2" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "firefox-esr" }, "ranges": [ { "events": [ { "fixed": "140.4.0" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "thunderbird" }, "ranges": [ { "events": [ { "fixed": "140.4.0" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://bugzilla.mozilla.org/buglist.cgi?bug_id=1983838%2C1987624%2C1988244%2C1988912%2C1989734%2C1990085%2C1991899" ], "discovery": "2025-10-14T00:00:00Z", "references": { "cvename": [ "CVE-2025-11715" ] }, "vid": "20840621-ab82-11f0-b961-b42e991fc52e" }, "details": "security@mozilla.org reports:\n\n> Memory safety bugs. Some of these bugs showed evidence of memory\n> corruption and we presume that with enough effort some of these could\n> have been exploited to run arbitrary code.\n", "id": "FreeBSD-2025-0333", "modified": "2025-10-17T00:00:00Z", "published": "2025-10-17T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://bugzilla.mozilla.org/buglist.cgi?bug_id=1983838%2C1987624%2C1988244%2C1988912%2C1989734%2C1990085%2C1991899" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2025-11715" }, { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-11715" } ], "schema_version": "1.7.0", "summary": "Mozilla -- Memory safety bugs" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "firefox" }, "ranges": [ { "events": [ { "fixed": "144.0.0,2" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "thunderbird" }, "ranges": [ { "events": [ { "fixed": "144.0.0" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://bugzilla.mozilla.org/show_bug.cgi?id=1986816" ], "discovery": "2025-10-14T00:00:00Z", "references": { "cvename": [ "CVE-2025-11721" ] }, "vid": "ed132d42-ab81-11f0-b961-b42e991fc52e" }, "details": "security@mozilla.org reports:\n\n> Memory safety bug. This bug showed evidence of memory corruption and\n> we presume that with enough effort this could have been exploited to\n> run arbitrary code.\n", "id": "FreeBSD-2025-0332", "modified": "2025-10-17T00:00:00Z", "published": "2025-10-17T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1986816" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2025-11721" }, { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-11721" } ], "schema_version": "1.7.0", "summary": "Mozilla -- Memory safety bugs" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "firefox" }, "ranges": [ { "events": [ { "fixed": "143.0.3,2" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://bugzilla.mozilla.org/show_bug.cgi?id=1987246" ], "discovery": "2025-09-30T00:00:00Z", "references": { "cvename": [ "CVE-2025-11152" ] }, "vid": "f3550d26-ab7d-11f0-b961-b42e991fc52e" }, "details": "security@mozilla.org reports:\n\n> Sandbox excape due to integer overflow in the Graphics: Canvas2D\n> component\n", "id": "FreeBSD-2025-0331", "modified": "2025-10-17T00:00:00Z", "published": "2025-10-17T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1987246" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2025-11152" }, { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-11152" } ], "schema_version": "1.7.0", "summary": "Firefox -- Sandbox escape" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "firefox" }, "ranges": [ { "events": [ { "fixed": "142.0.0,2" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "firefox-esr" }, "ranges": [ { "events": [ { "fixed": "140.2.0" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "thunderbird" }, "ranges": [ { "events": [ { "fixed": "142.0.0" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://bugzilla.mozilla.org/buglist.cgi?bug_id=1938220%2C1980730%2C1981280%2C1981283%2C1984505%2C1985067" ], "discovery": "2025-09-16T00:00:00Z", "references": { "cvename": [ "CVE-2025-10537" ] }, "vid": "7b9a8247-ab7b-11f0-b961-b42e991fc52e" }, "details": "security@mozilla.org reports:\n\n> Some of these bugs showed evidence of memory corruption and we presume\n> that with enough effort some of these could have been exploited to run\n> arbitrary code.\n", "id": "FreeBSD-2025-0330", "modified": "2025-10-17T00:00:00Z", "published": "2025-10-17T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://bugzilla.mozilla.org/buglist.cgi?bug_id=1938220%2C1980730%2C1981280%2C1981283%2C1984505%2C1985067" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2025-10537" }, { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-10537" } ], "schema_version": "1.7.0", "summary": "Mozilla -- Memory safety bugs" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "firefox" }, "ranges": [ { "events": [ { "fixed": "143.0.0,2" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "firefox-esr" }, "ranges": [ { "events": [ { "fixed": "140.3.0" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "thunderbird" }, "ranges": [ { "events": [ { "fixed": "143.0.0" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://bugzilla.mozilla.org/show_bug.cgi?id=1981502" ], "discovery": "2025-09-16T00:00:00Z", "references": { "cvename": [ "CVE-2025-10536" ] }, "vid": "4fe6f98e-ab7b-11f0-b961-b42e991fc52e" }, "details": "security@mozilla.org reports:\n\n> This vulnerability affects Firefox \\< 143, Firefox ESR \\< 140.3,\n> Thunderbird \\< 143, and Thunderbird \\< 140.3.\n", "id": "FreeBSD-2025-0329", "modified": "2025-10-17T00:00:00Z", "published": "2025-10-17T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1981502" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2025-10536" }, { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-10536" } ], "schema_version": "1.7.0", "summary": "Mozilla -- Information disclosure" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "firefox" }, "ranges": [ { "events": [ { "fixed": "143.0.0,2" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "thunderbird" }, "ranges": [ { "events": [ { "fixed": "143.0.0" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://bugzilla.mozilla.org/show_bug.cgi?id=1665334" ], "discovery": "2025-09-16T00:00:00Z", "references": { "cvename": [ "CVE-2025-10534" ] }, "vid": "1e8a6581-ab7b-11f0-b961-b42e991fc52e" }, "details": "security@mozilla.org reports:\n\n> Spoofing issue in the Site Permission component\n", "id": "FreeBSD-2025-0328", "modified": "2025-10-17T00:00:00Z", "published": "2025-10-17T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1665334" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2025-10534" }, { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-10534" } ], "schema_version": "1.7.0", "summary": "Mozilla -- spoofing" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "firefox" }, "ranges": [ { "events": [ { "fixed": "143.0.0,2" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "firefox-esr" }, "ranges": [ { "events": [ { "fixed": "115.28.0" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "thunderbird" }, "ranges": [ { "events": [ { "fixed": "143.0.0" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://bugzilla.mozilla.org/show_bug.cgi?id=1980788" ], "discovery": "2025-09-16T00:00:00Z", "references": { "cvename": [ "CVE-2025-10533" ] }, "vid": "c7383de4-ab7a-11f0-b961-b42e991fc52e" }, "details": "security@mozilla.org reports:\n\n> Integer overflow in the SVG component\n", "id": "FreeBSD-2025-0327", "modified": "2025-10-17T00:00:00Z", "published": "2025-10-17T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1980788" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2025-10533" }, { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-10533" } ], "schema_version": "1.7.0", "summary": "Mozilla -- integer overflow" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "minio" }, "ranges": [ { "events": [ { "fixed": "RELEASE.2025-10-15T17-29-55Z" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://github.com/minio/minio/security/advisories/GHSA-jjjj-jwhf-8rgr" ], "discovery": "2025-10-17T00:00:00Z", "references": { "cvename": [ "CVE-2025-62506" ] }, "vid": "511f5aac-ab46-11f0-9446-f02f7497ecda" }, "details": "mino reports:\n\n> A privilege escalation vulnerability allows service accounts and STS\n> (Security Token Service) accounts with restricted session policies to\n> bypass their inline policy restrictions when performing \\\"own\\\"\n> account operations, specifically when creating new service accounts\n> for the same user.\n", "id": "FreeBSD-2025-0326", "modified": "2025-10-17T00:00:00Z", "published": "2025-10-17T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://github.com/minio/minio/security/advisories/GHSA-jjjj-jwhf-8rgr" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2025-62506" }, { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-62506" } ], "schema_version": "1.7.0", "summary": "minio -- Privilege Escalation via Session Policy Bypass in Service Accounts and STS" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "zeek" }, "ranges": [ { "events": [ { "fixed": "8.0.2" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "INSERT URL HERE" ], "discovery": "2025-10-13T00:00:00Z", "vid": "50fd6a75-0587-4987-bef2-bb933cd78ea1" }, "details": "Tim Wojtulewicz of Corelight reports:\n\n> The KRB analyzer can leak information about hosts in analyzed traffic\n> via external DNS lookups.\n", "id": "FreeBSD-2025-0325", "modified": "2025-10-13T00:00:00Z", "published": "2025-10-13T00:00:00Z", "references": [ { "type": "REPORT", "url": "INSERT URL HERE" }, { "type": "WEB", "url": "https://github.com/zeek/zeek/releases/tag/v8.0.2" } ], "schema_version": "1.7.0", "summary": "zeek -- information leak vulnerability" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "firefox" }, "ranges": [ { "events": [ { "fixed": "143.0.3,2" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://bugzilla.mozilla.org/show_bug.cgi?id=1987481" ], "discovery": "2025-09-30T00:00:00Z", "references": { "cvename": [ "CVE-2025-11153" ] }, "vid": "6dd86212-a859-11f0-bd95-b42e991fc52e" }, "details": "security@mozilla.org reports:\n\n> JIT miscompilation in the JavaScript Engine: JIT component.\n", "id": "FreeBSD-2025-0324", "modified": "2025-10-13T00:00:00Z", "published": "2025-10-13T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1987481" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2025-11153" }, { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-11153" } ], "schema_version": "1.7.0", "summary": "Firefox -- JIT miscompilation in the JavaScript Engine" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "gitlab-ce" }, "ranges": [ { "events": [ { "introduced": "18.4.0" }, { "fixed": "18.4.2" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "18.3.0" }, { "fixed": "18.3.4" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "5.2.0" }, { "fixed": "18.2.8" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "gitlab-ee" }, "ranges": [ { "events": [ { "introduced": "18.4.0" }, { "fixed": "18.4.2" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "18.3.0" }, { "fixed": "18.3.4" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "5.2.0" }, { "fixed": "18.2.8" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://about.gitlab.com/releases/2025/10/08/patch-release-gitlab-18-4-2-released/" ], "discovery": "2025-10-08T00:00:00Z", "references": { "cvename": [ "CVE-2025-11340", "CVE-2025-10004", "CVE-2025-9825", "CVE-2025-2934" ] }, "vid": "87fdaf3c-a5b5-11f0-98b5-2cf05da270f3" }, "details": "Gitlab reports:\n\n> Incorrect authorization issue in GraphQL mutations impacts GitLab EE\n>\n> Denial of Service issue in GraphQL blob type impacts GitLab CE/EE\n>\n> Missing authorization issue in manual jobs impacts GitLab CE/EE\n>\n> Denial of Service issue in webhook endpoints impacts GitLab CE/EE\n", "id": "FreeBSD-2025-0323", "modified": "2025-10-10T00:00:00Z", "published": "2025-10-10T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://about.gitlab.com/releases/2025/10/08/patch-release-gitlab-18-4-2-released/" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2025-11340" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2025-10004" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2025-9825" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2025-2934" }, { "type": "WEB", "url": "https://about.gitlab.com/releases/2025/10/08/patch-release-gitlab-18-4-2-released/" } ], "schema_version": "1.7.0", "summary": "Gitlab -- vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "mailpit" }, "ranges": [ { "events": [ { "fixed": "1.27.10" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://github.com/axllent/mailpit/releases/tag/v1.27.10" ], "discovery": "2025-10-09T00:00:00Z", "vid": "0b5145e9-a500-11f0-a136-10ffe07f9334" }, "details": "Ralph Slooten (Mailpit developer) reports:\n\n> An HTTP endpoint was found which exposed expvar runtime information\n> (memory usage, goroutine counts, GC behavior, uptime and potential\n> runtime flags) due to the Prometheus client library dependency.\n", "id": "FreeBSD-2025-0322", "modified": "2025-10-09T00:00:00Z", "published": "2025-10-09T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://github.com/axllent/mailpit/releases/tag/v1.27.10" }, { "type": "WEB", "url": "https://github.com/axllent/mailpit/releases/tag/v1.27.10" } ], "schema_version": "1.7.0", "summary": "Mailpit -- Performance information disclosure" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "firefox" }, "ranges": [ { "events": [ { "fixed": "143.0.0,2" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "firefox-esr" }, "ranges": [ { "events": [ { "fixed": "140.3" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "thunderbird" }, "ranges": [ { "events": [ { "fixed": "143.0" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://bugzilla.mozilla.org/show_bug.cgi?id=1979502" ], "discovery": "2025-09-16T00:00:00Z", "references": { "cvename": [ "CVE-2025-10532" ] }, "vid": "f60c790a-a394-11f0-9617-b42e991fc52e" }, "details": "security@mozilla.org reports:\n\n> The vulnerability has been assessed to have moderate impact on\n> affected systems, potentially allowing attackers to exploit incorrect\n> boundary conditions in the JavaScript Garbage Collection component. In\n> Thunderbird specifically, these flaws cannot be exploited through\n> email as scripting is disabled when reading mail, but remain potential\n> risks in browser or browser-like contexts\n", "id": "FreeBSD-2025-0321", "modified": "2025-10-07T00:00:00Z", "published": "2025-10-07T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1979502" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2025-10532" }, { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-10532" } ], "schema_version": "1.7.0", "summary": "Mozilla -- Incorrect boundary conditions" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "firefox" }, "ranges": [ { "events": [ { "fixed": "143.0,2" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "thunderbird" }, "ranges": [ { "events": [ { "fixed": "143.0" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://bugzilla.mozilla.org/show_bug.cgi?id=1978453" ], "discovery": "2025-09-16T00:00:00Z", "references": { "cvename": [ "CVE-2025-10531" ] }, "vid": "a240c31b-a394-11f0-9617-b42e991fc52e" }, "details": "security@mozilla.org reports:\n\n> The vulnerability has been rated as having moderate impact, affecting\n> both confidentiality and integrity with low severity, while having no\n> impact on availability. For Thunderbird specifically, the\n> vulnerability cannot be exploited through email as scripting is\n> disabled when reading mail, but remains a potential risk in browser or\n> browser-like contexts\n", "id": "FreeBSD-2025-0320", "modified": "2025-10-07T00:00:00Z", "published": "2025-10-07T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1978453" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2025-10531" }, { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-10531" } ], "schema_version": "1.7.0", "summary": "Mozilla -- mitigation bypass vulnerability" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "firefox" }, "ranges": [ { "events": [ { "fixed": "143.0.0,2" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "firefox-esr" }, "ranges": [ { "events": [ { "fixed": "140.3.0" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "thunderbird" }, "ranges": [ { "events": [ { "fixed": "143.0.0" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://bugzilla.mozilla.org/show_bug.cgi?id=1986185" ], "discovery": "2025-09-16T00:00:00Z", "references": { "cvename": [ "CVE-2025-10527", "CVE-2025-10528" ] }, "vid": "f2de2f64-a2cc-11f0-8402-b42e991fc52e" }, "details": "security@mozilla.org reports:\n\n> Sandbox escape due to use-after-free\n", "id": "FreeBSD-2025-0319", "modified": "2025-10-06T00:00:00Z", "published": "2025-10-06T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1986185" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2025-10527" }, { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-10527" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2025-10528" }, { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-10528" } ], "schema_version": "1.7.0", "summary": "Mozilla -- Sandbox escape due to use-after-free" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "mongodb60" }, "ranges": [ { "events": [ { "fixed": "6.0.25" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "mongodb70" }, "ranges": [ { "events": [ { "fixed": "7.0.22" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://jira.mongodb.org/browse/SERVER-99616" ], "discovery": "2025-09-05T00:00:00Z", "references": { "cvename": [ "CVE-2025-10061" ] }, "vid": "a5395e02-a2ca-11f0-8402-b42e991fc52e" }, "details": "cna@mongodb.com reports:\n\n> An authorized user can cause a crash in the MongoDB Server through a\n> specially crafted \\$group query. This vulnerability is related to the\n> incorrect handling of certain accumulator functions when additional\n> parameters are specified within the \\$group operation. This\n> vulnerability could lead to denial of service if triggered repeatedly.\n", "id": "FreeBSD-2025-0318", "modified": "2025-10-07T00:00:00Z", "published": "2025-10-06T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://jira.mongodb.org/browse/SERVER-99616" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2025-10061" }, { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-10061" } ], "schema_version": "1.7.0", "summary": "mongodb -- Malformed $group Query May Cause MongoDB Server to Crash" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "mongodb60" }, "ranges": [ { "events": [ { "fixed": "6.0.25" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "mongodb70" }, "ranges": [ { "events": [ { "fixed": "7.0.22" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "mongodb80" }, "ranges": [ { "events": [ { "fixed": "8.0.12" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://jira.mongodb.org/browse/SERVER-95524" ], "discovery": "2025-09-05T00:00:00Z", "references": { "cvename": [ "CVE-2025-10060" ] }, "vid": "6d16b410-a2ca-11f0-8402-b42e991fc52e" }, "details": "cna@mongodb.com reports:\n\n> MongoDB Server may allow upsert operations retried within a\n> transaction to violate unique index constraints, potentially causing\n> an invariant failure and server crash during commit. This issue may be\n> triggered by improper WriteUnitOfWork state management.\n", "id": "FreeBSD-2025-0317", "modified": "2025-10-06T00:00:00Z", "published": "2025-10-06T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://jira.mongodb.org/browse/SERVER-95524" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2025-10060" }, { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-10060" } ], "schema_version": "1.7.0", "summary": "mongodb -- MongoDB may be susceptible to Invariant Failure in Transactions due Upsert Operation" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "mongodb60" }, "ranges": [ { "events": [ { "fixed": "6.0.24" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "mongodb70" }, "ranges": [ { "events": [ { "fixed": "7.0.18" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "mongodb80" }, "ranges": [ { "events": [ { "fixed": "8.0.6" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://jira.mongodb.org/browse/SERVER-100901" ], "discovery": "2025-09-05T00:00:00Z", "references": { "cvename": [ "CVE-2025-10059" ] }, "vid": "4329e3bd-a2ca-11f0-8402-b42e991fc52e" }, "details": "cna@mongodb.com reports:\n\n> An improper setting of the lsid field on any sharded query can cause a\n> crash in MongoDB routers. This issue occurs when a generic argument\n> (lsid) is provided in a case when it is not applicable.\n", "id": "FreeBSD-2025-0316", "modified": "2025-10-06T00:00:00Z", "published": "2025-10-06T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://jira.mongodb.org/browse/SERVER-100901" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2025-10059" }, { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-10059" } ], "schema_version": "1.7.0", "summary": "mongodb -- MongoDB Server router will crash when incorrect lsid is set on a sharded query" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "mongodb6" }, "ranges": [ { "events": [ { "fixed": "6.0.3" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://jira.mongodb.org/browse/SERVER-71477" ], "discovery": "2024-09-10T00:00:00Z", "references": { "cvename": [ "CVE-2024-8654" ] }, "vid": "a9dc3c61-a20f-11f0-91d8-b42e991fc52e" }, "details": "cna@mongodb.com reports:\n\n> MongoDB Server may access non-initialized region of memory leading to\n> unexpected behaviour when zero arguments are called in internal\n> aggregation stage.\n", "id": "FreeBSD-2025-0315", "modified": "2025-10-05T00:00:00Z", "published": "2025-10-05T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://jira.mongodb.org/browse/SERVER-71477" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-8654" }, { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-8654" } ], "schema_version": "1.7.0", "summary": "mongodb -- MongoDB Server access to non-initialized memory" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "redis" }, "ranges": [ { "events": [ { "introduced": "8.2.0" }, { "fixed": "8.2.2" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "redis80" }, "ranges": [ { "events": [ { "introduced": "8.0.0" }, { "fixed": "8.0.4" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "redis74" }, "ranges": [ { "events": [ { "introduced": "7.4.0" }, { "fixed": "7.4.6" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "redis72" }, "ranges": [ { "events": [ { "introduced": "7.2.0" }, { "fixed": "7.2.11" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "redis62" }, "ranges": [ { "events": [ { "introduced": "6.2.0" }, { "fixed": "6.2.20" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "valkey" }, "ranges": [ { "events": [ { "fixed": "8.1.4" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://github.com/redis/redis/security/advisories/GHSA-4c68-q8q8-3g4f" ], "discovery": "2025-10-03T00:00:00Z", "references": { "cvename": [ "CVE-2025-46819" ] }, "vid": "0af2f18e-a119-11f0-9446-f02f7497ecda" }, "details": "redis reports:\n\n> An authenticated user may use a specially crafted LUA script to read\n> out-of-bound data or crash the server and subsequent denial of\n> service. The problem exists in all versions of Redis with Lua\n> scripting An additional workaround to mitigate the problem without\n> patching the redis-server executable is to prevent users from\n> executing Lua scripts. This can be done using ACL to block a script by\n> restricting both the EVAL and FUNCTION command families.\n", "id": "FreeBSD-2025-0314", "modified": "2025-10-04T00:00:00Z", "published": "2025-10-04T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://github.com/redis/redis/security/advisories/GHSA-4c68-q8q8-3g4f" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2025-46819" }, { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-46819" } ], "schema_version": "1.7.0", "summary": "redis,valkey -- Out of bound read due to a bug in LUA" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "redis" }, "ranges": [ { "events": [ { "introduced": "8.2.0" }, { "fixed": "8.2.2" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "redis80" }, "ranges": [ { "events": [ { "introduced": "8.0.0" }, { "fixed": "8.0.4" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "redis74" }, "ranges": [ { "events": [ { "introduced": "7.4.0" }, { "fixed": "7.4.6" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "redis72" }, "ranges": [ { "events": [ { "introduced": "7.2.0" }, { "fixed": "7.2.11" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "redis62" }, "ranges": [ { "events": [ { "introduced": "6.2.0" }, { "fixed": "6.2.20" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "valkey" }, "ranges": [ { "events": [ { "fixed": "8.1.4" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://github.com/redis/redis/security/advisories/GHSA-qrv7-wcrx-q5jp" ], "discovery": "2025-10-03T00:00:00Z", "references": { "cvename": [ "CVE-2025-46818" ] }, "vid": "0258d37d-a118-11f0-9446-f02f7497ecda" }, "details": "redis reports:\n\n> An authenticated user may use a specially crafted Lua script to\n> manipulate different LUA objects and potentially run their own code in\n> the context of another user The problem exists in all versions of\n> Redis with Lua scripting. An additional workaround to mitigate the\n> problem without patching the redis-server executable is to prevent\n> users from executing Lua scripts. This can be done using ACL to block\n> a script by restricting both the EVAL and FUNCTION command families.\n", "id": "FreeBSD-2025-0313", "modified": "2025-10-04T00:00:00Z", "published": "2025-10-04T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://github.com/redis/redis/security/advisories/GHSA-qrv7-wcrx-q5jp" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2025-46818" }, { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-46818" } ], "schema_version": "1.7.0", "summary": "redis,valkey -- Running Lua function as a different user" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "redis" }, "ranges": [ { "events": [ { "introduced": "8.2.0" }, { "fixed": "8.2.2" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "redis80" }, "ranges": [ { "events": [ { "introduced": "8.0.0" }, { "fixed": "8.0.4" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "redis74" }, "ranges": [ { "events": [ { "introduced": "7.4.0" }, { "fixed": "7.4.6" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "redis72" }, "ranges": [ { "events": [ { "introduced": "7.2.0" }, { "fixed": "7.2.11" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "redis62" }, "ranges": [ { "events": [ { "introduced": "6.2.0" }, { "fixed": "6.2.20" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "valkey" }, "ranges": [ { "events": [ { "fixed": "8.1.4" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://github.com/redis/redis/security/advisories/GHSA-m8fj-85cg-7vhp" ], "discovery": "2025-10-03T00:00:00Z", "references": { "cvename": [ "CVE-2025-46817" ] }, "vid": "f6b8de04-a116-11f0-9446-f02f7497ecda" }, "details": "redis reports:\n\n> An authenticated user may use a specially crafted Lua script to cause\n> an integer overflow and potentially lead to remote code execution The\n> problem exists in all versions of Redis with Lua scripting. An\n> additional workaround to mitigate the problem without patching the\n> redis-server executable is to prevent users from executing Lua\n> scripts. This can be done using ACL to block a script by restricting\n> both the EVAL and FUNCTION command families.\n", "id": "FreeBSD-2025-0312", "modified": "2025-10-04T00:00:00Z", "published": "2025-10-04T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://github.com/redis/redis/security/advisories/GHSA-m8fj-85cg-7vhp" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2025-46817" }, { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-46817" } ], "schema_version": "1.7.0", "summary": "redis,valkey -- Lua library commands may lead to integer overflow and potential RCE" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "redis" }, "ranges": [ { "events": [ { "introduced": "8.2.0" }, { "fixed": "8.2.2" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "redis80" }, "ranges": [ { "events": [ { "introduced": "8.0.0" }, { "fixed": "8.0.4" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "redis74" }, "ranges": [ { "events": [ { "introduced": "7.4.0" }, { "fixed": "7.4.6" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "redis72" }, "ranges": [ { "events": [ { "introduced": "7.2.0" }, { "fixed": "7.2.11" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "redis62" }, "ranges": [ { "events": [ { "introduced": "6.2.0" }, { "fixed": "6.2.20" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "valkey" }, "ranges": [ { "events": [ { "fixed": "8.1.4" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://github.com/redis/redis/security/advisories/GHSA-4789-qfc9-5f9q" ], "discovery": "2025-10-03T00:00:00Z", "references": { "cvename": [ "CVE-2025-49844" ] }, "vid": "17e85cae-a115-11f0-9446-f02f7497ecda" }, "details": "redis reports:\n\n> An authenticated user may use a specially crafted Lua script to\n> manipulate the garbage collector, trigger a use-after-free and\n> potentially lead to remote code execution. The problem exists in all\n> versions of Redis with Lua scripting. An additional workaround to\n> mitigate the problem without patching the redis-server executable is\n> to prevent users from executing Lua scripts. This can be done using\n> ACL to restrict EVAL and EVALSHA commands.\n", "id": "FreeBSD-2025-0311", "modified": "2025-10-04T00:00:00Z", "published": "2025-10-04T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://github.com/redis/redis/security/advisories/GHSA-4789-qfc9-5f9q" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2025-49844" }, { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-49844" } ], "schema_version": "1.7.0", "summary": "redis,valkey -- Lua Use-After-Free may lead to remote code execution" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "qt6-pdf" }, "ranges": [ { "events": [ { "fixed": "6.9.3" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "qt6-webengine" }, "ranges": [ { "events": [ { "fixed": "6.9.3" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://code.qt.io/cgit/qt/qtwebengine-chromium.git/log/?h=130-based" ], "discovery": "2025-09-25T00:00:00Z", "references": { "cvename": [ "CVE-2025-9866", "CVE-2025-10200", "CVE-2025-10201", "CVE-2025-10500", "CVE-2025-10501", "CVE-2025-10502", "CVE-2025-10890", "CVE-2025-10891", "CVE-2025-10892" ] }, "vid": "c27c05a7-a0c8-11f0-8471-4ccc6adda413" }, "details": "Qt qtwebengine-chromium repo reports:\n\n> Backports for 9 security bugs in Chromium:\n>\n> - CVE-2025-9866: Determine whether to bypass redirect checks per\n> request\n> - CVE-2025-10200: Use after free in Serviceworker\n> - CVE-2025-10201: Inappropriate implementation in Mojo\n> - CVE-2025-10500: Use after free in Dawn\n> - CVE-2025-10501: Use after free in WebRTC\n> - CVE-2025-10502: Heap buffer overflow in ANGLE\n> - CVE-2025-10890: Side-channel information leakage in V8 (1/2)\n> - CVE-2025-10891: Integer overflow in V8\n> - CVE-2025-10892: Integer overflow in V8\n", "id": "FreeBSD-2025-0310", "modified": "2025-10-04T00:00:00Z", "published": "2025-10-04T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://code.qt.io/cgit/qt/qtwebengine-chromium.git/log/?h=130-based" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2025-9866" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2025-10200" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2025-10201" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2025-10500" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2025-10501" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2025-10502" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2025-10890" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2025-10891" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2025-10892" }, { "type": "WEB", "url": "https://code.qt.io/cgit/qt/qtwebengine-chromium.git/log/?h=130-based" } ], "schema_version": "1.7.0", "summary": "qt6-webengine -- Multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "fetchmail" }, "ranges": [ { "events": [ { "introduced": "5.9.9" }, { "fixed": "6.5.6" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://www.fetchmail.info/fetchmail-SA-2025-01.txt" ], "discovery": "2025-10-02T00:00:00Z", "references": { "cvename": [ "CVE-2025-61962" ] }, "vid": "21fba35e-a05f-11f0-a8b8-a1ef31191bc1" }, "details": "Matthias Andree reports:\n\n> fetchmail\\'s SMTP client, when configured to authenticate, is\n> susceptible to a protocol violation where, when a trusted but\n> malicious or malfunctioning SMTP server responds to an authentication\n> request with a \\\"334\\\" code but without a following blank on the line,\n> it will attempt to start reading from memory address 0x1 to parse the\n> server\\'s SASL challenge. This address is constant and not under the\n> attacker\\'s control. This event will usually cause a crash of\n> fetchmail.\n", "id": "FreeBSD-2025-0309", "modified": "2025-10-04T00:00:00Z", "published": "2025-10-03T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://www.fetchmail.info/fetchmail-SA-2025-01.txt" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2025-61962" }, { "type": "WEB", "url": "https://www.fetchmail.info/fetchmail-SA-2025-01.txt" }, { "type": "WEB", "url": "https://gitlab.com/fetchmail/fetchmail/-/raw/legacy_6x/fetchmail-SA-2025-01.txt?ref_type=heads" }, { "type": "WEB", "url": "https://gitlab.com/fetchmail/fetchmail/-/commit/4c3cebfa4e659fb778ca2cae0ccb3f69201609a8" } ], "schema_version": "1.7.0", "summary": "fetchmail -- potential crash when authenticating to SMTP server" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "chromium" }, "ranges": [ { "events": [ { "fixed": "141.0.7390.54" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "ungoogled-chromium" }, "ranges": [ { "events": [ { "fixed": "141.0.7390.54" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://chromereleases.googleblog.com/2025/09/stable-channel-update-for-desktop_30.html" ], "discovery": "2025-09-30T00:00:00Z", "references": { "cvename": [ "CVE-2025-11205", "CVE-2025-11206", "CVE-2025-11207", "CVE-2025-11208", "CVE-2025-11209", "CVE-2025-11210", "CVE-2025-11211", "CVE-2025-11212", "CVE-2025-11213", "CVE-2025-11215", "CVE-2025-11216", "CVE-2025-11219" ] }, "vid": "169a87de-a157-4558-9f97-a7395a9ae144" }, "details": "Chrome Releases reports:\n\n> This update includes 21 security fixes:\n>\n> - \\[442444724\\] High CVE-2025-11205: Heap buffer overflow in WebGPU.\n> Reported by Atte Kettunen of OUSPG on 2025-09-02\n> - \\[444755026\\] High CVE-2025-11206: Heap buffer overflow in Video.\n> Reported by Elias Hohl on 2025-09-12\n> - \\[428189824\\] Medium CVE-2025-11207: Side-channel information\n> leakage in Storage. Reported by Alesandro Ortiz on 2025-06-27\n> - \\[397878997\\] Medium CVE-2025-11208: Inappropriate implementation in\n> Media. Reported by Kevin Joensen on 2025-02-20\n> - \\[438226517\\] Medium CVE-2025-11209: Inappropriate implementation in\n> Omnibox. Reported by Hafiizh on 2025-08-13\n> - \\[440523110\\] Medium CVE-2025-11210: Side-channel information\n> leakage in Tab. Reported by Umar Farooq on 2025-08-22\n> - \\[441917796\\] Medium CVE-2025-11211: Out of bounds read in Media.\n> Reported by Kosir Jakob on 2025-08-29\n> - \\[420734141\\] Medium CVE-2025-11212: Inappropriate implementation in\n> Media. Reported by Ameen Basha M K on 2025-05-28\n> - \\[443408317\\] Medium CVE-2025-11213: Inappropriate implementation in\n> Omnibox. Reported by Hafiizh on 2025-09-06\n> - \\[439758498\\] Medium CVE-2025-11215: Off by one error in V8.\n> Reported by Google Big Sleep on 2025-08-19\n> - \\[419721056\\] Low CVE-2025-11216: Inappropriate implementation in\n> Storage. Reported by Farras Givari on 2025-05-23\n> - \\[439772737\\] Low CVE-2025-11219: Use after free in V8. Reported by\n> Google Big Sleep on 2025-08-19\n", "id": "FreeBSD-2025-0308", "modified": "2025-10-03T00:00:00Z", "published": "2025-10-03T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://chromereleases.googleblog.com/2025/09/stable-channel-update-for-desktop_30.html" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2025-11205" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2025-11206" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2025-11207" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2025-11208" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2025-11209" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2025-11210" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2025-11211" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2025-11212" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2025-11213" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2025-11215" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2025-11216" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2025-11219" }, { "type": "WEB", "url": "https://chromereleases.googleblog.com/2025/09/stable-channel-update-for-desktop_30.html" } ], "schema_version": "1.7.0", "summary": "chromium -- multiple security fixes" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "py39-django42" }, "ranges": [ { "events": [ { "fixed": "4.2.25" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "py310-django42" }, "ranges": [ { "events": [ { "fixed": "4.2.25" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "py311-django42" }, "ranges": [ { "events": [ { "fixed": "4.2.25" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "py310-django51" }, "ranges": [ { "events": [ { "fixed": "5.1.13" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "py311-django51" }, "ranges": [ { "events": [ { "fixed": "5.1.13" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "py310-django52" }, "ranges": [ { "events": [ { "fixed": "5.2.7" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "py311-django52" }, "ranges": [ { "events": [ { "fixed": "5.2.7" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://www.djangoproject.com/weblog/2025/oct/01/security-releases/" ], "discovery": "2025-10-01T00:00:00Z", "references": { "cvename": [ "CVE-2025-59681", "CVE-2025-59682" ] }, "vid": "90fc859e-9fe4-11f0-9fa2-080027836e8b" }, "details": "Django reports:\n\n> CVE-2025-59681: Potential SQL injection in QuerySet.annotate(),\n> alias(), aggregate(), and extra() on MySQL and MariaDB.\n>\n> CVE-2025-59682: Potential partial directory-traversal via\n> archive.extract().\n", "id": "FreeBSD-2025-0307", "modified": "2025-10-02T00:00:00Z", "published": "2025-10-02T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://www.djangoproject.com/weblog/2025/oct/01/security-releases/" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2025-59681" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2025-59682" }, { "type": "WEB", "url": "https://www.djangoproject.com/weblog/2025/oct/01/security-releases/" } ], "schema_version": "1.7.0", "summary": "Django -- multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "py39-mysql-connector-python" }, "ranges": [ { "events": [ { "fixed": "9.2.0" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "py310-mysql-connector-python" }, "ranges": [ { "events": [ { "fixed": "9.2.0" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "py311-mysql-connector-python" }, "ranges": [ { "events": [ { "fixed": "9.2.0" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "py312-mysql-connector-python" }, "ranges": [ { "events": [ { "fixed": "9.2.0" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://www.oracle.com/security-alerts/cpujan2025.html" ], "discovery": "2025-01-21T00:00:00Z", "references": { "cvename": [ "CVE-2025-21548" ] }, "vid": "cb570d6f-9ea9-11f0-9446-f02f7497ecda" }, "details": "Oracle reports:\n\n> Vulnerability in the MySQL Connectors product of Oracle MySQL\n> (component: Connector/Python). Supported versions that are affected\n> are 9.1.0 and prior. Easily exploitable vulnerability allows high\n> privileged attacker with network access via multiple protocols to\n> compromise MySQL Connectors. Successful attacks require human\n> interaction from a person other than the attacker. Successful attacks\n> of this vulnerability can result in unauthorized creation, deletion or\n> modification access to critical data or all MySQL Connectors\n> accessible data as well as unauthorized read access to a subset of\n> MySQL Connectors accessible data and unauthorized ability to cause a\n> hang or frequently repeatable crash (complete DOS) of MySQL\n> Connectors. CVSS 3.1 Base Score 6.4 (Confidentiality, Integrity and\n> Availability impacts). CVSS Vector:\n> (CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:H/A:H).\n", "id": "FreeBSD-2025-0306", "modified": "2025-10-01T00:00:00Z", "published": "2025-10-01T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://www.oracle.com/security-alerts/cpujan2025.html" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2025-21548" }, { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-21548" } ], "schema_version": "1.7.0", "summary": "py-mysql-connector-python -- Vulnerability in the MySQL Connectors product of Oracle MySQL" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "openssl" }, "ranges": [ { "events": [ { "fixed": "3.0.18,1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "openssl32" }, "ranges": [ { "events": [ { "fixed": "3.2.6" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "openssl33" }, "ranges": [ { "events": [ { "fixed": "3.3.5" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "openssl33-quictls" }, "ranges": [ { "events": [ { "fixed": "3.3.5" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "openssl34" }, "ranges": [ { "events": [ { "fixed": "3.4.3" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "openssl35" }, "ranges": [ { "events": [ { "fixed": "3.5.4" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "openssl36" }, "ranges": [ { "events": [ { "fixed": "3.6.0" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://openssl-library.org/news/secadv/20250930.txt" ], "discovery": "2025-09-30T00:00:00Z", "references": { "cvename": [ "CVE-2025-9230", "CVE-2025-9231", "CVE-2025-9232" ], "freebsdsa": [ "SA-25:08.openssl" ] }, "vid": "00e912c5-9e92-11f0-bc5f-8447094a420f" }, "details": "The OpenSSL project reports reports:\n\n> Out-of-bounds read & write in RFC 3211 KEK Unwrap\n>\n> Timing side-channel in SM2 algorithm on 64-bit ARM\n>\n> Fix Out-of-bounds read in HTTP client no_proxy handling\n", "id": "FreeBSD-2025-0305", "modified": "2025-10-03T00:00:00Z", "published": "2025-10-01T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://openssl-library.org/news/secadv/20250930.txt" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2025-9230" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2025-9231" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2025-9232" }, { "type": "ADVISORY", "url": "https://www.freebsd.org/security/advisories/FreeBSD-SA-25:08.openssl.asc" }, { "type": "WEB", "url": "https://openssl-library.org/news/secadv/20250930.txt" } ], "schema_version": "1.7.0", "summary": "OpenSSL -- multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "libressl" }, "ranges": [ { "events": [ { "fixed": "4.1.1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "libressl-devel" }, "ranges": [ { "events": [ { "fixed": "4.1.1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://github.com/libressl/portable/releases/tag/v4.1.1" ], "discovery": "2025-10-01T00:00:00Z", "references": { "cvename": [ "CVE-2025-9230" ] }, "vid": "699ef80f-9e91-11f0-bc5f-8447094a420f" }, "details": "The LibreSSL project reports:\n\n> An incorrect length check can result in a 4-byte overwrite and an\n> 8-byte overread.\n", "id": "FreeBSD-2025-0304", "modified": "2025-10-01T00:00:00Z", "published": "2025-10-01T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://github.com/libressl/portable/releases/tag/v4.1.1" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2025-9230" }, { "type": "WEB", "url": "https://github.com/libressl/portable/releases/tag/v4.1.1" } ], "schema_version": "1.7.0", "summary": "LibreSSL -- overwrite and -read vulnerability" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "goldendict" }, "ranges": [ { "events": [ { "fixed": "1.5.2" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://github.com/goldendict/goldendict/releases" ], "discovery": "2025-07-17T00:00:00Z", "references": { "cvename": [ "CVE-2025-53964" ] }, "vid": "4ccd6222-9c83-11f0-a337-b42e991fc52e" }, "details": "cve@mitre.org reports:\n\n> GoldenDict 1.5.0 and 1.5.1 has an exposed dangerous method that allows\n> reading and modifying files when a user adds a crafted dictionary and\n> then searches for any term included in that dictionary.\n", "id": "FreeBSD-2025-0303", "modified": "2025-09-28T00:00:00Z", "published": "2025-09-28T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://github.com/goldendict/goldendict/releases" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2025-53964" }, { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-53964" } ], "schema_version": "1.7.0", "summary": "goldendict -- dangerous method exposed" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "libudisks" }, "ranges": [ { "events": [ { "fixed": "2.10.2" }, { "introduced": "0" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "2.10.90" }, { "fixed": "2.10.91" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://access.redhat.com/errata/RHSA-2025:15017" ], "discovery": "2025-08-28T00:00:00Z", "references": { "cvename": [ "CVE-2025-8067" ] }, "vid": "3bf134f4-942d-11f0-95de-0800276af896" }, "details": "secalert@redhat.com reports:\n\n> A flaw was found in the Udisks daemon, where it allows unprivileged\n> users to create loop devices using the D-BUS system. This is achieved\n> via the loop device handler, which handles requests sent through the\n> D-BUS interface. As two of the parameters of this handle, it receives\n> the file descriptor list and index specifying the file where the loop\n> device should be backed. The function itself validates the index value\n> to ensure it isn\\'t bigger than the maximum value allowed. However, it\n> fails to validate the lower bound, allowing the index parameter to be\n> a negative value. Under these circumstances, an attacker can cause the\n> UDisks daemon to crash or perform a local privilege escalation by\n> gaining access to files owned by privileged users.\n", "id": "FreeBSD-2025-0302", "modified": "2025-09-26T00:00:00Z", "published": "2025-09-26T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://access.redhat.com/errata/RHSA-2025:15017" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2025-8067" }, { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-8067" } ], "schema_version": "1.7.0", "summary": "libudisks -- Udisks: out-of-bounds read in udisks daemon" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "quiche" }, "ranges": [ { "events": [ { "fixed": "0.24.5" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://github.com/cloudflare/quiche/releases/tag/0.24.5" ], "discovery": "2025-08-07T00:00:00Z", "references": { "cvename": [ "CVE-2025-7054" ] }, "vid": "32bdeb94-9958-11f0-b6e2-6805ca2fa271" }, "details": "Quiche Releases reports:\n\n> This update includes 1 security fix:\n>\n> - High CVE-2025-7054: Infinite loop triggered by connection ID\n> retirement. Reported by Catena cyber on 2025-08-07.\n", "id": "FreeBSD-2025-0301", "modified": "2025-09-26T00:00:00Z", "published": "2025-09-26T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://github.com/cloudflare/quiche/releases/tag/0.24.5" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2025-7054" }, { "type": "WEB", "url": "https://www.cve.org/CVERecord?id=CVE-2025-7054" } ], "schema_version": "1.7.0", "summary": "quiche -- Infinite loop triggered by connection ID retirement" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "quiche" }, "ranges": [ { "events": [ { "fixed": "0.24.4" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://github.com/cloudflare/quiche/releases/tag/0.24.4" ], "discovery": "2025-06-18T00:00:00Z", "references": { "cvename": [ "CVE-2025-4820", "CVE-2025-4821" ] }, "vid": "7b0cbc73-9955-11f0-b6e2-6805ca2fa271" }, "details": "Quiche Releases reports:\n\n> This update includes 2 security fixes:\n>\n> - Medium CVE-2025-4820: Incorrect congestion window growth by\n> optimistic ACK. Reported by Louis Navarre on 2025-06-18.\n> - High CVE-2025-4821: Incorrect congestion window growth by invalid\n> ACK ranges. Reported by Louis Navarre on 2025-06-18.\n", "id": "FreeBSD-2025-0300", "modified": "2025-09-26T00:00:00Z", "published": "2025-09-26T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://github.com/cloudflare/quiche/releases/tag/0.24.4" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2025-4820" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2025-4821" }, { "type": "WEB", "url": "https://github.com/cloudflare/quiche/releases/tag/0.24.4" } ], "schema_version": "1.7.0", "summary": "quiche -- Multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "gitlab-ce" }, "ranges": [ { "events": [ { "introduced": "18.4.0" }, { "fixed": "18.4.1" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "18.3.0" }, { "fixed": "18.3.3" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "11.10.0" }, { "fixed": "18.2.7" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "gitlab-ee" }, "ranges": [ { "events": [ { "introduced": "18.4.0" }, { "fixed": "18.4.1" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "18.3.0" }, { "fixed": "18.3.3" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "11.10.0" }, { "fixed": "18.2.7" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://about.gitlab.com/releases/2025/09/25/patch-release-gitlab-18-4-1-released/" ], "discovery": "2025-09-25T00:00:00Z", "references": { "cvename": [ "CVE-2025-10858", "CVE-2025-8014", "CVE-2025-9958", "CVE-2025-7691", "CVE-2025-10871", "CVE-2025-10867", "CVE-2025-5069", "CVE-2025-10868" ] }, "vid": "477fdc04-9aa2-11f0-961b-2cf05da270f3" }, "details": "Gitlab reports:\n\n> Denial of Service issue when uploading specifically crafted JSON files\n> impacts GitLab CE/EE\n>\n> Denial of Service issue bypassing query complexity limits impacts\n> GitLab CE/EE\n>\n> Information disclosure issue in virtual registery configuration for\n> low privileged users impacts GitLab CE/EE\n>\n> Privilege Escalation issue from within the Developer role impacts\n> GitLab EE\n>\n> Denial of Service issue in GraphQL API via Unbounded Array Parameters\n> impacts GitLab CE/EE\n>\n> Improper Authorization issue for Project Maintainers when assigning\n> roles impacts GitLab EE\n>\n> Denial of Service issue in GraphQL API blobSearch impacts GitLab CE/EE\n>\n> Incorrect ownership assignment via Move Issue drop-down impacts GitLab\n> CE/EE\n>\n> Denial of Service issue via string conversion methods impacts GitLab\n> CE/EE\n", "id": "FreeBSD-2025-0299", "modified": "2025-09-26T00:00:00Z", "published": "2025-09-26T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://about.gitlab.com/releases/2025/09/25/patch-release-gitlab-18-4-1-released/" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2025-10858" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2025-8014" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2025-9958" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2025-7691" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2025-10871" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2025-10867" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2025-5069" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2025-10868" }, { "type": "WEB", "url": "https://about.gitlab.com/releases/2025/09/25/patch-release-gitlab-18-4-1-released/" } ], "schema_version": "1.7.0", "summary": "Gitlab -- Vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "openvpn-devel" }, "ranges": [ { "events": [ { "introduced": "g20250629,1" }, { "fixed": "g20250925,1" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://github.com/OpenVPN/openvpn/commit/0fb5a00549be6b065f9a4d61940ee06786d9fa61", "https://github.com/OpenVPN/openvpn/commit/3a66045b407321c9d1c096227db164df3955ab40" ], "discovery": "2025-09-24T00:00:00Z", "references": { "cvename": [ "CVE-2025-10680" ] }, "vid": "e5cf9f44-9a64-11f0-8241-93c889bb8de1" }, "details": "Gert Doering reports:\n\n> Notable changes beta1 -\\> beta2 are: \\[\\...\\] add proper input\n> sanitation to DNS strings to prevent an attack coming from a\n> trusted-but-malicous OpenVPN server (CVE: 2025-10680, affects unixoid\n> systems with \\--dns-updown scripts and windows using the built-in\n> powershell call)\n\nLev Stipakov writes:\n\n> On Linux (and similar platforms), those options are written to a tmp\n> file, which is later sourced by a script running as root. Since\n> options are controlled by the server, it is possible for a malicious\n> server to execute script injection attack \\[\\...\\].\n\nThe original report is credited to Stanislav Fort\n\\.\n", "id": "FreeBSD-2025-0298", "modified": "2025-09-25T00:00:00Z", "published": "2025-09-25T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://github.com/OpenVPN/openvpn/commit/0fb5a00549be6b065f9a4d61940ee06786d9fa61" }, { "type": "REPORT", "url": "https://github.com/OpenVPN/openvpn/commit/3a66045b407321c9d1c096227db164df3955ab40" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2025-10680" }, { "type": "WEB", "url": "https://github.com/OpenVPN/openvpn/commit/0fb5a00549be6b065f9a4d61940ee06786d9fa61" }, { "type": "WEB", "url": "https://github.com/OpenVPN/openvpn/commit/3a66045b407321c9d1c096227db164df3955ab40" } ], "schema_version": "1.7.0", "summary": "openvpn-devel -- script injection vulnerability from trusted but malicious server" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "dnsdist" }, "ranges": [ { "events": [ { "fixed": "1.9.11" }, { "introduced": "0" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "2.0.0" }, { "fixed": "2.0.1" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://dnsdist.org/security-advisories/powerdns-advisory-for-dnsdist-2025-05.html" ], "discovery": "2025-09-18T00:00:00Z", "references": { "cvename": [ "CVE-2025-30187" ] }, "vid": "c2253bff-9952-11f0-b6e2-6805ca2fa271" }, "details": "security@open-xchange.com reports:\n\n> In some circumstances, when DNSdist is configured to use the nghttp2\n> library to process incoming DNS over HTTPS queries, an attacker might\n> be able to cause a denial of service by crafting a DoH exchange that\n> triggers an unbounded I/O read loop, causing an unexpected consumption\n> of CPU resources. The offending code was introduced in DNSdist\n> 1.9.0-alpha1 so previous versions are not affected.\n", "id": "FreeBSD-2025-0297", "modified": "2025-09-26T00:00:00Z", "published": "2025-09-24T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://dnsdist.org/security-advisories/powerdns-advisory-for-dnsdist-2025-05.html" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2025-30187" }, { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-30187" } ], "schema_version": "1.7.0", "summary": "dnsdist -- Denial of service via crafted DoH exchange" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "chromium" }, "ranges": [ { "events": [ { "fixed": "140.0.7339.207" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "ungoogled-chromium" }, "ranges": [ { "events": [ { "fixed": "140.0.7339.207" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://chromereleases.googleblog.com/2025/09/stable-channel-update-for-desktop_23.html" ], "discovery": "2025-09-23T00:00:00Z", "references": { "cvename": [ "CVE-2025-10890", "CVE-2025-10891", "CVE-2025-10892" ] }, "vid": "57b54de1-85a5-439a-899e-75d19cbdff54" }, "details": "Chrome Releases reports:\n\n> This update includes 4 security fixes:\n>\n> - \\[430336833\\] High CVE-2025-10890: Side-channel information leakage\n> in V8. Reported by Mate Marjanovi\u0107 (SharpEdged) on 2025-07-09\n> - \\[443765373\\] High CVE-2025-10891: Integer overflow in V8. Reported\n> by Google Big Sleep on 2025-09-09\n> - \\[444048019\\] High CVE-2025-10892: Integer overflow in V8. Reported\n> by Google Big Sleep on 2025-09-10\n", "id": "FreeBSD-2025-0296", "modified": "2025-09-23T00:00:00Z", "published": "2025-09-23T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://chromereleases.googleblog.com/2025/09/stable-channel-update-for-desktop_23.html" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2025-10890" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2025-10891" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2025-10892" }, { "type": "WEB", "url": "https://chromereleases.googleblog.com/2025/09/stable-channel-update-for-desktop_23.html" } ], "schema_version": "1.7.0", "summary": "chromium -- multiple security fixes" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "chromium" }, "ranges": [ { "events": [ { "fixed": "140.0.7339.185" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "ungoogled-chromium" }, "ranges": [ { "events": [ { "fixed": "140.0.7339.185" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://chromereleases.googleblog.com/2025/09/stable-channel-update-for-desktop_17.html" ], "discovery": "2025-09-17T00:00:00Z", "references": { "cvename": [ "CVE-2025-10585", "CVE-2025-10500", "CVE-2025-10501", "CVE-2025-10502" ] }, "vid": "6904ba53-22ff-4478-bfae-059dc2eefee1" }, "details": "Chrome Releases reports:\n\n> This update includes 4 security fixes:\n>\n> - \\[445380761\\] High CVE-2025-10585: Type Confusion in V8. Reported by\n> Google Threat Analysis Group on 2025-09-16\n> - \\[435875050\\] High CVE-2025-10500: Use after free in Dawn. Reported\n> by Giunash (Gyujeong Jin) on 2025-08-03\n> - \\[440737137\\] High CVE-2025-10501: Use after free in WebRTC.\n> Reported by sherkito on 2025-08-23\n> - \\[438038775\\] High CVE-2025-10502: Heap buffer overflow in ANGLE.\n> Reported by Google Big Sleep on 2025-08-12\n", "id": "FreeBSD-2025-0295", "modified": "2025-09-22T00:00:00Z", "published": "2025-09-22T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://chromereleases.googleblog.com/2025/09/stable-channel-update-for-desktop_17.html" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2025-10585" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2025-10500" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2025-10501" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2025-10502" }, { "type": "WEB", "url": "https://chromereleases.googleblog.com/2025/09/stable-channel-update-for-desktop_17.html" } ], "schema_version": "1.7.0", "summary": "chromium -- multiple security fixes" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "pcre2" }, "ranges": [ { "events": [ { "introduced": "10.45" }, { "last_affected": "10.45" }, { "fixed": "10.45" } ], "type": "ECOSYSTEM" } ], "versions": [ "10.45" ] } ], "database_specific": { "cite": [ "https://github.com/PCRE2Project/pcre2/commit/a141712e5967d448c7ce13090ab530c8e3d82254" ], "discovery": "2025-08-27T00:00:00Z", "references": { "cvename": [ "CVE-2025-58050" ] }, "vid": "b51a4121-9607-11f0-becf-00a098b42aeb" }, "details": "security-advisories@github.com reports:\n\n> The PCRE2 library is a set of C functions that implement regular\n> expression pattern matching. In version 10.45, a heap-buffer-overflow\n> read vulnerability exists in the PCRE2 regular expression matching\n> engine, specifically within the handling of the (\\*scs:\\...) (Scan\n> SubString) verb when combined with (\\*ACCEPT) in src/pcre2_match.c.\n> This vulnerability may potentially lead to information disclosure if\n> the out-of-bounds data read during the memcmp affects the final match\n> result in a way observable by the attacker.\n", "id": "FreeBSD-2025-0294", "modified": "2025-09-20T00:00:00Z", "published": "2025-09-20T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://github.com/PCRE2Project/pcre2/commit/a141712e5967d448c7ce13090ab530c8e3d82254" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2025-58050" }, { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-58050" } ], "schema_version": "1.7.0", "summary": "PCRE2: heap-buffer-overflow read in match_ref due to missing boundary restoration in SCS" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "expat2" }, "ranges": [ { "events": [ { "fixed": "2.7.2" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://nvd.nist.gov/vuln/detail/CVE-2025-59375" ], "discovery": "2025-09-17T00:00:00Z", "references": { "cvename": [ "CVE-2025-59375" ] }, "vid": "744966b3-93d8-11f0-b8da-589cfc10a551" }, "details": "expat security advisory:\n\n> libexpat allows attackers to trigger large dynamic memory allocations\n> via a small document that is submitted for parsing.\n", "id": "FreeBSD-2025-0293", "modified": "2025-09-17T00:00:00Z", "published": "2025-09-17T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-59375" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2025-59375" }, { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-59375" } ], "schema_version": "1.7.0", "summary": "expat -- dynamic memory allocations issue" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "jenkins" }, "ranges": [ { "events": [ { "fixed": "2.528" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "jenkins-lts" }, "ranges": [ { "events": [ { "fixed": "2.516.3" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://www.jenkins.io/security/advisory/2025-09-17/" ], "discovery": "2025-09-17T00:00:00Z", "references": { "cvename": [ "CVE-2025-5115", "CVE-2025-59474", "CVE-2025-59475", "CVE-2025-59476" ] }, "vid": "b9b668f0-96ec-4568-b618-2edea45d6933" }, "details": "Jenkins Security Advisory:\n\n> # Description\n>\n> ##### (High) SECURITY-3618 / CVE-2025-5115\n>\n> HTTP/2 denial of service vulnerability in bundled Jetty\n>\n> ##### (Medium) SECURITY-3594 / CVE-2025-59474\n>\n> Missing permission check allows obtaining agent names\n>\n> ##### (Medium) SECURITY-3625 / CVE-2025-59475\n>\n> Missing permission check in authenticated users\\' profile menu\n>\n> ##### (Medium) SECURITY-3424 / CVE-2025-59476\n>\n> Log message injection vulnerability\n", "id": "FreeBSD-2025-0292", "modified": "2025-09-17T00:00:00Z", "published": "2025-09-17T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://www.jenkins.io/security/advisory/2025-09-17/" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2025-5115" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2025-59474" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2025-59475" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2025-59476" }, { "type": "WEB", "url": "https://www.jenkins.io/security/advisory/2025-09-17/" } ], "schema_version": "1.7.0", "summary": "jenkins -- multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "unit-java" }, "ranges": [ { "events": [ { "fixed": "1.34.2" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://my.f5.com/manage/s/article/K000149959" ], "discovery": "2025-09-14T00:00:00Z", "references": { "cvename": [ "CVE-2025-1695" ] }, "vid": "f6ca7c47-9190-11f0-b8da-589cfc10a551" }, "details": "F5 reports:\n\n> When NGINX Unit with the Java Language Module is in use, undisclosed\n> requests can lead to an infinite loop and cause an increase in CPU\n> resource utilization.\n", "id": "FreeBSD-2025-0291", "modified": "2025-09-14T00:00:00Z", "published": "2025-09-14T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://my.f5.com/manage/s/article/K000149959" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2025-1695" }, { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-1695" } ], "schema_version": "1.7.0", "summary": "unit-java -- security vulnerability" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "cups" }, "ranges": [ { "events": [ { "fixed": "2.4.13" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://github.com/OpenPrinting/cups/security/advisories/GHSA-4c68-qgrh-rmmq", "https://github.com/OpenPrinting/cups/security/advisories/GHSA-7qx3-r744-6qv4" ], "discovery": "2025-09-11T00:00:00Z", "references": { "cvename": [ "CVE-2025-58060", "CVE-2025-58364" ] }, "vid": "3aee6703-8ff6-11f0-b8da-589cfc10a551" }, "details": "OpenPrinting reports:\n\n> When the AuthType is set to anything but Basic, if the request\n> contains an Authorization: Basic \\... header, the password is not\n> checked.\n\n> An unsafe deserialization and validation of printer attributes, causes\n> null dereference in libcups library.\n", "id": "FreeBSD-2025-0290", "modified": "2025-09-16T00:00:00Z", "published": "2025-09-12T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://github.com/OpenPrinting/cups/security/advisories/GHSA-4c68-qgrh-rmmq" }, { "type": "REPORT", "url": "https://github.com/OpenPrinting/cups/security/advisories/GHSA-7qx3-r744-6qv4" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2025-58060" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2025-58364" }, { "type": "WEB", "url": "https://github.com/OpenPrinting/cups/security/advisories/GHSA-4c68-qgrh-rmmq" }, { "type": "WEB", "url": "https://github.com/OpenPrinting/cups/security/advisories/GHSA-7qx3-r744-6qv4" } ], "schema_version": "1.7.0", "summary": "cups -- security vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "chromium" }, "ranges": [ { "events": [ { "fixed": "140.0.7339.127" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "ungoogled-chromium" }, "ranges": [ { "events": [ { "fixed": "140.0.7339.127" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://chromereleases.googleblog.com/2025/09/stable-channel-update-for-desktop_9.html" ], "discovery": "2025-09-09T00:00:00Z", "references": { "cvename": [ "CVE-2025-10200", "CVE-2025-10201" ] }, "vid": "f50640fa-89a4-4795-a302-47b0dea8cee5" }, "details": "Chrome Releases reports:\n\n> This update includes 2 security fixes:\n>\n> - \\[440454442\\] Critical CVE-2025-10200: Use after free in\n> Serviceworker. Reported by Looben Yang on 2025-08-22\n> - \\[439305148\\] High CVE-2025-10201: Inappropriate implementation in\n> Mojo. Reported by Sahan Fernando & Anon on 2025-08-18\n", "id": "FreeBSD-2025-0289", "modified": "2025-09-11T00:00:00Z", "published": "2025-09-11T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://chromereleases.googleblog.com/2025/09/stable-channel-update-for-desktop_9.html" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2025-10200" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2025-10201" }, { "type": "WEB", "url": "https://chromereleases.googleblog.com/2025/09/stable-channel-update-for-desktop_9.html" } ], "schema_version": "1.7.0", "summary": "chromium -- multiple security fixes" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "gitlab-ce" }, "ranges": [ { "events": [ { "introduced": "18.3.0" }, { "fixed": "18.3.2" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "18.2.0" }, { "fixed": "18.2.6" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "7.8.0" }, { "fixed": "18.1.6" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "gitlab-ee" }, "ranges": [ { "events": [ { "introduced": "18.3.0" }, { "fixed": "18.3.2" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "18.2.0" }, { "fixed": "18.2.6" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "7.8.0" }, { "fixed": "18.1.6" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://about.gitlab.com/releases/2025/09/10/patch-release-gitlab-18-3-2-released/" ], "discovery": "2025-09-10T00:00:00Z", "references": { "cvename": [ "CVE-2025-2256", "CVE-2025-6454", "CVE-2025-1250", "CVE-2025-7337", "CVE-2025-10094", "CVE-2025-6769" ] }, "vid": "602fc0fa-8ece-11f0-9d03-2cf05da270f3" }, "details": "Gitlab reports:\n\n> Denial of Service issue in SAML Responses impacts GitLab CE/EE\n>\n> Server-Side Request Forgery issue in Webhook custom header impacts\n> GitLab CE/EE\n>\n> Denial of Service issue in User-Controllable Fields impacts GitLab\n> CE/EE\n>\n> Denial of Service issue in endpoint file upload impacts GitLab CE/EE\n>\n> Denial of Service issue in token listing operations impacts GitLab\n> CE/EE\n>\n> Information disclosure issue in runner endpoints impacts GitLab CE/EE\n", "id": "FreeBSD-2025-0288", "modified": "2025-09-11T00:00:00Z", "published": "2025-09-11T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://about.gitlab.com/releases/2025/09/10/patch-release-gitlab-18-3-2-released/" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2025-2256" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2025-6454" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2025-1250" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2025-7337" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2025-10094" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2025-6769" }, { "type": "WEB", "url": "https://about.gitlab.com/releases/2025/09/10/patch-release-gitlab-18-3-2-released/" } ], "schema_version": "1.7.0", "summary": "Gitlab -- Vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "chromium" }, "ranges": [ { "events": [ { "fixed": "140.0.7339.80" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "ungoogled-chromium" }, "ranges": [ { "events": [ { "fixed": "140.0.7339.80" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://chromereleases.googleblog.com/2025/09/stable-channel-update-for-desktop.html" ], "discovery": "2025-09-02T00:00:00Z", "references": { "cvename": [ "CVE-2025-9864", "CVE-2025-9865", "CVE-2025-9866", "CVE-2025-9867" ] }, "vid": "bda50cf1-8bcf-11f0-b3f7-a8a1599412c6" }, "details": "Chrome Releases reports:\n\n> This update includes 6 security fixes:\n>\n> - \\[434513380\\] High CVE-2025-9864: Use after free in V8. Reported by\n> Pavel Kuzmin of Yandex Security Team on 2025-07-28\n> - \\[437147699\\] Medium CVE-2025-9865: Inappropriate implementation in\n> Toolbar. Reported by Khalil Zhani on 2025-08-07\n> - \\[379337758\\] Medium CVE-2025-9866: Inappropriate implementation in\n> Extensions. Reported by NDevTK on 2024-11-16\n> - \\[415496161\\] Medium CVE-2025-9867: Inappropriate implementation in\n> Downloads. Reported by Farras Givari on 2025-05-04\n", "id": "FreeBSD-2025-0287", "modified": "2025-09-07T00:00:00Z", "published": "2025-09-07T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://chromereleases.googleblog.com/2025/09/stable-channel-update-for-desktop.html" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2025-9864" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2025-9865" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2025-9866" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2025-9867" }, { "type": "WEB", "url": "https://chromereleases.googleblog.com/2025/09/stable-channel-update-for-desktop.html" } ], "schema_version": "1.7.0", "summary": "chromium -- multiple security fixes" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "exiv2" }, "ranges": [ { "events": [ { "fixed": "0.28.6" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://github.com/Exiv2/exiv2/security/advisories/GHSA-m54q-mm9w-fp6g" ], "discovery": "2025-08-29T00:00:00Z", "references": { "cvename": [ "CVE-2025-55304" ] }, "vid": "340dc4c1-895a-11f0-b6e5-4ccc6adda413" }, "details": "Kevin Backhouse reports:\n\n> A denial-of-service was found in Exiv2 version v0.28.5: a quadratic\n> algorithm in the ICC profile parsing code in jpegBase::readMetadata()\n> can cause Exiv2 to run for a long time. Exiv2 is a command-line\n> utility and C++ library for reading, writing, deleting, and modifying\n> the metadata of image files. The denial-of-service is triggered when\n> Exiv2 is used to read the metadata of a crafted jpg image file.\n", "id": "FreeBSD-2025-0286", "modified": "2025-09-04T00:00:00Z", "published": "2025-09-04T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://github.com/Exiv2/exiv2/security/advisories/GHSA-m54q-mm9w-fp6g" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2025-55304" }, { "type": "WEB", "url": "https://github.com/Exiv2/exiv2/security/advisories/GHSA-m54q-mm9w-fp6g" } ], "schema_version": "1.7.0", "summary": "exiv2 -- Denial-of-service" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "exiv2" }, "ranges": [ { "events": [ { "fixed": "0.28.6" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://github.com/Exiv2/exiv2/security/advisories/GHSA-496f-x7cq-cq39" ], "discovery": "2025-08-29T00:00:00Z", "references": { "cvename": [ "CVE-2025-54080" ] }, "vid": "84a77710-8958-11f0-b6e5-4ccc6adda413" }, "details": "Kevin Backhouse reports:\n\n> An out-of-bounds read was found in Exiv2 versions v0.28.5 and earlier.\n> Exiv2 is a command-line utility and C++ library for reading, writing,\n> deleting, and modifying the metadata of image files. The out-of-bounds\n> read is triggered when Exiv2 is used to write metadata into a crafted\n> image file. An attacker could potentially exploit the vulnerability to\n> cause a denial of service by crashing Exiv2, if they can trick the\n> victim into running Exiv2 on a crafted image file.\n>\n> Note that this bug is only triggered when writing the metadata, which\n> is a less frequently used Exiv2 operation than reading the metadata.\n> For example, to trigger the bug in the Exiv2 command-line application,\n> you need to add an extra command-line argument such as delete.\n", "id": "FreeBSD-2025-0285", "modified": "2025-09-04T00:00:00Z", "published": "2025-09-04T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://github.com/Exiv2/exiv2/security/advisories/GHSA-496f-x7cq-cq39" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2025-54080" }, { "type": "WEB", "url": "https://github.com/Exiv2/exiv2/security/advisories/GHSA-496f-x7cq-cq39" } ], "schema_version": "1.7.0", "summary": "exiv2 -- Out-of-bounds read in Exiv2::EpsImage::writeMetadata()" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "py39-django42" }, "ranges": [ { "events": [ { "fixed": "4.2.24" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "py310-django42" }, "ranges": [ { "events": [ { "fixed": "4.2.24" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "py311-django42" }, "ranges": [ { "events": [ { "fixed": "4.2.24" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "py310-django51" }, "ranges": [ { "events": [ { "fixed": "5.1.12" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "py311-django51" }, "ranges": [ { "events": [ { "fixed": "5.1.12" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "py310-django52" }, "ranges": [ { "events": [ { "fixed": "5.2.6" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "py311-django52" }, "ranges": [ { "events": [ { "fixed": "5.2.6" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://www.djangoproject.com/weblog/2025/sep/03/security-releases/" ], "discovery": "2025-09-01T00:00:00Z", "references": { "cvename": [ "CVE-2025-57833" ] }, "vid": "0db8684f-8938-11f0-8325-bc2411f8eb0b" }, "details": "Django reports:\n\n> CVE-2025-57833: Potential SQL injection in FilteredRelation column\n> aliases.\n", "id": "FreeBSD-2025-0284", "modified": "2025-09-04T00:00:00Z", "published": "2025-09-04T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://www.djangoproject.com/weblog/2025/sep/03/security-releases/" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2025-57833" }, { "type": "WEB", "url": "https://www.djangoproject.com/weblog/2025/sep/03/security-releases/" } ], "schema_version": "1.7.0", "summary": "Django -- multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "shibboleth-sp" }, "ranges": [ { "events": [ { "fixed": "3.5.1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://shibboleth.net/community/advisories/secadv_20250903.txt" ], "discovery": "2025-09-03T00:00:00Z", "vid": "9f9b0b37-88fa-11f0-90a2-6cc21735f730" }, "details": "Internet2 reports:\n\n> The Shibboleth Service Provider includes a storage API usable for a\n> number of different use cases such as the session cache, replay cache,\n> and relay state management. An ODBC extension plugin is provided with\n> some distributions of the software (notably on Windows).\n>\n> A SQL injection vulnerability was identified in some of the queries\n> issued by the plugin, and this can be creatively exploited through\n> specially crafted inputs to exfiltrate information stored in the\n> database used by the SP.\n", "id": "FreeBSD-2025-0283", "modified": "2025-09-03T00:00:00Z", "published": "2025-09-03T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://shibboleth.net/community/advisories/secadv_20250903.txt" }, { "type": "WEB", "url": "https://shibboleth.net/community/advisories/secadv_20250903.txt" } ], "schema_version": "1.7.0", "summary": "Shibboleth Service Provider -- SQL injection vulnerability in ODBC plugin" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "linux-vieb" }, "ranges": [ { "events": [ { "fixed": "12.4.0" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://github.com/Jelmerro/Vieb/security/advisories/GHSA-h2fq-667q-7gpm" ], "discovery": "2025-07-31T00:00:00Z", "vid": "aaa060af-88d6-11f0-a294-b0416f0c4c67" }, "details": "Zhengyu Liu, Jianjia Yu, Jelmer van Arnhem report:\n\n> We discovered a remote code execution (RCE) vulnerability in the\n> latest release of the Vieb browser (v12.3.0). By luring a user to\n> visit a malicious website, an attacker can achieve arbitrary code\n> execution on the victim's machine.\n", "id": "FreeBSD-2025-0282", "modified": "2025-09-03T00:00:00Z", "published": "2025-09-03T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://github.com/Jelmerro/Vieb/security/advisories/GHSA-h2fq-667q-7gpm" }, { "type": "WEB", "url": "https://github.com/Jelmerro/Vieb/security/advisories/GHSA-h2fq-667q-7gpm" } ], "schema_version": "1.7.0", "summary": "Vieb -- Remote Code Execution via Visiting Untrusted URLs" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "gitlab-ce" }, "ranges": [ { "events": [ { "introduced": "18.3.0" }, { "fixed": "18.3.1" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "18.2.0" }, { "fixed": "18.2.5" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "8.15.0" }, { "fixed": "18.1.5" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "gitlab-ee" }, "ranges": [ { "events": [ { "introduced": "18.3.0" }, { "fixed": "18.3.1" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "18.2.0" }, { "fixed": "18.2.5" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "8.15.0" }, { "fixed": "18.1.5" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://about.gitlab.com/releases/2025/08/27/patch-release-gitlab-18-3-1-released/" ], "discovery": "2025-08-27T00:00:00Z", "references": { "cvename": [ "CVE-2025-3601", "CVE-2025-2246", "CVE-2025-4225", "CVE-2025-5101" ] }, "vid": "d7b7e505-8486-11f0-9d03-2cf05da270f3" }, "details": "Gitlab reports:\n\n> Allocation of Resources Without Limits issue in import function\n> impacts GitLab CE/EE\n>\n> Missing authentication issue in GraphQL endpoint impacts GitLab CE/EE\n>\n> Allocation of Resources Without Limits issue in GraphQL impacts GitLab\n> CE/EE\n>\n> Code injection issue in GitLab repositories impacts GitLab CE/EE\n", "id": "FreeBSD-2025-0281", "modified": "2025-08-29T00:00:00Z", "published": "2025-08-29T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://about.gitlab.com/releases/2025/08/27/patch-release-gitlab-18-3-1-released/" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2025-3601" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2025-2246" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2025-4225" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2025-5101" }, { "type": "WEB", "url": "https://about.gitlab.com/releases/2025/08/27/patch-release-gitlab-18-3-1-released/" } ], "schema_version": "1.7.0", "summary": "Gitlab -- vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "kea" }, "ranges": [ { "events": [ { "introduced": "3.0.0" }, { "fixed": "3.0.1" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "kea-devel" }, "ranges": [ { "events": [ { "introduced": "3.1.0" }, { "fixed": "3.1.1" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "2.7.1" }, { "last_affected": "2.7.9" }, { "fixed": "2.7.9" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://kb.isc.org/docs/" ], "discovery": "2025-08-27T00:00:00Z", "references": { "cvename": [ "CVE-2025-40779" ] }, "vid": "f727fe60-8389-11f0-8438-001b217e4ee5" }, "details": "Internet Systems Consortium, Inc. reports:\n\n> We corrected an issue in \\`kea-dhcp4\\` that caused the server to abort\n> if a client sent a broadcast request with particular options, and Kea\n> failed to find an appropriate subnet for that client. This addresses\n> CVE-2025-40779 \\[#4055, #4048\\].\n", "id": "FreeBSD-2025-0280", "modified": "2025-08-27T00:00:00Z", "published": "2025-08-27T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://kb.isc.org/docs/" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2025-40779" } ], "schema_version": "1.7.0", "summary": "ISC KEA -- kea-dhcp4 aborts if client sends a broadcast request with particular options" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "qt6-base" }, "ranges": [ { "events": [ { "fixed": "6.9.2" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://www.qt.io/blog/security-advisory-recently-reported-denial-of-service-issue-in-qcolortransfergenericfunction-impacts-qt" ], "discovery": "2025-07-11T00:00:00Z", "references": { "cvename": [ "CVE-2025-5992" ] }, "vid": "2a11aa1e-83c7-11f0-b6e5-4ccc6adda413" }, "details": "Andy Shaw reports:\n\n> When passing values outside of the expected range to\n> QColorTransferGenericFunction it can cause a denial of service, for\n> example, this can happen when passing a specifically crafted ICC\n> profile to QColorSpace::fromICCProfile.\n", "id": "FreeBSD-2025-0279", "modified": "2025-08-28T00:00:00Z", "published": "2025-08-28T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://www.qt.io/blog/security-advisory-recently-reported-denial-of-service-issue-in-qcolortransfergenericfunction-impacts-qt" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2025-5992" }, { "type": "WEB", "url": "https://www.qt.io/blog/security-advisory-recently-reported-denial-of-service-issue-in-qcolortransfergenericfunction-impacts-qt" } ], "schema_version": "1.7.0", "summary": "qt6-base -- DoS in QColorTransferGenericFunction" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "qt6-pdf" }, "ranges": [ { "events": [ { "fixed": "6.9.2" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "qt6-webengine" }, "ranges": [ { "events": [ { "fixed": "6.9.2" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://code.qt.io/cgit/qt/qtwebengine-chromium.git/log/?h=130-based" ], "discovery": "2025-05-27T00:00:00Z", "references": { "cvename": [ "CVE-2025-5063", "CVE-2025-5064", "CVE-2025-5065", "CVE-2025-5068", "CVE-2025-5280", "CVE-2025-5281", "CVE-2025-5283", "CVE-2025-5419", "CVE-2025-6191", "CVE-2025-6192", "CVE-2025-6554", "CVE-2025-6556", "CVE-2025-6557", "CVE-2025-6558", "CVE-2025-7656", "CVE-2025-7657", "CVE-2025-8010", "CVE-2025-8576", "CVE-2025-8578", "CVE-2025-8580", "CVE-2025-8582", "CVE-2025-8879", "CVE-2025-8880", "CVE-2025-8881", "CVE-2025-8901" ] }, "vid": "edf83c10-83b8-11f0-b6e5-4ccc6adda413" }, "details": "Qt qtwebengine-chromium repo reports:\n\n> Backports for 25 security bugs in Chromium:\n>\n> - CVE-2025-5063: Use after free in Compositing\n> - CVE-2025-5064: Inappropriate implementation in Background Fetch\n> - CVE-2025-5065: Inappropriate implementation in FileSystemAccess API\n> - CVE-2025-5068: Use after free in Blink\n> - CVE-2025-5280: Out of bounds write in V8\n> - CVE-2025-5281: Inappropriate implementation in BFCache\n> - CVE-2025-5283: Use after free in libvpx\n> - CVE-2025-5419: Out of bounds read and write in V8\n> - CVE-2025-6191: Integer overflow in V8\n> - CVE-2025-6192: Use after free in Profiler\n> - CVE-2025-6554: Type Confusion in V8\n> - CVE-2025-6556: Insufficient policy enforcement in Loader\n> - CVE-2025-6557: Insufficient data validation in DevTools\n> - CVE-2025-6558: Incorrect validation of untrusted input in ANGLE and\n> GPU\n> - CVE-2025-7656: Integer overflow in V8\n> - CVE-2025-7657: Use after free in WebRTC\n> - CVE-2025-8010: Type Confusion in V8\n> - CVE-2025-8576: Use after free in Extensions\n> - CVE-2025-8578: Use after free in Cast\n> - CVE-2025-8580: Inappropriate implementation in Filesystems\n> - CVE-2025-8582: Insufficient validation of untrusted input in DOM\n> - CVE-2025-8879: Heap buffer overflow in libaom\n> - CVE-2025-8880: Race in V8\n> - CVE-2025-8881: Inappropriate implementation in File Picker\n> - CVE-2025-8901: Out of bounds write in ANGLE\n", "id": "FreeBSD-2025-0278", "modified": "2025-08-28T00:00:00Z", "published": "2025-08-28T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://code.qt.io/cgit/qt/qtwebengine-chromium.git/log/?h=130-based" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2025-5063" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2025-5064" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2025-5065" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2025-5068" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2025-5280" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2025-5281" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2025-5283" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2025-5419" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2025-6191" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2025-6192" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2025-6554" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2025-6556" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2025-6557" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2025-6558" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2025-7656" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2025-7657" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2025-8010" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2025-8576" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2025-8578" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2025-8580" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2025-8582" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2025-8879" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2025-8880" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2025-8881" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2025-8901" }, { "type": "WEB", "url": "https://code.qt.io/cgit/qt/qtwebengine-chromium.git/log/?h=130-based" } ], "schema_version": "1.7.0", "summary": "qt6-webengine -- Multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "sqlite3" }, "ranges": [ { "events": [ { "fixed": "3.49.1,1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "linux_base-rl9-9.6" }, "ranges": [ { "events": [ { "fixed": "9.6" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "linux-c7-sqlite" }, "ranges": [ { "events": [ { "fixed": "3.7.17_2" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://gist.github.com/ylwango613/d3883fb9f6ba8a78086356779ce88248" ], "discovery": "2025-04-10T00:00:00Z", "references": { "cvename": [ "CVE-2025-29088" ] }, "vid": "6989312e-8366-11f0-9bc6-b42e991fc52e" }, "details": "cve@mitre.org reports:\n\n> In SQLite 3.49.0 before 3.49.1, certain argument values to\n> sqlite3_db_config (in the C-language API) can cause a denial of\n> service (application crash). An sz\\*nBig multiplication is not cast to\n> a 64-bit integer, and consequently some memory allocations may be\n> incorrect.\n", "id": "FreeBSD-2025-0277", "modified": "2025-08-27T00:00:00Z", "published": "2025-08-27T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://gist.github.com/ylwango613/d3883fb9f6ba8a78086356779ce88248" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2025-29088" }, { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-29088" } ], "schema_version": "1.7.0", "summary": "SQLite -- application crash" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "p5-Catalyst-Authentication-Credential-HTTP" }, "ranges": [ { "events": [ { "fixed": "1.019" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://nvd.nist.gov/vuln/detail/CVE-2025-40920" ], "discovery": "2025-08-11T00:00:00Z", "references": { "cvename": [ "CVE-2025-40920" ] }, "vid": "c323bab5-80dd-11f0-97c4-40b034429ecf" }, "details": "perl-catalyst project reports:\n\n> Catalyst::Authentication::Credential::HTTP versions 1.018 and earlier\n> for Perl generate nonces using the Perl Data::UUID library. \\*\n> Data::UUID does not use a strong cryptographic source for generating\n> UUIDs.\\* Data::UUID returns v3 UUIDs, which are generated from known\n> information and are unsuitable for security, as per RFC 9562. \\* The\n> nonces should be generated from a strong cryptographic source, as per\n> RFC 7616.\n", "id": "FreeBSD-2025-0276", "modified": "2025-08-24T00:00:00Z", "published": "2025-08-24T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-40920" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2025-40920" }, { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-40920" } ], "schema_version": "1.7.0", "summary": "p5-Catalyst-Authentication-Credential-HTTP -- Insecure source of randomness" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "firefox" }, "ranges": [ { "events": [ { "fixed": "142,2" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "thunderbird" }, "ranges": [ { "events": [ { "fixed": "142" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://bugzilla.mozilla.org/buglist.cgi?bug_id=1825621%2C1970079%2C1976736%2C1979072" ], "discovery": "2025-08-19T00:00:00Z", "references": { "cvename": [ "CVE-2025-9187" ] }, "vid": "07335fb9-7eb1-11f0-ba14-b42e991fc52e" }, "details": "security@mozilla.org reports:\n\n> Memory safety bugs present in Firefox 141 and Thunderbird 141. Some of\n> these bugs showed evidence of memory corruption and we presume that\n> with enough effort some of these could have been exploited to run\n> arbitrary code.\n", "id": "FreeBSD-2025-0275", "modified": "2025-08-21T00:00:00Z", "published": "2025-08-21T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://bugzilla.mozilla.org/buglist.cgi?bug_id=1825621%2C1970079%2C1976736%2C1979072" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2025-9187" }, { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-9187" } ], "schema_version": "1.7.0", "summary": "Mozilla -- memory safety bugs" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "firefox" }, "ranges": [ { "events": [ { "fixed": "142,2" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "firefox-esr" }, "ranges": [ { "events": [ { "fixed": "128.14" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "thunderbird" }, "ranges": [ { "events": [ { "fixed": "140.2" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://bugzilla.mozilla.org/buglist.cgi?bug_id=1970154%2C1976782%2C1977166" ], "discovery": "2025-08-19T00:00:00Z", "references": { "cvename": [ "CVE-2025-9184", "CVE-2025-9185" ] }, "vid": "feb359ef-7eb0-11f0-ba14-b42e991fc52e" }, "details": "security@mozilla.org reports:\n\n> Memory safety bugs present in Firefox ESR 115.26, Firefox ESR 128.13,\n> Thunderbird ESR 128.13, Firefox ESR 140.1, Thunderbird ESR 140.1,\n> Firefox 141 and Thunderbird 141. Some of these bugs showed evidence of\n> memory corruption and we presume that with enough effort some of these\n> could have been exploited to run arbitrary code.\n", "id": "FreeBSD-2025-0274", "modified": "2025-08-21T00:00:00Z", "published": "2025-08-21T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://bugzilla.mozilla.org/buglist.cgi?bug_id=1970154%2C1976782%2C1977166" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2025-9184" }, { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-9184" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2025-9185" }, { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-9185" } ], "schema_version": "1.7.0", "summary": "Mozilla -- memory safety bugs" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "firefox" }, "ranges": [ { "events": [ { "fixed": "142,2" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "firefox-esr" }, "ranges": [ { "events": [ { "fixed": "140.2" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://bugzilla.mozilla.org/show_bug.cgi?id=1976102" ], "discovery": "2025-08-19T00:00:00Z", "references": { "cvename": [ "CVE-2025-9183" ] }, "vid": "fa7fd6d4-7eb0-11f0-ba14-b42e991fc52e" }, "details": "security@mozilla.org reports:\n\n> Spoofing issue in the Address Bar component.\n", "id": "FreeBSD-2025-0273", "modified": "2025-08-21T00:00:00Z", "published": "2025-08-21T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1976102" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2025-9183" }, { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-9183" } ], "schema_version": "1.7.0", "summary": "Firefox -- Spoofing in the Address Bar" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "firefox" }, "ranges": [ { "events": [ { "fixed": "142,2" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "firefox-esr" }, "ranges": [ { "events": [ { "fixed": "140.2" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "thunderbird" }, "ranges": [ { "events": [ { "fixed": "142" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://bugzilla.mozilla.org/show_bug.cgi?id=1975837" ], "discovery": "2025-08-19T00:00:00Z", "references": { "cvename": [ "CVE-2025-9182" ] }, "vid": "f994cea5-7eb0-11f0-ba14-b42e991fc52e" }, "details": "security@mozilla.org reports:\n\n> \\'Denial-of-service due to out-of-memory in the Graphics: WebRender\n> component.\\'\n", "id": "FreeBSD-2025-0272", "modified": "2025-08-21T00:00:00Z", "published": "2025-08-21T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1975837" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2025-9182" }, { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-9182" } ], "schema_version": "1.7.0", "summary": "Mozilla -- DoS in WebRender" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "firefox" }, "ranges": [ { "events": [ { "fixed": "142,2" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "firefox-esr" }, "ranges": [ { "events": [ { "fixed": "140.2" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "thunderbird" }, "ranges": [ { "events": [ { "fixed": "140.2" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://bugzilla.mozilla.org/show_bug.cgi?id=1977130" ], "discovery": "2025-08-19T00:00:00Z", "references": { "cvename": [ "CVE-2025-9181" ] }, "vid": "f7e8e9a3-7eb0-11f0-ba14-b42e991fc52e" }, "details": "security@mozilla.org reports:\n\n> Uninitialized memory in the JavaScript Engine component.\n", "id": "FreeBSD-2025-0271", "modified": "2025-08-21T00:00:00Z", "published": "2025-08-21T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1977130" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2025-9181" }, { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-9181" } ], "schema_version": "1.7.0", "summary": "Mozilla -- Uninitialized memory" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "firefox" }, "ranges": [ { "events": [ { "fixed": "142,2" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "firefox-esr" }, "ranges": [ { "events": [ { "fixed": "140.2" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "thunderbird" }, "ranges": [ { "events": [ { "fixed": "142" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://bugzilla.mozilla.org/show_bug.cgi?id=1979782" ], "discovery": "2025-08-19T00:00:00Z", "references": { "cvename": [ "CVE-2025-9180" ] }, "vid": "f6219d24-7eb0-11f0-ba14-b42e991fc52e" }, "details": "security@mozilla.org reports:\n\n> \\'Same-origin policy bypass in the Graphics: Canvas2D component.\\'\n", "id": "FreeBSD-2025-0270", "modified": "2025-08-21T00:00:00Z", "published": "2025-08-21T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1979782" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2025-9180" }, { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-9180" } ], "schema_version": "1.7.0", "summary": "Mozilla -- Same-origin policy bypass" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "firefox" }, "ranges": [ { "events": [ { "fixed": "142,2" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "firefox-esr" }, "ranges": [ { "events": [ { "fixed": "140.2" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "thunderbird" }, "ranges": [ { "events": [ { "fixed": "140.2" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://bugzilla.mozilla.org/show_bug.cgi?id=1979527" ], "discovery": "2025-08-19T00:00:00Z", "references": { "cvename": [ "CVE-2025-9179" ] }, "vid": "f42ee983-7eb0-11f0-ba14-b42e991fc52e" }, "details": "security@mozilla.org reports:\n\n> An attacker was able to perform memory corruption in the GMP process\n> which processes encrypted media. This process is also heavily\n> sandboxed, but represents slightly different privileges from the\n> content process.\n", "id": "FreeBSD-2025-0269", "modified": "2025-08-21T00:00:00Z", "published": "2025-08-21T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1979527" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2025-9179" }, { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-9179" } ], "schema_version": "1.7.0", "summary": "Mozilla -- memory corruption in GMP" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "nginx-devel" }, "ranges": [ { "events": [ { "fixed": "1.29.1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://my.f5.com/manage/s/article/K000152786" ], "discovery": "2025-08-13T00:00:00Z", "references": { "cvename": [ "CVE-2025-53859" ] }, "vid": "eb03714d-79f0-11f0-b4c1-ac5afc632ba3" }, "details": "F5 reports:\n\n> NGINX Open Source and NGINX Plus have a vulnerability in the\n> ngx_mail_smtp_module that might allow an unauthenticated attacker to\n> over-read NGINX SMTP authentication process memory; as a result, the\n> server side may leak arbitrary bytes sent in a request to the\n> authentication server. This issue happens during the NGINX SMTP\n> authentication process and requires the attacker to make preparations\n> against the target system to extract the leaked data. The issue\n> affects NGINX only if (1) it is built with the ngx_mail_smtp_module,\n> (2) the smtp_auth directive is configured with method \\\"none,\\\" and\n> (3) the authentication server returns the \\\"Auth-Wait\\\" response\n> header.\n", "id": "FreeBSD-2025-0268", "modified": "2025-08-15T00:00:00Z", "published": "2025-08-15T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://my.f5.com/manage/s/article/K000152786" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2025-53859" }, { "type": "WEB", "url": "https://www.cve.org/CVERecord?id=CVE-2025-53859" } ], "schema_version": "1.7.0", "summary": "nginx -- worker process memory disclosure" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "chromium" }, "ranges": [ { "events": [ { "fixed": "139.0.7258.127" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "ungoogled-chromium" }, "ranges": [ { "events": [ { "fixed": "139.0.7258.127" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://chromereleases.googleblog.com/2025/08/stable-channel-update-for-desktop_12.html" ], "discovery": "2025-08-12T00:00:00Z", "references": { "cvename": [ "CVE-2025-8579", "CVE-2025-8580", "CVE-2025-8901", "CVE-2025-8881", "CVE-2025-8882" ] }, "vid": "a60e73e0-7942-11f0-b3f7-a8a1599412c6" }, "details": "Chrome Releases reports:\n\n> This update includes 6 security fixes:\n>\n> - \\[432035817\\] High CVE-2025-8879: Heap buffer overflow in libaom.\n> Reported by Anonymous on 2025-07-15\n> - \\[433533359\\] High CVE-2025-8880: Race in V8. Reported by Seunghyun\n> Lee (@0x10n) on 2025-07-23\n> - \\[435139154\\] High CVE-2025-8901: Out of bounds write in ANGLE.\n> Reported by Google Big Sleep on 2025-07-30\n> - \\[433800617\\] Medium CVE-2025-8881: Inappropriate implementation in\n> File Picker. Reported by Alesandro Ortiz on 2025-07-23\n> - \\[435623339\\] Medium CVE-2025-8882: Use after free in Aura. Reported\n> by Umar Farooq on 2025-08-01\n", "id": "FreeBSD-2025-0267", "modified": "2025-08-14T00:00:00Z", "published": "2025-08-14T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://chromereleases.googleblog.com/2025/08/stable-channel-update-for-desktop_12.html" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2025-8579" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2025-8580" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2025-8901" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2025-8881" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2025-8882" }, { "type": "WEB", "url": "https://chromereleases.googleblog.com/2025/08/stable-channel-update-for-desktop_12.html" } ], "schema_version": "1.7.0", "summary": "chromium -- multiple security fixes" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "postgresql17-server" }, "ranges": [ { "events": [ { "fixed": "17.6" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "postgresql16-server" }, "ranges": [ { "events": [ { "fixed": "16.10" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "postgresql15-server" }, "ranges": [ { "events": [ { "fixed": "14.14" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "postgresql14-server" }, "ranges": [ { "events": [ { "fixed": "14.19" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "postgresql13-server" }, "ranges": [ { "events": [ { "fixed": "13.22" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://www.postgresql.org/about/news/postgresql-176-1610-1514-1419-1322-and-18-beta-3-released-3118/" ], "discovery": "2025-08-11T00:00:00Z", "references": { "cvename": [ "CVE-2025-8713", "CVE-2025-8714", "CVE-2025-8715" ] }, "vid": "fc048b51-7909-11f0-90a2-6cc21735f730" }, "details": "PostgreSQL project reports:\n\n> Tighten security checks in planner estimation functions.\n>\n> Prevent pg_dump scripts from being used to attack the user running the\n> restore.\n>\n> Convert newlines to spaces in names included in comments in pg_dump\n> output.\n", "id": "FreeBSD-2025-0266", "modified": "2025-08-14T00:00:00Z", "published": "2025-08-14T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://www.postgresql.org/about/news/postgresql-176-1610-1514-1419-1322-and-18-beta-3-released-3118/" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2025-8713" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2025-8714" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2025-8715" }, { "type": "WEB", "url": "https://www.postgresql.org/about/news/postgresql-176-1610-1514-1419-1322-and-18-beta-3-released-3118/" } ], "schema_version": "1.7.0", "summary": "PostgreSQL -- vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "gitlab-ce" }, "ranges": [ { "events": [ { "introduced": "18.2.0" }, { "fixed": "18.2.2" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "18.1.0" }, { "fixed": "18.1.4" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "8.14.0" }, { "fixed": "18.0.6" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "gitlab-ee" }, "ranges": [ { "events": [ { "introduced": "18.2.0" }, { "fixed": "18.2.2" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "18.1.0" }, { "fixed": "18.1.4" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "8.14.0" }, { "fixed": "18.0.6" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://about.gitlab.com/releases/2025/08/13/patch-release-gitlab-18-2-2-released/" ], "discovery": "2025-08-13T00:00:00Z", "references": { "cvename": [ "CVE-2025-7734", "CVE-2025-7739", "CVE-2025-6186", "CVE-2025-8094", "CVE-2024-12303", "CVE-2025-2614", "CVE-2024-10219", "CVE-2025-8770", "CVE-2025-2937", "CVE-2025-1477", "CVE-2025-5819", "CVE-2025-2498" ] }, "vid": "7bfe6f39-78be-11f0-9d03-2cf05da270f3" }, "details": "Gitlab reports:\n\n> Cross-site scripting issue in blob viewer impacts GitLab CE/EE\n>\n> Cross-site scripting issue in labels impacts GitLab CE/EE\n>\n> Cross-site scripting issue in Workitem impacts GitLab CE/EE\n>\n> Improper Handling of Permissions issue in project API impacts GitLab\n> CE/EE\n>\n> Incorrect Privilege Assignment issue in delete issues operation\n> impacts GitLab CE/EE\n>\n> Allocation of Resources Without Limits issue in release name creation\n> impacts GitLab CE/EE\n>\n> Incorrect Authorization issue in jobs API impacts GitLab CE/EE\n>\n> Authorization issue in Merge request approval policy impacts GitLab EE\n>\n> Inefficient Regular Expression Complexity issue in wiki impacts GitLab\n> CE/EE\n>\n> Allocation of Resources Without Limits issue in Mattermost integration\n> impacts GitLab CE/EE\n>\n> Incorrect Permission Assignment issue in ID token impacts GitLab CE/EE\n>\n> Insufficient Access Control issue in IP Restriction impacts GitLab EE\n", "id": "FreeBSD-2025-0265", "modified": "2025-08-14T00:00:00Z", "published": "2025-08-14T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://about.gitlab.com/releases/2025/08/13/patch-release-gitlab-18-2-2-released/" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2025-7734" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2025-7739" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2025-6186" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2025-8094" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-12303" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2025-2614" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-10219" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2025-8770" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2025-2937" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2025-1477" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2025-5819" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2025-2498" }, { "type": "WEB", "url": "https://about.gitlab.com/releases/2025/08/13/patch-release-gitlab-18-2-2-released/" } ], "schema_version": "1.7.0", "summary": "Gitlab -- vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "varnish7" }, "ranges": [ { "events": [ { "fixed": "7.7.2" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://varnish-cache.org/security/VSV00017.html#vsv00017" ], "discovery": "2025-08-13T00:00:00Z", "references": { "cvename": [ "CVE-2025-8671" ] }, "vid": "e2d49973-785a-11f0-a1c0-0050569f0b83" }, "details": "Varnish Development Team reports:\n\n> A denial of service attack can be performed on Varnish Cache servers\n> that have the HTTP/2 protocol turned on. An attacker can create a\n> large number of streams and immediately reset them without ever\n> reaching the maximum number of concurrent streams allowed for the\n> session, causing the Varnish server to consume unnecessary resources\n> processing requests for which the response will not be delivered.\n>\n> This attack is a variant of the HTTP/2 Rapid Reset Attack, which was\n> partially handled as VSV00013.\n", "id": "FreeBSD-2025-0264", "modified": "2025-08-13T00:00:00Z", "published": "2025-08-13T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://varnish-cache.org/security/VSV00017.html#vsv00017" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2025-8671" }, { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-8671" } ], "schema_version": "1.7.0", "summary": "www/varnish7 -- Denial of Service in HTTP/2" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "p5-Authen-SASL" }, "ranges": [ { "events": [ { "fixed": "2.1900" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://github.com/advisories/GHSA-496q-8ph2-c4fj" ], "discovery": "2025-07-16T00:00:00Z", "references": { "cvename": [ "CVE-2025-40918" ] }, "vid": "defe9a20-781e-11f0-97c4-40b034429ecf" }, "details": "p5-Authen-SASL project reports:\n\n> Authen::SASL::Perl::DIGEST_MD5 versions 2.04 through 2.1800 for Perl\n> generates the cnonce insecurely.\n>\n> The cnonce (client nonce) is generated from an MD5 hash of the PID,\n> the epoch time and the built-in rand function. The PID will come from\n> a small set of numbers, and the epoch time may be guessed, if it is\n> not leaked from the HTTP Date header. The built-in rand function is\n> unsuitable for cryptographic usage.\n>\n> According to RFC 2831, The cnonce-value is an opaque quoted string\n> value provided by the client and used by both client and server to\n> avoid chosen plaintext attacks, and to provide mutual authentication.\n> The security of the implementation depends on a good choice. It is\n> RECOMMENDED that it contain at least 64 bits of entropy.\n", "id": "FreeBSD-2025-0263", "modified": "2025-08-13T00:00:00Z", "published": "2025-08-13T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://github.com/advisories/GHSA-496q-8ph2-c4fj" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2025-40918" }, { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-40918" } ], "schema_version": "1.7.0", "summary": "p5-Authen-SASL -- Insecure source of randomness" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "chromium" }, "ranges": [ { "events": [ { "fixed": "139.0.7258.66" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "ungoogled-chromium" }, "ranges": [ { "events": [ { "fixed": "139.0.7258.66" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://chromereleases.googleblog.com/2025/08/stable-channel-update-for-desktop.html" ], "discovery": "2025-08-05T00:00:00Z", "references": { "cvename": [ "CVE-2025-8576", "CVE-2025-8577", "CVE-2025-8578", "CVE-2025-8579", "CVE-2025-8580", "CVE-2025-8581", "CVE-2025-8582", "CVE-2025-8583" ] }, "vid": "15fd1321-768a-11f0-b3f7-a8a1599412c6" }, "details": "Chrome Releases reports:\n\n> This update includes 12 security fixes:\n>\n> - \\[414760982\\] Medium CVE-2025-8576: Use after free in Extensions.\n> Reported by asnine on 2025-04-30\n> - \\[384050903\\] Medium CVE-2025-8577: Inappropriate implementation in\n> Picture In Picture. Reported by Umar Farooq on 2024-12-14\n> - \\[423387026\\] Medium CVE-2025-8578: Use after free in Cast. Reported\n> by Fayez on 2025-06-09\n> - \\[407791462\\] Low CVE-2025-8579: Inappropriate implementation in\n> Gemini Live in Chrome. Reported by Alesandro Ortiz on 2025-04-02\n> - \\[411544197\\] Low CVE-2025-8580: Inappropriate implementation in\n> Filesystems. Reported by Huuuuu on 2025-04-18\n> - \\[416942878\\] Low CVE-2025-8581: Inappropriate implementation in\n> Extensions. Reported by Vincent Dragnea on 2025-05-11\n> - \\[40089450\\] Low CVE-2025-8582: Insufficient validation of untrusted\n> input in DOM. Reported by Anonymous on 2017-10-31\n> - \\[373794472\\] Low CVE-2025-8583: Inappropriate implementation in\n> Permissions. Reported by Shaheen Fazim on 2024-10-16\n", "id": "FreeBSD-2025-0262", "modified": "2025-08-11T00:00:00Z", "published": "2025-08-11T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://chromereleases.googleblog.com/2025/08/stable-channel-update-for-desktop.html" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2025-8576" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2025-8577" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2025-8578" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2025-8579" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2025-8580" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2025-8581" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2025-8582" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2025-8583" }, { "type": "WEB", "url": "https://chromereleases.googleblog.com/2025/08/stable-channel-update-for-desktop.html" } ], "schema_version": "1.7.0", "summary": "chromium -- multiple security fixes" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "apache24" }, "ranges": [ { "events": [ { "introduced": "2.4.64" }, { "fixed": "2.4.65" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://downloads.apache.org/httpd/CHANGES_2.4.65" ], "discovery": "2025-07-23T00:00:00Z", "references": { "cvename": [ "CVE-2025-54090" ] }, "vid": "fb08d146-752a-11f0-952c-8447094a420f" }, "details": "The Apache httpd project reports:\n\n> \\'RewriteCond expr\\' always evaluates to true in 2.4.64.\n", "id": "FreeBSD-2025-0261", "modified": "2025-08-09T00:00:00Z", "published": "2025-08-09T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://downloads.apache.org/httpd/CHANGES_2.4.65" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2025-54090" }, { "type": "WEB", "url": "https://downloads.apache.org/httpd/CHANGES_2.4.65" } ], "schema_version": "1.7.0", "summary": "Apache httpd -- evaluation always true" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "FreeBSD" }, "ranges": [ { "events": [ { "introduced": "14.3" }, { "fixed": "14.3_2" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "14.2" }, { "fixed": "14.2_5" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "13.5" }, { "fixed": "13.5_3" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "discovery": "2025-08-08T00:00:00Z", "references": { "cvename": [ "CVE-2025-5914" ], "freebsdsa": [ "SA-25:07.libarchive" ] }, "vid": "66f35fd9-73f5-11f0-8e0e-002590c1f29c" }, "details": "# Problem Description:\n\nAn integer overflow in the archive_read_format_rar_seek_data() function\nmay lead to a double free problem.\n\n# Impact:\n\nExploiting a double free vulnerability can cause memory corruption. This\nin turn could enable a threat actor to execute arbitrary code. It might\nalso result in denial of service.\n", "id": "FreeBSD-2025-0260", "modified": "2025-08-08T00:00:00Z", "published": "2025-08-08T00:00:00Z", "references": [ { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2025-5914" }, { "type": "ADVISORY", "url": "https://www.freebsd.org/security/advisories/FreeBSD-SA-25:07.libarchive.asc" } ], "schema_version": "1.7.0", "summary": "FreeBSD -- Integer overflow in libarchive leading to double free" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "sqlite3" }, "ranges": [ { "events": [ { "fixed": "3.49.1,1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "linux-c7-sqlite" }, "ranges": [ { "events": [ { "fixed": "3.49.1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "linux_base-rl9" }, "ranges": [ { "events": [ { "fixed": "3.49.1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://sqlite.org/src/info/498e3f1cf57f164f" ], "discovery": "2025-04-14T00:00:00Z", "references": { "cvename": [ "CVE-2025-3277" ] }, "vid": "b945ce3f-6f9b-11f0-bd96-b42e991fc52e" }, "details": "cve-coordination@google.com reports:\n\n> An integer overflow can be triggered in SQLites \\`concat_ws()\\`\n> function. The resulting, truncated integer is then used to allocate a\n> buffer. When SQLite then writes the resulting string to the buffer, it\n> uses the original, untruncated size and thus a wild Heap Buffer\n> overflow of size \\~4GB can be triggered. This can result in arbitrary\n> code execution.\n", "id": "FreeBSD-2025-0259", "modified": "2025-08-02T00:00:00Z", "published": "2025-08-02T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://sqlite.org/src/info/498e3f1cf57f164f" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2025-3277" }, { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-3277" } ], "schema_version": "1.7.0", "summary": "sqlite -- integer overflow" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "navidrome" }, "ranges": [ { "events": [ { "fixed": "0.56.0" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://github.com/navidrome/navidrome/security/advisories/GHSA-f238-rggp-82m3" ], "discovery": "2025-05-29T00:00:00Z", "references": { "cvename": [ "CVE-2025-48948" ] }, "vid": "95480188-6ebc-11f0-8a78-bf201f293bce" }, "details": "Deluan Quint\u00e3o reports:\n\n> A permission verification flaw in Navidrome allows any authenticated\n> regular user to bypass authorization checks and perform\n> administrator-only transcoding configuration operations, including\n> creating, modifying, and deleting transcoding settings.\n", "id": "FreeBSD-2025-0258", "modified": "2025-08-01T00:00:00Z", "published": "2025-08-01T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://github.com/navidrome/navidrome/security/advisories/GHSA-f238-rggp-82m3" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2025-48948" }, { "type": "WEB", "url": "https://github.com/navidrome/navidrome/security/advisories/GHSA-f238-rggp-82m3" } ], "schema_version": "1.7.0", "summary": "navidrome -- transcoding permission bypass vulnerability" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "sqlite3" }, "ranges": [ { "events": [ { "introduced": "3.39.2,1" }, { "fixed": "3.41.2,1" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://sqlite.org/forum/forumpost/16ce2bb7a639e29b" ], "discovery": "2025-07-29T00:00:00Z", "references": { "cvename": [ "CVE-2025-7458" ] }, "vid": "f51077bd-6dd7-11f0-9d62-b42e991fc52e" }, "details": "cve-coordination@google.com reports:\n\n> An integer overflow in the sqlite3KeyInfoFromExprList function in\n> SQLite versions 3.39.2 through 3.41.1 allows an attacker with the\n> ability to execute arbitrary SQL statements to cause a denial of\n> service or disclose sensitive information from process memory via a\n> crafted SELECT statement with a large number of expressions in the\n> ORDER BY clause.\n", "id": "FreeBSD-2025-0257", "modified": "2025-08-01T00:00:00Z", "published": "2025-07-31T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://sqlite.org/forum/forumpost/16ce2bb7a639e29b" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2025-7458" }, { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-7458" } ], "schema_version": "1.7.0", "summary": "SQLite -- integer overflow in key info allocation" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "p5-Crypt-CBC" }, "ranges": [ { "events": [ { "fixed": "3.07" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://perldoc.perl.org/functions/rand" ], "discovery": "2025-04-12T00:00:00Z", "references": { "cvename": [ "CVE-2025-2814" ] }, "vid": "cd7f969e-6cb4-11f0-97c4-40b034429ecf" }, "details": "Lib-Crypt-CBC project reports:\n\n> Crypt::CBC versions between 1.21 and 3.05 for Perl may use the rand()\n> function as the default source of entropy, which is not\n> cryptographically secure, for cryptographic functions. This issue\n> affects operating systems where \\\"/dev/urandom\\'\\\" is unavailable. In\n> that case, Crypt::CBC will fallback to use the insecure rand()\n> function.\n", "id": "FreeBSD-2025-0256", "modified": "2025-07-29T00:00:00Z", "published": "2025-07-29T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://perldoc.perl.org/functions/rand" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2025-2814" }, { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-2814" } ], "schema_version": "1.7.0", "summary": "p5-Crypt-CBC -- Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "viewvc" }, "ranges": [ { "events": [ { "introduced": "1.1.0" }, { "last_affected": "1.1.30" }, { "fixed": "1.1.30" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "viewvc" }, "ranges": [ { "events": [ { "introduced": "1.2.0" }, { "last_affected": "1.2.3" }, { "fixed": "1.2.3" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "viewvc-devel" }, "ranges": [ { "events": [ { "fixed": "1.3.0.20250316_1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://github.com/viewvc/viewvc/security/advisories/GHSA-rv3m-76rj-q397" ], "discovery": "2025-07-22T00:00:00Z", "references": { "cvename": [ "CVE-2025-54141" ] }, "vid": "c37f29ba-6ae3-11f0-b4bf-ecf4bbefc954" }, "details": "cmpilato reports:\n\n> The ViewVC standalone web server (standalone.py) is a script provided\n> in the ViewVC distribution for the purposes of quickly testing a\n> ViewVC configuration. This script can in particular configurations\n> expose the contents of the host server\\'s filesystem though a\n> directory traversal-style attack.\n", "id": "FreeBSD-2025-0255", "modified": "2025-07-25T00:00:00Z", "published": "2025-07-25T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://github.com/viewvc/viewvc/security/advisories/GHSA-rv3m-76rj-q397" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2025-54141" }, { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-54141" } ], "schema_version": "1.7.0", "summary": "viewvc -- Arbitrary server filesystem content" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "rubygem-resolv" }, "ranges": [ { "events": [ { "fixed": "0.6.2" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "ruby" }, "ranges": [ { "events": [ { "introduced": "3.2.0.p1,1" }, { "fixed": "3.2.9,1" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "3.3.0.p1,1" }, { "fixed": "3.3.9,1" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "3.4.0.p1,1" }, { "fixed": "3.4.5,1" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "3.5.0.p1,1" }, { "fixed": "3.5.0.p2,1" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "ruby32" }, "ranges": [ { "events": [ { "fixed": "3.2.9,1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "ruby33" }, "ranges": [ { "events": [ { "fixed": "3.3.9,1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "ruby34" }, "ranges": [ { "events": [ { "fixed": "3.4.5,1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "ruby35" }, "ranges": [ { "events": [ { "fixed": "3.5.0.p2,1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://www.ruby-lang.org/en/news/2025/07/08/dos-resolv-cve-2025-24294/" ], "discovery": "2025-07-08T00:00:00Z", "references": { "cvename": [ "CVE-2025-24294" ] }, "vid": "eed1a411-699b-11f0-91fe-000c295725e4" }, "details": "Manu reports:\n\n> The vulnerability is caused by an insufficient check on the length of\n> a decompressed domain name within a DNS packet.\n>\n> An attacker can craft a malicious DNS packet containing a highly\n> compressed domain name. When the resolv library parses such a packet,\n> the name decompression process consumes a large amount of CPU\n> resources, as the library does not limit the resulting length of the\n> name.\n>\n> This resource consumption can cause the application thread to become\n> unresponsive, resulting in a Denial of Service condition.\n", "id": "FreeBSD-2025-0254", "modified": "2025-07-25T00:00:00Z", "published": "2025-07-25T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://www.ruby-lang.org/en/news/2025/07/08/dos-resolv-cve-2025-24294/" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2025-24294" }, { "type": "WEB", "url": "https://www.ruby-lang.org/en/news/2025/07/08/dos-resolv-cve-2025-24294/" } ], "schema_version": "1.7.0", "summary": "rubygem-resolv -- Possible denial of service" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "firefox" }, "ranges": [ { "events": [ { "fixed": "141.0,2" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "thunderbird" }, "ranges": [ { "events": [ { "fixed": "141.0" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://bugzilla.mozilla.org/buglist.cgi?bug_id=1933572%2C1971116" ], "discovery": "2025-07-22T00:00:00Z", "references": { "cvename": [ "CVE-2025-8044", "CVE-2025-8043" ] }, "vid": "67c6461f-685e-11f0-a12d-b42e991fc52e" }, "details": "security@mozilla.org reports:\n\n> Memory safety bugs present in Firefox 140 and Thunderbird 140. Some of\n> these bugs showed evidence of memory corruption and we presume that\n> with enough effort some of these could have been exploited to run\n> arbitrary code.\n>\n> Focus incorrectly truncated URLs towards the beginning instead of\n> around the origin.\n", "id": "FreeBSD-2025-0253", "modified": "2025-07-24T00:00:00Z", "published": "2025-07-24T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://bugzilla.mozilla.org/buglist.cgi?bug_id=1933572%2C1971116" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2025-8044" }, { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-8044" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2025-8043" }, { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-8043" } ], "schema_version": "1.7.0", "summary": "Mozilla -- Multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "firefox" }, "ranges": [ { "events": [ { "fixed": "141.0,2" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "firefox-esr" }, "ranges": [ { "events": [ { "fixed": "140.1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "thunderbird" }, "ranges": [ { "events": [ { "fixed": "141.0" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "thunderbird-esr" }, "ranges": [ { "events": [ { "fixed": "140.1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://bugzilla.mozilla.org/buglist.cgi?bug_id=1975058%2C1975058%2C1975998%2C1975998" ], "discovery": "2025-07-22T00:00:00Z", "references": { "cvename": [ "CVE-2025-8040" ] }, "vid": "62f1a68f-685e-11f0-a12d-b42e991fc52e" }, "details": "security@mozilla.org reports:\n\n> Memory safety bugs present in Firefox ESR 140.0, Thunderbird ESR\n> 140.0, Firefox 140 and Thunderbird 140. Some of these bugs showed\n> evidence of memory corruption and we presume that with enough effort\n> some of these could have been exploited to run arbitrary code.\n", "id": "FreeBSD-2025-0252", "modified": "2025-07-24T00:00:00Z", "published": "2025-07-24T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://bugzilla.mozilla.org/buglist.cgi?bug_id=1975058%2C1975058%2C1975998%2C1975998" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2025-8040" }, { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-8040" } ], "schema_version": "1.7.0", "summary": "Mozilla -- Memory safety bugs" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "firefox" }, "ranges": [ { "events": [ { "fixed": "141.0,2" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "firefox-esr" }, "ranges": [ { "events": [ { "fixed": "140.1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "thunderbird" }, "ranges": [ { "events": [ { "fixed": "141.0" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "thunderbird-esr" }, "ranges": [ { "events": [ { "fixed": "140.1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://bugzilla.mozilla.org/show_bug.cgi?id=1970997" ], "discovery": "2025-07-22T00:00:00Z", "references": { "cvename": [ "CVE-2025-8039" ] }, "vid": "6088905c-685e-11f0-a12d-b42e991fc52e" }, "details": "security@mozilla.org reports:\n\n> In some cases search terms persisted in the URL bar even after\n> navigating away from the search page.\n", "id": "FreeBSD-2025-0251", "modified": "2025-07-24T00:00:00Z", "published": "2025-07-24T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1970997" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2025-8039" }, { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-8039" } ], "schema_version": "1.7.0", "summary": "Mozilla -- Persisted search terms in the URL bar" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "firefox" }, "ranges": [ { "events": [ { "fixed": "141.0,2" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "firefox-esr" }, "ranges": [ { "events": [ { "fixed": "140.1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "thunderbird" }, "ranges": [ { "events": [ { "fixed": "141.0" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "thunderbird-esr" }, "ranges": [ { "events": [ { "fixed": "140.1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://bugzilla.mozilla.org/show_bug.cgi?id=1808979" ], "discovery": "2025-07-22T00:00:00Z", "references": { "cvename": [ "CVE-2025-8038" ] }, "vid": "5d91def0-685e-11f0-a12d-b42e991fc52e" }, "details": "security@mozilla.org reports:\n\n> Thunderbird ignored paths when checking the validity of navigations in\n> a frame.\n", "id": "FreeBSD-2025-0250", "modified": "2025-07-24T00:00:00Z", "published": "2025-07-24T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1808979" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2025-8038" }, { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-8038" } ], "schema_version": "1.7.0", "summary": "Mozilla -- Ignored paths while checking navigations" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "firefox" }, "ranges": [ { "events": [ { "fixed": "141.0,2" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "firefox-esr" }, "ranges": [ { "events": [ { "fixed": "140.1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "thunderbird" }, "ranges": [ { "events": [ { "fixed": "141.0" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "thunderbird-esr" }, "ranges": [ { "events": [ { "fixed": "140.1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://bugzilla.mozilla.org/show_bug.cgi?id=1964767" ], "discovery": "2025-07-22T00:00:00Z", "references": { "cvename": [ "CVE-2025-8037" ] }, "vid": "5abc2187-685e-11f0-a12d-b42e991fc52e" }, "details": "security@mozilla.org reports:\n\n> Setting a nameless cookie with an equals sign in the value shadowed\n> other cookies. Even if the nameless cookie was set over HTTP and the\n> shadowed cookie included the \\`Secure\\` attribute.\n", "id": "FreeBSD-2025-0249", "modified": "2025-07-24T00:00:00Z", "published": "2025-07-24T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1964767" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2025-8037" }, { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-8037" } ], "schema_version": "1.7.0", "summary": "Mozilla -- cookie shadowing" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "firefox" }, "ranges": [ { "events": [ { "fixed": "141.0,2" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "firefox-esr" }, "ranges": [ { "events": [ { "fixed": "140.1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "thunderbird" }, "ranges": [ { "events": [ { "fixed": "141.0" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "thunderbird-esr" }, "ranges": [ { "events": [ { "fixed": "140.1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://bugzilla.mozilla.org/show_bug.cgi?id=1960834" ], "discovery": "2025-07-22T00:00:00Z", "references": { "cvename": [ "CVE-2025-8036" ] }, "vid": "58027367-685e-11f0-a12d-b42e991fc52e" }, "details": "security@mozilla.org reports:\n\n> Thunderbird cached CORS preflight responses across IP address changes.\n> This allowed circumventing CORS with DNS rebinding.\n", "id": "FreeBSD-2025-0248", "modified": "2025-07-24T00:00:00Z", "published": "2025-07-24T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1960834" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2025-8036" }, { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-8036" } ], "schema_version": "1.7.0", "summary": "Mozilla -- CORS circumvention" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "firefox" }, "ranges": [ { "events": [ { "fixed": "141.0,2" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "firefox-esr" }, "ranges": [ { "events": [ { "fixed": "140.1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "firefox-esr" }, "ranges": [ { "events": [ { "fixed": "128.13" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "thunderbird" }, "ranges": [ { "events": [ { "fixed": "141.0" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "thunderbird-esr" }, "ranges": [ { "events": [ { "fixed": "140.1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "thunderbird" }, "ranges": [ { "events": [ { "fixed": "128.13" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://bugzilla.mozilla.org/buglist.cgi?bug_id=1975961%2C1975961%2C1975961" ], "discovery": "2025-07-22T00:00:00Z", "references": { "cvename": [ "CVE-2025-8035" ] }, "vid": "55096bd3-685e-11f0-a12d-b42e991fc52e" }, "details": "security@mozilla.org reports:\n\n> Memory safety bugs present in Firefox ESR 128.12, Thunderbird ESR\n> 128.12, Firefox ESR 140.0, Thunderbird ESR 140.0, Firefox 140 and\n> Thunderbird 140. Some of these bugs showed evidence of memory\n> corruption and we presume that with enough effort some of these could\n> have been exploited to run arbitrary code.\n", "id": "FreeBSD-2025-0247", "modified": "2025-07-24T00:00:00Z", "published": "2025-07-24T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://bugzilla.mozilla.org/buglist.cgi?bug_id=1975961%2C1975961%2C1975961" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2025-8035" }, { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-8035" } ], "schema_version": "1.7.0", "summary": "Mozilla -- Memory safety bugs" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "firefox" }, "ranges": [ { "events": [ { "fixed": "141.0,2" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "firefox-esr" }, "ranges": [ { "events": [ { "fixed": "140.1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "firefox-esr" }, "ranges": [ { "events": [ { "fixed": "128.13" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "firefox-esr" }, "ranges": [ { "events": [ { "fixed": "115.26" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "thunderbird" }, "ranges": [ { "events": [ { "fixed": "141.0" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "thunderbird-esr" }, "ranges": [ { "events": [ { "fixed": "140.1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "thunderbird" }, "ranges": [ { "events": [ { "fixed": "128.13" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://bugzilla.mozilla.org/buglist.cgi?bug_id=1970422%2C1970422%2C1970422%2C1970422" ], "discovery": "2025-07-22T00:00:00Z", "references": { "cvename": [ "CVE-2025-8034" ] }, "vid": "4faa01cb-685e-11f0-a12d-b42e991fc52e" }, "details": "security@mozilla.org reports:\n\n> Memory safety bugs present in Firefox ESR 115.25, Firefox ESR 128.12,\n> Thunderbird ESR 128.12, Firefox ESR 140.0, Thunderbird ESR 140.0,\n> Firefox 140 and Thunderbird 140. Some of these bugs showed evidence of\n> memory corruption and we presume that with enough effort some of these\n> could have been exploited to run arbitrary code.\n", "id": "FreeBSD-2025-0246", "modified": "2025-07-24T00:00:00Z", "published": "2025-07-24T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://bugzilla.mozilla.org/buglist.cgi?bug_id=1970422%2C1970422%2C1970422%2C1970422" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2025-8034" }, { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-8034" } ], "schema_version": "1.7.0", "summary": "Mozilla -- Memory safety bugs" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "firefox" }, "ranges": [ { "events": [ { "fixed": "141.0,2" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "firefox-esr" }, "ranges": [ { "events": [ { "fixed": "140.1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "firefox-esr" }, "ranges": [ { "events": [ { "fixed": "128.13" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "firefox-esr" }, "ranges": [ { "events": [ { "fixed": "115.26" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "thunderbird" }, "ranges": [ { "events": [ { "fixed": "141.0" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "thunderbird-esr" }, "ranges": [ { "events": [ { "fixed": "140.1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "thunderbird" }, "ranges": [ { "events": [ { "fixed": "128.13" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://bugzilla.mozilla.org/show_bug.cgi?id=1973990" ], "discovery": "2025-07-22T00:00:00Z", "references": { "cvename": [ "CVE-2025-8033" ] }, "vid": "4d03efe7-685e-11f0-a12d-b42e991fc52e" }, "details": "security@mozilla.org reports:\n\n> The JavaScript engine did not handle closed generators correctly and\n> it was possible to resume them leading to a nullptr deref.\n", "id": "FreeBSD-2025-0245", "modified": "2025-07-24T00:00:00Z", "published": "2025-07-24T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1973990" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2025-8033" }, { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-8033" } ], "schema_version": "1.7.0", "summary": "Mozilla -- nullptr dereference" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "firefox" }, "ranges": [ { "events": [ { "fixed": "141.0,2" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "firefox-esr" }, "ranges": [ { "events": [ { "fixed": "140.1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "firefox-esr" }, "ranges": [ { "events": [ { "fixed": "128.13" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "thunderbird" }, "ranges": [ { "events": [ { "fixed": "141.0" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "thunderbird-esr" }, "ranges": [ { "events": [ { "fixed": "140.1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "thunderbird" }, "ranges": [ { "events": [ { "fixed": "128.13" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://bugzilla.mozilla.org/show_bug.cgi?id=1974407" ], "discovery": "2025-07-22T00:00:00Z", "references": { "cvename": [ "CVE-2025-8032" ] }, "vid": "4a357f4b-685e-11f0-a12d-b42e991fc52e" }, "details": "security@mozilla.org reports:\n\n> XSLT document loading did not correctly propagate the source document\n> which bypassed its CSP.\n", "id": "FreeBSD-2025-0244", "modified": "2025-07-24T00:00:00Z", "published": "2025-07-24T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1974407" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2025-8032" }, { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-8032" } ], "schema_version": "1.7.0", "summary": "Mozilla -- XSLT document CSP bypass" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "firefox" }, "ranges": [ { "events": [ { "fixed": "141.0,2" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "firefox-esr" }, "ranges": [ { "events": [ { "fixed": "140.1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "firefox-esr" }, "ranges": [ { "events": [ { "fixed": "128.13" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "thunderbird" }, "ranges": [ { "events": [ { "fixed": "141.0" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "thunderbird-esr" }, "ranges": [ { "events": [ { "fixed": "140.1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://bugzilla.mozilla.org/show_bug.cgi?id=1971719" ], "discovery": "2025-07-22T00:00:00Z", "references": { "cvename": [ "CVE-2025-8031" ] }, "vid": "477e9eb3-685e-11f0-a12d-b42e991fc52e" }, "details": "security@mozilla.org reports:\n\n> The \\`username:password\\` part was not correctly stripped from URLs in\n> CSP reports potentially leaking HTTP Basic Authentication credentials.\n", "id": "FreeBSD-2025-0243", "modified": "2025-07-24T00:00:00Z", "published": "2025-07-24T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1971719" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2025-8031" }, { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-8031" } ], "schema_version": "1.7.0", "summary": "Mozilla -- HTTP Basic Authentication credentials leak" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "firefox" }, "ranges": [ { "events": [ { "fixed": "141.0,2" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "firefox-esr" }, "ranges": [ { "events": [ { "fixed": "140.1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "firefox-esr" }, "ranges": [ { "events": [ { "fixed": "128.13" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "thunderbird" }, "ranges": [ { "events": [ { "fixed": "141.0" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "thunderbird-esr" }, "ranges": [ { "events": [ { "fixed": "140.1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "thunderbird" }, "ranges": [ { "events": [ { "fixed": "128.13" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://bugzilla.mozilla.org/show_bug.cgi?id=1968414" ], "discovery": "2025-07-22T00:00:00Z", "references": { "cvename": [ "CVE-2025-8030" ] }, "vid": "44b3048b-685e-11f0-a12d-b42e991fc52e" }, "details": "security@mozilla.org reports:\n\n> Insufficient escaping in the Copy as cURL feature could potentially be\n> used to trick a user into executing unexpected code.\n", "id": "FreeBSD-2025-0242", "modified": "2025-07-24T00:00:00Z", "published": "2025-07-24T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1968414" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2025-8030" }, { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-8030" } ], "schema_version": "1.7.0", "summary": "Mozilla -- Insufficient input escaping" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "firefox" }, "ranges": [ { "events": [ { "fixed": "141.0,2" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "firefox-esr" }, "ranges": [ { "events": [ { "fixed": "140.1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "firefox-esr" }, "ranges": [ { "events": [ { "fixed": "128.13" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "thunderbird" }, "ranges": [ { "events": [ { "fixed": "141.0" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "thunderbird-esr" }, "ranges": [ { "events": [ { "fixed": "140.1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "thunderbird" }, "ranges": [ { "events": [ { "fixed": "128.13" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://bugzilla.mozilla.org/show_bug.cgi?id=1928021" ], "discovery": "2025-07-22T00:00:00Z", "references": { "cvename": [ "CVE-2025-8029" ] }, "vid": "419bcf99-685e-11f0-a12d-b42e991fc52e" }, "details": "security@mozilla.org reports:\n\n> Thunderbird executed \\`javascript:\\` URLs when used in \\`object\\` and\n> \\`embed\\` tags.\n", "id": "FreeBSD-2025-0241", "modified": "2025-07-24T00:00:00Z", "published": "2025-07-24T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1928021" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2025-8029" }, { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-8029" } ], "schema_version": "1.7.0", "summary": "Mozilla -- 'javascript:' URLs execution" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "firefox" }, "ranges": [ { "events": [ { "fixed": "141.0,2" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "firefox-esr" }, "ranges": [ { "events": [ { "fixed": "140.1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "firefox-esr" }, "ranges": [ { "events": [ { "fixed": "128.13" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "firefox-esr" }, "ranges": [ { "events": [ { "fixed": "115.26" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "thunderbird" }, "ranges": [ { "events": [ { "fixed": "141.0" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "thunderbird-esr" }, "ranges": [ { "events": [ { "fixed": "140.1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "thunderbird" }, "ranges": [ { "events": [ { "fixed": "128.13" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://bugzilla.mozilla.org/show_bug.cgi?id=1971581" ], "discovery": "2025-07-22T00:00:00Z", "references": { "cvename": [ "CVE-2025-8028" ] }, "vid": "3e9406a7-685e-11f0-a12d-b42e991fc52e" }, "details": "security@mozilla.org reports:\n\n> On arm64, a WASM \\`br_table\\` instruction with a lot of entries could\n> lead to the label being too far from the instruction causing\n> truncation and incorrect computation of the branch address.\n", "id": "FreeBSD-2025-0240", "modified": "2025-07-24T00:00:00Z", "published": "2025-07-24T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1971581" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2025-8028" }, { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-8028" } ], "schema_version": "1.7.0", "summary": "Mozilla -- Incorrect computation of branch address" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "firefox" }, "ranges": [ { "events": [ { "fixed": "141.0,2" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "firefox-esr" }, "ranges": [ { "events": [ { "fixed": "140.1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "firefox-esr" }, "ranges": [ { "events": [ { "fixed": "128.13" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "firefox-esr" }, "ranges": [ { "events": [ { "fixed": "115.26" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "thunderbird" }, "ranges": [ { "events": [ { "fixed": "141.0" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "thunderbird-esr" }, "ranges": [ { "events": [ { "fixed": "140.1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "thunderbird" }, "ranges": [ { "events": [ { "fixed": "128.13" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://bugzilla.mozilla.org/show_bug.cgi?id=1968423" ], "discovery": "2025-07-22T00:00:00Z", "references": { "cvename": [ "CVE-2025-8027" ] }, "vid": "3c234220-685e-11f0-a12d-b42e991fc52e" }, "details": "security@mozilla.org reports:\n\n> On 64-bit platforms IonMonkey-JIT only wrote 32 bits of the 64-bit\n> return value space on the stack. Baseline-JIT, however, read the\n> entire 64 bits.\n", "id": "FreeBSD-2025-0239", "modified": "2025-07-24T00:00:00Z", "published": "2025-07-24T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1968423" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2025-8027" }, { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-8027" } ], "schema_version": "1.7.0", "summary": "Mozilla -- IonMonkey-JIT bad stack write" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "gdk-pixbuf2" }, "ranges": [ { "events": [ { "fixed": "2.42.12_2" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://www.cve.org/CVERecord?id=CVE-2025-7345" ], "discovery": "2025-07-24T00:00:00Z", "references": { "cvename": [ "CVE-2025-7345" ] }, "vid": "3d4393b2-68a5-11f0-b2b4-589cfc10832a" }, "details": "cve@mitre.org reports:\n\n> A flaw exists in gdk-pixbuf within the\n> gdk_pixbuf\\_\\_jpeg_image_load_increment function (io-jpeg.c) and in\n> glib's g_base64_encode_step (glib/gbase64.c). When processing\n> maliciously crafted JPEG images, a heap buffer overflow can occur\n> during Base64 encoding, allowing out-of-bounds reads from heap memory,\n> potentially causing application crashes or arbitrary code execution.\n", "id": "FreeBSD-2025-0238", "modified": "2025-07-24T00:00:00Z", "published": "2025-07-24T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://www.cve.org/CVERecord?id=CVE-2025-7345" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2025-7345" }, { "type": "WEB", "url": "https://www.cve.org/CVERecord?id=CVE-2025-7345" } ], "schema_version": "1.7.0", "summary": "gdk-pixbuf2 -- a heap buffer overflow" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "powerdns-recursor" }, "ranges": [ { "events": [ { "fixed": "5.2.4" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://blog.powerdns.com/powerdns-security-advisory-2025-04" ], "discovery": "2025-07-21T00:00:00Z", "references": { "cvename": [ "CVE-2025-30192" ] }, "vid": "b3948bf3-685e-11f0-bff5-6805ca2fa271" }, "details": "PowerDNS Team reports:\n\n> An attacker spoofing answers to ECS enabled requests sent out by the\n> Recursor has a chance of success higher than non-ECS enabled queries.\n> The updated version include various mitigations against spoofing\n> attempts of ECS enabled queries by chaining ECS enabled requests and\n> enforcing stricter validation of the received answers. The most strict\n> mitigation done when the new setting outgoing.edns_subnet_harden (old\n> style name edns-subnet-harden) is enabled.\n", "id": "FreeBSD-2025-0237", "modified": "2025-07-24T00:00:00Z", "published": "2025-07-24T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://blog.powerdns.com/powerdns-security-advisory-2025-04" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2025-30192" }, { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-30192" } ], "schema_version": "1.7.0", "summary": "powerdns-recursor -- cache pollution" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "gitlab-ce" }, "ranges": [ { "events": [ { "introduced": "18.2.0" }, { "fixed": "18.2.1" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "18.1.0" }, { "fixed": "18.1.3" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "15.0.0" }, { "fixed": "18.0.5" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "gitlab-ee" }, "ranges": [ { "events": [ { "introduced": "18.2.0" }, { "fixed": "18.2.1" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "18.1.0" }, { "fixed": "18.1.3" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "15.0.0" }, { "fixed": "18.0.5" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://about.gitlab.com/releases/2025/07/23/patch-release-gitlab-18-2-1-released/" ], "discovery": "2025-07-23T00:00:00Z", "references": { "cvename": [ "CVE-2025-4700", "CVE-2025-4439", "CVE-2025-7001", "CVE-2025-4976", "CVE-2025-0765", "CVE-2025-1299" ] }, "vid": "5683b3a7-683d-11f0-966e-2cf05da270f3" }, "details": "Gitlab reports:\n\n> Cross-site scripting issue impacts Kubernetes Proxy in GitLab CE/EE\n>\n> Cross-site scripting issue impacts Kubernetes Proxy in GitLab CE/EE\n> using CDNs\n>\n> Exposure of Sensitive Information to an Unauthorized Actor issue\n> impacts GitLab CE/EE\n>\n> Improper Access Control issue impacts GitLab EE\n>\n> Exposure of Sensitive Information to an Unauthorized Actor issue\n> impacts GitLab CE/EE\n>\n> Improper Access Control issue impacts GitLab CE/EE\n", "id": "FreeBSD-2025-0236", "modified": "2025-07-24T00:00:00Z", "published": "2025-07-24T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://about.gitlab.com/releases/2025/07/23/patch-release-gitlab-18-2-1-released/" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2025-4700" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2025-4439" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2025-7001" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2025-4976" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2025-0765" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2025-1299" }, { "type": "WEB", "url": "https://about.gitlab.com/releases/2025/07/23/patch-release-gitlab-18-2-1-released/" } ], "schema_version": "1.7.0", "summary": "Gitlab -- vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "sqlite3" }, "ranges": [ { "events": [ { "fixed": "3.50.2,1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "linux-c7-sqlite" }, "ranges": [ { "events": [ { "fixed": "3.50.2" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "linux_base-rl9" }, "ranges": [ { "events": [ { "introduced": "9.5.14" }, { "fixed": "9.6_1" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "linux-rl9-sqlite3" }, "ranges": [ { "events": [ { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://www.sqlite.org/src/info/5508b56fd24016c13981ec280ecdd833007c9d8dd595edb295b984c2b487b5c8" ], "discovery": "2025-07-15T00:00:00Z", "references": { "cvename": [ "CVE-2025-6965" ] }, "vid": "0f5bcba2-67fb-11f0-9ee5-b42e991fc52e" }, "details": "cve-coordination@google.com reports:\n\n> There exists a vulnerability in SQLite versions before 3.50.2 where\n> the number of aggregate terms could exceed the number of columns\n> available. This could lead to a memory corruption issue.\n", "id": "FreeBSD-2025-0235", "modified": "2025-09-07T00:00:00Z", "published": "2025-07-23T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://www.sqlite.org/src/info/5508b56fd24016c13981ec280ecdd833007c9d8dd595edb295b984c2b487b5c8" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2025-6965" }, { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-6965" } ], "schema_version": "1.7.0", "summary": "sqlite -- Integer Truncation on SQLite" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "7-zip" }, "ranges": [ { "events": [ { "fixed": "25.00" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://securitylab.github.com/advisories/GHSL-2025-058_7-Zip/" ], "discovery": "2025-07-17T00:00:00Z", "references": { "cvename": [ "CVE-2025-53816" ] }, "vid": "80411ba2-6729-11f0-a5cb-8c164580114f" }, "details": "security-advisories@github.com reports:\n\n> 7-Zip is a file archiver with a high compression ratio. Zeroes written\n> outside heap buffer in RAR5 handler may lead to memory corruption and\n> denial of service in versions of 7-Zip prior to 25.0.0. Version 25.0.0\n> contains a fix for the issue.\n", "id": "FreeBSD-2025-0234", "modified": "2025-07-22T00:00:00Z", "published": "2025-07-22T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://securitylab.github.com/advisories/GHSL-2025-058_7-Zip/" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2025-53816" }, { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-53816" } ], "schema_version": "1.7.0", "summary": "7-Zip -- Multi-byte write heap buffer overflow in NCompress::NRar5::CDecoder" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "libwasmtime" }, "ranges": [ { "events": [ { "introduced": "24.0.0" }, { "fixed": "24.0.4" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "33.0.0" }, { "fixed": "33.0.2" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "34.0.0" }, { "fixed": "34.0.2" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://github.com/bytecodealliance/wasmtime/security/advisories/GHSA-fm79-3f68-h2fc" ], "discovery": "2025-07-18T00:00:00Z", "references": { "cvename": [ "CVE-2025-53901" ] }, "vid": "605a9d1e-6521-11f0-beb2-ac5afc632ba3" }, "details": "WasmTime development team reports:\n\n> A bug in Wasmtime\\'s implementation of the WASIp1 set of import\n> functions can lead to a WebAssembly guest inducing a panic in the host\n> (embedder).\n", "id": "FreeBSD-2025-0233", "modified": "2025-07-20T00:00:00Z", "published": "2025-07-20T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://github.com/bytecodealliance/wasmtime/security/advisories/GHSA-fm79-3f68-h2fc" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2025-53901" }, { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-53901" } ], "schema_version": "1.7.0", "summary": "libwasmtime -- host panic with fd_renumber WASIp1 function" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "unbound" }, "ranges": [ { "events": [ { "introduced": "1.6.1,1" }, { "fixed": "1.23.0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://nlnetlabs.nl/downloads/unbound/CVE-2025-5994.txt" ], "discovery": "2025-07-16T00:00:00Z", "references": { "cvename": [ "CVE-2025-5994" ] }, "vid": "e27ee4fc-cdc9-45a1-8242-09898cdbdc91" }, "details": "sep@nlnetlabs.nl reports:\n\n> A multi-vendor cache poisoning vulnerability named \\'Rebirthday\n> Attack\\' has been discovered in caching resolvers that support EDNS\n> Client Subnet (ECS). Unbound is also vulnerable when compiled with ECS\n> support, i.e., \\'\\--enable-subnet\\', AND configured to send ECS\n> information along with queries to upstream name servers, i.e., at\n> least one of the \\'send-client-subnet\\', \\'client-subnet-zone\\' or\n> \\'client-subnet-always-forward\\' options is used. Resolvers supporting\n> ECS need to segregate outgoing queries to accommodate for different\n> outgoing ECS information. This re-opens up resolvers to a birthday\n> paradox attack (Rebirthday Attack) that tries to match the DNS\n> transaction ID in order to cache non-ECS poisonous replies.\n", "id": "FreeBSD-2025-0232", "modified": "2025-07-18T00:00:00Z", "published": "2025-07-18T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://nlnetlabs.nl/downloads/unbound/CVE-2025-5994.txt" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2025-5994" }, { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-5994" } ], "schema_version": "1.7.0", "summary": "unbound -- Cache poisoning via the ECS-enabled Rebirthday Attack" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "liboqs" }, "ranges": [ { "events": [ { "fixed": "0.14.0" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://github.com/open-quantum-safe/liboqs/security/advisories/GHSA-qq3m-rq9v-jfgm" ], "discovery": "2025-07-10T00:00:00Z", "references": { "cvename": [ "CVE-2025-52473" ] }, "vid": "aeac223e-60e1-11f0-8baa-8447094a420f" }, "details": "The OpenQuantumSafe project reports:\n\n> Secret-dependent branching in HQC reference implementation when\n> compiled with Clang 17-20 for optimizations above -O0\n", "id": "FreeBSD-2025-0231", "modified": "2025-07-14T00:00:00Z", "published": "2025-07-14T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://github.com/open-quantum-safe/liboqs/security/advisories/GHSA-qq3m-rq9v-jfgm" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2025-52473" }, { "type": "WEB", "url": "https://github.com/open-quantum-safe/liboqs/security/advisories/GHSA-qq3m-rq9v-jfgm" } ], "schema_version": "1.7.0", "summary": "liboqs -- Secret-dependent branching in HQC" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "gnutls" }, "ranges": [ { "events": [ { "fixed": "3.8.10" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://lists.gnupg.org/pipermail/gnutls-help/2025-July/004883.html" ], "discovery": "2025-07-09T00:00:00Z", "references": { "cvename": [ "CVE-2025-32989", "CVE-2025-32988", "CVE-2025-32990", "CVE-2025-6395" ] }, "vid": "c3e1df74-5e73-11f0-95e5-74563cf9e4e9" }, "details": "Daiki Ueno reports:\n\n> - libgnutls: Fix heap read buffer overrun in parsing X.509 SCTS\n> timestamps Spotted by oss-fuzz and reported by OpenAI Security\n> Research Team, and fix developed by Andrew Hamilton.\n> \\[GNUTLS-SA-2025-07-07-1, CVSS: medium\\] \\[CVE-2025-32989\\]\n> - libgnutls: Fix double-free upon error when exporting otherName in\n> SAN Reported by OpenAI Security Research Team.\n> \\[GNUTLS-SA-2025-07-07-2, CVSS: low\\] \\[CVE-2025-32988\\]\n> - certtool: Fix 1-byte write buffer overrun when parsing template\n> Reported by David Aitel. \\[GNUTLS-SA-2025-07-07-3, CVSS: low\\]\n> \\[CVE-2025-32990\\]\n> - libgnutls: Fix NULL pointer dereference when 2nd Client Hello omits\n> PSK Reported by Stefan B\u00fchler. \\[GNUTLS-SA-2025-07-07-4, CVSS:\n> medium\\] \\[CVE-2025-6395\\]\n", "id": "FreeBSD-2025-0230", "modified": "2025-07-14T00:00:00Z", "published": "2025-07-14T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://lists.gnupg.org/pipermail/gnutls-help/2025-July/004883.html" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2025-32989" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2025-32988" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2025-32990" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2025-6395" }, { "type": "WEB", "url": "https://lists.gnupg.org/pipermail/gnutls-help/2025-July/004883.html" } ], "schema_version": "1.7.0", "summary": "GnuTLS -- multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "libxslt" }, "ranges": [ { "events": [ { "fixed": "1.1.43_2" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "linux-c7-libxslt" }, "ranges": [ { "events": [ { "fixed": "2" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "linux-rl9-libxslt" }, "ranges": [ { "events": [ { "fixed": "2" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://www.openwall.com/lists/oss-security/2025/07/11/2" ], "discovery": "2025-04-10T00:00:00Z", "references": { "cvename": [ "CVE-2025-7424", "CVE-2025-7425" ] }, "vid": "b0a3466f-5efc-11f0-ae84-99047d0a6bcc" }, "details": "Alan Coopersmith reports:\n\n> On 6/16/25 15:12, Alan Coopersmith wrote:\n>\n> *BTW, users of libxml2 may also be using its sibling project, libxslt,\n> which currently has no active maintainer, but has three unfixed\n> security issues reported against it according to\n> *\n>\n> 2 of the 3 have now been disclosed:\n>\n> (CVE-2025-7424) libxslt: Type confusion in xmlNode.psvi between\n> stylesheet and source nodes\\\n> \n> \n>\n> (CVE-2025-7425) libxslt: heap-use-after-free in xmlFreeID caused by\n> \\`atype\\` corruption\\\n> \\\n> \n>\n> Engineers from Apple & Google have proposed patches in the GNOME\n> gitlab issues, but neither has had a fix applied to the git repo since\n> there is currently no maintainer for libxslt.\n\nNote that a fourth vulnerability was reported on June 18, 2025, which\nremains undisclosed to date (GNOME libxslt issue 148, link below), see\n\n", "id": "FreeBSD-2025-0229", "modified": "2025-07-12T00:00:00Z", "published": "2025-07-12T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://www.openwall.com/lists/oss-security/2025/07/11/2" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2025-7424" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2025-7425" }, { "type": "WEB", "url": "https://gitlab.gnome.org/Teams/Releng/security/-/wikis/2025#libxml2-and-libxslt" }, { "type": "WEB", "url": "https://gitlab.gnome.org/GNOME/libxslt/-/issues/139" }, { "type": "WEB", "url": "https://gitlab.gnome.org/GNOME/libxslt/-/issues/140" }, { "type": "WEB", "url": "https://gitlab.gnome.org/GNOME/libxslt/-/issues/144" }, { "type": "WEB", "url": "https://gitlab.gnome.org/GNOME/libxslt/-/issues/148" }, { "type": "WEB", "url": "https://gitlab.gnome.org/GNOME/libxslt/-/commit/923903c59d668af42e3144bc623c9190a0f65988" } ], "schema_version": "1.7.0", "summary": "libxslt -- unmaintained, with multiple unfixed vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "libxml2" }, "ranges": [ { "events": [ { "fixed": "2.14.5" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "linux-c7-libxml2" }, "ranges": [ { "events": [ { "fixed": "2.14.5" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "linux-rl9-libxml2" }, "ranges": [ { "events": [ { "fixed": "2.14.5" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://www.openwall.com/lists/oss-security/2025/06/16/6" ], "discovery": "2025-05-27T00:00:00Z", "references": { "cvename": [ "CVE-2025-6021", "CVE-2025-6170", "CVE-2025-49794", "CVE-2025-49795", "CVE-2025-49795" ] }, "vid": "abbc8912-5efa-11f0-ae84-99047d0a6bcc" }, "details": "Alan Coopersmith reports:\n\n> As discussed in \n> the security policy of libxml2 has been changed to disclose\n> vulnerabilities before fixes are available so that people other than\n> the maintainer can contribute to fixing security issues in this\n> library.\n>\n> As part of this, the following 5 CVE\\'s have been disclosed recently:\n>\n> (CVE-2025-49794) Heap use after free (UAF) leads to Denial of service\n> (DoS) \\[\\...\\]\n>\n> (CVE-2025-49795) Null pointer dereference leads to Denial of service\n> (DoS) \\[\\...\\]\n>\n> (CVE-2025-49796) Type confusion leads to Denial of service (DoS)\n> \\[\\...\\]\n>\n> For all three of the above, note that upstream is considering removing\n> Schematron support completely, as discussed in\n> .\n>\n> (CVE-2025-6021) Integer Overflow Leading to Buffer Overflow in\n> xmlBuildQName() \n> \\[\\...\\]\n>\n> (CVE-2025-6170) Stack-based Buffer Overflow in xmllint Shell\n> \\[\\...\\]\n", "id": "FreeBSD-2025-0228", "modified": "2025-07-15T00:00:00Z", "published": "2025-07-12T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://www.openwall.com/lists/oss-security/2025/06/16/6" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2025-6021" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2025-6170" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2025-49794" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2025-49795" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2025-49795" }, { "type": "WEB", "url": "https://www.openwall.com/lists/oss-security/2025/06/16/6" }, { "type": "WEB", "url": "https://gitlab.gnome.org/Teams/Releng/security/-/wikis/2025#libxml2-and-libxslt" }, { "type": "WEB", "url": "https://gitlab.gnome.org/GNOME/libxml2/-/issues/913" }, { "type": "WEB", "url": "https://gitlab.gnome.org/GNOME/libxml2/-/issues/931" }, { "type": "WEB", "url": "https://gitlab.gnome.org/GNOME/libxml2/-/issues/932" }, { "type": "WEB", "url": "https://gitlab.gnome.org/GNOME/libxml2/-/issues/933" }, { "type": "WEB", "url": "https://gitlab.gnome.org/GNOME/libxml2/-/issues/935" }, { "type": "WEB", "url": "https://gitlab.gnome.org/GNOME/libxml2/-/issues/926" }, { "type": "WEB", "url": "https://gitlab.gnome.org/GNOME/libxml2/-/issues/941" } ], "schema_version": "1.7.0", "summary": "libxml2 -- multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "mod_http2" }, "ranges": [ { "events": [ { "fixed": "2.0.33" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://github.com/icing/mod_h2/releases/tag/v2.0.33" ], "discovery": "2025-07-10T00:00:00Z", "references": { "cvename": [ "CVE-2025-53020", "CVE-2025-49630" ] }, "vid": "61d74f80-5e9e-11f0-8baa-8447094a420f" }, "details": "The mod_http2 project reports:\n\n> a client can increase memory consumption for a HTTP/2 connection via\n> repeated request header names,leading to denial of service\n>\n> certain proxy configurations whith mod_proxy_http2 as the backend, an\n> assertion can be triggered by certain requests, leading to denial of\n> service\n", "id": "FreeBSD-2025-0227", "modified": "2025-07-11T00:00:00Z", "published": "2025-07-11T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://github.com/icing/mod_h2/releases/tag/v2.0.33" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2025-53020" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2025-49630" }, { "type": "WEB", "url": "https://github.com/icing/mod_h2/releases/tag/v2.0.33" } ], "schema_version": "1.7.0", "summary": "mod_http2 -- Multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "apache24" }, "ranges": [ { "events": [ { "fixed": "2.4.64" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://httpd.apache.org/security/vulnerabilities_24.html" ], "discovery": "2025-07-10T00:00:00Z", "references": { "cvename": [ "CVE-2024-42516", "CVE-2024-43204", "CVE-2024-43394", "CVE-2024-47252", "CVE-2025-23048", "CVE-2025-49630", "CVE-2025-49812", "CVE-2025-53020" ] }, "vid": "342f2a0a-5e9b-11f0-8baa-8447094a420f" }, "details": "The Apache httpd project reports:\n\n> moderate: Apache HTTP Server: HTTP response splitting (CVE-2024-42516)\n>\n> low: Apache HTTP Server: SSRF with mod_headers setting Content-Type\n> header (CVE-2024-43204)\n>\n> moderate: Apache HTTP Server: SSRF on Windows due to UNC paths\n> (CVE-2024-43394)\n>\n> low: Apache HTTP Server: mod_ssl error log variable escaping\n> (CVE-2024-47252)\n>\n> moderate: Apache HTTP Server: mod_ssl access control bypass with\n> session resumption (CVE-2025-23048)\n>\n> low: Apache HTTP Server: mod_proxy_http2 denial of service\n> (CVE-2025-49630)\n>\n> moderate: Apache HTTP Server: mod_ssl TLS upgrade attack\n> (CVE-2025-49812)\n>\n> moderate: Apache HTTP Server: HTTP/2 DoS by Memory Increase\n> (CVE-2025-53020)\n", "id": "FreeBSD-2025-0226", "modified": "2025-07-11T00:00:00Z", "published": "2025-07-11T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://httpd.apache.org/security/vulnerabilities_24.html" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-42516" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-43204" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-43394" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-47252" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2025-23048" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2025-49630" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2025-49812" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2025-53020" }, { "type": "WEB", "url": "https://httpd.apache.org/security/vulnerabilities_24.html" } ], "schema_version": "1.7.0", "summary": "Apache httpd -- Multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "tomcat110" }, "ranges": [ { "events": [ { "introduced": "11.0.0" }, { "fixed": "11.0.9" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "tomcat101" }, "ranges": [ { "events": [ { "introduced": "10.1.0" }, { "fixed": "10.1.43" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "tomcat9" }, "ranges": [ { "events": [ { "introduced": "9.0.0" }, { "fixed": "9.0.107" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://www.mail-archive.com/announce@tomcat.apache.org/msg00710.html", "https://www.mail-archive.com/announce@tomcat.apache.org/msg00713.html", "https://www.mail-archive.com/announce@tomcat.apache.org/msg00714.html" ], "discovery": "2025-07-10T00:00:00Z", "references": { "cvename": [ "CVE-2025-52434", "CVE-2025-52520", "CVE-2025-53506" ] }, "vid": "ef87346f-5dd0-11f0-beb2-ac5afc632ba3" }, "details": "security@apache.org reports:\n\n> A race condition on connection close could trigger a JVM crash when\n> using the APR/Native connector leading to a DoS. This was particularly\n> noticeable with client initiated closes of HTTP/2 connections.\n\n> An uncontrolled resource consumption vulnerability if an HTTP/2 client\n> did not acknowledge the initial settings frame that reduces the\n> maximum permitted concurrent streams could result in a DoS.\n\n> For some unlikely configurations of multipart upload, an Integer\n> Overflow vulnerability could lead to a DoS via bypassing of size\n> limits.\n", "id": "FreeBSD-2025-0225", "modified": "2025-07-15T00:00:00Z", "published": "2025-07-10T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://www.mail-archive.com/announce@tomcat.apache.org/msg00710.html" }, { "type": "REPORT", "url": "https://www.mail-archive.com/announce@tomcat.apache.org/msg00713.html" }, { "type": "REPORT", "url": "https://www.mail-archive.com/announce@tomcat.apache.org/msg00714.html" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2025-52434" }, { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-52434" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2025-52520" }, { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-52520" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2025-53506" }, { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-53506" } ], "schema_version": "1.7.0", "summary": "Apache Tomcat -- Multiple Vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "gitlab-ce" }, "ranges": [ { "events": [ { "introduced": "18.1.0" }, { "fixed": "18.1.2" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "18.0.0" }, { "fixed": "18.0.4" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "13.3.0" }, { "fixed": "17.11.6" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "gitlab-ee" }, "ranges": [ { "events": [ { "introduced": "18.1.0" }, { "fixed": "18.1.2" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "18.0.0" }, { "fixed": "18.0.4" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "13.3.0" }, { "fixed": "17.11.6" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://about.gitlab.com/releases/2025/07/09/patch-release-gitlab-18-1-2-released/" ], "discovery": "2025-07-09T00:00:00Z", "references": { "cvename": [ "CVE-2025-6948", "CVE-2025-3396", "CVE-2025-4972", "CVE-2025-6168" ] }, "vid": "20823cc0-5d45-11f0-966e-2cf05da270f3" }, "details": "Gitlab reports:\n\n> Cross-site scripting issue impacts GitLab CE/EE\n>\n> Improper authorization issue impacts GitLab CE/EE\n>\n> Improper authorization issue impacts GitLab EE\n>\n> Improper authorization issue impacts GitLab EE\n", "id": "FreeBSD-2025-0224", "modified": "2025-07-10T00:00:00Z", "published": "2025-07-10T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://about.gitlab.com/releases/2025/07/09/patch-release-gitlab-18-1-2-released/" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2025-6948" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2025-3396" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2025-4972" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2025-6168" }, { "type": "WEB", "url": "https://about.gitlab.com/releases/2025/07/09/patch-release-gitlab-18-1-2-released/" } ], "schema_version": "1.7.0", "summary": "Gitlab -- vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "git" }, "ranges": [ { "events": [ { "fixed": "2.50.1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "git-cvs" }, "ranges": [ { "events": [ { "fixed": "2.50.1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "git-gui" }, "ranges": [ { "events": [ { "fixed": "2.50.1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "git-p4" }, "ranges": [ { "events": [ { "fixed": "2.50.1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "git-svn" }, "ranges": [ { "events": [ { "fixed": "2.50.1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://lore.kernel.org/git/xmqq5xg2wrd1.fsf@gitster.g" ], "discovery": "2025-04-11T00:00:00Z", "references": { "cvename": [ "CVE-2025-27613", "CVE-2025-27614", "CVE-2025-46835", "CVE-2025-48384", "CVE-2025-48385", "CVE-2025-48386" ] }, "vid": "2a4472ed-5c0d-11f0-b991-291fce777db8" }, "details": "Git development team reports:\n\n> CVE-2025-27613: Gitk: When a user clones an untrusted repository and\n> runs Gitk without additional command arguments, any writable file can\n> be created and truncated. The option \\\"Support per-file encoding\\\"\n> must have been enabled. The operation \\\"Show origin of this line\\\" is\n> affected as well, regardless of the option being enabled or not.\n>\n> CVE-2025-27614: Gitk: A Git repository can be crafted in such a way\n> that a user who has cloned the repository can be tricked into running\n> any script supplied by the attacker by invoking \\`gitk filename\\`,\n> where \\`filename\\` has a particular structure.\n>\n> CVE-2025-46835: Git GUI: When a user clones an untrusted repository\n> and is tricked into editing a file located in a maliciously named\n> directory in the repository, then Git GUI can create and overwrite any\n> writable file.\n>\n> CVE-2025-48384: Git: When reading a config value, Git strips any\n> trailing carriage return and line feed (CRLF). When writing a config\n> entry, values with a trailing CR are not quoted, causing the CR to be\n> lost when the config is later read. When initializing a submodule, if\n> the submodule path contains a trailing CR, the altered path is read\n> resulting in the submodule being checked out to an incorrect location.\n> If a symlink exists that points the altered path to the submodule\n> hooks directory, and the submodule contains an executable\n> post-checkout hook, the script may be unintentionally executed after\n> checkout.\n>\n> CVE-2025-48385: Git: When cloning a repository Git knows to optionally\n> fetch a bundle advertised by the remote server, which allows the\n> server-side to offload parts of the clone to a CDN. The Git client\n> does not perform sufficient validation of the advertised bundles,\n> which allows the remote side to perform protocol injection. This\n> protocol injection can cause the client to write the fetched bundle to\n> a location controlled by the adversary. The fetched content is fully\n> controlled by the server, which can in the worst case lead to\n> arbitrary code execution.\n>\n> CVE-2025-48386: Git: The wincred credential helper uses a static\n> buffer (\\`target\\`) as a unique key for storing and comparing against\n> internal storage. This credential helper does not properly bounds\n> check the available space remaining in the buffer before appending to\n> it with \\`wcsncat()\\`, leading to potential buffer overflows.\n", "id": "FreeBSD-2025-0223", "modified": "2025-07-08T00:00:00Z", "published": "2025-07-08T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://lore.kernel.org/git/xmqq5xg2wrd1.fsf@gitster.g" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2025-27613" }, { "type": "ADVISORY", "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-27613" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2025-27614" }, { "type": "ADVISORY", "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-27614" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2025-46835" }, { "type": "ADVISORY", "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-46835" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2025-48384" }, { "type": "ADVISORY", "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-48384" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2025-48385" }, { "type": "ADVISORY", "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-48385" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2025-48386" }, { "type": "ADVISORY", "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-48386" } ], "schema_version": "1.7.0", "summary": "git -- multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "mongodb60" }, "ranges": [ { "events": [ { "fixed": "6.0.23" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "mongodb70" }, "ranges": [ { "events": [ { "fixed": "7.0.20" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "mongodb80" }, "ranges": [ { "events": [ { "fixed": "8.0.9" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://jira.mongodb.org/browse/SERVER-106753" ], "discovery": "2025-07-07T00:00:00Z", "references": { "cvename": [ "CVE-2025-6714" ] }, "vid": "79251dc8-5bc5-11f0-834f-b42e991fc52e" }, "details": "cna@mongodb.com reports:\n\n> MongoDB Server\\'s mongos component can become unresponsive to new\n> connections due to incorrect handling of incomplete data. This affects\n> MongoDB when configured with load balancer support. Required\n> Configuration: This affects MongoDB sharded clusters when configured\n> with load balancer support for mongos using HAProxy on specified\n> ports.\n", "id": "FreeBSD-2025-0222", "modified": "2025-07-08T00:00:00Z", "published": "2025-07-08T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://jira.mongodb.org/browse/SERVER-106753" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2025-6714" }, { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-6714" } ], "schema_version": "1.7.0", "summary": "MongoDB -- Incorrect Handling of incomplete data may prevent mongoS from Accepting New Connections" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "mongodb60" }, "ranges": [ { "events": [ { "fixed": "6.0.22" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "mongodb70" }, "ranges": [ { "events": [ { "fixed": "7.0.20" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://jira.mongodb.org/browse/SERVER-106752" ], "discovery": "2025-07-07T00:00:00Z", "references": { "cvename": [ "CVE-2025-6713" ] }, "vid": "77dc1fc4-5bc5-11f0-834f-b42e991fc52e" }, "details": "cna@mongodb.com reports:\n\n> An unauthorized user may leverage a specially crafted aggregation\n> pipeline to access data without proper authorization due to improper\n> handling of the \\$mergeCursors stage in MongoDB Server. This may lead\n> to access to data without further authorisation.\n", "id": "FreeBSD-2025-0221", "modified": "2025-07-08T00:00:00Z", "published": "2025-07-08T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://jira.mongodb.org/browse/SERVER-106752" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2025-6713" }, { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-6713" } ], "schema_version": "1.7.0", "summary": "MongoDB -- may be susceptible to privilege escalation due to $mergeCursors stage" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "mongodb80" }, "ranges": [ { "events": [ { "fixed": "8.0.10" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://jira.mongodb.org/browse/SERVER-106751" ], "discovery": "2025-07-07T00:00:00Z", "references": { "cvename": [ "CVE-2025-6712" ] }, "vid": "764204eb-5bc5-11f0-834f-b42e991fc52e" }, "details": "cna@mongodb.com reports:\n\n> MongoDB Server may be susceptible to disruption caused by high memory\n> usage, potentially leading to server crash. This condition is linked\n> to inefficiencies in memory management related to internal operations.\n> In scenarios where certain internal processes persist longer than\n> anticipated, memory consumption can increase, potentially impacting\n> server stability and availability.\n", "id": "FreeBSD-2025-0220", "modified": "2025-07-08T00:00:00Z", "published": "2025-07-08T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://jira.mongodb.org/browse/SERVER-106751" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2025-6712" }, { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-6712" } ], "schema_version": "1.7.0", "summary": "MongoDB -- may be susceptible to DoS due to Accumulated Memory Allocation" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "mongodb60" }, "ranges": [ { "events": [ { "fixed": "6.0.21" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "mongodb70" }, "ranges": [ { "events": [ { "fixed": "7.0.18" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "mongodb80" }, "ranges": [ { "events": [ { "fixed": "8.0.5" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://jira.mongodb.org/browse/SERVER-98720" ], "discovery": "2025-07-07T00:00:00Z", "references": { "cvename": [ "CVE-2025-6711" ] }, "vid": "72ddee1f-5bc5-11f0-834f-b42e991fc52e" }, "details": "cna@mongodb.com reports:\n\n> An issue has been identified in MongoDB Server where unredacted\n> queries may inadvertently appear in server logs when certain error\n> conditions are encountered.\n", "id": "FreeBSD-2025-0219", "modified": "2025-07-08T00:00:00Z", "published": "2025-07-08T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://jira.mongodb.org/browse/SERVER-98720" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2025-6711" }, { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-6711" } ], "schema_version": "1.7.0", "summary": "MongoDB -- Incomplete Redaction of Sensitive Information in MongoDB Server Logs" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "ap24-mod_security" }, "ranges": [ { "events": [ { "fixed": "2.9.11" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://github.com/owasp-modsecurity/ModSecurity/commit/ecd7b9736836eee391d25f35d5bd06a3ce35a45d" ], "discovery": "2025-07-02T00:00:00Z", "references": { "cvename": [ "CVE-2025-52891" ] }, "vid": "c0f3f54c-5bc4-11f0-834f-b42e991fc52e" }, "details": "security-advisories@github.com reports:\n\n> ModSecurity is an open source, cross platform web application firewall\n> (WAF) engine for Apache, IIS and Nginx. In versions 2.9.8 to before\n> 2.9.11, an empty XML tag can cause a segmentation fault. If\n> SecParseXmlIntoArgs is set to On or OnlyArgs, and the request type is\n> application/xml, and at least one XML tag is empty (eg\n> \\\\), then a segmentation fault occurs. This issue has\n> been patched in version 2.9.11. A workaround involves setting\n> SecParseXmlIntoArgs to Off.\n", "id": "FreeBSD-2025-0218", "modified": "2025-07-08T00:00:00Z", "published": "2025-07-08T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://github.com/owasp-modsecurity/ModSecurity/commit/ecd7b9736836eee391d25f35d5bd06a3ce35a45d" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2025-52891" }, { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-52891" } ], "schema_version": "1.7.0", "summary": "ModSecurity -- empty XML tag causes segmentation fault" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "redis" }, "ranges": [ { "events": [ { "introduced": "8.0.0" }, { "fixed": "8.0.3" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "redis74" }, "ranges": [ { "events": [ { "introduced": "7.4.0" }, { "fixed": "7.4.5" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "redis72" }, "ranges": [ { "events": [ { "introduced": "7.2.0" }, { "fixed": "7.2.10" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "redis62" }, "ranges": [ { "events": [ { "introduced": "6.2.0" }, { "fixed": "6.2.19" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "valkey" }, "ranges": [ { "events": [ { "fixed": "8.1.3" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://github.com/redis/redis/security/advisories/GHSA-4q32-c38c-pwgq" ], "discovery": "2025-07-06T00:00:00Z", "references": { "cvename": [ "CVE-2025-48367" ] }, "vid": "7b3e7f71-5b30-11f0-b507-000c295725e4" }, "details": "\\@julienperriercornet reports:\n\n> An unauthenticated connection can cause repeated IP protocol errors,\n> leading to client starvation and, ultimately, a denial of service.\n", "id": "FreeBSD-2025-0217", "modified": "2025-07-07T00:00:00Z", "published": "2025-07-07T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://github.com/redis/redis/security/advisories/GHSA-4q32-c38c-pwgq" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2025-48367" }, { "type": "WEB", "url": "https://github.com/redis/redis/security/advisories/GHSA-4q32-c38c-pwgq" } ], "schema_version": "1.7.0", "summary": "redis,valkey -- DoS Vulnerability due to bad connection error handling" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "redis" }, "ranges": [ { "events": [ { "introduced": "8.0.0" }, { "fixed": "8.0.3" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "redis74" }, "ranges": [ { "events": [ { "introduced": "7.4.0" }, { "fixed": "7.4.5" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "redis72" }, "ranges": [ { "events": [ { "introduced": "7.2.0" }, { "fixed": "7.2.10" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "redis62" }, "ranges": [ { "events": [ { "introduced": "6.2.0" }, { "fixed": "6.2.19" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "valkey" }, "ranges": [ { "events": [ { "fixed": "8.1.3" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://github.com/redis/redis/security/advisories/GHSA-rp2m-q4j6-gr43" ], "discovery": "2025-07-06T00:00:00Z", "references": { "cvename": [ "CVE-2025-32023" ] }, "vid": "f11d0a69-5b2d-11f0-b507-000c295725e4" }, "details": "Seunghyun Lee reports:\n\n> An authenticated user may use a specially crafted string to trigger a\n> stack/heap out of bounds write on hyperloglog operations, potentially\n> leading to remote code execution.\n", "id": "FreeBSD-2025-0216", "modified": "2025-07-07T00:00:00Z", "published": "2025-07-07T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://github.com/redis/redis/security/advisories/GHSA-rp2m-q4j6-gr43" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2025-32023" }, { "type": "WEB", "url": "https://github.com/redis/redis/security/advisories/GHSA-rp2m-q4j6-gr43" } ], "schema_version": "1.7.0", "summary": "redis,valkey -- Out of bounds write in hyperloglog commands leads to RCE" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "redis" }, "ranges": [ { "events": [ { "introduced": "8.0.0" }, { "fixed": "8.0.2" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "redis74" }, "ranges": [ { "events": [ { "introduced": "7.4.0" }, { "fixed": "7.4.4" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "redis72" }, "ranges": [ { "events": [ { "introduced": "7.2.0" }, { "fixed": "7.2.9" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "valkey" }, "ranges": [ { "events": [ { "fixed": "8.1.2" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://github.com/redis/redis/security/advisories/GHSA-5453-q98w-cmvm" ], "discovery": "2025-05-28T00:00:00Z", "references": { "cvename": [ "CVE-2025-27151" ] }, "vid": "4ea9cbc3-5b28-11f0-b507-000c295725e4" }, "details": "Simcha Kosman & CyberArk Labs reports:\n\n> A user can run the {redis,valkeyu}-check-aof cli and pass a long file\n> path to trigger a stack buffer overflow, which may potentially lead to\n> remote code execution.\n", "id": "FreeBSD-2025-0215", "modified": "2025-07-07T00:00:00Z", "published": "2025-07-07T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://github.com/redis/redis/security/advisories/GHSA-5453-q98w-cmvm" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2025-27151" }, { "type": "WEB", "url": "https://github.com/redis/redis/security/advisories/GHSA-5453-q98w-cmvm" } ], "schema_version": "1.7.0", "summary": "redis,valkey -- {redis,valkey}-check-aof may lead to stack overflow and potential RCE" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "FreeBSD" }, "ranges": [ { "events": [ { "introduced": "14.2" }, { "fixed": "14.2_4" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "13.5" }, { "fixed": "13.5_2" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "discovery": "2025-07-02T00:00:00Z", "references": { "cvename": [ "CVE-2025-31115" ], "freebsdsa": [ "SA-25:06.xz" ] }, "vid": "7642ba72-5abf-11f0-87ba-002590c1f29c" }, "details": "# Problem Description:\n\nA worker thread could free its input buffer after decoding, while the\nmain thread might still be writing to it. This leads to an\nuse-after-free condition on heap memory.\n\n# Impact:\n\nAn attacker may use specifically crafted .xz file to cause\nmulti-threaded xz decoder to crash, or potentially run arbitrary code\nunder the credential the decoder was executed.\n", "id": "FreeBSD-2025-0214", "modified": "2025-07-06T00:00:00Z", "published": "2025-07-06T00:00:00Z", "references": [ { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2025-31115" }, { "type": "ADVISORY", "url": "https://www.freebsd.org/security/advisories/FreeBSD-SA-25:06.xz.asc" } ], "schema_version": "1.7.0", "summary": "FreeBSD -- Use-after-free in multi-threaded xz decoder" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "gstreamer1-plugins-bad" }, "ranges": [ { "events": [ { "fixed": "1.26.2" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://gstreamer.freedesktop.org/security/sa-2025-0007.html" ], "discovery": "2025-06-26T00:00:00Z", "references": { "cvename": [ "CVE-2025-6663" ] }, "vid": "69bfe2a4-5a39-11f0-8792-4ccc6adda413" }, "details": "GStreamer Security Center reports:\n\n> It is possible for a malicious third party to trigger a buffer\n> overflow that can result in a crash of the application and possibly\n> also allow code execution through stack manipulation.\n", "id": "FreeBSD-2025-0213", "modified": "2025-07-06T00:00:00Z", "published": "2025-07-06T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://gstreamer.freedesktop.org/security/sa-2025-0007.html" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2025-6663" }, { "type": "WEB", "url": "https://gstreamer.freedesktop.org/security/sa-2025-0007.html" } ], "schema_version": "1.7.0", "summary": "gstreamer1-plugins-bad -- stack buffer overflow in H.266 video parser" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "firefox" }, "ranges": [ { "events": [ { "fixed": "140.0,2" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://bugzilla.mozilla.org/buglist.cgi?bug_id=1941377%2C1960948%2C1966187%2C1966505%2C1970764" ], "discovery": "2025-06-24T00:00:00Z", "references": { "cvename": [ "CVE-2025-6427", "CVE-2025-6432", "CVE-2025-6433", "CVE-2025-6434", "CVE-2025-6435", "CVE-2025-6436" ] }, "vid": "a55d2120-58cf-11f0-b4ad-b42e991fc52e" }, "details": "security@mozilla.org reports:\n\n> An attacker was able to bypass the \\`connect-src\\` directive of a\n> Content Security Policy by manipulating subdocuments. This would have\n> also hidden the connections from the Network tab in Devtools.\n>\n> When Multi-Account Containers was enabled, DNS requests could have\n> bypassed a SOCKS proxy when the domain name was invalid or the SOCKS\n> proxy was not responding.\n>\n> If a user visited a webpage with an invalid TLS certificate, and\n> granted an exception, the webpage was able to provide a WebAuthn\n> challenge that the user would be prompted to complete. This is in\n> violation of the WebAuthN spec which requires \\\"a secure transport\n> established without errors\\\".\n>\n> The exception page for the HTTPS-Only feature, displayed when a\n> website is opened via HTTP, lacked an anti-clickjacking delay,\n> potentially allowing an attacker to trick a user into granting an\n> exception and loading a webpage over HTTP.\n>\n> If a user saved a response from the Network tab in Devtools using the\n> Save As context menu option, that file may not have been saved with\n> the \\`.download\\` file extension. This could have led to the user\n> inadvertently running a malicious executable.\n>\n> Memory safety bugs present in Firefox 139 and Thunderbird 139. Some of\n> these bugs showed evidence of memory corruption and we presume that\n> with enough effort some of these could have been exploited to run\n> arbitrary code.\n", "id": "FreeBSD-2025-0212", "modified": "2025-07-04T00:00:00Z", "published": "2025-07-04T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://bugzilla.mozilla.org/buglist.cgi?bug_id=1941377%2C1960948%2C1966187%2C1966505%2C1970764" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2025-6427" }, { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-6427" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2025-6432" }, { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-6432" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2025-6433" }, { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-6433" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2025-6434" }, { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-6434" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2025-6435" }, { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-6435" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2025-6436" }, { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-6436" } ], "schema_version": "1.7.0", "summary": "firefox -- multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "firefox" }, "ranges": [ { "events": [ { "fixed": "128.12.0,2" }, { "introduced": "0" } ], "type": "ECOSYSTEM" }, { "events": [ { "fixed": "140.0,2" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://bugzilla.mozilla.org/show_bug.cgi?id=1971140" ], "discovery": "2025-06-24T00:00:00Z", "references": { "cvename": [ "CVE-2025-6429", "CVE-2025-6430" ] }, "vid": "9bad6f79-58cf-11f0-b4ad-b42e991fc52e" }, "details": "security@mozilla.org reports:\n\n> Firefox could have incorrectly parsed a URL and rewritten it to the\n> youtube.com domain when parsing the URL specified in an \\`embed\\` tag.\n> This could have bypassed website security checks that restricted which\n> domains users were allowed to embed.\n>\n> When a file download is specified via the \\`Content-Disposition\\`\n> header, that directive would be ignored if the file was included via a\n> \\`<embed>\\` or \\`<object>\\` tag, potentially making a\n> website vulnerable to a cross-site scripting attack.\n", "id": "FreeBSD-2025-0211", "modified": "2025-07-04T00:00:00Z", "published": "2025-07-04T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1971140" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2025-6429" }, { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-6429" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2025-6430" }, { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-6430" } ], "schema_version": "1.7.0", "summary": "firefox -- multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "firefox" }, "ranges": [ { "events": [ { "fixed": "140.0,2" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "firefox-esr" }, "ranges": [ { "events": [ { "fixed": "115.25.0" }, { "introduced": "0" } ], "type": "ECOSYSTEM" }, { "events": [ { "fixed": "128.12" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "thunderbird" }, "ranges": [ { "events": [ { "fixed": "140.0" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "thunderbird" }, "ranges": [ { "events": [ { "fixed": "128.12" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://bugzilla.mozilla.org/show_bug.cgi?id=1717672" ], "discovery": "2025-06-24T00:00:00Z", "references": { "cvename": [ "CVE-2025-6425" ] }, "vid": "9320590b-58cf-11f0-b4ad-b42e991fc52e" }, "details": "security@mozilla.org reports:\n\n> An attacker who enumerated resources from the WebCompat extension\n> could have obtained a persistent UUID that identified the browser, and\n> persisted between containers and normal/private browsing mode, but not\n> profiles. This vulnerability affects Firefox \\< 140, Firefox ESR \\<\n> 115.25, Firefox ESR \\< 128.12, Thunderbird \\< 140, and Thunderbird \\<\n> 128.12.\n", "id": "FreeBSD-2025-0210", "modified": "2025-07-04T00:00:00Z", "published": "2025-07-04T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1717672" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2025-6425" }, { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-6425" } ], "schema_version": "1.7.0", "summary": "Mozilla -- persistent UUID that identifies browser" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "php81" }, "ranges": [ { "events": [ { "fixed": "8.1.33" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "php82" }, "ranges": [ { "events": [ { "fixed": "8.2.29" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "php83" }, "ranges": [ { "events": [ { "fixed": "8.3.23" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "php84" }, "ranges": [ { "events": [ { "fixed": "8.4.10" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://www.php.net/ChangeLog-8.php" ], "discovery": "2025-02-27T00:00:00Z", "references": { "cvename": [ "CVE-2025-1735", "CVE-2025-6491", "CVE-2025-1220" ] }, "vid": "d607b12c-5821-11f0-ab92-f02f7497ecda" }, "details": "php.net reports:\n\n> - CVE-2025-1735: pgsql extension does not check for errors during\n> escaping\n> - CVE-2025-6491: NULL Pointer Dereference in PHP SOAP Extension via\n> Large XML Namespace Prefix\n> - CVE-2025-1220: Null byte termination in hostnames\n", "id": "FreeBSD-2025-0209", "modified": "2025-07-03T00:00:00Z", "published": "2025-07-03T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://www.php.net/ChangeLog-8.php" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2025-1735" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2025-6491" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2025-1220" } ], "schema_version": "1.7.0", "summary": "php -- Multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "firefox" }, "ranges": [ { "events": [ { "fixed": "140.0,2" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "firefox-esr" }, "ranges": [ { "events": [ { "fixed": "115.25.0" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "thunderbird" }, "ranges": [ { "events": [ { "fixed": "140.0" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://bugzilla.mozilla.org/show_bug.cgi?id=1966423" ], "discovery": "2025-06-24T00:00:00Z", "references": { "cvename": [ "CVE-2025-6424" ] }, "vid": "bab7386a-582f-11f0-97d0-b42e991fc52e" }, "details": "security@mozilla.org reports:\n\n> A use-after-free in FontFaceSet resulted in a potentially exploitable\n> crash.\n", "id": "FreeBSD-2025-0208", "modified": "2025-07-03T00:00:00Z", "published": "2025-07-03T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1966423" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2025-6424" }, { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-6424" } ], "schema_version": "1.7.0", "summary": "Mozilla -- exploitable crash" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "chromium" }, "ranges": [ { "events": [ { "fixed": "138.0.7204.96" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "ungoogled-chromium" }, "ranges": [ { "events": [ { "fixed": "138.0.7204.96" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://chromereleases.googleblog.com/2025/06/stable-channel-update-for-desktop_30.html" ], "discovery": "2025-06-30T00:00:00Z", "references": { "cvename": [ "CVE-2025-6554" ] }, "vid": "5c777f88-40ff-4e1e-884b-ad63dfb9bb15" }, "details": "Chrome Releases reports:\n\n> This update includes 1 security fix:\n>\n> - \\[427663123\\] High CVE-2025-6554: Type Confusion in V8.\n", "id": "FreeBSD-2025-0207", "modified": "2025-07-02T00:00:00Z", "published": "2025-07-02T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://chromereleases.googleblog.com/2025/06/stable-channel-update-for-desktop_30.html" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2025-6554" }, { "type": "WEB", "url": "https://chromereleases.googleblog.com/2025/06/stable-channel-update-for-desktop_30.html" } ], "schema_version": "1.7.0", "summary": "chromium -- multiple security fixes" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "chromium" }, "ranges": [ { "events": [ { "fixed": "138.0.7204.49" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "ungoogled-chromium" }, "ranges": [ { "events": [ { "fixed": "138.0.7204.49" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://chromereleases.googleblog.com/2025/06/stable-channel-update-for-desktop_24.html" ], "discovery": "2025-06-24T00:00:00Z", "references": { "cvename": [ "CVE-2025-6555", "CVE-2025-6556", "CVE-2025-6557" ] }, "vid": "9c91e1f8-f255-4b57-babe-2e385558f1dc" }, "details": "Chrome Releases reports:\n\n> This update includes 11 security fixes:\n>\n> - \\[407328533\\] Medium CVE-2025-6555: Use after free in Animation.\n> Reported by Lyra Rebane (rebane2001) on 2025-03-30\n> - \\[40062462\\] Low CVE-2025-6556: Insufficient policy enforcement in\n> Loader. Reported by Shaheen Fazim on 2023-01-02\n> - \\[406631048\\] Low CVE-2025-6557: Insufficient data validation in\n> DevTools. Reported by Ameen Basha M K on 2025-03-27\n", "id": "FreeBSD-2025-0206", "modified": "2025-07-02T00:00:00Z", "published": "2025-07-02T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://chromereleases.googleblog.com/2025/06/stable-channel-update-for-desktop_24.html" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2025-6555" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2025-6556" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2025-6557" }, { "type": "WEB", "url": "https://chromereleases.googleblog.com/2025/06/stable-channel-update-for-desktop_24.html" } ], "schema_version": "1.7.0", "summary": "chromium -- multiple security fixes" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "sudo" }, "ranges": [ { "events": [ { "fixed": "1.9.17p1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "sudo-sssd" }, "ranges": [ { "events": [ { "fixed": "1.9.17p1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://www.sudo.ws/releases/stable/" ], "discovery": "2025-04-01T00:00:00Z", "references": { "cvename": [ "CVE-2025-32462", "CVE-2025-32463" ] }, "vid": "24f4b495-56a1-11f0-9621-93abbef07693" }, "details": "Todd C. Miller reports, crediting Rich Mirch from Stratascale Cyber\nResearch Unit (CRU):\n\n> Sudo 1.9.17p1:\n>\n> - Fixed CVE-2025-32462. Sudo\\'s -h (\\--host) option could be specified\n> when running a command or editing a file. This could enable a local\n> privilege escalation attack if the sudoers file allows the user to\n> run commands on a different host. For more information, see Local\n> Privilege Escalation via host option.\n> - Fixed CVE-2025-32463. An attacker can leverage sudo\\'s -R\n> (\\--chroot) option to run arbitrary commands as root, even if they\n> are not listed in the sudoers file. The chroot support has been\n> deprecated an will be removed entirely in a future release. For more\n> information, see Local Privilege Escalation via chroot option.\n", "id": "FreeBSD-2025-0205", "modified": "2025-07-01T00:00:00Z", "published": "2025-07-01T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://www.sudo.ws/releases/stable/" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2025-32462" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2025-32463" }, { "type": "WEB", "url": "https://www.sudo.ws/releases/stable/" }, { "type": "WEB", "url": "https://www.stratascale.com/vulnerability-alert-CVE-2025-32462-sudo-host" }, { "type": "WEB", "url": "https://www.stratascale.com/vulnerability-alert-CVE-2025-32463-sudo-chroot" } ], "schema_version": "1.7.0", "summary": "sudo -- privilege escalation vulnerability through host and chroot options" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "xorg-server" }, "ranges": [ { "events": [ { "fixed": "21.1.18,1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "xephyr" }, "ranges": [ { "events": [ { "fixed": "21.1.18,1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "xorg-vfbserver" }, "ranges": [ { "events": [ { "fixed": "21.1.18,1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "xorg-nextserver" }, "ranges": [ { "events": [ { "fixed": "21.1.18,2" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "xwayland" }, "ranges": [ { "events": [ { "fixed": "24.1.8,1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://lists.x.org/archives/xorg-announce/2025-February/003584.html" ], "discovery": "2025-06-17T00:00:00Z", "references": { "cvename": [ "CVE-2025-49176" ] }, "vid": "8df49466-5664-11f0-943a-18c04d5ea3dc" }, "details": "The X.Org project reports:\n\n> - CVE-2025-49176: Integer overflow in Big Requests Extension\n>\n> The Big Requests extension allows requests larger than the 16-bit\n> length limit. It uses integers for the request length and checks for\n> the size not to exceed the maxBigRequestSize limit, but does so\n> after translating the length to integer by multiplying the given\n> size in bytes by 4. In doing so, it might overflow the integer size\n> limit before actually checking for the overflow, defeating the\n> purpose of the test.\n", "id": "FreeBSD-2025-0204", "modified": "2025-07-01T00:00:00Z", "published": "2025-07-01T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://lists.x.org/archives/xorg-announce/2025-February/003584.html" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2025-49176" }, { "type": "WEB", "url": "https://lists.x.org/archives/xorg/2025-June/062055.html" } ], "schema_version": "1.7.0", "summary": "xorg server -- Multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "xorg-server" }, "ranges": [ { "events": [ { "fixed": "21.1.17,1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "xephyr" }, "ranges": [ { "events": [ { "fixed": "21.1.17,1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "xorg-vfbserver" }, "ranges": [ { "events": [ { "fixed": "21.1.17,1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "xorg-nextserver" }, "ranges": [ { "events": [ { "fixed": "21.1.17,2" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "xwayland" }, "ranges": [ { "events": [ { "fixed": "24.1.7,1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://lists.x.org/archives/xorg-announce/2025-February/003584.html" ], "discovery": "2025-06-17T00:00:00Z", "references": { "cvename": [ "CVE-2025-49175", "CVE-2025-49177", "CVE-2025-49178", "CVE-2025-49179", "CVE-2025-49180" ] }, "vid": "b14cabf7-5663-11f0-943a-18c04d5ea3dc" }, "details": "The X.Org project reports:\n\n> - CVE-2025-49175: Out-of-bounds access in X Rendering extension\n> (Animated cursors)\n>\n> The X Rendering extension allows creating animated cursors providing\n> a list of cursors. By default, the Xserver assumes at least one\n> cursor is provided while a client may actually pass no cursor at\n> all, which causes an out-of-bound read creating the animated cursor\n> and a crash of the Xserver.\n>\n> - CVE-2025-49177: Data leak in XFIXES Extension 6\n> (XFixesSetClientDisconnectMode)\n>\n> The handler of XFixesSetClientDisconnectMode does not check the\n> client request length. A client could send a shorter request and\n> read data from a former request.\n>\n> - CVE-2025-49178: Unprocessed client request via bytes to ignore\n>\n> When reading requests from the clients, the input buffer might be\n> shared and used between different clients. If a given client sends a\n> full request with non-zero bytes to ignore, the bytes to ignore may\n> still be non-zero even though the request is full, in which case the\n> buffer could be shared with another client who\\'s request will not\n> be processed because of those bytes to ignore, leading to a possible\n> hang of the other client request.\n>\n> - CVE-2025-49179: Integer overflow in X Record extension\n>\n> The RecordSanityCheckRegisterClients() function in the X Record\n> extension implementation of the Xserver checks for the request\n> length, but does not check for integer overflow. A client might send\n> a very large value for either the number of clients or the number of\n> protocol ranges that will cause an integer overflow in the request\n> length computation, defeating the check for request length.\n>\n> - CVE-2025-49180: Integer overflow in RandR extension\n> (RRChangeProviderProperty)\n>\n> A client might send a request causing an integer overflow when\n> computing the total size to allocate in RRChangeProviderProperty().\n", "id": "FreeBSD-2025-0203", "modified": "2025-07-01T00:00:00Z", "published": "2025-07-01T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://lists.x.org/archives/xorg-announce/2025-February/003584.html" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2025-49175" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2025-49177" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2025-49178" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2025-49179" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2025-49180" }, { "type": "WEB", "url": "https://lists.x.org/archives/xorg/2025-June/062055.html" } ], "schema_version": "1.7.0", "summary": "xorg server -- Multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "podman" }, "ranges": [ { "events": [ { "fixed": "5.5.2" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://nvd.nist.gov/vuln/detail/CVE-2025-6032" ], "discovery": "2025-06-30T00:00:00Z", "references": { "cvename": [ "CVE-2025-6032" ] }, "vid": "6b1b8989-55b0-11f0-ac64-589cfc10a551" }, "details": "RedHat, Inc. reports:\n\n> A flaw was found in Podman. The podman machine init command fails to\n> verify the TLS certificate when downloading the VM images from an OCI\n> registry. This issue results in a Man In The Middle attack.\n", "id": "FreeBSD-2025-0202", "modified": "2025-06-30T00:00:00Z", "published": "2025-06-30T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-6032" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2025-6032" }, { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-6032" } ], "schema_version": "1.7.0", "summary": "podman -- TLS connection used to pull VM images was not validated" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "mongodb60" }, "ranges": [ { "events": [ { "fixed": "6.0.21" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "mongodb70" }, "ranges": [ { "events": [ { "fixed": "7.0.17" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "mongodb80" }, "ranges": [ { "events": [ { "fixed": "8.0.4" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://jira.mongodb.org/browse/SERVER-106746" ], "discovery": "2025-06-26T00:00:00Z", "references": { "cvename": [ "CVE-2025-6706" ] }, "vid": "5e64770c-52aa-11f0-b522-b42e991fc52e" }, "details": "cna@mongodb.com reports:\n\n> An authenticated user may trigger a use after free that may result in\n> MongoDB Server crash and other unexpected behavior, even if the user\n> does not have authorization to shut down a server. The crash is\n> triggered on affected versions by issuing an aggregation framework\n> operation using a specific combination of rarely-used aggregation\n> pipeline expressions. This issue affects MongoDB Server v6.0 version\n> prior to 6.0.21, MongoDB Server v7.0 version prior to 7.0.17 and\n> MongoDB Server v8.0 version prior to 8.0.4 when the SBE engine is\n> enabled.\n", "id": "FreeBSD-2025-0201", "modified": "2025-06-26T00:00:00Z", "published": "2025-06-26T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://jira.mongodb.org/browse/SERVER-106746" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2025-6706" }, { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-6706" } ], "schema_version": "1.7.0", "summary": "MongoDB -- Running certain aggregation operations with the SBE engine may lead to unexpected behavior" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "mongodb50" }, "ranges": [ { "events": [ { "fixed": "5.0.31" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "mongodb60" }, "ranges": [ { "events": [ { "fixed": "6.0.24" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "mongodb70" }, "ranges": [ { "events": [ { "fixed": "7.0.21" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "mongodb80" }, "ranges": [ { "events": [ { "fixed": "8.0.5" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://nvd.nist.gov/vuln/detail/CVE-2025-6707" ], "discovery": "2025-06-26T00:00:00Z", "references": { "cvename": [ "CVE-2025-6707" ] }, "vid": "5cd2bd2b-52aa-11f0-b522-b42e991fc52e" }, "details": "NVD reports:\n\n> Under certain conditions, an authenticated user request may execute\n> with stale privileges following an intentional change by an authorized\n> administrator.\n", "id": "FreeBSD-2025-0200", "modified": "2025-06-26T00:00:00Z", "published": "2025-06-26T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-6707" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2025-6707" }, { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-6707" } ], "schema_version": "1.7.0", "summary": "MongoDB -- Race condition in privilege cache invalidation cycle" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "mongodb60" }, "ranges": [ { "events": [ { "fixed": "6.0.21" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "mongodb70" }, "ranges": [ { "events": [ { "fixed": "7.0.17" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "mongodb80" }, "ranges": [ { "events": [ { "fixed": "8.0.5" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://nvd.nist.gov/vuln/detail/CVE-2025-6709" ], "discovery": "2025-06-26T00:00:00Z", "references": { "cvename": [ "CVE-2025-6709" ] }, "vid": "5b87eef6-52aa-11f0-b522-b42e991fc52e" }, "details": "NVD reports:\n\n> The MongoDB Server is susceptible to a denial of service vulnerability\n> due to improper handling of specific date values in JSON input when\n> using OIDC authentication. This can be reproduced using the mongo\n> shell to send a malicious JSON payload leading to an invariant failure\n> and server crash.\n", "id": "FreeBSD-2025-0199", "modified": "2025-06-26T00:00:00Z", "published": "2025-06-26T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-6709" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2025-6709" }, { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-6709" } ], "schema_version": "1.7.0", "summary": "MongoDB -- Pre-Authentication Denial of Service Vulnerability in MongoDB Server's OIDC Authentication" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "mongodb70" }, "ranges": [ { "events": [ { "fixed": "7.0.17" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "mongodb80" }, "ranges": [ { "events": [ { "fixed": "8.0.5" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://jira.mongodb.org/browse/SERVER-106749" ], "discovery": "2025-06-26T00:00:00Z", "references": { "cvename": [ "CVE-2025-6710" ] }, "vid": "59ed4b19-52aa-11f0-b522-b42e991fc52e" }, "details": "cna@mongodb.com reports:\n\n> MongoDB Server may be susceptible to stack overflow due to JSON\n> parsing mechanism, where specifically crafted JSON inputs may induce\n> unwarranted levels of recursion, resulting in excessive stack space\n> consumption. Such inputs can lead to a stack overflow that causes the\n> server to crash which could occur pre-authorisation. This issue\n> affects MongoDB Server v7.0 versions prior to 7.0.17 and MongoDB\n> Server v8.0 versions prior to 8.0.5. The same issue affects MongoDB\n> Server v6.0 versions prior to 6.0.21, but an attacker can only induce\n> denial of service after authenticating.\n", "id": "FreeBSD-2025-0198", "modified": "2025-06-26T00:00:00Z", "published": "2025-06-26T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://jira.mongodb.org/browse/SERVER-106749" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2025-6710" }, { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-6710" } ], "schema_version": "1.7.0", "summary": "MongoDB -- Pre-authentication Denial of Service Stack Overflow Vulnerability in JSON Parsing via Excessive Recursion in MongoDB" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "kanboard" }, "ranges": [ { "events": [ { "fixed": "1.2.45" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "null" ], "discovery": "2025-06-26T00:00:00Z", "references": { "cvename": [ "CVE-2025-52560" ] }, "vid": "e26608ff-5266-11f0-b522-b42e991fc52e" }, "details": "GitHub Security Advisories reports:\n\n> Kanboard allows password reset emails to be sent with URLs derived\n> from the unvalidated Host header when the application_url\n> configuration is unset (default behavior). This allows an attacker to\n> craft a malicious password reset link that leaks the token to an\n> attacker-controlled domain. If a victim (including an administrator)\n> clicks the poisoned link, their account can be taken over. This\n> affects all users who initiate a password reset while application_url\n> is not set.\n", "id": "FreeBSD-2025-0197", "modified": "2025-06-26T00:00:00Z", "published": "2025-06-26T00:00:00Z", "references": [ { "type": "REPORT", "url": "null" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2025-52560" }, { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-52560" } ], "schema_version": "1.7.0", "summary": "kanboard -- Password Reset Poisoning via Host Header Injection" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "gitlab-ce" }, "ranges": [ { "events": [ { "introduced": "18.1.0" }, { "fixed": "18.1.1" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "18.0.0" }, { "fixed": "18.0.3" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "16.10.0" }, { "fixed": "17.11.5" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "gitlab-ee" }, "ranges": [ { "events": [ { "introduced": "18.1.0" }, { "fixed": "18.1.1" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "18.0.0" }, { "fixed": "18.0.3" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "16.10.0" }, { "fixed": "17.11.5" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://about.gitlab.com/releases/2025/06/25/patch-release-gitlab-18-1-1-released/" ], "discovery": "2025-06-25T00:00:00Z", "references": { "cvename": [ "CVE-2025-3279", "CVE-2025-1754", "CVE-2025-5315", "CVE-2025-2938", "CVE-2025-5846" ] }, "vid": "d45dabd9-5232-11f0-9ca4-2cf05da270f3" }, "details": "Gitlab reports:\n\n> Denial of Service impacts GitLab CE/EE\n>\n> Missing Authentication issue impacts GitLab CE/EE\n>\n> Improper access control issue impacts GitLab CE/EE\n>\n> Elevation of Privilege impacts GitLab CE/EE\n>\n> Improper access control issue impacts GitLab EE\n", "id": "FreeBSD-2025-0196", "modified": "2025-06-26T00:00:00Z", "published": "2025-06-26T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://about.gitlab.com/releases/2025/06/25/patch-release-gitlab-18-1-1-released/" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2025-3279" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2025-1754" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2025-5315" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2025-2938" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2025-5846" }, { "type": "WEB", "url": "https://about.gitlab.com/releases/2025/06/25/patch-release-gitlab-18-1-1-released/" } ], "schema_version": "1.7.0", "summary": "Gitlab -- Vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "openh264" }, "ranges": [ { "events": [ { "fixed": "2.5.1,2" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://github.com/cisco/openh264/releases/tag/2.5.1" ], "discovery": "2025-02-20T00:00:00Z", "references": { "cvename": [ "CVE-2025-27091" ] }, "vid": "03ba1cdd-4faf-11f0-af06-00a098b42aeb" }, "details": "Cisco reports:\n\n> A vulnerability in the decoding functions of OpenH264 codec library\n> could allow a remote, unauthenticated attacker to trigger a heap\n> overflow. This vulnerability is due to a race condition between a\n> Sequence Parameter Set (SPS) memory allocation and a subsequent non\n> Instantaneous Decoder Refresh (non-IDR) Network Abstraction Layer\n> (NAL) unit memory usage. An attacker could exploit this vulnerability\n> by crafting a malicious bitstream and tricking a victim user into\n> processing an arbitrary video containing the malicious bistream. An\n> exploit could allow the attacker to cause an unexpected crash in the\n> victim\\'s user decoding client and, possibly, perform arbitrary\n> commands on the victim\\'s host by abusing the heap overflow.\n", "id": "FreeBSD-2025-0195", "modified": "2025-06-22T00:00:00Z", "published": "2025-06-22T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://github.com/cisco/openh264/releases/tag/2.5.1" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2025-27091" }, { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-27091" } ], "schema_version": "1.7.0", "summary": "cisco -- OpenH264 Decoding Functions Heap Overflow Vulnerability" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "clamav" }, "ranges": [ { "events": [ { "introduced": "1.2.0,1" }, { "fixed": "1.4.3,1" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://blog.clamav.net/2025/06/clamav-143-and-109-security-patch.html" ], "discovery": "2025-06-18T00:00:00Z", "references": { "cvename": [ "CVE-2025-20234" ] }, "vid": "6c6c1507-4da5-11f0-afcc-f02f7432cf97" }, "details": "Cisco reports:\n\n> A vulnerability in Universal Disk Format (UDF) processing of ClamAV\n> could allow an unauthenticated, remote attacker to cause a denial of\n> service (DoS) condition on an affected device. This vulnerability is\n> due to a memory overread during UDF file scanning. An attacker could\n> exploit this vulnerability by submitting a crafted file containing UDF\n> content to be scanned by ClamAV on an affected device. A successful\n> exploit could allow the attacker to terminate the ClamAV scanning\n> process, resulting in a DoS condition on the affected software. For a\n> description of this vulnerability, see the .\n", "id": "FreeBSD-2025-0194", "modified": "2025-06-20T00:00:00Z", "published": "2025-06-20T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://blog.clamav.net/2025/06/clamav-143-and-109-security-patch.html" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2025-20234" }, { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-20234" } ], "schema_version": "1.7.0", "summary": "clamav -- ClamAV UDF File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "clamav" }, "ranges": [ { "events": [ { "fixed": "1.4.3,1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://blog.clamav.net/2025/06/clamav-143-and-109-security-patch.html" ], "discovery": "2025-06-18T00:00:00Z", "references": { "cvename": [ "CVE-2025-20260" ] }, "vid": "3dcc0812-4da5-11f0-afcc-f02f7432cf97" }, "details": "Cisco reports:\n\n> A vulnerability in the PDF scanning processes of ClamAV could allow an\n> unauthenticated, remote attacker to cause a buffer overflow condition,\n> cause a denial of service (DoS) condition, or execute arbitrary code\n> on an affected device. This vulnerability exists because memory\n> buffers are allocated incorrectly when PDF files are processed. An\n> attacker could exploit this vulnerability by submitting a crafted PDF\n> file to be scanned by ClamAV on an affected device. A successful\n> exploit could allow the attacker to trigger a buffer overflow, likely\n> resulting in the termination of the ClamAV scanning process and a DoS\n> condition on the affected software. Although unproven, there is also a\n> possibility that an attacker could leverage the buffer overflow to\n> execute arbitrary code with the privileges of the ClamAV process.\n", "id": "FreeBSD-2025-0193", "modified": "2025-06-20T00:00:00Z", "published": "2025-06-20T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://blog.clamav.net/2025/06/clamav-143-and-109-security-patch.html" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2025-20260" }, { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-20260" } ], "schema_version": "1.7.0", "summary": "clamav -- ClamAV PDF Scanning Buffer Overflow Vulnerability" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "chromium" }, "ranges": [ { "events": [ { "fixed": "137.0.7151.119" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "ungoogled-chromium" }, "ranges": [ { "events": [ { "fixed": "137.0.7151.119" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://chromereleases.googleblog.com/2025/06/stable-channel-update-for-desktop_17.html" ], "discovery": "2025-06-17T00:00:00Z", "references": { "cvename": [ "CVE-2025-6191", "CVE-2025-6192" ] }, "vid": "333b4663-4cde-11f0-8cb5-a8a1599412c6" }, "details": "Chrome Releases reports:\n\n> This update includes 3 security fixes:\n>\n> - \\[420697404\\] High CVE-2025-6191: Integer overflow in V8. Reported\n> by Shaheen Fazim on 2025-05-27\n> - \\[421471016\\] High CVE-2025-6192: Use after free in Profiler.\n> Reported by Chaoyuan Peng (@ret2happy) on 2025-05-31\n", "id": "FreeBSD-2025-0192", "modified": "2025-06-19T00:00:00Z", "published": "2025-06-19T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://chromereleases.googleblog.com/2025/06/stable-channel-update-for-desktop_17.html" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2025-6191" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2025-6192" }, { "type": "WEB", "url": "https://chromereleases.googleblog.com/2025/06/stable-channel-update-for-desktop_17.html" } ], "schema_version": "1.7.0", "summary": "chromium -- multiple security fixes" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "navidrome" }, "ranges": [ { "events": [ { "introduced": "0.55.0,1" }, { "fixed": "0.56.0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://github.com/navidrome/navidrome/security/advisories/GHSA-5wgp-vjxm-3x2r" ], "discovery": "2025-05-29T00:00:00Z", "references": { "cvename": [ "CVE-2025-48949" ] }, "vid": "fc2d2fb8-4c83-11f0-8deb-f8f21e52f724" }, "details": "Deluan reports:\n\n> This vulnerability arises due to improper input validation on the role\n> parameter within the API endpoint /api/artist. Attackers can exploit\n> this flaw to inject arbitrary SQL queries, potentially gaining\n> unauthorized access to the backend database and compromising sensitive\n> user information.\n", "id": "FreeBSD-2025-0191", "modified": "2025-06-18T00:00:00Z", "published": "2025-06-18T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://github.com/navidrome/navidrome/security/advisories/GHSA-5wgp-vjxm-3x2r" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2025-48949" }, { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-48949" } ], "schema_version": "1.7.0", "summary": "Navidrome -- SQL Injection via role parameter" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "grafana" }, "ranges": [ { "events": [ { "fixed": "10.4.19+security-01" }, { "introduced": "0" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "11.0.0" }, { "fixed": "11.2.10+security-01" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "11.3.0" }, { "fixed": "11.3.7+security-01" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "11.4.0" }, { "fixed": "11.4.5+security-01" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "11.5.0" }, { "fixed": "11.5.5+security-01" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "11.6.0" }, { "fixed": "11.6.2+security-01" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "12.0.0" }, { "fixed": "12.0.1+security-01" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "grafana8" }, "ranges": [ { "events": [ { "introduced": "8.0.0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "grafana9" }, "ranges": [ { "events": [ { "introduced": "9.0.0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://grafana.com/blog/2025/06/13/grafana-security-update-medium-severity-security-release-for-cve-2025-3415/" ], "discovery": "2025-04-05T00:00:00Z", "references": { "cvename": [ "CVE-2025-3415" ] }, "vid": "6548cb01-4c33-11f0-8a97-6c3be5272acd" }, "details": "Grafana Labs reports:\n\n> An incident occurred where the DingDing alerting integration URL was\n> inadvertently exposed to viewers due to a setting oversight, which we\n> learned about through a [bug bounty\n> report](https://grafana.com/blog/2023/05/04/introducing-the-grafana-labs-bug-bounty-program/).\n>\n> The CVSS 3.0 score for this vulnerability is 4.3 (Medium).\n", "id": "FreeBSD-2025-0190", "modified": "2025-06-18T00:00:00Z", "published": "2025-06-18T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://grafana.com/blog/2025/06/13/grafana-security-update-medium-severity-security-release-for-cve-2025-3415/" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2025-3415" }, { "type": "WEB", "url": "https://grafana.com/blog/2025/06/13/grafana-security-update-medium-severity-security-release-for-cve-2025-3415/" } ], "schema_version": "1.7.0", "summary": "Grafana -- DingDing contact points exposed in Grafana Alerting" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "grafana" }, "ranges": [ { "events": [ { "introduced": "5.4.0" }, { "fixed": "10.4.18+security-01" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "11.0.0" }, { "fixed": "11.2.9+security-01" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "11.3.0" }, { "fixed": "11.3.6+security-01" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "11.4.0" }, { "fixed": "11.4.4+security-01" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "11.5.0" }, { "fixed": "11.5.4+security-01" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "11.6.0" }, { "fixed": "11.6.1+security-01" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "12.0.0" }, { "fixed": "12.0.0+security-01" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "grafana8" }, "ranges": [ { "events": [ { "introduced": "8.0.0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "grafana9" }, "ranges": [ { "events": [ { "introduced": "9.0.0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://grafana.com/blog/2025/05/23/grafana-security-release-medium-and-high-severity-security-fixes-for-cve-2025-4123-and-cve-2025-3580/" ], "discovery": "2025-04-15T00:00:00Z", "references": { "cvename": [ "CVE-2025-3580" ] }, "vid": "ee046f5d-37a8-11f0-baaa-6c3be5272acd" }, "details": "Grafana Labs reports:\n\n> On April 15, we discovered a vulnerability that stems from the user\n> deletion logic associated with organization administrators. An\n> organization admin could remove any user from the specific\n> organization they manage. Additionally, they have the power to delete\n> users entirely from the system if they have no other org membership.\n> This leads to two situations:\n>\n> 1. They can delete a server admin if the organization the\n> Organization Admin manages is the server admin's final\n> organizational membership.\n> 2. They can delete any user (regardless of whether they are a server\n> admin or not) if that user currently belongs to no organizations.\n>\n> These two situations allow an organization manager to disrupt\n> instance-wide activity by continually deleting server administrators\n> if there is only one organization or if the server administrators are\n> not part of any organization.\n>\n> The CVSS score for this vulnerability is 5.5 Medium.\n", "id": "FreeBSD-2025-0189", "modified": "2025-05-23T00:00:00Z", "published": "2025-05-23T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://grafana.com/blog/2025/05/23/grafana-security-release-medium-and-high-severity-security-fixes-for-cve-2025-4123-and-cve-2025-3580/" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2025-3580" }, { "type": "WEB", "url": "https://grafana.com/blog/2025/05/23/grafana-security-release-medium-and-high-severity-security-fixes-for-cve-2025-4123-and-cve-2025-3580/" } ], "schema_version": "1.7.0", "summary": "Grafana -- User deletion issue" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "firefox" }, "ranges": [ { "events": [ { "fixed": "139.0.4,2" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://bugzilla.mozilla.org/show_bug.cgi?id=1970095" ], "discovery": "2025-06-11T00:00:00Z", "references": { "cvename": [ "CVE-2025-49709", "CVE-2025-49710" ] }, "vid": "b704d4b8-4b87-11f0-9605-b42e991fc52e" }, "details": "security@mozilla.org reports:\n\n> CVE-2025-49709: Certain canvas operations could have lead to memory\n> corruption.\n>\n> CVE-2025-49710: An integer overflow was present in\n> \\`OrderedHashTable\\` used by the JavaScript engine.\n", "id": "FreeBSD-2025-0188", "modified": "2025-06-17T00:00:00Z", "published": "2025-06-17T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1970095" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2025-49709" }, { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-49709" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2025-49710" }, { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-49710" } ], "schema_version": "1.7.0", "summary": "Firefox -- Multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "chromium" }, "ranges": [ { "events": [ { "fixed": "137.0.7151.103" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "ungoogled-chromium" }, "ranges": [ { "events": [ { "fixed": "137.0.7151.103" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://chromereleases.googleblog.com/2025/06/stable-channel-update-for-desktop_10.html" ], "discovery": "2025-06-10T00:00:00Z", "references": { "cvename": [ "CVE-2025-5958", "CVE-2025-5959" ] }, "vid": "e3d6d485-c93c-4ada-90b3-09f1c454fb8a" }, "details": "Chrome Releases reports:\n\n> This update includes 2 security fixes:\n>\n> - \\[\\$8000\\]\\[420150619\\] High CVE-2025-5958: Use after free in Media.\n> Reported by Huang Xilin of Ant Group Light-Year Security Lab on\n> 2025-05-25\n> - \\[NA\\]\\[422313191\\] High CVE-2025-5959: Type Confusion in V8.\n> Reported by Seunghyun Lee as part of TyphoonPWN 2025 on 2025-06-04\n", "id": "FreeBSD-2025-0187", "modified": "2025-06-17T00:00:00Z", "published": "2025-06-17T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://chromereleases.googleblog.com/2025/06/stable-channel-update-for-desktop_10.html" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2025-5958" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2025-5959" }, { "type": "WEB", "url": "https://chromereleases.googleblog.com/2025/06/stable-channel-update-for-desktop_10.html" } ], "schema_version": "1.7.0", "summary": "chromium -- multiple security fixes" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "chromium" }, "ranges": [ { "events": [ { "fixed": "137.0.7151.68" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "ungoogled-chromium" }, "ranges": [ { "events": [ { "fixed": "137.0.7151.68" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://chromereleases.googleblog.com/2025/06/stable-channel-update-for-desktop.html" ], "discovery": "2025-06-02T00:00:00Z", "references": { "cvename": [ "CVE-2025-5419", "CVE-2025-5068" ] }, "vid": "4323e86c-2422-4fd7-8c8f-ec71c81ea7dd" }, "details": "Chrome Releases reports:\n\n> This update includes 3 security fixes:\n>\n> - \\[420636529\\] High CVE-2025-5419: Out of bounds read and write in\n> V8. Reported by Clement Lecigne and Beno\u00eet Sevens of Google Threat\n> Analysis Group on 2025-05-27. This issue was mitigated on 2025-05-28\n> by a configuration change pushed out to Stable across all Chrome\n> platforms.\n> - \\[409059706\\] Medium CVE-2025-5068: Use after free in Blink.\n> Reported by Walkman on 2025-04-07\n", "id": "FreeBSD-2025-0186", "modified": "2025-06-17T00:00:00Z", "published": "2025-06-17T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://chromereleases.googleblog.com/2025/06/stable-channel-update-for-desktop.html" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2025-5419" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2025-5068" }, { "type": "WEB", "url": "https://chromereleases.googleblog.com/2025/06/stable-channel-update-for-desktop.html" } ], "schema_version": "1.7.0", "summary": "chromium -- multiple security fixes" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "firefox" }, "ranges": [ { "events": [ { "fixed": "138.0,2" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "firefox-esr" }, "ranges": [ { "events": [ { "fixed": "128.10" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "thunderbird" }, "ranges": [ { "events": [ { "fixed": "128.0" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://bugzilla.mozilla.org/show_bug.cgi?id=1917536" ], "discovery": "2025-04-29T00:00:00Z", "references": { "cvename": [ "CVE-2025-2817" ] }, "vid": "201cccc1-4a01-11f0-b0f8-b42e991fc52e" }, "details": "security@mozilla.org reports:\n\n> Thunderbird\\'s update mechanism allowed a medium-integrity user\n> process to interfere with the SYSTEM-level updater by manipulating the\n> file-locking behavior. By injecting code into the user-privileged\n> process, an attacker could bypass intended access controls, allowing\n> SYSTEM-level file operations on paths controlled by a non-privileged\n> user and enabling privilege escalation. This vulnerability affects\n> Firefox \\< 138, Firefox ESR \\< 128.10, Firefox ESR \\< 115.23,\n> Thunderbird \\< 138, and Thunderbird \\< 128.10.\n", "id": "FreeBSD-2025-0185", "modified": "2025-06-15T00:00:00Z", "published": "2025-06-15T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1917536" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2025-2817" }, { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-2817" } ], "schema_version": "1.7.0", "summary": "Mozilla -- control access bypass" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "webmin" }, "ranges": [ { "events": [ { "last_affected": "2.105" }, { "fixed": "2.105" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://webmin.com/security/" ], "discovery": "2024-12-30T00:00:00Z", "references": { "cvename": [ "CVE-2024-12828" ] }, "vid": "805ad2e0-49da-11f0-87e8-bcaec55be5e5" }, "details": "Webmin reports:\n\n> A less-privileged Webmin user can execute commands as root via a\n> vulnerability in the shell autocomplete feature.\n", "id": "FreeBSD-2025-0184", "modified": "2025-06-15T00:00:00Z", "published": "2025-06-15T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://webmin.com/security/" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-12828" }, { "type": "WEB", "url": "https://webmin.com/security/" }, { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-12828" } ], "schema_version": "1.7.0", "summary": "webmin -- CGI Command Injection Remote Code Execution" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "yelp-xsl" }, "ranges": [ { "events": [ { "fixed": "42.3" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://access.redhat.com/errata/RHSA-2025:4450" ], "discovery": "2025-04-03T00:00:00Z", "references": { "cvename": [ "CVE-2025-3155" ] }, "vid": "9449f018-84a3-490d-959f-38c05fbc77a7" }, "details": "secalert@redhat.com reports:\n\n> A flaw was found in Yelp. The Gnome user help application allows the\n> help document to execute arbitrary scripts. This vulnerability allows\n> malicious users to input help documents, which may exfiltrate user\n> files to an external environment.\n", "id": "FreeBSD-2025-0183", "modified": "2025-06-14T00:00:00Z", "published": "2025-06-14T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://access.redhat.com/errata/RHSA-2025:4450" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2025-3155" }, { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-3155" } ], "schema_version": "1.7.0", "summary": "Yelp -- arbitrary file read" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "yelp" }, "ranges": [ { "events": [ { "fixed": "42.3" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://access.redhat.com/errata/RHSA-2025:4450" ], "discovery": "2025-04-03T00:00:00Z", "references": { "cvename": [ "CVE-2025-3155" ] }, "vid": "0e200a73-289a-489e-b405-40b997911036" }, "details": "secalert@redhat.com reports:\n\n> A flaw was found in Yelp. The Gnome user help application allows the\n> help document to execute arbitrary scripts. This vulnerability allows\n> malicious users to input help documents, which may exfiltrate user\n> files to an external environment.\n", "id": "FreeBSD-2025-0182", "modified": "2025-06-14T00:00:00Z", "published": "2025-06-14T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://access.redhat.com/errata/RHSA-2025:4450" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2025-3155" }, { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-3155" } ], "schema_version": "1.7.0", "summary": "Yelp -- arbitrary file read" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "gitlab-ce" }, "ranges": [ { "events": [ { "introduced": "18.0.0" }, { "fixed": "18.0.2" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "17.11.0" }, { "fixed": "17.11.4" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "2.1.0" }, { "fixed": "17.10.8" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "gitlab-ee" }, "ranges": [ { "events": [ { "introduced": "18.0.0" }, { "fixed": "18.0.2" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "17.11.0" }, { "fixed": "17.11.4" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "2.1.0" }, { "fixed": "17.10.8" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://about.gitlab.com/releases/2025/06/11/patch-release-gitlab-18-0-2-released/" ], "discovery": "2025-06-11T00:00:00Z", "references": { "cvename": [ "CVE-2025-4278", "CVE-2025-2254", "CVE-2025-5121", "CVE-2025-0673", "CVE-2025-1516", "CVE-2025-1478", "CVE-2024-9512", "CVE-2025-5996", "CVE-2025-5195", "CVE-2025-5982" ] }, "vid": "ae028662-475e-11f0-9ca4-2cf05da270f3" }, "details": "Gitlab reports:\n\n> HTML injection impacts GitLab CE/EE\n>\n> Cross-site scripting issue impacts GitLab CE/EE\n>\n> Missing authorization issue impacts GitLab Ultimate EE\n>\n> Denial of Service impacts GitLab CE/EE\n>\n> Denial of Service via unbounded Webhook token names impacts GitLab\n> CE/EE\n>\n> Denial of Service via unbounded Board Names impacts GitLab CE/EE\n>\n> Information disclosure issue impacts GitLab CE/EE\n>\n> Denial of Service (DoS) via uncontrolled HTTP Response Processing\n> impacts GitLab CE/EE\n>\n> Information disclosure via authorization bypass impacts GitLab CE/EE\n>\n> Sensitive information disclosure via Group IP restriction bypass\n", "id": "FreeBSD-2025-0181", "modified": "2025-06-12T00:00:00Z", "published": "2025-06-12T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://about.gitlab.com/releases/2025/06/11/patch-release-gitlab-18-0-2-released/" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2025-4278" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2025-2254" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2025-5121" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2025-0673" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2025-1516" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2025-1478" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-9512" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2025-5996" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2025-5195" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2025-5982" }, { "type": "WEB", "url": "https://about.gitlab.com/releases/2025/06/11/patch-release-gitlab-18-0-2-released/" } ], "schema_version": "1.7.0", "summary": "Gitlab -- Vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "postgresql-jdbc" }, "ranges": [ { "events": [ { "fixed": "42.7.7" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://jdbc.postgresql.org/changelogs/2025-06-11-42" ], "discovery": "2025-06-12T00:00:00Z", "references": { "cvename": [ "CVE-2025-49146" ] }, "vid": "2a220a73-4759-11f0-a44a-6cc21735f730" }, "details": "PostgreSQL JDBC Driver project reports:\n\n> Client Allows Fallback to Insecure Authentication Despite\n> channelBinding=require configuration. Fix channel binding required\n> handling to reject non-SASL authentication Previously, when channel\n> binding was set to \\\"require\\\", the driver would silently ignore this\n> requirement for non-SASL authentication methods. This could lead to a\n> false sense of security when channel binding was explicitly requested\n> but not actually enforced. The fix ensures that when channel binding\n> is set to \\\"require\\\", the driver will reject connections that use\n> non-SASL authentication methods or when SASL authentication has not\n> completed properly.\n", "id": "FreeBSD-2025-0180", "modified": "2025-06-12T00:00:00Z", "published": "2025-06-12T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://jdbc.postgresql.org/changelogs/2025-06-11-42" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2025-49146" }, { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-49146" } ], "schema_version": "1.7.0", "summary": "PostgreSQL JDBC library -- Improper Authentication" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "ap24-mod_security" }, "ranges": [ { "events": [ { "fixed": "2.9.10" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://github.com/owasp-modsecurity/ModSecurity/commit/3a54ccea62d3f7151bb08cb78d60c5e90b53ca2e" ], "discovery": "2025-06-02T00:00:00Z", "references": { "cvename": [ "CVE-2025-48866" ] }, "vid": "fa1d42c8-42fe-11f0-a9fa-b42e991fc52e" }, "details": "security-advisories@github.com reports:\n\n> ModSecurity is an open source, cross platform web application firewall\n> (WAF) engine for Apache, IIS and Nginx. Versions prior to 2.9.10\n> contain a denial of service vulnerability similar to\n> GHSA-859r-vvv8-rm8r/CVE-2025-47947. The \\`sanitiseArg\\` (and\n> \\`sanitizeArg\\` - this is the same action but an alias) is vulnerable\n> to adding an excessive number of arguments, thereby leading to denial\n> of service. Version 2.9.10 fixes the issue. As a workaround, avoid\n> using rules that contain the \\`sanitiseArg\\` (or \\`sanitizeArg\\`)\n> action.\n", "id": "FreeBSD-2025-0179", "modified": "2025-06-06T00:00:00Z", "published": "2025-06-06T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://github.com/owasp-modsecurity/ModSecurity/commit/3a54ccea62d3f7151bb08cb78d60c5e90b53ca2e" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2025-48866" }, { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-48866" } ], "schema_version": "1.7.0", "summary": "ModSecurity -- possible DoS vulnerability" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "ap24-mod_security" }, "ranges": [ { "events": [ { "fixed": "2.9.8" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://github.com/owasp-modsecurity/ModSecurity/pull/3389" ], "discovery": "2025-05-21T00:00:00Z", "references": { "cvename": [ "CVE-2025-47947" ] }, "vid": "ecea70d2-42fe-11f0-a9fa-b42e991fc52e" }, "details": "security-advisories@github.com reports:\n\n> ModSecurity is an open source, cross platform web application firewall\n> (WAF) engine for Apache, IIS and Nginx. Versions up to and including\n> 2.9.8 are vulnerable to denial of service in one special case (in\n> stable released versions): when the payload\\'s content type is\n> \\`application/json\\`, and there is at least one rule which does a\n> \\`sanitiseMatchedBytes\\` action. A patch is available at pull request\n> 3389 and expected to be part of version 2.9.9. No known workarounds\n> are available.\n", "id": "FreeBSD-2025-0178", "modified": "2025-06-06T00:00:00Z", "published": "2025-06-06T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://github.com/owasp-modsecurity/ModSecurity/pull/3389" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2025-47947" }, { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-47947" } ], "schema_version": "1.7.0", "summary": "ModSecurity -- possible DoS vulnerability" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "firefox-esr" }, "ranges": [ { "events": [ { "fixed": "128.11.0" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "firefox" }, "ranges": [ { "events": [ { "fixed": "139.0,2" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://bugzilla.mozilla.org/show_bug.cgi?id=1954137" ], "discovery": "2025-05-27T00:00:00Z", "references": { "cvename": [ "CVE-2025-5267" ] }, "vid": "63268efe-4222-11f0-976e-b42e991fc52e" }, "details": "security@mozilla.org reports:\n\n> A clickjacking vulnerability could have been used to trick a user into\n> leaking saved payment card details to a malicious page.\n", "id": "FreeBSD-2025-0177", "modified": "2025-06-05T00:00:00Z", "published": "2025-06-05T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1954137" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2025-5267" }, { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-5267" } ], "schema_version": "1.7.0", "summary": "Mozilla -- clickjacking vulnerability" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "firefox-esr" }, "ranges": [ { "events": [ { "fixed": "128.11.0" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "firefox" }, "ranges": [ { "events": [ { "fixed": "139.0,2" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://bugzilla.mozilla.org/show_bug.cgi?id=1965628" ], "discovery": "2025-05-27T00:00:00Z", "references": { "cvename": [ "CVE-2025-5266" ] }, "vid": "61be5684-4222-11f0-976e-b42e991fc52e" }, "details": "security@mozilla.org reports:\n\n> Script elements loading cross-origin resources generated load and\n> error events which leaked information enabling XS-Leaks attacks.\n", "id": "FreeBSD-2025-0176", "modified": "2025-06-05T00:00:00Z", "published": "2025-06-05T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1965628" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2025-5266" }, { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-5266" } ], "schema_version": "1.7.0", "summary": "Mozilla -- XS-leak attack" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "firefox-esr" }, "ranges": [ { "events": [ { "fixed": "115.24.0" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "firefox" }, "ranges": [ { "events": [ { "fixed": "139.0,2" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://bugzilla.mozilla.org/show_bug.cgi?id=1950001" ], "discovery": "2025-05-27T00:00:00Z", "references": { "cvename": [ "CVE-2025-5264" ] }, "vid": "5ec0b4e5-4222-11f0-976e-b42e991fc52e" }, "details": "security@mozilla.org reports:\n\n> Due to insufficient escaping of the newline character in the Copy as\n> cURL feature, an attacker could trick a user into using this command,\n> potentially leading to local code execution on the user\\'s system.\n", "id": "FreeBSD-2025-0175", "modified": "2025-06-05T00:00:00Z", "published": "2025-06-05T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1950001" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2025-5264" }, { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-5264" } ], "schema_version": "1.7.0", "summary": "Mozilla -- local code execution" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "firefox-esr" }, "ranges": [ { "events": [ { "fixed": "115.24.0" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "firefox" }, "ranges": [ { "events": [ { "fixed": "139.0,2" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://bugzilla.mozilla.org/show_bug.cgi?id=1960745" ], "discovery": "2025-05-27T00:00:00Z", "references": { "cvename": [ "CVE-2025-5263" ] }, "vid": "5d1e56dc-4222-11f0-976e-b42e991fc52e" }, "details": "security@mozilla.org reports:\n\n> Error handling for script execution was incorrectly isolated from web\n> content, which could have allowed cross-origin leak attacks.\n", "id": "FreeBSD-2025-0174", "modified": "2025-06-05T00:00:00Z", "published": "2025-06-05T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1960745" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2025-5263" }, { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-5263" } ], "schema_version": "1.7.0", "summary": "Mozilla -- cross-origin leak attack" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "chromium" }, "ranges": [ { "events": [ { "fixed": "137.0.7151.68" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://chromereleases.googleblog.com/2025/06/stable-channel-update-for-desktop.html" ], "discovery": "2025-06-03T00:00:00Z", "references": { "cvename": [ "CVE-2025-5419" ] }, "vid": "5759c6e2-410a-11f0-a945-b42e991fc52e" }, "details": "chrome-cve-admin@google.com reports:\n\n> Out of bounds read and write in V8 in Google Chrome prior to\n> 137.0.7151.68 allowed a remote attacker to potentially exploit heap\n> corruption via a crafted HTML page. (Chromium security severity: High)\n", "id": "FreeBSD-2025-0173", "modified": "2025-06-04T00:00:00Z", "published": "2025-06-04T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://chromereleases.googleblog.com/2025/06/stable-channel-update-for-desktop.html" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2025-5419" }, { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-5419" } ], "schema_version": "1.7.0", "summary": "Chrome -- Out of bounds read" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "electron34" }, "ranges": [ { "events": [ { "fixed": "34.5.8" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "electron35" }, "ranges": [ { "events": [ { "fixed": "35.5.1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "electron36" }, "ranges": [ { "events": [ { "fixed": "36.4.0" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://github.com/electron/electron/releases/tag/v35.5.1" ], "discovery": "2025-06-04T00:00:00Z", "references": { "cvename": [ "CVE-2025-5419" ] }, "vid": "8c94ae2a-06f5-4383-9a7f-1211cb0dd476" }, "details": "Electron developers report:\n\n> This update fixes the following vulnerability:\n>\n> - Security: backported fix for CVE-2025-5419.\n", "id": "FreeBSD-2025-0172", "modified": "2025-06-04T00:00:00Z", "published": "2025-06-04T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://github.com/electron/electron/releases/tag/v35.5.1" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2025-5419" }, { "type": "ADVISORY", "url": "https://github.com/advisories/GHSA-x828-wp24-7h9m" } ], "schema_version": "1.7.0", "summary": "electron{34,35,36} -- Out of bounds read and write in V8" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "roundcube-php81" }, "ranges": [ { "events": [ { "fixed": "1.6.11" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "roundcube-php82" }, "ranges": [ { "events": [ { "fixed": "1.6.11" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "roundcube-php83" }, "ranges": [ { "events": [ { "fixed": "1.6.11" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "roundcube-php84" }, "ranges": [ { "events": [ { "fixed": "1.6.11" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://roundcube.net/news/2025/06/01/security-updates-1.6.11-and-1.5.10" ], "discovery": "2025-06-01T00:00:00Z", "references": { "cvename": [ "CVE-2025-49113" ] }, "vid": "0d6094a2-4095-11f0-8c92-00d861a0e66d" }, "details": "Roundcube Webmail reports:\n\n> Fix Post-Auth RCE via PHP Object Deserialization reported by firs0v\n", "id": "FreeBSD-2025-0171", "modified": "2025-06-03T00:00:00Z", "published": "2025-06-03T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://roundcube.net/news/2025/06/01/security-updates-1.6.11-and-1.5.10" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2025-49113" }, { "type": "WEB", "url": "https://roundcube.net/news/2025/06/01/security-updates-1.6.11-and-1.5.10" } ], "schema_version": "1.7.0", "summary": "Post-Auth Remote Code Execution found in Roundcube Webmail" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "gimp" }, "ranges": [ { "events": [ { "fixed": "3.0.0,2" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://www.zerodayinitiative.com/advisories/ZDI-25-204/" ], "discovery": "2025-04-23T00:00:00Z", "references": { "cvename": [ "CVE-2025-2761" ] }, "vid": "dc99c67a-3fc9-11f0-a39d-b42e991fc52e" }, "details": "zdi-disclosures@trendmicro.com reports:\n\n> GIMP FLI File Parsing Out-Of-Bounds Write Remote Code Execution\n> Vulnerability. This vulnerability allows remote attackers to execute\n> arbitrary code on affected installations of GIMP. User interaction is\n> required to exploit this vulnerability in that the target must visit a\n> malicious page or open a malicious file. The specific flaw exists\n> within the parsing of FLI files. The issue results from the lack of\n> proper validation of user-supplied data, which can result in a write\n> past the end of an allocated buffer. An attacker can leverage this\n> vulnerability to execute code in the context of the current process.\n> Was ZDI-CAN-25100.\n", "id": "FreeBSD-2025-0170", "modified": "2025-06-02T00:00:00Z", "published": "2025-06-02T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-204/" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2025-2761" }, { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-2761" } ], "schema_version": "1.7.0", "summary": "Gimp -- GIMP FLI File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "gimp" }, "ranges": [ { "events": [ { "fixed": "3.0.0,2" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://www.zerodayinitiative.com/advisories/ZDI-25-203/" ], "discovery": "2025-04-23T00:00:00Z", "references": { "cvename": [ "CVE-2025-2760" ] }, "vid": "da0a4374-3fc9-11f0-a39d-b42e991fc52e" }, "details": "zdi-disclosures@trendmicro.com reports:\n\n> GIMP XWD File Parsing Integer Overflow Remote Code Execution\n> Vulnerability. This vulnerability allows remote attackers to execute\n> arbitrary code on affected installations of GIMP. User interaction is\n> required to exploit this vulnerability in that the target must visit a\n> malicious page or open a malicious file. The specific flaw exists\n> within the parsing of XWD files. The issue results from the lack of\n> proper validation of user-supplied data, which can result in an\n> integer overflow before allocating a buffer. An attacker can leverage\n> this vulnerability to execute code in the context of the current\n> process. Was ZDI-CAN-25082.\n", "id": "FreeBSD-2025-0169", "modified": "2025-06-02T00:00:00Z", "published": "2025-06-02T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-203/" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2025-2760" }, { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-2760" } ], "schema_version": "1.7.0", "summary": "Gimp -- GIMP XWD File Parsing Integer Overflow Remote Code Execution Vulnerability" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "curl" }, "ranges": [ { "events": [ { "introduced": "8.5.0" }, { "fixed": "8.14.0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://curl.se/docs/security.html" ], "discovery": "2025-05-28T00:00:00Z", "references": { "cvename": [ "CVE-2025-5025", "CVE-2025-4947" ] }, "vid": "533b4470-3f25-11f0-b440-f02f7432cf97" }, "details": "curl security team reports:\n\n> CVE-2025-5025: No QUIC certificate pinning with wolfSSL\n>\n> CVE-2025-4947: QUIC certificate check skip with wolfSSL\n", "id": "FreeBSD-2025-0168", "modified": "2025-06-01T00:00:00Z", "published": "2025-06-01T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://curl.se/docs/security.html" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2025-5025" }, { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-5025" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2025-4947" }, { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-4947" } ], "schema_version": "1.7.0", "summary": "curl -- Multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "py39-libxml2" }, "ranges": [ { "events": [ { "fixed": "2.11.9_3" }, { "introduced": "0" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "2.12.0" }, { "fixed": "2.13.8" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "2.14.0" }, { "fixed": "2.14.2" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "py310-libxml2" }, "ranges": [ { "events": [ { "fixed": "2.11.9_3" }, { "introduced": "0" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "2.12.0" }, { "fixed": "2.13.8" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "2.14.0" }, { "fixed": "2.14.2" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "py311-libxml2" }, "ranges": [ { "events": [ { "fixed": "2.11.9_3" }, { "introduced": "0" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "2.12.0" }, { "fixed": "2.13.8" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "2.14.0" }, { "fixed": "2.14.2" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "py312-libxml2" }, "ranges": [ { "events": [ { "fixed": "2.11.9_3" }, { "introduced": "0" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "2.12.0" }, { "fixed": "2.13.8" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "2.14.0" }, { "fixed": "2.14.2" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://gitlab.gnome.org/GNOME/libxml2/-/issues/889" ], "discovery": "2025-04-08T00:00:00Z", "references": { "cvename": [ "CVE-2025-32414" ] }, "vid": "2926c487-3e53-11f0-95d4-00a098b42aeb" }, "details": "cve@mitre.org reports:\n\n> In libxml2 before 2.13.8 and 2.14.x before 2.14.2, out-of-bounds\n> memory access can occur in the Python API (Python bindings) because of\n> an incorrect return value. This occurs in xmlPythonFileRead and\n> xmlPythonFileReadRaw because of a difference between bytes and\n> characters.\n", "id": "FreeBSD-2025-0167", "modified": "2025-05-31T00:00:00Z", "published": "2025-05-31T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://gitlab.gnome.org/GNOME/libxml2/-/issues/889" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2025-32414" }, { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-32414" } ], "schema_version": "1.7.0", "summary": "libxml2 -- Out-of-bounds memory access" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "libxml2" }, "ranges": [ { "events": [ { "fixed": "2.11.9_1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "2.12.0" }, { "fixed": "2.12.10" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "2.13.0" }, { "fixed": "2.13.6" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://gitlab.gnome.org/GNOME/libxml2/-/issues/847" ], "discovery": "2025-02-18T00:00:00Z", "references": { "cvename": [ "CVE-2025-24928" ] }, "vid": "fdd02be0-3e50-11f0-95d4-00a098b42aeb" }, "details": "cve@mitre.org reports:\n\n> libxml2 before 2.12.10 and 2.13.x before 2.13.6 has a stack-based\n> buffer overflow in xmlSnprintfElements in valid.c. To exploit this,\n> DTD validation must occur for an untrusted document or untrusted DTD.\n> NOTE: this is similar to CVE-2017-9047.\n", "id": "FreeBSD-2025-0166", "modified": "2025-05-31T00:00:00Z", "published": "2025-05-31T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://gitlab.gnome.org/GNOME/libxml2/-/issues/847" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2025-24928" }, { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-24928" } ], "schema_version": "1.7.0", "summary": "libxml2 -- Stack-based Buffer Overflow" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "libxml2" }, "ranges": [ { "events": [ { "fixed": "2.11.9_1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "2.12.0" }, { "fixed": "2.12.10" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "2.13.0" }, { "fixed": "2.13.6" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://gitlab.gnome.org/GNOME/libxml2/-/issues/828" ], "discovery": "2025-02-18T00:00:00Z", "references": { "cvename": [ "CVE-2024-56171" ] }, "vid": "bd2af307-3e50-11f0-95d4-00a098b42aeb" }, "details": "cve@mitre.org reports:\n\n> libxml2 before 2.12.10 and 2.13.x before 2.13.6 has a use-after-free\n> in xmlSchemaIDCFillNodeTables and xmlSchemaBubbleIDCNodeTables in\n> xmlschemas.c. To exploit this, a crafted XML document must be\n> validated against an XML schema with certain identity constraints, or\n> a crafted XML schema must be used.\n", "id": "FreeBSD-2025-0165", "modified": "2025-05-31T00:00:00Z", "published": "2025-05-31T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://gitlab.gnome.org/GNOME/libxml2/-/issues/828" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-56171" }, { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-56171" } ], "schema_version": "1.7.0", "summary": "libxml2 -- Use After Free" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "chromium" }, "ranges": [ { "events": [ { "fixed": "137.0.7151.55" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "ungoogled-chromium" }, "ranges": [ { "events": [ { "fixed": "137.0.7151.55" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://chromereleases.googleblog.com/2025/05/stable-channel-update-for-desktop_27.html" ], "discovery": "2025-05-27T00:00:00Z", "references": { "cvename": [ "CVE-2025-5063", "CVE-2025-5280", "CVE-2025-5064", "CVE-2025-5065", "CVE-2025-5066", "CVE-2025-5281", "CVE-2025-5283", "CVE-2025-5067" ] }, "vid": "25acd603-3dde-11f0-8cb5-a8a1599412c6" }, "details": "Chrome Releases reports:\n\n> This update includes 11 security fixes:\n>\n> - \\[411573532\\] High CVE-2025-5063: Use after free in Compositing.\n> Reported by Anonymous on 2025-04-18\n> - \\[417169470\\] High CVE-2025-5280: Out of bounds write in V8.\n> Reported by \\[pwn2car\\] on 2025-05-12\n> - \\[40058068\\] Medium CVE-2025-5064: Inappropriate implementation in\n> Background Fetch API. Reported by Maurice Dauer on 2021-11-29\n> - \\[40059071\\] Medium CVE-2025-5065: Inappropriate implementation in\n> FileSystemAccess API. Reported by NDevTK on 2022-03-11\n> - \\[356658477\\] Medium CVE-2025-5066: Inappropriate implementation in\n> Messages. Reported by Mohit Raj (shadow2639) on 2024-07-31\n> - \\[417215501\\] Medium CVE-2025-5281: Inappropriate implementation in\n> BFCache. Reported by Jesper van den Ende (Pelican Party Studios) on\n> 2025-05-12\n> - \\[419467315\\] Medium CVE-2025-5283: Use after free in libvpx.\n> Reported by Mozilla on 2025-05-22\n> - \\[40075024\\] Low CVE-2025-5067: Inappropriate implementation in Tab\n> Strip. Reported by Khalil Zhani on 2023-10-17\n", "id": "FreeBSD-2025-0164", "modified": "2025-05-31T00:00:00Z", "published": "2025-05-31T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://chromereleases.googleblog.com/2025/05/stable-channel-update-for-desktop_27.html" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2025-5063" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2025-5280" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2025-5064" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2025-5065" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2025-5066" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2025-5281" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2025-5283" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2025-5067" }, { "type": "WEB", "url": "https://chromereleases.googleblog.com/2025/05/stable-channel-update-for-desktop_27.html" } ], "schema_version": "1.7.0", "summary": "chromium -- multiple security fixes" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "chromium" }, "ranges": [ { "events": [ { "fixed": "137.0.7151.55" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://chromereleases.googleblog.com/2025/05/stable-channel-update-for-desktop_27.html" ], "discovery": "2025-05-27T00:00:00Z", "references": { "cvename": [ "CVE-2025-5063" ] }, "vid": "4864aec7-3d80-11f0-9a55-b42e991fc52e" }, "details": "chrome-cve-admin@google.com reports:\n\n> Use after free in Compositing in Google Chrome prior to 137.0.7151.55\n> allowed a remote attacker to potentially exploit heap corruption via a\n> crafted HTML page. (Chromium security severity: High)\n", "id": "FreeBSD-2025-0163", "modified": "2025-05-30T00:00:00Z", "published": "2025-05-30T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://chromereleases.googleblog.com/2025/05/stable-channel-update-for-desktop_27.html" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2025-5063" }, { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-5063" } ], "schema_version": "1.7.0", "summary": "Chrome -- Heap corruption exploitation" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "firefox-esr" }, "ranges": [ { "events": [ { "fixed": "128.11.0" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "thunderbird" }, "ranges": [ { "events": [ { "fixed": "128.11.0" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://bugzilla.mozilla.org/show_bug.cgi?id=1924108" ], "discovery": "2025-05-27T00:00:00Z", "references": { "cvename": [ "CVE-2025-5269" ] }, "vid": "a6e1b7ee-3d7c-11f0-9a55-b42e991fc52e" }, "details": "security@mozilla.org reports:\n\n> Memory safety bug present in Firefox ESR 128.10, and Thunderbird\n> 128.10. This bug showed evidence of memory corruption and we presume\n> that with enough effort this could have been exploited to run\n> arbitrary code.\n", "id": "FreeBSD-2025-0162", "modified": "2025-05-30T00:00:00Z", "published": "2025-05-30T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1924108" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2025-5269" }, { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-5269" } ], "schema_version": "1.7.0", "summary": "Mozilla -- memory corruption" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "firefox" }, "ranges": [ { "events": [ { "fixed": "139.0,2" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "firefox-esr" }, "ranges": [ { "events": [ { "fixed": "128.11" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "thunderbird" }, "ranges": [ { "events": [ { "fixed": "128.11" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://bugzilla.mozilla.org/buglist.cgi?bug_id=1950136%2C1958121%2C1960499%2C1962634" ], "discovery": "2025-05-27T00:00:00Z", "references": { "cvename": [ "CVE-2025-5268" ] }, "vid": "a5b553e5-3d7c-11f0-9a55-b42e991fc52e" }, "details": "security@mozilla.org reports:\n\n> Memory safety bugs present in Firefox 138, Thunderbird 138, Firefox\n> ESR 128.10, and Thunderbird 128.10. Some of these bugs showed evidence\n> of memory corruption and we presume that with enough effort some of\n> these could have been exploited to run arbitrary code.\n", "id": "FreeBSD-2025-0161", "modified": "2025-05-30T00:00:00Z", "published": "2025-05-30T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://bugzilla.mozilla.org/buglist.cgi?bug_id=1950136%2C1958121%2C1960499%2C1962634" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2025-5268" }, { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-5268" } ], "schema_version": "1.7.0", "summary": "Mozilla -- Memory safety bugs" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "firefox" }, "ranges": [ { "events": [ { "fixed": "139.0,2" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://bugzilla.mozilla.org/show_bug.cgi?id=1910298" ], "discovery": "2025-05-27T00:00:00Z", "references": { "cvename": [ "CVE-2025-5270" ] }, "vid": "a470ac63-3d7c-11f0-9a55-b42e991fc52e" }, "details": "security@mozilla.org reports:\n\n> In certain cases, SNI could have been sent unencrypted even when\n> encrypted DNS was enabled.\n", "id": "FreeBSD-2025-0160", "modified": "2025-05-30T00:00:00Z", "published": "2025-05-30T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1910298" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2025-5270" }, { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-5270" } ], "schema_version": "1.7.0", "summary": "Firefox -- unencrypted SNI" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "firefox" }, "ranges": [ { "events": [ { "fixed": "139.0,2" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://bugzilla.mozilla.org/show_bug.cgi?id=1920348" ], "discovery": "2025-05-27T00:00:00Z", "references": { "cvename": [ "CVE-2025-5271" ] }, "vid": "a3291f81-3d7c-11f0-9a55-b42e991fc52e" }, "details": "security@mozilla.org reports:\n\n> Previewing a response in Devtools ignored CSP headers, which could\n> have allowed content injection attacks.\n", "id": "FreeBSD-2025-0159", "modified": "2025-05-30T00:00:00Z", "published": "2025-05-30T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1920348" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2025-5271" }, { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-5271" } ], "schema_version": "1.7.0", "summary": "Firefox -- content injection attack" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "firefox" }, "ranges": [ { "events": [ { "fixed": "139.0,2" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "thunderbird" }, "ranges": [ { "events": [ { "fixed": "129.0" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://bugzilla.mozilla.org/buglist.cgi?bug_id=1726254%2C1742738%2C1960121" ], "discovery": "2025-05-27T00:00:00Z", "references": { "cvename": [ "CVE-2025-5272" ] }, "vid": "a14dbea7-3d7c-11f0-9a55-b42e991fc52e" }, "details": "security@mozilla.org reports:\n\n> Memory safety bugs present in Firefox 138 and Thunderbird 138. Some of\n> these bugs showed evidence of memory corruption and we presume that\n> with enough effort some of these could have been exploited to run\n> arbitrary code.\n", "id": "FreeBSD-2025-0158", "modified": "2025-05-30T00:00:00Z", "published": "2025-05-30T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://bugzilla.mozilla.org/buglist.cgi?bug_id=1726254%2C1742738%2C1960121" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2025-5272" }, { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-5272" } ], "schema_version": "1.7.0", "summary": "Mozilla -- Memory safety bugs" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "ap24-mod_security" }, "ranges": [ { "events": [ { "fixed": "2.9.8" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://github.com/owasp-modsecurity/ModSecurity/pull/3389" ], "discovery": "2025-05-21T00:00:00Z", "references": { "cvename": [ "CVE-2025-47947" ] }, "vid": "a372abb0-3d3c-11f0-86e7-b42e991fc52e" }, "details": "security-advisories@github.com reports:\n\n> ModSecurity is an open source, cross platform web application firewall\n> (WAF) engine for Apache, IIS and Nginx. Versions up to and including\n> 2.9.8 are vulnerable to denial of service in one special case (in\n> stable released versions): when the payload\\'s content type is\n> \\`application/json\\`, and there is at least one rule which does a\n> \\`sanitiseMatchedBytes\\` action. A patch is available at pull request\n> 3389 and expected to be part of version 2.9.9. No known workarounds\n> are available.\n", "id": "FreeBSD-2025-0157", "modified": "2025-05-30T00:00:00Z", "published": "2025-05-30T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://github.com/owasp-modsecurity/ModSecurity/pull/3389" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2025-47947" }, { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-47947" } ], "schema_version": "1.7.0", "summary": "ModSecurity -- Possible DoS Vulnerability" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "traefik" }, "ranges": [ { "events": [ { "fixed": "3.4.1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://github.com/traefik/traefik/security/advisories/GHSA-vrch-868g-9jx5" ], "discovery": "2025-05-27T00:00:00Z", "references": { "cvename": [ "CVE-2025-47952" ] }, "vid": "67dd7a9e-3cd8-11f0-b601-5404a68ad561" }, "details": "The traefik project reports:\n\n> There is a potential vulnerability in Traefik managing the requests\n> using a PathPrefix, Path or PathRegex matcher. When Traefik is\n> configured to route the requests to a backend using a matcher based on\n> the path, if the URL contains a URL encoded string in its path, it\\'s\n> possible to target a backend, exposed using another router, by-passing\n> the middlewares chain.\n", "id": "FreeBSD-2025-0156", "modified": "2025-05-29T00:00:00Z", "published": "2025-05-29T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://github.com/traefik/traefik/security/advisories/GHSA-vrch-868g-9jx5" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2025-47952" }, { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-47952" } ], "schema_version": "1.7.0", "summary": "traefik -- Path traversal vulnerability" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "glpi" }, "ranges": [ { "events": [ { "fixed": "10.0.18" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://github.com/glpi-project/glpi/releases/tag/10.0.18" ], "discovery": "2025-02-25T00:00:00Z", "references": { "cvename": [ "CVE-2024-11955", "CVE-2025-23024", "CVE-2025-23046", "CVE-2025-25192", "CVE-2025-21626", "CVE-2025-21627", "CVE-2025-21619", "CVE-2025-24799", "CVE-2025-24801" ] }, "vid": "c36decbe-3c84-11f0-8d29-b42e991fc52e" }, "details": "security-advisories@github.com reports:\n\n> CVE-2024-11955: A vulnerability was found in GLPI up to 10.0.17. It\n> has been declared as problematic. Affected by this vulnerability is an\n> unknown functionality of the file /index.php. The manipulation of the\n> argument redirect leads to open redirect. The attack can be launched\n> remotely. The exploit has been disclosed to the public and may be\n> used. Upgrading to version 10.0.18 is able to address this issue. It\n> is recommended to upgrade the affected component.\n>\n> CVE-2025-23024: Starting in version 0.72 and prior to version 10.0.18,\n> an anonymous user can disable all the active plugins. Version 10.0.18\n> contains a patch. As a workaround, one may delete the\n> \\`install/update.php\\` file.\n>\n> CVE-2025-23046: Prior to version 10.0.18, a low privileged user can\n> enable debug mode and access sensitive information. Version 10.0.18\n> contains a patch. As a workaround, one may delete the\n> \\`install/update.php\\` file.\n>\n> CVE-2025-25192: Starting in version 9.5.0 and prior to version\n> 10.0.18, if a \\\"Mail servers\\\" authentication provider is configured\n> to use an Oauth connection provided by the OauthIMAP plugin, anyone\n> can connect to GLPI using a user name on which an Oauth authorization\n> has already been established. Version 10.0.18 contains a patch. As a\n> workaround, one may disable any \\\"Mail servers\\\" authentication\n> provider configured to use an Oauth connection provided by the\n> OauthIMAP plugin.\n>\n> CVE-2025-21626: Starting in version 0.71 and prior to version 10.0.18,\n> an anonymous user can fetch sensitive information from the\n> \\`status.php\\` endpoint. Version 10.0.18 contains a fix for the issue.\n> Some workarounds are available. One may delete the \\`status.php\\`\n> file, restrict its access, or remove any sensitive values from the\n> \\`name\\` field of the active LDAP directories, mail servers\n> authentication providers and mail receivers.\n>\n> CVE-2025-21627: In versions prior to 10.0.18, a malicious link can be\n> crafted to perform a reflected XSS attack on the search page. If the\n> anonymous ticket creation is enabled, this attack can be performed by\n> an unauthenticated user. Version 10.0.18 contains a fix for the issue.\n>\n> CVE-2025-21619: An administrator user can perfom a SQL injection\n> through the rules configuration forms. This vulnerability is fixed in\n> 10.0.18.\n>\n> CVE-2025-24799: An unauthenticated user can perform a SQL injection\n> through the inventory endpoint. This vulnerability is fixed in\n> 10.0.18.\n>\n> CVE-2025-24801: An authenticated user can upload and force the\n> execution of \\*.php files located on the GLPI server. This\n> vulnerability is fixed in 10.0.18.\n", "id": "FreeBSD-2025-0155", "modified": "2025-05-29T00:00:00Z", "published": "2025-05-29T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://github.com/glpi-project/glpi/releases/tag/10.0.18" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-11955" }, { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-11955" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2025-23024" }, { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-23024" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2025-23046" }, { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-23046" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2025-25192" }, { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-25192" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2025-21626" }, { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-21626" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2025-21627" }, { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-21627" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2025-21619" }, { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-21619" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2025-24799" }, { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-24799" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2025-24801" }, { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-24801" } ], "schema_version": "1.7.0", "summary": "glpi-project -- GLPI multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "electron34" }, "ranges": [ { "events": [ { "fixed": "34.5.7" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "electron35" }, "ranges": [ { "events": [ { "fixed": "35.5.0" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://github.com/electron/electron/releases/tag/v34.5.7" ], "discovery": "2025-05-29T00:00:00Z", "references": { "cvename": [ "CVE-2025-4609", "CVE-2025-4664" ] }, "vid": "47ef0ac6-38fc-4b35-850b-c794f04619fe" }, "details": "Electron developers report:\n\n> This update fixes the following vulnerability:\n>\n> - Security: backported fix for CVE-2025-4609.\n> - Security: backported fix for CVE-2025-4664.\n", "id": "FreeBSD-2025-0154", "modified": "2025-05-29T00:00:00Z", "published": "2025-05-29T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://github.com/electron/electron/releases/tag/v34.5.7" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2025-4609" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2025-4664" }, { "type": "ADVISORY", "url": "https://github.com/advisories/GHSA-vxhm-55mv-5fhx" } ], "schema_version": "1.7.0", "summary": "electron{34,35} -- multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "kea" }, "ranges": [ { "events": [ { "fixed": "2.6.3" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://kb.isc.org/docs/" ], "discovery": "2025-05-28T00:00:00Z", "references": { "cvename": [ "CVE-2025-32801", "CVE-2025-32802", "CVE-2025-32803" ] }, "vid": "34744aab-3bf7-11f0-b81c-001b217e4ee5" }, "details": "Internet Systems Consortium, Inc. reports:\n\n> - Loading a malicious hook library can lead to local privilege\n> escalation https://kb.isc.org/docs/cve-2025-32801\n> - Insecure handling of file paths allows multiple local attacks\n> https://kb.isc.org/docs/cve-2025-32802\n> - Insecure file permissions can result in confidential information\n> leakage https://kb.isc.org/docs/cve-2025-32803\n", "id": "FreeBSD-2025-0153", "modified": "2025-05-28T00:00:00Z", "published": "2025-05-28T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://kb.isc.org/docs/" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2025-32801" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2025-32802" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2025-32803" } ], "schema_version": "1.7.0", "summary": "ISC KEA -- Multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "grafana" }, "ranges": [ { "events": [ { "introduced": "8.0.0" }, { "fixed": "10.4.18+security-01" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "11.0.0" }, { "fixed": "11.2.9+security-01" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "11.3.0" }, { "fixed": "11.3.6+security-01" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "11.4.0" }, { "fixed": "11.4.4+security-01" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "11.5.0" }, { "fixed": "11.5.4+security-01" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "11.6.0" }, { "fixed": "11.6.1+security-01" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "12.0.0" }, { "fixed": "12.0.0+security-01" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "grafana8" }, "ranges": [ { "events": [ { "introduced": "8.0.0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "grafana9" }, "ranges": [ { "events": [ { "introduced": "9.0.0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://grafana.com/security/security-advisories/cve-2025-4123/" ], "discovery": "2025-04-26T00:00:00Z", "references": { "cvename": [ "CVE-2025-4123" ] }, "vid": "45eb98d6-3b13-11f0-97f7-b42e991fc52e" }, "details": "security@grafana.com reports:\n\n> A cross-site scripting (XSS) vulnerability exists in Grafana caused by\n> combining a client path traversal and open redirect. This allows\n> attackers to redirect users to a website that hosts a frontend plugin\n> that will execute arbitrary JavaScript. This vulnerability does not\n> require editor permissions and if anonymous access is enabled, the XSS\n> will work. If the Grafana Image Renderer plugin is installed, it is\n> possible to exploit the open redirect to achieve a full read SSRF. The\n> default Content-Security-Policy (CSP) in Grafana will block the XSS\n> though the \\`connect-src\\` directive.\n", "id": "FreeBSD-2025-0152", "modified": "2025-05-27T00:00:00Z", "published": "2025-05-27T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://grafana.com/security/security-advisories/cve-2025-4123/" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2025-4123" }, { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-4123" } ], "schema_version": "1.7.0", "summary": "grafana -- XSS vulnerability" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "python39" }, "ranges": [ { "events": [ { "fixed": "3.9.22_1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "python310" }, "ranges": [ { "events": [ { "fixed": "3.10.17_1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "python311" }, "ranges": [ { "events": [ { "fixed": "3.11.12_1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "python312" }, "ranges": [ { "events": [ { "fixed": "3.12.10_1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://github.com/python/cpython/commit/69b4387f78f413e8c47572a85b3478c47eba8142" ], "discovery": "2025-05-15T00:00:00Z", "references": { "cvename": [ "CVE-2025-4516" ] }, "vid": "e587b52d-38ac-11f0-b7b6-dcfe074bd614" }, "details": "cna@python.org reports:\n\n> There is an issue in CPython when using\n> \\`bytes.decode(\\\"unicode_escape\\\", error=\\\"ignore\\|replace\\\")\\`. If\n> you are not using the \\\"unicode_escape\\\" encoding or an error handler\n> your usage is not affected. To work-around this issue you may stop\n> using the error= handler and instead wrap the bytes.decode() call in a\n> try-except catching the DecodeError.\n", "id": "FreeBSD-2025-0151", "modified": "2025-05-24T00:00:00Z", "published": "2025-05-24T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://github.com/python/cpython/commit/69b4387f78f413e8c47572a85b3478c47eba8142" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2025-4516" }, { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-4516" } ], "schema_version": "1.7.0", "summary": "cpython -- Use-after-free in \"unicode_escape\" decoder with error handler" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "openssl35" }, "ranges": [ { "events": [ { "fixed": "3.5.0_1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://openssl-library.org/news/secadv/20250522.txt" ], "discovery": "2025-05-23T00:00:00Z", "references": { "cvename": [ "CVE-2025-4575" ] }, "vid": "5baa64d6-37ee-11f0-a116-8447094a420f" }, "details": "The OpenSSL project reports:\n\n> The x509 application adds trusted use instead of rejected use (low)\n", "id": "FreeBSD-2025-0150", "modified": "2025-05-23T00:00:00Z", "published": "2025-05-23T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://openssl-library.org/news/secadv/20250522.txt" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2025-4575" }, { "type": "WEB", "url": "https://openssl-library.org/news/secadv/20250522.txt" } ], "schema_version": "1.7.0", "summary": "OpenSSL -- Inverted security logic in x509 app" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "firefox" }, "ranges": [ { "events": [ { "fixed": "137.0.2,2" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://bugzilla.mozilla.org/show_bug.cgi?id=1951554" ], "discovery": "2025-04-15T00:00:00Z", "references": { "cvename": [ "CVE-2025-3608" ] }, "vid": "6529e5e7-36d5-11f0-8f57-b42e991fc52e" }, "details": "security@mozilla.org reports:\n\n> A race condition existed in nsHttpTransaction that could have been\n> exploited to cause memory corruption, potentially leading to an\n> exploitable condition.\n", "id": "FreeBSD-2025-0149", "modified": "2025-05-22T00:00:00Z", "published": "2025-05-22T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1951554" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2025-3608" }, { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-3608" } ], "schema_version": "1.7.0", "summary": "Firefox -- memory corruption due to race condition" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "gitlab-ce" }, "ranges": [ { "events": [ { "introduced": "18.0.0" }, { "fixed": "18.0.1" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "17.11.0" }, { "fixed": "17.11.3" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "10.2.0" }, { "fixed": "17.10.7" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "gitlab-ee" }, "ranges": [ { "events": [ { "introduced": "18.0.0" }, { "fixed": "18.0.1" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "17.11.0" }, { "fixed": "17.11.3" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "10.2.0" }, { "fixed": "17.10.7" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://about.gitlab.com/releases/2025/05/21/patch-release-gitlab-18-0-1-released/" ], "discovery": "2025-05-21T00:00:00Z", "references": { "cvename": [ "CVE-2025-0993", "CVE-2024-12093", "CVE-2024-7803", "CVE-2025-3111", "CVE-2025-2853", "CVE-2025-4979", "CVE-2025-0605", "CVE-2025-0679", "CVE-2024-9163", "CVE-2025-1110" ] }, "vid": "a1a1b0c2-3791-11f0-8600-2cf05da270f3" }, "details": "Gitlab reports:\n\n> Unprotected large blob endpoint in GitLab allows Denial of Service\n>\n> Improper XPath validation allows modified SAML response to bypass 2FA\n> requirement\n>\n> A Discord webhook integration may cause DoS\n>\n> Unbounded Kubernetes cluster tokens may lead to DoS\n>\n> Unvalidated notes position may lead to Denial of Service\n>\n> Hidden/masked variables may get exposed in the UI\n>\n> Two-factor authentication requirement bypass\n>\n> View full email addresses that should be partially obscured\n>\n> Branch name confusion in confidential MRs\n>\n> Unauthorized access to job data via a GraphQL query\n", "id": "FreeBSD-2025-0148", "modified": "2025-05-23T00:00:00Z", "published": "2025-05-23T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://about.gitlab.com/releases/2025/05/21/patch-release-gitlab-18-0-1-released/" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2025-0993" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-12093" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-7803" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2025-3111" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2025-2853" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2025-4979" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2025-0605" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2025-0679" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-9163" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2025-1110" }, { "type": "WEB", "url": "https://about.gitlab.com/releases/2025/05/21/patch-release-gitlab-18-0-1-released/" } ], "schema_version": "1.7.0", "summary": "Gitlab -- vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "screen" }, "ranges": [ { "events": [ { "fixed": "5.0.1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://lists.gnu.org/archive/html/info-gnu/2025-05/msg00002.html" ], "discovery": "2025-05-12T00:00:00Z", "references": { "cvename": [ "CVE-2025-46805", "CVE-2025-46804", "CVE-2025-46803", "CVE-2025-46802", "CVE-2025-23395" ] }, "vid": "4abd86c1-366d-11f0-9c0c-000c29ffbb6c" }, "details": "The screen project reports:\n\n> Multiple security issues in screen.\n", "id": "FreeBSD-2025-0147", "modified": "2025-05-21T00:00:00Z", "published": "2025-05-21T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://lists.gnu.org/archive/html/info-gnu/2025-05/msg00002.html" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2025-46805" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2025-46804" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2025-46803" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2025-46802" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2025-23395" }, { "type": "WEB", "url": "https://lists.gnu.org/archive/html/info-gnu/2025-05/msg00002.html" } ], "schema_version": "1.7.0", "summary": "screen -- multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "firefox" }, "ranges": [ { "events": [ { "fixed": "138.0.4,2" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "firefox-esr" }, "ranges": [ { "events": [ { "fixed": "128.10.1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://bugzilla.mozilla.org/show_bug.cgi?id=1966614" ], "discovery": "2025-05-17T00:00:00Z", "references": { "cvename": [ "CVE-2025-4918", "CVE-2025-4919" ] }, "vid": "07560111-34cc-11f0-af94-b42e991fc52e" }, "details": "security@mozilla.org reports:\n\n> An attacker was able to perform an out-of-bounds read or write on a\n> JavaScript object by confusing array index sizes.\n", "id": "FreeBSD-2025-0146", "modified": "2025-05-19T00:00:00Z", "published": "2025-05-19T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1966614" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2025-4918" }, { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-4918" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2025-4919" }, { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-4919" } ], "schema_version": "1.7.0", "summary": "firefox -- out-of-bounds read/write" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "weechat" }, "ranges": [ { "events": [ { "fixed": "4.6.3" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://weechat.org/doc/weechat/security/" ], "discovery": "2025-05-11T00:00:00Z", "vid": "46594aa3-32f7-11f0-a116-8447094a420f" }, "details": "The Weechat project reports:\n\n> Multiple integer and buffer overflows in WeeChat core.\n", "id": "FreeBSD-2025-0145", "modified": "2025-05-17T00:00:00Z", "published": "2025-05-17T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://weechat.org/doc/weechat/security/" }, { "type": "WEB", "url": "https://weechat.org/doc/weechat/security/" } ], "schema_version": "1.7.0", "summary": "WeeChat -- Multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "chromium" }, "ranges": [ { "events": [ { "fixed": "136.0.7103.113" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "ungoogled-chromium" }, "ranges": [ { "events": [ { "fixed": "136.0.7103.113" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://chromereleases.googleblog.com/2025/05/stable-channel-update-for-desktop_14.html" ], "discovery": "2025-05-14T00:00:00Z", "references": { "cvename": [ "CVE-2025-4664", "CVE-2025-4609" ] }, "vid": "79400d31-3166-11f0-8cb5-a8a1599412c6" }, "details": "Chrome Releases reports:\n\n> This update includes 4 security fixes:\n>\n> - \\[415810136\\] High CVE-2025-4664: Insufficient policy enforcement in\n> Loader. Source: X post from \\@slonser\\_ on 2025-05-05\n> - \\[412578726\\] High CVE-2025-4609: Incorrect handle provided in\n> unspecified circumstances in Mojo. Reported by Micky on 2025-04-22\n", "id": "FreeBSD-2025-0144", "modified": "2025-05-15T00:00:00Z", "published": "2025-05-15T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://chromereleases.googleblog.com/2025/05/stable-channel-update-for-desktop_14.html" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2025-4664" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2025-4609" }, { "type": "WEB", "url": "https://chromereleases.googleblog.com/2025/05/stable-channel-update-for-desktop_14.html" } ], "schema_version": "1.7.0", "summary": "chromium -- multiple security fixes" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "firefox" }, "ranges": [ { "events": [ { "fixed": "138.0,2" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "firefox-esr" }, "ranges": [ { "events": [ { "fixed": "128.10" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "thunderbird" }, "ranges": [ { "events": [ { "fixed": "138.0" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://bugzilla.mozilla.org/buglist.cgi?bug_id=1951161%2C1952105" ], "discovery": "2025-04-29T00:00:00Z", "references": { "cvename": [ "CVE-2025-4091" ] }, "vid": "52efdd56-30bd-11f0-81be-b42e991fc52e" }, "details": "security@mozilla.org reports:\n\n> Memory safety bugs present in Firefox 137, Thunderbird 137, Firefox\n> ESR 128.9, and Thunderbird 128.9. Some of these bugs showed evidence\n> of memory corruption and we presume that with enough effort some of\n> these could have been exploited to run arbitrary code.\n", "id": "FreeBSD-2025-0143", "modified": "2025-05-14T00:00:00Z", "published": "2025-05-14T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://bugzilla.mozilla.org/buglist.cgi?bug_id=1951161%2C1952105" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2025-4091" }, { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-4091" } ], "schema_version": "1.7.0", "summary": "Mozilla -- memory safety bugs" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "firefox-esr" }, "ranges": [ { "events": [ { "fixed": "128.10" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "thunderbird" }, "ranges": [ { "events": [ { "fixed": "128.10" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://bugzilla.mozilla.org/show_bug.cgi?id=1894100" ], "discovery": "2025-04-29T00:00:00Z", "references": { "cvename": [ "CVE-2025-4093" ] }, "vid": "4f17db64-30bd-11f0-81be-b42e991fc52e" }, "details": "security@mozilla.org reports:\n\n> Memory safety bug present in Firefox ESR 128.9, and Thunderbird 128.9.\n> This bug showed evidence of memory corruption and we presume that with\n> enough effort this could have been exploited to run arbitrary code.\n", "id": "FreeBSD-2025-0142", "modified": "2025-05-14T00:00:00Z", "published": "2025-05-14T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1894100" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2025-4093" }, { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-4093" } ], "schema_version": "1.7.0", "summary": "Mozilla -- memory corruption" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "vscode" }, "ranges": [ { "events": [ { "fixed": "1.100.1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://github.com/microsoft/vscode/security/advisories/GHSA-742r-ggwg-vqxm" ], "discovery": "2025-05-13T00:00:00Z", "references": { "cvename": [ "CVE-2025-21264" ] }, "vid": "6f10b49d-07b1-4be4-8abf-edf880b16ad2" }, "details": "VSCode developers report:\n\n> A security feature bypass vulnerability exists in VS Code 1.100.0 and\n> earlier versions where a maliciously crafted URL could be considered\n> trusted when it should not have due to how VS Code handled glob\n> patterns in the trusted domains feature. When paired with the #fetch\n> tool in Chat, this scenario would require the attacker to convince an\n> LLM (via prompt injection) to fetch the maliciously crafted URL but\n> when fetched, the user would have no moment to confirm the flighting\n> of the request.\n", "id": "FreeBSD-2025-0141", "modified": "2025-05-14T00:00:00Z", "published": "2025-05-14T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://github.com/microsoft/vscode/security/advisories/GHSA-742r-ggwg-vqxm" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2025-21264" }, { "type": "WEB", "url": "https://github.com/microsoft/vscode/security/advisories/GHSA-742r-ggwg-vqxm" }, { "type": "WEB", "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21264" } ], "schema_version": "1.7.0", "summary": "vscode -- security feature bypass vulnerability" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "libxslt" }, "ranges": [ { "events": [ { "fixed": "1.1.43" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://gitlab.gnome.org/GNOME/libxslt/-/issues/127", "https://gitlab.gnome.org/GNOME/libxslt/-/issues/128" ], "discovery": "2025-03-13T00:00:00Z", "references": { "cvename": [ "CVE-2024-55549", "CVE-2025-24855" ] }, "vid": "a96cd659-303e-11f0-94b5-54ee755069b5" }, "details": "# \\[CVE-2024-55549\\] Fix UAF related to excluded namespaces\n\n> xsltGetInheritedNsList in libxslt before 1.1.43 has a use-after-free\n> issue related to exclusion of result prefixes.\n\n# \\[CVE-2025-24855\\] Fix use-after-free of XPath context node\n\n> numbers.c in libxslt before 1.1.43 has a use-after-free because , in\n> nested XPath evaluations, an XPath context node can be modified but\n> never restored. This is related to xsltNumberFormatGetValue,\n> xsltEvalXPathPredicate, xsltEvalXPathStringNs, and\n> xsltComputeSortResultInternal.\n", "id": "FreeBSD-2025-0140", "modified": "2025-05-13T00:00:00Z", "published": "2025-05-13T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://gitlab.gnome.org/GNOME/libxslt/-/issues/127" }, { "type": "REPORT", "url": "https://gitlab.gnome.org/GNOME/libxslt/-/issues/128" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-55549" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2025-24855" }, { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-55549" }, { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-24855" } ], "schema_version": "1.7.0", "summary": "libxslt -- multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "varnish7" }, "ranges": [ { "events": [ { "fixed": "7.7.1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://varnish-cache.org/security/VSV00016.html" ], "discovery": "2025-05-12T00:00:00Z", "vid": "89c668d5-2f80-11f0-9632-641c67a117d8" }, "details": "The Varnish Development Team reports:\n\n> A client-side desync vulnerability can be triggered in Varnish Cache\n> and Varnish Enterprise. This vulnerability can be triggered under\n> specific circumstances involving malformed HTTP/1 requests.\n>\n> An attacker can abuse a flaw in Varnish\\'s handling of chunked\n> transfer encoding which allows certain malformed HTTP/1 requests to\n> exploit improper framing of the message body to smuggle additional\n> requests. Specifically, Varnish incorrectly permits CRLF to be skipped\n> to delimit chunk boundaries.\n", "id": "FreeBSD-2025-0139", "modified": "2025-05-12T00:00:00Z", "published": "2025-05-12T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://varnish-cache.org/security/VSV00016.html" }, { "type": "WEB", "url": "https://varnish-cache.org/security/VSV00016.html" } ], "schema_version": "1.7.0", "summary": "www/varnish7 -- Request Smuggling Attack" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "firefox" }, "ranges": [ { "events": [ { "fixed": "138.0,2" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "thunderbird" }, "ranges": [ { "events": [ { "fixed": "138.0" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://bugzilla.mozilla.org/buglist.cgi?bug_id=1924108%2C1950780%2C1959367" ], "discovery": "2025-04-29T00:00:00Z", "references": { "cvename": [ "CVE-2025-4092" ] }, "vid": "a8a1a8e7-2e85-11f0-a989-b42e991fc52e" }, "details": "security@mozilla.org reports:\n\n> Memory safety bugs present in Firefox 137 and Thunderbird 137. Some of\n> these bugs showed evidence of memory corruption and we presume that\n> with enough effort some of these could have been exploited to run\n> arbitrary code.\n", "id": "FreeBSD-2025-0138", "modified": "2025-05-11T00:00:00Z", "published": "2025-05-11T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://bugzilla.mozilla.org/buglist.cgi?bug_id=1924108%2C1950780%2C1959367" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2025-4092" }, { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-4092" } ], "schema_version": "1.7.0", "summary": "Mozilla -- memory corruption" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "firefox" }, "ranges": [ { "events": [ { "fixed": "138.0,2" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "thunderbird" }, "ranges": [ { "events": [ { "fixed": "138.0" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://bugzilla.mozilla.org/buglist.cgi?bug_id=1949994%2C1956698%2C1960198" ], "discovery": "2025-04-29T00:00:00Z", "references": { "cvename": [ "CVE-2025-4089" ] }, "vid": "a59bd59e-2e85-11f0-a989-b42e991fc52e" }, "details": "security@mozilla.org reports:\n\n> Due to insufficient escaping of special characters in the \\\"copy as\n> cURL\\\" feature, an attacker could trick a user into using this\n> command, potentially leading to local code execution on the user\\'s\n> system.\n", "id": "FreeBSD-2025-0137", "modified": "2025-05-11T00:00:00Z", "published": "2025-05-11T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://bugzilla.mozilla.org/buglist.cgi?bug_id=1949994%2C1956698%2C1960198" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2025-4089" }, { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-4089" } ], "schema_version": "1.7.0", "summary": "Mozilla -- insufficient character escaping" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "firefox" }, "ranges": [ { "events": [ { "fixed": "138.0,2" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "thunderbird" }, "ranges": [ { "events": [ { "fixed": "138.0" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://bugzilla.mozilla.org/show_bug.cgi?id=1953521" ], "discovery": "2025-04-29T00:00:00Z", "references": { "cvename": [ "CVE-2025-4088" ] }, "vid": "a4422500-2e85-11f0-a989-b42e991fc52e" }, "details": "security@mozilla.org reports:\n\n> A security vulnerability in Thunderbird allowed malicious sites to use\n> redirects to send credentialed requests to arbitrary endpoints on any\n> site that had invoked the Storage Access API. This enabled potential\n> Cross-Site Request Forgery attacks across origins.\n", "id": "FreeBSD-2025-0136", "modified": "2025-05-11T00:00:00Z", "published": "2025-05-11T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1953521" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2025-4088" }, { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-4088" } ], "schema_version": "1.7.0", "summary": "Mozilla -- Cross-Site Request Forgery" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "firefox" }, "ranges": [ { "events": [ { "fixed": "138.0,2" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "firefox-esr" }, "ranges": [ { "events": [ { "fixed": "128.10,1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "thunderbird" }, "ranges": [ { "events": [ { "fixed": "138" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://bugzilla.mozilla.org/show_bug.cgi?id=1952465" ], "discovery": "2025-04-29T00:00:00Z", "references": { "cvename": [ "CVE-2025-4087" ] }, "vid": "a2d5bd7b-2e85-11f0-a989-b42e991fc52e" }, "details": "security@mozilla.org reports:\n\n> A vulnerability was identified in Thunderbird where XPath parsing\n> could trigger undefined behavior due to missing null checks during\n> attribute access. This could lead to out-of-bounds read access and\n> potentially, memory corruption.\n", "id": "FreeBSD-2025-0135", "modified": "2025-05-11T00:00:00Z", "published": "2025-05-11T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1952465" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2025-4087" }, { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-4087" } ], "schema_version": "1.7.0", "summary": "Mozilla -- XPath parsing undefined behavior" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "firefox" }, "ranges": [ { "events": [ { "fixed": "138.0,2" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "thunderbird" }, "ranges": [ { "events": [ { "fixed": "138.0" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://bugzilla.mozilla.org/show_bug.cgi?id=1915280" ], "discovery": "2025-04-29T00:00:00Z", "references": { "cvename": [ "CVE-2025-4085" ] }, "vid": "9fa8c4a2-2e85-11f0-a989-b42e991fc52e" }, "details": "security@mozilla.org reports:\n\n> An attacker with control over a content process could potentially\n> leverage the privileged UITour actor to leak sensitive information or\n> escalate privileges.\n", "id": "FreeBSD-2025-0134", "modified": "2025-05-11T00:00:00Z", "published": "2025-05-11T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1915280" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2025-4085" }, { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-4085" } ], "schema_version": "1.7.0", "summary": "Mozilla -- Information leak" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "firefox" }, "ranges": [ { "events": [ { "fixed": "138.0,2" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "firefox-esr" }, "ranges": [ { "events": [ { "fixed": "128.10,1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "thunderbird" }, "ranges": [ { "events": [ { "fixed": "138.0" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://bugzilla.mozilla.org/show_bug.cgi?id=1958350" ], "discovery": "2025-04-29T00:00:00Z", "references": { "cvename": [ "CVE-2025-4083" ] }, "vid": "9c37a02e-2e85-11f0-a989-b42e991fc52e" }, "details": "security@mozilla.org reports:\n\n> A process isolation vulnerability in Thunderbird stemmed from improper\n> handling of javascript: URIs, which could allow content to execute in\n> the top-level document\\'s process instead of the intended frame,\n> potentially enabling a sandbox escape.\n", "id": "FreeBSD-2025-0133", "modified": "2025-05-11T00:00:00Z", "published": "2025-05-11T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1958350" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2025-4083" }, { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-4083" } ], "schema_version": "1.7.0", "summary": "Mozilla -- javascript content execution" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "gitlab-ce" }, "ranges": [ { "events": [ { "introduced": "17.11.0" }, { "fixed": "17.11.2" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "17.10.0" }, { "fixed": "17.10.6" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "12.0.0" }, { "fixed": "17.9.8" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "gitlab-ee" }, "ranges": [ { "events": [ { "introduced": "17.11.0" }, { "fixed": "17.11.2" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "17.10.0" }, { "fixed": "17.10.6" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "12.0.0" }, { "fixed": "17.9.8" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://about.gitlab.com/releases/2025/05/07/patch-release-gitlab-17-11-2-released/" ], "discovery": "2025-05-07T00:00:00Z", "references": { "cvename": [ "CVE-2025-0549", "CVE-2024-8973", "CVE-2025-1278" ] }, "vid": "6943cbf2-2d55-11f0-9471-2cf05da270f3" }, "details": "Gitlab reports:\n\n> Partial Bypass for Device OAuth flow using Cross Window Forgery\n>\n> Denial of service by abusing Github import API\n>\n> Group IP restriction bypass allows disclosing issue title of\n> restricted project\n", "id": "FreeBSD-2025-0132", "modified": "2025-05-10T00:00:00Z", "published": "2025-05-10T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://about.gitlab.com/releases/2025/05/07/patch-release-gitlab-17-11-2-released/" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2025-0549" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-8973" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2025-1278" }, { "type": "WEB", "url": "https://about.gitlab.com/releases/2025/05/07/patch-release-gitlab-17-11-2-released/" } ], "schema_version": "1.7.0", "summary": "Gitlab -- vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "postgresql17-client" }, "ranges": [ { "events": [ { "fixed": "17.5" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "postgresql16-client" }, "ranges": [ { "events": [ { "fixed": "16.9" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "postgresql15-client" }, "ranges": [ { "events": [ { "fixed": "15.13" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "postgresql14-client" }, "ranges": [ { "events": [ { "fixed": "14.18" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "postgresql13-client" }, "ranges": [ { "events": [ { "fixed": "13.21" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "postgresql17-server" }, "ranges": [ { "events": [ { "fixed": "17.5" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "postgresql16-server" }, "ranges": [ { "events": [ { "fixed": "16.9" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "postgresql15-server" }, "ranges": [ { "events": [ { "fixed": "15.13" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "postgresql14-server" }, "ranges": [ { "events": [ { "fixed": "14.18" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "postgresql13-server" }, "ranges": [ { "events": [ { "fixed": "13.21" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://www.postgresql.org/support/security/CVE-2025-4207/" ], "discovery": "2025-05-08T00:00:00Z", "references": { "cvename": [ "CVE-2025-4207" ] }, "vid": "78b8e808-2c45-11f0-9a65-6cc21735f730" }, "details": "PostgreSQL project reports:\n\n> A buffer over-read in PostgreSQL GB18030 encoding validation allows a\n> database input provider to achieve temporary denial of service on\n> platforms where a 1-byte over-read can elicit process termination.\n> This affects the database server and also libpq. Versions before\n> PostgreSQL 17.5, 16.9, 15.13, 14.18, and 13.21 are affected.\n", "id": "FreeBSD-2025-0131", "modified": "2025-05-08T00:00:00Z", "published": "2025-05-08T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://www.postgresql.org/support/security/CVE-2025-4207/" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2025-4207" }, { "type": "WEB", "url": "https://www.postgresql.org/support/security/CVE-2025-4207/" } ], "schema_version": "1.7.0", "summary": "PostgreSQL -- PostgreSQL GB18030 encoding validation can read one byte past end of allocation for text that fails validation" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "chromium" }, "ranges": [ { "events": [ { "fixed": "136.0.7103.92" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "ungoogled-chromium" }, "ranges": [ { "events": [ { "fixed": "136.0.7103.92" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://chromereleases.googleblog.com/2025/05/stable-channel-update-for-desktop.html" ], "discovery": "2025-05-06T00:00:00Z", "references": { "cvename": [ "CVE-2025-4372" ] }, "vid": "db221414-2b0d-11f0-8cb5-a8a1599412c6" }, "details": "Chrome Releases reports:\n\n> This update includes 2 security fixes:\n>\n> - \\[412057896\\] Medium CVE-2025-4372: Use after free in WebAudio.\n> Reported by Huang Xilin of Ant Group Light-Year Security Lab on\n> 2025-04-20\n", "id": "FreeBSD-2025-0130", "modified": "2025-05-07T00:00:00Z", "published": "2025-05-07T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://chromereleases.googleblog.com/2025/05/stable-channel-update-for-desktop.html" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2025-4372" }, { "type": "WEB", "url": "https://chromereleases.googleblog.com/2025/05/stable-channel-update-for-desktop.html" } ], "schema_version": "1.7.0", "summary": "chromium -- multiple security fixes" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "chromium" }, "ranges": [ { "events": [ { "fixed": "136.0.7103.59" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "ungoogled-chromium" }, "ranges": [ { "events": [ { "fixed": "136.0.7103.59" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://chromereleases.googleblog.com/2025/04/stable-channel-update-for-desktop_29.html" ], "discovery": "2025-04-29T00:00:00Z", "references": { "cvename": [ "CVE-2025-4096", "CVE-2025-4050", "CVE-2025-4051", "CVE-2025-4052" ] }, "vid": "e195e915-2a43-11f0-8cb5-a8a1599412c6" }, "details": "Chrome Releases reports:\n\n> This update includes 8 security fixes:\n>\n> - \\[409911705\\] High CVE-2025-4096: Heap buffer overflow in HTML.\n> Reported by Anonymous on 2025-04-11\n> - \\[409342999\\] Medium CVE-2025-4050: Out of bounds memory access in\n> DevTools. Reported by Anonymous on 2025-04-09\n> - \\[404000989\\] Medium CVE-2025-4051: Insufficient data validation in\n> DevTools. Reported by Daniel Fr\u00f6jdendahl on 2025-03-16\n> - \\[401927528\\] Low CVE-2025-4052: Inappropriate implementation in\n> DevTools. Reported by vanillawebdev on 2025-03-10\n", "id": "FreeBSD-2025-0129", "modified": "2025-05-06T00:00:00Z", "published": "2025-05-06T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://chromereleases.googleblog.com/2025/04/stable-channel-update-for-desktop_29.html" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2025-4096" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2025-4050" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2025-4051" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2025-4052" }, { "type": "WEB", "url": "https://chromereleases.googleblog.com/2025/04/stable-channel-update-for-desktop_29.html" } ], "schema_version": "1.7.0", "summary": "chromium -- multiple security fixes" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "fcgi" }, "ranges": [ { "events": [ { "fixed": "2.4.5" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://github.com/FastCGI-Archives/fcgi2/issues/67" ], "discovery": "2025-01-10T00:00:00Z", "references": { "cvename": [ "CVE-2025-23016" ] }, "vid": "5f868a5f-2943-11f0-bb22-f02f7432cf97" }, "details": "cve@mitre.org reports:\n\n> FastCGI fcgi2 (aka fcgi) 2.x through 2.4.4 has an integer overflow\n> (and resultant heap-based buffer overflow) via crafted nameLen or\n> valueLen values in data to the IPC socket. This occurs in ReadParams\n> in fcgiapp.c.\n", "id": "FreeBSD-2025-0128", "modified": "2025-05-04T00:00:00Z", "published": "2025-05-04T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://github.com/FastCGI-Archives/fcgi2/issues/67" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2025-23016" }, { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-23016" }, { "type": "WEB", "url": "https://github.com/FastCGI-Archives/fcgi2/issues/67" } ], "schema_version": "1.7.0", "summary": "fcgi -- Heap-based buffer overflow via crafted nameLen/valueLen in ReadParams" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "null" }, "ranges": [ { "events": [ { "fixed": "null" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://dnsdist.org/security-advisories/powerdns-advisory-for-dnsdist-2025-02.html" ], "discovery": "2025-04-29T00:00:00Z", "references": { "cvename": [ "CVE-2025-30194" ] }, "vid": "7e7a32e7-2901-11f0-ab20-b42e991fc52e" }, "details": "security@open-xchange.com reports:\n\n> When DNSdist is configured to provide DoH via the nghttp2provider, an\n> attacker can cause a denial of service by crafting a DoH exchange that\n> triggers an illegal memory access (double-free) and crash of DNSdist,\n> causing a denial of service. The remedy is: upgrade to the patched\n> 1.9.9 version. A workaround is to temporarily switch to the h2o\n> provider until DNSdist has been upgraded to a fixed version. We would\n> like to thank Charles Howes for bringing this issue to our attention.\n", "id": "FreeBSD-2025-0127", "modified": "2025-05-04T00:00:00Z", "published": "2025-05-04T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://dnsdist.org/security-advisories/powerdns-advisory-for-dnsdist-2025-02.html" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2025-30194" }, { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-30194" } ], "schema_version": "1.7.0", "summary": "dnsdist -- Denial of service via crafted DoH exchange" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "powerdns-recursor" }, "ranges": [ { "events": [ { "introduced": "5.2.0" }, { "last_affected": "5.2.0" }, { "fixed": "5.2.0" } ], "type": "ECOSYSTEM" } ], "versions": [ "5.2.0" ] } ], "database_specific": { "cite": [ "https://blog.powerdns.com/2025/04/07/powerdns-recursor-5-2-1-released" ], "discovery": "2025-04-07T00:00:00Z", "references": { "cvename": [ "CVE-2025-30195" ] }, "vid": "d70d5e0a-1f5e-11f0-9c67-6805ca2fa271" }, "details": "PowerDNS Team reports:\n\n> PowerDNS Security Advisory 2025-01: A crafted zone can lead to an\n> illegal memory access in the Recursor\n", "id": "FreeBSD-2025-0126", "modified": "2025-04-22T00:00:00Z", "published": "2025-04-22T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://blog.powerdns.com/2025/04/07/powerdns-recursor-5-2-1-released" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2025-30195" }, { "type": "WEB", "url": "https://docs.powerdns.com/recursor/security-advisories/powerdns-advisory-2025-01.html" } ], "schema_version": "1.7.0", "summary": "powerdns-recursor -- denial of service" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "sqlite" }, "ranges": [ { "events": [ { "fixed": "3.49.1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://gist.github.com/ylwango613/a44a29f1ef074fa783e29f04a0afd62a" ], "discovery": "2025-04-07T00:00:00Z", "references": { "cvename": [ "CVE-2025-29087" ] }, "vid": "409206f6-25e6-11f0-9360-b42e991fc52e" }, "details": "cve@mitre.org reports:\n\n> In SQLite 3.44.0 through 3.49.0 before 3.49.1, the concat_ws() SQL\n> function can cause memory to be written beyond the end of a\n> malloc-allocated buffer. If the separator argument is\n> attacker-controlled and has a large string (e.g., 2MB or more), an\n> integer overflow occurs in calculating the size of the result buffer,\n> and thus malloc may not allocate enough memory.\n", "id": "FreeBSD-2025-0125", "modified": "2025-04-30T00:00:00Z", "published": "2025-04-30T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://gist.github.com/ylwango613/a44a29f1ef074fa783e29f04a0afd62a" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2025-29087" }, { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-29087" } ], "schema_version": "1.7.0", "summary": "sqlite -- integer overflow" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "py39-h11" }, "ranges": [ { "events": [ { "fixed": "0.16.0" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "py310-h11" }, "ranges": [ { "events": [ { "fixed": "0.16.0" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "py311-h11" }, "ranges": [ { "events": [ { "fixed": "0.16.0" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "py312-h11" }, "ranges": [ { "events": [ { "fixed": "0.16.0" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://github.com/python-hyper/h11/security/advisories/GHSA-vqfr-h8mv-ghfj" ], "discovery": "2025-04-24T00:00:00Z", "references": { "cvename": [ "CVE-2025-43859" ] }, "vid": "df126e23-24fa-11f0-ab92-f02f7497ecda" }, "details": "h11 reports:\n\n> h11 is a Python implementation of HTTP/1.1. Prior to version 0.16.0, a\n> leniency in h11\\'s parsing of line terminators in chunked-coding\n> message bodies can lead to request smuggling vulnerabilities under\n> certain conditions. This issue has been patched in version 0.16.0.\n> Since exploitation requires the combination of buggy h11 with a buggy\n> (reverse) proxy, fixing either component is sufficient to mitigate\n> this issue.\n", "id": "FreeBSD-2025-0124", "modified": "2025-04-29T00:00:00Z", "published": "2025-04-29T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://github.com/python-hyper/h11/security/advisories/GHSA-vqfr-h8mv-ghfj" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2025-43859" }, { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-43859" } ], "schema_version": "1.7.0", "summary": "h11 accepts some malformed Chunked-Encoding bodies" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "grafana" }, "ranges": [ { "events": [ { "introduced": "8.0.0" }, { "fixed": "10.4.17+security-01" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "11.0.0" }, { "fixed": "11.2.8+security-01" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "11.3.0" }, { "fixed": "11.3.5+security-01" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "11.4.0" }, { "fixed": "11.4.3+security-01" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "11.5.0" }, { "fixed": "11.5.3+security-01" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "11.6.0" }, { "fixed": "11.6.0+security-01" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "grafana8" }, "ranges": [ { "events": [ { "introduced": "8.0.0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "grafana9" }, "ranges": [ { "events": [ { "introduced": "9.0.0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://grafana.com/blog/2025/04/22/grafana-security-release-medium-and-high-severity-fixes-for-cve-2025-3260-cve-2025-2703-cve-2025-3454/" ], "discovery": "2025-03-25T00:00:00Z", "references": { "cvename": [ "CVE-2025-3454" ] }, "vid": "310f5923-211c-11f0-8ca6-6c3be5272acd" }, "details": "Grafana Labs reports:\n\n> This vulnerability, which was discovered while reviewing a pull\n> request from an external contributor, effects Grafana's data source\n> proxy API and allows authorization checks to be bypassed by adding an\n> extra slash character (/) in the URL path. Among Grafana-maintained\n> data sources, the vulnerability only affects the read paths of\n> Prometheus (all flavors) and Alertmanager when configured with basic\n> authorization.\n>\n> The CVSS score for this vulnerability is [5.0\n> MEDIUM](https://www.first.org/cvss/calculator/3-1#CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N).\n", "id": "FreeBSD-2025-0123", "modified": "2025-04-24T00:00:00Z", "published": "2025-04-24T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://grafana.com/blog/2025/04/22/grafana-security-release-medium-and-high-severity-fixes-for-cve-2025-3260-cve-2025-2703-cve-2025-3454/" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2025-3454" }, { "type": "WEB", "url": "https://grafana.com/blog/2025/04/22/grafana-security-release-medium-and-high-severity-fixes-for-cve-2025-3260-cve-2025-2703-cve-2025-3454/" } ], "schema_version": "1.7.0", "summary": "Grafana -- Authorization bypass in data source proxy API" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "grafana" }, "ranges": [ { "events": [ { "introduced": "11.6.0" }, { "fixed": "11.6.0+security-01" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://grafana.com/blog/2025/04/22/grafana-security-release-medium-and-high-severity-fixes-for-cve-2025-3260-cve-2025-2703-cve-2025-3454/" ], "discovery": "2025-04-04T00:00:00Z", "references": { "cvename": [ "CVE-2025-3260" ] }, "vid": "6adfda5a-2118-11f0-8ca6-6c3be5272acd" }, "details": "Grafana Labs reports:\n\n> During the development of a new feature in Grafana 11.6.x, a security\n> vulnerability was introduced that allows for Viewers and Editors to\n> bypass dashboard-specific permissions. As a result, users with the\n> Viewer role could view all the dashboards within their org and users\n> with the Editor role could view, edit, and delete all the dashboards\n> in their org.\n>\n> *Note: Organization isolation boundaries still apply, which means\n> viewers and editors in one organization cannot view or edit dashboards\n> in another org. Also this vulnerability does not allow users to query\n> data via data sources they don't have access to.*\n>\n> The CVSS score for this vulnerability is [8.3\n> HIGH](https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?vector=AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L&version=3.1).\n", "id": "FreeBSD-2025-0122", "modified": "2025-04-24T00:00:00Z", "published": "2025-04-24T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://grafana.com/blog/2025/04/22/grafana-security-release-medium-and-high-severity-fixes-for-cve-2025-3260-cve-2025-2703-cve-2025-3454/" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2025-3260" }, { "type": "WEB", "url": "https://grafana.com/blog/2025/04/22/grafana-security-release-medium-and-high-severity-fixes-for-cve-2025-3260-cve-2025-2703-cve-2025-3454/" } ], "schema_version": "1.7.0", "summary": "Grafana -- Bypass Viewer and Editor permissions" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "grafana" }, "ranges": [ { "events": [ { "introduced": "11.1.0" }, { "fixed": "11.2.8+security-01" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "11.3.0" }, { "fixed": "11.3.5+security-01" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "11.4.0" }, { "fixed": "11.4.3+security-01" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "11.5.0" }, { "fixed": "11.5.3+security-01" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "11.6.0" }, { "fixed": "11.6.0+security-01" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://grafana.com/blog/2025/04/22/grafana-security-release-medium-and-high-severity-fixes-for-cve-2025-3260-cve-2025-2703-cve-2025-3454/" ], "discovery": "2025-03-14T00:00:00Z", "references": { "cvename": [ "CVE-2025-2703" ] }, "vid": "f8b7af82-2116-11f0-8ca6-6c3be5272acd" }, "details": "Grafana Labs reports:\n\n> An external security researcher responsibly reported a security\n> vulnerability in Grafana's built-in [XY chart\n> plugin](https://grafana.com/docs/grafana/latest/panels-visualizations/visualizations/xy-chart/)\n> that is vulnerable to a [DOM XSS\n> vulnerability](https://grafana.com/blog/2023/07/11/trusted-types-how-we-mitigate-xss-threats-in-grafana-10/#what-is-dom-xss).\n>\n> The CVSS score for this vulnerability is [6.8\n> MEDIUM](https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?vector=AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:L/A:L&version=3.1).\n", "id": "FreeBSD-2025-0121", "modified": "2025-04-24T00:00:00Z", "published": "2025-04-24T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://grafana.com/blog/2025/04/22/grafana-security-release-medium-and-high-severity-fixes-for-cve-2025-3260-cve-2025-2703-cve-2025-3454/" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2025-2703" }, { "type": "WEB", "url": "https://grafana.com/security/security-advisories/cve-2025-2703/" } ], "schema_version": "1.7.0", "summary": "Grafana -- DOM XSS vulnerability" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "redis" }, "ranges": [ { "events": [ { "fixed": "7.4.3" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "redis72" }, "ranges": [ { "events": [ { "fixed": "7.2.8" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "redis62" }, "ranges": [ { "events": [ { "fixed": "6.2.18" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "valkey" }, "ranges": [ { "events": [ { "fixed": "8.1.1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://github.com/redis/redis/security/advisories/GHSA-r67f-p999-2gff" ], "discovery": "2025-04-23T00:00:00Z", "references": { "cvename": [ "CVE-2025-21605" ] }, "vid": "af8d043f-20df-11f0-b9c5-000c295725e4" }, "details": "Axel Mierczuk reports:\n\n> By default, the Redis configuration does not limit the output buffer\n> of normal clients (see client-output-buffer-limit). Therefore, the\n> output buffer can grow unlimitedly over time. As a result, the service\n> is exhausted and the memory is unavailable.\n>\n> When password authentication is enabled on the Redis server, but no\n> password is provided, the client can still cause the output buffer to\n> grow from \\\"NOAUTH\\\" responses until the system will run out of\n> memory.\n", "id": "FreeBSD-2025-0120", "modified": "2025-04-24T00:00:00Z", "published": "2025-04-24T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://github.com/redis/redis/security/advisories/GHSA-r67f-p999-2gff" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2025-21605" }, { "type": "WEB", "url": "https://github.com/redis/redis/security/advisories/GHSA-r67f-p999-2gff" } ], "schema_version": "1.7.0", "summary": "redis,valkey -- DoS Vulnerability due to unlimited growth of output buffers abused by unauthenticated client" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "gitlab-ce" }, "ranges": [ { "events": [ { "introduced": "17.11.0" }, { "fixed": "17.11.1" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "17.10.0" }, { "fixed": "17.10.5" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "16.6.0" }, { "fixed": "17.9.7" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "gitlab-ee" }, "ranges": [ { "events": [ { "introduced": "17.11.0" }, { "fixed": "17.11.1" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "17.10.0" }, { "fixed": "17.10.5" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "16.6.0" }, { "fixed": "17.9.7" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://about.gitlab.com/releases/2025/04/23/patch-release-gitlab-17-11-1-released/" ], "discovery": "2025-04-23T00:00:00Z", "references": { "cvename": [ "CVE-2025-1763", "CVE-2025-2443", "CVE-2025-1908", "CVE-2025-0639", "CVE-2024-12244" ] }, "vid": "11b71871-20ba-11f0-9471-2cf05da270f3" }, "details": "Gitlab reports:\n\n> Cross Site Scripting (XSS) in Maven Dependency Proxy through CSP\n> directives\n>\n> Cross Site Scripting (XSS) in Maven dependency proxy through cache\n> headers\n>\n> Network Error Logging (NEL) Header Injection in Maven Dependency Proxy\n> Allows Browser Activity Monitoring\n>\n> Denial of service (DOS) via issue preview\n>\n> Unauthorized access to branch names when Repository assets are\n> disabled in the project\n", "id": "FreeBSD-2025-0119", "modified": "2025-04-24T00:00:00Z", "published": "2025-04-24T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://about.gitlab.com/releases/2025/04/23/patch-release-gitlab-17-11-1-released/" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2025-1763" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2025-2443" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2025-1908" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2025-0639" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-12244" }, { "type": "WEB", "url": "https://about.gitlab.com/releases/2025/04/23/patch-release-gitlab-17-11-1-released/" } ], "schema_version": "1.7.0", "summary": "Gitlab -- Vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "chromium" }, "ranges": [ { "events": [ { "fixed": "135.0.7049.114" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "ungoogled-chromium" }, "ranges": [ { "events": [ { "fixed": "135.0.7049.114" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://chromereleases.googleblog.com/2025/04/stable-channel-update-for-desktop_22.html" ], "discovery": "2025-04-22T00:00:00Z", "vid": "194f79c3-1ffe-11f0-8cb5-a8a1599412c6" }, "details": "Chrome Releases reports:\n\n> This update includes 1 security fix.\n", "id": "FreeBSD-2025-0118", "modified": "2025-04-23T00:00:00Z", "published": "2025-04-23T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://chromereleases.googleblog.com/2025/04/stable-channel-update-for-desktop_22.html" }, { "type": "WEB", "url": "https://chromereleases.googleblog.com/2025/04/stable-channel-update-for-desktop_22.html" } ], "schema_version": "1.7.0", "summary": "chromium -- multiple security fixes" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "navidrome" }, "ranges": [ { "events": [ { "introduced": "0.52.0,1" }, { "fixed": "0.54.5" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://github.com/navidrome/navidrome/security/advisories/GHSA-c3p4-vm8f-386p" ], "discovery": "2025-02-25T00:00:00Z", "references": { "cvename": [ "CVE-2025-27112" ] }, "vid": "5ca2cafa-1f24-11f0-ab07-f8f21e52f724" }, "details": "Deluan reports:\n\n> In certain Subsonic API endpoints, authentication can be bypassed by\n> using a non-existent username combined with an empty (salted) password\n> hash. This allows read-only access to the server's resources, though\n> attempts at write operations fail with a \"permission denied\" error.\n", "id": "FreeBSD-2025-0117", "modified": "2025-04-22T00:00:00Z", "published": "2025-04-22T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://github.com/navidrome/navidrome/security/advisories/GHSA-c3p4-vm8f-386p" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2025-27112" }, { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-27112" } ], "schema_version": "1.7.0", "summary": "Navidrome -- Authentication bypass in Subsonic API" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "erlang" }, "ranges": [ { "events": [ { "fixed": "26.2.5.11" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "erlang-runtime21" }, "ranges": [ { "events": [ { "fixed": "25.3.2.20" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "erlang-runtime22" }, "ranges": [ { "events": [ { "fixed": "25.3.2.20" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "erlang-runtime23" }, "ranges": [ { "events": [ { "fixed": "25.3.2.20" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "erlang-runtime24" }, "ranges": [ { "events": [ { "fixed": "25.3.2.20" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "erlang-runtime25" }, "ranges": [ { "events": [ { "fixed": "25.3.2.20" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "erlang-runtime26" }, "ranges": [ { "events": [ { "fixed": "26.2.5.11" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "erlang-runtime27" }, "ranges": [ { "events": [ { "fixed": "27.3.3" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://github.com/erlang/otp/commit/0fcd9c56524b28615e8ece65fc0c3f66ef6e4c12" ], "discovery": "2025-04-16T00:00:00Z", "references": { "cvename": [ "CVE-2025-32433" ] }, "vid": "06269ae8-1e0d-11f0-ad0b-b42e991fc52e" }, "details": "security-advisories@github.com reports:\n\n> Erlang/OTP is a set of libraries for the Erlang programming language.\n> Prior to versions OTP-27.3.3, OTP-26.2.5.11, and OTP-25.3.2.20, a SSH\n> server may allow an attacker to perform unauthenticated remote code\n> execution (RCE). By exploiting a flaw in SSH protocol message\n> handling, a malicious actor could gain unauthorized access to affected\n> systems and execute arbitrary commands without valid credentials. This\n> issue is patched in versions OTP-27.3.3, OTP-26.2.5.11, and\n> OTP-25.3.2.20. A temporary workaround involves disabling the SSH\n> server or to prevent access via firewall rules.\n", "id": "FreeBSD-2025-0116", "modified": "2025-04-20T00:00:00Z", "published": "2025-04-20T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://github.com/erlang/otp/commit/0fcd9c56524b28615e8ece65fc0c3f66ef6e4c12" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2025-32433" }, { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-32433" } ], "schema_version": "1.7.0", "summary": "Erlang -- Erlang/OTP SSH Vulnerable to Pre-Authentication RCE" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "ejabberd" }, "ranges": [ { "events": [ { "fixed": "25.04" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://www.process-one.net/blog/ejabberd-25-04/#occupantid" ], "discovery": "2025-04-16T00:00:00Z", "vid": "1b8d502e-1cfd-11f0-944d-901b0e9408dc" }, "details": "ejabberd team reports:\n\n> Fixed issue with handling of user provided occupant-id in messages and\n> presences sent to muc room. Server was replacing just first instance\n> of occupant-id with its own version, leaving other ones untouched.\n> That would mean that depending on order in which clients send\n> occupant-id, they could see value provided by sender, and that could\n> be used to spoof as different sender.\n", "id": "FreeBSD-2025-0115", "modified": "2025-04-19T00:00:00Z", "published": "2025-04-19T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://www.process-one.net/blog/ejabberd-25-04/#occupantid" }, { "type": "WEB", "url": "https://www.process-one.net/blog/ejabberd-25-04/#occupantid" } ], "schema_version": "1.7.0", "summary": "ejabberd -- mod_muc_occupantid: Fix handling multiple occupant-id" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "chromium" }, "ranges": [ { "events": [ { "fixed": "135.0.7049.95" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "ungoogled-chromium" }, "ranges": [ { "events": [ { "fixed": "135.0.7049.95" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://chromereleases.googleblog.com/2025/04/stable-channel-update-for-desktop_15.html" ], "discovery": "2025-04-15T00:00:00Z", "references": { "cvename": [ "CVE-2025-3619", "CVE-2025-3620" ] }, "vid": "bf5d29ea-1a93-11f0-8cb5-a8a1599412c6" }, "details": "Chrome Releases reports:\n\n> This update includes 2 security fixes:\n>\n> - \\[409619251\\] Critical CVE-2025-3619: Heap buffer overflow in\n> Codecs. Reported by Elias Hohl on 2025-04-09\n> - \\[405292639\\] High CVE-2025-3620: Use after free in USB. Reported by\n> \\@retsew0x01 on 2025-03-21\n", "id": "FreeBSD-2025-0114", "modified": "2025-04-16T00:00:00Z", "published": "2025-04-16T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://chromereleases.googleblog.com/2025/04/stable-channel-update-for-desktop_15.html" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2025-3619" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2025-3620" }, { "type": "WEB", "url": "https://chromereleases.googleblog.com/2025/04/stable-channel-update-for-desktop_15.html" } ], "schema_version": "1.7.0", "summary": "chromium -- multiple security fixes" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "chromium" }, "ranges": [ { "events": [ { "fixed": "135.0.7049.84" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "ungoogled-chromium" }, "ranges": [ { "events": [ { "fixed": "135.0.7049.84" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://chromereleases.googleblog.com/2025/04/stable-channel-update-for-desktop_8.html" ], "discovery": "2025-04-08T00:00:00Z", "references": { "cvename": [ "CVE-2025-3066" ] }, "vid": "030778d5-19cc-11f0-8cb5-a8a1599412c6" }, "details": "Chrome Releases reports:\n\n> This update includes 2 security fixes:\n>\n> - \\[405140652\\] High CVE-2025-3066: Use after free in Site Isolation.\n> Reported by Sven Dysthe (@svn-dys) on 2025-03-21\n", "id": "FreeBSD-2025-0113", "modified": "2025-04-15T00:00:00Z", "published": "2025-04-15T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://chromereleases.googleblog.com/2025/04/stable-channel-update-for-desktop_8.html" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2025-3066" }, { "type": "WEB", "url": "https://chromereleases.googleblog.com/2025/04/stable-channel-update-for-desktop_8.html" } ], "schema_version": "1.7.0", "summary": "chromium -- multiple security fixes" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "py38-matrix-synapse" }, "ranges": [ { "events": [ { "fixed": "1.127.1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "py39-matrix-synapse" }, "ranges": [ { "events": [ { "fixed": "1.127.1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "py310-matrix-synapse" }, "ranges": [ { "events": [ { "fixed": "1.127.1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "py311-matrix-synapse" }, "ranges": [ { "events": [ { "fixed": "1.127.1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://github.com/element-hq/synapse/security/advisories/GHSA-v56r-hwv5-mxg6" ], "discovery": "2025-03-26T00:00:00Z", "references": { "cvename": [ "CVE-2025-30355" ] }, "vid": "e9b8e519-0d50-11f0-86d8-901b0e934d69" }, "details": "element-hq/synapse developers report:\n\n> A malicious server can craft events which, when received, prevent\n> Synapse version up to 1.127.0 from federating with other servers. The\n> vulnerability has been exploited in the wild.\n", "id": "FreeBSD-2025-0112", "modified": "2025-03-26T00:00:00Z", "published": "2025-03-26T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://github.com/element-hq/synapse/security/advisories/GHSA-v56r-hwv5-mxg6" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2025-30355" }, { "type": "WEB", "url": "https://github.com/element-hq/synapse/security/advisories/GHSA-v56r-hwv5-mxg6" } ], "schema_version": "1.7.0", "summary": "py-matrix-synapse -- federation denial of service via malformed events" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "jenkins" }, "ranges": [ { "events": [ { "fixed": "2.504" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "jenkins-lts" }, "ranges": [ { "events": [ { "fixed": "2.492.3" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://www.jenkins.io/security/advisory/2025-04-02/" ], "discovery": "2025-04-02T00:00:00Z", "references": { "cvename": [ "CVE-2025-31720", "CVE-2025-31721" ] }, "vid": "45276ea6-1653-4240-9986-ccfc6fec7ece" }, "details": "Jenkins Security Advisory:\n\n> # Description\n>\n> ##### (Medium) SECURITY-3512 / CVE-2025-31720\n>\n> Missing permission check allows retrieving agent configurations\n>\n> # Description\n>\n> ##### (Medium) SECURITY-3513 / CVE-2025-31721\n>\n> Missing permission check allows retrieving secrets from agent\n> configurations\n", "id": "FreeBSD-2025-0111", "modified": "2025-04-11T00:00:00Z", "published": "2025-04-11T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://www.jenkins.io/security/advisory/2025-04-02/" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2025-31720" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2025-31721" }, { "type": "WEB", "url": "https://www.jenkins.io/security/advisory/2025-04-02/" } ], "schema_version": "1.7.0", "summary": "jenkins -- multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "gitlab-ce" }, "ranges": [ { "events": [ { "introduced": "17.10.0" }, { "fixed": "17.10.4" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "17.9.0" }, { "fixed": "17.9.6" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "7.7.0" }, { "fixed": "17.8.7" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "gitlab-ee" }, "ranges": [ { "events": [ { "introduced": "17.10.0" }, { "fixed": "17.10.4" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "17.9.0" }, { "fixed": "17.9.6" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "7.7.0" }, { "fixed": "17.8.7" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://about.gitlab.com/releases/2025/04/09/patch-release-gitlab-17-10-4-released/" ], "discovery": "2025-04-09T00:00:00Z", "references": { "cvename": [ "CVE-2025-1677", "CVE-2025-0362", "CVE-2025-2408", "CVE-2024-11129", "CVE-2025-2469" ] }, "vid": "ed602f8b-15c2-11f0-b4e4-2cf05da270f3" }, "details": "Gitlab reports:\n\n> Denial of service via CI pipelines\n>\n> Unintentionally authorizing sensitive actions on users behalf\n>\n> IP Restriction Bypass through GraphQL Subscription\n>\n> Unauthorized users can list the number of confidential issues\n>\n> Debugging Information Disclosed\n", "id": "FreeBSD-2025-0110", "modified": "2025-04-10T00:00:00Z", "published": "2025-04-10T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://about.gitlab.com/releases/2025/04/09/patch-release-gitlab-17-10-4-released/" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2025-1677" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2025-0362" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2025-2408" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-11129" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2025-2469" }, { "type": "WEB", "url": "https://about.gitlab.com/releases/2025/04/09/patch-release-gitlab-17-10-4-released/" } ], "schema_version": "1.7.0", "summary": "Gitlab -- Vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "expat" }, "ranges": [ { "events": [ { "fixed": "2.7.0" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://access.redhat.com/errata/RHSA-2025:3531" ], "discovery": "2025-03-14T00:00:00Z", "references": { "cvename": [ "CVE-2024-8176" ] }, "vid": "8f71ad3b-14f5-11f0-87ba-002590c1f29c" }, "details": "secalert@redhat.com reports:\n\n> A stack overflow vulnerability exists in the libexpat library due to\n> the way it handles recursive entity expansion in XML documents. When\n> parsing an XML document with deeply nested entity references, libexpat\n> can be forced to recurse indefinitely, exhausting the stack space and\n> causing a crash. This issue could lead to denial of service (DoS) or,\n> in some cases, exploitable memory corruption, depending on the\n> environment and library usage.\n", "id": "FreeBSD-2025-0109", "modified": "2025-04-09T00:00:00Z", "published": "2025-04-09T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://access.redhat.com/errata/RHSA-2025:3531" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-8176" }, { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-8176" } ], "schema_version": "1.7.0", "summary": "expat: improper restriction of xml entity expansion depth" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "firefox" }, "ranges": [ { "events": [ { "fixed": "137.0,2" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "librewolf" }, "ranges": [ { "events": [ { "fixed": "137.0" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "thunderbird" }, "ranges": [ { "events": [ { "fixed": "137.0" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://bugzilla.mozilla.org/buglist.cgi?bug_id=1894100%2C1934086%2C1950360" ], "discovery": "2025-04-01T00:00:00Z", "references": { "cvename": [ "CVE-2025-3034" ] }, "vid": "34c51a2b-13c8-11f0-a5bd-b42e991fc52e" }, "details": "security@mozilla.org reports:\n\n> Memory safety bugs present in Firefox 136 and Thunderbird 136. Some of\n> these bugs showed evidence of memory corruption and we presume that\n> with enough effort some of these could have been exploited to run\n> arbitrary code.\n", "id": "FreeBSD-2025-0108", "modified": "2025-04-07T00:00:00Z", "published": "2025-04-07T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://bugzilla.mozilla.org/buglist.cgi?bug_id=1894100%2C1934086%2C1950360" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2025-3034" }, { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-3034" } ], "schema_version": "1.7.0", "summary": "Mozilla -- memory corruption" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "firefox" }, "ranges": [ { "events": [ { "fixed": "137.0,2" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "librewolf" }, "ranges": [ { "events": [ { "fixed": "137.0" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "thunderbird" }, "ranges": [ { "events": [ { "fixed": "137.0" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://bugzilla.mozilla.org/show_bug.cgi?id=1949987" ], "discovery": "2025-04-01T00:00:00Z", "references": { "cvename": [ "CVE-2025-3032" ] }, "vid": "315f568e-13c8-11f0-a5bd-b42e991fc52e" }, "details": "security@mozilla.org reports:\n\n> Leaking of file descriptors from the fork server to web content\n> processes could allow for privilege escalation attacks.\n", "id": "FreeBSD-2025-0107", "modified": "2025-04-07T00:00:00Z", "published": "2025-04-07T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1949987" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2025-3032" }, { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-3032" } ], "schema_version": "1.7.0", "summary": "Mozilla -- privilege escalation attack" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "firefox" }, "ranges": [ { "events": [ { "fixed": "137.0,2" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "librewolf" }, "ranges": [ { "events": [ { "fixed": "137.0" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "thunderbird" }, "ranges": [ { "events": [ { "fixed": "137.0" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://bugzilla.mozilla.org/show_bug.cgi?id=1947141" ], "discovery": "2025-04-01T00:00:00Z", "references": { "cvename": [ "CVE-2025-3031" ] }, "vid": "2fc74cae-13c8-11f0-a5bd-b42e991fc52e" }, "details": "security@mozilla.org reports:\n\n> An attacker could read 32 bits of values spilled onto the stack in a\n> JIT compiled function.\n", "id": "FreeBSD-2025-0106", "modified": "2025-04-07T00:00:00Z", "published": "2025-04-07T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1947141" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2025-3031" }, { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-3031" } ], "schema_version": "1.7.0", "summary": "Mozilla -- stack memory read" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "firefox" }, "ranges": [ { "events": [ { "fixed": "137.0" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "firefox-esr" }, "ranges": [ { "events": [ { "fixed": "128.9.0" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "firefox" }, "ranges": [ { "events": [ { "fixed": "137.0" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://bugzilla.mozilla.org/buglist.cgi?bug_id=1850615%2C1932468%2C1942551%2C1951017%2C1951494" ], "discovery": "2025-04-01T00:00:00Z", "references": { "cvename": [ "CVE-2025-3030" ] }, "vid": "2e0ff31b-13c8-11f0-a5bd-b42e991fc52e" }, "details": "security@mozilla.org reports:\n\n> Memory safety bugs present in Firefox 136, Thunderbird 136, Firefox\n> ESR 128.8, and Thunderbird 128.8. Some of these bugs showed evidence\n> of memory corruption and we presume that with enough effort some of\n> these could have been exploited to run arbitrary code.\n", "id": "FreeBSD-2025-0105", "modified": "2025-04-07T00:00:00Z", "published": "2025-04-07T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://bugzilla.mozilla.org/buglist.cgi?bug_id=1850615%2C1932468%2C1942551%2C1951017%2C1951494" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2025-3030" }, { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-3030" } ], "schema_version": "1.7.0", "summary": "Mozilla -- Memory corruption" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "firefox" }, "ranges": [ { "events": [ { "fixed": "137.0,2" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "firefox-esr" }, "ranges": [ { "events": [ { "fixed": "128.9" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "librewolf" }, "ranges": [ { "events": [ { "fixed": "137.0" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "thunderbird" }, "ranges": [ { "events": [ { "fixed": "137.0" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://bugzilla.mozilla.org/show_bug.cgi?id=1952213" ], "discovery": "2025-04-01T00:00:00Z", "references": { "cvename": [ "CVE-2025-3029" ] }, "vid": "2c0180a5-13c8-11f0-a5bd-b42e991fc52e" }, "details": "security@mozilla.org reports:\n\n> A crafted URL containing specific Unicode characters could have hidden\n> the true origin of the page, resulting in a potential spoofing attack.\n", "id": "FreeBSD-2025-0104", "modified": "2025-04-07T00:00:00Z", "published": "2025-04-07T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1952213" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2025-3029" }, { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-3029" } ], "schema_version": "1.7.0", "summary": "Mozilla -- URL spoofing attack" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "firefox" }, "ranges": [ { "events": [ { "fixed": "137.0,2" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "firefox-esr" }, "ranges": [ { "events": [ { "fixed": "115.22" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "librewolf" }, "ranges": [ { "events": [ { "fixed": "137.0" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "thunderbird" }, "ranges": [ { "events": [ { "fixed": "137.0" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://bugzilla.mozilla.org/show_bug.cgi?id=1941002" ], "discovery": "2025-04-01T00:00:00Z", "references": { "cvename": [ "CVE-2025-3028" ] }, "vid": "28e5f7be-13c8-11f0-a5bd-b42e991fc52e" }, "details": "security@mozilla.org reports:\n\n> JavaScript code running while transforming a document with the\n> XSLTProcessor could lead to a use-after-free.\n", "id": "FreeBSD-2025-0103", "modified": "2025-04-07T00:00:00Z", "published": "2025-04-07T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1941002" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2025-3028" }, { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-3028" } ], "schema_version": "1.7.0", "summary": "Mozilla -- use-after-free error" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "chromium" }, "ranges": [ { "events": [ { "fixed": "135.0.7049.52" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "ungoogled-chromium" }, "ranges": [ { "events": [ { "fixed": "135.0.7049.52" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://chromereleases.googleblog.com/2025/04/stable-channel-update-for-desktop.html" ], "discovery": "2025-04-01T00:00:00Z", "references": { "cvename": [ "CVE-2025-3067", "CVE-2025-3068", "CVE-2025-3069", "CVE-2025-3070", "CVE-2025-3071", "CVE-2025-3072", "CVE-2025-3073", "CVE-2025-3074" ] }, "vid": "789bcfb6-1224-11f0-85f3-a8a1599412c6" }, "details": "Chrome Releases reports:\n\n> This update includes 13 security fixes:\n>\n> - \\[376491759\\] Medium CVE-2025-3067: Inappropriate implementation in\n> Custom Tabs. Reported by Philipp Beer (TU Wien) on 2024-10-31\n> - \\[401823929\\] Medium CVE-2025-3068: Inappropriate implementation in\n> Intents. Reported by Simon Rawet on 2025-03-09\n> - \\[40060076\\] Medium CVE-2025-3069: Inappropriate implementation in\n> Extensions. Reported by NDevTK on 2022-06-26\n> - \\[40086360\\] Medium CVE-2025-3070: Insufficient validation of\n> untrusted input in Extensions. Reported by Anonymous on 2017-01-01\n> - \\[40051596\\] Low CVE-2025-3071: Inappropriate implementation in\n> Navigations. Reported by David Erceg on 2020-02-23\n> - \\[362545037\\] Low CVE-2025-3072: Inappropriate implementation in\n> Custom Tabs. Reported by Om Apip on 2024-08-27\n> - \\[388680893\\] Low CVE-2025-3073: Inappropriate implementation in\n> Autofill. Reported by Hafiizh on 2025-01-09\n> - \\[392818696\\] Low CVE-2025-3074: Inappropriate implementation in\n> Downloads. Reported by Farras Givari on 2025-01-28\n", "id": "FreeBSD-2025-0102", "modified": "2025-04-05T00:00:00Z", "published": "2025-04-05T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://chromereleases.googleblog.com/2025/04/stable-channel-update-for-desktop.html" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2025-3067" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2025-3068" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2025-3069" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2025-3070" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2025-3071" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2025-3072" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2025-3073" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2025-3074" }, { "type": "WEB", "url": "https://chromereleases.googleblog.com/2025/04/stable-channel-update-for-desktop.html" } ], "schema_version": "1.7.0", "summary": "chromium -- multiple security fixes" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "firefox" }, "ranges": [ { "events": [ { "fixed": "134.0,2" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "librewolf" }, "ranges": [ { "events": [ { "fixed": "134.0" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "firefox-esr" }, "ranges": [ { "events": [ { "fixed": "128.6.0" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "thunderbird" }, "ranges": [ { "events": [ { "fixed": "134.0" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://bugzilla.mozilla.org/buglist.cgi?bug_id=1827142%2C1932783" ], "discovery": "2025-01-07T00:00:00Z", "references": { "cvename": [ "CVE-2025-0243" ] }, "vid": "1205eccf-116d-11f0-8b2c-b42e991fc52e" }, "details": "security@mozilla.org reports:\n\n> Memory safety bugs present in Firefox 133, Thunderbird 133, Firefox\n> ESR 128.5, and Thunderbird 128.5. Some of these bugs showed evidence\n> of memory corruption and we presume that with enough effort some of\n> these could have been exploited to run arbitrary code.\n", "id": "FreeBSD-2025-0101", "modified": "2025-04-04T00:00:00Z", "published": "2025-04-04T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://bugzilla.mozilla.org/buglist.cgi?bug_id=1827142%2C1932783" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2025-0243" }, { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-0243" } ], "schema_version": "1.7.0", "summary": "Mozilla -- Memory corruption bug" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "firefox" }, "ranges": [ { "events": [ { "fixed": "134.0,2" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "librewolf" }, "ranges": [ { "events": [ { "fixed": "134.0" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "thunderbird" }, "ranges": [ { "events": [ { "fixed": "134.0" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://bugzilla.mozilla.org/buglist.cgi?bug_id=1835193%2C1910021%2C1919803%2C1931576%2C1931948%2C1932173" ], "discovery": "2025-01-07T00:00:00Z", "references": { "cvename": [ "CVE-2025-0247" ] }, "vid": "f9d7b6ae-116c-11f0-8b2c-b42e991fc52e" }, "details": "security@mozilla.org reports:\n\n> Memory safety bugs present in Firefox 133 and Thunderbird 133. Some of\n> these bugs showed evidence of memory corruption and we presume that\n> with enough effort some of these could have been exploited to run\n> arbitrary code.\n", "id": "FreeBSD-2025-0100", "modified": "2025-04-04T00:00:00Z", "published": "2025-04-04T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://bugzilla.mozilla.org/buglist.cgi?bug_id=1835193%2C1910021%2C1919803%2C1931576%2C1931948%2C1932173" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2025-0247" }, { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-0247" } ], "schema_version": "1.7.0", "summary": "Mozilla -- Memory safety bugs" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "firefox" }, "ranges": [ { "events": [ { "fixed": "134.0,2" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "librewolf" }, "ranges": [ { "events": [ { "fixed": "134.0" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://bugzilla.mozilla.org/show_bug.cgi?id=1895342" ], "discovery": "2025-01-07T00:00:00Z", "references": { "cvename": [ "CVE-2025-0245" ] }, "vid": "f7d80111-116c-11f0-8b2c-b42e991fc52e" }, "details": "security@mozilla.org reports:\n\n> Under certain circumstances, a user opt-in setting that Focus should\n> require authentication before use could have been be bypassed.\n", "id": "FreeBSD-2025-0099", "modified": "2025-04-04T00:00:00Z", "published": "2025-04-04T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1895342" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2025-0245" }, { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-0245" } ], "schema_version": "1.7.0", "summary": "firefox -- authentication bypass" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "firefox" }, "ranges": [ { "events": [ { "fixed": "134.0,2" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "librewolf" }, "ranges": [ { "events": [ { "fixed": "134.0" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "firefox-esr" }, "ranges": [ { "events": [ { "fixed": "115.19" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "thunderbird" }, "ranges": [ { "events": [ { "fixed": "134.0" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://bugzilla.mozilla.org/buglist.cgi?bug_id=1874523%2C1926454%2C1931873%2C1932169" ], "discovery": "2025-01-07T00:00:00Z", "references": { "cvename": [ "CVE-2025-0242" ] }, "vid": "f508f81e-116c-11f0-8b2c-b42e991fc52e" }, "details": "security@mozilla.org reports:\n\n> Memory safety bugs present in Firefox 133, Thunderbird 133, Firefox\n> ESR 115.18, Firefox ESR 128.5, Thunderbird 115.18, and Thunderbird\n> 128.5. Some of these bugs showed evidence of memory corruption and we\n> presume that with enough effort some of these could have been\n> exploited to run arbitrary code.\n", "id": "FreeBSD-2025-0098", "modified": "2025-04-04T00:00:00Z", "published": "2025-04-04T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://bugzilla.mozilla.org/buglist.cgi?bug_id=1874523%2C1926454%2C1931873%2C1932169" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2025-0242" }, { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-0242" } ], "schema_version": "1.7.0", "summary": "Mozilla -- Memory safety bugs" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "firefox" }, "ranges": [ { "events": [ { "fixed": "134.0,2" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "librewolf" }, "ranges": [ { "events": [ { "fixed": "134.0" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "firefox-esr" }, "ranges": [ { "events": [ { "fixed": "128.6.0" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "thunderbird" }, "ranges": [ { "events": [ { "fixed": "134.0" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://bugzilla.mozilla.org/show_bug.cgi?id=1933023" ], "discovery": "2025-01-07T00:00:00Z", "references": { "cvename": [ "CVE-2025-0241" ] }, "vid": "f38dd0f1-116c-11f0-8b2c-b42e991fc52e" }, "details": "security@mozilla.org reports:\n\n> When segmenting specially crafted text, segmentation would corrupt\n> memory leading to a potentially exploitable crash.\n", "id": "FreeBSD-2025-0097", "modified": "2025-04-04T00:00:00Z", "published": "2025-04-04T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1933023" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2025-0241" }, { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-0241" } ], "schema_version": "1.7.0", "summary": "Mozilla -- DoS via segmentation fault" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "firefox" }, "ranges": [ { "events": [ { "fixed": "134.0,2" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "librewolf" }, "ranges": [ { "events": [ { "fixed": "134.0" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "firefox-esr" }, "ranges": [ { "events": [ { "fixed": "128.6.0" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "thunderbird" }, "ranges": [ { "events": [ { "fixed": "134.0" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://bugzilla.mozilla.org/show_bug.cgi?id=1929623" ], "discovery": "2025-01-07T00:00:00Z", "references": { "cvename": [ "CVE-2025-0240" ] }, "vid": "f1f92cd3-116c-11f0-8b2c-b42e991fc52e" }, "details": "security@mozilla.org reports:\n\n> Parsing a JavaScript module as JSON could, under some circumstances,\n> cause cross-compartment access, which may result in a use-after-free.\n", "id": "FreeBSD-2025-0096", "modified": "2025-04-04T00:00:00Z", "published": "2025-04-04T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1929623" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2025-0240" }, { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-0240" } ], "schema_version": "1.7.0", "summary": "Mozilla -- use-after-free while parsing JSON" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "firefox" }, "ranges": [ { "events": [ { "fixed": "134.0,2" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "librewolf" }, "ranges": [ { "events": [ { "fixed": "134.0" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "firefox-esr" }, "ranges": [ { "events": [ { "fixed": "128.6.0" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "thunderbird" }, "ranges": [ { "events": [ { "fixed": "134.0" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://bugzilla.mozilla.org/show_bug.cgi?id=1929156" ], "discovery": "2025-01-07T00:00:00Z", "references": { "cvename": [ "CVE-2025-0239" ] }, "vid": "f02e3c59-116c-11f0-8b2c-b42e991fc52e" }, "details": "security@mozilla.org reports:\n\n> When using Alt-Svc, ALPN did not properly validate certificates when\n> the original server is redirecting to an insecure site.\n", "id": "FreeBSD-2025-0095", "modified": "2025-04-04T00:00:00Z", "published": "2025-04-04T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1929156" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2025-0239" }, { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-0239" } ], "schema_version": "1.7.0", "summary": "Mozilla -- redirection to insecure site" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "firefox" }, "ranges": [ { "events": [ { "fixed": "134.0,2" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "librewolf" }, "ranges": [ { "events": [ { "fixed": "134.0" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "firefox-esr" }, "ranges": [ { "events": [ { "fixed": "128.6.0" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "thunderbird" }, "ranges": [ { "events": [ { "fixed": "128.6" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://bugzilla.mozilla.org/show_bug.cgi?id=1915535" ], "discovery": "2025-01-07T00:00:00Z", "references": { "cvename": [ "CVE-2025-0238" ] }, "vid": "ee407762-116c-11f0-8b2c-b42e991fc52e" }, "details": "security@mozilla.org reports:\n\n> Assuming a controlled failed memory allocation, an attacker could have\n> caused a use-after-free, leading to a potentially exploitable crash.\n", "id": "FreeBSD-2025-0094", "modified": "2025-04-04T00:00:00Z", "published": "2025-04-04T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1915535" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2025-0238" }, { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-0238" } ], "schema_version": "1.7.0", "summary": "Mozilla -- use-after-free after failed memory allocation" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "firefox" }, "ranges": [ { "events": [ { "fixed": "134.0,2" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "librewolf" }, "ranges": [ { "events": [ { "fixed": "134.0" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "firefox-esr" }, "ranges": [ { "events": [ { "fixed": "128.6.0" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "thunderbird" }, "ranges": [ { "events": [ { "fixed": "128.6" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://bugzilla.mozilla.org/show_bug.cgi?id=1915257" ], "discovery": "2025-01-07T00:00:00Z", "references": { "cvename": [ "CVE-2025-0237" ] }, "vid": "ea51e89a-116c-11f0-8b2c-b42e991fc52e" }, "details": "security@mozilla.org reports:\n\n> The WebChannel API, which is used to transport various information\n> across processes, did not check the sending principal but rather\n> accepted the principal being sent. This could have led to privilege\n> escalation attacks.\n", "id": "FreeBSD-2025-0093", "modified": "2025-04-04T00:00:00Z", "published": "2025-04-04T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1915257" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2025-0237" }, { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-0237" } ], "schema_version": "1.7.0", "summary": "Mozilla -- privilege escalation attack" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "firefox" }, "ranges": [ { "events": [ { "fixed": "136.0,2" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "librewolf" }, "ranges": [ { "events": [ { "fixed": "136.0" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "thunderbird" }, "ranges": [ { "events": [ { "fixed": "136.0" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://bugzilla.mozilla.org/buglist.cgi?bug_id=1869650%2C1938451%2C1940326%2C1944052%2C1944063%2C1947281" ], "discovery": "2025-03-04T00:00:00Z", "references": { "cvename": [ "CVE-2025-1943" ] }, "vid": "37c368f1-10a2-11f0-8195-b42e991fc52e" }, "details": "security@mozilla.org reports:\n\n> Memory safety bugs present in Firefox 135 and Thunderbird 135. Some of\n> these bugs showed evidence of memory corruption and we presume that\n> with enough effort some of these could have been exploited to run\n> arbitrary code.\n", "id": "FreeBSD-2025-0092", "modified": "2025-04-03T00:00:00Z", "published": "2025-04-03T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://bugzilla.mozilla.org/buglist.cgi?bug_id=1869650%2C1938451%2C1940326%2C1944052%2C1944063%2C1947281" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2025-1943" }, { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-1943" } ], "schema_version": "1.7.0", "summary": "mozilla -- memory corruption" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "firefox" }, "ranges": [ { "events": [ { "fixed": "136.0,2" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "librewolf" }, "ranges": [ { "events": [ { "fixed": "136.0" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "firefox-esr" }, "ranges": [ { "events": [ { "fixed": "128.8,1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "thunderbird" }, "ranges": [ { "events": [ { "fixed": "136.0" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://bugzilla.mozilla.org/buglist.cgi?bug_id=1922889%2C1935004%2C1943586%2C1943912%2C1948111" ], "discovery": "2025-03-04T00:00:00Z", "references": { "cvename": [ "CVE-2025-1938", "CVE-2025-1935", "CVE-2025-1934" ] }, "vid": "b31a4e74-109d-11f0-8195-b42e991fc52e" }, "details": "security@mozilla.org reports:\n\n> CVE-2025-1938: Memory safety bugs present in Firefox 135, Thunderbird\n> 135, Firefox ESR 128.7, and Thunderbird 128.7. Some of these bugs\n> showed evidence of memory corruption and we presume that with enough\n> effort some of these could have been exploited to run arbitrary code.\n>\n> CVE-2025-1935: A web page could trick a user into setting that site as\n> the default handler for a custom URL protocol.\n>\n> CVE-2025-1934: It was possible to interrupt the processing of a RegExp\n> bailout and run additional JavaScript, potentially triggering garbage\n> collection when the engine was not expecting it.\n", "id": "FreeBSD-2025-0091", "modified": "2025-04-03T00:00:00Z", "published": "2025-04-03T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://bugzilla.mozilla.org/buglist.cgi?bug_id=1922889%2C1935004%2C1943586%2C1943912%2C1948111" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2025-1938" }, { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-1938" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2025-1935" }, { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-1935" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2025-1934" }, { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-1934" } ], "schema_version": "1.7.0", "summary": "mozilla -- memory corruption" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "firefox" }, "ranges": [ { "events": [ { "fixed": "136.0,2" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "librewolf" }, "ranges": [ { "events": [ { "fixed": "136.0" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "firefox-esr" }, "ranges": [ { "events": [ { "fixed": "115.21,1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "thunderbird" }, "ranges": [ { "events": [ { "fixed": "136.0" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://bugzilla.mozilla.org/buglist.cgi?bug_id=1938471%2C1940716" ], "discovery": "2025-03-04T00:00:00Z", "references": { "cvename": [ "CVE-2025-1937" ] }, "vid": "aeb2ca87-109d-11f0-8195-b42e991fc52e" }, "details": "security@mozilla.org reports:\n\n> Memory safety bugs present in Firefox 135, Thunderbird 135, Firefox\n> ESR 115.20, Firefox ESR 128.7, and Thunderbird 128.7. Some of these\n> bugs showed evidence of memory corruption and we presume that with\n> enough effort some of these could have been exploited to run arbitrary\n> code.\n", "id": "FreeBSD-2025-0090", "modified": "2025-04-03T00:00:00Z", "published": "2025-04-03T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://bugzilla.mozilla.org/buglist.cgi?bug_id=1938471%2C1940716" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2025-1937" }, { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-1937" } ], "schema_version": "1.7.0", "summary": "mozilla -- Memory safety bugs" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "firefox" }, "ranges": [ { "events": [ { "fixed": "136.0,2" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "librewolf" }, "ranges": [ { "events": [ { "fixed": "136.0" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "firefox-esr" }, "ranges": [ { "events": [ { "fixed": "115.21,1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "thunderbird" }, "ranges": [ { "events": [ { "fixed": "136.0" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://bugzilla.mozilla.org/show_bug.cgi?id=1944126" ], "discovery": "2025-03-04T00:00:00Z", "references": { "cvename": [ "CVE-2025-1931" ] }, "vid": "acf902f6-109d-11f0-8195-b42e991fc52e" }, "details": "security@mozilla.org reports:\n\n> It was possible to cause a use-after-free in the content process side\n> of a WebTransport connection, leading to a potentially exploitable\n> crash.\n", "id": "FreeBSD-2025-0089", "modified": "2025-04-03T00:00:00Z", "published": "2025-04-03T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1944126" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2025-1931" }, { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-1931" } ], "schema_version": "1.7.0", "summary": "mozilla -- use-after-free in WebTransport connection" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "firefox" }, "ranges": [ { "events": [ { "fixed": "136.0,2" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "firefox-esr" }, "ranges": [ { "events": [ { "fixed": "115.21,1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "librewolf" }, "ranges": [ { "events": [ { "fixed": "136.0" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "thunderbird" }, "ranges": [ { "events": [ { "fixed": "136.0" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://bugzilla.mozilla.org/show_bug.cgi?id=1946004" ], "discovery": "2025-03-04T00:00:00Z", "references": { "cvename": [ "CVE-2025-1933" ] }, "vid": "a93a1d2a-109d-11f0-8195-b42e991fc52e" }, "details": "security@mozilla.org reports:\n\n> On 64-bit CPUs, when the JIT compiles WASM i32 return values they can\n> pick up bits from left over memory. This can potentially cause them to\n> be treated as a different type.\n", "id": "FreeBSD-2025-0088", "modified": "2025-04-03T00:00:00Z", "published": "2025-04-03T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1946004" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2025-1933" }, { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-1933" } ], "schema_version": "1.7.0", "summary": "mozilla -- 64 bit JIT WASM read on left over memory" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "mongodb50" }, "ranges": [ { "events": [ { "fixed": "5.0.31" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "mongodb60" }, "ranges": [ { "events": [ { "fixed": "6.0.20" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "mongodb70" }, "ranges": [ { "events": [ { "fixed": "7.0.16" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "mongodb80" }, "ranges": [ { "events": [ { "fixed": "8.0.4" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://jira.mongodb.org/browse/SERVER-103153" ], "discovery": "2025-04-01T00:00:00Z", "references": { "cvename": [ "CVE-2025-3084" ] }, "vid": "350b3389-107f-11f0-8195-b42e991fc52e" }, "details": "cna@mongodb.com reports:\n\n> When run on commands with certain arguments set, explain may fail to\n> validate these arguments before using them. This can lead to crashes\n> in router servers. This affects MongoDB Server v5.0 prior to 5.0.31,\n> MongoDB Server v6.0 prior to 6.0.20, MongoDB Server v7.0 prior to\n> 7.0.16 and MongoDB Server v8.0 prior to 8.0.4\n", "id": "FreeBSD-2025-0087", "modified": "2025-04-03T00:00:00Z", "published": "2025-04-03T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://jira.mongodb.org/browse/SERVER-103153" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2025-3084" }, { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-3084" } ], "schema_version": "1.7.0", "summary": "MongoDB -- crash due to improper validation of explain command" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "mongodb50" }, "ranges": [ { "events": [ { "fixed": "5.0.31" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "mongodb60" }, "ranges": [ { "events": [ { "fixed": "6.0.20" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "mongodb70" }, "ranges": [ { "events": [ { "fixed": "7.0.16" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://jira.mongodb.org/browse/SERVER-103152" ], "discovery": "2025-04-01T00:00:00Z", "references": { "cvename": [ "CVE-2025-3083" ] }, "vid": "32f5e57f-107f-11f0-8195-b42e991fc52e" }, "details": "cna@mongodb.com reports:\n\n> Specifically crafted MongoDB wire protocol messages can cause mongos\n> to crash during command validation. This can occur without using an\n> authenticated connection. This issue affects MongoDB v5.0 versions\n> prior to 5.0.31, MongoDB v6.0 versions prior to6.0.20 and MongoDB v7.0\n> versions prior to 7.0.16\n", "id": "FreeBSD-2025-0086", "modified": "2025-04-03T00:00:00Z", "published": "2025-04-03T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://jira.mongodb.org/browse/SERVER-103152" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2025-3083" }, { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-3083" } ], "schema_version": "1.7.0", "summary": "MongoDB -- Malformed wire protocol messages may cause mongos to crash" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "mongodb50" }, "ranges": [ { "events": [ { "fixed": "5.0.31" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "mongodb60" }, "ranges": [ { "events": [ { "fixed": "6.0.20" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "mongodb70" }, "ranges": [ { "events": [ { "fixed": "7.0.16" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://jira.mongodb.org/browse/SERVER-103151" ], "discovery": "2025-04-01T00:00:00Z", "references": { "cvename": [ "CVE-2025-3082" ] }, "vid": "30418b26-107f-11f0-8195-b42e991fc52e" }, "details": "cna@mongodb.com reports:\n\n> A user authorized to access a view may be able to alter the intended\n> collation, allowing them to access to a different or unintended view\n> of underlying data. This issue affects MongoDB Server v5.0 version\n> prior to 5.0.31, MongoDB Server v6.0 version prior to 6.0.20, MongoDB\n> Server v7.0 version prior to 7.0.14 and MongoDB Server v7.3 versions\n> prior to 7.3.4.\n", "id": "FreeBSD-2025-0085", "modified": "2025-04-03T00:00:00Z", "published": "2025-04-03T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://jira.mongodb.org/browse/SERVER-103151" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2025-3082" }, { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-3082" } ], "schema_version": "1.7.0", "summary": "MongoDB -- Unauthorized access to underlying data" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "openvpn" }, "ranges": [ { "events": [ { "introduced": "2.6.1" }, { "fixed": "2.6.14" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "openvpn-devel" }, "ranges": [ { "events": [ { "fixed": "g20250402,1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://github.com/OpenVPN/openvpn/blob/v2.6.14/Changes.rst#overview-of-changes-in-2614" ], "discovery": "2025-03-26T00:00:00Z", "references": { "cvename": [ "CVE-2025-2704" ] }, "vid": "2cad4541-0f5b-11f0-89f8-411aefea0df9" }, "details": "Gert Doering reports:\n\n> OpenVPN servers between 2.6.1 and 2.6.13 using \\--tls-crypt-v2 can be\n> made to abort with an ASSERT() message by sending a particular\n> combination of authenticated and malformed packets.\n>\n> To trigger the bug, a valid tls-crypt-v2 client key is needed, or\n> network observation of a handshake with a valid tls-crypt-v2 client\n> key\n>\n> No crypto integrity is violated, no data is leaked, and no remote code\n> execution is possible.\n>\n> This bug does not affect OpenVPN clients.\n", "id": "FreeBSD-2025-0084", "modified": "2025-04-02T00:00:00Z", "published": "2025-04-02T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://github.com/OpenVPN/openvpn/blob/v2.6.14/Changes.rst#overview-of-changes-in-2614" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2025-2704" }, { "type": "WEB", "url": "https://github.com/OpenVPN/openvpn/blob/v2.6.14/Changes.rst#overview-of-changes-in-2614" } ], "schema_version": "1.7.0", "summary": "openvpn -- server-side denial-of-service vulnerability with tls-crypt-v2" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "gitea" }, "ranges": [ { "events": [ { "fixed": "1.23.6" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://go.dev/cl/654697" ], "discovery": "2025-03-12T00:00:00Z", "references": { "cvename": [ "CVE-2025-22870", "CVE-2025-29923", "CVE-2025-30204" ] }, "vid": "300f86de-0e4d-11f0-ae40-b42e991fc52e" }, "details": "security@golang.org reports:\n\n> Matching of hosts against proxy patterns can improperly treat an IPv6\n> zone ID as a hostname component. For example, when the NO_PROXY\n> environment variable is set to \\\"\\*.example.com\\\", a request to\n> \\\"\\[::1%25.example.com\\]:80\\` will incorrectly match and not be\n> proxied.\n>\n> go-redis is the official Redis client library for the Go programming\n> language. Prior to 9.5.5, 9.6.3, and 9.7.3, go-redis potentially\n> responds out of order when \\`CLIENT SETINFO\\` times out during\n> connection establishment. This can happen when the client is\n> configured to transmit its identity, there are network connectivity\n> issues, or the client was configured with aggressive timeouts. The\n> problem occurs for multiple use cases. For sticky connections, you\n> receive persistent out-of-order responses for the lifetime of the\n> connection. All commands in the pipeline receive incorrect responses.\n> When used with the default ConnPool once a connection is returned\n> after use with ConnPool#Put the read buffer will be checked and the\n> connection will be marked as bad due to the unread data. This means\n> that at most one out-of-order response before the connection is\n> discarded. This issue is fixed in 9.5.5, 9.6.3, and 9.7.3. You can\n> prevent the vulnerability by setting the flag DisableIndentity to true\n> when constructing the client instance.\n>\n> golang-jwt is a Go implementation of JSON Web Tokens. Prior to 5.2.2\n> and 4.5.2, the function parse.ParseUnverified splits (via a call to\n> strings.Split) its argument (which is untrusted data) on periods. As a\n> result, in the face of a malicious request whose Authorization header\n> consists of Bearer followed by many period characters, a call to that\n> function incurs allocations to the tune of O(n) bytes (where n stands\n> for the length of the function\\'s argument), with a constant factor of\n> about 16. This issue is fixed in 5.2.2 and 4.5.2.\n", "id": "FreeBSD-2025-0083", "modified": "2025-03-31T00:00:00Z", "published": "2025-03-31T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://go.dev/cl/654697" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2025-22870" }, { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-22870" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2025-29923" }, { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-29923" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2025-30204" }, { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-30204" } ], "schema_version": "1.7.0", "summary": "gitea -- Multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "firefox" }, "ranges": [ { "events": [ { "fixed": "136.0,2" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "firefox-esr" }, "ranges": [ { "events": [ { "fixed": "128.8,1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "thunderbird" }, "ranges": [ { "events": [ { "fixed": "136.0" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "thunderbird" }, "ranges": [ { "events": [ { "fixed": "128.8" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "librewolf" }, "ranges": [ { "events": [ { "fixed": "136.0" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://bugzilla.mozilla.org/show_bug.cgi?id=1945392" ], "discovery": "2025-03-04T00:00:00Z", "references": { "cvename": [ "CVE-2025-1932", "CVE-2025-1941", "CVE-2025-1942", "CVE-2025-27424" ] }, "vid": "1a67144d-0d86-11f0-8542-b42e991fc52e" }, "details": "security@mozilla.org reports:\n\n> An inconsistent comparator in xslt/txNodeSorter could have resulted in\n> potentially exploitable out-of-bounds access. Only affected version\n> 122 and later. This vulnerability affects Firefox \\< 136, Firefox ESR\n> \\< 128.8, Thunderbird \\< 136, and Thunderbird \\< 128.8.\n>\n> Under certain circumstances, a user opt-in setting that Focus should\n> require authentication before use could have been be bypassed\n> (distinct from CVE-2025-0245). This vulnerability affects Firefox \\<\n> 136.\n>\n> When String.toUpperCase() caused a string to get longer it was\n> possible for uninitialized memory to be incorporated into the result\n> string This vulnerability affects Firefox \\< 136 and Thunderbird \\<\n> 136.\n>\n> Websites redirecting to a non-HTTP scheme URL could allow a website\n> address to be spoofed for a malicious page This vulnerability affects\n> Firefox for iOS \\< 136.\n", "id": "FreeBSD-2025-0082", "modified": "2025-03-30T00:00:00Z", "published": "2025-03-30T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1945392" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2025-1932" }, { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-1932" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2025-1941" }, { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-1941" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2025-1942" }, { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-1942" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2025-27424" }, { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-27424" } ], "schema_version": "1.7.0", "summary": "mozilla -- multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "suricata" }, "ranges": [ { "events": [ { "fixed": "7.0.9" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://forum.suricata.io/t/suricata-7-0-9-released/5495" ], "discovery": "2025-03-12T00:00:00Z", "references": { "cvename": [ "CVE-2025-29915", "CVE-2025-29916", "CVE-2025-29917", "CVE-2025-29918" ] }, "vid": "1d53db32-0d60-11f0-8542-b42e991fc52e" }, "details": "Suricate team reports:\n\n> Multiple vulnerabilities\n\n- CVE-2025-29915: Severity HIGH. The AF_PACKET defrag option is enabled\n by default and allows AF_PACKET to re-assemble fragmented packets\n before reaching Suricata. However the default packet size in Suricata\n is based on the network interface MTU which leads to Suricata seeing\n truncated packets.\n- CVE-2025-29916: Severity Moderate. Datasets declared in rules have an\n option to specify the \\`hashsize\\` to use. This size setting isn\\'t\n properly limited, so the hash table allocation can be large. Untrusted\n rules can lead to large memory allocations, potentially leading to\n denial of service due to resource starvation\n- CVE-2025-29917: Severity HIGH. The bytes setting in the decode_base64\n keyword is not properly limited. Due to this, signatures using the\n keyword and setting can cause large memory allocations of up to 4 GiB\n per thread.\n- CVE-2025-29918: Severity HIGH. A PCRE rule can be written that leads\n to an infinite loop when negated PCRE is used. Packet processing\n thread becomes stuck in infinite loop limiting visibility and\n availability in inline mode.\n", "id": "FreeBSD-2025-0081", "modified": "2025-03-30T00:00:00Z", "published": "2025-03-30T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://forum.suricata.io/t/suricata-7-0-9-released/5495" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2025-29915" }, { "type": "ADVISORY", "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-29915" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2025-29916" }, { "type": "ADVISORY", "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-29916" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2025-29917" }, { "type": "ADVISORY", "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-29917" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2025-29918" }, { "type": "ADVISORY", "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-29918" } ], "schema_version": "1.7.0", "summary": "suricata -- Multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "qt6-pdf" }, "ranges": [ { "events": [ { "fixed": "6.8.3" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "qt6-webengine" }, "ranges": [ { "events": [ { "fixed": "6.8.3" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://code.qt.io/cgit/qt/qtwebengine-chromium.git/log/?h=122-based" ], "discovery": "2025-02-20T00:00:00Z", "references": { "cvename": [ "CVE-2024-11477", "CVE-2025-0762", "CVE-2025-0996", "CVE-2025-0998", "CVE-2025-0999", "CVE-2025-1006", "CVE-2025-1426", "CVE-2025-1918", "CVE-2025-1919", "CVE-2025-1921", "CVE-2025-2036" ] }, "vid": "7cb6642c-0c5a-11f0-8688-4ccc6adda413" }, "details": "Qt qtwebengine-chromium repo reports:\n\n> Backports for 11 security bugs in Chromium:\n>\n> - CVE-2024-11477: 7-Zip Zstd decompression integer underflow\n> - CVE-2025-0762: Use after free in DevTools\n> - CVE-2025-0996: Inappropriate implementation in Browser UI\n> - CVE-2025-0998: Out of bounds memory access in V8\n> - CVE-2025-0999: Heap buffer overflow in V8\n> - CVE-2025-1006: Use after free in Network\n> - CVE-2025-1426: Heap buffer overflow in GPU\n> - CVE-2025-1918: Out of bounds read in Pdfium\n> - CVE-2025-1919: Out of bounds read in Media\n> - CVE-2025-1921: Inappropriate implementation in Media\n> - CVE-2025-2036: Use after free in Inspector\n", "id": "FreeBSD-2025-0080", "modified": "2025-03-29T00:00:00Z", "published": "2025-03-29T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://code.qt.io/cgit/qt/qtwebengine-chromium.git/log/?h=122-based" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-11477" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2025-0762" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2025-0996" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2025-0998" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2025-0999" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2025-1006" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2025-1426" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2025-1918" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2025-1919" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2025-1921" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2025-2036" }, { "type": "WEB", "url": "https://code.qt.io/cgit/qt/qtwebengine-chromium.git/log/?h=122-based" } ], "schema_version": "1.7.0", "summary": "qt6-webengine -- Multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "electron33" }, "ranges": [ { "events": [ { "fixed": "33.4.8" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "electron34" }, "ranges": [ { "events": [ { "fixed": "34.4.1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://github.com/electron/electron/releases/tag/v33.4.8" ], "discovery": "2025-03-27T00:00:00Z", "references": { "cvename": [ "CVE-2025-2783" ] }, "vid": "01a7e1e1-d249-4dd8-9a4a-ef95b5747afb" }, "details": "Electron developers report:\n\n> This update fixes the following vulnerability:\n>\n> - Security: backported fix for CVE-2025-2783.\n", "id": "FreeBSD-2025-0079", "modified": "2025-03-28T00:00:00Z", "published": "2025-03-28T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://github.com/electron/electron/releases/tag/v33.4.8" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2025-2783" }, { "type": "ADVISORY", "url": "https://github.com/advisories/GHSA-hfqm-jfc6-rh2f" } ], "schema_version": "1.7.0", "summary": "electron{33,34} -- Incorrect handle provided in unspecified circumstances in Mojo" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "gitlab-ce" }, "ranges": [ { "events": [ { "introduced": "17.10.0" }, { "fixed": "17.10.1" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "17.9.0" }, { "fixed": "17.9.3" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "12.10.0" }, { "fixed": "17.8.6" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "gitlab-ee" }, "ranges": [ { "events": [ { "introduced": "17.10.0" }, { "fixed": "17.10.1" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "17.9.0" }, { "fixed": "17.9.3" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "12.10.0" }, { "fixed": "17.8.6" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://about.gitlab.com/releases/2025/03/26/patch-release-gitlab-17-10-1-released/" ], "discovery": "2025-03-26T00:00:00Z", "references": { "cvename": [ "CVE-2025-2255", "CVE-2025-0811", "CVE-2025-2242", "CVE-2024-12619", "CVE-2024-10307", "CVE-2024-9773" ] }, "vid": "1daa2814-0a6c-11f0-b4e4-2cf05da270f3" }, "details": "Gitlab reports:\n\n> Cross-site Scripting (XSS) through merge-request error messages\n>\n> Cross-site Scripting (XSS) through improper rendering of certain file\n> types\n>\n> Admin Privileges Persists After Role is Revoked\n>\n> External user can access internal projects\n>\n> Prompt injection in Amazon Q integration may allow unauthorized\n> actions\n>\n> Uncontrolled Resource Consumption via a maliciously crafted terraform\n> file in merge request\n>\n> Maintainer can inject shell code in Harbor project name configuration\n> when using helper scripts\n", "id": "FreeBSD-2025-0078", "modified": "2025-03-26T00:00:00Z", "published": "2025-03-26T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://about.gitlab.com/releases/2025/03/26/patch-release-gitlab-17-10-1-released/" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2025-2255" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2025-0811" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2025-2242" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-12619" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-10307" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-9773" }, { "type": "WEB", "url": "https://about.gitlab.com/releases/2025/03/26/patch-release-gitlab-17-10-1-released/" } ], "schema_version": "1.7.0", "summary": "Gitlab -- Vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "electron33" }, "ranges": [ { "events": [ { "fixed": "33.4.6" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "electron34" }, "ranges": [ { "events": [ { "fixed": "34.3.4" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://github.com/electron/electron/releases/tag/v33.4.6" ], "discovery": "2025-03-20T00:00:00Z", "references": { "cvename": [ "CVE-2025-1920" ] }, "vid": "964aa5da-f094-47fe-9ebd-2142f9157440" }, "details": "Electron developers report:\n\n> This update fixes the following vulnerability:\n>\n> - Security: backported fix for CVE-2025-1920.\n", "id": "FreeBSD-2025-0077", "modified": "2025-03-25T00:00:00Z", "published": "2025-03-25T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://github.com/electron/electron/releases/tag/v33.4.6" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2025-1920" }, { "type": "ADVISORY", "url": "https://github.com/advisories/GHSA-fhwv-7gx3-h767" } ], "schema_version": "1.7.0", "summary": "electron{33,34} -- Type Confusion in V8" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "qt5-webengine" }, "ranges": [ { "events": [ { "fixed": "5.15.18p7" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://code.qt.io/cgit/qt/qtwebengine-chromium.git/log/?h=87-based" ], "discovery": "2025-02-14T00:00:00Z", "references": { "cvename": [ "CVE-2024-12694" ] }, "vid": "a58fdfef-07c6-11f0-8688-4ccc6adda413" }, "details": "Qt qtwebengine-chromium repo reports:\n\n> Backports for 1 security bug in Chromium:\n>\n> - CVE-2024-12694: Use after free in Compositing\n", "id": "FreeBSD-2025-0076", "modified": "2025-03-23T00:00:00Z", "published": "2025-03-23T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://code.qt.io/cgit/qt/qtwebengine-chromium.git/log/?h=87-based" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-12694" }, { "type": "WEB", "url": "https://code.qt.io/cgit/qt/qtwebengine-chromium.git/log/?h=87-based" } ], "schema_version": "1.7.0", "summary": "qt5-webengine -- Use after free in Compositing" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "varnish7" }, "ranges": [ { "events": [ { "fixed": "7.6.2" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://varnish-cache.org/security/VSV00015.html#vsv00015" ], "discovery": "2024-12-17T00:00:00Z", "references": { "cvename": [ "CVE-2025-30346" ] }, "vid": "26f6733d-06a9-11f0-ba0b-641c67a117d8" }, "details": "The Varnish Development Team reports:\n\n> A client-side desync vulnerability can be triggered in Varnish Cache\n> and Varnish Enterprise. This vulnerability can be triggered under\n> specific circumstances involving malformed HTTP/1 requests.\n", "id": "FreeBSD-2025-0075", "modified": "2025-03-22T00:00:00Z", "published": "2025-03-22T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://varnish-cache.org/security/VSV00015.html#vsv00015" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2025-30346" }, { "type": "WEB", "url": "https://varnish-cache.org/security/VSV00015.html#vsv00015" } ], "schema_version": "1.7.0", "summary": "www/varnish7 -- client-side desync vulnerability" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "chromium" }, "ranges": [ { "events": [ { "fixed": "134.0.6998.117" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "ungoogled-chromium" }, "ranges": [ { "events": [ { "fixed": "134.0.6998.117" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://chromereleases.googleblog.com/2025/03/stable-channel-update-for-desktop_19.html" ], "discovery": "2025-03-19T00:00:00Z", "references": { "cvename": [ "CVE-2025-2476" ] }, "vid": "9456d4e9-055f-11f0-85f3-a8a1599412c6" }, "details": "Chrome Releases reports:\n\n> This update includes 2 security fixes:\n>\n> - \\[401029609\\] Critical CVE-2025-2476: Use after free in Lens.\n> Reported by SungKwon Lee of Enki Whitehat on 2025-03-05\n", "id": "FreeBSD-2025-0074", "modified": "2025-03-20T00:00:00Z", "published": "2025-03-20T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://chromereleases.googleblog.com/2025/03/stable-channel-update-for-desktop_19.html" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2025-2476" }, { "type": "WEB", "url": "https://chromereleases.googleblog.com/2025/03/stable-channel-update-for-desktop_19.html" } ], "schema_version": "1.7.0", "summary": "chromium -- multiple security fixes" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "php81" }, "ranges": [ { "events": [ { "fixed": "8.1.32" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "php82" }, "ranges": [ { "events": [ { "fixed": "8.2.28" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "php83" }, "ranges": [ { "events": [ { "fixed": "8.3.19" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "php84" }, "ranges": [ { "events": [ { "fixed": "8.4.5" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://www.php.net/ChangeLog-8.php" ], "discovery": "2025-03-13T00:00:00Z", "references": { "cvename": [ "CVE-2024-11235", "CVE-2025-1219", "CVE-2025-1736", "CVE-2025-1861", "CVE-2025-1734", "CVE-2025-1217" ] }, "vid": "2ac2ddc2-0051-11f0-8673-f02f7432cf97" }, "details": "php.net reports:\n\n> - CVE-2024-11235: Core: Fixed GHSA-rwp7-7vc6-8477 (Reference counting\n> in php_request_shutdown causes Use-After-Free).\n> - CVE-2025-1219: LibXML: Fixed GHSA-p3x9-6h7p-cgfc (libxml streams use\n> wrong \\`content-type\\` header when requesting a redirected\n> resource).\n> - CVE-2025-1736: Streams: Fixed GHSA-hgf5-96fm-v528 (Stream HTTP\n> wrapper header check might omit basic auth header).\n> - CVE-2025-1861: Streams: Fixed GHSA-52jp-hrpf-2jff (Stream HTTP\n> wrapper truncate redirect location to 1024 bytes).\n> - CVE-2025-1734: Streams: Fixed GHSA-pcmh-g36c-qc44 (Streams HTTP\n> wrapper does not fail for headers without colon).\n> - CVE-2025-1217: Streams: Fixed GHSA-v8xr-gpvj-cx9g (Header parser of\n> \\`http\\` stream wrapper does not handle folded headers).\n", "id": "FreeBSD-2025-0073", "modified": "2025-03-13T00:00:00Z", "published": "2025-03-13T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://www.php.net/ChangeLog-8.php" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-11235" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2025-1219" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2025-1736" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2025-1861" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2025-1734" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2025-1217" }, { "type": "WEB", "url": "https://www.php.net/ChangeLog-8.php" } ], "schema_version": "1.7.0", "summary": "php -- Multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "opensaml" }, "ranges": [ { "events": [ { "fixed": "3.3.1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://shibboleth.net/community/advisories/secadv_20250313.txt" ], "discovery": "2025-03-13T00:00:00Z", "vid": "0b43fac4-005d-11f0-a540-6cc21735f730" }, "details": "The Shibboleth Project reports:\n\n> An updated version of the OpenSAML C++ library is available which\n> corrects a parameter manipulation vulnerability when using SAML\n> bindings that rely on non-XML signatures. The Shibboleth Service\n> Provider is impacted by this issue, and it manifests as a critical\n> security issue in that context.\n>\n> Parameter manipulation allows the forging of signed SAML messages\n>\n> A number of vulnerabilities in the OpenSAML library used by the\n> Shibboleth Service Provider allowed for creative manipulation of\n> parameters combined with reuse of the contents of older requests to\n> fool the library\\'s signature verification of non-XML based signed\n> messages.\n>\n> Most uses of that feature involve very low or low impact use cases\n> without critical security implications; however, there are two\n> scenarios that are much more critical, one affecting the SP and one\n> affecting some implementers who have implemented their own code on top\n> of our OpenSAML library and done so improperly.\n>\n> The SP\\'s support for the HTTP-POST-SimpleSign SAML binding for Single\n> Sign-On responses is its critical vulnerability, and it is enabled by\n> default (regardless of what one\\'s published SAML metadata may\n> advertise).\n>\n> The other critical case involves a mistake that does \\*not\\* impact\n> the Shibboleth SP, allowing SSO to occur over the HTTP-Redirect\n> binding contrary to the plain language of the SAML Browser SSO\n> profile. The SP does not support this, but other implementers may have\n> done so.\n>\n> Prior to updating, it is possible to mitigate the POST-SimpleSign\n> vulnerability by editing the protocols.xml configuration file and\n> removing this line:\n> ``\n", "id": "FreeBSD-2025-0072", "modified": "2025-03-13T00:00:00Z", "published": "2025-03-13T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://shibboleth.net/community/advisories/secadv_20250313.txt" }, { "type": "WEB", "url": "https://shibboleth.net/community/advisories/secadv_20250313.txt" } ], "schema_version": "1.7.0", "summary": "shibboleth-sp -- Parameter manipulation allows the forging of signed SAML messages" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "gitlab-ce" }, "ranges": [ { "events": [ { "introduced": "17.9.0" }, { "fixed": "17.9.2" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "17.8.0" }, { "fixed": "17.8.5" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "11.5" }, { "fixed": "17.7.7" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "gitlab-ee" }, "ranges": [ { "events": [ { "introduced": "17.9.0" }, { "fixed": "17.9.2" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "17.8.0" }, { "fixed": "17.8.5" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "11.5" }, { "fixed": "17.7.7" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://about.gitlab.com/releases/2025/03/12/patch-release-gitlab-17-9-2-released/" ], "discovery": "2025-03-12T00:00:00Z", "references": { "cvename": [ "CVE-2025-25291", "CVE-2025-25292", "CVE-2025-27407", "CVE-2024-13054", "CVE-2024-12380", "CVE-2025-1257", "CVE-2025-0652", "CVE-2024-8402", "CVE-2024-7296" ] }, "vid": "a435609c-ffd5-11ef-b4e4-2cf05da270f3" }, "details": "Gitlab reports:\n\n> CVE-2025-25291 and CVE-2025-25292 (third party gem ruby-saml)\n>\n> CVE-2025-27407 (third party gem graphql)\n>\n> Denial of Service Due to Inefficient Processing of Untrusted Input\n>\n> Credentials disclosed when repository mirroring fails\n>\n> Denial of Service Vulnerability in GitLab Approval Rules due to\n> Unbounded Field\n>\n> Internal Notes in Merge Requests Are Emailed to Non-Members Upon\n> Review Submission\n>\n> Maintainer can inject shell code in Google integrations\n>\n> Guest with custom Admin group member permissions can approve the users\n> invitation despite user caps\n", "id": "FreeBSD-2025-0071", "modified": "2025-03-13T00:00:00Z", "published": "2025-03-13T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://about.gitlab.com/releases/2025/03/12/patch-release-gitlab-17-9-2-released/" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2025-25291" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2025-25292" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2025-27407" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-13054" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-12380" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2025-1257" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2025-0652" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-8402" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-7296" }, { "type": "WEB", "url": "https://about.gitlab.com/releases/2025/03/12/patch-release-gitlab-17-9-2-released/" } ], "schema_version": "1.7.0", "summary": "Gitlab -- Vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "vim" }, "ranges": [ { "events": [ { "fixed": "9.1.1198" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://github.com/vim/vim/security/advisories/GHSA-693p-m996-3rmf" ], "discovery": "2025-03-12T00:00:00Z", "references": { "cvename": [ "CVE-2025-29768" ] }, "vid": "9cf03c96-ffa5-11ef-bb15-002590af0794" }, "details": "Vim reports:\n\n> See https://github.com/vim/vim/security/advisories/GHSA-693p-m996-3rmf\n", "id": "FreeBSD-2025-0070", "modified": "2025-03-12T00:00:00Z", "published": "2025-03-12T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://github.com/vim/vim/security/advisories/GHSA-693p-m996-3rmf" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2025-29768" }, { "type": "WEB", "url": "https://github.com/vim/vim/security/advisories/GHSA-693p-m996-3rmf" } ], "schema_version": "1.7.0", "summary": "vim -- potential data loss with zip.vim and specially crafted zip files" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "chromium" }, "ranges": [ { "events": [ { "fixed": "134.0.6998.88" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "ungoogled-chromium" }, "ranges": [ { "events": [ { "fixed": "134.0.6998.88" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://chromereleases.googleblog.com/2025/03/stable-channel-update-for-desktop_10.html" ], "discovery": "2025-03-10T00:00:00Z", "references": { "cvename": [ "CVE-2025-1920", "CVE-2025-2135", "CVE-2025-2136", "CVE-2025-2137" ] }, "vid": "a02a6d94-fe53-11ef-85f3-a8a1599412c6" }, "details": "Chrome Releases reports:\n\n> This update includes 5 security fixes:\n>\n> - \\[398065918\\] High CVE-2025-1920: Type Confusion in V8. Reported by\n> Excello s.r.o. on 2025-02-21\n> - \\[400052777\\] High CVE-2025-2135: Type Confusion in V8. Reported by\n> Zhenghang Xiao (@Kipreyyy) on 2025-03-02\n> - \\[401059730\\] High CVE-TBD: Out of bounds write in GPU. Reported on\n> 2025-03-05\n> - \\[395032416\\] Medium CVE-2025-2136: Use after free in Inspector.\n> Reported by Sakana.S on 2025-02-10\n> - \\[398999390\\] Medium CVE-2025-2137: Out of bounds read in V8.\n> Reported by zeroxiaobai@ on 2025-02-25\n", "id": "FreeBSD-2025-0069", "modified": "2025-03-11T00:00:00Z", "published": "2025-03-11T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://chromereleases.googleblog.com/2025/03/stable-channel-update-for-desktop_10.html" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2025-1920" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2025-2135" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2025-2136" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2025-2137" }, { "type": "WEB", "url": "https://chromereleases.googleblog.com/2025/03/stable-channel-update-for-desktop_10.html" } ], "schema_version": "1.7.0", "summary": "chromium -- multiple security fixes" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "libreoffice" }, "ranges": [ { "events": [ { "introduced": "24.8" }, { "fixed": "24.8.5" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "25.2" }, { "fixed": "25.2.1" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://www.libreoffice.org/about-us/security/advisories/cve-2025-1080" ], "discovery": "2025-03-04T00:00:00Z", "references": { "cvename": [ "CVE-2025-1080" ] }, "vid": "a86f9189-fdd9-11ef-91ff-b42e991fc52e" }, "details": "security@documentfoundation.org reports:\n\n> LibreOffice supports Office URI Schemes to enable browser integration\n> of LibreOffice with MS SharePoint server. An additional scheme\n> \\'vnd.libreoffice.command\\' specific to LibreOffice was added. In the\n> affected versions of LibreOffice a link in a browser using that scheme\n> could be constructed with an embedded inner URL that when passed to\n> LibreOffice could call internal macros with arbitrary arguments. This\n> issue affects LibreOffice: from 24.8 before \\< 24.8.5, from 25.2\n> before \\< 25.2.1.\n", "id": "FreeBSD-2025-0068", "modified": "2025-03-10T00:00:00Z", "published": "2025-03-10T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://www.libreoffice.org/about-us/security/advisories/cve-2025-1080" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2025-1080" }, { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-1080" } ], "schema_version": "1.7.0", "summary": "libreoffice -- Macro URL arbitrary script execution" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "vim" }, "ranges": [ { "events": [ { "fixed": "9.1.1164" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "vim-gtk2" }, "ranges": [ { "events": [ { "fixed": "9.1.1164" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "vim-gtk3" }, "ranges": [ { "events": [ { "fixed": "9.1.1164" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "vim-motif" }, "ranges": [ { "events": [ { "fixed": "9.1.1164" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "vim-tiny" }, "ranges": [ { "events": [ { "fixed": "9.1.1164" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "vim-x11" }, "ranges": [ { "events": [ { "fixed": "9.1.1164" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://github.com/vim/vim/commit/129a8446d23cd9cb4445fcfea259cba5e0487d29" ], "discovery": "2025-03-03T00:00:00Z", "references": { "cvename": [ "CVE-2025-27423" ] }, "vid": "2ec7816d-fdb7-11ef-91ff-b42e991fc52e" }, "details": "security-advisories@github.com reports:\n\n> Vim is distributed with the tar.vim plugin, that allows easy editing\n> and viewing of (compressed or uncompressed) tar files. Starting with\n> 9.1.0858, the tar.vim plugin uses the \\\":read\\\" ex command line to\n> append below the cursor position, however the is not sanitized and is\n> taken literally from the tar archive. This allows to execute\n> shellcommands via special crafted tar archives. Whether this really\n> happens, depends on the shell being used (\\'shell\\' option, which is\n> set using \\$SHELL).\n", "id": "FreeBSD-2025-0067", "modified": "2025-03-10T00:00:00Z", "published": "2025-03-10T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://github.com/vim/vim/commit/129a8446d23cd9cb4445fcfea259cba5e0487d29" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2025-27423" }, { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-27423" } ], "schema_version": "1.7.0", "summary": "vim -- Improper Input Validation in Vim" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "electron33" }, "ranges": [ { "events": [ { "fixed": "33.4.3" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://github.com/electron/electron/releases/tag/v33.4.3" ], "discovery": "2025-03-06T00:00:00Z", "references": { "cvename": [ "CVE-2025-0445", "CVE-2025-0995", "CVE-2025-0998" ] }, "vid": "6ba9e26e-c9c6-49f7-ae43-47e5864f0b66" }, "details": "Electron develpers report:\n\n> This update fixes the following vulnerabilities:\n>\n> - Security: backported fix for CVE-2025-0445.\n> - Security: backported fix for CVE-2025-0995.\n> - Security: backported fix for CVE-2025-0998.\n", "id": "FreeBSD-2025-0066", "modified": "2025-03-08T00:00:00Z", "published": "2025-03-08T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://github.com/electron/electron/releases/tag/v33.4.3" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2025-0445" }, { "type": "ADVISORY", "url": "https://github.com/advisories/GHSA-q4fq-38gr-ccp3" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2025-0995" }, { "type": "ADVISORY", "url": "https://github.com/advisories/GHSA-377p-4737-hx6m" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2025-0998" }, { "type": "ADVISORY", "url": "https://github.com/advisories/GHSA-4v9x-qxmv-4h58" } ], "schema_version": "1.7.0", "summary": "electron33 -- multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "electron32" }, "ranges": [ { "events": [ { "fixed": "32.3.3" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://github.com/electron/electron/releases/tag/v32.3.3" ], "discovery": "2025-03-03T00:00:00Z", "references": { "cvename": [ "CVE-2025-0445", "CVE-2025-0998" ] }, "vid": "6e27040b-61b7-4989-9471-dfb10c3cd76e" }, "details": "Electron developers report:\n\n> This update fixes the following vulnerabilities:\n>\n> - Security: backported fix for CVE-2025-0445.\n> - Security: backported fix for CVE-2025-0998.\n", "id": "FreeBSD-2025-0065", "modified": "2025-03-07T00:00:00Z", "published": "2025-03-07T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://github.com/electron/electron/releases/tag/v32.3.3" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2025-0445" }, { "type": "ADVISORY", "url": "https://github.com/advisories/GHSA-q4fq-38gr-ccp3" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2025-0998" }, { "type": "ADVISORY", "url": "https://github.com/advisories/GHSA-4v9x-qxmv-4h58" } ], "schema_version": "1.7.0", "summary": "electron32 -- multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "py38-Jinja2" }, "ranges": [ { "events": [ { "fixed": "3.1.6" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "py39-Jinja2" }, "ranges": [ { "events": [ { "fixed": "3.1.6" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "py310-Jinja2" }, "ranges": [ { "events": [ { "fixed": "3.1.6" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "py311-Jinja2" }, "ranges": [ { "events": [ { "fixed": "3.1.6" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://github.com/pallets/jinja/commit/90457bbf33b8662926ae65cdde4c4c32e756e403" ], "discovery": "2025-03-05T00:00:00Z", "references": { "cvename": [ "CVE-2025-27516" ] }, "vid": "3299cbfd-fa6e-11ef-929d-b0416f0c4c67" }, "details": "security-advisories@github.com reports:\n\n> Jinja is an extensible templating engine. Prior to 3.1.6, an oversight\n> in how the Jinja sandboxed environment interacts with the \\|attr\n> filter allows an attacker that controls the content of a template to\n> execute arbitrary Python code. To exploit the vulnerability, an\n> attacker needs to control the content of a template. Whether that is\n> the case depends on the type of application using Jinja. This\n> vulnerability impacts users of applications which execute untrusted\n> templates. Jinja\\'s sandbox does catch calls to str.format and ensures\n> they don\\'t escape the sandbox. However, it\\'s possible to use the\n> \\|attr filter to get a reference to a string\\'s plain format method,\n> bypassing the sandbox. After the fix, the \\|attr filter no longer\n> bypasses the environment\\'s attribute lookup. This vulnerability is\n> fixed in 3.1.6.\n", "id": "FreeBSD-2025-0064", "modified": "2025-03-06T00:00:00Z", "published": "2025-03-06T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://github.com/pallets/jinja/commit/90457bbf33b8662926ae65cdde4c4c32e756e403" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2025-27516" }, { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-27516" } ], "schema_version": "1.7.0", "summary": "Jinja2 -- Sandbox breakout through attr filter selecting format method" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "xorg-server" }, "ranges": [ { "events": [ { "fixed": "21.1.16,1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "xephyr" }, "ranges": [ { "events": [ { "fixed": "21.1.16,1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "xorg-vfbserver" }, "ranges": [ { "events": [ { "fixed": "21.1.16,1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "xorg-nextserver" }, "ranges": [ { "events": [ { "fixed": "21.1.16,2" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "xwayland" }, "ranges": [ { "events": [ { "fixed": "24.1.6" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://lists.x.org/archives/xorg-announce/2025-February/003584.html" ], "discovery": "2025-02-25T00:00:00Z", "references": { "cvename": [ "CVE-2025-26594", "CVE-2025-26595", "CVE-2025-26596", "CVE-2025-26597", "CVE-2025-26598", "CVE-2025-26599", "CVE-2025-26600", "CVE-2025-26601" ] }, "vid": "f4297478-fa62-11ef-b597-001fc69cd6dc" }, "details": "The X.Org project reports:\n\n> - CVE-2025-26594: Use-after-free of the root cursor\n>\n> The root cursor is referenced in the xserver as a global variable.\n> If a client manages to free the root cursor, the internal reference\n> points to freed memory and causes a use-after-free.\n>\n> - CVE-2025-26595: Buffer overflow in XkbVModMaskText()\n>\n> The code in XkbVModMaskText() allocates a fixed sized buffer on the\n> stack and copies the names of the virtual modifiers to that buffer.\n> The code however fails to check the bounds of the buffer correctly\n> and would copy the data regardless of the size, which may lead to a\n> buffer overflow.\n>\n> - CVE-2025-26596: Heap overflow in XkbWriteKeySyms()\n>\n> The computation of the length in XkbSizeKeySyms() differs from what\n> is actually written in XkbWriteKeySyms(), which may lead to a heap\n> based buffer overflow.\n>\n> - CVE-2025-26597: Buffer overflow in XkbChangeTypesOfKey()\n>\n> If XkbChangeTypesOfKey() is called with 0 group, it will resize the\n> key symbols table to 0 but leave the key actions unchanged. If\n> later, the same function is called with a non-zero value of groups,\n> this will cause a buffer overflow because the key actions are of the\n> wrong size.\n>\n> - CVE-2025-26598: Out-of-bounds write in CreatePointerBarrierClient()\n>\n> The function GetBarrierDevice() searches for the pointer device\n> based on its device id and returns the matching value, or supposedly\n> NULL if no match was found. However the code will return the last\n> element of the list if no matching device id was found which can\n> lead to out of bounds memory access.\n>\n> - CVE-2025-26599: Use of uninitialized pointer in compRedirectWindow()\n>\n> The function compCheckRedirect() may fail if it cannot allocate the\n> backing pixmap. In that case, compRedirectWindow() will return a\n> BadAlloc error without the validation of the window tree marked just\n> before, which leaves the validate data partly initialized, and the\n> use of an uninitialized pointer later.\n>\n> - CVE-2025-26600: Use-after-free in PlayReleasedEvents()\n>\n> When a device is removed while still frozen, the events queued for\n> that device remain while the device itself is freed and replaying\n> the events will cause a use after free.\n>\n> - CVE-2025-26601: Use-after-free in SyncInitTrigger()\n>\n> When changing an alarm, the values of the change mask are evaluated\n> one after the other, changing the trigger values as requested and\n> eventually, SyncInitTrigger() is called. If one of the changes\n> triggers an error, the function will return early, not adding the\n> new sync object. This can be used to cause a use after free when the\n> alarm eventually triggers.\n", "id": "FreeBSD-2025-0063", "modified": "2025-03-06T00:00:00Z", "published": "2025-03-06T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://lists.x.org/archives/xorg-announce/2025-February/003584.html" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2025-26594" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2025-26595" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2025-26596" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2025-26597" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2025-26598" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2025-26599" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2025-26600" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2025-26601" }, { "type": "WEB", "url": "https://lists.x.org/archives/xorg-announce/2025-February/003584.html" } ], "schema_version": "1.7.0", "summary": "xorg server -- Multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "caldera" }, "ranges": [ { "events": [ { "fixed": "5.2.0" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "caldera4" }, "ranges": [ { "events": [ { "last_affected": "4.2.0" }, { "fixed": "4.2.0" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://github.com/mitre/caldera/pull/3129" ], "discovery": "2025-02-16T00:00:00Z", "references": { "cvename": [ "CVE-2025-27364" ] }, "vid": "d8bd20ae-fa48-11ef-ab7a-ace2d30de67a" }, "details": "MITRE Caldera contributor report:\n\n> In MITRE Caldera through 4.2.0 and 5.0.0 before 35bc06e, a Remote Code\n> Execution (RCE) vulnerability was found in the dynamic agent (implant)\n> compilation functionality of the server. This allows remote attackers\n> to execute arbitrary code on the server that Caldera is running on via\n> a crafted web request to the Caldera server API used for compiling and\n> downloading of Caldera\\'s Sandcat or Manx agent (implants). This web\n> request can use the gcc -extldflags linker flag with sub-commands.\n", "id": "FreeBSD-2025-0062", "modified": "2025-03-06T00:00:00Z", "published": "2025-03-06T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://github.com/mitre/caldera/pull/3129" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2025-27364" }, { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-27364" } ], "schema_version": "1.7.0", "summary": "caldera -- Remote Code Execution" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "jenkins" }, "ranges": [ { "events": [ { "fixed": "2.500" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "jenkins-lts" }, "ranges": [ { "events": [ { "fixed": "2.492.2" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://www.jenkins.io/security/advisory/2025-03-05/" ], "discovery": "2025-03-05T00:00:00Z", "references": { "cvename": [ "CVE-2025-27622", "CVE-2025-27623", "CVE-2025-27624", "CVE-2025-27625" ] }, "vid": "cb98d018-f9f5-11ef-a398-00e081b7aa2d" }, "details": "Jenkins Security Advisory:\n\n> # Description\n>\n> ##### (Medium) SECURITY-3495 / CVE-2025-27622\n>\n> Encrypted values of secrets stored in agent configuration revealed to\n> users with Agent/Extended Read permission\n>\n> # Description\n>\n> ##### (Medium) SECURITY-3496 / CVE-2025-27623\n>\n> Encrypted values of secrets stored in view configuration revealed to\n> users with View/Read permission\n>\n> # Description\n>\n> ##### (Medium) SECURITY-3498 / CVE-2025-27624\n>\n> CSRF vulnerability\n>\n> # Description\n>\n> ##### (Medium) SECURITY-3501 / CVE-2025-27625\n>\n> Open redirect vulnerability\n", "id": "FreeBSD-2025-0061", "modified": "2025-03-05T00:00:00Z", "published": "2025-03-05T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://www.jenkins.io/security/advisory/2025-03-05/" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2025-27622" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2025-27623" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2025-27624" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2025-27625" }, { "type": "WEB", "url": "https://www.jenkins.io/security/advisory/2025-03-05/" } ], "schema_version": "1.7.0", "summary": "jenkins -- multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "py38-spotipy" }, "ranges": [ { "events": [ { "fixed": "2.25.1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "py39-spotipy" }, "ranges": [ { "events": [ { "fixed": "2.25.1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "py310-spotipy" }, "ranges": [ { "events": [ { "fixed": "2.25.1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "py311-spotipy" }, "ranges": [ { "events": [ { "fixed": "2.25.1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://github.com/spotipy-dev/spotipy/blob/master/spotipy/cache_handler.py#L93-L98" ], "discovery": "2025-02-27T00:00:00Z", "references": { "cvename": [ "CVE-2025-27154" ] }, "vid": "475d1968-f99d-11ef-b382-b0416f0c4c67" }, "details": "security-advisories@github.com reports:\n\n> Spotipy is a lightweight Python library for the Spotify Web API. The\n> \\`CacheHandler\\` class creates a cache file to store the auth token.\n> Prior to version 2.25.1, the file created has \\`rw-r\\--r\\--\\` (644)\n> permissions by default, when it could be locked down to\n> \\`rw\\-\\-\\-\\-\\-\\--\\` (600) permissions. This leads to overly broad\n> exposure of the spotify auth token. If this token can be read by an\n> attacker (another user on the machine, or a process running as another\n> user), it can be used to perform administrative actions on the Spotify\n> account, depending on the scope granted to the token. Version 2.25.1\n> tightens the cache file permissions.\n", "id": "FreeBSD-2025-0060", "modified": "2025-03-05T00:00:00Z", "published": "2025-03-05T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://github.com/spotipy-dev/spotipy/blob/master/spotipy/cache_handler.py#L93-L98" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2025-27154" }, { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-27154" } ], "schema_version": "1.7.0", "summary": "Spotipy -- Spotipy's cache file, containing spotify auth token, is created with overly broad permissions" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "chromium" }, "ranges": [ { "events": [ { "fixed": "134.0.6998.35" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "ungoogled-chromium" }, "ranges": [ { "events": [ { "fixed": "134.0.6998.35" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://chromereleases.googleblog.com/2025/03/stable-channel-update-for-desktop.html" ], "discovery": "2025-03-04T00:00:00Z", "references": { "cvename": [ "CVE-2025-1914", "CVE-2025-1915", "CVE-2025-1916", "CVE-2025-1917", "CVE-2025-1918", "CVE-2025-1919", "CVE-2025-1921", "CVE-2025-1922", "CVE-2025-1923" ] }, "vid": "9c62d3f0-f997-11ef-85f3-a8a1599412c6" }, "details": "Chrome Releases reports:\n\n> This update includes 14 security fixes:\n>\n> - \\[397731718\\] High CVE-2025-1914: Out of bounds read in V8. Reported\n> by Zhenghang Xiao (@Kipreyyy) and Nan Wang (@eternalsakura13) on\n> 2025-02-20\n> - \\[391114799\\] Medium CVE-2025-1915: Improper Limitation of a\n> Pathname to a Restricted Directory in DevTools. Reported by Topi\n> Lassila on 2025-01-20\n> - \\[376493203\\] Medium CVE-2025-1916: Use after free in Profiles.\n> Reported by parkminchan, SSD Labs Korea on 2024-10-31\n> - \\[329476341\\] Medium CVE-2025-1917: Inappropriate Implementation in\n> Browser UI. Reported by Khalil Zhani on 2024-03-14\n> - \\[388557904\\] Medium CVE-2025-1918: Out of bounds read in PDFium.\n> Reported by asnine on 2025-01-09\n> - \\[392375312\\] Medium CVE-2025-1919: Out of bounds read in Media.\n> Reported by \\@Bl1nnnk and \\@Pisanbao on 2025-01-26\n> - \\[387583503\\] Medium CVE-2025-1921: Inappropriate Implementation in\n> Media Stream. Reported by Kaiido on 2025-01-04\n> - \\[384033062\\] Low CVE-2025-1922: Inappropriate Implementation in\n> Selection. Reported by Alesandro Ortiz on 2024-12-14\n> - \\[382540635\\] Low CVE-2025-1923: Inappropriate Implementation in\n> Permission Prompts. Reported by Khalil Zhani on 2024-12-06\n", "id": "FreeBSD-2025-0059", "modified": "2025-03-05T00:00:00Z", "published": "2025-03-05T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://chromereleases.googleblog.com/2025/03/stable-channel-update-for-desktop.html" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2025-1914" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2025-1915" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2025-1916" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2025-1917" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2025-1918" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2025-1919" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2025-1921" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2025-1922" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2025-1923" }, { "type": "WEB", "url": "https://chromereleases.googleblog.com/2025/03/stable-channel-update-for-desktop.html" } ], "schema_version": "1.7.0", "summary": "chromium -- multiple security fixes" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "electron32" }, "ranges": [ { "events": [ { "fixed": "32.3.2" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "electron33" }, "ranges": [ { "events": [ { "fixed": "33.4.2" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://github.com/electron/electron/releases/tag/v32.3.2" ], "discovery": "2025-02-27T00:00:00Z", "references": { "cvename": [ "CVE-2025-0611", "CVE-2025-0612", "CVE-2025-0999" ] }, "vid": "f4f3e001-402b-4d6d-8efa-ab11fcf8de2b" }, "details": "Electron developers report:\n\n> This update fixes the following vulnerabilities:\n>\n> - Security: backported fix for CVE-2025-0611.\n> - Security: backported fix for CVE-2025-0612.\n> - Security: backported fix for CVE-2025-0999.\n", "id": "FreeBSD-2025-0058", "modified": "2025-03-04T00:00:00Z", "published": "2025-03-04T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://github.com/electron/electron/releases/tag/v32.3.2" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2025-0611" }, { "type": "ADVISORY", "url": "https://github.com/advisories/GHSA-83vc-v46q-mv3w" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2025-0612" }, { "type": "ADVISORY", "url": "https://github.com/advisories/GHSA-c6xg-jh94-mf2w" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2025-0999" }, { "type": "ADVISORY", "url": "https://github.com/advisories/GHSA-f2jv-hxph-r5wm" } ], "schema_version": "1.7.0", "summary": "electron{32,33} -- multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "unit" }, "ranges": [ { "events": [ { "introduced": "1.11.0" }, { "fixed": "1.34.2" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "unit-java" }, "ranges": [ { "events": [ { "introduced": "1.11.0" }, { "fixed": "1.34.2" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://mailman.nginx.org/pipermail/unit/2025-March/QVYLJKLBIDWOJ7OLYGT27VUWH7RGBRQM.html" ], "discovery": "2025-03-03T00:00:00Z", "references": { "cvename": [ "CVE-2025-1695" ] }, "vid": "6af5e3a3-f85a-11ef-95b9-589cfc10a551" }, "details": "The NGINX Unit team reports:\n\n> Unit 1.34.2 fixes two issues in the Java language module websocket\n> code.\n>\n> 1. It addresses a potential security issue where we could get a\n> negative payload length that could cause the Java language module\n> process(es) to enter an infinite loop and consume excess CPU. This\n> was a bug carried over from the initial Java websocket code\n> import. It has been re-issued a CVE number (CVE-2025-1695).\n> 2. It addresses an issue whereby decoded payload lengths would be\n> limited to 32 bits.\n", "id": "FreeBSD-2025-0057", "modified": "2025-03-03T00:00:00Z", "published": "2025-03-03T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://mailman.nginx.org/pipermail/unit/2025-March/QVYLJKLBIDWOJ7OLYGT27VUWH7RGBRQM.html" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2025-1695" }, { "type": "WEB", "url": "https://mailman.nginx.org/pipermail/unit/2025-March/QVYLJKLBIDWOJ7OLYGT27VUWH7RGBRQM.html" } ], "schema_version": "1.7.0", "summary": "unit -- potential security issue" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "vim" }, "ranges": [ { "events": [ { "fixed": "9.1.1164" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "vim-gtk2" }, "ranges": [ { "events": [ { "fixed": "9.1.1164" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "vim-gtk3" }, "ranges": [ { "events": [ { "fixed": "9.1.1164" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "vim-motif" }, "ranges": [ { "events": [ { "fixed": "9.1.1164" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "vim-x11" }, "ranges": [ { "events": [ { "fixed": "9.1.1164" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "vim-tiny" }, "ranges": [ { "events": [ { "fixed": "9.1.1164" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://github.com/vim/vim/security/advisories/GHSA-wfmf-8626-q3r3" ], "discovery": "2025-03-02T00:00:00Z", "vid": "398d1ec1-f7e6-11ef-bb15-002590af0794" }, "details": "vim reports:\n\n> # Summary\n>\n> Potential code execution with tar.vim and special crafted tar files\n>\n> # Description\n>\n> Vim is distributed with the tar.vim plugin, that allows easy editing\n> and viewing of (compressed or uncompressed) tar files.\n>\n> Since commit 129a844 (Nov 11, 2024 runtime(tar): Update tar.vim to\n> support permissions), the tar.vim plugin uses the \\\":read \\\" ex\n> command line to append below the cursor position, however the is not\n> sanitized and is taken literaly from the tar archive. This allows to\n> execute shell commands via special crafted tar archives. Whether this\n> really happens, depends on the shell being used (\\'shell\\' option,\n> which is set using \\$SHELL).\n>\n> # Impact\n>\n> Impact is high but a user must be convinced to edit such a file using\n> Vim which will reveal the filename, so a careful user may suspect some\n> strange things going on.\n", "id": "FreeBSD-2025-0056", "modified": "2025-03-02T00:00:00Z", "published": "2025-03-02T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://github.com/vim/vim/security/advisories/GHSA-wfmf-8626-q3r3" }, { "type": "WEB", "url": "https://github.com/vim/vim/security/advisories/GHSA-wfmf-8626-q3r3" } ], "schema_version": "1.7.0", "summary": "vim -- Potential code execution" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "gitlab-ce" }, "ranges": [ { "events": [ { "introduced": "17.9.0" }, { "fixed": "17.9.1" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "17.8.0" }, { "fixed": "17.8.4" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "15.10.0" }, { "fixed": "17.7.6" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "gitlab-ee" }, "ranges": [ { "events": [ { "introduced": "17.9.0" }, { "fixed": "17.9.1" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "17.8.0" }, { "fixed": "17.8.4" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "15.10.0" }, { "fixed": "17.7.6" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://about.gitlab.com/releases/2025/02/26/patch-release-gitlab-17-9-1-released/" ], "discovery": "2025-02-26T00:00:00Z", "references": { "cvename": [ "CVE-2025-0475", "CVE-2025-0555", "CVE-2024-8186", "CVE-2024-10925", "CVE-2025-0307" ] }, "vid": "8fb9101e-f58a-11ef-b4e4-2cf05da270f3" }, "details": "Gitlab reports:\n\n> XSS in k8s proxy endpoint\n>\n> XSS Maven Dependency Proxy\n>\n> HTML injection leads to XSS on self hosted instances\n>\n> Improper Authorisation Check Allows Guest User to Read Security Policy\n>\n> Planner role can read code review analytics in private projects\n", "id": "FreeBSD-2025-0055", "modified": "2025-02-28T00:00:00Z", "published": "2025-02-28T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://about.gitlab.com/releases/2025/02/26/patch-release-gitlab-17-9-1-released/" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2025-0475" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2025-0555" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-8186" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-10925" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2025-0307" }, { "type": "WEB", "url": "https://about.gitlab.com/releases/2025/02/26/patch-release-gitlab-17-9-1-released/" } ], "schema_version": "1.7.0", "summary": "Gitlab -- Vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "chromium" }, "ranges": [ { "events": [ { "fixed": "133.0.6943.141" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "ungoogled-chromium" }, "ranges": [ { "events": [ { "fixed": "133.0.6943.141" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://chromereleases.googleblog.com/2025/02/stable-channel-update-for-desktop_25.html" ], "discovery": "2025-02-25T00:00:00Z", "vid": "a4cb7f9b-f506-11ef-85f3-a8a1599412c6" }, "details": "Chrome Releases reports:\n\n> This update includes 1 security fix.\n", "id": "FreeBSD-2025-0054", "modified": "2025-02-27T00:00:00Z", "published": "2025-02-27T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://chromereleases.googleblog.com/2025/02/stable-channel-update-for-desktop_25.html" }, { "type": "WEB", "url": "https://chromereleases.googleblog.com/2025/02/stable-channel-update-for-desktop_25.html" } ], "schema_version": "1.7.0", "summary": "chromium -- multiple security fixes" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "exiv2" }, "ranges": [ { "events": [ { "introduced": "0.28.0" }, { "fixed": "0.28.5" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://github.com/Exiv2/exiv2/security/advisories/GHSA-38h4-fx85-qcx7" ], "discovery": "2025-02-18T00:00:00Z", "references": { "cvename": [ "CVE-2025-26623" ] }, "vid": "6ae77556-f31d-11ef-a695-4ccc6adda413" }, "details": "Kevin Backhouse reports:\n\n> A heap buffer overflow was found in Exiv2 versions v0.28.0 to v0.28.4.\n> Versions prior to v0.28.0, such as v0.27.7, are not affected. Exiv2 is\n> a command-line utility and C++ library for reading, writing, deleting,\n> and modifying the metadata of image files. The heap overflow is\n> triggered when Exiv2 is used to write metadata into a crafted image\n> file. An attacker could potentially exploit the vulnerability to gain\n> code execution, if they can trick the victim into running Exiv2 on a\n> crafted image file.\n>\n> Note that this bug is only triggered when writing the metadata, which\n> is a less frequently used Exiv2 operation than reading the metadata.\n> For example, to trigger the bug in the Exiv2 command-line application,\n> you need to add an extra command-line argument such as fixiso.\n", "id": "FreeBSD-2025-0053", "modified": "2025-02-25T00:00:00Z", "published": "2025-02-25T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://github.com/Exiv2/exiv2/security/advisories/GHSA-38h4-fx85-qcx7" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2025-26623" }, { "type": "WEB", "url": "https://github.com/Exiv2/exiv2/security/advisories/GHSA-38h4-fx85-qcx7" } ], "schema_version": "1.7.0", "summary": "exiv2 -- Use after free in TiffSubIfd" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "emacs" }, "ranges": [ { "events": [ { "fixed": "30.1,3" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "emacs-canna" }, "ranges": [ { "events": [ { "fixed": "30.1,3" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "emacs-nox" }, "ranges": [ { "events": [ { "fixed": "30.1,3" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "emacs-wayland" }, "ranges": [ { "events": [ { "fixed": "30.1,3" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "emacs-devel" }, "ranges": [ { "events": [ { "fixed": "30.0.50.20240115,3" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "emacs-devel-nox" }, "ranges": [ { "events": [ { "fixed": "30.0.50.20240115,3" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "discovery": "2025-02-11T00:00:00Z", "references": { "cvename": [ "CVE-2025-1244" ] }, "vid": "e60e538f-e795-4a00-b475-cc85a7546e00" }, "details": "# Problem Description\n\nA shell injection vulnerability exists in GNU Emacs due to improper\nhandling of custom man URI schemes.\n\n# Impact\n\nInitially considered low severity, as it required user interaction with\nlocal files, it was later discovered that an attacker could exploit this\nvulnerability by tricking a user into visiting a specially crafted\nwebsite or an HTTP URL with a redirect, leading to arbitrary shell\ncommand execution without further user action.\n", "id": "FreeBSD-2025-0052", "modified": "2025-02-25T00:00:00Z", "published": "2025-02-24T00:00:00Z", "references": [ { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2025-1244" }, { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-1244" } ], "schema_version": "1.7.0", "summary": "Emacs -- Arbitrary code execution vulnerability" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "emacs" }, "ranges": [ { "events": [ { "fixed": "30.1,3" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "emacs-canna" }, "ranges": [ { "events": [ { "fixed": "30.1,3" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "emacs-nox" }, "ranges": [ { "events": [ { "fixed": "30.1,3" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "emacs-wayland" }, "ranges": [ { "events": [ { "fixed": "30.1,3" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "emacs-devel" }, "ranges": [ { "events": [ { "fixed": "31.0.50.20250101,3" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "emacs-devel-nox" }, "ranges": [ { "events": [ { "fixed": "31.0.50.20250101,3" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "discovery": "2024-11-27T00:00:00Z", "references": { "cvename": [ "CVE-2024-53920" ] }, "vid": "7ba6c085-1590-491a-98ce-5452646b196f" }, "details": "# Problem Description:\n\nAn Emacs user who chooses to invoke elisp-completion-at-point (for code\ncompletion) on untrusted Emacs Lisp source code can trigger unsafe Lisp\nmacro expansion that allows attackers to execute arbitrary code. This\nunsafe expansion also occurs if a user chooses to enable on-the-fly\ndiagnosis that byte compiles untrusted Emacs Lisp source code.\n", "id": "FreeBSD-2025-0051", "modified": "2025-02-24T00:00:00Z", "published": "2025-02-24T00:00:00Z", "references": [ { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-53920" }, { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-53920" } ], "schema_version": "1.7.0", "summary": "Emacs -- Shell injection vulnerability" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "exim" }, "ranges": [ { "events": [ { "fixed": "4.98.1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://bugzilla.suse.com/show_bug.cgi?id=1237424" ], "discovery": "2025-02-21T00:00:00Z", "references": { "cvename": [ "CVE-2025-26794" ] }, "vid": "07c34df5-f299-11ef-a441-b42e991fc52e" }, "details": "cve@mitre.org reports:\n\n> Exim 4.98 before 4.98.1, when SQLite hints and ETRN serialization are\n> used, allows remote SQL injection.\n", "id": "FreeBSD-2025-0050", "modified": "2025-02-24T00:00:00Z", "published": "2025-02-24T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://bugzilla.suse.com/show_bug.cgi?id=1237424" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2025-26794" }, { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-26794" } ], "schema_version": "1.7.0", "summary": "exim -- SQL injection" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "FreeBSD" }, "ranges": [ { "events": [ { "introduced": "14.2" }, { "fixed": "14.2_2" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "14.1" }, { "fixed": "14.1_8" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "13.4" }, { "fixed": "13.4_4" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "openssh-portable" }, "ranges": [ { "events": [ { "fixed": "9.9.p2_1,1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "openssh-portable-hpn" }, "ranges": [ { "events": [ { "fixed": "9.9.p2_1,1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "openssh-portable-gssapi" }, "ranges": [ { "events": [ { "fixed": "9.9.p2_1,1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "discovery": "2025-02-21T00:00:00Z", "references": { "cvename": [ "CVE-2025-26465", "CVE-2025-26466" ], "freebsdsa": [ "SA-25:05.openssh" ] }, "vid": "a8f1ee74-f267-11ef-87ba-002590c1f29c" }, "details": "# Problem Description:\n\nOpenSSH client host verification error (CVE-2025-26465)\n\nssh(1) contains a logic error that allows an on-path attacker to\nimpersonate any server during certain conditions when the\nVerifyHostKeyDNS option is enabled.\n\nOpenSSH server denial of service (CVE-2025-26466)\n\nThe OpenSSH client and server are both vulnerable to a memory/CPU denial\nof service while handling SSH2_MSG_PING packets.\n\n# Impact:\n\nOpenSSH client host verification error (CVE-2025-26465)\n\nUnder specific circumstances, a machine-in-the-middle may impersonate\nany server when the client has the VerifyHostKeyDNS option enabled.\n\nOpenSSH server denial of service (CVE-2025-26466)\n\nDuring the processing of SSH2_MSG_PING packets, a server may be subject\nto a memory/CPU denial of service.\n", "id": "FreeBSD-2025-0049", "modified": "2025-03-08T00:00:00Z", "published": "2025-02-24T00:00:00Z", "references": [ { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2025-26465" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2025-26466" }, { "type": "ADVISORY", "url": "https://www.freebsd.org/security/advisories/FreeBSD-SA-25:05.openssh.asc" }, { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-26465" }, { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-26466" } ], "schema_version": "1.7.0", "summary": "FreeBSD -- Multiple vulnerabilities in OpenSSH" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "chromium" }, "ranges": [ { "events": [ { "fixed": "133.0.6943.126" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "ungoogled-chromium" }, "ranges": [ { "events": [ { "fixed": "133.0.6943.126" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://chromereleases.googleblog.com/2025/02/stable-channel-update-for-desktop_18.html" ], "discovery": "2025-02-18T00:00:00Z", "references": { "cvename": [ "CVE-2025-0999", "CVE-2025-1426", "CVE-2025-1006" ] }, "vid": "2a3be628-ef6e-11ef-85f3-a8a1599412c6" }, "details": "Chrome Releases reports:\n\n> This update includes 3 security fixes:\n>\n> - \\[394350433\\] High CVE-2025-0999: Heap buffer overflow in V8.\n> Reported by Seunghyun Lee (@0x10n) on 2025-02-04\n> - \\[383465163\\] High CVE-2025-1426: Heap buffer overflow in GPU.\n> Reported by un3xploitable and GF on 2024-12-11\n> - \\[390590778\\] Medium CVE-2025-1006: Use after free in Network.\n> Reported by Tal Keren, Sam Agranat, Eran Rom, Edouard Bochin, Adam\n> Hatsir of Palo Alto Networks on 2025-01-18\n", "id": "FreeBSD-2025-0048", "modified": "2025-02-20T00:00:00Z", "published": "2025-02-20T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://chromereleases.googleblog.com/2025/02/stable-channel-update-for-desktop_18.html" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2025-0999" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2025-1426" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2025-1006" }, { "type": "WEB", "url": "https://chromereleases.googleblog.com/2025/02/stable-channel-update-for-desktop_18.html" } ], "schema_version": "1.7.0", "summary": "chromium -- multiple security fixes" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "chromium" }, "ranges": [ { "events": [ { "fixed": "133.0.6943.98" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "ungoogled-chromium" }, "ranges": [ { "events": [ { "fixed": "133.0.6943.98" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://chromereleases.googleblog.com/2025/02/stable-channel-update-for-desktop_12.html" ], "discovery": "2025-02-12T00:00:00Z", "references": { "cvename": [ "CVE-2025-0995", "CVE-2025-0996", "CVE-2025-0997", "CVE-2025-0998" ] }, "vid": "f572b9d1-ef6d-11ef-85f3-a8a1599412c6" }, "details": "Chrome Releases reports:\n\n> This update includes 4 security fixes:\n>\n> - \\[391907159\\] High CVE-2025-0995: Use after free in V8. Reported by\n> Popax21 on 2025-01-24\n> - \\[391788835\\] High CVE-2025-0996: Inappropriate implementation in\n> Browser UI. Reported by yuki yamaoto on 2025-01-23\n> - \\[391666328\\] High CVE-2025-0997: Use after free in Navigation.\n> Reported by asnine on 2025-01-23\n> - \\[386857213\\] High CVE-2025-0998: Out of bounds memory access in V8.\n> Reported by Alan Goodman on 2024-12-31\n", "id": "FreeBSD-2025-0047", "modified": "2025-02-20T00:00:00Z", "published": "2025-02-20T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://chromereleases.googleblog.com/2025/02/stable-channel-update-for-desktop_12.html" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2025-0995" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2025-0996" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2025-0997" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2025-0998" }, { "type": "WEB", "url": "https://chromereleases.googleblog.com/2025/02/stable-channel-update-for-desktop_12.html" } ], "schema_version": "1.7.0", "summary": "chromium -- multiple security fixes" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "chromium" }, "ranges": [ { "events": [ { "fixed": "133.0.6943.53" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "ungoogled-chromium" }, "ranges": [ { "events": [ { "fixed": "133.0.6943.53" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://chromereleases.googleblog.com/2025/02/stable-channel-update-for-desktop.html" ], "discovery": "2025-02-04T00:00:00Z", "references": { "cvename": [ "CVE-2025-0444", "CVE-2025-0445", "CVE-2025-0451" ] }, "vid": "b09d0b3b-ef6d-11ef-85f3-a8a1599412c6" }, "details": "Chrome Releases reports:\n\n> This update includes 12 security fixes:\n>\n> - \\[390889644\\] High CVE-2025-0444: Use after free in Skia. Reported\n> by Francisco Alonso (@revskills) on 2025-01-19\n> - \\[392521083\\] High CVE-2025-0445: Use after free in V8. Reported by\n> 303f06e3 on 2025-01-27\n> - \\[40061026\\] Medium CVE-2025-0451: Inappropriate implementation in\n> Extensions API. Reported by Vitor Torres and Alesandro Ortiz on\n> 2022-09-18\n", "id": "FreeBSD-2025-0046", "modified": "2025-02-20T00:00:00Z", "published": "2025-02-20T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://chromereleases.googleblog.com/2025/02/stable-channel-update-for-desktop.html" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2025-0444" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2025-0445" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2025-0451" }, { "type": "WEB", "url": "https://chromereleases.googleblog.com/2025/02/stable-channel-update-for-desktop.html" } ], "schema_version": "1.7.0", "summary": "chromium -- multiple security fixes" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "vscode" }, "ranges": [ { "events": [ { "fixed": "1.97.1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://github.com/microsoft/vscode/releases/tag/1.97.1" ], "discovery": "2025-02-11T00:00:00Z", "references": { "cvename": [ "CVE-2025-24042", "CVE-2025-24039" ] }, "vid": "cbf5d976-656b-4bb6-805f-3af038e2de3e" }, "details": "VSCode developers report:\n\n> The update addresses these issues, including a fix for a security\n> vulnerability.\n>\n> - Scope node_module binary resolution in js-debug\n> - Elevation of Privilege Vulnerability with VS Code server for web UI\n", "id": "FreeBSD-2025-0045", "modified": "2025-02-13T00:00:00Z", "published": "2025-02-13T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://github.com/microsoft/vscode/releases/tag/1.97.1" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2025-24042" }, { "type": "WEB", "url": "https://github.com/microsoft/vscode/security/advisories/GHSA-f85p-3684-2g3j" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2025-24039" }, { "type": "WEB", "url": "https://github.com/microsoft/vscode/security/advisories/GHSA-532g-4pv9-25f2" } ], "schema_version": "1.7.0", "summary": "vscode -- multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "openvpn-auth-ldap" }, "ranges": [ { "events": [ { "fixed": "2.0.4_3" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://nvd.nist.gov/vuln/detail/CVE-2024-28820" ], "discovery": "2024-06-27T00:00:00Z", "references": { "cvename": [ "CVE-2024-28820" ] }, "vid": "e915b60e-ea25-11ef-a1c0-0050569f0b83" }, "details": "Graham Northup reports:\n\n> A buffer overflow in extract_openvpn_cr allows attackers with a valid\n> LDAP username and who can control the challenge/response password\n> field to pass a string with more than 14 colons into this field and\n> cause a buffer overflow.\n", "id": "FreeBSD-2025-0044", "modified": "2025-02-13T00:00:00Z", "published": "2025-02-13T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-28820" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-28820" }, { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-28820" } ], "schema_version": "1.7.0", "summary": "security/openvpn-auth-ldap -- Fix buffer overflow in challenge/response" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "postgresql17-client" }, "ranges": [ { "events": [ { "fixed": "17.3" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "postgresql16-client" }, "ranges": [ { "events": [ { "fixed": "16.7" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "postgresql15-client" }, "ranges": [ { "events": [ { "fixed": "15.11" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "postgresql14-client" }, "ranges": [ { "events": [ { "fixed": "14.16" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "postgresql13-client" }, "ranges": [ { "events": [ { "fixed": "13.19" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://www.postgresql.org/support/security/CVE-2025-1094/" ], "discovery": "2025-02-13T00:00:00Z", "references": { "cvename": [ "CVE-2025-1094" ] }, "vid": "fadf3b41-ea19-11ef-a540-6cc21735f730" }, "details": "The PostgreSQL Project reports:\n\n> Improper neutralization of quoting syntax in PostgreSQL libpq\n> functions PQescapeLiteral(), PQescapeIdentifier(), PQescapeString(),\n> and PQescapeStringConn() allows a database input provider to achieve\n> SQL injection in certain usage patterns. Specifically, SQL injection\n> requires the application to use the function result to construct input\n> to psql, the PostgreSQL interactive terminal. Similarly, improper\n> neutralization of quoting syntax in PostgreSQL command line utility\n> programs allows a source of command line arguments to achieve SQL\n> injection when client_encoding is BIG5 and server_encoding is one of\n> EUC_TW or MULE_INTERNAL. Versions before PostgreSQL 17.3, 16.7, 15.11,\n> 14.16, and 13.19 are affected.\n", "id": "FreeBSD-2025-0043", "modified": "2025-02-13T00:00:00Z", "published": "2025-02-13T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://www.postgresql.org/support/security/CVE-2025-1094/" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2025-1094" }, { "type": "WEB", "url": "https://www.postgresql.org/support/security/CVE-2025-1094/" } ], "schema_version": "1.7.0", "summary": "PostgreSQL -- PostgreSQL quoting APIs miss neutralizing quoting syntax in text that fails encoding validation" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "gitlab-ce" }, "ranges": [ { "events": [ { "introduced": "17.8.0" }, { "fixed": "17.8.2" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "17.7.0" }, { "fixed": "17.7.4" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "8.3.0" }, { "fixed": "17.6.5" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "gitlab-ee" }, "ranges": [ { "events": [ { "introduced": "17.8.0" }, { "fixed": "17.8.2" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "17.7.0" }, { "fixed": "17.7.4" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "8.3.0" }, { "fixed": "17.6.5" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://about.gitlab.com/releases/2025/02/12/patch-release-gitlab-17-8-2-released/" ], "discovery": "2025-02-12T00:00:00Z", "references": { "cvename": [ "CVE-2025-0376", "CVE-2024-12379", "CVE-2024-3303", "CVE-2025-1042", "CVE-2025-1212", "CVE-2024-9870", "CVE-2025-0516", "CVE-2025-1198" ] }, "vid": "1a8c5720-e9cf-11ef-9e96-2cf05da270f3" }, "details": "Gitlab reports:\n\n> A CSP-bypass XSS in merge-request page\n>\n> Denial of Service due to Unbounded Symbol Creation\n>\n> Exfiltrate content from private issues using Prompt Injection\n>\n> A custom permission may allow overriding Repository settings\n>\n> Internal HTTP header leak via route confusion in workhorse\n>\n> SSRF via workspaces\n>\n> Unauthorized Incident Closure and Deletion by Planner Role in GitLab\n>\n> ActionCable does not invalidate tokens after revocation\n", "id": "FreeBSD-2025-0042", "modified": "2025-02-13T00:00:00Z", "published": "2025-02-13T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://about.gitlab.com/releases/2025/02/12/patch-release-gitlab-17-8-2-released/" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2025-0376" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-12379" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-3303" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2025-1042" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2025-1212" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-9870" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2025-0516" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2025-1198" }, { "type": "WEB", "url": "https://about.gitlab.com/releases/2025/02/12/patch-release-gitlab-17-8-2-released/" } ], "schema_version": "1.7.0", "summary": "Gitlab -- Vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "cpu-microcode-intel" }, "ranges": [ { "events": [ { "fixed": "20250211" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01166.html", "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01213.html", "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01139.html", "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01228.html", "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01194.html" ], "discovery": "2025-02-11T00:00:00Z", "references": { "cvename": [ "CVE-2024-31068", "CVE-2024-36293", "CVE-2023-43758", "CVE-2024-39355", "CVE-2024-37020" ] }, "vid": "d598266d-7772-4a31-9594-83b76b1fb837" }, "details": "Intel reports:\n\n> A potential security vulnerability in some Intel Processors may allow\n> denial of service. Intel released microcode updates to mitigate this\n> potential vulnerability.\n\n> A potential security vulnerability in some Intel Software Guard\n> Extensions (Intel SGX) Platforms may allow denial of service. Intel is\n> released microcode updates to mitigate this potential vulnerability.\n\n> Potential security vulnerabilities in the UEFI firmware for some Intel\n> Processors may allow escalation of privilege, denial of service, or\n> information disclosure. Intel released UEFI firmware and CPU microcode\n> updates to mitigate these potential vulnerabilities.\n\n> A potential security vulnerability in some 13th and 14th Generation\n> Intel Core\u2122 Processors may allow denial of service. Intel released\n> microcode and UEFI reference code updates to mitigate this potential\n> vulnerability.\n\n> A potential security vulnerability in the Intel Data Streaming\n> Accelerator (Intel DSA) for some Intel Xeon Processors may allow\n> denial of service. Intel released software updates to mitigate this\n> potential vulnerability.\n", "id": "FreeBSD-2025-0041", "modified": "2025-02-12T00:00:00Z", "published": "2025-02-12T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01166.html" }, { "type": "REPORT", "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01213.html" }, { "type": "REPORT", "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01139.html" }, { "type": "REPORT", "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01228.html" }, { "type": "REPORT", "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01194.html" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-31068" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-36293" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-43758" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-39355" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-37020" }, { "type": "WEB", "url": "https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/releases/tag/microcode-20250211" } ], "schema_version": "1.7.0", "summary": "Intel CPUs -- multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "openssl32" }, "ranges": [ { "events": [ { "fixed": "3.2.4" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "openssl33" }, "ranges": [ { "events": [ { "fixed": "3.3.2" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "openssl34" }, "ranges": [ { "events": [ { "fixed": "3.4.1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://openssl-library.org/news/secadv/20250211.txt" ], "discovery": "2025-02-11T00:00:00Z", "references": { "cvename": [ "CVE-2024-12797" ] }, "vid": "a64761a1-e895-11ef-873e-8447094a420f" }, "details": "The OpenSSL project reports:\n\n> RFC7250 handshakes with unauthenticated servers don\\'t abort as\n> expected (High). Clients using RFC7250 Raw Public Keys (RPKs) to\n> authenticate a server may fail to notice that the server was not\n> authenticated, because handshakes don\\'t abort as expected when the\n> SSL_VERIFY_PEER verification mode is set.\n", "id": "FreeBSD-2025-0040", "modified": "2025-02-11T00:00:00Z", "published": "2025-02-11T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://openssl-library.org/news/secadv/20250211.txt" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-12797" }, { "type": "WEB", "url": "https://openssl-library.org/news/secadv/20250211.txt" } ], "schema_version": "1.7.0", "summary": "OpenSSL -- Man-in-the-Middle vulnerability" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "firefox" }, "ranges": [ { "events": [ { "fixed": "135.0.0,2" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "firefox-esr" }, "ranges": [ { "events": [ { "fixed": "128.7,1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "thunderbird" }, "ranges": [ { "events": [ { "fixed": "128.7" }, { "introduced": "0" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "129,1" }, { "fixed": "135" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://bugzilla.mozilla.org/buglist.cgi?bug_id=1926256%2C1935984%2C1935471" ], "discovery": "2025-02-04T00:00:00Z", "references": { "cvename": [ "CVE-2025-1011", "CVE-2025-1013", "CVE-2025-1014", "CVE-2025-1017" ] }, "vid": "20485d27-e540-11ef-a845-b42e991fc52e" }, "details": "security@mozilla.org reports:\n\n> A bug in WebAssembly code generation could have lead to a crash. It\n> may have been possible for an attacker to leverage this to achieve\n> code execution.\n>\n> A race condition could have led to private browsing tabs being opened\n> in normal browsing windows. This could have resulted in a potential\n> privacy leak.\n>\n> Certificate length was not properly checked when added to a\n> certificate store. In practice only trusted data was processed.\n>\n> Memory safety bugs present in Firefox 134, Thunderbird 134, Firefox\n> ESR 128.6, and Thunderbird 128.6. Some of these bugs showed evidence\n> of memory corruption and we presume that with enough effort some of\n> these could have been exploited to run arbitrary code.\n", "id": "FreeBSD-2025-0039", "modified": "2025-02-07T00:00:00Z", "published": "2025-02-07T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://bugzilla.mozilla.org/buglist.cgi?bug_id=1926256%2C1935984%2C1935471" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2025-1011" }, { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-1011" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2025-1013" }, { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-1013" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2025-1014" }, { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-1014" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2025-1017" }, { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-1017" } ], "schema_version": "1.7.0", "summary": "mozilla -- multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "mozilla" }, "ranges": [ { "events": [ { "fixed": "135.0.0,2" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://bugzilla.mozilla.org/buglist.cgi?bug_id=1939063%2C1942169" ], "discovery": "2025-02-04T00:00:00Z", "references": { "cvename": [ "CVE-2025-1018", "CVE-2025-1019", "CVE-2025-1020" ] }, "vid": "f7ca4ff7-e53f-11ef-a845-b42e991fc52e" }, "details": "security@mozilla.org reports:\n\n> Memory safety bugs present in Firefox 134 and Thunderbird 134. Some of\n> these bugs showed evidence of memory corruption and we presume that\n> with enough effort some of these could have been exploited to run\n> arbitrary code.\n>\n> The fullscreen notification is prematurely hidden when fullscreen is\n> re-requested quickly by the user. This could have been leveraged to\n> perform a potential spoofing attack.\n", "id": "FreeBSD-2025-0038", "modified": "2025-02-07T00:00:00Z", "published": "2025-02-07T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://bugzilla.mozilla.org/buglist.cgi?bug_id=1939063%2C1942169" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2025-1018" }, { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-1018" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2025-1019" }, { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-1019" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2025-1020" }, { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-1020" } ], "schema_version": "1.7.0", "summary": "mozilla -- multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "firefox" }, "ranges": [ { "events": [ { "fixed": "135.0.0,2" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "firefox-esr" }, "ranges": [ { "events": [ { "fixed": "115.20,1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "116.0,1,1" }, { "fixed": "128.6,1" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "thunderbird" }, "ranges": [ { "events": [ { "fixed": "128.7" }, { "introduced": "0" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "129,1" }, { "fixed": "135" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://bugzilla.mozilla.org/buglist.cgi?bug_id=1936601%2C1936844%2C1937694%2C1938469%2C1939583%2C1940994" ], "discovery": "2025-02-04T00:00:00Z", "references": { "cvename": [ "CVE-2025-1009", "CVE-2025-1010", "CVE-2025-1012", "CVE-2025-1016" ] }, "vid": "e54a1413-e539-11ef-a845-b42e991fc52e" }, "details": "security@mozilla.org reports:\n\n> An attacker could have caused a use-after-free via crafted XSLT data,\n> leading to a potentially exploitable crash.\n>\n> An attacker could have caused a use-after-free via the Custom\n> Highlight API, leading to a potentially exploitable crash.\n>\n> A race during concurrent delazification could have led to a\n> use-after-free.\n>\n> Memory safety bugs present in Firefox 134, Thunderbird 134, Firefox\n> ESR 115.19, Firefox ESR 128.6, Thunderbird 115.19, and Thunderbird\n> 128.6. Some of these bugs showed evidence of memory corruption and we\n> presume that with enough effort some of these could have been\n> exploited to run arbitrary code.\n", "id": "FreeBSD-2025-0037", "modified": "2025-02-07T00:00:00Z", "published": "2025-02-07T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://bugzilla.mozilla.org/buglist.cgi?bug_id=1936601%2C1936844%2C1937694%2C1938469%2C1939583%2C1940994" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2025-1009" }, { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-1009" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2025-1010" }, { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-1010" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2025-1012" }, { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-1012" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2025-1016" }, { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-1016" } ], "schema_version": "1.7.0", "summary": "mozilla -- multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "mozilla" }, "ranges": [ { "events": [ { "fixed": "128.7,1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://bugzilla.mozilla.org/show_bug.cgi?id=1939458" ], "discovery": "2025-02-04T00:00:00Z", "references": { "cvename": [ "CVE-2025-1015" ] }, "vid": "830381c7-e539-11ef-a845-b42e991fc52e" }, "details": "security@mozilla.org reports:\n\n> The Thunderbird Address Book URI fields contained unsanitized links.\n> This could be used by an attacker to create and export an address book\n> containing a malicious payload in a field. For example, in the Other\n> field of the Instant Messaging section. If another user imported the\n> address book, clicking on the link could result in opening a web page\n> inside Thunderbird, and that page could execute (unprivileged)\n> JavaScript.\n", "id": "FreeBSD-2025-0036", "modified": "2025-02-07T00:00:00Z", "published": "2025-02-07T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1939458" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2025-1015" }, { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-1015" } ], "schema_version": "1.7.0", "summary": "Thundirbird -- unprivileged JavaScript code execution" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "mariadb105-server" }, "ranges": [ { "events": [ { "fixed": "10.5.28" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "mariadb106-server" }, "ranges": [ { "events": [ { "fixed": "10.6.21" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "mariadb1011-server" }, "ranges": [ { "events": [ { "fixed": "10.11.11" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "mariadb114-server" }, "ranges": [ { "events": [ { "fixed": "11.4.5" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://mariadb.com/kb/en/security/" ], "discovery": "2025-02-04T00:00:00Z", "references": { "cvename": [ "CVE-2025-21490" ] }, "vid": "7bcfca95-e563-11ef-873e-8447094a420f" }, "details": "MariaDB reports:\n\n> Easily exploitable vulnerability allows high privileged attacker with\n> network access via multiple protocols to compromise MySQL Server.\n> Successful attacks of this vulnerability can result in unauthorized\n> ability to cause a hang or frequently repeatable crash (complete DOS)\n> of MySQL Server.\n", "id": "FreeBSD-2025-0035", "modified": "2025-02-07T00:00:00Z", "published": "2025-02-07T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://mariadb.com/kb/en/security/" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2025-21490" }, { "type": "WEB", "url": "http://mariadb.com/kb/en/security/" } ], "schema_version": "1.7.0", "summary": "MariaDB -- DoS vulnerability in InnoDB" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "libcaca" }, "ranges": [ { "events": [ { "fixed": "0.99.b20" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://github.com/cacalabs/libcaca/releases/tag/v0.99.beta20" ], "discovery": "2021-10-19T00:00:00Z", "references": { "cvename": [ "CVE-2018-20545", "CVE-2018-20546", "CVE-2018-20547", "CVE-2018-20548", "CVE-2018-20549", "CVE-2021-3410", "CVE-2021-30498", "CVE-2021-30499" ] }, "vid": "c10b639c-e51c-11ef-9e76-4ccc6adda413" }, "details": "Sam Hocevar reports:\n\n> Multiple memory leaks and invalid memory accesses:\n>\n> - CVE-2018-20545: Illegal WRITE memory access at common-image.c\n> - CVE-2018-20546: Illegal READ memory access at caca/dither.c\n> - CVE-2018-20547: Illegal READ memory access at caca/dither.c\n> - CVE-2018-20548: Illegal WRITE memory access at common-image.c\n> - CVE-2018-20549: Illegal WRITE memory access at caca/file.c\n> - CVE-2021-3410: Buffer overflow in libcaca/caca/canvas.c in function\n> caca_resize\n> - CVE-2021-30498: Heap buffer overflow in export.c in function\n> export_tga\n> - CVE-2021-30499: Buffer overflow in export.c in function export_troff\n", "id": "FreeBSD-2025-0034", "modified": "2025-02-07T00:00:00Z", "published": "2025-02-07T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://github.com/cacalabs/libcaca/releases/tag/v0.99.beta20" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-20545" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-20546" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-20547" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-20548" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-20549" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-3410" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-30498" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-30499" }, { "type": "WEB", "url": "https://github.com/cacalabs/libcaca/releases/tag/v0.99.beta20" } ], "schema_version": "1.7.0", "summary": "libcaca -- Multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "cacti" }, "ranges": [ { "events": [ { "fixed": "1.2.29" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://github.com/Cacti/cacti/releases/tag/release%2F1.2.29" ], "discovery": "2025-02-02T00:00:00Z", "references": { "cvename": [ "CVE-2025-22604", "CVE-2025-24368", "CVE-2024-54145", "CVE-2025-24367", "CVE-2024-45598", "CVE-2024-54146" ] }, "vid": "e7974ca5-e4c8-11ef-aab3-40b034429ecf" }, "details": "Cacti repo reports:\n\n> - security #GHSA-c5j8-jxj3-hh36: Authenticated RCE via multi-line SNMP\n> responses\n> - security #GHSA-f9c7-7rc3-574c: SQL Injection vulnerability when\n> using tree rules through Automation API\n> - security #GHSA-fh3x-69rr-qqpp: SQL Injection vulnerability when\n> request automation devices\n> - security #GHSA-fxrq-fr7h-9rqq: Arbitrary File Creation leading to\n> RCE\n> - security #GHSA-pv2c-97pp-vxwg: Local File Inclusion (LFI)\n> Vulnerability via Poller Standard Error Log Path\n> - security #GHSA-vj9g-p7f2-4wqj: SQL Injection vulnerability when view\n> host template\n", "id": "FreeBSD-2025-0033", "modified": "2025-02-05T00:00:00Z", "published": "2025-02-05T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://github.com/Cacti/cacti/releases/tag/release%2F1.2.29" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2025-22604" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2025-24368" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-54145" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2025-24367" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-45598" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-54146" } ], "schema_version": "1.7.0", "summary": "cacti -- Multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "nginx-devel" }, "ranges": [ { "events": [ { "fixed": "1.27.4" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "nginx" }, "ranges": [ { "events": [ { "fixed": "1.26.3" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "http://nginx.org/en/security_advisories.html" ], "discovery": "2025-02-05T00:00:00Z", "references": { "cvename": [ "CVE-2025-23419" ] }, "vid": "9761af78-e3e4-11ef-9f4a-589cfc10a551" }, "details": "The nginx development team reports:\n\n> This update fixes the SSL session reuse vulnerability.\n", "id": "FreeBSD-2025-0032", "modified": "2025-02-05T00:00:00Z", "published": "2025-02-05T00:00:00Z", "references": [ { "type": "REPORT", "url": "http://nginx.org/en/security_advisories.html" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2025-23419" } ], "schema_version": "1.7.0", "summary": "nginx-devel -- SSL session reuse vulnerability" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "qt6-webengine" }, "ranges": [ { "events": [ { "fixed": "6.8.2" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://code.qt.io/cgit/qt/qtwebengine-chromium.git/log/?h=122-based" ], "discovery": "2025-01-09T00:00:00Z", "references": { "cvename": [ "CVE-2024-12693", "CVE-2024-12694", "CVE-2025-0436", "CVE-2025-0437", "CVE-2025-0438", "CVE-2025-0441", "CVE-2025-0443", "CVE-2025-0447", "CVE-2025-0611" ] }, "vid": "72b8729e-e134-11ef-9e76-4ccc6adda413" }, "details": "Qt qtwebengine-chromium repo reports:\n\n> Backports for 9 security bugs in Chromium:\n>\n> - CVE-2024-12693: Out of bounds memory access in V8\n> - CVE-2024-12694: Use after free in Compositing\n> - CVE-2025-0436: Integer overflow in Skia\n> - CVE-2025-0437: Out of bounds read in Metrics\n> - CVE-2025-0438: Stack buffer overflow in Tracing\n> - CVE-2025-0441: Inappropriate implementation in Fenced Frames\n> - CVE-2025-0443: Insufficient data validation in Extensions\n> - CVE-2025-0447: Inappropriate implementation in Navigation\n> - CVE-2025-0611: Object corruption in V8\n", "id": "FreeBSD-2025-0031", "modified": "2025-02-02T00:00:00Z", "published": "2025-02-02T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://code.qt.io/cgit/qt/qtwebengine-chromium.git/log/?h=122-based" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-12693" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-12694" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2025-0436" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2025-0437" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2025-0438" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2025-0441" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2025-0443" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2025-0447" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2025-0611" }, { "type": "WEB", "url": "https://code.qt.io/cgit/qt/qtwebengine-chromium.git/log/?h=122-based" } ], "schema_version": "1.7.0", "summary": "qt6-webengine -- Multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "chromium" }, "ranges": [ { "events": [ { "fixed": "132.0.6834.159" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "ungoogled-chromium" }, "ranges": [ { "events": [ { "fixed": "132.0.6834.159" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://chromereleases.googleblog.com/2025/01/stable-channel-update-for-desktop_28.html" ], "discovery": "2025-01-18T00:00:00Z", "references": { "cvename": [ "CVE-2025-0762" ] }, "vid": "186101b4-dfa6-11ef-8c1c-a8a1599412c6" }, "details": "Chrome Releases reports:\n\n> This update includes 2 security fixes:\n>\n> - \\[384844003\\] Medium CVE-2025-0762: Use after free in DevTools.\n> Reported by Sakana.S on 2024-12-18\n", "id": "FreeBSD-2025-0030", "modified": "2025-01-31T00:00:00Z", "published": "2025-01-31T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://chromereleases.googleblog.com/2025/01/stable-channel-update-for-desktop_28.html" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2025-0762" }, { "type": "WEB", "url": "https://chromereleases.googleblog.com/2025/01/stable-channel-update-for-desktop_28.html" } ], "schema_version": "1.7.0", "summary": "chromium -- multiple security fixes" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "dendrite" }, "ranges": [ { "events": [ { "fixed": "0.14.1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://github.com/matrix-org/gomatrixserverlib/security/advisories/GHSA-4ff6-858j-r822" ], "discovery": "2025-01-16T00:00:00Z", "references": { "cvename": [ "CVE-2024-52594" ] }, "vid": "cd2ace09-df23-11ef-a205-901b0e9408dc" }, "details": "Dendrite team reports:\n\n> This is a security release, gomatrixserverlib was vulnerable to\n> server-side request forgery, serving content from a private network it\n> can access, under certain conditions.\n", "id": "FreeBSD-2025-0029", "modified": "2025-01-30T00:00:00Z", "published": "2025-01-30T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://github.com/matrix-org/gomatrixserverlib/security/advisories/GHSA-4ff6-858j-r822" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-52594" }, { "type": "WEB", "url": "https://github.com/matrix-org/gomatrixserverlib/security/advisories/GHSA-4ff6-858j-r822" } ], "schema_version": "1.7.0", "summary": "dendrite -- Server-side request forgery vulnerability" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:kernel", "name": "FreeBSD-kernel" }, "ranges": [ { "events": [ { "introduced": "14.2" }, { "fixed": "14.2_1" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "discovery": "2025-01-29T00:00:00Z", "references": { "cvename": [ "CVE-2025-0662" ], "freebsdsa": [ "SA-25:04.ktrace" ] }, "vid": "2830b374-debd-11ef-87ba-002590c1f29c" }, "details": "# Problem Description:\n\nIn some cases, the ktrace facility will log the contents of kernel\nstructures to userspace. In one such case, ktrace dumps a variable-sized\nsockaddr to userspace. There, the full sockaddr is copied, even when it\nis shorter than the full size. This can result in up to 14 uninitialized\nbytes of kernel memory being copied out to userspace.\n\n# Impact:\n\nIt is possible for an unprivileged userspace program to leak 14 bytes of\na kernel heap allocation to userspace.\n", "id": "FreeBSD-2025-0028", "modified": "2025-01-30T00:00:00Z", "published": "2025-01-30T00:00:00Z", "references": [ { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2025-0662" }, { "type": "ADVISORY", "url": "https://www.freebsd.org/security/advisories/FreeBSD-SA-25:04.ktrace.asc" } ], "schema_version": "1.7.0", "summary": "FreeBSD -- Uninitialized kernel memory disclosure via ktrace(2)" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "FreeBSD" }, "ranges": [ { "events": [ { "introduced": "14.2" }, { "fixed": "14.2_1" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "14.1" }, { "fixed": "14.1_7" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "13.4" }, { "fixed": "13.4_3" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "discovery": "2025-01-29T00:00:00Z", "references": { "cvename": [ "CVE-2025-0374" ], "freebsdsa": [ "SA-25:03.etcupdate" ] }, "vid": "fa9ae646-debc-11ef-87ba-002590c1f29c" }, "details": "# Problem Description:\n\nWhen etcupdate encounters conflicts while merging files, it saves a\nversion containing conflict markers in /var/db/etcupdate/conflicts. This\nversion does not preserve the mode of the input file, and is\nworld-readable. This applies to files that would normally have\nrestricted visibility, such as /etc/master.passwd.\n\n# Impact:\n\nAn unprivileged local user may be able to read encrypted root and user\npasswords from the temporary master.passwd file created in\n/var/db/etcupdate/conflicts. This is possible only when conflicts within\nthe password file arise during an update, and the unprotected file is\ndeleted when conflicts are resolved.\n", "id": "FreeBSD-2025-0027", "modified": "2025-01-30T00:00:00Z", "published": "2025-01-30T00:00:00Z", "references": [ { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2025-0374" }, { "type": "ADVISORY", "url": "https://www.freebsd.org/security/advisories/FreeBSD-SA-25:03.etcupdate.asc" } ], "schema_version": "1.7.0", "summary": "FreeBSD -- Unprivileged access to system files" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:kernel", "name": "FreeBSD-kernel" }, "ranges": [ { "events": [ { "introduced": "14.2" }, { "fixed": "14.2_1" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "14.1" }, { "fixed": "14.1_7" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "13.4" }, { "fixed": "13.4_3" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "discovery": "2025-01-29T00:00:00Z", "references": { "cvename": [ "CVE-2025-0373" ], "freebsdsa": [ "SA-25:02.fs" ] }, "vid": "ab0cbe3f-debc-11ef-87ba-002590c1f29c" }, "details": "# Problem Description:\n\nIn order to export a file system via NFS, the file system must define a\nfile system identifier (FID) for all exported files. Each FreeBSD file\nsystem implements operations to translate between FIDs and vnodes, the\nkernel\\'s in-memory representation of files. These operations are\nVOP_VPTOFH(9) and VFS_FHTOVP(9).\n\nOn 64-bit systems, the implementation of VOP_VPTOFH() in the cd9660,\ntarfs and ext2fs filesystems overflows the destination FID buffer by 4\nbytes, a stack buffer overflow.\n\n# Impact:\n\nA NFS server that exports a cd9660, tarfs, or ext2fs file system can be\nmade to panic by mounting and accessing the export with an NFS client.\nFurther exploitation (e.g., bypassing file permission checking or remote\nkernel code execution) is potentially possible, though this has not been\ndemonstrated. In particular, release kernels are compiled with stack\nprotection enabled, and some instances of the overflow are caught by\nthis mechanism, causing a panic.\n", "id": "FreeBSD-2025-0026", "modified": "2025-01-30T00:00:00Z", "published": "2025-01-30T00:00:00Z", "references": [ { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2025-0373" }, { "type": "ADVISORY", "url": "https://www.freebsd.org/security/advisories/FreeBSD-SA-25:02.fs.asc" } ], "schema_version": "1.7.0", "summary": "FreeBSD -- Buffer overflow in some filesystems via NFS" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "FreeBSD" }, "ranges": [ { "events": [ { "introduced": "14.1" }, { "fixed": "14.1_7" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "discovery": "2025-01-29T00:00:00Z", "references": { "cvename": [ "CVE-2024-39894" ], "freebsdsa": [ "SA-25:01.openssh" ] }, "vid": "69e19c0b-debc-11ef-87ba-002590c1f29c" }, "details": "# Problem Description:\n\nA logic error in the ssh(1) ObscureKeystrokeTiming feature (on by\ndefault) rendered this feature ineffective.\n\n# Impact:\n\nA passive observer could detect which network packets contain real\nkeystrokes, and infer the specific characters being transmitted from\npacket timing.\n", "id": "FreeBSD-2025-0025", "modified": "2025-01-30T00:00:00Z", "published": "2025-01-30T00:00:00Z", "references": [ { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-39894" }, { "type": "ADVISORY", "url": "https://www.freebsd.org/security/advisories/FreeBSD-SA-25:01.openssh.asc" } ], "schema_version": "1.7.0", "summary": "FreeBSD -- OpenSSH Keystroke Obfuscation Bypass" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "oauth2-proxy" }, "ranges": [ { "events": [ { "fixed": "7.8.0" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://github.com/advisories/GHSA-w32m-9786-jp63" ], "discovery": "2025-01-14T00:00:00Z", "references": { "cvename": [ "CVE-2024-45338" ] }, "vid": "258a58a9-6583-4808-986b-e785c27b0a18" }, "details": "Golang reports:\n\n> This update include security fixes:\n>\n> - CVE-2024-45338: Non-linear parsing of case-insensitive content\n", "id": "FreeBSD-2025-0024", "modified": "2025-01-30T00:00:00Z", "published": "2025-01-30T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://github.com/advisories/GHSA-w32m-9786-jp63" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-45338" } ], "schema_version": "1.7.0", "summary": "oauth2-proxy -- Non-linear parsing of case-insensitive content" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "vaultwarden" }, "ranges": [ { "events": [ { "fixed": "1.33.0" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://github.com/dani-garcia/vaultwarden/releases/tag/1.33.0" ], "discovery": "2025-01-25T00:00:00Z", "references": { "cvename": [ "CVE-2025-24364", "CVE-2025-24365" ] }, "vid": "41711c0d-db27-11ef-873e-8447094a420f" }, "details": "The Vaultwarden project reports:\n\n> RCE in the admin panel.\n>\n> Getting access to the Admin Panel via CSRF.\n>\n> Escalation of privilege via variable confusion in OrgHeaders trait.\n", "id": "FreeBSD-2025-0023", "modified": "2025-01-25T00:00:00Z", "published": "2025-01-25T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://github.com/dani-garcia/vaultwarden/releases/tag/1.33.0" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2025-24364" }, { "type": "WEB", "url": "https://github.com/dani-garcia/vaultwarden/security/advisories/GHSA-j4h8-vch3-f797" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2025-24365" }, { "type": "WEB", "url": "https://github.com/dani-garcia/vaultwarden/security/advisories/GHSA-h6cc-rc6q-23j4" } ], "schema_version": "1.7.0", "summary": "Vaultwarden -- Multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "chromium" }, "ranges": [ { "events": [ { "fixed": "132.0.6834.110" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "ungoogled-chromium" }, "ranges": [ { "events": [ { "fixed": "132.0.6834.110" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://chromereleases.googleblog.com/2025/01/stable-channel-update-for-desktop_22.html" ], "discovery": "2025-01-22T00:00:00Z", "references": { "cvename": [ "CVE-2025-0611", "CVE-2025-0612" ] }, "vid": "c53cd328-8131-4fc2-a083-a9e9d45e3028" }, "details": "Chrome Releases reports:\n\n> This update includes 3 security fixes:\n>\n> - \\[386143468\\] High CVE-2025-0611: Object corruption in V8. Reported\n> by 303f06e3 on 2024-12-26\n> - \\[385155406\\] High CVE-2025-0612: Out of bounds memory access in V8.\n> Reported by Alan Goodman on 2024-12-20\n", "id": "FreeBSD-2025-0022", "modified": "2025-01-25T00:00:00Z", "published": "2025-01-25T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://chromereleases.googleblog.com/2025/01/stable-channel-update-for-desktop_22.html" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2025-0611" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2025-0612" }, { "type": "WEB", "url": "https://chromereleases.googleblog.com/2025/01/stable-channel-update-for-desktop_22.html" } ], "schema_version": "1.7.0", "summary": "chromium -- multiple security fixes" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "chromium" }, "ranges": [ { "events": [ { "fixed": "132.0.6834.83" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "ungoogled-chromium" }, "ranges": [ { "events": [ { "fixed": "132.0.6834.83" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://chromereleases.googleblog.com/2025/01/stable-channel-update-for-desktop_14.html" ], "discovery": "2025-01-14T00:00:00Z", "references": { "cvename": [ "CVE-2025-0434", "CVE-2025-0435", "CVE-2025-0436", "CVE-2025-0437", "CVE-2025-0438", "CVE-2025-0439", "CVE-2025-0440", "CVE-2025-0441", "CVE-2025-0442", "CVE-2025-0443", "CVE-2025-0446", "CVE-2025-0447", "CVE-2025-0448" ] }, "vid": "756839e1-cd78-4082-9f9e-d0da616ca8dd" }, "details": "Chrome Releases reports:\n\n> This update includes 16 security fixes:\n>\n> - \\[374627491\\] High CVE-2025-0434: Out of bounds memory access in V8.\n> Reported by ddme on 2024-10-21\n> - \\[379652406\\] High CVE-2025-0435: Inappropriate implementation in\n> Navigation. Reported by Alesandro Ortiz on 2024-11-18\n> - \\[382786791\\] High CVE-2025-0436: Integer overflow in Skia. Reported\n> by Han Zheng (HexHive) on 2024-12-08\n> - \\[378623799\\] High CVE-2025-0437: Out of bounds read in Metrics.\n> Reported by Xiantong Hou of Wuheng Lab and Pisanbao on 2024-11-12\n> - \\[384186539\\] High CVE-2025-0438: Stack buffer overflow in Tracing.\n> Reported by Han Zheng (HexHive) on 2024-12-15\n> - \\[371247941\\] Medium CVE-2025-0439: Race in Frames. Reported by\n> Hafiizh on 2024-10-03\n> - \\[40067914\\] Medium CVE-2025-0440: Inappropriate implementation in\n> Fullscreen. Reported by Umar Farooq on 2023-07-22\n> - \\[368628042\\] Medium CVE-2025-0441: Inappropriate implementation in\n> Fenced Frames. Reported by someoneverycurious on 2024-09-21\n> - \\[40940854\\] Medium CVE-2025-0442: Inappropriate implementation in\n> Payments. Reported by Ahmed ElMasry on 2023-11-08\n> - \\[376625003\\] Medium CVE-2025-0443: Insufficient data validation in\n> Extensions. Reported by Anonymous on 2024-10-31\n> - \\[359949844\\] Low CVE-2025-0446: Inappropriate implementation in\n> Extensions. Reported by Hafiizh on 2024-08-15\n> - \\[375550814\\] Low CVE-2025-0447: Inappropriate implementation in\n> Navigation. Reported by Khiem Tran (@duckhiem) on 2024-10-25\n> - \\[377948403\\] Low CVE-2025-0448: Inappropriate implementation in\n> Compositing. Reported by Dahyeon Park on 2024-11-08\n", "id": "FreeBSD-2025-0021", "modified": "2025-01-25T00:00:00Z", "published": "2025-01-25T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://chromereleases.googleblog.com/2025/01/stable-channel-update-for-desktop_14.html" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2025-0434" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2025-0435" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2025-0436" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2025-0437" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2025-0438" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2025-0439" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2025-0440" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2025-0441" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2025-0442" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2025-0443" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2025-0446" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2025-0447" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2025-0448" }, { "type": "WEB", "url": "https://chromereleases.googleblog.com/2025/01/stable-channel-update-for-desktop_14.html" } ], "schema_version": "1.7.0", "summary": "chromium -- multiple security fixes" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "electron32" }, "ranges": [ { "events": [ { "fixed": "32.3.0" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://github.com/electron/electron/releases/tag/v32.3.0" ], "discovery": "2025-01-23T00:00:00Z", "references": { "cvename": [ "CVE-2024-12693", "CVE-2024-12694", "CVE-2024-12695", "CVE-2025-0434", "CVE-2025-0436", "CVE-2025-0437" ] }, "vid": "ef303b6a-7d9e-4e28-b92e-21f39d519d9e" }, "details": "Electron developers report:\n\n> This update fixes the following vulnerabilities:\n>\n> - Security: backported fix for CVE-2024-12693.\n> - Security: backported fix for CVE-2024-12694.\n> - Security: backported fix for CVE-2024-12695.\n> - Security: backported fix for CVE-2025-0434.\n> - Security: backported fix for CVE-2025-0436.\n> - Security: backported fix for CVE-2025-0437.\n", "id": "FreeBSD-2025-0020", "modified": "2025-01-25T00:00:00Z", "published": "2025-01-25T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://github.com/electron/electron/releases/tag/v32.3.0" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-12693" }, { "type": "ADVISORY", "url": "https://github.com/advisories/GHSA-m84q-p89f-6cc5" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-12694" }, { "type": "ADVISORY", "url": "https://github.com/advisories/GHSA-cgc6-4xgf-5q5x" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-12695" }, { "type": "ADVISORY", "url": "https://github.com/advisories/GHSA-6895-2frg-pq5j" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2025-0434" }, { "type": "ADVISORY", "url": "https://github.com/advisories/GHSA-fpmx-pfpg-92xg" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2025-0436" }, { "type": "ADVISORY", "url": "https://github.com/advisories/GHSA-ww3g-8h77-wr7v" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2025-0437" }, { "type": "ADVISORY", "url": "https://github.com/advisories/GHSA-4353-vp82-4qq4" } ], "schema_version": "1.7.0", "summary": "electron32 -- multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "electron33" }, "ranges": [ { "events": [ { "fixed": "33.3.2" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://github.com/electron/electron/releases/tag/v33.3.2" ], "discovery": "2025-01-22T00:00:00Z", "references": { "cvename": [ "CVE-2025-0434", "CVE-2025-0436", "CVE-2025-0437" ] }, "vid": "2def27c7-7dd0-42cb-adf6-8e5a7afe4db3" }, "details": "Electron developers report:\n\n> This update fixes the following vulnerabilities:\n>\n> - Security: backported fix for CVE-2025-0434.\n> - Security: backported fix for CVE-2025-0436.\n> - Security: backported fix for CVE-2025-0437.\n", "id": "FreeBSD-2025-0019", "modified": "2025-01-23T00:00:00Z", "published": "2025-01-23T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://github.com/electron/electron/releases/tag/v33.3.2" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2025-0434" }, { "type": "ADVISORY", "url": "https://github.com/advisories/GHSA-fpmx-pfpg-92xg" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2025-0436" }, { "type": "ADVISORY", "url": "https://github.com/advisories/GHSA-ww3g-8h77-wr7v" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2025-0437" }, { "type": "ADVISORY", "url": "https://github.com/advisories/GHSA-4353-vp82-4qq4" } ], "schema_version": "1.7.0", "summary": "electron33 -- multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "gitlab-ce" }, "ranges": [ { "events": [ { "introduced": "17.8.0" }, { "fixed": "17.8.1" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "17.7.0" }, { "fixed": "17.7.3" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "15.7.0" }, { "fixed": "17.6.4" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "gitlab-ee" }, "ranges": [ { "events": [ { "introduced": "17.8.0" }, { "fixed": "17.8.1" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "17.7.0" }, { "fixed": "17.7.3" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "15.7.0" }, { "fixed": "17.6.4" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://about.gitlab.com/releases/2025/01/22/patch-release-gitlab-17-8-1-released/" ], "discovery": "2025-01-22T00:00:00Z", "references": { "cvename": [ "CVE-2025-0314", "CVE-2024-11931", "CVE-2024-6324" ] }, "vid": "24c93a28-d95b-11ef-b6b2-2cf05da270f3" }, "details": "Gitlab reports:\n\n> Stored XSS via Asciidoctor render\n>\n> Developer could exfiltrate protected CI/CD variables via CI lint\n>\n> Cyclic reference of epics leads resource exhaustion\n", "id": "FreeBSD-2025-0018", "modified": "2025-01-23T00:00:00Z", "published": "2025-01-23T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://about.gitlab.com/releases/2025/01/22/patch-release-gitlab-17-8-1-released/" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2025-0314" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-11931" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-6324" }, { "type": "WEB", "url": "https://about.gitlab.com/releases/2025/01/22/patch-release-gitlab-17-8-1-released/" } ], "schema_version": "1.7.0", "summary": "Gitlab -- Vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "clamav" }, "ranges": [ { "events": [ { "introduced": "1.0.0,1" }, { "fixed": "1.4.2,1" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "clamav-lts" }, "ranges": [ { "events": [ { "introduced": "1.0.0,1" }, { "fixed": "1.0.8,1" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://blog.clamav.net/2025/01/clamav-142-and-108-security-patch.html" ], "discovery": "2025-01-22T00:00:00Z", "references": { "cvename": [ "CVE-2025-20128" ] }, "vid": "1e109b60-d92e-11ef-a661-08002784c58d" }, "details": "The ClamAV project reports:\n\n> A possible buffer overflow read bug is found in the OLE2 file parser\n> that could cause a denial-of-service (DoS) condition.\n", "id": "FreeBSD-2025-0017", "modified": "2025-01-23T00:00:00Z", "published": "2025-01-23T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://blog.clamav.net/2025/01/clamav-142-and-108-security-patch.html" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2025-20128" }, { "type": "WEB", "url": "https://blog.clamav.net/2025/01/clamav-142-and-108-security-patch.html" } ], "schema_version": "1.7.0", "summary": "clamav -- Possbile denial-of-service vulnerability" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "electron32" }, "ranges": [ { "events": [ { "fixed": "32.2.8" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://github.com/electron/electron/releases/tag/v32.2.8" ], "discovery": "2025-01-06T00:00:00Z", "references": { "cvename": [ "CVE-2024-12053" ] }, "vid": "7d17676d-4828-4a43-85d6-1ee14362de6e" }, "details": "Electron developers report:\n\n> This update fixes the following vulnerability:\n>\n> - Security: backported fix for CVE-2024-12053.\n", "id": "FreeBSD-2025-0016", "modified": "2025-01-22T00:00:00Z", "published": "2025-01-22T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://github.com/electron/electron/releases/tag/v32.2.8" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-12053" }, { "type": "ADVISORY", "url": "https://github.com/advisories/GHSA-wvx7-72hc-rp32" } ], "schema_version": "1.7.0", "summary": "electron32 -- Type Confusion in V8" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "go122" }, "ranges": [ { "events": [ { "fixed": "1.22.11" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "go123" }, "ranges": [ { "events": [ { "fixed": "1.23.5" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://go.dev/issue/71156", "https://go.dev/issue/70530" ], "discovery": "2025-01-07T00:00:00Z", "references": { "cvename": [ "CVE-2024-45341", "CVE-2024-45336" ] }, "vid": "704aa72a-d840-11ef-a205-901b0e9408dc" }, "details": "The Go project reports:\n\n> crypto/x509: usage of IPv6 zone IDs can bypass URI name constraints\n>\n> A certificate with a URI which has a IPv6 address with a zone ID may\n> incorrectly satisfy a URI name constraint that applies to the\n> certificate chain.\n\n> net/http: sensitive headers incorrectly sent after cross-domain\n> redirect\n>\n> The HTTP client drops sensitive headers after following a cross-domain\n> redirect. For example, a request to a.com/ containing an Authorization\n> header which is redirected to b.com/ will not send that header to\n> b.com.\n", "id": "FreeBSD-2025-0015", "modified": "2025-01-21T00:00:00Z", "published": "2025-01-21T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://go.dev/issue/71156" }, { "type": "REPORT", "url": "https://go.dev/issue/70530" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-45341" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-45336" }, { "type": "WEB", "url": "https://go.dev/issue/71156" }, { "type": "WEB", "url": "https://go.dev/issue/70530" } ], "schema_version": "1.7.0", "summary": "go -- multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "electron31" }, "ranges": [ { "events": [ { "fixed": "31.7.7" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://github.com/electron/electron/releases/tag/v31.7.7" ], "discovery": "2025-01-14T00:00:00Z", "references": { "cvename": [ "CVE-2024-12053", "CVE-2024-12693", "CVE-2024-12694" ] }, "vid": "3161429b-3897-4593-84a0-b41ffbbfa36b" }, "details": "Electron developers report:\n\n> This update fixes the following vulnerabilities:\n>\n> - Security: backported fix for CVE-2024-12053.\n> - Security: backported fix for CVE-2024-12693.\n> - Security: backported fix for CVE-2024-12694.\n", "id": "FreeBSD-2025-0014", "modified": "2025-01-20T00:00:00Z", "published": "2025-01-20T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://github.com/electron/electron/releases/tag/v31.7.7" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-12053" }, { "type": "ADVISORY", "url": "https://github.com/advisories/GHSA-wvx7-72hc-rp32" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-12693" }, { "type": "ADVISORY", "url": "https://github.com/advisories/GHSA-m84q-p89f-6cc5" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-12694" }, { "type": "ADVISORY", "url": "https://github.com/advisories/GHSA-cgc6-4xgf-5q5x" } ], "schema_version": "1.7.0", "summary": "electron31 -- multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "age" }, "ranges": [ { "events": [ { "fixed": "1.2.1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://github.com/advisories/GHSA-32gq-x56h-299c" ], "discovery": "2024-12-18T00:00:00Z", "vid": "d9b0fea0-d564-11ef-b9bc-d05099c0ae8c" }, "details": "Filippo Valsorda reports:\n\n> A plugin name containing a path separator may allow an attacker to\n> execute an arbitrary binary.\n>\n> Such a plugin name can be provided to the age CLI through an\n> attacker-controlled recipient or identity string, or to the\n> plugin.NewIdentity, plugin.NewIdentityWithoutData, or\n> plugin.NewRecipient APIs.\n", "id": "FreeBSD-2025-0013", "modified": "2025-01-18T00:00:00Z", "published": "2025-01-18T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://github.com/advisories/GHSA-32gq-x56h-299c" }, { "type": "ADVISORY", "url": "https://github.com/advisories/GHSA-32gq-x56h-299c" } ], "schema_version": "1.7.0", "summary": "age -- age vulnerable to malicious plugin names, recipients, or identities causing arbitrary binary execution" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "openvpn" }, "ranges": [ { "events": [ { "fixed": "2.6.13" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://github.com/OpenVPN/openvpn/releases/tag/v2.6.13" ], "discovery": "2024-10-28T00:00:00Z", "vid": "47bc292a-d472-11ef-aaab-7d43732cb6f5" }, "details": "Frank Lichtenheld reports:\n\n> \\[OpenVPN v2.6.13 \\...\\] improve server-side handling of clients\n> sending usernames or passwords longer than USER_PASS_LEN - this would\n> not result in a crash, buffer overflow or other security issues, but\n> the server would then misparse incoming IV variables and produce\n> misleading error messages.\n", "id": "FreeBSD-2025-0012", "modified": "2025-01-17T00:00:00Z", "published": "2025-01-17T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://github.com/OpenVPN/openvpn/releases/tag/v2.6.13" }, { "type": "WEB", "url": "https://github.com/OpenVPN/openvpn/releases/tag/v2.6.13" } ], "schema_version": "1.7.0", "summary": "openvpn -- too long a username or password from a client can confuse openvpn servers" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "rsync" }, "ranges": [ { "events": [ { "fixed": "3.4.0" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://kb.cert.org/vuls/id/952657" ], "discovery": "2025-01-14T00:00:00Z", "references": { "cvename": [ "CVE-2024-12084", "CVE-2024-12085", "CVE-2024-12086", "CVE-2024-12087", "CVE-2024-12088", "CVE-2024-12747" ] }, "vid": "163edccf-d2ba-11ef-b10e-589cfc10a551" }, "details": "rsync reports:\n\n> This update includes multiple security fixes:\n>\n> - CVE-2024-12084: Heap Buffer Overflow in Checksum Parsing\n> - CVE-2024-12085: Info Leak via uninitialized Stack contents defeats\n> ASLR\n> - CVE-2024-12086: Server leaks arbitrary client files\n> - CVE-2024-12087: Server can make client write files outside of\n> destination directory using symbolic links\n> - CVE-2024-12088: \\--safe-links Bypass\n> - CVE-2024-12747: symlink race condition\n", "id": "FreeBSD-2025-0011", "modified": "2025-01-14T00:00:00Z", "published": "2025-01-14T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://kb.cert.org/vuls/id/952657" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-12084" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-12085" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-12086" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-12087" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-12088" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-12747" } ], "schema_version": "1.7.0", "summary": "rsync -- Multiple security fixes" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "git" }, "ranges": [ { "events": [ { "fixed": "2.48.1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "git-cvs" }, "ranges": [ { "events": [ { "fixed": "2.48.1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "git-gui" }, "ranges": [ { "events": [ { "fixed": "2.48.1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "git-p4" }, "ranges": [ { "events": [ { "fixed": "2.48.1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "git-svn" }, "ranges": [ { "events": [ { "fixed": "2.48.1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://lore.kernel.org/git/xmqq5xmh46oc.fsf@gitster.g/" ], "discovery": "2024-10-29T00:00:00Z", "references": { "cvename": [ "CVE-2024-50349", "CVE-2024-52006" ] }, "vid": "3445e4b6-d2b8-11ef-9ff3-43c2b5d6c4c8" }, "details": "Git development team reports:\n\n> CVE-2024-50349: Printing unsanitized URLs when asking for credentials\n> made the user susceptible to crafted URLs (e.g. in recursive clones)\n> that mislead the user into typing in passwords for trusted sites that\n> would then be sent to untrusted sites instead.\n>\n> CVE-2024-52006: Git may pass on Carriage Returns via the credential\n> protocol to credential helpers which use line-reading functions that\n> interpret said Carriage Returns as line endings, even though Git did\n> not intend that.\n", "id": "FreeBSD-2025-0010", "modified": "2025-01-14T00:00:00Z", "published": "2025-01-14T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://lore.kernel.org/git/xmqq5xmh46oc.fsf@gitster.g/" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-50349" }, { "type": "WEB", "url": "https://github.com/git/git/security/advisories/GHSA-hmg8-h7qf-7cxr" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-52006" }, { "type": "WEB", "url": "https://github.com/git/git/security/advisories/GHSA-r5ph-xg7q-xfrp" } ], "schema_version": "1.7.0", "summary": "git -- multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "keycloak" }, "ranges": [ { "events": [ { "fixed": "26.0.8" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://www.keycloak.org/2024/11/keycloak-2606-released.html" ], "discovery": "2025-01-13T00:00:00Z", "references": { "cvename": [ "CVE-2024-11734", "CVE-2024-11736" ] }, "vid": "5e2bd238-d2bb-11ef-bc0e-1c697a616631" }, "details": "Keycloak reports:\n\n> This update includes 2 security fixes:\n>\n> - CVE-2024-11734: Unrestricted admin use of system and environment\n> variables\n> - CVE-2024-11736: Denial of Service in Keycloak Server via Security\n> Headers\n", "id": "FreeBSD-2025-0009", "modified": "2025-01-13T00:00:00Z", "published": "2025-01-13T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://www.keycloak.org/2024/11/keycloak-2606-released.html" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-11734" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-11736" } ], "schema_version": "1.7.0", "summary": "keycloak -- Multiple security fixes" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "asterisk18" }, "ranges": [ { "events": [ { "fixed": "18.26.2" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "asterisk20" }, "ranges": [ { "events": [ { "fixed": "20.11.0" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://gist.github.com/hyp164D1/e7c0f44ffb38c00320aa1a6d98bee616" ], "discovery": "2024-12-02T00:00:00Z", "references": { "cvename": [ "CVE-2024-53566" ] }, "vid": "7624c151-d116-11ef-b232-b42e991fc52e" }, "details": "cve@mitre.org reports:\n\n> An issue in the action_listcategories() function of Sangoma Asterisk\n> v22/22.0.0/22.0.0-rc1/22.0.0-rc2/22.0.0-pre1 allows attackers to\n> execute a path traversal.\n", "id": "FreeBSD-2025-0008", "modified": "2025-01-12T00:00:00Z", "published": "2025-01-12T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://gist.github.com/hyp164D1/e7c0f44ffb38c00320aa1a6d98bee616" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-53566" }, { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-53566" } ], "schema_version": "1.7.0", "summary": "asterisk - path traversal" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "redis" }, "ranges": [ { "events": [ { "introduced": "7.0.0" }, { "fixed": "7.4.2" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "redis72" }, "ranges": [ { "events": [ { "fixed": "7.2.7" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "redis-devel" }, "ranges": [ { "events": [ { "fixed": "7.4.2.20250201" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "valkey" }, "ranges": [ { "events": [ { "fixed": "8.0.2" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://github.com/redis/redis/security/advisories/GHSA-prpq-rh5h-46g9" ], "discovery": "2025-01-06T00:00:00Z", "references": { "cvename": [ "CVE-2024-51741" ] }, "vid": "4d79fd1a-cc93-11ef-abed-08002784c58d" }, "details": "Redis core team reports:\n\n> An authenticated with sufficient privileges may create a malformed ACL\n> selector which, when accessed, triggers a server panic and subsequent\n> denial of service.The problem exists in Redis 7.0.0 or newer.\n", "id": "FreeBSD-2025-0007", "modified": "2025-01-10T00:00:00Z", "published": "2025-01-10T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://github.com/redis/redis/security/advisories/GHSA-prpq-rh5h-46g9" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-51741" }, { "type": "WEB", "url": "https://github.com/redis/redis/security/advisories/GHSA-prpq-rh5h-46g9" } ], "schema_version": "1.7.0", "summary": "redis,valkey -- Denial-of-service valnerability due to malformed ACL selectors" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "redis" }, "ranges": [ { "events": [ { "fixed": "7.4.2" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "redis72" }, "ranges": [ { "events": [ { "fixed": "7.2.7" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "redis62" }, "ranges": [ { "events": [ { "fixed": "6.2.17" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "redis-devel" }, "ranges": [ { "events": [ { "fixed": "7.4.2.20250201" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "valkey" }, "ranges": [ { "events": [ { "fixed": "8.0.2" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://github.com/redis/redis/security/advisories/GHSA-39h2-x6c4-6w4c" ], "discovery": "2025-01-06T00:00:00Z", "references": { "cvename": [ "CVE-2024-46981" ] }, "vid": "5f19ac58-cc90-11ef-abed-08002784c58d" }, "details": "Redis core team reports:\n\n> An authenticated user may use a specially crafted Lua script to\n> manipulate the garbage collector and potentially lead to remote code\n> execution. The problem exists in all versions of Redis with Lua\n> scripting.\n", "id": "FreeBSD-2025-0006", "modified": "2025-01-10T00:00:00Z", "published": "2025-01-10T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://github.com/redis/redis/security/advisories/GHSA-39h2-x6c4-6w4c" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-46981" }, { "type": "WEB", "url": "https://github.com/redis/redis/security/advisories/GHSA-39h2-x6c4-6w4c" } ], "schema_version": "1.7.0", "summary": "redis,valkey -- Remote code execution valnerability" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "gitlab-ce" }, "ranges": [ { "events": [ { "introduced": "17.7.0" }, { "fixed": "17.7.1" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "17.6.0" }, { "fixed": "17.6.3" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "11.0.0" }, { "fixed": "17.5.5" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "gitlab-ee" }, "ranges": [ { "events": [ { "introduced": "17.7.0" }, { "fixed": "17.7.1" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "17.6.0" }, { "fixed": "17.6.3" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "11.0.0" }, { "fixed": "17.5.5" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://about.gitlab.com/releases/2025/01/08/patch-release-gitlab-17-7-1-released/" ], "discovery": "2025-01-08T00:00:00Z", "references": { "cvename": [ "CVE-2025-0194", "CVE-2024-6324", "CVE-2024-12431", "CVE-2024-13041" ] }, "vid": "2bfde261-cdf2-11ef-b6b2-2cf05da270f3" }, "details": "Gitlab reports:\n\n> Possible access token exposure in GitLab logs\n>\n> Cyclic reference of epics leads resource exhaustion\n>\n> Unauthorized user can manipulate status of issues in public projects\n>\n> Instance SAML does not respect external_provider configuration\n", "id": "FreeBSD-2025-0005", "modified": "2025-01-08T00:00:00Z", "published": "2025-01-08T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://about.gitlab.com/releases/2025/01/08/patch-release-gitlab-17-7-1-released/" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2025-0194" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-6324" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-12431" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-13041" }, { "type": "WEB", "url": "https://about.gitlab.com/releases/2025/01/08/patch-release-gitlab-17-7-1-released/" } ], "schema_version": "1.7.0", "summary": "Gitlab -- Vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "perl5.36" }, "ranges": [ { "events": [ { "fixed": "5.36.3" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "perl5.38" }, "ranges": [ { "events": [ { "fixed": "5.38.4" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "perl5.40" }, "ranges": [ { "events": [ { "fixed": "5.40.2" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "perl5-devel" }, "ranges": [ { "events": [ { "fixed": "5.41.10" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://github.com/Perl/perl5/commit/87f42aa0e0096e9a346c9672aa3a0bd3bef8c1dd.patch" ], "discovery": "2025-04-13T00:00:00Z", "references": { "cvename": [ "CVE-2024-56406" ] }, "vid": "a380f43e-19e5-11f0-9568-b42e991fc52e" }, "details": "9b29abf9-4ab0-4765-b253-1875cd9b441e reports:\n\n> A heap buffer overflow vulnerability was discovered in Perl. When\n> there are non-ASCII bytes in the left-hand-side of the \\`tr\\`\n> operator, \\`S_do_trans_invmap\\` can overflow the destination pointer\n> \\`d\\`. \\$ perl -e \\'\\$\\_ = \\\"\\\\x{FF}\\\" x 1000000;\n> tr/\\\\xFF/\\\\x{100}/;\\' Segmentation fault (core dumped) It is believed\n> that this vulnerability can enable Denial of Service and possibly Code\n> Execution attacks on platforms that lack sufficient defenses.\n", "id": "FreeBSD-2025-0004", "modified": "2025-04-15T00:00:00Z", "published": "2025-04-15T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://github.com/Perl/perl5/commit/87f42aa0e0096e9a346c9672aa3a0bd3bef8c1dd.patch" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-56406" }, { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-56406" } ], "schema_version": "1.7.0", "summary": "Perl -- heap buffer overflow when transliterating non-ASCII bytes" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "gogs" }, "ranges": [ { "events": [ { "fixed": "0.13.0" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://fysac.github.io/posts/2024/11/unpatched-remote-code-execution-in-gogs/" ], "discovery": "2024-11-15T00:00:00Z", "references": { "cvename": [ "CVE-2024-44625", "CVE-2024-39933", "CVE-2024-39932", "CVE-2024-39931", "CVE-2024-39930" ] }, "vid": "0230343c-1908-11f0-accc-b42e991fc52e" }, "details": "cve@mitre.org reports:\n\n> CVE-2024-44625: Directory Traversal via the editFilePost function of\n> internal/route/repo/editor.go.\n>\n> CVE-2024-39933: Gogs allows argument injection during the tagging of a\n> new release.\n>\n> CVE-2024-39932: Gogs allows argument injection during the previewing\n> of changes.\n>\n> CVE-2024-39931: Gogs allows deletion of internal files.\n>\n> CVE-2024-39930: The built-in SSH server of Gogs allows argument\n> injection in internal/ssh/ssh.go, leading to remote code execution.\n> Authenticated attackers can exploit this by opening an SSH connection\n> and sending a malicious \\--split-string env request if the built-in\n> SSH server is activated.\n", "id": "FreeBSD-2025-0003", "modified": "2025-04-14T00:00:00Z", "published": "2025-04-14T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://fysac.github.io/posts/2024/11/unpatched-remote-code-execution-in-gogs/" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-44625" }, { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-44625" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-39933" }, { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-39933" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-39932" }, { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-39932" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-39931" }, { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-39931" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-39930" }, { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-39930" } ], "schema_version": "1.7.0", "summary": "gogs -- Multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "firefox" }, "ranges": [ { "events": [ { "fixed": "133.0,2" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "thunderbird" }, "ranges": [ { "events": [ { "fixed": "133.0" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://bugzilla.mozilla.org/show_bug.cgi?id=1923767" ], "discovery": "2024-11-26T00:00:00Z", "references": { "cvename": [ "CVE-2024-11706" ] }, "vid": "ba6361be-1887-11f0-a8ce-b42e991fc52e" }, "details": "security@mozilla.org reports:\n\n> A null pointer dereference may have inadvertently occurred in\n> \\`pk12util\\`, and specifically in the \\`SEC_ASN1DecodeItem_Util\\`\n> function, when handling malformed or improperly formatted input files.\n", "id": "FreeBSD-2025-0002", "modified": "2025-04-13T00:00:00Z", "published": "2025-04-13T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1923767" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-11706" }, { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-11706" } ], "schema_version": "1.7.0", "summary": "Mozilla -- null pointer dereference" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "firefox" }, "ranges": [ { "events": [ { "fixed": "133.0,2" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "firefox-esr" }, "ranges": [ { "events": [ { "fixed": "128.7.0" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "thunderbird" }, "ranges": [ { "events": [ { "fixed": "133.0" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://bugzilla.mozilla.org/show_bug.cgi?id=1899402" ], "discovery": "2024-11-26T00:00:00Z", "references": { "cvename": [ "CVE-2024-11704" ] }, "vid": "b65b1217-1887-11f0-a8ce-b42e991fc52e" }, "details": "security@mozilla.org reports:\n\n> A double-free issue could have occurred in\n> \\`sec_pkcs7_decoder_start_decrypt()\\` when handling an error path.\n> Under specific conditions, the same symmetric key could have been\n> freed twice, potentially leading to memory corruption.\n", "id": "FreeBSD-2025-0001", "modified": "2025-04-13T00:00:00Z", "published": "2025-04-13T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1899402" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-11704" }, { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-11704" } ], "schema_version": "1.7.0", "summary": "mozilla -- double free error" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "tomcat110" }, "ranges": [ { "events": [ { "introduced": "11.0.0,1" }, { "fixed": "11.0.1" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "tomcat101" }, "ranges": [ { "events": [ { "introduced": "10.1.0,1" }, { "fixed": "10.1.33" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "tomcat9" }, "ranges": [ { "events": [ { "introduced": "9.0.0,1" }, { "fixed": "9.0.97" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://lists.apache.org/thread/b2b9qrgjrz1kvo4ym8y2wkfdvwoq6qbp" ], "discovery": "2024-12-20T00:00:00Z", "references": { "cvename": [ "CVE-2024-56337" ] }, "vid": "ed0a052a-c5e6-11ef-a457-b42e991fc52e" }, "details": "security@apache.org reports:\n\n> Time-of-check Time-of-use (TOCTOU) Race Condition The mitigation for\n> CVE-2024-50379 was incomplete. Users running Tomcat on a case\n> insensitive file system with the default servlet write enabled\n> (readonly initialisation parameter set to the non-default value of\n> false) may need additional configuration to fully mitigate\n> CVE-2024-50379 depending on which version of Java they are using with\n> Tomcat: - running on Java 8 or Java 11: the system\n> propertysun.io.useCanonCaches must be explicitly set to false (it\n> defaults to true) - running on Java 17: thesystem property\n> sun.io.useCanonCaches, if set, must be set to false(it defaults to\n> false) - running on Java 21 onwards: no further configuration is\n> required(the system property and the problematic cache have been\n> removed) Tomcat 11.0.3, 10.1.35 and 9.0.99 onwards will include checks\n> thatsun.io.useCanonCaches is set appropriately before allowing the\n> default servlet to be write enabled on a case insensitive file system.\n> Tomcat will also setsun.io.useCanonCaches to false by default where it\n> can.\n", "id": "FreeBSD-2024-0333", "modified": "2024-12-29T00:00:00Z", "published": "2024-12-29T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://lists.apache.org/thread/b2b9qrgjrz1kvo4ym8y2wkfdvwoq6qbp" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-56337" }, { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-56337" } ], "schema_version": "1.7.0", "summary": "Apache Tomcat -- RCE due to TOCTOU issue in JSP compilation" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "kanboard" }, "ranges": [ { "events": [ { "fixed": "1.2.43" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://github.com/kanboard/kanboard/blob/main/app/Core/Session/SessionHandler.php#L40" ], "discovery": "2024-12-19T00:00:00Z", "references": { "cvename": [ "CVE-2024-55603" ] }, "vid": "94b2d58a-c1e9-11ef-aa3f-dcfe074bd614" }, "details": "security-advisories@github.com reports:\n\n> Kanboard is project management software that focuses on the Kanban\n> methodology. In affected versions sessions are still usable even\n> though their lifetime has exceeded. Kanboard implements a cutom\n> session handler (\\`app/Core/Session/SessionHandler.php\\`), to store\n> the session data in a database. Therefore, when a \\`session_id\\` is\n> given, kanboard queries the data from the \\`sessions\\` sql table. At\n> this point, it does not correctly verify, if a given \\`session_id\\`\n> has already exceeded its lifetime (\\`expires_at\\`). Thus, a session\n> which\\'s lifetime is already \\`\\> time()\\`, is still queried from the\n> database and hence a valid login. The implemented\n> \\*\\*SessionHandlerInterface::gc\\*\\* function, that does remove invalid\n> sessions, is called only \\*\\*with a certain probability\\*\\* (\\_Cleans\n> up expired sessions. Called by \\`session_start()\\`, based on\n> \\`session.gc_divisor\\`, \\`session.gc_probability\\` and\n> \\`session.gc_maxlifetime\\` settings\\_) accordingly to the php\n> documentation. In the official Kanboard docker image these values\n> default to: session.gc_probability=1, session.gc_divisor=1000. Thus,\n> an expired session is only terminated with probability 1/1000. There\n> are no known workarounds for this vulnerability.\n", "id": "FreeBSD-2024-0332", "modified": "2024-12-24T00:00:00Z", "published": "2024-12-24T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://github.com/kanboard/kanboard/blob/main/app/Core/Session/SessionHandler.php#L40" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-55603" }, { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-55603" } ], "schema_version": "1.7.0", "summary": "kanboard -- Insufficient session invalidation" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "vaultwarden" }, "ranges": [ { "events": [ { "fixed": "1.32.7" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://github.com/dani-garcia/vaultwarden/pull/5291" ], "discovery": "2024-12-20T00:00:00Z", "vid": "0a8dbc7f-bedc-11ef-b5a1-000ec6d40964" }, "details": "The Vaultwarden project reports:\n\n> Admins from any organization were able to modify or delete groups in\n> any other organization if they know the group\\'s uuid.\n", "id": "FreeBSD-2024-0331", "modified": "2024-12-20T00:00:00Z", "published": "2024-12-20T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://github.com/dani-garcia/vaultwarden/pull/5291" }, { "type": "WEB", "url": "https://github.com/dani-garcia/vaultwarden/pull/5291" } ], "schema_version": "1.7.0", "summary": "Vaultwarden -- Admin organization permissions" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "chromium" }, "ranges": [ { "events": [ { "fixed": "131.0.6778.204" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "ungoogled-chromium" }, "ranges": [ { "events": [ { "fixed": "131.0.6778.204" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://chromereleases.googleblog.com/2024/12/stable-channel-update-for-desktop_18.html" ], "discovery": "2024-12-18T00:00:00Z", "references": { "cvename": [ "CVE-2024-12692", "CVE-2024-12693", "CVE-2024-12694", "CVE-2024-12695" ] }, "vid": "e18c5c8d-be01-11ef-8c1c-a8a1599412c6" }, "details": "Chrome Releases reports:\n\n> This update includes 3 security fixes:\n>\n> - \\[382291459\\] High CVE-2024-12692: Type Confusion in V8. Reported by\n> Seunghyun Lee (@0x10n) on 2024-12-05\n> - \\[382190919\\] High CVE-2024-12693: Out of bounds memory access in\n> V8. Reported by 303f06e3 on 2024-12-04\n> - \\[368222741\\] High CVE-2024-12694: Use after free in Compositing.\n> Reported by Anonymous on 2024-09-19\n> - \\[383647255\\] High CVE-2024-12695: Out of bounds write in V8.\n> Reported by 303f06e3 on 2024-12-12\n", "id": "FreeBSD-2024-0330", "modified": "2024-12-19T00:00:00Z", "published": "2024-12-19T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://chromereleases.googleblog.com/2024/12/stable-channel-update-for-desktop_18.html" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-12692" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-12693" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-12694" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-12695" }, { "type": "WEB", "url": "https://chromereleases.googleblog.com/2024/12/stable-channel-update-for-desktop_18.html" } ], "schema_version": "1.7.0", "summary": "chromium -- multiple security fixes" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "liboqs" }, "ranges": [ { "events": [ { "fixed": "0.12.0" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://github.com/open-quantum-safe/liboqs/security/advisories/GHSA-gpf4-vrrw-r8v7" ], "discovery": "2024-11-29T00:00:00Z", "references": { "cvename": [ "CVE-2024-54137" ] }, "vid": "dc087dad-bd71-11ef-b5a1-000ec6d40964" }, "details": "The Open Quantum Safe project reports:\n\n> A correctness error has been identified in the reference\n> implementation of the HQC key encapsulation mechanism. Due to an\n> indexing error, part of the secret key is incorrectly treated as\n> non-secret data. This results in an incorrect shared secret value\n> being returned when the decapsulation function is called with a\n> malformed ciphertext.\n>\n> No concrete attack exploiting the error has been identified at this\n> point. However, the error involves mishandling of the secret key, and\n> in principle this presents a security vulnerability.\n", "id": "FreeBSD-2024-0329", "modified": "2024-12-18T00:00:00Z", "published": "2024-12-18T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://github.com/open-quantum-safe/liboqs/security/advisories/GHSA-gpf4-vrrw-r8v7" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-54137" }, { "type": "WEB", "url": "https://github.com/open-quantum-safe/liboqs/security/advisories/GHSA-gpf4-vrrw-r8v7" } ], "schema_version": "1.7.0", "summary": "liboqs -- Correctness error in HQC decapsulation" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "gitea" }, "ranges": [ { "events": [ { "fixed": "1.22.6" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "discovery": "2024-12-12T00:00:00Z", "vid": "38e6f778-bca3-11ef-8926-9b4f2d14eb53" }, "details": "# Problem Description:\n\n- Misuse of ServerConfig.PublicKeyCallback may cause authorization\n bypass in golang.org/x/crypto\n", "id": "FreeBSD-2024-0328", "modified": "2024-12-17T00:00:00Z", "published": "2024-12-17T00:00:00Z", "references": [ { "type": "WEB", "url": "https://github.com/go-gitea/gitea/pull/32810" }, { "type": "ADVISORY", "url": "https://github.com/advisories/GHSA-v778-237x-gjrc" } ], "schema_version": "1.7.0", "summary": "gitea -- Fix misuse of PublicKeyCallback" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "gitea" }, "ranges": [ { "events": [ { "fixed": "1.22.5" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "discovery": "2024-11-27T00:00:00Z", "vid": "453cd84e-bca4-11ef-8926-9b4f2d14eb53" }, "details": "# Problem Description:\n\n- Fix delete branch perm checking\n- Upgrade crypto library\n", "id": "FreeBSD-2024-0327", "modified": "2024-12-17T00:00:00Z", "published": "2024-12-17T00:00:00Z", "references": [ { "type": "WEB", "url": "https://github.com/go-gitea/gitea/pull/32791" }, { "type": "WEB", "url": "https://github.com/go-gitea/gitea/pull/32654" } ], "schema_version": "1.7.0", "summary": "gitea -- multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "gitea" }, "ranges": [ { "events": [ { "fixed": "1.22.4" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "discovery": "2024-11-16T00:00:00Z", "vid": "6ea20f0c-bca3-11ef-8926-9b4f2d14eb53" }, "details": "# Problem Description:\n\n- Fix basic auth with webauthn\n- Refactor internal routers (partial backport, auth token const time\n comparing)\n", "id": "FreeBSD-2024-0326", "modified": "2024-12-17T00:00:00Z", "published": "2024-12-17T00:00:00Z", "references": [ { "type": "WEB", "url": "https://github.com/go-gitea/gitea/pull/32531" }, { "type": "WEB", "url": "https://github.com/go-gitea/gitea/pull/32473" } ], "schema_version": "1.7.0", "summary": "gitea -- multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "forgejo" }, "ranges": [ { "events": [ { "fixed": "9.0.2" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "forgejo7" }, "ranges": [ { "events": [ { "fixed": "7.0.11" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "discovery": "2024-12-12T00:00:00Z", "vid": "5ca064a6-bca1-11ef-8926-9b4f2d14eb53" }, "details": "# Problem Description:\n\n- It was possible to use a token sent via email for secondary email\n validation to reset the password instead. In other words, a token sent\n for a given action (registration, password reset or secondary email\n validation) could be used to perform a different action. It is no\n longer possible to use a token for an action that is different from\n its original purpose.\n- A fork of a public repository would show in the list of forks, even if\n its owner was not a public user or organization. Such a fork is now\n hidden from the list of forks of the public repository.\n- The members of an organization team with read access to a repository\n (e.g. to read issues) but no read access to the code could read the\n RSS or atom feeds which include the commit activity. Reading the RSS\n or atom feeds is now denied unless the team has read permissions on\n the code.\n- The tokens used when replying by email to issues or pull requests were\n weaker than the rfc2104 recommendations. The tokens are now truncated\n to 128 bits instead of 80 bits. It is no longer possible to reply to\n emails sent before the upgrade because the weaker tokens are invalid.\n- A registered user could modify the update frequency of any push mirror\n (e.g. every 4h instead of every 8h). They are now only able to do that\n if they have administrative permissions on the repository.\n- It was possible to use basic authorization (i.e. user:password) for\n requests to the API even when security keys were enrolled for a user.\n It is no longer possible, an application token must be used instead.\n- Some markup sanitation rules were not as strong as they could be (e.g.\n allowing emoji somethingelse as well as emoji). The rules are now\n stricter and do not allow for such cases.\n- When Forgejo is configured to enable instance wide search (e.g. with\n bleve), results found in the repositories of private or limited users\n were displayed to anonymous visitors. The results found in private or\n limited organizations were not displayed. The search results found in\n the repositories of private or limited user are no longer displayed to\n anonymous visitors.\n", "id": "FreeBSD-2024-0325", "modified": "2024-12-18T00:00:00Z", "published": "2024-12-17T00:00:00Z", "references": [ { "type": "WEB", "url": "https://codeberg.org/forgejo/forgejo/pulls/5974" }, { "type": "WEB", "url": "https://codeberg.org/forgejo/forgejo/pulls/5974" }, { "type": "WEB", "url": "https://codeberg.org/forgejo/forgejo/pulls/5974" }, { "type": "WEB", "url": "https://codeberg.org/forgejo/forgejo/pulls/5974" }, { "type": "WEB", "url": "https://codeberg.org/forgejo/forgejo/pulls/5974" }, { "type": "WEB", "url": "https://codeberg.org/forgejo/forgejo/pulls/5974" }, { "type": "WEB", "url": "https://codeberg.org/forgejo/forgejo/pulls/5974" }, { "type": "WEB", "url": "https://codeberg.org/forgejo/forgejo/pulls/5974" } ], "schema_version": "1.7.0", "summary": "forgejo -- multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "forgejo" }, "ranges": [ { "events": [ { "fixed": "7.0.12" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "discovery": "2024-12-12T00:00:00Z", "vid": "25a697de-bca1-11ef-8926-9b4f2d14eb53" }, "details": "# Problem Description:\n\n- When Forgejo is configured to run the internal ssh server with\n \\[server\\].START_SSH_SERVER=true, it was possible for a registered\n user to impersonate another user. The rootless container image uses\n the internal ssh server by default and was vulnerable. A Forgejo\n instance running from a binary or from a root container image does not\n use the internal ssh server by default and was not vulnerable. The\n incorrect use of the crypto package is the root cause of the\n vulnerability and was fixed for the internal ssh server.\n- Revert \\\"allow synchronizing user status from OAuth2 login providers\\\"\n", "id": "FreeBSD-2024-0324", "modified": "2024-12-17T00:00:00Z", "published": "2024-12-17T00:00:00Z", "references": [ { "type": "WEB", "url": "https://codeberg.org/forgejo/forgejo/pulls/6248" } ], "schema_version": "1.7.0", "summary": "forgejo -- unauthorized user impersonation" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "forgejo" }, "ranges": [ { "events": [ { "fixed": "9.0.3" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "discovery": "2024-12-12T00:00:00Z", "vid": "6dcf6fc6-bca0-11ef-8926-9b4f2d14eb53" }, "details": "# Problem Description:\n\n- When Forgejo is configured to run the internal ssh server with\n \\[server\\].START_SSH_SERVER=true, it was possible for a registered\n user to impersonate another user. The rootless container image uses\n the internal ssh server by default and was vulnerable. A Forgejo\n instance running from a binary or from a root container image does not\n use the internal ssh server by default and was not vulnerable. The\n incorrect use of the crypto package is the root cause of the\n vulnerability and was fixed for the internal ssh server.\n- Revert \\\"allow synchronizing user status from OAuth2 login providers\\\"\n", "id": "FreeBSD-2024-0323", "modified": "2024-12-17T00:00:00Z", "published": "2024-12-17T00:00:00Z", "references": [ { "type": "WEB", "url": "https://codeberg.org/forgejo/forgejo/pulls/6248" }, { "type": "WEB", "url": "https://codeberg.org/forgejo/forgejo/pulls/6249" } ], "schema_version": "1.7.0", "summary": "forgejo -- multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "py38-matrix-synapse" }, "ranges": [ { "events": [ { "fixed": "1.120.1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "py39-matrix-synapse" }, "ranges": [ { "events": [ { "fixed": "1.120.1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "py310-matrix-synapse" }, "ranges": [ { "events": [ { "fixed": "1.120.1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "py311-matrix-synapse" }, "ranges": [ { "events": [ { "fixed": "1.120.1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://github.com/element-hq/synapse/releases/tag/v1.120.2" ], "discovery": "2024-12-03T00:00:00Z", "references": { "cvename": [ "CVE-2024-52805", "CVE-2024-52815", "CVE-2024-53863", "CVE-2024-53867", "CVE-2024-37302", "CVE-2024-37303" ] }, "vid": "71f3e9f0-bafc-11ef-885d-901b0e934d69" }, "details": "element-hq/synapse developers report:\n\n> \\[The 1.120.1\\] release fixes multiple security vulnerabilities, some\n> affecting all prior versions of Synapse. Server administrators are\n> encouraged to update Synapse as soon as possible. We are not aware of\n> these vulnerabilities being exploited in the wild.\n>\n> Administrators who are unable to update Synapse may use the\n> workarounds described in the linked GitHub Security Advisory below.\n", "id": "FreeBSD-2024-0322", "modified": "2024-12-15T00:00:00Z", "published": "2024-12-15T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://github.com/element-hq/synapse/releases/tag/v1.120.2" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-52805" }, { "type": "WEB", "url": "https://github.com/element-hq/synapse/security/advisories/GHSA-rfq8-j7rh-8hf2" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-52815" }, { "type": "WEB", "url": "https://github.com/element-hq/synapse/security/advisories/GHSA-f3r3-h2mq-hx2h" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-53863" }, { "type": "WEB", "url": "https://github.com/element-hq/synapse/security/advisories/GHSA-vp6v-whfm-rv3g" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-53867" }, { "type": "WEB", "url": "https://github.com/element-hq/synapse/security/advisories/GHSA-56w4-5538-8v8h" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-37302" }, { "type": "WEB", "url": "https://github.com/element-hq/synapse/security/advisories/GHSA-4mhg-xv73-xq2x" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-37303" }, { "type": "WEB", "url": "https://github.com/element-hq/synapse/security/advisories/GHSA-gjgr-7834-rhxr" } ], "schema_version": "1.7.0", "summary": "py-matrix-synapse -- multiple vulnerabilities in versions prior to 1.120.1" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "zeek" }, "ranges": [ { "events": [ { "fixed": "7.0.5" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://github.com/zeek/zeek/releases/tag/v7.0.5" ], "discovery": "2024-12-16T00:00:00Z", "vid": "ef56065e-81fe-4731-a1e3-606c55925bef" }, "details": "Tim Wojtulewicz of Corelight reports:\n\n> Large QUIC packets can cause Zeek to overflow memory and potentially\n> crash. Due to the possibility of receiving these packets from remote\n> hosts, this is a DoS risk.\n", "id": "FreeBSD-2024-0321", "modified": "2024-12-16T00:00:00Z", "published": "2024-12-16T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://github.com/zeek/zeek/releases/tag/v7.0.5" }, { "type": "WEB", "url": "https://github.com/zeek/zeek/releases/tag/v7.0.5" } ], "schema_version": "1.7.0", "summary": "zeek -- potential DoS vulnerability" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "gitlab-ce" }, "ranges": [ { "events": [ { "introduced": "17.6.0" }, { "fixed": "17.6.2" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "17.5.0" }, { "fixed": "17.5.4" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "9.4.0" }, { "fixed": "17.4.6" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "gitlab-ee" }, "ranges": [ { "events": [ { "introduced": "17.6.0" }, { "fixed": "17.6.2" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "17.5.0" }, { "fixed": "17.5.4" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "9.4.0" }, { "fixed": "17.4.6" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://about.gitlab.com/releases/2024/12/11/patch-release-gitlab-17-6-2-released/" ], "discovery": "2024-12-11T00:00:00Z", "references": { "cvename": [ "CVE-2024-11274", "CVE-2024-8233", "CVE-2024-9387", "CVE-2024-8647", "CVE-2024-8179", "CVE-2024-8116", "CVE-2024-8650", "CVE-2024-9367", "CVE-2024-12292", "CVE-2024-12292", "CVE-2024-10043" ] }, "vid": "275ac414-b847-11ef-9877-2cf05da270f3" }, "details": "Gitlab reports:\n\n> Injection of Network Error Logging (NEL) headers in kubernetes proxy\n> response could lead to ATO abusing OAuth flows\n>\n> Denial of Service by repeatedly sending unauthenticated requests for\n> diff-files\n>\n> CI_JOB_TOKEN could be used to obtain GitLab session\n>\n> Open redirect in releases API\n>\n> Client-Side Path Traversal in Harbor artifact links\n>\n> HTML injection in vulnerability details could lead to Cross Site\n> Scripting\n>\n> Leak branch names of projects with confidential repository\n>\n> Non member can view unresolved threads marked as internal notes\n>\n> Uncontrolled Resource Consumption through a maliciously crafted file\n>\n> Certain sensitive information passed as literals inside GraphQL\n> mutations retained in GraphQL logs\n>\n> Information disclosure of confidential incidents details to a group\n> member in Gitlab Wiki\n>\n> Domain Confusion in GitLab Pages Unique Domain Implementation\n", "id": "FreeBSD-2024-0320", "modified": "2024-12-12T00:00:00Z", "published": "2024-12-12T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://about.gitlab.com/releases/2024/12/11/patch-release-gitlab-17-6-2-released/" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-11274" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-8233" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-9387" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-8647" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-8179" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-8116" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-8650" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-9367" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-12292" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-12292" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-10043" }, { "type": "WEB", "url": "https://about.gitlab.com/releases/2024/12/11/patch-release-gitlab-17-6-2-released/" } ], "schema_version": "1.7.0", "summary": "Gitlab -- Vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "chromium" }, "ranges": [ { "events": [ { "fixed": "131.0.6778.139" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "ungoogled-chromium" }, "ranges": [ { "events": [ { "fixed": "131.0.6778.139" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://chromereleases.googleblog.com/2024/12/stable-channel-update-for-desktop_10.html" ], "discovery": "2024-12-10T00:00:00Z", "references": { "cvename": [ "CVE-2024-12381", "CVE-2024-12382" ] }, "vid": "aeee5ebd-356c-49c1-8959-7c88981de5fd" }, "details": "Chrome Releases reports:\n\n> This update includes 3 security fixes:\n>\n> - \\[381696874\\] High CVE-2024-12381: Type Confusion in V8. Reported by\n> Seunghyun Lee (@0x10n) on 2024-12-02\n> - \\[379516109\\] High CVE-2024-12382: Use after free in Translate.\n> Reported by lime(@limeSec\\_) from TIANGONG Team of Legendsec at\n> QI-ANXIN Group on 2024-11-18\n", "id": "FreeBSD-2024-0319", "modified": "2024-12-11T00:00:00Z", "published": "2024-12-11T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://chromereleases.googleblog.com/2024/12/stable-channel-update-for-desktop_10.html" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-12381" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-12382" }, { "type": "WEB", "url": "https://chromereleases.googleblog.com/2024/12/stable-channel-update-for-desktop_10.html" } ], "schema_version": "1.7.0", "summary": "chromium -- multiple security fixes" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "chromium" }, "ranges": [ { "events": [ { "fixed": "131.0.6778.108" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "ungoogled-chromium" }, "ranges": [ { "events": [ { "fixed": "131.0.6778.108" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://chromereleases.googleblog.com/2024/12/stable-channel-update-for-desktop.html" ], "discovery": "2024-12-03T00:00:00Z", "references": { "cvename": [ "CVE-2024-12053" ] }, "vid": "3d5b7860-48ad-48c2-aa36-601b8ab9cc43" }, "details": "Chrome Releases reports:\n\n> This update includes 4 security fixes:\n>\n> - \\[379009132\\] High CVE-2024-12053: Type Confusion in V8. Reported by\n> gal1ium and chluo on 2024-11-14\n", "id": "FreeBSD-2024-0318", "modified": "2024-12-11T00:00:00Z", "published": "2024-12-11T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://chromereleases.googleblog.com/2024/12/stable-channel-update-for-desktop.html" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-12053" }, { "type": "WEB", "url": "https://chromereleases.googleblog.com/2024/12/stable-channel-update-for-desktop.html" } ], "schema_version": "1.7.0", "summary": "chromium -- multiple security fixes" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "firefox" }, "ranges": [ { "events": [ { "fixed": "133.0.0,2" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "firefox-esr" }, "ranges": [ { "events": [ { "fixed": "128.5,1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "thunderbird" }, "ranges": [ { "events": [ { "fixed": "128.5" }, { "introduced": "0" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "129" }, { "fixed": "133" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://bugzilla.mozilla.org/show_bug.cgi?id=1929600" ], "discovery": "2024-11-26T00:00:00Z", "references": { "cvename": [ "CVE-2024-11692", "CVE-2024-11696", "CVE-2024-11697", "CVE-2024-11699" ] }, "vid": "0e20e42c-b728-11ef-805a-b42e991fc52e" }, "details": "security@mozilla.org reports:\n\n> - CVE-2024-11692: An attacker could cause a select dropdown to be\n> shown over another tab; this could have led to user confusion and\n> possible spoofing attacks.\n> - CVE-2024-11696: The application failed to account for exceptions\n> thrown by the \\`loadManifestFromFile\\` method during add-on\n> signature verification. This flaw, triggered by an invalid or\n> unsupported extension manifest, could have caused runtime errors\n> that disrupted the signature validation process. As a result, the\n> enforcement of signature validation for unrelated add-ons may have\n> been bypassed. Signature validation in this context is used to\n> ensure that third-party applications on the user\\'s computer have\n> not tampered with the user\\'s extensions, limiting the impact of\n> this issue.\n> - CVE-2024-11697: When handling keypress events, an attacker may have\n> been able to trick a user into bypassing the \\\" Open Executable\n> File?\\\" confirmation dialog. This could have led to malicious code\n> execution.\n> - CVE-2024-11699: Memory safety bugs present in Firefox 132, Firefox\n> ESR 128.4, and Thunderbird 128.4. Some of these bugs showed evidence\n> of memory corruption and we presume that with enough effort some of\n> these could have been exploited to run arbitrary code.\n", "id": "FreeBSD-2024-0317", "modified": "2024-12-10T00:00:00Z", "published": "2024-12-10T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1929600" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-11692" }, { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-11692" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-11696" }, { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-11696" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-11697" }, { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-11697" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-11699" }, { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-11699" } ], "schema_version": "1.7.0", "summary": "firefox -- multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "qt6-webengine" }, "ranges": [ { "events": [ { "fixed": "6.7.3_3" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://code.qt.io/cgit/qt/qtwebengine-chromium.git/log/?h=118-based" ], "discovery": "2024-11-29T00:00:00Z", "references": { "cvename": [ "CVE-2024-11110", "CVE-2024-11112", "CVE-2024-11114", "CVE-2024-11116", "CVE-2024-11117" ] }, "vid": "c2fd83e4-b450-11ef-b680-4ccc6adda413" }, "details": "Qt qtwebengine-chromium repo reports:\n\n> Backports for 5 security bugs in Chromium:\n>\n> - CVE-2024-11110: Inappropriate implementation in Blink\n> - CVE-2024-11112: Use after free in Media\n> - CVE-2024-11114: Inappropriate implementation in Views\n> - CVE-2024-11116: Inappropriate implementation in Paint\n> - CVE-2024-11117: Inappropriate implementation in FileSystem\n", "id": "FreeBSD-2024-0316", "modified": "2024-12-07T00:00:00Z", "published": "2024-12-07T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://code.qt.io/cgit/qt/qtwebengine-chromium.git/log/?h=118-based" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-11110" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-11112" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-11114" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-11116" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-11117" }, { "type": "WEB", "url": "https://code.qt.io/cgit/qt/qtwebengine-chromium.git/log/?h=118-based" } ], "schema_version": "1.7.0", "summary": "qt6-webengine -- Multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "gstreamer1-plugins-vorbis" }, "ranges": [ { "events": [ { "fixed": "1.24.10" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://gstreamer.freedesktop.org/security/" ], "discovery": "2024-12-03T00:00:00Z", "references": { "cvename": [ "CVE-2024-47538" ] }, "vid": "7f3a302b-b3e8-11ef-b680-4ccc6adda413" }, "details": "The GStreamer Security Center reports:\n\n> Stack buffer-overflow in Vorbis decoder that can cause crashes for\n> certain input files.\n", "id": "FreeBSD-2024-0315", "modified": "2024-12-06T00:00:00Z", "published": "2024-12-06T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://gstreamer.freedesktop.org/security/" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-47538" }, { "type": "WEB", "url": "https://gstreamer.freedesktop.org/security/sa-2024-0022.html" } ], "schema_version": "1.7.0", "summary": "gstreamer1-plugins-vorbis -- Stack buffer-overflow in Vorbis decoder" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "gstreamer1-plugins-opus" }, "ranges": [ { "events": [ { "fixed": "1.24.10" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://gstreamer.freedesktop.org/security/" ], "discovery": "2024-12-03T00:00:00Z", "references": { "cvename": [ "CVE-2024-47607" ] }, "vid": "7d1b4e5d-b3e8-11ef-b680-4ccc6adda413" }, "details": "The GStreamer Security Center reports:\n\n> Stack buffer-overflow in Opus decoder that can cause crashes for\n> certain input files.\n", "id": "FreeBSD-2024-0314", "modified": "2024-12-06T00:00:00Z", "published": "2024-12-06T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://gstreamer.freedesktop.org/security/" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-47607" }, { "type": "WEB", "url": "https://gstreamer.freedesktop.org/security/sa-2024-0024.html" } ], "schema_version": "1.7.0", "summary": "gstreamer1-plugins-opus -- Stack buffer-overflow in Opus decoder" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "gstreamer1-plugins-ogg" }, "ranges": [ { "events": [ { "fixed": "1.24.10" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://gstreamer.freedesktop.org/security/" ], "discovery": "2024-12-03T00:00:00Z", "references": { "cvename": [ "CVE-2024-47615" ] }, "vid": "7b34ddf7-b3e8-11ef-b680-4ccc6adda413" }, "details": "The GStreamer Security Center reports:\n\n> An out-of-bounds write in the Ogg demuxer that can cause crashes for\n> certain input files.\n", "id": "FreeBSD-2024-0313", "modified": "2024-12-06T00:00:00Z", "published": "2024-12-06T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://gstreamer.freedesktop.org/security/" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-47615" }, { "type": "WEB", "url": "https://gstreamer.freedesktop.org/security/sa-2024-0026.html" } ], "schema_version": "1.7.0", "summary": "gstreamer1-plugins-ogg -- Out-of-bounds write in Ogg demuxer" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "gstreamer1-plugins-jpeg" }, "ranges": [ { "events": [ { "fixed": "1.24.10" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://gstreamer.freedesktop.org/security/" ], "discovery": "2024-12-03T00:00:00Z", "references": { "cvename": [ "CVE-2024-47599" ] }, "vid": "7945c543-b3e8-11ef-b680-4ccc6adda413" }, "details": "The GStreamer Security Center reports:\n\n> Insufficient error handling in the JPEG decoder that can lead to\n> NULL-pointer dereferences, and that can cause crashes for certain\n> input files.\n", "id": "FreeBSD-2024-0312", "modified": "2024-12-06T00:00:00Z", "published": "2024-12-06T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://gstreamer.freedesktop.org/security/" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-47599" }, { "type": "WEB", "url": "https://gstreamer.freedesktop.org/security/sa-2024-0016.html" } ], "schema_version": "1.7.0", "summary": "gstreamer1-plugins-jpeg -- NULL-pointer dereferences in JPEG decoder" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "gstreamer1-plugins-gdkpixbuf" }, "ranges": [ { "events": [ { "fixed": "1.24.10" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://gstreamer.freedesktop.org/security/" ], "discovery": "2024-12-03T00:00:00Z", "references": { "cvename": [ "CVE-2024-47613" ] }, "vid": "772d8625-b3e8-11ef-b680-4ccc6adda413" }, "details": "The GStreamer Security Center reports:\n\n> A NULL-pointer dereference in the gdk-pixbuf decoder that can cause\n> crashes for certain input files.\n", "id": "FreeBSD-2024-0311", "modified": "2024-12-06T00:00:00Z", "published": "2024-12-06T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://gstreamer.freedesktop.org/security/" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-47613" }, { "type": "WEB", "url": "https://gstreamer.freedesktop.org/security/sa-2024-0025.html" } ], "schema_version": "1.7.0", "summary": "gstreamer1-plugins-gdkpixbuf -- NULL-pointer dereference" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "gstreamer1-plugins-good" }, "ranges": [ { "events": [ { "fixed": "1.24.10" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://gstreamer.freedesktop.org/security/" ], "discovery": "2024-12-03T00:00:00Z", "references": { "cvename": [ "CVE-2024-47537", "CVE-2024-47598", "CVE-2024-47539", "CVE-2024-47543", "CVE-2024-47545", "CVE-2024-47544", "CVE-2024-47597", "CVE-2024-47546", "CVE-2024-47606", "CVE-2024-47596", "CVE-2024-47540", "CVE-2024-47602", "CVE-2024-47601", "CVE-2024-47603", "CVE-2024-47775", "CVE-2024-47776", "CVE-2024-47777", "CVE-2024-47778", "CVE-2024-47835", "CVE-2024-47834" ] }, "vid": "750ab972-b3e8-11ef-b680-4ccc6adda413" }, "details": "The GStreamer Security Center reports:\n\n> 20 security bugs.\n>\n> - CVE-2024-47537: Integer overflow in MP4/MOV sample table parser\n> leading to out-of-bounds writes\n> - CVE-2024-47598: MP4/MOV sample table parser out-of-bounds read\n> - CVE-2024-47539: MP4/MOV Closed Caption handling out-of-bounds write\n> - CVE-2024-47543: MP4/MOV demuxer out-of-bounds read\n> - CVE-2024-47545: Integer overflow in MP4/MOV demuxer that can result\n> in out-of-bounds read\n> - CVE-2024-47544: NULL-pointer dereferences in MP4/MOV demuxer CENC\n> handling\n> - CVE-2024-47597: Out-of-bounds reads in MP4/MOV demuxer sample table\n> parser\n> - CVE-2024-47546: Integer underflow in MP4/MOV demuxer that can lead\n> to out-of-bounds reads\n> - CVE-2024-47606: Integer overflows in MP4/MOV demuxer and memory\n> allocator that can lead to out-of-bounds writes\n> - CVE-2024-47596: Integer underflow in MP4/MOV demuxer that can lead\n> to out-of-bounds reads\n> - CVE-2024-47540: Usage of uninitialized stack memory in Matroska/WebM\n> demuxer\n> - CVE-2024-47602: NULL-pointer dereferences and out-of-bounds reads in\n> Matroska/WebM demuxer\n> - CVE-2024-47601: NULL-pointer dereference in Matroska/WebM demuxer\n> - CVE-2024-47603: NULL-pointer dereference in Matroska/WebM demuxer\n> - CVE-2024-47775: Out-of-bounds read in WAV parser\n> - CVE-2024-47776: Out-of-bounds read in WAV parser\n> - CVE-2024-47777: Out-of-bounds read in WAV parser\n> - CVE-2024-47778: Out-of-bounds read in WAV parser\n> - CVE-2024-47774: Integer overflow in AVI subtitle parser that leads\n> to out-of-bounds reads\n> - CVE-2024-47834: Use-after-free in Matroska demuxer\n", "id": "FreeBSD-2024-0310", "modified": "2024-12-06T00:00:00Z", "published": "2024-12-06T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://gstreamer.freedesktop.org/security/" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-47537" }, { "type": "WEB", "url": "https://gstreamer.freedesktop.org/security/sa-2024-0005.html" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-47598" }, { "type": "WEB", "url": "https://gstreamer.freedesktop.org/security/sa-2024-0006.html" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-47539" }, { "type": "WEB", "url": "https://gstreamer.freedesktop.org/security/sa-2024-0007.html" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-47543" }, { "type": "WEB", "url": "https://gstreamer.freedesktop.org/security/sa-2024-0009.html" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-47545" }, { "type": "WEB", "url": "https://gstreamer.freedesktop.org/security/sa-2024-0010.html" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-47544" }, { "type": "WEB", "url": "https://gstreamer.freedesktop.org/security/sa-2024-0011.html" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-47597" }, { "type": "WEB", "url": "https://gstreamer.freedesktop.org/security/sa-2024-0012.html" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-47546" }, { "type": "WEB", "url": "https://gstreamer.freedesktop.org/security/sa-2024-0013.html" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-47606" }, { "type": "WEB", "url": "https://gstreamer.freedesktop.org/security/sa-2024-0014.html" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-47596" }, { "type": "WEB", "url": "https://gstreamer.freedesktop.org/security/sa-2024-0015.html" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-47540" }, { "type": "WEB", "url": "https://gstreamer.freedesktop.org/security/sa-2024-0017.html" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-47602" }, { "type": "WEB", "url": "https://gstreamer.freedesktop.org/security/sa-2024-0019.html" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-47601" }, { "type": "WEB", "url": "https://gstreamer.freedesktop.org/security/sa-2024-0020.html" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-47603" }, { "type": "WEB", "url": "https://gstreamer.freedesktop.org/security/sa-2024-0021.html" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-47775" }, { "type": "WEB", "url": "https://gstreamer.freedesktop.org/security/sa-2024-0027.html" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-47776" }, { "type": "WEB", "url": "https://gstreamer.freedesktop.org/security/sa-2024-0027.html" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-47777" }, { "type": "WEB", "url": "https://gstreamer.freedesktop.org/security/sa-2024-0027.html" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-47778" }, { "type": "WEB", "url": "https://gstreamer.freedesktop.org/security/sa-2024-0027.html" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-47835" }, { "type": "WEB", "url": "https://gstreamer.freedesktop.org/security/sa-2024-0028.html" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-47834" }, { "type": "WEB", "url": "https://gstreamer.freedesktop.org/security/sa-2024-0030.html" } ], "schema_version": "1.7.0", "summary": "gstreamer1-plugins-good -- multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "gstreamer1-plugins" }, "ranges": [ { "events": [ { "fixed": "1.24.10" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://gstreamer.freedesktop.org/security/" ], "discovery": "2024-12-03T00:00:00Z", "references": { "cvename": [ "CVE-2024-47542", "CVE-2024-47600", "CVE-2024-47541" ] }, "vid": "7256fae8-b3e8-11ef-b680-4ccc6adda413" }, "details": "The GStreamer Security Center reports:\n\n> 3 security bugs.\n>\n> - CVE-2024-47542: ID3v2 parser out-of-bounds read and NULL-pointer\n> dereference\n> - CVE-2024-47600: Out-of-bounds read in gst-discoverer-1.0 commandline\n> tool\n> - CVE-2024-47541: Out-of-bounds write in SSA subtitle parser\n", "id": "FreeBSD-2024-0309", "modified": "2024-12-06T00:00:00Z", "published": "2024-12-06T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://gstreamer.freedesktop.org/security/" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-47542" }, { "type": "WEB", "url": "https://gstreamer.freedesktop.org/security/sa-2024-0008.html" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-47600" }, { "type": "WEB", "url": "https://gstreamer.freedesktop.org/security/sa-2024-0018.html" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-47541" }, { "type": "WEB", "url": "https://gstreamer.freedesktop.org/security/sa-2024-0023.html" } ], "schema_version": "1.7.0", "summary": "gstreamer1-plugins -- multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "zabbix6-frontend" }, "ranges": [ { "events": [ { "fixed": "6.0.31" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "zabbix64-frontend" }, "ranges": [ { "events": [ { "fixed": "6.4.16" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "zabbix7-frontend" }, "ranges": [ { "events": [ { "fixed": "7.0.0" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://support.zabbix.com/browse/ZBX-25623" ], "discovery": "2024-11-27T00:00:00Z", "references": { "cvename": [ "CVE-2024-42327" ] }, "vid": "f0d33375-b0e0-11ef-a724-b42e991fc52e" }, "details": "security@zabbix.com reports:\n\n> A non-admin user account on the Zabbix frontend with the default User\n> role, or with any other role that gives API access can exploit this\n> vulnerability. An SQLi exists in the CUser class in the\n> addRelatedObjects function, this function is being called from the\n> CUser.get function which is available for every user who has API\n> access.\n", "id": "FreeBSD-2024-0308", "modified": "2024-12-02T00:00:00Z", "published": "2024-12-02T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://support.zabbix.com/browse/ZBX-25623" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-42327" }, { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-42327" } ], "schema_version": "1.7.0", "summary": "zabbix -- SQL injection in user.get API" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "electron33" }, "ranges": [ { "events": [ { "fixed": "33.2.1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://github.com/electron/electron/releases/tag/v33.2.1" ], "discovery": "2024-11-27T00:00:00Z", "references": { "cvename": [ "CVE-2024-11110" ] }, "vid": "8b6e97a9-804e-4366-9f75-d102b22a716d" }, "details": "Electron developers report:\n\n> This update fixes the following vulnerability:\n>\n> - Security: backported fix for CVE-2024-11110.\n", "id": "FreeBSD-2024-0307", "modified": "2024-12-02T00:00:00Z", "published": "2024-12-02T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://github.com/electron/electron/releases/tag/v33.2.1" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-11110" }, { "type": "ADVISORY", "url": "https://github.com/advisories/GHSA-4mww-gp9h-h59m" } ], "schema_version": "1.7.0", "summary": "electron33 -- Inappropriate implementation in Extensions" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "jenkins" }, "ranges": [ { "events": [ { "fixed": "2.487" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "jenkins-lts" }, "ranges": [ { "events": [ { "fixed": "2.479.2" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://www.jenkins.io/security/advisory/2024-11-27/" ], "discovery": "2024-11-27T00:00:00Z", "references": { "cvename": [ "CVE-2024-47855" ] }, "vid": "c5dafd73-adfd-11ef-af27-00e081b7aa2d" }, "details": "Jenkins Security Advisory:\n\n> # Description\n>\n> ##### (High) SECURITY-3463 / CVE-2024-47855\n>\n> Denial of service vulnerability in bundled json-lib\n", "id": "FreeBSD-2024-0306", "modified": "2024-11-29T00:00:00Z", "published": "2024-11-29T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://www.jenkins.io/security/advisory/2024-11-27/" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-47855" }, { "type": "WEB", "url": "https://www.jenkins.io/security/advisory/2024-11-27/" } ], "schema_version": "1.7.0", "summary": "jenkins -- Denial of service vulnerability in bundled json-lib" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "keycloak" }, "ranges": [ { "events": [ { "fixed": "26.0.6" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://www.keycloak.org/2024/11/keycloak-2606-released.html" ], "discovery": "2024-11-22T00:00:00Z", "references": { "cvename": [ "CVE-2021-9666", "CVE-2021-10039", "CVE-2021-10270", "CVE-2021-10451", "CVE-2021-10492" ] }, "vid": "7d7a28cd-7f5a-450a-852f-c49aaab3fa7e" }, "details": "Keycloak reports:\n\n> This update includes 5 security fixes:\n>\n> - CVE-2024-10451: Sensitive Data Exposure in Keycloak Build Process\n> - CVE-2024-10270: Potential Denial of Service\n> - CVE-2024-10492: Keycloak path trasversal\n> - CVE-2024-9666: Keycloak proxy header handling Denial-of-Service\n> (DoS) vulnerability\n> - CVE-2024-10039: Bypassing mTLS validation\n", "id": "FreeBSD-2024-0305", "modified": "2024-11-25T00:00:00Z", "published": "2024-11-25T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://www.keycloak.org/2024/11/keycloak-2606-released.html" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-9666" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-10039" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-10270" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-10451" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-10492" } ], "schema_version": "1.7.0", "summary": "keycloak -- Multiple security fixes" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "gitlab-ce" }, "ranges": [ { "events": [ { "introduced": "17.6.0" }, { "fixed": "17.6.1" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "17.5.0" }, { "fixed": "17.5.3" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "8.12.0" }, { "fixed": "17.4.5" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "gitlab-ee" }, "ranges": [ { "events": [ { "introduced": "17.6.0" }, { "fixed": "17.6.1" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "17.5.0" }, { "fixed": "17.5.3" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "8.12.0" }, { "fixed": "17.4.5" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://about.gitlab.com/releases/2024/11/26/patch-release-gitlab-17-6-1-released/" ], "discovery": "2024-11-26T00:00:00Z", "references": { "cvename": [ "CVE-2024-8114", "CVE-2024-8237", "CVE-2024-11669", "CVE-2024-8177", "CVE-2024-11828", "CVE-2024-11668" ] }, "vid": "2263ea04-ac81-11ef-998c-2cf05da270f3" }, "details": "Gitlab reports:\n\n> Privilege Escalation via LFS Tokens\n>\n> DoS through uncontrolled resource consumption when viewing a\n> maliciously crafted cargo.toml file\n>\n> Unintended Access to Usage Data via Scoped Tokens\n>\n> Gitlab DOS via Harbor registry integration\n>\n> Resource exhaustion and denial of service with test_report API calls\n>\n> Streaming endpoint did not invalidate tokens after revocation\n", "id": "FreeBSD-2024-0304", "modified": "2024-11-27T00:00:00Z", "published": "2024-11-27T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://about.gitlab.com/releases/2024/11/26/patch-release-gitlab-17-6-1-released/" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-8114" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-8237" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-11669" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-8177" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-11828" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-11668" }, { "type": "WEB", "url": "https://about.gitlab.com/releases/2024/11/26/patch-release-gitlab-17-6-1-released/" } ], "schema_version": "1.7.0", "summary": "Gitlab -- vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "chromium" }, "ranges": [ { "events": [ { "fixed": "131.0.6778.85" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "ungoogled-chromium" }, "ranges": [ { "events": [ { "fixed": "131.0.6778.85" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://chromereleases.googleblog.com/2024/11/stable-channel-update-for-desktop_19.html" ], "discovery": "2024-11-19T00:00:00Z", "references": { "cvename": [ "CVE-2024-11395" ] }, "vid": "9dfca0cd-ab09-11ef-8c1c-a8a1599412c6" }, "details": "Chrome Releases reports:\n\n> This update includes 3 security fixes:\n>\n> - \\[377384894\\] High CVE-2024-11395: Type Confusion in V8. Reported by\n> Anonymous on 2024-11-05\n", "id": "FreeBSD-2024-0303", "modified": "2024-11-25T00:00:00Z", "published": "2024-11-25T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://chromereleases.googleblog.com/2024/11/stable-channel-update-for-desktop_19.html" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-11395" }, { "type": "WEB", "url": "https://chromereleases.googleblog.com/2024/11/stable-channel-update-for-desktop_19.html" } ], "schema_version": "1.7.0", "summary": "chromium -- multiple security fixes" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "qt6-webengine" }, "ranges": [ { "events": [ { "fixed": "6.7.3_2" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://code.qt.io/cgit/qt/qtwebengine-chromium.git/log/?h=118-based" ], "discovery": "2024-09-26T00:00:00Z", "references": { "cvename": [ "CVE-2024-9120", "CVE-2024-9122", "CVE-2024-9123", "CVE-2024-9369", "CVE-2024-9602", "CVE-2024-9603", "CVE-2024-9965", "CVE-2024-9966", "CVE-2024-10229", "CVE-2024-10230", "CVE-2024-10231", "CVE-2024-10487", "CVE-2024-10827", "CVE-2024-45490", "CVE-2024-45491", "CVE-2024-45492" ] }, "vid": "889eddee-a964-11ef-b680-4ccc6adda413" }, "details": "Qt qtwebengine-chromium repo reports:\n\n> Backports for 16 security bugs in Chromium:\n>\n> - CVE-2024-9120: Use after free in Dawn\n> - CVE-2024-9122: Type Confusion in V8\n> - CVE-2024-9123: Integer overflow in Skia\n> - CVE-2024-9369: Insufficient data validation in Mojo\n> - CVE-2024-9602: Type confusion in V8\n> - CVE-2024-9603: Type confusion in V8\n> - CVE-2024-9965: Insufficient data validation in DevTools\n> - CVE-2024-9966: Inappropriate implementation in Navigations\n> - CVE-2024-10229: Inappropriate implementation in Extensions\n> - CVE-2024-10230: Type confusion in V8\n> - CVE-2024-10231: Type confusion in V8\n> - CVE-2024-10487: Out of bounds write in Dawn\n> - CVE-2024-10827: Use after free in Serial\n> - CVE-2024-45490: Negative length in libexpat\n> - CVE-2024-45491: Integer overflow in libexpat\n> - CVE-2024-45492: Integer overflow in libexpat\n", "id": "FreeBSD-2024-0302", "modified": "2024-11-23T00:00:00Z", "published": "2024-11-23T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://code.qt.io/cgit/qt/qtwebengine-chromium.git/log/?h=118-based" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-9120" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-9122" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-9123" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-9369" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-9602" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-9603" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-9965" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-9966" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-10229" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-10230" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-10231" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-10487" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-10827" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-45490" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-45491" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-45492" }, { "type": "WEB", "url": "https://code.qt.io/cgit/qt/qtwebengine-chromium.git/log/?h=118-based" } ], "schema_version": "1.7.0", "summary": "qt6-webengine -- Multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "qt5-webengine" }, "ranges": [ { "events": [ { "fixed": "5.15.18p5" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://code.qt.io/cgit/qt/qtwebengine-chromium.git/log/?h=87-based" ], "discovery": "2024-10-24T00:00:00Z", "references": { "cvename": [ "CVE-2024-10827" ] }, "vid": "16e472d5-a8aa-11ef-b680-4ccc6adda413" }, "details": "Qt qtwebengine-chromium repo reports:\n\n> Backports for 1 security bug in Chromium:\n>\n> - CVE-2024-10827: Use after free in Serial\n", "id": "FreeBSD-2024-0301", "modified": "2024-11-22T00:00:00Z", "published": "2024-11-22T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://code.qt.io/cgit/qt/qtwebengine-chromium.git/log/?h=87-based" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-10827" }, { "type": "WEB", "url": "https://code.qt.io/cgit/qt/qtwebengine-chromium.git/log/?h=87-based" } ], "schema_version": "1.7.0", "summary": "qt5-webengine -- Use after free in Serial" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "xorg-server" }, "ranges": [ { "events": [ { "fixed": "21.1.14,1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "xwayland" }, "ranges": [ { "events": [ { "fixed": "24.1.4,1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://lists.x.org/archives/xorg-announce/2024-October/003545.html" ], "discovery": "2024-10-29T00:00:00Z", "references": { "cvename": [ "CVE-2024-9632" ] }, "vid": "141f2a22-a6a7-11ef-b282-0c9d92850f7a" }, "details": "The X.Org project reports:\n\n> - CVE-2024-9632: Heap buffer Heap-based buffer overflow privilege\n> escalation in \\_XkbSetCompatMap\n>\n> The \\_XkbSetCompatMap() function attempts to resize the\n> \\`sym_interpret\\` buffer. However, It didn\\'t update its size\n> properly. It updated \\`num_si\\` only, without updating \\`size_si\\`.\n> This may lead to local privilege escalation if the server is run as\n> root or remote code execution (e.g. x11 over ssh).\n", "id": "FreeBSD-2024-0300", "modified": "2024-11-19T00:00:00Z", "published": "2024-11-19T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://lists.x.org/archives/xorg-announce/2024-October/003545.html" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-9632" }, { "type": "WEB", "url": "https://lists.x.org/archives/xorg-announce/2024-October/003545.html" } ], "schema_version": "1.7.0", "summary": "xorg server -- _XkbSetCompatMap vulnerability" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "mongodb50" }, "ranges": [ { "events": [ { "fixed": "5.0.30" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "mongodb60" }, "ranges": [ { "events": [ { "fixed": "6.0.19" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "mongodb70" }, "ranges": [ { "events": [ { "fixed": "7.0.15" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "mongodb80" }, "ranges": [ { "events": [ { "fixed": "8.0.2" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://jira.mongodb.org/browse/SERVER-96419" ], "discovery": "2024-11-14T00:00:00Z", "references": { "cvename": [ "CVE-2024-10921" ] }, "vid": "28ffa931-a510-11ef-8109-b42e991fc52e" }, "details": "cna@mongodb.com reports:\n\n> An authorized user may trigger crashes or receive the contents of\n> buffer over-reads of Server memory by issuing specially crafted\n> requests that construct malformed BSON in the MongoDB Server.\n", "id": "FreeBSD-2024-0299", "modified": "2024-11-17T00:00:00Z", "published": "2024-11-17T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://jira.mongodb.org/browse/SERVER-96419" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-10921" }, { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-10921" } ], "schema_version": "1.7.0", "summary": "mongodb -- Buffer over-reads in MongoDB Server" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "vaultwarden" }, "ranges": [ { "events": [ { "fixed": "1.32.5" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://github.com/dani-garcia/vaultwarden/releases/tag/1.32.5" ], "discovery": "2024-11-11T00:00:00Z", "vid": "efd4537e-a5e8-11ef-bedb-180373b66b37" }, "details": "The Vaultwarden project reports:\n\n> This release further fixed some CVE Reports reported by a third party\n> security auditor and we recommend everybody to update to the latest\n> version as soon as possible.\n", "id": "FreeBSD-2024-0298", "modified": "2024-11-18T00:00:00Z", "published": "2024-11-18T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://github.com/dani-garcia/vaultwarden/releases/tag/1.32.5" }, { "type": "WEB", "url": "https://github.com/dani-garcia/vaultwarden/releases/tag/1.32.5" } ], "schema_version": "1.7.0", "summary": "Vaultwarden -- Multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "vaultwarden" }, "ranges": [ { "events": [ { "fixed": "1.32.4" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://github.com/dani-garcia/vaultwarden/releases/tag/1.32.4" ], "discovery": "2024-11-10T00:00:00Z", "vid": "aba28514-a414-11ef-98e7-84a93843eb75" }, "details": "The Vaultwarden project reports:\n\n> This release has fixed some CVE Reports reported by a third party\n> security auditor and we recommend everybody to update to the latest\n> version as soon as possible.\n", "id": "FreeBSD-2024-0297", "modified": "2024-11-16T00:00:00Z", "published": "2024-11-16T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://github.com/dani-garcia/vaultwarden/releases/tag/1.32.4" }, { "type": "WEB", "url": "https://github.com/dani-garcia/vaultwarden/releases/tag/1.32.4" } ], "schema_version": "1.7.0", "summary": "Vaultwarden -- Multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "chromium" }, "ranges": [ { "events": [ { "fixed": "131.0.6778.69" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "ungoogled-chromium" }, "ranges": [ { "events": [ { "fixed": "131.0.6778.69" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://chromereleases.googleblog.com/2024/11/stable-channel-update-for-desktop_12.html" ], "discovery": "2024-11-12T00:00:00Z", "references": { "cvename": [ "CVE-2024-11110", "CVE-2024-11111", "CVE-2024-11112", "CVE-2024-11113", "CVE-2024-11114", "CVE-2024-11115", "CVE-2024-11116", "CVE-2024-11117" ] }, "vid": "8fe4f296-a3ec-11ef-8c1c-a8a1599412c6" }, "details": "Chrome Releases reports:\n\n> This update includes 12 security fixes:\n>\n> - \\[373263969\\] High CVE-2024-11110: Inappropriate implementation in\n> Blink. Reported by Vsevolod Kokorin (Slonser) of Solidlab on\n> 2024-10-14\n> - \\[360520331\\] Medium CVE-2024-11111: Inappropriate implementation in\n> Autofill. Reported by Narendra Bhati, Suma Soft Pvt. Ltd - Pune\n> (India) on 2024-08-18\n> - \\[354824998\\] Medium CVE-2024-11112: Use after free in Media.\n> Reported by Nan Wang(@eternalsakura13) and Zhenghang Xiao(@Kipreyyy)\n> of 360 Vulnerability Research Institute on 2024-07-23\n> - \\[360274917\\] Medium CVE-2024-11113: Use after free in\n> Accessibility. Reported by Weipeng Jiang (@Krace) of VRI on\n> 2024-08-16\n> - \\[370856871\\] Medium CVE-2024-11114: Inappropriate implementation in\n> Views. Reported by Micky on 2024-10-02\n> - \\[371929521\\] Medium CVE-2024-11115: Insufficient policy enforcement\n> in Navigation. Reported by mastersplinter on 2024-10-07\n> - \\[40942531\\] Medium CVE-2024-11116: Inappropriate implementation in\n> Paint. Reported by Thomas Orlita on 2023-11-14\n> - \\[40062534\\] Low CVE-2024-11117: Inappropriate implementation in\n> FileSystem. Reported by Ameen Basha M K on 2023-01-06\n", "id": "FreeBSD-2024-0296", "modified": "2024-11-16T00:00:00Z", "published": "2024-11-16T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://chromereleases.googleblog.com/2024/11/stable-channel-update-for-desktop_12.html" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-11110" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-11111" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-11112" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-11113" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-11114" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-11115" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-11116" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-11117" }, { "type": "WEB", "url": "https://chromereleases.googleblog.com/2024/11/stable-channel-update-for-desktop_12.html" } ], "schema_version": "1.7.0", "summary": "chromium -- multiple security fixes" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "electron31" }, "ranges": [ { "events": [ { "fixed": "31.7.5" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "electron32" }, "ranges": [ { "events": [ { "fixed": "32.2.5" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://github.com/electron/electron/releases/tag/v31.7.5" ], "discovery": "2024-11-15T00:00:00Z", "references": { "cvename": [ "CVE-2024-10827", "CVE-2024-11110" ] }, "vid": "773e7eb2-af19-4fc7-be7f-0f6a2523b98b" }, "details": "Electron developers report:\n\n> This update fixes the following vulnerabilities:\n>\n> - Security: backported fix for CVE-2024-10827.\n> - Security: backported fix for CVE-2024-11110.\n", "id": "FreeBSD-2024-0295", "modified": "2024-11-16T00:00:00Z", "published": "2024-11-15T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://github.com/electron/electron/releases/tag/v31.7.5" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-10827" }, { "type": "ADVISORY", "url": "https://github.com/advisories/GHSA-58wv-w3hc-2c76" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-11110" }, { "type": "ADVISORY", "url": "https://github.com/advisories/GHSA-4mww-gp9h-h59m" } ], "schema_version": "1.7.0", "summary": "electron31 -- multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "postgresql17-plperl" }, "ranges": [ { "events": [ { "fixed": "17.1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "postgresql16-plperl" }, "ranges": [ { "events": [ { "fixed": "16.5" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "postgresql15-plperl" }, "ranges": [ { "events": [ { "fixed": "15.9" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "postgresql14-plperl" }, "ranges": [ { "events": [ { "fixed": "14.14" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "postgresql13-plperl" }, "ranges": [ { "events": [ { "fixed": "13.17" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "postgresql12-plperl" }, "ranges": [ { "events": [ { "fixed": "12.21" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://www.postgresql.org/support/security/CVE-2024-10979/" ], "discovery": "2024-11-14T00:00:00Z", "references": { "cvename": [ "CVE-2024-10979" ] }, "vid": "a03636f4-a29f-11ef-af48-6cc21735f730" }, "details": "PostgreSQL project reports:\n\n> Incorrect control of environment variables in PostgreSQL PL/Perl\n> allows an unprivileged database user to change sensitive process\n> environment variables (e.g. PATH). That often suffices to enable\n> arbitrary code execution, even if the attacker lacks a database server\n> operating system user.\n", "id": "FreeBSD-2024-0294", "modified": "2024-11-14T00:00:00Z", "published": "2024-11-14T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://www.postgresql.org/support/security/CVE-2024-10979/" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-10979" }, { "type": "WEB", "url": "https://www.postgresql.org/support/security/CVE-2024-10979/" } ], "schema_version": "1.7.0", "summary": "PostgreSQL -- PL/Perl environment variable changes execute arbitrary code" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "postgresql17-server" }, "ranges": [ { "events": [ { "fixed": "17.1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "postgresql16-server" }, "ranges": [ { "events": [ { "fixed": "16.5" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "postgresql15-server" }, "ranges": [ { "events": [ { "fixed": "15.9" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "postgresql14-server" }, "ranges": [ { "events": [ { "fixed": "14.14" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "postgresql13-server" }, "ranges": [ { "events": [ { "fixed": "13.17" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "postgresql12-server" }, "ranges": [ { "events": [ { "fixed": "12.21" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://www.postgresql.org/support/security/CVE-2024-10978/" ], "discovery": "2024-11-14T00:00:00Z", "references": { "cvename": [ "CVE-2024-10978" ] }, "vid": "12e3feab-a29f-11ef-af48-6cc21735f730" }, "details": "PostgreSQL project reports:\n\n> Incorrect privilege assignment in PostgreSQL allows a less-privileged\n> application user to view or change different rows from those intended.\n> An attack requires the application to use SET ROLE, SET SESSION\n> AUTHORIZATION, or an equivalent feature. The problem arises when an\n> application query uses parameters from the attacker or conveys query\n> results to the attacker. If that query reacts to\n> current_setting(\\'role\\') or the current user ID, it may modify or\n> return data as though the session had not used SET ROLE or SET SESSION\n> AUTHORIZATION. The attacker does not control which incorrect user ID\n> applies. Query text from less-privileged sources is not a concern\n> here, because SET ROLE and SET SESSION AUTHORIZATION are not sandboxes\n> for unvetted queries\n", "id": "FreeBSD-2024-0293", "modified": "2024-11-14T00:00:00Z", "published": "2024-11-14T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://www.postgresql.org/support/security/CVE-2024-10978/" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-10978" }, { "type": "WEB", "url": "https://www.postgresql.org/support/security/CVE-2024-10978/" } ], "schema_version": "1.7.0", "summary": "PostgreSQL -- SET ROLE, SET SESSION AUTHORIZATION reset to wrong user ID" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "postgresql17-client" }, "ranges": [ { "events": [ { "fixed": "17.1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "postgresql16-client" }, "ranges": [ { "events": [ { "fixed": "16.5" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "postgresql15-client" }, "ranges": [ { "events": [ { "fixed": "15.9" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "postgresql14-client" }, "ranges": [ { "events": [ { "fixed": "14.14" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "postgresql13-client" }, "ranges": [ { "events": [ { "fixed": "13.17" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "postgresql12-client" }, "ranges": [ { "events": [ { "fixed": "12.21" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://www.postgresql.org/support/security/CVE-2024-10977/" ], "discovery": "2024-11-14T00:00:00Z", "references": { "cvename": [ "CVE-2024-10977" ] }, "vid": "a61ef21b-a29e-11ef-af48-6cc21735f730" }, "details": "PostgreSQL project reports:\n\n> Client use of server error message in PostgreSQL allows a server not\n> trusted under current SSL or GSS settings to furnish arbitrary non-NUL\n> bytes to the libpq application. For example, a man-in-the-middle\n> attacker could send a long error message that a human or\n> screen-scraper user of psql mistakes for valid query results. This is\n> probably not a concern for clients where the user interface\n> unambiguously indicates the boundary between one error message and\n> other text.\n", "id": "FreeBSD-2024-0292", "modified": "2024-11-14T00:00:00Z", "published": "2024-11-14T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://www.postgresql.org/support/security/CVE-2024-10977/" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-10977" }, { "type": "WEB", "url": "https://www.postgresql.org/support/security/CVE-2024-10977/" } ], "schema_version": "1.7.0", "summary": "PostgreSQL -- libpq retains an error message from man-in-the-middle" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "postgresql17-server" }, "ranges": [ { "events": [ { "fixed": "17.1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "postgresql16-server" }, "ranges": [ { "events": [ { "fixed": "16.5" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "postgresql15-server" }, "ranges": [ { "events": [ { "fixed": "15.9" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "postgresql14-server" }, "ranges": [ { "events": [ { "fixed": "14.14" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "postgresql13-server" }, "ranges": [ { "events": [ { "fixed": "13.17" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "postgresql12-server" }, "ranges": [ { "events": [ { "fixed": "12.21" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://www.postgresql.org/support/security/CVE-2024-10976/" ], "discovery": "2024-11-14T00:00:00Z", "references": { "cvename": [ "CVE-2024-10976" ] }, "vid": "3831292b-a29d-11ef-af48-6cc21735f730" }, "details": "PostgreSQL project reports:\n\n> Incomplete tracking in PostgreSQL of tables with row security allows a\n> reused query to view or change different rows from those intended.\n> CVE-2023-2455 and CVE-2016-2193 fixed most interaction between row\n> security and user ID changes. They missed cases where a subquery, WITH\n> query, security invoker view, or SQL-language function references a\n> table with a row-level security policy. This has the same consequences\n> as the two earlier CVEs. That is to say, it leads to potentially\n> incorrect policies being applied in cases where role-specific policies\n> are used and a given query is planned under one role and then executed\n> under other roles. This scenario can happen under security definer\n> functions or when a common user and query is planned initially and\n> then re-used across multiple SET ROLEs. Applying an incorrect policy\n> may permit a user to complete otherwise-forbidden reads and\n> modifications. This affects only databases that have used CREATE\n> POLICY to define a row security policy. An attacker must tailor an\n> attack to a particular application\\'s pattern of query plan reuse,\n> user ID changes, and role-specific row security policies.\n", "id": "FreeBSD-2024-0291", "modified": "2024-11-14T00:00:00Z", "published": "2024-11-14T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://www.postgresql.org/support/security/CVE-2024-10976/" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-10976" }, { "type": "WEB", "url": "https://www.postgresql.org/support/security/CVE-2024-10976/" } ], "schema_version": "1.7.0", "summary": "PostgreSQL -- PostgreSQL row security below e.g. subqueries disregards user ID changes" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "electron31" }, "ranges": [ { "events": [ { "fixed": "31.7.4" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://github.com/electron/electron/releases/tag/v31.7.4" ], "discovery": "2024-11-12T00:00:00Z", "references": { "cvename": [ "CVE-2024-10231", "CVE-2024-10229", "CVE-2024-10487" ] }, "vid": "6b591e05-971c-4077-8ae4-1310554971b7" }, "details": "Electron developers report:\n\n> This update fixes the following vulnerabilities:\n>\n> - Security: backported fix for CVE-2024-10231.\n> - Security: backported fix for CVE-2024-10229.\n> - Security: backported fix for CVE-2024-10487.\n", "id": "FreeBSD-2024-0290", "modified": "2024-11-14T00:00:00Z", "published": "2024-11-14T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://github.com/electron/electron/releases/tag/v31.7.4" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-10231" }, { "type": "ADVISORY", "url": "https://github.com/advisories/GHSA-3wfx-mj93-vf8v" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-10229" }, { "type": "ADVISORY", "url": "https://github.com/advisories/GHSA-3hjp-j522-245f" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-10487" }, { "type": "ADVISORY", "url": "https://github.com/advisories/GHSA-h72p-7xmw-gpp8" } ], "schema_version": "1.7.0", "summary": "electron31 -- multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "gitlab-ce" }, "ranges": [ { "events": [ { "introduced": "17.5.0" }, { "fixed": "17.5.2" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "17.4.0" }, { "fixed": "17.4.4" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "16.0.0" }, { "fixed": "17.3.7" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "gitlab-ee" }, "ranges": [ { "events": [ { "introduced": "17.5.0" }, { "fixed": "17.5.2" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "17.4.0" }, { "fixed": "17.4.4" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "16.0.0" }, { "fixed": "17.3.7" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://about.gitlab.com/releases/2024/11/13/patch-release-gitlab-17-5-2-released/" ], "discovery": "2024-11-13T00:00:00Z", "references": { "cvename": [ "CVE-2024-9693", "CVE-2024-7404", "CVE-2024-8648", "CVE-2024-8180", "CVE-2024-10240" ] }, "vid": "1eb4d32c-a245-11ef-998c-2cf05da270f3" }, "details": "Gitlab reports:\n\n> Unauthorized access to Kubernetes cluster agent\n>\n> Device OAuth flow allows for cross window forgery\n>\n> Denial of Service by importing malicious crafted FogBugz import\n> payload\n>\n> Stored XSS through javascript URL in Analytics dashboards\n>\n> HTML injection in vulnerability Code flow could lead to XSS on self\n> hosted instances\n>\n> Information disclosure through an API endpoint\n", "id": "FreeBSD-2024-0289", "modified": "2024-11-14T00:00:00Z", "published": "2024-11-14T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://about.gitlab.com/releases/2024/11/13/patch-release-gitlab-17-5-2-released/" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-9693" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-7404" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-8648" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-8180" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-10240" }, { "type": "WEB", "url": "https://about.gitlab.com/releases/2024/11/13/patch-release-gitlab-17-5-2-released/" } ], "schema_version": "1.7.0", "summary": "Gitlab -- vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "FreeBSD" }, "ranges": [ { "events": [ { "introduced": "14.1" }, { "fixed": "14.1_6" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "13.4" }, { "fixed": "13.4_2" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "13.3" }, { "fixed": "13.3_8" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "discovery": "2024-10-29T00:00:00Z", "references": { "cvename": [ "CVE-2024-45289" ], "freebsdsa": [ "SA-24:19.fetch" ] }, "vid": "ce0f52e1-a174-11ef-9a62-002590c1f29c" }, "details": "# Problem Description:\n\nThe fetch(3) library uses environment variables for passing certain\ninformation, including the revocation file pathname. The environment\nvariable name used by fetch(1) to pass the filename to the library was\nincorrect, in effect ignoring the option.\n\n# Impact:\n\nFetch would still connect to a host presenting a certificate included in\nthe revocation file passed to the \\--crl option.\n", "id": "FreeBSD-2024-0288", "modified": "2024-11-13T00:00:00Z", "published": "2024-11-13T00:00:00Z", "references": [ { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-45289" }, { "type": "ADVISORY", "url": "https://www.freebsd.org/security/advisories/FreeBSD-SA-24:19.fetch.asc" } ], "schema_version": "1.7.0", "summary": "FreeBSD -- Certificate revocation list fetch(1) option fails" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:kernel", "name": "FreeBSD-kernel" }, "ranges": [ { "events": [ { "introduced": "14.1" }, { "fixed": "14.1_6" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "13.4" }, { "fixed": "13.4_2" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "13.3" }, { "fixed": "13.3_8" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "discovery": "2024-10-29T00:00:00Z", "references": { "cvename": [ "CVE-2024-39281" ], "freebsdsa": [ "SA-24:18.ctl" ] }, "vid": "8caa5d60-a174-11ef-9a62-002590c1f29c" }, "details": "# Problem Description:\n\nThe command ctl_persistent_reserve_out allows the caller to specify an\narbitrary size which will be passed to the kernel\\'s memory allocator.\n\n# Impact:\n\nA malicious guest could cause a Denial of Service (DoS) on the host.\n", "id": "FreeBSD-2024-0287", "modified": "2024-11-13T00:00:00Z", "published": "2024-11-13T00:00:00Z", "references": [ { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-39281" }, { "type": "ADVISORY", "url": "https://www.freebsd.org/security/advisories/FreeBSD-SA-24:18.ctl.asc" } ], "schema_version": "1.7.0", "summary": "FreeBSD -- Unbounded allocation in ctl(4) CAM Target Layer" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "FreeBSD" }, "ranges": [ { "events": [ { "introduced": "14.1" }, { "fixed": "14.1_6" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "13.4" }, { "fixed": "13.4_2" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "13.3" }, { "fixed": "13.3_8" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "discovery": "2024-10-29T00:00:00Z", "references": { "cvename": [ "CVE-2024-51562", "CVE-2024-51563", "CVE-2024-51564", "CVE-2024-51565", "CVE-2024-51566" ], "freebsdsa": [ "SA-24:17.bhyve" ] }, "vid": "eb5c615d-a173-11ef-9a62-002590c1f29c" }, "details": "# Problem Description:\n\nSeveral vulnerabilities were found in the bhyve hypervisor\\'s device\nmodels.\n\nThe NVMe driver function nvme_opc_get_log_page is vulnerable to a buffer\nover- read from a guest-controlled value. (CVE-2024-51562)\n\nThe virtio_vq_recordon function is subject to a time-of-check to\ntime-of-use (TOCTOU) race condition. (CVE-2024-51563)\n\nA guest can trigger an infinite loop in the hda audio driver.\n(CVE-2024-51564)\n\nThe hda driver is vulnerable to a buffer over-read from a\nguest-controlled value. (CVE-2024-51565)\n\nThe NVMe driver queue processing is vulernable to guest-induced infinite\nloops. (CVE-2024-51566)\n\n# Impact:\n\nMalicious guest virtual machines may be able to perform a denial of\nservice (DoS) of the bhyve host, and may read memory within the bhyve\nprocess that they should not be able to access.\n", "id": "FreeBSD-2024-0286", "modified": "2024-11-13T00:00:00Z", "published": "2024-11-13T00:00:00Z", "references": [ { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-51562" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-51563" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-51564" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-51565" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-51566" }, { "type": "ADVISORY", "url": "https://www.freebsd.org/security/advisories/FreeBSD-SA-24:17.bhyve.asc" } ], "schema_version": "1.7.0", "summary": "FreeBSD -- Multiple issues in the bhyve hypervisor" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "element-web" }, "ranges": [ { "events": [ { "fixed": "1.11.85" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://github.com/element-hq/element-web/security/advisories/GHSA-5486-384g-mcx2", "https://github.com/element-hq/element-web/security/advisories/GHSA-w36j-v56h-q9pc" ], "discovery": "2024-11-12T00:00:00Z", "references": { "cvename": [ "CVE-2024-51749", "CVE-2024-51750" ] }, "vid": "ab4e6f65-a142-11ef-84e9-901b0e9408dc" }, "details": "Element team reports:\n\n> Versions of Element Web and Desktop earlier than 1.11.85 do not check\n> if thumbnails for attachments, stickers and images are coherent. It is\n> possible to add thumbnails to events trigger a file download once\n> clicked.\n\n> A malicious homeserver can send invalid messages over federation which\n> can prevent Element Web and Desktop from rendering single messages or\n> the entire room containing them.\n", "id": "FreeBSD-2024-0285", "modified": "2024-11-12T00:00:00Z", "published": "2024-11-12T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://github.com/element-hq/element-web/security/advisories/GHSA-5486-384g-mcx2" }, { "type": "REPORT", "url": "https://github.com/element-hq/element-web/security/advisories/GHSA-w36j-v56h-q9pc" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-51749" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-51750" }, { "type": "WEB", "url": "https://github.com/element-hq/element-web/security/advisories/GHSA-5486-384g-mcx2" }, { "type": "WEB", "url": "https://github.com/element-hq/element-web/security/advisories/GHSA-w36j-v56h-q9pc" } ], "schema_version": "1.7.0", "summary": "element-web -- several vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "cinny" }, "ranges": [ { "events": [ { "fixed": "4.2.3" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "element-web" }, "ranges": [ { "events": [ { "fixed": "1.11.85" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://github.com/matrix-org/matrix-js-sdk/security/advisories/GHSA-xvg8-m4x3-w6xr" ], "discovery": "2024-11-12T00:00:00Z", "references": { "cvename": [ "CVE-2024-50336" ] }, "vid": "574f7bc9-a141-11ef-84e9-901b0e9408dc" }, "details": "matrix-js-sdk upstream reports:\n\n> matrix-js-sdk before 34.11.0 is vulnerable to client-side path\n> traversal via crafted MXC URIs. A malicious room member can trigger\n> clients based on the matrix-js-sdk to issue arbitrary authenticated\n> GET requests to the client\\'s homeserver.\n", "id": "FreeBSD-2024-0284", "modified": "2024-11-12T00:00:00Z", "published": "2024-11-12T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://github.com/matrix-org/matrix-js-sdk/security/advisories/GHSA-xvg8-m4x3-w6xr" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-50336" }, { "type": "WEB", "url": "https://github.com/matrix-org/matrix-js-sdk/security/advisories/GHSA-xvg8-m4x3-w6xr" } ], "schema_version": "1.7.0", "summary": "Matrix clients -- mxc uri validation in js sdk" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "icinga2" }, "ranges": [ { "events": [ { "fixed": "2.14.3" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://github.com/Icinga/icinga2/commit/0419a2c36de408e9a703aec0962061ec9a285d3c" ], "discovery": "2024-11-12T00:00:00Z", "references": { "cvename": [ "CVE-2024-49369" ] }, "vid": "0a82bc4d-a129-11ef-8351-589cfc0f81b0" }, "details": "The Icinga project reports:\n\n> Icinga is a monitoring system which checks the availability of network\n> resources, notifies users of outages, and generates performance data\n> for reporting. The TLS certificate validation in all Icinga 2 versions\n> starting from 2.4.0 was flawed, allowing an attacker to impersonate\n> both trusted cluster nodes as well as any API users that use TLS\n> client certificates for authentication (ApiUser objects with the\n> client_cn attribute set). This vulnerability has been fixed in\n> v2.14.3, v2.13.10, v2.12.11, and v2.11.12.\n", "id": "FreeBSD-2024-0283", "modified": "2024-11-12T00:00:00Z", "published": "2024-11-12T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://github.com/Icinga/icinga2/commit/0419a2c36de408e9a703aec0962061ec9a285d3c" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-49369" }, { "type": "WEB", "url": "https://icinga.com/blog/2024/11/12/critical-icinga-2-security-releases-2-14-3/" }, { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-49369" } ], "schema_version": "1.7.0", "summary": "icinga2 -- TLS Certificate Validation Bypass" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "cpu-microcode-intel" }, "ranges": [ { "events": [ { "fixed": "20241112" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01101.html", "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01079.html" ], "discovery": "2024-09-10T00:00:00Z", "references": { "cvename": [ "CVE-2024-21853", "CVE-2024-23918", "CVE-2024-21820" ] }, "vid": "33236f80-a11d-11ef-a964-1c697a616631" }, "details": "Intel reports:\n\n> A potential security vulnerability in some 4th and 5th Generation\n> Intel Xeon Processors may allow denial of service. Intel released\n> microcode updates to mitigate this potential vulnerability.\n\n> Potential security vulnerabilities in some Intel Xeon processors using\n> Intel Software Guard Extensions (Intel SGX) may allow escalation of\n> privilege. Intel released firmware updates to mitigate these potential\n> vulnerabilities.\n", "id": "FreeBSD-2024-0282", "modified": "2024-09-10T00:00:00Z", "published": "2024-09-10T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01101.html" }, { "type": "REPORT", "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01079.html" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-21853" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-23918" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-21820" }, { "type": "WEB", "url": "https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/releases/tag/microcode-20241112" } ], "schema_version": "1.7.0", "summary": "Intel CPUs -- multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "x11vnc" }, "ranges": [ { "events": [ { "fixed": "0.9.16_8" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://nvd.nist.gov/vuln/detail/CVE-2020-29074" ], "discovery": "2020-11-18T00:00:00Z", "references": { "cvename": [ "CVE-2020-29074" ] }, "vid": "305ceb2c-9df8-11ef-a660-d85ed309193e" }, "details": "cve@mitre.org reports:\n\n> scan.c in x11vnc 0.9.16 uses IPC_CREAT\\|0777 in shmget calls, which\n> allows access by actors other than the current user.\n", "id": "FreeBSD-2024-0281", "modified": "2024-11-08T00:00:00Z", "published": "2024-11-08T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-29074" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-29074" }, { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-29074" } ], "schema_version": "1.7.0", "summary": "x11vnc -- access to shared memory segments" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "lrzsz" }, "ranges": [ { "events": [ { "fixed": "0.12.20_7" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://nvd.nist.gov/vuln/detail/CVE-2018-10195" ], "discovery": "2018-04-26T00:00:00Z", "references": { "cvename": [ "CVE-2018-10195" ] }, "vid": "adffe51e-9df5-11ef-a660-d85ed309193e" }, "details": "cve@mitre.org reports:\n\n> Lrzsz has an integer overflow vulernability in the src/zm.c:zsdata()\n> function. An attacker could exploit this with the sz command to cause\n> a crash or potentially leak information to the receiving server.\n", "id": "FreeBSD-2024-0280", "modified": "2024-11-08T00:00:00Z", "published": "2024-11-08T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-10195" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-10195" }, { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-10195" } ], "schema_version": "1.7.0", "summary": "lrzsz -- Integer overflow in zmodem, crash and information leak" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "tnef" }, "ranges": [ { "events": [ { "fixed": "1.4.18" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://github.com/verdammelt/tnef/compare/1.4.17...1.4.18" ], "discovery": "2019-11-11T00:00:00Z", "references": { "cvename": [ "CVE-2019-18849" ] }, "vid": "776aaafc-939f-11ef-87ad-a8a15998b5cb" }, "details": "cve@mitre.org reports:\n\n> In tnef before 1.4.18, an attacker may be able to write to the\n> victim\\'s .ssh/authorized_keys file via an e-mail message with a\n> crafted winmail.dat application/ms-tnef attachment, because of a\n> heap-based buffer over-read involving strdup.\n", "id": "FreeBSD-2024-0279", "modified": "2024-10-26T00:00:00Z", "published": "2024-10-26T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://github.com/verdammelt/tnef/compare/1.4.17...1.4.18" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-18849" }, { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-18849" } ], "schema_version": "1.7.0", "summary": "tnef -- An attacker may be able to write to the victim's .ssh/authorized_keys file via an e-mail message" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "tnef" }, "ranges": [ { "events": [ { "last_affected": "1.4.12" }, { "fixed": "1.4.12" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "http://www.debian.org/security/2017/dsa-3798", "http://www.debian.org/security/2017/dsa-3798", "http://www.debian.org/security/2017/dsa-3798", "http://www.debian.org/security/2017/dsa-3798" ], "discovery": "2017-02-24T00:00:00Z", "references": { "cvename": [ "CVE-2017-6307", "CVE-2017-6308", "CVE-2017-6309", "CVE-2017-6310" ] }, "vid": "70cf37c8-939b-11ef-87ad-a8a15998b5cb" }, "details": "cve@mitre.org reports:\n\n> CVE-2017-6307: An issue was discovered in tnef before 1.4.13. Two OOB\n> Writes have been identified in src/mapi_attr.c:mapi_attr_read(). These\n> might lead to invalid read and write operations, controlled by an\n> attacker.\n\n> CVE-2017-6308: An issue was discovered in tnef before 1.4.13. Several\n> Integer Overflows, which can lead to Heap Overflows, have been\n> identified in the functions that wrap memory allocation.\n\n> CVE-2017-6309: An issue was discovered in tnef before 1.4.13. Two type\n> confusions have been identified in the parse_file() function. These\n> might lead to invalid read and write operations, controlled by an\n> attacker.\n\n> CVE-2017-6310: An issue was discovered in tnef before 1.4.13. Four\n> type confusions have been identified in the file_add_mapi_attrs()\n> function. These might lead to invalid read and write operations,\n> controlled by an attacker.\n", "id": "FreeBSD-2024-0278", "modified": "2024-10-26T00:00:00Z", "published": "2024-10-26T00:00:00Z", "references": [ { "type": "REPORT", "url": "http://www.debian.org/security/2017/dsa-3798" }, { "type": "REPORT", "url": "http://www.debian.org/security/2017/dsa-3798" }, { "type": "REPORT", "url": "http://www.debian.org/security/2017/dsa-3798" }, { "type": "REPORT", "url": "http://www.debian.org/security/2017/dsa-3798" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-6307" }, { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-6307" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-6308" }, { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-6308" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-6309" }, { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-6309" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-6310" }, { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-6310" } ], "schema_version": "1.7.0", "summary": "tnef -- Invalid read and write operations, controlled by an attacker" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "electron32" }, "ranges": [ { "events": [ { "fixed": "32.2.3" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://github.com/electron/electron/releases/tag/v32.2.3" ], "discovery": "2024-11-08T00:00:00Z", "references": { "cvename": [ "CVE-2024-10230", "CVE-2024-10231", "CVE-2024-10229", "CVE-2024-10487" ] }, "vid": "96266fc9-1200-43b5-8393-4c51f54bb7bc" }, "details": "Electron developers report:\n\n> This update fixes the following vulnerabilities:\n>\n> - Security: backported fix for CVE-2024-10230.\n> - Security: backported fix for CVE-2024-10231.\n> - Security: backported fix for CVE-2024-10229.\n> - Security: backported fix for CVE-2024-10487.\n", "id": "FreeBSD-2024-0277", "modified": "2024-11-08T00:00:00Z", "published": "2024-11-08T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://github.com/electron/electron/releases/tag/v32.2.3" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-10230" }, { "type": "ADVISORY", "url": "https://github.com/advisories/GHSA-g4gj-m346-585c" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-10231" }, { "type": "ADVISORY", "url": "https://github.com/advisories/GHSA-3wfx-mj93-vf8v" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-10229" }, { "type": "ADVISORY", "url": "https://github.com/advisories/GHSA-3hjp-j522-245f" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-10487" }, { "type": "ADVISORY", "url": "https://github.com/advisories/GHSA-h72p-7xmw-gpp8" } ], "schema_version": "1.7.0", "summary": "electron32 -- multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "gstreamer1-rtsp-server" }, "ranges": [ { "events": [ { "introduced": "1.18.0" }, { "fixed": "1.24.9" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://gstreamer.freedesktop.org/security/sa-2024-0004.html" ], "discovery": "2024-10-29T00:00:00Z", "references": { "cvename": [ "CVE-2024-44331" ] }, "vid": "d48a2224-9b4c-11ef-bdd9-4ccc6adda413" }, "details": "Qingpeng Du reports:\n\n> A series of specially crafted client requests during streaming setup\n> (post client authentication, if any) can cause the RTSP server library\n> to abort, if it has been compiled with assertions enabled.\n", "id": "FreeBSD-2024-0276", "modified": "2024-11-07T00:00:00Z", "published": "2024-11-07T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://gstreamer.freedesktop.org/security/sa-2024-0004.html" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-44331" }, { "type": "WEB", "url": "https://gstreamer.freedesktop.org/security/sa-2024-0004.html" } ], "schema_version": "1.7.0", "summary": "gstreamer1-rtsp-server -- Potential Denial-of-Service (DoS) with specially crafted client requests" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "chromium" }, "ranges": [ { "events": [ { "fixed": "130.0.6723.116" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "ungoogled-chromium" }, "ranges": [ { "events": [ { "fixed": "130.0.6723.116" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://chromereleases.googleblog.com/2024/11/stable-channel-update-for-desktop.html" ], "discovery": "2024-11-05T00:00:00Z", "references": { "cvename": [ "CVE-2024-10826", "CVE-2024-10827" ] }, "vid": "ab254c9d-9c36-11ef-8c1c-a8a1599412c6" }, "details": "Chrome Releases reports:\n\n> This update includes 2 security fixes:\n>\n> - \\[370217726\\] High CVE-2024-10826: Use after free in Family\n> Experiences. Reported by Anonymous on 2024-09-29\n> - \\[375065084\\] High CVE-2024-10827: Use after free in Serial.\n> Reported by Anonymous on 2024-10-23\n", "id": "FreeBSD-2024-0275", "modified": "2024-11-06T00:00:00Z", "published": "2024-11-06T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://chromereleases.googleblog.com/2024/11/stable-channel-update-for-desktop.html" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-10826" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-10827" }, { "type": "WEB", "url": "https://chromereleases.googleblog.com/2024/11/stable-channel-update-for-desktop.html" } ], "schema_version": "1.7.0", "summary": "chromium -- multiple security fixes" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "libqb" }, "ranges": [ { "events": [ { "fixed": "2.0.8" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://github.com/ClusterLabs/libqb/commit/1bbaa929b77113532785c408dd1b41cd0521ffc8" ], "discovery": "2023-08-08T00:00:00Z", "references": { "cvename": [ "CVE-2023-39976" ] }, "vid": "ecf9a798-9aa9-11ef-a8f0-a8a15998b5cb" }, "details": "cve@mitre.org reports:\n\n> log_blackbox.c in libqb before 2.0.8 allows a buffer overflow via long\n> log messages because the header size is not considered.\n", "id": "FreeBSD-2024-0274", "modified": "2024-11-04T00:00:00Z", "published": "2024-11-04T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://github.com/ClusterLabs/libqb/commit/1bbaa929b77113532785c408dd1b41cd0521ffc8" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-39976" }, { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-39976" } ], "schema_version": "1.7.0", "summary": "libqb -- Buffer overflow" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "chromium" }, "ranges": [ { "events": [ { "fixed": "130.0.6723.91" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "ungoogled-chromium" }, "ranges": [ { "events": [ { "fixed": "130.0.6723.91" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://chromereleases.googleblog.com/2024/10/stable-channel-update-for-desktop_29.html" ], "discovery": "2024-10-29T00:00:00Z", "references": { "cvename": [ "CVE-2024-10487", "CVE-2024-10488" ] }, "vid": "e17384ef-c5e8-4b5d-bb62-c13405e7f1f7" }, "details": "Chrome Releases reports:\n\n> This update includes 2 security fixes:\n>\n> - \\[375123371\\] Critical CVE-2024-10487: Out of bounds write in Dawn.\n> Reported by Apple Security Engineering and Architecture (SEAR) on\n> 2024-10-23\n> - \\[374310077\\] High CVE-2024-10488: Use after free in WebRTC.\n> Reported by Cassidy Kim(@cassidy6564) on 2024-10-18\n", "id": "FreeBSD-2024-0273", "modified": "2024-11-02T00:00:00Z", "published": "2024-11-02T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://chromereleases.googleblog.com/2024/10/stable-channel-update-for-desktop_29.html" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-10487" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-10488" }, { "type": "WEB", "url": "https://chromereleases.googleblog.com/2024/10/stable-channel-update-for-desktop_29.html" } ], "schema_version": "1.7.0", "summary": "chromium -- multiple security fixes" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "qt5-webengine" }, "ranges": [ { "events": [ { "fixed": "5.15.18p2" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://code.qt.io/cgit/qt/qtwebengine-chromium.git/log/?h=87-based" ], "discovery": "2024-09-18T00:00:00Z", "references": { "cvename": [ "CVE-2024-4761", "CVE-2024-5158", "CVE-2024-7532", "CVE-2024-7965", "CVE-2024-7967", "CVE-2024-7971", "CVE-2024-8198", "CVE-2024-8636", "CVE-2024-9123", "CVE-2024-9602", "CVE-2024-9603", "CVE-2024-10229", "CVE-2024-45490", "CVE-2024-45491", "CVE-2024-45492" ] }, "vid": "3092668e-97e4-11ef-bdd9-4ccc6adda413" }, "details": "> Backports for 15 security bugs in Chromium:\n>\n> - CVE-2024-4761: Out of bounds write in V8\n> - CVE-2024-5158: Type confusion in V8\n> - CVE-2024-7532: Out of bounds memory access in ANGLE\n> - CVE-2024-7965: Inappropriate implementation in V8\n> - CVE-2024-7967: Heap buffer overflow in Fonts\n> - CVE-2024-7971: Type confusion in V8\n> - CVE-2024-8198: Heap buffer overflow in Skia\n> - CVE-2024-8636: Heap buffer overflow in Skia\n> - CVE-2024-9123: Integer overflow in Skia\n> - CVE-2024-9602: Type confusion in V8\n> - CVE-2024-9603: Type confusion in V8\n> - CVE-2024-10229: Inappropriate implementation in Extensions\n> - CVE-2024-45490: Negative length in libexpat\n> - CVE-2024-45491: Integer overflow in libexpat\n> - CVE-2024-45492: Integer overflow in libexpat\n", "id": "FreeBSD-2024-0272", "modified": "2024-10-31T00:00:00Z", "published": "2024-10-31T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://code.qt.io/cgit/qt/qtwebengine-chromium.git/log/?h=87-based" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-4761" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-5158" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-7532" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-7965" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-7967" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-7971" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-8198" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-8636" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-9123" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-9602" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-9603" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-10229" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-45490" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-45491" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-45492" }, { "type": "WEB", "url": "https://code.qt.io/cgit/qt/qtwebengine-chromium.git/log/?h=87-based" } ], "schema_version": "1.7.0", "summary": "qt5-webengine -- Multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "keycloak" }, "ranges": [ { "events": [ { "fixed": "26.0.4" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://bugzilla.redhat.com/show_bug.cgi?id=2315808" ], "discovery": "2024-10-01T00:00:00Z", "references": { "cvename": [ "CVE-2021-44549" ] }, "vid": "fd538d14-5778-4764-b321-2ddd61a8a58f" }, "details": "Red Hat reports:\n\n> A vulnerability was found in Apache Sling Commons Messaging\n> Mail(angus-mail), which provides a simple interface for sending emails\n> via SMTPS in OSGi, does not offer an option to enable server identity\n> checks, leaving connections vulnerable to \\\"man-in-the-middle\\\"\n> attacks and can allow insecure email communication.\n", "id": "FreeBSD-2024-0271", "modified": "2024-10-31T00:00:00Z", "published": "2024-10-31T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2315808" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-44549" }, { "type": "WEB", "url": "https://www.cve.org/CVERecord?id=CVE-2021-44549" } ], "schema_version": "1.7.0", "summary": "keycloak -- Missing server identity checks when sending mails via SMTPS" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "librewolf" }, "ranges": [ { "events": [ { "fixed": "131.0.3" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://bugzilla.mozilla.org/show_bug.cgi?id=1920381" ], "discovery": "2024-10-14T00:00:00Z", "references": { "cvename": [ "CVE-2024-9936" ] }, "vid": "b73d1f2a-96de-11ef-9e71-00d8612f03c8" }, "details": "security@mozilla.org reports:\n\n> When manipulating the selection node cache, an attacker may have been\n> able to cause unexpected behavior, potentially leading to an\n> exploitable crash. This vulnerability affects Firefox \\< 131.0.3.\n", "id": "FreeBSD-2024-0270", "modified": "2024-10-30T00:00:00Z", "published": "2024-10-30T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1920381" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-9936" }, { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-9936" } ], "schema_version": "1.7.0", "summary": "librewolf -- Undefined behavior in selection node cache" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "hwloc2" }, "ranges": [ { "events": [ { "introduced": "2.1.0" }, { "last_affected": "2.9.2" }, { "fixed": "2.9.2" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://github.com/open-mpi/hwloc/issues/544" ], "discovery": "2023-08-22T00:00:00Z", "references": { "cvename": [ "CVE-2022-47022" ] }, "vid": "4b3a8e7d-9372-11ef-87ad-a8a15998b5cb" }, "details": "cve@mitre.org reports:\n\n> An issue was discovered in open-mpi hwloc 2.1.0 allows attackers to\n> cause a denial of service or other unspecified impacts via\n> glibc-cpuset in topology-linux.c.\n", "id": "FreeBSD-2024-0269", "modified": "2024-10-29T00:00:00Z", "published": "2024-10-29T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://github.com/open-mpi/hwloc/issues/544" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-47022" }, { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-47022" } ], "schema_version": "1.7.0", "summary": "hwloc2 -- Denial of service or other unspecified impacts" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "forgejo" }, "ranges": [ { "events": [ { "fixed": "9.0.1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "forgejo7" }, "ranges": [ { "events": [ { "fixed": "7.0.10" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "discovery": "2024-10-28T00:00:00Z", "vid": "f07c8f87-8e65-11ef-81b8-659bf0027d16" }, "details": "# Problem Description:\n\n- Forgejo generates a token which is used to authenticate web endpoints\n that are only meant to be used internally, for instance when the SSH\n daemon is used to push a commit with Git. The verification of this\n token was not done in constant time and was susceptible to timing\n attacks. A pre-condition for such an attack is the precise\n measurements of the time for each operation. Since it requires\n observing the timing of network operations, the issue is mitigated\n when a Forgejo instance is accessed over the internet because the ISP\n introduce unpredictable random delays.\n- Because of a missing permission check, the branch used to propose a\n pull request to a repository can always be deleted by the user\n performing the merge. It was fixed so that such a deletion is only\n allowed if the user performing the merge has write permission to the\n repository from which the pull request was made.\n", "id": "FreeBSD-2024-0268", "modified": "2024-10-29T00:00:00Z", "published": "2024-10-29T00:00:00Z", "references": [ { "type": "WEB", "url": "https://codeberg.org/forgejo/forgejo/milestone/8544" }, { "type": "WEB", "url": "https://codeberg.org/forgejo/forgejo/pulls/5719" }, { "type": "WEB", "url": "https://codeberg.org/forgejo/forgejo/pulls/5718" } ], "schema_version": "1.7.0", "summary": "forgejo -- multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "chromium" }, "ranges": [ { "events": [ { "fixed": "130.0.6723.69" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "ungoogled-chromium" }, "ranges": [ { "events": [ { "fixed": "130.0.6723.69" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://chromereleases.googleblog.com/2024/10/stable-channel-update-for-desktop_22.html" ], "discovery": "2024-10-22T00:00:00Z", "references": { "cvename": [ "CVE-2024-10229", "CVE-2024-10230", "CVE-2024-10231" ] }, "vid": "fafaef4d-f364-4a07-bbdd-bf53448c593c" }, "details": "Chrome Releases reports:\n\n> This update includes 3 security fixes:\n>\n> - \\[371011220\\] High CVE-2024-10229: Inappropriate implementation in\n> Extensions. Reported by Vsevolod Kokorin (Slonser) of Solidlab on\n> 2024-10-02\n> - \\[371565065\\] High CVE-2024-10230: Type Confusion in V8. Reported by\n> Seunghyun Lee (@0x10n) on 2024-10-05\n> - \\[372269618\\] High CVE-2024-10231: Type Confusion in V8. Reported by\n> Seunghyun Lee (@0x10n) on 2024-10-09\n", "id": "FreeBSD-2024-0267", "modified": "2024-10-26T00:00:00Z", "published": "2024-10-26T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://chromereleases.googleblog.com/2024/10/stable-channel-update-for-desktop_22.html" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-10229" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-10230" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-10231" }, { "type": "WEB", "url": "https://chromereleases.googleblog.com/2024/10/stable-channel-update-for-desktop_22.html" } ], "schema_version": "1.7.0", "summary": "chromium -- multiple security fixes" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "chromium" }, "ranges": [ { "events": [ { "fixed": "130.0.6723.58" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "ungoogled-chromium" }, "ranges": [ { "events": [ { "fixed": "130.0.6723.58" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://chromereleases.googleblog.com/2024/10/stable-channel-update-for-desktop_15.html" ], "discovery": "2024-10-15T00:00:00Z", "references": { "cvename": [ "CVE-2024-9954", "CVE-2024-9955", "CVE-2024-9956", "CVE-2024-9957", "CVE-2024-9958", "CVE-2024-9959", "CVE-2024-9960", "CVE-2024-9961", "CVE-2024-9962", "CVE-2024-9963", "CVE-2024-9964", "CVE-2024-9965", "CVE-2024-9966" ] }, "vid": "1e71e366-080b-4e8f-a9e6-150bf698186b" }, "details": "Chrome Releases reports:\n\n> This update includes 17 security fixes:\n>\n> - \\[367755363\\] High CVE-2024-9954: Use after free in AI. Reported by\n> DarkNavy on 2024-09-18\n> - \\[370133761\\] Medium CVE-2024-9955: Use after free in Web\n> Authentication. Reported by anonymous on 2024-09-29\n> - \\[370482421\\] Medium CVE-2024-9956: Inappropriate implementation in\n> Web Authentication. Reported by mastersplinter on 2024-09-30\n> - \\[358151317\\] Medium CVE-2024-9957: Use after free in UI. Reported\n> by lime(@limeSec\\_) and fmyy(@binary_fmyy) From TIANGONG Team of\n> Legendsec at QI-ANXIN Group on 2024-08-08\n> - \\[40076120\\] Medium CVE-2024-9958: Inappropriate implementation in\n> PictureInPicture. Reported by Lyra Rebane (rebane2001) on 2023-11-02\n> - \\[368672129\\] Medium CVE-2024-9959: Use after free in DevTools.\n> Reported by Sakana.S on 2024-09-21\n> - \\[354748063\\] Medium CVE-2024-9960: Use after free in Dawn. Reported\n> by Anonymous on 2024-07-23\n> - \\[357776197\\] Medium CVE-2024-9961: Use after free in Parcel\n> Tracking. Reported by lime(@limeSec\\_) and fmyy(@binary_fmyy) From\n> TIANGONG Team of Legendsec at QI-ANXIN Group on 2024-08-06\n> - \\[364508693\\] Medium CVE-2024-9962: Inappropriate implementation in\n> Permissions. Reported by Shaheen Fazim on 2024-09-04\n> - \\[328278718\\] Medium CVE-2024-9963: Insufficient data validation in\n> Downloads. Reported by Anonymous on 2024-03-06\n> - \\[361711121\\] Low CVE-2024-9964: Inappropriate implementation in\n> Payments. Reported by Hafiizh on 2024-08-23\n> - \\[352651673\\] Low CVE-2024-9965: Insufficient data validation in\n> DevTools. Reported by Shaheen Fazim on 2024-07-12\n> - \\[364773822\\] Low CVE-2024-9966: Inappropriate implementation in\n> Navigations. Reported by Harry Chen on 2024-09-05\n", "id": "FreeBSD-2024-0266", "modified": "2024-10-26T00:00:00Z", "published": "2024-10-26T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://chromereleases.googleblog.com/2024/10/stable-channel-update-for-desktop_15.html" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-9954" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-9955" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-9956" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-9957" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-9958" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-9959" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-9960" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-9961" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-9962" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-9963" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-9964" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-9965" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-9966" }, { "type": "WEB", "url": "https://chromereleases.googleblog.com/2024/10/stable-channel-update-for-desktop_15.html" } ], "schema_version": "1.7.0", "summary": "chromium -- multiple security fixes" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "halibut" }, "ranges": [ { "events": [ { "introduced": "1.2" }, { "last_affected": "1.2" }, { "fixed": "1.2" } ], "type": "ECOSYSTEM" } ], "versions": [ "1.2" ] } ], "database_specific": { "cite": [ "https://carteryagemann.com/halibut-case-study.html#poc-halibut-text-uaf", "https://carteryagemann.com/halibut-case-study.html#poc-halibut-winhelp-df", "https://carteryagemann.com/halibut-case-study.html#poc-halibut-info-uaf" ], "discovery": "2022-05-24T00:00:00Z", "references": { "cvename": [ "CVE-2021-42612", "CVE-2021-42613", "CVE-2021-42614" ] }, "vid": "3152a474-9390-11ef-87ad-a8a15998b5cb" }, "details": "cve@mitre.org reports:\n\n> CVE-2021-42612: A use after free in cleanup_index in index.c in\n> Halibut 1.2 allows an attacker to cause a segmentation fault or\n> possibly have other unspecified impact via a crafted text document.\n\n> CVE-2021-42613: A double free in cleanup_index in index.c in Halibut\n> 1.2 allows an attacker to cause a denial of service or possibly have\n> other unspecified impact via a crafted text document.\n\n> CVE-2021-42614: A use after free in info_width_internal in bk_info.c\n> in Halibut 1.2 allows an attacker to cause a segmentation fault or\n> possibly have unspecified other impact via a crafted text document.\n", "id": "FreeBSD-2024-0265", "modified": "2024-10-26T00:00:00Z", "published": "2024-10-26T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://carteryagemann.com/halibut-case-study.html#poc-halibut-text-uaf" }, { "type": "REPORT", "url": "https://carteryagemann.com/halibut-case-study.html#poc-halibut-winhelp-df" }, { "type": "REPORT", "url": "https://carteryagemann.com/halibut-case-study.html#poc-halibut-info-uaf" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-42612" }, { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-42612" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-42613" }, { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-42613" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-42614" }, { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-42614" } ], "schema_version": "1.7.0", "summary": "halibut -- Segmentation fault, denial of service or possibly other unspecified impact via a crafted text document" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "electron31" }, "ranges": [ { "events": [ { "fixed": "31.7.2" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://github.com/electron/electron/releases/tag/v31.7.2" ], "discovery": "2024-10-24T00:00:00Z", "references": { "cvename": [ "CVE-2024-9121", "CVE-2024-9122", "CVE-2024-7025", "CVE-2024-9369", "CVE-2024-7965", "CVE-2024-7966", "CVE-2024-7967", "CVE-2024-8198", "CVE-2024-8193", "CVE-2024-7969", "CVE-2024-7970", "CVE-2024-8362", "CVE-2024-8636", "CVE-2024-9123", "CVE-2024-9120" ] }, "vid": "fcb0e00f-d7d3-49b6-a4a1-852528230912" }, "details": "Electron developers report:\n\n> This update fixes the following vulnerabilities:\n>\n> - Security: backported fix for CVE-2024-9121.\n> - Security: backported fix for CVE-2024-9122.\n> - Security: backported fix for CVE-2024-7025.\n> - Security: backported fix for CVE-2024-9369.\n> - Security: backported fix for CVE-2024-7965.\n> - Security: backported fix for CVE-2024-7966.\n> - Security: backported fix for CVE-2024-7967.\n> - Security: backported fix for CVE-2024-8198.\n> - Security: backported fix for CVE-2024-8193.\n> - Security: backported fix for CVE-2024-7969.\n> - Security: backported fix for CVE-2024-7970.\n> - Security: backported fix for CVE-2024-8362.\n> - Security: backported fix for CVE-2024-8636.\n> - Security: backported fix for CVE-2024-9123.\n> - Security: backported fix for CVE-2024-9120.\n", "id": "FreeBSD-2024-0264", "modified": "2024-10-24T00:00:00Z", "published": "2024-10-24T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://github.com/electron/electron/releases/tag/v31.7.2" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-9121" }, { "type": "ADVISORY", "url": "https://github.com/advisories/GHSA-qcr8-x9j3-5j62" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-9122" }, { "type": "ADVISORY", "url": "https://github.com/advisories/GHSA-4fw3-822r-pqw6" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-7025" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-9369" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-7965" }, { "type": "ADVISORY", "url": "https://github.com/advisories/GHSA-x38q-hvmx-rwhg" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-7966" }, { "type": "ADVISORY", "url": "https://github.com/advisories/GHSA-4pj3-wmgx-2h8r" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-7967" }, { "type": "ADVISORY", "url": "https://github.com/advisories/GHSA-57cq-jgq2-x7vg" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-8198" }, { "type": "ADVISORY", "url": "https://github.com/advisories/GHSA-76vg-grjj-w595" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-8193" }, { "type": "ADVISORY", "url": "https://github.com/advisories/GHSA-5q6v-fp9h-6rjg" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-7969" }, { "type": "ADVISORY", "url": "https://github.com/advisories/GHSA-p8h7-64p8-w5pq" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-7970" }, { "type": "ADVISORY", "url": "https://github.com/advisories/GHSA-4c4w-77f9-v9mq" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-8362" }, { "type": "ADVISORY", "url": "https://github.com/advisories/GHSA-rw7g-4966-p363" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-8636" }, { "type": "ADVISORY", "url": "https://github.com/advisories/GHSA-r6cg-gw4p-5gmj" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-9123" }, { "type": "ADVISORY", "url": "https://github.com/advisories/GHSA-xwv3-34j2-7jgx" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-9120" }, { "type": "ADVISORY", "url": "https://github.com/advisories/GHSA-xh87-v57g-jhpw" } ], "schema_version": "1.7.0", "summary": "electron31 -- multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "gitlab-ce" }, "ranges": [ { "events": [ { "introduced": "17.5.0" }, { "fixed": "17.5.1" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "17.4.0" }, { "fixed": "17.4.3" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "11.2.0" }, { "fixed": "17.3.6" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "gitlab-ee" }, "ranges": [ { "events": [ { "introduced": "17.5.0" }, { "fixed": "17.5.1" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "17.4.0" }, { "fixed": "17.4.3" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "11.2.0" }, { "fixed": "17.3.6" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://about.gitlab.com/releases/2024/10/23/patch-release-gitlab-17-5-1-released/" ], "discovery": "2024-10-23T00:00:00Z", "references": { "cvename": [ "CVE-2024-8312", "CVE-2024-6826" ] }, "vid": "78e6c113-91c1-11ef-a904-2cf05da270f3" }, "details": "Gitlab reports:\n\n> HTML injection in Global Search may lead to XSS\n>\n> DoS via XML manifest file import\n", "id": "FreeBSD-2024-0263", "modified": "2024-10-24T00:00:00Z", "published": "2024-10-24T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://about.gitlab.com/releases/2024/10/23/patch-release-gitlab-17-5-1-released/" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-8312" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-6826" }, { "type": "WEB", "url": "https://about.gitlab.com/releases/2024/10/23/patch-release-gitlab-17-5-1-released/" } ], "schema_version": "1.7.0", "summary": "Gitlab -- vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "electron32" }, "ranges": [ { "events": [ { "fixed": "32.2.2" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://github.com/electron/electron/releases/tag/v32.2.2" ], "discovery": "2024-10-23T00:00:00Z", "references": { "cvename": [ "CVE-2024-7966", "CVE-2024-9370" ] }, "vid": "cc068959-ce2b-42eb-81ed-055551fe0e51" }, "details": "Electron developers report:\n\n> This update fixes the following vulnerabilities:\n>\n> - Security: backported fix for CVE-2024-7966.\n> - Security: backported fix for CVE-2024-9370.\n", "id": "FreeBSD-2024-0262", "modified": "2024-10-23T00:00:00Z", "published": "2024-10-23T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://github.com/electron/electron/releases/tag/v32.2.2" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-7966" }, { "type": "ADVISORY", "url": "https://github.com/advisories/GHSA-4pj3-wmgx-2h8r" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-9370" } ], "schema_version": "1.7.0", "summary": "electron32 -- multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "oauth2-proxy" }, "ranges": [ { "events": [ { "fixed": "7.7.0" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://github.com/oauth2-proxy/oauth2-proxy/releases/tag/v7.7.0" ], "discovery": "2024-10-02T00:00:00Z", "references": { "cvename": [ "CVE-2024-24786", "CVE-2024-24791", "CVE-2024-24790", "CVE-2024-24784", "CVE-2024-28180", "CVE-2024-45288" ] }, "vid": "dbe8c5bd-8d3f-11ef-8d2e-a04a5edf46d9" }, "details": "The oauth2-proxy project reports:\n\n> Vulnerabilities have been addressed:\n>\n> - CVE-2024-24786\n> - CVE-2024-24791\n> - CVE-2024-24790\n> - CVE-2024-24784\n> - CVE-2024-28180\n> - CVE-2023-45288\n", "id": "FreeBSD-2024-0261", "modified": "2024-10-18T00:00:00Z", "published": "2024-10-18T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://github.com/oauth2-proxy/oauth2-proxy/releases/tag/v7.7.0" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-24786" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-24791" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-24790" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-24784" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-28180" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-45288" }, { "type": "WEB", "url": "https://github.com/oauth2-proxy/oauth2-proxy/releases/tag/v7.7.0" } ], "schema_version": "1.7.0", "summary": "oauth2-proxy -- multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "openssl" }, "ranges": [ { "events": [ { "fixed": "3.0.15_1,1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "openssl31" }, "ranges": [ { "events": [ { "fixed": "3.1.7_1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "openssl32" }, "ranges": [ { "events": [ { "fixed": "3.2.3_1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "openssl33" }, "ranges": [ { "events": [ { "fixed": "3.3.2_1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "openssl-quictls" }, "ranges": [ { "events": [ { "fixed": "3.0.15_1,1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "openssl31-quictls" }, "ranges": [ { "events": [ { "fixed": "3.1.7_1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://openssl-library.org/news/secadv/20241016.txt" ], "discovery": "2024-10-16T00:00:00Z", "references": { "cvename": [ "CVE-2024-9143" ] }, "vid": "c6f4177c-8e29-11ef-98e7-84a93843eb75" }, "details": "The OpenSSL project reports:\n\n> Low-level invalid GF(2\\^m) parameters lead to OOB memory access\n> (CVE-2024-9143) (Low)\n>\n> Use of the low-level GF(2\\^m) elliptic curve APIs with untrusted\n> explicit values for the field polynomial can lead to out-of-bounds\n> memory reads or writes.\n", "id": "FreeBSD-2024-0260", "modified": "2024-10-19T00:00:00Z", "published": "2024-10-19T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://openssl-library.org/news/secadv/20241016.txt" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-9143" }, { "type": "WEB", "url": "https://openssl-library.org/news/secadv/20241016.txt" } ], "schema_version": "1.7.0", "summary": "OpenSSL -- OOB memory access vulnerability" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "electron31" }, "ranges": [ { "events": [ { "fixed": "31.7.1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "electron32" }, "ranges": [ { "events": [ { "fixed": "32.2.1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://github.com/electron/electron/releases/tag/v31.7.1" ], "discovery": "2024-10-16T00:00:00Z", "references": { "cvename": [ "CVE-2024-9602", "CVE-2024-9603" ] }, "vid": "815bf172-ab9e-4c4b-9662-d18b0054330d" }, "details": "Electron developers report:\n\n> This update fixes the following vulnerabilities:\n>\n> - Security: backported fix for CVE-2024-9602.\n> - Security: backported fix for CVE-2024-9603.\n", "id": "FreeBSD-2024-0259", "modified": "2024-10-18T00:00:00Z", "published": "2024-10-18T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://github.com/electron/electron/releases/tag/v31.7.1" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-9602" }, { "type": "ADVISORY", "url": "https://github.com/advisories/GHSA-4v8q-vp3v-vvxh" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-9603" }, { "type": "ADVISORY", "url": "https://github.com/advisories/GHSA-92m3-m5pw-p2x9" } ], "schema_version": "1.7.0", "summary": "electron{31,32} -- multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "element-web" }, "ranges": [ { "events": [ { "introduced": "1.11.70" }, { "fixed": "1.11.81" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://github.com/element-hq/element-web/security/advisories/GHSA-3jm3-x98c-r34x" ], "discovery": "2024-10-15T00:00:00Z", "references": { "cvename": [ "CVE-2024-47779" ] }, "vid": "851ce3e4-8b03-11ef-84e9-901b0e9408dc" }, "details": "Element team reports:\n\n> Element Web versions 1.11.70 through 1.11.80 contain a vulnerability\n> which can, under specially crafted conditions, lead to the access\n> token becoming exposed to third parties. At least one vector has been\n> identified internally, involving malicious widgets, but other vectors\n> may exist. Users are strongly advised to upgrade to version 1.11.81 to\n> remediate the issue.\n", "id": "FreeBSD-2024-0258", "modified": "2024-10-15T00:00:00Z", "published": "2024-10-15T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://github.com/element-hq/element-web/security/advisories/GHSA-3jm3-x98c-r34x" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-47779" }, { "type": "WEB", "url": "https://github.com/element-hq/element-web/security/advisories/GHSA-3jm3-x98c-r34x" } ], "schema_version": "1.7.0", "summary": "element-web -- Potential exposure of access token via authenticated media" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "vscode" }, "ranges": [ { "events": [ { "fixed": "1.94.1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://github.com/microsoft/vscode/security/advisories/GHSA-g56j-w527-8x6f" ], "discovery": "2024-10-08T00:00:00Z", "references": { "cvename": [ "CVE-2024-43601" ] }, "vid": "64e299b6-d12b-4a7a-a94f-ab133703925a" }, "details": "VSCode developers report:\n\n> Visual Studio Code for Linux Remote Code Execution Vulnerability\n>\n> A remote code execution vulnerability exists in VS Code 1.94.0 and\n> earlier versions in the elevated save flow.\n", "id": "FreeBSD-2024-0257", "modified": "2024-10-11T00:00:00Z", "published": "2024-10-11T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://github.com/microsoft/vscode/security/advisories/GHSA-g56j-w527-8x6f" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-43601" }, { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-43601" }, { "type": "WEB", "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43601" } ], "schema_version": "1.7.0", "summary": "vscode -- Visual Studio Code for Linux Remote Code Execution Vulnerability" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "firefox" }, "ranges": [ { "events": [ { "fixed": "131.0.2,2" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "firefox-esr" }, "ranges": [ { "events": [ { "fixed": "128.3.1,1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://bugzilla.mozilla.org/show_bug.cgi?id=1923344" ], "discovery": "2024-10-09T00:00:00Z", "references": { "cvename": [ "CVE-2024-9680" ] }, "vid": "2fb13238-872d-11ef-bd1e-b42e991fc52e" }, "details": "security@mozilla.org reports:\n\n> An attacker was able to achieve code execution in the content process\n> by exploiting a use-after-free in Animation timelines. We have had\n> reports of this vulnerability being exploited in the wild.\n", "id": "FreeBSD-2024-0256", "modified": "2024-10-10T00:00:00Z", "published": "2024-10-10T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1923344" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-9680" }, { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-9680" } ], "schema_version": "1.7.0", "summary": "firefox -- use-after-free code execution" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "gitlab-ce" }, "ranges": [ { "events": [ { "introduced": "17.4.0" }, { "fixed": "17.4.2" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "17.3.0" }, { "fixed": "17.3.5" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "8.16" }, { "fixed": "17.2.9" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "gitlab-ee" }, "ranges": [ { "events": [ { "introduced": "17.4.0" }, { "fixed": "17.4.2" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "17.3.0" }, { "fixed": "17.3.5" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "8.16" }, { "fixed": "17.2.9" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://about.gitlab.com/releases/2024/10/09/patch-release-gitlab-17-4-2-released/" ], "discovery": "2024-10-09T00:00:00Z", "references": { "cvename": [ "CVE-2024-9164", "CVE-2024-8970", "CVE-2024-8977", "CVE-2024-9631", "CVE-2024-6530", "CVE-2024-9623", "CVE-2024-5005", "CVE-2024-9596" ] }, "vid": "cc1ac01e-86b0-11ef-9369-2cf05da270f3" }, "details": "Gitlab reports:\n\n> Run pipelines on arbitrary branches\n>\n> An attacker can impersonate arbitrary user\n>\n> SSRF in Analytics Dashboard\n>\n> Viewing diffs of MR with conflicts can be slow\n>\n> HTMLi in OAuth page\n>\n> Deploy Keys can push changes to an archived repository\n>\n> Guests can disclose project templates\n>\n> GitLab instance version disclosed to unauthorized users\n", "id": "FreeBSD-2024-0255", "modified": "2024-10-10T00:00:00Z", "published": "2024-10-10T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://about.gitlab.com/releases/2024/10/09/patch-release-gitlab-17-4-2-released/" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-9164" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-8970" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-8977" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-9631" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-6530" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-9623" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-5005" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-9596" }, { "type": "WEB", "url": "https://about.gitlab.com/releases/2024/10/09/patch-release-gitlab-17-4-2-released/" } ], "schema_version": "1.7.0", "summary": "Gitlab -- vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "gitea" }, "ranges": [ { "events": [ { "fixed": "1.22.3" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "discovery": "2024-10-06T00:00:00Z", "vid": "79b1f4ee-860a-11ef-b2dc-cbccbf25b7ea" }, "details": "# Problem Description:\n\n- Fix bug when a token is given public only\n", "id": "FreeBSD-2024-0254", "modified": "2024-10-09T00:00:00Z", "published": "2024-10-09T00:00:00Z", "references": [ { "type": "WEB", "url": "https://github.com/go-gitea/gitea/pull/32204" } ], "schema_version": "1.7.0", "summary": "gitea -- token missing access control for packages" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "powerdns-recursor" }, "ranges": [ { "events": [ { "fixed": "5.1.2" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://blog.powerdns.com/2024/10/03/powerdns-recursor-4-9-9-5-0-9-5-1-2-released" ], "discovery": "2024-10-03T00:00:00Z", "references": { "cvename": [ "CVE-2024-25590" ] }, "vid": "8727b513-855b-11ef-9e50-6805ca2fa271" }, "details": "PowerDNS Team reports:\n\n> PowerDNS Security Advisory 2024-04: Crafted responses can lead to a\n> denial of service due to cache inefficiencies in the Recursor\n", "id": "FreeBSD-2024-0253", "modified": "2024-10-09T00:00:00Z", "published": "2024-10-09T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://blog.powerdns.com/2024/10/03/powerdns-recursor-4-9-9-5-0-9-5-1-2-released" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-25590" }, { "type": "WEB", "url": "https://doc.powerdns.com/recursor/security-advisories/powerdns-advisory-2024-04.html" } ], "schema_version": "1.7.0", "summary": "powerdns-recursor -- denial of service" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "chromium" }, "ranges": [ { "events": [ { "fixed": "129.0.6668.100" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "ungoogled-chromium" }, "ranges": [ { "events": [ { "fixed": "129.0.6668.100" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://chromereleases.googleblog.com/2024/10/stable-channel-update-for-desktop_8.html" ], "discovery": "2024-10-08T00:00:00Z", "references": { "cvename": [ "CVE-2024-9602", "CVE-2024-9603" ] }, "vid": "7217f6e8-3ff4-4387-845d-d1744bb7f95e" }, "details": "Chrome Releases reports:\n\n> This update includes 3 security fixes:\n>\n> - \\[368241697\\] High CVE-2024-9602: Type Confusion in V8. Reported by\n> Seunghyun Lee (@0x10n) on 2024-09-20\n> - \\[367818758\\] High CVE-2024-9603: Type Confusion in V8. Reported by\n> \\@WeShotTheMoon and \\@Nguyen Hoang Thach of starlabs on 2024-09-18\n", "id": "FreeBSD-2024-0252", "modified": "2024-10-09T00:00:00Z", "published": "2024-10-09T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://chromereleases.googleblog.com/2024/10/stable-channel-update-for-desktop_8.html" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-9602" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-9603" }, { "type": "WEB", "url": "https://chromereleases.googleblog.com/2024/10/stable-channel-update-for-desktop_8.html" } ], "schema_version": "1.7.0", "summary": "chromium -- multiple security fixes" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "chromium" }, "ranges": [ { "events": [ { "fixed": "129.0.6668.89" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "ungoogled-chromium" }, "ranges": [ { "events": [ { "fixed": "129.0.6668.89" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://chromereleases.googleblog.com/2024/10/stable-channel-update-for-desktop.html" ], "discovery": "2024-10-01T00:00:00Z", "references": { "cvename": [ "CVE-2024-7025", "CVE-2024-9369", "CVE-2024-9370" ] }, "vid": "83117378-f773-4617-bf74-477d569dcd74" }, "details": "Chrome Releases reports:\n\n> This update includes 4 security fixes:\n>\n> - \\[367764861\\] High CVE-2024-7025: Integer overflow in Layout.\n> Reported by Tashita Software Security on 2024-09-18\n> - \\[368208152\\] High CVE-2024-9369: Insufficient data validation in\n> Mojo. Reported by Xiantong Hou and Pisanbao of Wuheng Lab on\n> 2024-09-19\n> - \\[368311899\\] High CVE-2024-9370: Inappropriate implementation in\n> V8. Reported by Nguy\u1ec5n Ho\u00e0ng Th\u1ea1ch, \u0110\u1ed7 Minh Tu\u1ea5n, and Wu JinLin of\n> STAR Labs SG Pte. Ltd. on 2024-09-19\n", "id": "FreeBSD-2024-0251", "modified": "2024-10-09T00:00:00Z", "published": "2024-10-09T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://chromereleases.googleblog.com/2024/10/stable-channel-update-for-desktop.html" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-7025" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-9369" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-9370" }, { "type": "WEB", "url": "https://chromereleases.googleblog.com/2024/10/stable-channel-update-for-desktop.html" } ], "schema_version": "1.7.0", "summary": "chromium -- multiple security fixes" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "unbound" }, "ranges": [ { "events": [ { "fixed": "1.21.1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://nlnetlabs.nl/news/2024/Oct/03/unbound-1.21.1-released/" ], "discovery": "2024-10-03T00:00:00Z", "references": { "cvename": [ "CVE-2024-8508" ] }, "vid": "2368755b-83f6-11ef-8d2e-a04a5edf46d9" }, "details": "NLnet labs report:\n\n> A vulnerability has been discovered in Unbound when handling replies\n> with very large RRsets that Unbound needs to perform name compression\n> for.\n>\n> Malicious upstreams responses with very large RRsets can cause Unbound\n> to spend a considerable time applying name compression to downstream\n> replies. This can lead to degraded performance and eventually denial\n> of service in well orchestrated attacks.\n>\n> Unbound version 1.21.1 introduces a hard limit on the number of name\n> compression calculations it is willing to do per packet. Packets that\n> need more compression will result in semi-compressed packets or\n> truncated packets, even on TCP for huge messages, to avoid locking the\n> CPU for long.\n>\n> This change should not affect normal DNS traffic.\n", "id": "FreeBSD-2024-0250", "modified": "2024-10-06T00:00:00Z", "published": "2024-10-06T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://nlnetlabs.nl/news/2024/Oct/03/unbound-1.21.1-released/" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-8508" }, { "type": "WEB", "url": "https://nlnetlabs.nl/news/2024/Oct/03/unbound-1.21.1-released/" } ], "schema_version": "1.7.0", "summary": "Unbound -- Denial of service attack" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "zeek" }, "ranges": [ { "events": [ { "fixed": "7.0.3" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://github.com/zeek/zeek/releases/tag/v7.0.3" ], "discovery": "2024-10-05T00:00:00Z", "vid": "fe7031d3-3000-4b43-9fa6-52c2b624b8f9" }, "details": "Tim Wojtulewicz of Corelight reports:\n\n> Adding to the POP3 hardening in 7.0.2, the parser now simply discards\n> too many pending commands, rather than any attempting to process them.\n> Further, invalid server responses do not result in command completion\n> anymore. Processing out-of-order commands or finishing commands based\n> on invalid server responses could result in inconsistent analyzer\n> state, potentially triggering null pointer references for crafted\n> traffic.\n", "id": "FreeBSD-2024-0249", "modified": "2024-10-05T00:00:00Z", "published": "2024-10-05T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://github.com/zeek/zeek/releases/tag/v7.0.3" }, { "type": "WEB", "url": "https://github.com/zeek/zeek/releases/tag/v7.0.3" } ], "schema_version": "1.7.0", "summary": "zeek -- potential DoS vulnerability" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "firefox" }, "ranges": [ { "events": [ { "fixed": "131.0,2" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "firefox-esr" }, "ranges": [ { "events": [ { "fixed": "128.3.0,1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "thunderbird" }, "ranges": [ { "events": [ { "fixed": "128.3.0" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://bugzilla.mozilla.org/buglist.cgi?bug_id=1872744%2C1897792%2C1911317%2C1913445%2C1914106%2C1914475%2C1914963%2C1915008%2C1916476" ], "discovery": "2024-10-01T00:00:00Z", "references": { "cvename": [ "CVE-2024-9392", "CVE-2024-9396", "CVE-2024-9400", "CVE-2024-9401", "CVE-2024-9402", "CVE-2024-9403" ] }, "vid": "0417d41a-8175-11ef-a5dc-b42e991fc52e" }, "details": "security@mozilla.org reports:\n\n> - CVE-2024-9392: A compromised content process could have allowed for\n> the arbitrary loading of cross-origin pages.\n> - CVE-2024-9396: It is currently unknown if this issue is exploitable\n> but a condition may arise where the structured clone of certain\n> objects could lead to memory corruption.\n> - CVE-2024-9400: A potential memory corruption vulnerability could be\n> triggered if an attacker had the ability to trigger an OOM at a\n> specific moment during JIT compilation.\n> - CVE-2024-9401: Memory safety bugs present in Firefox 130, Firefox\n> ESR 115.15, Firefox ESR 128.2, and Thunderbird 128.2. Some of these\n> bugs showed evidence of memory corruption and we presume that with\n> enough effort some of these could have been exploited to run\n> arbitrary code.\n> - CVE-2024-9402: Memory safety bugs present in Firefox 130, Firefox\n> ESR 128.2, and Thunderbird 128.2. Some of these bugs showed evidence\n> of memory corruption and we presume that with enough effort some of\n> these could have been exploited to run arbitrary code.\n> - CVE-2024-9403: Memory safety bugs present in Firefox 130. Some of\n> these bugs showed evidence of memory corruption and we presume that\n> with enough effort some of these could have been exploited to run\n> arbitrary code.\n", "id": "FreeBSD-2024-0248", "modified": "2024-10-03T00:00:00Z", "published": "2024-10-03T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://bugzilla.mozilla.org/buglist.cgi?bug_id=1872744%2C1897792%2C1911317%2C1913445%2C1914106%2C1914475%2C1914963%2C1915008%2C1916476" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-9392" }, { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-9392" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-9396" }, { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-9396" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-9400" }, { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-9400" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-9401" }, { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-9401" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-9402" }, { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-9402" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-9403" }, { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-9403" } ], "schema_version": "1.7.0", "summary": "firefox -- multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "jenkins" }, "ranges": [ { "events": [ { "fixed": "2.479" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "jenkins-lts" }, "ranges": [ { "events": [ { "fixed": "2.462.3" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://www.jenkins.io/security/advisory/2024-10-02/" ], "discovery": "2024-10-02T00:00:00Z", "references": { "cvename": [ "CVE-2024-47803", "CVE-2024-47804" ] }, "vid": "3c6f8270-3210-4e2f-ba72-a9cdca7417a0" }, "details": "Jenkins Security Advisory:\n\n> # Description\n>\n> ##### (Medium) SECURITY-3451 / CVE-2024-47803\n>\n> Exposure of multi-line secrets through error messages in Jenkins\n>\n> # Description\n>\n> ##### (Medium) SECURITY-3448 / CVE-2024-47804\n>\n> Item creation restriction bypass vulnerability in Jenkins\n", "id": "FreeBSD-2024-0247", "modified": "2024-10-03T00:00:00Z", "published": "2024-10-03T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://www.jenkins.io/security/advisory/2024-10-02/" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-47803" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-47804" }, { "type": "WEB", "url": "https://www.jenkins.io/security/advisory/2024-10-02/" } ], "schema_version": "1.7.0", "summary": "jenkins -- multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "redis" }, "ranges": [ { "events": [ { "introduced": "7.4.0" }, { "fixed": "7.4.1" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "7.2.0" }, { "fixed": "7.2.6" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "redis72" }, "ranges": [ { "events": [ { "introduced": "7.2.0" }, { "fixed": "7.2.6" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "redis62" }, "ranges": [ { "events": [ { "introduced": "6.2.0" }, { "fixed": "6.2.16" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "valkey" }, "ranges": [ { "events": [ { "introduced": "8,0,0" }, { "fixed": "8.0.1" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "7.2.0" }, { "fixed": "7.2.7" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://github.com/redis/redis/releases/tag/7.4.1" ], "discovery": "2024-10-02T00:00:00Z", "references": { "cvename": [ "CVE-2024-31449", "CVE-2024-31227", "CVE-2024-31228" ] }, "vid": "8b20f21a-8113-11ef-b988-08002784c58d" }, "details": "Redis core team reports:\n\n> \n>\n> CVE-2024-31449\n> : Lua library commands may lead to stack overflow and potential RCE.\n>\n> CVE-2024-31227\n> : Potential Denial-of-service due to malformed ACL selectors.\n>\n> CVE-2024-31228\n> : Potential Denial-of-service due to unbounded pattern matching.\n", "id": "FreeBSD-2024-0246", "modified": "2024-10-02T00:00:00Z", "published": "2024-10-02T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://github.com/redis/redis/releases/tag/7.4.1" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-31449" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-31227" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-31228" }, { "type": "WEB", "url": "https://github.com/redis/redis/releases/tag/7.4.1" } ], "schema_version": "1.7.0", "summary": "redis,valkey -- Multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "php81" }, "ranges": [ { "events": [ { "fixed": "8.1.30" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "php82" }, "ranges": [ { "events": [ { "fixed": "8.2.24" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "php83" }, "ranges": [ { "events": [ { "fixed": "8.3.12" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://www.php.net/ChangeLog-8.php" ], "discovery": "2024-09-26T00:00:00Z", "references": { "cvename": [ "CVE-2024-8926", "CVE-2024-8927", "CVE-2024-9026", "CVE-2024-8925" ] }, "vid": "fe5c1e7a-7eed-11ef-9533-f875a43e1796" }, "details": "php.net reports:\n\n> - CVE-2024-8926: CGI: Fixed bug GHSA-9pqp-7h25-4f32 (Bypass of\n> CVE-2024-4577, Parameter Injection Vulnerability).\n> - CVE-2024-8927: CGI: Fixed bug GHSA-94p6-54jq-9mwp\n> (cgi.force_redirect configuration is bypassable due to the\n> environment variable collision).\n> - CVE-2024-9026: FPM: Fixed bug GHSA-865w-9rf3-2wh5 (Logs from\n> childrens may be altered).\n> - CVE-2024-8925: SAPI: Fixed bug GHSA-9pqp-7h25-4f32 (Erroneous\n> parsing of multipart form data).\n", "id": "FreeBSD-2024-0245", "modified": "2024-09-30T00:00:00Z", "published": "2024-09-30T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://www.php.net/ChangeLog-8.php" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-8926" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-8927" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-9026" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-8925" }, { "type": "WEB", "url": "https://www.php.net/ChangeLog-8.php" } ], "schema_version": "1.7.0", "summary": "php -- Multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "py38-slixmpp" }, "ranges": [ { "events": [ { "fixed": "1.8.3" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "py39-slixmpp" }, "ranges": [ { "events": [ { "fixed": "1.8.3" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "py310-slixmpp" }, "ranges": [ { "events": [ { "fixed": "1.8.3" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "py311-slixmpp" }, "ranges": [ { "events": [ { "fixed": "1.8.3" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://nvd.nist.gov/vuln/detail/CVE-2022-45197" ], "discovery": "2022-12-25T00:00:00Z", "references": { "cvename": [ "CVE-2022-45197" ] }, "vid": "f9cfdb00-7f43-11ef-9b27-592d55dd336d" }, "details": "NIST reports:\n\n> Slixmpp before 1.8.3 lacks SSL Certificate hostname validation in\n> XMLStream, allowing an attacker to pose as any server in the eyes of\n> Slixmpp.\n", "id": "FreeBSD-2024-0244", "modified": "2024-09-30T00:00:00Z", "published": "2024-09-30T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-45197" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-45197" }, { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-45197" } ], "schema_version": "1.7.0", "summary": "Slixmpp -- Lack of SSL Certificate hostname validation in XMLStream" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "chromium" }, "ranges": [ { "events": [ { "fixed": "129.0.6668.70" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "ungoogled-chromium" }, "ranges": [ { "events": [ { "fixed": "129.0.6668.70" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://chromereleases.googleblog.com/2024/09/stable-channel-update-for-desktop_24.html" ], "discovery": "2024-09-24T00:00:00Z", "references": { "cvename": [ "CVE-2024-9120", "CVE-2024-9121", "CVE-2024-9122", "CVE-2024-9123" ] }, "vid": "2f82696c-adad-447b-9938-c99441805fa3" }, "details": "Chrome Releases reports:\n\n> This update includes 5 security fixes:\n>\n> - \\[365254285\\] High CVE-2024-9120: Use after free in Dawn. Reported\n> by Anonymous on 2024-09-08\n> - \\[363538434\\] High CVE-2024-9121: Inappropriate implementation in\n> V8. Reported by Tashita Software Security on 2024-09-01\n> - \\[365802567\\] High CVE-2024-9122: Type Confusion in V8. Reported by\n> Seunghyun Lee (@0x10n) on 2024-09-10\n> - \\[365884464\\] High CVE-2024-9123: Integer overflow in Skia. Reported\n> by raven at KunLun lab on 2024-09-11\n", "id": "FreeBSD-2024-0243", "modified": "2024-09-30T00:00:00Z", "published": "2024-09-30T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://chromereleases.googleblog.com/2024/09/stable-channel-update-for-desktop_24.html" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-9120" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-9121" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-9122" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-9123" }, { "type": "WEB", "url": "https://chromereleases.googleblog.com/2024/09/stable-channel-update-for-desktop_24.html" } ], "schema_version": "1.7.0", "summary": "chromium -- multiple security fixes" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "sqlite3" }, "ranges": [ { "events": [ { "introduced": "3.43.0,1" }, { "fixed": "3.43.2,1" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "linux-rl9-sqlite" }, "ranges": [ { "events": [ { "introduced": "3.43.0,1" }, { "fixed": "3.43.2,1" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "linux-c7-sqlite" }, "ranges": [ { "events": [ { "introduced": "3.43.0,1" }, { "fixed": "3.43.2,1" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://access.redhat.com/security/cve/CVE-2024-0232" ], "discovery": "2024-01-16T00:00:00Z", "references": { "cvename": [ "CVE-2024-0232" ] }, "vid": "42ec2207-7e85-11ef-89a4-b42e991fc52e" }, "details": "secalert@redhat.com reports:\n\n> A heap use-after-free issue has been identified in SQLite in the\n> jsonParseAddNodeArray() function in sqlite3.c. This flaw allows a\n> local attacker to leverage a victim to pass specially crafted\n> malicious input to the application, potentially causing a crash and\n> leading to a denial of service.\n", "id": "FreeBSD-2024-0242", "modified": "2025-08-01T00:00:00Z", "published": "2024-09-29T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://access.redhat.com/security/cve/CVE-2024-0232" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-0232" }, { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-0232" } ], "schema_version": "1.7.0", "summary": "sqlite -- use-after-free bug in jsonparseaddnodearray" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "cups-filters" }, "ranges": [ { "events": [ { "fixed": "1.28.17_6" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "cups" }, "ranges": [ { "events": [ { "fixed": "2.4.11" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://github.com/OpenPrinting/cups-browsed/security/advisories/GHSA-rj88-6mr5-rcw8" ], "discovery": "2024-09-26T00:00:00Z", "references": { "cvename": [ "CVE-2024-47076", "CVE-2024-47175", "CVE-2024-47176" ] }, "vid": "24375796-7cbc-11ef-a3a9-001cc0382b2f" }, "details": "OpenPrinting reports:\n\n> Due to the service binding to \\*:631 ( INADDR_ANY ), multiple bugs in\n> cups-browsed can be exploited in sequence to introduce a malicious\n> printer to the system. This chain of exploits ultimately enables an\n> attacker to execute arbitrary commands remotely on the target machine\n> without authentication when a print job is started. Posing a\n> significant security risk over the network. Notably, this\n> vulnerability is particularly concerning as it can be exploited from\n> the public internet, potentially exposing a vast number of systems to\n> remote attacks if their CUPS services are enabled.\n\nThe vulnerability allows an attacker on the internet to create a new\nprinter device with arbitrary commands in the PPD file of the printer.\nAttacks using mDNS on the local network can also replace an existing\nprinter. The commands are executed when a user attempts to print on the\nmalicious device. They run with the privileges of the user \\\"cups\\\".\n\nIt is recommended to disable the cups_browsed service until patches\nbecome available. On FreeBSD this is the default. You can check the\nstatus and disable the service with the following commands:\n\n`# service cups_browsed status`\\\n`# service cups_browsed stop`\\\n`# service cups_browsed disable`\n\nIf you choose to leave the service enabled, attacks from the internet\ncan be blocked by removing the \\\"cups\\\" protocol from the\nBrowseRemoteProtocols and BrowseProtocols directives in\n/usr/local/etc/cups/cups-browsed.conf. Attacks using mDNS can be blocked\nby removing the \\\"dnssd\\\" protocol as well. Access can be limited to\nspecific IP addresses using BrowseAllow, BrowseDeny, and BrowseOrder\ndirectives as documented in cups-browsed.conf(5). Then restart the\nservice with the following command:\n\n`# service cups_browsed restart`\n", "id": "FreeBSD-2024-0241", "modified": "2024-10-02T00:00:00Z", "published": "2024-09-27T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://github.com/OpenPrinting/cups-browsed/security/advisories/GHSA-rj88-6mr5-rcw8" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-47076" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-47175" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-47176" }, { "type": "WEB", "url": "https://github.com/OpenPrinting/cups-browsed/security/advisories/GHSA-rj88-6mr5-rcw8" } ], "schema_version": "1.7.0", "summary": "cups-filters -- remote code execution" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "expat" }, "ranges": [ { "events": [ { "fixed": "2.6.3" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://github.com/libexpat/libexpat/blob/master/expat/Changes" ], "discovery": "2024-09-24T00:00:00Z", "references": { "cvename": [ "CVE-2024-45490", "CVE-2024-45491", "CVE-2024-45492" ] }, "vid": "ca5f3bbc-7a62-11ef-9533-f875a43e1796" }, "details": "libexpat reports:\n\n> - CVE-2024-45490: Calling function XML_ParseBuffer with len \\< 0\n> without noticing and then calling XML_GetBuffer will have\n> XML_ParseBuffer fail to recognize the problem and XML_GetBuffer\n> corrupt memory. With the fix, XML_ParseBuffer now complains with\n> error XML_ERROR_INVALID_ARGUMENT just like sibling XML_Parse has\n> been doing since Expat 2.2.1, and now documented. Impact is denial\n> of service to potentially artitrary code execution.\n> - CVE-2024-45491: Internal function dtdCopy can have an integer\n> overflow for nDefaultAtts on 32-bit platforms (where UINT_MAX equals\n> SIZE_MAX). Impact is denial of service to potentially artitrary code\n> execution.\n> - CVE-2024-45492: Internal function nextScaffoldPart can have an\n> integer overflow for m_groupSize on 32-bit platforms (where UINT_MAX\n> equals SIZE_MAX). Impact is denial of service to potentially\n> artitrary code execution.\n", "id": "FreeBSD-2024-0240", "modified": "2024-09-24T00:00:00Z", "published": "2024-09-24T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://github.com/libexpat/libexpat/blob/master/expat/Changes" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-45490" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-45491" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-45492" }, { "type": "WEB", "url": "https://github.com/libexpat/libexpat/blob/master/expat/Changes" } ], "schema_version": "1.7.0", "summary": "expat -- multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "gitlab-ce" }, "ranges": [ { "events": [ { "introduced": "17.4.0" }, { "fixed": "17.4.1" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "17.3.0" }, { "fixed": "17.3.4" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "15.6.0" }, { "fixed": "17.2.8" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "gitlab-ee" }, "ranges": [ { "events": [ { "introduced": "17.4.0" }, { "fixed": "17.4.1" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "17.3.0" }, { "fixed": "17.3.4" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "15.6.0" }, { "fixed": "17.2.8" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://about.gitlab.com/releases/2024/09/25/patch-release-gitlab-17-4-1-released/" ], "discovery": "2024-09-25T00:00:00Z", "references": { "cvename": [ "CVE-2024-4278", "CVE-2024-4099", "CVE-2024-8974" ] }, "vid": "4b7ed61f-7bbf-11ef-9369-2cf05da270f3" }, "details": "Gitlab reports:\n\n> Maintainer can leak Dependency Proxy password by changing Dependency\n> Proxy URL via crafted POST request\n>\n> AI feature reads unsanitized content, allowing for attacker to hide\n> prompt injection\n>\n> Project reference can be exposed in system notes\n", "id": "FreeBSD-2024-0239", "modified": "2024-09-26T00:00:00Z", "published": "2024-09-26T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://about.gitlab.com/releases/2024/09/25/patch-release-gitlab-17-4-1-released/" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-4278" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-4099" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-8974" }, { "type": "WEB", "url": "https://about.gitlab.com/releases/2024/09/25/patch-release-gitlab-17-4-1-released/" } ], "schema_version": "1.7.0", "summary": "Gitlab -- vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "frr9" }, "ranges": [ { "events": [ { "fixed": "9.1.2" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "frr8" }, "ranges": [ { "events": [ { "fixed": "8.5.6" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://github.com/FRRouting/frr/pull/16497" ], "discovery": "2024-08-19T00:00:00Z", "references": { "cvename": [ "CVE-2024-44070" ] }, "vid": "802961eb-7a89-11ef-bdd7-a0423f48a938" }, "details": "cve@mitre.org reports:\n\n> An issue was discovered in FRRouting (FRR). bgp_attr_encap in\n> bgpd/bgp_attr.c does not check the actual remaining stream length\n> before taking the TLV value.\n", "id": "FreeBSD-2024-0238", "modified": "2024-09-24T00:00:00Z", "published": "2024-09-24T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://github.com/FRRouting/frr/pull/16497" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-44070" }, { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-44070" } ], "schema_version": "1.7.0", "summary": "frr - BGP" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "zeek" }, "ranges": [ { "events": [ { "fixed": "7.0.2" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://github.com/zeek/zeek/releases/tag/v7.0.2" ], "discovery": "2024-09-24T00:00:00Z", "vid": "d47b7ae7-fe1d-4f7f-919a-480ca8035f00" }, "details": "Tim Wojtulewicz of Corelight reports:\n\n> The POP3 parser has been hardened to avoid unbounded state growth in\n> the face of one-sided traffic capture or when enabled for non-POP3\n> traffic.\n", "id": "FreeBSD-2024-0237", "modified": "2024-09-24T00:00:00Z", "published": "2024-09-24T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://github.com/zeek/zeek/releases/tag/v7.0.2" }, { "type": "WEB", "url": "https://github.com/zeek/zeek/releases/tag/v7.0.2" } ], "schema_version": "1.7.0", "summary": "zeek -- potential DoS vulnerability" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:kernel", "name": "FreeBSD-kernel" }, "ranges": [ { "events": [ { "introduced": "14.1" }, { "fixed": "14.1_3" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "14.0" }, { "fixed": "14.0_9" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "13.3" }, { "fixed": "13.3_5" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "discovery": "2024-08-07T00:00:00Z", "references": { "cvename": [ "CVE-2024-6759" ], "freebsdsa": [ "SA-24:07.nfsclient" ] }, "vid": "c02b8db5-771b-11ef-9a62-002590c1f29c" }, "details": "# Problem Description:\n\nWhen mounting a remote filesystem using NFS, the kernel did not sanitize\nremotely provided filenames for the path separator character, \\\"/\\\".\nThis allows readdir(3) and related functions to return filesystem\nentries with names containing additional path components.\n\n# Impact:\n\nThe lack of validation described above gives rise to a confused deputy\nproblem. For example, a program copying files from an NFS mount could be\ntricked into copying from outside the intended source directory, and/or\nto a location outside the intended destination directory.\n", "id": "FreeBSD-2024-0236", "modified": "2024-09-20T00:00:00Z", "published": "2024-09-20T00:00:00Z", "references": [ { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-6759" }, { "type": "ADVISORY", "url": "https://www.freebsd.org/security/advisories/FreeBSD-SA-24:07.nfsclient.asc" } ], "schema_version": "1.7.0", "summary": "FreeBSD -- NFS client accepts file names containing path separators" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:kernel", "name": "FreeBSD-kernel" }, "ranges": [ { "events": [ { "introduced": "14.1" }, { "fixed": "14.1_3" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "14.0" }, { "fixed": "14.0_9" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "13.3" }, { "fixed": "13.3_5" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "discovery": "2024-08-07T00:00:00Z", "references": { "cvename": [ "CVE-2024-6760" ], "freebsdsa": [ "SA-24:06.ktrace" ] }, "vid": "8fb61d94-771b-11ef-9a62-002590c1f29c" }, "details": "# Problem Description:\n\nA logic bug in the code which disables kernel tracing for setuid\nprograms meant that tracing was not disabled when it should have,\nallowing unprivileged users to trace and inspect the behavior of setuid\nprograms.\n\n# Impact:\n\nThe bug may be used by an unprivileged user to read the contents of\nfiles to which they would not otherwise have access, such as the local\npassword database.\n", "id": "FreeBSD-2024-0235", "modified": "2024-09-20T00:00:00Z", "published": "2024-09-20T00:00:00Z", "references": [ { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-6760" }, { "type": "ADVISORY", "url": "https://www.freebsd.org/security/advisories/FreeBSD-SA-24:06.ktrace.asc" } ], "schema_version": "1.7.0", "summary": "FreeBSD -- ktrace(2) fails to detach when executing a setuid binary" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:kernel", "name": "FreeBSD-kernel" }, "ranges": [ { "events": [ { "introduced": "14.1" }, { "fixed": "14.1_3" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "14.0" }, { "fixed": "14.0_9" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "13.3" }, { "fixed": "13.3_5" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "discovery": "2024-08-07T00:00:00Z", "references": { "cvename": [ "CVE-2024-6640" ], "freebsdsa": [ "SA-24:05.pf" ] }, "vid": "f140cff0-771a-11ef-9a62-002590c1f29c" }, "details": "# Problem Description:\n\nIn ICMPv6 Neighbor Discovery (ND), the ID is always 0. When pf is\nconfigured to allow ND and block incoming Echo Requests, a crafted Echo\nRequest packet after a Neighbor Solicitation (NS) can trigger an Echo\nReply. The packet has to come from the same host as the NS and have a\nzero as identifier to match the state created by the Neighbor Discovery\nand allow replies to be generated.\n\n# Impact:\n\nICMPv6 packets with identifier value of zero bypass firewall rules\nwritten on the assumption that the incoming packets are going to create\na state in the state table.\n\n# Note:\n\nThis advisory introduced additional issues that were addressed by\nFreeBSD-EN-24:16.pf. Please refer to that erratum for additional fixes.\n", "id": "FreeBSD-2024-0234", "modified": "2024-09-20T00:00:00Z", "published": "2024-09-20T00:00:00Z", "references": [ { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-6640" }, { "type": "ADVISORY", "url": "https://www.freebsd.org/security/advisories/FreeBSD-SA-24:05.pf.asc" }, { "type": "WEB", "url": "https://www.freebsd.org/security/advisories/FreeBSD-EN-24:16.pf.asc" } ], "schema_version": "1.7.0", "summary": "FreeBSD -- pf incorrectly matches different ICMPv6 states in the state table" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:kernel", "name": "FreeBSD-kernel" }, "ranges": [ { "events": [ { "introduced": "14.1" }, { "fixed": "14.1_5" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "14.0" }, { "fixed": "14.0_11" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "13.4" }, { "fixed": "13.4_1" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "13.3" }, { "fixed": "13.3_7" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "FreeBSD" }, "ranges": [ { "events": [ { "introduced": "14.1" }, { "fixed": "14.1_5" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "14.0" }, { "fixed": "14.0_11" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "13.4" }, { "fixed": "13.4_1" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "13.3" }, { "fixed": "13.3_7" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "discovery": "2024-09-19T00:00:00Z", "references": { "cvename": [ "CVE-2024-45287" ], "freebsdsa": [ "SA-24:16.libnv" ] }, "vid": "93c12fe5-7716-11ef-9a62-002590c1f29c" }, "details": "# Problem Description:\n\nA malicious value of size in a structure of packed libnv can cause an\ninteger overflow, leading to the allocation of a smaller buffer than\nrequired for the parsed data. The introduced check was incorrect, as it\ntook into account the size of the pointer, not the structure. This\nvulnerability affects both kernel and userland.\n\nThis issue was originally intended to be addressed as part of\nFreeBSD-SA-24:09.libnv, but due to a logic issue, this issue was not\nproperly addressed.\n\n# Impact:\n\nIt is possible for an attacker to overwrite portions of memory (in\nuserland or the kernel) as the allocated buffer might be smaller than\nthe data received from a malicious process. This vulnerability could\nresult in privilege escalation or cause a system panic.\n", "id": "FreeBSD-2024-0233", "modified": "2024-09-20T00:00:00Z", "published": "2024-09-20T00:00:00Z", "references": [ { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-45287" }, { "type": "ADVISORY", "url": "https://www.freebsd.org/security/advisories/FreeBSD-SA-24:16.libnv.asc" } ], "schema_version": "1.7.0", "summary": "FreeBSD -- Integer overflow in libnv" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "FreeBSD" }, "ranges": [ { "events": [ { "introduced": "14.1" }, { "fixed": "14.1_5" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "14.0" }, { "fixed": "14.0_11" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "13.4" }, { "fixed": "13.4_1" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "13.3" }, { "fixed": "13.3_7" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "discovery": "2024-09-19T00:00:00Z", "references": { "cvename": [ "CVE-2024-41721" ], "freebsdsa": [ "SA-24:15.bhyve" ] }, "vid": "1febd09b-7716-11ef-9a62-002590c1f29c" }, "details": "# Problem Description:\n\nbhyve can be configured to emulate devices on a virtual USB controller\n(XHCI), such as USB tablet devices. An insufficient boundary validation\nin the USB code could lead to an out-of-bounds read on the heap, which\ncould potentially lead to an arbitrary write and remote code execution.\n\n# Impact:\n\nA malicious, privileged software running in a guest VM can exploit the\nvulnerability to crash the hypervisor process or potentially achieve\ncode execution on the host in the bhyve userspace process, which\ntypically runs as root. Note that bhyve runs in a Capsicum sandbox, so\nmalicious code is constrained by the capabilities available to the bhyve\nprocess.\n", "id": "FreeBSD-2024-0232", "modified": "2024-09-20T00:00:00Z", "published": "2024-09-20T00:00:00Z", "references": [ { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-41721" }, { "type": "ADVISORY", "url": "https://www.freebsd.org/security/advisories/FreeBSD-SA-24:15.bhyve.asc" } ], "schema_version": "1.7.0", "summary": "FreeBSD -- bhyve(8) out-of-bounds read access via XHCI emulation" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "gitlab-ce" }, "ranges": [ { "events": [ { "introduced": "17.3.0" }, { "fixed": "17.3.3" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "17.2.0" }, { "fixed": "17.2.7" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "0" }, { "fixed": "17.1.8" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "gitlab-ee" }, "ranges": [ { "events": [ { "introduced": "17.3.0" }, { "fixed": "17.3.3" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "17.2.0" }, { "fixed": "17.2.7" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "0" }, { "fixed": "17.1.8" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://about.gitlab.com/releases/2024/09/17/patch-release-gitlab-17-3-3-released/" ], "discovery": "2024-09-17T00:00:00Z", "references": { "cvename": [ "CVE-2024-45409" ] }, "vid": "3e738678-7582-11ef-bece-2cf05da270f3" }, "details": "Gitlab reports:\n\n> SAML authentication bypass\n", "id": "FreeBSD-2024-0231", "modified": "2024-09-18T00:00:00Z", "published": "2024-09-18T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://about.gitlab.com/releases/2024/09/17/patch-release-gitlab-17-3-3-released/" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-45409" }, { "type": "WEB", "url": "https://about.gitlab.com/releases/2024/09/17/patch-release-gitlab-17-3-3-released/" } ], "schema_version": "1.7.0", "summary": "Gitlab -- vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "openssh-portable" }, "ranges": [ { "events": [ { "fixed": "9.8.p1_1,1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "FreeBSD" }, "ranges": [ { "events": [ { "introduced": "14.1" }, { "fixed": "14.1_3" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "14.0" }, { "fixed": "14.0_9" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "13.3" }, { "fixed": "13.3_5" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://www.freebsd.org/security/advisories/FreeBSD-SA-24:08.openssh.asc" ], "discovery": "2024-08-06T00:00:00Z", "references": { "cvename": [ "CVE-2024-7589" ], "freebsdsa": [ "SA-24:08.openssh" ] }, "vid": "58750d49-7302-11ef-8c95-195d300202b3" }, "details": "The FreeBSD Project reports:\n\n> A signal handler in sshd(8) may call a logging function that is not\n> async- signal-safe. The signal handler is invoked when a client does\n> not authenticate within the LoginGraceTime seconds (120 by default).\n> This signal handler executes in the context of the sshd(8)\\'s\n> privileged code, which is not sandboxed and runs with full root\n> privileges.\n>\n> This issue is another instance of the problem in CVE-2024-6387\n> addressed by FreeBSD-SA-24:04.openssh. The faulty code in this case is\n> from the integration of blacklistd in OpenSSH in FreeBSD.\n", "id": "FreeBSD-2024-0230", "modified": "2024-09-20T00:00:00Z", "published": "2024-09-15T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://www.freebsd.org/security/advisories/FreeBSD-SA-24:08.openssh.asc" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-7589" }, { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-7589" }, { "type": "ADVISORY", "url": "https://www.freebsd.org/security/advisories/FreeBSD-SA-24:08.openssh.asc" } ], "schema_version": "1.7.0", "summary": "OpenSSH -- Pre-authentication async signal safety issue" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "snappymail-php81" }, "ranges": [ { "events": [ { "fixed": "2.38.0" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "snappymail-php82" }, "ranges": [ { "events": [ { "fixed": "2.38.0" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "snappymail-php83" }, "ranges": [ { "events": [ { "fixed": "2.38.0" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "snappymail-php84" }, "ranges": [ { "events": [ { "fixed": "2.38.0" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://github.com/the-djmaze/snappymail/security/advisories/GHSA-2rq7-79vp-ffxm" ], "discovery": "2024-09-16T00:00:00Z", "references": { "cvename": [ "CVE-2024-45800" ] }, "vid": "bd940aba-7467-11ef-a5c4-08002784c58d" }, "details": "Oskar reports:\n\n> SnappyMail uses the \\`cleanHtml()\\` function to cleanup HTML and CSS\n> in emails. Research discovered that the function has a few bugs which\n> cause an mXSS exploit. Because the function allowed too many (invalid)\n> HTML elements, it was possible (with incorrect markup) to trick the\n> browser to \\\"fix\\\" the broken markup into valid markup. As a result a\n> motivated attacker may be able to inject javascript.\n", "id": "FreeBSD-2024-0229", "modified": "2024-09-16T00:00:00Z", "published": "2024-09-16T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://github.com/the-djmaze/snappymail/security/advisories/GHSA-2rq7-79vp-ffxm" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-45800" }, { "type": "WEB", "url": "https://github.com/the-djmaze/snappymail/security/advisories/GHSA-2rq7-79vp-ffxm" } ], "schema_version": "1.7.0", "summary": "SnappyMail -- multiple mXSS in HTML sanitizer" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "chromium" }, "ranges": [ { "events": [ { "fixed": "128.0.6613.137" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "ungoogled-chromium" }, "ranges": [ { "events": [ { "fixed": "128.0.6613.137" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://chromereleases.googleblog.com/2024/09/stable-channel-update-for-desktop_10.html" ], "discovery": "2024-09-10T00:00:00Z", "references": { "cvename": [ "CVE-2024-8636", "CVE-2024-8637", "CVE-2024-8638", "CVE-2024-8639" ] }, "vid": "e464f777-719e-11ef-8a0f-a8a1599412c6" }, "details": "Chrome Releases reports:\n\n> This update includes 4 security fixes:\n>\n> - \\[361461526\\] High CVE-2024-8636: Heap buffer overflow in Skia.\n> Reported by Renan Rios (@hyhy_100) on 2024-08-22\n> - \\[361784548\\] High CVE-2024-8637: Use after free in Media Router.\n> Reported by lime(@limeSec\\_) from TIANGONG Team of Legendsec at\n> QI-ANXIN Group on 2024-08-23\n> - \\[362539773\\] High CVE-2024-8638: Type Confusion in V8. Reported by\n> Zhenghang Xiao (@Kipreyyy) on 2024-08-28\n> - \\[362658609\\] High CVE-2024-8639: Use after free in Autofill.\n> Reported by lime(@limeSec\\_) from TIANGONG Team of Legendsec at\n> QI-ANXIN Group on 2024-08-28\n", "id": "FreeBSD-2024-0228", "modified": "2024-09-13T00:00:00Z", "published": "2024-09-13T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://chromereleases.googleblog.com/2024/09/stable-channel-update-for-desktop_10.html" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-8636" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-8637" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-8638" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-8639" }, { "type": "WEB", "url": "https://chromereleases.googleblog.com/2024/09/stable-channel-update-for-desktop_10.html" } ], "schema_version": "1.7.0", "summary": "chromium -- multiple security fixes" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "gitlab-ce" }, "ranges": [ { "events": [ { "introduced": "17.3.0" }, { "fixed": "17.3.2" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "17.2.0" }, { "fixed": "17.2.5" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "8.14.0" }, { "fixed": "17.1.7" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "gitlab-ee" }, "ranges": [ { "events": [ { "introduced": "17.3.0" }, { "fixed": "17.3.2" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "17.2.0" }, { "fixed": "17.2.5" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "8.14.0" }, { "fixed": "17.1.7" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://about.gitlab.com/releases/2024/09/11/patch-release-gitlab-17-3-2-released/" ], "discovery": "2024-09-11T00:00:00Z", "references": { "cvename": [ "CVE-2024-6678", "CVE-2024-8640", "CVE-2024-8635", "CVE-2024-8124", "CVE-2024-8641", "CVE-2024-8311", "CVE-2024-4660", "CVE-2024-4283", "CVE-2024-4612", "CVE-2024-8631", "CVE-2024-2743", "CVE-2024-5435", "CVE-2024-6389", "CVE-2024-4472", "CVE-2024-6446", "CVE-2024-6685" ] }, "vid": "bcc8b21e-7122-11ef-bece-2cf05da270f3" }, "details": "Gitlab reports:\n\n> Execute environment stop actions as the owner of the stop action job\n>\n> Prevent code injection in Product Analytics funnels YAML\n>\n> SSRF via Dependency Proxy\n>\n> Denial of Service via sending a large glm_source parameter\n>\n> CI_JOB_TOKEN can be used to obtain GitLab session token\n>\n> Variables from settings are not overwritten by PEP if a template is\n> included\n>\n> Guests can disclose the full source code of projects using custom\n> group-level templates\n>\n> IdentitiesController allows linking of arbitrary unclaimed provider\n> identities\n>\n> Open redirect in repo/tree/:id endpoint can lead to account takeover\n> through broken OAuth flow\n>\n> Open redirect in release permanent links can lead to account takeover\n> through broken OAuth flow\n>\n> Guest user with Admin group member permission can edit custom role to\n> gain other permissions\n>\n> Exposure of protected and masked CI/CD variables by abusing on-demand\n> DAST\n>\n> Credentials disclosed when repository mirroring fails\n>\n> Commit information visible through release atom endpoint for guest\n> users\n>\n> Dependency Proxy Credentials are Logged in Plaintext in graphql Logs\n>\n> User Application can spoof the redirect url\n>\n> Group Developers can view group runners information\n", "id": "FreeBSD-2024-0227", "modified": "2024-09-12T00:00:00Z", "published": "2024-09-12T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://about.gitlab.com/releases/2024/09/11/patch-release-gitlab-17-3-2-released/" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-6678" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-8640" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-8635" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-8124" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-8641" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-8311" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-4660" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-4283" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-4612" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-8631" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-2743" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-5435" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-6389" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-4472" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-6446" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-6685" }, { "type": "WEB", "url": "https://about.gitlab.com/releases/2024/09/11/patch-release-gitlab-17-3-2-released/" } ], "schema_version": "1.7.0", "summary": "Gitlab -- vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "cpu-microcode-intel" }, "ranges": [ { "events": [ { "fixed": "20241112" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01103.html", "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01097.html" ], "discovery": "2024-09-10T00:00:00Z", "references": { "cvename": [ "CVE-2024-23984", "CVE-2024-24968" ] }, "vid": "d5026193-6fa2-11ef-99bc-1c697a616631" }, "details": "Intel reports:\n\n> A potential security vulnerability in the Running Average Power Limit\n> (RAPL) interface for some Intel Processors may allow information\n> disclosure. Intel has released firmware updates to mitigate this\n> potential vulnerability.\n\n> A potential security vulnerability in some Intel Processors may allow\n> denial of service. Intel has released firmware updates to mitigate\n> this potential vulnerability.\n", "id": "FreeBSD-2024-0226", "modified": "2024-11-12T00:00:00Z", "published": "2024-09-10T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01103.html" }, { "type": "REPORT", "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01097.html" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-23984" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-24968" }, { "type": "WEB", "url": "https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/releases/tag/microcode-20240910" } ], "schema_version": "1.7.0", "summary": "Intel CPUs -- multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "clamav" }, "ranges": [ { "events": [ { "introduced": "1.3.0,1" }, { "fixed": "1.3.2,1" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "1.4.0,1" }, { "fixed": "1.4.1,1" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "clamav-lts" }, "ranges": [ { "events": [ { "introduced": "1.0.0,1" }, { "fixed": "1.0.6,1" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://blog.clamav.net/2024/09/clamav-141-132-107-and-010312-security.html" ], "discovery": "2024-09-04T00:00:00Z", "references": { "cvename": [ "CVE-2024-20505", "CVE-2024-20506" ] }, "vid": "996518f3-6ef9-11ef-b01b-08002784c58d" }, "details": "The ClamAV project reports:\n\n> \n>\n> CVE-2024-20505\n> : A vulnerability in the PDF parsing module of Clam AntiVirus\n> (ClamAV) could allow an unauthenticated, remote attacker to cause\n> a denial of service (DoS) condition on an affected device. The\n> vulnerability is due to an out of bounds read. An attacker could\n> exploit this vulnerability by submitting a crafted PDF file to be\n> scanned by ClamAV on an affected device. An exploit could allow\n> the attacker to terminate the scanning process.\n>\n> CVE-2024-20506\n> : A vulnerability in the ClamD service module of Clam AntiVirus\n> (ClamAV) could allow an authenticated, local attacker to corrupt\n> critical system files. The vulnerability is due to allowing the\n> ClamD process to write to its log file while privileged without\n> checking if the logfile has been replaced with a symbolic link. An\n> attacker could exploit this vulnerability if they replace the\n> ClamD log file with a symlink to a critical system file and then\n> find a way to restart the ClamD process. An exploit could allow\n> the attacker to corrupt a critical system file by appending ClamD\n> log messages after restart.\n", "id": "FreeBSD-2024-0225", "modified": "2024-09-09T00:00:00Z", "published": "2024-09-09T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://blog.clamav.net/2024/09/clamav-141-132-107-and-010312-security.html" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-20505" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-20506" }, { "type": "WEB", "url": "https://blog.clamav.net/2024/09/clamav-141-132-107-and-010312-security.html" } ], "schema_version": "1.7.0", "summary": "clamav -- Multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "netatalk3" }, "ranges": [ { "events": [ { "fixed": "3.2.8,1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://github.com/Netatalk/netatalk/releases/tag/netatalk-3-2-8" ], "discovery": "2024-09-08T00:00:00Z", "references": { "cvename": [ "CVE-2024-1544", "CVE-2024-5288", "CVE-2024-5991", "CVE-2024-5814" ] }, "vid": "8fbe81f7-6eb5-11ef-b7bd-00505632d232" }, "details": "Netatalk release reports:\n\n> WolfSSL 5.7.0 (included in netatalk) includes multiple security\n> vulnerabilities.\n", "id": "FreeBSD-2024-0224", "modified": "2024-09-09T00:00:00Z", "published": "2024-09-09T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://github.com/Netatalk/netatalk/releases/tag/netatalk-3-2-8" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-1544" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-5288" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-5991" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-5814" } ], "schema_version": "1.7.0", "summary": "netatalk3 -- multiple WolfSSL vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "minio" }, "ranges": [ { "events": [ { "fixed": "2024.05.27.19.17.46" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://github.com/minio/minio/security/advisories/GHSA-95fr-cm4m-q5p9" ], "discovery": "2024-05-28T00:00:00Z", "references": { "cvename": [ "CVE-2024-36107" ] }, "vid": "80fbe184-2358-11ef-996e-40b034455553" }, "details": "Minio security advisory GHSA-95fr-cm4m-q5p9 reports:\n\n> when used with anonymous requests by sending a random object name\n> requests you can figure out if the object exists or not on the server\n> on a specific bucket and also gain access to some amount of\n> information.\n", "id": "FreeBSD-2024-0223", "modified": "2024-06-05T00:00:00Z", "published": "2024-06-05T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://github.com/minio/minio/security/advisories/GHSA-95fr-cm4m-q5p9" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-36107" }, { "type": "ADVISORY", "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36107" } ], "schema_version": "1.7.0", "summary": "minio -- unintentional information disclosure" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "minio" }, "ranges": [ { "events": [ { "fixed": "2024.01.31.20.20.33" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://github.com/minio/minio/security/advisories/GHSA-xx8w-mq23-29g4" ], "discovery": "2024-01-31T00:00:00Z", "references": { "cvename": [ "CVE-2024-24747" ] }, "vid": "144836e3-2358-11ef-996e-40b034455553" }, "details": "Minio security advisory GHSA-xx8w-mq23-29g4 ports:\n\n> When someone creates an access key, it inherits the permissions of the\n> parent key. Not only for s3:\\* actions, but also admin:\\* actions.\n> Which means unless somewhere above in the access-key hierarchy, the\n> admin rights are denied, access keys will be able to simply override\n> their own s3 permissions to something more permissive.\n", "id": "FreeBSD-2024-0222", "modified": "2024-06-05T00:00:00Z", "published": "2024-06-05T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://github.com/minio/minio/security/advisories/GHSA-xx8w-mq23-29g4" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-24747" }, { "type": "ADVISORY", "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24747" } ], "schema_version": "1.7.0", "summary": "minio -- privilege escalation via permissions inheritance" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "firefox" }, "ranges": [ { "events": [ { "fixed": "128.0,2" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://bugzilla.mozilla.org/show_bug.cgi?id=1901411" ], "discovery": "2024-09-06T00:00:00Z", "references": { "cvename": [ "CVE-2024-7652" ] }, "vid": "7ade3c38-6d1f-11ef-ae11-b42e991fc52e" }, "details": "security@mozilla.org reports:\n\n> An error in the ECMA-262 specification relating to Async Generators\n> could have resulted in a type confusion, potentially leading to memory\n> corruption and an exploitable crash.\n", "id": "FreeBSD-2024-0221", "modified": "2024-09-07T00:00:00Z", "published": "2024-09-07T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1901411" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-7652" }, { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-7652" } ], "schema_version": "1.7.0", "summary": "firefox -- Potential memory corruption and exploitable crash" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "exiv2" }, "ranges": [ { "events": [ { "introduced": "0.28.0,1" }, { "fixed": "0.28.3,1" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://github.com/Exiv2/exiv2/security/advisories/GHSA-38rv-8x93-pvrh" ], "discovery": "2024-04-21T00:00:00Z", "references": { "cvename": [ "CVE-2024-39695" ] }, "vid": "3e44c35f-6cf4-11ef-b813-4ccc6adda413" }, "details": "Kevin Backhouse reports:\n\n> An out-of-bounds read was found in Exiv2 version v0.28.2. The\n> vulnerability is in the parser for the ASF video format, which was a\n> new feature in v0.28.0, so Exiv2 versions before v0.28 are not\n> affected. The out-of-bounds read is triggered when Exiv2 is used to\n> read the metadata of a crafted video file.\n", "id": "FreeBSD-2024-0220", "modified": "2024-09-07T00:00:00Z", "published": "2024-09-07T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://github.com/Exiv2/exiv2/security/advisories/GHSA-38rv-8x93-pvrh" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-39695" }, { "type": "WEB", "url": "https://github.com/Exiv2/exiv2/security/advisories/GHSA-38rv-8x93-pvrh" } ], "schema_version": "1.7.0", "summary": "exiv2 -- Out-of-bounds read in AsfVideo::streamProperties" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "forgejo" }, "ranges": [ { "events": [ { "fixed": "8.0.3" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "forgejo7" }, "ranges": [ { "events": [ { "fixed": "7.0.9" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "discovery": "2024-09-03T00:00:00Z", "references": { "cvename": [ "CVE-2024-43788" ] }, "vid": "a5e13973-6c75-11ef-858b-23eeba13701a" }, "details": "# Problem Description:\n\n- Replace v-html with v-text in search inputbox\n- Upgrade webpack to v5.94.0 as a precaution to mitigate CVE-2024-43788,\n although we were not yet able to confirm that this can be exploited in\n Forgejo.\n", "id": "FreeBSD-2024-0219", "modified": "2024-09-06T00:00:00Z", "published": "2024-09-06T00:00:00Z", "references": [ { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-43788" }, { "type": "WEB", "url": "https://codeberg.org/forgejo/forgejo/milestone/8231" } ], "schema_version": "1.7.0", "summary": "forgejo -- multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "binutils" }, "ranges": [ { "events": [ { "fixed": "2.43,1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=281070" ], "discovery": "2024-08-25T00:00:00Z", "references": { "cvename": [ "CVE-2023-1972", "CVE-2023-25585", "CVE-2023-25586", "CVE-2023-25588" ] }, "vid": "943f8915-6c5d-11ef-810a-f8b46a88f42c" }, "details": "alster@vinterdalen.se reports PR/281070:\n\n> A new version of devel/binutils has been released fixing\n> CVE-2023-1972, CVE-2023-25585, CVE-2023-25586, and CVE-2023-25588.\n", "id": "FreeBSD-2024-0218", "modified": "2024-09-06T00:00:00Z", "published": "2024-09-06T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=281070" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-1972" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-25585" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-25586" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-25588" } ], "schema_version": "1.7.0", "summary": "binutils -- Multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "gitea" }, "ranges": [ { "events": [ { "fixed": "1.22.2" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "discovery": "2024-09-03T00:00:00Z", "vid": "f5d0cfe7-6ba6-11ef-858b-23eeba13701a" }, "details": "# Problem Description:\n\n- Replace v-html with v-text in search inputbox\n- Fix nuget/conan/container packages upload bugs\n", "id": "FreeBSD-2024-0217", "modified": "2024-09-05T00:00:00Z", "published": "2024-09-05T00:00:00Z", "references": [ { "type": "WEB", "url": "https://github.com/go-gitea/gitea/releases/tag/v1.22.2" } ], "schema_version": "1.7.0", "summary": "gitea -- multiple issues" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "qt5-webengine" }, "ranges": [ { "events": [ { "fixed": "5.15.17.p3" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://code.qt.io/cgit/qt/qtwebengine-chromium.git/log/?h=87-based" ], "discovery": "2024-08-05T00:00:00Z", "references": { "cvename": [ "CVE-2024-5496", "CVE-2024-5846", "CVE-2024-6291", "CVE-2024-6989", "CVE-2024-6996", "CVE-2024-7536" ] }, "vid": "66907dab-6bb2-11ef-b813-4ccc6adda413" }, "details": "> Backports for 6 security bugs in Chromium:\n>\n> - CVE-2024-5496: Use after free in Media Session\n> - CVE-2024-5846: Use after free in PDFium\n> - CVE-2024-6291: Use after free in Swiftshader\n> - CVE-2024-6989: Use after free in Loader\n> - CVE-2024-6996: Race in Frames\n> - CVE-2024-7536: Use after free in WebAudio\n", "id": "FreeBSD-2024-0216", "modified": "2024-09-05T00:00:00Z", "published": "2024-09-05T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://code.qt.io/cgit/qt/qtwebengine-chromium.git/log/?h=87-based" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-5496" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-5846" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-6291" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-6989" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-6996" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-7536" }, { "type": "WEB", "url": "https://code.qt.io/cgit/qt/qtwebengine-chromium.git/log/?h=87-based" } ], "schema_version": "1.7.0", "summary": "qt5-webengine -- Multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "firefox" }, "ranges": [ { "events": [ { "fixed": "130.0_1,2" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://bugzilla.mozilla.org/show_bug.cgi?id=1908496" ], "discovery": "2024-09-03T00:00:00Z", "references": { "cvename": [ "CVE-2024-8381", "CVE-2024-8382", "CVE-2024-8383", "CVE-2024-8384", "CVE-2024-8385", "CVE-2024-8386", "CVE-2024-8387", "CVE-2024-8389" ] }, "vid": "a3a1caf5-6ba1-11ef-b9e8-b42e991fc52e" }, "details": "security@mozilla.org reports:\n\n> This entry contains 8 vulnerabilities:\n>\n> - CVE-2024-8381: A potentially exploitable type confusion could be\n> triggered when looking up a property name on an object being used as\n> the \\`with\\` environment.\n> - CVE-2024-8382: Internal browser event interfaces were exposed to web\n> content when privileged EventHandler listener callbacks ran for\n> those events. Web content that tried to use those interfaces would\n> not be able to use them with elevated privileges, but their presence\n> would indicate certain browser features had been used, such as when\n> a user opened the Dev Tools console.\n> - CVE-2024-8383: Firefox normally asks for confirmation before asking\n> the operating system to find an application to handle a scheme that\n> the browser does not support. It did not ask before doing so for the\n> Usenet-related schemes news: and snews:. Since most operating\n> systems don\\'t have a trusted newsreader installed by default, an\n> unscrupulous program that the user downloaded could register itself\n> as a handler. The website that served the application download could\n> then launch that application at will.\n> - CVE-2024-8384: The JavaScript garbage collector could mis-color\n> cross-compartment objects if OOM conditions were detected at the\n> right point between two passes. This could have led to memory\n> corruption.\n> - CVE-2024-8385: A difference in the handling of StructFields and\n> ArrayTypes in WASM could be used to trigger an exploitable type\n> confusion vulnerability.\n> - CVE-2024-8386: If a site had been granted the permission to open\n> popup windows, it could cause Select elements to appear on top of\n> another site to perform a spoofing attack.\n> - CVE-2024-8387: Memory safety bugs present in Firefox 129, Firefox\n> ESR 128.1, and Thunderbird 128.1. Some of these bugs showed evidence\n> of memory corruption and we presume that with enough effort some of\n> these could have been exploited to run arbitrary code.\n> - CVE-2024-8389: Memory safety bugs present in Firefox 129. Some of\n> these bugs showed evidence of memory corruption and we presume that\n> with enough effort some of these could have been exploited to run\n> arbitrary code.\n", "id": "FreeBSD-2024-0215", "modified": "2024-09-05T00:00:00Z", "published": "2024-09-05T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1908496" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-8381" }, { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-8381" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-8382" }, { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-8382" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-8383" }, { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-8383" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-8384" }, { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-8384" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-8385" }, { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-8385" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-8386" }, { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-8386" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-8387" }, { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-8387" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-8389" }, { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-8389" } ], "schema_version": "1.7.0", "summary": "firefox -- multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "FreeBSD" }, "ranges": [ { "events": [ { "introduced": "14.1" }, { "fixed": "14.1_4" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "14.0" }, { "fixed": "14.0_10" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "13.3" }, { "fixed": "13.3_6" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "discovery": "2024-09-04T00:00:00Z", "references": { "cvename": [ "CVE-2024-43102" ], "freebsdsa": [ "SA-24:14.umtx" ] }, "vid": "7e079ce2-6b51-11ef-9a62-002590c1f29c" }, "details": "# Problem Description:\n\nConcurrent removals of such a mapping by using the UMTX_SHM_DESTROY\nsub-request of UMTX_OP_SHM can lead to decreasing the reference count of\nthe object representing the mapping too many times, causing it to be\nfreed too early.\n\n# Impact:\n\nA malicious code exercizing the UMTX_SHM_DESTROY sub-request in parallel\ncan panic the kernel or enable further Use-After-Free attacks,\npotentially including code execution or Capsicum sandbox escape.\n", "id": "FreeBSD-2024-0214", "modified": "2024-09-05T00:00:00Z", "published": "2024-09-05T00:00:00Z", "references": [ { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-43102" }, { "type": "ADVISORY", "url": "https://www.freebsd.org/security/advisories/FreeBSD-SA-24:14.umtx.asc" } ], "schema_version": "1.7.0", "summary": "FreeBSD -- umtx Kernel panic or Use-After-Free" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "FreeBSD" }, "ranges": [ { "events": [ { "introduced": "14.1" }, { "fixed": "14.1_4" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "14.0" }, { "fixed": "14.0_10" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "13.3" }, { "fixed": "13.3_6" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "discovery": "2024-09-04T00:00:00Z", "references": { "cvename": [ "CVE-2024-32668" ], "freebsdsa": [ "SA-24:12.bhyve" ] }, "vid": "4edaa9f4-6b51-11ef-9a62-002590c1f29c" }, "details": "# Problem Description:\n\nbhyve can be configured to emulate devices on a virtual USB controller\n(XHCI), such as USB tablet devices. An insufficient boundary validation\nin the USB code could lead to an out-of-bounds write on the heap, with\ndata controlled by the caller.\n\n# Impact:\n\nA malicious, privileged software running in a guest VM can exploit the\nvulnerability to achieve code execution on the host in the bhyve\nuserspace process, which typically runs as root. Note that bhyve runs in\na Capsicum sandbox, so malicious code is constrained by the capabilities\navailable to the bhyve process.\n", "id": "FreeBSD-2024-0213", "modified": "2024-09-05T00:00:00Z", "published": "2024-09-05T00:00:00Z", "references": [ { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-32668" }, { "type": "ADVISORY", "url": "https://www.freebsd.org/security/advisories/FreeBSD-SA-24:12.bhyve.asc" } ], "schema_version": "1.7.0", "summary": "FreeBSD -- bhyve(8) privileged guest escape via USB controller" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:kernel", "name": "FreeBSD-kernel" }, "ranges": [ { "events": [ { "introduced": "14.1" }, { "fixed": "14.1_4" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "14.0" }, { "fixed": "14.0_10" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "13.3" }, { "fixed": "13.3_6" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "discovery": "2024-09-04T00:00:00Z", "references": { "cvename": [ "CVE-2024-8178", "CVE-2024-42416", "CVE-2024-43110" ], "freebsdsa": [ "SA-24:11.ctl" ] }, "vid": "9bd5e47b-6b50-11ef-9a62-002590c1f29c" }, "details": "# Problem Description:\n\nSeveral vulnerabilities were found in the ctl subsystem.\n\nThe function ctl_write_buffer incorrectly set a flag which resulted in a\nkernel Use-After-Free when a command finished processing\n(CVE-2024-45063). The ctl_write_buffer and ctl_read_buffer functions\nallocated memory to be returned to userspace, without initializing it\n(CVE-2024-8178). The ctl_report_supported_opcodes function did not\nsufficiently validate a field provided by userspace, allowing an\narbitrary write to a limited amount of kernel help memory\n(CVE-2024-42416). The ctl_request_sense function could expose up to\nthree bytes of the kernel heap to userspace (CVE-2024-43110).\n\nGuest virtual machines in the bhyve hypervisor can send SCSI commands to\nthe corresponding kernel driver via the virtio_scsi interface. This\nprovides guests with direct access to the vulnerabilities covered by\nthis advisory.\n\nThe CAM Target Layer iSCSI target daemon ctld(8) accepts incoming iSCSI\nconnections, performs authentication and passes connections to the\nkernel ctl(4) target layer.\n\n# Impact:\n\nMalicious software running in a guest VM that exposes virtio_scsi can\nexploit the vulnerabilities to achieve code execution on the host in the\nbhyve userspace process, which typically runs as root. Note that bhyve\nruns in a Capsicum sandbox, so malicious code is constrained by the\ncapabilities available to the bhyve process.\n\nA malicious iSCSI initiator could achieve remote code execution on the\niSCSI target host.\n", "id": "FreeBSD-2024-0212", "modified": "2024-09-05T00:00:00Z", "published": "2024-09-05T00:00:00Z", "references": [ { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-8178" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-42416" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-43110" }, { "type": "ADVISORY", "url": "https://www.freebsd.org/security/advisories/FreeBSD-SA-24:11.ctl.asc" } ], "schema_version": "1.7.0", "summary": "FreeBSD -- Multiple issues in ctl(4) CAM Target Layer" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "FreeBSD" }, "ranges": [ { "events": [ { "introduced": "14.1" }, { "fixed": "14.1_4" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "14.0" }, { "fixed": "14.0_10" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "discovery": "2024-09-04T00:00:00Z", "references": { "cvename": [ "CVE-2024-41928" ], "freebsdsa": [ "SA-24:10.bhyve" ] }, "vid": "56d76414-6b50-11ef-9a62-002590c1f29c" }, "details": "# Problem Description:\n\nbhyve can be configured to provide access to the host\\'s TPM device,\nwhere it passes the communication through an emulated device provided to\nthe guest. This may be performed on the command-line by starting bhyve\nwith the \\`-l tpm,passthru,/dev/tpmX\\` parameters.\n\nThe MMIO handler for the emulated device did not validate the offset and\nsize of the memory access correctly, allowing guests to read and write\nmemory contents outside of the memory area effectively allocated.\n\n# Impact:\n\nMalicious software running in a guest VM can exploit the buffer overflow\nto achieve code execution on the host in the bhyve userspace process,\nwhich typically runs as root. Note that bhyve runs in a Capsicum\nsandbox, so malicious code is constrained by the capabilities available\nto the bhyve process.\n", "id": "FreeBSD-2024-0211", "modified": "2024-09-05T00:00:00Z", "published": "2024-09-05T00:00:00Z", "references": [ { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-41928" }, { "type": "ADVISORY", "url": "https://www.freebsd.org/security/advisories/FreeBSD-SA-24:10.bhyve.asc" } ], "schema_version": "1.7.0", "summary": "FreeBSD -- bhyve(8) privileged guest escape via TPM device passthrough" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:kernel", "name": "FreeBSD-kernel" }, "ranges": [ { "events": [ { "introduced": "14.1" }, { "fixed": "14.1_4" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "14.0" }, { "fixed": "14.0_10" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "13.3" }, { "fixed": "13.3_6" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "FreeBSD" }, "ranges": [ { "events": [ { "introduced": "14.1" }, { "fixed": "14.1_4" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "14.0" }, { "fixed": "14.0_10" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "13.3" }, { "fixed": "13.3_6" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "discovery": "2024-09-04T00:00:00Z", "references": { "cvename": [ "CVE-2024-45287", "CVE-2024-45288" ], "freebsdsa": [ "SA-24:09.libnv" ] }, "vid": "8d1f9adf-6b4f-11ef-9a62-002590c1f29c" }, "details": "# Problem Description:\n\nCVE-2024-45287 is a vulnerability that affects both the kernel and\nuserland. A malicious value of size in a structure of packed libnv can\ncause an integer overflow, leading to the allocation of a smaller buffer\nthan required for the parsed data.\n\nCVE-2024-45288 is a vulnerability that affects both the kernel and\nuserland. A missing null-termination character in the last element of an\nnvlist array string can lead to writing outside the allocated buffer.\n\n# Impact:\n\nIt is possible for an attacker to overwrite portions of memory (in\nuserland or the kernel) as the allocated buffer might be smaller than\nthe data received from a malicious process. This vulnerability could\nresult in privilege escalation or cause a system panic.\n", "id": "FreeBSD-2024-0210", "modified": "2024-09-05T00:00:00Z", "published": "2024-09-05T00:00:00Z", "references": [ { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-45287" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-45288" }, { "type": "ADVISORY", "url": "https://www.freebsd.org/security/advisories/FreeBSD-SA-24:09.libnv.asc" } ], "schema_version": "1.7.0", "summary": "FreeBSD -- Multiple vulnerabilities in libnv" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "openssl" }, "ranges": [ { "events": [ { "fixed": "3.0.15,1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "openssl31" }, "ranges": [ { "events": [ { "fixed": "3.1.7" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "openssl32" }, "ranges": [ { "events": [ { "fixed": "3.2.3" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "openssl33" }, "ranges": [ { "events": [ { "fixed": "3.3.2" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "openssl-quictls" }, "ranges": [ { "events": [ { "fixed": "3.0.15" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "openssl31-quictls" }, "ranges": [ { "events": [ { "fixed": "3.1.7" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "FreeBSD" }, "ranges": [ { "events": [ { "introduced": "14.1" }, { "fixed": "14.1_4" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "14.0" }, { "fixed": "14.0_10" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://openssl-library.org/news/secadv/20240903.txt" ], "discovery": "2024-09-03T00:00:00Z", "references": { "cvename": [ "CVE-2024-5535", "CVE-2024-6119" ], "freebsdsa": [ "SA-24:13.openssl" ] }, "vid": "21f505f4-6a1c-11ef-b611-84a93843eb75" }, "details": "The OpenSSL project reports:\n\n> Possible denial of service in X.509 name checks \\[Moderate severity\\]\n> Applications performing certificate name checks (e.g., TLS clients\n> checking server certificates) may attempt to read an invalid memory\n> address resulting in abnormal termination of the application process.\n>\n> SSL_select_next_proto buffer overread \\[Low severity\\] Calling the\n> OpenSSL API function SSL_select_next_proto with an empty supported\n> client protocols buffer may cause a crash or memory contents to be\n> sent to the peer.\n", "id": "FreeBSD-2024-0209", "modified": "2024-09-05T00:00:00Z", "published": "2024-09-03T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://openssl-library.org/news/secadv/20240903.txt" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-5535" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-6119" }, { "type": "WEB", "url": "https://openssl-library.org/news/secadv/20240627.txt" }, { "type": "WEB", "url": "https://openssl-library.org/news/secadv/20240903.txt" }, { "type": "ADVISORY", "url": "https://www.freebsd.org/security/advisories/FreeBSD-SA-24:13.openssl.asc" } ], "schema_version": "1.7.0", "summary": "OpenSSL -- Multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "chromium" }, "ranges": [ { "events": [ { "fixed": "128.0.6613.119" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "ungoogled-chromium" }, "ranges": [ { "events": [ { "fixed": "128.0.6613.119" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://chromereleases.googleblog.com/2024/09/stable-channel-update-for-desktop.html" ], "discovery": "2024-09-02T00:00:00Z", "references": { "cvename": [ "CVE-2024-8362", "CVE-2024-7970" ] }, "vid": "26125e09-69ca-11ef-8a0f-a8a1599412c6" }, "details": "Chrome Releases reports:\n\n> This update includes 4 security fixes:\n>\n> - \\[357391257\\] High CVE-2024-8362: Use after free in WebAudio.\n> Reported by Cassidy Kim(@cassidy6564) on 2024-08-05\n> - \\[358485426\\] High CVE-2024-7970: Out of bounds write in V8.\n> Reported by Cassidy Kim(@cassidy6564) on 2024-08-09\n", "id": "FreeBSD-2024-0208", "modified": "2024-09-03T00:00:00Z", "published": "2024-09-03T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://chromereleases.googleblog.com/2024/09/stable-channel-update-for-desktop.html" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-8362" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-7970" }, { "type": "WEB", "url": "https://chromereleases.googleblog.com/2024/09/stable-channel-update-for-desktop.html" } ], "schema_version": "1.7.0", "summary": "chromium -- multiple security fixes" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "forgejo" }, "ranges": [ { "events": [ { "fixed": "8.0.2" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://codeberg.org/forgejo/forgejo/milestone/7728" ], "discovery": "2024-08-26T00:00:00Z", "vid": "eb437e17-66a1-11ef-ac08-75165d18d8d2" }, "details": "The forgejo team reports:\n\n> The scope of application tokens was not verified when writing\n> containers or Conan packages. This is of no consequence when the user\n> associated with the application token does not have write access to\n> packages. If the user has write access to packages, such a token can\n> be used to write containers and Conan packages. An application token\n> that was used to write containers or Conan packages without the\n> package:write scope will now fail with an unauthorized error. It must\n> be re-created to include the package:write scope.\n", "id": "FreeBSD-2024-0207", "modified": "2024-08-30T00:00:00Z", "published": "2024-08-30T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://codeberg.org/forgejo/forgejo/milestone/7728" }, { "type": "WEB", "url": "https://codeberg.org/forgejo/forgejo/pulls/5149" } ], "schema_version": "1.7.0", "summary": "forgejo -- The scope of application tokens was not verified when writing containers or Conan packages." }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "rabbitmq-c" }, "ranges": [ { "events": [ { "fixed": "0.14.0" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://nvd.nist.gov/vuln/detail/CVE-2023-35789" ], "discovery": "2019-09-19T00:00:00Z", "references": { "cvename": [ "CVE-2023-35789" ] }, "vid": "7e9cc7fd-6b3e-46c5-ad6d-409d90d41bbf" }, "details": "hadmut reports:\n\n> This C library includes 2 command-line tools that can take credentials\n> as command-line options. The credentials are exposed as plain-text in\n> the process list. This could allow an attacker with access to the\n> process list to see the credentials.\n", "id": "FreeBSD-2024-0206", "modified": "2024-08-30T00:00:00Z", "published": "2024-08-30T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-35789" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-35789" }, { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-35789" } ], "schema_version": "1.7.0", "summary": "RabbitMQ-C -- auth credentials visible in commandline tool options" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "firefox" }, "ranges": [ { "events": [ { "fixed": "129.0,2" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://bugzilla.mozilla.org/show_bug.cgi?id=1909241" ], "discovery": "2024-08-06T00:00:00Z", "references": { "cvename": [ "CVE-2024-7524", "CVE-2024-6610", "CVE-2024-6609", "CVE-2024-6608" ] }, "vid": "5e4d7172-66b8-11ef-b104-b42e991fc52e" }, "details": "security@mozilla.org reports:\n\n> - Firefox adds web-compatibility shims in place of some tracking\n> scripts blocked by Enhanced Tracking Protection. On a site protected\n> by Content Security Policy in \\\"strict-dynamic\\\" mode, an attacker\n> able to inject an HTML element could have used a DOM Clobbering\n> attack on some of the shims and achieved XSS, bypassing the CSP\n> strict-dynamic protection.\n> - Form validation popups could capture escape key presses. Therefore,\n> spamming form validation messages could be used to prevent users\n> from exiting full-screen mode.\n> - When almost out-of-memory an elliptic curve key which was never\n> allocated could have been freed again.\n> - It was possible to move the cursor using pointerlock from an iframe.\n> This allowed moving the cursor outside of the viewport and the\n> Firefox window.\n", "id": "FreeBSD-2024-0205", "modified": "2024-08-30T00:00:00Z", "published": "2024-08-30T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1909241" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-7524" }, { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-7524" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-6610" }, { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-6610" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-6609" }, { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-6609" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-6608" }, { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-6608" } ], "schema_version": "1.7.0", "summary": "firefox -- multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "chromium" }, "ranges": [ { "events": [ { "fixed": "128.0.6613.113" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "ungoogled-chromium" }, "ranges": [ { "events": [ { "fixed": "128.0.6613.113" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://chromereleases.googleblog.com/2024/08/stable-channel-update-for-desktop_28.html" ], "discovery": "2024-08-28T00:00:00Z", "references": { "cvename": [ "CVE-2024-7969", "CVE-2024-8193", "CVE-2024-8194", "CVE-2024-8198" ] }, "vid": "6f2545bb-65e8-11ef-8a0f-a8a1599412c6" }, "details": "Chrome Releases reports:\n\n> This update includes 4 security fixes:\n>\n> - \\[351865302\\] High CVE-2024-7969: Type Confusion in V8. Reported by\n> CFF of Topsec Alpha Team on 2024-07-09\n> - \\[360265320\\] High CVE-2024-8193: Heap buffer overflow in Skia.\n> Reported by Renan Rios (@hyhy_100) on 2024-08-16\n> - \\[360533914\\] High CVE-2024-8194: Type Confusion in V8. Reported by\n> Seunghyun Lee (@0x10n) on 2024-08-18\n> - \\[360758697\\] High CVE-2024-8198: Heap buffer overflow in Skia.\n> Reported by Renan Rios (@hyhy_100) on 2024-08-19\n", "id": "FreeBSD-2024-0204", "modified": "2024-08-29T00:00:00Z", "published": "2024-08-29T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://chromereleases.googleblog.com/2024/08/stable-channel-update-for-desktop_28.html" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-7969" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-8193" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-8194" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-8198" }, { "type": "WEB", "url": "https://chromereleases.googleblog.com/2024/08/stable-channel-update-for-desktop_28.html" } ], "schema_version": "1.7.0", "summary": "chromium -- multiple security fixes" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "py38-configobj" }, "ranges": [ { "events": [ { "last_affected": "5.0.8" }, { "fixed": "5.0.8" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "py39-configobj" }, "ranges": [ { "events": [ { "last_affected": "5.0.8" }, { "fixed": "5.0.8" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "py310-configobj" }, "ranges": [ { "events": [ { "last_affected": "5.0.8" }, { "fixed": "5.0.8" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "py311-configobj" }, "ranges": [ { "events": [ { "last_affected": "5.0.8" }, { "fixed": "5.0.8" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://github.com/DiffSK/configobj/issues/232" ], "discovery": "2023-04-03T00:00:00Z", "references": { "cvename": [ "CVE-2023-26112" ] }, "vid": "46419e8c-65d9-11ef-ac06-b0416f0c4c67" }, "details": "report@snyk.io reports:\n\n> All versions of the package configobj are vulnerable to Regular\n> Expression Denial of Service (ReDoS) via the validate function, using\n> (.+?)\\\\((.\\*)\\\\).\\*\\*Note:\\*\\* This is only exploitable in the case of\n> a developer putting the offending value in a server side configuration\n> file.\n", "id": "FreeBSD-2024-0203", "modified": "2024-08-29T00:00:00Z", "published": "2024-08-29T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://github.com/DiffSK/configobj/issues/232" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-26112" }, { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-26112" } ], "schema_version": "1.7.0", "summary": "Configobj -- Regular Expression Denial of Service attack" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "gitlab-ce" }, "ranges": [ { "events": [ { "introduced": "17.3.0" }, { "fixed": "17.3.1" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "17.2.0" }, { "fixed": "17.2.4" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "8.2.0" }, { "fixed": "17.1.6" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "gitlab-ee" }, "ranges": [ { "events": [ { "introduced": "17.3.0" }, { "fixed": "17.3.1" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "17.2.0" }, { "fixed": "17.2.4" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "8.2.0" }, { "fixed": "17.1.6" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://about.gitlab.com/releases/2024/08/21/patch-release-gitlab-17-3-1-released/" ], "discovery": "2024-08-21T00:00:00Z", "references": { "cvename": [ "CVE-2024-6502", "CVE-2024-8041", "CVE-2024-7110", "CVE-2024-3127" ] }, "vid": "49ef501c-62b6-11ef-bba5-2cf05da270f3" }, "details": "Gitlab reports:\n\n> The GitLab Web Interface Does Not Guarantee Information Integrity When\n> Downloading Source Code from Releases\n>\n> Denial of Service by importing maliciously crafted GitHub repository\n>\n> Prompt injection in \\\"Resolve Vulnerabilty\\\" results in arbitrary\n> command execution in victim\\'s pipeline\n>\n> An unauthorized user can perform certain actions through GraphQL after\n> a group owner enables IP restrictions\n", "id": "FreeBSD-2024-0202", "modified": "2024-08-25T00:00:00Z", "published": "2024-08-25T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://about.gitlab.com/releases/2024/08/21/patch-release-gitlab-17-3-1-released/" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-6502" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-8041" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-7110" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-3127" }, { "type": "WEB", "url": "https://about.gitlab.com/releases/2024/08/21/patch-release-gitlab-17-3-1-released/" } ], "schema_version": "1.7.0", "summary": "Gitlab -- vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "firefox" }, "ranges": [ { "events": [ { "fixed": "127,2" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://bugzilla.mozilla.org/show_bug.cgi?id=1414937" ], "discovery": "2024-06-11T00:00:00Z", "references": { "cvename": [ "CVE-2024-5697", "CVE-2024-5698" ] }, "vid": "7e6e932f-617b-11ef-8a7d-b42e991fc52e" }, "details": "security@mozilla.org reports:\n\n> - CVE-2024-5697: A website was able to detect when a user took a\n> screenshot of a page using the built-in Screenshot functionality in\n> Firefox.\n> - CVE-2024-5698: By manipulating the fullscreen feature while opening\n> a data-list, an attacker could have overlaid a text box over the\n> address bar. This could have led to user confusion and possible\n> spoofing attacks.\n", "id": "FreeBSD-2024-0201", "modified": "2024-08-23T00:00:00Z", "published": "2024-08-23T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1414937" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-5697" }, { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-5697" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-5698" }, { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-5698" } ], "schema_version": "1.7.0", "summary": "firefox -- Multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "mcpp" }, "ranges": [ { "events": [ { "fixed": "2.7.2" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00032.html" ], "discovery": "2019-07-26T00:00:00Z", "references": { "cvename": [ "CVE-2019-14274" ] }, "vid": "6e8b9c75-6179-11ef-8a7d-b42e991fc52e" }, "details": "cve@mitre.org reports:\n\n> MCPP 2.7.2 has a heap-based buffer overflow in the do_msg() function\n> in support.c.\n", "id": "FreeBSD-2024-0200", "modified": "2024-08-23T00:00:00Z", "published": "2024-08-23T00:00:00Z", "references": [ { "type": "REPORT", "url": "http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00032.html" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-14274" }, { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-14274" } ], "schema_version": "1.7.0", "summary": "mcpp -- Heap-based buffer overflow" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "md4c" }, "ranges": [ { "events": [ { "fixed": "0.4.7" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://github.com/mity/md4c/commit/4fc808d8fe8d8904f8525bb4231d854f45e23a19" ], "discovery": "2021-04-29T00:00:00Z", "references": { "cvename": [ "CVE-2021-30027" ] }, "vid": "f2b1da2e-6178-11ef-8a7d-b42e991fc52e" }, "details": "cve@mitre.org reports:\n\n> md_analyze_line in md4c.c in md4c 0.4.7 allows attackers to trigger\n> use of uninitialized memory, and cause a denial of service via a\n> malformed Markdown document.\n", "id": "FreeBSD-2024-0199", "modified": "2024-08-23T00:00:00Z", "published": "2024-08-23T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://github.com/mity/md4c/commit/4fc808d8fe8d8904f8525bb4231d854f45e23a19" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-30027" }, { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-30027" } ], "schema_version": "1.7.0", "summary": "md4c -- DoS attack" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "chromium" }, "ranges": [ { "events": [ { "fixed": "128.0.6613.84" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "ungoogled-chromium" }, "ranges": [ { "events": [ { "fixed": "128.0.6613.84" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://chromereleases.googleblog.com/2024/08/stable-channel-update-for-desktop_21.html" ], "discovery": "2024-08-21T00:00:00Z", "references": { "cvename": [ "CVE-2024-7964", "CVE-2024-7965", "CVE-2024-7966", "CVE-2024-7967", "CVE-2024-7968", "CVE-2024-7969", "CVE-2024-7971", "CVE-2024-7972", "CVE-2024-7973", "CVE-2024-7974", "CVE-2024-7975", "CVE-2024-7976", "CVE-2024-7977", "CVE-2024-7978", "CVE-2024-7979", "CVE-2024-7980", "CVE-2024-7981", "CVE-2024-8033", "CVE-2024-8034", "CVE-2024-8035" ] }, "vid": "b339992e-6059-11ef-8a0f-a8a1599412c6" }, "details": "Chrome Releases reports:\n\n> This update includes 38 security fixes:\n>\n> - \\[358296941\\] High CVE-2024-7964: Use after free in Passwords.\n> Reported by Anonymous on 2024-08-08\n> - \\[356196918\\] High CVE-2024-7965: Inappropriate implementation in\n> V8. Reported by TheDog on 2024-07-30\n> - \\[355465305\\] High CVE-2024-7966: Out of bounds memory access in\n> Skia. Reported by Renan Rios (@HyHy100) on 2024-07-25\n> - \\[355731798\\] High CVE-2024-7967: Heap buffer overflow in Fonts.\n> Reported by Tashita Software Security on 2024-07-27\n> - \\[349253666\\] High CVE-2024-7968: Use after free in Autofill.\n> Reported by Han Zheng (HexHive) on 2024-06-25\n> - \\[351865302\\] High CVE-2024-7969: Type Confusion in V8. Reported by\n> CFF of Topsec Alpha Team on 2024-07-09\n> - \\[360700873\\] High CVE-2024-7971: Type confusion in V8. Reported by\n> Microsoft Threat Intelligence Center (MSTIC), Microsoft Security\n> Response Center (MSRC) on 2024-08-19\n> - \\[345960102\\] Medium CVE-2024-7972: Inappropriate implementation in\n> V8. Reported by Simon Gerst (intrigus-lgtm) on 2024-06-10\n> - \\[345518608\\] Medium CVE-2024-7973: Heap buffer overflow in PDFium.\n> Reported by soiax on 2024-06-06\n> - \\[339141099\\] Medium CVE-2024-7974: Insufficient data validation in\n> V8 API. Reported by bowu(@gocrashed) on 2024-05-07\n> - \\[347588491\\] Medium CVE-2024-7975: Inappropriate implementation in\n> Permissions. Reported by Thomas Orlita on 2024-06-16\n> - \\[339654392\\] Medium CVE-2024-7976: Inappropriate implementation in\n> FedCM. Reported by Alesandro Ortiz on 2024-05-10\n> - \\[324770940\\] Medium CVE-2024-7977: Insufficient data validation in\n> Installer. Reported by Kim Dong-uk (@justlikebono) on 2024-02-11\n> - \\[40060358\\] Medium CVE-2024-7978: Insufficient policy enforcement\n> in Data Transfer. Reported by NDevTK on 2022-07-21\n> - \\[356064205\\] Medium CVE-2024-7979: Insufficient data validation in\n> Installer. Reported by VulnNoob on 2024-07-29\n> - \\[356328460\\] Medium CVE-2024-7980: Insufficient data validation in\n> Installer. Reported by VulnNoob on 2024-07-30\n> - \\[40067456\\] Low CVE-2024-7981: Inappropriate implementation in\n> Views. Reported by Thomas Orlita on 2023-07-14\n> - \\[350256139\\] Low CVE-2024-8033: Inappropriate implementation in\n> WebApp Installs. Reported by Lijo A.T on 2024-06-30\n> - \\[353858776\\] Low CVE-2024-8034: Inappropriate implementation in\n> Custom Tabs. Reported by Bharat (mrnoob) on 2024-07-18\n> - \\[40059470\\] Low CVE-2024-8035: Inappropriate implementation in\n> Extensions. Reported by Microsoft on 2022-04-26\n", "id": "FreeBSD-2024-0198", "modified": "2024-08-22T00:00:00Z", "published": "2024-08-22T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://chromereleases.googleblog.com/2024/08/stable-channel-update-for-desktop_21.html" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-7964" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-7965" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-7966" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-7967" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-7968" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-7969" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-7971" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-7972" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-7973" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-7974" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-7975" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-7976" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-7977" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-7978" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-7979" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-7980" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-7981" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-8033" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-8034" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-8035" }, { "type": "WEB", "url": "https://chromereleases.googleblog.com/2024/08/stable-channel-update-for-desktop_21.html" } ], "schema_version": "1.7.0", "summary": "chromium -- multiple security fixes" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "nginx-devel" }, "ranges": [ { "events": [ { "introduced": "1.5.13,3" }, { "fixed": "1.27.1,3" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "nginx" }, "ranges": [ { "events": [ { "introduced": "1.6.0,3" }, { "fixed": "1.26.2,3" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "http://nginx.org/en/security_advisories.html" ], "discovery": "2024-08-14T00:00:00Z", "references": { "cvename": [ "CVE-2024-7347" ] }, "vid": "addc71b8-6024-11ef-86a1-8c164567ca3c" }, "details": "The nginx development team reports:\n\n> This update fixes the buffer overread vulnerability in the\n> ngx_http_mp4_module.\n", "id": "FreeBSD-2024-0197", "modified": "2024-08-22T00:00:00Z", "published": "2024-08-22T00:00:00Z", "references": [ { "type": "REPORT", "url": "http://nginx.org/en/security_advisories.html" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-7347" } ], "schema_version": "1.7.0", "summary": "nginx -- Vulnerability in the ngx_http_mp4_module" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "py38-Jinja2" }, "ranges": [ { "events": [ { "fixed": "3.1.4" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "py39-Jinja2" }, "ranges": [ { "events": [ { "fixed": "3.1.4" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "py310-Jinja2" }, "ranges": [ { "events": [ { "fixed": "3.1.4" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "py311-Jinja2" }, "ranges": [ { "events": [ { "fixed": "3.1.4" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://github.com/pallets/jinja/commit/0668239dc6b44ef38e7a6c9f91f312fd4ca581cb" ], "discovery": "2024-05-06T00:00:00Z", "references": { "cvename": [ "CVE-2024-34064" ] }, "vid": "04c9c3f8-5ed3-11ef-8262-b0416f0c4c67" }, "details": "security-advisories@github.com reports:\n\n> Jinja is an extensible templating engine. The \\`xmlattr\\` filter in\n> affected versions of Jinja accepts keys containing non-attribute\n> characters. XML/HTML attributes cannot contain spaces, \\`/\\`, \\`\\>\\`,\n> or \\`=\\`, as each would then be interpreted as starting a separate\n> attribute. If an application accepts keys (as opposed to only values)\n> as user input, and renders these in pages that other users see as\n> well, an attacker could use this to inject other attributes and\n> perform XSS. The fix for CVE-2024-22195 only addressed spaces but not\n> other characters. Accepting keys as user input is now explicitly\n> considered an unintended use case of the \\`xmlattr\\` filter, and code\n> that does so without otherwise validating the input should be flagged\n> as insecure, regardless of Jinja version. Accepting \\_values\\_ as user\n> input continues to be safe. This vulnerability is fixed in 3.1.4.\n", "id": "FreeBSD-2024-0196", "modified": "2024-08-20T00:00:00Z", "published": "2024-08-20T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://github.com/pallets/jinja/commit/0668239dc6b44ef38e7a6c9f91f312fd4ca581cb" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-34064" }, { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-34064" } ], "schema_version": "1.7.0", "summary": "Jinja2 -- Vulnerable to HTML attribute injection when passing user input as keys to xmlattr filter" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "firefox" }, "ranges": [ { "events": [ { "fixed": "129,2" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://bugzilla.mozilla.org/show_bug.cgi?id=1875354" ], "discovery": "2024-08-06T00:00:00Z", "references": { "cvename": [ "CVE-2024-7518" ] }, "vid": "d0ac9a17-5e68-11ef-b8cc-b42e991fc52e" }, "details": "security@mozilla.org reports:\n\n> Select options could obscure the fullscreen notification dialog. This\n> could be used by a malicious site to perform a spoofing attack. This\n> vulnerability affects Firefox \\< 129, Firefox ESR \\< 128.1, and\n> Thunderbird \\< 128.1.\n", "id": "FreeBSD-2024-0195", "modified": "2024-08-19T00:00:00Z", "published": "2024-08-19T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1875354" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-7518" }, { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-7518" } ], "schema_version": "1.7.0", "summary": "mozilla products -- spoofing attack" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "electron31" }, "ranges": [ { "events": [ { "fixed": "31.4.0" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://github.com/electron/electron/releases/tag/v31.4.0" ], "discovery": "2024-08-15T00:00:00Z", "references": { "cvename": [ "CVE-2024-6989", "CVE-2024-6991" ] }, "vid": "e61af8f4-455d-4f99-8d81-fbb004929dab" }, "details": "Electron developers report:\n\n> This update fixes the following vulnerabilities:\n>\n> - Security: backported fix for CVE-2024-6989.\n> - Security: backported fix for CVE-2024-6991.\n", "id": "FreeBSD-2024-0194", "modified": "2024-08-18T00:00:00Z", "published": "2024-08-18T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://github.com/electron/electron/releases/tag/v31.4.0" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-6989" }, { "type": "ADVISORY", "url": "https://github.com/advisories/GHSA-32j6-235r-7fmm" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-6991" }, { "type": "ADVISORY", "url": "https://github.com/advisories/GHSA-3v8g-fm64-g4mc" } ], "schema_version": "1.7.0", "summary": "electron31 -- multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "electron29" }, "ranges": [ { "events": [ { "fixed": "29.4.6" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "electron30" }, "ranges": [ { "events": [ { "fixed": "30.4.0" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://github.com/electron/electron/releases/tag/v29.4.6" ], "discovery": "2024-08-16T00:00:00Z", "references": { "cvename": [ "CVE-2024-6776", "CVE-2024-6778", "CVE-2024-6777", "CVE-2024-6773", "CVE-2024-6774", "CVE-2024-6772", "CVE-2024-6775", "CVE-2024-6779", "CVE-2024-6989", "CVE-2024-6991" ] }, "vid": "ac025402-4cbc-4177-bd99-c20c03a07f23" }, "details": "Electron developers report:\n\n> This update fixes the following vulnerabilities:\n>\n> - Security: backported fix for CVE-2024-6776.\n> - Security: backported fix for CVE-2024-6778.\n> - Security: backported fix for CVE-2024-6777.\n> - Security: backported fix for CVE-2024-6773.\n> - Security: backported fix for CVE-2024-6774.\n> - Security: backported fix for CVE-2024-6772.\n> - Security: backported fix for CVE-2024-6775.\n> - Security: backported fix for CVE-2024-6779.\n> - Security: backported fix for CVE-2024-6989.\n> - Security: backported fix for CVE-2024-6991.\n", "id": "FreeBSD-2024-0193", "modified": "2024-08-18T00:00:00Z", "published": "2024-08-18T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://github.com/electron/electron/releases/tag/v29.4.6" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-6776" }, { "type": "ADVISORY", "url": "https://github.com/advisories/GHSA-7hjm-9cg2-rcg6" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-6778" }, { "type": "ADVISORY", "url": "https://github.com/advisories/GHSA-9m98-937v-r97x" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-6777" }, { "type": "ADVISORY", "url": "https://github.com/advisories/GHSA-w2v8-c457-cjvf" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-6773" }, { "type": "ADVISORY", "url": "https://github.com/advisories/GHSA-7gj8-545r-5295" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-6774" }, { "type": "ADVISORY", "url": "https://github.com/advisories/GHSA-cgm7-mqr6-f7vg" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-6772" }, { "type": "ADVISORY", "url": "https://github.com/advisories/GHSA-cc8c-62x7-qwjr" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-6775" }, { "type": "ADVISORY", "url": "https://github.com/advisories/GHSA-mxwm-jm3p-mh5m" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-6779" }, { "type": "ADVISORY", "url": "https://github.com/advisories/GHSA-v4v9-v4wf-9c86" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-6989" }, { "type": "ADVISORY", "url": "https://github.com/advisories/GHSA-32j6-235r-7fmm" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-6991" }, { "type": "ADVISORY", "url": "https://github.com/advisories/GHSA-3v8g-fm64-g4mc" } ], "schema_version": "1.7.0", "summary": "electron{29,30} -- multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "dovecot" }, "ranges": [ { "events": [ { "fixed": "2.3.21.1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://dovecot.org/mailman3/hyperkitty/list/dovecot-news@dovecot.org/thread/2CSVL56LFPAXVLWMGXEIWZL736PSYHP5/" ], "discovery": "2024-08-14T00:00:00Z", "references": { "cvename": [ "CVE-2024-23184", "CVE-2024-23185" ] }, "vid": "6a6ad6cb-5c6c-11ef-b456-001e676bf734" }, "details": "Dovecot reports:\n\n> A DoS is possible with a large number of address headers or abnormally\n> large email headers.\n", "id": "FreeBSD-2024-0192", "modified": "2024-08-16T00:00:00Z", "published": "2024-08-16T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://dovecot.org/mailman3/hyperkitty/list/dovecot-news@dovecot.org/thread/2CSVL56LFPAXVLWMGXEIWZL736PSYHP5/" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-23184" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-23185" }, { "type": "WEB", "url": "https://dovecot.org/mailman3/hyperkitty/list/dovecot-news@dovecot.org/thread/2CSVL56LFPAXVLWMGXEIWZL736PSYHP5/" } ], "schema_version": "1.7.0", "summary": "Dovecot -- DoS" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "cpu-microcode-intel" }, "ranges": [ { "events": [ { "fixed": "20240813" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01083.html", "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01118.html", "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01100.html", "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01038.html", "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01046.html" ], "discovery": "2024-08-13T00:00:00Z", "references": { "cvename": [ "CVE-2024-24853", "CVE-2024-25939", "CVE-2024-24980", "CVE-2023-42667", "CVE-2023-49141" ] }, "vid": "9d8e9952-5a42-11ef-a219-1c697a616631" }, "details": "Intel reports:\n\n> A potential security vulnerability in SMI Transfer monitor (STM) may\n> allow escalation of privilege. Intel has released microcode updates to\n> mitigate this potential vulnerability.\n\n> A potential security vulnerability in some 3rd Generation Intel Xeon\n> Scalable Processors may allow denial of service. Intel has released\n> microcode updates to mitigate this potential vulnerability.\n\n> A potential security vulnerability in some 3rd, 4th, and 5th\n> Generation Intel Xeon Processors may allow escalation of privilege.\n> Intel has released firmware updates to mitigate this potential\n> vulnerability.\n\n> A potential security vulnerability in the Intel Core Ultra Processor\n> stream cache mechanism may allow escalation of privilege. Intel has\n> released microcode updates to mitigate this potential vulnerability.\n\n> A potential security vulnerability in some Intel Processor stream\n> cache mechanisms may allow escalation of privilege. Intel has released\n> microcode updates to mitigate this potential vulnerability.\n", "id": "FreeBSD-2024-0191", "modified": "2024-08-14T00:00:00Z", "published": "2024-08-14T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01083.html" }, { "type": "REPORT", "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01118.html" }, { "type": "REPORT", "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01100.html" }, { "type": "REPORT", "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01038.html" }, { "type": "REPORT", "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01046.html" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-24853" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-25939" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-24980" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-42667" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-49141" }, { "type": "WEB", "url": "https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/releases/tag/microcode-20240813" } ], "schema_version": "1.7.0", "summary": "Intel CPUs -- multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "firefox" }, "ranges": [ { "events": [ { "fixed": "129.0,2" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://bugzilla.mozilla.org/show_bug.cgi?id=1905691" ], "discovery": "2024-08-06T00:00:00Z", "references": { "cvename": [ "CVE-2024-7531", "CVE-2024-7529", "CVE-2024-7525", "CVE-2024-7522", "CVE-2024-7520", "CVE-2024-7521", "CVE-2024-7530", "CVE-2024-7528", "CVE-2024-7527" ] }, "vid": "5d7939f6-5989-11ef-9793-b42e991fc52e" }, "details": "security@mozilla.org reports:\n\n> - CVE-2024-7531: Calling \\`PK11_Encrypt()\\` in NSS using CKM_CHACHA20\n> and the same buffer for input and output can result in plaintext on\n> an Intel Sandy Bridge processor. In Firefox this only affects the\n> QUIC header protection feature when the connection is using the\n> ChaCha20-Poly1305 cipher suite. The most likely outcome is\n> connection failure, but if the connection persists despite the high\n> packet loss it could be possible for a network observer to identify\n> packets as coming from the same source despite a network path\n> change. This vulnerability affects Firefox \\< 129, Firefox ESR \\<\n> 115.14, and Firefox ESR \\< 128.1.\n> - CVE-2024-7529: The date picker could partially obscure security\n> prompts. This could be used by a malicious site to trick a user into\n> granting permissions. This vulnerability affects Firefox \\< 129,\n> Firefox ESR \\< 115.14, Firefox ESR \\< 128.1, Thunderbird \\< 128.1,\n> and Thunderbird \\< 115.14.\n> - CVE-2024-7525: It was possible for a web extension with minimal\n> permissions to create a \\`StreamFilter\\` which could be used to read\n> and modify the response body of requests on any site. This\n> vulnerability affects Firefox \\< 129, Firefox ESR \\< 115.14, Firefox\n> ESR \\< 128.1, Thunderbird \\< 128.1, and Thunderbird \\< 115.14.\n> - CVE-2024-7522: Editor code failed to check an attribute value. This\n> could have led to an out-of-bounds read. This vulnerability affects\n> Firefox \\< 129, Firefox ESR \\< 115.14, Firefox ESR \\< 128.1,\n> Thunderbird \\< 128.1, and Thunderbird \\< 115.14.\n> - CVE-2024-7520: A type confusion bug in WebAssembly could be\n> leveraged by an attacker to potentially achieve code execution. This\n> vulnerability affects Firefox \\< 129, Firefox ESR \\< 128.1, and\n> Thunderbird \\< 128.1.\n> - CVE-2024-7521: Incomplete WebAssembly exception handing could have\n> led to a use-after-free. This vulnerability affects Firefox \\< 129,\n> Firefox ESR \\< 115.14, Firefox ESR \\< 128.1, Thunderbird \\< 128.1,\n> and Thunderbird \\< 115.14.\n> - CVE-2024-7530: Incorrect garbage collection interaction could have\n> led to a use-after-free. This vulnerability affects Firefox \\< 129.\n> - CVE-2024-7528: Incorrect garbage collection interaction in IndexedDB\n> could have led to a use-after-free. This vulnerability affects\n> Firefox \\< 129, Firefox ESR \\< 128.1, and Thunderbird \\< 128.1.\n> - CVE-2024-7527: Unexpected marking work at the start of sweeping\n> could have led to a use-after-free. This vulnerability affects\n> Firefox \\< 129, Firefox ESR \\< 115.14, Firefox ESR \\< 128.1,\n> Thunderbird \\< 128.1, and Thunderbird \\< 115.14.\n", "id": "FreeBSD-2024-0190", "modified": "2024-08-13T00:00:00Z", "published": "2024-08-13T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1905691" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-7531" }, { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-7531" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-7529" }, { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-7529" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-7525" }, { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-7525" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-7522" }, { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-7522" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-7520" }, { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-7520" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-7521" }, { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-7521" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-7530" }, { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-7530" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-7528" }, { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-7528" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-7527" }, { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-7527" } ], "schema_version": "1.7.0", "summary": "firefox -- multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "openhab-addons" }, "ranges": [ { "events": [ { "fixed": "4.2.1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://github.com/openhab/openhab-distro/releases/tag/4.2.1" ], "discovery": "2024-08-09T00:00:00Z", "vid": "587ed8ac-5957-11ef-854a-001e676bf734" }, "details": "OpenHAB reports:\n\n> This patch release addresses the following security advisories:\n>\n> - SSRF/XSS (CometVisu) -\n> [GHSA-v7gr-mqpj-wwh3](https://github.com/openhab/openhab-webui/security/advisories/GHSA-v7gr-mqpj-wwh3)\n> - Sensitive information disclosure (CometVisu) -\n> [GHSA-3g4c-hjhr-73rj](https://github.com/openhab/openhab-webui/security/advisories/GHSA-3g4c-hjhr-73rj)\n> - RCE through path traversal (CometVisu) -\n> [GHSA-f729-58x4-gqgf](https://github.com/openhab/openhab-webui/sec%20urity/advisories/GHSA-f729-58x4-gqgf)\n> - Path traversal (CometVisu) -\n> [GHSA-pcwp-26pw-j98w](https://github.com/openhab/openhab-webui/security/advisories/GHSA-pcwp-26pw-j98w)\n>\n> All of these are related to the CometVisu add-on for openHAB - if you\n> are a user of CometVisu, we strongly recommend to upgrade your system\n> to openHAB 4.2.1 in order to fix those vulnerabilities.\n", "id": "FreeBSD-2024-0189", "modified": "2024-08-09T00:00:00Z", "published": "2024-08-09T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://github.com/openhab/openhab-distro/releases/tag/4.2.1" }, { "type": "WEB", "url": "https://github.com/openhab/openhab-distro/releases/tag/4.2.1" }, { "type": "WEB", "url": "https://github.com/openhab/openhab-webui/security/advisories/GHSA-v7gr-mqpj-wwh3" }, { "type": "WEB", "url": "https://github.com/openhab/openhab-webui/security/advisories/GHSA-3g4c-hjhr-73rj" }, { "type": "WEB", "url": "https://github.com/openhab/openhab-webui/security/advisories/GHSA-f729-58x4-gqgf" }, { "type": "WEB", "url": "https://github.com/openhab/openhab-webui/security/advisories/GHSA-pcwp-26pw-j98w" } ], "schema_version": "1.7.0", "summary": "OpenHAB CometVisu addon -- Multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "vaultwarden" }, "ranges": [ { "events": [ { "fixed": "1.32.0" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://github.com/dani-garcia/vaultwarden/releases/tag/1.32.0" ], "discovery": "2024-08-11T00:00:00Z", "references": { "cvename": [ "CVE-2024-39924", "CVE-2024-39925", "CVE-2024-39926" ] }, "vid": "d2723b0f-58d9-11ef-b611-84a93843eb75" }, "details": "The Vaultwarden Team reports:\n\n> This release has several CVE Reports fixed and we recommend everybody\n> to update to the latest version as soon as possible.\n", "id": "FreeBSD-2024-0188", "modified": "2024-08-12T00:00:00Z", "published": "2024-08-12T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://github.com/dani-garcia/vaultwarden/releases/tag/1.32.0" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-39924" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-39925" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-39926" }, { "type": "WEB", "url": "https://github.com/dani-garcia/vaultwarden/releases/tag/1.32.0" } ], "schema_version": "1.7.0", "summary": "Vaultwarden -- Multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "cpu-microcode-amd" }, "ranges": [ { "events": [ { "fixed": "20240810" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://www.amd.com/en/resources/product-security/bulletin/amd-sb-7014.html" ], "discovery": "2024-08-09T00:00:00Z", "references": { "cvename": [ "CVE-2023-31315" ] }, "vid": "7d631146-5769-11ef-b618-1c697a616631" }, "details": "AMD reports:\n\n> Researchers from IOActive have reported that it may be possible for an\n> attacker with ring 0 access to modify the configuration of System\n> Management Mode (SMM) even when SMM Lock is enabled. Improper\n> validation in a model specific register (MSR) could allow a malicious\n> program with ring0 access to modify SMM configuration while SMI lock\n> is enabled, potentially leading to arbitrary code execution.\n", "id": "FreeBSD-2024-0187", "modified": "2024-08-10T00:00:00Z", "published": "2024-08-10T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://www.amd.com/en/resources/product-security/bulletin/amd-sb-7014.html" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-31315" }, { "type": "WEB", "url": "https://www.amd.com/en/resources/product-security/bulletin/amd-sb-7014.html" } ], "schema_version": "1.7.0", "summary": "AMD CPUs -- Guest Memory Vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "roundcube" }, "ranges": [ { "events": [ { "fixed": "1.6.8,1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://roundcube.net/news/2024/08/04/security-updates-1.6.8-and-1.5.8" ], "discovery": "2024-08-04T00:00:00Z", "references": { "cvename": [ "CVE-2024-42009", "CVE-2024-42008", "CVE-2024-42010" ] }, "vid": "5776cc4f-5717-11ef-b611-84a93843eb75" }, "details": "The Roundcube project reports:\n\n> XSS vulnerability in post-processing of sanitized HTML content\n> \\[CVE-2024-42009\\]\n>\n> XSS vulnerability in serving of attachments other than HTML or SVG\n> \\[CVE-2024-42008\\]\n>\n> information leak (access to remote content) via insufficient CSS\n> filtering \\[CVE-2024-42010\\]\n", "id": "FreeBSD-2024-0186", "modified": "2024-08-10T00:00:00Z", "published": "2024-08-10T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://roundcube.net/news/2024/08/04/security-updates-1.6.8-and-1.5.8" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-42009" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-42008" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-42010" }, { "type": "WEB", "url": "https://roundcube.net/news/2024/08/04/security-updates-1.6.8-and-1.5.8" } ], "schema_version": "1.7.0", "summary": "Roundcube -- Multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "firefox" }, "ranges": [ { "events": [ { "fixed": "127.0,2" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://bugzilla.mozilla.org/show_bug.cgi?id=1883693" ], "discovery": "2024-06-11T00:00:00Z", "references": { "cvename": [ "CVE-2024-5690" ] }, "vid": "aa1c7af9-570e-11ef-a43e-b42e991fc52e" }, "details": "security@mozilla.org reports:\n\n> By monitoring the time certain operations take, an attacker could have\n> guessed which external protocol handlers were functional on a user\\'s\n> system. This vulnerability affects Firefox \\< 127, Firefox ESR \\<\n> 115.12, and Thunderbird \\< 115.12.\n", "id": "FreeBSD-2024-0185", "modified": "2024-08-10T00:00:00Z", "published": "2024-08-10T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1883693" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-5690" }, { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-5690" } ], "schema_version": "1.7.0", "summary": "mozilla firefox -- protocol information guessing" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "soft-serve" }, "ranges": [ { "events": [ { "fixed": "0.7.5" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://github.com/charmbracelet/soft-serve/security/advisories/GHSA-m445-w3xr-vp2f" ], "discovery": "2024-08-01T00:00:00Z", "references": { "cvename": [ "CVE-2024-41956" ] }, "vid": "8c342a6c-563f-11ef-a77e-901b0e9408dc" }, "details": "soft-serve team reports:\n\n> Arbitrary code execution by crafting git ssh requests\n>\n> It is possible for a user who can commit files to a repository hosted\n> by Soft Serve to execute arbitrary code via environment manipulation\n> and Git.\n", "id": "FreeBSD-2024-0184", "modified": "2024-08-09T00:00:00Z", "published": "2024-08-09T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://github.com/charmbracelet/soft-serve/security/advisories/GHSA-m445-w3xr-vp2f" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-41956" }, { "type": "WEB", "url": "https://github.com/charmbracelet/soft-serve/security/advisories/GHSA-m445-w3xr-vp2f" } ], "schema_version": "1.7.0", "summary": "soft-serve -- Remote code execution vulnerability" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "postgresql12-client" }, "ranges": [ { "events": [ { "fixed": "12.20" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "postgresql13-client" }, "ranges": [ { "events": [ { "fixed": "13.16" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "postgresql14-client" }, "ranges": [ { "events": [ { "fixed": "14.13" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "postgresql15-client" }, "ranges": [ { "events": [ { "fixed": "15.8" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "postgresql16-client" }, "ranges": [ { "events": [ { "fixed": "16.4" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "postgresql12-server" }, "ranges": [ { "events": [ { "fixed": "12.20" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "postgresql13-server" }, "ranges": [ { "events": [ { "fixed": "13.16" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "postgresql14-server" }, "ranges": [ { "events": [ { "fixed": "14.13" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "postgresql15-server" }, "ranges": [ { "events": [ { "fixed": "15.8" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "postgresql16-server" }, "ranges": [ { "events": [ { "fixed": "16.4" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://www.postgresql.org/support/security/CVE-2024-7348/" ], "discovery": "2024-08-08T00:00:00Z", "references": { "cvename": [ "CVE-2024-7348" ] }, "vid": "48e6d514-5568-11ef-af48-6cc21735f730" }, "details": "PostgreSQL project reports:\n\n> An attacker able to create and drop non-temporary objects could inject\n> SQL code that would be executed by a concurrent pg_dump session with\n> the privileges of the role running pg_dump (which is often a\n> superuser). The attack involves replacing a sequence or similar object\n> with a view or foreign table that will execute malicious code. To\n> prevent this, introduce a new server parameter\n> restrict_nonsystem_relation_kind that can disable expansion of\n> non-builtin views as well as access to foreign tables, and teach\n> pg_dump to set it when available. Note that the attack is prevented\n> only if both pg_dump and the server it is dumping from are new enough\n> to have this fix.\n", "id": "FreeBSD-2024-0183", "modified": "2024-08-08T00:00:00Z", "published": "2024-08-08T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://www.postgresql.org/support/security/CVE-2024-7348/" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-7348" }, { "type": "WEB", "url": "https://www.postgresql.org/support/security/CVE-2024-7348/" } ], "schema_version": "1.7.0", "summary": "PostgreSQL -- Prevent unauthorized code execution during pg_dump" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "jenkins" }, "ranges": [ { "events": [ { "fixed": "2.471" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "jenkins-lts" }, "ranges": [ { "events": [ { "fixed": "2.462.1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://www.jenkins.io/security/advisory/2024-08-07/" ], "discovery": "2024-08-07T00:00:00Z", "references": { "cvename": [ "CVE-2024-43044", "CVE-2024-43045" ] }, "vid": "db8fa362-0ccb-4aa8-9220-72b7763e9a4a" }, "details": "Jenkins Security Advisory:\n\n> # Description\n>\n> ##### (Critical) SECURITY-3430 / CVE-2024-43044\n>\n> Arbitrary file read vulnerability through agent connections can lead\n> to RCE\n>\n> # Description\n>\n> ##### (Medium) SECURITY-3349 / CVE-2024-43045\n>\n> Missing permission check allows accessing other users\\' \\\"My Views\\\"\n", "id": "FreeBSD-2024-0182", "modified": "2024-08-07T00:00:00Z", "published": "2024-08-07T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://www.jenkins.io/security/advisory/2024-08-07/" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-43044" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-43045" }, { "type": "WEB", "url": "https://www.jenkins.io/security/advisory/2024-08-07/" } ], "schema_version": "1.7.0", "summary": "jenkins -- multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "gitlab-ce" }, "ranges": [ { "events": [ { "introduced": "17.2.0" }, { "fixed": "17.2.2" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "17.1.0" }, { "fixed": "17.1.4" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "12.0.0" }, { "fixed": "17.0.6" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "gitlab-ee" }, "ranges": [ { "events": [ { "introduced": "17.2.0" }, { "fixed": "17.2.2" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "17.1.0" }, { "fixed": "17.1.4" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "12.0.0" }, { "fixed": "17.0.6" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://about.gitlab.com/releases/2024/08/07/patch-release-gitlab-17-2-2-released/" ], "discovery": "2024-08-07T00:00:00Z", "references": { "cvename": [ "CVE-2024-3035", "CVE-2024-6356", "CVE-2024-5423", "CVE-2024-4210", "CVE-2024-2800", "CVE-2024-6329", "CVE-2024-4207", "CVE-2024-3958", "CVE-2024-4784", "CVE-2024-3114", "CVE-2024-7586" ] }, "vid": "729008b9-54bf-11ef-a61b-2cf05da270f3" }, "details": "Gitlab reports:\n\n> Privilege Escalation via LFS Tokens Granting Unrestricted Repository\n> Access\n>\n> Cross project access of Security policy bot\n>\n> Advanced search ReDOS in highlight for code results\n>\n> Denial of Service via banzai pipeline\n>\n> Denial of service using adoc files\n>\n> ReDoS in RefMatcher when matching branch names using wildcards\n>\n> Path encoding can cause the Web interface to not render diffs\n> correctly\n>\n> XSS while viewing raw XHTML files through API\n>\n> Ambiguous tag name exploitation\n>\n> Logs disclosings potentially sensitive data in query params\n>\n> Password bypass on approvals using policy projects\n>\n> ReDoS when parsing git push\n>\n> Webhook deletion audit log can preserve auth credentials\n", "id": "FreeBSD-2024-0181", "modified": "2024-08-07T00:00:00Z", "published": "2024-08-07T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://about.gitlab.com/releases/2024/08/07/patch-release-gitlab-17-2-2-released/" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-3035" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-6356" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-5423" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-4210" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-2800" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-6329" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-4207" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-3958" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-4784" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-3114" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-7586" }, { "type": "WEB", "url": "https://about.gitlab.com/releases/2024/08/07/patch-release-gitlab-17-2-2-released/" } ], "schema_version": "1.7.0", "summary": "Gitlab -- Vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "py39-django42" }, "ranges": [ { "events": [ { "fixed": "4.2.15" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "py310-django42" }, "ranges": [ { "events": [ { "fixed": "4.2.15" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "py311-django42" }, "ranges": [ { "events": [ { "fixed": "4.2.15" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "py310-django50" }, "ranges": [ { "events": [ { "fixed": "5.0.8" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "py311-django50" }, "ranges": [ { "events": [ { "fixed": "5.0.8" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://www.djangoproject.com/weblog/2024/aug/06/security-releases/" ], "discovery": "2024-08-01T00:00:00Z", "references": { "cvename": [ "CVE-2024-41989", "CVE-2024-41990", "CVE-2024-41991", "CVE-2024-42005" ] }, "vid": "94d441d2-5497-11ef-9d2f-080027836e8b" }, "details": "Django reports:\n\n> CVE-2024-41989: Memory exhaustion in\n> django.utils.numberformat.floatformat().\n>\n> CVE-2024-41990: Potential denial-of-service in\n> django.utils.html.urlize().\n>\n> CVE-2024-41991: Potential denial-of-service vulnerability in\n> django.utils.html.urlize() and AdminURLFieldWidget.\n>\n> CVE-2024-42005: Potential SQL injection in QuerySet.values() and\n> values_list().\n", "id": "FreeBSD-2024-0180", "modified": "2024-08-07T00:00:00Z", "published": "2024-08-07T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://www.djangoproject.com/weblog/2024/aug/06/security-releases/" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-41989" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-41990" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-41991" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-42005" }, { "type": "WEB", "url": "https://www.djangoproject.com/weblog/2024/aug/06/security-releases/" } ], "schema_version": "1.7.0", "summary": "Django -- multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "chromium" }, "ranges": [ { "events": [ { "fixed": "127.0.6533.99" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "ungoogled-chromium" }, "ranges": [ { "events": [ { "fixed": "127.0.6533.99" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://chromereleases.googleblog.com/2024/08/stable-channel-update-for-desktop.html" ], "discovery": "2024-08-06T00:00:00Z", "references": { "cvename": [ "CVE-2024-7532", "CVE-2024-7550", "CVE-2024-7534", "CVE-2024-7535", "CVE-2024-7536" ] }, "vid": "05cd9f82-5426-11ef-8a0f-a8a1599412c6" }, "details": "Chrome Releases reports:\n\n> This update includes 5 security fixes:\n>\n> - \\[350528343\\] Critical CVE-2024-7532: Out of bounds memory access in\n> ANGLE. Reported by wgslfuzz on 2024-07-02\n> - \\[353552540\\] High CVE-2024-7533: Use after free in Sharing.\n> Reported by lime(@limeSec\\_) from TIANGONG Team of Legendsec at\n> QI-ANXIN Group on 2024-07-17\n> - \\[355256380\\] High CVE-2024-7550: Type Confusion in V8. Reported by\n> Zhenghang Xiao (@Kipreyyy) on 2024-07-25\n> - \\[352467338\\] High CVE-2024-7534: Heap buffer overflow in Layout.\n> Reported by Tashita Software Security on 2024-07-11\n> - \\[352690885\\] High CVE-2024-7535: Inappropriate implementation in\n> V8. Reported by Tashita Software Security on 2024-07-12\n> - \\[354847246\\] High CVE-2024-7536: Use after free in WebAudio.\n> Reported by Cassidy Kim(@cassidy6564) on 2024-07-23\n", "id": "FreeBSD-2024-0179", "modified": "2024-08-06T00:00:00Z", "published": "2024-08-06T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://chromereleases.googleblog.com/2024/08/stable-channel-update-for-desktop.html" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-7532" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-7550" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-7534" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-7535" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-7536" }, { "type": "WEB", "url": "https://chromereleases.googleblog.com/2024/08/stable-channel-update-for-desktop.html" } ], "schema_version": "1.7.0", "summary": "chromium -- multiple security fixes" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "chromium" }, "ranges": [ { "events": [ { "fixed": "127.0.6533.88" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "ungoogled-chromium" }, "ranges": [ { "events": [ { "fixed": "127.0.6533.88" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://chromereleases.googleblog.com/2024/07/stable-channel-update-for-desktop_30.html" ], "discovery": "2024-07-30T00:00:00Z", "references": { "cvename": [ "CVE-2024-6990", "CVE-2024-7255", "CVE-2024-7256" ] }, "vid": "15d398ea-4f73-11ef-8a0f-a8a1599412c6" }, "details": "Chrome Releases reports:\n\n> This update includes 3 security fixes:\n>\n> - \\[353034820\\] Critical CVE-2024-6990: Uninitialized Use in Dawn.\n> Reported by gelatin dessert on 2024-07-15\n> - \\[352872238\\] High CVE-2024-7255: Out of bounds read in\n> WebTransport. Reported by Marten Richter on 2024-07-13\n> - \\[354748060\\] High CVE-2024-7256: Insufficient data validation in\n> Dawn. Reported by gelatin dessert on 2024-07-23\n", "id": "FreeBSD-2024-0178", "modified": "2024-07-31T00:00:00Z", "published": "2024-07-31T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://chromereleases.googleblog.com/2024/07/stable-channel-update-for-desktop_30.html" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-6990" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-7255" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-7256" }, { "type": "WEB", "url": "https://chromereleases.googleblog.com/2024/07/stable-channel-update-for-desktop_30.html" } ], "schema_version": "1.7.0", "summary": "chromium -- multiple security fixes" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "chromium" }, "ranges": [ { "events": [ { "fixed": "127.0.6533.72" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "ungoogled-chromium" }, "ranges": [ { "events": [ { "fixed": "127.0.6533.72" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://chromereleases.googleblog.com/2024/07/stable-channel-update-for-desktop_23.html" ], "discovery": "2024-07-23T00:00:00Z", "references": { "cvename": [ "CVE-2024-6988", "CVE-2024-6989", "CVE-2024-6991", "CVE-2024-6994", "CVE-2024-6995", "CVE-2024-6996", "CVE-2024-6997", "CVE-2024-6998", "CVE-2024-6999", "CVE-2024-7000", "CVE-2024-7001", "CVE-2024-7003", "CVE-2024-7004", "CVE-2024-7005" ] }, "vid": "fb0b5574-4e64-11ef-8a0f-a8a1599412c6" }, "details": "Chrome Releases reports:\n\n> This update includes 22 security fixes:\n>\n> - \\[349198731\\] High CVE-2024-6988: Use after free in Downloads.\n> Reported by lime(@limeSec\\_) from TIANGONG Team of Legendsec at\n> QI-ANXIN Group on 2024-06-25\n> - \\[349342289\\] High CVE-2024-6989: Use after free in Loader. Reported\n> by Anonymous on 2024-06-25\n> - \\[346618785\\] High CVE-2024-6991: Use after free in Dawn. Reported\n> by wgslfuzz on 2024-06-12\n> - \\[339686368\\] Medium CVE-2024-6994: Heap buffer overflow in Layout.\n> Reported by Huang Xilin of Ant Group Light-Year Security Lab on\n> 2024-05-10\n> - \\[343938078\\] Medium CVE-2024-6995: Inappropriate implementation in\n> Fullscreen. Reported by Alesandro Ortiz on 2024-06-01\n> - \\[333708039\\] Medium CVE-2024-6996: Race in Frames. Reported by\n> Louis Jannett (Ruhr University Bochum) on 2024-04-10\n> - \\[325293263\\] Medium CVE-2024-6997: Use after free in Tabs. Reported\n> by Sven Dysthe (@svn-dys) on 2024-02-15\n> - \\[340098902\\] Medium CVE-2024-6998: Use after free in User\n> Education. Reported by Sven Dysthe (@svn-dys) on 2024-05-13\n> - \\[340893685\\] Medium CVE-2024-6999: Inappropriate implementation in\n> FedCM. Reported by Alesandro Ortiz on 2024-05-15\n> - \\[339877158\\] Medium CVE-2024-7000: Use after free in CSS. Reported\n> by Anonymous on 2024-05-11\n> - \\[347509736\\] Medium CVE-2024-7001: Inappropriate implementation in\n> HTML. Reported by Jake Archibald on 2024-06-17\n> - \\[338233148\\] Low CVE-2024-7003: Inappropriate implementation in\n> FedCM. Reported by Alesandro Ortiz on 2024-05-01\n> - \\[40063014\\] Low CVE-2024-7004: Insufficient validation of untrusted\n> input in Safe Browsing. Reported by Anonymous on 2023-02-10\n> - \\[40068800\\] Low CVE-2024-7005: Insufficient validation of untrusted\n> input in Safe Browsing. Reported by Umar Farooq on 2023-08-04\n", "id": "FreeBSD-2024-0177", "modified": "2024-07-30T00:00:00Z", "published": "2024-07-30T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://chromereleases.googleblog.com/2024/07/stable-channel-update-for-desktop_23.html" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-6988" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-6989" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-6991" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-6994" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-6995" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-6996" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-6997" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-6998" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-6999" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-7000" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-7001" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-7003" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-7004" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-7005" }, { "type": "WEB", "url": "https://chromereleases.googleblog.com/2024/07/stable-channel-update-for-desktop_23.html" } ], "schema_version": "1.7.0", "summary": "chromium -- multiple security fixes" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "znc" }, "ranges": [ { "events": [ { "fixed": "1.9.1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39844" ], "discovery": "2024-07-03T00:00:00Z", "references": { "cvename": [ "CVE-2024-39844" ] }, "vid": "8057d198-4d26-11ef-8e64-641c67a117d8" }, "details": "Mitre reports:\n\n> In ZNC before 1.9.1, remote code execution can occur in modtcl via a\n> KICK.\n", "id": "FreeBSD-2024-0176", "modified": "2024-07-28T00:00:00Z", "published": "2024-07-28T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39844" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-39844" }, { "type": "WEB", "url": "https://wiki.znc.in/ChangeLog/1.9.1" }, { "type": "WEB", "url": "https://www.openwall.com/lists/oss-security/2024/07/03/9" } ], "schema_version": "1.7.0", "summary": "znc -- remote code execution vulnerability" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "mailpit" }, "ranges": [ { "events": [ { "fixed": "1.19.3" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://github.com/axllent/mailpit/releases/tag/v1.19.3" ], "discovery": "2024-07-26T00:00:00Z", "vid": "3e917407-4b3f-11ef-8e49-001999f8d30b" }, "details": "Mailpit developer reports:\n\n> A vulnerability was discovered which allowed a bad actor with SMTP\n> access to Mailpit to bypass the Content Security Policy headers using\n> a series of crafted HTML messages which could result in a stored XSS\n> attack via the web UI.\n", "id": "FreeBSD-2024-0175", "modified": "2024-07-26T00:00:00Z", "published": "2024-07-26T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://github.com/axllent/mailpit/releases/tag/v1.19.3" }, { "type": "WEB", "url": "https://github.com/axllent/mailpit/releases/tag/v1.19.3" } ], "schema_version": "1.7.0", "summary": "Mailpit -- Content Security Policy XSS" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "gitlab-ce" }, "ranges": [ { "events": [ { "introduced": "17.2.0" }, { "fixed": "17.2.1" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "17.1.0" }, { "fixed": "17.1.3" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "12.0.0" }, { "fixed": "17.0.5" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "gitlab-ee" }, "ranges": [ { "events": [ { "introduced": "17.2.0" }, { "fixed": "17.2.1" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "17.1.0" }, { "fixed": "17.1.3" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "12.0.0" }, { "fixed": "17.0.5" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://about.gitlab.com/releases/2024/07/24/patch-release-gitlab-17-2-1-released/" ], "discovery": "2024-07-24T00:00:00Z", "references": { "cvename": [ "CVE-2024-5067", "CVE-2024-7057", "CVE-2024-0231" ] }, "vid": "24c88add-4a3e-11ef-86d7-001b217b3468" }, "details": "Gitlab reports:\n\n> XSS via the Maven Dependency Proxy\n>\n> Project level analytics settings leaked in DOM\n>\n> Reports can access and download job artifacts despite use of settings\n> to prevent it\n>\n> Direct Transfer - Authorised project/group exports are accessible to\n> other users\n>\n> Bypassing tag check and branch check through imports\n>\n> Project Import/Export - Make project/group export files hidden to\n> everyone except user who initiated it\n", "id": "FreeBSD-2024-0174", "modified": "2024-07-25T00:00:00Z", "published": "2024-07-25T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://about.gitlab.com/releases/2024/07/24/patch-release-gitlab-17-2-1-released/" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-5067" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-7057" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-0231" }, { "type": "WEB", "url": "https://about.gitlab.com/releases/2024/07/24/patch-release-gitlab-17-2-1-released/" } ], "schema_version": "1.7.0", "summary": "Gitlab -- Vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "electron29" }, "ranges": [ { "events": [ { "fixed": "29.4.5" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://github.com/electron/electron/releases/tag/v29.4.5" ], "discovery": "2024-07-17T00:00:00Z", "references": { "cvename": [ "CVE-2024-6291", "CVE-2024-6293", "CVE-2024-6290", "CVE-2024-6292" ] }, "vid": "574028b4-a181-455b-a78b-ec5c62781235" }, "details": "Electron developers report:\n\n> This update fixes the following vulnerabilities:\n>\n> - Security: backported fix for CVE-2024-6291.\n> - Security: backported fix for CVE-2024-6293.\n> - Security: backported fix for CVE-2024-6290.\n> - Security: backported fix for CVE-2024-6292.\n", "id": "FreeBSD-2024-0173", "modified": "2024-07-19T00:00:00Z", "published": "2024-07-19T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://github.com/electron/electron/releases/tag/v29.4.5" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-6291" }, { "type": "ADVISORY", "url": "https://github.com/advisories/GHSA-rpvg-h6p6-42qj" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-6293" }, { "type": "ADVISORY", "url": "https://github.com/advisories/GHSA-9f8f-453p-rg87" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-6290" }, { "type": "ADVISORY", "url": "https://github.com/advisories/GHSA-r5mh-qgc2-26p2" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-6292" }, { "type": "ADVISORY", "url": "https://github.com/advisories/GHSA-m848-8f5r-6j4g" } ], "schema_version": "1.7.0", "summary": "electron29 -- multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "apache24" }, "ranges": [ { "events": [ { "introduced": "2.4.60" }, { "fixed": "2.4.62" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://httpd.apache.org/security/vulnerabilities_24.html" ], "discovery": "2024-07-17T00:00:00Z", "references": { "cvename": [ "CVE-2024-40725" ] }, "vid": "088b8b7d-446c-11ef-b611-84a93843eb75" }, "details": "The Apache httpd project reports:\n\n> source code disclosure with handlers configured via AddType\n> (CVE-2024-40725) (Important): A partial fix for CVE-2024-39884 in the\n> core of Apache HTTP Server 2.4.61 ignores some use of the legacy\n> content-type based configuration of handlers. \\\"AddType\\\" and similar\n> configuration, under some circumstances where files are requested\n> indirectly, result in source code disclosure of local content. For\n> example, PHP scripts may be served instead of interpreted.\n", "id": "FreeBSD-2024-0172", "modified": "2024-07-17T00:00:00Z", "published": "2024-07-17T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://httpd.apache.org/security/vulnerabilities_24.html" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-40725" }, { "type": "WEB", "url": "https://httpd.apache.org/security/vulnerabilities_24.html" } ], "schema_version": "1.7.0", "summary": "Apache httpd -- Source code disclosure with handlers configured via AddType" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "mysql80-client" }, "ranges": [ { "events": [ { "fixed": "8.0.38" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "mysql80-server" }, "ranges": [ { "events": [ { "fixed": "8.0.38" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "mysql81-client" }, "ranges": [ { "events": [ { "fixed": "8.1.1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "mysql81-server" }, "ranges": [ { "events": [ { "fixed": "8.1.1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "mysql84-client" }, "ranges": [ { "events": [ { "fixed": "8.4.1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "mysql84-server" }, "ranges": [ { "events": [ { "fixed": "8.4.1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://www.oracle.com/security-alerts/cpujul2024.html#MySQL" ], "discovery": "2024-07-16T00:00:00Z", "vid": "3b018063-4358-11ef-b611-84a93843eb75" }, "details": "Oracle reports:\n\n> 36 new security patches for Oracle MySQL. 11 of these vulnerabilities\n> may be remotely exploitable without authentication, i.e., may be\n> exploited over a network without requiring user credentials. The\n> highest CVSS v3.1 Base Score of vulnerabilities affecting Oracle MySQL\n> is 9.8.\n", "id": "FreeBSD-2024-0171", "modified": "2024-07-16T00:00:00Z", "published": "2024-07-16T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://www.oracle.com/security-alerts/cpujul2024.html#MySQL" }, { "type": "WEB", "url": "https://www.oracle.com/security-alerts/cpujul2024.html#MySQL" } ], "schema_version": "1.7.0", "summary": "MySQL -- Multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "glpi" }, "ranges": [ { "events": [ { "fixed": "10.0.16,1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://github.com/glpi-project/glpi/releases/tag/10.0.16" ], "discovery": "2024-06-03T00:00:00Z", "references": { "cvename": [ "CVE-2024-37148", "CVE-2024-37149", "CVE-2024-37147" ] }, "vid": "6091d1d8-4347-11ef-a4d4-080027957747" }, "details": "GLPI team reports:\n\n> GLPI 10.0.16 Changelog\n>\n> - \\[SECURITY - high\\] Account takeover via SQL Injection in AJAX\n> scripts (CVE-2024-37148)\n> - \\[SECURITY - high\\] Remote code execution through the plugin loader\n> (CVE-2024-37149)\n> - \\[SECURITY - moderate\\] Authenticated file upload to restricted\n> tickets (CVE-2024-37147)\n", "id": "FreeBSD-2024-0170", "modified": "2024-07-16T00:00:00Z", "published": "2024-07-16T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://github.com/glpi-project/glpi/releases/tag/10.0.16" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-37148" }, { "type": "ADVISORY", "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-37148" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-37149" }, { "type": "ADVISORY", "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-37149" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-37147" }, { "type": "ADVISORY", "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-37147" }, { "type": "WEB", "url": "https://github.com/glpi-project/glpi/releases/tag/10.0.16" } ], "schema_version": "1.7.0", "summary": "GLPI -- multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "electron30" }, "ranges": [ { "events": [ { "fixed": "30.2.0" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://github.com/electron/electron/releases/tag/v30.2.0" ], "discovery": "2024-07-10T00:00:00Z", "references": { "cvename": [ "CVE-2024-5493", "CVE-2024-5831", "CVE-2024-5832", "CVE-2024-6100", "CVE-2024-6101", "CVE-2024-6103", "CVE-2024-6291", "CVE-2024-6293", "CVE-2024-6290", "CVE-2024-6292" ] }, "vid": "6410f91d-1214-4f92-b7e0-852e39e265f9" }, "details": "Electron developers report:\n\n> This update fixes the following vulnerabilities:\n>\n> - Security: backported fix for CVE-2024-5493.\n> - Security: backported fix for CVE-2024-5831.\n> - Security: backported fix for CVE-2024-5832.\n> - Security: backported fix for CVE-2024-6100.\n> - Security: backported fix for CVE-2024-6101.\n> - Security: backported fix for CVE-2024-6103.\n> - Security: backported fix for CVE-2024-6291.\n> - Security: backported fix for CVE-2024-6293.\n> - Security: backported fix for CVE-2024-6290.\n> - Security: backported fix for CVE-2024-6292.\n", "id": "FreeBSD-2024-0169", "modified": "2024-07-13T00:00:00Z", "published": "2024-07-13T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://github.com/electron/electron/releases/tag/v30.2.0" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-5493" }, { "type": "ADVISORY", "url": "https://github.com/advisories/GHSA-f6rr-qfxh-hcf9" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-5831" }, { "type": "ADVISORY", "url": "https://github.com/advisories/GHSA-9pmm-wf44-xjqc" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-5832" }, { "type": "ADVISORY", "url": "https://github.com/advisories/GHSA-rw9q-cwc5-qqp5" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-6100" }, { "type": "ADVISORY", "url": "https://github.com/advisories/GHSA-g779-vpj7-v6c4" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-6101" }, { "type": "ADVISORY", "url": "https://github.com/advisories/GHSA-rg42-f9ww-x3w7" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-6103" }, { "type": "ADVISORY", "url": "https://github.com/advisories/GHSA-ph5m-227m-fc5g" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-6291" }, { "type": "ADVISORY", "url": "https://github.com/advisories/GHSA-rpvg-h6p6-42qj" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-6293" }, { "type": "ADVISORY", "url": "https://github.com/advisories/GHSA-9f8f-453p-rg87" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-6290" }, { "type": "ADVISORY", "url": "https://github.com/advisories/GHSA-r5mh-qgc2-26p2" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-6292" }, { "type": "ADVISORY", "url": "https://github.com/advisories/GHSA-m848-8f5r-6j4g" } ], "schema_version": "1.7.0", "summary": "electron30 -- multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "electron29" }, "ranges": [ { "events": [ { "fixed": "29.4.4" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://github.com/electron/electron/releases/tag/v29.4.4" ], "discovery": "2024-07-11T00:00:00Z", "references": { "cvename": [ "CVE-2024-6291", "CVE-2024-6293", "CVE-2024-6290", "CVE-2024-6292" ] }, "vid": "55d4a92f-c75f-43e8-ab1f-4a0efc9795c4" }, "details": "Electron developers report:\n\n> This update fixes the following vulnerabilities:\n>\n> - Security: backported fix for CVE-2024-6291.\n> - Security: backported fix for CVE-2024-6293.\n> - Security: backported fix for CVE-2024-6290.\n> - Security: backported fix for CVE-2024-6292.\n", "id": "FreeBSD-2024-0168", "modified": "2024-07-13T00:00:00Z", "published": "2024-07-13T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://github.com/electron/electron/releases/tag/v29.4.4" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-6291" }, { "type": "ADVISORY", "url": "https://github.com/advisories/GHSA-rpvg-h6p6-42qj" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-6293" }, { "type": "ADVISORY", "url": "https://github.com/advisories/GHSA-9f8f-453p-rg87" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-6290" }, { "type": "ADVISORY", "url": "https://github.com/advisories/GHSA-r5mh-qgc2-26p2" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-6292" }, { "type": "ADVISORY", "url": "https://github.com/advisories/GHSA-m848-8f5r-6j4g" } ], "schema_version": "1.7.0", "summary": "electron29 -- multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "gitlab-ce" }, "ranges": [ { "events": [ { "introduced": "17.1.0" }, { "fixed": "17.1.2" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "17.0.0" }, { "fixed": "17.0.4" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "11.8.0" }, { "fixed": "16.11.6" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "gitlab-ee" }, "ranges": [ { "events": [ { "introduced": "17.1.0" }, { "fixed": "17.1.2" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "17.0.0" }, { "fixed": "17.0.4" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "11.8.0" }, { "fixed": "16.11.6" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://about.gitlab.com/releases/2024/07/10/patch-release-gitlab-17-1-2-released/" ], "discovery": "2024-07-10T00:00:00Z", "references": { "cvename": [ "CVE-2024-6385", "CVE-2024-5257", "CVE-2024-5470", "CVE-2024-6595", "CVE-2024-2880", "CVE-2024-5528" ] }, "vid": "acb4eab6-3f6d-11ef-8657-001b217b3468" }, "details": "Gitlab reports:\n\n> An attacker can run pipeline jobs as an arbitrary user\n>\n> Developer user with admin_compliance_framework permission can change\n> group URL\n>\n> Admin push rules custom role allows creation of project level deploy\n> token\n>\n> Package registry vulnerable to manifest confusion\n>\n> User with admin_group_member permission can ban group members\n>\n> Subdomain takeover in GitLab Pages\n", "id": "FreeBSD-2024-0167", "modified": "2024-07-11T00:00:00Z", "published": "2024-07-11T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://about.gitlab.com/releases/2024/07/10/patch-release-gitlab-17-1-2-released/" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-6385" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-5257" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-5470" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-6595" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-2880" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-5528" }, { "type": "WEB", "url": "https://about.gitlab.com/releases/2024/07/10/patch-release-gitlab-17-1-2-released/" } ], "schema_version": "1.7.0", "summary": "Gitlab -- vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "py39-django42" }, "ranges": [ { "events": [ { "fixed": "4.2.14" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "py310-django42" }, "ranges": [ { "events": [ { "fixed": "4.2.14" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "py311-django42" }, "ranges": [ { "events": [ { "fixed": "4.2.14" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "py310-django50" }, "ranges": [ { "events": [ { "fixed": "5.0.7" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "py311-django50" }, "ranges": [ { "events": [ { "fixed": "5.0.7" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://www.djangoproject.com/weblog/2024/jul/09/security-releases/" ], "discovery": "2024-07-01T00:00:00Z", "references": { "cvename": [ "CVE-2024-38875", "CVE-2024-39329", "CVE-2024-39330", "CVE-2024-39614" ] }, "vid": "171afa61-3eba-11ef-a58f-080027836e8b" }, "details": "Django reports:\n\n> CVE-2024-38875: Potential denial-of-service in\n> django.utils.html.urlize().\n>\n> CVE-2024-39329: Username enumeration through timing difference for\n> users with unusable passwords.\n>\n> CVE-2024-39330: Potential directory-traversal in\n> django.core.files.storage.Storage.save().\n>\n> CVE-2024-39614: Potential denial-of-service in\n> django.utils.translation.get_supported_language_variant().\n", "id": "FreeBSD-2024-0166", "modified": "2024-07-10T00:00:00Z", "published": "2024-07-10T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://www.djangoproject.com/weblog/2024/jul/09/security-releases/" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-38875" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-39329" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-39330" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-39614" }, { "type": "WEB", "url": "https://www.djangoproject.com/weblog/2024/jul/09/security-releases/" } ], "schema_version": "1.7.0", "summary": "Django -- multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "traefik" }, "ranges": [ { "events": [ { "fixed": "2.11.6" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://github.com/traefik/traefik/security/advisories/GHSA-gxrv-wf35-62w9" ], "discovery": "2024-07-02T00:00:00Z", "references": { "cvename": [ "CVE-2024-39321" ] }, "vid": "767dfb2d-3c9e-11ef-a829-5404a68ad561" }, "details": "The traefik authors report:\n\n> There is a vulnerability in Traefik that allows bypassing IP\n> allow-lists via HTTP/3 early data requests in QUIC 0-RTT handshakes\n> sent with spoofed IP addresses.\n", "id": "FreeBSD-2024-0165", "modified": "2024-07-07T00:00:00Z", "published": "2024-07-07T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://github.com/traefik/traefik/security/advisories/GHSA-gxrv-wf35-62w9" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-39321" }, { "type": "WEB", "url": "https://github.com/traefik/traefik/security/advisories/GHSA-gxrv-wf35-62w9" } ], "schema_version": "1.7.0", "summary": "traefik -- Bypassing IP allow-lists via HTTP/3 early data requests" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "apache24" }, "ranges": [ { "events": [ { "introduced": "2.4.60" }, { "fixed": "2.4.61" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://httpd.apache.org/security/vulnerabilities_24.html" ], "discovery": "2024-07-04T00:00:00Z", "references": { "cvename": [ "CVE-2024-39884" ] }, "vid": "5d921a8c-3a43-11ef-b611-84a93843eb75" }, "details": "The Apache httpd project reports:\n\n> isource code disclosure with handlers configured via AddType\n> (CVE-2024-39884) (Important). A regression in the core of Apache HTTP\n> Server 2.4.60 ignores some use of the legacy content-type based\n> configuration of handlers. \\\"AddType\\\" and similar configuration,\n> under some circumstances where files are requested indirectly, result\n> in source code disclosure of local content. For example, PHP scripts\n> may be served instead of interpreted.\n", "id": "FreeBSD-2024-0164", "modified": "2024-07-04T00:00:00Z", "published": "2024-07-04T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://httpd.apache.org/security/vulnerabilities_24.html" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-39884" }, { "type": "WEB", "url": "https://httpd.apache.org/security/vulnerabilities_24.html" } ], "schema_version": "1.7.0", "summary": "Apache httpd -- source code disclosure" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "rt50" }, "ranges": [ { "events": [ { "fixed": "5.0.6" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "discovery": "2024-04-04T00:00:00Z", "references": { "cvename": [ "CVE-2024-3262" ] }, "vid": "51498ee4-39a1-11ef-b609-002590c1f29c" }, "details": "Request Tracker reports:\n\nCVE-2024-3262 describes previously viewed pages being stored in the\nbrowser cache, which is the typical default behavior of most browsers to\nenable the \\\"back\\\" button. Someone who gains access to a host computer\ncould potentially view ticket data using the back button, even after\nlogging out of RT. The CVE specifically references RT version 4.4.1, but\nthis behavior is present in most browsers viewing all versions of RT\nbefore 5.0.6.\n", "id": "FreeBSD-2024-0163", "modified": "2024-07-04T00:00:00Z", "published": "2024-07-04T00:00:00Z", "references": [ { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-3262" }, { "type": "ADVISORY", "url": "https://github.com/advisories/GHSA-6426-p644-ffcf" } ], "schema_version": "1.7.0", "summary": "Request Tracker -- information exposure vulnerability" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "go122" }, "ranges": [ { "events": [ { "fixed": "1.22.5" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "go121" }, "ranges": [ { "events": [ { "fixed": "1.21.12" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://go.dev/issue/67555" ], "discovery": "2024-07-02T00:00:00Z", "references": { "cvename": [ "CVE-2024-24791" ] }, "vid": "b0374722-3912-11ef-a77e-901b0e9408dc" }, "details": "The Go project reports:\n\n> net/http: denial of service due to improper 100-continue handling\n>\n> The net/http HTTP/1.1 client mishandled the case where a server\n> responds to a request with an \\\"Expect: 100-continue\\\" header with a\n> non-informational (200 or higher) status. This mishandling could leave\n> a client connection in an invalid state, where the next request sent\n> on the connection will fail.\n>\n> An attacker sending a request to a net/http/httputil.ReverseProxy\n> proxy can exploit this mishandling to cause a denial of service by\n> sending \\\"Expect: 100-continue\\\" requests which elicit a\n> non-informational response from the backend. Each such request leaves\n> the proxy with an invalid connection, and causes one subsequent\n> request using that connection to fail.\n", "id": "FreeBSD-2024-0162", "modified": "2024-07-03T00:00:00Z", "published": "2024-07-03T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://go.dev/issue/67555" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-24791" }, { "type": "WEB", "url": "https://go.dev/issue/67555" } ], "schema_version": "1.7.0", "summary": "go -- net/http: denial of service due to improper 100-continue handling" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "apache24" }, "ranges": [ { "events": [ { "fixed": "2.4.60" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://httpd.apache.org/security/vulnerabilities_24.html" ], "discovery": "2024-07-01T00:00:00Z", "references": { "cvename": [ "CVE-2024-36387", "CVE-2024-38473", "CVE-2024-38474", "CVE-2024-38475", "CVE-2024-38476", "CVE-2024-38477", "CVE-2024-39573" ] }, "vid": "d7efc2ad-37af-11ef-b611-84a93843eb75" }, "details": "The Apache httpd project reports:\n\n> DoS by Null pointer in websocket over HTTP/2 (CVE-2024-36387) (Low).\n> Serving WebSocket protocol upgrades over a HTTP/2 connection could\n> result in a Null Pointer dereference, leading to a crash of the server\n> process, degrading performance.\n>\n> Proxy encoding problem (CVE-2024-38473) (Moderate). Encoding problem\n> in mod_proxy in Apache HTTP Server 2.4.59 and earlier allows request\n> URLs with incorrect encoding to be sent to backend services,\n> potentially bypassing authentication via crafted requests.\n>\n> Weakness with encoded question marks in backreferences\n> (CVE-2024-38474) (Important). Substitution encoding issue in\n> mod_rewrite in Apache HTTP Server 2.4.59 and earlier allows attacker\n> to execute scripts in directories permitted by the configuration but\n> not directly reachable by any URL or source disclosure of scripts\n> meant to only to be executed as CGI.\n>\n> Weakness in mod_rewrite when first segment of substitution matches\n> filesystem path (CVE-2024-38475) (Important). Improper escaping of\n> output in mod_rewrite in Apache HTTP Server 2.4.59 and earlier allows\n> an attacker to map URLs to filesystem locations that are permitted to\n> be served by the server but are not intentionally/directly reachable\n> by any URL, resulting in code execution or source code disclosure.\n> Substitutions in server context that use a backreferences or variables\n> as the first segment of the substitution are affected. Some unsafe\n> RewiteRules will be broken by this change and the rewrite flag\n> \\\"UnsafePrefixStat\\\" can be used to opt back in once ensuring the\n> substitution is appropriately constrained.\n>\n> may use exploitable/malicious backend application output to run local\n> handlers via internal redirect (CVE-2024-38476) (Important).\n> Vulnerability in core of Apache HTTP Server 2.4.59 and earlier are\n> vulnerable to information disclosure, SSRF or local script execution\n> via backend applications whose response headers are malicious or\n> exploitable.\n>\n> Crash resulting in Denial of Service in mod_proxy via a malicious\n> request (CVE-2024-38477) (Important). Null pointer dereference in\n> mod_proxy in Apache HTTP Server 2.4.59 and earlier allows an attacker\n> to crash the server via a malicious request.\n>\n> mod_rewrite proxy handler substitution (CVE-2024-39573) (Moderate).\n> Potential SSRF in mod_rewrite in Apache HTTP Server 2.4.59 and earlier\n> allows an attacker to cause unsafe RewriteRules to unexpectedly setup\n> URL\\'s to be handled by mod_proxy.\n", "id": "FreeBSD-2024-0161", "modified": "2024-07-01T00:00:00Z", "published": "2024-07-01T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://httpd.apache.org/security/vulnerabilities_24.html" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-36387" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-38473" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-38474" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-38475" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-38476" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-38477" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-39573" }, { "type": "WEB", "url": "https://httpd.apache.org/security/vulnerabilities_24.html" } ], "schema_version": "1.7.0", "summary": "Apache httpd -- Multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "openssh-portable" }, "ranges": [ { "events": [ { "fixed": "9.7.p1_2,1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "FreeBSD" }, "ranges": [ { "events": [ { "introduced": "14.1" }, { "fixed": "14.1_2" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "14.0" }, { "fixed": "14.0_8" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "13.3" }, { "fixed": "13.3_4" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "13.2" }, { "fixed": "13.2_12" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://www.openssh.com/security.html" ], "discovery": "2024-07-01T00:00:00Z", "references": { "cvename": [ "CVE-2024-6387" ], "freebsdsa": [ "SA-24:04.openssh" ] }, "vid": "f1a00122-3797-11ef-b611-84a93843eb75" }, "details": "The OpenSSH project reports:\n\n> A race condition in sshd(8) could allow remote code execution as root\n> on non-OpenBSD systems.\n", "id": "FreeBSD-2024-0160", "modified": "2024-09-20T00:00:00Z", "published": "2024-07-01T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://www.openssh.com/security.html" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-6387" }, { "type": "WEB", "url": "https://www.openssh.com/security.html" }, { "type": "ADVISORY", "url": "https://www.freebsd.org/security/advisories/FreeBSD-SA-24:04.openssh.asc" } ], "schema_version": "1.7.0", "summary": "OpenSSH -- Race condition resulting in potential remote code execution" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "netatalk3" }, "ranges": [ { "events": [ { "fixed": "3.2.1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://github.com/Netatalk/netatalk/blob/90d91a9ac9a7d6132ab7620d31c8c23400949206/etc/afpd/directory.c#L2333" ], "discovery": "2024-06-16T00:00:00Z", "references": { "cvename": [ "CVE-2024-38440", "CVE-2024-38441", "CVE-2024-38439" ] }, "vid": "c742dbe8-3704-11ef-9e6e-b42e991fc52e" }, "details": "cve@mitre.org reports:\n\n> This entry documents the following three vulnerabilities:\n>\n> - Netatalk before 3.2.1 has an off-by-one error and resultant\n> heap-based buffer overflow because of setting ibuf\\[len\\] to \\'\\\\0\\'\n> in FPMapName in afp_mapname in etc/afpd/directory.c. 2.4.1 and\n> 3.1.19 are also fixed versions.\n> - Netatalk before 3.2.1 has an off-by-one error, and resultant\n> heap-based buffer overflow and segmentation violation, because of\n> incorrectly using FPLoginExt in BN_bin2bn in\n> etc/uams/uams_dhx_pam.c. The original issue 1097 report stated:\n> \\'The latest version of Netatalk (v3.2.0) contains a security\n> vulnerability. This vulnerability arises due to a lack of validation\n> for the length field after parsing user-provided data, leading to an\n> out-of-bounds heap write of one byte (\\\\0). Under specific\n> configurations, this can result in reading metadata of the next heap\n> block, potentially causing a Denial of Service (DoS) under certain\n> heap layouts or with ASAN enabled. \\...\n> - Netatalk before 3.2.1 has an off-by-one error and resultant\n> heap-based buffer overflow because of setting ibuf\\[PASSWDLEN\\] to\n> \\'\\\\0\\' in FPLoginExt in login in etc/uams/uams_pam.c. 2.4.1 and\n> 3.1.19 are also fixed versions.\n", "id": "FreeBSD-2024-0159", "modified": "2024-06-30T00:00:00Z", "published": "2024-06-30T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://github.com/Netatalk/netatalk/blob/90d91a9ac9a7d6132ab7620d31c8c23400949206/etc/afpd/directory.c#L2333" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-38440" }, { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-38440" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-38441" }, { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-38441" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-38439" }, { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-38439" } ], "schema_version": "1.7.0", "summary": "netatalk3 -- Multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "electron29" }, "ranges": [ { "events": [ { "fixed": "29.4.3" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://github.com/electron/electron/releases/tag/v29.4.3" ], "discovery": "2024-06-27T00:00:00Z", "references": { "cvename": [ "CVE-2024-5499", "CVE-2024-5493", "CVE-2024-5494", "CVE-2024-5495", "CVE-2024-5496", "CVE-2024-5158", "CVE-2024-5160", "CVE-2024-5157", "CVE-2024-5159", "CVE-2024-5831", "CVE-2024-5832", "CVE-2024-6100", "CVE-2024-6101", "CVE-2024-6103" ] }, "vid": "0e73964d-053a-481a-bf1c-202948d68484" }, "details": "Electron developers report:\n\n> This update fixes the following vulnerabilities:\n>\n> - Security: backported fix for CVE-2024-5499.\n> - Security: backported fix for CVE-2024-5493.\n> - Security: backported fix for CVE-2024-5494.\n> - Security: backported fix for CVE-2024-5495.\n> - Security: backported fix for CVE-2024-5496.\n> - Security: backported fix for CVE-2024-5158.\n> - Security: backported fix for CVE-2024-5160.\n> - Security: backported fix for CVE-2024-5157.\n> - Security: backported fix for CVE-2024-5159.\n> - Security: backported fix for CVE-2024-5831.\n> - Security: backported fix for CVE-2024-5832.\n> - Security: backported fix for CVE-2024-6100.\n> - Security: backported fix for CVE-2024-6101.\n> - Security: backported fix for CVE-2024-6103.\n", "id": "FreeBSD-2024-0158", "modified": "2024-06-28T00:00:00Z", "published": "2024-06-28T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://github.com/electron/electron/releases/tag/v29.4.3" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-5499" }, { "type": "ADVISORY", "url": "https://github.com/advisories/GHSA-hqfv-mf6j-g3j6" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-5493" }, { "type": "ADVISORY", "url": "https://github.com/advisories/GHSA-f6rr-qfxh-hcf9" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-5494" }, { "type": "ADVISORY", "url": "https://github.com/advisories/GHSA-fv2x-w8xf-gxpq" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-5495" }, { "type": "ADVISORY", "url": "https://github.com/advisories/GHSA-wrxh-8wc3-33rm" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-5496" }, { "type": "ADVISORY", "url": "https://github.com/advisories/GHSA-8xgv-q88p-ghq4" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-5158" }, { "type": "ADVISORY", "url": "https://github.com/advisories/GHSA-4433-jwm9-48r5" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-5160" }, { "type": "ADVISORY", "url": "https://github.com/advisories/GHSA-c24q-2hx9-mjpc" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-5157" }, { "type": "ADVISORY", "url": "https://github.com/advisories/GHSA-w7g4-69hj-jcrq" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-5159" }, { "type": "ADVISORY", "url": "https://github.com/advisories/GHSA-qmp7-vwf7-6g2g" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-5831" }, { "type": "ADVISORY", "url": "https://github.com/advisories/GHSA-9pmm-wf44-xjqc" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-5832" }, { "type": "ADVISORY", "url": "https://github.com/advisories/GHSA-rw9q-cwc5-qqp5" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-6100" }, { "type": "ADVISORY", "url": "https://github.com/advisories/GHSA-g779-vpj7-v6c4" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-6101" }, { "type": "ADVISORY", "url": "https://github.com/advisories/GHSA-rg42-f9ww-x3w7" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-6103" }, { "type": "ADVISORY", "url": "https://github.com/advisories/GHSA-ph5m-227m-fc5g" } ], "schema_version": "1.7.0", "summary": "electron29 -- multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "frr9" }, "ranges": [ { "events": [ { "fixed": "9.1.1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "frr8" }, "ranges": [ { "events": [ { "fixed": "8.5.5" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://frrouting.org/release/9.1.1/" ], "discovery": "2024-04-07T00:00:00Z", "references": { "cvename": [ "CVE-2024-31950", "CVE-2024-31951" ] }, "vid": "07f0ea8c-356a-11ef-ac6d-a0423f48a938" }, "details": "cve@mitre.org reports:\n\n> In FRRouting (FRR) through 9.1, there are multiples vulnerabilities.\n>\n> - CVE-2024-31950: buffer overflow and daemon crash in ospf_te_parse_ri\n> for OSPF LSA packets\n> - CVE-2024-31951: buffer overflow and daemon crash in\n> ospf_te_parse_ext_link for OSPF LSA packets\n", "id": "FreeBSD-2024-0157", "modified": "2024-06-28T00:00:00Z", "published": "2024-06-28T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://frrouting.org/release/9.1.1/" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-31950" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-31951" }, { "type": "WEB", "url": "https://frrouting.org/release/9.1.1/" } ], "schema_version": "1.7.0", "summary": "frr - Multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "gitlab-ce" }, "ranges": [ { "events": [ { "introduced": "17.1.0" }, { "fixed": "17.1.1" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "17.0.0" }, { "fixed": "17.0.3" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "1.0.0" }, { "fixed": "16.11.5" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "gitlab-ee" }, "ranges": [ { "events": [ { "introduced": "17.1.0" }, { "fixed": "17.1.1" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "17.0.0" }, { "fixed": "17.0.3" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "1.0.0" }, { "fixed": "16.11.5" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://about.gitlab.com/releases/2024/06/26/patch-release-gitlab-17-1-1-released/" ], "discovery": "2024-06-26T00:00:00Z", "references": { "cvename": [ "CVE-2024-5655", "CVE-2024-4901", "CVE-2024-4994", "CVE-2024-6323", "CVE-2024-2177", "CVE-2024-5430", "CVE-2024-4025", "CVE-2024-3959", "CVE-2024-4557", "CVE-2024-1493", "CVE-2024-1816", "CVE-2024-2191", "CVE-2024-3115", "CVE-2024-4011" ] }, "vid": "589de937-343f-11ef-8a7b-001b217b3468" }, "details": "Gitlab reports:\n\n> Run pipelines as any user\n>\n> Stored XSS injected in imported project\\'s commit notes\n>\n> CSRF on GraphQL API IntrospectionQuery\n>\n> Remove search results from public projects with unauthorized repos\n>\n> Cross window forgery in user application OAuth flow\n>\n> Project maintainers can bypass group\\'s merge request approval policy\n>\n> ReDoS via custom built markdown page\n>\n> Private job artifacts can be accessed by any user\n>\n> Security fixes for banzai pipeline\n>\n> ReDoS in dependency linker\n>\n> Denial of service using a crafted OpenAPI file\n>\n> Merge request title disclosure\n>\n> Access issues and epics without having an SSO session\n>\n> Non project member can promote key results to objectives\n", "id": "FreeBSD-2024-0156", "modified": "2024-06-27T00:00:00Z", "published": "2024-06-27T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://about.gitlab.com/releases/2024/06/26/patch-release-gitlab-17-1-1-released/" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-5655" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-4901" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-4994" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-6323" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-2177" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-5430" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-4025" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-3959" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-4557" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-1493" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-1816" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-2191" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-3115" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-4011" }, { "type": "WEB", "url": "https://about.gitlab.com/releases/2024/06/26/patch-release-gitlab-17-1-1-released/" } ], "schema_version": "1.7.0", "summary": "Gitlab -- Vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "chromium" }, "ranges": [ { "events": [ { "fixed": "126.0.6478.126" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "ungoogled-chromium" }, "ranges": [ { "events": [ { "fixed": "126.0.6478.126" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://chromereleases.googleblog.com/2024/06/stable-channel-update-for-desktop_24.html" ], "discovery": "2024-06-24T00:00:00Z", "references": { "cvename": [ "CVE-2024-6290", "CVE-2024-6291", "CVE-2024-6292", "CVE-2024-6293" ] }, "vid": "2b68c86a-32d5-11ef-8a0f-a8a1599412c6" }, "details": "Chrome Releases reports:\n\n> This update includes 5 security fixes:\n>\n> - \\[342428008\\] High CVE-2024-6290: Use after free in Dawn. Reported\n> by wgslfuzz on 2024-05-23\n> - \\[40942995\\] High CVE-2024-6291: Use after free in Swiftshader.\n> Reported by Cassidy Kim(@cassidy6564) on 2023-11-15\n> - \\[342545100\\] High CVE-2024-6292: Use after free in Dawn. Reported\n> by wgslfuzz on 2024-05-24\n> - \\[345993680\\] High CVE-2024-6293: Use after free in Dawn. Reported\n> by wgslfuzz on 2024-06-09\n", "id": "FreeBSD-2024-0155", "modified": "2024-06-25T00:00:00Z", "published": "2024-06-25T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://chromereleases.googleblog.com/2024/06/stable-channel-update-for-desktop_24.html" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-6290" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-6291" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-6292" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-6293" }, { "type": "WEB", "url": "https://chromereleases.googleblog.com/2024/06/stable-channel-update-for-desktop_24.html" } ], "schema_version": "1.7.0", "summary": "chromium -- multiple security fixes" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "emacs" }, "ranges": [ { "events": [ { "fixed": "29.3_3,3" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "emacs-canna" }, "ranges": [ { "events": [ { "fixed": "29.3_3,3" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "emacs-nox" }, "ranges": [ { "events": [ { "fixed": "29.3_3,3" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "emacs-wayland" }, "ranges": [ { "events": [ { "fixed": "29.3_3,3" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "emacs-devel" }, "ranges": [ { "events": [ { "fixed": "30.0.50.20240615_1,3" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "emacs-devel-nox" }, "ranges": [ { "events": [ { "fixed": "30.0.50.20240615_1,3" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://lists.gnu.org/archive/html/info-gnu-emacs/2024-06/msg00000.html" ], "discovery": "2024-06-22T00:00:00Z", "vid": "4f6c4c07-3179-11ef-9da5-1c697a616631" }, "details": "GNU Emacs developers report:\n\n> Emacs 29.4 is an emergency bugfix release intended to fix a security\n> vulnerability. Arbitrary shell commands are no longer run when turning\n> on Org mode in order to avoid running malicious code.\n", "id": "FreeBSD-2024-0154", "modified": "2024-06-23T00:00:00Z", "published": "2024-06-23T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://lists.gnu.org/archive/html/info-gnu-emacs/2024-06/msg00000.html" }, { "type": "WEB", "url": "https://seclists.org/oss-sec/2024/q2/296" } ], "schema_version": "1.7.0", "summary": "emacs -- Arbitrary shell code evaluation vulnerability" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "traefik" }, "ranges": [ { "events": [ { "fixed": "2.11.5" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://github.com/traefik/traefik/security/advisories/GHSA-rvj4-q8q5-8grf" ], "discovery": "2024-06-11T00:00:00Z", "references": { "cvename": [ "CVE-2024-35255" ] }, "vid": "82830965-3073-11ef-a17d-5404a68ad561" }, "details": "The traefik authors report:\n\n> There is a vulnerability in Azure Identity Libraries and Microsoft\n> Authentication Library Elevation of Privilege Vulnerability.\n", "id": "FreeBSD-2024-0153", "modified": "2024-06-22T00:00:00Z", "published": "2024-06-22T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://github.com/traefik/traefik/security/advisories/GHSA-rvj4-q8q5-8grf" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-35255" }, { "type": "WEB", "url": "https://github.com/traefik/traefik/security/advisories/GHSA-rvj4-q8q5-8grf" } ], "schema_version": "1.7.0", "summary": "traefik -- Azure Identity Libraries Elevation of Privilege Vulnerability" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "qt5-webengine" }, "ranges": [ { "events": [ { "fixed": "5.15.17.p2_1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://code.qt.io/cgit/qt/qtwebengine-chromium.git/log/?h=87-based" ], "discovery": "2024-05-31T00:00:00Z", "references": { "cvename": [ "CVE-2024-3837", "CVE-2024-3839", "CVE-2024-3914", "CVE-2024-4058", "CVE-2024-4558" ] }, "vid": "aa2b65e4-2f63-11ef-9cab-4ccc6adda413" }, "details": "> Backports for 5 security bugs in Chromium:\n>\n> - CVE-2024-3837: Use after free in QUIC\n> - CVE-2024-3839: Out of bounds read in Fonts\n> - CVE-2024-3914: Use after free in V8\n> - CVE-2024-4058: Type confusion in ANGLE\n> - CVE-2024-4558: Use after free in ANGLE\n", "id": "FreeBSD-2024-0152", "modified": "2024-06-20T00:00:00Z", "published": "2024-06-20T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://code.qt.io/cgit/qt/qtwebengine-chromium.git/log/?h=87-based" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-3837" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-3839" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-3914" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-4058" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-4558" }, { "type": "WEB", "url": "https://code.qt.io/cgit/qt/qtwebengine-chromium.git/log/?h=87-based" } ], "schema_version": "1.7.0", "summary": "qt5-webengine -- Multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "qt6-webengine" }, "ranges": [ { "events": [ { "fixed": "6.7.2" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://code.qt.io/cgit/qt/qtwebengine-chromium.git/log/?h=118-based" ], "discovery": "2024-05-31T00:00:00Z", "references": { "cvename": [ "CVE-2024-4948", "CVE-2024-5274", "CVE-2024-5493", "CVE-2024-5494", "CVE-2024-5495", "CVE-2024-5496", "CVE-2024-5499" ] }, "vid": "c5415838-2f52-11ef-9cab-4ccc6adda413" }, "details": "Qt qtwebengine-chromium repo reports:\n\n> Backports for 7 security bugs in Chromium:\n>\n> - CVE-2024-4948: Use after free in Dawn\n> - CVE-2024-5274: Type Confusion in V8\n> - CVE-2024-5493: Heap buffer overflow in WebRTC\n> - CVE-2024-5494: Use after free in Dawn\n> - CVE-2024-5495: Use after free in Dawn\n> - CVE-2024-5496: Use after free in Media Session\n> - CVE-2024-5499: Out of bounds write in Streams API\n", "id": "FreeBSD-2024-0151", "modified": "2024-06-20T00:00:00Z", "published": "2024-06-20T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://code.qt.io/cgit/qt/qtwebengine-chromium.git/log/?h=118-based" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-4948" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-5274" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-5493" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-5494" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-5495" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-5496" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-5499" }, { "type": "WEB", "url": "https://code.qt.io/cgit/qt/qtwebengine-chromium.git/log/?h=118-based" } ], "schema_version": "1.7.0", "summary": "qt6-webengine -- Multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "openvpn" }, "ranges": [ { "events": [ { "fixed": "2.6.11" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://github.com/OpenVPN/openvpn/blob/v2.6.11/Changes.rst#security-fixes" ], "discovery": "2024-05-16T00:00:00Z", "references": { "cvename": [ "CVE-2024-5594", "CVE-2024-28882" ] }, "vid": "142c538e-b18f-40a1-afac-c479effadd5c" }, "details": "Gert Doering reports that OpenVPN 2.6.11 fixes two security bugs (three\non Windows):\n\n> CVE-2024-5594: control channel: refuse control channel messages with\n> nonprintable characters in them. Security scope: a malicious openvpn\n> peer can send garbage to openvpn log, or cause high CPU load. (Reynir\n> Bj\u00f6rnsson)\n>\n> CVE-2024-28882: only call schedule_exit() once (on a given peer).\n> Security scope: an authenticated client can make the server \\\"keep the\n> session\\\" even when the server has been told to disconnect this\n> client. (Reynir Bj\u00f6rnsson)\n", "id": "FreeBSD-2024-0150", "modified": "2024-06-20T00:00:00Z", "published": "2024-06-20T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://github.com/OpenVPN/openvpn/blob/v2.6.11/Changes.rst#security-fixes" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-5594" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-28882" }, { "type": "WEB", "url": "https://github.com/OpenVPN/openvpn/blob/v2.6.11/Changes.rst#security-fixes" } ], "schema_version": "1.7.0", "summary": "openvpn -- two security fixes" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "chromium" }, "ranges": [ { "events": [ { "fixed": "126.0.6478.114" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "ungoogled-chromium" }, "ranges": [ { "events": [ { "fixed": "126.0.6478.114" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://chromereleases.googleblog.com/2024/06/stable-channel-update-for-desktop_18.html" ], "discovery": "2024-06-18T00:00:00Z", "references": { "cvename": [ "CVE-2024-6100", "CVE-2024-6101", "CVE-2024-6102", "CVE-2024-6103" ] }, "vid": "007e7e77-2f06-11ef-8a0f-a8a1599412c6" }, "details": "Chrome Releases reports:\n\n> This update includes 6 security fixes:\n>\n> - \\[344608204\\] High CVE-2024-6100: Type Confusion in V8. Reported by\n> Seunghyun Lee (@0x10n) participating in SSD Secure Disclosure\\'s\n> TyphoonPWN 2024 on 2024-06-04\n> - \\[343748812\\] High CVE-2024-6101: Inappropriate implementation in\n> WebAssembly. Reported by \\@ginggilBesel on 2024-05-31\n> - \\[339169163\\] High CVE-2024-6102: Out of bounds memory access in\n> Dawn. Reported by wgslfuzz on 2024-05-07\n> - \\[344639860\\] High CVE-2024-6103: Use after free in Dawn. Reported\n> by wgslfuzz on 2024-06-04\n", "id": "FreeBSD-2024-0149", "modified": "2024-06-20T00:00:00Z", "published": "2024-06-20T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://chromereleases.googleblog.com/2024/06/stable-channel-update-for-desktop_18.html" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-6100" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-6101" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-6102" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-6103" }, { "type": "WEB", "url": "https://chromereleases.googleblog.com/2024/06/stable-channel-update-for-desktop_18.html" } ], "schema_version": "1.7.0", "summary": "chromium -- multiple security fixes" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "chromium" }, "ranges": [ { "events": [ { "fixed": "126.0.6478.54" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "ungoogled-chromium" }, "ranges": [ { "events": [ { "fixed": "126.0.6478.54" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://chromereleases.googleblog.com/2024/06/stable-channel-update-for-desktop.html" ], "discovery": "2024-06-11T00:00:00Z", "references": { "cvename": [ "CVE-2024-5830", "CVE-2024-5831", "CVE-2024-5832", "CVE-2024-5833", "CVE-2024-5834", "CVE-2024-5835", "CVE-2024-5836", "CVE-2024-5837", "CVE-2024-5838", "CVE-2024-5839", "CVE-2024-5840", "CVE-2024-5841", "CVE-2024-5842", "CVE-2024-5843", "CVE-2024-5844", "CVE-2024-5845", "CVE-2024-5846", "CVE-2024-5847" ] }, "vid": "453aa0fc-2d91-11ef-8a0f-a8a1599412c6" }, "details": "Chrome Releases reports:\n\n> This update includes 21 security fixes:\n>\n> - \\[342456991\\] High CVE-2024-5830: Type Confusion in V8. Reported by\n> Man Yue Mo of GitHub Security Lab on 2024-05-24\n> - \\[339171223\\] High CVE-2024-5831: Use after free in Dawn. Reported\n> by wgslfuzz on 2024-05-07\n> - \\[340196361\\] High CVE-2024-5832: Use after free in Dawn. Reported\n> by wgslfuzz on 2024-05-13\n> - \\[342602616\\] High CVE-2024-5833: Type Confusion in V8. Reported by\n> \\@ginggilBesel on 2024-05-24\n> - \\[342840932\\] High CVE-2024-5834: Inappropriate implementation in\n> Dawn. Reported by gelatin dessert on 2024-05-26\n> - \\[341991535\\] High CVE-2024-5835: Heap buffer overflow in Tab\n> Groups. Reported by Weipeng Jiang (@Krace) of VRI on 2024-05-22\n> - \\[341875171\\] High CVE-2024-5836: Inappropriate Implementation in\n> DevTools. Reported by Allen Ding on 2024-05-21\n> - \\[342415789\\] High CVE-2024-5837: Type Confusion in V8. Reported by\n> Anonymous on 2024-05-23\n> - \\[342522151\\] High CVE-2024-5838: Type Confusion in V8. Reported by\n> Zhenghang Xiao (@Kipreyyy) on 2024-05-24\n> - \\[340122160\\] Medium CVE-2024-5839: Inappropriate Implementation in\n> Memory Allocator. Reported by Micky on 2024-05-13\n> - \\[41492103\\] Medium CVE-2024-5840: Policy Bypass in CORS. Reported\n> by Matt Howard on 2024-01-17\n> - \\[326765855\\] Medium CVE-2024-5841: Use after free in V8. Reported\n> by Cassidy Kim(@cassidy6564) on 2024-02-26\n> - \\[40062622\\] Medium CVE-2024-5842: Use after free in Browser UI.\n> Reported by Sven Dysthe (@svn_dy) on 2023-01-12\n> - \\[333940412\\] Medium CVE-2024-5843: Inappropriate implementation in\n> Downloads. Reported by hjy79425575 on 2024-04-12\n> - \\[331960660\\] Medium CVE-2024-5844: Heap buffer overflow in Tab\n> Strip. Reported by Sri on 2024-04-01\n> - \\[340178596\\] Medium CVE-2024-5845: Use after free in Audio.\n> Reported by anonymous on 2024-05-13\n> - \\[341095523\\] Medium CVE-2024-5846: Use after free in PDFium.\n> Reported by Han Zheng (HexHive) on 2024-05-16\n> - \\[341313077\\] Medium CVE-2024-5847: Use after free in PDFium.\n> Reported by Han Zheng (HexHive) on 2024-05-18\n", "id": "FreeBSD-2024-0148", "modified": "2024-06-18T00:00:00Z", "published": "2024-06-18T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://chromereleases.googleblog.com/2024/06/stable-channel-update-for-desktop.html" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-5830" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-5831" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-5832" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-5833" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-5834" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-5835" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-5836" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-5837" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-5838" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-5839" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-5840" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-5841" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-5842" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-5843" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-5844" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-5845" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-5846" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-5847" }, { "type": "WEB", "url": "https://chromereleases.googleblog.com/2024/06/stable-channel-update-for-desktop.html" } ], "schema_version": "1.7.0", "summary": "chromium -- multiple security fixes" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "forgejo" }, "ranges": [ { "events": [ { "fixed": "7.0.4" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://codeberg.org/forgejo/forgejo/src/branch/forgejo/RELEASE-NOTES.md#7-0-4" ], "discovery": "2024-04-04T00:00:00Z", "references": { "cvename": [ "CVE-2024-24789" ] }, "vid": "f0ba7008-2bbd-11ef-b4ca-814a3d504243" }, "details": "The forgejo team reports:\n\n> [CVE-2024-24789](https://pkg.go.dev/vuln/GO-2024-2888): The\n> archive/zip package\\'s handling of certain types of invalid zip files\n> differs from the behavior of most zip implementations. This\n> misalignment could be exploited to create an zip file with contents\n> that vary depending on the implementation reading the file.\n>\n> The OAuth2 implementation does not always require authentication for\n> public clients, a requirement of RFC 6749 Section 10.2. A malicious\n> client can impersonate another client and obtain access to protected\n> resources if the impersonated client fails to, or is unable to, keep\n> its client credentials confidential.\n", "id": "FreeBSD-2024-0147", "modified": "2024-04-11T00:00:00Z", "published": "2024-04-11T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://codeberg.org/forgejo/forgejo/src/branch/forgejo/RELEASE-NOTES.md#7-0-4" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-24789" }, { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-24789" } ], "schema_version": "1.7.0", "summary": "forgejo -- multiple issues" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "traefik" }, "ranges": [ { "events": [ { "fixed": "2.11.4" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://github.com/traefik/traefik/security/advisories/GHSA-7jmw-8259-q9jx" ], "discovery": "2024-06-05T00:00:00Z", "references": { "cvename": [ "CVE-2024-24790" ] }, "vid": "219aaa1e-2aff-11ef-ab37-5404a68ad561" }, "details": "The traefik authors report:\n\n> There is a vulnerability in Go managing various Is methods (IsPrivate,\n> IsLoopback, etc) for IPv4-mapped IPv6 addresses. They didn\\'t work as\n> expected returning false for addresses which would return true in\n> their traditional IPv4 forms.\n", "id": "FreeBSD-2024-0146", "modified": "2024-06-15T00:00:00Z", "published": "2024-06-15T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://github.com/traefik/traefik/security/advisories/GHSA-7jmw-8259-q9jx" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-24790" }, { "type": "WEB", "url": "https://github.com/traefik/traefik/security/advisories/GHSA-7jmw-8259-q9jx" } ], "schema_version": "1.7.0", "summary": "traefik -- Unexpected behavior with IPv4-mapped IPv6 addresses" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "go122" }, "ranges": [ { "events": [ { "fixed": "1.22.4" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "go121" }, "ranges": [ { "events": [ { "fixed": "1.21.11" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://go.dev/issue/66869", "https://go.dev/issue/67680" ], "discovery": "2024-06-04T00:00:00Z", "references": { "cvename": [ "CVE-2024-24789", "CVE-2024-24790" ] }, "vid": "a5c64f6f-2af3-11ef-a77e-901b0e9408dc" }, "details": "The Go project reports:\n\n> archive/zip: mishandling of corrupt central directory record\n>\n> The archive/zip package\\'s handling of certain types of invalid zip\n> files differed from the behavior of most zip implementations. This\n> misalignment could be exploited to create an zip file with contents\n> that vary depending on the implementation reading the file. The\n> archive/zip package now rejects files containing these errors.\n\n> net/netip: unexpected behavior from Is methods for IPv4-mapped IPv6\n> addresses\n>\n> The various Is methods (IsPrivate, IsLoopback, etc) did not work as\n> expected for IPv4-mapped IPv6 addresses, returning false for addresses\n> which would return true in their traditional IPv4 forms.\n", "id": "FreeBSD-2024-0145", "modified": "2024-06-15T00:00:00Z", "published": "2024-06-15T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://go.dev/issue/66869" }, { "type": "REPORT", "url": "https://go.dev/issue/67680" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-24789" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-24790" }, { "type": "WEB", "url": "https://groups.google.com/g/golang-announce/c/XbxouI9gY7k/m/TuoGEhxIEwAJ" } ], "schema_version": "1.7.0", "summary": "go -- multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "gitlab-ce" }, "ranges": [ { "events": [ { "introduced": "17.0.0" }, { "fixed": "17.0.2" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "16.11.0" }, { "fixed": "16.11.4" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "5.1" }, { "fixed": "16.10.7" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "gitlab-ee" }, "ranges": [ { "events": [ { "introduced": "17.0.0" }, { "fixed": "17.0.2" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "16.11.0" }, { "fixed": "16.11.4" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "5.1" }, { "fixed": "16.10.7" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://about.gitlab.com/releases/2024/06/12/patch-release-gitlab-17-0-2-released/" ], "discovery": "2024-06-12T00:00:00Z", "references": { "cvename": [ "CVE-2024-1495", "CVE-2024-1736", "CVE-2024-1963", "CVE-2024-4201", "CVE-2024-5469" ] }, "vid": "92cd1c03-2940-11ef-bc02-001b217b3468" }, "details": "Gitlab reports:\n\n> ReDoS in gomod dependency linker\n>\n> ReDoS in CI interpolation (fix bypass)\n>\n> ReDoS in Asana integration issue mapping when webhook is called\n>\n> XSS and content injection when viewing raw XHTML files on iOS devices\n>\n> Missing agentk request validation could cause KAS to panic\n", "id": "FreeBSD-2024-0144", "modified": "2024-06-13T00:00:00Z", "published": "2024-06-13T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://about.gitlab.com/releases/2024/06/12/patch-release-gitlab-17-0-2-released/" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-1495" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-1736" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-1963" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-4201" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-5469" }, { "type": "WEB", "url": "https://about.gitlab.com/releases/2024/06/12/patch-release-gitlab-17-0-2-released/" } ], "schema_version": "1.7.0", "summary": "Gitlab -- Vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "plasma5-plasma-workspace" }, "ranges": [ { "events": [ { "fixed": "5.27.11.1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "plasma6-plasma-workspace" }, "ranges": [ { "events": [ { "fixed": "6.0.4_2" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://kde.org/info/security/advisory-20240531-1.txt" ], "discovery": "2024-05-31T00:00:00Z", "references": { "cvename": [ "CVE-2024-36041" ] }, "vid": "479df73e-2838-11ef-9cab-4ccc6adda413" }, "details": "David Edmundson reports:\n\n> KSmserver, KDE\\'s XSMP manager, incorrectly allows connections via ICE\n> based purely on the host, allowing all local connections. This allows\n> another user on the same machine to gain access to the session\n> manager.\n>\n> A well crafted client could use the session restore feature to execute\n> arbitrary code as the user on the next boot.\n", "id": "FreeBSD-2024-0143", "modified": "2024-06-11T00:00:00Z", "published": "2024-06-11T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://kde.org/info/security/advisory-20240531-1.txt" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-36041" }, { "type": "WEB", "url": "https://kde.org/info/security/advisory-20240531-1.txt" } ], "schema_version": "1.7.0", "summary": "plasma[56]-plasma-workspace -- Unauthorized users can access session manager" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "php81-composer" }, "ranges": [ { "events": [ { "fixed": "2.7.7" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "php82-composer" }, "ranges": [ { "events": [ { "fixed": "2.7.7" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "php83-composer" }, "ranges": [ { "events": [ { "fixed": "2.7.7" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://github.com/composer/composer/security/advisories/GHSA-47f6-5gq3-vx9c", "https://github.com/composer/composer/security/advisories/GHSA-v9qv-c7wm-wgmf" ], "discovery": "2024-06-10T00:00:00Z", "references": { "cvename": [ "CVE-2024-35241", "CVE-2024-35242" ] }, "vid": "5f608c68-276c-11ef-8caa-0897988a1c07" }, "details": "Composer project reports:\n\n> The status, reinstall and remove commands with packages installed from\n> source via git containing specially crafted branch names in the\n> repository can be used to execute code.\n\n> The composer install command running inside a git/hg repository which\n> has specially crafted branch names can lead to command injection. So\n> this requires cloning untrusted repositories.\n", "id": "FreeBSD-2024-0142", "modified": "2024-06-10T00:00:00Z", "published": "2024-06-10T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://github.com/composer/composer/security/advisories/GHSA-47f6-5gq3-vx9c" }, { "type": "REPORT", "url": "https://github.com/composer/composer/security/advisories/GHSA-v9qv-c7wm-wgmf" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-35241" }, { "type": "WEB", "url": "https://github.com/composer/composer/security/advisories/GHSA-47f6-5gq3-vx9c" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-35242" }, { "type": "WEB", "url": "https://github.com/composer/composer/security/advisories/GHSA-v9qv-c7wm-wgmf" } ], "schema_version": "1.7.0", "summary": "Composer -- Multiple command injections via malicious git/hg branch names" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "kanboard" }, "ranges": [ { "events": [ { "fixed": "1.2.37" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://github.com/kanboard/kanboard/commit/b6703688aac8187f5ea4d4d704fc7afeeffeafa7" ], "discovery": "2024-06-06T00:00:00Z", "references": { "cvename": [ "CVE-2024-36399" ] }, "vid": "91929399-249e-11ef-9296-b42e991fc52e" }, "details": "security-advisories@github.com reports:\n\n> Kanboard is project management software that focuses on the Kanban\n> methodology. The vuln is in\n> app/Controller/ProjectPermissionController.php function addUser(). The\n> users permission to add users to a project only get checked on the URL\n> parameter project_id. If the user is authorized to add users to this\n> project the request gets processed. The users permission for the POST\n> BODY parameter project_id does not get checked again while processing.\n> An attacker with the \\'Project Manager\\' on a single project may take\n> over any other project. The vulnerability is fixed in 1.2.37.\n", "id": "FreeBSD-2024-0141", "modified": "2024-06-07T00:00:00Z", "published": "2024-06-07T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://github.com/kanboard/kanboard/commit/b6703688aac8187f5ea4d4d704fc7afeeffeafa7" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-36399" }, { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-36399" } ], "schema_version": "1.7.0", "summary": "kanboard -- Project Takeover via IDOR in ProjectPermissionController" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "cyrus-imapd38" }, "ranges": [ { "events": [ { "fixed": "3.8.2_1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "cyrus-imapd36" }, "ranges": [ { "events": [ { "fixed": "3.6.4_1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "cyrus-imapd34" }, "ranges": [ { "events": [ { "fixed": "3.4.7_1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "cyrus-imapd32" }, "ranges": [ { "events": [ { "introduced": "0,1" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "cyrus-imapd30" }, "ranges": [ { "events": [ { "introduced": "0,1" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "cyrus-imapd25" }, "ranges": [ { "events": [ { "introduced": "0,1" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://www.cyrusimap.org/3.8/imap/download/release-notes/3.8/x/3.8.3.html" ], "discovery": "2024-04-30T00:00:00Z", "references": { "cvename": [ "CVE-2024-34055" ] }, "vid": "14908bda-232b-11ef-b621-00155d645102" }, "details": "Cyrus IMAP 3.8.3 Release Notes states:\n\n> Fixed CVE-2024-34055: Cyrus-IMAP through 3.8.2 and 3.10.0-beta2 allow\n> authenticated attackers to cause unbounded memory allocation by\n> sending many LITERALs in a single command.\n>\n> The IMAP protocol allows for command arguments to be LITERALs of\n> negotiated length, and for these the server allocates memory to\n> receive the content before instructing the client to proceed. The\n> allocated memory is released when the whole command has been received\n> and processed.\n>\n> The IMAP protocol has a number commands that specify an unlimited\n> number of arguments, for example SEARCH. Each of these arguments can\n> be a LITERAL, for which memory will be allocated and not released\n> until the entire command has been received and processed. This can run\n> a server out of memory, with varying consequences depending on the\n> server\\'s OOM policy.\n", "id": "FreeBSD-2024-0140", "modified": "2024-06-05T00:00:00Z", "published": "2024-06-05T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://www.cyrusimap.org/3.8/imap/download/release-notes/3.8/x/3.8.3.html" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-34055" }, { "type": "ADVISORY", "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34055" } ], "schema_version": "1.7.0", "summary": "cyrus-imapd -- unbounded memory allocation" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "chromium" }, "ranges": [ { "events": [ { "fixed": "125.0.6422.141" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "ungoogled-chromium" }, "ranges": [ { "events": [ { "fixed": "125.0.6422.141" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://chromereleases.googleblog.com/2024/05/stable-channel-update-for-desktop_30.html" ], "discovery": "2024-05-30T00:00:00Z", "references": { "cvename": [ "CVE-2024-5493", "CVE-2024-5494", "CVE-2024-5495", "CVE-2024-5496", "CVE-2024-5497", "CVE-2024-5498", "CVE-2024-5499" ] }, "vid": "b058380e-21a4-11ef-8a0f-a8a1599412c6" }, "details": "Chrome Releases reports:\n\n> This update includes 11 security fixes:\n>\n> - \\[339877165\\] High CVE-2024-5493: Heap buffer overflow in WebRTC.\n> Reported by Cassidy Kim(@cassidy6564) on 2024-05-11\n> - \\[338071106\\] High CVE-2024-5494: Use after free in Dawn. Reported\n> by wgslfuzz on 2024-05-01\n> - \\[338103465\\] High CVE-2024-5495: Use after free in Dawn. Reported\n> by wgslfuzz on 2024-05-01\n> - \\[338929744\\] High CVE-2024-5496: Use after free in Media Session.\n> Reported by Cassidy Kim(@cassidy6564) on 2024-05-06\n> - \\[339061099\\] High CVE-2024-5497: Out of bounds memory access in\n> Keyboard Inputs. Reported by zh1x1an1221 of Ant Group Tianqiong\n> Security Lab on 2024-05-07\n> - \\[339588211\\] High CVE-2024-5498: Use after free in Presentation\n> API. Reported by anymous on 2024-05-09\n> - \\[339877167\\] High CVE-2024-5499: Out of bounds write in Streams\n> API. Reported by anonymous on 2024-05-11\n", "id": "FreeBSD-2024-0139", "modified": "2024-06-03T00:00:00Z", "published": "2024-06-03T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://chromereleases.googleblog.com/2024/05/stable-channel-update-for-desktop_30.html" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-5493" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-5494" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-5495" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-5496" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-5497" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-5498" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-5499" }, { "type": "WEB", "url": "https://chromereleases.googleblog.com/2024/05/stable-channel-update-for-desktop_30.html" } ], "schema_version": "1.7.0", "summary": "chromium -- multiple security fixes" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "nginx-devel" }, "ranges": [ { "events": [ { "introduced": "1.25.0" }, { "fixed": "1.27.0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "nginx" }, "ranges": [ { "events": [ { "introduced": "1.26.0" }, { "fixed": "1.26.1" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "http://nginx.org/en/security_advisories.html" ], "discovery": "2024-05-29T00:00:00Z", "references": { "cvename": [ "CVE-2024-31079", "CVE-2024-32760", "CVE-2024-34161", "CVE-2024-35200" ] }, "vid": "320a19f7-1ddd-11ef-a2ae-8c164567ca3c" }, "details": "The nginx development team reports:\n\n> This update fixes the following vulnerabilities:\n>\n> - Stack overflow and use-after-free in HTTP/3\n> - Buffer overwrite in HTTP/3\n> - Memory disclosure in HTTP/3\n> - NULL pointer dereference in HTTP/3\n", "id": "FreeBSD-2024-0138", "modified": "2024-05-29T00:00:00Z", "published": "2024-05-29T00:00:00Z", "references": [ { "type": "REPORT", "url": "http://nginx.org/en/security_advisories.html" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-31079" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-32760" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-34161" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-35200" } ], "schema_version": "1.7.0", "summary": "nginx -- Multiple Vulnerabilities in HTTP/3" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "chromium" }, "ranges": [ { "events": [ { "fixed": "125.0.6422.112" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "ungoogled-chromium" }, "ranges": [ { "events": [ { "fixed": "125.0.6422.112" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://chromereleases.googleblog.com/2024/05/stable-channel-update-for-desktop_23.html" ], "discovery": "2024-05-23T00:00:00Z", "references": { "cvename": [ "CVE-2024-5274" ] }, "vid": "6926d038-1db4-11ef-9f97-a8a1599412c6" }, "details": "Chrome Releases reports:\n\n> This update includes 1 security fix:\n>\n> - \\[341663589\\] High CVE-2024-5274: Type Confusion in V8. Reported by\n> Cl\u00e9ment Lecigne of Google\\'s Threat Analysis Group and Brendon\n> Tiszka of Chrome Security on 2024-05-20\n", "id": "FreeBSD-2024-0137", "modified": "2024-05-29T00:00:00Z", "published": "2024-05-29T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://chromereleases.googleblog.com/2024/05/stable-channel-update-for-desktop_23.html" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-5274" }, { "type": "WEB", "url": "https://chromereleases.googleblog.com/2024/05/stable-channel-update-for-desktop_23.html" } ], "schema_version": "1.7.0", "summary": "chromium -- security fix" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "openssl" }, "ranges": [ { "events": [ { "fixed": "3.0.13_5,1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "openssl31" }, "ranges": [ { "events": [ { "fixed": "3.1.5_5" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "openssl32" }, "ranges": [ { "events": [ { "fixed": "3.2.1_5" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "openssl33" }, "ranges": [ { "events": [ { "fixed": "3.3.0_2" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "openssl-quictls" }, "ranges": [ { "events": [ { "fixed": "3.0.13_5" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "openssl31-quictls" }, "ranges": [ { "events": [ { "fixed": "3.1.5_5" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://www.openssl.org/news/secadv/20240528.txt" ], "discovery": "2024-05-28T00:00:00Z", "references": { "cvename": [ "CVE-2024-4741" ] }, "vid": "73a697d7-1d0f-11ef-a490-84a93843eb75" }, "details": "The OpenSSL project reports:\n\n> Use After Free with SSL_free_buffers (low).\n>\n> Calling the OpenSSL API function SSL_free_buffers may cause memory to\n> be accessed that was previously freed in some situations\n", "id": "FreeBSD-2024-0136", "modified": "2024-05-28T00:00:00Z", "published": "2024-05-28T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://www.openssl.org/news/secadv/20240528.txt" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-4741" }, { "type": "WEB", "url": "https://www.openssl.org/news/secadv/20240528.txt" } ], "schema_version": "1.7.0", "summary": "OpenSSL -- Use after free vulnerability" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "electron29" }, "ranges": [ { "events": [ { "fixed": "29.4.1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://github.com/electron/electron/releases/tag/v29.4.1" ], "discovery": "2024-05-22T00:00:00Z", "references": { "cvename": [ "CVE-2024-4948" ] }, "vid": "04e78f32-04b2-4c23-bfae-72600842d317" }, "details": "Electron developers report:\n\n> This update fixes the following vulnerability:\n>\n> - Security: backported fix for CVE-2024-4948.\n", "id": "FreeBSD-2024-0135", "modified": "2024-05-25T00:00:00Z", "published": "2024-05-25T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://github.com/electron/electron/releases/tag/v29.4.1" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-4948" }, { "type": "ADVISORY", "url": "https://github.com/advisories/GHSA-xvp9-87cv-m4fv" } ], "schema_version": "1.7.0", "summary": "electron29 -- use after free in Dawn" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "electron28" }, "ranges": [ { "events": [ { "fixed": "28.3.2" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://github.com/electron/electron/releases/tag/v28.3.2" ], "discovery": "2024-05-22T00:00:00Z", "references": { "cvename": [ "CVE-2024-4948", "CVE-2024-3914", "CVE-2024-4060", "CVE-2024-4058", "CVE-2024-4558" ] }, "vid": "43d1c381-a3e5-4a1d-b3ed-f37b61a451af" }, "details": "Electron developers report:\n\n> This update fixes the following vulnerabilities:\n>\n> - Security: backported fix for CVE-2024-4948.\n> - Security: backported fix for CVE-2024-3914.\n> - Security: backported fix for CVE-2024-4060.\n> - Security: backported fix for CVE-2024-4058.\n> - Security: backported fix for CVE-2024-4558.\n", "id": "FreeBSD-2024-0134", "modified": "2024-05-25T00:00:00Z", "published": "2024-05-25T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://github.com/electron/electron/releases/tag/v28.3.2" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-4948" }, { "type": "ADVISORY", "url": "https://github.com/advisories/GHSA-xvp9-87cv-m4fv" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-3914" }, { "type": "ADVISORY", "url": "https://github.com/advisories/GHSA-jv87-hfr8-8j2r" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-4060" }, { "type": "ADVISORY", "url": "https://github.com/advisories/GHSA-4qw6-vwc8-mh38" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-4058" }, { "type": "ADVISORY", "url": "https://github.com/advisories/GHSA-23rw-79p3-xgcm" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-4558" }, { "type": "ADVISORY", "url": "https://github.com/advisories/GHSA-r4j8-j63p-24j8" } ], "schema_version": "1.7.0", "summary": "electron28 -- multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "qt5-networkauth" }, "ranges": [ { "events": [ { "fixed": "5.15.13_1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "qt6-networkauth" }, "ranges": [ { "events": [ { "fixed": "6.7.1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://www.qt.io/blog/security-advisory-qstringconverter-0" ], "discovery": "2024-05-08T00:00:00Z", "references": { "cvename": [ "CVE-2024-36048" ] }, "vid": "f5fa174d-19de-11ef-83d8-4ccc6adda413" }, "details": "Andy Shaw reports:\n\n> The OAuth1 implementation in QtNetworkAuth created nonces using a PRNG\n> that was seeded with a predictable seed.\n>\n> This means that an attacker that can somehow control the time of the\n> first OAuth1 flow of the process has a high chance of predicting the\n> nonce used in said OAuth flow.\n", "id": "FreeBSD-2024-0133", "modified": "2024-05-24T00:00:00Z", "published": "2024-05-24T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://www.qt.io/blog/security-advisory-qstringconverter-0" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-36048" }, { "type": "WEB", "url": "https://www.qt.io/blog/security-advisory-qstringconverter-0" }, { "type": "WEB", "url": "https://codereview.qt-project.org/c/qt/qtnetworkauth/+/560317" } ], "schema_version": "1.7.0", "summary": "QtNetworkAuth -- predictable seeding of PRNG in QAbstractOAuth" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "gitlab-ce" }, "ranges": [ { "events": [ { "introduced": "17.0.0" }, { "fixed": "17.0.1" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "16.11.0" }, { "fixed": "16.11.3" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "11.11" }, { "fixed": "16.10.6" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "gitlab-ee" }, "ranges": [ { "events": [ { "introduced": "17.0.0" }, { "fixed": "17.0.1" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "16.11.0" }, { "fixed": "16.11.3" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "11.11" }, { "fixed": "16.10.6" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://about.gitlab.com/releases/2024/05/22/patch-release-gitlab-17-0-1-released/" ], "discovery": "2024-05-22T00:00:00Z", "references": { "cvename": [ "CVE-2024-4835", "CVE-2024-2874", "CVE-2023-7045", "CVE-2023-6502", "CVE-2024-1947", "CVE-2024-4367" ] }, "vid": "f848ef90-1848-11ef-9850-001b217b3468" }, "details": "Gitlab reports:\n\n> 1-click account takeover via XSS in the code editor in gitlab.com\n>\n> A DOS vulnerability in the \\'description\\' field of the runner\n>\n> CSRF via K8s cluster-integration\n>\n> Using Set Pipeline Status of a Commit API incorrectly create a new\n> pipeline when SHA and pipeline_id did not match\n>\n> Redos on wiki render API/Page\n>\n> Resource exhaustion and denial of service with test_report API calls\n>\n> Guest user can view dependency lists of private projects through job\n> artifacts\n>\n> Stored XSS via PDFjs\n", "id": "FreeBSD-2024-0132", "modified": "2024-05-22T00:00:00Z", "published": "2024-05-22T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://about.gitlab.com/releases/2024/05/22/patch-release-gitlab-17-0-1-released/" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-4835" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-2874" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-7045" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-6502" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-1947" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-4367" }, { "type": "WEB", "url": "https://about.gitlab.com/releases/2024/05/22/patch-release-gitlab-17-0-1-released/" } ], "schema_version": "1.7.0", "summary": "Gitlab -- Vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "chromium" }, "ranges": [ { "events": [ { "fixed": "125.0.6422.76" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "ungoogled-chromium" }, "ranges": [ { "events": [ { "fixed": "125.0.6422.76" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://chromereleases.googleblog.com/2024/05/stable-channel-update-for-desktop_21.html" ], "discovery": "2024-05-21T00:00:00Z", "references": { "cvename": [ "CVE-2024-5157", "CVE-2024-5158", "CVE-2024-5159", "CVE-2024-5160", "CVE-2024-4947", "CVE-2024-4948", "CVE-2024-4949", "CVE-2024-4950" ] }, "vid": "8247af0d-183b-11ef-9f97-a8a1599412c6" }, "details": "Chrome Releases reports:\n\n> This update includes 15 security fixes:\n>\n> - \\[336012573\\] High CVE-2024-5157: Use after free in Scheduling.\n> Reported by Looben Yang on 2024-04-21\n> - \\[338908243\\] High CVE-2024-5158: Type Confusion in V8. Reported by\n> Zhenghang Xiao (@Kipreyyy) on 2024-05-06\n> - \\[335613092\\] High CVE-2024-5159: Heap buffer overflow in ANGLE.\n> Reported by David Sievers (@loknop) on 2024-04-18\n> - \\[338161969\\] High CVE-2024-5160: Heap buffer overflow in Dawn.\n> Reported by wgslfuzz on 2024-05-01\n> - \\[340221135\\] High CVE-2024-4947: Type Confusion in V8. Reported by\n> Vasily Berdnikov (@vaber_b) and Boris Larin (@oct0xor) of Kaspersky\n> on 2024-05-13\n> - \\[333414294\\] High CVE-2024-4948: Use after free in Dawn. Reported\n> by wgslfuzz on 2024-04-09\n> - \\[326607001\\] Medium CVE-2024-4949: Use after free in V8. Reported\n> by Ganjiang Zhou(@refrain_areu) of ChaMd5-H1 team on 2024-02-24\n> - \\[40065403\\] Low CVE-2024-4950: Inappropriate implementation in\n> Downloads. Reported by Shaheen Fazim on 2023-06-06\n", "id": "FreeBSD-2024-0131", "modified": "2024-05-22T00:00:00Z", "published": "2024-05-22T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://chromereleases.googleblog.com/2024/05/stable-channel-update-for-desktop_21.html" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-5157" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-5158" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-5159" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-5160" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-4947" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-4948" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-4949" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-4950" }, { "type": "WEB", "url": "https://chromereleases.googleblog.com/2024/05/stable-channel-update-for-desktop_21.html" } ], "schema_version": "1.7.0", "summary": "chromium -- multiple security fixes" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "openfire" }, "ranges": [ { "events": [ { "fixed": "4.6.8" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "http://packetstormsecurity.com/files/173607/Openfire-Authentication-Bypass-Remote-Code-Execution.html" ], "discovery": "2023-05-26T00:00:00Z", "references": { "cvename": [ "CVE-2023-32315" ] }, "vid": "9bcff2c4-1779-11ef-b489-b42e991fc52e" }, "details": "security-advisories@github.com reports:\n\n> Openfire\\'s administrative console, a web-based application, was found\n> to be vulnerable to a path traversal attack via the setup environment.\n> This permitted an unauthenticated user to use the unauthenticated\n> Openfire Setup Environment in an already configured Openfire\n> environment to access restricted pages in the Openfire Admin Console\n> reserved for administrative users. This vulnerability affects all\n> versions of Openfire that have been released since April 2015,\n> starting with version 3.10.0. The problem has been patched in Openfire\n> release 4.7.5 and 4.6.8, and further improvements will be included in\n> the yet-to-be released first version on the 4.8 branch (which is\n> expected to be version 4.8.0). Users are advised to upgrade. If an\n> Openfire upgrade isnt available for a specific release, or isnt\n> quickly actionable, users may see the linked github advisory\n> (GHSA-gw42-f939-fhvm) for mitigation advice.\n", "id": "FreeBSD-2024-0130", "modified": "2024-05-21T00:00:00Z", "published": "2024-05-21T00:00:00Z", "references": [ { "type": "REPORT", "url": "http://packetstormsecurity.com/files/173607/Openfire-Authentication-Bypass-Remote-Code-Execution.html" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-32315" }, { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-32315" } ], "schema_version": "1.7.0", "summary": "Openfire administration console authentication bypass" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "roundcube" }, "ranges": [ { "events": [ { "fixed": "1.6.7,1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://roundcube.net/news/2024/05/19/security-updates-1.6.7-and-1.5.7" ], "discovery": "2024-05-19T00:00:00Z", "vid": "e020b0fd-1751-11ef-a490-84a93843eb75" }, "details": "The Roundcube project reports:\n\n> cross-site scripting (XSS) vulnerability in handling SVG animate\n> attributes.\n>\n> cross-site scripting (XSS) vulnerability in handling list columns from\n> user preferences.\n", "id": "FreeBSD-2024-0129", "modified": "2024-05-21T00:00:00Z", "published": "2024-05-21T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://roundcube.net/news/2024/05/19/security-updates-1.6.7-and-1.5.7" }, { "type": "WEB", "url": "https://roundcube.net/news/2024/05/19/security-updates-1.6.7-and-1.5.7" } ], "schema_version": "1.7.0", "summary": "Roundcube -- Cross-site scripting vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "qt5-webengine" }, "ranges": [ { "events": [ { "fixed": "5.15.16.p9_2" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://code.qt.io/cgit/qt/qtwebengine-chromium.git/log/?h=87-based" ], "discovery": "2024-04-16T00:00:00Z", "references": { "cvename": [ "CVE-2024-3157", "CVE-2024-3516" ] }, "vid": "d58455cc-159e-11ef-83d8-4ccc6adda413" }, "details": "> Backports for 2 security bugs in Chromium:\n>\n> - CVE-2024-3157: Out of bounds write in Compositing\n> - CVE-2024-3516: Heap buffer overflow in ANGLE\n", "id": "FreeBSD-2024-0128", "modified": "2024-05-19T00:00:00Z", "published": "2024-05-19T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://code.qt.io/cgit/qt/qtwebengine-chromium.git/log/?h=87-based" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-3157" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-3516" }, { "type": "WEB", "url": "https://code.qt.io/cgit/qt/qtwebengine-chromium.git/log/?h=87-based" } ], "schema_version": "1.7.0", "summary": "qt5-webengine -- Multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "arti" }, "ranges": [ { "events": [ { "fixed": "1.2.3" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://blog.torproject.org/arti_1_2_3_released/" ], "discovery": "2024-05-14T00:00:00Z", "references": { "cvename": [ "CVE-2024-35313", "CVE-2024-35312" ] }, "vid": "f393b5a7-1535-11ef-8064-c5610a6efffb" }, "details": "Tor Project reports:\n\n> When building anonymizing circuits to or from an onion service with\n> \\'lite\\' vanguards (the default) enabled, the circuit manager code\n> would build the circuits with one hop too few.\n>\n> When \\'full\\' vanguards are enabled, some circuits are supposed to be\n> built with an extra hop to minimize the linkability of the guard\n> nodes. In some circumstances, the circuit manager would build circuits\n> with one hop too few, making it easier for an adversary to discover\n> the L2 and L3 guards of the affected clients and services.\n", "id": "FreeBSD-2024-0127", "modified": "2024-05-18T00:00:00Z", "published": "2024-05-18T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://blog.torproject.org/arti_1_2_3_released/" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-35313" }, { "type": "WEB", "url": "https://gitlab.torproject.org/tpo/core/arti/-/issues/1400" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-35312" }, { "type": "WEB", "url": "https://gitlab.torproject.org/tpo/core/arti/-/issues/1409" } ], "schema_version": "1.7.0", "summary": "Arti -- Security issues related to circuit construction" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "openssl" }, "ranges": [ { "events": [ { "fixed": "3.0.13_4,1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "openssl31" }, "ranges": [ { "events": [ { "fixed": "3.1.5_4" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "openssl32" }, "ranges": [ { "events": [ { "fixed": "3.2.1_4" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "openssl33" }, "ranges": [ { "events": [ { "fixed": "3.3.0_1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "openssl-quictls" }, "ranges": [ { "events": [ { "fixed": "3.0.13_4" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "openssl31-quictls" }, "ranges": [ { "events": [ { "fixed": "3.1.5_4" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://www.openssl.org/news/secadv/20240516.txt" ], "discovery": "2024-05-16T00:00:00Z", "references": { "cvename": [ "CVE-2024-4603" ] }, "vid": "b88aa380-1442-11ef-a490-84a93843eb75" }, "details": "The OpenSSL project reports:\n\n> Excessive time spent checking DSA keys and parameters (Low)\n>\n> Checking excessively long DSA keys or parameters may be very slow.\n", "id": "FreeBSD-2024-0126", "modified": "2024-05-17T00:00:00Z", "published": "2024-05-17T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://www.openssl.org/news/secadv/20240516.txt" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-4603" }, { "type": "WEB", "url": "https://www.openssl.org/news/secadv/20240516.txt" } ], "schema_version": "1.7.0", "summary": "OpenSSL -- Denial of Service vulnerability" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "electron29" }, "ranges": [ { "events": [ { "fixed": "29.4.0" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://github.com/electron/electron/releases/tag/v29.4.0" ], "discovery": "2024-05-15T00:00:00Z", "references": { "cvename": [ "CVE-2024-22017" ] }, "vid": "a431676c-f86c-4371-b48a-b7d2b0bec3a3" }, "details": "Electron developers report:\n\n> This update fixes the following vulnerability:\n>\n> - Backported fix for CVE-2024-22017.\n", "id": "FreeBSD-2024-0125", "modified": "2024-05-17T00:00:00Z", "published": "2024-05-17T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://github.com/electron/electron/releases/tag/v29.4.0" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-22017" }, { "type": "ADVISORY", "url": "https://github.com/advisories/GHSA-vr4q-vx84-9g5x" } ], "schema_version": "1.7.0", "summary": "electron29 -- setuid() does not affect libuv's internal io_uring" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "qt6-webengine" }, "ranges": [ { "events": [ { "fixed": "6.7.0" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://code.qt.io/cgit/qt/qtwebengine-chromium.git/log/?h=118-based" ], "discovery": "2024-04-03T00:00:00Z", "references": { "cvename": [ "CVE-2024-2625", "CVE-2024-2626", "CVE-2024-2885", "CVE-2024-2887", "CVE-2024-3157", "CVE-2024-3159", "CVE-2024-3516", "CVE-2024-3837", "CVE-2024-3839", "CVE-2024-3914", "CVE-2024-3840", "CVE-2024-4058", "CVE-2024-4060", "CVE-2024-4331", "CVE-2024-4368", "CVE-2024-4671" ] }, "vid": "c6f03ea6-12de-11ef-83d8-4ccc6adda413" }, "details": "Qt qtwebengine-chromium repo reports:\n\n> Backports for 16 security bugs in Chromium:\n>\n> - CVE-2024-2625: Object lifecycle issue in V8\n> - CVE-2024-2626: Out of bounds read in Swiftshader\n> - CVE-2024-2885: Use after free in Dawn\n> - CVE-2024-2887: Type Confusion in WebAssembly\n> - CVE-2024-3157: Out of bounds write in Compositing\n> - CVE-2024-3159: Out of bounds memory access in V8\n> - CVE-2024-3516: Heap buffer overflow in ANGLE\n> - CVE-2024-3837: Use after free in QUIC\n> - CVE-2024-3839: Out of bounds read in Fonts\n> - CVE-2024-3914: Use after free in V8\n> - CVE-2024-3840: Insufficient policy enforcement in Site Isolation\n> - CVE-2024-4058: Type Confusion in ANGLE\n> - CVE-2024-4060: Use after free in Dawn\n> - CVE-2024-4331: Use after free in Picture In Picture\n> - CVE-2024-4368: Use after free in Dawn\n> - CVE-2024-4671: Use after free in Visuals\n", "id": "FreeBSD-2024-0124", "modified": "2024-05-15T00:00:00Z", "published": "2024-05-15T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://code.qt.io/cgit/qt/qtwebengine-chromium.git/log/?h=118-based" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-2625" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-2626" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-2885" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-2887" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-3157" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-3159" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-3516" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-3837" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-3839" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-3914" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-3840" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-4058" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-4060" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-4331" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-4368" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-4671" }, { "type": "WEB", "url": "https://code.qt.io/cgit/qt/qtwebengine-chromium.git/log/?h=118-based" } ], "schema_version": "1.7.0", "summary": "qt6-webengine -- Multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "qt6-base" }, "ranges": [ { "events": [ { "introduced": "6.5.0" }, { "last_affected": "6.5.5" }, { "fixed": "6.5.5" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "6.6.0" }, { "fixed": "6.7.0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://www.qt.io/blog/security-advisory-qstringconverter" ], "discovery": "2024-05-02T00:00:00Z", "references": { "cvename": [ "CVE-2024-33861" ] }, "vid": "e79cc4e2-12d7-11ef-83d8-4ccc6adda413" }, "details": "Andy Shaw reports:\n\n> QStringConverter has an invalid pointer being passed as a callback\n> which can allow modification of the stack. Qt itself is not vulnerable\n> to remote attack however an application using QStringDecoder either\n> directly or indirectly can be vulnerable.\n>\n> This requires:\n>\n> 1. the attacker be able to tell the application a specific codec to\n> use\n> 2. the attacker be able to feed the application data in a specific\n> way to cause the desired modification\n> 3. the attacker what in the stack will get modified, which requires\n> knowing the build of the application (and not all builds will be\n> vulnerable)\n> 4. the modification do anything in particular that is useful to the\n> attacker, besides maybe crashing the application\n>\n> Qt does not automatically use any of those codecs, so this needs the\n> application to implement something using QStringDecoder to be\n> vulnerable.\n", "id": "FreeBSD-2024-0123", "modified": "2024-05-15T00:00:00Z", "published": "2024-05-15T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://www.qt.io/blog/security-advisory-qstringconverter" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-33861" }, { "type": "WEB", "url": "https://www.qt.io/blog/security-advisory-qstringconverter" } ], "schema_version": "1.7.0", "summary": "qt6-base (core module) -- Invalid pointer in QStringConverter" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "dnsdist" }, "ranges": [ { "events": [ { "fixed": "1.9.4" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://dnsdist.org/security-advisories/index.html" ], "discovery": "2024-05-13T00:00:00Z", "references": { "cvename": [ "CVE-2024-25581" ] }, "vid": "f2d8342f-1134-11ef-8791-6805ca2fa271" }, "details": "PowerDNS Security Advisory reports:\n\n> When incoming DNS over HTTPS support is enabled using the nghttp2\n> provider, and queries are routed to a tcp-only or DNS over TLS\n> backend, an attacker can trigger an assertion failure in DNSdist by\n> sending a request for a zone transfer (AXFR or IXFR) over DNS over\n> HTTPS, causing the process to stop and thus leading to a Denial of\n> Service. DNS over HTTPS is not enabled by default, and backends are\n> using plain DNS (Do53) by default.\n", "id": "FreeBSD-2024-0122", "modified": "2024-05-13T00:00:00Z", "published": "2024-05-13T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://dnsdist.org/security-advisories/index.html" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-25581" }, { "type": "WEB", "url": "https://dnsdist.org/security-advisories/powerdns-advisory-for-dnsdist-2024-03.html" } ], "schema_version": "1.7.0", "summary": "dnsdist -- Transfer requests received over DoH can lead to a denial of service" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "cpu-microcode-intel" }, "ranges": [ { "events": [ { "fixed": "20240514" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01036.html", "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01051.html", "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01052.html" ], "discovery": "2024-05-14T00:00:00Z", "references": { "cvename": [ "CVE-2023-45745", "CVE-2023-45733", "CVE-2023-46103" ] }, "vid": "5afd64ae-122a-11ef-8eed-1c697a616631" }, "details": "Intel reports:\n\n> Potential security vulnerabilities in some Intel Trust Domain\n> Extensions (TDX) module software may allow escalation of privilege.\n> Improper input validation in some Intel TDX module software before\n> version 1.5.05.46.698 may allow a privileged user to potentially\n> enable escalation of privilege via local access. Intel is releasing\n> firmware updates to mitigate these potential vulnerabilities.\n\n> A potential security vulnerability in some Intel Processors may allow\n> information disclosure. Hardware logic contains race conditions in\n> some Intel Processors that may allow an authenticated user to\n> potentially enable partial information disclosure via local access.\n> Intel is releasing microcode updates to mitigate this potential\n> vulnerability.\n\n> A potential security vulnerability in Intel Core Ultra Processors may\n> allow denial of service. Sequence of processor instructions leads to\n> unexpected behavior in Intel Core Ultra Processors may allow an\n> authenticated user to potentially enable denial of service via local\n> access. Intel is releasing microcode updates to mitigate this\n> potential vulnerability.\n", "id": "FreeBSD-2024-0121", "modified": "2024-05-14T00:00:00Z", "published": "2024-05-14T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01036.html" }, { "type": "REPORT", "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01051.html" }, { "type": "REPORT", "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01052.html" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-45745" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-45733" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-46103" }, { "type": "WEB", "url": "https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/releases/tag/microcode-20240514" } ], "schema_version": "1.7.0", "summary": "Intel CPUs -- multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "chromium" }, "ranges": [ { "events": [ { "fixed": "124.0.6367.207" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "ungoogled-chromium" }, "ranges": [ { "events": [ { "fixed": "124.0.6367.207" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://chromereleases.googleblog.com/2024/05/stable-channel-update-for-desktop_13.html" ], "discovery": "2024-05-13T00:00:00Z", "references": { "cvename": [ "CVE-2024-4761" ] }, "vid": "8e0e8b56-11c6-11ef-9f97-a8a1599412c6" }, "details": "Chrome Releases reports:\n\n> This update includes 1 security fix:\n>\n> - \\[339458194\\] High CVE-2024-4761: Out of bounds write in V8.\n> Reported by Anonymous on 2024-05-09\n", "id": "FreeBSD-2024-0120", "modified": "2024-05-14T00:00:00Z", "published": "2024-05-14T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://chromereleases.googleblog.com/2024/05/stable-channel-update-for-desktop_13.html" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-4761" }, { "type": "WEB", "url": "https://chromereleases.googleblog.com/2024/05/stable-channel-update-for-desktop_13.html" } ], "schema_version": "1.7.0", "summary": "chromium -- multiple security fixes" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "go122" }, "ranges": [ { "events": [ { "fixed": "1.22.3" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "go121" }, "ranges": [ { "events": [ { "fixed": "1.21.10" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://go.dev/issue/66754" ], "discovery": "2024-04-25T00:00:00Z", "references": { "cvename": [ "CVE-2024-24788" ] }, "vid": "d3847eba-114b-11ef-9c21-901b0e9408dc" }, "details": "The Go project reports:\n\n> net: malformed DNS message can cause infinite loop\n>\n> A malformed DNS message in response to a query can cause the Lookup\n> functions to get stuck in an infinite loop.\n", "id": "FreeBSD-2024-0119", "modified": "2024-05-13T00:00:00Z", "published": "2024-05-13T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://go.dev/issue/66754" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-24788" }, { "type": "WEB", "url": "https://go.dev/issue/66754" } ], "schema_version": "1.7.0", "summary": "go -- net: malformed DNS message can cause infinite loop" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "chromium" }, "ranges": [ { "events": [ { "fixed": "124.0.6367.201" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "ungoogled-chromium" }, "ranges": [ { "events": [ { "fixed": "124.0.6367.201" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://chromereleases.googleblog.com/2024/05/stable-channel-update-for-desktop_9.html" ], "discovery": "2024-05-09T00:00:00Z", "references": { "cvename": [ "CVE-2024-4671" ] }, "vid": "3cf8ea44-1029-11ef-9f97-a8a1599412c6" }, "details": "Chrome Releases reports:\n\n> This update includes 1 security fix:\n>\n> - \\[339266700\\] High CVE-2024-4671: Use after free in Visuals.\n> Reported by Anonymous on 2024-05-07\n", "id": "FreeBSD-2024-0118", "modified": "2024-05-12T00:00:00Z", "published": "2024-05-12T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://chromereleases.googleblog.com/2024/05/stable-channel-update-for-desktop_9.html" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-4671" }, { "type": "WEB", "url": "https://chromereleases.googleblog.com/2024/05/stable-channel-update-for-desktop_9.html" } ], "schema_version": "1.7.0", "summary": "chromium -- multiple security fixes" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "postgresql-server" }, "ranges": [ { "events": [ { "fixed": "16.3" }, { "introduced": "0" } ], "type": "ECOSYSTEM" }, { "events": [ { "fixed": "15.7" }, { "introduced": "0" } ], "type": "ECOSYSTEM" }, { "events": [ { "fixed": "14.12" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://www.postgresql.org/support/security/CVE-2024-4317/" ], "discovery": "2024-05-09T00:00:00Z", "references": { "cvename": [ "CVE-2024-4317" ] }, "vid": "d53c30c1-0d7b-11ef-ba02-6cc21735f730" }, "details": "PostgreSQL project reports:\n\n> A security vulnerability was found in the system views pg_stats_ext\n> and pg_stats_ext_exprs, potentially allowing authenticated database\n> users to see data they shouldn\\'t. If this is of concern in your\n> installation, run the SQL script\n> /usr/local/share/postgresql/fix-CVE-2024-4317.sql for each of your\n> databases. See the link for details.\n", "id": "FreeBSD-2024-0117", "modified": "2024-05-09T00:00:00Z", "published": "2024-05-09T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://www.postgresql.org/support/security/CVE-2024-4317/" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-4317" }, { "type": "WEB", "url": "https://www.postgresql.org/support/security/CVE-2024-4317/" } ], "schema_version": "1.7.0", "summary": "PostgreSQL server -- Potentially allowing authenicated database users to see data that they shouldn't." }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "tailscale" }, "ranges": [ { "events": [ { "fixed": "1.66.0" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://tailscale.com/security-bulletins#ts-2024-005" ], "discovery": "2024-05-08T00:00:00Z", "vid": "ee6936da-0ddd-11ef-9c21-901b0e9408dc" }, "details": "Tailscale team reports:\n\n> In Tailscale versions earlier than 1.66.0, exit nodes, subnet routers,\n> and app connectors, could allow inbound connections to other tailnet\n> nodes from their local area network (LAN). This vulnerability only\n> affects Linux exit nodes, subnet routers, and app connectors in\n> tailnets where ACLs allow \\\"src\\\": \\\"\\*\\\", such as with default ACLs.\n", "id": "FreeBSD-2024-0116", "modified": "2024-05-09T00:00:00Z", "published": "2024-05-09T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://tailscale.com/security-bulletins#ts-2024-005" }, { "type": "WEB", "url": "https://tailscale.com/security-bulletins#ts-2024-005" } ], "schema_version": "1.7.0", "summary": "tailscale -- Insufficient inbound packet filtering in subnet routers and exit nodes" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "electron29" }, "ranges": [ { "events": [ { "fixed": "29.3.3" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://github.com/electron/electron/releases/tag/v29.3.3" ], "discovery": "2024-05-09T00:00:00Z", "references": { "cvename": [ "CVE-2024-3914", "CVE-2024-4558" ] }, "vid": "ec994672-5284-49a5-a7fc-93c02126e5fb" }, "details": "Electron developers report:\n\n> This update fixes the following vulnerabilities:\n>\n> - Security: backported fix for CVE-2024-3914.\n> - Security: backported fix for CVE-2024-4558.\n", "id": "FreeBSD-2024-0115", "modified": "2024-05-09T00:00:00Z", "published": "2024-05-09T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://github.com/electron/electron/releases/tag/v29.3.3" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-3914" }, { "type": "ADVISORY", "url": "https://github.com/advisories/GHSA-jv87-hfr8-8j2r" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-4558" }, { "type": "ADVISORY", "url": "https://github.com/advisories/GHSA-r4j8-j63p-24j8" } ], "schema_version": "1.7.0", "summary": "electron29 -- multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "gitlab-ce" }, "ranges": [ { "events": [ { "introduced": "16.11.0" }, { "fixed": "16.11.2" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "16.10.0" }, { "fixed": "16.10.5" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "10.6.0" }, { "fixed": "16.9.7" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "gitlab-ee" }, "ranges": [ { "events": [ { "introduced": "16.11.0" }, { "fixed": "16.11.2" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "16.10.0" }, { "fixed": "16.10.5" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "10.6.0" }, { "fixed": "16.9.7" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://about.gitlab.com/releases/2024/05/08/patch-release-gitlab-16-11-2-released/" ], "discovery": "2024-05-08T00:00:00Z", "references": { "cvename": [ "CVE-2024-2878", "CVE-2024-2651", "CVE-2023-6682", "CVE-2023-6688", "CVE-2024-2454", "CVE-2024-4539", "CVE-2024-4597", "CVE-2024-1539", "CVE-2024-1211", "CVE-2024-3976", "CVE-2023-6195" ] }, "vid": "fbc2c629-0dc5-11ef-9850-001b217b3468" }, "details": "Gitlab reports:\n\n> ReDoS in branch search when using wildcards\n>\n> ReDoS in markdown render pipeline\n>\n> Redos on Discord integrations\n>\n> Redos on Google Chat Integration\n>\n> Denial of Service Attack via Pin Menu\n>\n> DoS by filtering tags and branches via the API\n>\n> MR approval via CSRF in SAML SSO\n>\n> Banned user from groups can read issues updates via the api\n>\n> Require confirmation before linking JWT identity\n>\n> View confidential issues title and description of any public project\n> via export\n>\n> SSRF via Github importer\n", "id": "FreeBSD-2024-0114", "modified": "2024-05-09T00:00:00Z", "published": "2024-05-09T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://about.gitlab.com/releases/2024/05/08/patch-release-gitlab-16-11-2-released/" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-2878" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-2651" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-6682" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-6688" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-2454" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-4539" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-4597" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-1539" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-1211" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-3976" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-6195" }, { "type": "WEB", "url": "https://about.gitlab.com/releases/2024/05/08/patch-release-gitlab-16-11-2-released/" } ], "schema_version": "1.7.0", "summary": "Gitlab -- vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "electron29" }, "ranges": [ { "events": [ { "fixed": "29.3.2" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://github.com/electron/electron/releases/tag/v29.3.2" ], "discovery": "2024-05-03T00:00:00Z", "references": { "cvename": [ "CVE-2024-4060", "CVE-2024-4058" ] }, "vid": "059a99a9-45e0-492b-b9f9-5a79573c8eb6" }, "details": "Electron developers report:\n\n> This update fixes the following vulnerabilities:\n>\n> - Security: backported fix for CVE-2024-4060.\n> - Security: backported fix for CVE-2024-4058.\n", "id": "FreeBSD-2024-0113", "modified": "2024-05-08T00:00:00Z", "published": "2024-05-08T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://github.com/electron/electron/releases/tag/v29.3.2" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-4060" }, { "type": "ADVISORY", "url": "https://github.com/advisories/GHSA-4qw6-vwc8-mh38" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-4058" }, { "type": "ADVISORY", "url": "https://github.com/advisories/GHSA-23rw-79p3-xgcm" } ], "schema_version": "1.7.0", "summary": "electron29 -- multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "chromium" }, "ranges": [ { "events": [ { "fixed": "124.0.6367.118" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "ungoogled-chromium" }, "ranges": [ { "events": [ { "fixed": "124.0.6367.118" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://chromereleases.googleblog.com/2024/04/stable-channel-update-for-desktop_30.html" ], "discovery": "2024-04-30T00:00:00Z", "references": { "cvename": [ "CVE-2024-4058", "CVE-2024-4059", "CVE-2024-4060" ] }, "vid": "f69415aa-086e-11ef-9f97-a8a1599412c6" }, "details": "Chrome Releases reports:\n\n> This update includes 2 security fixes:\n>\n> - \\[335003891\\] High CVE-2024-4331: Use after free in Picture In\n> Picture. Reported by Zhenghang Xiao (@Kipreyyy) on 2024-04-16\n> - \\[333508731\\] High CVE-2024-4368: Use after free in Dawn. Reported\n> by wgslfuzz on 2024-04-09\n", "id": "FreeBSD-2024-0112", "modified": "2024-05-02T00:00:00Z", "published": "2024-05-02T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://chromereleases.googleblog.com/2024/04/stable-channel-update-for-desktop_30.html" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-4058" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-4059" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-4060" }, { "type": "WEB", "url": "https://chromereleases.googleblog.com/2024/04/stable-channel-update-for-desktop_30.html" } ], "schema_version": "1.7.0", "summary": "chromium -- multiple security fixes" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "R" }, "ranges": [ { "events": [ { "fixed": "4.4.0" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://hiddenlayer.com/research/r-bitrary-code-execution/" ], "discovery": "2024-04-29T00:00:00Z", "references": { "cvename": [ "CVE-2024-27322" ] }, "vid": "4a1e2bad-0836-11ef-9fd2-1c697a616631" }, "details": "HiddenLayer Research reports:\n\n> Deserialization of untrusted data can occur in the R statistical\n> programming language, enabling a maliciously crafted RDS (R Data\n> Serialization) formatted file or R package to run arbitrary code on an\n> end user\\'s system.\n", "id": "FreeBSD-2024-0111", "modified": "2024-05-02T00:00:00Z", "published": "2024-05-02T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://hiddenlayer.com/research/r-bitrary-code-execution/" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-27322" }, { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-27322" } ], "schema_version": "1.7.0", "summary": "R -- arbitrary code execution vulnerability" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "ko-hcode" }, "ranges": [ { "events": [ { "fixed": "2.1.3_2" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://bugzilla.suse.com/show_bug.cgi?id=1223534" ], "discovery": "2024-04-29T00:00:00Z", "references": { "cvename": [ "CVE-2024-34020" ] }, "vid": "da4adc02-07f4-11ef-960d-5404a68ad561" }, "details": "The openSUSE project reports:\n\n> The problematic function in question is putSDN() in mail.c. The static\n> variable \\`cp\\` is used as an index for a fixed-sized buffer \\`ibuf\\`.\n> There is a range check: \\`if ( cp \\>= HDR_BUF_LEN ) \\...\\` but under\n> certain circumstances, cp can be incremented beyond the buffer size,\n> leading to a buffer overwrite\n", "id": "FreeBSD-2024-0110", "modified": "2024-05-01T00:00:00Z", "published": "2024-05-01T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://bugzilla.suse.com/show_bug.cgi?id=1223534" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-34020" }, { "type": "REPORT", "url": "https://bugzilla.suse.com/show_bug.cgi?id=1223534" } ], "schema_version": "1.7.0", "summary": "hcode -- buffer overflow in mail.c" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "glpi" }, "ranges": [ { "events": [ { "fixed": "10.0.15,1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://github.com/glpi-project/glpi/releases/tag/10.0.15" ], "discovery": "2024-04-03T00:00:00Z", "references": { "cvename": [ "CVE-2024-31456", "CVE-2024-29889" ] }, "vid": "5da8b1e6-0591-11ef-9e00-080027957747" }, "details": "GLPI team reports:\n\n> GLPI 10.0.15 Changelog\n>\n> - \\[SECURITY - high\\] Authenticated SQL injection from map search\n> (CVE-2024-31456)\n> - \\[SECURITY - high\\] Account takeover via SQL Injection in saved\n> searches feature (CVE-2024-29889)\n", "id": "FreeBSD-2024-0109", "modified": "2024-04-28T00:00:00Z", "published": "2024-04-28T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://github.com/glpi-project/glpi/releases/tag/10.0.15" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-31456" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-29889" }, { "type": "WEB", "url": "https://github.com/glpi-project/glpi/releases/tag/10.0.15" } ], "schema_version": "1.7.0", "summary": "GLPI -- multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "py38-social-auth-app-django" }, "ranges": [ { "events": [ { "fixed": "5.4.1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "py39-social-auth-app-django" }, "ranges": [ { "events": [ { "fixed": "5.4.1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "py310-social-auth-app-django" }, "ranges": [ { "events": [ { "fixed": "5.4.1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "py311-social-auth-app-django" }, "ranges": [ { "events": [ { "fixed": "5.4.1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://nvd.nist.gov/vuln/detail/CVE-2024-32879" ], "discovery": "2024-04-24T00:00:00Z", "references": { "cvename": [ "CVE-2024-32879" ] }, "vid": "b3affee8-04d1-11ef-8928-901b0ef714d4" }, "details": "GitHub Advisory Database:\n\n> Python Social Auth is a social authentication/registration mechanism.\n> Prior to version 5.4.1, due to default case-insensitive collation in\n> MySQL or MariaDB databases, third-party authentication user IDs are\n> not case-sensitive and could cause different IDs to match. This issue\n> has been addressed by a fix released in version 5.4.1. An immediate\n> workaround would be to change collation of the affected field.\n", "id": "FreeBSD-2024-0108", "modified": "2024-04-28T00:00:00Z", "published": "2024-04-28T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-32879" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-32879" }, { "type": "WEB", "url": "https://github.com/python-social-auth/social-app-django/security/advisories/GHSA-2gr8-3wc7-xhj3" } ], "schema_version": "1.7.0", "summary": "py-social-auth-app-django -- Improper Handling of Case Sensitivity" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "chromium" }, "ranges": [ { "events": [ { "fixed": "124.0.6367.78" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "ungoogled-chromium" }, "ranges": [ { "events": [ { "fixed": "124.0.6367.78" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://chromereleases.googleblog.com/2024/04/stable-channel-update-for-desktop_24.html" ], "discovery": "2024-04-24T00:00:00Z", "references": { "cvename": [ "CVE-2024-4058", "CVE-2024-4059", "CVE-2024-4060" ] }, "vid": "7a42852d-0347-11ef-9f97-a8a1599412c6" }, "details": "Chrome Releases reports:\n\n> This update includes 4 security fixes:\n>\n> - \\[332546345\\] Critical CVE-2024-4058: Type Confusion in ANGLE.\n> Reported by Toan (suto) Pham and Bao (zx) Pham of Qrious Secure on\n> 2024-04-02\n> - \\[333182464\\] High CVE-2024-4059: Out of bounds read in V8 API.\n> Reported by Eirik on 2024-04-08\n> - \\[333420620\\] High CVE-2024-4060: Use after free in Dawn. Reported\n> by wgslfuzz on 2024-04-09\n", "id": "FreeBSD-2024-0107", "modified": "2024-04-25T00:00:00Z", "published": "2024-04-25T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://chromereleases.googleblog.com/2024/04/stable-channel-update-for-desktop_24.html" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-4058" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-4059" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-4060" }, { "type": "WEB", "url": "https://chromereleases.googleblog.com/2024/04/stable-channel-update-for-desktop_24.html" } ], "schema_version": "1.7.0", "summary": "chromium -- multiple security fixes" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "py38-matrix-synapse" }, "ranges": [ { "events": [ { "fixed": "1.105.1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "py39-matrix-synapse" }, "ranges": [ { "events": [ { "fixed": "1.105.1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "py310-matrix-synapse" }, "ranges": [ { "events": [ { "fixed": "1.105.1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "py311-matrix-synapse" }, "ranges": [ { "events": [ { "fixed": "1.105.1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://element.io/blog/security-release-synapse-1-105-1/" ], "discovery": "2024-04-23T00:00:00Z", "references": { "cvename": [ "CVE-2024-31208" ] }, "vid": "bdfa6c04-027a-11ef-9c21-901b0e9408dc" }, "details": "Matrix developers report:\n\n> Weakness in auth chain indexing allows DoS from remote room members\n> through disk fill and high CPU usage. (High severity)\n", "id": "FreeBSD-2024-0106", "modified": "2024-04-24T00:00:00Z", "published": "2024-04-24T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://element.io/blog/security-release-synapse-1-105-1/" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-31208" }, { "type": "WEB", "url": "https://element.io/blog/security-release-synapse-1-105-1/" }, { "type": "WEB", "url": "https://github.com/element-hq/synapse/security/advisories/GHSA-3h7q-rfh9-xm4v" } ], "schema_version": "1.7.0", "summary": "py-matrix-synapse -- weakness in auth chain indexing allows DoS" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "gitlab-ce" }, "ranges": [ { "events": [ { "introduced": "16.11.0" }, { "fixed": "16.11.1" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "16.10.0" }, { "fixed": "16.10.4" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "7.8.0" }, { "fixed": "16.9.6" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "gitlab-ee" }, "ranges": [ { "events": [ { "introduced": "16.11.0" }, { "fixed": "16.11.1" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "16.10.0" }, { "fixed": "16.10.4" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "7.8.0" }, { "fixed": "16.9.6" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://about.gitlab.com/releases/2024/04/24/patch-release-gitlab-16-11-1-released/" ], "discovery": "2024-04-24T00:00:00Z", "references": { "cvename": [ "CVE-2024-4024", "CVE-2024-2434", "CVE-2024-2829", "CVE-2024-4006", "CVE-2024-1347" ] }, "vid": "b857606c-0266-11ef-8681-001b217b3468" }, "details": "Gitlab reports:\n\n> GitLab account takeover, under certain conditions, when using\n> Bitbucket as an OAuth provider\n>\n> Path Traversal leads to DoS and Restricted File Read\n>\n> Unauthenticated ReDoS in FileFinder when using wildcard filters in\n> project file search\n>\n> Personal Access Token scopes not honoured by GraphQL subscriptions\n>\n> Domain based restrictions bypass using a crafted email address\n", "id": "FreeBSD-2024-0105", "modified": "2024-04-24T00:00:00Z", "published": "2024-04-24T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://about.gitlab.com/releases/2024/04/24/patch-release-gitlab-16-11-1-released/" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-4024" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-2434" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-2829" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-4006" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-1347" }, { "type": "WEB", "url": "https://about.gitlab.com/releases/2024/04/24/patch-release-gitlab-16-11-1-released/" } ], "schema_version": "1.7.0", "summary": "Gitlab -- vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "powerdns-recursor" }, "ranges": [ { "events": [ { "fixed": "5.0.4" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://blog.powerdns.com/2024/04/24/powerdns-recursor-4-8-8-4-9-5-5-0-4-released" ], "discovery": "2024-04-24T00:00:00Z", "references": { "cvename": [ "CVE-2024-25583" ] }, "vid": "1af16f2b-023c-11ef-8791-6805ca2fa271" }, "details": "PowerDNS Team reports:\n\n> PowerDNS Security Advisory 2024-02: if recursive forwarding is\n> configured, crafted responses can lead to a denial of service in\n> Recursor\n", "id": "FreeBSD-2024-0104", "modified": "2024-04-24T00:00:00Z", "published": "2024-04-24T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://blog.powerdns.com/2024/04/24/powerdns-recursor-4-8-8-4-9-5-5-0-4-released" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-25583" }, { "type": "WEB", "url": "https://docs.powerdns.com/recursor/security-advisories/powerdns-advisory-2024-02.html" } ], "schema_version": "1.7.0", "summary": "powerdns-recursor -- denial of service" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "glpi" }, "ranges": [ { "events": [ { "fixed": "10.0.13,1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://github.com/glpi-project/glpi/releases/tag/10.0.13" ], "discovery": "2024-03-13T00:00:00Z", "references": { "cvename": [ "CVE-2024-27096", "CVE-2024-27098", "CVE-2024-27104", "CVE-2024-27914", "CVE-2024-27930", "CVE-2024-27937" ] }, "vid": "bb49f1fa-00da-11ef-92b7-589cfc023192" }, "details": "GLPI team reports:\n\n> GLPI 10.0.13 Changelog\n>\n> - \\[SECURITY - high\\] SQL Injection in through the search engine\n> (CVE-2024-27096)\n> - \\[SECURITY - moderate\\] Blind SSRF using Arbitrary Object\n> Instantiation (CVE-2024-27098)\n> - \\[SECURITY - moderate\\] Stored XSS in dashboards (CVE-2024-27104)\n> - \\[SECURITY - moderate\\] Reflected XSS in debug mode (CVE-2024-27914)\n> - \\[SECURITY - moderate\\] Sensitive fields access through dropdowns\n> (CVE-2024-27930)\n> - \\[SECURITY - moderate\\] Users emails enumeration (CVE-2024-27937)\n", "id": "FreeBSD-2024-0103", "modified": "2024-04-22T00:00:00Z", "published": "2024-04-22T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://github.com/glpi-project/glpi/releases/tag/10.0.13" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-27096" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-27098" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-27104" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-27914" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-27930" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-27937" }, { "type": "WEB", "url": "https://github.com/glpi-project/glpi/releases/tag/10.0.13" } ], "schema_version": "1.7.0", "summary": "GLPI -- multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "glpi" }, "ranges": [ { "events": [ { "fixed": "10.0.12,1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://github.com/glpi-project/glpi/releases/tag/10.0.12" ], "discovery": "2024-02-01T00:00:00Z", "references": { "cvename": [ "CVE-2024-23645", "CVE-2023-51446" ] }, "vid": "faccf131-00d9-11ef-92b7-589cfc023192" }, "details": "GLPI team reports:\n\n> GLPI 10.0.12 Changelog\n>\n> - \\[SECURITY - moderate\\] Reflected XSS in reports pages\n> (CVE-2024-23645)\n> - \\[SECURITY - moderate\\] LDAP Injection during authentication\n> (CVE-2023-51446)\n", "id": "FreeBSD-2024-0102", "modified": "2024-04-22T00:00:00Z", "published": "2024-04-22T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://github.com/glpi-project/glpi/releases/tag/10.0.12" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-23645" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-51446" }, { "type": "WEB", "url": "https://github.com/glpi-project/glpi/releases/tag/10.0.12" } ], "schema_version": "1.7.0", "summary": "GLPI -- multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "glpi" }, "ranges": [ { "events": [ { "fixed": "10.0.11,1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://github.com/glpi-project/glpi/releases/tag/10.0.11" ], "discovery": "2023-12-13T00:00:00Z", "references": { "cvename": [ "CVE-2023-43813", "CVE-2023-46727", "CVE-2023-46726" ] }, "vid": "ed688880-00c4-11ef-92b7-589cfc023192" }, "details": "GLPI team reports:\n\n> GLPI 10.0.11 Changelog\n>\n> - \\[SECURITY - moderate\\] Authenticated SQL Injection (CVE-2023-43813)\n> - \\[SECURITY - high\\] SQL injection through inventory agent request\n> (CVE-2023-46727)\n> - \\[SECURITY - high\\] Remote code execution from LDAP server\n> configuration form on PHP 7.4 (CVE-2023-46726)\n", "id": "FreeBSD-2024-0101", "modified": "2024-04-22T00:00:00Z", "published": "2024-04-22T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://github.com/glpi-project/glpi/releases/tag/10.0.11" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-43813" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-46727" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-46726" }, { "type": "WEB", "url": "https://github.com/glpi-project/glpi/releases/tag/10.0.11" } ], "schema_version": "1.7.0", "summary": "GLPI -- multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "ruby" }, "ranges": [ { "events": [ { "introduced": "3.1.0,1" }, { "fixed": "3.1.5,1" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "3.2.0,1" }, { "fixed": "3.2.4,1" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "3.3.0,1" }, { "fixed": "3.3.1,1" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "ruby31" }, "ranges": [ { "events": [ { "introduced": "3.1.0,1" }, { "fixed": "3.1.5,1" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "ruby32" }, "ranges": [ { "events": [ { "introduced": "3.2.0,1" }, { "fixed": "3.2.4,1" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "ruby33" }, "ranges": [ { "events": [ { "introduced": "3.3.0,1" }, { "fixed": "3.3.1,1" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://www.ruby-lang.org/en/news/2024/04/23/arbitrary-memory-address-read-regexp-cve-2024-27282/" ], "discovery": "2024-04-23T00:00:00Z", "references": { "cvename": [ "CVE-2024-27282" ] }, "vid": "2ce1a2f1-0177-11ef-a45e-08002784c58d" }, "details": "sp2ip reports:\n\n> If attacker-supplied data is provided to the Ruby regex compiler, it\n> is possible to extract arbitrary heap data relative to the start of\n> the text, including pointers and sensitive strings.\n", "id": "FreeBSD-2024-0100", "modified": "2024-04-23T00:00:00Z", "published": "2024-04-23T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://www.ruby-lang.org/en/news/2024/04/23/arbitrary-memory-address-read-regexp-cve-2024-27282/" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-27282" }, { "type": "WEB", "url": "https://www.ruby-lang.org/en/news/2024/04/23/arbitrary-memory-address-read-regexp-cve-2024-27282/" } ], "schema_version": "1.7.0", "summary": "ruby -- Arbitrary memory address read vulnerability with Regex search" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "sdl2_sound" }, "ranges": [ { "events": [ { "fixed": "2.0.2_1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://securitylab.github.com/advisories/GHSL-2023-145_GHSL-2023-151_stb_image_h/" ], "discovery": "2023-10-20T00:00:00Z", "references": { "cvename": [ "CVE-2023-45676", "CVE-2023-45677", "CVE-2023-45680", "CVE-2023-45681", "CVE-2023-45682" ] }, "vid": "304d92c3-00c5-11ef-bd52-080027bff743" }, "details": "GitHub Security Lab reports:\n\n> stb_image.h and stb_vorbis libraries contain several memory access\n> violations of different severity\n>\n> 1. Wild address read in stbi\\_\\_gif_load_next (GHSL-2023-145).\n> 2. Multi-byte read heap buffer overflow in stbi\\_\\_vertical_flip\n> (GHSL-2023-146).\n> 3. Disclosure of uninitialized memory in stbi\\_\\_tga_load\n> (GHSL-2023-147).\n> 4. Double-free in stbi\\_\\_load_gif_main_outofmem (GHSL-2023-148).\n> 5. Null pointer dereference in stbi\\_\\_convert_format\n> (GHSL-2023-149).\n> 6. Possible double-free or memory leak in stbi\\_\\_load_gif_main\n> (GHSL-2023-150).\n> 7. Null pointer dereference because of an uninitialized variable\n> (GHSL-2023-151).\n> 8. 0 byte write heap buffer overflow in start_decoder (GHSL-2023-165)\n> 9. Multi-byte write heap buffer overflow in start_decoder\n> (GHSL-2023-166)\n> 10. Heap buffer out of bounds write in start_decoder (GHSL-2023-167)\n> 11. Off-by-one heap buffer write in start_decoder (GHSL-2023-168)\n> 12. Attempt to free an uninitialized memory pointer in vorbis_deinit\n> (GHSL-2023-169)\n> 13. Null pointer dereference in vorbis_deinit (GHSL-2023-170)\n> 14. Out of bounds heap buffer write (GHSL-2023-171)\n> 15. Wild address read in vorbis_decode_packet_rest (GHSL-2023-172)\n", "id": "FreeBSD-2024-0099", "modified": "2024-04-22T00:00:00Z", "published": "2024-04-22T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://securitylab.github.com/advisories/GHSL-2023-145_GHSL-2023-151_stb_image_h/" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-45676" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-45677" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-45680" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-45681" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-45682" }, { "type": "WEB", "url": "https://securitylab.github.com/advisories/GHSL-2023-145_GHSL-2023-151_stb_image_h/" } ], "schema_version": "1.7.0", "summary": "sdl2_sound -- multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "chromium" }, "ranges": [ { "events": [ { "fixed": "124.0.6367.60" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "ungoogled-chromium" }, "ranges": [ { "events": [ { "fixed": "124.0.6367.60" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://chromereleases.googleblog.com/2024/04/stable-channel-update-for-desktop_16.html" ], "discovery": "2024-04-16T00:00:00Z", "references": { "cvename": [ "CVE-2024-3832", "CVE-2024-3833", "CVE-2024-3914", "CVE-2024-3834", "CVE-2024-3837", "CVE-2024-3838", "CVE-2024-3839", "CVE-2024-3840", "CVE-2024-3841", "CVE-2024-3843", "CVE-2024-3844", "CVE-2024-3845", "CVE-2024-3846", "CVE-2024-3847" ] }, "vid": "9bed230f-ffc8-11ee-8e76-a8a1599412c6" }, "details": "Chrome Releases reports:\n\n> This update includes 23 security fixes:\n>\n> - \\[331358160\\] High CVE-2024-3832: Object corruption in V8. Reported\n> by Man Yue Mo of GitHub Security Lab on 2024-03-27\n> - \\[331383939\\] High CVE-2024-3833: Object corruption in WebAssembly.\n> Reported by Man Yue Mo of GitHub Security Lab on 2024-03-27\n> - \\[330759272\\] High CVE-2024-3914: Use after free in V8. Reported by\n> Seunghyun Lee (@0x10n) of KAIST Hacking Lab, via Pwn2Own 2024 on\n> 2024-03-21\n> - \\[326607008\\] High CVE-2024-3834: Use after free in Downloads.\n> Reported by ChaobinZhang on 2024-02-24\n> - \\[41491379\\] Medium CVE-2024-3837: Use after free in QUIC. Reported\n> by {rotiple, dch3ck} of CW Research Inc. on 2024-01-15\n> - \\[328278717\\] Medium CVE-2024-3838: Inappropriate implementation in\n> Autofill. Reported by Ardyan Vicky Ramadhan on 2024-03-06\n> - \\[41491859\\] Medium CVE-2024-3839: Out of bounds read in Fonts.\n> Reported by Ronald Crane (Zippenhop LLC) on 2024-01-16\n> - \\[41493458\\] Medium CVE-2024-3840: Insufficient policy enforcement\n> in Site Isolation. Reported by Ahmed ElMasry on 2024-01-22\n> - \\[330376742\\] Medium CVE-2024-3841: Insufficient data validation in\n> Browser Switcher. Reported by Oleg on 2024-03-19\n> - \\[41486690\\] Medium CVE-2024-3843: Insufficient data validation in\n> Downloads. Reported by Azur on 2023-12-24\n> - \\[40058873\\] Low CVE-2024-3844: Inappropriate implementation in\n> Extensions. Reported by Alesandro Ortiz on 2022-02-23\n> - \\[323583084\\] Low CVE-2024-3845: Inappropriate implementation in\n> Network. Reported by Daniel Baulig on 2024-02-03\n> - \\[40064754\\] Low CVE-2024-3846: Inappropriate implementation in\n> Prompts. Reported by Ahmed ElMasry on 2023-05-23\n> - \\[328690293\\] Low CVE-2024-3847: Insufficient policy enforcement in\n> WebUI. Reported by Yan Zhu on 2024-03-08\n", "id": "FreeBSD-2024-0098", "modified": "2024-04-21T00:00:00Z", "published": "2024-04-21T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://chromereleases.googleblog.com/2024/04/stable-channel-update-for-desktop_16.html" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-3832" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-3833" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-3914" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-3834" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-3837" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-3838" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-3839" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-3840" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-3841" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-3843" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-3844" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-3845" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-3846" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-3847" }, { "type": "WEB", "url": "https://chromereleases.googleblog.com/2024/04/stable-channel-update-for-desktop_16.html" } ], "schema_version": "1.7.0", "summary": "chromium -- multiple security fixes" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "clamav" }, "ranges": [ { "events": [ { "introduced": "1.3.0,1" }, { "fixed": "1.3.1,1" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://blog.clamav.net/2024/04/clamav-131-123-106-patch-versions.html" ], "discovery": "2024-04-17T00:00:00Z", "references": { "cvename": [ "CVE-2024-20380" ] }, "vid": "ecafc4af-fe8a-11ee-890c-08002784c58d" }, "details": "B\u0142a\u017cej Paw\u0142owski reports:\n\n> A vulnerability in the HTML parser of ClamAV could allow an\n> unauthenticated, remote attacker to cause a denial of service (DoS)\n> condition on an affected device. The vulnerability is due to an issue\n> in the C to Rust foreign function interface. An attacker could exploit\n> this vulnerability by submitting a crafted file containing HTML\n> content to be scanned by ClamAV on an affected device. An exploit\n> could allow the attacker to cause the ClamAV scanning process to\n> terminate, resulting in a DoS condition on the affected software.\n", "id": "FreeBSD-2024-0097", "modified": "2024-04-19T00:00:00Z", "published": "2024-04-19T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://blog.clamav.net/2024/04/clamav-131-123-106-patch-versions.html" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-20380" }, { "type": "WEB", "url": "https://blog.clamav.net/2024/04/clamav-131-123-106-patch-versions.html" } ], "schema_version": "1.7.0", "summary": "clamav -- Possible crash in the HTML file parser that could cause a denial-of-service (DoS) condition" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "jenkins" }, "ranges": [ { "events": [ { "fixed": "2.452" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "jenkins-lts" }, "ranges": [ { "events": [ { "fixed": "2.440.3" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://www.jenkins.io/security/advisory/2024-04-17/" ], "discovery": "2024-04-17T00:00:00Z", "references": { "cvename": [ "CVE-2023-48795" ] }, "vid": "4ebdd56b-fe72-11ee-bc57-00e081b7aa2d" }, "details": "Jenkins Security Advisory:\n\n> # Description\n>\n> ##### (Medium) SECURITY-3386 / CVE-2023-48795\n>\n> Terrapin SSH vulnerability in Jenkins CLI client\n", "id": "FreeBSD-2024-0096", "modified": "2024-04-19T00:00:00Z", "published": "2024-04-19T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://www.jenkins.io/security/advisory/2024-04-17/" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-48795" }, { "type": "WEB", "url": "https://www.jenkins.io/security/advisory/2024-04-17/" } ], "schema_version": "1.7.0", "summary": "jenkins -- Terrapin SSH vulnerability in Jenkins CLI client" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "electron27" }, "ranges": [ { "events": [ { "fixed": "27.3.11" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "electron28" }, "ranges": [ { "events": [ { "fixed": "28.3.1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "electron29" }, "ranges": [ { "events": [ { "fixed": "29.3.1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://github.com/electron/electron/releases/tag/v27.3.11" ], "discovery": "2024-04-16T00:00:00Z", "references": { "cvename": [ "CVE-2024-3515", "CVE-2024-3516", "CVE-2024-3157", "CVE-2024-1580" ] }, "vid": "f90bf863-e43c-4db3-b5a8-d9603684657a" }, "details": "Electron develpers report:\n\n> This update fixes the following vulnerabilities:\n>\n> - Security: backported fix for CVE-2024-3515.\n> - Security: backported fix for CVE-2024-3516.\n> - Security: backported fix for CVE-2024-3157.\n> - Security: backported fix for CVE-2024-1580.\n", "id": "FreeBSD-2024-0095", "modified": "2024-04-18T00:00:00Z", "published": "2024-04-18T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://github.com/electron/electron/releases/tag/v27.3.11" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-3515" }, { "type": "ADVISORY", "url": "https://github.com/advisories/GHSA-x6cj-gx36-vcxv" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-3516" }, { "type": "ADVISORY", "url": "https://github.com/advisories/GHSA-jf9g-42gm-v87w" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-3157" }, { "type": "ADVISORY", "url": "https://github.com/advisories/GHSA-4m4g-p795-cmq7" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-1580" }, { "type": "ADVISORY", "url": "https://github.com/advisories/GHSA-3p7f-4r2q-wxmm" } ], "schema_version": "1.7.0", "summary": "electron{27,28,29} -- multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "php81" }, "ranges": [ { "events": [ { "fixed": "8.1.28" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "php82" }, "ranges": [ { "events": [ { "fixed": "8.2.18" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "php83" }, "ranges": [ { "events": [ { "fixed": "8.3.6" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://seclists.org/oss-sec/2024/q2/113/" ], "discovery": "2024-04-11T00:00:00Z", "references": { "cvename": [ "CVE-2024-1874", "CVE-2024-2756", "CVE-2024-3096", "CVE-2024-2757" ] }, "vid": "6d82c5e9-fc24-11ee-a689-04421a1baf97" }, "details": "This update includes 3 security fixes:\n\n> - High CVE-2024-1874: Command injection via array-ish \\$command\n> parameter of proc_open even if bypass_shell option enabled on\n> Windows\n> - High CVE-2024-1874: Command injection via array-ish \\$command\n> parameter of proc_open even if bypass_shell option enabled on\n> Windows\n> - Medium CVE-2024-2756: \\_\\_Host-/\\_\\_Secure- cookie bypass due to\n> partial CVE-2022-31629 fix\n> - High CVE-2024-2757: mb_encode_mimeheader runs endlessly for some\n> inputs\n", "id": "FreeBSD-2024-0094", "modified": "2024-04-16T00:00:00Z", "published": "2024-04-16T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://seclists.org/oss-sec/2024/q2/113/" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-1874" }, { "type": "WEB", "url": "https://github.com/php/php-src/security/advisories/GHSA-pc52-254m-w9w7" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-2756" }, { "type": "WEB", "url": "https://github.com/php/php-src/security/advisories/GHSA-wpj3-hf5j-x4v4" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-3096" }, { "type": "WEB", "url": "https://github.com/php/php-src/security/advisories/GHSA-h746-cjrr-wfmr" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-2757" }, { "type": "WEB", "url": "https://github.com/php/php-src/security/advisories/GHSA-fjp9-9hwx-59fq" } ], "schema_version": "1.7.0", "summary": "php -- Multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "go122" }, "ranges": [ { "events": [ { "fixed": "1.22.2" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "go121" }, "ranges": [ { "events": [ { "fixed": "1.21.9" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://go.dev/issue/65051" ], "discovery": "2024-04-03T00:00:00Z", "references": { "cvename": [ "CVE-2023-45288" ] }, "vid": "cdb5e0e3-fafc-11ee-9c21-901b0e9408dc" }, "details": "The Go project reports:\n\n> http2: close connections when receiving too many headers\n>\n> Maintaining HPACK state requires that we parse and process all HEADERS\n> and CONTINUATION frames on a connection. When a request\\'s headers\n> exceed MaxHeaderBytes, we don\\'t allocate memory to store the excess\n> headers but we do parse them. This permits an attacker to cause an\n> HTTP/2 endpoint to read arbitrary amounts of header data, all\n> associated with a request which is going to be rejected. These headers\n> can include Huffman-encoded data which is significantly more expensive\n> for the receiver to decode than for an attacker to send.\n", "id": "FreeBSD-2024-0093", "modified": "2024-04-15T00:00:00Z", "published": "2024-04-15T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://go.dev/issue/65051" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-45288" }, { "type": "WEB", "url": "https://groups.google.com/g/golang-announce/c/YgW0sx8mN3M/m/khALNYGdAAAJ" } ], "schema_version": "1.7.0", "summary": "go -- http2: close connections when receiving too many headers" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "chromium" }, "ranges": [ { "events": [ { "fixed": "123.0.6312.122" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "ungoogled-chromium" }, "ranges": [ { "events": [ { "fixed": "123.0.6312.122" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://chromereleases.googleblog.com/2024/04/stable-channel-update-for-desktop_10.html" ], "discovery": "2024-04-10T00:00:00Z", "references": { "cvename": [ "CVE-2024-3157", "CVE-2024-3516", "CVE-2024-3515" ] }, "vid": "7314942b-0889-46f0-b02b-2c60aabe4a82" }, "details": "Chrome Releases reports:\n\n> This update includes 3 security fixes:\n>\n> - \\[331237485\\] High CVE-2024-3157: Out of bounds write in\n> Compositing. Reported by DarkNavy on 2024-03-26\n> - \\[328859176\\] High CVE-2024-3516: Heap buffer overflow in ANGLE.\n> Reported by Bao (zx) Pham and Toan (suto) Pham of Qrious Secure on\n> 2024-03-09\n> - \\[331123811\\] High CVE-2024-3515: Use after free in Dawn. Reported\n> by wgslfuzz on 2024-03-25\n", "id": "FreeBSD-2024-0092", "modified": "2024-04-12T00:00:00Z", "published": "2024-04-12T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://chromereleases.googleblog.com/2024/04/stable-channel-update-for-desktop_10.html" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-3157" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-3516" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-3515" }, { "type": "WEB", "url": "https://chromereleases.googleblog.com/2024/04/stable-channel-update-for-desktop_10.html" } ], "schema_version": "1.7.0", "summary": "chromium -- multiple security fixes" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "putty" }, "ranges": [ { "events": [ { "introduced": "0.68" }, { "fixed": "0.81" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "putty-nogtk" }, "ranges": [ { "events": [ { "introduced": "0.68" }, { "fixed": "0.81" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "filezilla" }, "ranges": [ { "events": [ { "fixed": "3.67.0" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://lists.tartarus.org/pipermail/putty-announce/2024/000038.html", "https://nvd.nist.gov/vuln/detail/CVE-2024-31497" ], "discovery": "2024-04-01T00:00:00Z", "references": { "cvename": [ "CVE-2024-31497" ] }, "vid": "080936ba-fbb7-11ee-abc8-6960f2492b1d" }, "details": "Simon Tatham reports:\n\n> ECDSA signatures using 521-bit keys (the NIST P521 curve, otherwise\n> known as ecdsa-sha2-nistp521) were generated with biased random\n> numbers. This permits an attacker in possession of a few dozen\n> signatures to RECOVER THE PRIVATE KEY.\n>\n> Any 521-bit ECDSA private key that PuTTY or Pageant has used to sign\n> anything should be considered compromised.\n>\n> Additionally, if you have any 521-bit ECDSA private keys that you\\'ve\n> used with PuTTY, you should consider them to be compromised: generate\n> new keys, and remove the old public keys from any authorized_keys\n> files.\n\n> A second, independent scenario is that the adversary is an operator of\n> an SSH server to which the victim authenticates (for remote login or\n> file copy), \\[\\...\\] and the victim uses the same private key for SSH\n> connections to other services operated by other entities. Here, the\n> rogue server operator (who would otherwise have no way to determine\n> the victim\\'s private key) can derive the victim\\'s private key, and\n> then use it for unauthorized access to those other services. If the\n> other services include Git services, then again it may be possible to\n> conduct supply-chain attacks on software maintained in Git. This also\n> affects, for example, FileZilla before 3.67.0, WinSCP before 6.3.3,\n> TortoiseGit before 2.15.0.1, and TortoiseSVN through 1.14.6.\n", "id": "FreeBSD-2024-0091", "modified": "2024-04-16T00:00:00Z", "published": "2024-04-16T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://lists.tartarus.org/pipermail/putty-announce/2024/000038.html" }, { "type": "REPORT", "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-31497" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-31497" }, { "type": "WEB", "url": "https://lists.tartarus.org/pipermail/putty-announce/2024/000038.html" }, { "type": "WEB", "url": "https://www.chiark.greenend.org.uk/~sgtatham/putty/wishlist/vuln-p521-bias.html" }, { "type": "WEB", "url": "https://git.tartarus.org/?h=c193fe9848f50a88a4089aac647fecc31ae96d27&p=simon/putty.git" }, { "type": "WEB", "url": "https://filezilla-project.org/versions.php" }, { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-31497" } ], "schema_version": "1.7.0", "summary": "PuTTY and embedders (f.i., filezilla) -- biased RNG with NIST P521/ecdsa-sha2-nistp521 signatures permits recovering private key" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "electron27" }, "ranges": [ { "events": [ { "fixed": "27.3.10" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "electron28" }, "ranges": [ { "events": [ { "fixed": "28.3.0" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://github.com/electron/electron/releases/tag/v27.3.10" ], "discovery": "2024-04-10T00:00:00Z", "references": { "cvename": [ "CVE-2024-3159" ] }, "vid": "31617e47-7eec-4c60-9fdf-8aee61622bab" }, "details": "Electron developers report:\n\n> This update fixes the following vulnerability:\n>\n> - Security: backported fix for CVE-2024-3159.\n", "id": "FreeBSD-2024-0090", "modified": "2024-04-11T00:00:00Z", "published": "2024-04-11T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://github.com/electron/electron/releases/tag/v27.3.10" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-3159" }, { "type": "ADVISORY", "url": "https://github.com/advisories/GHSA-mh2p-2x66-3hr4" } ], "schema_version": "1.7.0", "summary": "electron{27,28} -- Out of bounds memory access in V8" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "openssl" }, "ranges": [ { "events": [ { "fixed": "3.0.13_3,1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "openssl31" }, "ranges": [ { "events": [ { "fixed": "3.1.5_3" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "openssl32" }, "ranges": [ { "events": [ { "fixed": "3.2.1_2" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "openssl-quictls" }, "ranges": [ { "events": [ { "fixed": "3.0.13_3" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "openssl31-quictls" }, "ranges": [ { "events": [ { "fixed": "3.1.5_1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://www.openssl.org/news/secadv/20240408.txt" ], "discovery": "2024-04-08T00:00:00Z", "references": { "cvename": [ "CVE-2024-2511" ] }, "vid": "7c217849-f7d7-11ee-a490-84a93843eb75" }, "details": "The OpenSSL project reports:\n\n> Some non-default TLS server configurations can cause unbounded memory\n> growth when processing TLSv1.3 sessions\n", "id": "FreeBSD-2024-0089", "modified": "2024-04-11T00:00:00Z", "published": "2024-04-11T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://www.openssl.org/news/secadv/20240408.txt" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-2511" }, { "type": "WEB", "url": "https://www.openssl.org/news/secadv/20240408.txt" } ], "schema_version": "1.7.0", "summary": "OpenSSL -- Unbounded memory growth with session handling in TLSv1.3" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "forgejo" }, "ranges": [ { "events": [ { "fixed": "1.21.8" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://go.dev/cl/576155" ], "discovery": "2024-04-04T00:00:00Z", "references": { "cvename": [ "CVE-2023-45288" ] }, "vid": "c092be0e-f7cc-11ee-aa6b-b42e991fc52e" }, "details": "security@golang.org reports:\n\n> An attacker may cause an HTTP/2 endpoint to read arbitrary amounts of\n> header data by sending an excessive number of CONTINUATION frames.\n> Maintaining HPACK state requires parsing and processing all HEADERS\n> and CONTINUATION frames on a connection. When a request\\'s headers\n> exceed MaxHeaderBytes, no memory is allocated to store the excess\n> headers, but they are still parsed. This permits an attacker to cause\n> an HTTP/2 endpoint to read arbitrary amounts of header data, all\n> associated with a request which is going to be rejected. These headers\n> can include Huffman-encoded data which is significantly more expensive\n> for the receiver to decode than for an attacker to send. The fix sets\n> a limit on the amount of excess header frames we will process before\n> closing a connection.\n", "id": "FreeBSD-2024-0088", "modified": "2024-04-11T00:00:00Z", "published": "2024-04-11T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://go.dev/cl/576155" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-45288" }, { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-45288" } ], "schema_version": "1.7.0", "summary": "forgejo -- HTTP/2 CONTINUATION flood in net/http" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "jose" }, "ranges": [ { "events": [ { "fixed": "13" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://github.com/P3ngu1nW/CVE_Request/blob/main/latch-jose.md" ], "discovery": "2024-03-20T00:00:00Z", "references": { "cvename": [ "CVE-2023-50967" ] }, "vid": "02be46c1-f7cc-11ee-aa6b-b42e991fc52e" }, "details": "cve@mitre.org reports:\n\n> latchset jose through version 11 allows attackers to cause a denial of\n> service (CPU consumption) via a large p2c (aka PBES2 Count) value.\n", "id": "FreeBSD-2024-0087", "modified": "2024-04-11T00:00:00Z", "published": "2024-04-11T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://github.com/P3ngu1nW/CVE_Request/blob/main/latch-jose.md" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-50967" }, { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-50967" } ], "schema_version": "1.7.0", "summary": "jose -- DoS vulnerability" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "gitlab-ce" }, "ranges": [ { "events": [ { "introduced": "16.10.0" }, { "fixed": "16.10.2" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "16.9.0" }, { "fixed": "16.9.4" } ], "type": "ECOSYSTEM" }, { "events": [ { "fixed": "16.8.6" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://about.gitlab.com/releases/2024/04/10/patch-release-gitlab-16-10-2-released/" ], "discovery": "2024-04-10T00:00:00Z", "references": { "cvename": [ "CVE-2024-3092", "CVE-2024-2279", "CVE-2023-6489", "CVE-2023-6678" ] }, "vid": "dad6294c-f7c1-11ee-bb77-001b217b3468" }, "details": "Gitlab reports:\n\n> Stored XSS injected in diff viewer\n>\n> Stored XSS via autocomplete results\n>\n> Redos on Integrations Chat Messages\n>\n> Redos During Parse Junit Test Report\n", "id": "FreeBSD-2024-0086", "modified": "2024-04-11T00:00:00Z", "published": "2024-04-11T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://about.gitlab.com/releases/2024/04/10/patch-release-gitlab-16-10-2-released/" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-3092" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-2279" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-6489" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-6678" }, { "type": "WEB", "url": "https://about.gitlab.com/releases/2024/04/10/patch-release-gitlab-16-10-2-released/" } ], "schema_version": "1.7.0", "summary": "Gitlab -- Patch Release: 16.10.2, 16.9.4, 16.8.6" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "wordpress" }, "ranges": [ { "events": [ { "introduced": "6.5.0,1" }, { "fixed": "6.5.1,1" } ], "type": "ECOSYSTEM" }, { "events": [ { "fixed": "6.4.4,1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "fr-wordpress-fr_FR" }, "ranges": [ { "events": [ { "introduced": "6.5.0,1" }, { "fixed": "6.5.1,1" } ], "type": "ECOSYSTEM" }, { "events": [ { "fixed": "6.4.4,1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "ru-wordpress-ru_RU" }, "ranges": [ { "events": [ { "introduced": "6.5.0" }, { "fixed": "6.5.1" } ], "type": "ECOSYSTEM" }, { "events": [ { "fixed": "6.4.4" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "ja-wordpress-ja" }, "ranges": [ { "events": [ { "introduced": "6.5.0" }, { "fixed": "6.5.1" } ], "type": "ECOSYSTEM" }, { "events": [ { "fixed": "6.4.4" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "zh-wordpress-zh_CN" }, "ranges": [ { "events": [ { "introduced": "6.5.0" }, { "fixed": "6.5.1" } ], "type": "ECOSYSTEM" }, { "events": [ { "fixed": "6.4.4" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "zh-wordpress-zh_TW" }, "ranges": [ { "events": [ { "introduced": "6.5.0" }, { "fixed": "6.5.1" } ], "type": "ECOSYSTEM" }, { "events": [ { "fixed": "6.4.4" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "de-wordpress-de_DE" }, "ranges": [ { "events": [ { "introduced": "6.5.0" }, { "fixed": "6.5.1" } ], "type": "ECOSYSTEM" }, { "events": [ { "fixed": "6.4.4" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://wordpress.org/documentation/wordpress-version/version-6-4-4/" ], "discovery": "2024-04-09T00:00:00Z", "vid": "ea4a2dfc-f761-11ee-af2c-589cfc0f81b0" }, "details": "The Wordpress team reports:\n\n> A cross-site scripting (XSS) vulnerability affecting the Avatar block\n> type\n", "id": "FreeBSD-2024-0085", "modified": "2024-04-10T00:00:00Z", "published": "2024-04-10T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://wordpress.org/documentation/wordpress-version/version-6-4-4/" }, { "type": "WEB", "url": "https://wordpress.org/documentation/wordpress-version/version-6-4-4/" } ], "schema_version": "1.7.0", "summary": "wordpress -- XSS" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "apache24" }, "ranges": [ { "events": [ { "fixed": "2.4.59" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "mod_http2" }, "ranges": [ { "events": [ { "fixed": "2.0.27" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://downloads.apache.org/httpd/CHANGES_2.4.59" ], "discovery": "2024-04-04T00:00:00Z", "references": { "cvename": [ "CVE-2024-27316", "CVE-2024-24795", "CVE-2024-38709" ] }, "vid": "8e6f684b-f333-11ee-a573-84a93843eb75" }, "details": "The Apache httpd project reports:\n\n> HTTP/2 DoS by memory exhaustion on endless continuation frames\n>\n> HTTP Response Splitting in multiple modules\n", "id": "FreeBSD-2024-0084", "modified": "2024-04-05T00:00:00Z", "published": "2024-04-05T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://downloads.apache.org/httpd/CHANGES_2.4.59" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-27316" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-24795" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-38709" }, { "type": "WEB", "url": "https://downloads.apache.org/httpd/CHANGES_2.4.59" } ], "schema_version": "1.7.0", "summary": "Apache httpd -- multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "electron27" }, "ranges": [ { "events": [ { "fixed": "27.3.9" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "electron28" }, "ranges": [ { "events": [ { "fixed": "28.2.10" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://github.com/electron/electron/releases/tag/v27.3.9" ], "discovery": "2024-04-03T00:00:00Z", "references": { "cvename": [ "CVE-2024-2885", "CVE-2024-2883", "CVE-2024-2887", "CVE-2024-2886" ] }, "vid": "c2431c4e-622c-4d92-996d-d8b5258ae8c9" }, "details": "Electron developers report:\n\n> This update fixes the following vulnerabilities:\n>\n> - Security: backported fix for CVE-2024-2885.\n> - Security: backported fix for CVE-2024-2883.\n> - Security: backported fix for CVE-2024-2887.\n> - Security: backported fix for CVE-2024-2886.\n", "id": "FreeBSD-2024-0083", "modified": "2024-04-05T00:00:00Z", "published": "2024-04-05T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://github.com/electron/electron/releases/tag/v27.3.9" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-2885" }, { "type": "ADVISORY", "url": "https://github.com/advisories/GHSA-qccw-wmvp-8pv9" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-2883" }, { "type": "ADVISORY", "url": "https://github.com/advisories/GHSA-gg9c-7j6m-3qq2" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-2887" }, { "type": "ADVISORY", "url": "https://github.com/advisories/GHSA-q75f-2pp5-9phj" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-2886" }, { "type": "ADVISORY", "url": "https://github.com/advisories/GHSA-5pj4-f8gh-j3mr" } ], "schema_version": "1.7.0", "summary": "electron{27,28} -- multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "chromium" }, "ranges": [ { "events": [ { "fixed": "123.0.6312.105" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "ungoogled-chromium" }, "ranges": [ { "events": [ { "fixed": "123.0.6312.105" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://chromereleases.googleblog.com/2024/04/stable-channel-update-for-desktop.html" ], "discovery": "2024-04-02T00:00:00Z", "references": { "cvename": [ "CVE-2024-3156", "CVE-2024-3158", "CVE-2024-3159" ] }, "vid": "4a026b6c-f2b8-11ee-8e76-a8a1599412c6" }, "details": "Chrome Releases reports:\n\n> This update includes 3 security fixes:\n>\n> - \\[329130358\\] High CVE-2024-3156: Inappropriate implementation in\n> V8. Reported by Zhenghang Xiao (@Kipreyyy) on 2024-03-12\n> - \\[329965696\\] High CVE-2024-3158: Use after free in Bookmarks.\n> Reported by undoingfish on 2024-03-17\n> - \\[330760873\\] High CVE-2024-3159: Out of bounds memory access in V8.\n> Reported by Edouard Bochin (@le_douds) and Tao Yan (@Ga1ois) of Palo\n> Alto Networks, via Pwn2Own 2024 on 2024-03-22\n", "id": "FreeBSD-2024-0082", "modified": "2024-04-04T00:00:00Z", "published": "2024-04-04T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://chromereleases.googleblog.com/2024/04/stable-channel-update-for-desktop.html" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-3156" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-3158" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-3159" }, { "type": "WEB", "url": "https://chromereleases.googleblog.com/2024/04/stable-channel-update-for-desktop.html" } ], "schema_version": "1.7.0", "summary": "chromium -- multiple security fixes" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "xorg-server" }, "ranges": [ { "events": [ { "fixed": "21.1.12,1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "xephyr" }, "ranges": [ { "events": [ { "fixed": "21.1.12,1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "xorg-vfbserver" }, "ranges": [ { "events": [ { "fixed": "21.1.12,1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "xorg-nextserver" }, "ranges": [ { "events": [ { "fixed": "21.1.12,2" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "xwayland" }, "ranges": [ { "events": [ { "fixed": "23.2.5" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "xwayland-devel" }, "ranges": [ { "events": [ { "introduced": "21.0.99.1.672" }, { "fixed": "21.0.99.1.841_1" } ], "type": "ECOSYSTEM" }, { "events": [ { "fixed": "21.0.99.1.671_1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://lists.x.org/archives/xorg-announce/2024-April/003497.html" ], "discovery": "2024-04-03T00:00:00Z", "references": { "cvename": [ "CVE-2024-31080", "CVE-2024-31081", "CVE-2024-31083" ] }, "vid": "57561cfc-f24b-11ee-9730-001fc69cd6dc" }, "details": "The X.Org project reports:\n\n> - CVE-2024-31080: Heap buffer overread/data leakage in\n> ProcXIGetSelectedEvents\n>\n> The ProcXIGetSelectedEvents() function uses the byte-swapped length\n> of the return data for the amount of data to return to the client,\n> if the client has a different endianness than the X server.\n>\n> - CVE-2024-31081: Heap buffer overread/data leakage in\n> ProcXIPassiveGrabDevice\n>\n> The ProcXIPassiveGrabDevice() function uses the byte-swapped length\n> of the return data for the amount of data to return to the client,\n> if the client has a different endianness than the X server.\n>\n> - CVE-2024-31083: User-after-free in ProcRenderAddGlyphs\n>\n> The ProcRenderAddGlyphs() function calls the AllocateGlyph()\n> function to store new glyphs sent by the client to the X server.\n> AllocateGlyph() would return a new glyph with refcount=0 and a\n> re-used glyph would end up not changing the refcount at all. The\n> resulting glyph_new array would thus have multiple entries pointing\n> to the same non-refcounted glyphs. ProcRenderAddGlyphs() may free a\n> glyph, resulting in a use-after-free when the same glyph pointer is\n> then later used.\n", "id": "FreeBSD-2024-0081", "modified": "2024-04-04T00:00:00Z", "published": "2024-04-04T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://lists.x.org/archives/xorg-announce/2024-April/003497.html" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-31080" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-31081" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-31083" }, { "type": "WEB", "url": "https://lists.x.org/archives/xorg-announce/2024-April/003497.html" } ], "schema_version": "1.7.0", "summary": "xorg server -- Multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "jenkins" }, "ranges": [ { "events": [ { "fixed": "2.444" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "jenkins-lts" }, "ranges": [ { "events": [ { "fixed": "2.440.2" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://www.jenkins.io/security/advisory/2024-03-20/" ], "discovery": "2024-03-20T00:00:00Z", "references": { "cvename": [ "CVE-2024-22201" ] }, "vid": "2e3bea0c-f110-11ee-bc57-00e081b7aa2d" }, "details": "Jenkins Security Advisory:\n\n> # Description\n>\n> ##### (High) SECURITY-3379 / CVE-2024-22201\n>\n> HTTP/2 denial of service vulnerability in bundled Jetty\n", "id": "FreeBSD-2024-0080", "modified": "2024-04-02T00:00:00Z", "published": "2024-04-02T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://www.jenkins.io/security/advisory/2024-03-20/" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-22201" }, { "type": "WEB", "url": "https://www.jenkins.io/security/advisory/2024-03-20/" } ], "schema_version": "1.7.0", "summary": "jenkins -- HTTP/2 denial of service vulnerability in bundled Jetty" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "mediawiki139" }, "ranges": [ { "events": [ { "fixed": "1.39.7" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "mediawiki140" }, "ranges": [ { "events": [ { "fixed": "1.40.3" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "mediawiki141" }, "ranges": [ { "events": [ { "fixed": "1.41.1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://lists.wikimedia.org/hyperkitty/list/mediawiki-announce@lists.wikimedia.org/message/V3WXEPXV2DU6WTVEKK4XHW4QXD5OFKD7/" ], "discovery": "2024-03-15T00:00:00Z", "vid": "d58726ff-ef5e-11ee-8d8e-080027a5b8e9" }, "details": "Mediawiki reports:\n\n> (T355538, CVE-2024-PENDING) SECURITY: XSS in edit summary parser.\n>\n> (T357760, CVE-2024-PENDING) SECURITY: Denial of service vector via GET\n> request to Special:MovePage on pages with thousands of subpages.\n", "id": "FreeBSD-2024-0079", "modified": "2024-03-31T00:00:00Z", "published": "2024-03-31T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://lists.wikimedia.org/hyperkitty/list/mediawiki-announce@lists.wikimedia.org/message/V3WXEPXV2DU6WTVEKK4XHW4QXD5OFKD7/" }, { "type": "WEB", "url": "https://lists.wikimedia.org/hyperkitty/list/mediawiki-announce@lists.wikimedia.org/message/V3WXEPXV2DU6WTVEKK4XHW4QXD5OFKD7/" } ], "schema_version": "1.7.0", "summary": "mediawiki -- multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "electron27" }, "ranges": [ { "events": [ { "fixed": "27.3.8" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "electron28" }, "ranges": [ { "events": [ { "fixed": "28.2.9" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://github.com/electron/electron/releases/tag/v27.3.8" ], "discovery": "2024-03-28T00:00:00Z", "references": { "cvename": [ "CVE-2024-2625" ] }, "vid": "bdcd041e-5811-4da3-9243-573a9890fdb1" }, "details": "Electron developers report:\n\n> This update fixes the following vulnerability:\n>\n> - Security: backported fix for CVE-2024-2625.\n", "id": "FreeBSD-2024-0078", "modified": "2024-03-29T00:00:00Z", "published": "2024-03-29T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://github.com/electron/electron/releases/tag/v27.3.8" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-2625" }, { "type": "ADVISORY", "url": "https://github.com/advisories/GHSA-j7h3-fcrw-g6j8" } ], "schema_version": "1.7.0", "summary": "electron{27,28} -- Object lifecycle issue in V8" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "gitlab-ce" }, "ranges": [ { "events": [ { "introduced": "16.10.0" }, { "fixed": "16.10.1" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "16.9.0" }, { "fixed": "16.9.3" } ], "type": "ECOSYSTEM" }, { "events": [ { "fixed": "16.8.5" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://about.gitlab.com/releases/2024/03/27/security-release-gitlab-16-10-1-released/" ], "discovery": "2024-03-27T00:00:00Z", "references": { "cvename": [ "CVE-2023-6371", "CVE-2024-2818" ] }, "vid": "d2992bc2-ed18-11ee-96dc-001b217b3468" }, "details": "Gitlab reports:\n\n> Stored-XSS injected in Wiki page via Banzai pipeline\n>\n> DOS using crafted emojis\n", "id": "FreeBSD-2024-0077", "modified": "2024-03-28T00:00:00Z", "published": "2024-03-28T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://about.gitlab.com/releases/2024/03/27/security-release-gitlab-16-10-1-released/" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-6371" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-2818" }, { "type": "WEB", "url": "https://about.gitlab.com/releases/2024/03/27/security-release-gitlab-16-10-1-released/" } ], "schema_version": "1.7.0", "summary": "Gitlab -- vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "chromium" }, "ranges": [ { "events": [ { "fixed": "123.0.6312.86" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "ungoogled-chromium" }, "ranges": [ { "events": [ { "fixed": "123.0.6312.86" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://chromereleases.googleblog.com/2024/03/stable-channel-update-for-desktop_26.html" ], "discovery": "2024-03-26T00:00:00Z", "references": { "cvename": [ "CVE-2024-2883", "CVE-2024-2885", "CVE-2024-2886", "CVE-2024-2887" ] }, "vid": "814af1be-ec63-11ee-8e76-a8a1599412c6" }, "details": "Chrome Releases reports:\n\n> This update includes 7 security fixes:\n>\n> - \\[327807820\\] Critical CVE-2024-2883: Use after free in ANGLE.\n> Reported by Cassidy Kim(@cassidy6564) on 2024-03-03\n> - \\[328958020\\] High CVE-2024-2885: Use after free in Dawn. Reported\n> by wgslfuzz on 2024-03-11\n> - \\[330575496\\] High CVE-2024-2886: Use after free in WebCodecs.\n> Reported by Seunghyun Lee (@0x10n) of KAIST Hacking Lab, via Pwn2Own\n> 2024 on 2024-03-21\n> - \\[330588502\\] High CVE-2024-2887: Type Confusion in WebAssembly.\n> Reported by Manfred Paul, via Pwn2Own 2024 on 2024-03-21\n", "id": "FreeBSD-2024-0076", "modified": "2024-03-27T00:00:00Z", "published": "2024-03-27T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://chromereleases.googleblog.com/2024/03/stable-channel-update-for-desktop_26.html" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-2883" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-2885" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-2886" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-2887" }, { "type": "WEB", "url": "https://chromereleases.googleblog.com/2024/03/stable-channel-update-for-desktop_26.html" } ], "schema_version": "1.7.0", "summary": "chromium -- multiple security fixes" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "phpmyfaq-php81" }, "ranges": [ { "events": [ { "fixed": "3.2.6" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "phpmyfaq-php82" }, "ranges": [ { "events": [ { "fixed": "3.2.6" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "phpmyfaq-php83" }, "ranges": [ { "events": [ { "fixed": "3.2.6" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://www.phpmyfaq.de/security/advisory-2024-03-25" ], "discovery": "2024-03-25T00:00:00Z", "vid": "8b3be705-eba7-11ee-99b3-589cfc0f81b0" }, "details": "phpMyFAQ team reports:\n\n> The phpMyFAQ Team has learned of multiple security issues that\\'d been\n> discovered in phpMyFAQ 3.2.5 and earlier. phpMyFAQ contains cross-site\n> scripting (XSS), SQL injection and bypass vulnerabilities.\n", "id": "FreeBSD-2024-0075", "modified": "2024-03-26T00:00:00Z", "published": "2024-03-26T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://www.phpmyfaq.de/security/advisory-2024-03-25" }, { "type": "WEB", "url": "https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-mmh6-5cpf-2c72" }, { "type": "WEB", "url": "https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-hm8r-95g3-5hj9" }, { "type": "WEB", "url": "https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-48vw-jpf8-hwqh" }, { "type": "WEB", "url": "https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-2grw-mc9r-822r" }, { "type": "WEB", "url": "https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-6p68-36m6-392r" }, { "type": "WEB", "url": "https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-pwh2-fpfr-x5gf" }, { "type": "WEB", "url": "https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-q7g6-xfh2-vhpx" }, { "type": "WEB", "url": "https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-qgxx-4xv5-6hcw" } ], "schema_version": "1.7.0", "summary": "phpmyfaq -- multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "emacs" }, "ranges": [ { "events": [ { "fixed": "29.3,3" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "emacs-canna" }, "ranges": [ { "events": [ { "fixed": "29.3,3" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "emacs-nox" }, "ranges": [ { "events": [ { "fixed": "29.3,3" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://git.savannah.gnu.org/cgit/emacs.git/tree/etc/NEWS?h=emacs-29.3" ], "discovery": "2024-03-24T00:00:00Z", "references": { "cvename": [ "CVE-2024-30202", "CVE-2024-30203", "CVE-2024-30204", "CVE-2024-30205" ] }, "vid": "f661184a-eb90-11ee-92fc-1c697a616631" }, "details": "GNU Emacs developers report:\n\n> Emacs 29.3 is an emergency bugfix release intended to fix several\n> security vulnerabilities.\n>\n> - Arbitrary Lisp code is no longer evaluated as part of turning on Org\n> mode. This is for security reasons, to avoid evaluating malicious\n> Lisp code.\n> - New buffer-local variable \\'untrusted-content\\'. When this is\n> non-nil, Lisp programs should treat buffer contents with extra\n> caution.\n> - Gnus now treats inline MIME contents as untrusted. To get back\n> previous insecure behavior, \\'untrusted-content\\' should be reset to\n> nil in the buffer.\n> - LaTeX preview is now by default disabled for email attachments. To\n> get back previous insecure behavior, set the variable\n> \\'org\\--latex-preview-when-risky\\' to a non-nil value.\n> - Org mode now considers contents of remote files to be untrusted.\n> Remote files are recognized by calling \\'file-remote-p\\'.\n", "id": "FreeBSD-2024-0074", "modified": "2024-03-26T00:00:00Z", "published": "2024-03-26T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://git.savannah.gnu.org/cgit/emacs.git/tree/etc/NEWS?h=emacs-29.3" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-30202" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-30203" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-30204" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-30205" }, { "type": "WEB", "url": "https://git.savannah.gnu.org/cgit/emacs.git/tree/etc/NEWS?h=emacs-29.3" } ], "schema_version": "1.7.0", "summary": "emacs -- multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "quiche" }, "ranges": [ { "events": [ { "fixed": "0.20.1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://github.com/cloudflare/quiche/releases/tag/0.20.1" ], "discovery": "2024-03-12T00:00:00Z", "references": { "cvename": [ "CVE-2024-1410", "CVE-2024-1765" ] }, "vid": "34f98d06-eb56-11ee-8007-6805ca2fa271" }, "details": "Quiche Releases reports:\n\n> This release includes 2 security fixes:\n>\n> - CVE-2024-1410: Unbounded storage of information related to\n> connection ID retirement, in quiche. Reported by Marten Seeman\n> (@marten-seeman)\n> - CVE-2024-1765: Unlimited resource allocation by QUIC CRYPTO frames\n> flooding in quiche. Reported by Marten Seeman (@marten-seeman)\n", "id": "FreeBSD-2024-0073", "modified": "2024-03-26T00:00:00Z", "published": "2024-03-26T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://github.com/cloudflare/quiche/releases/tag/0.20.1" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-1410" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-1765" }, { "type": "WEB", "url": "https://github.com/cloudflare/quiche/releases/tag/0.20.1" } ], "schema_version": "1.7.0", "summary": "quiche -- Multiple Vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "chromium" }, "ranges": [ { "events": [ { "fixed": "123.0.6312.58" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "ungoogled-chromium" }, "ranges": [ { "events": [ { "fixed": "123.0.6312.58" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://chromereleases.googleblog.com/2024/03/stable-channel-update-for-desktop_19.html" ], "discovery": "2024-03-19T00:00:00Z", "references": { "cvename": [ "CVE-2024-2625", "CVE-2024-2626", "CVE-2024-2627", "CVE-2024-2628", "CVE-2024-2629", "CVE-2024-2630", "CVE-2024-2631" ] }, "vid": "80815c47-e84f-11ee-8e76-a8a1599412c6" }, "details": "Chrome Releases reports:\n\n> This update includes 12 security fixes:\n>\n> - \\[327740539\\] High CVE-2024-2625: Object lifecycle issue in V8.\n> Reported by Ganjiang Zhou(@refrain_areu) of ChaMd5-H1 team on\n> 2024-03-01\n> - \\[40945098\\] Medium CVE-2024-2626: Out of bounds read in\n> Swiftshader. Reported by Cassidy Kim(@cassidy6564) on 2023-11-22\n> - \\[41493290\\] Medium CVE-2024-2627: Use after free in Canvas.\n> Reported by Anonymous on 2024-01-21\n> - \\[41487774\\] Medium CVE-2024-2628: Inappropriate implementation in\n> Downloads. Reported by Ath3r1s on 2024-01-03\n> - \\[41487721\\] Medium CVE-2024-2629: Incorrect security UI in iOS.\n> Reported by Muneaki Nishimura (nishimunea) on 2024-01-02\n> - \\[41481877\\] Medium CVE-2024-2630: Inappropriate implementation in\n> iOS. Reported by James Lee (@Windowsrcer) on 2023-12-07\n> - \\[41495878\\] Low CVE-2024-2631: Inappropriate implementation in iOS.\n> Reported by Ramit Gangwar on 2024-01-29\n", "id": "FreeBSD-2024-0072", "modified": "2024-03-22T00:00:00Z", "published": "2024-03-22T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://chromereleases.googleblog.com/2024/03/stable-channel-update-for-desktop_19.html" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-2625" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-2626" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-2627" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-2628" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-2629" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-2630" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-2631" }, { "type": "WEB", "url": "https://chromereleases.googleblog.com/2024/03/stable-channel-update-for-desktop_19.html" } ], "schema_version": "1.7.0", "summary": "chromium -- multiple security fixes" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "shibboleth-idp" }, "ranges": [ { "events": [ { "introduced": "4.3.0" }, { "fixed": "4.3.2" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "5.0.0" }, { "fixed": "5.1.1" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://shibboleth.net/community/advisories/secadv_20240320.txt" ], "discovery": "2024-03-20T00:00:00Z", "vid": "7a7129ef-e790-11ee-a1c0-0050569f0b83" }, "details": "Shibboleth Developers report:\n\n> The Identity Provider\\'s CAS support relies on a function in the\n> Spring Framework to parse CAS service URLs and append the ticket\n> parameter.\n", "id": "FreeBSD-2024-0071", "modified": "2024-03-21T00:00:00Z", "published": "2024-03-21T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://shibboleth.net/community/advisories/secadv_20240320.txt" }, { "type": "WEB", "url": "https://shibboleth.net/community/advisories/secadv_20240320.txt" } ], "schema_version": "1.7.0", "summary": "security/shibboleth-idp -- CAS service SSRF" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "mongodb44" }, "ranges": [ { "events": [ { "fixed": "4.4.29" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "mongodb50" }, "ranges": [ { "events": [ { "fixed": "5.0.25" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "mongodb60" }, "ranges": [ { "events": [ { "fixed": "6.0.14" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "mongodb70" }, "ranges": [ { "events": [ { "fixed": "7.0.6" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://jira.mongodb.org/browse/SERVER-72839" ], "discovery": "2024-03-07T00:00:00Z", "references": { "cvename": [ "CVE-2024-1351" ] }, "vid": "a8448963-e6f5-11ee-a784-dca632daf43b" }, "details": "MongoDB, Inc. reports:\n\n> A security vulnerability was found where a server process running\n> MongoDB 3.2.6 or later will allow incoming connections to skip peer\n> certificate validation if the server process was started with TLS\n> enabled (net.tls.mode set to allowTLS, preferTLS, or requireTLS) and\n> without a net.tls.CAFile configured (CVE-2024-1351).\n", "id": "FreeBSD-2024-0070", "modified": "2024-03-20T00:00:00Z", "published": "2024-03-20T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://jira.mongodb.org/browse/SERVER-72839" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-1351" }, { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-1351" } ], "schema_version": "1.7.0", "summary": "databases/mongodb* -- Improper Certificate Validation" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "varnish7" }, "ranges": [ { "events": [ { "fixed": "7.4.3" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://varnish-cache.org/security/VSV00014.html#vsv00014" ], "discovery": "2019-04-19T00:00:00Z", "references": { "cvename": [ "CVE-2023-43622" ] }, "vid": "05b7180b-e571-11ee-a1c0-0050569f0b83" }, "details": "The Varnish Development Team reports:\n\n> A denial of service attack can be performed on Varnish Cacher servers\n> that have the HTTP/2 protocol turned on. An attacker can let the\n> servers HTTP/2 connection control flow window run out of credits\n> indefinitely and prevent progress in the processing of streams,\n> retaining the associated resources.\n", "id": "FreeBSD-2024-0069", "modified": "2024-03-18T00:00:00Z", "published": "2024-03-18T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://varnish-cache.org/security/VSV00014.html#vsv00014" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-43622" }, { "type": "WEB", "url": "https://varnish-cache.org/security/VSV00014.html#vsv00014" } ], "schema_version": "1.7.0", "summary": "www/varnish7 -- Denial of Service" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "amavisd-new" }, "ranges": [ { "events": [ { "fixed": "2.12.3" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://gitlab.com/amavis/amavis/-/raw/v2.12.3/README_FILES/README.CVE-2024-28054" ], "discovery": "2024-03-14T00:00:00Z", "references": { "cvename": [ "CVE-2024-28054" ] }, "vid": "0a48e552-e470-11ee-99b3-589cfc0f81b0" }, "details": "The Amavis project reports:\n\n> Emails which consist of multiple parts (\\`Content-Type:\n> multipart/\\*\\`) incorporate boundary information stating at which\n> point one part ends and the next part begins.\n>\n> A boundary is announced by an Content-Type header\\'s \\`boundary\\`\n> parameter. To our current knowledge, RFC2046 and RFC2045 do not\n> explicitly specify how a parser should handle multiple boundary\n> parameters that contain conflicting values. As a result, there is no\n> canonical choice which of the values should or should not be used for\n> mime part decomposition.\n", "id": "FreeBSD-2024-0068", "modified": "2024-03-17T00:00:00Z", "published": "2024-03-17T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://gitlab.com/amavis/amavis/-/raw/v2.12.3/README_FILES/README.CVE-2024-28054" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-28054" }, { "type": "WEB", "url": "https://gitlab.com/amavis/amavis/-/raw/v2.12.3/README_FILES/README.CVE-2024-28054" } ], "schema_version": "1.7.0", "summary": "amavisd-new -- multipart boundary confusion" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "typo3-11" }, "ranges": [ { "events": [ { "fixed": "11.5.35" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "typo3-12" }, "ranges": [ { "events": [ { "fixed": "12.4.11" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://typo3.org/article/typo3-1301-12411-and-11535-security-releases-published" ], "discovery": "2024-02-13T00:00:00Z", "references": { "cvename": [ "CVE-2023-30451", "CVE-2024-22188", "CVE-2024-25118", "CVE-2024-25119", "CVE-2024-25120", "CVE-2024-25121" ] }, "vid": "1ad3d264-e36b-11ee-9c27-40b034429ecf" }, "details": "Typo3 developers reports:\n\n> All versions are security releases and contain important security\n> fixes - read the corresponding security advisories here:\n>\n> - Path Traversal in TYPO3 File Abstraction Layer Storages\n> CVE-2023-30451\n> - Code Execution in TYPO3 Install Tool CVE-2024-22188\n> - Information Disclosure of Hashed Passwords in TYPO3 Backend Forms\n> CVE-2024-25118\n> - Information Disclosure of Encryption Key in TYPO3 Install Tool\n> CVE-2024-25119\n> - Improper Access Control of Resources Referenced by t3:// URI Scheme\n> CVE-2024-25120\n> - Improper Access Control Persisting File Abstraction Layer Entities\n> via Data Handler CVE-2024-25121\n", "id": "FreeBSD-2024-0067", "modified": "2024-03-16T00:00:00Z", "published": "2024-03-16T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://typo3.org/article/typo3-1301-12411-and-11535-security-releases-published" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-30451" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-22188" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-25118" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-25119" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-25120" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-25121" }, { "type": "WEB", "url": "https://typo3.org/article/typo3-1301-12411-and-11535-security-releases-published" } ], "schema_version": "1.7.0", "summary": "typo3-{11,12} -- multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "electron27" }, "ranges": [ { "events": [ { "fixed": "27.3.6" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "electron28" }, "ranges": [ { "events": [ { "fixed": "28.2.7" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://github.com/electron/electron/releases/tag/v27.3.6" ], "discovery": "2024-03-13T00:00:00Z", "references": { "cvename": [ "CVE-2024-2173" ] }, "vid": "49dd9362-4473-48ae-8fac-e1b69db2dedf" }, "details": "Electron developers report:\n\n> This update fixes the following vulnerability:\n>\n> - Security: backported fix for CVE-2024-2173.\n", "id": "FreeBSD-2024-0066", "modified": "2024-03-14T00:00:00Z", "published": "2024-03-14T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://github.com/electron/electron/releases/tag/v27.3.6" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-2173" }, { "type": "ADVISORY", "url": "https://github.com/advisories/GHSA-6hhg-hj7x-7qv8" } ], "schema_version": "1.7.0", "summary": "electron{27,28} -- Out of bounds memory access in V8" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "cpu-microcode-intel" }, "ranges": [ { "events": [ { "fixed": "20240312" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00972.html", "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00982.html", "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00898.html", "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00960.html", "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01045.html" ], "discovery": "2023-03-12T00:00:00Z", "references": { "cvename": [ "CVE-2023-39368", "CVE-2023-38575", "CVE-2023-28746", "CVE-2023-22655", "CVE-2023-43490" ] }, "vid": "b6dd9d93-e09b-11ee-92fc-1c697a616631" }, "details": "Intel reports:\n\n> 2024.1 IPU - Intel Processor Bus Lock Advisory\n>\n> A potential security vulnerability in the bus lock regulator mechanism\n> for some Intel Processors may allow denial of service. Intel is\n> releasing firmware updates to mitigate this potential vulnerability.\n\n> 2024.1 IPU - Intel Processor Return Predictions Advisory\n>\n> A potential security vulnerability in some Intel Processors may allow\n> information disclosure.\n\n> 2024.1 IPU - Intel Atom Processor Advisory\n>\n> A potential security vulnerability in some Intel Atom Processors may\n> allow information disclosure.\n\n> 2024.1 IPU - Intel Xeon Processor Advisory\n>\n> A potential security vulnerability in some 3rd and 4th Generation\n> Intel Xeon Processors when using Intel Software Guard Extensions (SGX)\n> or Intel Trust Domain Extensions (TDX) may allow escalation of\n> privilege.\n\n> 2024.1 IPU OOB - Intel Xeon D Processor Advisory\n>\n> A potential security vulnerability in some Intel Xeon D Processors\n> with Intel Software Guard Extensions (SGX) may allow information\n> disclosure.\n", "id": "FreeBSD-2024-0065", "modified": "2024-03-12T00:00:00Z", "published": "2024-03-12T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00972.html" }, { "type": "REPORT", "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00982.html" }, { "type": "REPORT", "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00898.html" }, { "type": "REPORT", "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00960.html" }, { "type": "REPORT", "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01045.html" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-39368" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-38575" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-28746" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-22655" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-43490" }, { "type": "WEB", "url": "https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/releases/tag/microcode-20240312" } ], "schema_version": "1.7.0", "summary": "Intel CPUs -- multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "grafana" }, "ranges": [ { "events": [ { "introduced": "8.5.0" }, { "fixed": "9.5.17" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "10.0.0" }, { "fixed": "10.0.12" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "10.1.0" }, { "fixed": "10.1.8" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "10.2.0" }, { "fixed": "10.2.5" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "10.3.0" }, { "fixed": "10.3.4" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "grafana9" }, "ranges": [ { "events": [ { "fixed": "9.5.17" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://grafana.com/blog/2024/03/07/grafana-security-release-medium-severity-security-fix-for-cve-2024-1442/" ], "discovery": "2024-02-12T00:00:00Z", "references": { "cvename": [ "CVE-2024-1442" ] }, "vid": "6d31ef38-df85-11ee-abf1-6c3be5272acd" }, "details": "Grafana Labs reports:\n\n> The vulnerability impacts Grafana Cloud and Grafana Enterprise\n> instances, and it is exploitable if a user who should not be able to\n> access all data sources is granted permissions to create a data\n> source.\n>\n> By default, only organization Administrators are allowed to create a\n> data source and have full access to all data sources. All other users\n> need to be explicitly granted permission to create a data source,\n> which then means they could exploit this vulnerability.\n>\n> When a user creates a data source via the\n> [API](https://grafana.com/docs/grafana/latest/developers/http_api/data_source/#create-a-data-source),\n> they can specify data source UID. If the UID is set to an asterisk\n> (\\*), the user gains permissions to query, update, and delete all data\n> sources in the organization. The exploit, however, does not stretch\n> across organizations --- to exploit the vulnerability in several\n> organizations, a user would need permissions to create data sources in\n> each organization.\n>\n> The vulnerability comes from a lack of UID validation. When evaluating\n> permissions, we interpret an asterisk (\\*) as a wild card for all\n> resources. Therefore, we should treat it as a reserved value, and not\n> allow the creation of a resource with the UID set to an asterisk.\n>\n> The CVSS score for this vulnerability is [6\n> Medium](https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?vector=AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:L&version=3.1).\n", "id": "FreeBSD-2024-0064", "modified": "2024-03-26T00:00:00Z", "published": "2024-03-11T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://grafana.com/blog/2024/03/07/grafana-security-release-medium-severity-security-fix-for-cve-2024-1442/" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-1442" }, { "type": "WEB", "url": "https://grafana.com/security/security-advisories/cve-2024-1442/" } ], "schema_version": "1.7.0", "summary": "Grafana -- Data source permission escalation" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "unbound" }, "ranges": [ { "events": [ { "introduced": "1.18.0,1" }, { "fixed": "1.19.2" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://www.nlnetlabs.nl/downloads/unbound/CVE-2024-1931.txt" ], "discovery": "2024-03-07T00:00:00Z", "references": { "cvename": [ "CVE-2024-1931" ] }, "vid": "c2ad8700-de25-11ee-9190-84a93843eb75" }, "details": "NLNet Labs reports:\n\n> Unbound 1.18.0 introduced a feature that removes EDE records from\n> responses with size higher than the client\\'s advertised buffer size.\n> Before removing all the EDE records however, it would try to see if\n> trimming the extra text fields on those records would result in an\n> acceptable size while still retaining the EDE codes. Due to an\n> unchecked condition, the code that trims the text of the EDE records\n> could loop indefinitely. This happens when Unbound would reply with\n> attached EDE information on a positive reply and the client\\'s buffer\n> size is smaller than the needed space to include EDE records. The\n> vulnerability can only be triggered when the \\'ede: yes\\' option is\n> used; non default configuration.\n", "id": "FreeBSD-2024-0063", "modified": "2024-03-09T00:00:00Z", "published": "2024-03-09T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://www.nlnetlabs.nl/downloads/unbound/CVE-2024-1931.txt" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-1931" }, { "type": "WEB", "url": "https://www.nlnetlabs.nl/downloads/unbound/CVE-2024-1931.txt" } ], "schema_version": "1.7.0", "summary": "Unbound -- Denial-of-Service vulnerability" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "electron27" }, "ranges": [ { "events": [ { "fixed": "27.3.5" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "electron28" }, "ranges": [ { "events": [ { "fixed": "28.2.6" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://github.com/electron/electron/releases/tag/v27.3.5" ], "discovery": "2024-03-06T00:00:00Z", "references": { "cvename": [ "CVE-2024-25062" ] }, "vid": "e74da31b-276a-4a22-9772-17dd42b97559" }, "details": "Electron developers report:\n\n> This update fixes the following vulnerability:\n>\n> - Security: backported fix for CVE-2024-25062.\n", "id": "FreeBSD-2024-0062", "modified": "2024-03-07T00:00:00Z", "published": "2024-03-07T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://github.com/electron/electron/releases/tag/v27.3.5" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-25062" }, { "type": "ADVISORY", "url": "https://github.com/advisories/GHSA-x77r-6xxm-wjmx" } ], "schema_version": "1.7.0", "summary": "electron{27,28} -- vulnerability in libxml2" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "gitlab-ce" }, "ranges": [ { "events": [ { "introduced": "16.9.0" }, { "fixed": "16.9.2" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "16.8.0" }, { "fixed": "16.8.4" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "11.3.0" }, { "fixed": "16.7.7" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://about.gitlab.com/releases/2024/03/06/security-release-gitlab-16-9-2-released/" ], "discovery": "2024-03-06T00:00:00Z", "references": { "cvename": [ "CVE-2024-0199", "CVE-2024-1299" ] }, "vid": "b2caae55-dc38-11ee-96dc-001b217b3468" }, "details": "Gitlab reports:\n\n> Bypassing CODEOWNERS approval allowing to steal protected variables\n>\n> Guest with manage group access tokens can rotate and see group access\n> token with owner permissions\n", "id": "FreeBSD-2024-0061", "modified": "2024-03-07T00:00:00Z", "published": "2024-03-07T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://about.gitlab.com/releases/2024/03/06/security-release-gitlab-16-9-2-released/" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-0199" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-1299" }, { "type": "WEB", "url": "https://about.gitlab.com/releases/2024/03/06/security-release-gitlab-16-9-2-released/" } ], "schema_version": "1.7.0", "summary": "Gitlab -- Vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "go122" }, "ranges": [ { "events": [ { "fixed": "1.22.1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "go121" }, "ranges": [ { "events": [ { "fixed": "1.21.8" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://go.dev/issue/65390", "https://go.dev/issue/65383", "https://go.dev/issue/65065", "https://go.dev/issue/65697", "https://go.dev/issue/65083" ], "discovery": "2024-03-05T00:00:00Z", "references": { "cvename": [ "CVE-2023-45289", "CVE-2023-45290", "CVE-2024-24783", "CVE-2024-24784", "CVE-2024-24785" ] }, "vid": "b1b039ec-dbfc-11ee-9165-901b0e9408dc" }, "details": "The Go project reports reports:\n\n> crypto/x509: Verify panics on certificates with an unknown public key\n> algorithm\n>\n> Verifying a certificate chain which contains a certificate with an\n> unknown public key algorithm will cause Certificate.Verify to panic.\n\n> net/http: memory exhaustion in Request.ParseMultipartForm\n>\n> When parsing a multipart form (either explicitly with\n> Request.ParseMultipartForm or implicitly with Request.FormValue,\n> Request.PostFormValue, or Request.FormFile), limits on the total size\n> of the parsed form were not applied to the memory consumed while\n> reading a single form line. This permitted a maliciously crafted input\n> containing very long lines to cause allocation of arbitrarily large\n> amounts of memory, potentially leading to memory exhaustion.\n\n> net/http, net/http/cookiejar: incorrect forwarding of sensitive\n> headers and cookies on HTTP redirect\n>\n> When following an HTTP redirect to a domain which is not a subdomain\n> match or exact match of the initial domain, an http.Client does not\n> forward sensitive headers such as \\\"Authorization\\\" or \\\"Cookie\\\". For\n> example, a redirect from foo.com to www.foo.com will forward the\n> Authorization header, but a redirect to bar.com will not.\n\n> html/template: errors returned from MarshalJSON methods may break\n> template escaping\n>\n> If errors returned from MarshalJSON methods contain user controlled\n> data, they may be used to break the contextual auto-escaping behavior\n> of the html/template package, allowing for subsequent actions to\n> inject unexpected content into templates.\n\n> net/mail: comments in display names are incorrectly handled\n>\n> The ParseAddressList function incorrectly handles comments (text\n> within parentheses) within display names. Since this is a misalignment\n> with conforming address parsers, it can result in different trust\n> decisions being made by programs using different parsers.\n", "id": "FreeBSD-2024-0060", "modified": "2024-03-06T00:00:00Z", "published": "2024-03-06T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://go.dev/issue/65390" }, { "type": "REPORT", "url": "https://go.dev/issue/65383" }, { "type": "REPORT", "url": "https://go.dev/issue/65065" }, { "type": "REPORT", "url": "https://go.dev/issue/65697" }, { "type": "REPORT", "url": "https://go.dev/issue/65083" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-45289" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-45290" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-24783" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-24784" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-24785" }, { "type": "WEB", "url": "https://groups.google.com/g/golang-announce/c/5pwGVUPoMbg/m/46oA5yPABQAJ" } ], "schema_version": "1.7.0", "summary": "go -- multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "chromium" }, "ranges": [ { "events": [ { "fixed": "122.0.6261.111" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "ungoogled-chromium" }, "ranges": [ { "events": [ { "fixed": "122.0.6261.111" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://chromereleases.googleblog.com/2024/03/stable-channel-update-for-desktop.html" ], "discovery": "2024-03-05T00:00:00Z", "references": { "cvename": [ "CVE-2024-2173", "CVE-2024-2174", "CVE-2024-2176" ] }, "vid": "fd3401a1-b6df-4577-917a-2c22fee99d34" }, "details": "Chrome Releases reports:\n\n> This update includes 3 security fixes:\n>\n> - \\[325893559\\] High CVE-2024-2173: Out of bounds memory access in V8.\n> Reported by 5fceb6172bbf7e2c5a948183b53565b9 on 2024-02-19\n> - \\[325866363\\] High CVE-2024-2174: Inappropriate implementation in\n> V8. Reported by 5f46f4ee2e17957ba7b39897fb376be8 on 2024-02-19\n> - \\[325936438\\] High CVE-2024-2176: Use after free in FedCM. Reported\n> by Anonymous on 2024-02-20\n", "id": "FreeBSD-2024-0059", "modified": "2024-03-06T00:00:00Z", "published": "2024-03-06T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://chromereleases.googleblog.com/2024/03/stable-channel-update-for-desktop.html" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-2173" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-2174" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-2176" }, { "type": "WEB", "url": "https://chromereleases.googleblog.com/2024/03/stable-channel-update-for-desktop.html" } ], "schema_version": "1.7.0", "summary": "chromium -- multiple security fixes" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "py39-django32" }, "ranges": [ { "events": [ { "fixed": "3.2.25" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "py310-django32" }, "ranges": [ { "events": [ { "fixed": "3.2.25" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "py311-django32" }, "ranges": [ { "events": [ { "fixed": "3.2.25" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "py39-django42" }, "ranges": [ { "events": [ { "fixed": "4.2.11" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "py310-django42" }, "ranges": [ { "events": [ { "fixed": "4.2.11" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "py311-django42" }, "ranges": [ { "events": [ { "fixed": "4.2.11" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "py310-django50" }, "ranges": [ { "events": [ { "fixed": "5.0.3" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "py311-django50" }, "ranges": [ { "events": [ { "fixed": "5.0.3" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://www.djangoproject.com/weblog/2024/mar/04/security-releases/" ], "discovery": "2024-02-25T00:00:00Z", "references": { "cvename": [ "CVE-2024-27351" ] }, "vid": "0ef3398e-da21-11ee-b23a-080027a5b8e9" }, "details": "Django reports:\n\n> CVE-2024-27351: Potential regular expression denial-of-service in\n> django.utils.text.Truncator.words().\n", "id": "FreeBSD-2024-0058", "modified": "2024-03-04T00:00:00Z", "published": "2024-03-04T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://www.djangoproject.com/weblog/2024/mar/04/security-releases/" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-27351" }, { "type": "WEB", "url": "https://www.djangoproject.com/weblog/2024/mar/04/security-releases/" } ], "schema_version": "1.7.0", "summary": "Django -- multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "node" }, "ranges": [ { "events": [ { "introduced": "21.0.0" }, { "fixed": "21.6.2" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "20.0.0" }, { "fixed": "20.11.1" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "18.0.0" }, { "fixed": "18.19.1" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "16.0.0" }, { "fixed": "16.20.3" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "node16" }, "ranges": [ { "events": [ { "introduced": "16.0.0" }, { "fixed": "16.20.3" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "node18" }, "ranges": [ { "events": [ { "introduced": "18.0.0" }, { "fixed": "18.19.1" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "node20" }, "ranges": [ { "events": [ { "introduced": "20.0.0" }, { "fixed": "20.11.1" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "node21" }, "ranges": [ { "events": [ { "introduced": "21.0.0" }, { "fixed": "21.6.2" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://github.com/nodejs/node/blob/main/doc/changelogs/CHANGELOG_V20.md#2024-02-14-version-20111-iron-lts-rafaelgss-prepared-by-marco-ippolito" ], "discovery": "2024-02-14T00:00:00Z", "references": { "cvename": [ "CVE-2024-21892", "CVE-2024-22019", "CVE-2024-21896", "CVE-2024-22017", "CVE-2023-46809", "CVE-2024-21891", "CVE-2024-21890", "CVE-2024-22025" ] }, "vid": "77a6f1c9-d7d2-11ee-bb12-001b217b3468" }, "details": "Node.js reports:\n\n> Code injection and privilege escalation through Linux capabilities-\n> (High)\n>\n> http: Reading unprocessed HTTP request with unbounded chunk extension\n> allows DoS attacks- (High)\n>\n> Path traversal by monkey-patching Buffer internals- (High)\n>\n> setuid() does not drop all privileges due to io_uring - (High)\n>\n> Node.js is vulnerable to the Marvin Attack (timing variant of the\n> Bleichenbacher attack against PKCS#1 v1.5 padding) - (Medium)\n>\n> Multiple permission model bypasses due to improper path traversal\n> sequence sanitization - (Medium)\n>\n> Improper handling of wildcards in \\--allow-fs-read and\n> \\--allow-fs-write (Medium)\n>\n> Denial of Service by resource exhaustion in fetch() brotli decoding -\n> (Medium)\n", "id": "FreeBSD-2024-0057", "modified": "2024-03-01T00:00:00Z", "published": "2024-03-01T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://github.com/nodejs/node/blob/main/doc/changelogs/CHANGELOG_V20.md#2024-02-14-version-20111-iron-lts-rafaelgss-prepared-by-marco-ippolito" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-21892" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-22019" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-21896" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-22017" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-46809" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-21891" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-21890" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-22025" }, { "type": "WEB", "url": "https://github.com/nodejs/node/blob/main/doc/changelogs/CHANGELOG_V20.md#2024-02-14-version-20111-iron-lts-rafaelgss-prepared-by-marco-ippolito" } ], "schema_version": "1.7.0", "summary": "NodeJS -- Vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "electron27" }, "ranges": [ { "events": [ { "fixed": "27.3.4" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "electron28" }, "ranges": [ { "events": [ { "fixed": "28.2.5" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://github.com/electron/electron/releases/tag/v27.3.4" ], "discovery": "2024-02-28T00:00:00Z", "references": { "cvename": [ "CVE-2024-1670" ] }, "vid": "3567456a-6b17-41f7-ba7f-5cd3efb2b7c9" }, "details": "Electron developers report:\n\n> This update fixes the following vulnerability:\n>\n> - Security: backported fix for CVE-2024-1670.\n", "id": "FreeBSD-2024-0056", "modified": "2024-02-29T00:00:00Z", "published": "2024-02-29T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://github.com/electron/electron/releases/tag/v27.3.4" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-1670" }, { "type": "ADVISORY", "url": "https://github.com/advisories/GHSA-wjv4-j3hc-gxvv" } ], "schema_version": "1.7.0", "summary": "electron{27,28} -- Use after free in Mojo" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "chromium" }, "ranges": [ { "events": [ { "fixed": "122.0.6261.94" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "ungoogled-chromium" }, "ranges": [ { "events": [ { "fixed": "122.0.6261.94" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://chromereleases.googleblog.com/2024/02/stable-channel-update-for-desktop_27.html" ], "discovery": "2024-02-27T00:00:00Z", "references": { "cvename": [ "CVE-2024-1938", "CVE-2024-1939" ] }, "vid": "31bb1b8d-d6dc-11ee-86bb-a8a1599412c6" }, "details": "Chrome Releases reports:\n\n> This update includes 4 security fixes:\n>\n> - \\[324596281\\] High CVE-2024-1938: Type Confusion in V8. Reported by\n> 5f46f4ee2e17957ba7b39897fb376be8 on 2024-02-11\n> - \\[323694592\\] High CVE-2024-1939: Type Confusion in V8. Reported by\n> Bohan Liu (@P4nda20371774) of Tencent Security Xuanwu Lab on\n> 2024-02-05\n", "id": "FreeBSD-2024-0055", "modified": "2024-02-29T00:00:00Z", "published": "2024-02-29T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://chromereleases.googleblog.com/2024/02/stable-channel-update-for-desktop_27.html" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-1938" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-1939" }, { "type": "WEB", "url": "https://chromereleases.googleblog.com/2024/02/stable-channel-update-for-desktop_27.html" } ], "schema_version": "1.7.0", "summary": "chromium -- multiple security fixes" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "null" }, "ranges": [ { "events": [ { "fixed": "null" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://www.nlnetlabs.nl/downloads/routinator/CVE-2024-1622.txt" ], "discovery": "2024-02-26T00:00:00Z", "references": { "cvename": [ "CVE-2024-1622" ] }, "vid": "3dada2d5-4e17-4e39-97dd-14fdbd4356fb" }, "details": "sep@nlnetlabs.nl reports:\n\n> Due to a mistake in error checking, Routinator will terminate when an\n> incoming RTR connection is reset by the peer too quickly after\n> opening.\n", "id": "FreeBSD-2024-0054", "modified": "2024-02-28T00:00:00Z", "published": "2024-02-28T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://www.nlnetlabs.nl/downloads/routinator/CVE-2024-1622.txt" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-1622" }, { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-1622" } ], "schema_version": "1.7.0", "summary": "null -- Routinator terminates when RTR connection is reset too quickly after opening" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "curl" }, "ranges": [ { "events": [ { "fixed": "8.6.0" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://curl.se/docs/CVE-2024-0853.html" ], "discovery": "2024-01-31T00:00:00Z", "references": { "cvename": [ "CVE-2024-0853" ] }, "vid": "02e33cd1-c655-11ee-8613-08002784c58d" }, "details": "Hiroki Kurosawa reports:\n\n> curl inadvertently kept the SSL session ID for connections in its\n> cache even when the verify status (OCSP stapling) test failed. A\n> subsequent transfer to the same hostname could then succeed if the\n> session ID cache was still fresh, which then skipped the verify status\n> check.\n", "id": "FreeBSD-2024-0053", "modified": "2024-02-28T00:00:00Z", "published": "2024-02-28T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://curl.se/docs/CVE-2024-0853.html" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-0853" }, { "type": "WEB", "url": "https://curl.se/docs/CVE-2024-0853.html" } ], "schema_version": "1.7.0", "summary": "curl -- OCSP verification bypass with TLS session reuse" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "gitea" }, "ranges": [ { "events": [ { "fixed": "1.21.6" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "discovery": "2024-02-23T00:00:00Z", "vid": "5ecfb588-d2f4-11ee-ad82-dbdfaa8acfc2" }, "details": "# Problem Description:\n\n- The Wiki page did not sanitize author name\n- the reviewer name on a \\\"dismiss review\\\" comment is also affected\n- the migration page has some spots\n", "id": "FreeBSD-2024-0052", "modified": "2024-02-24T00:00:00Z", "published": "2024-02-24T00:00:00Z", "references": [ { "type": "WEB", "url": "https://blog.gitea.com/release-of-1.21.6/" } ], "schema_version": "1.7.0", "summary": "gitea -- Fix XSS vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "chromium" }, "ranges": [ { "events": [ { "fixed": "122.0.6261.57" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "ungoogled-chromium" }, "ranges": [ { "events": [ { "fixed": "122.0.6261.57" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://chromereleases.googleblog.com/2024/02/stable-channel-update-for-desktop_20.html" ], "discovery": "2024-02-20T00:00:00Z", "vid": "2a470712-d351-11ee-86bb-a8a1599412c6" }, "details": "Chrome Releases reports:\n\n> This update includes 12 security fixes:\n>\n> - \\[41495060\\] High CVE-2024-1669: Out of bounds memory access in\n> Blink. Reported by Anonymous on 2024-01-26\n> - \\[41481374\\] High CVE-2024-1670: Use after free in Mojo. Reported by\n> Cassidy Kim(@cassidy6564) on 2023-12-06\n> - \\[41487933\\] Medium CVE-2024-1671: Inappropriate implementation in\n> Site Isolation. Reported by Harry Chen on 2024-01-03\n> - \\[41485789\\] Medium CVE-2024-1672: Inappropriate implementation in\n> Content Security Policy. Reported by Georg Felber (TU Wien) & Marco\n> Squarcina (TU Wien) on 2023-12-19\n> - \\[41490491\\] Medium CVE-2024-1673: Use after free in Accessibility.\n> Reported by Weipeng Jiang (@Krace) of VRI on 2024-01-11\n> - \\[40095183\\] Medium CVE-2024-1674: Inappropriate implementation in\n> Navigation. Reported by David Erceg on 2019-05-27\n> - \\[41486208\\] Medium CVE-2024-1675: Insufficient policy enforcement\n> in Download. Reported by Bart\u0142omiej Wacko on 2023-12-21\n> - \\[40944847\\] Low CVE-2024-1676: Inappropriate implementation in\n> Navigation. Reported by Khalil Zhani on 2023-11-21\n", "id": "FreeBSD-2024-0051", "modified": "2024-02-24T00:00:00Z", "published": "2024-02-24T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://chromereleases.googleblog.com/2024/02/stable-channel-update-for-desktop_20.html" }, { "type": "WEB", "url": "https://chromereleases.googleblog.com/2024/02/stable-channel-update-for-desktop_20.html" } ], "schema_version": "1.7.0", "summary": "chromium -- multiple security fixes" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "grafana" }, "ranges": [ { "events": [ { "fixed": "9.5.16" }, { "introduced": "0" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "10.0.0" }, { "fixed": "10.0.11" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "10.1.0" }, { "fixed": "10.1.7" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "10.2.0" }, { "fixed": "10.2.4" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "10.3.0" }, { "fixed": "10.3.3" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "grafana9" }, "ranges": [ { "events": [ { "fixed": "9.5.16" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "grafana10" }, "ranges": [ { "events": [ { "fixed": "10.0.11" }, { "introduced": "0" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "10.1.0" }, { "fixed": "10.1.7" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "10.2.0" }, { "fixed": "10.2.4" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "10.3.0" }, { "fixed": "10.3.3" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://grafana.com/blog/2024/02/14/grafana-security-release-medium-severity-security-fix-for-cve-2023-6152/" ], "discovery": "2023-11-10T00:00:00Z", "references": { "cvename": [ "CVE-2023-6152" ] }, "vid": "6a851dc0-cfd2-11ee-ac09-6c3be5272acd" }, "details": "Grafana Labs reports:\n\n> The vulnerability impacts instances where [Grafana basic\n> authentication](https://grafana.com/docs/grafana/latest/setup-grafana/configure-security/configure-authentication/grafana/)\n> is enabled.\n>\n> Grafana has a\n> [verify_email_enabled](https://grafana.com/docs/grafana/latest/setup-grafana/configure-grafana/#verify_email_enabled)\n> configuration option. When this option is enabled, users are required\n> to confirm their email addresses before the sign-up process is\n> complete. However, the email is only checked at the time of the\n> sign-up. No further verification is carried out if a user's email\n> address is updated after the initial sign-up. Moreover, Grafana allows\n> using an email address as the user's login name, and no verification\n> is ever carried out for this email address.\n>\n> This means that even if the\n> [verify_email_enabled](https://grafana.com/docs/grafana/latest/setup-grafana/configure-grafana/#verify_email_enabled)\n> configuration option is enabled, users can use unverified email\n> addresses to log into Grafana if the email address has been changed\n> after the sign up, or if an email address is set as the login name.\n>\n> The CVSS score for this vulnerability is \\[5.4 Medium\\] (CVSS).\n", "id": "FreeBSD-2024-0050", "modified": "2024-02-20T00:00:00Z", "published": "2024-02-20T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://grafana.com/blog/2024/02/14/grafana-security-release-medium-severity-security-fix-for-cve-2023-6152/" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-6152" }, { "type": "WEB", "url": "https://grafana.com/security/security-advisories/cve-2023-6152/" } ], "schema_version": "1.7.0", "summary": "Grafana -- Email verification is not required after email change" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "c-ares" }, "ranges": [ { "events": [ { "fixed": "1.27.0" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://c-ares.org/changelog.html" ], "discovery": "2024-02-23T00:00:00Z", "references": { "cvename": [ "CVE-2024-25629" ] }, "vid": "255bf44c-d298-11ee-9c27-40b034429ecf" }, "details": "c-ares project reports:\n\n> Reading malformatted /etc/resolv.conf, /etc/nsswitch.conf or the\n> HOSTALIASES file could result in a crash.\n", "id": "FreeBSD-2024-0049", "modified": "2024-02-23T00:00:00Z", "published": "2024-02-23T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://c-ares.org/changelog.html" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-25629" }, { "type": "WEB", "url": "https://github.com/c-ares/c-ares/security/advisories/GHSA-mg26-v6qh-x48q" } ], "schema_version": "1.7.0", "summary": "dns/c-ares -- malformatted file causes application crash" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "suricata" }, "ranges": [ { "events": [ { "fixed": "7.0.3" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://suricata.io/2024/02/08/suricata-7-0-3-and-6-0-16-released/" ], "discovery": "2024-01-22T00:00:00Z", "references": { "cvename": [ "CVE-2024-23839", "CVE-2024-23836", "CVE-2024-23835", "CVE-2024-24568", "CVE-2024-23837" ] }, "vid": "979dc373-d27d-11ee-8b84-b42e991fc52e" }, "details": "Suricata team reports:\n\n> Multiple vulnerabilities fixed in the last release of suricata.\n\nNo details have been disclosed yet\n", "id": "FreeBSD-2024-0048", "modified": "2024-02-23T00:00:00Z", "published": "2024-02-23T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://suricata.io/2024/02/08/suricata-7-0-3-and-6-0-16-released/" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-23839" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-23836" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-23835" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-24568" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-23837" } ], "schema_version": "1.7.0", "summary": "suricata -- multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "electron27" }, "ranges": [ { "events": [ { "fixed": "27.3.3" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://github.com/electron/electron/releases/tag/v27.3.3" ], "discovery": "2024-02-21T00:00:00Z", "references": { "cvename": [ "CVE-2024-1283", "CVE-2024-1284" ] }, "vid": "80ad6d6c-b398-457f-b88f-bf6be0bbad44" }, "details": "Electron developers report:\n\n> This update fixes the following vulnerability:\n>\n> - Security: backported fix for CVE-2024-1283.\n> - Security: backported fix for CVE-2024-1284.\n", "id": "FreeBSD-2024-0047", "modified": "2024-02-23T00:00:00Z", "published": "2024-02-23T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://github.com/electron/electron/releases/tag/v27.3.3" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-1283" }, { "type": "ADVISORY", "url": "https://github.com/advisories/GHSA-7mgj-p9v3-3vxr" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-1284" }, { "type": "ADVISORY", "url": "https://github.com/advisories/GHSA-pf89-rhhw-xmhp" } ], "schema_version": "1.7.0", "summary": "electron27 -- multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "gitlab-ce" }, "ranges": [ { "events": [ { "introduced": "16.9.0" }, { "fixed": "16.9.1" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "16.8.0" }, { "fixed": "16.8.3" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "11.3.0" }, { "fixed": "16.7.6" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://about.gitlab.com/releases/2024/02/21/security-release-gitlab-16-9-1-released/" ], "discovery": "2024-02-21T00:00:00Z", "references": { "cvename": [ "CVE-2024-1451", "CVE-2023-6477", "CVE-2023-6736", "CVE-2024-1525", "CVE-2023-4895", "CVE-2024-0861", "CVE-2023-3509", "CVE-2024-0410" ] }, "vid": "03bf5157-d145-11ee-acee-001b217b3468" }, "details": "Gitlab reports:\n\n> Stored-XSS in user\\'s profile page\n>\n> User with \\\"admin_group_members\\\" permission can invite other groups\n> to gain owner access\n>\n> ReDoS issue in the Codeowners reference extractor\n>\n> LDAP user can reset password using secondary email and login using\n> direct authentication\n>\n> Bypassing group ip restriction settings to access environment details\n> of projects through Environments/Operations Dashboard\n>\n> Users with the Guest role can change Custom dashboard projects\n> settings for projects in the victim group\n>\n> Group member with sub-maintainer role can change title of shared\n> private deploy keys\n>\n> Bypassing approvals of CODEOWNERS\n", "id": "FreeBSD-2024-0046", "modified": "2024-02-22T00:00:00Z", "published": "2024-02-22T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://about.gitlab.com/releases/2024/02/21/security-release-gitlab-16-9-1-released/" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-1451" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-6477" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-6736" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-1525" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-4895" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-0861" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-3509" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-0410" }, { "type": "WEB", "url": "https://about.gitlab.com/releases/2024/02/21/security-release-gitlab-16-9-1-released/" } ], "schema_version": "1.7.0", "summary": "Gitlab -- Vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "powerdns-recursor" }, "ranges": [ { "events": [ { "fixed": "5.0.2" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://access.redhat.com/security/cve/CVE-2023-50868" ], "discovery": "2024-02-14T00:00:00Z", "references": { "cvename": [ "CVE-2023-50868", "CVE-2023-50387" ] }, "vid": "e15ba624-cca8-11ee-84ca-b42e991fc52e" }, "details": "cve@mitre.org reports:\n\n> CVE-2023-50868: The Closest Encloser Proof aspect of the DNS protocol\n> (in RFC 5155 when RFC 9276 guidance is skipped) allows remote\n> attackers to cause a denial of service (CPU consumption for SHA-1\n> computations) via DNSSEC responses in a random subdomain attack, aka\n> the \\\"NSEC3\\\" issue. The RFC 5155 specification implies that an\n> algorithm must perform thousands of iterations of a hash function in\n> certain situations.\n>\n> CVE-2023-50387: Certain DNSSEC aspects of the DNS protocol (in RFC\n> 4033, 4034, 4035, 6840, and related RFCs) allow remote attackers to\n> cause a denial of service (CPU consumption) via one or more DNSSEC\n> responses, aka the \\\"KeyTrap\\\" issue. One of the concerns is that,\n> when there is a zone with many DNSKEY and RRSIG records, the protocol\n> specification implies that an algorithm must evaluate all combinations\n> of DNSKEY and RRSIG records.\n", "id": "FreeBSD-2024-0045", "modified": "2024-02-16T00:00:00Z", "published": "2024-02-16T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://access.redhat.com/security/cve/CVE-2023-50868" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-50868" }, { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-50868" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-50387" }, { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-50387" } ], "schema_version": "1.7.0", "summary": "powerdns-recursor -- Multiple Vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "nginx-devel" }, "ranges": [ { "events": [ { "introduced": "1.25.0" }, { "fixed": "1.25.4" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "http://nginx.org/en/security_advisories.html" ], "discovery": "2024-02-14T00:00:00Z", "references": { "cvename": [ "CVE-2024-24989", "CVE-2024-24990" ] }, "vid": "c97a4ecf-cc25-11ee-b0ee-0050569f0b83" }, "details": "The nginx development team reports:\n\n> When using HTTP/3 a segmentation fault might occur in a worker process\n> while processing a specially crafted QUIC session.\n", "id": "FreeBSD-2024-0044", "modified": "2024-02-15T00:00:00Z", "published": "2024-02-15T00:00:00Z", "references": [ { "type": "REPORT", "url": "http://nginx.org/en/security_advisories.html" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-24989" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-24990" } ], "schema_version": "1.7.0", "summary": "nginx-devel -- Multiple Vulnerabilities in HTTP/3" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:kernel", "name": "FreeBSD-kernel" }, "ranges": [ { "events": [ { "introduced": "14.0" }, { "fixed": "14.0_5" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "13.2" }, { "fixed": "13.2_10" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "discovery": "2024-02-14T00:00:00Z", "references": { "cvename": [ "CVE-2024-25941" ], "freebsdsa": [ "SA-24:02.tty" ] }, "vid": "46a29f83-cb47-11ee-b609-002590c1f29c" }, "details": "# Problem Description:\n\nThe jail(2) system call has not limited a visiblity of allocated TTYs\n(the kern.ttys sysctl). This gives rise to an information leak about\nprocesses outside the current jail.\n\n# Impact:\n\nAttacker can get information about TTYs allocated on the host or in\nother jails. Effectively, the information printed by \\\"pstat -t\\\" may be\nleaked.\n", "id": "FreeBSD-2024-0043", "modified": "2024-02-14T00:00:00Z", "published": "2024-02-14T00:00:00Z", "references": [ { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-25941" }, { "type": "ADVISORY", "url": "https://www.freebsd.org/security/advisories/FreeBSD-SA-24:02.tty.asc" } ], "schema_version": "1.7.0", "summary": "FreeBSD -- jail(2) information leak" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "FreeBSD" }, "ranges": [ { "events": [ { "introduced": "14.0" }, { "fixed": "14.0_5" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "13.2" }, { "fixed": "13.2_10" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "discovery": "2024-02-14T00:00:00Z", "references": { "cvename": [ "CVE-2024-25940" ], "freebsdsa": [ "SA-24:01.bhyveload" ] }, "vid": "c62285cb-cb46-11ee-b609-002590c1f29c" }, "details": "# Problem Description:\n\n\\`bhyveload -h \\\\` may be used to grant loader access to the\n\\ directory tree on the host. Affected versions of\nbhyveload(8) do not make any attempt to restrict loader\\'s access to\n\\, allowing the loader to read any file the host user has\naccess to.\n\n# Impact:\n\nIn the bhyveload(8) model, the host supplies a userboot.so to boot with,\nbut the loader scripts generally come from the guest image. A\nmaliciously crafted script could be used to exfiltrate sensitive data\nfrom the host accessible to the user running bhyhveload(8), which is\noften the system root.\n", "id": "FreeBSD-2024-0042", "modified": "2024-02-14T00:00:00Z", "published": "2024-02-14T00:00:00Z", "references": [ { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-25940" }, { "type": "ADVISORY", "url": "https://www.freebsd.org/security/advisories/FreeBSD-SA-24:01.bhyveload.asc" } ], "schema_version": "1.7.0", "summary": "FreeBSD -- bhyveload(8) host file access" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "chromium" }, "ranges": [ { "events": [ { "fixed": "121.0.6167.184" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "ungoogled-chromium" }, "ranges": [ { "events": [ { "fixed": "121.0.6167.184" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://chromereleases.googleblog.com/2024/02/stable-channel-update-for-desktop_13.html" ], "discovery": "2024-02-13T00:00:00Z", "vid": "4edbea45-cb0c-11ee-86bb-a8a1599412c6" }, "details": "Chrome Releases reports:\n\n> This update includes 1 security fix.\n", "id": "FreeBSD-2024-0041", "modified": "2024-02-14T00:00:00Z", "published": "2024-02-14T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://chromereleases.googleblog.com/2024/02/stable-channel-update-for-desktop_13.html" }, { "type": "WEB", "url": "https://chromereleases.googleblog.com/2024/02/stable-channel-update-for-desktop_13.html" } ], "schema_version": "1.7.0", "summary": "chromium -- security fix" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "bind916" }, "ranges": [ { "events": [ { "fixed": "9.16.48" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "bind918" }, "ranges": [ { "events": [ { "fixed": "9.18.24" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "bind9-devel" }, "ranges": [ { "events": [ { "fixed": "9.19.21" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "dnsmasq" }, "ranges": [ { "events": [ { "fixed": "2.90" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "dnsmasq-devel" }, "ranges": [ { "events": [ { "fixed": "2.90" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "powerdns-recursor" }, "ranges": [ { "events": [ { "fixed": "5.0.2" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "unbound" }, "ranges": [ { "events": [ { "fixed": "1.19.1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "FreeBSD" }, "ranges": [ { "events": [ { "introduced": "14.0" }, { "fixed": "14.0_6" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "13.2" }, { "fixed": "13.2_11" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/2024q1/017430.html", "https://nlnetlabs.nl/news/2024/Feb/13/unbound-1.19.1-released/" ], "discovery": "2024-02-06T00:00:00Z", "references": { "cvename": [ "CVE-2023-50387", "CVE-2023-50868" ], "freebsdsa": [ "SA-24:03.unbound" ] }, "vid": "21a854cc-cac1-11ee-b7a7-353f1e043d9a" }, "details": "Simon Kelley reports:\n\n> If DNSSEC validation is enabled, then an attacker who can force a DNS\n> server to validate a specially crafted signed domain can use a lot of\n> CPU in the validator. This only affects dnsmasq installations with\n> DNSSEC enabled.\n\nStichting NLnet Labs reports:\n\n> The KeyTrap \\[CVE-2023-50387\\] vulnerability works by using a\n> combination of Keys (also colliding Keys), Signatures and number of\n> RRSETs on a malicious zone. Answers from that zone can force a DNSSEC\n> validator down a very CPU intensive and time costly validation path.\n>\n> The NSEC3 \\[CVE-2023-50868\\] vulnerability uses specially crafted\n> responses on a malicious zone with multiple NSEC3 RRSETs to force a\n> DNSSEC validator down a very CPU intensive and time costly NSEC3 hash\n> calculation path.\n", "id": "FreeBSD-2024-0040", "modified": "2024-04-01T00:00:00Z", "published": "2024-02-13T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/2024q1/017430.html" }, { "type": "REPORT", "url": "https://nlnetlabs.nl/news/2024/Feb/13/unbound-1.19.1-released/" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-50387" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-50868" }, { "type": "WEB", "url": "https://kb.isc.org/docs/cve-2023-50387" }, { "type": "WEB", "url": "https://kb.isc.org/docs/cve-2023-50868" }, { "type": "WEB", "url": "https://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/2024q1/017430.html" }, { "type": "WEB", "url": "https://blog.powerdns.com/2024/02/13/powerdns-recursor-4-8-6-4-9-3-5-0-2-released" }, { "type": "WEB", "url": "https://nlnetlabs.nl/news/2024/Feb/13/unbound-1.19.1-released/" }, { "type": "ADVISORY", "url": "https://www.freebsd.org/security/advisories/FreeBSD-SA-24:03.unbound.asc" } ], "schema_version": "1.7.0", "summary": "DNSSEC validators -- denial-of-service/CPU exhaustion from KeyTrap and NSEC3 vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "phpmyfaq-php81" }, "ranges": [ { "events": [ { "fixed": "3.2.5" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "phpmyfaq-php82" }, "ranges": [ { "events": [ { "fixed": "3.2.5" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "phpmyfaq-php83" }, "ranges": [ { "events": [ { "fixed": "3.2.5" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://www.phpmyfaq.de/security/advisory-2024-02-05" ], "discovery": "2024-02-05T00:00:00Z", "vid": "cbfc1591-c8c0-11ee-b45a-589cfc0f81b0" }, "details": "phpMyFAQ team reports:\n\n> phpMyFAQ doesn\\'t implement sufficient checks to avoid XSS when\n> storing on attachments filenames. The \\'sharing FAQ\\' functionality\n> allows any unauthenticated actor to misuse the phpMyFAQ application to\n> send arbitrary emails to a large range of targets. phpMyFAQ\\'s user\n> removal page allows an attacker to spoof another user\\'s detail, and\n> in turn make a compelling phishing case for removing another user\\'s\n> account.\n", "id": "FreeBSD-2024-0039", "modified": "2024-02-11T00:00:00Z", "published": "2024-02-11T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://www.phpmyfaq.de/security/advisory-2024-02-05" }, { "type": "WEB", "url": "https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-7m8g-fprr-47fx" }, { "type": "WEB", "url": "https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-9hhf-xmcw-r3xg" }, { "type": "WEB", "url": "https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-6648-6g96-mg35" } ], "schema_version": "1.7.0", "summary": "phpmyfaq -- multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "openexr" }, "ranges": [ { "events": [ { "fixed": "3.1.12" }, { "introduced": "0" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "3.2.0" }, { "fixed": "3.2.2" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://takeonme.org/cves/CVE-2023-5841.html", "https://github.com/AcademySoftwareFoundation/openexr/releases/tag/v3.2.2" ], "discovery": "2023-10-26T00:00:00Z", "references": { "cvename": [ "CVE-2023-5841" ] }, "vid": "f161a5ad-c9bd-11ee-b7a7-353f1e043d9a" }, "details": "Austin Hackers Anonymous report:\n\n> Due to a failure in validating the number of scanline samples of a\n> OpenEXR file containing deep scanline data, Academy Software\n> Foundation OpenEXR image parsing library version 3.2.1 and prior is\n> susceptible to a heap-based buffer overflow vulnerability.\n\n> \\[\\...\\] it is in a routine that is predominantly used for development\n> and testing. It is not likely to appear in production code.\n", "id": "FreeBSD-2024-0038", "modified": "2024-02-12T00:00:00Z", "published": "2024-02-12T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://takeonme.org/cves/CVE-2023-5841.html" }, { "type": "REPORT", "url": "https://github.com/AcademySoftwareFoundation/openexr/releases/tag/v3.2.2" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-5841" }, { "type": "WEB", "url": "https://takeonme.org/cves/CVE-2023-5841.html" }, { "type": "WEB", "url": "https://github.com/AcademySoftwareFoundation/openexr/releases/tag/v3.2.2" } ], "schema_version": "1.7.0", "summary": "openexr -- Heap Overflow in Scanline Deep Data Parsing" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "readstat" }, "ranges": [ { "events": [ { "fixed": "1.1.9" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=33991" ], "discovery": "2021-05-05T00:00:00Z", "vid": "388eefc0-c93f-11ee-92ce-4ccc6adda413" }, "details": "Google reports:\n\n> A heap buffer overflow exists in readstat_convert.\n", "id": "FreeBSD-2024-0037", "modified": "2024-02-12T00:00:00Z", "published": "2024-02-12T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=33991" }, { "type": "WEB", "url": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=33991" }, { "type": "WEB", "url": "https://osv.dev/vulnerability/OSV-2021-732" }, { "type": "WEB", "url": "https://github.com/WizardMac/ReadStat/issues/285" } ], "schema_version": "1.7.0", "summary": "readstat -- Heap buffer overflow in readstat_convert" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "p5-Spreadsheet-ParseExcel" }, "ranges": [ { "events": [ { "fixed": "0.66" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://nvd.nist.gov/vuln/detail/CVE-2023-7101" ], "discovery": "2023-12-29T00:00:00Z", "references": { "cvename": [ "CVE-2023-7101" ] }, "vid": "cb22a9a6-c907-11ee-8d1c-40b034429ecf" }, "details": "Spreadsheet-ParseExcel reports:\n\n> Spreadsheet::ParseExcel version 0.65 is a Perl module used for parsing\n> Excel files. Spreadsheet::ParseExcel is vulnerable to an arbitrary\n> code execution (ACE) vulnerability due to passing unvalidated input\n> from a file into a string-type eval \\\"eval\\\". Specifically, the issue\n> stems from the evaluation of Number format strings (not to be confused\n> with printf-style format strings) within the Excel parsing logic.\n", "id": "FreeBSD-2024-0036", "modified": "2024-02-11T00:00:00Z", "published": "2024-02-11T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-7101" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-7101" }, { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-7101" } ], "schema_version": "1.7.0", "summary": "p5-Spreadsheet-ParseExcel -- Remote Code Execution Vulnerability" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "postgresql-server" }, "ranges": [ { "events": [ { "fixed": "15.6" }, { "introduced": "0" } ], "type": "ECOSYSTEM" }, { "events": [ { "fixed": "14.11" }, { "introduced": "0" } ], "type": "ECOSYSTEM" }, { "events": [ { "fixed": "13.14" }, { "introduced": "0" } ], "type": "ECOSYSTEM" }, { "events": [ { "fixed": "12.18" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://www.postgresql.org/support/security/CVE-2024-0985/" ], "discovery": "2024-02-08T00:00:00Z", "references": { "cvename": [ "CVE-2024-0985" ] }, "vid": "19e6dd1b-c6a5-11ee-9cd0-6cc21735f730" }, "details": "PostgreSQL Project reports:\n\n> One step of a concurrent refresh command was run under weak security\n> restrictions. If a materialized view\\'s owner could persuade a\n> superuser or other high-privileged user to perform a concurrent\n> refresh on that view, the view\\'s owner could control code executed\n> with the privileges of the user running REFRESH. The fix for the\n> vulnerability makes is so that all user-determined code is run as the\n> view\\'s owner, as expected.\n", "id": "FreeBSD-2024-0035", "modified": "2024-02-08T00:00:00Z", "published": "2024-02-08T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://www.postgresql.org/support/security/CVE-2024-0985/" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-0985" }, { "type": "WEB", "url": "https://www.postgresql.org/support/security/CVE-2024-0985/" } ], "schema_version": "1.7.0", "summary": "postgresql-server -- non-owner REFRESH MATERIALIZED VIEW CONCURRENTLY executes arbitrary SQL" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "gitlab-ce" }, "ranges": [ { "events": [ { "introduced": "16.8.0" }, { "fixed": "16.8.2" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "16.7.0" }, { "fixed": "16.7.5" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "13.3.0" }, { "fixed": "16.6.7" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://about.gitlab.com/releases/2024/02/07/security-release-gitlab-16-8-2-released/" ], "discovery": "2024-02-07T00:00:00Z", "references": { "cvename": [ "CVE-2024-1250", "CVE-2023-6840", "CVE-2023-6386", "CVE-2024-1066" ] }, "vid": "6b2cba6a-c6a5-11ee-97d0-001b217b3468" }, "details": "Gitlab reports:\n\n> Restrict group access token creation for custom roles\n>\n> Project maintainers can bypass group\\'s scan result policy\n> block_branch_modification setting\n>\n> ReDoS in CI/CD Pipeline Editor while verifying Pipeline syntax\n>\n> Resource exhaustion using GraphQL vulnerabilitiesCountByDay\n", "id": "FreeBSD-2024-0034", "modified": "2024-02-08T00:00:00Z", "published": "2024-02-08T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://about.gitlab.com/releases/2024/02/07/security-release-gitlab-16-8-2-released/" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-1250" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-6840" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-6386" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-1066" }, { "type": "WEB", "url": "https://about.gitlab.com/releases/2024/02/07/security-release-gitlab-16-8-2-released/" } ], "schema_version": "1.7.0", "summary": "Gitlab -- vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "php81-composer" }, "ranges": [ { "events": [ { "fixed": "2.7.0" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "php82-composer" }, "ranges": [ { "events": [ { "fixed": "2.7.0" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "php83-composer" }, "ranges": [ { "events": [ { "fixed": "2.7.0" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://github.com/composer/composer/security/advisories/GHSA-7c6p-848j-wh5h" ], "discovery": "2024-02-08T00:00:00Z", "references": { "cvename": [ "CVE-2024-24821" ] }, "vid": "33ba2241-c68e-11ee-9ef3-001999f8d30b" }, "details": "Copmposer reports:\n\n> Code execution and possible privilege escalation via compromised\n> InstalledVersions.php or installed.php.\n>\n> Several files within the local working directory are included during\n> the invocation of Composer and in the context of the executing user.\n>\n> As such, under certain conditions arbitrary code execution may lead to\n> local privilege escalation, provide lateral user movement or malicious\n> code execution when Composer is invoked within a directory with\n> tampered files.\n>\n> All Composer CLI commands are affected, including composer.phar\\'s\n> self-update.\n", "id": "FreeBSD-2024-0033", "modified": "2024-02-08T00:00:00Z", "published": "2024-02-08T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://github.com/composer/composer/security/advisories/GHSA-7c6p-848j-wh5h" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-24821" }, { "type": "WEB", "url": "https://github.com/composer/composer/security/advisories/GHSA-7c6p-848j-wh5h" } ], "schema_version": "1.7.0", "summary": "Composer -- Code execution and possible privilege escalation" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "eza" }, "ranges": [ { "events": [ { "fixed": "0.18.2" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "libgit2" }, "ranges": [ { "events": [ { "introduced": "1.7.0" }, { "fixed": "1.7.2" } ], "type": "ECOSYSTEM" }, { "events": [ { "fixed": "1.6.5" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://github.com/libgit2/libgit2/releases/tag/v1.7.2" ], "discovery": "2024-02-06T00:00:00Z", "references": { "cvename": [ "CVE-2024-24577" ] }, "vid": "43768ff3-c683-11ee-97d0-001b217b3468" }, "details": "Git community reports:\n\n> A bug in git_revparse_single is fixed that could have caused the\n> function to enter an infinite loop given well-crafted inputs,\n> potentially causing a Denial of Service attack in the calling\n> application\n>\n> A bug in git_revparse_single is fixed that could have caused the\n> function to enter an infinite loop given well-crafted inputs,\n> potentially causing a Denial of Service attack in the calling\n> application\n>\n> A bug in the smart transport negotiation could have caused an\n> out-of-bounds read when a remote server did not advertise capabilities\n", "id": "FreeBSD-2024-0032", "modified": "2024-02-14T00:00:00Z", "published": "2024-02-08T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://github.com/libgit2/libgit2/releases/tag/v1.7.2" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-24577" }, { "type": "WEB", "url": "https://github.com/libgit2/libgit2/releases/tag/v1.7.2" } ], "schema_version": "1.7.0", "summary": "Libgit2 -- multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "chromium" }, "ranges": [ { "events": [ { "fixed": "121.0.6167.160" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "ungoogled-chromium" }, "ranges": [ { "events": [ { "fixed": "121.0.6167.160" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "qt5-webengine" }, "ranges": [ { "events": [ { "fixed": "5.15.16.p5_5" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "qt6-webengine" }, "ranges": [ { "events": [ { "fixed": "6.6.1_5" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://chromereleases.googleblog.com/2024/02/stable-channel-update-for-desktop.html" ], "discovery": "2024-02-06T00:00:00Z", "references": { "cvename": [ "CVE-2024-1284", "CVE-2024-1283" ] }, "vid": "19047673-c680-11ee-86bb-a8a1599412c6" }, "details": "Chrome Releases reports:\n\n> This update includes 3 security fixes:\n>\n> - \\[41494539\\] High CVE-2024-1284: Use after free in Mojo. Reported by\n> Anonymous on 2024-01-25\n> - \\[41494860\\] High CVE-2024-1283: Heap buffer overflow in Skia.\n> Reported by Jorge Buzeti (@r3tr074) on 2024-01-25\n", "id": "FreeBSD-2024-0031", "modified": "2024-02-08T00:00:00Z", "published": "2024-02-08T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://chromereleases.googleblog.com/2024/02/stable-channel-update-for-desktop.html" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-1284" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-1283" }, { "type": "WEB", "url": "https://chromereleases.googleblog.com/2024/02/stable-channel-update-for-desktop.html" } ], "schema_version": "1.7.0", "summary": "chromium -- multiple security fixes" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "clamav" }, "ranges": [ { "events": [ { "fixed": "1.2.2,1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "clamav-lts" }, "ranges": [ { "events": [ { "fixed": "1.0.5,1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://blog.clamav.net/2023/11/clamav-130-122-105-released.html" ], "discovery": "2024-02-07T00:00:00Z", "references": { "cvename": [ "CVE-2024-20290", "CVE-2024-20328" ] }, "vid": "68ae70c5-c5e5-11ee-9768-08002784c58d" }, "details": "The ClamAV project reports:\n\n> \n>\n> CVE-2024-20290\n> : A vulnerability in the OLE2 file format parser of ClamAV could\n> allow an unauthenticated, remote attacker to cause a denial of\n> service (DoS) condition on an affected device. This vulnerability\n> is due to an incorrect check for end-of-string values during\n> scanning, which may result in a heap buffer over-read. An attacker\n> could exploit this vulnerability by submitting a crafted file\n> containing OLE2 content to be scanned by ClamAV on an affected\n> device. A successful exploit could allow the attacker to cause the\n> ClamAV scanning process to terminate, resulting in a DoS condition\n> on the affected software and consuming available system resources.\n>\n> CVE-2024-20328\n> : Fixed a possible command injection vulnerability in the\n> \\\"VirusEvent\\\" feature of ClamAV\\'s ClamD service. To fix this\n> issue, we disabled the \\'%f\\' format string parameter. ClamD\n> administrators may continue to use the\n> \\`CLAM_VIRUSEVENT_FILENAME\\` environment variable, instead of\n> \\'%f\\'. But you should do so only from within an executable, such\n> as a Python script, and not directly in the clamd.conf\n> \\\"VirusEvent\\\" command.\n", "id": "FreeBSD-2024-0030", "modified": "2024-02-07T00:00:00Z", "published": "2024-02-07T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://blog.clamav.net/2023/11/clamav-130-122-105-released.html" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-20290" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-20328" }, { "type": "WEB", "url": "https://blog.clamav.net/2023/11/clamav-130-122-105-released.html" } ], "schema_version": "1.7.0", "summary": "clamav -- Multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "py39-django32" }, "ranges": [ { "events": [ { "fixed": "3.2.24" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "py310-django32" }, "ranges": [ { "events": [ { "fixed": "3.2.24" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "py311-django32" }, "ranges": [ { "events": [ { "fixed": "3.2.24" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "py39-django42" }, "ranges": [ { "events": [ { "fixed": "4.2.8" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "py310-django42" }, "ranges": [ { "events": [ { "fixed": "4.2.8" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "py311-django42" }, "ranges": [ { "events": [ { "fixed": "4.2.8" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "py311-django50" }, "ranges": [ { "events": [ { "fixed": "5.0.2" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://www.djangoproject.com/weblog/2024/feb/06/security-releases/" ], "discovery": "2024-01-09T00:00:00Z", "references": { "cvename": [ "CVE-2024-24680" ] }, "vid": "e0f6215b-c59e-11ee-a6db-080027a5b8e9" }, "details": "Django reports:\n\n> CVE-2024-24680:Potential denial-of-service in intcomma template\n> filter.\n", "id": "FreeBSD-2024-0029", "modified": "2024-02-07T00:00:00Z", "published": "2024-02-07T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://www.djangoproject.com/weblog/2024/feb/06/security-releases/" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-24680" }, { "type": "WEB", "url": "https://www.djangoproject.com/weblog/2024/feb/06/security-releases/" } ], "schema_version": "1.7.0", "summary": "Django -- multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "chromium" }, "ranges": [ { "events": [ { "fixed": "121.0.6167.139" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "ungoogled-chromium" }, "ranges": [ { "events": [ { "fixed": "121.0.6167.139" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "qt5-webengine" }, "ranges": [ { "events": [ { "fixed": "5.15.16.p5_5" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "qt6-webengine" }, "ranges": [ { "events": [ { "fixed": "6.6.1_5" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://chromereleases.googleblog.com/2024/01/stable-channel-update-for-desktop_30.html" ], "discovery": "2024-01-30T00:00:00Z", "references": { "cvename": [ "CVE-2024-1060", "CVE-2024-1059", "CVE-2024-1077" ] }, "vid": "dc9e5237-c197-11ee-86bb-a8a1599412c6" }, "details": "Chrome Releases reports:\n\n> This update includes 4 security fixes:\n>\n> - \\[1511567\\] High CVE-2024-1060: Use after free in Canvas. Reported\n> by Anonymous on 2023-12-14\n> - \\[1514777\\] High CVE-2024-1059: Use after free in WebRTC. Reported\n> by Cassidy Kim(@cassidy6564) on 2023-12-29\n> - \\[1511085\\] High CVE-2024-1077: Use after free in Network. Reported\n> by Microsoft Security Research Center on 2023-12-13\n", "id": "FreeBSD-2024-0028", "modified": "2024-02-02T00:00:00Z", "published": "2024-02-02T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://chromereleases.googleblog.com/2024/01/stable-channel-update-for-desktop_30.html" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-1060" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-1059" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-1077" }, { "type": "WEB", "url": "https://chromereleases.googleblog.com/2024/01/stable-channel-update-for-desktop_30.html" } ], "schema_version": "1.7.0", "summary": "chromium -- multiple security fixes" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "chromium" }, "ranges": [ { "events": [ { "fixed": "121.0.6167.85" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "ungoogled-chromium" }, "ranges": [ { "events": [ { "fixed": "121.0.6167.85" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://chromereleases.googleblog.com/2024/01/stable-channel-update-for-desktop_23.html" ], "discovery": "2024-01-23T00:00:00Z", "references": { "cvename": [ "CVE-2024-0812", "CVE-2024-0808", "CVE-2024-0810", "CVE-2024-0814", "CVE-2024-0813", "CVE-2024-0806", "CVE-2024-0805", "CVE-2024-0804", "CVE-2024-0811", "CVE-2024-0809" ] }, "vid": "72d6d757-c197-11ee-86bb-a8a1599412c6" }, "details": "Chrome Releases reports:\n\n> This update includes 17 security fixes:\n>\n> - \\[1484394\\] High CVE-2024-0812: Inappropriate implementation in\n> Accessibility. Reported by Anonymous on 2023-09-19\n> - \\[1504936\\] High CVE-2024-0808: Integer underflow in WebUI. Reported\n> by Lyra Rebane (rebane2001) on 2023-11-24\n> - \\[1496250\\] Medium CVE-2024-0810: Insufficient policy enforcement in\n> DevTools. Reported by Shaheen Fazim on 2023-10-26\n> - \\[1463935\\] Medium CVE-2024-0814: Incorrect security UI in Payments.\n> Reported by Muneaki Nishimura (nishimunea) on 2023-07-11\n> - \\[1477151\\] Medium CVE-2024-0813: Use after free in Reading Mode.\n> Reported by \\@retsew0x01 on 2023-08-30\n> - \\[1505176\\] Medium CVE-2024-0806: Use after free in Passwords.\n> Reported by 18\u697c\u68a6\u60f3\u6539\u9020\u5bb6 on 2023-11-25\n> - \\[1514925\\] Medium CVE-2024-0805: Inappropriate implementation in\n> Downloads. Reported by Om Apip on 2024-01-01\n> - \\[1515137\\] Medium CVE-2024-0804: Insufficient policy enforcement in\n> iOS Security UI. Reported by Narendra Bhati of Suma Soft Pvt. Ltd.\n> Pune (India) on 2024-01-03\n> - \\[1494490\\] Low CVE-2024-0811: Inappropriate implementation in\n> Extensions API. Reported by Jann Horn of Google Project Zero on\n> 2023-10-21\n> - \\[1497985\\] Low CVE-2024-0809: Inappropriate implementation in\n> Autofill. Reported by Ahmed ElMasry on 2023-10-31\n", "id": "FreeBSD-2024-0027", "modified": "2024-02-02T00:00:00Z", "published": "2024-02-02T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://chromereleases.googleblog.com/2024/01/stable-channel-update-for-desktop_23.html" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-0812" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-0808" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-0810" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-0814" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-0813" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-0806" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-0805" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-0804" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-0811" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-0809" }, { "type": "WEB", "url": "https://chromereleases.googleblog.com/2024/01/stable-channel-update-for-desktop_23.html" } ], "schema_version": "1.7.0", "summary": "chromium -- multiple security fixes" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "electron26" }, "ranges": [ { "events": [ { "fixed": "26.6.8" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "electron27" }, "ranges": [ { "events": [ { "fixed": "27.3.1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "electron28" }, "ranges": [ { "events": [ { "fixed": "28.2.1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://github.com/electron/electron/releases/tag/v26.6.8" ], "discovery": "2024-01-31T00:00:00Z", "references": { "cvename": [ "CVE-2024-0807" ] }, "vid": "13a8c4bf-cb2b-48ec-b49c-a3875c72b3e8" }, "details": "Electron developers reports:\n\n> This update fixes the following vulnerability:\n>\n> - Security: backported fix for CVE-2024-0807.\n", "id": "FreeBSD-2024-0026", "modified": "2024-02-01T00:00:00Z", "published": "2024-02-01T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://github.com/electron/electron/releases/tag/v26.6.8" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-0807" }, { "type": "ADVISORY", "url": "https://github.com/advisories/GHSA-hjm7-v5pw-x89r" } ], "schema_version": "1.7.0", "summary": "electron{26,27,28} -- Use after free in Web Audio" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "qt5-webengine" }, "ranges": [ { "events": [ { "fixed": "5.15.16.p5_5" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "qt6-webengine" }, "ranges": [ { "events": [ { "fixed": "6.6.1_4" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://code.qt.io/cgit/qt/qtwebengine-chromium.git/log/?h=112-based" ], "discovery": "2024-01-30T00:00:00Z", "references": { "cvename": [ "CVE-2024-0807", "CVE-2024-0808", "CVE-2024-0810" ] }, "vid": "bbcb1584-c068-11ee-bdd6-4ccc6adda413" }, "details": "Qt qtwebengine-chromium repo reports:\n\n> Backports for 3 security bugs in Chromium:\n>\n> - \\[1505080\\] High CVE-2024-0807: Use after free in WebAudio\n> - \\[1504936\\] Critical CVE-2024-0808: Integer underflow in WebUI\n> - \\[1496250\\] Medium CVE-2024-0810: Insufficient policy enforcement in\n> DevTools\n", "id": "FreeBSD-2024-0025", "modified": "2024-01-31T00:00:00Z", "published": "2024-01-31T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://code.qt.io/cgit/qt/qtwebengine-chromium.git/log/?h=112-based" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-0807" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-0808" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-0810" }, { "type": "WEB", "url": "https://code.qt.io/cgit/qt/qtwebengine-chromium.git/log/?h=112-based" } ], "schema_version": "1.7.0", "summary": "qt6-webengine -- Multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "openssl" }, "ranges": [ { "events": [ { "fixed": "3.0.13,1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "openssl-quictls" }, "ranges": [ { "events": [ { "fixed": "3.0.13" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "openssl31" }, "ranges": [ { "events": [ { "fixed": "3.1.5" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "openssl31-quictls" }, "ranges": [ { "events": [ { "fixed": "3.1.5" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "openssl32" }, "ranges": [ { "events": [ { "fixed": "3.2.1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://www.openssl.org/news/secadv/20240125.txt" ], "discovery": "2024-01-30T00:00:00Z", "references": { "cvename": [ "CVE-2024-0727", "CVE-2023-6237" ] }, "vid": "10dee731-c069-11ee-9190-84a93843eb75" }, "details": "The OpenSSL project reports:\n\n> Excessive time spent checking invalid RSA public keys (CVE-2023-6237)\n>\n> PKCS12 Decoding crashes (CVE-2024-0727)\n", "id": "FreeBSD-2024-0024", "modified": "2024-01-31T00:00:00Z", "published": "2024-01-31T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://www.openssl.org/news/secadv/20240125.txt" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-0727" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-6237" }, { "type": "WEB", "url": "https://www.openssl.org/news/secadv/20240125.txt" }, { "type": "WEB", "url": "https://www.openssl.org/news/secadv/20240115.txt" }, { "type": "WEB", "url": "https://www.openssl.org/news/openssl-3.0-notes.html" }, { "type": "WEB", "url": "https://www.openssl.org/news/openssl-3.1-notes.html" }, { "type": "WEB", "url": "https://www.openssl.org/news/openssl-3.2-notes.html" } ], "schema_version": "1.7.0", "summary": "OpenSSL -- Multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "lizard" }, "ranges": [ { "events": [ { "fixed": "1.0_1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://github.com/inikep/lizard/issues/16" ], "discovery": "2018-05-26T00:00:00Z", "references": { "cvename": [ "CVE-2018-11498" ] }, "vid": "67c2eb06-5579-4595-801b-30355be24654" }, "details": "cve@mitre.org reports:\n\n> In Lizard v1.0 and LZ5 v2.0 (the prior release, before the product was\n> renamed), there is an unchecked buffer size during a memcpy in the\n> Lizard_decompress_LIZv1 function (lib/lizard_decompress_liz.h). Remote\n> attackers can leverage this vulnerability to cause a denial of service\n> via a crafted input file, as well as achieve remote code execution.\n", "id": "FreeBSD-2024-0023", "modified": "2024-01-31T00:00:00Z", "published": "2024-01-31T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://github.com/inikep/lizard/issues/16" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-11498" }, { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-11498" } ], "schema_version": "1.7.0", "summary": "lizard -- Negative size passed to memcpy resulting in memory corruption" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "qt6-webengine" }, "ranges": [ { "events": [ { "fixed": "6.6.1_3" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://code.qt.io/cgit/qt/qtwebengine-chromium.git/log/?h=112-based" ], "discovery": "2024-01-08T00:00:00Z", "references": { "cvename": [ "CVE-2023-6345", "CVE-2023-6346", "CVE-2023-6347", "CVE-2023-6702", "CVE-2023-6703", "CVE-2023-6705", "CVE-2023-6706", "CVE-2023-7024", "CVE-2024-0222", "CVE-2024-0223", "CVE-2024-0224", "CVE-2024-0225", "CVE-2024-0333", "CVE-2024-0518", "CVE-2024-0519" ] }, "vid": "a25b323a-bed9-11ee-bdd6-4ccc6adda413" }, "details": "Qt qtwebengine-chromium repo reports:\n\n> Backports for 15 security bugs in Chromium:\n>\n> - \\[1505053\\] High CVE-2023-6345: Integer overflow in Skia\n> - \\[1500856\\] High CVE-2023-6346: Use after free in WebAudio\n> - \\[1494461\\] High CVE-2023-6347: Use after free in Mojo\n> - \\[1501326\\] High CVE-2023-6702: Type Confusion in V8\n> - \\[1502102\\] High CVE-2023-6703: Use after free in Blink\n> - \\[1505708\\] High CVE-2023-6705: Use after free in WebRTC\n> - \\[1500921\\] High CVE-2023-6706: Use after free in FedCM\n> - \\[1513170\\] High CVE-2023-7024: Heap buffer overflow in WebRTC\n> - \\[1501798\\] High CVE-2024-0222: Use after free in ANGLE\n> - \\[1505009\\] High CVE-2024-0223: Heap buffer overflow in ANGLE\n> - \\[1505086\\] High CVE-2024-0224: Use after free in WebAudio\n> - \\[1506923\\] High CVE-2024-0225: Use after free in WebGPU\n> - \\[1513379\\] High CVE-2024-0333: Insufficient data validation in\n> Extensions\n> - \\[1507412\\] High CVE-2024-0518: Type Confusion in V8\n> - \\[1517354\\] High CVE-2024-0519: Out of bounds memory access in V8\n", "id": "FreeBSD-2024-0022", "modified": "2024-01-29T00:00:00Z", "published": "2024-01-29T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://code.qt.io/cgit/qt/qtwebengine-chromium.git/log/?h=112-based" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-6345" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-6346" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-6347" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-6702" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-6703" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-6705" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-6706" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-7024" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-0222" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-0223" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-0224" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-0225" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-0333" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-0518" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-0519" }, { "type": "WEB", "url": "https://code.qt.io/cgit/qt/qtwebengine-chromium.git/log/?h=112-based" } ], "schema_version": "1.7.0", "summary": "qt6-webengine -- Multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "qt5-webengine" }, "ranges": [ { "events": [ { "fixed": "5.15.16.p5_4" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://code.qt.io/cgit/qt/qtwebengine-chromium.git/log/?h=87-based" ], "discovery": "2024-01-08T00:00:00Z", "references": { "cvename": [ "CVE-2023-6345", "CVE-2023-6702", "CVE-2023-7024", "CVE-2024-0222", "CVE-2024-0224", "CVE-2024-0333", "CVE-2024-0518", "CVE-2024-0519" ] }, "vid": "a11e7dd1-bed4-11ee-bdd6-4ccc6adda413" }, "details": "Qt qtwebengine-chromium repo reports:\n\n> Backports for 8 security bugs in Chromium:\n>\n> - \\[1505053\\] High CVE-2023-6345: Integer overflow in Skia\n> - \\[1501326\\] High CVE-2023-6702: Type Confusion in V8\n> - \\[1513170\\] High CVE-2023-7024: Heap buffer overflow in WebRTC\n> - \\[1501798\\] High CVE-2024-0222: Use after free in ANGLE\n> - \\[1505086\\] High CVE-2024-0224: Use after free in WebAudio\n> - \\[1513379\\] High CVE-2024-0333: Insufficient data validation in\n> Extensions\n> - \\[1507412\\] High CVE-2024-0518: Type Confusion in V8\n> - \\[1517354\\] High CVE-2024-0519: Out of bounds memory access in V8\n", "id": "FreeBSD-2024-0021", "modified": "2024-01-29T00:00:00Z", "published": "2024-01-29T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://code.qt.io/cgit/qt/qtwebengine-chromium.git/log/?h=87-based" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-6345" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-6702" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-7024" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-0222" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-0224" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-0333" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-0518" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-0519" }, { "type": "WEB", "url": "https://code.qt.io/cgit/qt/qtwebengine-chromium.git/log/?h=87-based" } ], "schema_version": "1.7.0", "summary": "qt5-webengine -- Multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "rclone" }, "ranges": [ { "events": [ { "fixed": "1.65.1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://github.com/go-resty/resty/commit/577fed8730d79f583eb48dfc81674164e1fc471e" ], "discovery": "2023-11-28T00:00:00Z", "references": { "cvename": [ "CVE-2023-45286", "CVE-2023-48795" ] }, "vid": "b5e22ec5-bc4b-11ee-b0b5-b42e991fc52e" }, "details": "Multiple vulnerabilities in ssh and golang\n\n> - CVE-2023-45286: HTTP request body disclosure in go-resty disclosure\n> across requests.\n> - CVE-2023-48795: The SSH transport protocol with certain OpenSSH\n> extensions, found in OpenSSH before 9.6 and other products, allows\n> remote attackers to bypass integrity checks.\n", "id": "FreeBSD-2024-0020", "modified": "2024-01-26T00:00:00Z", "published": "2024-01-26T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://github.com/go-resty/resty/commit/577fed8730d79f583eb48dfc81674164e1fc471e" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-45286" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-48795" }, { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-45286" }, { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-48795" } ], "schema_version": "1.7.0", "summary": "rclone -- Multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "gitlab-ce" }, "ranges": [ { "events": [ { "introduced": "16.8.0" }, { "fixed": "16.8.1" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "16.7.0" }, { "fixed": "16.7.4" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "16.6.0" }, { "fixed": "16.6.6" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "12.7.0" }, { "fixed": "16.5.8" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://about.gitlab.com/releases/2024/01/25/critical-security-release-gitlab-16-8-1-released/" ], "discovery": "2024-01-25T00:00:00Z", "references": { "cvename": [ "CVE-2024-0402", "CVE-2023-6159", "CVE-2023-5933", "CVE-2023-5612", "CVE-2024-0456" ] }, "vid": "61fe903b-bc2e-11ee-b06e-001b217b3468" }, "details": "Gitlab reports:\n\n> Arbitrary file write while creating workspace\n>\n> ReDoS in Cargo.toml blob viewer\n>\n> Arbitrary API PUT requests via HTML injection in user\\'s name\n>\n> Disclosure of the public email in Tags RSS Feed\n>\n> Non-Member can update MR Assignees of owned MRs\n", "id": "FreeBSD-2024-0019", "modified": "2024-01-26T00:00:00Z", "published": "2024-01-26T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://about.gitlab.com/releases/2024/01/25/critical-security-release-gitlab-16-8-1-released/" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-0402" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-6159" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-5933" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-5612" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-0456" }, { "type": "WEB", "url": "https://about.gitlab.com/releases/2024/01/25/critical-security-release-gitlab-16-8-1-released/" } ], "schema_version": "1.7.0", "summary": "Gitlab -- vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "jenkins" }, "ranges": [ { "events": [ { "fixed": "2.422" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "jenkins-lts" }, "ranges": [ { "events": [ { "fixed": "2.426.3" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://www.jenkins.io/security/advisory/2024-01-24/" ], "discovery": "2024-01-24T00:00:00Z", "references": { "cvename": [ "CVE-2024-23897", "CVE-2024-23898" ] }, "vid": "8b03d274-56ca-489e-821a-cf32f07643f0" }, "details": "Jenkins Security Advisory:\n\n> # Description\n>\n> ##### (Critical) SECURITY-3314 / CVE-2024-23897\n>\n> Arbitrary file read vulnerability through the CLI can lead to RCE\n>\n> # Description\n>\n> ##### (High) SECURITY-3315 / CVE-2024-23898\n>\n> Cross-site WebSocket hijacking vulnerability in the CLI\n", "id": "FreeBSD-2024-0018", "modified": "2024-01-24T00:00:00Z", "published": "2024-01-24T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://www.jenkins.io/security/advisory/2024-01-24/" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-23897" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-23898" }, { "type": "WEB", "url": "https://www.jenkins.io/security/advisory/2024-01-24/" } ], "schema_version": "1.7.0", "summary": "jenkins -- multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "tinymce" }, "ranges": [ { "events": [ { "fixed": "6.7.3" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "roundcube" }, "ranges": [ { "events": [ { "fixed": "1.6.6,1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://github.com/tinymce/tinymce/security/advisories/GHSA-v626-r774-j7f8" ], "discovery": "2023-11-15T00:00:00Z", "references": { "cvename": [ "CVE-2023-48219" ] }, "vid": "9532a361-b84d-11ee-b0d7-84a93843eb75" }, "details": "TinyMCE reports:\n\n> Special characters in unescaped text nodes can trigger mXSS when using\n> TinyMCE undo/redo, getContentAPI, resetContentAPI, and Autosave plugin\n", "id": "FreeBSD-2024-0017", "modified": "2024-01-23T00:00:00Z", "published": "2024-01-23T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://github.com/tinymce/tinymce/security/advisories/GHSA-v626-r774-j7f8" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-48219" }, { "type": "WEB", "url": "https://github.com/tinymce/tinymce/security/advisories/GHSA-v626-r774-j7f8" }, { "type": "WEB", "url": "https://github.com/roundcube/roundcubemail/releases/tag/1.6.6" } ], "schema_version": "1.7.0", "summary": "TinyMCE -- mXSS in multiple plugins" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "zeek" }, "ranges": [ { "events": [ { "fixed": "6.0.3" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://github.com/zeek/zeek/releases/tag/v6.0.3" ], "discovery": "2024-01-22T00:00:00Z", "vid": "fedf7e71-61bd-49ec-aaf0-6da14bdbb319" }, "details": "Tim Wojtulewicz of Corelight reports:\n\n> A specially-crafted series of packets containing nested MIME entities\n> can cause Zeek to spend large amounts of time parsing the entities.\n", "id": "FreeBSD-2024-0016", "modified": "2024-01-22T00:00:00Z", "published": "2024-01-22T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://github.com/zeek/zeek/releases/tag/v6.0.3" }, { "type": "WEB", "url": "https://github.com/zeek/zeek/releases/tag/v6.0.3" } ], "schema_version": "1.7.0", "summary": "zeek -- potential DoS vulnerability" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "electron26" }, "ranges": [ { "events": [ { "fixed": "26.6.7" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://github.com/electron/electron/releases/tag/v26.6.7" ], "discovery": "2024-01-18T00:00:00Z", "references": { "cvename": [ "CVE-2024-0519" ] }, "vid": "2264566a-a890-46eb-a895-7881dd220bd0" }, "details": "Electron developers report:\n\n> This update fixes the following vulnerability:\n>\n> - Security: backported fix for CVE-2024-0519.\n", "id": "FreeBSD-2024-0015", "modified": "2024-01-19T00:00:00Z", "published": "2024-01-19T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://github.com/electron/electron/releases/tag/v26.6.7" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-0519" }, { "type": "ADVISORY", "url": "https://github.com/advisories/GHSA-vg6w-jr5m-86c8" } ], "schema_version": "1.7.0", "summary": "electron26 -- Out of bounds memory access in V8" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "electron26" }, "ranges": [ { "events": [ { "fixed": "26.6.6" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "electron27" }, "ranges": [ { "events": [ { "fixed": "27.2.4" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://github.com/electron/electron/releases/tag/v27.2.3" ], "discovery": "2024-01-17T00:00:00Z", "references": { "cvename": [ "CVE-2024-0518", "CVE-2024-0517" ] }, "vid": "a8326b61-eda0-4c03-9a5b-49ebd8f41c1a" }, "details": "Electron developers report:\n\n> This update fixes the following vulnerabilities:\n>\n> - Security: backported fix for CVE-2024-0518.\n> - Security: backported fix for CVE-2024-0517.\n", "id": "FreeBSD-2024-0014", "modified": "2024-01-18T00:00:00Z", "published": "2024-01-17T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://github.com/electron/electron/releases/tag/v27.2.3" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-0518" }, { "type": "ADVISORY", "url": "https://github.com/advisories/GHSA-4pvg-f3m8-ff3j" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-0517" }, { "type": "ADVISORY", "url": "https://github.com/advisories/GHSA-v39r-662x-j524" } ], "schema_version": "1.7.0", "summary": "electron{26,27} -- multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "chromium" }, "ranges": [ { "events": [ { "fixed": "120.0.6099.224" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "ungoogled-chromium" }, "ranges": [ { "events": [ { "fixed": "120.0.6099.224" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://chromereleases.googleblog.com/2024/01/stable-channel-update-for-desktop_16.html" ], "discovery": "2024-01-16T00:00:00Z", "references": { "cvename": [ "CVE-2024-0517", "CVE-2024-0518", "CVE-2024-0519" ] }, "vid": "1bc07be0-b514-11ee-86bb-a8a1599412c6" }, "details": "Chrome Releases reports:\n\n> This update includes 4 security fixes:\n>\n> - \\[1515930\\] High CVE-2024-0517: Out of bounds write in V8. Reported\n> by Toan (suto) Pham of Qrious Secure on 2024-01-06\n> - \\[1507412\\] High CVE-2024-0518: Type Confusion in V8. Reported by\n> Ganjiang Zhou(@refrain_areu) of ChaMd5-H1 team on 2023-12-03\n> - \\[1517354\\] High CVE-2024-0519: Out of bounds memory access in V8.\n> Reported by Anonymous on 2024-01-11\n", "id": "FreeBSD-2024-0013", "modified": "2024-01-17T00:00:00Z", "published": "2024-01-17T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://chromereleases.googleblog.com/2024/01/stable-channel-update-for-desktop_16.html" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-0517" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-0518" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-0519" }, { "type": "WEB", "url": "https://chromereleases.googleblog.com/2024/01/stable-channel-update-for-desktop_16.html" } ], "schema_version": "1.7.0", "summary": "chromium -- multiple security fixes" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "xorg-server" }, "ranges": [ { "events": [ { "fixed": "21.1.11,1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "xephyr" }, "ranges": [ { "events": [ { "fixed": "21.1.11,1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "xorg-vfbserver" }, "ranges": [ { "events": [ { "fixed": "21.1.11,1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "xorg-nextserver" }, "ranges": [ { "events": [ { "fixed": "21.1.11,2" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "xwayland" }, "ranges": [ { "events": [ { "fixed": "23.2.4" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "xwayland-devel" }, "ranges": [ { "events": [ { "fixed": "21.0.99.1.653" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://lists.x.org/archives/xorg/2024-January/061525.html" ], "discovery": "2024-01-16T00:00:00Z", "references": { "cvename": [ "CVE-2023-6816", "CVE-2024-0229", "CVE-2024-21885", "CVE-2024-21886" ] }, "vid": "7467c611-b490-11ee-b903-001fc69cd6dc" }, "details": "The X.Org project reports:\n\n> - CVE-2023-6816: Heap buffer overflow in DeviceFocusEvent and\n> ProcXIQueryPointer\n>\n> Both DeviceFocusEvent and the XIQueryPointer reply contain a bit for\n> each logical button currently down. Buttons can be arbitrarily\n> mapped to any value up to 255 but the X.Org Server was only\n> allocating space for the device\\'s number of buttons, leading to a\n> heap overflow if a bigger value was used.\n>\n> - CVE-2024-0229: Reattaching to different master device may lead to\n> out-of-bounds memory access\n>\n> If a device has both a button class and a key class and numButtons\n> is zero, we can get an out-of-bounds write due to event\n> under-allocation in the DeliverStateNotifyEvent function.\n>\n> - CVE-2024-21885: Heap buffer overflow in XISendDeviceHierarchyEvent\n>\n> The XISendDeviceHierarchyEvent() function allocates space to store\n> up to MAXDEVICES (256) xXIHierarchyInfo structures in info. If a\n> device with a given ID was removed and a new device with the same ID\n> added both in the same operation, the single device ID will lead to\n> two info structures being written to info. Since this case can occur\n> for every device ID at once, a total of two times MAXDEVICES info\n> structures might be written to the allocation, leading to a heap\n> buffer overflow.\n>\n> - CVE-2024-21886: Heap buffer overflow in DisableDevice\n>\n> The DisableDevice() function is called whenever an enabled device is\n> disabled and it moves the device from the inputInfo.devices linked\n> list to the inputInfo.off_devices linked list. However, its\n> link/unlink operation has an issue during the recursive call to\n> DisableDevice() due to the prev pointer pointing to a removed\n> device. This issue leads to a length mismatch between the total\n> number of devices and the number of device in the list, leading to a\n> heap overflow and, possibly, to local privilege escalation.\n", "id": "FreeBSD-2024-0012", "modified": "2024-01-16T00:00:00Z", "published": "2024-01-16T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://lists.x.org/archives/xorg/2024-January/061525.html" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-6816" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-0229" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-21885" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-21886" }, { "type": "WEB", "url": "https://lists.x.org/archives/xorg/2024-January/061525.html" } ], "schema_version": "1.7.0", "summary": "xorg server -- Multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "electron26" }, "ranges": [ { "events": [ { "fixed": "26.6.5" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "electron27" }, "ranges": [ { "events": [ { "fixed": "27.2.2" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://github.com/electron/electron/releases/tag/v26.6.5" ], "discovery": "2024-01-10T00:00:00Z", "references": { "cvename": [ "CVE-2024-0224", "CVE-2024-0225", "CVE-2024-0223", "CVE-2024-0222" ] }, "vid": "28b42ef5-80cd-440c-904b-b7fbca74c73d" }, "details": "Electron developers report:\n\n> This update fixes the following vulnerabilities:\n>\n> - Security: backported fix for CVE-2024-0224.\n> - Security: backported fix for CVE-2024-0225.\n> - Security: backported fix for CVE-2024-0223.\n> - Security: backported fix for CVE-2024-0222.\n", "id": "FreeBSD-2024-0011", "modified": "2024-01-12T00:00:00Z", "published": "2024-01-12T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://github.com/electron/electron/releases/tag/v26.6.5" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-0224" }, { "type": "ADVISORY", "url": "https://github.com/advisories/GHSA-83wx-v283-85g9" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-0225" }, { "type": "ADVISORY", "url": "https://github.com/advisories/GHSA-gqr9-4fcc-c9jq" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-0223" }, { "type": "ADVISORY", "url": "https://github.com/advisories/GHSA-w8x8-g534-x4rp" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-0222" }, { "type": "ADVISORY", "url": "https://github.com/advisories/GHSA-c87c-56pw-mwgh" } ], "schema_version": "1.7.0", "summary": "electron{26,27} -- multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "gitlab-ce" }, "ranges": [ { "events": [ { "introduced": "16.7.0" }, { "fixed": "16.7.2" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "16.6.0" }, { "fixed": "16.6.4" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "8.13.0" }, { "fixed": "16.5.6" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://about.gitlab.com/releases/2024/01/11/critical-security-release-gitlab-16-7-2-released/" ], "discovery": "2024-01-11T00:00:00Z", "references": { "cvename": [ "CVE-2023-7028", "CVE-2023-5356", "CVE-2023-4812", "CVE-2023-6955", "CVE-2023-2030" ] }, "vid": "4c8c2218-b120-11ee-90ec-001b217b3468" }, "details": "Gitlab reports:\n\n> Account Takeover via Password Reset without user interactions\n>\n> Attacker can abuse Slack/Mattermost integrations to execute slash\n> commands as another user\n>\n> Bypass CODEOWNERS approval removal\n>\n> Workspaces able to be created under different root namespace\n>\n> Commit signature validation ignores headers after signature\n", "id": "FreeBSD-2024-0010", "modified": "2024-01-12T00:00:00Z", "published": "2024-01-12T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://about.gitlab.com/releases/2024/01/11/critical-security-release-gitlab-16-7-2-released/" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-7028" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-5356" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-4812" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-6955" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-2030" }, { "type": "WEB", "url": "https://about.gitlab.com/releases/2024/01/11/critical-security-release-gitlab-16-7-2-released/" } ], "schema_version": "1.7.0", "summary": "Gitlab -- vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "openssl" }, "ranges": [ { "events": [ { "fixed": "3.0.12_2,1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "openssl-quictls" }, "ranges": [ { "events": [ { "fixed": "3.0.12_2" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "openssl31" }, "ranges": [ { "events": [ { "fixed": "3.1.4_2" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "openssl31-quictls" }, "ranges": [ { "events": [ { "fixed": "3.1.4_2" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "openssl32" }, "ranges": [ { "events": [ { "fixed": "3.2.0_1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://www.openssl.org/news/secadv/20240109.txt" ], "discovery": "2024-01-09T00:00:00Z", "references": { "cvename": [ "CVE-2023-6129" ] }, "vid": "8337251b-b07b-11ee-b0d7-84a93843eb75" }, "details": "The OpenSSL Team reports:\n\n> The POLY1305 MAC (message authentication code) implementation contains\n> a bug that might corrupt the internal state of applications running on\n> PowerPC CPU based platforms if the CPU provides vector instructions.\n", "id": "FreeBSD-2024-0009", "modified": "2024-01-11T00:00:00Z", "published": "2024-01-11T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://www.openssl.org/news/secadv/20240109.txt" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-6129" }, { "type": "WEB", "url": "https://www.openssl.org/news/secadv/20240109.txt" } ], "schema_version": "1.7.0", "summary": "OpenSSL -- Vector register corruption on PowerPC" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "chromium" }, "ranges": [ { "events": [ { "fixed": "120.0.6099.216" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "ungoogled-chromium" }, "ranges": [ { "events": [ { "fixed": "120.0.6099.216" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://chromereleases.googleblog.com/2024/01/stable-channel-update-for-desktop_9.html" ], "discovery": "2024-01-09T00:00:00Z", "references": { "cvename": [ "CVE-2024-0333" ] }, "vid": "ec8e4040-afcd-11ee-86bb-a8a1599412c6" }, "details": "Chrome Releases reports:\n\n> This update includes 1 security fix:\n>\n> - \\[1513379\\] High CVE-2024-0333: Insufficient data validation in\n> Extensions. Reported by Malcolm Stagg (@malcolmst) of SODIUM-24, LLC\n> on 2023-12-20\n", "id": "FreeBSD-2024-0008", "modified": "2024-01-10T00:00:00Z", "published": "2024-01-10T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://chromereleases.googleblog.com/2024/01/stable-channel-update-for-desktop_9.html" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-0333" }, { "type": "WEB", "url": "https://chromereleases.googleblog.com/2024/01/stable-channel-update-for-desktop_9.html" } ], "schema_version": "1.7.0", "summary": "chromium -- security fix" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "qt5-network" }, "ranges": [ { "events": [ { "fixed": "5.15.12p148_1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "qt6-base" }, "ranges": [ { "events": [ { "fixed": "6.6.1_2" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://www.qt.io/blog/security-advisory-potential-integer-overflow-in-qts-http2-implementation" ], "discovery": "2023-12-14T00:00:00Z", "references": { "cvename": [ "CVE-2023-51714" ] }, "vid": "e2f981f1-ad9e-11ee-8b55-4ccc6adda413" }, "details": "Andy Shaw reports:\n\n> A potential integer overflow has been discovered in Qt\\'s HTTP2\n> implementation. If the HTTP2 implementation receives more than 4GiB in\n> total headers, or more than 2GiB for any given header pair, then the\n> internal buffers may overflow.\n", "id": "FreeBSD-2024-0007", "modified": "2024-01-07T00:00:00Z", "published": "2024-01-07T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://www.qt.io/blog/security-advisory-potential-integer-overflow-in-qts-http2-implementation" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-51714" }, { "type": "WEB", "url": "https://www.qt.io/blog/security-advisory-potential-integer-overflow-in-qts-http2-implementation" } ], "schema_version": "1.7.0", "summary": "QtNetwork -- potential buffer overflow" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "mantis-php74" }, "ranges": [ { "events": [ { "fixed": "2.25.8,1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "mantis-php80" }, "ranges": [ { "events": [ { "fixed": "2.25.8,1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "mantis-php81" }, "ranges": [ { "events": [ { "fixed": "2.25.8,1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "mantis-php82" }, "ranges": [ { "events": [ { "fixed": "2.25.8,1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "mantis-php83" }, "ranges": [ { "events": [ { "fixed": "2.25.8,1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://mantisbt.org/bugs/changelog_page.php?version_id=370" ], "discovery": "2023-10-14T00:00:00Z", "references": { "cvename": [ "CVE-2023-29197", "CVE-2023-44394" ] }, "vid": "1f0d0024-ac9c-11ee-8e91-1c697a013f4b" }, "details": "Mantis 2.25.8 release reports:\n\n> Security and maintenance release\n>\n> - 0032432: Update guzzlehttp/psr7 to 1.9.1 (CVE-2023-29197)\n> - 0032981: Information Leakage on DokuWiki Integration\n> (CVE-2023-44394)\n", "id": "FreeBSD-2024-0006", "modified": "2024-01-06T00:00:00Z", "published": "2024-01-06T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://mantisbt.org/bugs/changelog_page.php?version_id=370" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-29197" }, { "type": "ADVISORY", "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29197" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-44394" }, { "type": "ADVISORY", "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-44394" } ], "schema_version": "1.7.0", "summary": "mantis -- multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "chromium" }, "ranges": [ { "events": [ { "fixed": "120.0.6099.199" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "ungoogled-chromium" }, "ranges": [ { "events": [ { "fixed": "120.0.6099.199" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://chromereleases.googleblog.com/2024/01/stable-channel-update-for-desktop.html" ], "discovery": "2024-01-03T00:00:00Z", "references": { "cvename": [ "CVE-2024-0222", "CVE-2024-0223", "CVE-2024-0224", "CVE-2024-0225" ] }, "vid": "3ee577a9-aad4-11ee-86bb-a8a1599412c6" }, "details": "Chrome Releases reports:\n\n> This update includes 6 security fixes:\n>\n> - \\[1501798\\] High CVE-2024-0222: Use after free in ANGLE. Reported by\n> Toan (suto) Pham of Qrious Secure on 2023-11-13\n> - \\[1505009\\] High CVE-2024-0223: Heap buffer overflow in ANGLE.\n> Reported by Toan (suto) Pham and Tri Dang of Qrious Secure on\n> 2023-11-24\n> - \\[1505086\\] High CVE-2024-0224: Use after free in WebAudio. Reported\n> by Huang Xilin of Ant Group Light-Year Security Lab on 2023-11-25\n> - \\[1506923\\] High CVE-2024-0225: Use after free in WebGPU. Reported\n> by Anonymous on 2023-12-01\n", "id": "FreeBSD-2024-0005", "modified": "2024-01-04T00:00:00Z", "published": "2024-01-04T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://chromereleases.googleblog.com/2024/01/stable-channel-update-for-desktop.html" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-0222" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-0223" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-0224" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2024-0225" }, { "type": "WEB", "url": "https://chromereleases.googleblog.com/2024/01/stable-channel-update-for-desktop.html" } ], "schema_version": "1.7.0", "summary": "chromium -- multiple security fixes" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "electron27" }, "ranges": [ { "events": [ { "fixed": "27.2.1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://github.com/electron/electron/releases/tag/v27.2.1" ], "discovery": "2024-01-04T00:00:00Z", "references": { "cvename": [ "CVE-2023-6706", "CVE-2023-6705", "CVE-2023-6703", "CVE-2023-6702", "CVE-2023-6704" ] }, "vid": "d1b20e09-dbdf-432b-83c7-89f0af76324a" }, "details": "Electron developers report:\n\n> This update fixes the following vulnerabilities:\n>\n> - Security: backported fix for CVE-2023-6706.\n> - Security: backported fix for CVE-2023-6705.\n> - Security: backported fix for CVE-2023-6703.\n> - Security: backported fix for CVE-2023-6702.\n> - Security: backported fix for CVE-2023-6704.\n", "id": "FreeBSD-2024-0004", "modified": "2024-01-04T00:00:00Z", "published": "2024-01-04T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://github.com/electron/electron/releases/tag/v27.2.1" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-6706" }, { "type": "ADVISORY", "url": "https://github.com/advisories/GHSA-jqrg-rvpw-5fw5" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-6705" }, { "type": "ADVISORY", "url": "https://github.com/advisories/GHSA-h27f-fw5q-c2gh" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-6703" }, { "type": "ADVISORY", "url": "https://github.com/advisories/GHSA-9v72-359m-2vx4" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-6702" }, { "type": "ADVISORY", "url": "https://github.com/advisories/GHSA-7hjc-c62g-4w73" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-6704" }, { "type": "ADVISORY", "url": "https://github.com/advisories/GHSA-587x-fmc5-99p9" } ], "schema_version": "1.7.0", "summary": "electron27 -- multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "electron26" }, "ranges": [ { "events": [ { "fixed": "26.6.4" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://github.com/electron/electron/releases/tag/v26.6.4" ], "discovery": "2024-01-04T00:00:00Z", "references": { "cvename": [ "CVE-2023-6704", "CVE-2023-6705", "CVE-2023-6703", "CVE-2023-6702" ] }, "vid": "0cee4f9c-5efb-4770-b917-f4e4569e8bec" }, "details": "Electron developers report:\n\n> This update fixes the following vulnerabilities:\n>\n> - Security: backported fix for CVE-2023-6704.\n> - Security: backported fix for CVE-2023-6705.\n> - Security: backported fix for CVE-2023-6703.\n> - Security: backported fix for CVE-2023-6702.\n", "id": "FreeBSD-2024-0003", "modified": "2024-01-04T00:00:00Z", "published": "2024-01-04T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://github.com/electron/electron/releases/tag/v26.6.4" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-6704" }, { "type": "ADVISORY", "url": "https://github.com/advisories/GHSA-587x-fmc5-99p9" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-6705" }, { "type": "ADVISORY", "url": "https://github.com/advisories/GHSA-h27f-fw5q-c2gh" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-6703" }, { "type": "ADVISORY", "url": "https://github.com/advisories/GHSA-9v72-359m-2vx4" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-6702" }, { "type": "ADVISORY", "url": "https://github.com/advisories/GHSA-7hjc-c62g-4w73" } ], "schema_version": "1.7.0", "summary": "electron26 -- multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "FreeBSD" }, "ranges": [ { "events": [ { "introduced": "14.0" }, { "fixed": "14.0_4" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "13.2" }, { "fixed": "13.2_9" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "discovery": "2023-12-19T00:00:00Z", "references": { "cvename": [ "CVE-2023-48795" ], "freebsdsa": [ "SA-23:19.openssh" ] }, "vid": "13d83980-9f18-11ee-8e38-002590c1f29c" }, "details": "# Problem Description:\n\nThe SSH protocol executes an initial handshake between the server and\nthe client. This protocol handshake includes the possibility of several\nextensions allowing different options to be selected. Validation of the\npackets in the handshake is done through sequence numbers.\n\n# Impact:\n\nA man in the middle attacker can silently manipulate handshake messages\nto truncate extension negotiation messages potentially leading to less\nsecure client authentication algorithms or deactivating keystroke timing\nattack countermeasures.\n", "id": "FreeBSD-2024-0002", "modified": "2024-01-02T00:00:00Z", "published": "2024-01-02T00:00:00Z", "references": [ { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-48795" }, { "type": "ADVISORY", "url": "https://www.freebsd.org/security/advisories/FreeBSD-SA-23:19.openssh.asc" } ], "schema_version": "1.7.0", "summary": "FreeBSD -- Prefix Truncation Attack in the SSH protocol" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "gitea" }, "ranges": [ { "events": [ { "fixed": "1.21.5" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "discovery": "2024-01-24T00:00:00Z", "vid": "bd7592a1-cbfd-11ee-a42a-5404a6f3ca32" }, "details": "# Problem Description:\n\nEven with RequireSignInView enabled, anonymous users can use docker pull\nto fetch public images.\n", "id": "FreeBSD-2024-0001", "modified": "2024-02-15T00:00:00Z", "published": "2024-02-15T00:00:00Z", "references": [ { "type": "WEB", "url": "https://blog.gitea.com/release-of-1.21.5/" } ], "schema_version": "1.7.0", "summary": "gitea -- Prevent anonymous container access" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "glpi" }, "ranges": [ { "events": [ { "fixed": "10.0.10,1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://github.com/glpi-project/glpi/releases/tag/10.0.10" ], "discovery": "2023-09-27T00:00:00Z", "references": { "cvename": [ "CVE-2023-42802" ] }, "vid": "10e86b16-6836-11ee-b06f-0050569ceb3a" }, "details": "From the GLPI 10.0.10 Changelog:\n\n> You will find below security issues fixed in this bugfixes version:\n> \\[SECURITY - Critical\\] Unallowed PHP script execution\n> (CVE-2023-42802).\n\nThe mentioned CVE is invalid\n", "id": "FreeBSD-2023-0387", "modified": "2023-10-11T00:00:00Z", "published": "2023-10-11T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://github.com/glpi-project/glpi/releases/tag/10.0.10" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-42802" }, { "type": "WEB", "url": "https://github.com/glpi-project/glpi/releases/tag/10.0.10" } ], "schema_version": "1.7.0", "summary": "Unallowed PHP script execution in GLPI" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "glpi" }, "ranges": [ { "events": [ { "introduced": "10.0.8,1" }, { "fixed": "10.0.10,1" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://github.com/glpi-project/glpi/security/advisories/GHSA-x3jp-69f2-p84w" ], "discovery": "2023-09-27T00:00:00Z", "references": { "cvename": [ "CVE-2023-42461" ] }, "vid": "894f2491-6834-11ee-b06f-0050569ceb3a" }, "details": "security-advisories@github.com reports:\n\n> GLPI stands for Gestionnaire Libre de Parc Informatique is a Free\n> Asset and IT Management Software package, that provides ITIL Service\n> Desk features, licenses tracking and software auditing. The ITIL\n> actors input field from the Ticket form can be used to perform a SQL\n> injection. Users are advised to upgrade to version 10.0.10. There are\n> no known workarounds for this vulnerability.\n", "id": "FreeBSD-2023-0386", "modified": "2023-10-11T00:00:00Z", "published": "2023-10-11T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://github.com/glpi-project/glpi/security/advisories/GHSA-x3jp-69f2-p84w" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-42461" }, { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-42461" } ], "schema_version": "1.7.0", "summary": "glpi-project -- SQL injection in ITIL actors in GLPI" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "glpi" }, "ranges": [ { "events": [ { "introduced": "10.0.8,1" }, { "fixed": "10.0.10,1" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://github.com/glpi-project/glpi/security/advisories/GHSA-2hcg-75jj-hghp" ], "discovery": "2023-09-27T00:00:00Z", "references": { "cvename": [ "CVE-2023-41888" ] }, "vid": "54e5573a-6834-11ee-b06f-0050569ceb3a" }, "details": "security-advisories@github.com reports:\n\n> GLPI stands for Gestionnaire Libre de Parc Informatique is a Free\n> Asset and IT Management Software package, that provides ITIL Service\n> Desk features, licenses tracking and software auditing. The lack of\n> path filtering on the GLPI URL may allow an attacker to transmit a\n> malicious URL of login page that can be used to attempt a phishing\n> attack on user credentials. Users are advised to upgrade to version\n> 10.0.10. There are no known workarounds for this vulnerability.\n", "id": "FreeBSD-2023-0385", "modified": "2023-10-11T00:00:00Z", "published": "2023-10-11T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://github.com/glpi-project/glpi/security/advisories/GHSA-2hcg-75jj-hghp" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-41888" }, { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-41888" } ], "schema_version": "1.7.0", "summary": "Phishing through a login page malicious URL in GLPI" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "glpi" }, "ranges": [ { "events": [ { "fixed": "10.0.10,1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://github.com/glpi-project/glpi/security/advisories/GHSA-5cf4-6q6r-49x9" ], "discovery": "2023-09-27T00:00:00Z", "references": { "cvename": [ "CVE-2023-41323" ] }, "vid": "20302cbc-6834-11ee-b06f-0050569ceb3a" }, "details": "security-advisories@github.com reports:\n\n> GLPI stands for Gestionnaire Libre de Parc Informatique is a Free\n> Asset and IT Management Software package, that provides ITIL Service\n> Desk features, licenses tracking and software auditing. An\n> unauthenticated user can enumerate users logins. Users are advised to\n> upgrade to version 10.0.10. There are no known workarounds for this\n> vulnerability.\n", "id": "FreeBSD-2023-0384", "modified": "2023-10-11T00:00:00Z", "published": "2023-10-11T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://github.com/glpi-project/glpi/security/advisories/GHSA-5cf4-6q6r-49x9" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-41323" }, { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-41323" } ], "schema_version": "1.7.0", "summary": "Users login enumeration by unauthenticated user in GLPI" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "glpi" }, "ranges": [ { "events": [ { "introduced": "9.1.0,1" }, { "fixed": "10.0.10,1" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://github.com/glpi-project/glpi/security/advisories/GHSA-9j8m-7563-8xvr" ], "discovery": "2023-09-27T00:00:00Z", "references": { "cvename": [ "CVE-2023-41322" ] }, "vid": "ae8b1445-6833-11ee-b06f-0050569ceb3a" }, "details": "security-advisories@github.com reports:\n\n> GLPI stands for Gestionnaire Libre de Parc Informatique is a Free\n> Asset and IT Management Software package, that provides ITIL Service\n> Desk features, licenses tracking and software auditing. A user with\n> write access to another user can make requests to change the latter\\'s\n> password and then take control of their account. Users are advised to\n> upgrade to version 10.0.10. There are no known work around for this\n> vulnerability.\n", "id": "FreeBSD-2023-0383", "modified": "2023-10-11T00:00:00Z", "published": "2023-10-11T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://github.com/glpi-project/glpi/security/advisories/GHSA-9j8m-7563-8xvr" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-41322" }, { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-41322" } ], "schema_version": "1.7.0", "summary": "Privilege Escalation from technician to super-admin in GLPI" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "glpi" }, "ranges": [ { "events": [ { "introduced": "9.1.1,1" }, { "fixed": "10.0.10,1" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://github.com/glpi-project/glpi/security/advisories/GHSA-3fxw-j5rj-w836" ], "discovery": "2023-09-27T00:00:00Z", "references": { "cvename": [ "CVE-2023-41321" ] }, "vid": "6851f3bb-6833-11ee-b06f-0050569ceb3a" }, "details": "security-advisories@github.com reports:\n\n> GLPI stands for Gestionnaire Libre de Parc Informatique is a Free\n> Asset and IT Management Software package, that provides ITIL Service\n> Desk features, licenses tracking and software auditing. An API user\n> can enumerate sensitive fields values on resources on which he has\n> read access. Users are advised to upgrade to version 10.0.10. There\n> are no known workarounds for this vulnerability.\n", "id": "FreeBSD-2023-0382", "modified": "2023-10-11T00:00:00Z", "published": "2023-10-11T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://github.com/glpi-project/glpi/security/advisories/GHSA-3fxw-j5rj-w836" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-41321" }, { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-41321" } ], "schema_version": "1.7.0", "summary": "Sensitive fields enumeration through API in GLPI" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "glpi" }, "ranges": [ { "events": [ { "introduced": "10.0.0,1" }, { "fixed": "10.0.10,1" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://github.com/glpi-project/glpi/security/advisories/GHSA-hm76-jh96-7j75" ], "discovery": "2023-09-27T00:00:00Z", "references": { "cvename": [ "CVE-2023-42462" ] }, "vid": "df71f5aa-6831-11ee-b06f-0050569ceb3a" }, "details": "security-advisories@github.com reports:\n\n> GLPI stands for Gestionnaire Libre de Parc Informatique is a Free\n> Asset and IT Management Software package, that provides ITIL Service\n> Desk features, licenses tracking and software auditing. The document\n> upload process can be diverted to delete some files. Users are advised\n> to upgrade to version 10.0.10. There are no known workarounds for this\n> vulnerability.\n", "id": "FreeBSD-2023-0381", "modified": "2023-10-11T00:00:00Z", "published": "2023-10-11T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://github.com/glpi-project/glpi/security/advisories/GHSA-hm76-jh96-7j75" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-42462" }, { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-42462" } ], "schema_version": "1.7.0", "summary": "File deletion through document upload process in GLPI" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "glpi" }, "ranges": [ { "events": [ { "introduced": "9.3.0,1" }, { "fixed": "10.0.10,1" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://github.com/glpi-project/glpi/security/advisories/GHSA-58wj-8jhx-jpm3" ], "discovery": "2023-09-27T00:00:00Z", "references": { "cvename": [ "CVE-2023-41324" ] }, "vid": "95c4ec45-6831-11ee-b06f-0050569ceb3a" }, "details": "security-advisories@github.com reports:\n\n> GLPI stands for Gestionnaire Libre de Parc Informatique is a Free\n> Asset and IT Management Software package, that provides ITIL Service\n> Desk features, licenses tracking and software auditing. An API user\n> that have read access on users resource can steal accounts of other\n> users. Users are advised to upgrade to version 10.0.10. There are no\n> known workarounds for this vulnerability.\n", "id": "FreeBSD-2023-0380", "modified": "2023-10-11T00:00:00Z", "published": "2023-10-11T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://github.com/glpi-project/glpi/security/advisories/GHSA-58wj-8jhx-jpm3" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-41324" }, { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-41324" } ], "schema_version": "1.7.0", "summary": "Account takeover through API in GLPI" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "glpi" }, "ranges": [ { "events": [ { "introduced": "9.5.0,1" }, { "fixed": "10.0.10,1" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://github.com/glpi-project/glpi/security/advisories/GHSA-5wj6-hp4c-j5q9" ], "discovery": "2023-09-27T00:00:00Z", "references": { "cvename": [ "CVE-2023-41326" ] }, "vid": "040e69f1-6831-11ee-b06f-0050569ceb3a" }, "details": "security-advisories@github.com reports:\n\n> GLPI stands for Gestionnaire Libre de Parc Informatique is a Free\n> Asset and IT Management Software package, that provides ITIL Service\n> Desk features, licenses tracking and software auditing. A logged user\n> from any profile can hijack the Kanban feature to alter any user\n> field, and end-up with stealing its account. Users are advised to\n> upgrade to version 10.0.10. There are no known workarounds for this\n> vulnerability.\n", "id": "FreeBSD-2023-0379", "modified": "2023-10-11T00:00:00Z", "published": "2023-10-11T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://github.com/glpi-project/glpi/security/advisories/GHSA-5wj6-hp4c-j5q9" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-41326" }, { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-41326" } ], "schema_version": "1.7.0", "summary": "Account takeover via Kanban feature in GLPI" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "glpi" }, "ranges": [ { "events": [ { "introduced": "10.0.0,1" }, { "fixed": "10.0.10,1" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://github.com/glpi-project/glpi/security/advisories/GHSA-mv2r-gpw3-g476" ], "discovery": "2023-09-27T00:00:00Z", "references": { "cvename": [ "CVE-2023-41320" ] }, "vid": "6f6518ab-6830-11ee-b06f-0050569ceb3a" }, "details": "security-advisories@github.com reports:\n\n> GLPI stands for Gestionnaire Libre de Parc Informatique is a Free\n> Asset and IT Management Software package, that provides ITIL Service\n> Desk features, licenses tracking and software auditing. UI layout\n> preferences management can be hijacked to lead to SQL injection. This\n> injection can be use to takeover an administrator account. Users are\n> advised to upgrade to version 10.0.10. There are no known workarounds\n> for this vulnerability.\n", "id": "FreeBSD-2023-0378", "modified": "2023-10-11T00:00:00Z", "published": "2023-10-11T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://github.com/glpi-project/glpi/security/advisories/GHSA-mv2r-gpw3-g476" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-41320" }, { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-41320" } ], "schema_version": "1.7.0", "summary": "Account takeover via SQL Injection in UI layout preferences in GLPI" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "glpi" }, "ranges": [ { "events": [ { "introduced": "9.5.0,1" }, { "fixed": "10.0.9,1" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://github.com/glpi-project/glpi/releases/tag/10.0.9" ], "discovery": "2023-07-13T00:00:00Z", "references": { "cvename": [ "CVE-2023-37278" ] }, "vid": "257e1bf0-682f-11ee-b06f-0050569ceb3a" }, "details": "security-advisories@github.com reports:\n\n> GLPI is a Free Asset and IT Management Software package, Data center\n> management, ITIL Service Desk, licenses tracking and software\n> auditing. An administrator can trigger SQL injection via dashboards\n> administration. This vulnerability has been patched in version 10.0.9.\n", "id": "FreeBSD-2023-0377", "modified": "2023-10-11T00:00:00Z", "published": "2023-10-11T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://github.com/glpi-project/glpi/releases/tag/10.0.9" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-37278" }, { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-37278" } ], "schema_version": "1.7.0", "summary": "GLPI vulnerable to SQL injection via dashboard administration" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "glpi" }, "ranges": [ { "events": [ { "fixed": "10.0.8,1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://github.com/glpi-project/glpi/releases/tag/10.0.8" ], "discovery": "2023-07-05T00:00:00Z", "references": { "cvename": [ "CVE-2023-34106" ] }, "vid": "40173815-6827-11ee-b06f-0050569ceb3a" }, "details": "security-advisories@github.com reports:\n\n> GLPI is a free asset and IT management software package. Versions of\n> the software starting with 0.68 and prior to 10.0.8 have an incorrect\n> rights check on a on a file accessible by an authenticated user. This\n> allows access to the list of all users and their personal information.\n> Users should upgrade to version 10.0.8 to receive a patch.\n", "id": "FreeBSD-2023-0376", "modified": "2023-10-11T00:00:00Z", "published": "2023-10-11T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://github.com/glpi-project/glpi/releases/tag/10.0.8" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-34106" }, { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-34106" } ], "schema_version": "1.7.0", "summary": "GLPI vulnerable to unauthorized access to User data" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "glpi" }, "ranges": [ { "events": [ { "introduced": "9.2.0,1" }, { "fixed": "10.0.8,1" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://github.com/glpi-project/glpi/releases/tag/10.0.8" ], "discovery": "2023-07-05T00:00:00Z", "references": { "cvename": [ "CVE-2023-34107" ] }, "vid": "1fe40200-6823-11ee-b06f-0050569ceb3a" }, "details": "security-advisories@github.com reports:\n\n> GLPI is a free asset and IT management software package. Versions of\n> the software starting with 9.2.0 and prior to 10.0.8 have an incorrect\n> rights check on a on a file accessible by an authenticated user,\n> allows access to the view all KnowbaseItems. Version 10.0.8 has a\n> patch for this issue.\n", "id": "FreeBSD-2023-0375", "modified": "2023-10-11T00:00:00Z", "published": "2023-10-11T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://github.com/glpi-project/glpi/releases/tag/10.0.8" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-34107" }, { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-34107" } ], "schema_version": "1.7.0", "summary": "GLPI vulnerable to unauthorized access to KnowbaseItem data" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "glpi" }, "ranges": [ { "events": [ { "introduced": "9.4.0,1" }, { "fixed": "10.0.8,1" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://github.com/glpi-project/glpi/releases/tag/10.0.8" ], "discovery": "2023-07-05T00:00:00Z", "references": { "cvename": [ "CVE-2023-34244" ] }, "vid": "b14a6ddc-6821-11ee-b06f-0050569ceb3a" }, "details": "security-advisories@github.com reports:\n\n> GLPI is a free asset and IT management software package. Starting in\n> version 9.4.0 and prior to version 10.0.8, a malicious link can be\n> crafted by an unauthenticated user that can exploit a reflected XSS in\n> case any authenticated user opens the crafted link. Users should\n> upgrade to version 10.0.8 to receive a patch.\n", "id": "FreeBSD-2023-0374", "modified": "2023-10-11T00:00:00Z", "published": "2023-10-11T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://github.com/glpi-project/glpi/releases/tag/10.0.8" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-34244" }, { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-34244" } ], "schema_version": "1.7.0", "summary": "GLPI vulnerable to reflected XSS in search pages" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "glpi" }, "ranges": [ { "events": [ { "introduced": "9.5.0,1" }, { "fixed": "10.0.8,1" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://github.com/glpi-project/glpi/releases/tag/10.0.8" ], "discovery": "2023-07-05T00:00:00Z", "references": { "cvename": [ "CVE-2023-35940" ] }, "vid": "95fde6bc-6821-11ee-b06f-0050569ceb3a" }, "details": "security-advisories@github.com reports:\n\n> GLPI is a free asset and IT management software package. Starting in\n> version 9.5.0 and prior to version 10.0.8, an incorrect rights check\n> on a file allows an unauthenticated user to be able to access\n> dashboards data. Version 10.0.8 contains a patch for this issue.\n", "id": "FreeBSD-2023-0373", "modified": "2023-10-11T00:00:00Z", "published": "2023-10-11T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://github.com/glpi-project/glpi/releases/tag/10.0.8" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-35940" }, { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-35940" } ], "schema_version": "1.7.0", "summary": "GLPI vulnerable to unauthenticated access to Dashboard data" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "glpi" }, "ranges": [ { "events": [ { "introduced": "9.5.0,1" }, { "fixed": "10.0.8,1" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://github.com/glpi-project/glpi/releases/tag/10.0.8" ], "discovery": "2023-07-05T00:00:00Z", "references": { "cvename": [ "CVE-2023-35939" ] }, "vid": "717efd8a-6821-11ee-b06f-0050569ceb3a" }, "details": "security-advisories@github.com reports:\n\n> GLPI is a free asset and IT management software package. Starting in\n> version 9.5.0 and prior to version 10.0.8, an incorrect rights check\n> on a on a file accessible by an authenticated user (or not for certain\n> actions), allows a threat actor to interact, modify, or see Dashboard\n> data. Version 10.0.8 contains a patch for this issue.\n", "id": "FreeBSD-2023-0372", "modified": "2023-10-11T00:00:00Z", "published": "2023-10-11T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://github.com/glpi-project/glpi/releases/tag/10.0.8" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-35939" }, { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-35939" } ], "schema_version": "1.7.0", "summary": "GLPI vulnerable to unauthorized access to Dashboard data" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "glpi" }, "ranges": [ { "events": [ { "fixed": "10.0.8,1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://github.com/glpi-project/glpi/releases/tag/10.0.8" ], "discovery": "2023-07-05T00:00:00Z", "references": { "cvename": [ "CVE-2023-36808" ] }, "vid": "548a4163-6821-11ee-b06f-0050569ceb3a" }, "details": "security-advisories@github.com reports:\n\n> GLPI is a free asset and IT management software package. Starting in\n> version 0.80 and prior to version 10.0.8, Computer Virtual Machine\n> form and GLPI inventory request can be used to perform a SQL injection\n> attack. Version 10.0.8 has a patch for this issue. As a workaround,\n> one may disable native inventory.\n", "id": "FreeBSD-2023-0371", "modified": "2023-10-11T00:00:00Z", "published": "2023-10-11T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://github.com/glpi-project/glpi/releases/tag/10.0.8" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-36808" }, { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-36808" } ], "schema_version": "1.7.0", "summary": "GLPI vulnerable to SQL injection through Computer Virtual Machine information" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "glpi" }, "ranges": [ { "events": [ { "introduced": "10.0.0,1" }, { "fixed": "10.0.8,1" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://github.com/glpi-project/glpi/releases/tag/10.0.8" ], "discovery": "2023-07-05T00:00:00Z", "references": { "cvename": [ "CVE-2023-35924" ] }, "vid": "e44e5ace-6820-11ee-b06f-0050569ceb3a" }, "details": "security-advisories@github.com reports:\n\n> GLPI is a free asset and IT management software package. Starting in\n> version 10.0.0 and prior to version 10.0.8, GLPI inventory endpoint\n> can be used to drive a SQL injection attack. By default, GLPI\n> inventory endpoint requires no authentication. Version 10.0.8 has a\n> patch for this issue. As a workaround, one may disable native\n> inventory.\n", "id": "FreeBSD-2023-0370", "modified": "2023-10-11T00:00:00Z", "published": "2023-10-11T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://github.com/glpi-project/glpi/releases/tag/10.0.8" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-35924" }, { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-35924" } ], "schema_version": "1.7.0", "summary": "GLPI vulnerable to SQL injection via inventory agent request" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "electron26" }, "ranges": [ { "events": [ { "fixed": "26.6.3" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "electron27" }, "ranges": [ { "events": [ { "fixed": "27.2.0" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://github.com/electron/electron/releases/tag/v26.6.3" ], "discovery": "2023-12-21T00:00:00Z", "references": { "cvename": [ "CVE-2023-6508", "CVE-2023-7024" ] }, "vid": "7015ab21-9230-490f-a2fe-f7557e3de25d" }, "details": "Electron developers report:\n\n> This update fixes the following vulnerabilities:\n>\n> - Security: backported fix for CVE-2023-6508.\n> - Security: backported fix for CVE-2023-7024.\n", "id": "FreeBSD-2023-0369", "modified": "2023-12-22T00:00:00Z", "published": "2023-12-22T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://github.com/electron/electron/releases/tag/v26.6.3" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-6508" }, { "type": "ADVISORY", "url": "https://github.com/advisories/GHSA-3pr6-6r34-c98x" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-7024" }, { "type": "ADVISORY", "url": "https://github.com/advisories/GHSA-7c6v-f3h8-2x89" } ], "schema_version": "1.7.0", "summary": "electron{26,27} -- multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "gitea" }, "ranges": [ { "events": [ { "fixed": "1.21.3" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://github.com/go-gitea/gitea/pull/28519" ], "discovery": "2023-12-19T00:00:00Z", "vid": "b2765c89-a052-11ee-bed2-596753f1a87c" }, "details": "The Gitea team reports:\n\n> Update golang.org/x/crypto\n", "id": "FreeBSD-2023-0368", "modified": "2023-12-21T00:00:00Z", "published": "2023-12-21T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://github.com/go-gitea/gitea/pull/28519" }, { "type": "WEB", "url": "https://github.com/go-gitea/gitea/releases/tag/v1.21.3" } ], "schema_version": "1.7.0", "summary": "gitea -- Prefix Truncation Attack against ChaCha20-Poly1305 and Encrypt-then-MAC aka Terrapin" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "gitea" }, "ranges": [ { "events": [ { "fixed": "1.21.2" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://github.com/go-gitea/gitea/pull/28406", "https://github.com/go-gitea/gitea/pull/28423" ], "discovery": "2023-08-30T00:00:00Z", "vid": "482bb980-99a3-11ee-b5f7-6bd56600d90c" }, "details": "The Gitea team reports:\n\n> Fix missing check\n\n> Do some missing checks\n\nBy crafting an API request, attackers can access the contents of issues\neven though the logged-in user does not have access rights to these\nissues.\n", "id": "FreeBSD-2023-0367", "modified": "2023-09-10T00:00:00Z", "published": "2023-09-10T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://github.com/go-gitea/gitea/pull/28406" }, { "type": "REPORT", "url": "https://github.com/go-gitea/gitea/pull/28423" }, { "type": "WEB", "url": "https://github.com/go-gitea/gitea/releases/tag/v1.21.2" } ], "schema_version": "1.7.0", "summary": "gitea -- missing permission checks" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "nebula" }, "ranges": [ { "events": [ { "fixed": "1.8.1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://github.com/slackhq/nebula/releases/tag/v1.8.1" ], "discovery": "2023-10-16T00:00:00Z", "references": { "cvename": [ "CVE-2023-48795" ] }, "vid": "0f7598cc-9fe2-11ee-b47f-901b0e9408dc" }, "details": "Upstream reports:\n\n> Security fix:\n>\n> - Update golang.org/x/crypto, which includes a fix for CVE-2023-48795.\n", "id": "FreeBSD-2023-0366", "modified": "2023-12-19T00:00:00Z", "published": "2023-12-19T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://github.com/slackhq/nebula/releases/tag/v1.8.1" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-48795" }, { "type": "WEB", "url": "https://www.openssh.com/txt/release-9.6" }, { "type": "WEB", "url": "https://github.com/golang/crypto/commit/9d2ee975ef9fe627bf0a6f01c1f69e8ef1d4f05d" }, { "type": "WEB", "url": "https://terrapin-attack.com/" } ], "schema_version": "1.7.0", "summary": "nebula -- security fix for terrapin vulnerability" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "chromium" }, "ranges": [ { "events": [ { "fixed": "120.0.6099.129" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "ungoogled-chromium" }, "ranges": [ { "events": [ { "fixed": "120.0.6099.129" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://chromereleases.googleblog.com/2023/12/stable-channel-update-for-desktop_20.html" ], "discovery": "2023-12-20T00:00:00Z", "references": { "cvename": [ "CVE-2023-7024" ] }, "vid": "1b2a8e8a-9fd5-11ee-86bb-a8a1599412c6" }, "details": "Chrome Releases reports:\n\n> This update includes 1 security fix:\n>\n> - \\[1513170\\] High CVE-2023-7024: Heap buffer overflow in WebRTC.\n> Reported by Cl\u00e9ment Lecigne and Vlad Stolyarov of Google\\'s Threat\n> Analysis Group on 2023-12-19\n", "id": "FreeBSD-2023-0365", "modified": "2023-12-21T00:00:00Z", "published": "2023-12-21T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://chromereleases.googleblog.com/2023/12/stable-channel-update-for-desktop_20.html" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-7024" }, { "type": "WEB", "url": "https://chromereleases.googleblog.com/2023/12/stable-channel-update-for-desktop_20.html" } ], "schema_version": "1.7.0", "summary": "chromium -- security fix" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "putty" }, "ranges": [ { "events": [ { "fixed": "0.80" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "putty-nogtk" }, "ranges": [ { "events": [ { "fixed": "0.80" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://lists.tartarus.org/pipermail/putty-announce/2023/000037.html" ], "discovery": "2023-10-16T00:00:00Z", "references": { "cvename": [ "CVE-2023-48795" ] }, "vid": "91955195-9ebb-11ee-bc14-a703705db3a6" }, "details": "Simon Tatham reports:\n\n> PuTTY version 0.80 \\[contains\\] one security fix \\[\\...\\] for a newly\n> discovered security issue known as the \\'Terrapin\\' attack, also\n> numbered CVE-2023-48795. The issue affects widely-used OpenSSH\n> extensions to the SSH protocol: the ChaCha20+Poly1305 cipher system,\n> and \\'encrypt-then-MAC\\' mode.\n>\n> In order to benefit from the fix, you must be using a fixed version of\n> PuTTY \\_and\\_ a server with the fix, so that they can agree to adopt a\n> modified version of the protocol. \\[\\...\\]\n", "id": "FreeBSD-2023-0364", "modified": "2023-12-19T00:00:00Z", "published": "2023-12-19T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://lists.tartarus.org/pipermail/putty-announce/2023/000037.html" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-48795" }, { "type": "WEB", "url": "https://lists.tartarus.org/pipermail/putty-announce/2023/000037.html" }, { "type": "WEB", "url": "https://www.openssh.com/txt/release-9.6" }, { "type": "WEB", "url": "https://www.chiark.greenend.org.uk/~sgtatham/putty/changes.html" }, { "type": "WEB", "url": "https://terrapin-attack.com/" } ], "schema_version": "1.7.0", "summary": "putty -- add protocol extension against 'Terrapin attack'" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "slurm-wlm" }, "ranges": [ { "events": [ { "fixed": "23.11.1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://www.schedmd.com/news.php?id=283#OPT_283" ], "discovery": "2023-11-29T00:00:00Z", "references": { "cvename": [ "CVE-2023-49933", "CVE-2023-49934", "CVE-2023-49935", "CVE-2023-49936", "CVE-2023-49937", "CVE-2023-49938" ] }, "vid": "76c2110b-9e97-11ee-ae23-a0f3c100ae18" }, "details": "Slurm releases notes:\n\n> # Description\n>\n> ##### CVE-2023-49933 through CVE-2023-49938\n>\n> Slurm versions 23.11.1, 23.02.7, 22.05.11 are now available and\n> address a number of recently-discovered security issues. They\\'ve been\n> assigned CVE-2023-49933 through CVE-2023-49938.\n", "id": "FreeBSD-2023-0363", "modified": "2023-12-19T00:00:00Z", "published": "2023-12-19T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://www.schedmd.com/news.php?id=283#OPT_283" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-49933" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-49934" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-49935" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-49936" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-49937" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-49938" } ], "schema_version": "1.7.0", "summary": "slurm-wlm -- Several security issues" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "couchdb" }, "ranges": [ { "events": [ { "fixed": "3.3.2,2" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://docs.couchdb.org/en/stable/cve/2023-26268.html" ], "discovery": "2023-05-02T00:00:00Z", "references": { "cvename": [ "CVE-2023-26268" ] }, "vid": "fd47fcfe-ec69-4000-b9ce-e5e62102c1c7" }, "details": "Nick Vatamane reports:\n\n> Design documents with matching document IDs, from databases on the\n> same cluster, may share a mutable Javascript environment when using\n> various design document functions.\n", "id": "FreeBSD-2023-0362", "modified": "2023-12-17T00:00:00Z", "published": "2023-12-17T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://docs.couchdb.org/en/stable/cve/2023-26268.html" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-26268" }, { "type": "WEB", "url": "https://docs.couchdb.org/en/stable/cve/2023-26268.html" } ], "schema_version": "1.7.0", "summary": "couchdb -- information sharing via couchjs processes" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "gitlab-ce" }, "ranges": [ { "events": [ { "introduced": "16.6.0" }, { "fixed": "16.6.2" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "16.5.0" }, { "fixed": "16.5.4" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "8.17.0" }, { "fixed": "16.4.4" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://about.gitlab.com/releases/2023/12/13/security-release-gitlab-16-6-2-released/" ], "discovery": "2023-12-13T00:00:00Z", "references": { "cvename": [ "CVE-2023-6680", "CVE-2023-6564", "CVE-2023-6051", "CVE-2023-3907", "CVE-2023-5512", "CVE-2023-3904", "CVE-2023-5061", "CVE-2023-3511" ] }, "vid": "e2fb85ce-9a3c-11ee-af26-001b217b3468" }, "details": "Gitlab reports:\n\n> Smartcard authentication allows impersonation of arbitrary user using\n> user\\'s public certificate\n>\n> When subgroup is allowed to merge or push to protected branches,\n> subgroup members with the Developer role may gain the ability to push\n> or merge\n>\n> The GitLab web interface does not ensure the integrity of information\n> when downloading the source code from installation packages or tags\n>\n> Project maintainer can escalate to Project owner using project access\n> token rotate API\n>\n> Omission of Double Encoding in File Names Facilitates the Creation of\n> Repositories with Malicious Content\n>\n> Unvalidated timeSpent value leads to unable to load issues on Issue\n> board\n>\n> Developer can bypass predefined variables via REST API\n>\n> Auditor users can create merge requests on projects they don\\'t have\n> access to\n", "id": "FreeBSD-2023-0361", "modified": "2023-12-14T00:00:00Z", "published": "2023-12-14T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://about.gitlab.com/releases/2023/12/13/security-release-gitlab-16-6-2-released/" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-6680" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-6564" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-6051" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-3907" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-5512" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-3904" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-5061" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-3511" }, { "type": "WEB", "url": "https://about.gitlab.com/releases/2023/12/13/security-release-gitlab-16-6-2-released/" } ], "schema_version": "1.7.0", "summary": "Gitlab -- vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "chromium" }, "ranges": [ { "events": [ { "fixed": "120.0.6099.109" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "ungoogled-chromium" }, "ranges": [ { "events": [ { "fixed": "120.0.6099.109" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://chromereleases.googleblog.com/2023/12/stable-channel-update-for-desktop_12.html" ], "discovery": "2023-12-12T00:00:00Z", "references": { "cvename": [ "CVE-2023-6702", "CVE-2023-6703", "CVE-2023-6704", "CVE-2023-6705", "CVE-2023-6706", "CVE-2023-6707" ] }, "vid": "502c9f72-99b3-11ee-86bb-a8a1599412c6" }, "details": "Chrome Releases reports:\n\n> This update includes 9 security fixes:\n>\n> - \\[1501326\\] High CVE-2023-6702: Type Confusion in V8. Reported by\n> Zhiyi Zhang and Zhunki from Codesafe Team of Legendsec at Qi\\'anxin\n> Group on 2023-11-10\n> - \\[1502102\\] High CVE-2023-6703: Use after free in Blink. Reported by\n> Cassidy Kim(@cassidy6564) on 2023-11-14\n> - \\[1504792\\] High CVE-2023-6704: Use after free in libavif. Reported\n> by Fudan University on 2023-11-23\n> - \\[1505708\\] High CVE-2023-6705: Use after free in WebRTC. Reported\n> by Cassidy Kim(@cassidy6564) on 2023-11-28\n> - \\[1500921\\] High CVE-2023-6706: Use after free in FedCM. Reported by\n> anonymous on 2023-11-09\n> - \\[1504036\\] Medium CVE-2023-6707: Use after free in CSS. Reported by\n> \\@ginggilBesel on 2023-11-21\n", "id": "FreeBSD-2023-0360", "modified": "2023-12-13T00:00:00Z", "published": "2023-12-13T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://chromereleases.googleblog.com/2023/12/stable-channel-update-for-desktop_12.html" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-6702" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-6703" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-6704" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-6705" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-6706" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-6707" }, { "type": "WEB", "url": "https://chromereleases.googleblog.com/2023/12/stable-channel-update-for-desktop_12.html" } ], "schema_version": "1.7.0", "summary": "chromium -- multiple security fixes" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:kernel", "name": "FreeBSD-kernel" }, "ranges": [ { "events": [ { "introduced": "14.0" }, { "fixed": "14.0_3" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "13.2" }, { "fixed": "13.2_8" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "discovery": "2023-12-12T00:00:00Z", "references": { "cvename": [ "CVE-2023-6660" ], "freebsdsa": [ "SA-23:18.nfsclient" ] }, "vid": "8eefff69-997f-11ee-8e38-002590c1f29c" }, "details": "# Problem Description:\n\nIn FreeBSD 13.2 and 14.0, the NFS client was optimized to improve the\nperformance of IO_APPEND writes, that is, writes which add data to the\nend of a file and so extend its size. This uncovered an old bug in some\nroutines which copy userspace data into the kernel. The bug also affects\nthe NFS client\\'s implementation of direct I/O; however, this\nimplementation is disabled by default by the vfs.nfs.nfs_directio_enable\nsysctl and is only used to handle synchronous writes.\n\n# Impact:\n\nWhen a program running on an affected system appends data to a file via\nan NFS client mount, the bug can cause the NFS client to fail to copy in\nthe data to be written but proceed as though the copy operation had\nsucceeded. This means that the data to be written is instead replaced\nwith whatever data had been in the packet buffer previously. Thus, an\nunprivileged user with access to an affected system may abuse the bug to\ntrigger disclosure of sensitive information. In particular, the leak is\nlimited to data previously stored in mbufs, which are used for network\ntransmission and reception, and for certain types of inter-process\ncommunication.\n\nThe bug can also be triggered unintentionally by system applications, in\nwhich case the data written by the application to an NFS mount may be\ncorrupted. Corrupted data is written over the network to the NFS server,\nand thus also susceptible to being snooped by other hosts on the\nnetwork.\n\nNote that the bug exists only in the NFS client; the version and\nimplementation of the server has no effect on whether a given system is\naffected by the problem.\n", "id": "FreeBSD-2023-0359", "modified": "2023-12-13T00:00:00Z", "published": "2023-12-13T00:00:00Z", "references": [ { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-6660" }, { "type": "ADVISORY", "url": "https://www.freebsd.org/security/advisories/FreeBSD-SA-23:18.nfsclient.asc" } ], "schema_version": "1.7.0", "summary": "FreeBSD -- NFS client data corruption and kernel memory disclosure" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "xorg-server" }, "ranges": [ { "events": [ { "fixed": "21.1.10,1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "xephyr" }, "ranges": [ { "events": [ { "fixed": "21.1.10,1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "xorg-vfbserver" }, "ranges": [ { "events": [ { "fixed": "21.1.10,1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "xorg-nestserver" }, "ranges": [ { "events": [ { "fixed": "21.1.10,2" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "xwayland" }, "ranges": [ { "events": [ { "fixed": "23.2.3,1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "xwayland-devel" }, "ranges": [ { "events": [ { "fixed": "21.0.99.1.582" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://lists.x.org/archives/xorg-announce/2023-December/003435.html" ], "discovery": "2023-12-13T00:00:00Z", "references": { "cvename": [ "CVE-2023-6377", "CVE-2023-6478" ] }, "vid": "972568d6-3485-40ab-80ff-994a8aaf9683" }, "details": "The X.Org project reports:\n\n> - CVE-2023-6377/ZDI-CAN-22412/ZDI-CAN-22413: X.Org server:\n> Out-of-bounds memory write in XKB button actions\n>\n> A device has XKB button actions for each button on the device. When\n> a logical device switch happens (e.g. moving from a touchpad to a\n> mouse), the server re-calculates the information available on the\n> respective master device (typically the Virtual Core Pointer). This\n> re-calculation only allocated enough memory for a single XKB action\n> rather instead of enough for the newly active physical device\\'s\n> number of button. As a result, querying or changing the XKB button\n> actions results in out-of-bounds memory reads and writes.\n>\n> This may lead to local privilege escalation if the server is run as\n> root or remote code execution (e.g. x11 over ssh).\n>\n> - CVE-2023-6478/ZDI-CAN-22561: X.Org server: Out-of-bounds memory read\n> in RRChangeOutputProperty and RRChangeProviderProperty\n>\n> This fixes an OOB read and the resulting information disclosure.\n>\n> Length calculation for the request was clipped to a 32-bit integer.\n> With the correct stuff-\\>nUnits value the expected request size was\n> truncated, passing the REQUEST_FIXED_SIZE check.\n>\n> The server then proceeded with reading at least stuff-\\>nUnits bytes\n> (depending on stuff-\\>format) from the request and stuffing whatever\n> it finds into the property. In the process it would also allocate at\n> least stuff-\\>nUnits bytes, i.e. 4GB.\n", "id": "FreeBSD-2023-0358", "modified": "2023-12-13T00:00:00Z", "published": "2023-12-13T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://lists.x.org/archives/xorg-announce/2023-December/003435.html" }, { "type": "WEB", "url": "https://lists.x.org/archives/xorg-announce/2023-December/003435.html" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-6377" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-6478" } ], "schema_version": "1.7.0", "summary": "xorg-server -- Multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "chromium" }, "ranges": [ { "events": [ { "fixed": "120.0.6099.62" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "ungoogled-chromium" }, "ranges": [ { "events": [ { "fixed": "120.0.6099.62" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "qt5-webengine" }, "ranges": [ { "events": [ { "fixed": "5.15.16.p5_2" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "qt6-webengine" }, "ranges": [ { "events": [ { "fixed": "6.6.1_1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://chromereleases.googleblog.com/2023/12/stable-channel-update-for-desktop.html" ], "discovery": "2023-12-05T00:00:00Z", "references": { "cvename": [ "CVE-2023-6508", "CVE-2023-6509", "CVE-2023-6510", "CVE-2023-6511", "CVE-2023-6512" ] }, "vid": "4405e9ad-97fe-11ee-86bb-a8a1599412c6" }, "details": "Chrome Releases reports:\n\n> This update includes 10 security fixes:\n>\n> - \\[1497984\\] High CVE-2023-6508: Use after free in Media Stream.\n> Reported by Cassidy Kim(@cassidy6564) on 2023-10-31\n> - \\[1494565\\] High CVE-2023-6509: Use after free in Side Panel Search.\n> Reported by Khalil Zhani on 2023-10-21\n> - \\[1480152\\] Medium CVE-2023-6510: Use after free in Media Capture.\n> Reported by \\[pwn2car\\] on 2023-09-08\n> - \\[1478613\\] Low CVE-2023-6511: Inappropriate implementation in\n> Autofill. Reported by Ahmed ElMasry on 2023-09-04\n> - \\[1457702\\] Low CVE-2023-6512: Inappropriate implementation in Web\n> Browser UI. Reported by Om Apip on 2023-06-24\n", "id": "FreeBSD-2023-0357", "modified": "2023-12-11T00:00:00Z", "published": "2023-12-11T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://chromereleases.googleblog.com/2023/12/stable-channel-update-for-desktop.html" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-6508" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-6509" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-6510" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-6511" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-6512" }, { "type": "WEB", "url": "https://chromereleases.googleblog.com/2023/12/stable-channel-update-for-desktop.html" } ], "schema_version": "1.7.0", "summary": "chromium -- multiple security fixes" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "zookeeper" }, "ranges": [ { "events": [ { "fixed": "3.7.2" }, { "introduced": "0" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "3.8.0" }, { "fixed": "3.8.3" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "3.9.0" }, { "fixed": "3.9.1" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "http://www.openwall.com/lists/oss-security/2023/10/11/4" ], "discovery": "2023-10-11T00:00:00Z", "references": { "cvename": [ "CVE-2023-44981" ] }, "vid": "2bc376c0-977e-11ee-b4bc-b42e991fc52e" }, "details": "security@apache.org reports:\n\n> Authorization Bypass Through User-Controlled Key vulnerability in\n> Apache ZooKeeper. If SASL Quorum Peer authentication is enabled in\n> ZooKeeper (quorum.auth.enableSasl=true), the authorization is done by\n> verifying that the instance part in SASL authentication ID is listed\n> in zoo.cfg server list. The instance part in SASL auth ID is optional\n> and if it\\'s missing, like \\'eve@EXAMPLE.COM\\', the authorization\n> check will be skipped.As a result an arbitrary endpoint could join the\n> cluster and begin propagating counterfeit changes to the leader,\n> essentially giving it complete read-write access to the data\n> tree.Quorum Peer authentication is not enabled by default. Users are\n> recommended to upgrade to version 3.9.1, 3.8.3, 3.7.2, which fixes the\n> issue. Alternately ensure the ensemble election/quorum communication\n> is protected by a firewall as this will mitigate the issue. See the\n> documentation for more details on correct cluster administration.\n", "id": "FreeBSD-2023-0356", "modified": "2023-12-10T00:00:00Z", "published": "2023-12-10T00:00:00Z", "references": [ { "type": "REPORT", "url": "http://www.openwall.com/lists/oss-security/2023/10/11/4" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-44981" }, { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-44981" } ], "schema_version": "1.7.0", "summary": "apache -- Apache ZooKeeper: Authorization bypass in SASL Quorum Peer Authentication" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "electron25" }, "ranges": [ { "events": [ { "fixed": "25.9.8" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://github.com/electron/electron/releases/tag/v25.9.8" ], "discovery": "2023-12-06T00:00:00Z", "references": { "cvename": [ "CVE-2023-6350", "CVE-2023-6351" ] }, "vid": "e07a7754-12a4-4661-b852-fd221d68955f" }, "details": "Electron developers report:\n\n> This update fixes the following vulnerabilities:\n>\n> - Security: backported fix for CVE-2023-6350.\n> - Security: backported fix for CVE-2023-6351.\n", "id": "FreeBSD-2023-0355", "modified": "2023-12-07T00:00:00Z", "published": "2023-12-07T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://github.com/electron/electron/releases/tag/v25.9.8" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-6350" }, { "type": "ADVISORY", "url": "https://github.com/advisories/GHSA-wmh6-7xp9-5gh8" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-6351" }, { "type": "ADVISORY", "url": "https://github.com/advisories/GHSA-47vw-3hx2-6877" } ], "schema_version": "1.7.0", "summary": "electron25 -- multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:kernel", "name": "FreeBSD-kernel" }, "ranges": [ { "events": [ { "introduced": "14.0" }, { "fixed": "14.0_2" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "13.2" }, { "fixed": "13.2_4" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "12.4" }, { "fixed": "12.4_6" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "discovery": "2023-12-05T00:00:00Z", "references": { "cvename": [ "CVE-2023-6534" ], "freebsdsa": [ "SA-23:17.pf" ] }, "vid": "9cbbc506-93c1-11ee-8e38-002590c1f29c" }, "details": "# Problem Description:\n\nAs part of its stateful TCP connection tracking implementation, pf\nperforms sequence number validation on inbound packets. This makes it\ndifficult for a would-be attacker to spoof the sender and inject packets\ninto a TCP stream, since crafted packets must contain sequence numbers\nwhich match the current connection state to avoid being rejected by the\nfirewall.\n\nA bug in the implementation of sequence number validation means that the\nsequence number is not in fact validated, allowing an attacker who is\nable to impersonate the remote host and guess the connection\\'s port\nnumbers to inject packets into the TCP stream.\n\n# Impact:\n\nAn attacker can, with relatively little effort, inject packets into a\nTCP stream destined to a host behind a pf firewall. This could be used\nto implement a denial-of-service attack for hosts behind the firewall,\nfor example by sending TCP RST packets to the host.\n", "id": "FreeBSD-2023-0354", "modified": "2023-12-14T00:00:00Z", "published": "2023-12-05T00:00:00Z", "references": [ { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-6534" }, { "type": "ADVISORY", "url": "https://www.freebsd.org/security/advisories/FreeBSD-SA-23:17.pf.asc" } ], "schema_version": "1.7.0", "summary": "FreeBSD -- TCP spoofing vulnerability in pf(4)" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "varnish7" }, "ranges": [ { "events": [ { "fixed": "7.4.2" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "varnish6" }, "ranges": [ { "events": [ { "fixed": "6.6.3" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://varnish-cache.org/security/VSV00013.html" ], "discovery": "2023-11-13T00:00:00Z", "references": { "cvename": [ "CVE-2023-44487" ] }, "vid": "f25a34b1-910d-11ee-a1a2-641c67a117d8" }, "details": "Varnish Cache Project reports:\n\n> A denial of service attack can be performed on Varnish Cache servers\n> that have the HTTP/2 protocol turned on. An attacker can create a\n> large volume of streams and immediately reset them without ever\n> reaching the maximum number of concurrent streams allowed for the\n> session, causing the Varnish server to consume unnecessary resources\n> processing requests for which the response will not be delivered.\n", "id": "FreeBSD-2023-0353", "modified": "2023-12-02T00:00:00Z", "published": "2023-12-02T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://varnish-cache.org/security/VSV00013.html" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-44487" }, { "type": "WEB", "url": "https://varnish-cache.org/security/VSV00013.html" } ], "schema_version": "1.7.0", "summary": "varnish -- HTTP/2 Rapid Reset Attack" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "gitlab-ce" }, "ranges": [ { "events": [ { "introduced": "16.6.0" }, { "fixed": "16.6.1" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "16.5.0" }, { "fixed": "16.5.3" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "8.13.0" }, { "fixed": "16.4.3" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://about.gitlab.com/releases/2023/11/30/security-release-gitlab-16-6-1-released/" ], "discovery": "2023-11-30T00:00:00Z", "references": { "cvename": [ "CVE-2023-6033", "CVE-2023-6396", "CVE-2023-3949", "CVE-2023-5226", "CVE-2023-5995", "CVE-2023-4912", "CVE-2023-4317", "CVE-2023-3964", "CVE-2023-4658", "CVE-2023-3443" ] }, "vid": "3b14b2b4-9014-11ee-98b3-001b217b3468" }, "details": "Gitlab reports:\n\n> XSS and ReDoS in Markdown via Banzai pipeline of Jira\n>\n> Members with admin_group_member custom permission can add members with\n> higher role\n>\n> Release Description visible in public projects despite release set as\n> project members only through atom response\n>\n> Manipulate the repository content in the UI (CVE-2023-3401 bypass)\n>\n> External user can abuse policy bot to gain access to internal projects\n>\n> Client-side DOS via Mermaid Flowchart\n>\n> Developers can update pipeline schedules to use protected branches\n> even if they don\\'t have permission to merge\n>\n> Users can install Composer packages from public projects even when\n> Package registry is turned off\n>\n> Unauthorized member can gain Allowed to push and merge access and\n> affect integrity of protected branches\n>\n> Guest users can react (emojis) on confidential work items which they\n> cant see in a project\n", "id": "FreeBSD-2023-0352", "modified": "2023-12-01T00:00:00Z", "published": "2023-12-01T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://about.gitlab.com/releases/2023/11/30/security-release-gitlab-16-6-1-released/" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-6033" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-6396" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-3949" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-5226" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-5995" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-4912" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-4317" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-3964" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-4658" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-3443" }, { "type": "WEB", "url": "https://about.gitlab.com/releases/2023/11/30/security-release-gitlab-16-6-1-released/" } ], "schema_version": "1.7.0", "summary": "Gitlab -- Vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "electron26" }, "ranges": [ { "events": [ { "fixed": "26.6.2" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://github.com/electron/electron/releases/tag/v26.6.2" ], "discovery": "2023-11-30T00:00:00Z", "references": { "cvename": [ "CVE-2023-6345", "CVE-2023-6346", "CVE-2023-6347", "CVE-2023-6350" ] }, "vid": "7e1a508f-7167-47b0-b9fc-95f541933a86" }, "details": "Electron developers report:\n\n> This update fixes the following vulnerabilities:\n>\n> - Security: backported fix for CVE-2023-6345.\n> - Security: backported fix for CVE-2023-6346.\n> - Security: backported fix for CVE-2023-6347.\n> - Security: backported fix for CVE-2023-6350.\n", "id": "FreeBSD-2023-0351", "modified": "2023-12-01T00:00:00Z", "published": "2023-12-01T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://github.com/electron/electron/releases/tag/v26.6.2" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-6345" }, { "type": "ADVISORY", "url": "https://github.com/advisories/GHSA-xm5p-7w7v-qqr5" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-6346" }, { "type": "ADVISORY", "url": "https://github.com/advisories/GHSA-w427-5x7p-xj8x" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-6347" }, { "type": "ADVISORY", "url": "https://github.com/advisories/GHSA-6jj9-4hh8-6xpv" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-6350" }, { "type": "ADVISORY", "url": "https://github.com/advisories/GHSA-wmh6-7xp9-5gh8" } ], "schema_version": "1.7.0", "summary": "electron26 -- multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "electron25" }, "ranges": [ { "events": [ { "fixed": "25.9.7" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://github.com/electron/electron/releases/tag/v25.9.7" ], "discovery": "2023-12-01T00:00:00Z", "references": { "cvename": [ "CVE-2023-6345", "CVE-2023-6346", "CVE-2023-6347" ] }, "vid": "302fc846-860f-482e-a8f6-ee9f254dfacf" }, "details": "Electron developers report:\n\n> This update fixes the following vulnerabilities:\n>\n> - Security: backported fix for CVE-2023-6345.\n> - Security: backported fix for CVE-2023-6346.\n> - Security: backported fix for CVE-2023-6347.\n", "id": "FreeBSD-2023-0350", "modified": "2023-12-01T00:00:00Z", "published": "2023-12-01T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://github.com/electron/electron/releases/tag/v25.9.7" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-6345" }, { "type": "ADVISORY", "url": "https://github.com/advisories/GHSA-xm5p-7w7v-qqr5" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-6346" }, { "type": "ADVISORY", "url": "https://github.com/advisories/GHSA-w427-5x7p-xj8x" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-6347" }, { "type": "ADVISORY", "url": "https://github.com/advisories/GHSA-6jj9-4hh8-6xpv" } ], "schema_version": "1.7.0", "summary": "electron25 -- multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "chromium" }, "ranges": [ { "events": [ { "fixed": "119.0.6045.199" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "ungoogled-chromium" }, "ranges": [ { "events": [ { "fixed": "119.0.6045.199" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "qt5-webengine" }, "ranges": [ { "events": [ { "fixed": "5.15.16.p5_2" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "qt6-webengine" }, "ranges": [ { "events": [ { "fixed": "6.6.1_1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://chromereleases.googleblog.com/2023/11/stable-channel-update-for-desktop_28.html" ], "discovery": "2023-11-28T00:00:00Z", "references": { "cvename": [ "CVE-2023-6348", "CVE-2023-6347", "CVE-2023-6346", "CVE-2023-6350", "CVE-2023-6351", "CVE-2023-6345" ] }, "vid": "8cdd38c7-8ebb-11ee-86bb-a8a1599412c6" }, "details": "Chrome Releases reports:\n\n> This update includes 7 security fixes:\n>\n> - \\[1491459\\] High CVE-2023-6348: Type Confusion in Spellcheck.\n> Reported by Mark Brand of Google Project Zero on 2023-10-10\n> - \\[1494461\\] High CVE-2023-6347: Use after free in Mojo. Reported by\n> Leecraso and Guang Gong of 360 Vulnerability Research Institute on\n> 2023-10-21\n> - \\[1500856\\] High CVE-2023-6346: Use after free in WebAudio. Reported\n> by Huang Xilin of Ant Group Light-Year Security Lab on 2023-11-09\n> - \\[1501766\\] High CVE-2023-6350: Out of bounds memory access in\n> libavif. Reported by Fudan University on 2023-11-13\n> - \\[1501770\\] High CVE-2023-6351: Use after free in libavif. Reported\n> by Fudan University on 2023-11-13\n> - \\[1505053\\] High CVE-2023-6345: Integer overflow in Skia. Reported\n> by Beno\u00eet Sevens and Cl\u00e9ment Lecigne of Google\\'s Threat Analysis\n> Group on 2023-11-24\n", "id": "FreeBSD-2023-0349", "modified": "2023-11-29T00:00:00Z", "published": "2023-11-29T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://chromereleases.googleblog.com/2023/11/stable-channel-update-for-desktop_28.html" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-6348" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-6347" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-6346" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-6350" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-6351" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-6345" }, { "type": "WEB", "url": "https://chromereleases.googleblog.com/2023/11/stable-channel-update-for-desktop_28.html" } ], "schema_version": "1.7.0", "summary": "chromium -- multiple security fixes" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "mariadb105-server" }, "ranges": [ { "events": [ { "fixed": "10.5.23" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "mariadb106-server" }, "ranges": [ { "events": [ { "fixed": "10.6.16" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "mariadb1011-server" }, "ranges": [ { "events": [ { "fixed": "10.11.6" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://mariadb.com/kb/en/mariadb-10-11-6-release-notes/" ], "discovery": "2023-11-13T00:00:00Z", "references": { "cvename": [ "CVE-2023-22084" ] }, "vid": "388e6557-8c80-11ee-9ee3-84a93843eb75" }, "details": "The MariaDB project reports:\n\n> Easily exploitable vulnerability allows high privileged attacker with\n> network access via multiple protocols to compromise MySQL Server.\n> Successful attacks of this vulnerability can result in unauthorized\n> ability to cause a hang or frequently repeatable crash (complete DOS)\n> of MySQL Server.\n", "id": "FreeBSD-2023-0348", "modified": "2023-11-26T00:00:00Z", "published": "2023-11-26T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://mariadb.com/kb/en/mariadb-10-11-6-release-notes/" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-22084" }, { "type": "WEB", "url": "https://mariadb.com/kb/en/mariadb-10-11-6-release-notes/" }, { "type": "WEB", "url": "https://mariadb.com/kb/en/mariadb-10-6-16-release-notes/" }, { "type": "WEB", "url": "https://mariadb.com/kb/en/mariadb-10-5-23-release-notes/" } ], "schema_version": "1.7.0", "summary": "MariaDB -- Denial-of-Service vulnerability" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "strongswan" }, "ranges": [ { "events": [ { "introduced": "5.3.0" }, { "fixed": "5.9.11_3" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://www.strongswan.org/blog/2023/11/20/strongswan-vulnerability-(cve-2023-41913).html" ], "discovery": "2023-11-20T00:00:00Z", "references": { "cvename": [ "CVE-2023-41913" ] }, "vid": "a62c0c50-8aa0-11ee-ac0d-00e0670f2660" }, "details": "strongSwan reports:\n\n> A vulnerability in charon-tkm related to processing DH public values\n> was discovered in strongSwan that can result in a buffer overflow and\n> potentially remote code execution. All versions since 5.3.0 are\n> affected.\n", "id": "FreeBSD-2023-0347", "modified": "2023-11-24T00:00:00Z", "published": "2023-11-24T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://www.strongswan.org/blog/2023/11/20/strongswan-vulnerability-(cve-2023-41913).html" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-41913" }, { "type": "WEB", "url": "https://www.strongswan.org/blog/2023/11/20/strongswan-vulnerability-(cve-2023-41913).html" } ], "schema_version": "1.7.0", "summary": "strongSwan -- vulnerability in charon-tkm" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "electron25" }, "ranges": [ { "events": [ { "fixed": "25.9.6" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "electron26" }, "ranges": [ { "events": [ { "fixed": "26.6.1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://github.com/electron/electron/releases/tag/v25.9.6" ], "discovery": "2023-11-22T00:00:00Z", "references": { "cvename": [ "CVE-2023-5997" ] }, "vid": "147353a3-c33b-46d1-b751-e72c0d7f29df" }, "details": "Electron developers report:\n\n> This update fixes the following vulnerability:\n>\n> - Security: backported fix for CVE-2023-5997.\n", "id": "FreeBSD-2023-0346", "modified": "2023-11-22T00:00:00Z", "published": "2023-11-22T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://github.com/electron/electron/releases/tag/v25.9.6" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-5997" }, { "type": "ADVISORY", "url": "https://github.com/advisories/GHSA-fggx-frxq-cpx8" } ], "schema_version": "1.7.0", "summary": "electron{25,26} -- use after free in Garbage Collection" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "chromium" }, "ranges": [ { "events": [ { "fixed": "119.0.6045.159" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "ungoogled-chromium" }, "ranges": [ { "events": [ { "fixed": "119.0.6045.159" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "qt5-webengine" }, "ranges": [ { "events": [ { "fixed": "5.15.16.p5" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "qt6-webengine" }, "ranges": [ { "events": [ { "fixed": "6.6.1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://chromereleases.googleblog.com/2023/11/stable-channel-update-for-desktop_14.html" ], "discovery": "2023-11-14T00:00:00Z", "references": { "cvename": [ "CVE-2023-5997", "CVE-2023-6112" ] }, "vid": "0da4db89-84bf-11ee-8290-a8a1599412c6" }, "details": "Chrome Releases reports:\n\n> This update includes 4 security fixes:\n>\n> - \\[1497997\\] High CVE-2023-5997: Use after free in Garbage\n> Collection. Reported by Anonymous on 2023-10-31\n> - \\[1499298\\] High CVE-2023-6112: Use after free in Navigation.\n> Reported by Sergei Glazunov of Google Project Zero on 2023-11-04\n", "id": "FreeBSD-2023-0345", "modified": "2023-11-16T00:00:00Z", "published": "2023-11-16T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://chromereleases.googleblog.com/2023/11/stable-channel-update-for-desktop_14.html" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-5997" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-6112" }, { "type": "WEB", "url": "https://chromereleases.googleblog.com/2023/11/stable-channel-update-for-desktop_14.html" } ], "schema_version": "1.7.0", "summary": "chromium -- multiple security fixes" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "electron25" }, "ranges": [ { "events": [ { "fixed": "25.9.5" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "electron26" }, "ranges": [ { "events": [ { "fixed": "26.6.0" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://github.com/electron/electron/releases/tag/v25.9.5" ], "discovery": "2023-11-15T00:00:00Z", "references": { "cvename": [ "CVE-2023-5996" ] }, "vid": "a30f1a12-117f-4dac-a1d0-d65eaf084953" }, "details": "Electron developers report:\n\n> This update fixes the following vulnerability:\n>\n> - Security: backported fix for CVE-2023-5996.\n", "id": "FreeBSD-2023-0344", "modified": "2023-11-16T00:00:00Z", "published": "2023-11-16T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://github.com/electron/electron/releases/tag/v25.9.5" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-5996" }, { "type": "ADVISORY", "url": "https://github.com/advisories/GHSA-q3gq-rg4m-vgrp" } ], "schema_version": "1.7.0", "summary": "electron{25,26} -- use after free in WebAudio" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "openvpn" }, "ranges": [ { "events": [ { "introduced": "2.6.0" }, { "fixed": "2.6.7_1" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "openvpn-devel" }, "ranges": [ { "events": [ { "fixed": "g20231109,1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://github.com/OpenVPN/openvpn/blob/v2.6.7/Changes.rst#overview-of-changes-in-267" ], "discovery": "2023-08-29T00:00:00Z", "references": { "cvename": [ "CVE-2023-46849", "CVE-2023-46850" ] }, "vid": "2fe004f5-83fd-11ee-9f5d-31909fb2f495" }, "details": "The OpenVPN community project team reports:\n\n> CVE-2023-46849 OpenVPN versions between 2.6.0 and 2.6.6 incorrectly\n> restore \\\"\\--fragment\\\" configuration in some circumstances, leading\n> to a division by zero when \\\"\\--fragment\\\" is used. On platforms where\n> division by zero is fatal, this will cause an OpenVPN crash.\\\n> Reported by Niccolo Belli and WIPocket (Github #400, #417).\n>\n> CVE-2023-46850 OpenVPN versions between 2.6.0 and 2.6.6 incorrectly\n> use a send buffer after it has been free()d in some circumstances,\n> causing some free()d memory to be sent to the peer. All configurations\n> using TLS (e.g. not using \\--secret) are affected by this issue.\n> (found while tracking down CVE-2023-46849 / Github #400, #417)\n", "id": "FreeBSD-2023-0343", "modified": "2023-12-31T00:00:00Z", "published": "2023-11-15T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://github.com/OpenVPN/openvpn/blob/v2.6.7/Changes.rst#overview-of-changes-in-267" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-46849" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-46850" }, { "type": "WEB", "url": "https://github.com/OpenVPN/openvpn/blob/v2.6.7/Changes.rst#overview-of-changes-in-267" } ], "schema_version": "1.7.0", "summary": "openvpn -- 2.6.0...2.6.6 --fragment option division by zero crash, and TLS data leak" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "typo3-11" }, "ranges": [ { "events": [ { "fixed": "11.5.33" }, { "introduced": "0" } ], "type": "ECOSYSTEM" }, { "events": [ { "fixed": "12.4.33" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "typo3-12" }, "ranges": [ { "events": [ { "fixed": "11.5.33" }, { "introduced": "0" } ], "type": "ECOSYSTEM" }, { "events": [ { "fixed": "12.4.33" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://github.com/TYPO3/typo3/commit/535dfbdc54fd5362e0bc08d911db44eac7f64019" ], "discovery": "2023-11-14T00:00:00Z", "references": { "cvename": [ "CVE-2023-47125", "CVE-2023-47126", "CVE-2023-47127" ] }, "vid": "7cc003cb-83b9-11ee-957d-b42e991fc52e" }, "details": "security-advisories@github.com reports:\n\n> Weak Authentication in Session Handling in typo3/cms-core: In typo3\n> installations there are always at least two different sites. Eg.\n> first.example.org and second.example.com. In affected versions a\n> session cookie generated for the first site can be reused on the\n> second site without requiring additional authentication. This\n> vulnerability has been addressed in versions 8.7.55, 9.5.44, 10.4.41,\n> 11.5.33, and 12.4.8. Users are advised to upgrade. There are no known\n> workarounds for this vulnerability.\n>\n> Information Disclosure in Install Tool in typo3/cms-install: In\n> affected versions the login screen of the standalone install tool\n> discloses the full path of the transient data directory (e.g.\n> /var/www/html/var/transient/). This applies to composer-based\n> scenarios only - classic non-composer installations are not affected.\n> This issue has been addressed in version 12.4.8. Users are advised to\n> upgrade. There are no known workarounds for this vulnerability.\n>\n> By-passing Cross-Site Scripting Protection in HTML Sanitizer: In\n> affected versions DOM processing instructions are not handled\n> correctly. This allows bypassing the cross-site scripting mechanism of\n> typo3/html-sanitizer. This vulnerability has been addressed in\n> versions 1.5.3 and 2.1.4. Users are advised to upgrade. There are no\n> known workarounds for this vulnerability.\n", "id": "FreeBSD-2023-0342", "modified": "2023-11-15T00:00:00Z", "published": "2023-11-15T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://github.com/TYPO3/typo3/commit/535dfbdc54fd5362e0bc08d911db44eac7f64019" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-47125" }, { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-47125" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-47126" }, { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-47126" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-47127" }, { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-47127" } ], "schema_version": "1.7.0", "summary": "typo3 -- Multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "postgresql-server" }, "ranges": [ { "events": [ { "fixed": "16.1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" }, { "events": [ { "fixed": "15.5" }, { "introduced": "0" } ], "type": "ECOSYSTEM" }, { "events": [ { "fixed": "14.10" }, { "introduced": "0" } ], "type": "ECOSYSTEM" }, { "events": [ { "fixed": "13.13" }, { "introduced": "0" } ], "type": "ECOSYSTEM" }, { "events": [ { "fixed": "12.17" }, { "introduced": "0" } ], "type": "ECOSYSTEM" }, { "events": [ { "fixed": "11.22" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://www.postgresql.org/support/security/CVE-2023-5868/" ], "discovery": "2023-11-09T00:00:00Z", "references": { "cvename": [ "CVE-2023-5868" ] }, "vid": "31f45d06-7f0e-11ee-94b4-6cc21735f730" }, "details": "PostgreSQL Project reports:\n\n> Certain aggregate function calls receiving \\\"unknown\\\"-type arguments\n> could disclose bytes of server memory from the end of the\n> \\\"unknown\\\"-type value to the next zero byte. One typically gets an\n> \\\"unknown\\\"-type value via a string literal having no type\n> designation. We have not confirmed or ruled out viability of attacks\n> that arrange for presence of notable, confidential information in\n> disclosed bytes.\n", "id": "FreeBSD-2023-0341", "modified": "2023-11-09T00:00:00Z", "published": "2023-11-09T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://www.postgresql.org/support/security/CVE-2023-5868/" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-5868" }, { "type": "WEB", "url": "https://www.postgresql.org/support/security/CVE-2023-5868/" } ], "schema_version": "1.7.0", "summary": "postgresql-server -- Memory disclosure in aggregate function calls" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "postgresql-server" }, "ranges": [ { "events": [ { "fixed": "16.1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" }, { "events": [ { "fixed": "15.5" }, { "introduced": "0" } ], "type": "ECOSYSTEM" }, { "events": [ { "fixed": "14.10" }, { "introduced": "0" } ], "type": "ECOSYSTEM" }, { "events": [ { "fixed": "13.13" }, { "introduced": "0" } ], "type": "ECOSYSTEM" }, { "events": [ { "fixed": "12.17" }, { "introduced": "0" } ], "type": "ECOSYSTEM" }, { "events": [ { "fixed": "11.22" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://www.postgresql.org/support/security/CVE-2023-5869/" ], "discovery": "2023-11-09T00:00:00Z", "references": { "cvename": [ "CVE-2023-5869" ] }, "vid": "0f445859-7f0e-11ee-94b4-6cc21735f730" }, "details": "PostgreSQL Project reports:\n\n> While modifying certain SQL array values, missing overflow checks let\n> authenticated database users write arbitrary bytes to a memory area\n> that facilitates arbitrary code execution. Missing overflow checks\n> also let authenticated database users read a wide area of server\n> memory. The CVE-2021-32027 fix covered some attacks of this\n> description, but it missed others.\n", "id": "FreeBSD-2023-0340", "modified": "2023-11-09T00:00:00Z", "published": "2023-11-09T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://www.postgresql.org/support/security/CVE-2023-5869/" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-5869" }, { "type": "WEB", "url": "https://www.postgresql.org/support/security/CVE-2023-5869/" } ], "schema_version": "1.7.0", "summary": "postgresql-server -- Buffer overrun from integer overflow in array modification" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "postgresql-server" }, "ranges": [ { "events": [ { "fixed": "16.1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" }, { "events": [ { "fixed": "15.5" }, { "introduced": "0" } ], "type": "ECOSYSTEM" }, { "events": [ { "fixed": "14.10" }, { "introduced": "0" } ], "type": "ECOSYSTEM" }, { "events": [ { "fixed": "13.13" }, { "introduced": "0" } ], "type": "ECOSYSTEM" }, { "events": [ { "fixed": "12.17" }, { "introduced": "0" } ], "type": "ECOSYSTEM" }, { "events": [ { "fixed": "11.22" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://www.postgresql.org/support/security/CVE-2023-5870/" ], "discovery": "2023-11-09T00:00:00Z", "references": { "cvename": [ "CVE-2023-5870" ] }, "vid": "bbb18fcb-7f0d-11ee-94b4-6cc21735f730" }, "details": "PostgreSQL Project reports:\n\n> Documentation says the pg_cancel_backend role cannot signal \\\"a\n> backend owned by a superuser\\\". On the contrary, it can signal\n> background workers, including the logical replication launcher. It can\n> signal autovacuum workers and the autovacuum launcher. Signaling\n> autovacuum workers and those two launchers provides no meaningful\n> exploit, so exploiting this vulnerability requires a non-core\n> extension with a less-resilient background worker. For example, a\n> non-core background worker that does not auto-restart would experience\n> a denial of service with respect to that particular background worker.\n", "id": "FreeBSD-2023-0339", "modified": "2023-11-09T00:00:00Z", "published": "2023-11-09T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://www.postgresql.org/support/security/CVE-2023-5870/" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-5870" }, { "type": "WEB", "url": "https://www.postgresql.org/support/security/CVE-2023-5870/" } ], "schema_version": "1.7.0", "summary": "postgresql-server -- Role pg_cancel_backend can signal certain superuser processes" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "electron25" }, "ranges": [ { "events": [ { "fixed": "25.9.4" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "electron26" }, "ranges": [ { "events": [ { "fixed": "26.5.0" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://github.com/electron/electron/releases/tag/v25.9.4" ], "discovery": "2023-11-08T00:00:00Z", "references": { "cvename": [ "CVE-2023-5849", "CVE-2023-5482" ] }, "vid": "5558dded-a870-4fbe-8b0a-ba198db47007" }, "details": "Electron developers report:\n\n> This update fixes the following vulnerabilities:\n>\n> - Security: backported fix for CVE-2023-5849.\n> - Security: backported fix for CVE-2023-5482.\n", "id": "FreeBSD-2023-0338", "modified": "2023-11-09T00:00:00Z", "published": "2023-11-09T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://github.com/electron/electron/releases/tag/v25.9.4" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-5849" }, { "type": "ADVISORY", "url": "https://github.com/advisories/GHSA-7cjp-92p9-vr97" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-5482" }, { "type": "ADVISORY", "url": "https://github.com/advisories/GHSA-pq78-6h8h-rcf4" } ], "schema_version": "1.7.0", "summary": "electron{25,26} -- multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "libsndfile" }, "ranges": [ { "events": [ { "fixed": "1.2.2_1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://github.com/libsndfile/libsndfile/issues/789" ], "discovery": "2023-07-18T00:00:00Z", "references": { "cvename": [ "CVE-2022-33065" ] }, "vid": "4ade0c4d-7e83-11ee-9a8c-00155d01f201" }, "details": "cve@mitre.org reports:\n\n> Multiple signed integers overflow in function au_read_header in\n> src/au.c and in functions mat4_open and mat4_read_header in src/mat4.c\n> in Libsndfile, allows an attacker to cause Denial of Service or other\n> unspecified impacts.\n", "id": "FreeBSD-2023-0337", "modified": "2023-11-08T00:00:00Z", "published": "2023-11-08T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://github.com/libsndfile/libsndfile/issues/789" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-33065" }, { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-33065" } ], "schema_version": "1.7.0", "summary": "libsndfile_project -- Integer overflow in dataend calculation" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "chromium" }, "ranges": [ { "events": [ { "fixed": "119.0.6045.123" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "ungoogled-chromium" }, "ranges": [ { "events": [ { "fixed": "119.0.6045.123" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://chromereleases.googleblog.com/2023/11/stable-channel-update-for-desktop.html" ], "discovery": "2023-11-07T00:00:00Z", "references": { "cvename": [ "CVE-2023-5996" ] }, "vid": "77fc311d-7e62-11ee-8290-a8a1599412c6" }, "details": "Chrome Releases reports:\n\n> This update includes 1 security fix:\n>\n> - \\[1497859\\] High CVE-2023-5996: Use after free in WebAudio. Reported\n> by Huang Xilin of Ant Group Light-Year Security Lab via Tianfu Cup\n> 2023 on 2023-10-30\n", "id": "FreeBSD-2023-0336", "modified": "2023-11-08T00:00:00Z", "published": "2023-11-08T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://chromereleases.googleblog.com/2023/11/stable-channel-update-for-desktop.html" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-5996" }, { "type": "WEB", "url": "https://chromereleases.googleblog.com/2023/11/stable-channel-update-for-desktop.html" } ], "schema_version": "1.7.0", "summary": "chromium -- security update" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "openssl" }, "ranges": [ { "events": [ { "fixed": "3.0.12_1,1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "openssl111" }, "ranges": [ { "events": [ { "fixed": "1.1.1w_1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "openssl31" }, "ranges": [ { "events": [ { "fixed": "3.1.4_1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "openssl-quictls" }, "ranges": [ { "events": [ { "fixed": "3.0.12_1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "openssl31-quictls" }, "ranges": [ { "events": [ { "fixed": "3.1.4_1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://www.openssl.org/news/secadv/20231106.txt" ], "discovery": "2023-11-08T00:00:00Z", "references": { "cvename": [ "CVE-2023-5678" ] }, "vid": "a5956603-7e4f-11ee-9df6-84a93843eb75" }, "details": "The OpenSSL project reports:\n\n> Excessive time spent in DH check / generation with large Q parameter\n> value (low). Generating excessively long X9.42 DH keys or checking\n> excessively long X9.42 DH keys or parameters may be very slow.\n", "id": "FreeBSD-2023-0335", "modified": "2023-11-08T00:00:00Z", "published": "2023-11-08T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://www.openssl.org/news/secadv/20231106.txt" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-5678" }, { "type": "WEB", "url": "https://www.openssl.org/news/secadv/20231106.txt" } ], "schema_version": "1.7.0", "summary": "OpenSSL -- DoS in DH generation" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "FreeBSD" }, "ranges": [ { "events": [ { "introduced": "13.2" }, { "fixed": "13.2_5" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "discovery": "2023-11-08T00:00:00Z", "references": { "cvename": [ "CVE-2023-5978" ], "freebsdsa": [ "SA-23:16.cap_net" ] }, "vid": "f4464e49-7e04-11ee-8e38-002590c1f29c" }, "details": "# Problem Description:\n\nCasper services allow limiting operations that a process can perform.\nEach service maintains a specific list of permitted operations. Certain\noperations can be further restricted, such as specifying which domain\nnames can be resolved. During the verification of limits, the service\nmust ensure that the new set of constraints is a subset of the previous\none. In the case of the cap_net service, the currently limited set of\ndomain names was fetched incorrectly.\n\n# Impact:\n\nIn certain scenarios, if only a list of resolvable domain names was\nspecified without setting any other limitations, the application could\nsubmit a new list of domains including include entries not previously in\nthe list.\n", "id": "FreeBSD-2023-0334", "modified": "2023-11-08T00:00:00Z", "published": "2023-11-08T00:00:00Z", "references": [ { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-5978" }, { "type": "ADVISORY", "url": "https://www.freebsd.org/security/advisories/FreeBSD-SA-23:16.cap_net.asc" } ], "schema_version": "1.7.0", "summary": "FreeBSD -- Incorrect libcap_net limitation list manipulation" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "FreeBSD" }, "ranges": [ { "events": [ { "introduced": "13.2" }, { "fixed": "13.2_5" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "12.4" }, { "fixed": "12.4_7" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "discovery": "2023-11-08T00:00:00Z", "references": { "cvename": [ "CVE-2023-5941" ], "freebsdsa": [ "SA-23:15.stdio" ] }, "vid": "5afcc9a4-7e04-11ee-8e38-002590c1f29c" }, "details": "# Problem Description:\n\nFor line-buffered streams the \\_\\_sflush() function did not correctly\nupdate the FILE object\\'s write space member when the write(2) system\ncall returns an error.\n\n# Impact:\n\nDepending on the nature of an application that calls libc\\'s stdio\nfunctions and the presence of errors returned from the write(2) system\ncall (or an overridden stdio write routine) a heap buffer overfly may\noccur. Such overflows may lead to data corruption or the execution of\narbitrary code at the privilege level of the calling program.\n", "id": "FreeBSD-2023-0333", "modified": "2023-11-08T00:00:00Z", "published": "2023-11-08T00:00:00Z", "references": [ { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-5941" }, { "type": "ADVISORY", "url": "https://www.freebsd.org/security/advisories/FreeBSD-SA-23:15.stdio.asc" } ], "schema_version": "1.7.0", "summary": "FreeBSD -- libc stdio buffer overflow" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "vorbis-tools" }, "ranges": [ { "events": [ { "fixed": "1.4.2_4,3" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://github.com/xiph/vorbis-tools/issues/41" ], "discovery": "2023-09-16T00:00:00Z", "references": { "cvename": [ "CVE-2023-43361" ] }, "vid": "a1a1f81c-7c13-11ee-bcf1-f8b156b6dcc8" }, "details": "Frank-Z7 reports:\n\n> Heap buffer overflow when vorbis-tools/oggenc converts WAV files to\n> Ogg files.\n", "id": "FreeBSD-2023-0332", "modified": "2023-11-05T00:00:00Z", "published": "2023-11-05T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://github.com/xiph/vorbis-tools/issues/41" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-43361" }, { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-43361" } ], "schema_version": "1.7.0", "summary": "vorbistools -- heap buffer overflow in oggenc" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "optipng" }, "ranges": [ { "events": [ { "fixed": "0.7.7_1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://github.com/Frank-Z7/z-vulnerabilitys/blob/main/optipng-global-buffer-overflow1/optipng-global-buffer-overflow1.md" ], "discovery": "2023-09-30T00:00:00Z", "references": { "cvename": [ "CVE-2023-43907" ] }, "vid": "fe7ac70a-792b-11ee-bf9a-a04a5edf46d9" }, "details": "Frank-Z7 reports:\n\n> Running optipng with the \\\"-zm 3 -zc 1 -zw 256 -snip -out\\\"\n> configuration options enabled raises a global-buffer-overflow bug,\n> which could allow a remote attacker to conduct a denial-of-service\n> attack or other unspecified effect on a crafted file.\n", "id": "FreeBSD-2023-0331", "modified": "2023-11-02T00:00:00Z", "published": "2023-11-02T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://github.com/Frank-Z7/z-vulnerabilitys/blob/main/optipng-global-buffer-overflow1/optipng-global-buffer-overflow1.md" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-43907" }, { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-43907" } ], "schema_version": "1.7.0", "summary": "PptiPNG -- Global-buffer-overflow" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "chromium" }, "ranges": [ { "events": [ { "fixed": "119.0.6045.105" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "ungoogled-chromium" }, "ranges": [ { "events": [ { "fixed": "119.0.6045.105" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "qt6-webengine" }, "ranges": [ { "events": [ { "fixed": "6.6.1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://chromereleases.googleblog.com/2023/10/stable-channel-update-for-desktop_31.html" ], "discovery": "2023-10-31T00:00:00Z", "references": { "cvename": [ "CVE-2023-5480", "CVE-2023-5482", "CVE-2023-5849", "CVE-2023-5850", "CVE-2023-5851", "CVE-2023-5852", "CVE-2023-5853", "CVE-2023-5854", "CVE-2023-5855", "CVE-2023-5856", "CVE-2023-5857", "CVE-2023-5858", "CVE-2023-5859" ] }, "vid": "a1e27775-7a61-11ee-8290-a8a1599412c6" }, "details": "Chrome Releases reports:\n\n> This update includes 15 security fixes:\n>\n> - \\[1492698\\] High CVE-2023-5480: Inappropriate implementation in\n> Payments. Reported by Vsevolod Kokorin (Slonser) of Solidlab on\n> 2023-10-14\n> - \\[1492381\\] High CVE-2023-5482: Insufficient data validation in USB.\n> Reported by DarkNavy on 2023-10-13\n> - \\[1492384\\] High CVE-2023-5849: Integer overflow in USB. Reported by\n> DarkNavy on 2023-10-13\n> - \\[1281972\\] Medium CVE-2023-5850: Incorrect security UI in\n> Downloads. Reported by Mohit Raj (shadow2639) on 2021-12-22\n> - \\[1473957\\] Medium CVE-2023-5851: Inappropriate implementation in\n> Downloads. Reported by Shaheen Fazim on 2023-08-18\n> - \\[1480852\\] Medium CVE-2023-5852: Use after free in Printing.\n> Reported by \\[pwn2car\\] on 2023-09-10\n> - \\[1456876\\] Medium CVE-2023-5853: Incorrect security UI in\n> Downloads. Reported by Hafiizh on 2023-06-22\n> - \\[1488267\\] Medium CVE-2023-5854: Use after free in Profiles.\n> Reported by Dohyun Lee (@l33d0hyun) of SSD-Disclosure Labs & DNSLab,\n> Korea Univ on 2023-10-01\n> - \\[1492396\\] Medium CVE-2023-5855: Use after free in Reading Mode.\n> Reported by ChaobinZhang on 2023-10-13\n> - \\[1493380\\] Medium CVE-2023-5856: Use after free in Side Panel.\n> Reported by Weipeng Jiang (@Krace) of VRI on 2023-10-17\n> - \\[1493435\\] Medium CVE-2023-5857: Inappropriate implementation in\n> Downloads. Reported by Will Dormann on 2023-10-18\n> - \\[1457704\\] Low CVE-2023-5858: Inappropriate implementation in\n> WebApp Provider. Reported by Axel Chong on 2023-06-24\n> - \\[1482045\\] Low CVE-2023-5859: Incorrect security UI in Picture In\n> Picture. Reported by Junsung Lee on 2023-09-13\n", "id": "FreeBSD-2023-0330", "modified": "2023-11-03T00:00:00Z", "published": "2023-11-03T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://chromereleases.googleblog.com/2023/10/stable-channel-update-for-desktop_31.html" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-5480" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-5482" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-5849" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-5850" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-5851" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-5852" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-5853" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-5854" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-5855" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-5856" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-5857" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-5858" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-5859" }, { "type": "WEB", "url": "https://chromereleases.googleblog.com/2023/10/stable-channel-update-for-desktop_31.html" } ], "schema_version": "1.7.0", "summary": "chromium -- multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "phpmyfaq-php80" }, "ranges": [ { "events": [ { "fixed": "3.2.2" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "phpmyfaq-php81" }, "ranges": [ { "events": [ { "fixed": "3.2.2" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "phpmyfaq-php82" }, "ranges": [ { "events": [ { "fixed": "3.2.2" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "phpmyfaq-php83" }, "ranges": [ { "events": [ { "fixed": "3.2.2" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://www.phpmyfaq.de/security/advisory-2023-10-27" ], "discovery": "2023-10-31T00:00:00Z", "references": { "cvename": [ "CVE-2023-5863", "CVE-2023-5865" ] }, "vid": "4f370c80-79ce-11ee-be8e-589cfc0f81b0" }, "details": "phpmyfaq developers report:\n\n> XSS\n>\n> Insufficient session expiration\n", "id": "FreeBSD-2023-0329", "modified": "2023-11-02T00:00:00Z", "published": "2023-11-02T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://www.phpmyfaq.de/security/advisory-2023-10-27" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-5863" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-5865" }, { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-5863" }, { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-5865" }, { "type": "WEB", "url": "https://huntr.com/bounties/fbfd4e84-61fb-4063-8f11-15877b8c1f6f/" }, { "type": "WEB", "url": "https://huntr.com/bounties/4c4b7395-d9fd-4ca0-98d7-2e20c1249aff/" } ], "schema_version": "1.7.0", "summary": "phpmyfaq -- multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "open-vm-tools" }, "ranges": [ { "events": [ { "fixed": "12.3.5" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "open-vm-tools-nox11" }, "ranges": [ { "events": [ { "fixed": "12.3.5" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://www.vmware.com/security/advisories/VMSA-2023-0024.html" ], "discovery": "2023-10-26T00:00:00Z", "references": { "cvename": [ "CVE-2023-34058", "CVE-2023-34059" ] }, "vid": "d2505ec7-78ea-11ee-9131-6f01853956d5" }, "details": "VMware reports:\n\n> This update includes 2 security fixes:\n>\n> - High CVE-2023-34058: SAML token signature bypass vulnerability\n> - High CVE-2023-34059: File descriptor hijack vulnerability in the\n> vmware-user-suid-wrapper\n", "id": "FreeBSD-2023-0328", "modified": "2023-11-01T00:00:00Z", "published": "2023-11-01T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://www.vmware.com/security/advisories/VMSA-2023-0024.html" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-34058" }, { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-34058" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-34059" }, { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-34059" } ], "schema_version": "1.7.0", "summary": "open-vm-tools -- Multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "gitlab-ce" }, "ranges": [ { "events": [ { "introduced": "16.5.0" }, { "fixed": "16.5.1" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "16.4.0" }, { "fixed": "16.4.2" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "11.6.0" }, { "fixed": "16.3.6" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://about.gitlab.com/releases/2023/10/31/security-release-gitlab-16-5-1-16-4-2-16-3-6-released/" ], "discovery": "2023-10-31T00:00:00Z", "references": { "cvename": [ "CVE-2023-3399", "CVE-2023-5825", "CVE-2023-3909", "CVE-2023-3246", "CVE-2023-5600", "CVE-2023-4700", "CVE-2023-5831" ] }, "vid": "a612c25f-788a-11ee-8d57-001b217b3468" }, "details": "Gitlab reports:\n\n> Disclosure of CI/CD variables using Custom project templates\n>\n> GitLab omnibus DoS crash via OOM with CI Catalogs\n>\n> Parsing gitlab-ci.yml with large string via timeout input leads to\n> Denial of Service\n>\n> DoS - Blocking FIFO files in Tar archives\n>\n> Titles exposed by service-desk template\n>\n> Approval on protected environments can be bypassed\n>\n> Version information disclosure when super_sidebar_logged_out feature\n> flag is enabled\n>\n> Add abuse detection for search syntax filter pipes\n", "id": "FreeBSD-2023-0327", "modified": "2023-11-01T00:00:00Z", "published": "2023-11-01T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://about.gitlab.com/releases/2023/10/31/security-release-gitlab-16-5-1-16-4-2-16-3-6-released/" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-3399" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-5825" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-3909" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-3246" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-5600" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-4700" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-5831" }, { "type": "WEB", "url": "https://about.gitlab.com/releases/2023/10/31/security-release-gitlab-16-5-1-16-4-2-16-3-6-released/" } ], "schema_version": "1.7.0", "summary": "Gitlab -- Vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "zeek" }, "ranges": [ { "events": [ { "fixed": "6.0.2" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://github.com/zeek/zeek/releases/tag/v6.0.2" ], "discovery": "2023-10-27T00:00:00Z", "vid": "386a14bb-1a21-41c6-a2cf-08d79213379b" }, "details": "Tim Wojtulewicz of Corelight reports:\n\n> A specially-crafted SSL packet could cause Zeek to leak memory and\n> potentially crash.\n>\n> A specially-crafted series of FTP packets could cause Zeek to log\n> entries for requests that have already been completed, using resources\n> unnecessarily and potentially causing Zeek to lose other traffic.\n>\n> A specially-crafted series of SSL packets could cause Zeek to output a\n> very large number of unnecessary alerts for the same record.\n>\n> A specially-crafted series of SSL packets could cause Zeek to generate\n> very long ssl_history fields in the ssl.log, potentially using a large\n> amount of memory due to unbounded state growth\n>\n> A specially-crafted IEEE802.11 packet could cause Zeek to overflow\n> memory and potentially crash\n", "id": "FreeBSD-2023-0326", "modified": "2023-10-27T00:00:00Z", "published": "2023-10-27T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://github.com/zeek/zeek/releases/tag/v6.0.2" }, { "type": "WEB", "url": "https://github.com/zeek/zeek/releases/tag/v6.0.2" } ], "schema_version": "1.7.0", "summary": "zeek -- potential DoS vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "chromium" }, "ranges": [ { "events": [ { "fixed": "118.0.5993.117" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "ungoogled-chromium" }, "ranges": [ { "events": [ { "fixed": "118.0.5993.117" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://chromereleases.googleblog.com/2023/10/stable-channel-update-for-desktop_24.html" ], "discovery": "2023-10-24T00:00:00Z", "references": { "cvename": [ "CVE-2023-5472" ] }, "vid": "db33e250-74f7-11ee-8290-a8a1599412c6" }, "details": "Chrome Releases reports:\n\n> This update includes 2 security fixes:\n>\n> - \\[1491296\\] High CVE-2023-5472: Use after free in Profiles. Reported\n> by \\@18\u697c\u68a6\u60f3\u6539\u9020\u5bb6 on 2023-10-10\n", "id": "FreeBSD-2023-0325", "modified": "2023-10-27T00:00:00Z", "published": "2023-10-27T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://chromereleases.googleblog.com/2023/10/stable-channel-update-for-desktop_24.html" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-5472" }, { "type": "WEB", "url": "https://chromereleases.googleblog.com/2023/10/stable-channel-update-for-desktop_24.html" } ], "schema_version": "1.7.0", "summary": "chromium -- multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "xorg-server" }, "ranges": [ { "events": [ { "fixed": "21.1.9,1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "xephyr" }, "ranges": [ { "events": [ { "fixed": "21.1.9,1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "xorg-vfbserver" }, "ranges": [ { "events": [ { "fixed": "21.1.9,1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "xorg-nestserver" }, "ranges": [ { "events": [ { "fixed": "21.1.9,2" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "xwayland" }, "ranges": [ { "events": [ { "fixed": "23.2.2,1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "xwayland-devel" }, "ranges": [ { "events": [ { "fixed": "21.0.99.1.542" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://lists.x.org/archives/xorg-announce/2023-October/003430.html" ], "discovery": "2023-10-25T00:00:00Z", "references": { "cvename": [ "CVE-2023-5367", "CVE-2023-5380" ] }, "vid": "9e2fdfc7-e237-4393-9fa5-2d50908c66b3" }, "details": "The X.Org project reports:\n\n> - ZDI-CAN-22153/CVE-2023-5367: X.Org server: OOB write in\n> XIChangeDeviceProperty/RRChangeOutputProperty\n>\n> When prepending values to an existing property an invalid offset\n> calculation causes the existing values to be appended at the wrong\n> offset. The resulting memcpy() would write into memory outside the\n> heap-allocated array.\n>\n> - ZDI-CAN-21608/CVE-2023-5380: Use-after-free bug in DestroyWindow\n>\n> This vulnerability requires a legacy multi-screen setup with\n> multiple protocol screens (\\\"Zaphod\\\"). If the pointer is warped\n> from one screen to the root window of the other screen, the\n> enter/leave code may retain a reference to the previous pointer\n> window. Destroying this window leaves that reference in place, other\n> windows may then trigger a use-after-free bug when they are\n> destroyed.\n", "id": "FreeBSD-2023-0324", "modified": "2023-10-25T00:00:00Z", "published": "2023-10-25T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://lists.x.org/archives/xorg-announce/2023-October/003430.html" }, { "type": "WEB", "url": "https://lists.x.org/archives/xorg-announce/2023-October/003430.html" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-5367" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-5380" } ], "schema_version": "1.7.0", "summary": "xorg-server -- Multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "squid" }, "ranges": [ { "events": [ { "fixed": "6.4" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://github.com/squid-cache/squid/security/advisories?page=1" ], "discovery": "2023-10-21T00:00:00Z", "vid": "a8fb8e3a-730d-11ee-ab61-b42e991fc52e" }, "details": "The squid-cache project reports:\n\n> - Denial of Service in FTP\n> - Request/Response smuggling in HTTP/1.1 and ICAP\n> - Denial of Service in HTTP Digest Authentication\n", "id": "FreeBSD-2023-0323", "modified": "2023-10-25T00:00:00Z", "published": "2023-10-25T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://github.com/squid-cache/squid/security/advisories?page=1" }, { "type": "WEB", "url": "https://github.com/squid-cache/squid/security/advisories/GHSA-2g3c-pg7q-g59w" }, { "type": "WEB", "url": "https://github.com/squid-cache/squid/security/advisories/GHSA-j83v-w3p4-5cqh" }, { "type": "WEB", "url": "https://github.com/squid-cache/squid/security/advisories/GHSA-phqj-m8gv-cq4g" } ], "schema_version": "1.7.0", "summary": "squid -- Multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "openssl" }, "ranges": [ { "events": [ { "fixed": "3.0.12,1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "openssl31" }, "ranges": [ { "events": [ { "fixed": "3.1.4" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "openssl-quictls" }, "ranges": [ { "events": [ { "fixed": "3.0.12" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://www.openssl.org/news/secadv/20231024.txt" ], "discovery": "2023-10-24T00:00:00Z", "references": { "cvename": [ "CVE-2023-5363" ] }, "vid": "4a4712ae-7299-11ee-85eb-84a93843eb75" }, "details": "The OpenSSL team reports:\n\n> Moderate severity: A bug has been identified in the processing of key\n> and initialisation vector (IV) lengths. This can lead to potential\n> truncation or overruns during the initialisation of some symmetric\n> ciphers.\n", "id": "FreeBSD-2023-0322", "modified": "2023-10-24T00:00:00Z", "published": "2023-10-24T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://www.openssl.org/news/secadv/20231024.txt" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-5363" }, { "type": "WEB", "url": "https://www.openssl.org/news/secadv/20231024.txt" } ], "schema_version": "1.7.0", "summary": "OpenSSL -- potential loss of confidentiality" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "mysql57-server" }, "ranges": [ { "events": [ { "fixed": "5.7.44" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "mysql-connector-c++" }, "ranges": [ { "events": [ { "fixed": "8.0.35" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "mysql-connector-j" }, "ranges": [ { "events": [ { "fixed": "8.1.1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "mysql-connector-odbc" }, "ranges": [ { "events": [ { "fixed": "8.1.1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "mysql80-server" }, "ranges": [ { "events": [ { "fixed": "8.0.35" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://www.oracle.com/security-alerts/cpuoct2023.html#AppendixMSQL" ], "discovery": "2023-10-17T00:00:00Z", "references": { "cvename": [ "CVE-2022-42898", "CVE-2023-2650", "CVE-2023-3817", "CVE-2023-22015", "CVE-2023-22026", "CVE-2023-22028", "CVE-2023-22032", "CVE-2023-22059", "CVE-2023-22064", "CVE-2023-22065", "CVE-2023-22066", "CVE-2023-22068", "CVE-2023-22070", "CVE-2023-22078", "CVE-2023-22079", "CVE-2023-22084", "CVE-2023-22092", "CVE-2023-22094", "CVE-2023-22095", "CVE-2023-22097", "CVE-2023-22102", "CVE-2023-22103", "CVE-2023-22104", "CVE-2023-22110", "CVE-2023-22111", "CVE-2023-22112", "CVE-2023-22113", "CVE-2023-22114", "CVE-2023-22115", "CVE-2023-38545" ] }, "vid": "22df5074-71cd-11ee-85eb-84a93843eb75" }, "details": "Oracle reports:\n\n> This Critical Patch Update contains 37 new security patches, plus\n> additional third party patches noted below, for Oracle MySQL. 9 of\n> these vulnerabilities may be remotely exploitable without\n> authentication, i.e., may be exploited over a network without\n> requiring user credentials.\n", "id": "FreeBSD-2023-0321", "modified": "2023-10-23T00:00:00Z", "published": "2023-10-23T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://www.oracle.com/security-alerts/cpuoct2023.html#AppendixMSQL" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-42898" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-2650" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-3817" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-22015" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-22026" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-22028" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-22032" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-22059" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-22064" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-22065" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-22066" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-22068" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-22070" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-22078" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-22079" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-22084" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-22092" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-22094" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-22095" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-22097" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-22102" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-22103" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-22104" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-22110" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-22111" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-22112" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-22113" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-22114" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-22115" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-38545" }, { "type": "WEB", "url": "https://www.oracle.com/security-alerts/cpuoct2023.html#AppendixMSQL" } ], "schema_version": "1.7.0", "summary": "MySQL -- Multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "rt44" }, "ranges": [ { "events": [ { "fixed": "4.4.6" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "rt50" }, "ranges": [ { "events": [ { "fixed": "5.0.4" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "discovery": "2023-10-18T00:00:00Z", "references": { "cvename": [ "CVE-2023-41259", "CVE-2023-41260", "CVE-2023-45024" ] }, "vid": "e14b9870-62a4-11ee-897b-000bab9f87f1" }, "details": "Request Tracker reports:\n\nCVE-2023-41259 SECURITY: RT is vulnerable to unvalidated email headers\nin incoming email and the mail-gateway REST interface.\n\nCVE-2023-41260 SECURITY: RT is vulnerable to information leakage via\nresponse messages returned from requests sent via the mail-gateway REST\ninterface.\n\nCVE-2023-45024 SECURITY: RT 5.0 is vulnerable to information leakage via\ntransaction searches made by authenticated users in the transaction\nquery builder.\n", "id": "FreeBSD-2023-0320", "modified": "2023-10-18T00:00:00Z", "published": "2023-10-18T00:00:00Z", "references": [ { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-41259" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-41260" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-45024" }, { "type": "WEB", "url": "https://bestpractical.com/request-tracker/" } ], "schema_version": "1.7.0", "summary": "Request Tracker -- multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "electron25" }, "ranges": [ { "events": [ { "fixed": "25.9.2" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "electron26" }, "ranges": [ { "events": [ { "fixed": "26.4.1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://github.com/electron/electron/releases/tag/v25.9.2" ], "discovery": "2023-10-18T00:00:00Z", "references": { "cvename": [ "CVE-2023-5218" ] }, "vid": "9000591b-483b-45ac-9c87-b3df3a4198ec" }, "details": "Electron developers report:\n\n> This update fixes the following vulnerability:\n>\n> - Security: backported fix for CVE-2023-5218.\n", "id": "FreeBSD-2023-0319", "modified": "2023-10-19T00:00:00Z", "published": "2023-10-19T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://github.com/electron/electron/releases/tag/v25.9.2" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-5218" }, { "type": "ADVISORY", "url": "https://github.com/advisories/GHSA-cvp3-7vpw-ffh6" } ], "schema_version": "1.7.0", "summary": "electron{25,26} -- Use after free in Site Isolation" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "apache24" }, "ranges": [ { "events": [ { "fixed": "2.4.58" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://dlcdn.apache.org/httpd/CHANGES_2.4.58" ], "discovery": "2023-10-19T00:00:00Z", "references": { "cvename": [ "CVE-2023-45802", "CVE-2023-43622", "CVE-2023-31122" ] }, "vid": "f923205f-6e66-11ee-85eb-84a93843eb75" }, "details": "The Apache httpd project reports:\n\n> - CVE-2023-45802: Apache HTTP Server: HTTP/2 stream memory not\n> reclaimed right away on RST\n> - CVE-2023-43622: Apache HTTP Server: DoS in HTTP/2 with initial\n> windows size 0\n> - CVE-2023-31122: mod_macro buffer over-read\n", "id": "FreeBSD-2023-0318", "modified": "2023-10-19T00:00:00Z", "published": "2023-10-19T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://dlcdn.apache.org/httpd/CHANGES_2.4.58" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-45802" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-43622" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-31122" }, { "type": "WEB", "url": "https://dlcdn.apache.org/httpd/CHANGES_2.4.58" } ], "schema_version": "1.7.0", "summary": "Apache httpd -- Multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "moonlight-embedded" }, "ranges": [ { "events": [ { "fixed": "2.6.1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://github.com/moonlight-stream/moonlight-embedded/releases/tag/v2.6.1" ], "discovery": "2022-01-11T00:00:00Z", "references": { "cvename": [ "CVE-2022-42799", "CVE-2022-42800", "CVE-2022-42801" ] }, "vid": "f8c2f741-6be1-11ee-b33a-a04a5edf46d9" }, "details": "The moonlight-embedded project reports:\n\n> Moonlight Embedded v2.6.1 fixed CVE-2023-42799, CVE-2023-42800, and\n> CVE-2023-42801.\n", "id": "FreeBSD-2023-0317", "modified": "2023-10-16T00:00:00Z", "published": "2023-10-16T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://github.com/moonlight-stream/moonlight-embedded/releases/tag/v2.6.1" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-42799" }, { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-42799" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-42800" }, { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-42800" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-42801" }, { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-42801" } ], "schema_version": "1.7.0", "summary": "moonlight-embedded -- multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "jenkins" }, "ranges": [ { "events": [ { "fixed": "2.428" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "jenkins-lts" }, "ranges": [ { "events": [ { "fixed": "2.414.3" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://www.jenkins.io/security/advisory/2023-10-18/" ], "discovery": "2023-10-18T00:00:00Z", "references": { "cvename": [ "CVE-2023-36478", "CVE-2023-44487" ] }, "vid": "1ee26d45-6ddb-11ee-9898-00e081b7aa2d" }, "details": "Jenkins Security Advisory:\n\n> # Description\n>\n> ##### (High) SECURITY-3291 / CVE-2023-36478, CVE-2023-44487\n>\n> HTTP/2 denial of service vulnerability in bundled Jetty\n", "id": "FreeBSD-2023-0316", "modified": "2023-10-18T00:00:00Z", "published": "2023-10-18T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://www.jenkins.io/security/advisory/2023-10-18/" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-36478" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-44487" }, { "type": "WEB", "url": "https://www.jenkins.io/security/advisory/2023-10-18/" } ], "schema_version": "1.7.0", "summary": "jenkins -- HTTP/2 denial of service vulnerability in bundled Jetty" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "roundcube" }, "ranges": [ { "events": [ { "fixed": "1.6.4,1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://roundcube.net/news/2023/10/16/security-update-1.6.4-released" ], "discovery": "2023-10-16T00:00:00Z", "vid": "d2ad7647-6dd9-11ee-85eb-84a93843eb75" }, "details": "The Roundcube project reports:\n\n> cross-site scripting (XSS) vulnerability in handling of SVG in HTML\n> messages\n", "id": "FreeBSD-2023-0315", "modified": "2023-10-18T00:00:00Z", "published": "2023-10-18T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://roundcube.net/news/2023/10/16/security-update-1.6.4-released" }, { "type": "WEB", "url": "https://roundcube.net/news/2023/10/16/security-update-1.6.4-released" } ], "schema_version": "1.7.0", "summary": "Roundcube -- XSS vulnerability in SVG" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "redis" }, "ranges": [ { "events": [ { "fixed": "7.2.2" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "redis-devel" }, "ranges": [ { "events": [ { "fixed": "7.2.2.20231018" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "redis70" }, "ranges": [ { "events": [ { "fixed": "7.0.14" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "redis62" }, "ranges": [ { "events": [ { "fixed": "6.2.14" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://groups.google.com/g/redis-db/c/r81pHa-dcI8" ], "discovery": "2023-10-18T00:00:00Z", "references": { "cvename": [ "CVE-2023-45145" ] }, "vid": "8706e097-6db7-11ee-8744-080027f5fec9" }, "details": "Redis core team reports:\n\n> The wrong order of listen(2) and chmod(2) calls creates a race\n> condition that can be used by another process to bypass desired Unix\n> socket permissions on startup.\n", "id": "FreeBSD-2023-0314", "modified": "2023-10-18T00:00:00Z", "published": "2023-10-18T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://groups.google.com/g/redis-db/c/r81pHa-dcI8" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-45145" }, { "type": "WEB", "url": "https://groups.google.com/g/redis-db/c/r81pHa-dcI8" } ], "schema_version": "1.7.0", "summary": "redis -- Possible bypassing Unix socket permissions" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "libcue" }, "ranges": [ { "events": [ { "fixed": "2.3.0" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://github.com/lipnitsk/libcue/releases/tag/v2.3.0" ], "discovery": "2023-10-09T00:00:00Z", "references": { "cvename": [ "CVE-2023-43641" ] }, "vid": "ae0ee356-6ae1-11ee-bfb6-8c164567ca3c" }, "details": "The libcue team reports:\n\n> There is a vulnerability to out-of-bounds array access.\n", "id": "FreeBSD-2023-0313", "modified": "2023-10-14T00:00:00Z", "published": "2023-10-14T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://github.com/lipnitsk/libcue/releases/tag/v2.3.0" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-43641" }, { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-43641" } ], "schema_version": "1.7.0", "summary": "libcue -- out-of-bounds array access" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "traefik" }, "ranges": [ { "events": [ { "fixed": "2.10.5" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://github.com/traefik/traefik/security/advisories/GHSA-7v4p-328v-8v5g" ], "discovery": "2023-10-10T00:00:00Z", "references": { "cvename": [ "CVE-2023-39325", "CVE-2023-44487" ] }, "vid": "7a1b2624-6a89-11ee-af06-5404a68ad561" }, "details": "The traefik authors report:\n\n> There is a vulnerability in GO managing HTTP/2 requests, which impacts\n> Traefik. This vulnerability could be exploited to cause a denial of\n> service.\n", "id": "FreeBSD-2023-0312", "modified": "2023-10-14T00:00:00Z", "published": "2023-10-14T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://github.com/traefik/traefik/security/advisories/GHSA-7v4p-328v-8v5g" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-39325" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-44487" }, { "type": "WEB", "url": "https://github.com/traefik/traefik/security/advisories/GHSA-7v4p-328v-8v5g" } ], "schema_version": "1.7.0", "summary": "traefik -- Resource exhaustion by malicious HTTP/2 client" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "libXpm" }, "ranges": [ { "events": [ { "fixed": "3.5.17" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://lists.x.org/archives/xorg/2023-October/061506.html" ], "discovery": "2023-09-22T00:00:00Z", "references": { "cvename": [ "CVE-2023-43788", "CVE-2023-43789" ] }, "vid": "199cdb4d-690d-11ee-9ed0-001fc69cd6dc" }, "details": "The X.Org project reports:\n\n> \n>\n> CVE-2023-43788: Out of bounds read in XpmCreateXpmImageFromBuffer\n> : An out-of-bounds read is located in ParseComment() when reading\n> from a memory buffer instead of a file, as it continued to look\n> for the closing comment marker past the end of the buffer.\n>\n> CVE-2023-43789: Out of bounds read on XPM with corrupted colormap\n> : A corrupted colormap section may cause libXpm to read out of\n> bounds.\n", "id": "FreeBSD-2023-0311", "modified": "2023-10-12T00:00:00Z", "published": "2023-10-12T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://lists.x.org/archives/xorg/2023-October/061506.html" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-43788" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-43789" }, { "type": "WEB", "url": "https://lists.x.org/archives/xorg/2023-October/061506.html" } ], "schema_version": "1.7.0", "summary": "x11/libXpm multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "libX11" }, "ranges": [ { "events": [ { "fixed": "1.8.7" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://lists.x.org/archives/xorg/2023-October/061506.html" ], "discovery": "2023-09-22T00:00:00Z", "references": { "cvename": [ "CVE-2023-43785", "CVE-2023-43786", "CVE-2023-43787" ] }, "vid": "bd92f1ab-690c-11ee-9ed0-001fc69cd6dc" }, "details": "The X.Org project reports:\n\n> \n>\n> CVE-2023-43785: out-of-bounds memory access in \\_XkbReadKeySyms()\n> : When libX11 is processing the reply from the X server to the\n> XkbGetMap request, if it detected the number of symbols in the new\n> map was less than the size of the buffer it had allocated, it\n> always added room for 128 more symbols, instead of the actual size\n> needed. While the \\_XkbReadBufferCopyKeySyms() helper function\n> returned an error if asked to copy more keysyms into the buffer\n> than there was space allocated for, the caller never checked for\n> an error and assumed the full set of keysyms was copied into the\n> buffer and could then try to read out of bounds when accessing the\n> buffer. libX11 1.8.7 has been patched to both fix the size\n> allocated and check for error returns from\n> \\_XkbReadBufferCopyKeySyms().\n>\n> CVE-2023-43786: stack exhaustion in XPutImage\n> : When splitting a single line of pixels into chunks that fit in a\n> single request (not using the BIG-REQUESTS extension) to send to\n> the X server, the code did not take into account the number of\n> bits per pixel, so would just loop forever finding it needed to\n> send more pixels than fit in the given request size and not\n> breaking them down into a small enough chunk to fit. An XPM file\n> was provided that triggered this bug when loaded via libXpm\\'s\n> XpmReadFileToPixmap() function, which in turn calls XPutImage()\n> and hit this bug.\n>\n> CVE-2023-43787: integer overflow in XCreateImage() leading to a heap overflow\n> : When creating an image, there was no validation that the\n> multiplication of the caller-provided width by the visual\\'s\n> bits_per_pixel did not overflow and thus result in the allocation\n> of a buffer too small to hold the data that would be copied into\n> it. An XPM file was provided that triggered this bug when loaded\n> via libXpm\\'s XpmReadFileToPixmap() function, which in turn calls\n> XCreateImage() and hit this bug.i\n", "id": "FreeBSD-2023-0310", "modified": "2023-10-12T00:00:00Z", "published": "2023-10-12T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://lists.x.org/archives/xorg/2023-October/061506.html" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-43785" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-43786" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-43787" }, { "type": "WEB", "url": "https://lists.x.org/archives/xorg/2023-October/061506.html" } ], "schema_version": "1.7.0", "summary": "11/libX11 multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "chromium" }, "ranges": [ { "events": [ { "fixed": "118.0.5993.70" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "ungoogled-chromium" }, "ranges": [ { "events": [ { "fixed": "118.0.5993.70" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "qt6-webengine" }, "ranges": [ { "events": [ { "fixed": "6.6.1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://chromereleases.googleblog.com/2023/10/stable-channel-update-for-desktop_10.html" ], "discovery": "2023-10-10T00:00:00Z", "references": { "cvename": [ "CVE-2023-5218", "CVE-2023-5487", "CVE-2023-5484", "CVE-2023-5475", "CVE-2023-5483", "CVE-2023-5481", "CVE-2023-5476", "CVE-2023-5474", "CVE-2023-5479", "CVE-2023-5485", "CVE-2023-5478", "CVE-2023-5477", "CVE-2023-5486", "CVE-2023-5473" ] }, "vid": "07ee8c14-68f1-11ee-8290-a8a1599412c6" }, "details": "Chrome Releases reports:\n\n> This update includes 20 security fixes:\n>\n> - \\[1487110\\] Critical CVE-2023-5218: Use after free in Site\n> Isolation. Reported by \\@18\u697c\u68a6\u60f3\u6539\u9020\u5bb6 on 2023-09-27\n> - \\[1062251\\] Medium CVE-2023-5487: Inappropriate implementation in\n> Fullscreen. Reported by Anonymous on 2020-03-17\n> - \\[1414936\\] Medium CVE-2023-5484: Inappropriate implementation in\n> Navigation. Reported by Thomas Orlita on 2023-02-11\n> - \\[1476952\\] Medium CVE-2023-5475: Inappropriate implementation in\n> DevTools. Reported by Axel Chong on 2023-08-30\n> - \\[1425355\\] Medium CVE-2023-5483: Inappropriate implementation in\n> Intents. Reported by Axel Chong on 2023-03-17\n> - \\[1458934\\] Medium CVE-2023-5481: Inappropriate implementation in\n> Downloads. Reported by Om Apip on 2023-06-28\n> - \\[1474253\\] Medium CVE-2023-5476: Use after free in Blink History.\n> Reported by Yunqin Sun on 2023-08-20\n> - \\[1483194\\] Medium CVE-2023-5474: Heap buffer overflow in PDF.\n> Reported by \\[pwn2car\\] on 2023-09-15\n> - \\[1471253\\] Medium CVE-2023-5479: Inappropriate implementation in\n> Extensions API. Reported by Axel Chong on 2023-08-09\n> - \\[1395164\\] Low CVE-2023-5485: Inappropriate implementation in\n> Autofill. Reported by Ahmed ElMasry on 2022-12-02\n> - \\[1472404\\] Low CVE-2023-5478: Inappropriate implementation in\n> Autofill. Reported by Ahmed ElMasry on 2023-08-12\n> - \\[1472558\\] Low CVE-2023-5477: Inappropriate implementation in\n> Installer. Reported by Bahaa Naamneh of Crosspoint Labs on\n> 2023-08-13\n> - \\[1357442\\] Low CVE-2023-5486: Inappropriate implementation in\n> Input. Reported by Hafiizh on 2022-08-29\n> - \\[1484000\\] Low CVE-2023-5473: Use after free in Cast. Reported by\n> DarkNavy on 2023-09-18\n", "id": "FreeBSD-2023-0309", "modified": "2023-10-11T00:00:00Z", "published": "2023-10-11T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://chromereleases.googleblog.com/2023/10/stable-channel-update-for-desktop_10.html" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-5218" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-5487" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-5484" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-5475" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-5483" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-5481" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-5476" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-5474" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-5479" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-5485" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-5478" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-5477" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-5486" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-5473" }, { "type": "WEB", "url": "https://chromereleases.googleblog.com/2023/10/stable-channel-update-for-desktop_10.html" } ], "schema_version": "1.7.0", "summary": "chromium -- multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "electron25" }, "ranges": [ { "events": [ { "fixed": "25.9.1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://github.com/electron/electron/releases/tag/v25.9.1" ], "discovery": "2023-10-11T00:00:00Z", "references": { "cvename": [ "CVE-2023-5187" ] }, "vid": "4281b712-ad6b-4c21-8f66-619a9150691f" }, "details": "Electron developers report:\n\n> This update fixes the following vulnerability:\n>\n> - Security: backported fix for CVE-2023-5187.\n", "id": "FreeBSD-2023-0308", "modified": "2023-10-12T00:00:00Z", "published": "2023-10-12T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://github.com/electron/electron/releases/tag/v25.9.1" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-5187" }, { "type": "ADVISORY", "url": "https://github.com/advisories/GHSA-hg3r-958g-g8vq" } ], "schema_version": "1.7.0", "summary": "electron25 -- Use after free in extensions vulnerability" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "curl" }, "ranges": [ { "events": [ { "introduced": "7.69.0,1" }, { "fixed": "8.4.0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "cmake-core" }, "ranges": [ { "events": [ { "fixed": "3.27.8" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://curl.se/docs/CVE-2023-38545.html" ], "discovery": "2023-09-30T00:00:00Z", "references": { "cvename": [ "CVE-2023-38545" ] }, "vid": "d6c19e8c-6806-11ee-9464-b42e991fc52e" }, "details": "The curl team reports:\n\n> This flaw makes curl overflow a heap based buffer in the SOCKS5 proxy\n> handshake. When curl is asked to pass along the hostname to the SOCKS5\n> proxy to allow that to resolve the address instead of it getting done\n> by curl itself, the maximum length that hostname can be is 255 bytes.\n> If the hostname is detected to be longer than 255 bytes, curl switches\n> to local name resolving and instead passes on the resolved address\n> only to the proxy. Due to a bug, the local variable that means \\\"let\n> the host resolve the name\\\" could get the wrong value during a slow\n> SOCKS5 handshake, and contrary to the intention, copy the too long\n> hostname to the target buffer instead of copying just the resolved\n> address there.\n", "id": "FreeBSD-2023-0307", "modified": "2023-10-11T00:00:00Z", "published": "2023-10-11T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://curl.se/docs/CVE-2023-38545.html" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-38545" }, { "type": "WEB", "url": "https://curl.se/docs/CVE-2023-38545.html" } ], "schema_version": "1.7.0", "summary": "curl -- SOCKS5 heap buffer overflow" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "h2o" }, "ranges": [ { "events": [ { "last_affected": "2.2.6" }, { "fixed": "2.2.6" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "h2o-devel" }, "ranges": [ { "events": [ { "fixed": "2.3.0.d.20231010" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://github.com/h2o/h2o/issues/3291" ], "discovery": "2023-10-10T00:00:00Z", "references": { "cvename": [ "CVE-2023-44487" ] }, "vid": "bf545001-b96d-42e4-9d2e-60fdee204a43" }, "details": "Kazuo Okuhu reports:\n\n> H2O is vulnerable to the HTTP/2 Rapid Reset attack. An attacker might\n> be able to consume more than adequate amount of processing power of\n> h2o and the backend servers by mounting the attack.\n", "id": "FreeBSD-2023-0306", "modified": "2023-10-10T00:00:00Z", "published": "2023-10-10T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://github.com/h2o/h2o/issues/3291" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-44487" }, { "type": "WEB", "url": "https://github.com/h2o/h2o/security/advisories/GHSA-2m7v-gc89-fjqf" } ], "schema_version": "1.7.0", "summary": "h2o -- HTTP/2 Rapid Reset attack vulnerability" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "py39-django32" }, "ranges": [ { "events": [ { "fixed": "3.2.22" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "py310-django32" }, "ranges": [ { "events": [ { "fixed": "3.2.22" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "py311-django32" }, "ranges": [ { "events": [ { "fixed": "3.2.22" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "py39-django41" }, "ranges": [ { "events": [ { "fixed": "4.1.12" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "py310-django41" }, "ranges": [ { "events": [ { "fixed": "4.1.12" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "py311-django41" }, "ranges": [ { "events": [ { "fixed": "4.1.12" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "py39-django42" }, "ranges": [ { "events": [ { "fixed": "4.2.6" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "py310-django42" }, "ranges": [ { "events": [ { "fixed": "4.2.6" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "py311-django42" }, "ranges": [ { "events": [ { "fixed": "4.2.6" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://www.djangoproject.com/weblog/2023/oct/04/security-releases/" ], "discovery": "2023-10-01T00:00:00Z", "references": { "cvename": [ "CVE-2023-43665" ] }, "vid": "4f254817-6318-11ee-b2ff-080027de9982" }, "details": "Django reports:\n\n> CVE-2023-43665: Denial-of-service possibility in\n> django.utils.text.Truncator.\n", "id": "FreeBSD-2023-0305", "modified": "2023-10-05T00:00:00Z", "published": "2023-10-05T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://www.djangoproject.com/weblog/2023/oct/04/security-releases/" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-43665" }, { "type": "WEB", "url": "https://www.djangoproject.com/weblog/2023/oct/04/security-releases/" } ], "schema_version": "1.7.0", "summary": "Django -- multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "libspf2" }, "ranges": [ { "events": [ { "fixed": "1.2.11_1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://www.zerodayinitiative.com/advisories/ZDI-23-1472/" ], "discovery": "2022-06-06T00:00:00Z", "references": { "cvename": [ "CVE-2023-42118" ] }, "vid": "915855ad-283d-4597-b01e-e0bf611db78b" }, "details": "Trendmicro ZDI reports:\n\n> Integer Underflow Remote Code Execution Vulnerability\n>\n> The specific flaw exists within the parsing of SPF macros. When\n> parsing SPF macros, the process does not properly validate\n> user-supplied data, which can result in an integer underflow before\n> writing to memory. An attacker can leverage this vulnerability to\n> execute code in the context of the service account.\n", "id": "FreeBSD-2023-0304", "modified": "2025-05-04T00:00:00Z", "published": "2023-10-04T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1472/" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-42118" }, { "type": "ADVISORY", "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-42118" } ], "schema_version": "1.7.0", "summary": "libspf2 -- Integer Underflow Remote Code Execution" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "chromium" }, "ranges": [ { "events": [ { "fixed": "117.0.5938.149" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "ungoogled-chromium" }, "ranges": [ { "events": [ { "fixed": "117.0.5938.149" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://chromereleases.googleblog.com/2023/10/stable-channel-update-for-desktop.html" ], "discovery": "2023-10-03T00:00:00Z", "references": { "cvename": [ "CVE-2023-5346" ] }, "vid": "4e45c45b-629e-11ee-8290-a8a1599412c6" }, "details": "Chrome Releases reports:\n\n> This update includes 1 security fix:\n>\n> - \\[1485829\\] High CVE-2023-5346: Type Confusion in V8. Reported by\n> Amit Kumar on 2023-09-22\n", "id": "FreeBSD-2023-0303", "modified": "2023-10-04T00:00:00Z", "published": "2023-10-04T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://chromereleases.googleblog.com/2023/10/stable-channel-update-for-desktop.html" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-5346" }, { "type": "WEB", "url": "https://chromereleases.googleblog.com/2023/10/stable-channel-update-for-desktop.html" } ], "schema_version": "1.7.0", "summary": "chromium -- type confusion in v8" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:kernel", "name": "FreeBSD-kernel" }, "ranges": [ { "events": [ { "introduced": "13.2" }, { "fixed": "13.2_4" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "discovery": "2023-10-03T00:00:00Z", "references": { "cvename": [ "CVE-2023-5370" ], "freebsdsa": [ "SA-23:14.smccc" ] }, "vid": "162a675b-6251-11ee-8e38-002590c1f29c" }, "details": "# Problem Description:\n\nOn CPU 0 the check for the SMCCC workaround is called before SMCCC\nsupport has been initialized.\n\n# Impact:\n\nNo speculative execution workarounds are installed on CPU 0.\n", "id": "FreeBSD-2023-0302", "modified": "2023-10-04T00:00:00Z", "published": "2023-10-04T00:00:00Z", "references": [ { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-5370" }, { "type": "ADVISORY", "url": "https://www.freebsd.org/security/advisories/FreeBSD-SA-23:14.smccc.asc" } ], "schema_version": "1.7.0", "summary": "FreeBSD -- arm64 boot CPUs may lack speculative execution protections" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:kernel", "name": "FreeBSD-kernel" }, "ranges": [ { "events": [ { "introduced": "13.2" }, { "fixed": "13.2_4" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "discovery": "2023-10-03T00:00:00Z", "references": { "cvename": [ "CVE-2023-5369" ], "freebsdsa": [ "SA-23:13.capsicum" ] }, "vid": "e261e71c-6250-11ee-8e38-002590c1f29c" }, "details": "# Problem Description:\n\nThe syscall checked only for the CAP_READ and CAP_WRITE capabilities on\nthe input and output file descriptors, respectively. Using an offset is\nlogically equivalent to seeking, and the syscall must additionally\nrequire the CAP_SEEK capability.\n\n# Impact:\n\nA sandboxed process with only read or write but no seek capability on a\nfile descriptor may be able to read data from or write data to an\narbitrary location within the file corresponding to that file\ndescriptor.\n", "id": "FreeBSD-2023-0301", "modified": "2023-10-04T00:00:00Z", "published": "2023-10-04T00:00:00Z", "references": [ { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-5369" }, { "type": "ADVISORY", "url": "https://www.freebsd.org/security/advisories/FreeBSD-SA-23:13.capsicum.asc" } ], "schema_version": "1.7.0", "summary": "FreeBSD -- copy_file_range insufficient capability rights check" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:kernel", "name": "FreeBSD-kernel" }, "ranges": [ { "events": [ { "introduced": "13.2" }, { "fixed": "13.2_4" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "12.4" }, { "fixed": "12.4_6" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "discovery": "2023-10-03T00:00:00Z", "references": { "cvename": [ "CVE-2023-5368" ], "freebsdsa": [ "SA-23:12.msdosfs" ] }, "vid": "fefcd340-624f-11ee-8e38-002590c1f29c" }, "details": "# Problem Description:\n\nIn certain cases using the truncate or ftruncate system call to extend a\nfile size populates the additional space in the file with unallocated\ndata from the underlying disk device, rather than zero bytes.\n\n# Impact:\n\nA user with write access to files on a msdosfs file system may be able\nto read unintended data (for example, from a previously deleted file).\n", "id": "FreeBSD-2023-0300", "modified": "2023-10-04T00:00:00Z", "published": "2023-10-04T00:00:00Z", "references": [ { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-5368" }, { "type": "ADVISORY", "url": "https://www.freebsd.org/security/advisories/FreeBSD-SA-23:12.msdosfs.asc" } ], "schema_version": "1.7.0", "summary": "FreeBSD -- msdosfs data disclosure" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "mediawiki135" }, "ranges": [ { "events": [ { "fixed": "1.35.13" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "mediawiki139" }, "ranges": [ { "events": [ { "fixed": "1.39.5" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "mediawiki140" }, "ranges": [ { "events": [ { "fixed": "1.40.1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://lists.wikimedia.org/hyperkitty/list/mediawiki-announce@lists.wikimedia.org/message/BRWOWACCHMYRIS7JRTT6XD44X3362MVL/" ], "discovery": "2023-09-01T00:00:00Z", "references": { "cvename": [ "CVE-2023-3550" ] }, "vid": "e59fed96-60da-11ee-9102-000c29de725b" }, "details": "Mediawikwi reports:\n\n> (T264765, CVE-2023-PENDING) SECURITY: Users without correct permission\n> are incorrectly shown MediaWiki:Missing-revision-permission.\n>\n> (T333050, CVE-2023-PENDING) SECURITY: Fix infinite loop for\n> self-redirects with variants conversion.\n>\n> (T340217, CVE-2023-PENDING) SECURITY: Vector 2022: Numerous unescaped\n> messages leading to potential XSS.\n>\n> (T340220, CVE-2023-PENDING) SECURITY: Vector 2022: vector-intro-page\n> message is assumed to yield a valid title.\n>\n> (T340221, CVE-2023-PENDING) SECURITY: XSS via\n> \\'youhavenewmessagesmanyusers\\' and \\'youhavenewmessages\\' messages.\n>\n> (T341529, CVE-2023-PENDING) SECURITY: diff-multi-sameuser (\\\"X\n> intermediate revisions by the same user not shown\\\") ignores username\n> suppression.\n>\n> (T341565, CVE-2023-3550) SECURITY: Stored XSS when uploading crafted\n> XML file to Special:Upload (non-standard configuration).\n", "id": "FreeBSD-2023-0299", "modified": "2023-10-02T00:00:00Z", "published": "2023-10-02T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://lists.wikimedia.org/hyperkitty/list/mediawiki-announce@lists.wikimedia.org/message/BRWOWACCHMYRIS7JRTT6XD44X3362MVL/" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-3550" }, { "type": "WEB", "url": "https://lists.wikimedia.org/hyperkitty/list/mediawiki-announce@lists.wikimedia.org/message/BRWOWACCHMYRIS7JRTT6XD44X3362MVL/" } ], "schema_version": "1.7.0", "summary": "mediawiki -- multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "php80-composer" }, "ranges": [ { "events": [ { "fixed": "1.10.27" }, { "introduced": "0" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "2.0.0,1" }, { "fixed": "2.6.4" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "php81-composer" }, "ranges": [ { "events": [ { "fixed": "1.10.27" }, { "introduced": "0" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "2.0.0,1" }, { "fixed": "2.6.4" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "php82-composer" }, "ranges": [ { "events": [ { "fixed": "1.10.27" }, { "introduced": "0" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "2.0.0,1" }, { "fixed": "2.6.4" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "php83-composer" }, "ranges": [ { "events": [ { "fixed": "1.10.27" }, { "introduced": "0" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "2.0.0,1" }, { "fixed": "2.6.4" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "php80-composer2" }, "ranges": [ { "events": [ { "fixed": "2.6.4" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "php81-composer2" }, "ranges": [ { "events": [ { "fixed": "2.6.4" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "php82-composer2" }, "ranges": [ { "events": [ { "fixed": "2.6.4" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "php83-composer2" }, "ranges": [ { "events": [ { "fixed": "2.6.4" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://github.com/composer/composer/security/advisories/GHSA-jm6m-4632-36hf" ], "discovery": "2023-09-29T00:00:00Z", "references": { "cvename": [ "CVE-2023-43655" ] }, "vid": "33922b84-5f09-11ee-b63d-0897988a1c07" }, "details": "Composer project reports:\n\n> Description: Users publishing a composer.phar to a public\n> web-accessible server where the composer.phar can be executed as a php\n> file may be impacted if PHP also has register_argc_argv enabled in\n> php.ini.\n>\n> Workaround: Make sure register_argc_argv is disabled in php.ini, and\n> avoid publishing composer.phar to the web as this really should not\n> happen.\n", "id": "FreeBSD-2023-0298", "modified": "2023-09-30T00:00:00Z", "published": "2023-09-29T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://github.com/composer/composer/security/advisories/GHSA-jm6m-4632-36hf" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-43655" }, { "type": "WEB", "url": "https://github.com/composer/composer/security/advisories/GHSA-jm6m-4632-36hf" } ], "schema_version": "1.7.0", "summary": "Remote Code Execution via web-accessible composer" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "chromium" }, "ranges": [ { "events": [ { "fixed": "117.0.5938.132" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "ungoogled-chromium" }, "ranges": [ { "events": [ { "fixed": "117.0.5938.132" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "qt6-webengine" }, "ranges": [ { "events": [ { "fixed": "6.6.1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://chromereleases.googleblog.com/2023/09/stable-channel-update-for-desktop_27.html" ], "discovery": "2023-09-27T00:00:00Z", "references": { "cvename": [ "CVE-2023-5217", "CVE-2023-5186", "CVE-2023-5187" ] }, "vid": "6d9c6aae-5eb1-11ee-8290-a8a1599412c6" }, "details": "Chrome Releases reports:\n\n> This update includes 10 security fixes:\n>\n> - \\[1486441\\] High CVE-2023-5217: Heap buffer overflow in vp8 encoding\n> in libvpx. Reported by Cl\u00e9ment Lecigne of Google\\'s Threat Analysis\n> Group on 2023-09-25\n> - \\[1478889\\] High CVE-2023-5186: Use after free in Passwords.\n> Reported by \\[pwn2car\\] on 2023-09-05\n> - \\[1475798\\] High CVE-2023-5187: Use after free in Extensions.\n> Reported by Thomas Orlita on 2023-08-25\n", "id": "FreeBSD-2023-0297", "modified": "2023-09-29T00:00:00Z", "published": "2023-09-29T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://chromereleases.googleblog.com/2023/09/stable-channel-update-for-desktop_27.html" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-5217" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-5186" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-5187" }, { "type": "WEB", "url": "https://chromereleases.googleblog.com/2023/09/stable-channel-update-for-desktop_27.html" } ], "schema_version": "1.7.0", "summary": "chromium -- multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "electron22" }, "ranges": [ { "events": [ { "fixed": "22.3.25" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "electron24" }, "ranges": [ { "events": [ { "fixed": "24.8.5" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "electron25" }, "ranges": [ { "events": [ { "fixed": "25.8.4" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "libvpx" }, "ranges": [ { "events": [ { "fixed": "1.13.1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://github.com/electron/electron/releases/tag/v22.3.25" ], "discovery": "2023-09-28T00:00:00Z", "references": { "cvename": [ "CVE-2023-5217" ] }, "vid": "2bcd6ba4-d8e2-42e5-9033-b50b722821fb" }, "details": "Electron developers report:\n\n> This update fixes the following vulnerability:\n>\n> - Security: backported fix for CVE-2023-5217.\n", "id": "FreeBSD-2023-0296", "modified": "2023-09-30T00:00:00Z", "published": "2023-09-29T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://github.com/electron/electron/releases/tag/v22.3.25" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-5217" }, { "type": "ADVISORY", "url": "https://github.com/advisories/GHSA-qqvq-6xgj-jw8g" } ], "schema_version": "1.7.0", "summary": "electron{22,24,25} -- Heap buffer overflow in vp8 encoding in libvpx" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "gitlab-ce" }, "ranges": [ { "events": [ { "introduced": "16.4.0" }, { "fixed": "16.4.1" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "16.3.0" }, { "fixed": "16.3.5" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "8.15" }, { "fixed": "16.2.8" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "discovery": "2023-09-28T00:00:00Z", "references": { "cvename": [ "CVE-2023-5207", "CVE-2023-5207", "CVE-2023-4379", "CVE-2023-3413", "CVE-2023-3914", "CVE-2023-3115", "CVE-2023-5198", "CVE-2023-4532", "CVE-2023-3917", "CVE-2023-3920", "CVE-2023-0989", "CVE-2023-3906", "CVE-2023-4658", "CVE-2023-3979", "CVE-2023-2233", "CVE-2023-3922" ] }, "vid": "6e0ebb4a-5e75-11ee-a365-001b217b3468" }, "details": "Attacker can add other projects policy bot as member to their own\nproject and use that bot to trigger pipelines in victims project\n\nGroup import allows impersonation of users in CI pipelines\n\nDevelopers can bypass code owners approval by changing a MR\\'s base\nbranch\n\nLeaking source code of restricted project through a fork\n\nThird party library Consul requires enable-script-checks to be False to\nenable patch\n\nService account not deleted when namespace is deleted allowing access to\ninternal projects\n\nEnforce SSO settings bypassed for public projects for Members without\nidentity\n\nRemoved project member can write to protected branches\n\nUnauthorised association of CI jobs for Machine Learning experiments\n\nForce pipelines to not have access to protected variables and will\nlikely fail using tags\n\nMaintainer can create a fork relationship between existing projects\n\nDisclosure of masked CI variables via processing CI/CD configuration of\nforks\n\nAsset Proxy Bypass using non-ASCII character in asset URI\n\nUnauthorized member can gain Allowed to push and merge access and affect\nintegrity of protected branches\n\nRemoved Developer can continue editing the source code of a public\nproject\n\nA project reporter can leak owner\\'s Sentry instance projects\n\nMath rendering in markdown can escape container and hijack clicks\n", "id": "FreeBSD-2023-0295", "modified": "2023-09-29T00:00:00Z", "published": "2023-09-29T00:00:00Z", "references": [ { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-5207" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-5207" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-4379" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-3413" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-3914" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-3115" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-5198" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-4532" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-3917" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-3920" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-0989" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-3906" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-4658" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-3979" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-2233" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-3922" }, { "type": "WEB", "url": "https://about.gitlab.com/releases/2023/09/28/security-release-gitlab-16-4-1-released/" } ], "schema_version": "1.7.0", "summary": "Gitlab -- vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "xrdp" }, "ranges": [ { "events": [ { "fixed": "0.9.23.1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://www.cve.org/CVERecord?id=CVE-2023-42822" ], "discovery": "2023-09-27T00:00:00Z", "references": { "cvename": [ "CVE-2023-42822" ] }, "vid": "af065e47-5d62-11ee-bbae-1c61b4739ac9" }, "details": "xrdp team reports:\n\n> Access to the font glyphs in xrdp_painter.c is not bounds-checked.\n> Since some of this data is controllable by the user, this can result\n> in an out-of-bounds read within the xrdp executable. The vulnerability\n> allows an out-of-bounds read within a potentially privileged process.\n> On non-Debian platforms, xrdp tends to run as root. Potentially an\n> out-of-bounds write can follow the out-of-bounds read. There is no\n> denial-of-service impact, providing xrdp is running in forking mode.\n> This issue has been addressed in release 0.9.23.1. Users are advised\n> to upgrade. There are no known workarounds for this vulnerability.\n", "id": "FreeBSD-2023-0294", "modified": "2023-09-27T00:00:00Z", "published": "2023-09-27T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://www.cve.org/CVERecord?id=CVE-2023-42822" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-42822" }, { "type": "WEB", "url": "https://www.cve.org/CVERecord?id=CVE-2023-42822" }, { "type": "WEB", "url": "https://github.com/neutrinolabs/xrdp/security/advisories/GHSA-2hjx-rm4f-r9hw" } ], "schema_version": "1.7.0", "summary": "xrdp -- unchecked access to font glyph info" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "xrdp" }, "ranges": [ { "events": [ { "fixed": "0.9.23" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://www.cve.org/CVERecord?id=CVE-2023-40184" ], "discovery": "2023-08-30T00:00:00Z", "references": { "cvename": [ "CVE-2023-40184" ] }, "vid": "c9ff1150-5d63-11ee-bbae-1c61b4739ac9" }, "details": "xrdp team reports:\n\n> In versions prior to 0.9.23 improper handling of session establishment\n> errors allows bypassing OS-level session restrictions. The\n> \\`auth_start_session\\` function can return non-zero (1) value on,\n> e.g., PAM error which may result in session restrictions such as max\n> concurrent sessions per user by PAM (ex ./etc/security/limits.conf) to\n> be bypassed. Users (administrators) don\\'t use restrictions by PAM are\n> not affected. This issue has been addressed in release version 0.9.23.\n> Users are advised to upgrade. There are no known workarounds for this\n> issue.\n", "id": "FreeBSD-2023-0293", "modified": "2023-09-27T00:00:00Z", "published": "2023-09-27T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://www.cve.org/CVERecord?id=CVE-2023-40184" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-40184" }, { "type": "WEB", "url": "https://www.cve.org/CVERecord?id=CVE-2023-40184" }, { "type": "WEB", "url": "https://github.com/neutrinolabs/xrdp/security/advisories/GHSA-f489-557v-47jq" } ], "schema_version": "1.7.0", "summary": "xrdp -- Improper handling of session establishment errors allows bypassing OS-level session restrictions" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "routinator" }, "ranges": [ { "events": [ { "introduced": "0.9.0" }, { "fixed": "0.12.2" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://nlnetlabs.nl/downloads/routinator/CVE-2023-39916.txt" ], "discovery": "2023-09-13T00:00:00Z", "references": { "cvename": [ "CVE-2023-39916" ] }, "vid": "ea9d1fd2-5d24-11ee-8507-b42e991fc52e" }, "details": "sep@nlnetlabs.nl reports:\n\n> NLnet Labs Routinator 0.9.0 up to and including 0.12.1 contains a\n> possible path traversal vulnerability in the optional, off-by-default\n> keep-rrdp-responses feature that allows users to store the content of\n> responses received for RRDP requests. The location of these stored\n> responses is constructed from the URL of the request. Due to\n> insufficient sanitation of the URL, it is possible for an attacker to\n> craft a URL that results in the response being stored outside of the\n> directory specified for it.\n", "id": "FreeBSD-2023-0292", "modified": "2023-09-27T00:00:00Z", "published": "2023-09-27T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://nlnetlabs.nl/downloads/routinator/CVE-2023-39916.txt" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-39916" }, { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-39916" } ], "schema_version": "1.7.0", "summary": "routinator -- Possible path traversal when storing RRDP responses" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "jenkins" }, "ranges": [ { "events": [ { "fixed": "2.424" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "jenkins-lts" }, "ranges": [ { "events": [ { "fixed": "2.414.2" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://www.jenkins.io/security/advisory/2023-09-20/" ], "discovery": "2023-09-20T00:00:00Z", "references": { "cvename": [ "CVE-2023-43494", "CVE-2023-43495", "CVE-2023-43496", "CVE-2023-43497" ] }, "vid": "402fccd0-5b6d-11ee-9898-00e081b7aa2d" }, "details": "Jenkins Security Advisory:\n\n> # Description\n>\n> ##### (Medium) SECURITY-3261 / CVE-2023-43494\n>\n> Builds can be filtered by values of sensitive build variables\n>\n> ##### (High) SECURITY-3245 / CVE-2023-43495\n>\n> Stored XSS vulnerability\n>\n> ##### (High) SECURITY-3072 / CVE-2023-43496\n>\n> Temporary plugin file created with insecure permissions\n>\n> ##### (Low) SECURITY-3073 / CVE-2023-43497 (Stapler), CVE-2023-43498 (MultipartFormDataParser)\n>\n> Temporary uploaded file created with insecure permissions\n", "id": "FreeBSD-2023-0291", "modified": "2023-09-25T00:00:00Z", "published": "2023-09-25T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://www.jenkins.io/security/advisory/2023-09-20/" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-43494" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-43495" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-43496" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-43497" }, { "type": "WEB", "url": "https://www.jenkins.io/security/advisory/2023-09-20/" } ], "schema_version": "1.7.0", "summary": "jenkins -- multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "mailpit" }, "ranges": [ { "events": [ { "fixed": "1.9.1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://github.com/axllent/mailpit/releases/tag/v1.9.1" ], "discovery": "2023-09-23T00:00:00Z", "references": { "cvename": [ "CVE-2023-42821" ] }, "vid": "732282a5-5a10-11ee-bca0-001999f8d30b" }, "details": "Mailpit author reports:\n\n> Update Go modules to address CVE-2023-42821 (go markdown module DoS).\n", "id": "FreeBSD-2023-0290", "modified": "2023-09-23T00:00:00Z", "published": "2023-09-23T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://github.com/axllent/mailpit/releases/tag/v1.9.1" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-42821" } ], "schema_version": "1.7.0", "summary": "Mailpit affected by vulnerability in included go markdown module" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "webp" }, "ranges": [ { "events": [ { "fixed": "1.3.2" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://nvd.nist.gov/vuln/detail/CVE-2023-4863" ], "discovery": "2023-09-12T00:00:00Z", "references": { "cvename": [ "CVE-2023-4863" ] }, "vid": "4fd7a2fc-5860-11ee-a1b3-dca632daf43b" }, "details": "Google Chrome reports:\n\n> Heap buffer overflow in WebP \\... allowed a remote attacker to perform\n> an out of bounds memory write \\...\n", "id": "FreeBSD-2023-0289", "modified": "2023-09-21T00:00:00Z", "published": "2023-09-21T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-4863" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-4863" }, { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-4863" } ], "schema_version": "1.7.0", "summary": "graphics/webp heap buffer overflow" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "tor-browser" }, "ranges": [ { "events": [ { "fixed": "12.5.3" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://adamcaudill.com/2023/09/14/whose-cve-is-it-anyway/" ], "discovery": "2023-09-12T00:00:00Z", "references": { "cvename": [ "CVE-2023-4863" ] }, "vid": "58a738d4-57af-11ee-8c58-b42e991fc52e" }, "details": "chrome-cve-admin@google.com reports:\n\n> Heap buffer overflow in WebP in Google Chrome prior to 116.0.5845.187\n> allowed a remote attacker to perform an out of bounds memory write via\n> a crafted HTML page. (Chromium security severity: Critical) The Tor\n> browser is based on Firefox and GeckoView and uses also libwep so it\n> is affected by this bug.\n", "id": "FreeBSD-2023-0288", "modified": "2023-09-20T00:00:00Z", "published": "2023-09-20T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://adamcaudill.com/2023/09/14/whose-cve-is-it-anyway/" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-4863" }, { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-4863" } ], "schema_version": "1.7.0", "summary": "libwebp heap buffer overflow" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "gitlab-ce" }, "ranges": [ { "events": [ { "introduced": "16.3.0" }, { "fixed": "16.3.4" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "13.12.0" }, { "fixed": "16.2.7" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://about.gitlab.com/releases/2023/09/18/security-release-gitlab-16-3-4-released/" ], "discovery": "2023-09-18T00:00:00Z", "references": { "cvename": [ "CVE-2023-4998" ] }, "vid": "32a4896a-56da-11ee-9186-001b217b3468" }, "details": "Gitlab reports:\n\n> Attacker can abuse scan execution policies to run pipelines as another\n> user\n", "id": "FreeBSD-2023-0287", "modified": "2023-09-19T00:00:00Z", "published": "2023-09-19T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://about.gitlab.com/releases/2023/09/18/security-release-gitlab-16-3-4-released/" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-4998" }, { "type": "WEB", "url": "https://about.gitlab.com/releases/2023/09/18/security-release-gitlab-16-3-4-released/" } ], "schema_version": "1.7.0", "summary": "Gitlab -- vulnerability" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "routinator" }, "ranges": [ { "events": [ { "fixed": "0.12.2" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://nlnetlabs.nl/news/2023/Sep/13/routinator-0.12.2-released/" ], "discovery": "2022-12-08T00:00:00Z", "references": { "cvename": [ "CVE-2022-39915", "CVE-2022-39916" ] }, "vid": "11982747-544c-11ee-ac3e-a04a5edf46d9" }, "details": "NLnet Labs report:\n\n> This release fixes two issues in Routinator that can be exploited\n> remotely by rogue RPKI CAs and repositories. We therefore advise all\n> users of Routinator to upgrade to this release at their earliest\n> convenience.\n>\n> The first issue, CVE-2022-39915, can lead to Routinator crashing when\n> trying to decode certain illegal RPKI objects.\n>\n> The second issue, CVE-2022-39916, only affects users that have the\n> rrdp-keep-responses option enabled which allows storing all received\n> RRDP responses on disk. Because the file name for these responses is\n> derived from the URI and the path wasn\\'t checked properly, a RRDP URI\n> could be constructed that results in the response stored outside the\n> directory, possibly overwriting existing files.\n", "id": "FreeBSD-2023-0286", "modified": "2023-09-16T00:00:00Z", "published": "2023-09-16T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://nlnetlabs.nl/news/2023/Sep/13/routinator-0.12.2-released/" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-39915" }, { "type": "WEB", "url": "https://nlnetlabs.nl/downloads/routinator/CVE-2023-39915.txt" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-39916" }, { "type": "WEB", "url": "https://nlnetlabs.nl/downloads/routinator/CVE-2023-39916.txt" } ], "schema_version": "1.7.0", "summary": "routinator -- multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "curl" }, "ranges": [ { "events": [ { "fixed": "8.3.0" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://curl.se/docs/CVE-2023-38039.html" ], "discovery": "2023-09-13T00:00:00Z", "references": { "cvename": [ "CVE-2023-38039" ] }, "vid": "833b469b-5247-11ee-9667-080027f5fec9" }, "details": "selmelc on hackerone reports:\n\n> When curl retrieves an HTTP response, it stores the incoming headers\n> so that they can be accessed later via the libcurl headers API.\n>\n> However, curl did not have a limit in how many or how large headers it\n> would accept in a response, allowing a malicious server to stream an\n> endless series of headers and eventually cause curl to run out of heap\n> memory.\n", "id": "FreeBSD-2023-0285", "modified": "2023-09-13T00:00:00Z", "published": "2023-09-13T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://curl.se/docs/CVE-2023-38039.html" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-38039" }, { "type": "WEB", "url": "https://curl.se/docs/CVE-2023-38039.html HERE" } ], "schema_version": "1.7.0", "summary": "curl -- HTTP headers eat all memory" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "roundcube" }, "ranges": [ { "events": [ { "fixed": "1.6.3,1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://roundcube.net/news/2023/09/15/security-update-1.6.3-released" ], "discovery": "2023-09-15T00:00:00Z", "vid": "b5508c08-547a-11ee-85eb-84a93843eb75" }, "details": "The Roundcube webmail project reports:\n\n> cross-site scripting (XSS) vulnerability in handling of linkrefs in\n> plain text messages\n", "id": "FreeBSD-2023-0284", "modified": "2023-09-16T00:00:00Z", "published": "2023-09-16T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://roundcube.net/news/2023/09/15/security-update-1.6.3-released" }, { "type": "WEB", "url": "https://roundcube.net/news/2023/09/15/security-update-1.6.3-released" } ], "schema_version": "1.7.0", "summary": "Roundcube -- XSS vulnerability" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "electron24" }, "ranges": [ { "events": [ { "fixed": "24.8.3" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "electron25" }, "ranges": [ { "events": [ { "fixed": "25.8.1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://github.com/electron/electron/releases/tag/v24.8.3" ], "discovery": "2023-09-13T00:00:00Z", "references": { "cvename": [ "CVE-2023-4763", "CVE-2023-4762", "CVE-2023-4761", "CVE-2023-4863" ] }, "vid": "773ce35b-eabb-47e0-98ca-669b2b98107a" }, "details": "Electron developers report:\n\n> This update fixes the following vulnerabilities:\n>\n> - Security: backported fix for CVE-2023-4763.\n> - Security: backported fix for CVE-2023-4762.\n> - Security: backported fix for CVE-2023-4761.\n> - Security: backported fix for CVE-2023-4863.\n", "id": "FreeBSD-2023-0283", "modified": "2023-09-13T00:00:00Z", "published": "2023-09-13T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://github.com/electron/electron/releases/tag/v24.8.3" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-4763" }, { "type": "ADVISORY", "url": "https://github.com/advisories/GHSA-w5hv-g8p5-vwjr" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-4762" }, { "type": "ADVISORY", "url": "https://github.com/advisories/GHSA-3wjr-p76q-rg8q" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-4761" }, { "type": "ADVISORY", "url": "https://github.com/advisories/GHSA-8cgp-x4c5-vg9g" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-4863" }, { "type": "ADVISORY", "url": "https://github.com/advisories/GHSA-j7hp-h8jx-5ppr" } ], "schema_version": "1.7.0", "summary": "electron{24,25} -- multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "electron22" }, "ranges": [ { "events": [ { "fixed": "22.3.24" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://github.com/electron/electron/releases/tag/v22.3.24" ], "discovery": "2023-09-13T00:00:00Z", "references": { "cvename": [ "CVE-2023-4572", "CVE-2023-4762", "CVE-2023-4863" ] }, "vid": "3693eca5-f0d3-453c-9558-2353150495bb" }, "details": "Electron developers report:\n\n> This update fixes the following vulnerabilities:\n>\n> - Security: backported fix for CVE-2023-4572.\n> - Security: backported fix for CVE-2023-4762.\n> - Security: backported fix for CVE-2023-4863.\n", "id": "FreeBSD-2023-0282", "modified": "2023-09-13T00:00:00Z", "published": "2023-09-13T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://github.com/electron/electron/releases/tag/v22.3.24" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-4572" }, { "type": "ADVISORY", "url": "https://github.com/advisories/GHSA-6994-5wq3-gpjv" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-4762" }, { "type": "ADVISORY", "url": "https://github.com/advisories/GHSA-3wjr-p76q-rg8q" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-4863" }, { "type": "ADVISORY", "url": "https://github.com/advisories/GHSA-j7hp-h8jx-5ppr" } ], "schema_version": "1.7.0", "summary": "electron22 -- multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "chromium" }, "ranges": [ { "events": [ { "fixed": "117.0.5938.62" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "ungoogled-chromium" }, "ranges": [ { "events": [ { "fixed": "117.0.5938.62" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://chromereleases.googleblog.com/2023/09/stable-channel-update-for-desktop_12.html" ], "discovery": "2023-09-12T00:00:00Z", "references": { "cvename": [ "CVE-2023-4863", "CVE-2023-4900", "CVE-2023-4901", "CVE-2023-4902", "CVE-2023-4903", "CVE-2023-4904", "CVE-2023-4905", "CVE-2023-4906", "CVE-2023-4907", "CVE-2023-4908", "CVE-2023-4909" ] }, "vid": "88754d55-521a-11ee-8290-a8a1599412c6" }, "details": "Chrome Releases reports:\n\n> This update includes 16 security fixes:\n>\n> - \\[1479274\\] Critical CVE-2023-4863: Heap buffer overflow in WebP.\n> Reported by Apple Security Engineering and Architecture (SEAR) and\n> The Citizen Lab at The University of Toronto\u02bcs Munk School on\n> 2023-09-06\n> - \\[1430867\\] Medium CVE-2023-4900: Inappropriate implementation in\n> Custom Tabs. Reported by Levit Nudi from Kenya on 2023-04-06\n> - \\[1459281\\] Medium CVE-2023-4901: Inappropriate implementation in\n> Prompts. Reported by Kang Ali on 2023-06-29\n> - \\[1454515\\] Medium CVE-2023-4902: Inappropriate implementation in\n> Input. Reported by Axel Chong on 2023-06-14\n> - \\[1446709\\] Medium CVE-2023-4903: Inappropriate implementation in\n> Custom Mobile Tabs. Reported by Ahmed ElMasry on 2023-05-18\n> - \\[1453501\\] Medium CVE-2023-4904: Insufficient policy enforcement in\n> Downloads. Reported by Tudor Enache \\@tudorhacks on 2023-06-09\n> - \\[1441228\\] Medium CVE-2023-4905: Inappropriate implementation in\n> Prompts. Reported by Hafiizh on 2023-04-29\n> - \\[1449874\\] Low CVE-2023-4906: Insufficient policy enforcement in\n> Autofill. Reported by Ahmed ElMasry on 2023-05-30\n> - \\[1462104\\] Low CVE-2023-4907: Inappropriate implementation in\n> Intents. Reported by Mohit Raj (shadow2639) on 2023-07-04\n> - \\[1451543\\] Low CVE-2023-4908: Inappropriate implementation in\n> Picture in Picture. Reported by Axel Chong on 2023-06-06\n> - \\[1463293\\] Low CVE-2023-4909: Inappropriate implementation in\n> Interstitials. Reported by Axel Chong on 2023-07-09\n", "id": "FreeBSD-2023-0281", "modified": "2023-09-13T00:00:00Z", "published": "2023-09-13T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://chromereleases.googleblog.com/2023/09/stable-channel-update-for-desktop_12.html" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-4863" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-4900" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-4901" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-4902" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-4903" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-4904" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-4905" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-4906" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-4907" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-4908" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-4909" }, { "type": "WEB", "url": "https://chromereleases.googleblog.com/2023/09/stable-channel-update-for-desktop_12.html" } ], "schema_version": "1.7.0", "summary": "chromium -- multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "vscode" }, "ranges": [ { "events": [ { "fixed": "1.82.1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://github.com/microsoft/vscode/security/advisories/GHSA-r6q2-478f-5gmr" ], "discovery": "2023-09-12T00:00:00Z", "references": { "cvename": [ "CVE-2023-36742" ] }, "vid": "4bc66a81-89d2-4696-a04b-defd2eb77783" }, "details": "VSCode developers report:\n\n> Visual Studio Code Remote Code Execution Vulnerability\n>\n> A remote code execution vulnerability exists in VS Code 1.82.0 and\n> earlier versions that working in a maliciously crafted package.json\n> can result in executing commands locally. This scenario would require\n> the attacker to get the VS Code user to open the malicious project and\n> have get the user to open and work with malformed entries in the\n> dependencies sections of the package.json file.\n>\n> VS Code uses the locally installed npm command to fetch information on\n> package dependencies. A package dependency can be named in such a way\n> that the npm tool runs a script instead.\n", "id": "FreeBSD-2023-0280", "modified": "2023-09-13T00:00:00Z", "published": "2023-09-13T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://github.com/microsoft/vscode/security/advisories/GHSA-r6q2-478f-5gmr" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-36742" }, { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-36742" }, { "type": "WEB", "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36742" } ], "schema_version": "1.7.0", "summary": "vscode -- VS Code Remote Code Execution Vulnerability" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "zeek" }, "ranges": [ { "events": [ { "fixed": "6.0.1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://github.com/zeek/zeek/releases/tag/v6.0.1" ], "discovery": "2023-09-12T00:00:00Z", "vid": "8eefa87f-31f1-496d-bf8e-2b465b6e4e8a" }, "details": "Tim Wojtulewicz of Corelight reports:\n\n> File extraction limits were not correctly enforced for files\n> containing large amounts of missing bytes.\n>\n> Sessions are sometimes not cleaned up completely within Zeek during\n> shutdown, potentially causing a crash when using the -B dpd flag for\n> debug logging.\n>\n> A specially-crafted HTTP packet can cause Zeek\\'s filename extraction\n> code to take a long time to process the data.\n>\n> A specially-crafted series of FTP packets made up of a CWD request\n> followed by a large amount of ERPT requests may cause Zeek to spend a\n> long time logging the commands.\n>\n> A specially-crafted VLAN packet can cause Zeek to overflow memory and\n> potentially crash.\n", "id": "FreeBSD-2023-0279", "modified": "2023-09-12T00:00:00Z", "published": "2023-09-12T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://github.com/zeek/zeek/releases/tag/v6.0.1" }, { "type": "WEB", "url": "https://github.com/zeek/zeek/releases/tag/v6.0.1" } ], "schema_version": "1.7.0", "summary": "zeek -- potential DoS vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "gitea" }, "ranges": [ { "events": [ { "fixed": "1.20.3" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://github.com/go-gitea/gitea/pull/26812" ], "discovery": "2023-08-30T00:00:00Z", "vid": "4061a4b2-4fb1-11ee-acc7-0151f07bc899" }, "details": "The Gitea team reports:\n\n> check blocklist for emails when adding them to account\n", "id": "FreeBSD-2023-0278", "modified": "2023-09-10T00:00:00Z", "published": "2023-09-10T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://github.com/go-gitea/gitea/pull/26812" }, { "type": "WEB", "url": "https://blog.gitea.com/release-of-1.20.4" }, { "type": "WEB", "url": "https://github.com/go-gitea/gitea/releases/tag/v1.20.4" } ], "schema_version": "1.7.0", "summary": "gitea -- block user account creation from blocked email domains" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "python38" }, "ranges": [ { "events": [ { "fixed": "3.8.18" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "python39" }, "ranges": [ { "events": [ { "fixed": "3.9.18" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "python310" }, "ranges": [ { "events": [ { "fixed": "3.10.13" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "python311" }, "ranges": [ { "events": [ { "fixed": "3.11.5" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://pythoninsider.blogspot.com/2023/08/python-3115-31013-3918-and-3818-is-now.html" ], "discovery": "2023-08-22T00:00:00Z", "references": { "cvename": [ "CVE-2023-40217" ] }, "vid": "a57472ba-4d84-11ee-bf05-000c29de725b" }, "details": "Python reports:\n\n> gh-108310: Fixed an issue where instances of ssl.SSLSocket were\n> vulnerable to a bypass of the TLS handshake and included protections\n> (like certificate verification) and treating sent unencrypted data as\n> if it were post-handshake TLS encrypted data.\n", "id": "FreeBSD-2023-0277", "modified": "2023-09-07T00:00:00Z", "published": "2023-09-07T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://pythoninsider.blogspot.com/2023/08/python-3115-31013-3918-and-3818-is-now.html" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-40217" }, { "type": "WEB", "url": "https://pythoninsider.blogspot.com/2023/08/python-3115-31013-3918-and-3818-is-now.html" } ], "schema_version": "1.7.0", "summary": "Python -- multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "go120" }, "ranges": [ { "events": [ { "fixed": "1.20.8" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "go121" }, "ranges": [ { "events": [ { "fixed": "1.21.1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://go.dev/issue/62198", "https://go.dev/issue/62196", "https://go.dev/issue/62197", "https://go.dev/issue/62266" ], "discovery": "2023-09-06T00:00:00Z", "references": { "cvename": [ "CVE-2023-39320", "CVE-2023-39318", "CVE-2023-39319", "CVE-2023-39321", "CVE-2023-39322" ] }, "vid": "beb36f39-4d74-11ee-985e-bff341e78d94" }, "details": "The Go project reports:\n\n> cmd/go: go.mod toolchain directive allows arbitrary execution\n>\n> The go.mod toolchain directive, introduced in Go 1.21, could be\n> leveraged to execute scripts and binaries relative to the root of the\n> module when the \\\"go\\\" command was executed within the module. This\n> applies to modules downloaded using the \\\"go\\\" command from the module\n> proxy, as well as modules downloaded directly using VCS software.\n\n> html/template: improper handling of HTML-like comments within script\n> contexts\n>\n> The html/template package did not properly handle HMTL-like \\\"\\ and \\\"\\--\\>\\\" comment tokens, nor hashbang \\\"#!\\\" comment tokens, in\n> \\ contexts. This may cause the template parser to improperly\n> interpret the contents of \\ contexts, causing actions to be\n> improperly escaped. This could be leveraged to perform an XSS attack.\n\n> html/template: improper handling of special tags within script\n> contexts\n>\n> The html/template package did not apply the proper rules for handling\n> occurrences of \\\"\\ literals in \\ improperly consider script contexts to be terminated early, causing\n> actions to be improperly escaped. This could be leveraged to perform\n> an XSS attack.\n\n> crypto/tls: panic when processing post-handshake message on QUIC\n> connections\n>\n> Processing an incomplete post-handshake message for a QUIC connection\n> caused a panic.\n", "id": "FreeBSD-2023-0276", "modified": "2023-09-07T00:00:00Z", "published": "2023-09-07T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://go.dev/issue/62198" }, { "type": "REPORT", "url": "https://go.dev/issue/62196" }, { "type": "REPORT", "url": "https://go.dev/issue/62197" }, { "type": "REPORT", "url": "https://go.dev/issue/62266" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-39320" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-39318" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-39319" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-39321" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-39322" }, { "type": "WEB", "url": "https://groups.google.com/g/golang-dev/c/2C5vbR-UNkI/m/L1hdrPhfBAAJ?pli=1" } ], "schema_version": "1.7.0", "summary": "go -- multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:kernel", "name": "FreeBSD-kernel" }, "ranges": [ { "events": [ { "introduced": "13.2" }, { "fixed": "13.2_3" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "12.4" }, { "fixed": "12.4_5" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "discovery": "2023-09-06T00:00:00Z", "references": { "cvename": [ "CVE-2022-47522" ], "freebsdsa": [ "SA-23:11.wifi" ] }, "vid": "924cb116-4d35-11ee-8e38-002590c1f29c" }, "details": "# Problem Description:\n\nThe net80211 subsystem would fallback to the multicast key for unicast\ntraffic in the event the unicast key was removed. This would result in\nbuffered unicast traffic being exposed to any stations with access to\nthe multicast key.\n\n# Impact:\n\nAs described in the \\\"Framing Frames: Bypassing Wi-Fi Encryption by\nManipulating Transmit Queues\\\" paper, an attacker can induce an access\npoint to buffer frames for a client, deauthenticate the client (causing\nthe unicast key to be removed from the access point), and subsequent\nflushing of the buffered frames now encrypted with the multicast key.\nThis would give the attacker access to the data.\n", "id": "FreeBSD-2023-0275", "modified": "2023-09-07T00:00:00Z", "published": "2023-09-07T00:00:00Z", "references": [ { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-47522" }, { "type": "ADVISORY", "url": "https://www.freebsd.org/security/advisories/FreeBSD-SA-23:11.wifi.asc" } ], "schema_version": "1.7.0", "summary": "FreeBSD -- Wi-Fi encryption bypass" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:kernel", "name": "FreeBSD-kernel" }, "ranges": [ { "events": [ { "introduced": "13.2" }, { "fixed": "13.2_3" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "12.4" }, { "fixed": "12.4_5" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "discovery": "2023-09-06T00:00:00Z", "references": { "cvename": [ "CVE-2023-4809" ], "freebsdsa": [ "SA-23:10.pf" ] }, "vid": "d35373ae-4d34-11ee-8e38-002590c1f29c" }, "details": "# Problem Description:\n\nWith a \\'scrub fragment reassemble\\' rule, a packet containing multiple\nIPv6 fragment headers would be reassembled, and then immediately\nprocessed. That is, a packet with multiple fragment extension headers\nwould not be recognized as the correct ultimate payload. Instead a\npacket with multiple IPv6 fragment headers would unexpectedly be\ninterpreted as a fragmented packet, rather than as whatever the real\npayload is.\n\n# Impact:\n\nIPv6 fragments may bypass firewall rules written on the assumption all\nfragments have been reassembled and, as a result, be forwarded or\nprocessed by the host.\n", "id": "FreeBSD-2023-0274", "modified": "2023-09-07T00:00:00Z", "published": "2023-09-07T00:00:00Z", "references": [ { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-4809" }, { "type": "ADVISORY", "url": "https://www.freebsd.org/security/advisories/FreeBSD-SA-23:10.pf.asc" } ], "schema_version": "1.7.0", "summary": "FreeBSD -- pf incorrectly handles multiple IPv6 fragment headers" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "redis" }, "ranges": [ { "events": [ { "introduced": "7.0.0" }, { "fixed": "7.0.13" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "7.2.0" }, { "fixed": "7.2.1" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "redis-devel" }, "ranges": [ { "events": [ { "fixed": "7.2.0.20230831" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "redis70" }, "ranges": [ { "events": [ { "introduced": "7.0.0" }, { "fixed": "7.0.13" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://github.com/redis/redis/security/advisories/GHSA-q4jr-5p56-4xwc" ], "discovery": "2023-09-06T00:00:00Z", "references": { "cvename": [ "CVE-2023-41053" ] }, "vid": "6c72b13f-4d1d-11ee-a7f1-080027f5fec9" }, "details": "yangbodong22011 reports:\n\n> Redis does not correctly identify keys accessed by SORT_RO and, as a\n> result, may grant users executing this command access to keys that are\n> not explicitly authorized by the ACL configuration.\n", "id": "FreeBSD-2023-0273", "modified": "2023-09-07T00:00:00Z", "published": "2023-09-07T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://github.com/redis/redis/security/advisories/GHSA-q4jr-5p56-4xwc" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-41053" }, { "type": "WEB", "url": "https://github.com/redis/redis/security/advisories/GHSA-q4jr-5p56-4xwc" } ], "schema_version": "1.7.0", "summary": "redis -- Possible bypassing ACL configuration" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "chromium" }, "ranges": [ { "events": [ { "fixed": "116.0.5845.179" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "ungoogled-chromium" }, "ranges": [ { "events": [ { "fixed": "116.0.5845.179" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://chromereleases.googleblog.com/2023/09/stable-channel-update-for-desktop.html" ], "discovery": "2023-09-05T00:00:00Z", "references": { "cvename": [ "CVE-2023-4761", "CVE-2023-4762", "CVE-2023-4763", "CVE-2023-4764" ] }, "vid": "df0a2fd1-4c92-11ee-8290-a8a1599412c6" }, "details": "Chrome Releases reports:\n\n> This update includes 4 security fixes:\n>\n> - \\[1476403\\] High CVE-2023-4761: Out of bounds memory access in\n> FedCM. Reported by DarkNavy on 2023-08-28\n> - \\[1473247\\] High CVE-2023-4762: Type Confusion in V8. Reported by\n> Rong Jian of VRI on 2023-08-16\n> - \\[1469928\\] High CVE-2023-4763: Use after free in Networks. Reported\n> by anonymous on 2023-08-03\n> - \\[1447237\\] High CVE-2023-4764: Incorrect security UI in BFCache.\n> Reported by Irvan Kurniawan (sourc7) on 2023-05-20\n", "id": "FreeBSD-2023-0272", "modified": "2023-09-06T00:00:00Z", "published": "2023-09-06T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://chromereleases.googleblog.com/2023/09/stable-channel-update-for-desktop.html" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-4761" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-4762" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-4763" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-4764" }, { "type": "WEB", "url": "https://chromereleases.googleblog.com/2023/09/stable-channel-update-for-desktop.html" } ], "schema_version": "1.7.0", "summary": "chromium -- multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "py38-django32" }, "ranges": [ { "events": [ { "fixed": "3.2.21" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "py39-django32" }, "ranges": [ { "events": [ { "fixed": "3.2.21" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "py310-django32" }, "ranges": [ { "events": [ { "fixed": "3.2.21" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "py311-django32" }, "ranges": [ { "events": [ { "fixed": "3.2.21" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "py38-django41" }, "ranges": [ { "events": [ { "fixed": "4.1.11" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "py39-django41" }, "ranges": [ { "events": [ { "fixed": "4.1.11" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "py310-django41" }, "ranges": [ { "events": [ { "fixed": "4.1.11" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "py311-django41" }, "ranges": [ { "events": [ { "fixed": "4.1.11" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "py38-django42" }, "ranges": [ { "events": [ { "fixed": "4.2.5" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "py39-django42" }, "ranges": [ { "events": [ { "fixed": "4.2.5" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "py310-django42" }, "ranges": [ { "events": [ { "fixed": "4.2.5" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "py311-django42" }, "ranges": [ { "events": [ { "fixed": "4.2.5" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://www.djangoproject.com/weblog/2023/sep/04/security-releases/" ], "discovery": "2023-09-01T00:00:00Z", "references": { "cvename": [ "CVE-2023-41164" ] }, "vid": "8fd4f40a-4b7d-11ee-aa2a-080027de9982" }, "details": "Django reports:\n\n> CVE-2023-41164: Potential denial of service vulnerability in\n> django.utils.encoding.uri_to_iri().\n", "id": "FreeBSD-2023-0271", "modified": "2023-09-04T00:00:00Z", "published": "2023-09-04T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://www.djangoproject.com/weblog/2023/sep/04/security-releases/" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-41164" }, { "type": "WEB", "url": "https://www.djangoproject.com/weblog/2023/sep/04/security-releases/" } ], "schema_version": "1.7.0", "summary": "Django -- multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "gitlab-ce" }, "ranges": [ { "events": [ { "introduced": "16.3.0" }, { "fixed": "16.3.1" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "16.2.0" }, { "fixed": "16.2.5" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "4.1.0" }, { "fixed": "16.1.5" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://about.gitlab.com/releases/2023/08/31/security-release-gitlab-16-3-1-released/" ], "discovery": "2023-08-31T00:00:00Z", "references": { "cvename": [ "CVE-2023-3915", "CVE-2023-4378", "CVE-2023-3950", "CVE-2023-4630", "CVE-2022-4343", "CVE-2023-4638", "CVE-2023-4018", "CVE-2023-3205", "CVE-2023-4647", "CVE-2023-1279", "CVE-2023-0120", "CVE-2023-1555" ] }, "vid": "aaea7b7c-4887-11ee-b164-001b217b3468" }, "details": "Gitlab reports:\n\n> Privilege escalation of \\\"external user\\\" to internal access through\n> group service account\n>\n> Maintainer can leak sentry token by changing the configured URL (fix\n> bypass)\n>\n> Google Cloud Logging private key showed in plain text in GitLab UI\n> leaking to other group owners\n>\n> Information disclosure via project import endpoint\n>\n> Developer can leak DAST scanners \\\"Site Profile\\\" request headers and\n> auth password\n>\n> Project forking outside current group\n>\n> User is capable of creating Model experiment and updating existing\n> run\\'s status in public project\n>\n> ReDoS in bulk import API\n>\n> Pagination for Branches and Tags can be skipped leading to DoS\n>\n> Internal Open Redirection Due to Improper handling of \\\"../\\\"\n> characters\n>\n> Subgroup Member With Reporter Role Can Edit Group Labels\n>\n> Banned user can delete package registries\n", "id": "FreeBSD-2023-0270", "modified": "2023-09-01T00:00:00Z", "published": "2023-09-01T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://about.gitlab.com/releases/2023/08/31/security-release-gitlab-16-3-1-released/" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-3915" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-4378" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-3950" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-4630" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-4343" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-4638" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-4018" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-3205" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-4647" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-1279" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-0120" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-1555" }, { "type": "WEB", "url": "https://about.gitlab.com/releases/2023/08/31/security-release-gitlab-16-3-1-released/" } ], "schema_version": "1.7.0", "summary": "Gitlab -- Vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "py37-borgbackup" }, "ranges": [ { "events": [ { "fixed": "1.2.5" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "py38-borgbackup" }, "ranges": [ { "events": [ { "fixed": "1.2.5" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "py39-borgbackup" }, "ranges": [ { "events": [ { "fixed": "1.2.5" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "py310-borgbackup" }, "ranges": [ { "events": [ { "fixed": "1.2.5" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "py311-borgbackup" }, "ranges": [ { "events": [ { "fixed": "1.2.5" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "py312-borgbackup" }, "ranges": [ { "events": [ { "fixed": "1.2.5" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://github.com/borgbackup/borg/blob/1.2.5-cvedocs/docs/changes.rst#pre-125-archives-spoofing-vulnerability-cve-2023-36811" ], "discovery": "2023-06-13T00:00:00Z", "references": { "cvename": [ "CVE-2023-36811" ] }, "vid": "b8a52e5a-483d-11ee-971d-3df00e0f9020" }, "details": "Thomas Waldmann reports:\n\n> A flaw in the cryptographic authentication scheme in Borg allowed an\n> attacker to fake archives and potentially indirectly cause backup data\n> loss in the repository.\n>\n> The attack requires an attacker to be able to\n>\n> - insert files (with no additional headers) into backups\n> - gain write access to the repository\n>\n> This vulnerability does not disclose plaintext to the attacker, nor\n> does it affect the authenticity of existing archives. Creating\n> plausible fake archives may be feasible for empty or small archives,\n> but is unlikely for large archives.\n", "id": "FreeBSD-2023-0269", "modified": "2023-08-31T00:00:00Z", "published": "2023-08-31T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://github.com/borgbackup/borg/blob/1.2.5-cvedocs/docs/changes.rst#pre-125-archives-spoofing-vulnerability-cve-2023-36811" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-36811" }, { "type": "WEB", "url": "https://github.com/borgbackup/borg/blob/1.2.5-cvedocs/docs/changes.rst#pre-125-archives-spoofing-vulnerability-cve-2023-36811" } ], "schema_version": "1.7.0", "summary": "Borg (Backup) -- flaw in cryptographic authentication scheme in Borg allowed an attacker to fake archives and indirectly cause backup data loss." }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "electron25" }, "ranges": [ { "events": [ { "fixed": "25.8.0" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://github.com/electron/electron/releases/tag/v25.8.0" ], "discovery": "2023-08-30T00:00:00Z", "references": { "cvename": [ "CVE-2023-4427", "CVE-2023-4428", "CVE-2023-4429", "CVE-2023-4430", "CVE-2023-4572" ] }, "vid": "970dcbe0-a947-41a4-abe9-7aaba87f41fe" }, "details": "Electron developers report:\n\n> This update fixes the following vulnerabilities:\n>\n> - Security: backported fix for CVE-2023-4427.\n> - Security: backported fix for CVE-2023-4428.\n> - Security: backported fix for CVE-2023-4429.\n> - Security: backported fix for CVE-2023-4430.\n> - Security: backported fix for CVE-2023-4572.\n", "id": "FreeBSD-2023-0268", "modified": "2023-08-31T00:00:00Z", "published": "2023-08-31T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://github.com/electron/electron/releases/tag/v25.8.0" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-4427" }, { "type": "ADVISORY", "url": "https://github.com/advisories/GHSA-qqwc-fhxf-4mf3" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-4428" }, { "type": "ADVISORY", "url": "https://github.com/advisories/GHSA-m56x-9vph-h345" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-4429" }, { "type": "ADVISORY", "url": "https://github.com/advisories/GHSA-r43m-48vw-xgp3" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-4430" }, { "type": "ADVISORY", "url": "https://github.com/advisories/GHSA-h295-rcc5-87jh" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-4572" }, { "type": "ADVISORY", "url": "https://github.com/advisories/GHSA-6994-5wq3-gpjv" } ], "schema_version": "1.7.0", "summary": "electron25 -- multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "electron24" }, "ranges": [ { "events": [ { "fixed": "24.8.2" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://github.com/electron/electron/releases/tag/v24.8.2" ], "discovery": "2023-08-30T00:00:00Z", "references": { "cvename": [ "CVE-2023-4427", "CVE-2023-4428", "CVE-2023-4430", "CVE-2023-4572" ] }, "vid": "29f050e9-3ef4-4c5f-8204-503b41caf181" }, "details": "Electron developers report:\n\n> This update fixes the following vulnerabilities:\n>\n> - Security: backported fix for CVE-2023-4427.\n> - Security: backported fix for CVE-2023-4428.\n> - Security: backported fix for CVE-2023-4430.\n> - Security: backported fix for CVE-2023-4572.\n", "id": "FreeBSD-2023-0267", "modified": "2023-08-31T00:00:00Z", "published": "2023-08-31T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://github.com/electron/electron/releases/tag/v24.8.2" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-4427" }, { "type": "ADVISORY", "url": "https://github.com/advisories/GHSA-qqwc-fhxf-4mf3" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-4428" }, { "type": "ADVISORY", "url": "https://github.com/advisories/GHSA-m56x-9vph-h345" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-4430" }, { "type": "ADVISORY", "url": "https://github.com/advisories/GHSA-h295-rcc5-87jh" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-4572" }, { "type": "ADVISORY", "url": "https://github.com/advisories/GHSA-6994-5wq3-gpjv" } ], "schema_version": "1.7.0", "summary": "electron24 -- multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "electron22" }, "ranges": [ { "events": [ { "fixed": "22.3.23" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://github.com/electron/electron/releases/tag/v22.3.23" ], "discovery": "2023-08-30T00:00:00Z", "references": { "cvename": [ "CVE-2023-4427", "CVE-2023-4428" ] }, "vid": "579c7489-c23d-454a-b0fc-ed9d80ea46e0" }, "details": "Electron developers report:\n\n> This update fixes the following vulnerabilities:\n>\n> - Security: backported fix for CVE-2023-4427.\n> - Security: backported fix for CVE-2023-4428.\n", "id": "FreeBSD-2023-0266", "modified": "2023-08-31T00:00:00Z", "published": "2023-08-31T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://github.com/electron/electron/releases/tag/v22.3.23" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-4427" }, { "type": "ADVISORY", "url": "https://github.com/advisories/GHSA-qqwc-fhxf-4mf3" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-4428" }, { "type": "ADVISORY", "url": "https://github.com/advisories/GHSA-m56x-9vph-h345" } ], "schema_version": "1.7.0", "summary": "electron22 -- multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "py37-WsgiDAV" }, "ranges": [ { "events": [ { "fixed": "4.1.0" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "py38-WsgiDAV" }, "ranges": [ { "events": [ { "fixed": "4.1.0" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "py39-WsgiDAV" }, "ranges": [ { "events": [ { "fixed": "4.1.0" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "py310-WsgiDAV" }, "ranges": [ { "events": [ { "fixed": "4.1.0" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "py311-WsgiDAV" }, "ranges": [ { "events": [ { "fixed": "4.1.0" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://osv.dev/vulnerability/GHSA-xx6g-jj35-pxjv" ], "discovery": "2022-11-11T00:00:00Z", "references": { "cvename": [ "CVE-2022-41905" ] }, "vid": "1a15b928-5011-4953-8133-d49e24902fe1" }, "details": "> Implementations using this library with directory browsing enabled may\n> be susceptible to Cross Site Scripting (XSS) attacks.\n", "id": "FreeBSD-2023-0265", "modified": "2023-08-31T00:00:00Z", "published": "2023-08-31T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://osv.dev/vulnerability/GHSA-xx6g-jj35-pxjv" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-41905" }, { "type": "WEB", "url": "https://osv.dev/vulnerability/GHSA-xx6g-jj35-pxjv" } ], "schema_version": "1.7.0", "summary": "py-WsgiDAV -- XSS vulnerability" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "py37-wagtail" }, "ranges": [ { "events": [ { "fixed": "4.1.4" }, { "introduced": "0" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "4.2.0" }, { "fixed": "4.2.2" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "py38-wagtail" }, "ranges": [ { "events": [ { "fixed": "4.1.4" }, { "introduced": "0" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "4.2.0" }, { "fixed": "4.2.2" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "py39-wagtail" }, "ranges": [ { "events": [ { "fixed": "4.1.4" }, { "introduced": "0" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "4.2.0" }, { "fixed": "4.2.2" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "py310-wagtail" }, "ranges": [ { "events": [ { "fixed": "4.1.4" }, { "introduced": "0" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "4.2.0" }, { "fixed": "4.2.2" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "py311-wagtail" }, "ranges": [ { "events": [ { "fixed": "4.1.4" }, { "introduced": "0" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "4.2.0" }, { "fixed": "4.2.2" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://osv.dev/vulnerability/GHSA-5286-f2rf-35c2" ], "discovery": "2023-04-03T00:00:00Z", "references": { "cvename": [ "CVE-2023-28836" ] }, "vid": "17efbe19-4e72-426a-8016-2b4e001c1378" }, "details": "> A stored cross-site scripting (XSS) vulnerability exists on ModelAdmin\n> views within the Wagtail admin interface.\n>\n> A user with a limited-permission editor account for the Wagtail admin\n> could potentially craft pages and documents that, when viewed by a\n> user with higher privileges, could perform actions with that user\\'s\n> credentials.\n>\n> The vulnerability is not exploitable by an ordinary site visitor\n> without access to the Wagtail admin, and only affects sites with\n> ModelAdmin enabled.\n>\n> For page, the vulnerability is in the \\\"Choose a parent page\\\"\n> ModelAdmin view, available when managing pages via ModelAdmin.\n>\n> For documents, the vulnerability is in the ModelAdmin Inspect view\n> when displaying document fields.\n", "id": "FreeBSD-2023-0264", "modified": "2023-08-31T00:00:00Z", "published": "2023-08-31T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://osv.dev/vulnerability/GHSA-5286-f2rf-35c2" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-28836" }, { "type": "WEB", "url": "https://osv.dev/vulnerability/GHSA-5286-f2rf-35c2" } ], "schema_version": "1.7.0", "summary": "py-wagtail -- stored XSS vulnerability" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "py37-wagtail" }, "ranges": [ { "events": [ { "introduced": "4.2.0" }, { "fixed": "4.2.2" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "py38-wagtail" }, "ranges": [ { "events": [ { "introduced": "4.2.0" }, { "fixed": "4.2.2" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "py39-wagtail" }, "ranges": [ { "events": [ { "introduced": "4.2.0" }, { "fixed": "4.2.2" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "py310-wagtail" }, "ranges": [ { "events": [ { "introduced": "4.2.0" }, { "fixed": "4.2.2" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "py311-wagtail" }, "ranges": [ { "events": [ { "introduced": "4.2.0" }, { "fixed": "4.2.2" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://osv.dev/vulnerability/GHSA-33pv-vcgh-jfg9" ], "discovery": "2023-04-03T00:00:00Z", "references": { "cvename": [ "CVE-2023-28837" ] }, "vid": "2def7c4b-736f-4754-9f03-236fcb586d91" }, "details": "> A memory exhaustion bug exists in Wagtail\\'s handling of uploaded\n> images and documents.\n>\n> For both images and documents, files are loaded into memory during\n> upload for additional processing.\n>\n> A user with access to upload images or documents through the Wagtail\n> admin interface could upload a file so large that it results in a\n> crash or denial of service.\n>\n> The vulnerability is not exploitable by an ordinary site visitor\n> without access to the Wagtail admin.\n>\n> It can only be exploited by admin users with permission to upload\n> images or documents.\n>\n> Image uploads are restricted to 10MB by default, however this\n> validation only happens on the frontend and on the backend after the\n> vulnerable code.\n", "id": "FreeBSD-2023-0263", "modified": "2023-08-31T00:00:00Z", "published": "2023-08-31T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://osv.dev/vulnerability/GHSA-33pv-vcgh-jfg9" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-28837" }, { "type": "WEB", "url": "https://osv.dev/vulnerability/GHSA-33pv-vcgh-jfg9" } ], "schema_version": "1.7.0", "summary": "py-wagtail -- DoS vulnerability" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "py37-treq" }, "ranges": [ { "events": [ { "fixed": "22.1.0" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "py38-treq" }, "ranges": [ { "events": [ { "fixed": "22.1.0" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "py39-treq" }, "ranges": [ { "events": [ { "fixed": "22.1.0" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "py310-treq" }, "ranges": [ { "events": [ { "fixed": "22.1.0" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "py311-treq" }, "ranges": [ { "events": [ { "fixed": "22.1.0" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://osv.dev/vulnerability/GHSA-fhpf-pp6p-55qc" ], "discovery": "2022-02-01T00:00:00Z", "references": { "cvename": [ "CVE-2022-23607" ] }, "vid": "181f5e49-b71d-4527-9464-d4624d69acc3" }, "details": "> Treq\\'s request methods (\\`treq.get\\`, \\`treq.post\\`,\n> \\`HTTPClient.request\\`, \\`HTTPClient.get\\`, etc.) accept cookies as a\n> dictionary.\n>\n> Such cookies are not bound to a single domain, and are therefore sent\n> to \\*every\\* domain (\\\"supercookies\\\").\n>\n> This can potentially cause sensitive information to leak upon an HTTP\n> redirect to a different domain., e.g. should \\`https://example.com\\`\n> redirect to \\`http://cloudstorageprovider.com\\` the latter will\n> receive the cookie \\`session\\`.\n", "id": "FreeBSD-2023-0262", "modified": "2023-08-31T00:00:00Z", "published": "2023-08-31T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://osv.dev/vulnerability/GHSA-fhpf-pp6p-55qc" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-23607" }, { "type": "WEB", "url": "https://osv.dev/vulnerability/GHSA-fhpf-pp6p-55qc" } ], "schema_version": "1.7.0", "summary": "py-treq -- sensitive information leak vulnerability" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "py37-Scrapy" }, "ranges": [ { "events": [ { "last_affected": "2.8.0" }, { "fixed": "2.8.0" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "py38-Scrapy" }, "ranges": [ { "events": [ { "last_affected": "2.8.0" }, { "fixed": "2.8.0" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "py39-Scrapy" }, "ranges": [ { "events": [ { "last_affected": "2.8.0" }, { "fixed": "2.8.0" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "py310-Scrapy" }, "ranges": [ { "events": [ { "last_affected": "2.8.0" }, { "fixed": "2.8.0" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "py311-Scrapy" }, "ranges": [ { "events": [ { "last_affected": "2.8.0" }, { "fixed": "2.8.0" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://osv.dev/vulnerability/PYSEC-2017-83" ], "discovery": "2017-09-05T00:00:00Z", "references": { "cvename": [ "CVE-2017-14158" ] }, "vid": "4eb5dccb-923c-4f18-9cd4-b53f9e28d4d7" }, "details": "kmike and nramirezuy report:\n\n> Scrapy 1.4 allows remote attackers to cause a denial of service\n> (memory consumption) via large files because arbitrarily many files\n> are read into memory, which is especially problematic if the files are\n> then individually written in a separate thread to a slow storage\n> resource, as demonstrated by interaction between dataReceived (in\n> core/downloader/handlers/http11.py) and S3FilesStore.\n", "id": "FreeBSD-2023-0261", "modified": "2023-08-31T00:00:00Z", "published": "2023-08-31T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://osv.dev/vulnerability/PYSEC-2017-83" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-14158" }, { "type": "WEB", "url": "https://osv.dev/vulnerability/PYSEC-2017-83" }, { "type": "WEB", "url": "https://osv.dev/vulnerability/GHSA-h7wm-ph43-c39p" } ], "schema_version": "1.7.0", "summary": "py-Scrapy -- DoS vulnerability" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "py37-Scrapy" }, "ranges": [ { "events": [ { "fixed": "2.6.1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "py38-Scrapy" }, "ranges": [ { "events": [ { "fixed": "2.6.1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "py39-Scrapy" }, "ranges": [ { "events": [ { "fixed": "2.6.1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "py310-Scrapy" }, "ranges": [ { "events": [ { "fixed": "2.6.1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "py311-Scrapy" }, "ranges": [ { "events": [ { "fixed": "2.6.1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://osv.dev/vulnerability/PYSEC-2022-159" ], "discovery": "2022-03-02T00:00:00Z", "references": { "cvename": [ "CVE-2022-0577" ] }, "vid": "67fe5e5b-549f-4a2a-9834-53f60eaa415e" }, "details": "ranjit-git reports:\n\n> Exposure of Sensitive Information to an Unauthorized Actor in GitHub\n> repository scrapy/scrapy prior to 2.6.1.\n", "id": "FreeBSD-2023-0260", "modified": "2023-08-31T00:00:00Z", "published": "2023-08-31T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://osv.dev/vulnerability/PYSEC-2022-159" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-0577" }, { "type": "WEB", "url": "https://osv.dev/vulnerability/PYSEC-2022-159" }, { "type": "WEB", "url": "https://osv.dev/vulnerability/GHSA-cjvr-mfj7-j4j8" } ], "schema_version": "1.7.0", "summary": "py-Scrapy -- exposure of sensitive information vulnerability" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "py37-Scrapy" }, "ranges": [ { "events": [ { "fixed": "1.8.2" }, { "introduced": "0" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "2.0.0" }, { "fixed": "2.6.0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "py38-Scrapy" }, "ranges": [ { "events": [ { "fixed": "1.8.2" }, { "introduced": "0" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "2.0.0" }, { "fixed": "2.6.0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "py39-Scrapy" }, "ranges": [ { "events": [ { "fixed": "1.8.2" }, { "introduced": "0" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "2.0.0" }, { "fixed": "2.6.0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "py310-Scrapy" }, "ranges": [ { "events": [ { "fixed": "1.8.2" }, { "introduced": "0" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "2.0.0" }, { "fixed": "2.6.0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "py311-Scrapy" }, "ranges": [ { "events": [ { "fixed": "1.8.2" }, { "introduced": "0" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "2.0.0" }, { "fixed": "2.6.0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://osv.dev/vulnerability/GHSA-mfjm-vh54-3f96" ], "discovery": "2022-03-01T00:00:00Z", "vid": "a5403af6-225e-48ba-b233-bd95ad26434a" }, "details": "> Responses from domain names whose public domain name suffix contains 1\n> or more periods (e.g. responses from \\`example.co.uk\\`, given its\n> public domain name suffix is \\`co.uk\\`) are able to set cookies that\n> are included in requests to any other domain sharing the same domain\n> name suffix.\n", "id": "FreeBSD-2023-0259", "modified": "2023-08-31T00:00:00Z", "published": "2023-08-31T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://osv.dev/vulnerability/GHSA-mfjm-vh54-3f96" }, { "type": "WEB", "url": "https://osv.dev/vulnerability/GHSA-mfjm-vh54-3f96" } ], "schema_version": "1.7.0", "summary": "py-Scrapy -- cookie injection vulnerability" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "py37-Scrapy" }, "ranges": [ { "events": [ { "fixed": "1.8.3" }, { "introduced": "0" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "2.0.0" }, { "fixed": "2.6.2" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "py38-Scrapy" }, "ranges": [ { "events": [ { "fixed": "1.8.3" }, { "introduced": "0" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "2.0.0" }, { "fixed": "2.6.2" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "py39-Scrapy" }, "ranges": [ { "events": [ { "fixed": "1.8.3" }, { "introduced": "0" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "2.0.0" }, { "fixed": "2.6.2" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "py310-Scrapy" }, "ranges": [ { "events": [ { "fixed": "1.8.3" }, { "introduced": "0" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "2.0.0" }, { "fixed": "2.6.2" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "py311-Scrapy" }, "ranges": [ { "events": [ { "fixed": "1.8.3" }, { "introduced": "0" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "2.0.0" }, { "fixed": "2.6.2" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://osv.dev/vulnerability/GHSA-9x8m-2xpf-crp3" ], "discovery": "2022-07-29T00:00:00Z", "vid": "2ad25820-c71a-4e6c-bb99-770c66fe496d" }, "details": "> When the built-in HTTP proxy downloader middleware processes a request\n> with \\`proxy\\` metadata, and that \\`proxy\\` metadata includes proxy\n> credentials, the built-in HTTP proxy downloader middleware sets the\n> \\`Proxy-Authentication\\` header, but only if that header is not\n> already set.\n>\n> There are third-party proxy-rotation downloader middlewares that set\n> different \\`proxy\\` metadata every time they process a request.\n>\n> Because of request retries and redirects, the same request can be\n> processed by downloader middlewares more than once, including both the\n> built-in HTTP proxy downloader middleware and any third-party\n> proxy-rotation downloader middleware.\n>\n> These third-party proxy-rotation downloader middlewares could change\n> the \\`proxy\\` metadata of a request to a new value, but fail to remove\n> the \\`Proxy-Authentication\\` header from the previous value of the\n> \\`proxy\\` metadata, causing the credentials of one proxy to be leaked\n> to a different proxy.\n>\n> If you rotate proxies from different proxy providers, and any of those\n> proxies requires credentials, you are affected, unless you are\n> handling proxy rotation as described under \\*\\*Workarounds\\*\\* below.\n>\n> If you use a third-party downloader middleware for proxy rotation, the\n> same applies to that downloader middleware, and installing a patched\n> version of Scrapy may not be enough;\n>\n> patching that downloader middlware may be necessary as well.\n", "id": "FreeBSD-2023-0258", "modified": "2023-08-31T00:00:00Z", "published": "2023-08-31T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://osv.dev/vulnerability/GHSA-9x8m-2xpf-crp3" }, { "type": "WEB", "url": "https://osv.dev/vulnerability/GHSA-9x8m-2xpf-crp3" } ], "schema_version": "1.7.0", "summary": "py-Scrapy -- credentials leak vulnerability" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "py37-httpx013" }, "ranges": [ { "events": [ { "fixed": "0.20.0" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "py38-httpx013" }, "ranges": [ { "events": [ { "fixed": "0.20.0" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "py39-httpx013" }, "ranges": [ { "events": [ { "fixed": "0.20.0" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "py310-httpx013" }, "ranges": [ { "events": [ { "fixed": "0.20.0" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "py311-httpx013" }, "ranges": [ { "events": [ { "fixed": "0.20.0" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://osv.dev/vulnerability/PYSEC-2022-183" ], "discovery": "2022-04-28T00:00:00Z", "references": { "cvename": [ "CVE-2021-41945" ] }, "vid": "e831dd5a-7d8e-4818-aa1f-17dd495584ec" }, "details": "lebr0nli reports:\n\n> Encode OSS httpx \\<=1.0.0.beta0 is affected by improper input\n> validation in \\`httpx.URL\\`, \\`httpx.Client\\` and some functions using\n> \\`httpx.URL.copy_with\\`.\n", "id": "FreeBSD-2023-0257", "modified": "2023-08-31T00:00:00Z", "published": "2023-08-31T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://osv.dev/vulnerability/PYSEC-2022-183" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-41945" }, { "type": "WEB", "url": "https://osv.dev/vulnerability/PYSEC-2022-183" }, { "type": "WEB", "url": "https://osv.dev/vulnerability/GHSA-h8pj-cxx2-jfg2" } ], "schema_version": "1.7.0", "summary": "py-httpx -- input validation vulnerability" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "py37-httpie" }, "ranges": [ { "events": [ { "fixed": "3.1.0" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "py38-httpie" }, "ranges": [ { "events": [ { "fixed": "3.1.0" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "py39-httpie" }, "ranges": [ { "events": [ { "fixed": "3.1.0" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "py310-httpie" }, "ranges": [ { "events": [ { "fixed": "3.1.0" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "py311-httpie" }, "ranges": [ { "events": [ { "fixed": "3.1.0" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://osv.dev/vulnerability/PYSEC-2022-34", "https://osv.dev/vulnerability/PYSEC-2022-167" ], "discovery": "2022-03-07T00:00:00Z", "references": { "cvename": [ "CVE-2022-24737", "CVE-2022-0430" ] }, "vid": "1e37fa3e-5988-4991-808f-eae98047e2af" }, "details": "Glyph reports:\n\n> HTTPie is a command-line HTTP client.\n>\n> HTTPie has the practical concept of sessions, which help users to\n> persistently store some of the state that belongs to the outgoing\n> requests and incoming responses on the disk for further usage.\n>\n> Before 3.1.0, HTTPie didn\\'t distinguish between cookies and hosts\n> they belonged.\n>\n> This behavior resulted in the exposure of some cookies when there are\n> redirects originating from the actual host to a third party website.\n>\n> Users are advised to upgrade.\n>\n> There are no known workarounds.\n\n> Exposure of Sensitive Information to an Unauthorized Actor in GitHub\n> repository httpie/httpie prior to 3.1.0.\n", "id": "FreeBSD-2023-0256", "modified": "2023-08-31T00:00:00Z", "published": "2023-08-31T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://osv.dev/vulnerability/PYSEC-2022-34" }, { "type": "REPORT", "url": "https://osv.dev/vulnerability/PYSEC-2022-167" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-24737" }, { "type": "WEB", "url": "https://osv.dev/vulnerability/PYSEC-2022-34" }, { "type": "WEB", "url": "https://osv.dev/vulnerability/GHSA-9w4w-cpc8-h2fq" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-0430" }, { "type": "WEB", "url": "https://osv.dev/vulnerability/PYSEC-2022-167" }, { "type": "WEB", "url": "https://osv.dev/vulnerability/GHSA-6pc9-xqrg-wfqw" } ], "schema_version": "1.7.0", "summary": "py-httpie -- exposure of sensitive information vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "py37-flask-security" }, "ranges": [ { "events": [ { "last_affected": "3.0.0_1" }, { "fixed": "3.0.0_1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "py38-flask-security" }, "ranges": [ { "events": [ { "last_affected": "3.0.0_1" }, { "fixed": "3.0.0_1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "py39-flask-security" }, "ranges": [ { "events": [ { "last_affected": "3.0.0_1" }, { "fixed": "3.0.0_1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "py310-flask-security" }, "ranges": [ { "events": [ { "last_affected": "3.0.0_1" }, { "fixed": "3.0.0_1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "py311-flask-security" }, "ranges": [ { "events": [ { "last_affected": "3.0.0_1" }, { "fixed": "3.0.0_1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://osv.dev/vulnerability/GHSA-cg8c-gc2j-2wf7" ], "discovery": "2022-08-02T00:00:00Z", "references": { "cvename": [ "CVE-2021-23385" ] }, "vid": "06492bd5-085a-4cc0-9743-e30164bdcb1c" }, "details": "Snyk reports:\n\n> This affects all versions of package Flask-Security.\n>\n> When using the \\`get_post_logout_redirect\\` and\n> \\`get_post_login_redirect\\` functions, it is possible to bypass URL\n> validation and redirect a user to an arbitrary URL by providing\n> multiple back slashes such as \\`\\\\\\\\\\\\evil.com/path\\`.\n>\n> This vulnerability is only exploitable if an alternative WSGI server\n> other than Werkzeug is used, or the default behaviour of Werkzeug is\n> modified using \\`\\'autocorrect_location_header=False\\`.\n>\n> \\*\\*Note:\\*\\* Flask-Security is not maintained anymore.\n", "id": "FreeBSD-2023-0255", "modified": "2023-08-31T00:00:00Z", "published": "2023-08-31T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://osv.dev/vulnerability/GHSA-cg8c-gc2j-2wf7" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-23385" }, { "type": "WEB", "url": "https://osv.dev/vulnerability/GHSA-cg8c-gc2j-2wf7" } ], "schema_version": "1.7.0", "summary": "py-flask-security -- user redirect to arbitrary URL vulnerability" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "py37-Flask-Cors" }, "ranges": [ { "events": [ { "fixed": "3.0.9" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "py38-Flask-Cors" }, "ranges": [ { "events": [ { "fixed": "3.0.9" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "py39-Flask-Cors" }, "ranges": [ { "events": [ { "fixed": "3.0.9" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "py310-Flask-Cors" }, "ranges": [ { "events": [ { "fixed": "3.0.9" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "py311-Flask-Cors" }, "ranges": [ { "events": [ { "fixed": "3.0.9" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://osv.dev/vulnerability/PYSEC-2020-43" ], "discovery": "2020-08-31T00:00:00Z", "references": { "cvename": [ "CVE-2020-25032" ] }, "vid": "252f40cb-618c-47f4-a2cf-1abf30cffbbe" }, "details": "praetorian-colby-morgan reports:\n\n> An issue was discovered in Flask-CORS (aka CORS Middleware for Flask)\n> before 3.0.9.\n>\n> It allows ../ directory traversal to access private resources because\n> resource matching does not ensure that pathnames are in a canonical\n> format.\n", "id": "FreeBSD-2023-0254", "modified": "2023-08-31T00:00:00Z", "published": "2023-08-31T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://osv.dev/vulnerability/PYSEC-2020-43" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-25032" }, { "type": "WEB", "url": "https://osv.dev/vulnerability/PYSEC-2020-43" }, { "type": "WEB", "url": "https://osv.dev/vulnerability/GHSA-xc3p-ff3m-f46v" } ], "schema_version": "1.7.0", "summary": "py-Flask-Cors -- directory traversal vulnerability" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "py37-flask-caching" }, "ranges": [ { "events": [ { "last_affected": "2.0.2" }, { "fixed": "2.0.2" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "py38-flask-caching" }, "ranges": [ { "events": [ { "last_affected": "2.0.2" }, { "fixed": "2.0.2" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "py39-flask-caching" }, "ranges": [ { "events": [ { "last_affected": "2.0.2" }, { "fixed": "2.0.2" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "py310-flask-caching" }, "ranges": [ { "events": [ { "last_affected": "2.0.2" }, { "fixed": "2.0.2" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "py311-flask-caching" }, "ranges": [ { "events": [ { "last_affected": "2.0.2" }, { "fixed": "2.0.2" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://osv.dev/vulnerability/PYSEC-2021-13" ], "discovery": "2021-05-13T00:00:00Z", "references": { "cvename": [ "CVE-2021-33026" ] }, "vid": "692a5fd5-bb25-4df4-8a0e-eb91581f2531" }, "details": "subnix reports:\n\n> The Flask-Caching extension through 2.0.2 for Flask relies on Pickle\n> for serialization, which may lead to remote code execution or local\n> privilege escalation.\n>\n> If an attacker gains access to cache storage (e.g., filesystem,\n> Memcached, Redis, etc.), they can construct a crafted payload, poison\n> the cache, and execute Python code.\n", "id": "FreeBSD-2023-0253", "modified": "2023-08-31T00:00:00Z", "published": "2023-08-31T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://osv.dev/vulnerability/PYSEC-2021-13" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-33026" }, { "type": "WEB", "url": "https://osv.dev/vulnerability/PYSEC-2021-13" }, { "type": "WEB", "url": "https://osv.dev/vulnerability/GHSA-656c-6cxf-hvcv" } ], "schema_version": "1.7.0", "summary": "py-flask-caching -- remote code execution or local privilege escalation vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "py37-django-photologue" }, "ranges": [ { "events": [ { "last_affected": "3.15_1" }, { "fixed": "3.15_1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "py38-django-photologue" }, "ranges": [ { "events": [ { "last_affected": "3.15_1" }, { "fixed": "3.15_1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "py39-django-photologue" }, "ranges": [ { "events": [ { "last_affected": "3.15_1" }, { "fixed": "3.15_1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "py310-django-photologue" }, "ranges": [ { "events": [ { "last_affected": "3.15_1" }, { "fixed": "3.15_1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "py311-django-photologue" }, "ranges": [ { "events": [ { "last_affected": "3.15_1" }, { "fixed": "3.15_1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://osv.dev/vulnerability/GHSA-287q-jfcp-9vhv" ], "discovery": "2022-12-15T00:00:00Z", "references": { "cvename": [ "CVE-2022-4526" ] }, "vid": "c2c89dea-2859-4231-8f3b-012be0d475ff" }, "details": "domiee13 reports:\n\n> A vulnerability was found in django-photologue up to 3.15.1 and\n> classified as problematic.\n>\n> Affected by this issue is some unknown functionality of the file\n> photologue/templates/photologue/photo_detail.html of the component\n> Default Template Handler.\n>\n> The manipulation of the argument object.caption leads to cross site\n> scripting.\n>\n> The attack may be launched remotely.\n>\n> Upgrading to version 3.16 is able to address this issue.\n>\n> The name of the patch is 960cb060ce5e2964e6d716ff787c72fc18a371e7.\n>\n> It is recommended to apply a patch to fix this issue.\n>\n> VDB-215906 is the identifier assigned to this vulnerability.\n", "id": "FreeBSD-2023-0252", "modified": "2023-08-31T00:00:00Z", "published": "2023-08-31T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://osv.dev/vulnerability/GHSA-287q-jfcp-9vhv" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-4526" }, { "type": "WEB", "url": "https://osv.dev/vulnerability/GHSA-287q-jfcp-9vhv" } ], "schema_version": "1.7.0", "summary": "py-django-photologue -- XSS vulnerability" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "py37-pygments" }, "ranges": [ { "events": [ { "fixed": "2.7.4" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "py38-pygments" }, "ranges": [ { "events": [ { "fixed": "2.7.4" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "py39-pygments" }, "ranges": [ { "events": [ { "fixed": "2.7.4" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "py310-pygments" }, "ranges": [ { "events": [ { "fixed": "2.7.4" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "py311-pygments" }, "ranges": [ { "events": [ { "fixed": "2.7.4" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "py37-pygments-25" }, "ranges": [ { "events": [ { "fixed": "2.7.4" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "py38-pygments-25" }, "ranges": [ { "events": [ { "fixed": "2.7.4" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "py39-pygments-25" }, "ranges": [ { "events": [ { "fixed": "2.7.4" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "py310-pygments-25" }, "ranges": [ { "events": [ { "fixed": "2.7.4" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "py311-pygments-25" }, "ranges": [ { "events": [ { "fixed": "2.7.4" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://osv.dev/vulnerability/PYSEC-2021-140", "https://osv.dev/vulnerability/PYSEC-2021-141" ], "discovery": "2021-03-17T00:00:00Z", "references": { "cvename": [ "CVE-2021-20270", "CVE-2021-27291" ] }, "vid": "cdc685b5-1724-49a1-ad57-2eaab68e9cc0" }, "details": "Red Hat reports:\n\n> An infinite loop in SMLLexer in Pygments versions 1.5 to 2.7.3 may\n> lead to denial of service when performing syntax highlighting of a\n> Standard ML (SML) source file, as demonstrated by input that only\n> contains the \\\"exception\\\" keyword.\n\nBen Caller reports:\n\n> In pygments 1.1+, fixed in 2.7.4, the lexers used to parse programming\n> languages rely heavily on regular expressions.\n>\n> Some of the regular expressions have exponential or cubic worst-case\n> complexity and are vulnerable to ReDoS.\n>\n> By crafting malicious input, an attacker can cause a denial of\n> service.\n", "id": "FreeBSD-2023-0251", "modified": "2023-08-31T00:00:00Z", "published": "2023-08-31T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://osv.dev/vulnerability/PYSEC-2021-140" }, { "type": "REPORT", "url": "https://osv.dev/vulnerability/PYSEC-2021-141" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-20270" }, { "type": "WEB", "url": "https://osv.dev/vulnerability/PYSEC-2021-140" }, { "type": "WEB", "url": "https://osv.dev/vulnerability/GHSA-9w8r-397f-prfh" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-27291" }, { "type": "WEB", "url": "https://osv.dev/vulnerability/PYSEC-2021-141" }, { "type": "WEB", "url": "https://osv.dev/vulnerability/GHSA-pq64-v7f5-gqh8" } ], "schema_version": "1.7.0", "summary": "py-pygments -- multiple DoS vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "py37-markdown2" }, "ranges": [ { "events": [ { "fixed": "2.4.0" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "py38-markdown2" }, "ranges": [ { "events": [ { "fixed": "2.4.0" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "py39-markdown2" }, "ranges": [ { "events": [ { "fixed": "2.4.0" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "py310-markdown2" }, "ranges": [ { "events": [ { "fixed": "2.4.0" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "py311-markdown2" }, "ranges": [ { "events": [ { "fixed": "2.4.0" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://osv.dev/vulnerability/PYSEC-2021-20" ], "discovery": "2021-03-03T00:00:00Z", "references": { "cvename": [ "CVE-2021-26813" ] }, "vid": "c9b3324f-8e03-4ae3-89ce-8098cdc5bfa9" }, "details": "Ben Caller reports:\n\n> markdown2 \\>=1.0.1.18, fixed in 2.4.0, is affected by a regular\n> expression denial of service vulnerability.\n>\n> If an attacker provides a malicious string, it can make markdown2\n> processing difficult or delayed for an extended period of time.\n", "id": "FreeBSD-2023-0250", "modified": "2023-08-31T00:00:00Z", "published": "2023-08-31T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://osv.dev/vulnerability/PYSEC-2021-20" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-26813" }, { "type": "WEB", "url": "https://osv.dev/vulnerability/PYSEC-2021-20" }, { "type": "WEB", "url": "https://osv.dev/vulnerability/GHSA-jr9p-r423-9m2r" } ], "schema_version": "1.7.0", "summary": "py-markdown2 -- regular expression denial of service vulnerability" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "py37-markdown2" }, "ranges": [ { "events": [ { "fixed": "2.3.9" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "py38-markdown2" }, "ranges": [ { "events": [ { "fixed": "2.3.9" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "py39-markdown2" }, "ranges": [ { "events": [ { "fixed": "2.3.9" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "py310-markdown2" }, "ranges": [ { "events": [ { "fixed": "2.3.9" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "py311-markdown2" }, "ranges": [ { "events": [ { "fixed": "2.3.9" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://osv.dev/vulnerability/PYSEC-2020-65" ], "discovery": "2020-04-20T00:00:00Z", "references": { "cvename": [ "CVE-2020-11888" ] }, "vid": "cf6f3465-e996-4672-9458-ce803f29fdb7" }, "details": "TheGrandPew reports:\n\n> python-markdown2 through 2.3.8 allows XSS because element names are\n> mishandled unless a \\\\w+ match succeeds.\n>\n> For example, an attack might use elementname@ or elementname- with an\n> onclick attribute.\n", "id": "FreeBSD-2023-0249", "modified": "2023-08-31T00:00:00Z", "published": "2023-08-31T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://osv.dev/vulnerability/PYSEC-2020-65" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-11888" }, { "type": "WEB", "url": "https://osv.dev/vulnerability/PYSEC-2020-65" }, { "type": "WEB", "url": "https://osv.dev/vulnerability/GHSA-fv3h-8x5j-pvgq" } ], "schema_version": "1.7.0", "summary": "py-markdown2 -- XSS vulnerability" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "py37-dparse" }, "ranges": [ { "events": [ { "fixed": "0.5.2" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "py38-dparse" }, "ranges": [ { "events": [ { "fixed": "0.5.2" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "py39-dparse" }, "ranges": [ { "events": [ { "fixed": "0.5.2" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "py310-dparse" }, "ranges": [ { "events": [ { "fixed": "0.5.2" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "py311-dparse" }, "ranges": [ { "events": [ { "fixed": "0.5.2" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://osv.dev/vulnerability/PYSEC-2022-301" ], "discovery": "2022-10-06T00:00:00Z", "references": { "cvename": [ "CVE-2022-39280" ] }, "vid": "83b29e3f-886f-439f-b9a8-72e014479ff9" }, "details": "yeisonvargasf reports:\n\n> dparse is a parser for Python dependency files.\n>\n> dparse in versions before 0.5.2 contain a regular expression that is\n> vulnerable to a Regular Expression Denial of Service.\n>\n> All the users parsing index server URLs with dparse are impacted by\n> this vulnerability.\n>\n> Users unable to upgrade should avoid passing index server URLs in the\n> source file to be parsed.\n", "id": "FreeBSD-2023-0248", "modified": "2023-08-31T00:00:00Z", "published": "2023-08-31T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://osv.dev/vulnerability/PYSEC-2022-301" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-39280" }, { "type": "WEB", "url": "https://osv.dev/vulnerability/PYSEC-2022-301" }, { "type": "WEB", "url": "https://osv.dev/vulnerability/GHSA-8fg9-p83m-x5pq" } ], "schema_version": "1.7.0", "summary": "py-dparse -- REDoS vulnerability" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "FreeBSD" }, "ranges": [ { "events": [ { "introduced": "13.2" }, { "fixed": "13.2_2" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "13.1" }, { "fixed": "13.1_9" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "12.4" }, { "fixed": "12.4_4" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "discovery": "2023-08-01T00:00:00Z", "references": { "cvename": [ "CVE-2023-3326" ], "freebsdsa": [ "SA-23:09.pam_krb5" ] }, "vid": "9b0d9832-47c1-11ee-8e38-002590c1f29c" }, "details": "# Problem Description:\n\nThe problem detailed in FreeBSD-SA-23:04.pam_krb5 persisted following\nthe patch for that advisory.\n\n# Impact:\n\nThe impact described in FreeBSD-SA-23:04.pam_krb5 persists.\n", "id": "FreeBSD-2023-0247", "modified": "2023-08-31T00:00:00Z", "published": "2023-08-31T00:00:00Z", "references": [ { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-3326" }, { "type": "ADVISORY", "url": "https://www.freebsd.org/security/advisories/FreeBSD-SA-23:09.pam_krb5.asc" } ], "schema_version": "1.7.0", "summary": "FreeBSD -- Network authentication attack via pam_krb5" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "FreeBSD" }, "ranges": [ { "events": [ { "introduced": "13.2" }, { "fixed": "13.2_2" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "13.1" }, { "fixed": "13.1_9" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "12.4" }, { "fixed": "12.4_4" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "discovery": "2023-08-01T00:00:00Z", "references": { "cvename": [ "CVE-2023-38408" ], "freebsdsa": [ "SA-23:08.ssh" ] }, "vid": "291d0953-47c1-11ee-8e38-002590c1f29c" }, "details": "# Problem Description:\n\nThe server may cause ssh-agent to load shared libraries other than those\nrequired for PKCS#11 support. These shared libraries may have side\neffects that occur on load and unload (dlopen and dlclose).\n\n# Impact:\n\nAn attacker with access to a server that accepts a forwarded ssh-agent\nconnection may be able to execute code on the machine running ssh-agent.\nNote that the attack relies on properties of operating system-provided\nlibraries. This has been demonstrated on other operating systems; it is\nunknown whether this attack is possible using the libraries provided by\na FreeBSD installation.\n", "id": "FreeBSD-2023-0246", "modified": "2023-08-31T00:00:00Z", "published": "2023-08-31T00:00:00Z", "references": [ { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-38408" }, { "type": "ADVISORY", "url": "https://www.freebsd.org/security/advisories/FreeBSD-SA-23:08.ssh.asc" } ], "schema_version": "1.7.0", "summary": "FreeBSD -- Potential remote code execution via ssh-agent forwarding" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "FreeBSD" }, "ranges": [ { "events": [ { "introduced": "13.2" }, { "fixed": "13.2_2" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "13.1" }, { "fixed": "13.1_9" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "discovery": "2023-08-01T00:00:00Z", "references": { "cvename": [ "CVE-2023-3494" ], "freebsdsa": [ "SA-23:07.bhyve" ] }, "vid": "ab437561-47c0-11ee-8e38-002590c1f29c" }, "details": "# Problem Description:\n\nThe fwctl driver implements a state machine which is executed when the\nguest accesses certain x86 I/O ports. The interface lets the guest copy\na string into a buffer resident in the bhyve process\\' memory. A bug in\nthe state machine implementation can result in a buffer overflowing when\ncopying this string.\n\n# Impact:\n\nA malicious, privileged software running in a guest VM can exploit the\nbuffer overflow to achieve code execution on the host in the bhyve\nuserspace process, which typically runs as root. Note that bhyve runs in\na Capsicum sandbox, so malicious code is constrained by the capabilities\navailable to the bhyve process.\n", "id": "FreeBSD-2023-0245", "modified": "2023-08-31T00:00:00Z", "published": "2023-08-31T00:00:00Z", "references": [ { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-3494" }, { "type": "ADVISORY", "url": "https://www.freebsd.org/security/advisories/FreeBSD-SA-23:07.bhyve.asc" } ], "schema_version": "1.7.0", "summary": "FreeBSD -- bhyve privileged guest escape via fwctl" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:kernel", "name": "FreeBSD-kernel" }, "ranges": [ { "events": [ { "introduced": "13.2" }, { "fixed": "13.2_2" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "13.1" }, { "fixed": "13.1_9" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "12.4" }, { "fixed": "12.4_4" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "discovery": "2023-08-01T00:00:00Z", "references": { "cvename": [ "CVE-2023-3107" ], "freebsdsa": [ "SA-23:06.ipv6" ] }, "vid": "3dabf5b8-47c0-11ee-8e38-002590c1f29c" }, "details": "# Problem Description:\n\nEach fragment of an IPv6 packet contains a fragment header which\nspecifies the offset of the fragment relative to the original packet,\nand each fragment specifies its length in the IPv6 header. When\nreassembling the packet, the kernel calculates the complete IPv6 payload\nlength. The payload length must fit into a 16-bit field in the IPv6\nheader.\n\nDue to a bug in the kernel, a set of carefully crafted packets can\ntrigger an integer overflow in the calculation of the reassembled\npacket\\'s payload length field.\n\n# Impact:\n\nOnce an IPv6 packet has been reassembled, the kernel continues\nprocessing its contents. It does so assuming that the fragmentation\nlayer has validated all fields of the constructed IPv6 header. This bug\nviolates such assumptions and can be exploited to trigger a remote\nkernel panic, resulting in a denial of service.\n", "id": "FreeBSD-2023-0244", "modified": "2023-08-31T00:00:00Z", "published": "2023-08-31T00:00:00Z", "references": [ { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-3107" }, { "type": "ADVISORY", "url": "https://www.freebsd.org/security/advisories/FreeBSD-SA-23:06.ipv6.asc" } ], "schema_version": "1.7.0", "summary": "FreeBSD -- Remote denial of service in IPv6 fragment reassembly" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "FreeBSD" }, "ranges": [ { "events": [ { "introduced": "12.4" }, { "fixed": "12.4_3" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "discovery": "2023-06-21T00:00:00Z", "references": { "cvename": [ "CVE-2023-28531" ], "freebsdsa": [ "SA-23:05.openssh" ] }, "vid": "e31a8f8e-47bf-11ee-8e38-002590c1f29c" }, "details": "# Problem Description:\n\nWhen using ssh-add(1) to add smartcard keys to ssh-agent(1) with per-hop\ndestination constraints, a logic error prevented the constraints from\nbeing sent to the agent resulting in keys being added to the agent\nwithout constraints.\n\n# Impact:\n\nA malicious server could leverage the keys provided by a forwarded agent\nthat would normally not be allowed due to the logic error.\n", "id": "FreeBSD-2023-0243", "modified": "2023-08-31T00:00:00Z", "published": "2023-08-31T00:00:00Z", "references": [ { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-28531" }, { "type": "ADVISORY", "url": "https://www.freebsd.org/security/advisories/FreeBSD-SA-23:05.openssh.asc" } ], "schema_version": "1.7.0", "summary": "FreeBSD -- ssh-add does not honor per-hop destination constraints" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "FreeBSD" }, "ranges": [ { "events": [ { "introduced": "13.2" }, { "fixed": "13.2_1" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "13.1" }, { "fixed": "13.1_8" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "12.4" }, { "fixed": "12.4_3" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "discovery": "2023-06-21T00:00:00Z", "references": { "cvename": [ "CVE-2023-3326" ], "freebsdsa": [ "SA-23:04.pam_krb5" ] }, "vid": "41af0277-47bf-11ee-8e38-002590c1f29c" }, "details": "# Problem Description:\n\npam_krb5 authenticates the user by essentially running kinit(1) with the\npassword, getting a \\`ticket-granting ticket\\' (tgt) from the Kerberos\nKDC (Key Distribution Center) over the network, as a way to verify the\npassword.\n\nNormally, the system running the pam_krb5 module will also have a\nkeytab, a key provisioned by the KDC. The pam_krb5 module will use the\ntgt to get a service ticket and validate it against the keytab, ensuring\nthe tgt is valid and therefore, the password is valid.\n\nHowever, if a keytab is not provisioned on the system, pam_krb5 has no\nway to validate the response from the KDC, and essentially trusts the\ntgt provided over the network as being valid.\n\n# Impact:\n\nIn a non-default FreeBSD installation that leverages pam_krb5 for\nauthentication and does not have a keytab provisioned, an attacker that\nis able to control both the password and the KDC responses can return a\nvalid tgt, allowing authentication to occur for any user on the system.\n", "id": "FreeBSD-2023-0242", "modified": "2023-08-31T00:00:00Z", "published": "2023-08-31T00:00:00Z", "references": [ { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-3326" }, { "type": "ADVISORY", "url": "https://www.freebsd.org/security/advisories/FreeBSD-SA-23:04.pam_krb5.asc" } ], "schema_version": "1.7.0", "summary": "FreeBSD -- Network authentication attack via pam_krb5" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "FreeBSD" }, "ranges": [ { "events": [ { "introduced": "13.1" }, { "fixed": "13.1_7" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "12.4" }, { "fixed": "12.4_2" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "12.3" }, { "fixed": "12.3_12" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "discovery": "2023-02-16T00:00:00Z", "references": { "cvename": [ "CVE-2023-0286", "CVE-2023-0215", "CVE-2022-4450", "CVE-2022-4304" ], "freebsdsa": [ "SA-23:03.openssl" ] }, "vid": "c8eb4c40-47bd-11ee-8e38-002590c1f29c" }, "details": "# Problem Description:\n\n## X.400 address type confusion in X.509 GeneralName (CVE-2023-0286)\n\nThere is a type confusion vulnerability relating to X.400 address\nprocessing inside an X.509 GeneralName. X.400 addresses were parsed as\nan ASN1_STRING but the public structure definition for GENERAL_NAME\nincorrectly specified the type of the x400Address field as ASN1_TYPE.\nThis field is subsequently interpreted by the OpenSSL function\nGENERAL_NAME_cmp as an ASN1_TYPE rather than an ASN1_STRING.\n\n## Timing Oracle in RSA Decryption (CVE-2022-4304)\n\nA timing based side channel exists in the OpenSSL RSA Decryption\nimplementation.\n\n## Use-after-free following BIO_new_NDEF (CVE-2023-0215)\n\nThe public API function BIO_new_NDEF is a helper function used for\nstreaming ASN.1 data via a BIO. It is primarily used internally to\nOpenSSL to support the SMIME, CMS and PKCS7 streaming capabilities, but\nmay also be called directly by end user applications.\n\nThe function receives a BIO from the caller, prepends a new BIO_f_asn1\nfilter BIO onto the front of it to form a BIO chain, and then returns\nthe new head of the BIO chain to the caller. Under certain conditions,\nfor example if a CMS recipient public key is invalid, the new filter BIO\nis freed and the function returns a NULL result indicating a failure.\nHowever, in this case, the BIO chain is not properly cleaned up and the\nBIO passed by the caller still retains internal pointers to the\npreviously freed filter BIO.\n\n## Double free after calling PEM_read_bio_ex (CVE-2022-4450)\n\nThe function PEM_read_bio_ex() reads a PEM file from a BIO and parses\nand decodes the \\\"name\\\" (e.g. \\\"CERTIFICATE\\\"), any header data and the\npayload data. If the function succeeds then the \\\"name_out\\\", \\\"header\\\"\nand \\\"data\\\" arguments are populated with pointers to buffers containing\nthe relevant decoded data. The caller is responsible for freeing those\nbuffers. It is possible to construct a PEM file that results in 0 bytes\nof payload data. In this case PEM_read_bio_ex() will return a failure\ncode but will populate the header argument with a pointer to a buffer\nthat has already been freed.\n\n# Impact:\n\n## X.400 address type confusion in X.509 GeneralName (CVE-2023-0286)\n\nWhen CRL checking is enabled (i.e. the application sets the\nX509_V_FLAG_CRL_CHECK flag), this vulnerability may allow an attacker to\npass arbitrary pointers to a memcmp call, enabling them to read memory\ncontents or enact a denial of service. In most cases, the attack\nrequires the attacker to provide both the certificate chain and CRL,\nneither of which need to have a valid signature. If the attacker only\ncontrols one of these inputs, the other input must already contain an\nX.400 address as a CRL distribution point, which is uncommon. As such,\nthis vulnerability is most likely to only affect applications which have\nimplemented their own functionality for retrieving CRLs over a network.\n\n## Timing Oracle in RSA Decryption (CVE-2022-4304)\n\nA timing based side channel exists in the OpenSSL RSA Decryption\nimplementation which could be sufficient to recover a plaintext across a\nnetwork in a Bleichenbacher style attack. To achieve a successful\ndecryption an attacker would have to be able to send a very large number\nof trial messages for decryption. The vulnerability affects all RSA\npadding modes: PKCS#1 v1.5, RSA-OEAP and RSASVE.\n\n## Use-after-free following BIO_new_NDEF (CVE-2023-0215)\n\nA use-after-free will occur under certain conditions. This will most\nlikely result in a crash.\n\n## Double free after calling PEM_read_bio_ex (CVE-2022-4450)\n\nA double free may occur. This will most likely lead to a crash. This\ncould be exploited by an attacker who has the ability to supply\nmalicious PEM files for parsing to achieve a denial of service attack.\n", "id": "FreeBSD-2023-0241", "modified": "2023-08-31T00:00:00Z", "published": "2023-08-31T00:00:00Z", "references": [ { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-0286" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-0215" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-4450" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-4304" }, { "type": "ADVISORY", "url": "https://www.freebsd.org/security/advisories/FreeBSD-SA-23:03.openssl.asc" } ], "schema_version": "1.7.0", "summary": "FreeBSD -- Multiple vulnerabilities in OpenSSL" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "FreeBSD" }, "ranges": [ { "events": [ { "introduced": "12.4" }, { "fixed": "12.4_2" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "discovery": "2023-02-16T00:00:00Z", "references": { "cvename": [ "CVE-2023-25136" ], "freebsdsa": [ "SA-23:02.openssh" ] }, "vid": "09b7cd39-47bd-11ee-8e38-002590c1f29c" }, "details": "# Problem Description:\n\nA flaw in the backwards-compatibility key exchange route allows a\npointer to be freed twice.\n\n# Impact:\n\nA remote, unauthenticated attacker may be able to cause a denial of\nservice, or possibly remote code execution.\n\nNote that FreeBSD 12.3 and FreeBSD 13.1 include older versions of\nOpenSSH, and are not affected. FreeBSD 13.2-BETA1 and later include the\nfix.\n", "id": "FreeBSD-2023-0240", "modified": "2023-08-31T00:00:00Z", "published": "2023-08-31T00:00:00Z", "references": [ { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-25136" }, { "type": "ADVISORY", "url": "https://www.freebsd.org/security/advisories/FreeBSD-SA-23:02.openssh.asc" } ], "schema_version": "1.7.0", "summary": "FreeBSD -- OpenSSH pre-authentication double free" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:kernel", "name": "FreeBSD-kernel" }, "ranges": [ { "events": [ { "introduced": "13.1" }, { "fixed": "13.1_6" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "12.4" }, { "fixed": "12.4_1" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "12.3" }, { "fixed": "12.3_11" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "discovery": "2023-02-08T00:00:00Z", "references": { "cvename": [ "CVE-2023-0751" ], "freebsdsa": [ "SA-23:01.geli" ] }, "vid": "3fcab88b-47bc-11ee-8e38-002590c1f29c" }, "details": "# Problem Description:\n\nWhen GELI reads a key file from a standard input, it doesn\\'t store it\nanywhere. If the user tries to initialize multiple providers at once,\nfor the second and subsequent devices the standard input stream will be\nalready empty. In this case, GELI silently uses a NULL key as the user\nkey file. If the user used only a key file without a user passphrase,\nthe master key was encrypted with an empty key file. This might not be\nnoticed if the devices were also decrypted in a batch operation.\n\n# Impact:\n\nSome GELI providers might be silently encrypted with a NULL key file.\n", "id": "FreeBSD-2023-0239", "modified": "2023-08-31T00:00:00Z", "published": "2023-08-31T00:00:00Z", "references": [ { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-0751" }, { "type": "ADVISORY", "url": "https://www.freebsd.org/security/advisories/FreeBSD-SA-23:01.geli.asc" } ], "schema_version": "1.7.0", "summary": "FreeBSD -- GELI silently omits the keyfile if read from stdin" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "FreeBSD" }, "ranges": [ { "events": [ { "introduced": "13.1" }, { "fixed": "13.1_5" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "12.3" }, { "fixed": "12.3_10" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "discovery": "2022-11-29T00:00:00Z", "references": { "cvename": [ "CVE-2022-23093" ], "freebsdsa": [ "SA-22:15.ping" ] }, "vid": "a005aea9-47bb-11ee-8e38-002590c1f29c" }, "details": "# Problem Description:\n\nping reads raw IP packets from the network to process responses in the\npr_pack() function. As part of processing a response ping has to\nreconstruct the IP header, the ICMP header and if present a \\\"quoted\npacket,\\\" which represents the packet that generated an ICMP error. The\nquoted packet again has an IP header and an ICMP header.\n\nThe pr_pack() copies received IP and ICMP headers into stack buffers for\nfurther processing. In so doing, it fails to take into account the\npossible presence of IP option headers following the IP header in either\nthe response or the quoted packet. When IP options are present,\npr_pack() overflows the destination buffer by up to 40 bytes.\n\n# Impact:\n\nThe memory safety bugs described above can be triggered by a remote\nhost, causing the ping program to crash.\n\nThe ping process runs in a capability mode sandbox on all affected\nversions of FreeBSD and is thus very constrained in how it can interact\nwith the rest of the system at the point where the bug can occur.\n", "id": "FreeBSD-2023-0238", "modified": "2023-08-31T00:00:00Z", "published": "2023-08-31T00:00:00Z", "references": [ { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-23093" }, { "type": "ADVISORY", "url": "https://www.freebsd.org/security/advisories/FreeBSD-SA-22:15.ping.asc" } ], "schema_version": "1.7.0", "summary": "FreeBSD -- Stack overflow in ping(8)" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "FreeBSD" }, "ranges": [ { "events": [ { "introduced": "13.1" }, { "fixed": "13.1_4" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "12.3" }, { "fixed": "12.3_9" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "discovery": "2022-11-15T00:00:00Z", "references": { "cvename": [ "CVE-2019-14870", "CVE-2021-44758", "CVE-2022-3437", "CVE-2022-42898", "CVE-2022-44640" ], "freebsdsa": [ "SA-22:14.heimdal" ] }, "vid": "97c1b0f7-47b9-11ee-8e38-002590c1f29c" }, "details": "# Problem Description:\n\nMultiple security vulnerabilities have been discovered in the Heimdal\nimplementation of the Kerberos 5 network authentication protocols and\nKDC.\n\n- CVE-2022-42898 PAC parse integer overflows\n- CVE-2022-3437 Overflows and non-constant time leaks in DES{,3} and\n arcfour\n- CVE-2021-44758 NULL dereference DoS in SPNEGO acceptors\n- CVE-2022-44640 Heimdal KDC: invalid free in ASN.1 codec\n- CVE-2019-14870 Validate client attributes in protocol-transition\n- CVE-2019-14870 Apply forwardable policy in protocol-transition\n- CVE-2019-14870 Always lookup impersonate client in DB\n\n# Impact:\n\nA malicious actor with control of the network between a client and a\nservice using Kerberos for authentication can impersonate either the\nclient or the service, enabling a man-in-the-middle (MITM) attack\ncircumventing mutual authentication.\n\nNote that, while CVE-2022-44640 is a severe vulnerability, possibly\nenabling remote code execution on other platforms, the version of\nHeimdal included with the FreeBSD base system cannot be exploited in\nthis way on FreeBSD.\n", "id": "FreeBSD-2023-0237", "modified": "2023-08-31T00:00:00Z", "published": "2023-08-31T00:00:00Z", "references": [ { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-14870" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-44758" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-3437" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-42898" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-44640" }, { "type": "ADVISORY", "url": "https://www.freebsd.org/security/advisories/FreeBSD-SA-22:14.heimdal.asc" } ], "schema_version": "1.7.0", "summary": "FreeBSD -- Multiple vulnerabilities in Heimdal" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "chromium" }, "ranges": [ { "events": [ { "fixed": "116.0.5845.140" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "ungoogled-chromium" }, "ranges": [ { "events": [ { "fixed": "116.0.5845.140" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://chromereleases.googleblog.com/2023/08/stable-channel-update-for-desktop_29.html" ], "discovery": "2023-08-29T00:00:00Z", "references": { "cvename": [ "CVE-2023-4472" ] }, "vid": "22fffa69-46fa-11ee-8290-a8a1599412c6" }, "details": "Chrome Releases reports:\n\n> This update includes 1 security fix:\n>\n> - \\[1472492\\] High CVE-2023-4572: Use after free in MediaStream.\n> Reported by fwnfwn(@\\_fwnfwn) on 2023-08-12\n", "id": "FreeBSD-2023-0236", "modified": "2023-08-30T00:00:00Z", "published": "2023-08-30T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://chromereleases.googleblog.com/2023/08/stable-channel-update-for-desktop_29.html" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-4472" }, { "type": "WEB", "url": "https://chromereleases.googleblog.com/2023/08/stable-channel-update-for-desktop_29.html" } ], "schema_version": "1.7.0", "summary": "chromium -- use after free in MediaStream" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "gitea" }, "ranges": [ { "events": [ { "fixed": "1.20.3" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://github.com/go-gitea/gitea/pull/25097" ], "discovery": "2023-06-06T00:00:00Z", "vid": "36a37c92-44b1-11ee-b091-6162c1274384" }, "details": "The Gitea team reports:\n\n> Fix API leaking Usermail if not logged in\n>\n> The API should only return the real Mail of a User, if the caller is\n> logged in. The check do to this don\\'t work. This PR fixes this. This\n> not really a security issue, but can lead to Spam.\n", "id": "FreeBSD-2023-0235", "modified": "2023-08-27T00:00:00Z", "published": "2023-08-27T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://github.com/go-gitea/gitea/pull/25097" }, { "type": "WEB", "url": "https://blog.gitea.com/release-of-1.20.3" }, { "type": "WEB", "url": "https://github.com/go-gitea/gitea/releases/tag/v1.20.3" } ], "schema_version": "1.7.0", "summary": "gitea -- information disclosure" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "chromium" }, "ranges": [ { "events": [ { "fixed": "116.0.5845.110" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "ungoogled-chromium" }, "ranges": [ { "events": [ { "fixed": "116.0.5845.110" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://chromereleases.googleblog.com/2023/08/chrome-desktop-stable-update.html" ], "discovery": "2023-08-22T00:00:00Z", "references": { "cvename": [ "CVE-2023-4430", "CVE-2023-4429", "CVE-2023-4428", "CVE-2023-4427", "CVE-2023-4431" ] }, "vid": "5fa332b9-4269-11ee-8290-a8a1599412c6" }, "details": "Chrome Releases reports:\n\n> This update includes 5 security fixes:\n>\n> - \\[1469542\\] High CVE-2023-4430: Use after free in Vulkan. Reported\n> by Cassidy Kim(@cassidy6564) on 2023-08-02\n> - \\[1469754\\] High CVE-2023-4429: Use after free in Loader. Reported\n> by Anonymous on 2023-08-03\n> - \\[1470477\\] High CVE-2023-4428: Out of bounds memory access in CSS.\n> Reported by Francisco Alonso (@revskills) on 2023-08-06\n> - \\[1470668\\] High CVE-2023-4427: Out of bounds memory access in V8.\n> Reported by Sergei Glazunov of Google Project Zero on 2023-08-07\n> - \\[1469348\\] Medium CVE-2023-4431: Out of bounds memory access in\n> Fonts. Reported by Microsoft Security Researcher on 2023-08-01\n", "id": "FreeBSD-2023-0234", "modified": "2023-08-24T00:00:00Z", "published": "2023-08-24T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://chromereleases.googleblog.com/2023/08/chrome-desktop-stable-update.html" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-4430" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-4429" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-4428" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-4427" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-4431" }, { "type": "WEB", "url": "https://chromereleases.googleblog.com/2023/08/chrome-desktop-stable-update.html" } ], "schema_version": "1.7.0", "summary": "chromium -- multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "electron25" }, "ranges": [ { "events": [ { "fixed": "25.7.0" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://github.com/electron/electron/releases/tag/v25.7.0" ], "discovery": "2023-08-23T00:00:00Z", "references": { "cvename": [ "CVE-2023-4071", "CVE-2023-4070", "CVE-2023-4075", "CVE-2023-4076", "CVE-2023-4074", "CVE-2023-4072", "CVE-2023-4068", "CVE-2023-4073", "CVE-2023-4355", "CVE-2023-4354", "CVE-2023-4353", "CVE-2023-4351" ] }, "vid": "5999fc39-72d0-4b99-851c-ade7ff7125c3" }, "details": "Electron developers report:\n\n> This update fixes the following vulnerabilities:\n>\n> - Security: backported fix for CVE-2023-4071.\n> - Security: backported fix for CVE-2023-4070.\n> - Security: backported fix for CVE-2023-4075.\n> - Security: backported fix for CVE-2023-4076.\n> - Security: backported fix for CVE-2023-4074.\n> - Security: backported fix for CVE-2023-4072.\n> - Security: backported fix for CVE-2023-4068.\n> - Security: backported fix for CVE-2023-4073.\n> - Security: backported fix for CVE-2023-4355.\n> - Security: backported fix for CVE-2023-4354.\n> - Security: backported fix for CVE-2023-4353.\n> - Security: backported fix for CVE-2023-4351.\n", "id": "FreeBSD-2023-0233", "modified": "2023-08-24T00:00:00Z", "published": "2023-08-24T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://github.com/electron/electron/releases/tag/v25.7.0" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-4071" }, { "type": "ADVISORY", "url": "https://github.com/advisories/GHSA-qc3g-vp59-7vwh" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-4070" }, { "type": "ADVISORY", "url": "https://github.com/advisories/GHSA-9xxv-mx64-rx27" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-4075" }, { "type": "ADVISORY", "url": "https://github.com/advisories/GHSA-7332-j628-x48x" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-4076" }, { "type": "ADVISORY", "url": "https://github.com/advisories/GHSA-7rfc-cwhj-x2qv" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-4074" }, { "type": "ADVISORY", "url": "https://github.com/advisories/GHSA-6j3m-7hm6-qjrx" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-4072" }, { "type": "ADVISORY", "url": "https://github.com/advisories/GHSA-9j4r-qr47-rcxp" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-4068" }, { "type": "ADVISORY", "url": "https://github.com/advisories/GHSA-wh89-h5f7-hhcr" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-4073" }, { "type": "ADVISORY", "url": "https://github.com/advisories/GHSA-g9wf-6ppg-937x" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-4355" }, { "type": "ADVISORY", "url": "https://github.com/advisories/GHSA-xrw8-8992-37w4" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-4354" }, { "type": "ADVISORY", "url": "https://github.com/advisories/GHSA-rq4v-7hxq-wpm5" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-4353" }, { "type": "ADVISORY", "url": "https://github.com/advisories/GHSA-mjq9-8vf6-qh49" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-4351" }, { "type": "ADVISORY", "url": "https://github.com/advisories/GHSA-mh2g-52mr-mr5v" } ], "schema_version": "1.7.0", "summary": "electron25 -- multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "electron22" }, "ranges": [ { "events": [ { "fixed": "22.3.22" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "electron24" }, "ranges": [ { "events": [ { "fixed": "24.8.1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://github.com/electron/electron/releases/tag/v22.3.22" ], "discovery": "2023-08-23T00:00:00Z", "references": { "cvename": [ "CVE-2023-4355", "CVE-2023-4354", "CVE-2023-4353", "CVE-2023-4352", "CVE-2023-4351" ] }, "vid": "99bc2966-55be-4411-825f-b04017a4c100" }, "details": "Electron developers report:\n\n> This update fixes the following vulnerabilities:\n>\n> - Security: backported fix for CVE-2023-4355.\n> - Security: backported fix for CVE-2023-4354.\n> - Security: backported fix for CVE-2023-4353.\n> - Security: backported fix for CVE-2023-4352.\n> - Security: backported fix for CVE-2023-4351.\n", "id": "FreeBSD-2023-0232", "modified": "2023-08-24T00:00:00Z", "published": "2023-08-24T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://github.com/electron/electron/releases/tag/v22.3.22" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-4355" }, { "type": "ADVISORY", "url": "https://github.com/advisories/GHSA-xrw8-8992-37w4" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-4354" }, { "type": "ADVISORY", "url": "https://github.com/advisories/GHSA-rq4v-7hxq-wpm5" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-4353" }, { "type": "ADVISORY", "url": "https://github.com/advisories/GHSA-mjq9-8vf6-qh49" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-4352" }, { "type": "ADVISORY", "url": "https://github.com/advisories/GHSA-vp8r-986v-6qj4" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-4351" }, { "type": "ADVISORY", "url": "https://github.com/advisories/GHSA-mh2g-52mr-mr5v" } ], "schema_version": "1.7.0", "summary": "electron{22,24} -- multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "phpmyfaq-php80" }, "ranges": [ { "events": [ { "fixed": "3.1.16" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "phpmyfaq-php81" }, "ranges": [ { "events": [ { "fixed": "3.1.16" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "phpmyfaq-php82" }, "ranges": [ { "events": [ { "fixed": "3.1.16" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "phpmyfaq-php83" }, "ranges": [ { "events": [ { "fixed": "3.1.16" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://www.phpmyfaq.de/security/advisory-2023-07-16" ], "discovery": "2023-07-16T00:00:00Z", "vid": "ddd3fcc9-2bdd-11ee-9af4-589cfc0f81b0" }, "details": "phpmyfaq developers report:\n\n> Cross Site Scripting vulnerability\n>\n> CSV injection vulnerability\n", "id": "FreeBSD-2023-0231", "modified": "2023-08-23T00:00:00Z", "published": "2023-08-23T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://www.phpmyfaq.de/security/advisory-2023-07-16" }, { "type": "WEB", "url": "https://huntr.dev/bounties/e891dcbc-2092-49d3-9518-23e37187a5ea/" }, { "type": "WEB", "url": "https://huntr.dev/bounties/36149a42-cbd5-445e-a371-e351c899b189/" } ], "schema_version": "1.7.0", "summary": "phpmyfaq -- multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "chromium" }, "ranges": [ { "events": [ { "fixed": "116.0.5845.96" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "ungoogled-chromium" }, "ranges": [ { "events": [ { "fixed": "116.0.5845.96" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://chromereleases.googleblog.com/2023/08/stable-channel-update-for-desktop_15.html" ], "discovery": "2023-08-15T00:00:00Z", "references": { "cvename": [ "CVE-2023-2312", "CVE-2023-4349", "CVE-2023-4350", "CVE-2023-4351", "CVE-2023-4352", "CVE-2023-4353", "CVE-2023-4354", "CVE-2023-4355", "CVE-2023-4356", "CVE-2023-4357", "CVE-2023-4358", "CVE-2023-4359", "CVE-2023-4360", "CVE-2023-4361", "CVE-2023-4362", "CVE-2023-4363", "CVE-2023-4364", "CVE-2023-4365", "CVE-2023-4366", "CVE-2023-4367", "CVE-2023-4368" ] }, "vid": "5666688f-803b-4cf0-9cb1-08c088f2225a" }, "details": "Chrome Releases reports:\n\n> This update includes 26 security fixes:\n>\n> - \\[1448548\\] High CVE-2023-2312: Use after free in Offline. Reported\n> by avaue at S.S.L. on 2023-05-24\n> - \\[1458303\\] High CVE-2023-4349: Use after free in Device Trust\n> Connectors. Reported by Weipeng Jiang (@Krace) of VRI on 2023-06-27\n> - \\[1454817\\] High CVE-2023-4350: Inappropriate implementation in\n> Fullscreen. Reported by Khiem Tran (@duckhiem) on 2023-06-14\n> - \\[1465833\\] High CVE-2023-4351: Use after free in Network. Reported\n> by Guang and Weipeng Jiang of VRI on 2023-07-18\n> - \\[1452076\\] High CVE-2023-4352: Type Confusion in V8. Reported by\n> Sergei Glazunov of Google Project Zero on 2023-06-07\n> - \\[1458046\\] High CVE-2023-4353: Heap buffer overflow in ANGLE.\n> Reported by Christoph Diehl / Microsoft Vulnerability Research on\n> 2023-06-27\n> - \\[1464215\\] High CVE-2023-4354: Heap buffer overflow in Skia.\n> Reported by Mark Brand of Google Project Zero on 2023-07-12\n> - \\[1468943\\] High CVE-2023-4355: Out of bounds memory access in V8.\n> Reported by Sergei Glazunov of Google Project Zero on 2023-07-31\n> - \\[1449929\\] Medium CVE-2023-4356: Use after free in Audio. Reported\n> by Zhenghang Xiao (@Kipreyyy) on 2023-05-30\n> - \\[1458911\\] Medium CVE-2023-4357: Insufficient validation of\n> untrusted input in XML. Reported by Igor Sak-Sakovskii on 2023-06-28\n> - \\[1466415\\] Medium CVE-2023-4358: Use after free in DNS. Reported by\n> Weipeng Jiang (@Krace) of VRI on 2023-07-20\n> - \\[1443722\\] Medium CVE-2023-4359: Inappropriate implementation in\n> App Launcher. Reported by \\@retsew0x01 on 2023-05-09\n> - \\[1462723\\] Medium CVE-2023-4360: Inappropriate implementation in\n> Color. Reported by Axel Chong on 2023-07-07\n> - \\[1465230\\] Medium CVE-2023-4361: Inappropriate implementation in\n> Autofill. Reported by Thomas Orlita on 2023-07-17\n> - \\[1316379\\] Medium CVE-2023-4362: Heap buffer overflow in Mojom IDL.\n> Reported by Zhao Hai of NanJing Cyberpeace TianYu Lab on 2022-04-14\n> - \\[1367085\\] Medium CVE-2023-4363: Inappropriate implementation in\n> WebShare. Reported by Alesandro Ortiz on 2022-09-23\n> - \\[1406922\\] Medium CVE-2023-4364: Inappropriate implementation in\n> Permission Prompts. Reported by Jasper Rebane on 2023-01-13\n> - \\[1431043\\] Medium CVE-2023-4365: Inappropriate implementation in\n> Fullscreen. Reported by Hafiizh on 2023-04-06\n> - \\[1450784\\] Medium CVE-2023-4366: Use after free in Extensions.\n> Reported by asnine on 2023-06-02\n> - \\[1467743\\] Medium CVE-2023-4367: Insufficient policy enforcement in\n> Extensions API. Reported by Axel Chong on 2023-07-26\n> - \\[1467751\\] Medium CVE-2023-4368: Insufficient policy enforcement in\n> Extensions API. Reported by Axel Chong on 2023-07-26\n", "id": "FreeBSD-2023-0230", "modified": "2023-08-17T00:00:00Z", "published": "2023-08-17T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://chromereleases.googleblog.com/2023/08/stable-channel-update-for-desktop_15.html" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-2312" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-4349" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-4350" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-4351" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-4352" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-4353" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-4354" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-4355" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-4356" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-4357" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-4358" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-4359" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-4360" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-4361" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-4362" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-4363" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-4364" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-4365" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-4366" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-4367" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-4368" }, { "type": "WEB", "url": "https://chromereleases.googleblog.com/2023/08/stable-channel-update-for-desktop_15.html" } ], "schema_version": "1.7.0", "summary": "chromium -- multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "mysql-connector-c++" }, "ranges": [ { "events": [ { "fixed": "8.0.33" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "mysql-client57" }, "ranges": [ { "events": [ { "fixed": "5.7.43" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "mysql-server57" }, "ranges": [ { "events": [ { "fixed": "5.7.43" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "mysql-client80" }, "ranges": [ { "events": [ { "fixed": "8.0.34" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "mysql-server80" }, "ranges": [ { "events": [ { "fixed": "8.0.34" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://www.oracle.com/security-alerts/cpujul2023.html#AppendixMSQL" ], "discovery": "2023-07-18T00:00:00Z", "references": { "cvename": [ "CVE-2022-4899", "CVE-2023-0361", "CVE-2022-4899", "CVE-2022-4899", "CVE-2023-22053", "CVE-2023-22008", "CVE-2023-22046", "CVE-2023-22054", "CVE-2023-22056", "CVE-2023-21950", "CVE-2023-22007", "CVE-2023-22057", "CVE-2023-22033", "CVE-2023-22058", "CVE-2023-22005", "CVE-2023-22048", "CVE-2023-22038" ] }, "vid": "759a5599-3ce8-11ee-a0d1-84a93843eb75" }, "details": "Oracle reports:\n\n> This Critical Patch Update contains 24 new security patches for Oracle\n> MySQL. 11 of these vulnerabilities may be remotely exploitable without\n> authentication, i.e., may be exploited over a network without\n> requiring user credentials.\n", "id": "FreeBSD-2023-0229", "modified": "2023-08-17T00:00:00Z", "published": "2023-08-17T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://www.oracle.com/security-alerts/cpujul2023.html#AppendixMSQL" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-4899" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-0361" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-4899" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-4899" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-22053" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-22008" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-22046" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-22054" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-22056" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-21950" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-22007" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-22057" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-22033" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-22058" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-22005" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-22048" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-22038" }, { "type": "WEB", "url": "https://www.oracle.com/security-alerts/cpujul2023.html#AppendixMSQL" } ], "schema_version": "1.7.0", "summary": "MySQL -- Multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "clamav-lts" }, "ranges": [ { "events": [ { "fixed": "1.0.2,1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://blog.clamav.net/2023/07/2023-08-16-releases.html" ], "discovery": "2023-08-15T00:00:00Z", "references": { "cvename": [ "CVE-2023-20212" ] }, "vid": "8e561cfe-3c59-11ee-b32e-080027f5fec9" }, "details": "The ClamAV project reports:\n\n> There is a possible denial of service vulnerability in the AutoIt file\n> parser.\n", "id": "FreeBSD-2023-0228", "modified": "2023-08-16T00:00:00Z", "published": "2023-08-16T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://blog.clamav.net/2023/07/2023-08-16-releases.html" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-20212" }, { "type": "WEB", "url": "https://blog.clamav.net/2023/07/2023-08-16-releases.html" } ], "schema_version": "1.7.0", "summary": "clamav -- Possible denial of service vulnerability in the AutoIt file parser" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "clamav" }, "ranges": [ { "events": [ { "fixed": "1.1.1,1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "clamav-lts" }, "ranges": [ { "events": [ { "fixed": "1.0.2,1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://blog.clamav.net/2023/07/2023-08-16-releases.html" ], "discovery": "2023-08-15T00:00:00Z", "references": { "cvename": [ "CVE-2023-20197" ] }, "vid": "51a59f36-3c58-11ee-b32e-080027f5fec9" }, "details": "Steve Smith reports:\n\n> There is a possible denial of service vulnerability in the HFS+ file\n> parser.\n", "id": "FreeBSD-2023-0227", "modified": "2023-08-16T00:00:00Z", "published": "2023-08-16T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://blog.clamav.net/2023/07/2023-08-16-releases.html" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-20197" }, { "type": "WEB", "url": "https://blog.clamav.net/2023/07/2023-08-16-releases.html" } ], "schema_version": "1.7.0", "summary": "clamav -- Possible denial of service vulnerability in the HFS+ file parser" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "krb5" }, "ranges": [ { "events": [ { "introduced": "1.20,1" }, { "fixed": "1.21.1_1" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "krb5-121" }, "ranges": [ { "events": [ { "fixed": "1.21.1_1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "krb5-devel" }, "ranges": [ { "events": [ { "introduced": "1.20,1" }, { "fixed": "1.22.2023.08.07" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://github.com/krb5/krb5/commit/88a1701b423c13991a8064feeb26952d3641d840" ], "discovery": "2023-08-07T00:00:00Z", "references": { "cvename": [ "CVE-2023-39975" ] }, "vid": "a6986f0f-3ac0-11ee-9a88-206a8a720317" }, "details": "The MIT krb5 Team reports:\n\n> When issuing a ticket for a TGS renew or validate request, copy only\n> the server field from the outer part of the header ticket to the new\n> ticket. Copying the whole structure causes the enc_part pointer to be\n> aliased to the header ticket until krb5_encrypt_tkt_part() is called,\n> resulting in a double-free if handle_authdata() fails..\n", "id": "FreeBSD-2023-0226", "modified": "2023-08-14T00:00:00Z", "published": "2023-08-14T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://github.com/krb5/krb5/commit/88a1701b423c13991a8064feeb26952d3641d840" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-39975" }, { "type": "ADVISORY", "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39975" } ], "schema_version": "1.7.0", "summary": "krb5 -- Double-free in KDC TGS processing" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "typo3-11-php80" }, "ranges": [ { "events": [ { "fixed": "11.5.30" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "typo3-11-php81" }, "ranges": [ { "events": [ { "fixed": "11.5.30" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "typo3-12-php80" }, "ranges": [ { "events": [ { "fixed": "12.4.4" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "typo3-12-php81" }, "ranges": [ { "events": [ { "fixed": "12.4.4" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://typo3.org/article/typo3-1211-11520-and-10433-security-releases-published" ], "discovery": "2023-07-25T00:00:00Z", "references": { "cvename": [ "CVE-2023-38500", "CVE-2023-38499", "CVE-2023-37905" ] }, "vid": "b1ac663f-3aa9-11ee-b887-b42e991fc52e" }, "details": "TYPO3 reports:\n\n> TYPO3-CORE-SA-2023-002: By-passing Cross-Site Scripting Protection in\n> HTML Sanitizer\n>\n> TYPO3-CORE-SA-2023-003: Information Disclosure due to Out-of-scope\n> Site Resolution\n>\n> TYPO3-CORE-SA-2023-004: Cross-Site Scripting in CKEditor4 WordCount\n> Plugin\n", "id": "FreeBSD-2023-0225", "modified": "2023-08-14T00:00:00Z", "published": "2023-08-14T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://typo3.org/article/typo3-1211-11520-and-10433-security-releases-published" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-38500" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-38499" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-37905" }, { "type": "WEB", "url": "https://typo3.org/article/typo3-1244-and-11530-security-releases-published" } ], "schema_version": "1.7.0", "summary": "typo3 -- multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "postgresql-server" }, "ranges": [ { "events": [ { "fixed": "15.4" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://www.postgresql.org/support/security/CVE-2023-39418/" ], "discovery": "2023-08-10T00:00:00Z", "references": { "cvename": [ "CVE-2023-39418" ] }, "vid": "59a43a73-3786-11ee-94b4-6cc21735f730" }, "details": "PostgreSQL Project reports\n\n> PostgreSQL 15 introduced the MERGE command, which fails to test new\n> rows against row security policies defined for UPDATE and SELECT. If\n> UPDATE and SELECT policies forbid some row that INSERT policies do not\n> forbid, a user could store such rows. Subsequent consequences are\n> application-dependent. This affects only databases that have used\n> CREATE POLICY to define a row security policy.\n", "id": "FreeBSD-2023-0224", "modified": "2023-08-10T00:00:00Z", "published": "2023-08-10T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://www.postgresql.org/support/security/CVE-2023-39418/" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-39418" }, { "type": "WEB", "url": "https://www.postgresql.org/support/security/CVE-2023-39418/" } ], "schema_version": "1.7.0", "summary": "postgresql-server -- MERGE fails to enforce UPDATE or SELECT row security policies" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "postgresql-server" }, "ranges": [ { "events": [ { "fixed": "11.21" }, { "introduced": "0" } ], "type": "ECOSYSTEM" }, { "events": [ { "fixed": "12.16" }, { "introduced": "0" } ], "type": "ECOSYSTEM" }, { "events": [ { "fixed": "13.12" }, { "introduced": "0" } ], "type": "ECOSYSTEM" }, { "events": [ { "fixed": "14.9" }, { "introduced": "0" } ], "type": "ECOSYSTEM" }, { "events": [ { "fixed": "15.4" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://www.postgresql.org/support/security/CVE-2023-39417/" ], "discovery": "2023-08-10T00:00:00Z", "references": { "cvename": [ "CVE-2023-39417" ] }, "vid": "cfd2a634-3785-11ee-94b4-6cc21735f730" }, "details": "PostgreSQL Project reports\n\n> An extension script is vulnerable if it uses \\@extowner@,\n> \\@extschema@, or \\@extschema:\\...@ inside a quoting construct (dollar\n> quoting, \\'\\', or \\\"\\\"). No bundled extension is vulnerable.\n> Vulnerable uses do appear in a documentation example and in\n> non-bundled extensions. Hence, the attack prerequisite is an\n> administrator having installed files of a vulnerable, trusted,\n> non-bundled extension. Subject to that prerequisite, this enables an\n> attacker having database-level CREATE privilege to execute arbitrary\n> code as the bootstrap superuser. PostgreSQL will block this attack in\n> the core server, so there\\'s no need to modify individual extensions.\n", "id": "FreeBSD-2023-0223", "modified": "2023-08-10T00:00:00Z", "published": "2023-08-10T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://www.postgresql.org/support/security/CVE-2023-39417/" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-39417" }, { "type": "WEB", "url": "https://www.postgresql.org/support/security/CVE-2023-39417/" } ], "schema_version": "1.7.0", "summary": "postgresql-server -- Extension script @substitutions@ within quoting allow SQL injection" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "electron22" }, "ranges": [ { "events": [ { "fixed": "22.3.20" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "electron23" }, "ranges": [ { "events": [ { "fixed": "23.3.12" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "electron24" }, "ranges": [ { "events": [ { "fixed": "24.7.0" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "electron25" }, "ranges": [ { "events": [ { "fixed": "25.4.0" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://github.com/electron/electron/releases/tag/v23.3.12" ], "discovery": "2023-08-02T00:00:00Z", "references": { "cvename": [ "CVE-2023-3732", "CVE-2023-3728", "CVE-2023-3730" ] }, "vid": "f3a35fb8-2d70-47c9-a516-6aad7eb222b1" }, "details": "Electron developers report:\n\n> This update fixes the following vulnerabilities:\n>\n> - Security: backported fix for CVE-2023-3732.\n> - Security: backported fix for CVE-2023-3728.\n> - Security: backported fix for CVE-2023-3730.\n", "id": "FreeBSD-2023-0222", "modified": "2023-08-11T00:00:00Z", "published": "2023-08-07T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://github.com/electron/electron/releases/tag/v23.3.12" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-3732" }, { "type": "ADVISORY", "url": "https://github.com/advisories/GHSA-6f46-9vvr-v3j5" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-3728" }, { "type": "ADVISORY", "url": "https://github.com/advisories/GHSA-fxgf-5cm8-2f8q" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-3730" }, { "type": "ADVISORY", "url": "https://github.com/advisories/GHSA-2gmm-4f9j-mw4p" } ], "schema_version": "1.7.0", "summary": "electron{22,23,24,25} -- multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "samba416" }, "ranges": [ { "events": [ { "fixed": "4.16.11" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "samba413" }, "ranges": [ { "events": [ { "fixed": "4.13.17_6" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://www.samba.org/samba/latest_news.html#4.18.5" ], "discovery": "2023-07-19T00:00:00Z", "references": { "cvename": [ "CVE-2023-34967", "CVE-2022-2127", "CVE-2023-34968", "CVE-2023-34966", "CVE-2023-3347" ] }, "vid": "441e1e1a-27a5-11ee-a156-080027f5fec9" }, "details": "The Samba Team reports:\n\n> \n>\n> CVE-2023-34967: Samba Spotlight mdssvc RPC Request Type Confusion DoS Vulnerability\n> : When parsing Spotlight mdssvc RPC packets, one encoded data\n> structure is a key-value style dictionary where keys are character\n> strings and values can be any of the supported types in the mdssvc\n> protocol. Due to a lack of type checking in callers of the\n> function dalloc_value_for_key(), which returns the object\n> associated with a key, a caller may trigger a crash in\n> talloc_get_size() when talloc detects that the passed in pointer\n> is not a valid talloc pointer. As RPC worker processes are shared\n> among multiple client connections, a malicious client can crash\n> the worker process affecting all other clients that are also\n> served by this worker.\n>\n> CVE-2022-2127: Out-Of-Bounds read in winbind AUTH_CRAP\n> : When doing NTLM authentication, the client sends replies to\n> cryptographic challenges back to the server. These replies have\n> variable length. Winbind did not properly bounds-check the lan\n> manager response length, which despite the lan manager version no\n> longer being used is still part of the protocol. If the system is\n> running Samba\\'s ntlm_auth as authentication backend for services\n> like Squid (or a very unusual configuration with FreeRADIUS), the\n> vulnarebility is remotely exploitable. If not so configured, or to\n> exploit this vulnerability locally, the user must have access to\n> the privileged winbindd UNIX domain socket (a subdirectory with\n> name \\'winbindd_privileged\\' under \\\"state directory\\\", as set in\n> the smb.conf). This access is normally only given so special\n> system services like Squid or FreeRADIUS, use this feature.\n>\n> CVE-2023-34968: Spotlight server-side Share Path Disclosure\n> : As part of the Spotlight protocol, the initial request returns a\n> path associated with the sharename targeted by the RPC request.\n> Samba returns the real server-side share path at this point, as\n> well as returning the absolute server-side path of results in\n> search queries by clients. Known server side paths could be used\n> to mount subsequent more serious security attacks or could\n> disclose confidential information that is part of the path. To\n> mitigate the issue, Samba will replace the real server-side path\n> with a fake path constructed from the sharename.\n>\n> CVE-2023-34966: Samba Spotlight mdssvc RPC Request Infinite Loop DoS Vulnerability\n> : When parsing Spotlight mdssvc RPC packets sent by the client, the\n> core unmarshalling function sl_unpack_loop() did not validate a\n> field in the network packet that contains the count of elements in\n> an array-like structure. By passing 0 as the count value, the\n> attacked function will run in an endless loop consuming 100% CPU.\n> This bug only affects servers where Spotlight is explicitly\n> enabled globally or on individual shares with \\\"spotlight = yes\\\".\n>\n> CVE-2023-3347: SMB2 packet signing not enforced\n> : SMB2 packet signing is not enforced if an admin configured\n> \\\"server signing = required\\\" or for SMB2 connections to Domain\n> Controllers where SMB2 packet signing is mandatory. SMB2 packet\n> signing is a mechanism that ensures the integrity and authenticity\n> of data exchanged between a client and a server using the SMB2\n> protocol. It provides protection against certain types of attacks,\n> such as man-in-the-middle attacks, where an attacker intercepts\n> network traffic and modifies the SMB2 messages. Both client and\n> server of an SMB2 connection can require that signing is being\n> used. The server-side setting in Samba to configure signing to be\n> required is \\\"server signing = required\\\". Note that on an Samba\n> AD DCs this is also the default for all SMB2 connections. Unless\n> the client requires signing which would result in signing being\n> used on the SMB2 connection, sensitive data might have been\n> modified by an attacker. Clients connecting to IPC\\$ on an AD DC\n> will require signed connections being used, so the integrity of\n> these connections was not affected.\n", "id": "FreeBSD-2023-0221", "modified": "2023-08-05T00:00:00Z", "published": "2023-08-05T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://www.samba.org/samba/latest_news.html#4.18.5" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-34967" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-2127" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-34968" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-34966" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-3347" }, { "type": "WEB", "url": "https://www.samba.org/samba/security/CVE-2023-34967.html" }, { "type": "WEB", "url": "https://www.samba.org/samba/security/CVE-2022-2127.html" }, { "type": "WEB", "url": "https://www.samba.org/samba/security/CVE-2023-34968.html" }, { "type": "WEB", "url": "https://www.samba.org/samba/security/CVE-2023-34966.html" }, { "type": "WEB", "url": "https://www.samba.org/samba/security/CVE-2023-3347.html" } ], "schema_version": "1.7.0", "summary": "samba -- multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "chromium" }, "ranges": [ { "events": [ { "fixed": "115.0.5790.170" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "ungoogled-chromium" }, "ranges": [ { "events": [ { "fixed": "115.0.5790.170" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://chromereleases.googleblog.com/2023/08/stable-channel-update-for-desktop.html" ], "discovery": "2023-08-02T00:00:00Z", "references": { "cvename": [ "CVE-2023-4068", "CVE-2023-4069", "CVE-2023-4070", "CVE-2023-4071", "CVE-2023-4072", "CVE-2023-4073", "CVE-2023-4074", "CVE-2023-4075", "CVE-2023-4076", "CVE-2023-4077", "CVE-2023-4078" ] }, "vid": "6e4e8e87-9fb8-4e32-9f8e-9b4303f4bfd5" }, "details": "Chrome Releases reports:\n\n> This update includes 17 security fixes:\n>\n> - \\[1466183\\] High CVE-2023-4068: Type Confusion in V8. Reported by\n> Jerry on 2023-07-20\n> - \\[1465326\\] High CVE-2023-4069: Type Confusion in V8. Reported by\n> Man Yue Mo of GitHub Security Lab on 2023-07-17\n> - \\[1462951\\] High CVE-2023-4070: Type Confusion in V8. Reported by\n> Jerry on 2023-07-07\n> - \\[1458819\\] High CVE-2023-4071: Heap buffer overflow in Visuals.\n> Reported by Guang and Weipeng Jiang of VRI on 2023-06-28\n> - \\[1464038\\] High CVE-2023-4072: Out of bounds read and write in\n> WebGL. Reported by Apple Security Engineering and Architecture\n> (SEAR) on 2023-07-12\n> - \\[1456243\\] High CVE-2023-4073: Out of bounds memory access in\n> ANGLE. Reported by Jaehun Jeong(@n3sk) of Theori on 2023-06-20\n> - \\[1464113\\] High CVE-2023-4074: Use after free in Blink Task\n> Scheduling. Reported by Anonymous on 2023-07-12\n> - \\[1457757\\] High CVE-2023-4075: Use after free in Cast. Reported by\n> Cassidy Kim(@cassidy6564) on 2023-06-25\n> - \\[1459124\\] High CVE-2023-4076: Use after free in WebRTC. Reported\n> by Natalie Silvanovich of Google Project Zero on 2023-06-29\n> - \\[1451146\\] Medium CVE-2023-4077: Insufficient data validation in\n> Extensions. Reported by Anonymous on 2023-06-04\n> - \\[1461895\\] Medium CVE-2023-4078: Inappropriate implementation in\n> Extensions. Reported by Anonymous on 2023-07-04\n", "id": "FreeBSD-2023-0220", "modified": "2023-08-04T00:00:00Z", "published": "2023-08-04T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://chromereleases.googleblog.com/2023/08/stable-channel-update-for-desktop.html" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-4068" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-4069" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-4070" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-4071" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-4072" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-4073" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-4074" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-4075" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-4076" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-4077" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-4078" }, { "type": "WEB", "url": "https://chromereleases.googleblog.com/2023/08/stable-channel-update-for-desktop.html" } ], "schema_version": "1.7.0", "summary": "chromium -- multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "go119" }, "ranges": [ { "events": [ { "fixed": "1.19.12" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "go120" }, "ranges": [ { "events": [ { "fixed": "1.20.7" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://groups.google.com/u/1/g/golang-announce/c/X0b6CsSAaYI", "https://go.dev/issue/60374", "https://go.dev/issue/60167", "https://go.dev/issue/60272", "https://go.dev/issue/60305", "https://go.dev/issue/59720", "https://go.dev/issue/59721", "https://go.dev/issue/59722" ], "discovery": "2023-04-27T00:00:00Z", "references": { "cvename": [ "CVE-2023-29406", "CVE-2023-29402", "CVE-2023-29403", "CVE-2023-29404", "CVE-2023-24539", "CVE-2023-24540", "CVE-2023-29400" ] }, "vid": "78f2e491-312d-11ee-85f2-bd89b893fcb4" }, "details": "The Go project reports:\n\n> crypto/tls: restrict RSA keys in certificates to \\<= 8192 bits\n>\n> Extremely large RSA keys in certificate chains can cause a\n> client/server to expend significant CPU time verifying signatures.\n> Limit this by restricting the size of RSA keys transmitted during\n> handshakes to \\<= 8192 bits.\n\n> net/http: insufficient sanitization of Host header\n>\n> The HTTP/1 client did not fully validate the contents of the Host\n> header. A maliciously crafted Host header could inject additional\n> headers or entire requests. The HTTP/1 client now refuses to send\n> requests containing an invalid Request.Host or Request.URL.Host value.\n\n> cmd/go: cgo code injection\n>\n> The go command may generate unexpected code at build time when using\n> cgo. This may result in unexpected behavior when running a go program\n> which uses cgo.\n\n> runtime: unexpected behavior of setuid/setgid binaries\n>\n> The Go runtime didn\\'t act any differently when a binary had the\n> setuid/setgid bit set. On Unix platforms, if a setuid/setgid binary\n> was executed with standard I/O file descriptors closed, opening any\n> files could result in unexpected content being read/written with\n> elevated prilieges. Similarly if a setuid/setgid program was\n> terminated, either via panic or signal, it could leak the contents of\n> its registers.\n\n> cmd/go: improper sanitization of LDFLAGS\n>\n> The go command may execute arbitrary code at build time when using\n> cgo. This may occur when running \\\"go get\\\" on a malicious module, or\n> when running any other command which builds untrusted code. This is\n> can by triggered by linker flags, specified via a \\\"#cgo LDFLAGS\\\"\n> directive.\n\n> html/template: improper sanitization of CSS values\n>\n> Angle brackets (\\<\\>) were not considered dangerous characters when\n> inserted into CSS contexts. Templates containing multiple actions\n> separated by a \\'/\\' character could result in unexpectedly closing\n> the CSS context and allowing for injection of unexpected HMTL, if\n> executed with untrusted input.\n\n> html/template: improper handling of JavaScript whitespace\n>\n> Not all valid JavaScript whitespace characters were considered to be\n> whitespace. Templates containing whitespace characters outside of the\n> character set \\\"\\\\t\\\\n\\\\f\\\\r\\\\u0020\\\\u2028\\\\u2029\\\" in JavaScript\n> contexts that also contain actions may not be properly sanitized\n> during execution.\n\n> html/template: improper handling of empty HTML attributes\n>\n> Templates containing actions in unquoted HTML attributes (e.g.\n> \\\"attr={{.}}\\\") executed with empty input could result in output that\n> would have unexpected results when parsed due to HTML normalization\n> rules. This may allow injection of arbitrary attributes into tags.\n", "id": "FreeBSD-2023-0219", "modified": "2023-08-02T00:00:00Z", "published": "2023-08-02T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://groups.google.com/u/1/g/golang-announce/c/X0b6CsSAaYI" }, { "type": "REPORT", "url": "https://go.dev/issue/60374" }, { "type": "REPORT", "url": "https://go.dev/issue/60167" }, { "type": "REPORT", "url": "https://go.dev/issue/60272" }, { "type": "REPORT", "url": "https://go.dev/issue/60305" }, { "type": "REPORT", "url": "https://go.dev/issue/59720" }, { "type": "REPORT", "url": "https://go.dev/issue/59721" }, { "type": "REPORT", "url": "https://go.dev/issue/59722" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-29406" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-29402" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-29403" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-29404" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-24539" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-24540" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-29400" }, { "type": "WEB", "url": "https://groups.google.com/u/1/g/golang-announce/c/X0b6CsSAaYI" }, { "type": "WEB", "url": "https://groups.google.com/u/1/g/golang-announce/c/2q13H6LEEx0" }, { "type": "WEB", "url": "https://groups.google.com/u/1/g/golang-announce/c/q5135a9d924" }, { "type": "WEB", "url": "https://groups.google.com/u/1/g/golang-announce/c/MEb0UyuSMsU" } ], "schema_version": "1.7.0", "summary": "go -- multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "gitlab-ce" }, "ranges": [ { "events": [ { "introduced": "16.2.0" }, { "fixed": "16.2.2" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "16.1.0" }, { "fixed": "16.1.3" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "9.3.0" }, { "fixed": "16.0.8" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://about.gitlab.com/releases/2023/08/01/security-release-gitlab-16-2-2-released/" ], "discovery": "2023-08-01T00:00:00Z", "references": { "cvename": [ "CVE-2023-3994", "CVE-2023-3364", "CVE-2023-0632", "CVE-2023-3385", "CVE-2023-2164", "CVE-2023-4002", "CVE-2023-4008", "CVE-2023-3993", "CVE-2023-3500", "CVE-2023-3401", "CVE-2023-3900", "CVE-2023-2022", "CVE-2023-4011", "CVE-2023-1210" ] }, "vid": "fa239535-30f6-11ee-aef9-001b217b3468" }, "details": "Gitlab reports:\n\n> ReDoS via ProjectReferenceFilter in any Markdown fields\n>\n> ReDoS via AutolinkFilter in any Markdown fields\n>\n> Regex DoS in Harbor Registry search\n>\n> Arbitrary read of files owned by the \\\"git\\\" user via malicious tar.gz\n> file upload using GitLab export functionality\n>\n> Stored XSS in Web IDE Beta via crafted URL\n>\n> securityPolicyProjectAssign mutation does not authorize security\n> policy project ID\n>\n> An attacker can run pipeline jobs as arbitrary user\n>\n> Possible Pages Unique Domain Overwrite\n>\n> Access tokens may have been logged when a query was made to an\n> endpoint\n>\n> Reflected XSS via PlantUML diagram\n>\n> The main branch of a repository with a specially designed name may\n> allow an attacker to create repositories with malicious code\n>\n> Invalid \\'start_sha\\' value on merge requests page may lead to Denial\n> of Service\n>\n> Developers can create pipeline schedules on protected branches even if\n> they don\\'t have access to merge\n>\n> Potential DOS due to lack of pagination while loading license data\n>\n> Leaking emails of newly created users\n", "id": "FreeBSD-2023-0218", "modified": "2023-08-02T00:00:00Z", "published": "2023-08-02T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://about.gitlab.com/releases/2023/08/01/security-release-gitlab-16-2-2-released/" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-3994" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-3364" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-0632" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-3385" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-2164" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-4002" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-4008" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-3993" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-3500" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-3401" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-3900" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-2022" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-4011" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-1210" }, { "type": "WEB", "url": "https://about.gitlab.com/releases/2023/08/01/security-release-gitlab-16-2-2-released/" } ], "schema_version": "1.7.0", "summary": "Gitlab -- Vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "openssl" }, "ranges": [ { "events": [ { "fixed": "1.1.1u_1,1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "openssl30" }, "ranges": [ { "events": [ { "fixed": "3.0.9_2" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "openssl31" }, "ranges": [ { "events": [ { "fixed": "3.1.1_2" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://www.openssl.org/news/secadv/20230731.txt" ], "discovery": "2023-07-31T00:00:00Z", "references": { "cvename": [ "CVE-2023-3817" ] }, "vid": "bad6588e-2fe0-11ee-a0d1-84a93843eb75" }, "details": "The OpenSSL project reports:\n\n> Checking excessively long DH keys or parameters may be very slow\n> (severity: Low).\n", "id": "FreeBSD-2023-0217", "modified": "2023-07-31T00:00:00Z", "published": "2023-07-31T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://www.openssl.org/news/secadv/20230731.txt" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-3817" }, { "type": "WEB", "url": "https://www.openssl.org/news/secadv/20230731.txt" } ], "schema_version": "1.7.0", "summary": "OpenSSL -- Excessive time spent checking DH q parameter value" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "jenkins" }, "ranges": [ { "events": [ { "fixed": "2.416" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "jenkins-lts" }, "ranges": [ { "events": [ { "fixed": "2.401.3" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://www.jenkins.io/security/advisory/2023-07-26/" ], "discovery": "2023-07-26T00:00:00Z", "references": { "cvename": [ "CVE-2023-39151" ] }, "vid": "a0321b74-031d-485c-bb76-edd75256a6f0" }, "details": "Jenkins Security Advisory:\n\n> # Description\n>\n> ##### (High) SECURITY-3188 / CVE-2023-39151\n>\n> Stored XSS vulnerability\n", "id": "FreeBSD-2023-0216", "modified": "2023-07-26T00:00:00Z", "published": "2023-07-26T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://www.jenkins.io/security/advisory/2023-07-26/" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-39151" }, { "type": "WEB", "url": "https://www.jenkins.io/security/advisory/2023-07-26/" } ], "schema_version": "1.7.0", "summary": "jenkins -- Stored XSS vulnerability" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "gitea" }, "ranges": [ { "events": [ { "fixed": "1.20.1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://github.com/go-gitea/gitea/pull/25960" ], "discovery": "2023-06-18T00:00:00Z", "vid": "ab0bab3c-2927-11ee-8608-07b8d3947721" }, "details": "The Gitea team reports:\n\n> Disallow javascript, vbscript and data (data uri images still work)\n> url schemes even if all other schemes are allowed\n", "id": "FreeBSD-2023-0215", "modified": "2023-07-23T00:00:00Z", "published": "2023-07-23T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://github.com/go-gitea/gitea/pull/25960" }, { "type": "WEB", "url": "https://blog.gitea.com/release-of-1.20.1" }, { "type": "WEB", "url": "https://github.com/go-gitea/gitea/releases/tag/v1.20.1" } ], "schema_version": "1.7.0", "summary": "gitea -- Disallow dangerous URL schemes" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "openssh-portable" }, "ranges": [ { "events": [ { "fixed": "9.3.p2,1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "openssh-portable-hpn" }, "ranges": [ { "events": [ { "fixed": "9.3.p2,1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "openssh-portable-gssapi" }, "ranges": [ { "events": [ { "fixed": "9.3.p2,1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://www.openssh.com/txt/release-9.3p2" ], "discovery": "2023-07-19T00:00:00Z", "references": { "cvename": [ "CVE-2023-38408" ] }, "vid": "887eb570-27d3-11ee-adba-c80aa9043978" }, "details": "OpenSSH project reports:\n\n> Fix CVE-2023-38408 - a condition where specific libaries loaded via\n> ssh-agent(1)\\'s PKCS#11 support could be abused to achieve remote code\n> execution via a forwarded agent socket if the following conditions are\n> met: \\* Exploitation requires the presence of specific libraries on\n> the victim system. \\* Remote exploitation requires that the agent was\n> forwarded to an attacker-controlled system. Exploitation can also be\n> prevented by starting ssh-agent(1) with an empty PKCS#11/FIDO\n> allowlist (ssh-agent -P \\'\\') or by configuring an allowlist that\n> contains only specific provider libraries. This vulnerability was\n> discovered and demonstrated to be exploitable by the Qualys Security\n> Advisory team.\n", "id": "FreeBSD-2023-0214", "modified": "2023-07-21T00:00:00Z", "published": "2023-07-21T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://www.openssh.com/txt/release-9.3p2" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-38408" }, { "type": "WEB", "url": "https://www.openssh.com/txt/release-9.3p2" } ], "schema_version": "1.7.0", "summary": "OpenSSH -- remote code execution via a forwarded agent socket" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "chromium" }, "ranges": [ { "events": [ { "fixed": "115.0.5790.98" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "ungoogled-chromium" }, "ranges": [ { "events": [ { "fixed": "115.0.5790.98" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://chromereleases.googleblog.com/2023/07/stable-channel-update-for-desktop.html" ], "discovery": "2023-07-19T00:00:00Z", "references": { "cvename": [ "CVE-2023-3727", "CVE-2023-3728", "CVE-2023-3730", "CVE-2023-3732", "CVE-2023-3733", "CVE-2023-3734", "CVE-2023-3735", "CVE-2023-3736", "CVE-2023-3737", "CVE-2023-3738", "CVE-2023-3740" ] }, "vid": "2f22927f-26ea-11ee-8290-a8a1599412c6" }, "details": "Chrome Releases reports:\n\n> This update includes 20 security fixes:\n>\n> - \\[1454086\\] High CVE-2023-3727: Use after free in WebRTC. Reported\n> by Cassidy Kim(@cassidy6564) on 2023-06-12\n> - \\[1457421\\] High CVE-2023-3728: Use after free in WebRTC. Reported\n> by Zhenghang Xiao (@Kipreyyy) on 2023-06-23\n> - \\[1453465\\] High CVE-2023-3730: Use after free in Tab Groups.\n> Reported by \\@ginggilBesel on 2023-06-09\n> - \\[1450899\\] High CVE-2023-3732: Out of bounds memory access in Mojo.\n> Reported by Mark Brand of Google Project Zero on 2023-06-02\n> - \\[1450203\\] Medium CVE-2023-3733: Inappropriate implementation in\n> WebApp Installs. Reported by Ahmed ElMasry on 2023-05-31\n> - \\[1450376\\] Medium CVE-2023-3734: Inappropriate implementation in\n> Picture In Picture. Reported by Thomas Orlita on 2023-06-01\n> - \\[1394410\\] Medium CVE-2023-3735: Inappropriate implementation in\n> Web API Permission Prompts. Reported by Ahmed ElMasry on 2022-11-29\n> - \\[1434438\\] Medium CVE-2023-3736: Inappropriate implementation in\n> Custom Tabs. Reported by Philipp Beer (TU Wien) on 2023-04-19\n> - \\[1446754\\] Medium CVE-2023-3737: Inappropriate implementation in\n> Notifications. Reported by Narendra Bhati of Suma Soft Pvt. Ltd.\n> Pune (India) on 2023-05-19\n> - \\[1434330\\] Medium CVE-2023-3738: Inappropriate implementation in\n> Autofill. Reported by Hafiizh on 2023-04-18\n> - \\[1405223\\] Low CVE-2023-3740: Insufficient validation of untrusted\n> input in Themes. Reported by Fardeen Siddiqui on 2023-01-06\n", "id": "FreeBSD-2023-0213", "modified": "2023-07-20T00:00:00Z", "published": "2023-07-20T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://chromereleases.googleblog.com/2023/07/stable-channel-update-for-desktop.html" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-3727" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-3728" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-3730" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-3732" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-3733" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-3734" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-3735" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-3736" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-3737" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-3738" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-3740" }, { "type": "WEB", "url": "https://chromereleases.googleblog.com/2023/07/stable-channel-update-for-desktop.html" } ], "schema_version": "1.7.0", "summary": "chromium -- multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "virtualbox-ose" }, "ranges": [ { "events": [ { "fixed": "6.1.46" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://www.oracle.com/security-alerts/cpujul2023.html" ], "discovery": "2023-07-18T00:00:00Z", "references": { "cvename": [ "CVE-2023-22016" ] }, "vid": "f32b1fbd-264d-11ee-a468-80fa5b29d485" }, "details": "secalert_us@oracle.com reports:\n\n> Vulnerability in the Oracle VM VirtualBox product of Oracle\n> Virtualization (component: Core). Supported versions that are affected\n> are Prior to 6.1.46 and Prior to 7.0.10. Easily exploitable\n> vulnerability allows high privileged attacker with logon to the\n> infrastructure where Oracle VM VirtualBox executes to compromise\n> Oracle VM VirtualBox. Successful attacks require human interaction\n> from a person other than the attacker. Successful attacks of this\n> vulnerability can result in unauthorized ability to cause a hang or\n> frequently repeatable crash (complete DOS) of Oracle VM VirtualBox.\n> CVSS 3.1 Base Score 4.2 (Availability impacts). CVSS Vector:\n> (CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:N/I:N/A:H).\n", "id": "FreeBSD-2023-0212", "modified": "2023-07-19T00:00:00Z", "published": "2023-07-19T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://www.oracle.com/security-alerts/cpujul2023.html" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-22016" }, { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-22016" } ], "schema_version": "1.7.0", "summary": "virtualbox-ose -- multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "virtualbox-ose" }, "ranges": [ { "events": [ { "fixed": "6.1.46" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://www.oracle.com/security-alerts/cpujul2023.html" ], "discovery": "2023-07-18T00:00:00Z", "references": { "cvename": [ "CVE-2023-22017" ] }, "vid": "cf40e8b7-264d-11ee-a468-80fa5b29d485" }, "details": "secalert_us@oracle.com reports:\n\n> Vulnerability in the Oracle VM VirtualBox product of Oracle\n> Virtualization (component: Core). Supported versions that are affected\n> are Prior to 6.1.46 and Prior to 7.0.10. Easily exploitable\n> vulnerability allows low privileged attacker with logon to the\n> infrastructure where Oracle VM VirtualBox executes to compromise\n> Oracle VM VirtualBox. Successful attacks of this vulnerability can\n> result in unauthorized ability to cause a hang or frequently\n> repeatable crash (complete DOS) of Oracle VM VirtualBox. Note: This\n> vulnerability applies to Windows VMs only. CVSS 3.1 Base Score 5.5\n> (Availability impacts). CVSS Vector:\n> (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).\n", "id": "FreeBSD-2023-0211", "modified": "2023-07-19T00:00:00Z", "published": "2023-07-19T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://www.oracle.com/security-alerts/cpujul2023.html" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-22017" }, { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-22017" } ], "schema_version": "1.7.0", "summary": "virtualbox-ose -- multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "virtualbox-ose" }, "ranges": [ { "events": [ { "fixed": "6.1.46" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://www.oracle.com/security-alerts/cpujul2023.html" ], "discovery": "2023-07-18T00:00:00Z", "references": { "cvename": [ "CVE-2023-22018" ] }, "vid": "bc90e894-264b-11ee-a468-80fa5b29d485" }, "details": "secalert_us@oracle.com reports:\n\n> Vulnerability in the Oracle VM VirtualBox product of Oracle\n> Virtualization (component: Core). Supported versions that are affected\n> are Prior to 6.1.46 and Prior to 7.0.10. Difficult to exploit\n> vulnerability allows unauthenticated attacker with network access via\n> RDP to compromise Oracle VM VirtualBox. Successful attacks of this\n> vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.1\n> Base Score 8.1 (Confidentiality, Integrity and Availability impacts).\n> CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H).\n", "id": "FreeBSD-2023-0210", "modified": "2023-07-19T00:00:00Z", "published": "2023-07-19T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://www.oracle.com/security-alerts/cpujul2023.html" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-22018" }, { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-22018" } ], "schema_version": "1.7.0", "summary": "virtualbox-ose -- multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "element-web" }, "ranges": [ { "events": [ { "fixed": "1.11.36" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://github.com/matrix-org/matrix-react-sdk/security/advisories/GHSA-c9vx-2g7w-rp65" ], "discovery": "2023-07-18T00:00:00Z", "references": { "cvename": [ "CVE-2023-37259" ] }, "vid": "c70c3dc3-258c-11ee-b37b-901b0e9408dc" }, "details": "Matrix Developers reports:\n\n> The Export Chat feature includes certain attacker-controlled elements\n> in the generated document without sufficient escaping, leading to\n> stored XSS.\n", "id": "FreeBSD-2023-0209", "modified": "2023-07-18T00:00:00Z", "published": "2023-07-18T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://github.com/matrix-org/matrix-react-sdk/security/advisories/GHSA-c9vx-2g7w-rp65" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-37259" }, { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-37259" } ], "schema_version": "1.7.0", "summary": "element-web -- Cross site scripting in Export Chat feature" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "gitea" }, "ranges": [ { "events": [ { "fixed": "1.20.0" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://github.com/go-gitea/gitea/pull/22759", "https://github.com/go-gitea/gitea/pull/22175" ], "discovery": "2023-06-08T00:00:00Z", "vid": "b3f77aae-241c-11ee-9684-c11c23f7b0f9" }, "details": "The Gitea team reports:\n\n> Test if container blob is accessible before mounting.\n\n> Set type=\\\"password\\\" on all auth_token fields\n>\n> Seen when migrating from other hosting platforms.\n>\n> Prevents exposing the token to screen capture/cameras/eyeballs.\n>\n> Prevents the browser from saving the value in its autocomplete\n> dictionary, which often is not secure.\n", "id": "FreeBSD-2023-0208", "modified": "2023-07-05T00:00:00Z", "published": "2023-07-05T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://github.com/go-gitea/gitea/pull/22759" }, { "type": "REPORT", "url": "https://github.com/go-gitea/gitea/pull/22175" }, { "type": "WEB", "url": "https://blog.gitea.com/release-of-1.20.0" }, { "type": "WEB", "url": "https://github.com/go-gitea/gitea/releases/tag/v1.20.0" } ], "schema_version": "1.7.0", "summary": "gitea -- multiple issues" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "openssl30" }, "ranges": [ { "events": [ { "fixed": "3.0.9_1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "openssl31" }, "ranges": [ { "events": [ { "fixed": "3.1.1_1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://www.openssl.org/news/secadv/20230714.txt" ], "discovery": "2023-07-14T00:00:00Z", "references": { "cvename": [ "CVE-2023-2975" ] }, "vid": "41c60e16-2405-11ee-a0d1-84a93843eb75" }, "details": "The OpenSSL project reports:\n\n> The AES-SIV cipher implementation contains a bug that causes it to\n> ignore empty associated data entries which are unauthenticated as a\n> consequence.\n", "id": "FreeBSD-2023-0207", "modified": "2023-07-16T00:00:00Z", "published": "2023-07-16T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://www.openssl.org/news/secadv/20230714.txt" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-2975" }, { "type": "WEB", "url": "https://www.openssl.org/news/secadv/20230714.txt" } ], "schema_version": "1.7.0", "summary": "OpenSSL -- AES-SIV implementation ignores empty associated data entries" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "electron22" }, "ranges": [ { "events": [ { "fixed": "22.3.17" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://github.com/electron/electron/releases/tag/v22.3.17" ], "discovery": "2023-07-12T00:00:00Z", "references": { "cvename": [ "CVE-2023-3422", "CVE-2023-3421", "CVE-2023-3420" ] }, "vid": "3446e45d-a51b-486f-9b0e-e4402d91fed6" }, "details": "Electron developers report:\n\n> This update fixes the following vulnerabilities:\n>\n> - Security: backported fix for CVE-2023-3422.\n> - Security: backported fix for CVE-2023-3421.\n> - Security: backported fix for CVE-2023-3420.\n", "id": "FreeBSD-2023-0206", "modified": "2023-07-14T00:00:00Z", "published": "2023-07-14T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://github.com/electron/electron/releases/tag/v22.3.17" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-3422" }, { "type": "ADVISORY", "url": "https://github.com/advisories/GHSA-gqjh-f545-vcx3" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-3421" }, { "type": "ADVISORY", "url": "https://github.com/advisories/GHSA-943x-93ff-jr62" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-3420" }, { "type": "ADVISORY", "url": "https://github.com/advisories/GHSA-4297-fx5c-x987" } ], "schema_version": "1.7.0", "summary": "electron22 -- multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "librecad" }, "ranges": [ { "events": [ { "fixed": "2.2.0.1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://github.com/LibreCAD/LibreCAD/issues/1481" ], "discovery": "2021-12-28T00:00:00Z", "references": { "cvename": [ "CVE-2023-30259" ] }, "vid": "b67d768c-1f53-11ee-82ed-4ccc6adda413" }, "details": "Albin Eldst\u00e5l-Ahrens reports:\n\n> An out-of-bounds read on a heap buffer in the importshp plugin may\n> allow an attacker to read sensitive data via a crafted DBF file.\n", "id": "FreeBSD-2023-0205", "modified": "2023-07-10T00:00:00Z", "published": "2023-07-10T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://github.com/LibreCAD/LibreCAD/issues/1481" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-30259" }, { "type": "WEB", "url": "https://github.com/LibreCAD/LibreCAD/issues/1481" } ], "schema_version": "1.7.0", "summary": "librecad -- out-of-bounds read in importshp plugin" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "redis" }, "ranges": [ { "events": [ { "fixed": "7.0.12" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "redis-devel" }, "ranges": [ { "events": [ { "fixed": "7.0.12.20230710" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://groups.google.com/g/redis-db/c/JDjKS0GubsQ" ], "discovery": "2023-07-10T00:00:00Z", "references": { "cvename": [ "CVE-2023-36824" ] }, "vid": "6fae2d6c-1f38-11ee-a475-080027f5fec9" }, "details": "Redis core team reports:\n\n> Extracting key names from a command and a list of arguments may, in\n> some cases, trigger a heap overflow and result in reading random heap\n> memory, heap corruption and potentially remote code execution.\n> Specifically: using COMMAND GETKEYS\\* and validation of key names in\n> ACL rules.\n", "id": "FreeBSD-2023-0204", "modified": "2023-07-10T00:00:00Z", "published": "2023-07-10T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://groups.google.com/g/redis-db/c/JDjKS0GubsQ" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-36824" }, { "type": "WEB", "url": "https://groups.google.com/g/redis-db/c/JDjKS0GubsQ" }, { "type": "WEB", "url": "https://github.com/redis/redis/security/advisories/GHSA-4cfx-h9gq-xpx3" } ], "schema_version": "1.7.0", "summary": "redis -- heap overflow in COMMAND GETKEYS and ACL evaluation" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "redis" }, "ranges": [ { "events": [ { "fixed": "7.0.12" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "redis-devel" }, "ranges": [ { "events": [ { "fixed": "7.0.12.20230710" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "redis62" }, "ranges": [ { "events": [ { "fixed": "6.2.13" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "redis60" }, "ranges": [ { "events": [ { "fixed": "6.0.20" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://groups.google.com/g/redis-db/c/JDjKS0GubsQ" ], "discovery": "2023-07-10T00:00:00Z", "references": { "cvename": [ "CVE-2022-24834" ] }, "vid": "0e254b4a-1f37-11ee-a475-080027f5fec9" }, "details": "Redis core team reports:\n\n> A specially crafted Lua script executing in Redis can trigger a heap\n> overflow in the cjson and cmsgpack libraries, and result in heap\n> corruption and potentially remote code execution.\n", "id": "FreeBSD-2023-0203", "modified": "2023-07-10T00:00:00Z", "published": "2023-07-10T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://groups.google.com/g/redis-db/c/JDjKS0GubsQ" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-24834" }, { "type": "WEB", "url": "https://groups.google.com/g/redis-db/c/JDjKS0GubsQ" } ], "schema_version": "1.7.0", "summary": "redis -- Heap overflow in the cjson and cmsgpack libraries" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "gitea" }, "ranges": [ { "events": [ { "fixed": "1.19.4" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://github.com/go-gitea/gitea/pull/25143" ], "discovery": "2023-06-08T00:00:00Z", "vid": "8ea24413-1b15-11ee-9331-570525adb7f1" }, "details": "The Gitea team reports:\n\n> If redirect_to parameter has set value starting with \\\\\\\\example.com\n> redirect will be created with header Location: /\\\\\\\\example.com that\n> will redirect to example.com domain.\n", "id": "FreeBSD-2023-0202", "modified": "2023-07-05T00:00:00Z", "published": "2023-07-05T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://github.com/go-gitea/gitea/pull/25143" }, { "type": "WEB", "url": "https://blog.gitea.io/2023/07/gitea-1.19.4-is-released/" }, { "type": "WEB", "url": "https://github.com/go-gitea/gitea/releases/tag/v1.19.4" } ], "schema_version": "1.7.0", "summary": "gitea -- avoid open HTTP redirects" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "electron23" }, "ranges": [ { "events": [ { "fixed": "23.3.10" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "electron24" }, "ranges": [ { "events": [ { "fixed": "24.6.2" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://github.com/electron/electron/releases/tag/v23.3.10" ], "discovery": "2023-07-05T00:00:00Z", "references": { "cvename": [ "CVE-2023-3422", "CVE-2023-3421", "CVE-2023-3420" ] }, "vid": "d1681df3-421e-4a63-95b4-a3d6e29d395d" }, "details": "Electron developers report:\n\n> This update fixes the following vulnerabilities:\n>\n> - Security: backported fix for CVE-2023-3422.\n> - Security: backported fix for CVE-2023-3421.\n> - Security: backported fix for CVE-2023-3420.\n", "id": "FreeBSD-2023-0201", "modified": "2023-07-06T00:00:00Z", "published": "2023-07-06T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://github.com/electron/electron/releases/tag/v23.3.10" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-3422" }, { "type": "ADVISORY", "url": "https://github.com/advisories/GHSA-gqjh-f545-vcx3" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-3421" }, { "type": "ADVISORY", "url": "https://github.com/advisories/GHSA-943x-93ff-jr62" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-3420" }, { "type": "ADVISORY", "url": "https://github.com/advisories/GHSA-4297-fx5c-x987" } ], "schema_version": "1.7.0", "summary": "electron{23,24} -- multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "gitlab-ce" }, "ranges": [ { "events": [ { "introduced": "16.1.0" }, { "fixed": "16.1.2" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "16.0.0" }, { "fixed": "16.0.7" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "15.11.0" }, { "fixed": "15.11.11" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://about.gitlab.com/releases/2023/07/05/security-release-gitlab-16-1-2-released/" ], "discovery": "2023-07-05T00:00:00Z", "references": { "cvename": [ "CVE-2023-3484" ] }, "vid": "d8972bcd-1b64-11ee-9cd6-001b217b3468" }, "details": "Gitlab reports:\n\n> A user can change the name and path of some public GitLab groups\n", "id": "FreeBSD-2023-0200", "modified": "2023-07-05T00:00:00Z", "published": "2023-07-05T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://about.gitlab.com/releases/2023/07/05/security-release-gitlab-16-1-2-released/" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-3484" }, { "type": "WEB", "url": "https://about.gitlab.com/releases/2023/07/05/security-release-gitlab-16-1-2-released/" } ], "schema_version": "1.7.0", "summary": "Gitlab -- Vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "phpldapadmin-php80" }, "ranges": [ { "events": [ { "fixed": "1.2.6.2" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "phpldapadmin-php81" }, "ranges": [ { "events": [ { "fixed": "1.2.6.2" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://bugs.launchpad.net/ubuntu/+source/phpldapadmin/+bug/1906474" ], "discovery": "2020-12-11T00:00:00Z", "references": { "cvename": [ "CVE-2020-35132" ] }, "vid": "01eeea33-1afa-11ee-8a9b-b42e991fc52e" }, "details": "cve@mitre.org reports:\n\n> An XSS issue has been discovered in phpLDAPadmin before 1.2.6.2 that\n> allows users to store malicious values that may be executed by other\n> users at a later time via get_request in lib/function.php.\n", "id": "FreeBSD-2023-0199", "modified": "2023-07-05T00:00:00Z", "published": "2023-07-05T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://bugs.launchpad.net/ubuntu/+source/phpldapadmin/+bug/1906474" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-35132" }, { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-35132" } ], "schema_version": "1.7.0", "summary": "phpldapadmin -- XSS vulnerability" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "py38-django32" }, "ranges": [ { "events": [ { "fixed": "3.2.20" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "py39-django32" }, "ranges": [ { "events": [ { "fixed": "3.2.20" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "py310-django32" }, "ranges": [ { "events": [ { "fixed": "3.2.20" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "py311-django32" }, "ranges": [ { "events": [ { "fixed": "3.2.20" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "py38-django41" }, "ranges": [ { "events": [ { "fixed": "4.1.10" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "py39-django41" }, "ranges": [ { "events": [ { "fixed": "4.1.10" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "py310-django41" }, "ranges": [ { "events": [ { "fixed": "4.1.10" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "py311-django41" }, "ranges": [ { "events": [ { "fixed": "4.1.10" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "py38-django42" }, "ranges": [ { "events": [ { "fixed": "4.2.3" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "py39-django42" }, "ranges": [ { "events": [ { "fixed": "4.2.3" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "py310-django42" }, "ranges": [ { "events": [ { "fixed": "4.2.3" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "py311-django42" }, "ranges": [ { "events": [ { "fixed": "4.2.3" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://www.djangoproject.com/weblog/2023/jul/03/security-releases/" ], "discovery": "2023-07-01T00:00:00Z", "references": { "cvename": [ "CVE-2023-36053" ] }, "vid": "4ee7fa77-19a6-11ee-8a05-080027eda32c" }, "details": "Django reports:\n\n> CVE-2023-36053: Potential regular expression denial of service\n> vulnerability in EmailValidator/URLValidator.\n", "id": "FreeBSD-2023-0198", "modified": "2023-07-03T00:00:00Z", "published": "2023-07-03T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://www.djangoproject.com/weblog/2023/jul/03/security-releases/" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-36053" }, { "type": "WEB", "url": "https://www.djangoproject.com/weblog/2023/jul/03/security-releases/" } ], "schema_version": "1.7.0", "summary": "Django -- multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "mediawiki135" }, "ranges": [ { "events": [ { "fixed": "1.35.11" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "mediawiki138" }, "ranges": [ { "events": [ { "fixed": "1.38.7" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "mediawiki139" }, "ranges": [ { "events": [ { "fixed": "1.39.4" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://lists.wikimedia.org/hyperkitty/list/mediawiki-announce@lists.wikimedia.org/message/HVT3U3XYY35PSCIQPHMY4VQNF3Q6MHUO/" ], "discovery": "2023-04-21T00:00:00Z", "references": { "cvename": [ "CVE-2023-29197", "CVE-2023-36674", "CVE-2023-36675" ] }, "vid": "95dad123-180e-11ee-86ba-080027eda32c" }, "details": "Mediawiki reports:\n\n> (T335203, CVE-2023-29197) Upgrade guzzlehttp/psr7 to \\>= 1.9.1/2.4.5.\n>\n> (T335612, CVE-2023-36674) Manualthumb bypasses badFile lookup.\n>\n> (T332889, CVE-2023-36675) XSS in BlockLogFormatter due to unsafe\n> message use.\n", "id": "FreeBSD-2023-0197", "modified": "2023-07-01T00:00:00Z", "published": "2023-07-01T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://lists.wikimedia.org/hyperkitty/list/mediawiki-announce@lists.wikimedia.org/message/HVT3U3XYY35PSCIQPHMY4VQNF3Q6MHUO/" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-29197" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-36674" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-36675" }, { "type": "WEB", "url": "https://lists.wikimedia.org/hyperkitty/list/mediawiki-announce@lists.wikimedia.org/message/HVT3U3XYY35PSCIQPHMY4VQNF3Q6MHUO/" } ], "schema_version": "1.7.0", "summary": "mediawiki -- multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "gitlab-ce" }, "ranges": [ { "events": [ { "introduced": "16.1.0" }, { "fixed": "16.1.1" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "16.0.0" }, { "fixed": "16.0.6" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "15.11.0" }, { "fixed": "15.11.10" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "7.14.0" }, { "fixed": "15.10.8" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://about.gitlab.com/releases/2023/06/29/security-release-gitlab-16-1-1-released/" ], "discovery": "2023-06-29T00:00:00Z", "references": { "cvename": [ "CVE-2023-3424", "CVE-2023-2190", "CVE-2023-3444", "CVE-2023-2620", "CVE-2023-3362", "CVE-2023-3102", "CVE-2023-2576", "CVE-2023-2200", "CVE-2023-3363", "CVE-2023-1936" ] }, "vid": "3117e6cd-1772-11ee-9cd6-001b217b3468" }, "details": "Gitlab reports:\n\n> ReDoS via EpicReferenceFilter in any Markdown fields\n>\n> New commits to private projects visible in forks created while project\n> was public\n>\n> New commits to private projects visible in forks created while project\n> was public\n>\n> Maintainer can leak masked webhook secrets by manipulating URL masking\n>\n> Information disclosure of project import errors\n>\n> Sensitive information disclosure via value stream analytics controller\n>\n> Bypassing Code Owners branch protection rule in GitLab\n>\n> HTML injection in email address\n>\n> Webhook token leaked in Sidekiq logs if log format is \\'default\\'\n>\n> Private email address of service desk issue creator disclosed via\n> issues API\n", "id": "FreeBSD-2023-0196", "modified": "2023-06-30T00:00:00Z", "published": "2023-06-30T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://about.gitlab.com/releases/2023/06/29/security-release-gitlab-16-1-1-released/" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-3424" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-2190" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-3444" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-2620" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-3362" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-3102" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-2576" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-2200" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-3363" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-1936" }, { "type": "WEB", "url": "https://about.gitlab.com/releases/2023/06/29/security-release-gitlab-16-1-1-released/" } ], "schema_version": "1.7.0", "summary": "Gitlab -- Vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "softether" }, "ranges": [ { "events": [ { "fixed": "4.42.9798" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "softether-devel" }, "ranges": [ { "events": [ { "fixed": "4.42.9798" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://www.softether.org/9-about/News/904-SEVPN202301" ], "discovery": "2023-06-30T00:00:00Z", "references": { "cvename": [ "CVE-2023-27395", "CVE-2023-22325", "CVE-2023-32275", "CVE-2023-27516", "CVE-2023-32634", "CVE-2023-31192" ] }, "vid": "d821956f-1753-11ee-ad66-1c61b4739ac9" }, "details": "Daiyuu Nobori reports:\n\n> The SoftEther VPN project received a high level code review and\n> technical assistance from Cisco Systems, Inc. of the United States\n> from April to June 2023 to fix several vulnerabilities in the\n> SoftEther VPN code.\n>\n> The risk of exploitation of any of the fixed vulnerabilities is low\n> under normal usage and environment, and actual attacks are very\n> difficult. However, SoftEther VPN is now an open source VPN software\n> used by 7.4 million unique users worldwide, and is used daily by many\n> users to defend against the risk of blocking attacks by national\n> censorship firewalls and attempts to eavesdrop on communications.\n> Therefore, as long as the slightest attack possibility exists, there\n> is great value in preventing vulnerabilities as much as possible in\n> anticipation of the most sophisticated cyber attackers in the world,\n> such as malicious ISPs and man-in-the-middle attackers on national\n> Internet communication channels. These fixes are important and useful\n> patches for users who use SoftEther VPN and the Internet for secure\n> communications to prevent advanced attacks that can theoretically be\n> triggered by malicious ISPs and man-in-the-middle attackers on\n> national Internet communication pathways.\n>\n> The fixed vulnerabilities are CVE-2023-27395, CVE-2023-22325,\n> CVE-2023-32275, CVE-2023-27516, CVE-2023-32634, and CVE-2023-31192.\n> All of these were discovered in an outstanding code review of\n> SoftEther VPN by Cisco Systems, Inc.\n>\n> 1. CVE-2023-27395: Heap overflow in SoftEther VPN DDNS client\n> functionality at risk of crashing and theoretically arbitrary code\n> execution caused by a malicious man-in-the-middle attacker such\n> like ISP-level or on national Internet communication channels\n> 2. CVE-2023-22325: Integer overflow in the SoftEther VPN DDNS client\n> functionality could result in crashing caused by a malicious\n> man-in-the-middle attacker such like ISP-level or on national\n> Internet communication channels\n> 3. CVE-2023-32275: Vulnerability that allows the administrator\n> himself of a 32-bit version of VPN Client or VPN Server to see the\n> 32-bit value heap address of each of trusted CA\\'s certificates in\n> the VPN process\n> 4. CVE-2023-27516: If the user forget to set the administrator\n> password of SoftEther VPN Client and enable remote administration\n> with blank password, the administrator password of VPN Client can\n> be changed remotely or VPN client can be used remotely by\n> anonymouse third person\n> 5. CVE-2023-32634: If an attacker succeeds in launching a TCP relay\n> program on the same port as the VPN Client on a local computer\n> running the SoftEther VPN Client before the VPN Client process is\n> launched, the TCP relay program can conduct a man-in-the-middle\n> attack on communication between the administrator and the VPN\n> Client process\n> 6. CVE-2023-31192: When SoftEther VPN Client connects to an untrusted\n> VPN Server, an invalid redirection response for the clustering\n> (load balancing) feature causes 20 bytes of uninitialized stack\n> space to be read\n", "id": "FreeBSD-2023-0195", "modified": "2023-06-30T00:00:00Z", "published": "2023-06-30T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://www.softether.org/9-about/News/904-SEVPN202301" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-27395" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-22325" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-32275" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-27516" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-32634" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-31192" }, { "type": "WEB", "url": "https://www.softether.org/9-about/News/904-SEVPN202301" } ], "schema_version": "1.7.0", "summary": "SoftEtherVPN -- multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "openexr" }, "ranges": [ { "events": [ { "fixed": "3.1.9" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=59382", "https://github.com/AcademySoftwareFoundation/openexr/releases/tag/v3.1.9", "https://github.com/AcademySoftwareFoundation/openexr/pull/1439" ], "discovery": "2023-05-28T00:00:00Z", "vid": "06428d91-152e-11ee-8b14-dbdd62da85fb" }, "details": "oss-fuzz reports:\n\n> heap buffer overflow in internal_huf_decompress.\n\nCary Phillips reports:\n\n> v3.1.9 - Patch release that addresses \\[\\...\\] also OSS-fuzz 59382\n> Heap-buffer-overflow in internal_huf_decompress\n\nKimball Thurston reports:\n\n> Fix scenario where malformed dwa file could read past end of buffer -\n> fixes OSS-Fuzz 59382\n", "id": "FreeBSD-2023-0194", "modified": "2023-06-27T00:00:00Z", "published": "2023-06-27T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=59382" }, { "type": "REPORT", "url": "https://github.com/AcademySoftwareFoundation/openexr/releases/tag/v3.1.9" }, { "type": "REPORT", "url": "https://github.com/AcademySoftwareFoundation/openexr/pull/1439" }, { "type": "WEB", "url": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=59382" }, { "type": "WEB", "url": "https://github.com/AcademySoftwareFoundation/openexr/releases/tag/v3.1.9" }, { "type": "WEB", "url": "https://github.com/AcademySoftwareFoundation/openexr/commit/e431f7e189d0785bb84a5bfb83391e9e58590c49" }, { "type": "WEB", "url": "https://github.com/AcademySoftwareFoundation/openexr/pull/1439" } ], "schema_version": "1.7.0", "summary": "OpenEXR -- heap buffer overflow in internal_huf_decompress" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "chromium" }, "ranges": [ { "events": [ { "fixed": "114.0.5735.198" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "ungoogled-chromium" }, "ranges": [ { "events": [ { "fixed": "114.0.5735.198" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://chromereleases.googleblog.com/2023/06/stable-channel-update-for-desktop_26.html" ], "discovery": "2023-06-26T00:00:00Z", "references": { "cvename": [ "CVE-2023-3420", "CVE-2023-3421", "CVE-2023-3422" ] }, "vid": "ad05a737-14bd-11ee-8290-a8a1599412c6" }, "details": "Chrome Releases reports:\n\n> This update includes 4 security fixes:\n>\n> - \\[1452137\\] High CVE-2023-3420: Type Confusion in V8. Reported by\n> Man Yue Mo of GitHub Security Lab on 2023-06-07\n> - \\[1447568\\] High CVE-2023-3421: Use after free in Media. Reported by\n> Piotr Bania of Cisco Talos on 2023-05-22\n> - \\[1450397\\] High CVE-2023-3422: Use after free in Guest View.\n> Reported by asnine on 2023-06-01\n", "id": "FreeBSD-2023-0193", "modified": "2023-06-27T00:00:00Z", "published": "2023-06-27T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://chromereleases.googleblog.com/2023/06/stable-channel-update-for-desktop_26.html" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-3420" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-3421" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-3422" }, { "type": "WEB", "url": "https://chromereleases.googleblog.com/2023/06/stable-channel-update-for-desktop_26.html" } ], "schema_version": "1.7.0", "summary": "chromium -- multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "grafana" }, "ranges": [ { "events": [ { "introduced": "6.7.0" }, { "fixed": "8.5.27" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "9.0.0" }, { "fixed": "9.2.20" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "9.3.0" }, { "fixed": "9.3.16" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "9.4.0" }, { "fixed": "9.4.13" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "9.5.0" }, { "fixed": "9.5.5" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "10.0.0" }, { "fixed": "10.0.1" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "grafana8" }, "ranges": [ { "events": [ { "fixed": "8.5.27" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "grafana9" }, "ranges": [ { "events": [ { "fixed": "9.2.20" }, { "introduced": "0" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "9.3.0" }, { "fixed": "9.3.16" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "9.4.0" }, { "fixed": "9.4.13" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "9.5.0" }, { "fixed": "9.5.5" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "grafana10" }, "ranges": [ { "events": [ { "fixed": "10.0.1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://grafana.com/blog/2023/06/22/grafana-security-release-for-cve-2023-3128/" ], "discovery": "2023-06-22T00:00:00Z", "references": { "cvename": [ "CVE-2023-3128" ] }, "vid": "fdbe9aec-118b-11ee-908a-6c3be5272acd" }, "details": "Grafana Labs reports:\n\n> Grafana validates Azure Active Directory accounts based on the email\n> claim. On Azure AD, the profile email field is not unique across Azure\n> AD tenants. This can enable a Grafana account takeover and\n> authentication bypass when Azure AD OAuth is configured with a\n> multi-tenant Azure AD OAuth application.\n>\n> The CVSS score for this vulnerability is 9.4 Critical.\n", "id": "FreeBSD-2023-0192", "modified": "2023-06-23T00:00:00Z", "published": "2023-06-23T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://grafana.com/blog/2023/06/22/grafana-security-release-for-cve-2023-3128/" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-3128" }, { "type": "WEB", "url": "https://grafana.com/security/security-advisories/cve-2023-3128" } ], "schema_version": "1.7.0", "summary": "Grafana -- Account takeover / authentication bypass" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "electron23" }, "ranges": [ { "events": [ { "fixed": "23.3.8" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "electron24" }, "ranges": [ { "events": [ { "fixed": "24.6.0" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://github.com/electron/electron/releases/tag/v23.3.8" ], "discovery": "2023-06-22T00:00:00Z", "references": { "cvename": [ "CVE-2023-3215", "CVE-2023-3216" ] }, "vid": "a03b2d9e-b3f2-428c-8f66-21092ed2ba94" }, "details": "Electron developers report:\n\n> This update fixes the following vulnerabilities:\n>\n> - Security: backported fix for CVE-2023-3215.\n> - Security: backported fix for CVE-2023-3216.\n", "id": "FreeBSD-2023-0191", "modified": "2023-06-22T00:00:00Z", "published": "2023-06-22T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://github.com/electron/electron/releases/tag/v23.3.8" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-3215" }, { "type": "ADVISORY", "url": "https://github.com/advisories/GHSA-5rw6-vf4w-p4j3" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-3216" }, { "type": "ADVISORY", "url": "https://github.com/advisories/GHSA-f35r-mcw4-gg3w" } ], "schema_version": "1.7.0", "summary": "electron{23,24} -- multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "electron22" }, "ranges": [ { "events": [ { "fixed": "22.3.14" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://github.com/electron/electron/releases/tag/v22.3.14" ], "discovery": "2023-06-22T00:00:00Z", "references": { "cvename": [ "CVE-2023-3215", "CVE-2023-3216", "CVE-2023-0698", "CVE-2023-0932" ] }, "vid": "770d88cc-f6dc-4385-bdfe-497f8080c3fb" }, "details": "Electron developers report:\n\n> This update fixes the following vulnerabilities:\n>\n> - Security: backported fix for CVE-2023-3215.\n> - Security: backported fix for CVE-2023-3216.\n> - Security: backported fix for CVE-2023-0698.\n> - Security: backported fix for CVE-2023-0932.\n", "id": "FreeBSD-2023-0190", "modified": "2023-06-22T00:00:00Z", "published": "2023-06-22T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://github.com/electron/electron/releases/tag/v22.3.14" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-3215" }, { "type": "ADVISORY", "url": "https://github.com/advisories/GHSA-5rw6-vf4w-p4j3" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-3216" }, { "type": "ADVISORY", "url": "https://github.com/advisories/GHSA-f35r-mcw4-gg3w" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-0698" }, { "type": "ADVISORY", "url": "https://github.com/advisories/GHSA-q6xx-4pmr-m3m4" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-0932" }, { "type": "ADVISORY", "url": "https://github.com/advisories/GHSA-hh2g-39pc-2575" } ], "schema_version": "1.7.0", "summary": "electron22 -- multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "libX11" }, "ranges": [ { "events": [ { "fixed": "1.8.6,1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://lists.x.org/archives/xorg-announce/2023-June/003406.html" ], "discovery": "2023-06-15T00:00:00Z", "references": { "cvename": [ "CVE-2023-3138" ] }, "vid": "734b8f46-773d-4fef-bed3-61114fe8e4c5" }, "details": "The X.Org project reports:\n\n> - Buffer overflows in InitExt.c in libX11 prior to 1.8.6\n> \\[CVE-2023-3138\\]\n>\n> The functions in src/InitExt.c in libX11 prior to 1.8.6 do not check\n> that the values provided for the Request, Event, or Error IDs are\n> within the bounds of the arrays that those functions write to, using\n> those IDs as array indexes. Instead they trusted that they were\n> called with values provided by an Xserver that was adhering to the\n> bounds specified in the X11 protocol, as all X servers provided by\n> X.Org do.\n>\n> As the protocol only specifies a single byte for these values, an\n> out-of-bounds value provided by a malicious server (or a malicious\n> proxy-in-the-middle) can only overwrite other portions of the\n> Display structure and not write outside the bounds of the Display\n> structure itself. Testing has found it is possible to at least cause\n> the client to crash with this memory corruption.\n", "id": "FreeBSD-2023-0189", "modified": "2023-06-16T00:00:00Z", "published": "2023-06-16T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://lists.x.org/archives/xorg-announce/2023-June/003406.html" }, { "type": "WEB", "url": "https://lists.x.org/archives/xorg-announce/2023-June/003406.html" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-3138" } ], "schema_version": "1.7.0", "summary": "libX11 -- Sub-object overflows" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "electron24" }, "ranges": [ { "events": [ { "fixed": "24.5.1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://github.com/electron/electron/releases/tag/v24.5.1" ], "discovery": "2023-06-14T00:00:00Z", "references": { "cvename": [ "CVE-2023-3079", "CVE-2023-2933", "CVE-2023-2932", "CVE-2023-2931", "CVE-2023-2936", "CVE-2023-2935", "CVE-2023-2934", "CVE-2023-2930" ] }, "vid": "aae2ab45-2d21-4cd5-a53b-07ec933400ac" }, "details": "Electron developers report:\n\n> This update fixes the following vulnerabilities:\n>\n> - Security: backported fix for CVE-2023-3079.\n> - Security: backported fix for CVE-2023-2933.\n> - Security: backported fix for CVE-2023-2932.\n> - Security: backported fix for CVE-2023-2931.\n> - Security: backported fix for CVE-2023-2936.\n> - Security: backported fix for CVE-2023-2935.\n> - Security: backported fix for CVE-2023-2934.\n> - Security: backported fix for CVE-2023-2930.\n", "id": "FreeBSD-2023-0188", "modified": "2023-06-16T00:00:00Z", "published": "2023-06-16T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://github.com/electron/electron/releases/tag/v24.5.1" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-3079" }, { "type": "ADVISORY", "url": "https://github.com/advisories/GHSA-8mwf-hvfp-6xfg" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-2933" }, { "type": "ADVISORY", "url": "https://github.com/advisories/GHSA-qrc7-3p69-2jpf" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-2932" }, { "type": "ADVISORY", "url": "https://github.com/advisories/GHSA-7g49-wq8x-r6rh" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-2931" }, { "type": "ADVISORY", "url": "https://github.com/advisories/GHSA-w3xh-m877-x3c2" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-2936" }, { "type": "ADVISORY", "url": "https://github.com/advisories/GHSA-x723-3x32-qg44" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-2935" }, { "type": "ADVISORY", "url": "https://github.com/advisories/GHSA-5ccq-3h49-vjp2" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-2934" }, { "type": "ADVISORY", "url": "https://github.com/advisories/GHSA-mqff-qm67-cr66" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-2930" }, { "type": "ADVISORY", "url": "https://github.com/advisories/GHSA-44xq-533g-gj79" } ], "schema_version": "1.7.0", "summary": "electron24 -- multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "electron23" }, "ranges": [ { "events": [ { "fixed": "23.3.7" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://github.com/electron/electron/releases/tag/v23.3.7" ], "discovery": "2023-06-14T00:00:00Z", "references": { "cvename": [ "CVE-2023-2724", "CVE-2023-2725", "CVE-2023-2721", "CVE-2023-3079", "CVE-2023-2933", "CVE-2023-2932", "CVE-2023-2931", "CVE-2023-2936", "CVE-2023-2935", "CVE-2023-2934", "CVE-2023-2930" ] }, "vid": "3bf6795c-d44c-4033-9b37-ed2e30f34fca" }, "details": "Electron developers report:\n\n> This update fixes the following vulnerabilities:\n>\n> - Security: backported fix for CVE-2023-2724.\n> - Security: backported fix for CVE-2023-2725.\n> - Security: backported fix for CVE-2023-2721.\n> - Security: backported fix for CVE-2023-3079.\n> - Security: backported fix for CVE-2023-2933.\n> - Security: backported fix for CVE-2023-2932.\n> - Security: backported fix for CVE-2023-2931.\n> - Security: backported fix for CVE-2023-2936.\n> - Security: backported fix for CVE-2023-2935.\n> - Security: backported fix for CVE-2023-2934.\n> - Security: backported fix for CVE-2023-2930.\n", "id": "FreeBSD-2023-0187", "modified": "2023-06-16T00:00:00Z", "published": "2023-06-16T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://github.com/electron/electron/releases/tag/v23.3.7" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-2724" }, { "type": "ADVISORY", "url": "https://github.com/advisories/GHSA-j5rv-3m5p-q6rc" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-2725" }, { "type": "ADVISORY", "url": "https://github.com/advisories/GHSA-c4fp-wmv9-q4cr" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-2721" }, { "type": "ADVISORY", "url": "https://github.com/advisories/GHSA-5cww-gpqh-ggqj" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-3079" }, { "type": "ADVISORY", "url": "https://github.com/advisories/GHSA-8mwf-hvfp-6xfg" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-2933" }, { "type": "ADVISORY", "url": "https://github.com/advisories/GHSA-qrc7-3p69-2jpf" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-2932" }, { "type": "ADVISORY", "url": "https://github.com/advisories/GHSA-7g49-wq8x-r6rh" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-2931" }, { "type": "ADVISORY", "url": "https://github.com/advisories/GHSA-w3xh-m877-x3c2" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-2936" }, { "type": "ADVISORY", "url": "https://github.com/advisories/GHSA-x723-3x32-qg44" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-2935" }, { "type": "ADVISORY", "url": "https://github.com/advisories/GHSA-5ccq-3h49-vjp2" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-2934" }, { "type": "ADVISORY", "url": "https://github.com/advisories/GHSA-mqff-qm67-cr66" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-2930" }, { "type": "ADVISORY", "url": "https://github.com/advisories/GHSA-44xq-533g-gj79" } ], "schema_version": "1.7.0", "summary": "electron23 -- multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "electron22" }, "ranges": [ { "events": [ { "fixed": "22.3.13" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://github.com/electron/electron/releases/tag/v22.3.13" ], "discovery": "2023-06-14T00:00:00Z", "references": { "cvename": [ "CVE-2023-2724", "CVE-2023-2723", "CVE-2023-2725", "CVE-2023-2721", "CVE-2023-3079", "CVE-2023-2933", "CVE-2023-2932", "CVE-2023-2931", "CVE-2023-2936", "CVE-2023-2935", "CVE-2023-2930" ] }, "vid": "3c3d3dcb-bef7-4d20-9580-b4216b5ff6a2" }, "details": "Electron developers report:\n\n> This update fixes the following vulnerabilities:\n>\n> - Security: backported fix for CVE-2023-2724.\n> - Security: backported fix for CVE-2023-2723.\n> - Security: backported fix for CVE-2023-2725.\n> - Security: backported fix for CVE-2023-2721.\n> - Security: backported fix for CVE-2023-3079.\n> - Security: backported fix for CVE-2023-2933.\n> - Security: backported fix for CVE-2023-2932.\n> - Security: backported fix for CVE-2023-2931.\n> - Security: backported fix for CVE-2023-2936.\n> - Security: backported fix for CVE-2023-2935.\n> - Security: backported fix for CVE-2023-2930.\n", "id": "FreeBSD-2023-0186", "modified": "2023-06-16T00:00:00Z", "published": "2023-06-16T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://github.com/electron/electron/releases/tag/v22.3.13" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-2724" }, { "type": "ADVISORY", "url": "https://github.com/advisories/GHSA-j5rv-3m5p-q6rc" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-2723" }, { "type": "ADVISORY", "url": "https://github.com/advisories/GHSA-7797-6fvm-v8xw" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-2725" }, { "type": "ADVISORY", "url": "https://github.com/advisories/GHSA-c4fp-wmv9-q4cr" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-2721" }, { "type": "ADVISORY", "url": "https://github.com/advisories/GHSA-5cww-gpqh-ggqj" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-3079" }, { "type": "ADVISORY", "url": "https://github.com/advisories/GHSA-8mwf-hvfp-6xfg" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-2933" }, { "type": "ADVISORY", "url": "https://github.com/advisories/GHSA-qrc7-3p69-2jpf" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-2932" }, { "type": "ADVISORY", "url": "https://github.com/advisories/GHSA-7g49-wq8x-r6rh" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-2931" }, { "type": "ADVISORY", "url": "https://github.com/advisories/GHSA-w3xh-m877-x3c2" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-2936" }, { "type": "ADVISORY", "url": "https://github.com/advisories/GHSA-x723-3x32-qg44" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-2935" }, { "type": "ADVISORY", "url": "https://github.com/advisories/GHSA-5ccq-3h49-vjp2" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-2930" }, { "type": "ADVISORY", "url": "https://github.com/advisories/GHSA-44xq-533g-gj79" } ], "schema_version": "1.7.0", "summary": "electron22 -- multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "jenkins" }, "ranges": [ { "events": [ { "fixed": "2.400" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "jenkins-lts" }, "ranges": [ { "events": [ { "fixed": "2.401.1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://www.jenkins.io/security/advisory/2023-06-14/" ], "discovery": "2023-06-14T00:00:00Z", "references": { "cvename": [ "CVE-2023-35141" ] }, "vid": "b4db7d78-bb62-4f4c-9326-6e9fc2ddd400" }, "details": "Jenkins Security Advisory:\n\n> # Description\n>\n> ##### (High) SECURITY-3135 / CVE-2023-35141\n>\n> CSRF protection bypass vulnerability\n", "id": "FreeBSD-2023-0185", "modified": "2023-06-14T00:00:00Z", "published": "2023-06-14T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://www.jenkins.io/security/advisory/2023-06-14/" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-35141" }, { "type": "WEB", "url": "https://www.jenkins.io/security/advisory/2023-06-14/" } ], "schema_version": "1.7.0", "summary": "jenkins -- CSRF protection bypass vulnerability" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "vscode" }, "ranges": [ { "events": [ { "fixed": "1.79.1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://github.com/microsoft/vscode/security/advisories/GHSA-j5wm-6crw-xvmr" ], "discovery": "2023-06-13T00:00:00Z", "references": { "cvename": [ "CVE-2023-33144" ] }, "vid": "f0250129-fdb8-41ed-aa9e-661ff5026845" }, "details": "VSCode developers reports:\n\n> VS Code Information Disclosure Vulnerability\n>\n> A information disclosure vulnerability exists in VS Code 1.79.0 and\n> earlier versions on Windows when file system operations are performed\n> on malicious UNC paths. Examples include reading or resolving metadata\n> of such paths. An authorised attacker must send the user a malicious\n> file and convince the user to open it for the vulnerability to occur.\n> Exploiting this vulnerability could allow the disclosure of NTLM\n> hashes.\n", "id": "FreeBSD-2023-0184", "modified": "2023-06-13T00:00:00Z", "published": "2023-06-13T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://github.com/microsoft/vscode/security/advisories/GHSA-j5wm-6crw-xvmr" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-33144" }, { "type": "WEB", "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-33144" } ], "schema_version": "1.7.0", "summary": "vscode -- VS Code Information Disclosure Vulnerability" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "chromium" }, "ranges": [ { "events": [ { "fixed": "114.0.5735.133" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "ungoogled-chromium" }, "ranges": [ { "events": [ { "fixed": "114.0.5735.133" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://chromereleases.googleblog.com/2023/06/stable-channel-update-for-desktop_13.html" ], "discovery": "2023-06-13T00:00:00Z", "references": { "cvename": [ "CVE-2023-3214", "CVE-2023-3215", "CVE-2023-3216", "CVE-2023-3217" ] }, "vid": "1567be8c-0a15-11ee-8290-a8a1599412c6" }, "details": "Chrome Releases reports:\n\n> This update includes 5 security fixes:\n>\n> - \\[1450568\\] Critical CVE-2023-3214: Use after free in Autofill\n> payments. Reported by Rong Jian of VRI on 2023-06-01\n> - \\[1446274\\] High CVE-2023-3215: Use after free in WebRTC. Reported\n> by asnine on 2023-05-17\n> - \\[1450114\\] High CVE-2023-3216: Type Confusion in V8. Reported by\n> 5n1p3r0010 from Topsec ChiXiao Lab on 2023-05-31\n> - \\[1450601\\] High CVE-2023-3217: Use after free in WebXR. Reported by\n> Sergei Glazunov of Google Project Zero on 2023-06-01\n", "id": "FreeBSD-2023-0183", "modified": "2023-06-13T00:00:00Z", "published": "2023-06-13T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://chromereleases.googleblog.com/2023/06/stable-channel-update-for-desktop_13.html" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-3214" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-3215" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-3216" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-3217" }, { "type": "WEB", "url": "https://chromereleases.googleblog.com/2023/06/stable-channel-update-for-desktop_13.html" } ], "schema_version": "1.7.0", "summary": "chromium -- multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "xmltooling" }, "ranges": [ { "events": [ { "fixed": "3.2.4" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://shibboleth.net/community/advisories/secadv_20230612.txt" ], "discovery": "2023-06-12T00:00:00Z", "vid": "f7e9a1cc-0931-11ee-94b4-6cc21735f730" }, "details": "Shibboleth consortium reports:\n\n> An updated version of the XMLTooling library that is part of the\n> OpenSAML and Shibboleth Service Provider software is now available\n> which corrects a server-side request forgery (SSRF) vulnerability.\n>\n> Including certain legal but \\\"malicious in intent\\\" content in the\n> KeyInfo element defined by the XML Signature standard will result in\n> attempts by the SP\\'s shibd process to dereference untrusted URLs.\n>\n> While the content of the URL must be supplied within the message and\n> does not include any SP internal state or dynamic content, there is at\n> minimum a risk of denial of service, and the attack could be combined\n> with others to create more serious vulnerabilities in the future.\n", "id": "FreeBSD-2023-0182", "modified": "2023-06-12T00:00:00Z", "published": "2023-06-12T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://shibboleth.net/community/advisories/secadv_20230612.txt" }, { "type": "WEB", "url": "https://shibboleth.net/community/advisories/secadv_20230612.txt" } ], "schema_version": "1.7.0", "summary": "xmltooling -- remote resource access" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "acme.sh" }, "ranges": [ { "events": [ { "fixed": "3.0.6" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://github.com/acmesh-official/acme.sh/issues/4659" ], "discovery": "2023-06-08T00:00:00Z", "vid": "fdca9418-06f0-11ee-abe2-ecf4bbefc954" }, "details": "Neil Pang reports:\n\n> HiCA was injecting arbitrary code/commands into the certificate\n> obtaining process and acme.sh is running them on the client machine.\n", "id": "FreeBSD-2023-0181", "modified": "2023-06-09T00:00:00Z", "published": "2023-06-09T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://github.com/acmesh-official/acme.sh/issues/4659" }, { "type": "WEB", "url": "https://github.com/acmesh-official/acme.sh/issues/4665" } ], "schema_version": "1.7.0", "summary": "acme.sh -- closes potential remote vuln" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "python37" }, "ranges": [ { "events": [ { "fixed": "3.7.17" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "python38" }, "ranges": [ { "events": [ { "fixed": "3.8.17" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "python39" }, "ranges": [ { "events": [ { "fixed": "3.9.17" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "python310" }, "ranges": [ { "events": [ { "fixed": "3.10.12" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "python311" }, "ranges": [ { "events": [ { "fixed": "3.11.4" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://pythoninsider.blogspot.com/2023/06/python-3114-31012-3917-3817-3717-and.html" ], "discovery": "2022-06-08T00:00:00Z", "references": { "cvename": [ "CVE-2022-4303", "CVE-2023-2650", "CVE-2023-0286", "CVE-2023-0464", "CVE-2023-0465", "CVE-2023-0466", "CVE-2023-24329" ] }, "vid": "d86becfe-05a4-11ee-9d4a-080027eda32c" }, "details": "Python reports:\n\n> gh-103142: The version of OpenSSL used in Windows and Mac installers\n> has been upgraded to 1.1.1u to address CVE-2023-2650, CVE-2023-0465,\n> CVE-2023-0466, CVE-2023-0464, as well as CVE-2023-0286, CVE-2022-4303,\n> and CVE-2022-4303 fixed previously in 1.1.1t (gh-101727).\n>\n> gh-102153: urllib.parse.urlsplit() now strips leading C0 control and\n> space characters following the specification for URLs defined by\n> WHATWG in response to CVE-2023-24329.\n>\n> gh-99889: Fixed a security in flaw in uu.decode() that could allow for\n> directory traversal based on the input if no out_file was specified.\n>\n> gh-104049: Do not expose the local on-disk location in directory\n> indexes produced by http.client.SimpleHTTPRequestHandler.\n>\n> gh-101283: subprocess.Popen now uses a safer approach to find cmd.exe\n> when launching with shell=True.\n>\n> gh-103935: trace.\\_\\_main\\_\\_ now uses io.open_code() for files to be\n> executed instead of raw open().\n>\n> gh-102953: The extraction methods in tarfile, and\n> shutil.unpack_archive(), have a new filter argument that allows\n> limiting tar features than may be surprising or dangerous, such as\n> creating files outside the destination directory.\n>\n> gh-102126: Fixed a deadlock at shutdown when clearing thread states if\n> any finalizer tries to acquire the runtime head lock.\n>\n> gh-100892: Fixed a crash due to a race while iterating over thread\n> states in clearing threading.local.\n", "id": "FreeBSD-2023-0180", "modified": "2023-06-08T00:00:00Z", "published": "2023-06-08T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://pythoninsider.blogspot.com/2023/06/python-3114-31012-3917-3817-3717-and.html" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-4303" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-2650" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-0286" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-0464" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-0465" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-0466" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-24329" }, { "type": "WEB", "url": "https://pythoninsider.blogspot.com/2023/06/python-3114-31012-3917-3817-3717-and.html" } ], "schema_version": "1.7.0", "summary": "Python -- multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "grafana" }, "ranges": [ { "events": [ { "introduced": "8.0.0" }, { "fixed": "8.5.26" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "9.0.0" }, { "fixed": "9.2.19" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "9.3.0" }, { "fixed": "9.3.15" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "9.4.0" }, { "fixed": "9.4.12" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "9.5.0" }, { "fixed": "9.5.3" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "grafana8" }, "ranges": [ { "events": [ { "introduced": "8.0.0" }, { "fixed": "8.5.26" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "grafana9" }, "ranges": [ { "events": [ { "fixed": "9.2.19" }, { "introduced": "0" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "9.3.0" }, { "fixed": "9.3.15" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "9.4.0" }, { "fixed": "9.4.12" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "9.5.0" }, { "fixed": "9.5.3" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://grafana.com/blog/2023/06/06/grafana-security-release-new-grafana-versions-with-security-fixes-for-cve-2023-2183-and-cve-2023-2801/" ], "discovery": "2023-06-06T00:00:00Z", "references": { "cvename": [ "CVE-2023-2183" ] }, "vid": "6c1de144-056f-11ee-8e16-6c3be5272acd" }, "details": "Grafana Labs reports:\n\n> Grafana can allow an attacker in the **Viewer** role to send alerts by\n> **API Alert - Test**. This option, however, is not available in the\n> user panel UI for the Viewer role.\n>\n> The CVSS score for this vulnerability is 4.1 Medium\n> (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:N/A:N).\n", "id": "FreeBSD-2023-0179", "modified": "2023-06-07T00:00:00Z", "published": "2023-06-07T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://grafana.com/blog/2023/06/06/grafana-security-release-new-grafana-versions-with-security-fixes-for-cve-2023-2183-and-cve-2023-2801/" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-2183" }, { "type": "WEB", "url": "https://grafana.com/security/security-advisories/cve-2023-2183/" } ], "schema_version": "1.7.0", "summary": "Grafana -- Broken access control: viewer can send test alerts" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "grafana" }, "ranges": [ { "events": [ { "introduced": "9.4.0" }, { "fixed": "9.4.12" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "9.5.0" }, { "fixed": "9.5.3" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "grafana9" }, "ranges": [ { "events": [ { "introduced": "9.4.0" }, { "fixed": "9.4.12" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "9.5.0" }, { "fixed": "9.5.3" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://grafana.com/blog/2023/06/06/grafana-security-release-new-grafana-versions-with-security-fixes-for-cve-2023-2183-and-cve-2023-2801/" ], "discovery": "2023-06-06T00:00:00Z", "references": { "cvename": [ "CVE-2023-2801" ] }, "vid": "652064ef-056f-11ee-8e16-6c3be5272acd" }, "details": "Grafana Labs reports:\n\n> We have discovered a vulnerability with Grafana's data source query\n> endpoints that could end up crashing a Grafana instance.\n>\n> If you have public dashboards (PD) enabled, we are scoring this as a\n> CVSS 7.5 High.\n>\n> If you have disabled PD, this vulnerability is still a risk, but\n> triggering the issue requires data source read privileges and access\n> to the Grafana API through a developer script.\n", "id": "FreeBSD-2023-0178", "modified": "2023-06-07T00:00:00Z", "published": "2023-06-07T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://grafana.com/blog/2023/06/06/grafana-security-release-new-grafana-versions-with-security-fixes-for-cve-2023-2183-and-cve-2023-2801/" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-2801" }, { "type": "WEB", "url": "CVE-2023-2801" } ], "schema_version": "1.7.0", "summary": "Grafana -- Grafana DS proxy race condition" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "chromium" }, "ranges": [ { "events": [ { "fixed": "114.0.5735.106" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "ungoogled-chromium" }, "ranges": [ { "events": [ { "fixed": "114.0.5735.106" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://chromereleases.googleblog.com/2023/06/stable-channel-update-for-desktop.html" ], "discovery": "2023-06-05T00:00:00Z", "references": { "cvename": [ "CVE-2023-3079" ] }, "vid": "12741b1f-04f9-11ee-8290-a8a1599412c6" }, "details": "Chrome Releases reports:\n\n> This update includes 2 security fixes:\n>\n> - \\[1450481\\] High CVE-2023-3079: Type Confusion in V8. Reported by\n> Cl\u00e9ment Lecigne of Google\\'s Threat Analysis Group on 2023-06-01\n", "id": "FreeBSD-2023-0177", "modified": "2023-06-07T00:00:00Z", "published": "2023-06-07T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://chromereleases.googleblog.com/2023/06/stable-channel-update-for-desktop.html" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-3079" }, { "type": "WEB", "url": "https://chromereleases.googleblog.com/2023/06/stable-channel-update-for-desktop.html" } ], "schema_version": "1.7.0", "summary": "chromium -- multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "gitlab-ce" }, "ranges": [ { "events": [ { "introduced": "16.0.0" }, { "fixed": "16.0.2" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "15.11.0" }, { "fixed": "15.11.7" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "15.10.0" }, { "fixed": "15.10.8" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "1.2" }, { "fixed": "15.9.8" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://about.gitlab.com/releases/2023/06/05/security-release-gitlab-16-0-2-released/" ], "discovery": "2023-06-05T00:00:00Z", "references": { "cvename": [ "CVE-2023-2442", "CVE-2023-2199", "CVE-2023-2198", "CVE-2023-2132", "CVE-2023-0121", "CVE-2023-2589", "CVE-2023-2015", "CVE-2023-2485", "CVE-2023-2001", "CVE-2023-0921", "CVE-2023-1204", "CVE-2023-0508", "CVE-2023-1825", "CVE-2023-2013" ] }, "vid": "cdb5338d-04ec-11ee-9c88-001b217b3468" }, "details": "Gitlab reports:\n\n> Stored-XSS with CSP-bypass in Merge requests\n>\n> ReDoS via FrontMatterFilter in any Markdown fields\n>\n> ReDoS via InlineDiffFilter in any Markdown fields\n>\n> ReDoS via DollarMathPostFilter in Markdown fields\n>\n> DoS via malicious test report artifacts\n>\n> Restricted IP addresses can clone repositories of public projects\n>\n> Reflected XSS in Report Abuse Functionality\n>\n> Privilege escalation from maintainer to owner by importing members\n> from a project\n>\n> Bypassing tags protection in GitLab\n>\n> Denial of Service using multiple labels with arbitrarily large\n> descriptions\n>\n> Ability to use an unverified email for public and commit emails\n>\n> Open Redirection Through HTTP Response Splitting\n>\n> Disclosure of issue notes to an unauthorized user when exporting a\n> project\n>\n> Ambiguous branch name exploitation\n", "id": "FreeBSD-2023-0176", "modified": "2023-06-07T00:00:00Z", "published": "2023-06-07T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://about.gitlab.com/releases/2023/06/05/security-release-gitlab-16-0-2-released/" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-2442" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-2199" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-2198" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-2132" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-0121" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-2589" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-2015" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-2485" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-2001" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-0921" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-1204" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-0508" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-1825" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-2013" }, { "type": "WEB", "url": "https://about.gitlab.com/releases/2023/06/05/security-release-gitlab-16-0-2-released/" } ], "schema_version": "1.7.0", "summary": "Gitlab -- Vulnerability" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "qpress" }, "ranges": [ { "events": [ { "fixed": "11.3" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "xtrabackup8" }, "ranges": [ { "events": [ { "fixed": "8.0.32" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://github.com/EvgeniyPatlan/qpress/commit/ddb312090ebd5794e81bc6fb1dfb4e79eda48761" ], "discovery": "2022-11-23T00:00:00Z", "references": { "cvename": [ "CVE-2022-45866" ] }, "vid": "2f38c6a2-04a4-11ee-8cb0-e41f13b9c674" }, "details": "cve@mitre.org reports:\n\n> qpress before PierreLvx/qpress 20220819 and before version 11.3, as\n> used in Percona XtraBackup and other products, allows directory\n> traversal via ../ in a .qp file.\n", "id": "FreeBSD-2023-0175", "modified": "2023-06-06T00:00:00Z", "published": "2023-06-06T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://github.com/EvgeniyPatlan/qpress/commit/ddb312090ebd5794e81bc6fb1dfb4e79eda48761" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-45866" }, { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-45866" } ], "schema_version": "1.7.0", "summary": "qpress -- directory traversal" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "php80-kanboard" }, "ranges": [ { "events": [ { "fixed": "1.2.30" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://github.com/kanboard/kanboard/commit/b501ef44bc28ee9cf603a4fa446ee121d66f652f" ], "discovery": "2023-06-05T00:00:00Z", "references": { "cvename": [ "CVE-2023-33970", "CVE-2023-33969", "CVE-2023-33968", "CVE-2023-33956" ] }, "vid": "bfca647c-0456-11ee-bafd-b42e991fc52e" }, "details": "Kanboard is project management software that focuses on the Kanban\nmethodology. The last update includes 4 vulnerabilities:\n\nsecurity-advisories@github.com reports:\n\n> - Missing access control in internal task links feature\n> - Stored Cross site scripting in the Task External Link Functionality\n> in Kanboard\n> - Missing Access Control allows User to move and duplicate tasks in\n> Kanboard\n> - Parameter based Indirect Object Referencing leading to private file\n> exposure in Kanboard\n", "id": "FreeBSD-2023-0174", "modified": "2023-06-06T00:00:00Z", "published": "2023-06-06T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://github.com/kanboard/kanboard/commit/b501ef44bc28ee9cf603a4fa446ee121d66f652f" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-33970" }, { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-33970" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-33969" }, { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-33969" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-33968" }, { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-33968" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-33956" }, { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-33956" } ], "schema_version": "1.7.0", "summary": "Kanboard -- Multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "openssl" }, "ranges": [ { "events": [ { "fixed": "1.1.1u,1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "openssl30" }, "ranges": [ { "events": [ { "fixed": "3.0.9" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "openssl31" }, "ranges": [ { "events": [ { "fixed": "3.1.1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "openssl-quictls" }, "ranges": [ { "events": [ { "fixed": "3.0.9" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://www.openssl.org/news/secadv/20230530.txt" ], "discovery": "2023-05-30T00:00:00Z", "references": { "cvename": [ "CVE-2023-2650" ] }, "vid": "eb9a3c57-ff9e-11ed-a0d1-84a93843eb75" }, "details": "The OpenSSL project reports:\n\n> Severity: Moderate. Processing some specially crafted ASN.1 object\n> identifiers or data containing them may be very slow.\n", "id": "FreeBSD-2023-0173", "modified": "2023-05-31T00:00:00Z", "published": "2023-05-31T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://www.openssl.org/news/secadv/20230530.txt" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-2650" }, { "type": "WEB", "url": "https://www.openssl.org/news/secadv/20230530.txt" } ], "schema_version": "1.7.0", "summary": "OpenSSL -- Possible DoS translating ASN.1 identifiers" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "php80-kanboard" }, "ranges": [ { "events": [ { "fixed": "1.2.29" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://github.com/kanboard/kanboard/commit/26b6eebb78d4306e48b836a58f7c386251aa2bc7" ], "discovery": "2023-05-30T00:00:00Z", "references": { "cvename": [ "CVE-2023-32685" ] }, "vid": "79514fcd-feb4-11ed-92b5-b42e991fc52e" }, "details": "security-advisories@github.com reports:\n\n> Kanboard is project management software that focuses on the Kanban\n> methodology. Due to improper handling of elements under the\n> \\`contentEditable\\` element, maliciously crafted clipboard content can\n> inject arbitrary HTML tags into the DOM. A low-privileged attacker\n> with permission to attach a document on a vulnerable Kanboard instance\n> can trick the victim into pasting malicious screenshot data and\n> achieve cross-site scripting if CSP is improperly configured. This\n> issue has been patched in version 1.2.29.\n", "id": "FreeBSD-2023-0172", "modified": "2023-05-30T00:00:00Z", "published": "2023-05-30T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://github.com/kanboard/kanboard/commit/26b6eebb78d4306e48b836a58f7c386251aa2bc7" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-32685" }, { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-32685" } ], "schema_version": "1.7.0", "summary": "Kanboard -- Clipboard based cross-site scripting (blocked with default CSP) in Kanboard" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "chromium" }, "ranges": [ { "events": [ { "fixed": "114.0.5735.90" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "ungoogled-chromium" }, "ranges": [ { "events": [ { "fixed": "114.0.5735.90" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://chromereleases.googleblog.com/2023/05/stable-channel-update-for-desktop_30.html" ], "discovery": "2023-05-30T00:00:00Z", "references": { "cvename": [ "CVE-2023-2929", "CVE-2023-2930", "CVE-2023-2931", "CVE-2023-2932", "CVE-2023-2933", "CVE-2023-2934", "CVE-2023-2935", "CVE-2023-2936", "CVE-2023-2937", "CVE-2023-2938", "CVE-2023-2939", "CVE-2023-2940", "CVE-2023-2941" ] }, "vid": "fd87a250-ff78-11ed-8290-a8a1599412c6" }, "details": "Chrome Releases reports:\n\n> This update includes 16 security fixes:\n>\n> - \\[1410191\\] High CVE-2023-2929: Out of bounds write in Swiftshader.\n> Reported by Jaehun Jeong(@n3sk) of Theori on 2023-01-25\n> - \\[1443401\\] High CVE-2023-2930: Use after free in Extensions.\n> Reported by asnine on 2023-05-08\n> - \\[1444238\\] High CVE-2023-2931: Use after free in PDF. Reported by\n> Huyna at Viettel Cyber Security on 2023-05-10\n> - \\[1444581\\] High CVE-2023-2932: Use after free in PDF. Reported by\n> Huyna at Viettel Cyber Security on 2023-05-11\n> - \\[1445426\\] High CVE-2023-2933: Use after free in PDF. Reported by\n> Quang Nguy\u1ec5n (@quangnh89) of Viettel Cyber Security and Nguyen\n> Phuong on 2023-05-15\n> - \\[1429720\\] High CVE-2023-2934: Out of bounds memory access in Mojo.\n> Reported by Mark Brand of Google Project Zero on 2023-04-01\n> - \\[1440695\\] High CVE-2023-2935: Type Confusion in V8. Reported by\n> Sergei Glazunov of Google Project Zero on 2023-04-27\n> - \\[1443452\\] High CVE-2023-2936: Type Confusion in V8. Reported by\n> Sergei Glazunov of Google Project Zero on 2023-05-08\n> - \\[1413813\\] Medium CVE-2023-2937: Inappropriate implementation in\n> Picture In Picture. Reported by NDevTK on 2023-02-08\n> - \\[1416350\\] Medium CVE-2023-2938: Inappropriate implementation in\n> Picture In Picture. Reported by Alesandro Ortiz on 2023-02-15\n> - \\[1427431\\] Medium CVE-2023-2939: Insufficient data validation in\n> Installer. Reported by ycdxsb from VARAS@IIE on 2023-03-24\n> - \\[1426807\\] Medium CVE-2023-2940: Inappropriate implementation in\n> Downloads. Reported by Axel Chong on 2023-03-22\n> - \\[1430269\\] Low CVE-2023-2941: Inappropriate implementation in\n> Extensions API. Reported by Jasper Rebane on 2023-04-04\n", "id": "FreeBSD-2023-0171", "modified": "2023-05-31T00:00:00Z", "published": "2023-05-31T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://chromereleases.googleblog.com/2023/05/stable-channel-update-for-desktop_30.html" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-2929" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-2930" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-2931" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-2932" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-2933" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-2934" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-2935" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-2936" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-2937" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-2938" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-2939" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-2940" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-2941" }, { "type": "WEB", "url": "https://chromereleases.googleblog.com/2023/05/stable-channel-update-for-desktop_30.html" } ], "schema_version": "1.7.0", "summary": "chromium -- multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "mariadb1011-server" }, "ranges": [ { "events": [ { "fixed": "10.11.3" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "mariadb106-server" }, "ranges": [ { "events": [ { "fixed": "10.6.13" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "mariadb105-server" }, "ranges": [ { "events": [ { "fixed": "10.5.20" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "mariadb104-server" }, "ranges": [ { "events": [ { "fixed": "10.4.29" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "mariadb103-server" }, "ranges": [ { "events": [ { "fixed": "10.3.39" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://mariadb.com/kb/en/security/" ], "discovery": "2023-05-10T00:00:00Z", "references": { "cvename": [ "CVE-2022-47015" ] }, "vid": "5d1b1a0a-fd36-11ed-a0d1-84a93843eb75" }, "details": "The MariaDB project reports:\n\n> MariaDB Server is vulnerable to Denial of Service. It is possible for\n> function spider_db_mbase::print_warnings to dereference a null\n> pointer.\n", "id": "FreeBSD-2023-0170", "modified": "2023-05-28T00:00:00Z", "published": "2023-05-28T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://mariadb.com/kb/en/security/" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-47015" }, { "type": "WEB", "url": "https://mariadb.com/kb/en/security/" } ], "schema_version": "1.7.0", "summary": "MariaDB -- Nullpointer dereference" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "phpmyfaq" }, "ranges": [ { "events": [ { "fixed": "3.1.14" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://www.phpmyfaq.de/security/advisory-2023-04-23" ], "discovery": "2023-05-17T00:00:00Z", "vid": "7d6be8d4-f812-11ed-a7ff-589cfc0f81b0" }, "details": "phpmyfaq developers report:\n\n> Multiple XSS vulnerabilities\n", "id": "FreeBSD-2023-0169", "modified": "2023-05-21T00:00:00Z", "published": "2023-05-21T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://www.phpmyfaq.de/security/advisory-2023-04-23" }, { "type": "WEB", "url": "https://huntr.dev/bounties/4d89c7cc-fb4c-4b64-9b67-f0189f70a620/" }, { "type": "WEB", "url": "https://huntr.dev/bounties/8282d78e-f399-4bf4-8403-f39103a31e78/" } ], "schema_version": "1.7.0", "summary": "phpmyfaq -- multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "curl" }, "ranges": [ { "events": [ { "fixed": "8.1.0" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://curl.se/docs/security.html" ], "discovery": "2023-03-21T00:00:00Z", "references": { "cvename": [ "CVE-2023-28319", "CVE-2023-28320", "CVE-2023-28321", "CVE-2023-28322" ] }, "vid": "a4f8bb03-f52f-11ed-9859-080027083a05" }, "details": "Wei Chong Tan, Harry Sintonen, and Hiroki Kurosawa reports:\n\n> This update fixes 4 security vulnerabilities:\n>\n> - Medium CVE-2023-28319: UAF in SSH sha256 fingerprint check. Reported\n> by Wei Chong Tan on 2023-03-21\n> - Low CVE-2023-28320: siglongjmp race condition. Reported by Harry\n> Sintonen on 2023-04-02\n> - Low CVE-2023-28321: IDN wildcard match. Reported by Hiroki Kurosawa\n> on 2023-04-17\n> - Low CVE-2023-28322: more POST-after-PUT confusion. Reported by\n> Hiroki Kurosawa on 2023-04-19\n", "id": "FreeBSD-2023-0168", "modified": "2023-05-19T00:00:00Z", "published": "2023-05-19T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://curl.se/docs/security.html" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-28319" }, { "type": "WEB", "url": "https://curl.se/docs/CVE-2023-28319.html" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-28320" }, { "type": "WEB", "url": "https://curl.se/docs/CVE-2023-28320.html" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-28321" }, { "type": "WEB", "url": "https://curl.se/docs/CVE-2023-28321.html" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-28322" }, { "type": "WEB", "url": "https://curl.se/docs/CVE-2023-28322.html" } ], "schema_version": "1.7.0", "summary": "curl -- multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "zeek" }, "ranges": [ { "events": [ { "fixed": "5.0.9" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://github.com/zeek/zeek/releases/tag/v5.0.9" ], "discovery": "2023-05-19T00:00:00Z", "vid": "1ab7357f-a3c2-406a-89fb-fd00e49a71b5" }, "details": "Tim Wojtulewicz of Corelight reports:\n\n> A specially-crafted series of FTP packets with a CMD command with a\n> large path followed by a very large number of replies could cause Zeek\n> to spend a long time processing the data.\n>\n> A specially-crafted with a truncated header can cause Zeek to overflow\n> memory and potentially crash.\n>\n> A specially-crafted series of SMTP packets can cause Zeek to generate\n> a very large number of events and take a long time to process them.\n>\n> A specially-crafted series of POP3 packets containing MIME data can\n> cause Zeek to spend a long time dealing with each individual file ID.\n", "id": "FreeBSD-2023-0167", "modified": "2023-05-19T00:00:00Z", "published": "2023-05-19T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://github.com/zeek/zeek/releases/tag/v5.0.9" }, { "type": "WEB", "url": "https://github.com/zeek/zeek/releases/tag/v5.0.9" } ], "schema_version": "1.7.0", "summary": "zeek -- potential DoS vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "electron22" }, "ranges": [ { "events": [ { "fixed": "22.3.10" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "electron23" }, "ranges": [ { "events": [ { "fixed": "23.3.3" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://github.com/electron/electron/releases/tag/v22.3.10" ], "discovery": "2023-05-17T00:00:00Z", "references": { "cvename": [ "CVE-2023-29469" ] }, "vid": "b09d77d0-b27c-48ae-b69b-9641bb68b39e" }, "details": "Electron developers report:\n\n> This update fixes the following vulnerability:\n>\n> - Security: backported fix for CVE-2023-29469\n", "id": "FreeBSD-2023-0166", "modified": "2023-05-18T00:00:00Z", "published": "2023-05-18T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://github.com/electron/electron/releases/tag/v22.3.10" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-29469" }, { "type": "ADVISORY", "url": "https://github.com/advisories/GHSA-7jv7-hr35-fwjr" } ], "schema_version": "1.7.0", "summary": "electron -- vulnerability" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "chromium" }, "ranges": [ { "events": [ { "fixed": "113.0.5672.126" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "ungoogled-chromium" }, "ranges": [ { "events": [ { "fixed": "113.0.5672.126" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://chromereleases.googleblog.com/2023/05/stable-channel-update-for-desktop_16.html" ], "discovery": "2023-05-16T00:00:00Z", "references": { "cvename": [ "CVE-2023-2721", "CVE-2023-2722", "CVE-2023-2723", "CVE-2023-2724", "CVE-2023-2725", "CVE-2023-2726" ] }, "vid": "bea52545-f4a7-11ed-8290-a8a1599412c6" }, "details": "Chrome Releases reports:\n\n> This update includes 12 security fixes:\n>\n> - \\[1444360\\] Critical CVE-2023-2721: Use after free in Navigation.\n> Reported by Guang Gong of Alpha Lab, Qihoo 360 on 2023-05-10\n> - \\[1400905\\] High CVE-2023-2722: Use after free in Autofill UI.\n> Reported by Rong Jian of VRI on 2022-12-14\n> - \\[1435166\\] High CVE-2023-2723: Use after free in DevTools. Reported\n> by asnine on 2023-04-21\n> - \\[1433211\\] High CVE-2023-2724: Type Confusion in V8. Reported by\n> Sergei Glazunov of Google Project Zero on 2023-04-14\n> - \\[1442516\\] High CVE-2023-2725: Use after free in Guest View.\n> Reported by asnine on 2023-05-04\n> - \\[1442018\\] Medium CVE-2023-2726: Inappropriate implementation in\n> WebApp Installs. Reported by Ahmed ElMasry on 2023-05-03\n", "id": "FreeBSD-2023-0165", "modified": "2023-05-17T00:00:00Z", "published": "2023-05-17T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://chromereleases.googleblog.com/2023/05/stable-channel-update-for-desktop_16.html" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-2721" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-2722" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-2723" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-2724" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-2725" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-2726" }, { "type": "WEB", "url": "https://chromereleases.googleblog.com/2023/05/stable-channel-update-for-desktop_16.html" } ], "schema_version": "1.7.0", "summary": "chromium -- multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "gitlab-ce" }, "ranges": [ { "events": [ { "introduced": "15.11.0" }, { "fixed": "15.11.3" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "15.10.0" }, { "fixed": "15.10.7" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "9.0" }, { "fixed": "15.9.8" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://about.gitlab.com/releases/2023/05/10/security-release-gitlab-15-11-3-released/" ], "discovery": "2023-05-10T00:00:00Z", "references": { "cvename": [ "CVE-2023-2181" ] }, "vid": "4a08a4fb-f152-11ed-9c88-001b217b3468" }, "details": "Gitlab reports:\n\n> Smuggling code changes via merge requests with refs/replace\n", "id": "FreeBSD-2023-0164", "modified": "2023-05-13T00:00:00Z", "published": "2023-05-13T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://about.gitlab.com/releases/2023/05/10/security-release-gitlab-15-11-3-released/" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-2181" }, { "type": "WEB", "url": "https://about.gitlab.com/releases/2023/05/10/security-release-gitlab-15-11-3-released/" } ], "schema_version": "1.7.0", "summary": "Gitlab -- Vulnerability" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "piwigo" }, "ranges": [ { "events": [ { "fixed": "13.7.0" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://www.piwigo.org/release-13.7.0" ], "discovery": "2023-03-01T00:00:00Z", "vid": "ec63bc8e-f092-11ed-85ca-001517a2e1a4" }, "details": "Piwigo reports:\n\n> Piwigo is affected by multiple SQL injection issues.\n", "id": "FreeBSD-2023-0163", "modified": "2023-05-12T00:00:00Z", "published": "2023-05-12T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://www.piwigo.org/release-13.7.0" }, { "type": "WEB", "url": "https://www.piwigo.org/release-13.7.0" } ], "schema_version": "1.7.0", "summary": "piwigo -- SQL injection" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "postgresql-server" }, "ranges": [ { "events": [ { "fixed": "15.3" }, { "introduced": "0" } ], "type": "ECOSYSTEM" }, { "events": [ { "fixed": "14.8" }, { "introduced": "0" } ], "type": "ECOSYSTEM" }, { "events": [ { "fixed": "13.11" }, { "introduced": "0" } ], "type": "ECOSYSTEM" }, { "events": [ { "fixed": "12.15" }, { "introduced": "0" } ], "type": "ECOSYSTEM" }, { "events": [ { "fixed": "11.20" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://www.postgresql.org/support/security/CVE-2023-2455/" ], "discovery": "2023-05-11T00:00:00Z", "references": { "cvename": [ "CVE-2023-2455" ] }, "vid": "4b636f50-f011-11ed-bbae-6cc21735f730" }, "details": "PostgreSQL Project reports\n\n> While CVE-2016-2193 fixed most interaction between row security and\n> user ID changes, it missed a scenario involving function inlining.\n> This leads to potentially incorrect policies being applied in cases\n> where role-specific policies are used and a given query is planned\n> under one role and then executed under other roles. This scenario can\n> happen under security definer functions or when a common user and\n> query is planned initially and then re-used across multiple SET ROLEs.\n> Applying an incorrect policy may permit a user to complete\n> otherwise-forbidden reads and modifications. This affects only\n> databases that have used CREATE POLICY to define a row security\n> policy.\n", "id": "FreeBSD-2023-0162", "modified": "2023-05-11T00:00:00Z", "published": "2023-05-11T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://www.postgresql.org/support/security/CVE-2023-2455/" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-2455" }, { "type": "WEB", "url": "https://www.postgresql.org/support/security/CVE-2023-2455/" } ], "schema_version": "1.7.0", "summary": "postgresql-server -- Row security policies disregard user ID changes after inlining" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "postgresql-server" }, "ranges": [ { "events": [ { "fixed": "15.3" }, { "introduced": "0" } ], "type": "ECOSYSTEM" }, { "events": [ { "fixed": "14.8" }, { "introduced": "0" } ], "type": "ECOSYSTEM" }, { "events": [ { "fixed": "13.11" }, { "introduced": "0" } ], "type": "ECOSYSTEM" }, { "events": [ { "fixed": "12.15" }, { "introduced": "0" } ], "type": "ECOSYSTEM" }, { "events": [ { "fixed": "11.20" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://www.postgresql.org/support/security/CVE-2023-2454/" ], "discovery": "2023-05-11T00:00:00Z", "references": { "cvename": [ "CVE-2023-2454" ] }, "vid": "fbb5a260-f00f-11ed-bbae-6cc21735f730" }, "details": "PostgreSQL Project reports\n\n> This enabled an attacker having database-level CREATE privilege to\n> execute arbitrary code as the bootstrap superuser. Database owners\n> have that right by default, and explicit grants may extend it to other\n> users.\n", "id": "FreeBSD-2023-0161", "modified": "2023-05-11T00:00:00Z", "published": "2023-05-11T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://www.postgresql.org/support/security/CVE-2023-2454/" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-2454" }, { "type": "WEB", "url": "https://www.postgresql.org/support/security/CVE-2023-2454/" } ], "schema_version": "1.7.0", "summary": "postgresql-server -- CREATE SCHEMA ... schema elements defeats protective search_path changes" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "vscode" }, "ranges": [ { "events": [ { "fixed": "1.78.1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-29338" ], "discovery": "2023-05-09T00:00:00Z", "references": { "cvename": [ "CVE-2023-29338" ] }, "vid": "7913fe6d-2c6e-40ba-a7d7-35696f3db2b6" }, "details": "secure@microsoft.com reports:\n\n> Visual Studio Code Information Disclosure Vulnerability\n>\n> A information disclosure vulnerability exists in VS Code 1.78.0 and\n> earlier versions on Windows when file system operations are performed\n> on malicious UNC paths. Examples include reading or resolving metadata\n> of such paths. An authorised attacker must send the user a malicious\n> file and convince the user to open it for the vulnerability to occur.\n> Exploiting this vulnerability could allow the disclosure of NTLM\n> hashes.\n", "id": "FreeBSD-2023-0160", "modified": "2023-05-10T00:00:00Z", "published": "2023-05-10T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-29338" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-29338" }, { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-29338" }, { "type": "WEB", "url": "https://github.com/microsoft/vscode/security/advisories/GHSA-mmfh-4pv3-39hr" } ], "schema_version": "1.7.0", "summary": "vscode -- Visual Studio Code Information Disclosure Vulnerability" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "glpi" }, "ranges": [ { "events": [ { "fixed": "10.0.7,1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://github.com/glpi-project/glpi/releases/tag/10.0.7" ], "discovery": "2023-03-20T00:00:00Z", "references": { "cvename": [ "CVE-2023-28849", "CVE-2023-28632", "CVE-2023-28838", "CVE-2023-28852", "CVE-2023-28636", "CVE-2023-28639", "CVE-2023-28634" ] }, "vid": "68958e18-ed94-11ed-9688-b42e991fc52e" }, "details": "glpi Project reports:\n\n> Multiple vulnerabilities found and fixed in this version:\n>\n> - High CVE-2023-28849: SQL injection and Stored XSS via inventory\n> agent request.\n> - High CVE-2023-28632: Account takeover by authenticated user.\n> - High CVE-2023-28838: SQL injection through dynamic reports.\n> - Moderate CVE-2023-28852: Stored XSS through dashboard\n> administration.\n> - Moderate CVE-2023-28636: Stored XSS on external links.\n> - Moderate CVE-2023-28639: Reflected XSS in search pages.\n> - Moderate CVE-2023-28634: Privilege Escalation from technician to\n> super-admin.\n> - Low CVE-2023-28633: Blind Server-Side Request Forgery (SSRF) in RSS\n> feeds.\n", "id": "FreeBSD-2023-0159", "modified": "2024-04-25T00:00:00Z", "published": "2023-05-08T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://github.com/glpi-project/glpi/releases/tag/10.0.7" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-28849" }, { "type": "ADVISORY", "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28849" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-28632" }, { "type": "ADVISORY", "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28632" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-28838" }, { "type": "ADVISORY", "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28838" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-28852" }, { "type": "ADVISORY", "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28852" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-28636" }, { "type": "ADVISORY", "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28636" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-28639" }, { "type": "ADVISORY", "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28639" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-28634" }, { "type": "ADVISORY", "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28634" } ], "schema_version": "1.7.0", "summary": "glpi -- multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "redis" }, "ranges": [ { "events": [ { "fixed": "7.0.11" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "redis62" }, "ranges": [ { "events": [ { "fixed": "6.2.12" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "redis6" }, "ranges": [ { "events": [ { "fixed": "6.0.19" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://github.com/redis/redis/security/advisories/GHSA-hjv8-vjf6-wcr6" ], "discovery": "2023-04-17T00:00:00Z", "references": { "cvename": [ "CVE-2023-28856" ] }, "vid": "96b2d4db-ddd2-11ed-b6ea-080027f5fec9" }, "details": "Redis core team reports:\n\n> Authenticated users can use the HINCRBYFLOAT command to create an\n> invalid hash field that may later crash Redis on access.\n", "id": "FreeBSD-2023-0158", "modified": "2023-05-08T00:00:00Z", "published": "2023-05-08T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://github.com/redis/redis/security/advisories/GHSA-hjv8-vjf6-wcr6" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-28856" }, { "type": "WEB", "url": "https://github.com/redis/redis/security/advisories/GHSA-hjv8-vjf6-wcr6" } ], "schema_version": "1.7.0", "summary": "redis -- HINCRBYFLOAT can be used to crash a redis-server process" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "gitlab-ce" }, "ranges": [ { "events": [ { "introduced": "15.11.0" }, { "fixed": "15.11.2" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "15.10.0" }, { "fixed": "15.10.6" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "9.0" }, { "fixed": "15.9.7" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://about.gitlab.com/releases/2023/05/05/critical-security-release-gitlab-15-11-2-released/" ], "discovery": "2023-05-05T00:00:00Z", "references": { "cvename": [ "CVE-2023-2478" ] }, "vid": "89fdbd85-ebd2-11ed-9c88-001b217b3468" }, "details": "Gitlab reports:\n\n> Malicious Runner Attachment via GraphQL\n", "id": "FreeBSD-2023-0157", "modified": "2023-05-06T00:00:00Z", "published": "2023-05-06T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://about.gitlab.com/releases/2023/05/05/critical-security-release-gitlab-15-11-2-released/" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-2478" }, { "type": "WEB", "url": "https://about.gitlab.com/releases/2023/05/05/critical-security-release-gitlab-15-11-2-released/" } ], "schema_version": "1.7.0", "summary": "Gitlab -- Multiple Vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "py37-django32" }, "ranges": [ { "events": [ { "fixed": "3.2.19" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "py38-django32" }, "ranges": [ { "events": [ { "fixed": "3.2.19" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "py39-django32" }, "ranges": [ { "events": [ { "fixed": "3.2.19" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "py310-django32" }, "ranges": [ { "events": [ { "fixed": "3.2.19" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "py311-django32" }, "ranges": [ { "events": [ { "fixed": "3.2.19" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "py38-django41" }, "ranges": [ { "events": [ { "fixed": "4.1.9" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "py39-django41" }, "ranges": [ { "events": [ { "fixed": "4.1.9" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "py310-django41" }, "ranges": [ { "events": [ { "fixed": "4.1.9" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "py311-django41" }, "ranges": [ { "events": [ { "fixed": "4.1.9" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "py38-django42" }, "ranges": [ { "events": [ { "fixed": "4.2.1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "py39-django42" }, "ranges": [ { "events": [ { "fixed": "4.2.1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "py310-django42" }, "ranges": [ { "events": [ { "fixed": "4.2.1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "py311-django42" }, "ranges": [ { "events": [ { "fixed": "4.2.1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://www.djangoproject.com/weblog/2023/may/03/security-releases/" ], "discovery": "2023-05-01T00:00:00Z", "references": { "cvename": [ "CVE-2023-31047" ] }, "vid": "d55e1b4d-eadc-11ed-9cc0-080027de9982" }, "details": "Django reports:\n\n> CVE-2023-31047: Potential bypass of validation when uploading multiple\n> files using one form field.\n", "id": "FreeBSD-2023-0156", "modified": "2023-05-05T00:00:00Z", "published": "2023-05-05T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://www.djangoproject.com/weblog/2023/may/03/security-releases/" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-31047" }, { "type": "WEB", "url": "https://www.djangoproject.com/weblog/2023/may/03/security-releases/" } ], "schema_version": "1.7.0", "summary": "Django -- multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "chromium" }, "ranges": [ { "events": [ { "fixed": "113.0.5672.63" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "ungoogled-chromium" }, "ranges": [ { "events": [ { "fixed": "113.0.5672.63" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://chromereleases.googleblog.com/2023/05/stable-channel-update-for-desktop.html" ], "discovery": "2023-05-03T00:00:00Z", "references": { "cvename": [ "CVE-2023-2459", "CVE-2023-2460", "CVE-2023-2461", "CVE-2023-2462", "CVE-2023-2463", "CVE-2023-2464", "CVE-2023-2465", "CVE-2023-2466", "CVE-2023-2467", "CVE-2023-2468" ] }, "vid": "246174d3-e979-11ed-8290-a8a1599412c6" }, "details": "Chrome Releases reports:\n\n> This update includes 15 security fixes:\n>\n> - \\[1423304\\] Medium CVE-2023-2459: Inappropriate implementation in\n> Prompts. Reported by Rong Jian of VRI on 2023-03-10\n> - \\[1419732\\] Medium CVE-2023-2460: Insufficient validation of\n> untrusted input in Extensions. Reported by Martin Bajanik,\n> Fingerprint\\[.\\]com on 2023-02-27\n> - \\[1350561\\] Medium CVE-2023-2461: Use after free in OS Inputs.\n> Reported by \\@ginggilBesel on 2022-08-06\n> - \\[1375133\\] Medium CVE-2023-2462: Inappropriate implementation in\n> Prompts. Reported by Alesandro Ortiz on 2022-10-17\n> - \\[1406120\\] Medium CVE-2023-2463: Inappropriate implementation in\n> Full Screen Mode. Reported by Irvan Kurniawan (sourc7) on 2023-01-10\n> - \\[1418549\\] Medium CVE-2023-2464: Inappropriate implementation in\n> PictureInPicture. Reported by Thomas Orlita on 2023-02-23\n> - \\[1399862\\] Medium CVE-2023-2465: Inappropriate implementation in\n> CORS. Reported by \\@kunte_ctf on 2022-12-10\n> - \\[1385714\\] Low CVE-2023-2466: Inappropriate implementation in\n> Prompts. Reported by Jasper Rebane (popstonia) on 2022-11-17\n> - \\[1413586\\] Low CVE-2023-2467: Inappropriate implementation in\n> Prompts. Reported by Thomas Orlita on 2023-02-07\n> - \\[1416380\\] Low CVE-2023-2468: Inappropriate implementation in\n> PictureInPicture. Reported by Alesandro Ortiz on 2023-02-15\n", "id": "FreeBSD-2023-0155", "modified": "2023-05-03T00:00:00Z", "published": "2023-05-03T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://chromereleases.googleblog.com/2023/05/stable-channel-update-for-desktop.html" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-2459" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-2460" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-2461" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-2462" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-2463" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-2464" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-2465" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-2466" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-2467" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-2468" }, { "type": "WEB", "url": "https://chromereleases.googleblog.com/2023/05/stable-channel-update-for-desktop.html" } ], "schema_version": "1.7.0", "summary": "chromium -- multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "gitlab-ce" }, "ranges": [ { "events": [ { "introduced": "15.11.0" }, { "fixed": "15.11.1" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "15.10.0" }, { "fixed": "15.10.5" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "9.0" }, { "fixed": "15.9.6" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://about.gitlab.com/releases/2023/05/02/security-release-gitlab-15-11-1-released/" ], "discovery": "2023-05-02T00:00:00Z", "references": { "cvename": [ "CVE-2023-2182", "CVE-2023-1965", "CVE-2023-1621", "CVE-2023-2069", "CVE-2023-1178", "CVE-2023-0805", "CVE-2023-0756", "CVE-2023-1836", "CVE-2022-4376" ] }, "vid": "4ffcccae-e924-11ed-9c88-001b217b3468" }, "details": "Gitlab reports:\n\n> Privilege escalation for external users when OIDC is enabled under\n> certain conditions\n>\n> Account takeover through open redirect for Group SAML accounts\n>\n> Users on banned IP addresses can still commit to projects\n>\n> User with developer role (group) can modify Protected branches setting\n> on imported project and leak group CI/CD variables\n>\n> The Gitlab web interface does not guarantee file integrity when\n> downloading source code or installation packages from a tag or from a\n> release.\n>\n> Banned group member continues to have access to the public projects of\n> a public group with the access level as same as before the ban.\n>\n> The main branch of a repository with a specially designed name allows\n> an attacker to create repositories with malicious code.\n>\n> XSS and content injection and iframe injection when viewing raw files\n> on iOS devices\n>\n> Authenticated users can find other users by their private email\n", "id": "FreeBSD-2023-0154", "modified": "2023-05-02T00:00:00Z", "published": "2023-05-02T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://about.gitlab.com/releases/2023/05/02/security-release-gitlab-15-11-1-released/" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-2182" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-1965" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-1621" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-2069" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-1178" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-0805" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-0756" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-1836" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-4376" }, { "type": "WEB", "url": "https://about.gitlab.com/releases/2023/05/02/security-release-gitlab-15-11-1-released/" } ], "schema_version": "1.7.0", "summary": "Gitlab -- Multiple Vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "cloud-init" }, "ranges": [ { "events": [ { "fixed": "23.1.2" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "cloud-init-devel" }, "ranges": [ { "events": [ { "fixed": "23.1.2" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://bugs.launchpad.net/cloud-init/+bug/2013967" ], "discovery": "2023-04-26T00:00:00Z", "references": { "cvename": [ "CVE-2023-1786" ] }, "vid": "02562a78-e6b7-11ed-b0ce-b42e991fc52e" }, "details": "security@ubuntu.com reports:\n\n> Sensitive data could be exposed in logs of cloud-init before version\n> 23.1.2. An attacker could use this information to find hashed\n> passwords and possibly escalate their privilege.\n", "id": "FreeBSD-2023-0153", "modified": "2023-04-29T00:00:00Z", "published": "2023-04-29T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://bugs.launchpad.net/cloud-init/+bug/2013967" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-1786" }, { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-1786" } ], "schema_version": "1.7.0", "summary": "cloud-init -- sensitive data exposure in cloud-init logs" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "h2o" }, "ranges": [ { "events": [ { "last_affected": "2.2.6" }, { "fixed": "2.2.6" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "h2o-devel" }, "ranges": [ { "events": [ { "fixed": "2.3.0.d.20230427" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://github.com/h2o/h2o/issues/3228" ], "discovery": "2023-04-27T00:00:00Z", "references": { "cvename": [ "CVE-2023-30847" ] }, "vid": "4da51989-5a8b-4eb9-b442-46d94ec0802d" }, "details": "Elijah Glover reports:\n\n> Malformed HTTP/1.1 requests can crash worker processes. occasionally\n> locking up child workers and causing denial of service, and an outage\n> dropping any open connections.\n", "id": "FreeBSD-2023-0152", "modified": "2023-04-30T00:00:00Z", "published": "2023-04-30T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://github.com/h2o/h2o/issues/3228" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-30847" }, { "type": "WEB", "url": "https://github.com/h2o/h2o/security/advisories/GHSA-p5hj-phwj-hrvx" } ], "schema_version": "1.7.0", "summary": "h2o -- Malformed HTTP/1.1 causes Out-of-Memory Denial of Service" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "git" }, "ranges": [ { "events": [ { "fixed": "2.40.1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "git-lite" }, "ranges": [ { "events": [ { "fixed": "2.40.1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "git-tiny" }, "ranges": [ { "events": [ { "fixed": "2.40.1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "INSERT URL HERE" ], "discovery": "2023-04-25T00:00:00Z", "references": { "cvename": [ "CVE-2023-25652", "CVE-2023-29007" ] }, "vid": "d2c6173f-e43b-11ed-a1d7-002590f2a714" }, "details": "git developers reports:\n\n> This update includes 2 security fixes:\n>\n> - CVE-2023-25652: By feeding specially crafted input to \\`git apply\n> \\--reject\\`, a path outside the working tree can be overwritten with\n> partially controlled contents (corresponding to the rejected hunk(s)\n> from the given patch)\n> - CVE-2023-29007: A specially crafted \\`.gitmodules\\` file with\n> submodule URLs that are longer than 1024 characters can used to\n> exploit a bug that can be used to inject arbitrary configuration\n> into user\\'s git config. This can result in arbitrary execution of\n> code, by inserting values for core.pager, core.editor and so on\n", "id": "FreeBSD-2023-0151", "modified": "2023-04-26T00:00:00Z", "published": "2023-04-26T00:00:00Z", "references": [ { "type": "REPORT", "url": "INSERT URL HERE" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-25652" }, { "type": "WEB", "url": "https://github.com/git/git/security/advisories/GHSA-2hvf-7c8p-28fx" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-29007" }, { "type": "WEB", "url": "https://github.com/git/git/security/advisories/GHSA-v48j-4xgg-4844" } ], "schema_version": "1.7.0", "summary": "git -- Multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "grafana" }, "ranges": [ { "events": [ { "fixed": "8.5.24" }, { "introduced": "0" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "9.0.0" }, { "fixed": "9.2.17" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "9.3.0" }, { "fixed": "9.3.13" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "9.4.0" }, { "fixed": "9.4.9" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "grafana8" }, "ranges": [ { "events": [ { "fixed": "8.5.24" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "grafana9" }, "ranges": [ { "events": [ { "fixed": "9.2.17" }, { "introduced": "0" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "9.3.0" }, { "fixed": "9.3.13" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "9.4.0" }, { "fixed": "9.4.9" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://grafana.com/blog/2023/04/26/precautionary-patches-for-grafana-released-following-critical-go-vulnerability-cve-2023-24538/" ], "discovery": "2023-04-19T00:00:00Z", "references": { "cvename": [ "CVE-2023-24538" ] }, "vid": "0b85b1cd-e468-11ed-834b-6c3be5272acd" }, "details": "Grafana Labs reports:\n\n> An issue in how go handles backticks (\\`) with Javascript can lead to\n> an injection of arbitrary code into go templates. While Grafana Labs\n> software contains potentially vulnerable versions of go, we have not\n> identified any exploitable use cases at this time.\n>\n> The CVSS score for this vulnerability is 0.0 (adjusted), 9.8 (base).\n", "id": "FreeBSD-2023-0150", "modified": "2023-04-26T00:00:00Z", "published": "2023-04-26T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://grafana.com/blog/2023/04/26/precautionary-patches-for-grafana-released-following-critical-go-vulnerability-cve-2023-24538/" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-24538" }, { "type": "WEB", "url": "https://grafana.com/blog/2023/04/26/precautionary-patches-for-grafana-released-following-critical-go-vulnerability-cve-2023-24538/" } ], "schema_version": "1.7.0", "summary": "Grafana -- Critical vulnerability in golang" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "grafana" }, "ranges": [ { "events": [ { "introduced": "9.1.0" }, { "fixed": "9.2.17" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "9.3.0" }, { "fixed": "9.3.13" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "9.4.0" }, { "fixed": "9.4.9" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "grafana9" }, "ranges": [ { "events": [ { "introduced": "9.1.0" }, { "fixed": "9.2.17" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "9.3.0" }, { "fixed": "9.3.13" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "9.4.0" }, { "fixed": "9.4.9" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://grafana.com/blog/2023/04/26/grafana-security-release-new-versions-of-grafana-with-security-fixes-for-cve-2023-28119-and-cve-2023-1387/" ], "discovery": "2023-04-26T00:00:00Z", "references": { "cvename": [ "CVE-2023-1387" ] }, "vid": "5e257b0d-e466-11ed-834b-6c3be5272acd" }, "details": "Grafana Labs reports:\n\n> When setting up Grafana, there is an option to enable [JWT\n> authentication](https://grafana.com/docs/grafana/latest/setup-grafana/configure-security/configure-authentication/jwt/).\n> Enabling this will allow users to authenticate towards the Grafana\n> instance with a special header (default `X-JWT-Assertion` ).\n>\n> In Grafana, there is an additional way to authenticate using JWT\n> called [URL\n> login](https://grafana.com/docs/grafana/latest/setup-grafana/configure-security/configure-authentication/jwt/#url-login)\n> where the token is passed as a query parameter.\n>\n> When using this option, a JWT token is passed to the data source as a\n> header, which leads to exposure of sensitive information to an\n> unauthorized party.\n>\n> The CVSS score for this vulnerability is 4.2 Medium\n", "id": "FreeBSD-2023-0149", "modified": "2023-04-26T00:00:00Z", "published": "2023-04-26T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://grafana.com/blog/2023/04/26/grafana-security-release-new-versions-of-grafana-with-security-fixes-for-cve-2023-28119-and-cve-2023-1387/" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-1387" }, { "type": "WEB", "url": "https://grafana.com/security/security-advisories/cve-2023-1387/" } ], "schema_version": "1.7.0", "summary": "Grafana -- Exposure of sensitive information to an unauthorized actor" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "element-web" }, "ranges": [ { "events": [ { "fixed": "1.11.30" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://github.com/advisories/GHSA-xv83-x443-7rmw" ], "discovery": "2023-04-25T00:00:00Z", "references": { "cvename": [ "CVE-2023-30609" ] }, "vid": "c676bb1b-e3f8-11ed-b37b-901b0e9408dc" }, "details": "Matrix developers report:\n\n> matrix-react-sdk is a react-based SDK for inserting a Matrix chat/VoIP\n> client into a web page. Prior to version 3.71.0, plain text messages\n> containing HTML tags are rendered as HTML in the search results. To\n> exploit this, an attacker needs to trick a user into searching for a\n> specific message containing an HTML injection payload. No cross-site\n> scripting attack is possible due to the hardcoded content security\n> policy. Version 3.71.0 of the SDK patches over the issue. As a\n> workaround, restarting the client will clear the HTML injection.\n", "id": "FreeBSD-2023-0148", "modified": "2023-04-26T00:00:00Z", "published": "2023-04-26T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://github.com/advisories/GHSA-xv83-x443-7rmw" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-30609" }, { "type": "ADVISORY", "url": "https://github.com/advisories/GHSA-xv83-x443-7rmw" } ], "schema_version": "1.7.0", "summary": "element-web -- matrix-react-sdk vulnerable to HTML injection in search results via plaintext message highlighting" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "jellyfin" }, "ranges": [ { "events": [ { "fixed": "10.8.10" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://github.com/jellyfin/jellyfin-web/security/advisories/GHSA-89hp-h43h-r5pq" ], "discovery": "2023-04-24T00:00:00Z", "references": { "cvename": [ "CVE-2023-30626", "CVE-2023-30627" ] }, "vid": "4ee322e9-e363-11ed-b934-b42e991fc52e" }, "details": "security-advisories@github.com reports:\n\n> Jellyfin is a free-software media system. Versions starting with\n> 10.8.0 and prior to 10.8.10 and prior have a directory traversal\n> vulnerability inside the \\`ClientLogController\\`, specifically\n> \\`/ClientLog/Document\\`. When combined with a cross-site scripting\n> vulnerability (CVE-2023-30627), this can result in file write and\n> arbitrary code execution. Version 10.8.10 has a patch for this issue.\n> There are no known workarounds.\n", "id": "FreeBSD-2023-0147", "modified": "2023-04-25T00:00:00Z", "published": "2023-04-25T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://github.com/jellyfin/jellyfin-web/security/advisories/GHSA-89hp-h43h-r5pq" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-30626" }, { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-30626" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-30627" }, { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-30627" } ], "schema_version": "1.7.0", "summary": "jellyfin -- Multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "phpmyfaq" }, "ranges": [ { "events": [ { "fixed": "3.1.13" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://www.phpmyfaq.de/security/advisory-2023-04-23" ], "discovery": "2023-04-23T00:00:00Z", "vid": "bb528d7c-e2c6-11ed-a3e6-589cfc0f81b0" }, "details": "phpmyfaq developers report:\n\n> XSS\n>\n> email address manipulation\n", "id": "FreeBSD-2023-0146", "modified": "2023-04-24T00:00:00Z", "published": "2023-04-24T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://www.phpmyfaq.de/security/advisory-2023-04-23" }, { "type": "WEB", "url": "https://huntr.dev/bounties/20d3a0b3-2693-4bf1-b196-10741201a540/" }, { "type": "WEB", "url": "https://huntr.dev/bounties/89005a6d-d019-4cb7-ae88-486d2d44190d/" }, { "type": "WEB", "url": "https://huntr.dev/bounties/cee65b6d-b003-4e6a-9d14-89aa94bee43e/" }, { "type": "WEB", "url": "https://huntr.dev/bounties/840c8d91-c97e-4116-a9f8-4ab1a38d239b/" } ], "schema_version": "1.7.0", "summary": "phpmyfaq -- multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "mysql-connector-java" }, "ranges": [ { "events": [ { "fixed": "8.0.33" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "mysql-client57" }, "ranges": [ { "events": [ { "fixed": "5.7.42" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "mysql-server57" }, "ranges": [ { "events": [ { "fixed": "5.7.42" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "mysql-client80" }, "ranges": [ { "events": [ { "fixed": "8.0.33" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "mysql-server80" }, "ranges": [ { "events": [ { "fixed": "8.0.33" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://www.oracle.com/security-alerts/cpuapr2023.html#AppendixMSQL" ], "discovery": "2023-04-19T00:00:00Z", "references": { "cvename": [ "CVE-2022-37434", "CVE-2023-21912", "CVE-2023-21980", "CVE-2023-21946", "CVE-2023-21929", "CVE-2023-21971", "CVE-2023-21911", "CVE-2023-21962", "CVE-2023-21919", "CVE-2023-21933", "CVE-2023-21972", "CVE-2023-21966", "CVE-2023-21913", "CVE-2023-21917", "CVE-2023-21920", "CVE-2023-21935", "CVE-2023-21945", "CVE-2023-21976", "CVE-2023-21977", "CVE-2023-21982", "CVE-2023-21953", "CVE-2023-21955", "CVE-2023-21940", "CVE-2023-21947", "CVE-2023-21963" ] }, "vid": "f504a8d2-e105-11ed-85f6-84a93843eb75" }, "details": "Oracle reports:\n\n> This Critical Patch Update contains 34 new security patches, plus\n> additional third party patches noted below, for Oracle MySQL. 11 of\n> these vulnerabilities may be remotely exploitable without\n> authentication, i.e., may be exploited over a network without\n> requiring user credentials.\n", "id": "FreeBSD-2023-0145", "modified": "2023-04-22T00:00:00Z", "published": "2023-04-22T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://www.oracle.com/security-alerts/cpuapr2023.html#AppendixMSQL" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-37434" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-21912" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-21980" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-21946" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-21929" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-21971" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-21911" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-21962" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-21919" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-21933" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-21972" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-21966" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-21913" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-21917" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-21920" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-21935" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-21945" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-21976" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-21977" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-21982" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-21953" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-21955" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-21940" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-21947" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-21963" }, { "type": "WEB", "url": "https://www.oracle.com/security-alerts/cpuapr2023.html#AppendixMSQL" } ], "schema_version": "1.7.0", "summary": "MySQL -- Multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "chromium" }, "ranges": [ { "events": [ { "fixed": "112.0.5615.165" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "ungoogled-chromium" }, "ranges": [ { "events": [ { "fixed": "112.0.5615.165" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://chromereleases.googleblog.com/2023/04/stable-channel-update-for-desktop_18.html" ], "discovery": "2023-04-20T00:00:00Z", "references": { "cvename": [ "CVE-2023-2133", "CVE-2023-2134", "CVE-2023-2135", "CVE-2023-2136", "CVE-2023-2137" ] }, "vid": "90c48c04-d549-4fc0-a503-4775e32d438e" }, "details": "Chrome Releases reports:\n\n> This update includes 8 security fixes:\n>\n> - \\[1429197\\] High CVE-2023-2133: Out of bounds memory access in\n> Service Worker API. Reported by Rong Jian of VRI on 2023-03-30\n> - \\[1429201\\] High CVE-2023-2134: Out of bounds memory access in\n> Service Worker API. Reported by Rong Jian of VRI on 2023-03-30\n> - \\[1424337\\] High CVE-2023-2135: Use after free in DevTools. Reported\n> by Cassidy Kim(@cassidy6564) on 2023-03-14\n> - \\[1432603\\] High CVE-2023-2136: Integer overflow in Skia. Reported\n> by Cl\u00e9ment Lecigne of Google\\'s Threat Analysis Group on 2023-04-12\n> - \\[1430644\\] Medium CVE-2023-2137: Heap buffer overflow in sqlite.\n> Reported by Nan Wang(@eternalsakura13) and Guang Gong of 360\n> Vulnerability Research Institute on 2023-04-05\n", "id": "FreeBSD-2023-0144", "modified": "2023-04-20T00:00:00Z", "published": "2023-04-20T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://chromereleases.googleblog.com/2023/04/stable-channel-update-for-desktop_18.html" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-2133" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-2134" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-2135" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-2136" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-2137" }, { "type": "WEB", "url": "https://chromereleases.googleblog.com/2023/04/stable-channel-update-for-desktop_18.html" } ], "schema_version": "1.7.0", "summary": "chromium -- multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "libxml2" }, "ranges": [ { "events": [ { "fixed": "2.10.4" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://gitlab.gnome.org/GNOME/libxml2/-/releases/v2.10.4" ], "discovery": "2023-04-11T00:00:00Z", "references": { "cvename": [ "CVE-2023-28484", "CVE-2023-29469" ] }, "vid": "0bd7f07b-dc22-11ed-bf28-589cfc0f81b0" }, "details": "The libxml2 project reports:\n\n> Hashing of empty dict strings isn\\'t deterministic\n>\n> Fix null deref in xmlSchemaFixupComplexType\n", "id": "FreeBSD-2023-0143", "modified": "2023-04-16T00:00:00Z", "published": "2023-04-16T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://gitlab.gnome.org/GNOME/libxml2/-/releases/v2.10.4" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-28484" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-29469" }, { "type": "REPORT", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2185984" }, { "type": "REPORT", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2185994" } ], "schema_version": "1.7.0", "summary": "libxml2 -- multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "ap24-mod_gnutls" }, "ranges": [ { "events": [ { "fixed": "0.12.1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://lists.gnupg.org/pipermail/mod_gnutls-devel/2023-February/000221.html" ], "discovery": "2023-02-23T00:00:00Z", "references": { "cvename": [ "CVE-2023-25824" ] }, "vid": "e8b20517-dbb6-11ed-bf28-589cfc0f81b0" }, "details": "The mod_gnutls project reports:\n\n> Mod_gnutls is a TLS module for Apache HTTPD based on GnuTLS. Versions\n> from 0.9.0 to 0.12.0 (including) did not properly fail blocking read\n> operations on TLS connections when the transport hit timeouts. Instead\n> it entered an endless loop retrying the read operation, consuming CPU\n> resources. This could be exploited for denial of service attacks. If\n> trace level logging was enabled, it would also produce an excessive\n> amount of log output during the loop, consuming disk space.\n", "id": "FreeBSD-2023-0142", "modified": "2023-04-15T00:00:00Z", "published": "2023-04-15T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://lists.gnupg.org/pipermail/mod_gnutls-devel/2023-February/000221.html" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-25824" }, { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-25824" }, { "type": "WEB", "url": "https://mod.gnutls.org/browser/mod_gnutls/CHANGELOG?rev=17b2836dc3e27754159ffb098323a4cd4426192f" } ], "schema_version": "1.7.0", "summary": "mod_gnutls -- Infinite Loop on request read timeout" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "chromium" }, "ranges": [ { "events": [ { "fixed": "112.0.5615.121" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "ungoogled-chromium" }, "ranges": [ { "events": [ { "fixed": "112.0.5615.121" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://chromereleases.googleblog.com/2023/04/stable-channel-update-for-desktop_14.html" ], "discovery": "2023-04-14T00:00:00Z", "references": { "cvename": [ "CVE-2023-2033" ] }, "vid": "6f0327d4-9902-4042-9b68-6fc2266944bc" }, "details": "Chrome Releases reports:\n\n> This update includes 2 security fixes:\n>\n> - \\[1432210\\] High CVE-2023-2033: Type Confusion in V8. Reported by\n> Cl\u00e9ment Lecigne of Google\\'s Threat Analysis Group on 2023-04-11\n", "id": "FreeBSD-2023-0141", "modified": "2023-04-15T00:00:00Z", "published": "2023-04-15T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://chromereleases.googleblog.com/2023/04/stable-channel-update-for-desktop_14.html" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-2033" }, { "type": "WEB", "url": "https://chromereleases.googleblog.com/2023/04/stable-channel-update-for-desktop_14.html" } ], "schema_version": "1.7.0", "summary": "chromium -- multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "ghostscript" }, "ranges": [ { "events": [ { "fixed": "10.01.1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "ghostscript7-base" }, "ranges": [ { "events": [ { "fixed": "10.01.1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "ghostscript7-commfont" }, "ranges": [ { "events": [ { "fixed": "10.01.1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "ghostscript7-jpnfont" }, "ranges": [ { "events": [ { "fixed": "10.01.1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "ghostscript7-korfont" }, "ranges": [ { "events": [ { "fixed": "10.01.1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "ghostscript7-x11" }, "ranges": [ { "events": [ { "fixed": "10.01.1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "ghostscript8-base" }, "ranges": [ { "events": [ { "fixed": "10.01.1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "ghostscript8-x11" }, "ranges": [ { "events": [ { "fixed": "10.01.1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "ghostscript9-agpl-base" }, "ranges": [ { "events": [ { "fixed": "9.56.1_10" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "http://www.openwall.com/lists/oss-security/2023/04/12/4" ], "discovery": "2023-03-23T00:00:00Z", "references": { "cvename": [ "CVE-2023-28879" ] }, "vid": "25872b25-da2d-11ed-b715-a1e76793953b" }, "details": "cve@mitre.org reports:\n\n> In Artifex Ghostscript through 10.01.0, there is a buffer overflow\n> leading to potential corruption of data internal to the PostScript\n> interpreter, in base/sbcp.c. This affects BCPEncode, BCPDecode,\n> TBCPEncode, and TBCPDecode. If the write buffer is filled to one byte\n> less than full, and one then tries to write an escaped character, two\n> bytes are written.\n", "id": "FreeBSD-2023-0140", "modified": "2023-04-28T00:00:00Z", "published": "2023-04-13T00:00:00Z", "references": [ { "type": "REPORT", "url": "http://www.openwall.com/lists/oss-security/2023/04/12/4" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-28879" }, { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-28879" }, { "type": "WEB", "url": "https://artifex.com/news/critical-security-vulnerability-fixed-in-ghostscript" } ], "schema_version": "1.7.0", "summary": "ghostscript -- exploitable buffer overflow in (T)BCP in PS interpreter" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "zeek" }, "ranges": [ { "events": [ { "fixed": "5.0.8" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://github.com/zeek/zeek/releases/tag/v5.0.8" ], "discovery": "2023-04-12T00:00:00Z", "vid": "96d6809a-81df-46d4-87ed-2f78c79f06b1" }, "details": "Tim Wojtulewicz of Corelight reports:\n\n> Receiving DNS responses from async DNS requests (via A\n> specially-crafted stream of FTP packets containing a command reply\n> with many intermediate lines can cause Zeek to spend a large amount of\n> time processing data.\n>\n> A specially-crafted set of packets containing extremely large file\n> offsets cause cause the reassembler code to allocate large amounts of\n> memory.\n>\n> The DNS manager does not correctly expire responses that don\\'t\n> contain any data, such those containing NXDOMAIN or NODATA status\n> codes. This can lead to Zeek allocating large amounts of memory for\n> these responses and never deallocating them.\n>\n> A specially-crafted stream of RDP packets can cause Zeek to spend\n> large protocol validation.\n>\n> A specially-crafted stream of SMTP packets can cause Zeek to spend\n> large amounts of time processing data.\n", "id": "FreeBSD-2023-0139", "modified": "2023-04-12T00:00:00Z", "published": "2023-04-12T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://github.com/zeek/zeek/releases/tag/v5.0.8" }, { "type": "WEB", "url": "https://github.com/zeek/zeek/releases/tag/v5.0.8" } ], "schema_version": "1.7.0", "summary": "zeek -- potential DoS vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "py37-beaker" }, "ranges": [ { "events": [ { "last_affected": "1.12.1" }, { "fixed": "1.12.1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "py38-beaker" }, "ranges": [ { "events": [ { "last_affected": "1.12.1" }, { "fixed": "1.12.1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "py39-beaker" }, "ranges": [ { "events": [ { "last_affected": "1.12.1" }, { "fixed": "1.12.1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "py310-beaker" }, "ranges": [ { "events": [ { "last_affected": "1.12.1" }, { "fixed": "1.12.1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "py311-beaker" }, "ranges": [ { "events": [ { "last_affected": "1.12.1" }, { "fixed": "1.12.1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://osv.dev/vulnerability/PYSEC-2020-216" ], "discovery": "2020-06-26T00:00:00Z", "references": { "cvename": [ "CVE-2013-7489" ] }, "vid": "b54abe9d-7024-4d10-98b2-180cf1717766" }, "details": "matheusbrat reports:\n\n> The Beaker library through 1.12.1 for Python is affected by\n> deserialization of untrusted data, which could lead to arbitrary code\n> execution.\n", "id": "FreeBSD-2023-0138", "modified": "2023-04-10T00:00:00Z", "published": "2023-04-10T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://osv.dev/vulnerability/PYSEC-2020-216" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2013-7489" }, { "type": "WEB", "url": "https://osv.dev/vulnerability/PYSEC-2020-216" } ], "schema_version": "1.7.0", "summary": "py-beaker -- arbitrary code execution vulnerability" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "py37-psutil121" }, "ranges": [ { "events": [ { "fixed": "5.6.6" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "py38-psutil121" }, "ranges": [ { "events": [ { "fixed": "5.6.6" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "py39-psutil121" }, "ranges": [ { "events": [ { "fixed": "5.6.6" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "py310-psutil121" }, "ranges": [ { "events": [ { "fixed": "5.6.6" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "py311-psutil121" }, "ranges": [ { "events": [ { "fixed": "5.6.6" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://osv.dev/vulnerability/PYSEC-2019-41" ], "discovery": "2019-11-12T00:00:00Z", "references": { "cvename": [ "CVE-2019-18874" ] }, "vid": "374793ad-2720-4c4a-b86c-fc4a1780deac" }, "details": "ret2libc reports:\n\n> psutil (aka python-psutil) through 5.6.5 can have a double free.\n>\n> This occurs because of refcount mishandling within a while or for loop\n> that converts system data into a Python object.\n", "id": "FreeBSD-2023-0137", "modified": "2023-04-10T00:00:00Z", "published": "2023-04-10T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://osv.dev/vulnerability/PYSEC-2019-41" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-18874" }, { "type": "WEB", "url": "https://osv.dev/vulnerability/PYSEC-2019-41" }, { "type": "WEB", "url": "https://osv.dev/vulnerability/GHSA-qfc5-mcwq-26q8" } ], "schema_version": "1.7.0", "summary": "py-psutil -- double free vulnerability" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "py37-ansible" }, "ranges": [ { "events": [ { "last_affected": "7.2.0" }, { "fixed": "7.2.0" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "py38-ansible" }, "ranges": [ { "events": [ { "last_affected": "7.2.0" }, { "fixed": "7.2.0" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "py39-ansible" }, "ranges": [ { "events": [ { "last_affected": "7.2.0" }, { "fixed": "7.2.0" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "py310-ansible" }, "ranges": [ { "events": [ { "last_affected": "7.2.0" }, { "fixed": "7.2.0" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "py311-ansible" }, "ranges": [ { "events": [ { "last_affected": "7.2.0" }, { "fixed": "7.2.0" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://osv.dev/vulnerability/PYSEC-2020-220", "https://osv.dev/vulnerability/PYSEC-2020-221" ], "discovery": "2020-10-05T00:00:00Z", "references": { "cvename": [ "CVE-2020-25635", "CVE-2020-25636" ] }, "vid": "e1b77733-a982-442e-8796-a200571bfcf2" }, "details": "abeluck reports:\n\n> A flaw was found in Ansible Base when using the aws_ssm connection\n> plugin as garbage collector is not happening after playbook run is\n> completed.\n>\n> Files would remain in the bucket exposing the data.\n>\n> This issue affects directly data confidentiality.\n\n> A flaw was found in Ansible Base when using the aws_ssm connection\n> plugin as there is no namespace separation for file transfers.\n>\n> Files are written directly to the root bucket, making possible to have\n> collisions when running multiple ansible processes.\n>\n> This issue affects mainly the service availability.\n", "id": "FreeBSD-2023-0136", "modified": "2023-04-10T00:00:00Z", "published": "2023-04-10T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://osv.dev/vulnerability/PYSEC-2020-220" }, { "type": "REPORT", "url": "https://osv.dev/vulnerability/PYSEC-2020-221" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-25635" }, { "type": "WEB", "url": "https://osv.dev/vulnerability/PYSEC-2020-220" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-25636" }, { "type": "WEB", "url": "https://osv.dev/vulnerability/PYSEC-2020-221" } ], "schema_version": "1.7.0", "summary": "py-ansible -- multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "py37-ansible" }, "ranges": [ { "events": [ { "last_affected": "7.1.0" }, { "fixed": "7.1.0" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "py38-ansible" }, "ranges": [ { "events": [ { "last_affected": "7.1.0" }, { "fixed": "7.1.0" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "py39-ansible" }, "ranges": [ { "events": [ { "last_affected": "7.1.0" }, { "fixed": "7.1.0" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "py310-ansible" }, "ranges": [ { "events": [ { "last_affected": "7.1.0" }, { "fixed": "7.1.0" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "py311-ansible" }, "ranges": [ { "events": [ { "last_affected": "7.1.0" }, { "fixed": "7.1.0" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://osv.dev/vulnerability/PYSEC-2021-125" ], "discovery": "2021-06-09T00:00:00Z", "references": { "cvename": [ "CVE-2021-3532" ] }, "vid": "f418cd50-561a-49a2-a133-965d03ede72a" }, "details": "Tapas jena reports:\n\n> A flaw was found in Ansible where the secret information present in\n> async_files are getting disclosed when the user changes the jobdir to\n> a world readable directory.\n>\n> Any secret information in an async status file will be readable by a\n> malicious user on that system.\n>\n> This flaw affects Ansible Tower 3.7 and Ansible Automation Platform\n> 1.2.\n", "id": "FreeBSD-2023-0135", "modified": "2023-04-10T00:00:00Z", "published": "2023-04-10T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://osv.dev/vulnerability/PYSEC-2021-125" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-3532" }, { "type": "WEB", "url": "https://osv.dev/vulnerability/PYSEC-2021-125" } ], "schema_version": "1.7.0", "summary": "py-ansible -- data leak vulnerability" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "py37-kerberos" }, "ranges": [ { "events": [ { "last_affected": "1.3.1" }, { "fixed": "1.3.1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "py38-kerberos" }, "ranges": [ { "events": [ { "last_affected": "1.3.1" }, { "fixed": "1.3.1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "py39-kerberos" }, "ranges": [ { "events": [ { "last_affected": "1.3.1" }, { "fixed": "1.3.1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "py310-kerberos" }, "ranges": [ { "events": [ { "last_affected": "1.3.1" }, { "fixed": "1.3.1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "py311-kerberos" }, "ranges": [ { "events": [ { "last_affected": "1.3.1" }, { "fixed": "1.3.1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://osv.dev/vulnerability/PYSEC-2017-49" ], "discovery": "2017-08-25T00:00:00Z", "references": { "cvename": [ "CVE-2015-3206" ] }, "vid": "2acdf364-9f8d-4aaf-8d1b-867fdfd771c6" }, "details": "macosforgebot reports:\n\n> The checkPassword function in python-kerberos does not authenticate\n> the KDC it attempts to communicate with, which allows remote attackers\n> to cause a denial of service (bad response), or have other unspecified\n> impact by performing a man-in-the-middle attack.\n", "id": "FreeBSD-2023-0134", "modified": "2023-04-10T00:00:00Z", "published": "2023-04-10T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://osv.dev/vulnerability/PYSEC-2017-49" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2015-3206" }, { "type": "WEB", "url": "https://osv.dev/vulnerability/PYSEC-2017-49" } ], "schema_version": "1.7.0", "summary": "py-kerberos -- DoS and MitM vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "py37-cryptography" }, "ranges": [ { "events": [ { "fixed": "39.0.1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "py38-cryptography" }, "ranges": [ { "events": [ { "fixed": "39.0.1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "py39-cryptography" }, "ranges": [ { "events": [ { "fixed": "39.0.1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "py310-cryptography" }, "ranges": [ { "events": [ { "fixed": "39.0.1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "py311-cryptography" }, "ranges": [ { "events": [ { "fixed": "39.0.1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://osv.dev/vulnerability/GHSA-x4qr-2fvf-3mr5" ], "discovery": "2023-02-08T00:00:00Z", "references": { "cvename": [ "CVE-2023-0286" ] }, "vid": "c1a8ed1c-2814-4260-82aa-9e37c83aac93" }, "details": "> pyca/cryptography\\'s wheels include a statically linked copy of\n> OpenSSL.\n>\n> The versions of OpenSSL included in cryptography 0.8.1-39.0.0 are\n> vulnerable to a security issue.\n>\n> More details about the vulnerabilities themselves can be found in\n> https://www.openssl.org/news/secadv/20221213.txt and\n> https://www.openssl.org/news/secadv/20230207.txt.\n>\n> If you are building cryptography source (\\\"sdist\\\") then you are\n> responsible for upgrading your copy of OpenSSL.\n>\n> Only users installing from wheels built by the cryptography project\n> (i.e., those distributed on PyPI) need to update their cryptography\n> versions.\n", "id": "FreeBSD-2023-0133", "modified": "2023-04-10T00:00:00Z", "published": "2023-04-10T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://osv.dev/vulnerability/GHSA-x4qr-2fvf-3mr5" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-0286" }, { "type": "WEB", "url": "https://osv.dev/vulnerability/GHSA-x4qr-2fvf-3mr5" } ], "schema_version": "1.7.0", "summary": "py-cryptography -- includes a vulnerable copy of OpenSSL" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "py37-cryptography" }, "ranges": [ { "events": [ { "introduced": "1.8" }, { "fixed": "39.0.1" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "py38-cryptography" }, "ranges": [ { "events": [ { "introduced": "1.8" }, { "fixed": "39.0.1" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "py39-cryptography" }, "ranges": [ { "events": [ { "introduced": "1.8" }, { "fixed": "39.0.1" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "py310-cryptography" }, "ranges": [ { "events": [ { "introduced": "1.8" }, { "fixed": "39.0.1" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "py311-cryptography" }, "ranges": [ { "events": [ { "introduced": "1.8" }, { "fixed": "39.0.1" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://osv.dev/vulnerability/GHSA-w7pp-m8wf-vj6r" ], "discovery": "2023-02-07T00:00:00Z", "references": { "cvename": [ "CVE-2023-23931" ] }, "vid": "a32ef450-9781-414b-a944-39f2f61677f2" }, "details": "alex reports:\n\n> Previously, \\`Cipher.update_into\\` would accept Python objects which\n> implement the buffer protocol, but provide only immutable buffers.\n>\n> This would allow immutable objects (such as \\`bytes\\`) to be mutated,\n> thus violating fundamental rules of Python.\n>\n> This is a soundness bug \\-- it allows programmers to misuse an API, it\n> cannot be exploited by attacker controlled data alone.\n>\n> This now correctly raises an exception.\n>\n> This issue has been present since \\`update_into\\` was originally\n> introduced in cryptography 1.8.\n", "id": "FreeBSD-2023-0132", "modified": "2023-04-10T00:00:00Z", "published": "2023-04-10T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://osv.dev/vulnerability/GHSA-w7pp-m8wf-vj6r" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-23931" }, { "type": "WEB", "url": "https://osv.dev/vulnerability/GHSA-w7pp-m8wf-vj6r" } ], "schema_version": "1.7.0", "summary": "py-cryptography -- allows programmers to misuse an API" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "py37-tensorflow" }, "ranges": [ { "events": [ { "fixed": "2.8.4" }, { "introduced": "0" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "2.9.0" }, { "fixed": "2.9.3" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "2.10.0" }, { "fixed": "2.10.1" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "py38-tensorflow" }, "ranges": [ { "events": [ { "fixed": "2.8.4" }, { "introduced": "0" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "2.9.0" }, { "fixed": "2.9.3" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "2.10.0" }, { "fixed": "2.10.1" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "py39-tensorflow" }, "ranges": [ { "events": [ { "fixed": "2.8.4" }, { "introduced": "0" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "2.9.0" }, { "fixed": "2.9.3" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "2.10.0" }, { "fixed": "2.10.1" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "py310-tensorflow" }, "ranges": [ { "events": [ { "fixed": "2.8.4" }, { "introduced": "0" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "2.9.0" }, { "fixed": "2.9.3" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "2.10.0" }, { "fixed": "2.10.1" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "py311-tensorflow" }, "ranges": [ { "events": [ { "fixed": "2.8.4" }, { "introduced": "0" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "2.9.0" }, { "fixed": "2.9.3" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "2.10.0" }, { "fixed": "2.10.1" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://osv.dev/vulnerability/GHSA-cqvq-fvhr-v6hc", "https://osv.dev/vulnerability/GHSA-xf83-q765-xm6m" ], "discovery": "2022-11-21T00:00:00Z", "references": { "cvename": [ "CVE-2022-35935", "CVE-2022-35991" ] }, "vid": "ae132c6c-d716-11ed-956f-7054d21a9e2a" }, "details": "Kang Hong Jin, Neophytos Christou, \u5218\u529b\u6e90 and Pattarakrit Rattankul\nreport:\n\n> Another instance of CVE-2022-35935, where \\`SobolSample\\` is\n> vulnerable to a denial of service via assumed scalar inputs, was found\n> and fixed.\n\nPattarakrit Rattankul reports:\n\n> Another instance of CVE-2022-35991, where \\`TensorListScatter\\` and\n> \\`TensorListScatterV2\\` crash via non scalar inputs\n> in\\`element_shape\\`, was found in eager mode and fixed.\n", "id": "FreeBSD-2023-0131", "modified": "2023-04-09T00:00:00Z", "published": "2023-04-09T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://osv.dev/vulnerability/GHSA-cqvq-fvhr-v6hc" }, { "type": "REPORT", "url": "https://osv.dev/vulnerability/GHSA-xf83-q765-xm6m" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-35935" }, { "type": "WEB", "url": "https://osv.dev/vulnerability/GHSA-cqvq-fvhr-v6hc" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-35991" }, { "type": "WEB", "url": "https://osv.dev/vulnerability/GHSA-xf83-q765-xm6m" } ], "schema_version": "1.7.0", "summary": "py-tensorflow -- denial of service vulnerability" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "py37-tensorflow" }, "ranges": [ { "events": [ { "fixed": "2.7.2" }, { "introduced": "0" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "2.8.0" }, { "fixed": "2.8.1" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "2.9.0" }, { "fixed": "2.9.2" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "py38-tensorflow" }, "ranges": [ { "events": [ { "fixed": "2.7.2" }, { "introduced": "0" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "2.8.0" }, { "fixed": "2.8.1" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "2.9.0" }, { "fixed": "2.9.2" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "py39-tensorflow" }, "ranges": [ { "events": [ { "fixed": "2.7.2" }, { "introduced": "0" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "2.8.0" }, { "fixed": "2.8.1" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "2.9.0" }, { "fixed": "2.9.2" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "py310-tensorflow" }, "ranges": [ { "events": [ { "fixed": "2.7.2" }, { "introduced": "0" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "2.8.0" }, { "fixed": "2.8.1" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "2.9.0" }, { "fixed": "2.9.2" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "py311-tensorflow" }, "ranges": [ { "events": [ { "fixed": "2.7.2" }, { "introduced": "0" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "2.8.0" }, { "fixed": "2.8.1" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "2.9.0" }, { "fixed": "2.9.2" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://osv.dev/vulnerability/GHSA-mgmh-g2v6-mqw5" ], "discovery": "2022-09-16T00:00:00Z", "references": { "cvename": [ "CVE-2022-35941" ] }, "vid": "52311651-f100-4720-8c62-0887dad6d321" }, "details": "Jingyi Shi reports:\n\n> The \\'AvgPoolOp\\' function takes an argument \\`ksize\\` that must be\n> positive but is not checked.\n>\n> A negative \\`ksize\\` can trigger a \\`CHECK\\` failure and crash the\n> program.\n", "id": "FreeBSD-2023-0130", "modified": "2023-04-09T00:00:00Z", "published": "2023-04-09T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://osv.dev/vulnerability/GHSA-mgmh-g2v6-mqw5" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-35941" }, { "type": "WEB", "url": "https://osv.dev/vulnerability/GHSA-mgmh-g2v6-mqw5" } ], "schema_version": "1.7.0", "summary": "py-tensorflow -- unchecked argument causing crash" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "py37-pymatgen" }, "ranges": [ { "events": [ { "last_affected": "2022.9.21" }, { "fixed": "2022.9.21" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "py38-pymatgen" }, "ranges": [ { "events": [ { "last_affected": "2022.9.21" }, { "fixed": "2022.9.21" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "py39-pymatgen" }, "ranges": [ { "events": [ { "last_affected": "2022.9.21" }, { "fixed": "2022.9.21" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "py310-pymatgen" }, "ranges": [ { "events": [ { "last_affected": "2022.9.21" }, { "fixed": "2022.9.21" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "py311-pymatgen" }, "ranges": [ { "events": [ { "last_affected": "2022.9.21" }, { "fixed": "2022.9.21" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://osv.dev/vulnerability/GHSA-5jqp-885w-xj32" ], "discovery": "2022-11-10T00:00:00Z", "references": { "cvename": [ "CVE-2022-42964" ] }, "vid": "951b513a-9f42-436d-888d-2162615d0fe4" }, "details": "> An exponential ReDoS (Regular Expression Denial of Service) can be\n> triggered in the pymatgen PyPI package, when an attacker is able to\n> supply arbitrary input to the GaussianInput.from_string method.\n", "id": "FreeBSD-2023-0129", "modified": "2023-04-09T00:00:00Z", "published": "2023-04-09T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://osv.dev/vulnerability/GHSA-5jqp-885w-xj32" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-42964" }, { "type": "WEB", "url": "https://osv.dev/vulnerability/GHSA-5jqp-885w-xj32" } ], "schema_version": "1.7.0", "summary": "py-pymatgen -- regular expression denial of service" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "py37-nicotine-plus" }, "ranges": [ { "events": [ { "fixed": "3.2.1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "py38-nicotine-plus" }, "ranges": [ { "events": [ { "fixed": "3.2.1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "py39-nicotine-plus" }, "ranges": [ { "events": [ { "fixed": "3.2.1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "py310-nicotine-plus" }, "ranges": [ { "events": [ { "fixed": "3.2.1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "py311-nicotine-plus" }, "ranges": [ { "events": [ { "fixed": "3.2.1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://osv.dev/vulnerability/GHSA-p4v2-r99v-wjc2" ], "discovery": "2022-03-16T00:00:00Z", "references": { "cvename": [ "CVE-2021-45848" ] }, "vid": "e87a9326-dd35-49fc-b20b-f57cbebaae87" }, "details": "ztauras reports:\n\n> Denial of service (DoS) vulnerability in Nicotine+ starting with\n> version 3.0.3 and prior to version 3.2.1 allows a user with a modified\n> Soulseek client to crash Nicotine+ by sending a file download request\n> with a file path containing a null character.\n", "id": "FreeBSD-2023-0128", "modified": "2023-04-09T00:00:00Z", "published": "2023-04-09T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://osv.dev/vulnerability/GHSA-p4v2-r99v-wjc2" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-45848" }, { "type": "WEB", "url": "https://osv.dev/vulnerability/GHSA-p4v2-r99v-wjc2" } ], "schema_version": "1.7.0", "summary": "py-nicotine-plus -- Denial of service vulnerability" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "py37-slixmpp" }, "ranges": [ { "events": [ { "fixed": "1.8.3" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "py38-slixmpp" }, "ranges": [ { "events": [ { "fixed": "1.8.3" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "py39-slixmpp" }, "ranges": [ { "events": [ { "fixed": "1.8.3" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "py310-slixmpp" }, "ranges": [ { "events": [ { "fixed": "1.8.3" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "py311-slixmpp" }, "ranges": [ { "events": [ { "fixed": "1.8.3" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://osv.dev/vulnerability/GHSA-q6cq-m9gm-6q2f" ], "discovery": "2022-12-25T00:00:00Z", "references": { "cvename": [ "CVE-2022-45197" ] }, "vid": "93db4f92-9997-4f4f-8614-3963d9e2b0ec" }, "details": "> Slixmpp before 1.8.3 lacks SSL Certificate hostname validation in\n> XMLStream, allowing an attacker to pose as any server in the eyes of\n> Slixmpp.\n", "id": "FreeBSD-2023-0127", "modified": "2023-04-09T00:00:00Z", "published": "2023-04-09T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://osv.dev/vulnerability/GHSA-q6cq-m9gm-6q2f" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-45197" }, { "type": "WEB", "url": "https://osv.dev/vulnerability/GHSA-q6cq-m9gm-6q2f" } ], "schema_version": "1.7.0", "summary": "py-slixmpp -- incomplete SSL certificate validation" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "py37-suds" }, "ranges": [ { "events": [ { "fixed": "1.0.0" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "py38-suds" }, "ranges": [ { "events": [ { "fixed": "1.0.0" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "py39-suds" }, "ranges": [ { "events": [ { "fixed": "1.0.0" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "py310-suds" }, "ranges": [ { "events": [ { "fixed": "1.0.0" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "py311-suds" }, "ranges": [ { "events": [ { "fixed": "1.0.0" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://osv.dev/vulnerability/PYSEC-2013-32" ], "discovery": "2013-09-23T00:00:00Z", "references": { "cvename": [ "CVE-2013-2217" ] }, "vid": "b31f7029-817c-4c1f-b7d3-252de5283393" }, "details": "SUSE reports:\n\n> cache.py in Suds 0.4, when tempdir is set to None, allows local users\n> to redirect SOAP queries and possibly have other unspecified impact\n> via a symlink attack on a cache file with a predictable name in\n> /tmp/suds/.\n", "id": "FreeBSD-2023-0126", "modified": "2023-07-08T00:00:00Z", "published": "2023-04-09T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://osv.dev/vulnerability/PYSEC-2013-32" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2013-2217" }, { "type": "WEB", "url": "https://osv.dev/vulnerability/PYSEC-2013-32" } ], "schema_version": "1.7.0", "summary": "py-suds -- vulnerable to symlink attacks" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "py37-impacket" }, "ranges": [ { "events": [ { "introduced": "0.9.10" }, { "fixed": "0.9.23" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "py38-impacket" }, "ranges": [ { "events": [ { "introduced": "0.9.10" }, { "fixed": "0.9.23" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "py39-impacket" }, "ranges": [ { "events": [ { "introduced": "0.9.10" }, { "fixed": "0.9.23" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "py310-impacket" }, "ranges": [ { "events": [ { "introduced": "0.9.10" }, { "fixed": "0.9.23" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "py311-impacket" }, "ranges": [ { "events": [ { "introduced": "0.9.10" }, { "fixed": "0.9.23" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://osv.dev/vulnerability/PYSEC-2021-17" ], "discovery": "2021-05-05T00:00:00Z", "references": { "cvename": [ "CVE-2021-31800" ] }, "vid": "b692a49c-9ae7-4958-af21-cbf8f5b819ea" }, "details": "asolino reports:\n\n> Multiple path traversal vulnerabilities exist in smbserver.py in\n> Impacket through 0.9.22. An attacker that connects to a running\n> smbserver instance can list and write to arbitrary files via ../\n> directory traversal. This could potentially be abused to achieve\n> arbitrary code execution by replacing /etc/shadow or an SSH authorized\n> key.\n", "id": "FreeBSD-2023-0125", "modified": "2023-04-09T00:00:00Z", "published": "2023-04-09T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://osv.dev/vulnerability/PYSEC-2021-17" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-31800" }, { "type": "WEB", "url": "https://osv.dev/vulnerability/PYSEC-2021-17" }, { "type": "WEB", "url": "https://osv.dev/vulnerability/GHSA-mj63-64x7-57xf" } ], "schema_version": "1.7.0", "summary": "py-impacket -- multiple path traversal vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "py37-tflite" }, "ranges": [ { "events": [ { "fixed": "2.8.4" }, { "introduced": "0" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "2.9.0" }, { "fixed": "2.9.3" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "2.10.0" }, { "fixed": "2.10.1" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "py38-tflite" }, "ranges": [ { "events": [ { "fixed": "2.8.4" }, { "introduced": "0" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "2.9.0" }, { "fixed": "2.9.3" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "2.10.0" }, { "fixed": "2.10.1" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "py39-tflite" }, "ranges": [ { "events": [ { "fixed": "2.8.4" }, { "introduced": "0" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "2.9.0" }, { "fixed": "2.9.3" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "2.10.0" }, { "fixed": "2.10.1" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "py310-tflite" }, "ranges": [ { "events": [ { "fixed": "2.8.4" }, { "introduced": "0" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "2.9.0" }, { "fixed": "2.9.3" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "2.10.0" }, { "fixed": "2.10.1" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "py311-tflite" }, "ranges": [ { "events": [ { "fixed": "2.8.4" }, { "introduced": "0" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "2.9.0" }, { "fixed": "2.9.3" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "2.10.0" }, { "fixed": "2.10.1" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://osv.dev/vulnerability/GHSA-h6q3-vv32-2cq5" ], "discovery": "2022-11-21T00:00:00Z", "references": { "cvename": [ "CVE-2022-41894" ] }, "vid": "326b2f3e-6fc7-4661-955d-a772760db9cf" }, "details": "Thibaut Goetghebuer-Planchon reports:\n\n> The reference kernel of the CONV_3D_TRANSPOSE TensorFlow Lite operator\n> wrongly increments the data_ptr when adding the bias to the result.\n>\n> Instead of \\`data_ptr += num_channels;\\` it should be \\`data_ptr +=\n> output_num_channels;\\` as if the number of input channels is different\n> than the number of output channels, the wrong result will be returned\n> and a buffer overflow will occur if num_channels \\>\n> output_num_channels.\n>\n> An attacker can craft a model with a specific number of input channels\n> in a way similar to the attached example script.\n>\n> It is then possible to write specific values through the bias of the\n> layer outside the bounds of the buffer.\n>\n> This attack only works if the reference kernel resolver is used in the\n> interpreter (i.e.\n> \\`experimental_op_resolver_type=tf.lite.experimental.OpResolverType.BUILTIN_REF\\`\n> is used).\n", "id": "FreeBSD-2023-0124", "modified": "2023-04-09T00:00:00Z", "published": "2023-04-09T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://osv.dev/vulnerability/GHSA-h6q3-vv32-2cq5" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-41894" }, { "type": "WEB", "url": "https://osv.dev/vulnerability/GHSA-h6q3-vv32-2cq5" } ], "schema_version": "1.7.0", "summary": "py-tflite -- buffer overflow vulnerability" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "py37-tflite" }, "ranges": [ { "events": [ { "fixed": "2.3.4" }, { "introduced": "0" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "2.4.0" }, { "fixed": "2.4.3" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "2.5.0" }, { "fixed": "2.5.1" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "py38-tflite" }, "ranges": [ { "events": [ { "fixed": "2.3.4" }, { "introduced": "0" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "2.4.0" }, { "fixed": "2.4.3" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "2.5.0" }, { "fixed": "2.5.1" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "py39-tflite" }, "ranges": [ { "events": [ { "fixed": "2.3.4" }, { "introduced": "0" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "2.4.0" }, { "fixed": "2.4.3" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "2.5.0" }, { "fixed": "2.5.1" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "py310-tflite" }, "ranges": [ { "events": [ { "fixed": "2.3.4" }, { "introduced": "0" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "2.4.0" }, { "fixed": "2.4.3" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "2.5.0" }, { "fixed": "2.5.1" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "py311-tflite" }, "ranges": [ { "events": [ { "fixed": "2.3.4" }, { "introduced": "0" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "2.4.0" }, { "fixed": "2.4.3" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "2.5.0" }, { "fixed": "2.5.1" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://osv.dev/vulnerability/GHSA-wf5p-c75w-w3wh" ], "discovery": "2021-08-25T00:00:00Z", "references": { "cvename": [ "CVE-2021-37689" ] }, "vid": "d82bcd2b-5cd6-421c-8179-b3ff0231029f" }, "details": "Yakun Zhang of Baidu Security reports:\n\n> An attacker can craft a TFLite model that would trigger a null pointer\n> dereference, which would result in a crash and denial of service\n", "id": "FreeBSD-2023-0123", "modified": "2023-04-09T00:00:00Z", "published": "2023-04-09T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://osv.dev/vulnerability/GHSA-wf5p-c75w-w3wh" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-37689" }, { "type": "WEB", "url": "https://osv.dev/vulnerability/GHSA-wf5p-c75w-w3wh" } ], "schema_version": "1.7.0", "summary": "py-tflite -- denial of service vulnerability" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "py37-cinder" }, "ranges": [ { "events": [ { "fixed": "19.1.2" }, { "introduced": "0" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "20.0.0" }, { "fixed": "20.0.2" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "py38-cinder" }, "ranges": [ { "events": [ { "fixed": "19.1.2" }, { "introduced": "0" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "20.0.0" }, { "fixed": "20.0.2" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "py39-cinder" }, "ranges": [ { "events": [ { "fixed": "19.1.2" }, { "introduced": "0" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "20.0.0" }, { "fixed": "20.0.2" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "py310-cinder" }, "ranges": [ { "events": [ { "fixed": "19.1.2" }, { "introduced": "0" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "20.0.0" }, { "fixed": "20.0.2" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "py311-cinder" }, "ranges": [ { "events": [ { "fixed": "19.1.2" }, { "introduced": "0" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "20.0.0" }, { "fixed": "20.0.2" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://osv.dev/vulnerability/GHSA-7h75-hwxx-qpgc" ], "discovery": "2023-01-27T00:00:00Z", "references": { "cvename": [ "CVE-2022-47951" ] }, "vid": "a0509648-65ce-4a1b-855e-520a75bd2549" }, "details": "Utkarsh Gupta reports:\n\n> An issue was discovered in OpenStack Cinder before 19.1.2, 20.x before\n> 20.0.2, and 21.0.0; Glance before 23.0.1, 24.x before 24.1.1, and\n> 25.0.0; and Nova before 24.1.2, 25.x before 25.0.2, and 26.0.0.\n>\n> By supplying a specially created VMDK flat image that references a\n> specific backing file path, an authenticated user may convince systems\n> to return a copy of that file\\'s contents from the server, resulting\n> in unauthorized access to potentially sensitive data.\n", "id": "FreeBSD-2023-0122", "modified": "2023-04-09T00:00:00Z", "published": "2023-04-09T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://osv.dev/vulnerability/GHSA-7h75-hwxx-qpgc" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-47951" }, { "type": "WEB", "url": "https://osv.dev/vulnerability/GHSA-7h75-hwxx-qpgc" } ], "schema_version": "1.7.0", "summary": "py-cinder -- unauthorized data access" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "py37-cinder" }, "ranges": [ { "events": [ { "last_affected": "12.0.9" }, { "fixed": "12.0.9" }, { "introduced": "0" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "13.0.0" }, { "last_affected": "13.0.9" }, { "fixed": "13.0.9" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "14.0.0" }, { "last_affected": "14.3.1" }, { "fixed": "14.3.1" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "15.0.0" }, { "last_affected": "15.6.0" }, { "fixed": "15.6.0" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "16.0.0" }, { "last_affected": "16.4.2" }, { "fixed": "16.4.2" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "17.0.0" }, { "last_affected": "17.4.0" }, { "fixed": "17.4.0" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "18.0.0" }, { "last_affected": "18.2.1" }, { "fixed": "18.2.1" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "19.0.0" }, { "last_affected": "19.2.0" }, { "fixed": "19.2.0" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "20.0.0" }, { "last_affected": "20.1.0" }, { "fixed": "20.1.0" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "21.0.0" }, { "last_affected": "21.1.0" }, { "fixed": "21.1.0" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "22.0.0" }, { "last_affected": "22.0.0.0rc2" }, { "fixed": "22.0.0.0rc2" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "py38-cinder" }, "ranges": [ { "events": [ { "last_affected": "12.0.9" }, { "fixed": "12.0.9" }, { "introduced": "0" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "13.0.0" }, { "last_affected": "13.0.9" }, { "fixed": "13.0.9" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "14.0.0" }, { "last_affected": "14.3.1" }, { "fixed": "14.3.1" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "15.0.0" }, { "last_affected": "15.6.0" }, { "fixed": "15.6.0" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "16.0.0" }, { "last_affected": "16.4.2" }, { "fixed": "16.4.2" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "17.0.0" }, { "last_affected": "17.4.0" }, { "fixed": "17.4.0" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "18.0.0" }, { "last_affected": "18.2.1" }, { "fixed": "18.2.1" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "19.0.0" }, { "last_affected": "19.2.0" }, { "fixed": "19.2.0" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "20.0.0" }, { "last_affected": "20.1.0" }, { "fixed": "20.1.0" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "21.0.0" }, { "last_affected": "21.1.0" }, { "fixed": "21.1.0" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "22.0.0" }, { "last_affected": "22.0.0.0rc2" }, { "fixed": "22.0.0.0rc2" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "py39-cinder" }, "ranges": [ { "events": [ { "last_affected": "12.0.9" }, { "fixed": "12.0.9" }, { "introduced": "0" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "13.0.0" }, { "last_affected": "13.0.9" }, { "fixed": "13.0.9" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "14.0.0" }, { "last_affected": "14.3.1" }, { "fixed": "14.3.1" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "15.0.0" }, { "last_affected": "15.6.0" }, { "fixed": "15.6.0" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "16.0.0" }, { "last_affected": "16.4.2" }, { "fixed": "16.4.2" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "17.0.0" }, { "last_affected": "17.4.0" }, { "fixed": "17.4.0" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "18.0.0" }, { "last_affected": "18.2.1" }, { "fixed": "18.2.1" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "19.0.0" }, { "last_affected": "19.2.0" }, { "fixed": "19.2.0" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "20.0.0" }, { "last_affected": "20.1.0" }, { "fixed": "20.1.0" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "21.0.0" }, { "last_affected": "21.1.0" }, { "fixed": "21.1.0" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "22.0.0" }, { "last_affected": "22.0.0.0rc2" }, { "fixed": "22.0.0.0rc2" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "py310-cinder" }, "ranges": [ { "events": [ { "last_affected": "12.0.9" }, { "fixed": "12.0.9" }, { "introduced": "0" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "13.0.0" }, { "last_affected": "13.0.9" }, { "fixed": "13.0.9" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "14.0.0" }, { "last_affected": "14.3.1" }, { "fixed": "14.3.1" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "15.0.0" }, { "last_affected": "15.6.0" }, { "fixed": "15.6.0" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "16.0.0" }, { "last_affected": "16.4.2" }, { "fixed": "16.4.2" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "17.0.0" }, { "last_affected": "17.4.0" }, { "fixed": "17.4.0" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "18.0.0" }, { "last_affected": "18.2.1" }, { "fixed": "18.2.1" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "19.0.0" }, { "last_affected": "19.2.0" }, { "fixed": "19.2.0" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "20.0.0" }, { "last_affected": "20.1.0" }, { "fixed": "20.1.0" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "21.0.0" }, { "last_affected": "21.1.0" }, { "fixed": "21.1.0" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "22.0.0" }, { "last_affected": "22.0.0.0rc2" }, { "fixed": "22.0.0.0rc2" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "py311-cinder" }, "ranges": [ { "events": [ { "last_affected": "12.0.9" }, { "fixed": "12.0.9" }, { "introduced": "0" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "13.0.0" }, { "last_affected": "13.0.9" }, { "fixed": "13.0.9" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "14.0.0" }, { "last_affected": "14.3.1" }, { "fixed": "14.3.1" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "15.0.0" }, { "last_affected": "15.6.0" }, { "fixed": "15.6.0" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "16.0.0" }, { "last_affected": "16.4.2" }, { "fixed": "16.4.2" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "17.0.0" }, { "last_affected": "17.4.0" }, { "fixed": "17.4.0" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "18.0.0" }, { "last_affected": "18.2.1" }, { "fixed": "18.2.1" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "19.0.0" }, { "last_affected": "19.2.0" }, { "fixed": "19.2.0" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "20.0.0" }, { "last_affected": "20.1.0" }, { "fixed": "20.1.0" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "21.0.0" }, { "last_affected": "21.1.0" }, { "fixed": "21.1.0" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "22.0.0" }, { "last_affected": "22.0.0.0rc2" }, { "fixed": "22.0.0.0rc2" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://osv.dev/vulnerability/GHSA-qhch-g8qr-p497" ], "discovery": "2022-05-17T00:00:00Z", "references": { "cvename": [ "CVE-2014-3641" ] }, "vid": "f4a94232-7864-4afb-bbf9-ff2dc8e288d1" }, "details": "Duncan Thomas reports:\n\n> The (1) GlusterFS and (2) Linux Smbfs drivers in OpenStack Cinder\n> before 2014.1.3 allows remote authenticated users to obtain file data\n> from the Cinder-volume host by cloning and attaching a volume with a\n> crafted qcow2 header.\n", "id": "FreeBSD-2023-0121", "modified": "2023-04-09T00:00:00Z", "published": "2023-04-09T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://osv.dev/vulnerability/GHSA-qhch-g8qr-p497" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2014-3641" }, { "type": "WEB", "url": "https://osv.dev/vulnerability/GHSA-qhch-g8qr-p497" } ], "schema_version": "1.7.0", "summary": "py-cinder -- data leak" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "traefik" }, "ranges": [ { "events": [ { "fixed": "2.9.9_1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://pkg.go.dev/vuln/GO-2023-1704" ], "discovery": "2023-03-10T00:00:00Z", "references": { "cvename": [ "CVE-2023-24534", "CVE-2023-29013" ] }, "vid": "02e51cb3-d7e4-11ed-9f7a-5404a68ad561" }, "details": "The Go project reports:\n\n> HTTP and MIME header parsing can allocate large amounts of memory,\n> even when parsing small inputs, potentially leading to a denial of\n> service. Certain unusual patterns of input data can cause the common\n> function used to parse HTTP and MIME headers to allocate substantially\n> more memory than required to hold the parsed headers. An attacker can\n> exploit this behavior to cause an HTTP server to allocate large\n> amounts of memory from a small request, potentially leading to memory\n> exhaustion and a denial of service. With fix, header parsing now\n> correctly allocates only the memory required to hold parsed headers.\n", "id": "FreeBSD-2023-0120", "modified": "2023-04-07T00:00:00Z", "published": "2023-04-07T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://pkg.go.dev/vuln/GO-2023-1704" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-24534" }, { "type": "WEB", "url": "https://www.cve.org/CVERecord?id=CVE-2023-24534" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-29013" }, { "type": "WEB", "url": "https://www.cve.org/CVERecord?id=CVE-2023-29013" } ], "schema_version": "1.7.0", "summary": "traefik -- Use of vulnerable Go modules net/http, net/textproto" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "py39-cinder" }, "ranges": [ { "events": [ { "fixed": "14.1.0" }, { "introduced": "0" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "15.0.0" }, { "fixed": "15.2.0" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "16.0.0" }, { "fixed": "15.1.0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://osv.dev/vulnerability/PYSEC-2020-228" ], "discovery": "2020-06-10T00:00:00Z", "references": { "cvename": [ "CVE-2020-10755" ] }, "vid": "f767d615-01db-47e9-b4ab-07bb8d3409fd" }, "details": "OpenStack project reports:\n\n> An insecure-credentials flaw was found in all openstack-cinder\n> versions before openstack-cinder 14.1.0, all openstack-cinder 15.x.x\n> versions before openstack-cinder 15.2.0 and all openstack-cinder\n> 16.x.x versions before openstack-cinder 16.1.0.\n>\n> When using openstack-cinder with the Dell EMC ScaleIO or VxFlex OS\n> backend storage driver, credentials for the entire backend are exposed\n> in the \\`\\`connection_info\\`\\` element in all Block Storage v3\n> Attachments API calls containing that element.\n>\n> This flaw enables an end-user to create a volume, make an API call to\n> show the attachment detail information, and retrieve a username and\n> password that may be used to connect to another user\\'s volume.\n>\n> Additionally, these credentials are valid for the ScaleIO or VxFlex OS\n> Management API, should an attacker discover the Management API\n> endpoint.\n", "id": "FreeBSD-2023-0119", "modified": "2023-04-09T00:00:00Z", "published": "2023-04-09T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://osv.dev/vulnerability/PYSEC-2020-228" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-10755" }, { "type": "WEB", "url": "https://osv.dev/vulnerability/PYSEC-2020-228" } ], "schema_version": "1.7.0", "summary": "py39-cinder -- insecure-credentials flaw" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "py39-OWSLib" }, "ranges": [ { "events": [ { "fixed": "0.28.1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://osv.dev/vulnerability/GHSA-8h9c-r582-mggc" ], "discovery": "2023-03-07T00:00:00Z", "references": { "cvename": [ "CVE-2023-27476" ] }, "vid": "e5d117b3-2153-4129-81ed-42b0221afa78" }, "details": "Jorge Rosillo reports:\n\n> OWSLib\\'s XML parser (which supports both \\`lxml\\` and \\`xml.etree\\`)\n> does not disable entity resolution for \\`lxml\\`, and could lead to\n> arbitrary file reads from an attacker-controlled XML payload.\n>\n> This affects all XML parsing in the codebase.\n", "id": "FreeBSD-2023-0118", "modified": "2023-04-09T00:00:00Z", "published": "2023-04-09T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://osv.dev/vulnerability/GHSA-8h9c-r582-mggc" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-27476" }, { "type": "WEB", "url": "https://osv.dev/vulnerability/GHSA-8h9c-r582-mggc" } ], "schema_version": "1.7.0", "summary": "py39-OWSLib -- arbitrary file read vulnerability" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "py39-unicorn" }, "ranges": [ { "events": [ { "fixed": "2.0.0rc1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://osv.dev/vulnerability/PYSEC-2021-868" ], "discovery": "2021-12-26T00:00:00Z", "references": { "cvename": [ "CVE-2021-44078" ] }, "vid": "17083017-d993-43eb-8aaf-7138f4486d1c" }, "details": "jwang-a reports:\n\n> An issue was discovered in split_region in uc.c in Unicorn Engine\n> before 2.0.0-rc5.\n>\n> It allows local attackers to escape the sandbox.\n>\n> An attacker must first obtain the ability to execute crafted code in\n> the target sandbox in order to exploit this vulnerability.\n>\n> The specific flaw exists within the virtual memory manager.\n>\n> The issue results from the faulty comparison of GVA and GPA while\n> calling uc_mem_map_ptr to free part of a claimed memory block.\n>\n> An attacker can leverage this vulnerability to escape the sandbox and\n> execute arbitrary code on the host machine.\n", "id": "FreeBSD-2023-0117", "modified": "2023-04-09T00:00:00Z", "published": "2023-04-09T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://osv.dev/vulnerability/PYSEC-2021-868" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-44078" }, { "type": "WEB", "url": "https://osv.dev/vulnerability/PYSEC-2021-868" } ], "schema_version": "1.7.0", "summary": "py39-unicorn -- sandbox escape and arbitrary code execution vulnerability" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "py39-pycares" }, "ranges": [ { "events": [ { "fixed": "4.2.0" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://osv.dev/vulnerability/GHSA-c58j-88f5-h53f" ], "discovery": "2021-06-11T00:00:00Z", "references": { "cvename": [ "CVE-2021-3672" ] }, "vid": "43e9ffd4-d6e0-11ed-956f-7054d21a9e2a" }, "details": "Philipp Jeitner and Haya Shulman report:\n\n> A flaw was found in c-ares library, where a missing input validation\n> check of host names returned by DNS (Domain Name Servers) can lead to\n> output of wrong hostnames which might potentially lead to Domain\n> Hijacking.\n>\n> The highest threat from this vulnerability is to confidentiality and\n> integrity as well as system availability.\n", "id": "FreeBSD-2023-0116", "modified": "2023-04-09T00:00:00Z", "published": "2023-04-09T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://osv.dev/vulnerability/GHSA-c58j-88f5-h53f" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-3672" }, { "type": "WEB", "url": "https://osv.dev/vulnerability/GHSA-c58j-88f5-h53f" } ], "schema_version": "1.7.0", "summary": "py39-pycares -- domain hijacking vulnerability" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "py39-setuptools" }, "ranges": [ { "events": [ { "fixed": "44.1.1_1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "57.0.0" }, { "fixed": "58.5.3_3" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "62.1.0" }, { "fixed": "63.1.0_1" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://osv.dev/vulnerability/GHSA-r9hx-vwmv-q579" ], "discovery": "2022-12-23T00:00:00Z", "references": { "cvename": [ "CVE-2022-40897" ] }, "vid": "1b38aec4-4149-4c7d-851c-3c4de3a1fbd0" }, "details": "SCH227 reports:\n\n> Python Packaging Authority (PyPA)\\'s setuptools is a library designed\n> to facilitate packaging Python projects.\n>\n> Setuptools version 65.5.0 and earlier could allow remote attackers to\n> cause a denial of service by fetching malicious HTML from a PyPI\n> package or custom PackageIndex page due to a vulnerable Regular\n> Expression in \\`package_index\\`.\n>\n> This has been patched in version 65.5.1. The patch backported to the\n> revision 63.1.0_1.\n", "id": "FreeBSD-2023-0115", "modified": "2023-04-09T00:00:00Z", "published": "2023-04-09T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://osv.dev/vulnerability/GHSA-r9hx-vwmv-q579" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-40897" }, { "type": "WEB", "url": "https://osv.dev/vulnerability/GHSA-r9hx-vwmv-q579" } ], "schema_version": "1.7.0", "summary": "py39-setuptools -- denial of service vulnerability" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "py27-setuptools44" }, "ranges": [ { "events": [ { "fixed": "44.1.1_1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "57.0.0" }, { "fixed": "58.5.3_3" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "62.1.0" }, { "fixed": "63.1.0_1" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://osv.dev/vulnerability/GHSA-r9hx-vwmv-q579" ], "discovery": "2022-12-23T00:00:00Z", "references": { "cvename": [ "CVE-2022-40897" ] }, "vid": "187ab98e-2953-4495-b379-4060bd4b75ee" }, "details": "SCH227 reports:\n\n> Python Packaging Authority (PyPA)\\'s setuptools is a library designed\n> to facilitate packaging Python projects.\n>\n> Setuptools version 65.5.0 and earlier could allow remote attackers to\n> cause a denial of service by fetching malicious HTML from a PyPI\n> package or custom PackageIndex page due to a vulnerable Regular\n> Expression in \\`package_index\\`.\n>\n> This has been patched in version 65.5.1. The patch backported to the\n> revision 44.1.1_1.\n", "id": "FreeBSD-2023-0114", "modified": "2023-04-09T00:00:00Z", "published": "2023-04-09T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://osv.dev/vulnerability/GHSA-r9hx-vwmv-q579" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-40897" }, { "type": "WEB", "url": "https://osv.dev/vulnerability/GHSA-r9hx-vwmv-q579" } ], "schema_version": "1.7.0", "summary": "py27-setuptools44 -- denial of service vulnerability" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "py39-setuptools58" }, "ranges": [ { "events": [ { "fixed": "44.1.1_1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "57.0.0" }, { "fixed": "58.5.3_3" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "62.1.0" }, { "fixed": "63.1.0_1" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://osv.dev/vulnerability/GHSA-r9hx-vwmv-q579" ], "discovery": "2022-12-23T00:00:00Z", "references": { "cvename": [ "CVE-2022-40897" ] }, "vid": "24da150a-33e0-4fee-b4ee-2c6b377d3395" }, "details": "SCH227 reports:\n\n> Python Packaging Authority (PyPA)\\'s setuptools is a library designed\n> to facilitate packaging Python projects.\n>\n> Setuptools version 65.5.0 and earlier could allow remote attackers to\n> cause a denial of service by fetching malicious HTML from a PyPI\n> package or custom PackageIndex page due to a vulnerable Regular\n> Expression in \\`package_index\\`.\n>\n> This has been patched in version 65.5.1. The patch backported to the\n> revision 58.5.3_3.\n", "id": "FreeBSD-2023-0113", "modified": "2023-04-09T00:00:00Z", "published": "2023-04-09T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://osv.dev/vulnerability/GHSA-r9hx-vwmv-q579" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-40897" }, { "type": "WEB", "url": "https://osv.dev/vulnerability/GHSA-r9hx-vwmv-q579" } ], "schema_version": "1.7.0", "summary": "py39-setuptools58 -- denial of service vulnerability" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "py39-sentry-sdk" }, "ranges": [ { "events": [ { "fixed": "1.14.0" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://osv.dev/vulnerability/GHSA-29pr-6jr8-q5jm" ], "discovery": "2023-03-21T00:00:00Z", "references": { "cvename": [ "CVE-2023-28117" ] }, "vid": "15dae5cc-9ee6-4577-a93e-2ab57780e707" }, "details": "Tom Wolters reports:\n\n> When using the Django integration of the Sentry SDK in a specific\n> configuration it is possible to leak sensitive cookies values,\n> including the session cookie to Sentry.\n>\n> These sensitive cookies could then be used by someone with access to\n> your Sentry issues to impersonate or escalate their privileges within\n> your application.\n", "id": "FreeBSD-2023-0112", "modified": "2023-04-09T00:00:00Z", "published": "2023-04-09T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://osv.dev/vulnerability/GHSA-29pr-6jr8-q5jm" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-28117" }, { "type": "WEB", "url": "https://osv.dev/vulnerability/GHSA-29pr-6jr8-q5jm" } ], "schema_version": "1.7.0", "summary": "py39-sentry-sdk -- sensitive cookies leak" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "py39-py" }, "ranges": [ { "events": [ { "last_affected": "1.11.0" }, { "fixed": "1.11.0" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://osv.dev/vulnerability/PYSEC-2022-42969" ], "discovery": "2022-11-04T00:00:00Z", "references": { "cvename": [ "CVE-2022-42969" ] }, "vid": "28a37df6-ba1a-4eed-bb64-623fc8e8dfd0" }, "details": "SCH227 reports:\n\n> The py library through 1.11.0 for Python allows remote attackers to\n> conduct a ReDoS (Regular expression Denial of Service) attack via a\n> Subversion repository with crafted info data, because the\n> InfoSvnCommand argument is mishandled.\n", "id": "FreeBSD-2023-0111", "modified": "2023-04-09T00:00:00Z", "published": "2023-04-09T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://osv.dev/vulnerability/PYSEC-2022-42969" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-42969" }, { "type": "WEB", "url": "https://osv.dev/vulnerability/PYSEC-2022-42969" }, { "type": "WEB", "url": "https://osv.dev/vulnerability/GHSA-w596-4wvx-j9j6" } ], "schema_version": "1.7.0", "summary": "py39-py -- Regular expression Denial of Service vulnerability" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "py39-joblib" }, "ranges": [ { "events": [ { "fixed": "1.2.0" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://osv.dev/vulnerability/PYSEC-2022-288" ], "discovery": "2022-09-26T00:00:00Z", "references": { "cvename": [ "CVE-2022-21797" ] }, "vid": "845f8430-d0ee-4134-ae35-480a3e139b8a" }, "details": "jimlinntu reports:\n\n> The package joblib from 0 and before 1.2.0 are vulnerable to Arbitrary\n> Code Execution via the pre_dispatch flag in Parallel() class due to\n> the eval() statement.\n", "id": "FreeBSD-2023-0110", "modified": "2023-04-09T00:00:00Z", "published": "2023-04-09T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://osv.dev/vulnerability/PYSEC-2022-288" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-21797" }, { "type": "WEB", "url": "https://osv.dev/vulnerability/PYSEC-2022-288" }, { "type": "WEB", "url": "https://osv.dev/vulnerability/GHSA-6hrg-qmvc-2xh8" } ], "schema_version": "1.7.0", "summary": "py39-joblib -- arbitrary code execution" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "py39-configobj" }, "ranges": [ { "events": [ { "last_affected": "5.0.6_1" }, { "fixed": "5.0.6_1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://osv.dev/vulnerability/GHSA-c33w-24p9-8m24" ], "discovery": "2023-04-03T00:00:00Z", "references": { "cvename": [ "CVE-2023-26112" ] }, "vid": "de970aef-d60e-466b-8e30-1ae945a047f1" }, "details": "DarkTinia reports:\n\n> All versions of the package configobj are vulnerable to Regular\n> Expression Denial of Service (ReDoS) via the validate function, using\n> (.+?)\\\\((.\\*)\\\\).\n>\n> \\*\\*Note:\\*\\* This is only exploitable in the case of a developer,\n> putting the offending value in a server side configuration file.\n", "id": "FreeBSD-2023-0109", "modified": "2023-04-09T00:00:00Z", "published": "2023-04-09T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://osv.dev/vulnerability/GHSA-c33w-24p9-8m24" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-26112" }, { "type": "WEB", "url": "https://osv.dev/vulnerability/GHSA-c33w-24p9-8m24" } ], "schema_version": "1.7.0", "summary": "py39-configobj -- vulnerable to Regular Expression Denial of Service" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "py39-celery" }, "ranges": [ { "events": [ { "fixed": "5.2.2" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://osv.dev/vulnerability/PYSEC-2021-858" ], "discovery": "2021-12-09T00:00:00Z", "references": { "cvename": [ "CVE-2021-23727" ] }, "vid": "0a38a0d9-757f-4ac3-9561-b439e933dfa9" }, "details": "Snyk reports:\n\n> This affects the package celery before 5.2.2.\n>\n> It by default trusts the messages and metadata stored in backends\n> (result stores).\n>\n> When reading task metadata from the backend, the data is deserialized.\n>\n> Given that an attacker can gain access to, or somehow manipulate the\n> metadata within a celery backend, they could trigger a stored command\n> injection vulnerability and potentially gain further access to the\n> system.\n", "id": "FreeBSD-2023-0108", "modified": "2023-04-09T00:00:00Z", "published": "2023-04-09T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://osv.dev/vulnerability/PYSEC-2021-858" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-23727" }, { "type": "WEB", "url": "https://osv.dev/vulnerability/PYSEC-2021-858" }, { "type": "WEB", "url": "https://osv.dev/vulnerability/GHSA-q4xr-rc97-m4xx" } ], "schema_version": "1.7.0", "summary": "py39-celery -- command injection vulnerability" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "py39-redis" }, "ranges": [ { "events": [ { "introduced": "4.4.0" }, { "fixed": "4.4.4" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "4.5.0" }, { "fixed": "4.5.4" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://osv.dev/vulnerability/GHSA-8fww-64cx-x8p5" ], "discovery": "2023-03-26T00:00:00Z", "references": { "cvename": [ "CVE-2023-28859" ] }, "vid": "8aa6340d-e7c6-41e0-b2a3-3c9e9930312a" }, "details": "drago-balto reports:\n\n> redis-py through 4.5.3 and 4.4.3 leaves a connection open after\n> canceling an async Redis command at an inopportune time (in the case\n> of a non-pipeline operation), and can send response data to the client\n> of an unrelated request.\n>\n> NOTE: this issue exists because of an incomplete fix for\n> CVE-2023-28858.\n", "id": "FreeBSD-2023-0107", "modified": "2023-04-09T00:00:00Z", "published": "2023-04-09T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://osv.dev/vulnerability/GHSA-8fww-64cx-x8p5" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-28859" }, { "type": "WEB", "url": "https://osv.dev/vulnerability/GHSA-8fww-64cx-x8p5" } ], "schema_version": "1.7.0", "summary": "py39-redis -- can send response data to the client of an unrelated request" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "py39-redis" }, "ranges": [ { "events": [ { "fixed": "4.3.6" }, { "introduced": "0" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "4.4.0" }, { "fixed": "4.4.3" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "4.5.0" }, { "fixed": "4.5.3" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://osv.dev/vulnerability/GHSA-24wv-mv5m-xv4h" ], "discovery": "2023-03-26T00:00:00Z", "references": { "cvename": [ "CVE-2023-28858" ] }, "vid": "3f6d6181-79b2-4d33-bb1e-5d3f9df0c1d1" }, "details": "drago-balto reports:\n\n> redis-py before 4.5.3, as used in ChatGPT and other products, leaves a\n> connection open after canceling an async Redis command at an\n> inopportune time (in the case of a pipeline operation), and can send\n> response data to the client of an unrelated request in an off-by-one\n> manner.\n>\n> The fixed versions for this CVE Record are 4.3.6, 4.4.3, and 4.5.3,\n> but \\[are believed to be\n> incomplete\\](https://github.com/redis/redis-py/issues/2665).\n>\n> CVE-2023-28859 has been assigned the issues caused by the incomplete\n> fixes.\n", "id": "FreeBSD-2023-0106", "modified": "2023-04-09T00:00:00Z", "published": "2023-04-09T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://osv.dev/vulnerability/GHSA-24wv-mv5m-xv4h" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-28858" }, { "type": "WEB", "url": "https://osv.dev/vulnerability/GHSA-24wv-mv5m-xv4h" } ], "schema_version": "1.7.0", "summary": "py39-redis -- can send response data to the client of an unrelated request" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "py39-sqlalchemy12" }, "ranges": [ { "events": [ { "fixed": "1.3.0" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://osv.dev/vulnerability/PYSEC-2019-123", "https://osv.dev/vulnerability/PYSEC-2019-124" ], "discovery": "2019-02-06T00:00:00Z", "references": { "cvename": [ "CVE-2019-7548", "CVE-2019-7164" ] }, "vid": "d2293e22-4390-42c2-a323-34cca2066000" }, "details": "21k reports:\n\n> SQLAlchemy through 1.2.17 and 1.3.x through 1.3.0b2 allows SQL\n> Injection via the order_by parameter.\n\nnosecurity reports:\n\n> SQLAlchemy 1.2.17 has SQL Injection when the group_by parameter can be\n> controlled.\n", "id": "FreeBSD-2023-0105", "modified": "2023-04-09T00:00:00Z", "published": "2023-04-09T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://osv.dev/vulnerability/PYSEC-2019-123" }, { "type": "REPORT", "url": "https://osv.dev/vulnerability/PYSEC-2019-124" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-7548" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-7164" }, { "type": "WEB", "url": "https://osv.dev/vulnerability/PYSEC-2019-123" }, { "type": "WEB", "url": "https://osv.dev/vulnerability/PYSEC-2019-124" }, { "type": "WEB", "url": "https://osv.dev/vulnerability/GHSA-38fc-9xqv-7f7q" }, { "type": "WEB", "url": "https://osv.dev/vulnerability/GHSA-887w-45rq-vxgf" } ], "schema_version": "1.7.0", "summary": "py39-sqlalchemy12 -- multiple SQL Injection vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "py39-sqlalchemy11" }, "ranges": [ { "events": [ { "fixed": "1.3.0" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://osv.dev/vulnerability/PYSEC-2019-123", "https://osv.dev/vulnerability/PYSEC-2019-124" ], "discovery": "2019-02-06T00:00:00Z", "references": { "cvename": [ "CVE-2019-7164", "CVE-2019-7548" ] }, "vid": "8ccff771-ceca-43a0-85ad-3e595e73b425" }, "details": "21k reports:\n\n> SQLAlchemy through 1.2.17 and 1.3.x through 1.3.0b2 allows SQL\n> Injection via the order_by parameter.\n\nnosecurity reports:\n\n> SQLAlchemy 1.2.17 has SQL Injection when the group_by parameter can be\n> controlled.\n", "id": "FreeBSD-2023-0104", "modified": "2023-04-09T00:00:00Z", "published": "2023-04-09T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://osv.dev/vulnerability/PYSEC-2019-123" }, { "type": "REPORT", "url": "https://osv.dev/vulnerability/PYSEC-2019-124" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-7164" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-7548" }, { "type": "WEB", "url": "https://osv.dev/vulnerability/PYSEC-2019-123" }, { "type": "WEB", "url": "https://osv.dev/vulnerability/PYSEC-2019-124" }, { "type": "WEB", "url": "https://osv.dev/vulnerability/GHSA-38fc-9xqv-7f7q" }, { "type": "WEB", "url": "https://osv.dev/vulnerability/GHSA-887w-45rq-vxgf" } ], "schema_version": "1.7.0", "summary": "py39-sqlalchemy11 -- multiple SQL Injection vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "py39-sqlalchemy10" }, "ranges": [ { "events": [ { "fixed": "1.3.0" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://osv.dev/vulnerability/PYSEC-2019-123", "https://osv.dev/vulnerability/PYSEC-2019-124" ], "discovery": "2019-02-06T00:00:00Z", "references": { "cvename": [ "CVE-2019-7164", "CVE-2019-7548" ] }, "vid": "e4181981-ccf1-11ed-956f-7054d21a9e2a" }, "details": "21k reports:\n\n> SQLAlchemy through 1.2.17 and 1.3.x through 1.3.0b2 allows SQL\n> Injection via the order_by parameter.\n\nnosecurity reports:\n\n> SQLAlchemy 1.2.17 has SQL Injection when the group_by parameter can be\n> controlled.\n", "id": "FreeBSD-2023-0103", "modified": "2023-03-28T00:00:00Z", "published": "2023-03-28T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://osv.dev/vulnerability/PYSEC-2019-123" }, { "type": "REPORT", "url": "https://osv.dev/vulnerability/PYSEC-2019-124" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-7164" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-7548" }, { "type": "WEB", "url": "https://osv.dev/vulnerability/PYSEC-2019-123" }, { "type": "WEB", "url": "https://osv.dev/vulnerability/PYSEC-2019-124" }, { "type": "WEB", "url": "https://osv.dev/vulnerability/GHSA-887w-45rq-vxgf" }, { "type": "WEB", "url": "https://osv.dev/vulnerability/GHSA-38fc-9xqv-7f7q" } ], "schema_version": "1.7.0", "summary": "py39-sqlalchemy10 -- multiple SQL Injection vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "py39-lmdb" }, "ranges": [ { "events": [ { "fixed": "0.98" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://osv.dev/vulnerability/PYSEC-2019-236", "https://osv.dev/vulnerability/PYSEC-2019-237", "https://osv.dev/vulnerability/PYSEC-2019-238", "https://osv.dev/vulnerability/PYSEC-2019-239", "https://osv.dev/vulnerability/PYSEC-2019-240" ], "discovery": "2019-09-11T00:00:00Z", "references": { "cvename": [ "CVE-2019-16224", "CVE-2019-16225", "CVE-2019-16226", "CVE-2019-16227", "CVE-2019-16228" ] }, "vid": "c13a8c17-cbeb-11ed-956f-7054d21a9e2a" }, "details": "TeamSeri0us reports:\n\n> An issue was discovered in py-lmdb 0.97. For certain values of\n> md_flags, mdb_node_add does not properly set up a memcpy destination,\n> leading to an invalid write operation. NOTE: this outcome occurs when\n> accessing a data.mdb file supplied by an attacker.\n\n> An issue was discovered in py-lmdb 0.97. For certain values of\n> mp_flags, mdb_page_touch does not properly set up\n> mc-\\>mc_pg\\[mc-\\>top\\], leading to an invalid write operation. NOTE:\n> this outcome occurs when accessing a data.mdb file supplied by an\n> attacker.\n\n> An issue was discovered in py-lmdb 0.97. mdb_node_del does not\n> validate a memmove in the case of an unexpected node-\\>mn_hi, leading\n> to an invalid write operation. NOTE: this outcome occurs when\n> accessing a data.mdb file supplied by an attacker.\n\n> An issue was discovered in py-lmdb 0.97. For certain values of\n> mn_flags, mdb_cursor_set triggers a memcpy with an invalid write\n> operation within mdb_xcursor_init1. NOTE: this outcome occurs when\n> accessing a data.mdb file supplied by an attacker.\n\n> An issue was discovered in py-lmdb 0.97. There is a divide-by-zero\n> error in the function mdb_env_open2 if mdb_env_read_header obtains a\n> zero value for a certain size field. NOTE: this outcome occurs when\n> accessing a data.mdb file supplied by an attacker.\n", "id": "FreeBSD-2023-0102", "modified": "2023-03-26T00:00:00Z", "published": "2023-03-26T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://osv.dev/vulnerability/PYSEC-2019-236" }, { "type": "REPORT", "url": "https://osv.dev/vulnerability/PYSEC-2019-237" }, { "type": "REPORT", "url": "https://osv.dev/vulnerability/PYSEC-2019-238" }, { "type": "REPORT", "url": "https://osv.dev/vulnerability/PYSEC-2019-239" }, { "type": "REPORT", "url": "https://osv.dev/vulnerability/PYSEC-2019-240" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-16224" }, { "type": "WEB", "url": "https://osv.dev/vulnerability/PYSEC-2019-236" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-16225" }, { "type": "WEB", "url": "https://osv.dev/vulnerability/PYSEC-2019-237" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-16226" }, { "type": "WEB", "url": "https://osv.dev/vulnerability/PYSEC-2019-238" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-16227" }, { "type": "WEB", "url": "https://osv.dev/vulnerability/PYSEC-2019-239" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-16228" }, { "type": "WEB", "url": "https://osv.dev/vulnerability/PYSEC-2019-240" } ], "schema_version": "1.7.0", "summary": "py39-lmdb -- multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "py39-Elixir" }, "ranges": [ { "events": [ { "last_affected": "0.8.0" }, { "fixed": "0.8.0" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://osv.dev/vulnerability/PYSEC-2012-13" ], "discovery": "2012-08-26T00:00:00Z", "references": { "cvename": [ "CVE-2012-2146" ] }, "vid": "2991178f-cbe8-11ed-956f-7054d21a9e2a" }, "details": "Red Hat Security Response Team reports:\n\n> Elixir 0.8.0 uses Blowfish in CFB mode without constructing a unique\n> initialization vector (IV), which makes it easier for\n> context-dependent users to obtain sensitive information and decrypt\n> the database.\n", "id": "FreeBSD-2023-0101", "modified": "2023-03-26T00:00:00Z", "published": "2023-03-26T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://osv.dev/vulnerability/PYSEC-2012-13" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2012-2146" }, { "type": "WEB", "url": "https://osv.dev/vulnerability/PYSEC-2012-13" } ], "schema_version": "1.7.0", "summary": "py39-Elixir -- weak use of cryptography" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "py39-rencode" }, "ranges": [ { "events": [ { "last_affected": "1.0.6_1" }, { "fixed": "1.0.6_1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://nvd.nist.gov/vuln/detail/CVE-2021-40839" ], "discovery": "2021-09-09T00:00:00Z", "references": { "cvename": [ "CVE-2021-40839" ] }, "vid": "70d0d2ec-cb62-11ed-956f-7054d21a9e2a" }, "details": "NIST reports:\n\n> The rencode package through 1.0.6 for Python allows an infinite loop\n> in typecode decoding (such as via ;\\\\x2f\\\\x7f), enabling a remote\n> attack that consumes CPU and memory.\n", "id": "FreeBSD-2023-0100", "modified": "2023-03-26T00:00:00Z", "published": "2023-03-25T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-40839" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-40839" }, { "type": "WEB", "url": "https://osv.dev/vulnerability/PYSEC-2021-345" }, { "type": "WEB", "url": "https://osv.dev/vulnerability/GHSA-gh8j-2pgf-x458" } ], "schema_version": "1.7.0", "summary": "py39-rencode -- infinite loop that could lead to Denial of Service" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "chromium" }, "ranges": [ { "events": [ { "fixed": "112.0.5615.49" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "ungoogled-chromium" }, "ranges": [ { "events": [ { "fixed": "112.0.5615.49" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://chromereleases.googleblog.com/2023/04/stable-channel-update-for-desktop.html" ], "discovery": "2023-04-05T00:00:00Z", "references": { "cvename": [ "CVE-2023-1810", "CVE-2023-1811", "CVE-2023-1812", "CVE-2023-1813", "CVE-2023-1814", "CVE-2023-1815", "CVE-2023-1816", "CVE-2023-1817", "CVE-2023-1818", "CVE-2023-1819", "CVE-2023-1820", "CVE-2023-1821", "CVE-2023-1822", "CVE-2023-1823" ] }, "vid": "3d5581ff-d388-11ed-8581-a8a1599412c6" }, "details": "Chrome Releases reports:\n\n> This update includes 16 security fixes:\n>\n> - \\[1414018\\] High CVE-2023-1810: Heap buffer overflow in Visuals.\n> Reported by Weipeng Jiang (@Krace) of VRI on 2023-02-08\n> - \\[1420510\\] High CVE-2023-1811: Use after free in Frames. Reported\n> by Thomas Orlita on 2023-03-01\n> - \\[1418224\\] Medium CVE-2023-1812: Out of bounds memory access in DOM\n> Bindings. Reported by Shijiang Yu on 2023-02-22\n> - \\[1423258\\] Medium CVE-2023-1813: Inappropriate implementation in\n> Extensions. Reported by Axel Chong on 2023-03-10\n> - \\[1417325\\] Medium CVE-2023-1814: Insufficient validation of\n> untrusted input in Safe Browsing. Reported by Young Min Kim\n> (@ylemkimon), CompSec Lab at Seoul National University on 2023-02-18\n> - \\[1278708\\] Medium CVE-2023-1815: Use after free in Networking APIs.\n> Reported by DDV_UA on 2021-12-10\n> - \\[1413919\\] Medium CVE-2023-1816: Incorrect security UI in Picture\n> In Picture. Reported by NDevTK on 2023-02-08\n> - \\[1418061\\] Medium CVE-2023-1817: Insufficient policy enforcement in\n> Intents. Reported by Axel Chong on 2023-02-22\n> - \\[1223346\\] Medium CVE-2023-1818: Use after free in Vulkan. Reported\n> by Abdulrahman Alqabandi, Microsoft Browser Vulnerability Research,\n> Eric Lawrence, Microsoft, Patrick Walker (@HomeSen), and Kirtikumar\n> Anandrao Ramchandani on 2021-06-24\n> - \\[1406588\\] Medium CVE-2023-1819: Out of bounds read in\n> Accessibility. Reported by Microsoft Edge Team on 2023-01-12\n> - \\[1408120\\] Medium CVE-2023-1820: Heap buffer overflow in Browser\n> History. Reported by raven at KunLun lab on 2023-01-17\n> - \\[1413618\\] Low CVE-2023-1821: Inappropriate implementation in\n> WebShare. Reported by Axel Chong on 2023-02-07\n> - \\[1066555\\] Low CVE-2023-1822: Incorrect security UI in Navigation.\n> Reported by \uac15\uc6b0\uc9c4 on 2020-04-01\n> - \\[1406900\\] Low CVE-2023-1823: Inappropriate implementation in\n> FedCM. Reported by Jasper Rebane (popstonia) on 2023-01-13\n", "id": "FreeBSD-2023-0099", "modified": "2023-04-05T00:00:00Z", "published": "2023-04-05T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://chromereleases.googleblog.com/2023/04/stable-channel-update-for-desktop.html" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-1810" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-1811" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-1812" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-1813" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-1814" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-1815" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-1816" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-1817" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-1818" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-1819" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-1820" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-1821" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-1822" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-1823" }, { "type": "WEB", "url": "https://chromereleases.googleblog.com/2023/04/stable-channel-update-for-desktop.html" } ], "schema_version": "1.7.0", "summary": "chromium -- multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "go119" }, "ranges": [ { "events": [ { "fixed": "1.19.8" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "go120" }, "ranges": [ { "events": [ { "fixed": "1.20.3" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://go.dev/issue/59180", "https://go.dev/issue/59234", "https://go.dev/issue/58975", "https://go.dev/issue/59153" ], "discovery": "2023-04-04T00:00:00Z", "references": { "cvename": [ "CVE-2023-24537", "CVE-2023-24538", "CVE-2023-24534", "CVE-2023-24536" ] }, "vid": "348ee234-d541-11ed-ad86-a134a566f1e6" }, "details": "The Go project reports:\n\n> go/parser: infinite loop in parsing\n>\n> Calling any of the Parse functions on Go source code which contains\n> //line directives with very large line numbers can cause an infinite\n> loop due to integer overflow.\n\n> html/template: backticks not treated as string delimiters\n>\n> Templates did not properly consider backticks (\\`) as Javascript\n> string delimiters, and as such did not escape them as expected.\n> Backticks are used, since ES6, for JS template literals. If a template\n> contained a Go template action within a Javascript template literal,\n> the contents of the action could be used to terminate the literal,\n> injecting arbitrary Javascript code into the Go template. As ES6\n> template literals are rather complex, and themselves can do string\n> interpolation, we\\'ve decided to simply disallow Go template actions\n> from being used inside of them (e.g. \\\"var a = {{.}}\\\"), since there\n> is no obviously safe way to allow this behavior. This takes the same\n> approach as github.com/google/safehtml. Template.Parse will now return\n> an Error when it encounters templates like this, with a currently\n> unexported ErrorCode with a value of 12. This ErrorCode will be\n> exported in the next major release.\n\n> net/http, net/textproto: denial of service from excessive memory\n> allocation\n>\n> HTTP and MIME header parsing could allocate large amounts of memory,\n> even when parsing small inputs. Certain unusual patterns of input data\n> could cause the common function used to parse HTTP and MIME headers to\n> allocate substantially more memory than required to hold the parsed\n> headers. An attacker can exploit this behavior to cause an HTTP server\n> to allocate large amounts of memory from a small request, potentially\n> leading to memory exhaustion and a denial of service. Header parsing\n> now correctly allocates only the memory required to hold parsed\n> headers.\n\n> net/http, net/textproto, mime/multipart: denial of service from\n> excessive resource consumption\n>\n> Multipart form parsing can consume large amounts of CPU and memory\n> when processing form inputs containing very large numbers of parts.\n> This stems from several causes: mime/multipart.Reader.ReadForm limits\n> the total memory a parsed multipart form can consume. ReadForm could\n> undercount the amount of memory consumed, leading it to accept larger\n> inputs than intended. Limiting total memory does not account for\n> increased pressure on the garbage collector from large numbers of\n> small allocations in forms with many parts. ReadForm could allocate a\n> large number of short-lived buffers, further increasing pressure on\n> the garbage collector. The combination of these factors can permit an\n> attacker to cause an program that parses multipart forms to consume\n> large amounts of CPU and memory, potentially resulting in a denial of\n> service. This affects programs that use\n> mime/multipart.Reader.ReadForm, as well as form parsing in the\n> net/http package with the Request methods FormFile, FormValue,\n> ParseMultipartForm, and PostFormValue. ReadForm now does a better job\n> of estimating the memory consumption of parsed forms, and performs\n> many fewer short-lived allocations. In addition, mime/multipart.Reader\n> now imposes the following limits on the size of parsed forms: Forms\n> parsed with ReadForm may contain no more than 1000 parts. This limit\n> may be adjusted with the environment variable\n> GODEBUG=multipartmaxparts=. Form parts parsed with NextPart and\n> NextRawPart may contain no more than 10,000 header fields. In\n> addition, forms parsed with ReadForm may contain no more than 10,000\n> header fields across all parts. This limit may be adjusted with the\n> environment variable GODEBUG=multipartmaxheaders=.\n", "id": "FreeBSD-2023-0098", "modified": "2023-04-07T00:00:00Z", "published": "2023-04-07T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://go.dev/issue/59180" }, { "type": "REPORT", "url": "https://go.dev/issue/59234" }, { "type": "REPORT", "url": "https://go.dev/issue/58975" }, { "type": "REPORT", "url": "https://go.dev/issue/59153" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-24537" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-24538" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-24534" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-24536" }, { "type": "WEB", "url": "https://groups.google.com/g/golang-dev/c/P-sOFU28bj0/m/QE_cqf22AgAJ" } ], "schema_version": "1.7.0", "summary": "go -- multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "samba416" }, "ranges": [ { "events": [ { "fixed": "4.16.10" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "samba417" }, "ranges": [ { "events": [ { "fixed": "4.17.7" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "samba418" }, "ranges": [ { "events": [ { "fixed": "4.18.1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://www.samba.org/samba/security/CVE-2023-0225.html", "https://www.samba.org/samba/security/CVE-2023-0922.html", "https://www.samba.org/samba/security/CVE-2023-0614.html" ], "discovery": "2023-03-29T00:00:00Z", "references": { "cvename": [ "CVE-2023-0225", "CVE-2023-0922", "CVE-2023-0614" ] }, "vid": "e86b8e4d-d551-11ed-8d1e-005056a311d1" }, "details": "The Samba Team reports:\n\n> An incomplete access check on dnsHostName allows authenticated but\n> otherwise unprivileged users to delete this attribute from any object\n> in the directory.\n\n> The Samba AD DC administration tool, when operating against a remote\n> LDAP server, will by default send new or reset passwords over a\n> signed-only connection.\n\n> The fix in 4.6.16, 4.7.9, 4.8.4 and 4.9.7 for CVE-2018-10919\n> Confidential attribute disclosure via LDAP filters was insufficient\n> and an attacker may be able to obtain confidential BitLocker recovery\n> keys from a Samba AD DC.\n>\n> Installations with such secrets in their Samba AD should assume they\n> have been obtained and need replacing.\n", "id": "FreeBSD-2023-0097", "modified": "2023-04-07T00:00:00Z", "published": "2023-04-07T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://www.samba.org/samba/security/CVE-2023-0225.html" }, { "type": "REPORT", "url": "https://www.samba.org/samba/security/CVE-2023-0922.html" }, { "type": "REPORT", "url": "https://www.samba.org/samba/security/CVE-2023-0614.html" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-0225" }, { "type": "WEB", "url": "https://www.samba.org/samba/security/CVE-2023-0225.html" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-0922" }, { "type": "WEB", "url": "https://www.samba.org/samba/security/CVE-2023-0922.html" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-0614" }, { "type": "WEB", "url": "https://www.samba.org/samba/security/CVE-2023-0614.html" } ], "schema_version": "1.7.0", "summary": "samba -- multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "ffmpeg" }, "ranges": [ { "events": [ { "introduced": "5.1,1" }, { "fixed": "5.1.3,1" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "5.0,1" }, { "fixed": "5.0.3,1" } ], "type": "ECOSYSTEM" }, { "events": [ { "fixed": "4.4.4,1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "ffmpeg4" }, "ranges": [ { "events": [ { "fixed": "4.4.4" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "avidemux" }, "ranges": [ { "events": [ { "last_affected": "2.9" }, { "fixed": "2.9" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "emby-server" }, "ranges": [ { "events": [ { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "emby-server-devel" }, "ranges": [ { "events": [ { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "handbrake" }, "ranges": [ { "events": [ { "fixed": "1.6.0" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "mythtv" }, "ranges": [ { "events": [ { "last_affected": "33.0,1" }, { "fixed": "33.0,1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "mythtv-frontend" }, "ranges": [ { "events": [ { "last_affected": "33.0,1" }, { "fixed": "33.0,1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://nvd.nist.gov/vuln/detail/CVE-2022-3109", "https://nvd.nist.gov/vuln/detail/CVE-2022-3341", "https://nvd.nist.gov/vuln/detail/CVE-2022-3964" ], "discovery": "2022-11-12T00:00:00Z", "references": { "cvename": [ "CVE-2022-3109", "CVE-2022-3341", "CVE-2022-3964" ] }, "vid": "faf7c1d0-f5bb-47b4-a6a8-ef57317b9766" }, "details": "NVD reports:\n\n> An issue was discovered in the FFmpeg package, where vp3_decode_frame\n> in libavcodec/vp3.c lacks check of the return value of av_malloc() and\n> will cause a null pointer dereference, impacting availability.\n\n> A null pointer dereference issue was discovered in \\'FFmpeg\\' in\n> decode_main_header() function of libavformat/nutdec.c file. The flaw\n> occurs because the function lacks check of the return value of\n> avformat_new_stream() and triggers the null pointer dereference error,\n> causing an application to crash.\n\n> A vulnerability classified as problematic has been found in ffmpeg.\n> This affects an unknown part of the file libavcodec/rpzaenc.c of the\n> component QuickTime RPZA Video Encoder. The manipulation of the\n> argument y_size leads to out-of-bounds read. It is possible to\n> initiate the attack remotely. The name of the patch is\n> 92f9b28ed84a77138105475beba16c146bdaf984. It is recommended to apply a\n> patch to fix this issue. The associated identifier of this\n> vulnerability is VDB-213543.\n", "id": "FreeBSD-2023-0096", "modified": "2023-04-10T00:00:00Z", "published": "2023-04-07T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-3109" }, { "type": "REPORT", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-3341" }, { "type": "REPORT", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-3964" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-3109" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-3341" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-3964" }, { "type": "WEB", "url": "https://git.ffmpeg.org/gitweb/ffmpeg.git/commitdiff/2cdddcd6ec90c7a248ffe792d85faa4d89eab9f7" }, { "type": "WEB", "url": "https://git.ffmpeg.org/gitweb/ffmpeg.git/commitdiff/481e81be1271ac9a0124ee615700390c2371bd89" }, { "type": "WEB", "url": "https://git.ffmpeg.org/gitweb/ffmpeg.git/commitdiff/1eb002596e3761d88de4aeea3158692b82fb6307" }, { "type": "WEB", "url": "https://ffmpeg.org/security.html" } ], "schema_version": "1.7.0", "summary": "ffmpeg -- multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "mediawiki135" }, "ranges": [ { "events": [ { "fixed": "1.35.10" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "mediawiki138" }, "ranges": [ { "events": [ { "fixed": "1.38.6" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "mediawiki139" }, "ranges": [ { "events": [ { "fixed": "1.39.3" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://lists.wikimedia.org/hyperkitty/list/mediawiki-announce@lists.wikimedia.org/message/6UQBHI5FWLATD7QO7DI4YS54U7XSSLAN/" ], "discovery": "2020-04-02T00:00:00Z", "references": { "cvename": [ "CVE-2020-36649" ] }, "vid": "466ba8bd-d033-11ed-addf-080027eda32c" }, "details": "Mediawikwi reports:\n\n> (T285159, CVE-2023-PENDING) SECURITY: X-Forwarded-For header allows\n> brute-forcing autoblocked IP addresses.\n>\n> (T326946, CVE-2020-36649) SECURITY: Bundled PapaParse copy in\n> VisualEditor has known ReDos.\n>\n> (T330086, CVE-2023-PENDING) SECURITY: OATHAuth allows replay attacks\n> when MediaWiki is configured without ObjectCache; Insecure Default\n> Configuration.\n", "id": "FreeBSD-2023-0095", "modified": "2023-04-01T00:00:00Z", "published": "2023-04-01T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://lists.wikimedia.org/hyperkitty/list/mediawiki-announce@lists.wikimedia.org/message/6UQBHI5FWLATD7QO7DI4YS54U7XSSLAN/" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-36649" }, { "type": "WEB", "url": "https://lists.wikimedia.org/hyperkitty/list/mediawiki-announce@lists.wikimedia.org/message/6UQBHI5FWLATD7QO7DI4YS54U7XSSLAN/" } ], "schema_version": "1.7.0", "summary": "mediawiki -- multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "gitlab-ce" }, "ranges": [ { "events": [ { "introduced": "15.10.0" }, { "fixed": "15.10.1" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "15.9.0" }, { "fixed": "15.9.4" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "8.1" }, { "fixed": "15.8.5" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://about.gitlab.com/releases/2023/03/30/security-release-gitlab-15-10-1-released/" ], "discovery": "2023-03-30T00:00:00Z", "references": { "cvename": [ "CVE-2022-3513", "CVE-2023-0485", "CVE-2023-1098", "CVE-2023-1733", "CVE-2023-0319", "CVE-2023-1708", "CVE-2023-0838", "CVE-2023-0523", "CVE-2023-0155", "CVE-2023-1167", "CVE-2023-1417", "CVE-2023-1710", "CVE-2023-0450", "CVE-2023-1071", "CVE-2022-3375" ] }, "vid": "54006796-cf7b-11ed-a5d5-001b217b3468" }, "details": "Gitlab reports:\n\n> Cross-site scripting in \\\"Maximum page reached\\\" page\n>\n> Private project guests can read new changes using a fork\n>\n> Mirror repository error reveals password in Settings UI\n>\n> DOS and high resource consumption of Prometheus server through abuse\n> of Prometheus integration proxy endpoint\n>\n> Unauthenticated users can view Environment names from public projects\n> limited to project members only\n>\n> Copying information to the clipboard could lead to the execution of\n> unexpected commands\n>\n> Maintainer can leak masked webhook secrets by adding a new parameter\n> to the webhook URL\n>\n> Arbitrary HTML injection possible when :soft_email_confirmation\n> feature flag is enabled in the latest release\n>\n> Framing of arbitrary content (leading to open redirects) on any page\n> allowing user controlled markdown\n>\n> MR for security reports are available to everyone\n>\n> API timeout when searching for group issues\n>\n> Unauthorised user can add child epics linked to victim\\'s epic in an\n> unrelated group\n>\n> GitLab search allows to leak internal notes\n>\n> Ambiguous branch name exploitation in GitLab\n>\n> Improper permissions checks for moving an issue\n>\n> Private project branches names can be leaked through a fork\n", "id": "FreeBSD-2023-0094", "modified": "2023-03-31T00:00:00Z", "published": "2023-03-31T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://about.gitlab.com/releases/2023/03/30/security-release-gitlab-15-10-1-released/" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-3513" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-0485" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-1098" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-1733" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-0319" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-1708" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-0838" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-0523" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-0155" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-1167" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-1417" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-1710" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-0450" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-1071" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-3375" }, { "type": "WEB", "url": "https://about.gitlab.com/releases/2023/03/30/security-release-gitlab-15-10-1-released/" } ], "schema_version": "1.7.0", "summary": "Gitlab -- Multiple Vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "ruby" }, "ranges": [ { "events": [ { "introduced": "2.7.0,1" }, { "fixed": "2.7.8,1" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "3.0.0,1" }, { "fixed": "3.0.6,1" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "3.1.0,1" }, { "fixed": "3.1.4,1" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "3.2.0.p1,1" }, { "fixed": "3.2.2,1" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "ruby27" }, "ranges": [ { "events": [ { "introduced": "2.7.0,1" }, { "fixed": "2.7.8,1" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "ruby30" }, "ranges": [ { "events": [ { "introduced": "3.0.0,1" }, { "fixed": "3.0.6,1" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "ruby31" }, "ranges": [ { "events": [ { "introduced": "3.1.0,1" }, { "fixed": "3.1.4,1" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "ruby32" }, "ranges": [ { "events": [ { "introduced": "3.2.0.p1,1" }, { "fixed": "3.2.2,1" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "rubygem-time" }, "ranges": [ { "events": [ { "fixed": "0.2.2" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://www.ruby-lang.org/en/news/2023/03/30/redos-in-time-cve-2023-28756/" ], "discovery": "2023-03-30T00:00:00Z", "references": { "cvename": [ "CVE-2023-28756" ] }, "vid": "6bd2773c-cf1a-11ed-bd44-080027f5fec9" }, "details": "ooooooo_q reports:\n\n> The Time parser mishandles invalid strings that have specific\n> characters. It causes an increase in execution time for parsing\n> strings to Time objects.\n", "id": "FreeBSD-2023-0093", "modified": "2023-03-30T00:00:00Z", "published": "2023-03-30T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://www.ruby-lang.org/en/news/2023/03/30/redos-in-time-cve-2023-28756/" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-28756" }, { "type": "WEB", "url": "https://www.ruby-lang.org/en/news/2023/03/30/redos-in-time-cve-2023-28756/" } ], "schema_version": "1.7.0", "summary": "rubygem-time -- ReDoS vulnerability" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "ruby" }, "ranges": [ { "events": [ { "introduced": "2.7.0,1" }, { "fixed": "2.7.8,1" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "3.0.0,1" }, { "fixed": "3.0.6,1" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "3.1.0,1" }, { "fixed": "3.1.4,1" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "3.2.0.p1,1" }, { "fixed": "3.2.2,1" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "ruby27" }, "ranges": [ { "events": [ { "introduced": "2.7.0,1" }, { "fixed": "2.7.8,1" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "ruby30" }, "ranges": [ { "events": [ { "introduced": "3.0.0,1" }, { "fixed": "3.0.6,1" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "ruby31" }, "ranges": [ { "events": [ { "introduced": "3.1.0,1" }, { "fixed": "3.1.4,1" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "ruby32" }, "ranges": [ { "events": [ { "introduced": "3.2.0.p1,1" }, { "fixed": "3.2.2,1" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "rubygem-uri" }, "ranges": [ { "events": [ { "fixed": "0.12.1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://www.ruby-lang.org/en/news/2023/03/28/redos-in-uri-cve-2023-28755/" ], "discovery": "2023-03-28T00:00:00Z", "references": { "cvename": [ "CVE-2023-28755" ] }, "vid": "9b60bba1-cf18-11ed-bd44-080027f5fec9" }, "details": "Dominic Couture reports:\n\n> A ReDoS issue was discovered in the URI component. The URI parser\n> mishandles invalid URLs that have specific characters. It causes an\n> increase in execution time for parsing strings to URI objects.\n", "id": "FreeBSD-2023-0092", "modified": "2023-03-30T00:00:00Z", "published": "2023-03-30T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://www.ruby-lang.org/en/news/2023/03/28/redos-in-uri-cve-2023-28755/" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-28755" }, { "type": "WEB", "url": "https://www.ruby-lang.org/en/news/2023/03/28/redos-in-uri-cve-2023-28755/" } ], "schema_version": "1.7.0", "summary": "rubygem-uri -- ReDoS vulnerability" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "powerdns-recursor" }, "ranges": [ { "events": [ { "fixed": "4.8.4" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://blog.powerdns.com/2023/03/29/security-advisory-2023-02-for-powerdns-recursor-up-to-and-including-4-6-5-4-7-4-and-4-8-3/" ], "discovery": "2023-03-29T00:00:00Z", "references": { "cvename": [ "CVE-2023-26437" ] }, "vid": "dc33795f-ced7-11ed-b1fe-6805ca2fa271" }, "details": "PowerDNS Team reports:\n\n> PowerDNS Security Advisory 2023-02: Deterred spoofing attempts can\n> lead to authoritative servers being marked unavailable\n", "id": "FreeBSD-2023-0091", "modified": "2023-03-30T00:00:00Z", "published": "2023-03-30T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://blog.powerdns.com/2023/03/29/security-advisory-2023-02-for-powerdns-recursor-up-to-and-including-4-6-5-4-7-4-and-4-8-3/" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-26437" }, { "type": "WEB", "url": "https://doc.powerdns.com/recursor/security-advisories/powerdns-advisory-2023-02.html" } ], "schema_version": "1.7.0", "summary": "powerdns-recursor -- denial of service" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "xorg-server" }, "ranges": [ { "events": [ { "fixed": "21.1.8,1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "xephyr" }, "ranges": [ { "events": [ { "fixed": "21.1.8,1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "xorg-vfbserver" }, "ranges": [ { "events": [ { "fixed": "21.1.8,1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "xorg-nestserver" }, "ranges": [ { "events": [ { "fixed": "21.1.8,2" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "xwayland" }, "ranges": [ { "events": [ { "introduced": "23.0.0,1" }, { "fixed": "23.1.1,1" } ], "type": "ECOSYSTEM" }, { "events": [ { "fixed": "22.1.9,1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "xwayland-devel" }, "ranges": [ { "events": [ { "fixed": "21.0.99.1.439" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://lists.x.org/archives/xorg-announce/2023-March/003374.html" ], "discovery": "2023-03-29T00:00:00Z", "references": { "cvename": [ "CVE-2023-1393" ] }, "vid": "96d84238-b500-490b-b6aa-2b77090a0410" }, "details": "The X.Org project reports:\n\n> - ZDI-CAN-19866/CVE-2023-1393: X.Org Server Overlay Window\n> Use-After-Free Local Privilege Escalation Vulnerability\n>\n> If a client explicitly destroys the compositor overlay window (aka\n> COW), the Xserver would leave a dangling pointer to that window in\n> the CompScreen structure, which will trigger a use-after-free later.\n", "id": "FreeBSD-2023-0090", "modified": "2023-03-29T00:00:00Z", "published": "2023-03-29T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://lists.x.org/archives/xorg-announce/2023-March/003374.html" }, { "type": "WEB", "url": "https://lists.x.org/archives/xorg-announce/2023-March/003374.html" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-1393" } ], "schema_version": "1.7.0", "summary": "xorg-server -- Overlay Window Use-After-Free" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "openssl" }, "ranges": [ { "events": [ { "fixed": "1.1.1t,1_2" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "openssl30" }, "ranges": [ { "events": [ { "fixed": "3.0.8_2" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "openssl31" }, "ranges": [ { "events": [ { "fixed": "3.1.0_2" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "openssl-quic" }, "ranges": [ { "events": [ { "fixed": "3.0.8_2" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://www.openssl.org/news/secadv/20230328.txt" ], "discovery": "2023-03-28T00:00:00Z", "references": { "cvename": [ "CVE-2023-0465", "CVE-2023-0466" ] }, "vid": "425b9538-ce5f-11ed-ade3-d4c9ef517024" }, "details": "The OpenSSL project reports:\n\n> Severity: low\n>\n> Applications that use a non-default option when verifying certificates\n> may be vulnerable to an attack from a malicious CA to circumvent\n> certain checks.\n>\n> The function X509_VERIFY_PARAM_add0_policy() is documented to\n> implicitly enable the certificate policy check when doing certificate\n> verification. However the implementation of the function does not\n> enable the check which allows certificates with invalid or incorrect\n> policies to pass the certificate verification.\n", "id": "FreeBSD-2023-0089", "modified": "2023-03-29T00:00:00Z", "published": "2023-03-29T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://www.openssl.org/news/secadv/20230328.txt" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-0465" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-0466" }, { "type": "WEB", "url": "https://www.openssl.org/news/secadv/20230328.txt" } ], "schema_version": "1.7.0", "summary": "OpenSSL -- Multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "grafana" }, "ranges": [ { "events": [ { "fixed": "8.5.22" }, { "introduced": "0" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "9.0.0" }, { "fixed": "9.2.15" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "9.3.0" }, { "fixed": "9.3.11" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "9.4.0" }, { "fixed": "9.4.7" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "grafana8" }, "ranges": [ { "events": [ { "fixed": "8.5.22" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "grafana9" }, "ranges": [ { "events": [ { "fixed": "9.2.15" }, { "introduced": "0" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "9.3.0" }, { "fixed": "9.3.11" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "9.4.0" }, { "fixed": "9.4.7" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://grafana.com/blog/2023/03/22/grafana-security-release-new-versions-with-security-fixes-for-cve-2023-1410/" ], "discovery": "2023-03-14T00:00:00Z", "references": { "cvename": [ "CVE-2023-1410" ] }, "vid": "955eb3cc-ce0b-11ed-825f-6c3be5272acd" }, "details": "Grafana Labs reports:\n\n> When a user adds a Graphite data source, they can then use the data\n> source in a dashboard. This capability contains a feature to use\n> Functions. Once a function is selected, a small tooltip appears when\n> hovering over the name of the function. This tooltip allows you to\n> delete the selected Function from your query or show the Function\n> Description. However, no sanitization is done when adding this\n> description to the DOM.\n>\n> Since it is not uncommon to connect to public data sources, an\n> attacker could host a Graphite instance with modified Function\n> Descriptions containing XSS payloads. When the victim uses it in a\n> query and accidentally hovers over the Function Description, an\n> attacker-controlled XSS payload will be executed.\n>\n> The severity of this vulnerability is of CVSSv3.1 5.7 Medium (CVSS:\n> AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:N (5.7)).\n", "id": "FreeBSD-2023-0088", "modified": "2023-03-29T00:00:00Z", "published": "2023-03-29T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://grafana.com/blog/2023/03/22/grafana-security-release-new-versions-with-security-fixes-for-cve-2023-1410/" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-1410" }, { "type": "WEB", "url": "https://grafana.com/security/security-advisories/cve-2023-1410/" } ], "schema_version": "1.7.0", "summary": "Grafana -- Stored XSS in Graphite FunctionDescription tooltip" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "element-web" }, "ranges": [ { "events": [ { "fixed": "1.11.26" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "cinny" }, "ranges": [ { "events": [ { "last_affected": "2.2.4" }, { "fixed": "2.2.4" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://matrix.org/blog/2023/03/28/security-releases-matrix-js-sdk-24-0-0-and-matrix-react-sdk-3-69-0" ], "discovery": "2023-03-28T00:00:00Z", "references": { "cvename": [ "CVE-2023-28103", "CVE-2023-28427" ] }, "vid": "5b0ae405-cdc7-11ed-bb39-901b0e9408dc" }, "details": "Matrix developers report:\n\n> Today we are issuing security releases of matrix-js-sdk and\n> matrix-react-sdk to patch a pair of High severity vulnerabilities\n> (CVE-2023-28427 / GHSA-mwq8-fjpf-c2gr for matrix-js-sdk and\n> CVE-2023-28103 / GHSA-6g43-88cp-w5gv for matrix-react-sdk).\n>\n> The issues involve prototype pollution via events containing special\n> strings in key locations, which can temporarily disrupt normal\n> functioning of matrix-js-sdk and matrix-react-sdk, potentially\n> impacting the consumer\\'s ability to process data safely.\n", "id": "FreeBSD-2023-0087", "modified": "2023-03-29T00:00:00Z", "published": "2023-03-29T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://matrix.org/blog/2023/03/28/security-releases-matrix-js-sdk-24-0-0-and-matrix-react-sdk-3-69-0" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-28103" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-28427" }, { "type": "WEB", "url": "https://matrix.org/blog/2023/03/28/security-releases-matrix-js-sdk-24-0-0-and-matrix-react-sdk-3-69-0" } ], "schema_version": "1.7.0", "summary": "Matrix clients -- Prototype pollution in matrix-js-sdk" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "phpmyfaq" }, "ranges": [ { "events": [ { "fixed": "3.1.12" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://www.phpmyfaq.de/security/advisory-2023-03-20" ], "discovery": "2023-03-20T00:00:00Z", "vid": "6bacd9fd-ca56-11ed-bc52-589cfc0f81b0" }, "details": "phpmyfaq developers report:\n\n> XSS\n>\n> weak passwords\n>\n> privilege escalation\n>\n> Captcha bypass\n", "id": "FreeBSD-2023-0086", "modified": "2023-03-24T00:00:00Z", "published": "2023-03-24T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://www.phpmyfaq.de/security/advisory-2023-03-20" }, { "type": "WEB", "url": "https://huntr.dev/bounties/e8109aed-d364-4c0c-9545-4de0347b10e1/" }, { "type": "WEB", "url": "https://huntr.dev/bounties/39715aaf-e798-4c60-97c4-45f4f2cd5c61/" }, { "type": "WEB", "url": "https://huntr.dev/bounties/01d6ae23-3a8f-42a8-99f4-10246187d71b/" }, { "type": "WEB", "url": "https://huntr.dev/bounties/dda73cb6-9344-4822-97a1-2e31efb6a73e/" }, { "type": "WEB", "url": "https://huntr.dev/bounties/529f2361-eb2e-476f-b7ef-4e561a712e28/" }, { "type": "WEB", "url": "https://huntr.dev/bounties/1dc7f818-c8ea-4f80-b000-31b48a426334/" }, { "type": "WEB", "url": "https://huntr.dev/bounties/e495b443-b328-42f5-aed5-d68b929b4cb9/" }, { "type": "WEB", "url": "https://huntr.dev/bounties/ece5f051-674e-4919-b998-594714910f9e/" }, { "type": "WEB", "url": "https://huntr.dev/bounties/93f981a3-231d-460d-a239-bb960e8c2fdc/" }, { "type": "WEB", "url": "https://huntr.dev/bounties/e4a58835-96b5-412c-a17e-3ceed30231e1/" }, { "type": "WEB", "url": "https://huntr.dev/bounties/b7d244b7-5ac3-4964-81ee-8dbb5bb5e33a/" }, { "type": "WEB", "url": "https://huntr.dev/bounties/24c0a65f-0751-4ff8-af63-4b325ac8879f/" }, { "type": "WEB", "url": "https://huntr.dev/bounties/3c2374cc-7082-44b7-a6a6-ccff7a650a3a/" }, { "type": "WEB", "url": "https://huntr.dev/bounties/0854328e-eb00-41a3-9573-8da8f00e369c/" }, { "type": "WEB", "url": "https://huntr.dev/bounties/2f1e417d-cf64-4cfb-954b-3a9cb2f38191/" }, { "type": "WEB", "url": "https://huntr.dev/bounties/584a200a-6ff8-4d53-a3c0-e7893edff60c/" }, { "type": "WEB", "url": "https://huntr.dev/bounties/bce84c02-abb2-474f-a67b-1468c9dcabb8/" }, { "type": "WEB", "url": "https://huntr.dev/bounties/882ffa07-5397-4dbb-886f-4626859d711a/" }, { "type": "WEB", "url": "https://huntr.dev/bounties/8ab09a1c-cfd5-4ce0-aae3-d33c93318957/" }, { "type": "WEB", "url": "https://huntr.dev/bounties/2d0ac48a-490d-4548-8d98-7447042dd1b5/" } ], "schema_version": "1.7.0", "summary": "phpmyfaq -- multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "openssl" }, "ranges": [ { "events": [ { "fixed": "1.1.1t,1_1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "openssl30" }, "ranges": [ { "events": [ { "fixed": "3.0.8_1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "openssl31" }, "ranges": [ { "events": [ { "fixed": "3.1.0_1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "openssl-quic" }, "ranges": [ { "events": [ { "fixed": "3.0.8_1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "virtualbox-ose" }, "ranges": [ { "events": [ { "fixed": "6.1.46" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://www.openssl.org/news/secadv/20230322.txt" ], "discovery": "2023-03-23T00:00:00Z", "references": { "cvename": [ "CVE-2023-0464" ] }, "vid": "1ba034fb-ca38-11ed-b242-d4c9ef517024" }, "details": "The OpenSSL project reports:\n\n> Severity: Low\n>\n> A security vulnerability has been identified in all supported versions\n> of OpenSSL related to the verification of X.509 certificate chains\n> that include policy constraints. Attackers may be able to exploit this\n> vulnerability by creating a malicious certificate chain that triggers\n> exponential use of computational resources, leading to a\n> denial-of-service (DoS) attack on affected systems.\n", "id": "FreeBSD-2023-0085", "modified": "2023-07-19T00:00:00Z", "published": "2023-03-24T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://www.openssl.org/news/secadv/20230322.txt" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-0464" }, { "type": "WEB", "url": "https://www.openssl.org/news/secadv/20230322.txt" } ], "schema_version": "1.7.0", "summary": "OpenSSL -- Excessive Resource Usage Verifying X.509 Policy Constraints" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "rubygem-rack" }, "ranges": [ { "events": [ { "fixed": "3.0.6.1,3" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "rubygem-rack22" }, "ranges": [ { "events": [ { "fixed": "2.2.6.6,3" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "rubygem-rack16" }, "ranges": [ { "events": [ { "fixed": "1.6.14" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://discuss.rubyonrails.org/t/cve-2023-27539-possible-denial-of-service-vulnerability-in-racks-header-parsing/82466" ], "discovery": "2023-03-13T00:00:00Z", "references": { "cvename": [ "CVE-2023-27539" ] }, "vid": "2fdb053c-ca25-11ed-9d7e-080027f5fec9" }, "details": "ooooooo_q reports:\n\n> Carefully crafted input can cause header parsing in Rack to take an\n> unexpected amount of time, possibly resulting in a denial of service\n> attack vector. Any applications that parse headers using Rack\n> (virtually all Rails applications) are impacted.\n", "id": "FreeBSD-2023-0084", "modified": "2023-03-24T00:00:00Z", "published": "2023-03-24T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://discuss.rubyonrails.org/t/cve-2023-27539-possible-denial-of-service-vulnerability-in-racks-header-parsing/82466" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-27539" }, { "type": "WEB", "url": "https://discuss.rubyonrails.org/t/cve-2023-27539-possible-denial-of-service-vulnerability-in-racks-header-parsing/82466" } ], "schema_version": "1.7.0", "summary": "rack -- possible denial of service vulnerability in header parsing" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "dino" }, "ranges": [ { "events": [ { "fixed": "0.4.2" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://dino.im/security/cve-2023-28686/" ], "discovery": "2023-03-23T00:00:00Z", "references": { "cvename": [ "CVE-2023-28686" ] }, "vid": "dec6b8e9-c9fe-11ed-bb39-901b0e9408dc" }, "details": "Dino team reports:\n\n> Dino before 0.2.3, 0.3.x before 0.3.2, and 0.4.x before 0.4.2 allows\n> attackers to modify the personal bookmark store via a crafted message.\n> The attacker can change the display of group chats or force a victim\n> to join a group chat; the victim may then be tricked into disclosing\n> sensitive information.\n", "id": "FreeBSD-2023-0083", "modified": "2023-03-24T00:00:00Z", "published": "2023-03-24T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://dino.im/security/cve-2023-28686/" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-28686" }, { "type": "WEB", "url": "https://dino.im/security/cve-2023-28686/" } ], "schema_version": "1.7.0", "summary": "dino -- Insufficient message sender validation in Dino" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "libXpm" }, "ranges": [ { "events": [ { "fixed": "3.5.15" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://lists.x.org/archives/xorg-announce/2023-January/003312.html" ], "discovery": "2023-01-17T00:00:00Z", "references": { "cvename": [ "CVE-2022-46285", "CVE-2022-44617", "CVE-2022-4883" ] }, "vid": "38f213b6-8f3d-4067-91ef-bf14de7ba518" }, "details": "The X.Org project reports:\n\n> 1. CVE-2022-46285: Infinite loop on unclosed comments\n>\n> When reading XPM images from a file with libXpm 3.5.14 or older,\n> if a comment in the file is not closed (i.e. a C-style comment\n> starts with \\\"/\\*\\\" and is missing the closing \\\"\\*/\\\"), the\n> ParseComment() function will loop forever calling getc() to try to\n> read the rest of the comment, failing to notice that it has\n> returned EOF, which may cause a denial of service to the calling\n> program.\n>\n> This issue was found by Marco Ivaldi of the Humanativa Group\\'s HN\n> Security team.\n>\n> The fix is provided in\n> https://gitlab.freedesktop.org/xorg/lib/libxpm/-/commit/a3a7c6dcc3b629d7650148\n>\n> 2. CVE-2022-44617: Runaway loop on width of 0 and enormous height\n>\n> When reading XPM images from a file with libXpm 3.5.14 or older,\n> if a image has a width of 0 and a very large height, the\n> ParsePixels() function will loop over the entire height calling\n> getc() and ungetc() repeatedly, or in some circumstances, may loop\n> seemingly forever, which may cause a denial of service to the\n> calling program when given a small crafted XPM file to parse.\n>\n> This issue was found by Martin Ettl.\n>\n> The fix is provided in\n> https://gitlab.freedesktop.org/xorg/lib/libxpm/-/commit/f80fa6ae47ad4a5beacb28\n> and\n> https://gitlab.freedesktop.org/xorg/lib/libxpm/-/commit/c5ab17bcc34914c0b0707d\n>\n> 3. CVE-2022-4883: compression commands depend on \\$PATH\n>\n> By default, on all platforms except MinGW, libXpm will detect if a\n> filename ends in .Z or .gz, and will when reading such a file fork\n> off an uncompress or gunzip command to read from via a pipe, and\n> when writing such a file will fork off a compress or gzip command\n> to write to via a pipe.\n>\n> In libXpm 3.5.14 or older these are run via execlp(), relying on\n> \\$PATH to find the commands. If libXpm is called from a program\n> running with raised privileges, such as via setuid, then a\n> malicious user could set \\$PATH to include programs of their\n> choosing to be run with those privileges.\n>\n> This issue was found by Alan Coopersmith of the Oracle Solaris\n> team.\n", "id": "FreeBSD-2023-0082", "modified": "2023-03-23T00:00:00Z", "published": "2023-03-23T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://lists.x.org/archives/xorg-announce/2023-January/003312.html" }, { "type": "WEB", "url": "https://lists.x.org/archives/xorg-announce/2023-January/003312.html" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-46285" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-44617" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-4883" } ], "schema_version": "1.7.0", "summary": "libXpm -- Issues handling XPM files" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "tailscale" }, "ranges": [ { "events": [ { "fixed": "1.38.2" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://tailscale.com/security-bulletins/#ts-2023-003" ], "discovery": "2023-03-22T00:00:00Z", "references": { "cvename": [ "CVE-2023-28436" ] }, "vid": "1b15a554-c981-11ed-bb39-901b0e9408dc" }, "details": "Tailscale team reports:\n\n> A vulnerability identified in the implementation of Tailscale SSH in\n> FreeBSD allowed commands to be run with a higher privilege group ID\n> than that specified by Tailscale SSH access rules.\n", "id": "FreeBSD-2023-0081", "modified": "2023-03-23T00:00:00Z", "published": "2023-03-23T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://tailscale.com/security-bulletins/#ts-2023-003" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-28436" }, { "type": "WEB", "url": "https://tailscale.com/security-bulletins/#ts-2023-003" } ], "schema_version": "1.7.0", "summary": "tailscale -- security vulnerability in Tailscale SSH" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "chromium" }, "ranges": [ { "events": [ { "fixed": "111.0.5563.110" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "ungoogled-chromium" }, "ranges": [ { "events": [ { "fixed": "111.0.5563.110" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://chromereleases.googleblog.com/2023/03/stable-channel-update-for-desktop_21.html" ], "discovery": "2023-03-21T00:00:00Z", "references": { "cvename": [ "CVE-2023-1528", "CVE-2023-1529", "CVE-2023-1530", "CVE-2023-1531", "CVE-2023-1532", "CVE-2023-1533", "CVE-2023-1534" ] }, "vid": "c8b334e0-6e83-4575-81d1-f9d5803ceb07" }, "details": "Chrome Releases reports:\n\n> This update includes 8 security fixes:\n>\n> - \\[1421773\\] High CVE-2023-1528: Use after free in Passwords.\n> Reported by Wan Choi of Seoul National University on 2023-03-07\n> - \\[1419718\\] High CVE-2023-1529: Out of bounds memory access in\n> WebHID. Reported by anonymous on 2023-02-27\n> - \\[1419831\\] High CVE-2023-1530: Use after free in PDF. Reported by\n> The UK\\'s National Cyber Security Centre (NCSC) on 2023-02-27\n> - \\[1415330\\] High CVE-2023-1531: Use after free in ANGLE. Reported by\n> Piotr Bania of Cisco Talos on 2023-02-13\n> - \\[1421268\\] High CVE-2023-1532: Out of bounds read in GPU Video.\n> Reported by Mark Brand of Google Project Zero on 2023-03-03\n> - \\[1422183\\] High CVE-2023-1533: Use after free in WebProtect.\n> Reported by Weipeng Jiang (@Krace) of VRI on 2023-03-07\n> - \\[1422594\\] High CVE-2023-1534: Out of bounds read in ANGLE.\n> Reported by Jann Horn and Mark Brand of Google Project Zero on\n> 2023-03-08\n", "id": "FreeBSD-2023-0080", "modified": "2023-03-22T00:00:00Z", "published": "2023-03-22T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://chromereleases.googleblog.com/2023/03/stable-channel-update-for-desktop_21.html" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-1528" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-1529" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-1530" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-1531" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-1532" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-1533" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-1534" }, { "type": "WEB", "url": "https://chromereleases.googleblog.com/2023/03/stable-channel-update-for-desktop_21.html" } ], "schema_version": "1.7.0", "summary": "chromium -- multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "redis" }, "ranges": [ { "events": [ { "fixed": "7.0.10" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "redis-devel" }, "ranges": [ { "events": [ { "fixed": "7.0.10.20230320" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://github.com/redis/redis/security/advisories/GHSA-mvmm-4vq6-vw8c" ], "discovery": "2023-03-20T00:00:00Z", "references": { "cvename": [ "CVE-2023-28425" ] }, "vid": "a60cc0e4-c7aa-11ed-8a4b-080027f5fec9" }, "details": "Yupeng Yang reports:\n\n> Authenticated users can use the MSETNX command to trigger a runtime\n> assertion and termination of the Redis server process.\n", "id": "FreeBSD-2023-0079", "modified": "2023-03-21T00:00:00Z", "published": "2023-03-21T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://github.com/redis/redis/security/advisories/GHSA-mvmm-4vq6-vw8c" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-28425" }, { "type": "WEB", "url": "https://github.com/redis/redis/security/advisories/GHSA-mvmm-4vq6-vw8c" } ], "schema_version": "1.7.0", "summary": "redis -- specially crafted MSETNX command can lead to denial-of-service" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "curl" }, "ranges": [ { "events": [ { "fixed": "8.0.0" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://curl.se/docs/security.html" ], "discovery": "2023-03-20T00:00:00Z", "references": { "cvename": [ "CVE-2023-27533", "CVE-2023-27534", "CVE-2023-27535", "CVE-2023-27536", "CVE-2023-27537", "CVE-2023-27538" ] }, "vid": "0d7d104c-c6fb-11ed-8a4b-080027f5fec9" }, "details": "Harry Sintonen reports:\n\n> \n>\n> CVE-2023-27533\n> : curl supports communicating using the TELNET protocol and as a\n> part of this it offers users to pass on user name and \\\"telnet\n> options\\\" for the server negotiation. Due to lack of proper input\n> scrubbing and without it being the documented functionality, curl\n> would pass on user name and telnet options to the server as\n> provided. This could allow users to pass in carefully crafted\n> content that pass on content or do option negotiation without the\n> application intending to do so. In particular if an application\n> for example allows users to provide the data or parts of the data.\n>\n> CVE-2023-27534\n> : curl supports SFTP transfers. curl\\'s SFTP implementation offers a\n> special feature in the path component of URLs: a tilde (\\~)\n> character as the first path element in the path to denotes a path\n> relative to the user\\'s home directory. This is supported because\n> of wording in the once proposed to-become RFC draft that was to\n> dictate how SFTP URLs work. Due to a bug, the handling of the\n> tilde in SFTP path did however not only replace it when it is used\n> stand-alone as the first path element but also wrongly when used\n> as a mere prefix in the first element. Using a path like /\\~2/foo\n> when accessing a server using the user dan (with home directory\n> /home/dan) would then quite surprisingly access the file\n> /home/dan2/foo. This can be taken advantage of to circumvent\n> filtering or worse.\n>\n> CVE-2023-27535\n> : libcurl would reuse a previously created FTP connection even when\n> one or more options had been changed that could have made the\n> effective user a very different one, thus leading to the doing the\n> second transfer with wrong credentials. libcurl keeps previously\n> used connections in a connection pool for subsequent transfers to\n> reuse if one of them matches the setup. However, several FTP\n> settings were left out from the configuration match checks, making\n> them match too easily. The settings in questions are\n> CURLOPT_FTP_ACCOUNT, CURLOPT_FTP_ALTERNATIVE_TO_USER,\n> CURLOPT_FTP_SSL_CCC and CURLOPT_USE_SSL level.\n>\n> CVE-2023-27536\n> : ibcurl would reuse a previously created connection even when the\n> GSS delegation (CURLOPT_GSSAPI_DELEGATION) option had been changed\n> that could have changed the user\\'s permissions in a second\n> transfer. libcurl keeps previously used connections in a\n> connection pool for subsequent transfers to reuse if one of them\n> matches the setup. However, this GSS delegation setting was left\n> out from the configuration match checks, making them match too\n> easily, affecting krb5/kerberos/negotiate/GSSAPI transfers.\n>\n> CVE-2023-27537\n> : libcurl supports sharing HSTS data between separate \\\"handles\\\".\n> This sharing was introduced without considerations for do this\n> sharing across separate threads but there was no indication of\n> this fact in the documentation. Due to missing mutexes or thread\n> locks, two threads sharing the same HSTS data could end up doing a\n> double-free or use-after-free.\n>\n> CVE-2023-27538\n> : libcurl would reuse a previously created connection even when an\n> SSH related option had been changed that should have prohibited\n> reuse. libcurl keeps previously used connections in a connection\n> pool for subsequent transfers to reuse if one of them matches the\n> setup. However, two SSH settings were left out from the\n> configuration match checks, making them match too easily.\n", "id": "FreeBSD-2023-0078", "modified": "2023-03-20T00:00:00Z", "published": "2023-03-20T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://curl.se/docs/security.html" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-27533" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-27534" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-27535" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-27536" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-27537" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-27538" }, { "type": "WEB", "url": "https://curl.se/docs/security.html" } ], "schema_version": "1.7.0", "summary": "curl -- multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "phpMyAdmin" }, "ranges": [ { "events": [ { "fixed": "4.9.11" }, { "introduced": "0" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "5.0" }, { "fixed": "5.2.1" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "phpMyAdmin-php80" }, "ranges": [ { "events": [ { "fixed": "4.9.11" }, { "introduced": "0" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "5.0" }, { "fixed": "5.2.1" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "phpMyAdmin-php81" }, "ranges": [ { "events": [ { "fixed": "4.9.11" }, { "introduced": "0" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "5.0" }, { "fixed": "5.2.1" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "phpMyAdmin-php82" }, "ranges": [ { "events": [ { "fixed": "4.9.11" }, { "introduced": "0" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "5.0" }, { "fixed": "5.2.1" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "phpMyAdmin5" }, "ranges": [ { "events": [ { "fixed": "4.9.11" }, { "introduced": "0" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "5.0" }, { "fixed": "5.2.1" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "phpMyAdmin5-php80" }, "ranges": [ { "events": [ { "fixed": "4.9.11" }, { "introduced": "0" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "5.0" }, { "fixed": "5.2.1" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "phpMyAdmin5-php81" }, "ranges": [ { "events": [ { "fixed": "4.9.11" }, { "introduced": "0" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "5.0" }, { "fixed": "5.2.1" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "phpMyAdmin5-php82" }, "ranges": [ { "events": [ { "fixed": "4.9.11" }, { "introduced": "0" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "5.0" }, { "fixed": "5.2.1" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://www.phpmyadmin.net/news/2023/2/8/phpmyadmin-4911-and-521-are-released/" ], "discovery": "2023-02-07T00:00:00Z", "vid": "72583cb3-a7f9-11ed-bd9e-589cfc0f81b0" }, "details": "phpMyAdmin Team reports:\n\n> PMASA-2023-1 XSS vulnerability in drag-and-drop upload\n", "id": "FreeBSD-2023-0077", "modified": "2023-03-16T00:00:00Z", "published": "2023-03-16T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://www.phpmyadmin.net/news/2023/2/8/phpmyadmin-4911-and-521-are-released/" }, { "type": "WEB", "url": "https://www.phpmyadmin.net/security/PMASA-2023-1/" } ], "schema_version": "1.7.0", "summary": "phpMyAdmin -- XSS vulnerability in drag-and-drop upload" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "apache24" }, "ranges": [ { "events": [ { "fixed": "2.4.56" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://downloads.apache.org/httpd/CHANGES_2.4.56" ], "discovery": "2023-03-08T00:00:00Z", "references": { "cvename": [ "CVE-2023-25690", "CVE-2023-27522" ] }, "vid": "8edeb3c1-bfe7-11ed-96f5-3497f65b111b" }, "details": "The Apache httpd project reports:\n\n> - CVE-2023-27522: Apache HTTP Server: mod_proxy_uwsgi HTTP response\n> splitting (cve.mitre.org). HTTP Response Smuggling vulnerability in\n> Apache HTTP Server via mod_proxy_uwsgi. This issue affects Apache\n> HTTP Server: from 2.4.30 through 2.4.55. Special characters in the\n> origin response header can truncate/split the response forwarded to\n> the client.\n> - CVE-2023-25690: HTTP request splitting with mod_rewrite and\n> mod_proxy (cve.mitre.org). Some mod_proxy configurations on Apache\n> HTTP Server versions 2.4.0 through 2.4.55 allow a HTTP Request\n> Smuggling attack. Configurations are affected when mod_proxy is\n> enabled along with some form of RewriteRule or ProxyPassMatch in\n> which a non-specific pattern matches some portion of the\n> user-supplied request-target (URL) data and is then re-inserted into\n> the proxied request-target using variable substitution.\n", "id": "FreeBSD-2023-0076", "modified": "2023-03-11T00:00:00Z", "published": "2023-03-11T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://downloads.apache.org/httpd/CHANGES_2.4.56" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-25690" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-27522" }, { "type": "WEB", "url": "https://downloads.apache.org/httpd/CHANGES_2.4.56" } ], "schema_version": "1.7.0", "summary": "Apache httpd -- Multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "chromium" }, "ranges": [ { "events": [ { "fixed": "111.0.5563.64" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "ungoogled-chromium" }, "ranges": [ { "events": [ { "fixed": "111.0.5563.64" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://chromereleases.googleblog.com/2023/03/stable-channel-update-for-desktop.html" ], "discovery": "2023-03-08T00:00:00Z", "references": { "cvename": [ "CVE-2023-1213", "CVE-2023-1214", "CVE-2023-1215", "CVE-2023-1216", "CVE-2023-1217", "CVE-2023-1218", "CVE-2023-1219", "CVE-2023-1220", "CVE-2023-1221", "CVE-2023-1222", "CVE-2023-1223", "CVE-2023-1224", "CVE-2023-1225", "CVE-2023-1226", "CVE-2023-1227", "CVE-2023-1228", "CVE-2023-1229", "CVE-2023-1230", "CVE-2023-1231", "CVE-2023-1232", "CVE-2023-1233", "CVE-2023-1234", "CVE-2023-1235", "CVE-2023-1236" ] }, "vid": "d357f6bb-0af4-4ac9-b096-eeec183ad829" }, "details": "Chrome Releases reports:\n\n> This update includes 40 security fixes:\n>\n> - \\[1411210\\] High CVE-2023-1213: Use after free in Swiftshader.\n> Reported by Jaehun Jeong(@n3sk) of Theori on 2023-01-30\n> - \\[1412487\\] High CVE-2023-1214: Type Confusion in V8. Reported by\n> Man Yue Mo of GitHub Security Lab on 2023-02-03\n> - \\[1417176\\] High CVE-2023-1215: Type Confusion in CSS. Reported by\n> Anonymous on 2023-02-17\n> - \\[1417649\\] High CVE-2023-1216: Use after free in DevTools. Reported\n> by Ganjiang Zhou(@refrain_areu) of ChaMd5-H1 team on 2023-02-21\n> - \\[1412658\\] High CVE-2023-1217: Stack buffer overflow in Crash\n> reporting. Reported by sunburst of Ant Group Tianqiong Security Lab\n> on 2023-02-03\n> - \\[1413628\\] High CVE-2023-1218: Use after free in WebRTC. Reported\n> by Anonymous on 2023-02-07\n> - \\[1415328\\] High CVE-2023-1219: Heap buffer overflow in Metrics.\n> Reported by Sergei Glazunov of Google Project Zero on 2023-02-13\n> - \\[1417185\\] High CVE-2023-1220: Heap buffer overflow in UMA.\n> Reported by Sergei Glazunov of Google Project Zero on 2023-02-17\n> - \\[1385343\\] Medium CVE-2023-1221: Insufficient policy enforcement in\n> Extensions API. Reported by Ahmed ElMasry on 2022-11-16\n> - \\[1403515\\] Medium CVE-2023-1222: Heap buffer overflow in Web Audio\n> API. Reported by Cassidy Kim(@cassidy6564) on 2022-12-24\n> - \\[1398579\\] Medium CVE-2023-1223: Insufficient policy enforcement in\n> Autofill. Reported by Ahmed ElMasry on 2022-12-07\n> - \\[1403539\\] Medium CVE-2023-1224: Insufficient policy enforcement in\n> Web Payments API. Reported by Thomas Orlita on 2022-12-25\n> - \\[1408799\\] Medium CVE-2023-1225: Insufficient policy enforcement in\n> Navigation. Reported by Roberto Ffrench-Davis \\@Lihaft on 2023-01-20\n> - \\[1013080\\] Medium CVE-2023-1226: Insufficient policy enforcement in\n> Web Payments API. Reported by Anonymous on 2019-10-10\n> - \\[1348791\\] Medium CVE-2023-1227: Use after free in Core. Reported\n> by \\@ginggilBesel on 2022-07-31\n> - \\[1365100\\] Medium CVE-2023-1228: Insufficient policy enforcement in\n> Intents. Reported by Axel Chong on 2022-09-18\n> - \\[1160485\\] Medium CVE-2023-1229: Inappropriate implementation in\n> Permission prompts. Reported by Thomas Orlita on 2020-12-20\n> - \\[1404230\\] Medium CVE-2023-1230: Inappropriate implementation in\n> WebApp Installs. Reported by Axel Chong on 2022-12-30\n> - \\[1274887\\] Medium CVE-2023-1231: Inappropriate implementation in\n> Autofill. Reported by Yan Zhu, Brave on 2021-11-30\n> - \\[1346924\\] Low CVE-2023-1232: Insufficient policy enforcement in\n> Resource Timing. Reported by Sohom Datta on 2022-07-24\n> - \\[1045681\\] Low CVE-2023-1233: Insufficient policy enforcement in\n> Resource Timing. Reported by Soroush Karami on 2020-01-25\n> - \\[1404621\\] Low CVE-2023-1234: Inappropriate implementation in\n> Intents. Reported by Axel Chong on 2023-01-03\n> - \\[1404704\\] Low CVE-2023-1235: Type Confusion in DevTools. Reported\n> by raven at KunLun lab on 2023-01-03\n> - \\[1374518\\] Low CVE-2023-1236: Inappropriate implementation in\n> Internals. Reported by Alesandro Ortiz on 2022-10-14\n", "id": "FreeBSD-2023-0075", "modified": "2023-03-09T00:00:00Z", "published": "2023-03-09T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://chromereleases.googleblog.com/2023/03/stable-channel-update-for-desktop.html" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-1213" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-1214" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-1215" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-1216" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-1217" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-1218" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-1219" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-1220" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-1221" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-1222" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-1223" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-1224" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-1225" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-1226" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-1227" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-1228" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-1229" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-1230" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-1231" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-1232" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-1233" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-1234" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-1235" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-1236" }, { "type": "WEB", "url": "https://chromereleases.googleblog.com/2023/03/stable-channel-update-for-desktop.html" } ], "schema_version": "1.7.0", "summary": "chromium -- multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "jenkins" }, "ranges": [ { "events": [ { "fixed": "2.394" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "jenkins-lts" }, "ranges": [ { "events": [ { "fixed": "2.387.1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://www.jenkins.io/security/advisory/2023-03-08/" ], "discovery": "2023-03-08T00:00:00Z", "references": { "cvename": [ "CVE-2023-27898", "CVE-2023-24998", "CVE-2023-27900", "CVE-2023-27901", "CVE-2023-27902", "CVE-2023-27903", "CVE-2023-27904" ] }, "vid": "f68bb358-be8e-11ed-9215-00e081b7aa2d" }, "details": "Jenkins Security Advisory:\n\n> # Description\n>\n> ##### (High) SECURITY-3037 / CVE-2023-27898\n>\n> XSS vulnerability in plugin manager\n>\n> ##### (Medium) SECURITY-3030 / CVE-2023-24998 (upstream issue), CVE-2023-27900 (MultipartFormDataParser), CVE-2023-27901 (StaplerRequest)\n>\n> DoS vulnerability in bundled Apache Commons FileUpload library\n>\n> ##### \n>\n> ##### (Medium) SECURITY-1807 / CVE-2023-27902\n>\n> Workspace temporary directories accessible through directory browser\n>\n> ##### (Low) SECURITY-3058 / CVE-2023-27903\n>\n> Temporary file parameter created with insecure permissions\n>\n> ##### (Low) SECURITY-2120 / CVE-2023-27904\n>\n> Information disclosure through error stack traces related to agents\n", "id": "FreeBSD-2023-0074", "modified": "2023-03-09T00:00:00Z", "published": "2023-03-09T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://www.jenkins.io/security/advisory/2023-03-08/" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-27898" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-24998" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-27900" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-27901" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-27902" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-27903" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-27904" }, { "type": "WEB", "url": "https://www.jenkins.io/security/advisory/2023-03-08/" } ], "schema_version": "1.7.0", "summary": "jenkins -- multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "go119" }, "ranges": [ { "events": [ { "fixed": "1.19.7" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "go120" }, "ranges": [ { "events": [ { "fixed": "1.20.2" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://go.dev/issue/58647" ], "discovery": "2023-02-22T00:00:00Z", "references": { "cvename": [ "CVE-2023-24532" ] }, "vid": "742279d6-bdbe-11ed-a179-2b68e9d12706" }, "details": "The Go project reports:\n\n> crypto/elliptic: incorrect P-256 ScalarMult and ScalarBaseMult results\n>\n> The ScalarMult and ScalarBaseMult methods of the P256 Curve may return\n> an incorrect result if called with some specific unreduced scalars (a\n> scalar larger than the order of the curve).\n", "id": "FreeBSD-2023-0073", "modified": "2023-03-08T00:00:00Z", "published": "2023-03-08T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://go.dev/issue/58647" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-24532" }, { "type": "WEB", "url": "https://groups.google.com/g/golang-dev/c/3wmx8i5WvNY/m/AEOlccrGAwAJ" } ], "schema_version": "1.7.0", "summary": "go -- crypto/elliptic: incorrect P-256 ScalarMult and ScalarBaseMult results" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "mantis-php74" }, "ranges": [ { "events": [ { "fixed": "2.25.6,1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "mantis-php80" }, "ranges": [ { "events": [ { "fixed": "2.25.6,1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "mantis-php81" }, "ranges": [ { "events": [ { "fixed": "2.25.6,1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "mantis-php82" }, "ranges": [ { "events": [ { "fixed": "2.25.6,1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://mantisbt.org/bugs/changelog_page.php?project=mantisbt&version=2.25.6" ], "discovery": "2023-01-06T00:00:00Z", "references": { "cvename": [ "CVE-2023-22476", "CVE-2022-31129" ] }, "vid": "bed545c6-bdb8-11ed-bca8-a33124f1beb1" }, "details": "Mantis 2.25.6 release reports:\n\n> Security and maintenance release\n>\n> - 0031086: Private issue summary disclosure (CVE-2023-22476)\n> - 0030772: Update (bundled) moment.js to 2.29.4 (CVE-2022-31129)\n> - 0030791: Allow adding relation type noopener/noreferrer to outgoing\n> links\n", "id": "FreeBSD-2023-0072", "modified": "2023-03-08T00:00:00Z", "published": "2023-03-08T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://mantisbt.org/bugs/changelog_page.php?project=mantisbt&version=2.25.6" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-22476" }, { "type": "ADVISORY", "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=2023-22476" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-31129" }, { "type": "ADVISORY", "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=2022-31129" } ], "schema_version": "1.7.0", "summary": "mantis -- multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "apache-openoffice" }, "ranges": [ { "events": [ { "fixed": "4.1.13" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "apache-openoffice-devel" }, "ranges": [ { "events": [ { "fixed": "4.2.1678061694,4" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://cve.mitre.org/cgi-bin/cvename.cgi?name=2022-37400", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=2022-37401" ], "discovery": "2022-02-25T00:00:00Z", "references": { "cvename": [ "CVE-2022-37400", "CVE-2022-37401" ] }, "vid": "6678211c-bd47-11ed-beb0-1c1b0d9ea7e6" }, "details": "The Apache Openoffice project reports:\n\n> Apache OpenOffice supports the storage of passwords for web\n> connections in the user\\'s configuration database. The stored\n> passwords are encrypted with a single master key provided by the user.\n> A flaw in OpenOffice existed where the required initialization vector\n> for encryption was always the same which weakens the security of the\n> encryption making them vulnerable if an attacker has access to the\n> user\\'s configuration data. This issue affects: Apache OpenOffice\n> versions prior to 4.1.13. Reference: CVE-2022-26306 - LibreOffice\n\n> Apache OpenOffice supports the storage of passwords for web\n> connections in the user\\'s configuration database. The stored\n> passwords are encrypted with a single master key provided by the user.\n> A flaw in OpenOffice existed where master key was poorly encoded\n> resulting in weakening its entropy from 128 to 43 bits making the\n> stored passwords vulnerable to a brute force attack if an attacker has\n> access to the users stored config. This issue affects: Apache\n> OpenOffice versions prior to 4.1.13. Reference: CVE-2022-26307 -\n> LibreOffice\n", "id": "FreeBSD-2023-0071", "modified": "2023-03-08T00:00:00Z", "published": "2023-03-08T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=2022-37400" }, { "type": "REPORT", "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=2022-37401" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-37400" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-37401" }, { "type": "WEB", "url": "https://cwiki.apache.org/confluence/display/OOOUSERS/AOO+4.1.13+Release+Notes" } ], "schema_version": "1.7.0", "summary": "Apache OpenOffice -- master password vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "rubygem-rack" }, "ranges": [ { "events": [ { "fixed": "3.0.4.2,3" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "rubygem-rack22" }, "ranges": [ { "events": [ { "fixed": "2.2.6.3,3" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "rubygem-rack16" }, "ranges": [ { "events": [ { "fixed": "1.6.14" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://discuss.rubyonrails.org/t/cve-2023-27530-possible-dos-vulnerability-in-multipart-mime-parsing/82388" ], "discovery": "2023-03-03T00:00:00Z", "references": { "cvename": [ "CVE-2023-27530" ] }, "vid": "f0798a6a-bbdb-11ed-ba99-080027f5fec9" }, "details": "Aaron Patterson reports:\n\n> The Multipart MIME parsing code in Rack limits the number of file\n> parts, but does not limit the total number of parts that can be\n> uploaded. Carefully crafted requests can abuse this and cause\n> multipart parsing to take longer than expected.\n", "id": "FreeBSD-2023-0070", "modified": "2023-03-06T00:00:00Z", "published": "2023-03-06T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://discuss.rubyonrails.org/t/cve-2023-27530-possible-dos-vulnerability-in-multipart-mime-parsing/82388" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-27530" }, { "type": "WEB", "url": "https://discuss.rubyonrails.org/t/cve-2023-27530-possible-dos-vulnerability-in-multipart-mime-parsing/82388" } ], "schema_version": "1.7.0", "summary": "rack -- possible DoS vulnerability in multipart MIME parsing" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "curl" }, "ranges": [ { "events": [ { "fixed": "7.88.0" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://curl.se/docs/security.html" ], "discovery": "2023-02-15T00:00:00Z", "references": { "cvename": [ "CVE-2023-23914", "CVE-2023-23915", "CVE-2023-23916" ] }, "vid": "be233fc6-bae7-11ed-a4fb-080027f5fec9" }, "details": "Harry Sintonen and Patrick Monnerat report:\n\n> \n>\n> CVE-2023-23914\n> : A cleartext transmission of sensitive information vulnerability\n> exists in curl \\< v7.88.0 that could cause HSTS functionality fail\n> when multiple URLs are requested serially. Using its HSTS support,\n> curl can be instructed to use HTTPS instead of using an insecure\n> clear-text HTTP step even when HTTP is provided in the URL. This\n> HSTS mechanism would however surprisingly be ignored by subsequent\n> transfers when done on the same command line because the state\n> would not be properly carried on.\n>\n> CVE-2023-23915\n> : A cleartext transmission of sensitive information vulnerability\n> exists in curl \\< v7.88.0 that could cause HSTS functionality to\n> behave incorrectly when multiple URLs are requested in parallel.\n> Using its HSTS support, curl can be instructed to use HTTPS\n> instead of using an insecure clear-text HTTP step even when HTTP\n> is provided in the URL. This HSTS mechanism would however\n> surprisingly fail when multiple transfers are done in parallel as\n> the HSTS cache file gets overwritten by the most recently\n> completed transfer. A later HTTP-only transfer to the earlier host\n> name would then \\*not\\* get upgraded properly to HSTS.\n>\n> CVE-2023-23916\n> : An allocation of resources without limits or throttling\n> vulnerability exists in curl \\< v7.88.0 based on the \\\"chained\\\"\n> HTTP compression algorithms, meaning that a server response can be\n> compressed multiple times and potentially with different\n> algorithms. The number of acceptable \\\"links\\\" in this\n> \\\"decompression chain\\\" was capped, but the cap was implemented on\n> a per-header basis allowing a malicious server to insert a\n> virtually unlimited number of compression steps simply by using\n> many headers. The use of such a decompression chain could result\n> in a \\\"malloc bomb\\\", making curl end up spending enormous amounts\n> of allocated heap memory, or trying to and returning out of memory\n> errors.\n", "id": "FreeBSD-2023-0069", "modified": "2023-03-05T00:00:00Z", "published": "2023-03-05T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://curl.se/docs/security.html" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-23914" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-23915" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-23916" }, { "type": "WEB", "url": "https://curl.se/docs/security.html" } ], "schema_version": "1.7.0", "summary": "curl -- multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "strongswan" }, "ranges": [ { "events": [ { "introduced": "5.9.8" }, { "fixed": "5.9.9_2" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://www.strongswan.org/blog/2023/03/02/strongswan-vulnerability-(cve-2023-26463).html" ], "discovery": "2023-03-02T00:00:00Z", "references": { "cvename": [ "CVE-2023-26463" ] }, "vid": "3f9b6943-ba58-11ed-bbbd-00e0670f2660" }, "details": "strongSwan reports:\n\n> A vulnerability related to certificate verification in TLS-based EAP\n> methods was discovered in strongSwan that results in a denial of\n> service but possibly even remote code execution. Versions 5.9.8 and\n> 5.9.9 may be affected.\n", "id": "FreeBSD-2023-0068", "modified": "2023-03-04T00:00:00Z", "published": "2023-03-04T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://www.strongswan.org/blog/2023/03/02/strongswan-vulnerability-(cve-2023-26463).html" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-26463" }, { "type": "WEB", "url": "https://www.strongswan.org/blog/2023/03/02/strongswan-vulnerability-(cve-2023-26463).html" } ], "schema_version": "1.7.0", "summary": "strongSwan -- certificate verification vulnerability" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "gitlab-ce" }, "ranges": [ { "events": [ { "introduced": "15.9.0" }, { "fixed": "15.9.2" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "15.8.0" }, { "fixed": "15.8.4" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "9.0.0" }, { "fixed": "15.7.8" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://about.gitlab.com/releases/2023/03/02/security-release-gitlab-15-9-2-released/" ], "discovery": "2023-03-02T00:00:00Z", "references": { "cvename": [ "CVE-2023-0050", "CVE-2022-4289", "CVE-2022-4331", "CVE-2023-0483", "CVE-2022-4007", "CVE-2022-3758", "CVE-2023-0223", "CVE-2022-4462", "CVE-2023-1072", "CVE-2022-3381", "CVE-2023-1084" ] }, "vid": "f7c5b3a9-b9fb-11ed-99c6-001b217b3468" }, "details": "Gitlab reports:\n\n> Stored XSS via Kroki diagram\n>\n> Prometheus integration Google IAP details are not hidden, may leak\n> account details from instance/group/project settings\n>\n> Improper validation of SSO and SCIM tokens while managing groups\n>\n> Maintainer can leak Datadog API key by changing Datadog site\n>\n> Clipboard based XSS in the title field of work items\n>\n> Improper user right checks for personal snippets\n>\n> Release Description visible in public projects despite release set as\n> project members only\n>\n> Group integration settings sensitive information exposed to project\n> maintainers\n>\n> Improve pagination limits for commits\n>\n> Gitlab Open Redirect Vulnerability\n>\n> Maintainer may become an Owner of a project\n", "id": "FreeBSD-2023-0067", "modified": "2023-03-03T00:00:00Z", "published": "2023-03-03T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://about.gitlab.com/releases/2023/03/02/security-release-gitlab-15-9-2-released/" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-0050" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-4289" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-4331" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-0483" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-4007" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-3758" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-0223" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-4462" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-1072" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-3381" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-1084" }, { "type": "WEB", "url": "https://about.gitlab.com/releases/2023/03/02/security-release-gitlab-15-9-2-released/" } ], "schema_version": "1.7.0", "summary": "Gitlab -- Multiple Vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "grafana" }, "ranges": [ { "events": [ { "introduced": "9.2.0" }, { "fixed": "9.2.10" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "9.3.0" }, { "fixed": "9.3.4" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "grafana9" }, "ranges": [ { "events": [ { "introduced": "9.2.0" }, { "fixed": "9.2.10" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "9.3.0" }, { "fixed": "9.3.4" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://grafana.com/blog/2023/02/28/grafana-security-release-new-versions-with-security-fixes-for-cve-2023-0594-cve-2023-0507-and-cve-2023-22462/" ], "discovery": "2023-01-01T00:00:00Z", "references": { "cvename": [ "CVE-2023-22462" ] }, "vid": "6dccc186-b824-11ed-b695-6c3be5272acd" }, "details": "Grafana Labs reports:\n\n> During an internal audit of Grafana on January 1, a member of the\n> security team found a stored XSS vulnerability affecting the core text\n> plugin.\n>\n> The stored XSS vulnerability requires several user interactions in\n> order to be fully exploited. The vulnerability was possible due to\n> React's render cycle that will pass through the unsanitized HTML code,\n> but in the next cycle, the HTML is cleaned up and saved in Grafana's\n> database.\n>\n> The CVSS score for this vulnerability is 6.4 Medium\n> (CVSS:6.4/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:N).\n", "id": "FreeBSD-2023-0066", "modified": "2023-03-01T00:00:00Z", "published": "2023-03-01T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://grafana.com/blog/2023/02/28/grafana-security-release-new-versions-with-security-fixes-for-cve-2023-0594-cve-2023-0507-and-cve-2023-22462/" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-22462" }, { "type": "WEB", "url": "https://github.com/grafana/grafana/security/advisories/GHSA-7rqg-hjwc-6mjf" } ], "schema_version": "1.7.0", "summary": "Grafana -- Stored XSS in text panel plugin" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "grafana" }, "ranges": [ { "events": [ { "fixed": "8.5.21" }, { "introduced": "0" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "9.0.0" }, { "fixed": "9.2.13" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "9.3.0" }, { "fixed": "9.3.8" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "grafana8" }, "ranges": [ { "events": [ { "fixed": "8.5.21" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "grafana9" }, "ranges": [ { "events": [ { "introduced": "9.0.0" }, { "fixed": "9.2.13" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "9.3.0" }, { "fixed": "9.3.8" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://grafana.com/blog/2023/02/28/grafana-security-release-new-versions-with-security-fixes-for-cve-2023-0594-cve-2023-0507-and-cve-2023-22462/" ], "discovery": "2023-01-30T00:00:00Z", "references": { "cvename": [ "CVE-2023-0594" ] }, "vid": "e7841611-b808-11ed-b695-6c3be5272acd" }, "details": "Grafana Labs reports:\n\n> During an internal audit of Grafana on January 30, a member of the\n> engineering team found a stored XSS vulnerability affecting the\n> `TraceView` panel.\n>\n> The stored XSS vulnerability was possible because the value of a\n> span's attributes/resources were not properly sanitized, and this will\n> be rendered when the span's attributes/resources are expanded.\n>\n> The CVSS score for this vulnerability is 7.3 High\n> (CVSS:7.3/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N).\n", "id": "FreeBSD-2023-0065", "modified": "2023-03-01T00:00:00Z", "published": "2023-03-01T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://grafana.com/blog/2023/02/28/grafana-security-release-new-versions-with-security-fixes-for-cve-2023-0594-cve-2023-0507-and-cve-2023-22462/" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-0594" }, { "type": "WEB", "url": "https://grafana.com/blog/2023/02/28/grafana-security-release-new-versions-with-security-fixes-for-cve-2023-0594-cve-2023-0507-and-cve-2023-22462/" } ], "schema_version": "1.7.0", "summary": "Grafana -- Stored XSS in TraceView panel" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "grafana" }, "ranges": [ { "events": [ { "fixed": "8.5.21" }, { "introduced": "0" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "9.0.0" }, { "fixed": "9.2.13" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "9.3.0" }, { "fixed": "9.3.8" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "grafana8" }, "ranges": [ { "events": [ { "fixed": "8.5.21" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "grafana9" }, "ranges": [ { "events": [ { "introduced": "9.0.0" }, { "fixed": "9.2.13" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "9.3.0" }, { "fixed": "9.3.8" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://grafana.com/blog/2023/02/28/grafana-security-release-new-versions-with-security-fixes-for-cve-2023-0594-cve-2023-0507-and-cve-2023-22462/" ], "discovery": "2023-01-25T00:00:00Z", "references": { "cvename": [ "CVE-2023-0507" ] }, "vid": "e2a8e2bd-b808-11ed-b695-6c3be5272acd" }, "details": "Grafana Labs reports:\n\n> During an internal audit of Grafana on January 25, a member of the\n> security team found a stored XSS vulnerability affecting the core\n> geomap plugin.\n>\n> The stored XSS vulnerability was possible because map attributions\n> weren't properly sanitized, allowing arbitrary JavaScript to be\n> executed in the context of the currently authorized user of the\n> Grafana instance.\n>\n> The CVSS score for this vulnerability is 7.3 High\n> (CVSS:7.3/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N).\n", "id": "FreeBSD-2023-0064", "modified": "2023-03-01T00:00:00Z", "published": "2023-03-01T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://grafana.com/blog/2023/02/28/grafana-security-release-new-versions-with-security-fixes-for-cve-2023-0594-cve-2023-0507-and-cve-2023-22462/" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-0507" }, { "type": "WEB", "url": "https://grafana.com/blog/2023/02/28/grafana-security-release-new-versions-with-security-fixes-for-cve-2023-0594-cve-2023-0507-and-cve-2023-22462/" } ], "schema_version": "1.7.0", "summary": "Grafana -- Stored XSS in geomap panel plugin via attribution" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "redis" }, "ranges": [ { "events": [ { "fixed": "7.0.9" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "redis-devel" }, "ranges": [ { "events": [ { "fixed": "7.0.9.20230228" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "redis62" }, "ranges": [ { "events": [ { "fixed": "6.2.11" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "redis6" }, "ranges": [ { "events": [ { "fixed": "6.0.18" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://groups.google.com/g/redis-db/c/3hQ1oTO4hMI" ], "discovery": "2023-02-28T00:00:00Z", "references": { "cvename": [ "CVE-2023-25155", "CVE-2022-36021" ] }, "vid": "b17bce48-b7c6-11ed-b304-080027f5fec9" }, "details": "The Redis core team reports:\n\n> \n>\n> CVE-2023-25155\n> : Specially crafted SRANDMEMBER, ZRANDMEMBER, and HRANDFIELD\n> commands can trigger an integer overflow, resulting in a runtime\n> assertion and termination of the Redis server process.\n>\n> CVE-2022-36021\n> : String matching commands (like SCAN or KEYS) with a specially\n> crafted pattern to trigger a denial-of-service attack on Redis,\n> causing it to hang and consume 100% CPU time.\n", "id": "FreeBSD-2023-0063", "modified": "2023-03-01T00:00:00Z", "published": "2023-03-01T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://groups.google.com/g/redis-db/c/3hQ1oTO4hMI" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-25155" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-36021" }, { "type": "WEB", "url": "https://groups.google.com/g/redis-db/c/3hQ1oTO4hMI" } ], "schema_version": "1.7.0", "summary": "redis -- multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "emacs" }, "ranges": [ { "events": [ { "fixed": "28.2_3,3" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "emacs-canna" }, "ranges": [ { "events": [ { "fixed": "28.2_3,3" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "emacs-nox" }, "ranges": [ { "events": [ { "fixed": "28.2_3,3" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "emacs-devel" }, "ranges": [ { "events": [ { "fixed": "30.0.50.20230101,3" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "emacs-devel-nox" }, "ranges": [ { "events": [ { "fixed": "30.0.50.20230101,3" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://www.debian.org/security/2023/dsa-5360" ], "discovery": "2022-12-06T00:00:00Z", "references": { "cvename": [ "CVE-2022-48337", "CVE-2022-48338", "CVE-2022-48339" ] }, "vid": "a75929bd-b6a4-11ed-bad6-080027f5fec9" }, "details": "Xi Lu reports:\n\n> \n>\n> CVE-2022-48337\n> : GNU Emacs through 28.2 allows attackers to execute commands via\n> shell metacharacters in the name of a source-code file, because\n> lib-src/etags.c uses the system C library function in its\n> implementation of the etags program. For example, a victim may use\n> the \\\"etags -u \\*\\\" command (suggested in the etags documentation)\n> in a situation where the current working directory has contents\n> that depend on untrusted input.\n>\n> CVE-2022-48338\n> : An issue was discovered in GNU Emacs through 28.2. In\n> ruby-mode.el, the ruby-find-library-file function has a local\n> command injection vulnerability. The ruby-find-library-file\n> function is an interactive function, and bound to C-c C-f. Inside\n> the function, the external command gem is called through\n> shell-command-to-string, but the feature-name parameters are not\n> escaped. Thus, malicious Ruby source files may cause commands to\n> be executed.\n>\n> CVE-2022-48339\n> : An issue was discovered in GNU Emacs through 28.2. htmlfontify.el\n> has a command injection vulnerability. In the hfy-istext-command\n> function, the parameter file and parameter srcdir come from\n> external input, and parameters are not escaped. If a file name or\n> directory name contains shell metacharacters, code may be\n> executed.\n", "id": "FreeBSD-2023-0062", "modified": "2023-02-27T00:00:00Z", "published": "2023-02-27T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://www.debian.org/security/2023/dsa-5360" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-48337" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-48338" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-48339" }, { "type": "ADVISORY", "url": "https://www.debian.org/security/2023/dsa-5360" } ], "schema_version": "1.7.0", "summary": "emacs -- multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "freerdp" }, "ranges": [ { "events": [ { "fixed": "2.8.1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-39283" ], "discovery": "2022-10-13T00:00:00Z", "references": { "cvename": [ "CVE-2022-39283" ] }, "vid": "dd271de6-b444-11ed-9268-b42e991fc52e" }, "details": "MITRE reports:\n\n> All FreeRDP based clients when using the \\`/video\\` command line\n> switch might read uninitialized data, decode it as audio/video and\n> display the result. FreeRDP based server implementations are not\n> affected.\n", "id": "FreeBSD-2023-0061", "modified": "2023-02-24T00:00:00Z", "published": "2023-02-24T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-39283" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-39283" }, { "type": "WEB", "url": "https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-6cf9-3328-qrvh" } ], "schema_version": "1.7.0", "summary": "freerdp -- clients using the `/video` command line switch might read uninitialized data" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "freerdp" }, "ranges": [ { "events": [ { "fixed": "2.8.1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-39282" ], "discovery": "2022-10-13T00:00:00Z", "references": { "cvename": [ "CVE-2022-39282" ] }, "vid": "c682923d-b444-11ed-9268-b42e991fc52e" }, "details": "MITRE reports:\n\n> FreeRDP based clients on unix systems using \\`/parallel\\` command line\n> switch might read uninitialized data and send it to the server the\n> client is currently connected to. FreeRDP based server implementations\n> are not affected.\n", "id": "FreeBSD-2023-0060", "modified": "2023-02-24T00:00:00Z", "published": "2023-02-24T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-39282" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-39282" }, { "type": "WEB", "url": "https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-c45q-wcpg-mxjq" } ], "schema_version": "1.7.0", "summary": "freerdp -- clients using `/parallel` command line switch might read uninitialized data" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "chromium" }, "ranges": [ { "events": [ { "fixed": "110.0.5481.177" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "ungoogled-chromium" }, "ranges": [ { "events": [ { "fixed": "110.0.5481.177" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://chromereleases.googleblog.com/2023/02/stable-channel-desktop-update_22.html" ], "discovery": "2023-02-22T00:00:00Z", "references": { "cvename": [ "CVE-2023-0941", "CVE-2023-0927", "CVE-2023-0928", "CVE-2023-0929", "CVE-2023-0930", "CVE-2023-0931", "CVE-2023-0932", "CVE-2023-0933" ] }, "vid": "4d6b5ea9-bc64-4e77-a7ee-d62ba68a80dd" }, "details": "Chrome Releases reports:\n\n> This update includes 10 security fixes:\n>\n> - \\[1415366\\] Critical CVE-2023-0941: Use after free in Prompts.\n> Reported by Anonymous on 2023-02-13\n> - \\[1414738\\] High CVE-2023-0927: Use after free in Web Payments API.\n> Reported by Rong Jian of VRI on 2023-02-10\n> - \\[1309035\\] High CVE-2023-0928: Use after free in SwiftShader.\n> Reported by Anonymous on 2022-03-22\n> - \\[1399742\\] High CVE-2023-0929: Use after free in Vulkan. Reported\n> by Cassidy Kim(@cassidy6564) on 2022-12-09\n> - \\[1410766\\] High CVE-2023-0930: Heap buffer overflow in Video.\n> Reported by Cassidy Kim(@cassidy6564) on 2023-01-27\n> - \\[1407701\\] High CVE-2023-0931: Use after free in Video. Reported by\n> Cassidy Kim(@cassidy6564) on 2023-01-17\n> - \\[1413005\\] High CVE-2023-0932: Use after free in WebRTC. Reported\n> by Omri Bushari (Talon Cyber Security) on 2023-02-05\n> - \\[1404864\\] Medium CVE-2023-0933: Integer overflow in PDF. Reported\n> by Zhiyi Zhang from Codesafe Team of Legendsec at QI-ANXIN\n", "id": "FreeBSD-2023-0059", "modified": "2023-02-22T00:00:00Z", "published": "2023-02-22T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://chromereleases.googleblog.com/2023/02/stable-channel-desktop-update_22.html" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-0941" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-0927" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-0928" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-0929" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-0930" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-0931" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-0932" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-0933" }, { "type": "WEB", "url": "https://chromereleases.googleblog.com/2023/02/stable-channel-desktop-update_22.html" } ], "schema_version": "1.7.0", "summary": "chromium -- multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "zeek" }, "ranges": [ { "events": [ { "fixed": "5.0.7" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://github.com/zeek/zeek/releases/tag/v5.0.6" ], "discovery": "2023-02-21T00:00:00Z", "vid": "7a425536-74f7-4ce4-9768-0079a9d44d11" }, "details": "Tim Wojtulewicz of Corelight reports:\n\n> Receiving DNS responses from async DNS requests (via the lookup_addr,\n> etc BIF methods) with the TTL set to zero could cause the DNS manager\n> to eventually stop being able to make new requests.\n>\n> Specially-crafted FTP packets with excessively long usernames,\n> passwords, or other fields could cause log writes to use large amounts\n> of disk space.\n>\n> The find_all and find_all_ordered BIF methods could take extremely\n> large amounts of time to process incoming data depending on the size\n> of the input.\n", "id": "FreeBSD-2023-0058", "modified": "2023-02-21T00:00:00Z", "published": "2023-02-21T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://github.com/zeek/zeek/releases/tag/v5.0.6" }, { "type": "WEB", "url": "https://github.com/zeek/zeek/releases/tag/v5.0.7" } ], "schema_version": "1.7.0", "summary": "zeek -- potential DoS vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "libde265" }, "ranges": [ { "events": [ { "fixed": "1.0.11" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://github.com/strukturag/libde265/releases/tag/v1.0.10" ], "discovery": "2023-01-27T00:00:00Z", "references": { "cvename": [ "CVE-2020-21594", "CVE-2020-21595", "CVE-2020-21596", "CVE-2020-21597", "CVE-2020-21598", "CVE-2020-21599", "CVE-2020-21600", "CVE-2020-21601", "CVE-2020-21602", "CVE-2020-21603", "CVE-2020-21604", "CVE-2020-21605", "CVE-2020-21606", "CVE-2022-1253", "CVE-2022-43236", "CVE-2022-43237", "CVE-2022-43238", "CVE-2022-43239", "CVE-2022-43240", "CVE-2022-43241", "CVE-2022-43242", "CVE-2022-43243", "CVE-2022-43244", "CVE-2022-43245", "CVE-2022-43248", "CVE-2022-43249", "CVE-2022-43250", "CVE-2022-43252", "CVE-2022-43253", "CVE-2022-47655" ] }, "vid": "421c0af9-b206-11ed-9fe5-f4a47516fb57" }, "details": "Libde265 developer reports:\n\n> This release fixes the known CVEs below. Many of them are actually\n> caused by the same underlying issues that manifest in different ways.\n", "id": "FreeBSD-2023-0057", "modified": "2023-02-21T00:00:00Z", "published": "2023-02-21T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://github.com/strukturag/libde265/releases/tag/v1.0.10" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-21594" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-21595" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-21596" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-21597" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-21598" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-21599" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-21600" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-21601" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-21602" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-21603" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-21604" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-21605" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-21606" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-1253" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-43236" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-43237" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-43238" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-43239" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-43240" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-43241" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-43242" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-43243" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-43244" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-43245" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-43248" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-43249" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-43250" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-43252" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-43253" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-47655" }, { "type": "WEB", "url": "https://github.com/strukturag/libde265/releases/tag/v1.0.10" } ], "schema_version": "1.7.0", "summary": "libde256 -- multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "git" }, "ranges": [ { "events": [ { "fixed": "2.39.2" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://github.com/git/git/security/advisories/GHSA-r87m-v37r-cwfh" ], "discovery": "2023-02-14T00:00:00Z", "references": { "cvename": [ "CVE-2023-23946" ] }, "vid": "21f12de8-b1db-11ed-b0f4-002590f2a714" }, "details": "git team reports:\n\n> By feeding a crafted input to \\\"git apply\\\", a path outside the\n> working tree can be overwritten as the user who is running \\\"git\n> apply\\\".\n", "id": "FreeBSD-2023-0056", "modified": "2023-02-21T00:00:00Z", "published": "2023-02-21T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://github.com/git/git/security/advisories/GHSA-r87m-v37r-cwfh" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-23946" }, { "type": "WEB", "url": "https://github.blog/2023-02-14-git-security-vulnerabilities-announced-3/#cve-2023-23946" } ], "schema_version": "1.7.0", "summary": "git -- \"git apply\" overwriting paths outside the working tree" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "git" }, "ranges": [ { "events": [ { "fixed": "2.39.2" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://github.com/git/git/security/advisories/GHSA-gw92-x3fm-3g3q" ], "discovery": "2023-02-14T00:00:00Z", "references": { "cvename": [ "CVE-2023-22490" ] }, "vid": "9548d6ed-b1da-11ed-b0f4-002590f2a714" }, "details": "git team reports:\n\n> Using a specially-crafted repository, Git can be tricked into using\n> its local clone optimization even when using a non-local transport.\n> Though Git will abort local clones whose source \\$GIT_DIR/objects\n> directory contains symbolic links (c.f., CVE-2022-39253), the objects\n> directory itself may still be a symbolic link.\n>\n> These two may be combined to include arbitrary files based on known\n> paths on the victim\\'s filesystem within the malicious repository\\'s\n> working copy, allowing for data exfiltration in a similar manner as\n> CVE-2022-39253.\n", "id": "FreeBSD-2023-0055", "modified": "2023-02-21T00:00:00Z", "published": "2023-02-21T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://github.com/git/git/security/advisories/GHSA-gw92-x3fm-3g3q" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-22490" }, { "type": "WEB", "url": "https://github.blog/2023-02-14-git-security-vulnerabilities-announced-3/#cve-2023-22490" } ], "schema_version": "1.7.0", "summary": "git -- Local clone-based data exfiltration with non-local transports" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "git" }, "ranges": [ { "events": [ { "fixed": "2.39.1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://github.com/git/git/security/advisories/GHSA-c738-c5qq-xg89" ], "discovery": "2023-01-17T00:00:00Z", "references": { "cvename": [ "CVE-2022-23521" ] }, "vid": "8fafbef4-b1d9-11ed-b0f4-002590f2a714" }, "details": "git team reports:\n\n> gitattributes are used to define unique attributes corresponding to\n> paths in your repository. These attributes are defined by\n> .gitattributes file(s) within your repository.\n>\n> The parser used to read these files has multiple integer overflows,\n> which can occur when parsing either a large number of patterns, a\n> large number of attributes, or attributes with overly-long names.\n>\n> These overflows may be triggered via a malicious .gitattributes file.\n> However, Git automatically splits lines at 2KB when reading\n> .gitattributes from a file, but not when parsing it from the index.\n> Successfully exploiting this vulnerability depends on the location of\n> the .gitattributes file in question.\n>\n> This integer overflow can result in arbitrary heap reads and writes,\n> which may result in remote code execution.\n", "id": "FreeBSD-2023-0054", "modified": "2023-02-21T00:00:00Z", "published": "2023-02-21T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://github.com/git/git/security/advisories/GHSA-c738-c5qq-xg89" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-23521" }, { "type": "WEB", "url": "https://github.blog/2023-01-17-git-security-vulnerabilities-announced-2/#cve-2022-23521" } ], "schema_version": "1.7.0", "summary": "git -- gitattributes parsing integer overflow" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "git" }, "ranges": [ { "events": [ { "fixed": "2.39.1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://github.com/git/git/security/advisories/GHSA-475x-2q3q-hvwq" ], "discovery": "2023-01-17T00:00:00Z", "references": { "cvename": [ "CVE-2022-41903" ] }, "vid": "2fcca7e4-b1d7-11ed-b0f4-002590f2a714" }, "details": "The git team reports:\n\n> git log has the ability to display commits using an arbitrary format\n> with its \\--format specifiers. This functionality is also exposed to\n> git archive via the export-subst gitattribute.\n>\n> When processing the padding operators (e.g., %\\<(, %\\<\\|(, %\\>(,\n> %\\>\\>(, or %\\>\\<( ), an integer overflow can occur in\n> pretty.c::format_and_pad_commit() where a size_t is improperly stored\n> as an int, and then added as an offset to a subsequent memcpy() call.\n>\n> This overflow can be triggered directly by a user running a command\n> which invokes the commit formatting machinery (e.g., git log\n> \\--format=\\...). It may also be triggered indirectly through git\n> archive via the export-subst mechanism, which expands format\n> specifiers inside of files within the repository during a git archive.\n>\n> This integer overflow can result in arbitrary heap writes, which may\n> result in remote code execution.\n", "id": "FreeBSD-2023-0053", "modified": "2023-02-21T00:00:00Z", "published": "2023-02-21T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://github.com/git/git/security/advisories/GHSA-475x-2q3q-hvwq" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-41903" }, { "type": "WEB", "url": "https://github.blog/2023-01-17-git-security-vulnerabilities-announced-2/#cve-2022-41903" } ], "schema_version": "1.7.0", "summary": "git -- Heap overflow in `git archive`, `git log --format` leading to RCE" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "gitea" }, "ranges": [ { "events": [ { "fixed": "1.18.4" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://github.com/go-gitea/gitea/pull/22942", "https://github.com/go-gitea/gitea/pull/22823" ], "discovery": "2022-02-14T00:00:00Z", "vid": "5048ed45-b0f1-11ed-ab04-9106b1b896dd" }, "details": "The Gitea team reports:\n\n> This PR refactors and improves the password hashing code within gitea\n> and makes it possible for server administrators to set the password\n> hashing parameters.\n>\n> In addition it takes the opportunity to adjust the settings for pbkdf2\n> in order to make the hashing a little stronger.\n\n> Add command to bulk set must-change-password\n>\n> As part of administration sometimes it is appropriate to forcibly tell\n> users to update their passwords.\n>\n> This PR creates a new command gitea admin user must-change-password\n> which will set the MustChangePassword flag on the provided users.\n", "id": "FreeBSD-2023-0052", "modified": "2023-02-20T00:00:00Z", "published": "2023-02-20T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://github.com/go-gitea/gitea/pull/22942" }, { "type": "REPORT", "url": "https://github.com/go-gitea/gitea/pull/22823" }, { "type": "WEB", "url": "https://blog.gitea.io/2023/02/gitea-1.18.4-is-released/" }, { "type": "WEB", "url": "https://github.com/go-gitea/gitea/releases/tag/v1.18.4" } ], "schema_version": "1.7.0", "summary": "gitea -- password hash quality" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "traefik" }, "ranges": [ { "events": [ { "fixed": "2.9.8" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://pkg.go.dev/vuln/GO-2023-1495" ], "discovery": "2022-10-22T00:00:00Z", "references": { "cvename": [ "CVE-2022-41721" ] }, "vid": "428922c9-b07e-11ed-8700-5404a68ad561" }, "details": "The Go project reports:\n\n> A request smuggling attack is possible when using MaxBytesHandler.\n> When using MaxBytesHandler, the body of an HTTP request is not fully\n> consumed. When the server attempts to read HTTP2 frames from the\n> connection, it will instead be reading the body of the HTTP request,\n> which could be attacker-manipulated to represent arbitrary HTTP2\n> requests.\n", "id": "FreeBSD-2023-0051", "modified": "2023-02-19T00:00:00Z", "published": "2023-02-19T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://pkg.go.dev/vuln/GO-2023-1495" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-41721" }, { "type": "ADVISORY", "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41721" } ], "schema_version": "1.7.0", "summary": "traefik -- Use of vulnerable Go module x/net/http2" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "rundeck3" }, "ranges": [ { "events": [ { "fixed": "3.4.10" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://docs.rundeck.com/docs/history/3_4_x/version-3.4.10.html" ], "discovery": "2021-12-11T00:00:00Z", "references": { "cvename": [ "CVE-2021-44832" ] }, "vid": "27c822a0-addc-11ed-a9ee-dca632b19f10" }, "details": "The Rundeck project reports:\n\n> This release updates both Community and Enterprise with the latest\n> Log4J to address CVE-2021-44832 by updating it to 2.17.1.\n", "id": "FreeBSD-2023-0050", "modified": "2023-02-16T00:00:00Z", "published": "2023-02-16T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://docs.rundeck.com/docs/history/3_4_x/version-3.4.10.html" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-44832" }, { "type": "ADVISORY", "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44832" } ], "schema_version": "1.7.0", "summary": "Rundeck3 -- Log4J RCE vulnerability" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "minio" }, "ranges": [ { "events": [ { "fixed": "2022.04.12.06.55.35" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://github.com/minio/minio/security/advisories/GHSA-2j69-jjmg-534q" ], "discovery": "2022-04-11T00:00:00Z", "references": { "cvename": [ "CVE-2022-24842" ] }, "vid": "8e20430d-a72b-11ed-a04f-40b034455553" }, "details": "MinIO reports:\n\n> A security issue was found where an unprivileged user is able to\n> create service accounts for root or other admin users and then is able\n> to assume their access policies via the generated credentials.\n", "id": "FreeBSD-2023-0049", "modified": "2023-02-13T00:00:00Z", "published": "2023-02-13T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://github.com/minio/minio/security/advisories/GHSA-2j69-jjmg-534q" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-24842" }, { "type": "WEB", "url": "https://github.com/minio/minio/security/advisories/GHSA-2j69-jjmg-534q" } ], "schema_version": "1.7.0", "summary": "MinIO -- unprivileged users can create service accounts for admin users" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "clamav" }, "ranges": [ { "events": [ { "fixed": "1.0.1,1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "clamav-lts" }, "ranges": [ { "events": [ { "fixed": "0.103.8,1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://blog.clamav.net/2023/02/clamav-01038-01052-and-101-patch.html" ], "discovery": "2023-02-15T00:00:00Z", "references": { "cvename": [ "CVE-2023-20032", "CVE-2023-20052" ] }, "vid": "fd792048-ad91-11ed-a879-080027f5fec9" }, "details": "Simon Scannell reports:\n\n> \n>\n> CVE-2023-20032\n> : Fixed a possible remote code execution vulnerability in the HFS+\n> file parser.\n>\n> CVE-2023-20052\n> : Fixed a possible remote information leak vulnerability in the DMG\n> file parser.\n", "id": "FreeBSD-2023-0048", "modified": "2023-02-16T00:00:00Z", "published": "2023-02-16T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://blog.clamav.net/2023/02/clamav-01038-01052-and-101-patch.html" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-20032" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-20052" }, { "type": "WEB", "url": "https://blog.clamav.net/2023/02/clamav-01038-01052-and-101-patch.html" } ], "schema_version": "1.7.0", "summary": "clamav -- Multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "go119" }, "ranges": [ { "events": [ { "fixed": "1.19.6" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "go120" }, "ranges": [ { "events": [ { "fixed": "1.20.1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://go.dev/issue/57274", "https://go.dev/issue/58006", "https://go.dev/issue/58001", "https://go.dev/issue/57855" ], "discovery": "2023-02-14T00:00:00Z", "references": { "cvename": [ "CVE-2022-41722", "CVE-2022-41725", "CVE-2022-41724", "CVE-2022-41723" ] }, "vid": "3d73e384-ad1f-11ed-983c-83fe35862e3a" }, "details": "The Go project reports:\n\n> path/filepath: path traversal in filepath.Clean on Windows\n>\n> On Windows, the filepath.Clean function could transform an invalid\n> path such as a/../c:/b into the valid path c:\\\\b. This transformation\n> of a relative (if invalid) path into an absolute path could enable a\n> directory traversal attack. The filepath.Clean function will now\n> transform this path into the relative (but still invalid) path\n> .\\\\c:\\\\b.\n\n> net/http, mime/multipart: denial of service from excessive resource\n> consumption\n>\n> Multipart form parsing with mime/multipart.Reader.ReadForm can consume\n> largely unlimited amounts of memory and disk files. This also affects\n> form parsing in the net/http package with the Request methods\n> FormFile, FormValue, ParseMultipartForm, and PostFormValue.\n\n> crypto/tls: large handshake records may cause panics\n>\n> Both clients and servers may send large TLS handshake records which\n> cause servers and clients, respectively, to panic when attempting to\n> construct responses.\n\n> net/http: avoid quadratic complexity in HPACK decoding\n>\n> A maliciously crafted HTTP/2 stream could cause excessive CPU\n> consumption in the HPACK decoder, sufficient to cause a denial of\n> service from a small number of small requests.\n", "id": "FreeBSD-2023-0047", "modified": "2023-02-15T00:00:00Z", "published": "2023-02-15T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://go.dev/issue/57274" }, { "type": "REPORT", "url": "https://go.dev/issue/58006" }, { "type": "REPORT", "url": "https://go.dev/issue/58001" }, { "type": "REPORT", "url": "https://go.dev/issue/57855" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-41722" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-41725" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-41724" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-41723" }, { "type": "WEB", "url": "https://groups.google.com/g/golang-dev/c/G2APtTxT1HQ/m/6O6aksDaBAAJ" } ], "schema_version": "1.7.0", "summary": "go -- multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "py37-django32" }, "ranges": [ { "events": [ { "fixed": "3.2.18" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "py38-django32" }, "ranges": [ { "events": [ { "fixed": "3.2.18" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "py39-django32" }, "ranges": [ { "events": [ { "fixed": "3.2.18" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "py310-django32" }, "ranges": [ { "events": [ { "fixed": "3.2.18" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "py38-django40" }, "ranges": [ { "events": [ { "fixed": "4.0.10" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "py39-django40" }, "ranges": [ { "events": [ { "fixed": "4.0.10" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "py310-django40" }, "ranges": [ { "events": [ { "fixed": "4.0.10" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "py38-django41" }, "ranges": [ { "events": [ { "fixed": "4.1.7" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "py39-django41" }, "ranges": [ { "events": [ { "fixed": "4.1.7" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "py310-django41" }, "ranges": [ { "events": [ { "fixed": "4.1.7" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://www.djangoproject.com/weblog/2023/feb/14/security-releases/" ], "discovery": "2023-02-01T00:00:00Z", "references": { "cvename": [ "CVE-2023-24580" ] }, "vid": "9c9ee9a6-ac5e-11ed-9323-080027d3a315" }, "details": "Django reports:\n\n> CVE-2023-24580: Potential denial-of-service vulnerability in file\n> uploads.\n", "id": "FreeBSD-2023-0046", "modified": "2023-02-14T00:00:00Z", "published": "2023-02-14T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://www.djangoproject.com/weblog/2023/feb/14/security-releases/" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-24580" }, { "type": "WEB", "url": "https://www.djangoproject.com/weblog/2023/feb/14/security-releases/" } ], "schema_version": "1.7.0", "summary": "Django -- multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "gnutls" }, "ranges": [ { "events": [ { "fixed": "3.7.9" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://gnutls.org/security-new.html#GNUTLS-SA-2020-07-14" ], "discovery": "2023-02-10T00:00:00Z", "references": { "cvename": [ "CVE-2023-0361" ] }, "vid": "0a7a5dfb-aba4-11ed-be2c-001cc0382b2f" }, "details": "The GnuTLS project reports:\n\n> A vulnerability was found that the response times to malformed RSA\n> ciphertexts in ClientKeyExchange differ from response times of\n> ciphertexts with correct PKCS#1 v1.5 padding. Only TLS ciphertext\n> processing is affected.\n", "id": "FreeBSD-2023-0045", "modified": "2023-02-13T00:00:00Z", "published": "2023-02-13T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://gnutls.org/security-new.html#GNUTLS-SA-2020-07-14" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-0361" }, { "type": "WEB", "url": "https://gnutls.org/security-new.html#GNUTLS-SA-2020-07-14" } ], "schema_version": "1.7.0", "summary": "GnuTLS -- timing sidechannel in RSA decryption" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "phpmyfaq" }, "ranges": [ { "events": [ { "fixed": "3.1.11" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://www.phpmyfaq.de/security/advisory-2022-10-24" ], "discovery": "2023-02-12T00:00:00Z", "vid": "3eccc968-ab17-11ed-bd9e-589cfc0f81b0" }, "details": "phpmyfaq developers report:\n\n> a bypass to flood admin with FAQ proposals\n>\n> stored XSS in questions\n>\n> stored HTML injections\n>\n> weak passwords\n", "id": "FreeBSD-2023-0044", "modified": "2023-02-12T00:00:00Z", "published": "2023-02-12T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://www.phpmyfaq.de/security/advisory-2022-10-24" }, { "type": "WEB", "url": "https://huntr.dev/bounties/14fc4841-0f5d-4e12-bf9e-1b60d2ac6a6c/" }, { "type": "WEB", "url": "https://huntr.dev/bounties/8c74ccab-0d1d-4c6b-a0fa-803aa65de04f/" }, { "type": "WEB", "url": "https://huntr.dev/bounties/87397c71-7b84-4617-a66e-fa6c73be9024/" }, { "type": "WEB", "url": "https://huntr.dev/bounties/808d5452-607c-4af1-812f-26c49faf3e61/" }, { "type": "WEB", "url": "https://huntr.dev/bounties/d9375178-2f23-4f5d-88bd-bba3d6ba7cc5/" }, { "type": "WEB", "url": "https://huntr.dev/bounties/06af150b-b481-4248-9a48-56ded2814156/" }, { "type": "WEB", "url": "https://huntr.dev/bounties/7152b340-c6f3-4ac8-9f62-f764a267488d/" }, { "type": "WEB", "url": "https://huntr.dev/bounties/9e21156b-ab1d-4c60-88ef-8c9f3e2feb7f/" }, { "type": "WEB", "url": "https://huntr.dev/bounties/b3881a1f-2f1e-45cb-86f3-735f66e660e9/" }, { "type": "WEB", "url": "https://huntr.dev/bounties/949975f1-271d-46aa-85e5-1a013cdb5efb/" } ], "schema_version": "1.7.0", "summary": "phpmyfaq -- multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "chromium" }, "ranges": [ { "events": [ { "fixed": "110.0.5481.77" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "ungoogled-chromium" }, "ranges": [ { "events": [ { "fixed": "110.0.5481.77" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://chromereleases.googleblog.com/2023/02/stable-channel-update-for-desktop.html" ], "discovery": "2023-02-07T00:00:00Z", "references": { "cvename": [ "CVE-2023-0696", "CVE-2023-0697", "CVE-2023-0698", "CVE-2023-0699", "CVE-2023-0700", "CVE-2023-0701", "CVE-2023-0702", "CVE-2023-0703", "CVE-2023-0704", "CVE-2023-0705" ] }, "vid": "310ca30e-a951-11ed-8314-a8a1599412c6" }, "details": "Chrome Releases reports:\n\n> This release contains 15 security fixes, including:\n>\n> - \\[1402270\\] High CVE-2023-0696: Type Confusion in V8. Reported by\n> Haein Lee at KAIST Hacking Lab on 2022-12-18\n> - \\[1341541\\] High CVE-2023-0697: Inappropriate implementation in Full\n> screen mode. Reported by Ahmed ElMasry on 2022-07-03\n> - \\[1403573\\] High CVE-2023-0698: Out of bounds read in WebRTC.\n> Reported by Cassidy Kim(@cassidy6564) on 2022-12-25\n> - \\[1371859\\] Medium CVE-2023-0699: Use after free in GPU. Reported by\n> 7o8v and Cassidy Kim(@cassidy6564) on 2022-10-06\n> - \\[1393732\\] Medium CVE-2023-0700: Inappropriate implementation in\n> Download. Reported by Axel Chong on 2022-11-26\n> - \\[1405123\\] Medium CVE-2023-0701: Heap buffer overflow in WebUI.\n> Reported by Sumin Hwang of SSD Labs on 2023-01-05\n> - \\[1316301\\] Medium CVE-2023-0702: Type Confusion in Data Transfer.\n> Reported by Sri on 2022-04-14\n> - \\[1405574\\] Medium CVE-2023-0703: Type Confusion in DevTools.\n> Reported by raven at KunLun lab on 2023-01-07\n> - \\[1385982\\] Low CVE-2023-0704: Insufficient policy enforcement in\n> DevTools. Reported by Rhys Elsmore and Zac Sims of the Canva\n> security team on 2022-11-18\n> - \\[1238642\\] Low CVE-2023-0705: Integer overflow in Core. Reported by\n> SorryMybad (@S0rryMybad) of Kunlun Lab on 2021-08-11\n", "id": "FreeBSD-2023-0043", "modified": "2023-02-10T00:00:00Z", "published": "2023-02-10T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://chromereleases.googleblog.com/2023/02/stable-channel-update-for-desktop.html" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-0696" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-0697" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-0698" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-0699" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-0700" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-0701" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-0702" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-0703" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-0704" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-0705" }, { "type": "WEB", "url": "https://chromereleases.googleblog.com/2023/02/stable-channel-update-for-desktop.html" } ], "schema_version": "1.7.0", "summary": "chromium -- multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "postgresql15-client" }, "ranges": [ { "events": [ { "fixed": "15.2" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "postgresql14-client" }, "ranges": [ { "events": [ { "fixed": "14.7" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "postgresql13-client" }, "ranges": [ { "events": [ { "fixed": "13.10" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "postgresql12-client" }, "ranges": [ { "events": [ { "fixed": "12.14" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://www.postgresql.org/support/security/CVE-2022-41862/" ], "discovery": "2023-02-09T00:00:00Z", "references": { "cvename": [ "CVE-2022-41862" ] }, "vid": "7a8b6170-a889-11ed-bbae-6cc21735f730" }, "details": "PostgreSQL Project reports:\n\n> A modified, unauthenticated server can send an unterminated string\n> during the establishment of Kerberos transport encryption. When a\n> libpq client application has a Kerberos credential cache and doesn\\'t\n> explicitly disable option gssencmode, a server can cause libpq to\n> over-read and report an error message containing uninitialized bytes\n> from and following its receive buffer. If libpq\\'s caller somehow\n> makes that message accessible to the attacker, this achieves a\n> disclosure of the over-read bytes. We have not confirmed or ruled out\n> viability of attacks that arrange for a crash or for presence of\n> notable, confidential information in disclosed bytes.\n", "id": "FreeBSD-2023-0042", "modified": "2023-02-09T00:00:00Z", "published": "2023-02-09T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://www.postgresql.org/support/security/CVE-2022-41862/" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-41862" }, { "type": "WEB", "url": "https://www.postgresql.org/support/security/CVE-2022-41862/" } ], "schema_version": "1.7.0", "summary": "PostgreSQL server -- Client memory disclosure when connecting, with Kerberos, to modified server." }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "grafana" }, "ranges": [ { "events": [ { "introduced": "8.1.0" }, { "fixed": "8.5.16" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "9.0.0" }, { "fixed": "9.2.10" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "9.3.0" }, { "fixed": "9.3.4" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "grafana8" }, "ranges": [ { "events": [ { "introduced": "8.1.0" }, { "fixed": "8.5.16" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "grafana9" }, "ranges": [ { "events": [ { "introduced": "9.0.0" }, { "fixed": "9.2.10" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "9.3.0" }, { "fixed": "9.3.4" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://grafana.com/blog/2023/01/25/grafana-security-releases-new-versions-with-fixes-for-cve-2022-23552-cve-2022-41912-and-cve-2022-39324/" ], "discovery": "2022-12-16T00:00:00Z", "references": { "cvename": [ "CVE-2022-23552" ] }, "vid": "ecffb881-a7a7-11ed-8d6a-6c3be5272acd" }, "details": "Grafana Labs reports:\n\n> On 2022-12-16 during an internal audit of Grafana, a member of the\n> security team found a stored XSS vulnerability affecting the core\n> plugin GeoMap.\n>\n> The stored XSS vulnerability was possible due to SVG-files weren\\'t\n> properly sanitized and allowed arbitrary JavaScript to be executed in\n> the context of the currently authorized user of the Grafana instance.\n", "id": "FreeBSD-2023-0041", "modified": "2023-02-09T00:00:00Z", "published": "2023-02-09T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://grafana.com/blog/2023/01/25/grafana-security-releases-new-versions-with-fixes-for-cve-2022-23552-cve-2022-41912-and-cve-2022-39324/" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-23552" }, { "type": "WEB", "url": "https://github.com/grafana/grafana/security/advisories/GHSA-8xmm-x63g-f6xv" } ], "schema_version": "1.7.0", "summary": "Grafana -- Stored XSS in ResourcePicker component" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "grafana" }, "ranges": [ { "events": [ { "introduced": "8.0.0" }, { "fixed": "8.5.16" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "9.0.0" }, { "fixed": "9.2.10" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "9.3.0" }, { "fixed": "9.3.4" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "grafana8" }, "ranges": [ { "events": [ { "introduced": "8.0.0" }, { "fixed": "8.5.16" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "grafana9" }, "ranges": [ { "events": [ { "introduced": "9.0.0" }, { "fixed": "9.2.10" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "9.3.0" }, { "fixed": "9.3.4" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://grafana.com/blog/2023/01/25/grafana-security-releases-new-versions-with-fixes-for-cve-2022-23552-cve-2022-41912-and-cve-2022-39324/" ], "discovery": "2023-01-25T00:00:00Z", "references": { "cvename": [ "CVE-2022-39324" ] }, "vid": "e6281d88-a7a7-11ed-8d6a-6c3be5272acd" }, "details": "Grafana Labs reports:\n\n> A third-party penetration test of Grafana found a vulnerability in the\n> snapshot functionality. The value of the originalUrl parameter is\n> automatically generated. The purpose of the presented originalUrl\n> parameter is to provide a user who views the snapshot with the\n> possibility to click on the **Local Snapshot** button in the Grafana\n> web UI and be presented with the dashboard that the snapshot captured.\n> The value of the originalUrl parameter can be arbitrarily chosen by a\n> malicious user that creates the snapshot. (Note: This can be done by\n> editing the query thanks to a web proxy like Burp.)\n>\n> We have assessed this vulnerability as having a CVSS score of 6.7\n> MEDIUM (CVSS:6.7/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:L).\n", "id": "FreeBSD-2023-0040", "modified": "2023-02-09T00:00:00Z", "published": "2023-02-09T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://grafana.com/blog/2023/01/25/grafana-security-releases-new-versions-with-fixes-for-cve-2022-23552-cve-2022-41912-and-cve-2022-39324/" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-39324" }, { "type": "WEB", "url": "https://github.com/grafana/grafana/security/advisories/GHSA-4724-7jwc-3fpw" } ], "schema_version": "1.7.0", "summary": "Grafana -- Spoofing originalUrl of snapshots" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "libressl" }, "ranges": [ { "events": [ { "fixed": "3.5.4" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "libressl-devel" }, "ranges": [ { "events": [ { "fixed": "3.6.2" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://ftp.openbsd.org/pub/OpenBSD/LibreSSL/libressl-3.5.4-relnotes.txt" ], "discovery": "2023-02-08T00:00:00Z", "vid": "1dd84344-a7da-11ed-86e9-d4c9ef517024" }, "details": "The OpenBSD project reports:\n\n> A malicious certificate revocation list or timestamp response token\n> would allow an attacker to read arbitrary memory.\n", "id": "FreeBSD-2023-0039", "modified": "2023-02-08T00:00:00Z", "published": "2023-02-08T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://ftp.openbsd.org/pub/OpenBSD/LibreSSL/libressl-3.5.4-relnotes.txt" }, { "type": "WEB", "url": "https://ftp.openbsd.org/pub/OpenBSD/LibreSSL/libressl-3.5.4-relnotes.txt" } ], "schema_version": "1.7.0", "summary": "LibreSSL -- Arbitrary memory read" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "xorg-server" }, "ranges": [ { "events": [ { "fixed": "21.1.7,1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "xephyr" }, "ranges": [ { "events": [ { "fixed": "21.1.7,1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "xorg-vfbserver" }, "ranges": [ { "events": [ { "fixed": "21.1.7,1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "xorg-nestserver" }, "ranges": [ { "events": [ { "fixed": "21.1.7,2" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "xwayland" }, "ranges": [ { "events": [ { "fixed": "22.1.8,1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "xwayland-devel" }, "ranges": [ { "events": [ { "fixed": "21.0.99.1.386" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://lists.x.org/archives/xorg-announce/2023-February/003320.html" ], "discovery": "2023-02-07T00:00:00Z", "references": { "cvename": [ "CVE-2023-0494" ] }, "vid": "6cc63bf5-a727-4155-8ec4-68b626475e68" }, "details": "The X.org project reports:\n\n> - CVE-2023-0494/ZDI-CAN-19596: X.Org Server DeepCopyPointerClasses\n> use-after-free\n>\n> A dangling pointer in DeepCopyPointerClasses can be exploited by\n> ProcXkbSetDeviceInfo() and ProcXkbGetDeviceInfo() to read/write into\n> freed memory.\n", "id": "FreeBSD-2023-0038", "modified": "2023-02-08T00:00:00Z", "published": "2023-02-08T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://lists.x.org/archives/xorg-announce/2023-February/003320.html" }, { "type": "WEB", "url": "https://lists.x.org/archives/xorg-announce/2023-February/003320.html" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-0494" } ], "schema_version": "1.7.0", "summary": "xorg-server -- Security issue in the X server" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "tightvnc" }, "ranges": [ { "events": [ { "last_affected": "1.3.10_6" }, { "fixed": "1.3.10_6" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8287", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15678", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15679", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15680" ], "discovery": "2019-02-12T00:00:00Z", "references": { "cvename": [ "CVE-2019-8287", "CVE-2019-15678", "CVE-2019-15679", "CVE-2019-15680" ] }, "vid": "b34c1947-a749-11ed-b24b-1c61b4739ac9" }, "details": "MITRE reports:\n\n> TightVNC code version 1.3.10 contains global buffer overflow in\n> HandleCoRREBBP macro function, which can potentially result code\n> execution. This attack appear to be exploitable via network\n> connectivity.\n\n> TightVNC code version 1.3.10 contains global buffer overflow in\n> HandleCoRREBBP macro function, which can potentially result code\n> execution. This attack appear to be exploitable via network\n> connectivity.\n\n> TightVNC code version 1.3.10 contains heap buffer overflow in\n> InitialiseRFBConnection function, which can potentially result code\n> execution. This attack appear to be exploitable via network\n> connectivity.\n\n> TightVNC code version 1.3.10 contains null pointer dereference in\n> HandleZlibBPP function, which results Denial of System (DoS). This\n> attack appear to be exploitable via network connectivity.\n", "id": "FreeBSD-2023-0037", "modified": "2023-02-08T00:00:00Z", "published": "2023-02-08T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8287" }, { "type": "REPORT", "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15678" }, { "type": "REPORT", "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15679" }, { "type": "REPORT", "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15680" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-8287" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-15678" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-15679" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-15680" }, { "type": "ADVISORY", "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8287" }, { "type": "ADVISORY", "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15678" }, { "type": "ADVISORY", "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15679" }, { "type": "ADVISORY", "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15680" } ], "schema_version": "1.7.0", "summary": "TightVNC -- Muliple Vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "openssl" }, "ranges": [ { "events": [ { "fixed": "1.1.1t,1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "openssl-devel" }, "ranges": [ { "events": [ { "fixed": "3.0.8" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "openssl-quictls" }, "ranges": [ { "events": [ { "fixed": "3.0.8" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://www.openssl.org/news/secadv/20230207.txt" ], "discovery": "2023-02-07T00:00:00Z", "references": { "cvename": [ "CVE-2023-0286", "CVE-2022-4304", "CVE-2022-4203", "CVE-2023-0215", "CVE-2022-4450", "CVE-2023-0216", "CVE-2023-0401" ] }, "vid": "648a432c-a71f-11ed-86e9-d4c9ef517024" }, "details": "The OpenSSL project reports:\n\n> X.400 address type confusion in X.509 GeneralName (CVE-2023-0286)\n> (High): There is a type confusion vulnerability relating to X.400\n> address processing inside an X.509 GeneralName. X.400 addresses were\n> parsed as an ASN1_STRING but the public structure definition for\n> GENERAL_NAME incorrectly specified the type of the x400Address field\n> as ASN1_TYPE. This field is subsequently interpreted by the OpenSSL\n> function GENERAL_NAME_cmp as an ASN1_TYPE rather than an ASN1_STRING.\n>\n> Timing Oracle in RSA Decryption (CVE-2022-4304) (Moderate): A timing\n> based side channel exists in the OpenSSL RSA Decryption implementation\n> which could be sufficient to recover a plaintext across a network in a\n> Bleichenbacher style attack. To achieve a successful decryption an\n> attacker would have to be able to send a very large number of trial\n> messages for decryption. The vulnerability affects all RSA padding\n> modes: PKCS#1 v1.5, RSA-OEAP and RSASVE.\n>\n> X.509 Name Constraints Read Buffer Overflow (CVE-2022-4203)\n> (Moderate): A read buffer overrun can be triggered in X.509\n> certificate verification, specifically in name constraint checking.\n> Note that this occurs after certificate chain signature verification\n> and requires either a CA to have signed the malicious certificate or\n> for the application to continue certificate verification despite\n> failure to construct a path to a trusted issuer.\n>\n> Use-after-free following BIO_new_NDEF (CVE-2023-0215) (Moderate): The\n> public API function BIO_new_NDEF is a helper function used for\n> streaming ASN.1 data via a BIO. It is primarily used internally to\n> OpenSSL to support the SMIME, CMS and PKCS7 streaming capabilities,\n> but may also be called directly by end user applications.\n>\n> Double free after calling PEM_read_bio_ex (CVE-2022-4450) (Moderate):\n> The function PEM_read_bio_ex() reads a PEM file from a BIO and parses\n> and decodes the \\\"name\\\" (e.g. \\\"CERTIFICATE\\\"), any header data and\n> the payload data. If the function succeeds then the \\\"name_out\\\",\n> \\\"header\\\" and \\\"data\\\" arguments are populated with pointers to\n> buffers containing the relevant decoded data. The caller is\n> responsible for freeing those buffers. It is possible to construct a\n> PEM file that results in 0 bytes of payload data. In this case\n> PEM_read_bio_ex() will return a failure code but will populate the\n> header argument with a pointer to a buffer that has already been\n> freed. If the caller also frees this buffer then a double free will\n> occur. This will most likely lead to a crash. This could be exploited\n> by an attacker who has the ability to supply malicious PEM files for\n> parsing to achieve a denial of service attack.\n>\n> Invalid pointer dereference in d2i_PKCS7 functions (CVE-2023-0216)\n> (Moderate): An invalid pointer dereference on read can be triggered\n> when an application tries to load malformed PKCS7 data with the\n> d2i_PKCS7(), d2i_PKCS7_bio() or d2i_PKCS7_fp() functions.\n>\n> NULL dereference validating DSA public key (CVE-2023-0217) (Moderate):\n> An invalid pointer dereference on read can be triggered when an\n> application tries to check a malformed DSA public key by the\n> EVP_PKEY_public_check() function. This will most likely lead to an\n> application crash. This function can be called on public keys supplied\n> from untrusted sources which could allow an attacker to cause a denial\n> of service attack.\n>\n> NULL dereference during PKCS7 data verification (CVE-2023-0401)\n> (Moderate): A NULL pointer can be dereferenced when signatures are\n> being verified on PKCS7 signed or signedAndEnveloped data. In case the\n> hash algorithm used for the signature is known to the OpenSSL library\n> but the implementation of the hash algorithm is not available the\n> digest initialization will fail. There is a missing check for the\n> return value from the initialization function which later leads to\n> invalid usage of the digest API most likely leading to a crash.\n", "id": "FreeBSD-2023-0036", "modified": "2023-02-07T00:00:00Z", "published": "2023-02-07T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://www.openssl.org/news/secadv/20230207.txt" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-0286" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-4304" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-4203" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-0215" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-4450" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-0216" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-0401" }, { "type": "WEB", "url": "https://www.openssl.org/news/secadv/20230207.txt" } ], "schema_version": "1.7.0", "summary": "OpenSSL -- Multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "py37-django32" }, "ranges": [ { "events": [ { "fixed": "3.2.17" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "py38-django32" }, "ranges": [ { "events": [ { "fixed": "3.2.17" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "py39-django32" }, "ranges": [ { "events": [ { "fixed": "3.2.17" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "py310-django32" }, "ranges": [ { "events": [ { "fixed": "3.2.17" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "py38-django40" }, "ranges": [ { "events": [ { "fixed": "4.0.9" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "py39-django40" }, "ranges": [ { "events": [ { "fixed": "4.0.9" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "py310-django40" }, "ranges": [ { "events": [ { "fixed": "4.0.9" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "py38-django41" }, "ranges": [ { "events": [ { "fixed": "4.1.6" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "py39-django41" }, "ranges": [ { "events": [ { "fixed": "4.1.6" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "py310-django41" }, "ranges": [ { "events": [ { "fixed": "4.1.6" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://www.djangoproject.com/weblog/2023/feb/01/security-releases/" ], "discovery": "2023-02-01T00:00:00Z", "references": { "cvename": [ "CVE-2023-23969" ] }, "vid": "c49a880d-a5bb-11ed-aab5-080027de9982" }, "details": "Django reports:\n\n> CVE-2023-23969: Potential denial-of-service via Accept-Language\n> headers.\n", "id": "FreeBSD-2023-0035", "modified": "2023-02-06T00:00:00Z", "published": "2023-02-06T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://www.djangoproject.com/weblog/2023/feb/01/security-releases/" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-23969" }, { "type": "WEB", "url": "https://www.djangoproject.com/weblog/2023/feb/01/security-releases/" } ], "schema_version": "1.7.0", "summary": "Django -- multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "kafka" }, "ranges": [ { "events": [ { "fixed": "3.3.2" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://nvd.nist.gov/vuln/detail/CVE-2020-36518" ], "discovery": "2022-03-11T00:00:00Z", "references": { "cvename": [ "CVE-2020-36518" ] }, "vid": "01823528-a4c1-11ed-b6af-b42e991fc52e" }, "details": "NIST reports:\n\n> jackson-databind before 2.13.0 allows a Java StackOverflow exception\n> and denial of service via a large depth of nested objects.\n", "id": "FreeBSD-2023-0034", "modified": "2023-02-04T00:00:00Z", "published": "2023-02-04T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-36518" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-36518" }, { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-36518" } ], "schema_version": "1.7.0", "summary": "kafka -- Denial Of Service vulnerability" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "node_exporter" }, "ranges": [ { "events": [ { "fixed": "1.5.0" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://github.com/prometheus/exporter-toolkit/security/advisories/GHSA-7rg2-cxvp-9p7p" ], "discovery": "2021-11-28T00:00:00Z", "references": { "cvename": [ "CVE-2022-46146" ] }, "vid": "d835c54f-a4bd-11ed-b6af-b42e991fc52e" }, "details": "Prometheus team reports:\n\n> Prometheus and its exporters can be secured by a web.yml file that\n> specifies usernames and hashed passwords for basic authentication.\n> Passwords are hashed with bcrypt, which means that even if you have\n> access to the hash, it is very hard to find the original password\n> back. Passwords are hashed with bcrypt, which means that even if you\n> have access to the hash, it is very hard to find the original password\n> back. However, a flaw in the way this mechanism was implemented in the\n> exporter toolkit makes it possible with people who know the hashed\n> password to authenticate against Prometheus. A request can be forged\n> by an attacker to poison the internal cache used to cache the\n> computation of hashes and make subsequent requests successful. This\n> cache is used in both happy and unhappy scenarios in order to limit\n> side channel attacks that could tell an attacker if a user is present\n> in the file or not.\n", "id": "FreeBSD-2023-0033", "modified": "2023-02-04T00:00:00Z", "published": "2023-02-04T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://github.com/prometheus/exporter-toolkit/security/advisories/GHSA-7rg2-cxvp-9p7p" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-46146" }, { "type": "ADVISORY", "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-46146" } ], "schema_version": "1.7.0", "summary": "node_exporter -- bypass security with cache poisoning" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "asterisk18" }, "ranges": [ { "events": [ { "fixed": "18.15.1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://www.asterisk.org/downloads/security-advisories/" ], "discovery": "2022-12-01T00:00:00Z", "references": { "cvename": [ "CVE-2022-37325", "CVE-2022-42705", "CVE-2022-42706" ] }, "vid": "8dd438ed-a338-11ed-b48b-589cfc0f81b0" }, "details": "The Asterisk project reports:\n\n> AST-2022-007: Remote Crash Vulnerability in H323 channel add on\n>\n> AST-2022-008: Use after free in res_pjsip_pubsub.c\n>\n> AST-2022-009: GetConfig AMI Action can read files outside of Asterisk\n> directory\n", "id": "FreeBSD-2023-0032", "modified": "2023-02-02T00:00:00Z", "published": "2023-02-02T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://www.asterisk.org/downloads/security-advisories/" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-37325" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-42705" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-42706" }, { "type": "WEB", "url": "https://downloads.asterisk.org/pub/security/AST-2022-007.html" }, { "type": "WEB", "url": "https://downloads.asterisk.org/pub/security/AST-2022-008.html" }, { "type": "WEB", "url": "https://downloads.asterisk.org/pub/security/AST-2022-009.html" } ], "schema_version": "1.7.0", "summary": "Asterisk -- multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "py37-spotipy" }, "ranges": [ { "events": [ { "last_affected": "2.22.0" }, { "fixed": "2.22.0" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "py38-spotipy" }, "ranges": [ { "events": [ { "last_affected": "2.22.0" }, { "fixed": "2.22.0" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "py39-spotipy" }, "ranges": [ { "events": [ { "last_affected": "2.22.0" }, { "fixed": "2.22.0" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "py310-spotipy" }, "ranges": [ { "events": [ { "last_affected": "2.22.0" }, { "fixed": "2.22.0" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "py311-spotipy" }, "ranges": [ { "events": [ { "last_affected": "2.22.0" }, { "fixed": "2.22.0" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://github.com/spotipy-dev/spotipy/security/advisories/GHSA-q764-g6fm-555v" ], "discovery": "2023-01-16T00:00:00Z", "references": { "cvename": [ "CVE-2023-23608" ] }, "vid": "c3fb48cc-a2ff-11ed-8fbc-6cf0490a8c18" }, "details": "St\u00c3\u00a9phane Bruckert\n\n> If a malicious URI is passed to the library, the library can be\n> tricked into performing an operation on a different API endpoint than\n> intended.\n", "id": "FreeBSD-2023-0031", "modified": "2023-02-02T00:00:00Z", "published": "2023-02-02T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://github.com/spotipy-dev/spotipy/security/advisories/GHSA-q764-g6fm-555v" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-23608" }, { "type": "ADVISORY", "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-23608" }, { "type": "WEB", "url": "https://github.com/spotipy-dev/spotipy/security/advisories/GHSA-q764-g6fm-555v" } ], "schema_version": "1.7.0", "summary": "Spotipy -- Path traversal vulnerability" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "zeek" }, "ranges": [ { "events": [ { "fixed": "5.0.6" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://github.com/zeek/zeek/releases/tag/v5.0.6" ], "discovery": "2023-02-01T00:00:00Z", "vid": "2b5fc9c4-eaca-46e0-83d0-9b10c51c4b1b" }, "details": "Tim Wojtulewicz of Corelight reports:\n\n> A missing field in the SMB FSControl script-land record could cause a\n> heap buffer overflow when receiving packets containing those header\n> types.\n>\n> Receiving a series of packets that start with HTTP/1.0 and then switch\n> to HTTP/0.9 could cause Zeek to spend a large amount of time\n> processing the packets.\n>\n> Receiving large numbers of FTP commands sequentially from the network\n> with bad data in them could cause Zeek to spend a large amount of time\n> processing the packets, and generate a large amount of events.\n", "id": "FreeBSD-2023-0030", "modified": "2023-02-01T00:00:00Z", "published": "2023-02-01T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://github.com/zeek/zeek/releases/tag/v5.0.6" }, { "type": "WEB", "url": "https://github.com/zeek/zeek/releases/tag/v5.0.6" } ], "schema_version": "1.7.0", "summary": "zeek -- potential DoS vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "gitlab-ce" }, "ranges": [ { "events": [ { "introduced": "15.8.0" }, { "fixed": "15.8.1" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "15.7.0" }, { "fixed": "15.7.6" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "12.4.0" }, { "fixed": "15.6.7" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://about.gitlab.com/releases/2023/01/31/security-release-gitlab-15-8-1-released/" ], "discovery": "2023-01-31T00:00:00Z", "references": { "cvename": [ "CVE-2022-3411", "CVE-2022-4138", "CVE-2022-3759", "CVE-2023-0518" ] }, "vid": "ee890be3-a1ec-11ed-a81d-001b217b3468" }, "details": "Gitlab reports:\n\n> Denial of Service via arbitrarily large Issue descriptions\n>\n> CSRF via file upload allows an attacker to take over a repository\n>\n> Sidekiq background job DoS by uploading malicious CI job artifact zips\n>\n> Sidekiq background job DoS by uploading a malicious Helm package\n", "id": "FreeBSD-2023-0029", "modified": "2023-02-01T00:00:00Z", "published": "2023-02-01T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://about.gitlab.com/releases/2023/01/31/security-release-gitlab-15-8-1-released/" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-3411" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-4138" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-3759" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-0518" }, { "type": "WEB", "url": "https://about.gitlab.com/releases/2023/01/31/security-release-gitlab-15-8-1-released/" } ], "schema_version": "1.7.0", "summary": "Gitlab -- Multiple Vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "plexmediaserver" }, "ranges": [ { "events": [ { "fixed": "1.25.0" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "plexmediaserver-plexpass" }, "ranges": [ { "events": [ { "fixed": "1.25.0" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://forums.plex.tv/t/security-regarding-cve-2021-42835/761510" ], "discovery": "2021-10-22T00:00:00Z", "references": { "cvename": [ "CVE-2021-42835" ] }, "vid": "98f78c7a-a08e-11ed-946e-002b67dfc673" }, "details": "Plex Security Team reports:\n\n> We have recently been made aware of a security vulnerability in Plex\n> Media Server versions prior to 1.25.0 that could allow a local Windows\n> user to obtain administrator privileges without authorization. To be\n> clear, this required the user to already have local, physical access\n> to the computer (just with a different user account on Windows). There\n> are no indications that this exploit could be used from a remote\n> machine.\n>\n> Plex Media Server versions 1.25.0.5282 and newer are not subject to\n> this vulnerability, and feature additional hardening to prevent\n> similar issues from occurring in the future. Users running older\n> server versions are encouraged to update their Plex Media Server\n> installations.\n", "id": "FreeBSD-2023-0028", "modified": "2023-01-30T00:00:00Z", "published": "2023-01-30T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://forums.plex.tv/t/security-regarding-cve-2021-42835/761510" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-42835" }, { "type": "ADVISORY", "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42835" } ], "schema_version": "1.7.0", "summary": "Plex Media Server -- security vulnerability" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "prometheus" }, "ranges": [ { "events": [ { "fixed": "0.8.1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://github.com/prometheus/exporter-toolkit/security/advisories/GHSA-7rg2-cxvp-9p7p" ], "discovery": "2022-11-28T00:00:00Z", "references": { "cvename": [ "CVE-2022-46146" ] }, "vid": "791a09c5-a086-11ed-954d-b42e991fc52e" }, "details": "Prometheus team reports:\n\n> Prometheus and its exporters can be secured by a web.yml file that\n> specifies usernames and hashed passwords for basic authentication.\n> Passwords are hashed with bcrypt, which means that even if you have\n> access to the hash, it is very hard to find the original password\n> back. Passwords are hashed with bcrypt, which means that even if you\n> have access to the hash, it is very hard to find the original password\n> back. However, a flaw in the way this mechanism was implemented in the\n> exporter toolkit makes it possible with people who know the hashed\n> password to authenticate against Prometheus. A request can be forged\n> by an attacker to poison the internal cache used to cache the\n> computation of hashes and make subsequent requests successful. This\n> cache is used in both happy and unhappy scenarios in order to limit\n> side channel attacks that could tell an attacker if a user is present\n> in the file or not.\n", "id": "FreeBSD-2023-0027", "modified": "2023-01-30T00:00:00Z", "published": "2023-01-30T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://github.com/prometheus/exporter-toolkit/security/advisories/GHSA-7rg2-cxvp-9p7p" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-46146" }, { "type": "ADVISORY", "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-46146" } ], "schema_version": "1.7.0", "summary": "prometheus2 -- basic authentication bypass" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "chromium" }, "ranges": [ { "events": [ { "fixed": "109.0.5414.119" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "ungoogled-chromium" }, "ranges": [ { "events": [ { "fixed": "109.0.5414.119" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://chromereleases.googleblog.com/2023/01/stable-channel-update-for-desktop_24.html" ], "discovery": "2023-01-24T00:00:00Z", "references": { "cvename": [ "CVE-2023-0471", "CVE-2023-0472", "CVE-2023-0473", "CVE-2023-0474" ] }, "vid": "3d0a3eb0-9ca3-11ed-a925-3065ec8fd3ec" }, "details": "Chrome Releases reports:\n\n> This release contains 6 security fixes, including:\n>\n> - \\[1376354\\] High CVE-2023-0471: Use after free in WebTransport.\n> Reported by chichoo Kim(chichoo) and Cassidy Kim(@cassidy6564) on\n> 2022-10-19\n> - \\[1405256\\] High CVE-2023-0472: Use after free in WebRTC. Reported\n> by Cassidy Kim(@cassidy6564) on 2023-01-06\n> - \\[1404639\\] Medium CVE-2023-0473: Type Confusion in ServiceWorker\n> API. Reported by raven at KunLun lab on 2023-01-03\n> - \\[1400841\\] Medium CVE-2023-0474: Use after free in GuestView.\n> Reported by avaue at S.S.L on 2022-12-14\n", "id": "FreeBSD-2023-0026", "modified": "2023-01-25T00:00:00Z", "published": "2023-01-25T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://chromereleases.googleblog.com/2023/01/stable-channel-update-for-desktop_24.html" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-0471" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-0472" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-0473" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-0474" }, { "type": "WEB", "url": "https://chromereleases.googleblog.com/2023/01/stable-channel-update-for-desktop_24.html" } ], "schema_version": "1.7.0", "summary": "chromium -- multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "re2c" }, "ranges": [ { "events": [ { "fixed": "2.0" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://github.com/advisories/GHSA-pgr8-gpgg-9j5m" ], "discovery": "2022-05-24T00:00:00Z", "references": { "cvename": [ "CVE-2018-21232" ] }, "vid": "b0e1fa2b-9c86-11ed-9296-002b67dfc673" }, "details": "re2c reports:\n\n> re2c before 2.0 has uncontrolled recursion that causes stack\n> consumption in find_fixed_tags.\n", "id": "FreeBSD-2023-0025", "modified": "2023-01-25T00:00:00Z", "published": "2023-01-25T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://github.com/advisories/GHSA-pgr8-gpgg-9j5m" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-21232" }, { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-21232" } ], "schema_version": "1.7.0", "summary": "re2c -- uncontrolled recursion" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "gitea" }, "ranges": [ { "events": [ { "fixed": "1.18.3" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://github.com/go-gitea/gitea/pull/22566" ], "discovery": "2022-01-22T00:00:00Z", "vid": "b8a0fea2-9be9-11ed-8acf-0800277bb8a8" }, "details": "The Gitea team reports:\n\n> Prevent multiple To recipients: Change the mailer interface to prevent\n> leaking of possible hidden email addresses when sending to multiple\n> recipients.\n", "id": "FreeBSD-2023-0024", "modified": "2023-01-24T00:00:00Z", "published": "2023-01-24T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://github.com/go-gitea/gitea/pull/22566" }, { "type": "WEB", "url": "https://blog.gitea.io/2023/01/gitea-1.18.3-is-released/" } ], "schema_version": "1.7.0", "summary": "gitea -- information disclosure" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "krill" }, "ranges": [ { "events": [ { "fixed": "0.12.1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0158" ], "discovery": "2023-01-10T00:00:00Z", "references": { "cvename": [ "CVE-2023-0158" ] }, "vid": "7844789a-9b1f-11ed-9a3f-b42e991fc52e" }, "details": "MITRE reports:\n\n> NLnet Labs Krill supports direct access to the RRDP repository content\n> through its built-in web server at the \\\"/rrdp\\\" endpoint. Prior to\n> 0.12.1 a direct query for any existing directory under \\\"/rrdp/\\\",\n> rather than an RRDP file such as \\\"/rrdp/notification.xml\\\" as would\n> be expected, causes Krill to crash. If the built-in \\\"/rrdp\\\" endpoint\n> is exposed directly to the internet, then malicious remote parties can\n> cause the publication server to crash. The repository content is not\n> affected by this, but the availability of the server and repository\n> can cause issues if this attack is persistent and is not mitigated. .\n", "id": "FreeBSD-2023-0023", "modified": "2023-01-23T00:00:00Z", "published": "2023-01-23T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0158" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-0158" }, { "type": "ADVISORY", "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0158" } ], "schema_version": "1.7.0", "summary": "net/krill -- DoS vulnerability" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "awstats" }, "ranges": [ { "events": [ { "fixed": "7.8" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35176" ], "discovery": "2022-12-11T00:00:00Z", "references": { "cvename": [ "CVE-2020-35176" ] }, "vid": "bba3f684-9b1d-11ed-9a3f-b42e991fc52e" }, "details": "MITRE reports:\n\n> It seems #90 is not completely fixed in 7.8. (that is, even after\n> CVE-2017-1000501 and CVE-2020-29600 are fixed). In AWStats through\n> 7.8, cgi-bin/awstats.pl?config= accepts a partial absolute pathname\n> (omitting the initial /etc), even though it was intended to only read\n> a file in the /etc/awstats/awstats.conf format. NOTE: this issue\n> exists because of an incomplete fix for CVE-2017-1000501 and\n> CVE-2020-29600.\n", "id": "FreeBSD-2023-0022", "modified": "2023-01-23T00:00:00Z", "published": "2023-01-23T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35176" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-35176" }, { "type": "ADVISORY", "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35176" } ], "schema_version": "1.7.0", "summary": "www/awstats -- Partial absolute pathname" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "eternalterminal" }, "ranges": [ { "events": [ { "fixed": "6.2.1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-48257" ], "discovery": "2023-01-13T00:00:00Z", "references": { "cvename": [ "CVE-2022-48257", "CVE-2022-48258" ] }, "vid": "b6f7ad7d-9b19-11ed-9a3f-b42e991fc52e" }, "details": "Mitre reports:\n\n> etserver and etclient have predictable logfile names in /tmp and they\n> are world-readable logfiles\n", "id": "FreeBSD-2023-0021", "modified": "2023-01-23T00:00:00Z", "published": "2023-01-23T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-48257" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-48257" }, { "type": "ADVISORY", "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-48257" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-48258" }, { "type": "ADVISORY", "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-48258" } ], "schema_version": "1.7.0", "summary": "net/eternalterminal -- Multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "powerdns-recursor" }, "ranges": [ { "events": [ { "introduced": "4.8.0" }, { "fixed": "4.8.1" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://blog.powerdns.com/2023/01/20/security-advisory-2023-01-for-powerdns-recursor-4-8-0/" ], "discovery": "2023-01-20T00:00:00Z", "references": { "cvename": [ "CVE-2023-22617" ] }, "vid": "28b69630-9b10-11ed-97a6-6805ca2fa271" }, "details": "PowerDNS Team reports:\n\n> PowerDNS Security Advisory 2023-01: unbounded recursion results in\n> program termination\n", "id": "FreeBSD-2023-0020", "modified": "2023-01-23T00:00:00Z", "published": "2023-01-23T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://blog.powerdns.com/2023/01/20/security-advisory-2023-01-for-powerdns-recursor-4-8-0/" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-22617" }, { "type": "WEB", "url": "https://docs.powerdns.com/recursor/security-advisories/powerdns-advisory-2023-01.html" } ], "schema_version": "1.7.0", "summary": "powerdns-recursor -- denial of service" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "fish" }, "ranges": [ { "events": [ { "introduced": "3.1.0" }, { "fixed": "3.4.0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://nvd.nist.gov/vuln/detail/CVE-2022-20001" ], "discovery": "2021-12-26T00:00:00Z", "references": { "cvename": [ "CVE-2022-20001" ] }, "vid": "a3b10c9b-99d9-11ed-aa55-d05099fed512" }, "details": "Peter Ammon reports:\n\n> fish is a command line shell. fish version 3.1.0 through version 3.3.1\n> is vulnerable to arbitrary code execution. git repositories can\n> contain per-repository configuration that change the behavior of git,\n> including running arbitrary commands. When using the default\n> configuration of fish, changing to a directory automatically runs git\n> commands in order to display information about the current repository\n> in the prompt. If an attacker can convince a user to change their\n> current directory into one controlled by the attacker, such as on a\n> shared file system or extracted archive, fish will run arbitrary\n> commands under the attacker\\'s control. This problem has been fixed in\n> fish 3.4.0. Note that running git in these directories, including\n> using the git tab completion, remains a potential trigger for this\n> issue. As a workaround, remove the fish_git_prompt function from the\n> prompt.\n", "id": "FreeBSD-2023-0019", "modified": "2023-01-21T00:00:00Z", "published": "2023-01-21T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-20001" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-20001" }, { "type": "ADVISORY", "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-20001" } ], "schema_version": "1.7.0", "summary": "shells/fish -- arbitrary code execution via git" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "mysql-connector-c++" }, "ranges": [ { "events": [ { "fixed": "8.0.33" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "mysql-connector-odbc" }, "ranges": [ { "events": [ { "fixed": "8.0.33" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "mysql-client57" }, "ranges": [ { "events": [ { "fixed": "5.7.42" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "mysql-server57" }, "ranges": [ { "events": [ { "fixed": "5.7.42" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "mysql-client80" }, "ranges": [ { "events": [ { "fixed": "8.0.33" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "mysql-server80" }, "ranges": [ { "events": [ { "fixed": "8.0.33" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://www.oracle.com/security-alerts/cpujan2023.html#AppendixMSQL" ], "discovery": "2023-01-20T00:00:00Z", "references": { "cvename": [ "CVE-2022-32221", "CVE-2022-24407", "CVE-2022-24407", "CVE-2022-3171", "CVE-2022-1941", "CVE-2023-21868", "CVE-2023-21860", "CVE-2023-21875", "CVE-2023-21869", "CVE-2023-21877", "CVE-2023-21880", "CVE-2023-21872", "CVE-2023-21871", "CVE-2023-21836", "CVE-2023-21887", "CVE-2023-21863", "CVE-2023-21864", "CVE-2023-21865", "CVE-2023-21866", "CVE-2023-21867", "CVE-2023-21870", "CVE-2023-21873", "CVE-2023-21876", "CVE-2023-21878", "CVE-2023-21879", "CVE-2023-21881", "CVE-2023-21883", "CVE-2023-21840", "CVE-2023-21882", "CVE-2023-21874" ] }, "vid": "dc49f6dc-99d2-11ed-86e9-d4c9ef517024" }, "details": "Oracle reports:\n\n> This Critical Patch Update contains 37 new security patches for Oracle\n> MySQL. 8 of these vulnerabilities may be remotely exploitable without\n> authentication, i.e., may be exploited over a network withouti\n> requiring user credentials.\n", "id": "FreeBSD-2023-0018", "modified": "2023-01-21T00:00:00Z", "published": "2023-01-21T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://www.oracle.com/security-alerts/cpujan2023.html#AppendixMSQL" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-32221" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-24407" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-24407" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-3171" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-1941" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-21868" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-21860" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-21875" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-21869" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-21877" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-21880" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-21872" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-21871" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-21836" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-21887" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-21863" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-21864" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-21865" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-21866" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-21867" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-21870" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-21873" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-21876" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-21878" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-21879" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-21881" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-21883" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-21840" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-21882" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-21874" }, { "type": "WEB", "url": "https://www.oracle.com/security-alerts/cpujan2023.html#AppendixMSQL" } ], "schema_version": "1.7.0", "summary": "MySQL -- Multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "phpmyfaq" }, "ranges": [ { "events": [ { "fixed": "3.1.10" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://www.phpmyfaq.de/security/advisory-2022-10-24" ], "discovery": "2023-01-15T00:00:00Z", "vid": "005dfb48-990d-11ed-b9d3-589cfc0f81b0" }, "details": "phpmyfaq developers report:\n\n> phpMyFAQ does not implement sufficient checks to avoid a stored XSS in\n> \\\"Add new question\\\"\n>\n> phpMyFAQ does not implement sufficient checks to avoid a stored XSS in\n> admin user page\n>\n> phpMyFAQ does not implement sufficient checks to avoid a stored XSS in\n> FAQ comments\n>\n> phpMyFAQ does not implement sufficient checks to avoid a blind stored\n> XSS in admin open question page\n>\n> phpMyFAQ does not implement sufficient checks to avoid a reflected XSS\n> in the admin backend login\n>\n> phpMyFAQ does not implement sufficient checks to avoid stored XSS on\n> user, category, FAQ, news and configuration admin backend\n>\n> phpMyFAQ does not implement sufficient checks to avoid weak passwords\n", "id": "FreeBSD-2023-0017", "modified": "2023-01-20T00:00:00Z", "published": "2023-01-20T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://www.phpmyfaq.de/security/advisory-2022-10-24" }, { "type": "WEB", "url": "https://huntr.dev/bounties/cbba22f0-89ed-4d01-81ea-744979c8cbde/" }, { "type": "WEB", "url": "https://huntr.dev/bounties/fac01e9f-e3e5-4985-94ad-59a76485f215/" }, { "type": "WEB", "url": "https://huntr.dev/bounties/83cfed62-af8b-4aaa-94f2-5a33dc0c2d69/" }, { "type": "WEB", "url": "https://huntr.dev/bounties/051d5e20-7fab-4769-bd7d-d986b804bb5a/" }, { "type": "WEB", "url": "https://huntr.dev/bounties/c03c5925-43ff-450d-9827-2b65a3307ed6/" }, { "type": "WEB", "url": "https://huntr.dev/bounties/f50ec8d1-cd60-4c2d-9ab8-3711870d83b9/" }, { "type": "WEB", "url": "https://huntr.dev/bounties/82b0b629-c56b-4651-af3f-17f749751857/" }, { "type": "WEB", "url": "https://huntr.dev/bounties/eac0a9d7-9721-4191-bef3-d43b0df59c67/" }, { "type": "WEB", "url": "https://huntr.dev/bounties/bc27e84b-1f91-4e1b-a78c-944edeba8256/" } ], "schema_version": "1.7.0", "summary": "phpmyfaq -- multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "rubygem-rack" }, "ranges": [ { "events": [ { "fixed": "3.0.4.1,3" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "rubygem-rack22" }, "ranges": [ { "events": [ { "fixed": "2.2.6.2,3" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "rubygem-rack16" }, "ranges": [ { "events": [ { "fixed": "1.6.14" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://github.com/rack/rack/blob/v3.0.4.1/CHANGELOG.md" ], "discovery": "2023-01-17T00:00:00Z", "references": { "cvename": [ "CVE-2022-44570", "CVE-2022-44571", "CVE-2022-44572" ] }, "vid": "95176ba5-9796-11ed-bfbf-080027f5fec9" }, "details": "Aaron Patterson reports:\n\n> \n>\n> CVE-2022-44570\n> : Carefully crafted input can cause the Range header parsing\n> component in Rack to take an unexpected amount of time, possibly\n> resulting in a denial of service attack vector. Any applications\n> that deal with Range requests (such as streaming applications, or\n> applications that serve files) may be impacted.\n>\n> CVE-2022-44571\n> : Carefully crafted input can cause Content-Disposition header\n> parsing in Rack to take an unexpected amount of time, possibly\n> resulting in a denial of service attack vector. This header is\n> used typically used in multipart parsing. Any applications that\n> parse multipart posts using Rack (virtually all Rails\n> applications) are impacted.\n>\n> CVE-2022-44572\n> : Carefully crafted input can cause RFC2183 multipart boundary\n> parsing in Rack to take an unexpected amount of time, possibly\n> resulting in a denial of service attack vector. Any applications\n> that parse multipart posts using Rack (virtually all Rails\n> applications) are impacted.\n", "id": "FreeBSD-2023-0016", "modified": "2023-01-19T00:00:00Z", "published": "2023-01-19T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://github.com/rack/rack/blob/v3.0.4.1/CHANGELOG.md" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-44570" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-44571" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-44572" }, { "type": "WEB", "url": "https://github.com/rack/rack/blob/v3.0.4.1/CHANGELOG.md" }, { "type": "ADVISORY", "url": "https://github.com/advisories/GHSA-65f5-mfpf-vfhj" }, { "type": "ADVISORY", "url": "https://github.com/advisories/GHSA-93pm-5p5f-3ghx" }, { "type": "ADVISORY", "url": "https://github.com/advisories/GHSA-rqv2-275x-2jq5" } ], "schema_version": "1.7.0", "summary": "rack -- Multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "apache24" }, "ranges": [ { "events": [ { "fixed": "2.4.55" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://downloads.apache.org/httpd/CHANGES_2.4.55" ], "discovery": "2023-01-17T00:00:00Z", "references": { "cvename": [ "CVE-2022-37436", "CVE-2022-36760", "CVE-2006-20001" ] }, "vid": "00919005-96a3-11ed-86e9-d4c9ef517024" }, "details": "The Apache httpd project reports:\n\n> mod_dav out of bounds read, or write of zero byte (CVE-2006-20001)\n> (moderate)\n>\n> mod_proxy_ajp Possible request smuggling (CVE-2022-36760) (moderate)\n>\n> mod_proxy prior to 2.4.55 allows a backend to trigger HTTP response\n> splitting (CVE-2022-37436) (moderate)\n", "id": "FreeBSD-2023-0015", "modified": "2023-01-17T00:00:00Z", "published": "2023-01-17T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://downloads.apache.org/httpd/CHANGES_2.4.55" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-37436" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-36760" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2006-20001" }, { "type": "WEB", "url": "https://downloads.apache.org/httpd/CHANGES_2.4.55" } ], "schema_version": "1.7.0", "summary": "Apache httpd -- Multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "redis" }, "ranges": [ { "events": [ { "fixed": "7.0.8" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "redis-devel" }, "ranges": [ { "events": [ { "fixed": "7.0.8.20230116" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "redis62" }, "ranges": [ { "events": [ { "fixed": "6.2.9" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "redis6" }, "ranges": [ { "events": [ { "fixed": "6.0.17" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://github.com/redis/redis/releases/tag/7.0.8" ], "discovery": "2023-01-16T00:00:00Z", "references": { "cvename": [ "CVE-2022-35977", "CVE-2023-22458" ] }, "vid": "5fa68bd9-95d9-11ed-811a-080027f5fec9" }, "details": "The Redis core team reports:\n\n> \n>\n> CVE-2022-35977\n> : Integer overflow in the Redis SETRANGE and SORT/SORT_RO commands\n> can drive Redis to OOM panic.\n>\n> CVE-2023-22458\n> : Integer overflow in the Redis HRANDFIELD and ZRANDMEMBER commands\n> can lead to denial-of-service.\n", "id": "FreeBSD-2023-0014", "modified": "2023-01-16T00:00:00Z", "published": "2023-01-16T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://github.com/redis/redis/releases/tag/7.0.8" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-35977" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-22458" }, { "type": "WEB", "url": "https://github.com/redis/redis/releases/tag/7.0.8" } ], "schema_version": "1.7.0", "summary": "redis -- multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "keycloak" }, "ranges": [ { "events": [ { "fixed": "20.0.3" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://cve.circl.lu/cve/CVE-2022-41966" ], "discovery": "2022-09-07T00:00:00Z", "references": { "cvename": [ "CVE-2022-40151", "CVE-2022-41966" ] }, "vid": "9d9e9439-959e-11ed-b464-b42e991fc52e" }, "details": "CIRCL reports:\n\n> - CVE-2022-41966: XStream serializes Java objects to XML and back\n> again. Versions prior to 1.4.20 may allow a remote attacker to\n> terminate the application with a stack overflow error, resulting in\n> a denial of service only via manipulation the processed input\n> stream.\n> - CVE-2022-40151: If the parser is running on user supplied input, an\n> attacker may supply content that causes the parser to crash by\n> stackoverflow. This effect may support a denial of service attack.\n", "id": "FreeBSD-2023-0013", "modified": "2023-01-16T00:00:00Z", "published": "2023-01-16T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://cve.circl.lu/cve/CVE-2022-41966" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-40151" }, { "type": "ADVISORY", "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-40151" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-41966" }, { "type": "ADVISORY", "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=2022-41966" } ], "schema_version": "1.7.0", "summary": "security/keycloak -- Multiple possible DoS attacks" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "tor" }, "ranges": [ { "events": [ { "fixed": "0.4.7.13" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://gitlab.torproject.org/tpo/core/tor/-/issues/40730" ], "discovery": "2023-01-12T00:00:00Z", "vid": "847f16e5-9406-11ed-a925-3065ec8fd3ec" }, "details": "The Tor Project reports:\n\n> TROVE-2022-002: The SafeSocks option for SOCKS4(a) is inverted leading\n> to SOCKS4 going through\n>\n> This is a report from hackerone:\\\n> We have classified this as medium considering that tor was not\n> defending in-depth for dangerous SOCKS request and so any user relying\n> on SafeSocks 1 to make sure they don\\'t link DNS leak and their Tor\n> traffic wasn\\'t safe afterall for SOCKS4(a). Tor Browser doesn\\'t use\n> SafeSocks 1 and SOCKS4 so at least the likely vast majority of users\n> are not affected.\n", "id": "FreeBSD-2023-0012", "modified": "2023-01-14T00:00:00Z", "published": "2023-01-14T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://gitlab.torproject.org/tpo/core/tor/-/issues/40730" }, { "type": "WEB", "url": "https://hackerone.com/bugs?subject=torproject&report_id=1784589" }, { "type": "WEB", "url": "https://gitlab.torproject.org/tpo/core/tor/-/issues/40730" } ], "schema_version": "1.7.0", "summary": "security/tor -- SOCKS4(a) inversion bug" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "emacs" }, "ranges": [ { "events": [ { "fixed": "28.2_2,3" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "emacs-canna" }, "ranges": [ { "events": [ { "fixed": "28.2_2,3" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "emacs-nox" }, "ranges": [ { "events": [ { "fixed": "28.2_2,3" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "emacs-devel" }, "ranges": [ { "events": [ { "fixed": "30.0.50.202211128,2" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "emacs-devel-nox" }, "ranges": [ { "events": [ { "fixed": "30.0.50.202211128,2" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://nvd.nist.gov/vuln/detail/CVE-2022-45939" ], "discovery": "2022-11-28T00:00:00Z", "references": { "cvename": [ "CVE-2022-45939" ] }, "vid": "76e2fcce-92d2-11ed-a635-080027f5fec9" }, "details": "lu4nx reports:\n\n> GNU Emacs through 28.2 allows attackers to execute commands via shell\n> metacharacters in the name of a source-code file, because\n> lib-src/etags.c uses the system C library function in its\n> implementation of the ctags program. For example, a victim may use the\n> \\\"ctags \\*\\\" command (suggested in the ctags documentation) in a\n> situation where the current working directory has contents that depend\n> on untrusted input.\n", "id": "FreeBSD-2023-0011", "modified": "2023-01-12T00:00:00Z", "published": "2023-01-12T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-45939" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-45939" }, { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-45939" } ], "schema_version": "1.7.0", "summary": "emacs -- arbitary shell command execution vulnerability of ctags" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "cassandra3" }, "ranges": [ { "events": [ { "fixed": "3.11.14" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://gitbox.apache.org/repos/asf?p=cassandra.git;a=blob_plain;f=CHANGES.txt;hb=refs/tags/cassandra-3.11.14" ], "discovery": "2023-01-11T00:00:00Z", "references": { "cvename": [ "CVE-2022-24823", "CVE-2020-7238", "CVE-2019-2684", "CVE-2022-25857", "CVE-2022-42003", "CVE-2022-42004" ] }, "vid": "53caf29b-9180-11ed-acbe-b42e991fc52e" }, "details": "Cassandra tema reports:\n\n> This release contains 6 security fixes including\n>\n> - CVE-2022-24823: When Netty\\'s multipart decoders are used local\n> information disclosure can occur via the local system temporary\n> directory\n> - CVE-2020-7238: Netty 4.1.43.Final allows HTTP Request Smuggling\n> because it mishandles Transfer-Encoding whitespace (such as a\n> \\[space\\]Transfer-Encoding:chunked line) and a later Content-Length\n> header.\n> - CVE-2019-2684: Difficult to exploit vulnerability allows\n> unauthenticated attacker with network access via multiple protocols\n> to compromise Java SE\n> - CVE-2022-25857: The package org.yaml:snakeyaml from 0 and before\n> 1.31 are vulnerable to Denial of Service (DoS) due missing to nested\n> depth limitation for collections.\n> - CVE-2022-42003: In FasterXML jackson-databind, resource exhaustion\n> can occur because of a lack of a check in primitive value\n> deserializers to avoid deep wrapper array nesting, when the\n> UNWRAP_SINGLE_VALUE_ARRAYS feature is enabled.\n> - CVE-2022-42004: In FasterXML jackson-databind, resource exhaustion\n> can occur because of a lack of a check in\n> BeanDeserializer.\\_deserializeFromArray to prevent use of deeply\n> nested arrays.\n", "id": "FreeBSD-2023-0010", "modified": "2023-01-11T00:00:00Z", "published": "2023-01-11T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://gitbox.apache.org/repos/asf?p=cassandra.git;a=blob_plain;f=CHANGES.txt;hb=refs/tags/cassandra-3.11.14" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-24823" }, { "type": "ADVISORY", "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24823" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-7238" }, { "type": "ADVISORY", "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7238" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-2684" }, { "type": "ADVISORY", "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-2684" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-25857" }, { "type": "ADVISORY", "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-25857" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-42003" }, { "type": "ADVISORY", "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42003" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-42004" }, { "type": "ADVISORY", "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42004" } ], "schema_version": "1.7.0", "summary": "cassandra3 -- multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "cassandra3" }, "ranges": [ { "events": [ { "fixed": "3.11.13" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://lists.apache.org/thread/y4nb9s4co34j8hdfmrshyl09lokm7356" ], "discovery": "2022-02-11T00:00:00Z", "references": { "cvename": [ "CVE-2021-44521" ] }, "vid": "60624f63-9180-11ed-acbe-b42e991fc52e" }, "details": "Marcus Eriksson reports:\n\n> When running Apache Cassandra with the following configuration:\n> enable_user_defined_functions: true\n> enable_scripted_user_defined_functions: true\n> enable_user_defined_functions_threads: false it is possible for an\n> attacker to execute arbitrary code on the host. The attacker would\n> need to have enough permissions to create user defined functions in\n> the cluster to be able to exploit this.\n", "id": "FreeBSD-2023-0009", "modified": "2023-01-11T00:00:00Z", "published": "2023-01-11T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://lists.apache.org/thread/y4nb9s4co34j8hdfmrshyl09lokm7356" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-44521" }, { "type": "WEB", "url": "https://www.cvedetails.com/cve/CVE-2021-44521" } ], "schema_version": "1.7.0", "summary": "cassandra3 -- arbitrary code execution" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "cassandra3" }, "ranges": [ { "events": [ { "fixed": "3.11.12" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "http://www.mindrot.org/projects/jBCrypt/news/rel04.html" ], "discovery": "2015-01-30T00:00:00Z", "references": { "cvename": [ "CVE-2015-0886" ] }, "vid": "b3fd12ea-917a-11ed-acbe-b42e991fc52e" }, "details": "mindrot project reports:\n\n> There is an integer overflow that occurs with very large log_rounds\n> values, first reported by Marcus Rathsfeld.\n", "id": "FreeBSD-2023-0008", "modified": "2023-01-11T00:00:00Z", "published": "2023-01-11T00:00:00Z", "references": [ { "type": "REPORT", "url": "http://www.mindrot.org/projects/jBCrypt/news/rel04.html" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2015-0886" }, { "type": "ADVISORY", "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0886" } ], "schema_version": "1.7.0", "summary": "cassandra3 -- jBCrypt integer overflow" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "xorg-server" }, "ranges": [ { "events": [ { "fixed": "21.1.5,1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "xephyr" }, "ranges": [ { "events": [ { "fixed": "21.1.5,1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "xorg-vfbserver" }, "ranges": [ { "events": [ { "fixed": "21.1.5,1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "xorg-nestserver" }, "ranges": [ { "events": [ { "fixed": "21.1.5,2" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "xwayland" }, "ranges": [ { "events": [ { "fixed": "22.1.6,1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "xwayland-devel" }, "ranges": [ { "events": [ { "fixed": "21.0.99.1.319" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://lists.x.org/archives/xorg-announce/2022-December/003302.html" ], "discovery": "2022-12-14T00:00:00Z", "references": { "cvename": [ "CVE-2022-46340", "CVE-2022-46341", "CVE-2022-46342", "CVE-2022-46343", "CVE-2022-46344", "CVE-2022-4283" ] }, "vid": "9fa7b139-c1e9-409e-bed0-006aadcf5845" }, "details": "The X.org project reports:\n\n> - CVE-2022-46340/ZDI-CAN-19265: X.Org Server XTestSwapFakeInput stack\n> overflow\n>\n> The swap handler for the XTestFakeInput request of the XTest\n> extension may corrupt the stack if GenericEvents with lengths larger\n> than 32 bytes are sent through a the XTestFakeInput request.\n>\n> This issue does not affect systems where client and server use the\n> same byte order.\n>\n> - CVE-2022-46341/ZDI-CAN-19381: X.Org Server XIPassiveUngrab\n> out-of-bounds access\n>\n> The handler for the XIPassiveUngrab request accesses out-of-bounds\n> memory when invoked with a high keycode or button code.\n>\n> - CVE-2022-46342/ZDI-CAN-19400: X.Org Server XvdiSelectVideoNotify\n> use-after-free\n>\n> The handler for the XvdiSelectVideoNotify request may write to\n> memory after it has been freed.\n>\n> - CVE-2022-46343/ZDI-CAN-19404: X.Org Server ScreenSaverSetAttributes\n> use-after-free\n>\n> The handler for the ScreenSaverSetAttributes request may write to\n> memory after it has been freed.\n>\n> - CVE-2022-46344/ZDI-CAN-19405: X.Org Server XIChangeProperty\n> out-of-bounds access\n>\n> The handler for the XIChangeProperty request has a length-validation\n> issues, resulting in out-of-bounds memory reads and potential\n> information disclosure.\n>\n> - CVE-2022-4283/ZDI-CAN-19530: X.Org Server XkbGetKbdByName\n> use-after-free\n>\n> The XkbCopyNames function left a dangling pointer to freed memory,\n> resulting in out-of-bounds memory access on subsequent\n> XkbGetKbdByName requests.\n", "id": "FreeBSD-2023-0007", "modified": "2023-01-11T00:00:00Z", "published": "2023-01-11T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://lists.x.org/archives/xorg-announce/2022-December/003302.html" }, { "type": "WEB", "url": "https://lists.x.org/archives/xorg-announce/2022-December/003302.html" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-46340" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-46341" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-46342" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-46343" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-46344" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-4283" } ], "schema_version": "1.7.0", "summary": "xorg-server -- Multiple security issues in X server extensions" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "gitlab-ce" }, "ranges": [ { "events": [ { "introduced": "15.7.0" }, { "fixed": "15.7.2" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "15.6.0" }, { "fixed": "15.6.4" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "6.6.0" }, { "fixed": "15.5.7" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://about.gitlab.com/releases/2023/01/09/security-release-gitlab-15-7-2-released/" ], "discovery": "2023-01-09T00:00:00Z", "references": { "cvename": [ "CVE-2022-4037", "CVE-2022-3613", "CVE-2022-4365", "CVE-2022-4342", "CVE-2022-3573", "CVE-2022-4167", "CVE-2022-3870", "CVE-2023-0042", "CVE-2022-4131", "CVE-2022-3514" ] }, "vid": "3a023570-91ab-11ed-8950-001b217b3468" }, "details": "Gitlab reports:\n\n> Race condition on gitlab.com enables verified email forgery and\n> third-party account hijacking\n>\n> DOS and high resource consumption of Prometheus server through abuse\n> of Grafana integration proxy endpoint\n>\n> Maintainer can leak sentry token by changing the configured URL\n>\n> Maintainer can leak masked webhook secrets by changing target URL of\n> the webhook\n>\n> Cross-site scripting in wiki changes page affecting self-hosted\n> instances running without strict CSP\n>\n> Group access tokens continue to work after owner loses ability to\n> revoke them\n>\n> Users\\' avatar disclosure by user ID in private GitLab instances\n>\n> Arbitrary Protocol Redirection in GitLab Pages\n>\n> Regex DoS due to device-detector parsing user agents\n>\n> Regex DoS in the Submodule Url Parser\n", "id": "FreeBSD-2023-0006", "modified": "2023-01-11T00:00:00Z", "published": "2023-01-11T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://about.gitlab.com/releases/2023/01/09/security-release-gitlab-15-7-2-released/" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-4037" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-3613" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-4365" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-4342" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-3573" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-4167" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-3870" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-0042" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-4131" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-3514" }, { "type": "WEB", "url": "https://about.gitlab.com/releases/2023/01/09/security-release-gitlab-15-7-2-released/" } ], "schema_version": "1.7.0", "summary": "Gitlab -- Multiple Vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "chromium" }, "ranges": [ { "events": [ { "fixed": "109.0.5414.74" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "ungoogled-chromium" }, "ranges": [ { "events": [ { "fixed": "109.0.5414.74" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://chromereleases.googleblog.com/2023/01/stable-channel-update-for-desktop.html" ], "discovery": "2023-01-10T00:00:00Z", "references": { "cvename": [ "CVE-2023-0128", "CVE-2023-0129", "CVE-2023-0130", "CVE-2023-0131", "CVE-2023-0132", "CVE-2023-0133", "CVE-2023-0134", "CVE-2023-0135", "CVE-2023-0136", "CVE-2023-0137", "CVE-2023-0138", "CVE-2023-0139", "CVE-2023-0140", "CVE-2023-0141" ] }, "vid": "7b929503-911d-11ed-a925-3065ec8fd3ec" }, "details": "Chrome Releases reports:\n\n> This release contains 17 security fixes, including:\n>\n> - \\[1353208\\] High CVE-2023-0128: Use after free in Overview Mode.\n> Reported by Khalil Zhani on 2022-08-16\n> - \\[1382033\\] High CVE-2023-0129: Heap buffer overflow in Network\n> Service. Reported by asnine on 2022-11-07\n> - \\[1370028\\] Medium CVE-2023-0130: Inappropriate implementation in\n> Fullscreen API. Reported by Hafiizh on 2022-09-30\n> - \\[1357366\\] Medium CVE-2023-0131: Inappropriate implementation in\n> iframe Sandbox. Reported by NDevTK on 2022-08-28\n> - \\[1371215\\] Medium CVE-2023-0132: Inappropriate implementation in\n> Permission prompts. Reported by Jasper Rebane (popstonia) on\n> 2022-10-05\n> - \\[1375132\\] Medium CVE-2023-0133: Inappropriate implementation in\n> Permission prompts. Reported by Alesandro Ortiz on 2022-10-17\n> - \\[1385709\\] Medium CVE-2023-0134: Use after free in Cart. Reported\n> by Chaoyuan Peng (@ret2happy) on 2022-11-17\n> - \\[1385831\\] Medium CVE-2023-0135: Use after free in Cart. Reported\n> by Chaoyuan Peng (@ret2happy) on 2022-11-18\n> - \\[1356987\\] Medium CVE-2023-0136: Inappropriate implementation in\n> Fullscreen API. Reported by Axel Chong on 2022-08-26\n> - \\[1399904\\] Medium CVE-2023-0137: Heap buffer overflow in Platform\n> Apps. Reported by avaue and Buff3tts at S.S.L. on 2022-12-10\n> - \\[1346675\\] Low CVE-2023-0138: Heap buffer overflow in\n> libphonenumber. Reported by Michael Dau on 2022-07-23\n> - \\[1367632\\] Low CVE-2023-0139: Insufficient validation of untrusted\n> input in Downloads. Reported by Axel Chong on 2022-09-24\n> - \\[1326788\\] Low CVE-2023-0140: Inappropriate implementation in File\n> System API. Reported by harrison.mitchell, cybercx.com.au on\n> 2022-05-18\n> - \\[1362331\\] Low CVE-2023-0141: Insufficient policy enforcement in\n> CORS. Reported by scarlet on 2022-09-12\n", "id": "FreeBSD-2023-0005", "modified": "2023-01-10T00:00:00Z", "published": "2023-01-10T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://chromereleases.googleblog.com/2023/01/stable-channel-update-for-desktop.html" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-0128" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-0129" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-0130" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-0131" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-0132" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-0133" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-0134" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-0135" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-0136" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-0137" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-0138" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-0139" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-0140" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-0141" }, { "type": "WEB", "url": "https://chromereleases.googleblog.com/2023/01/stable-channel-update-for-desktop.html" } ], "schema_version": "1.7.0", "summary": "chromium -- multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "cacti" }, "ranges": [ { "events": [ { "fixed": "1.2.23" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://github.com/Cacti/cacti/security/advisories/GHSA-6p93-p743-35gf" ], "discovery": "2022-12-05T00:00:00Z", "references": { "cvename": [ "CVE-2022-46169" ] }, "vid": "59c284f4-8d2e-11ed-9ce0-b42e991fc52e" }, "details": "cacti team reports:\n\n> A command injection vulnerability allows an unauthenticated user to\n> execute arbitrary code on a server running Cacti, if a specific data\n> source was selected for any monitored device.\n", "id": "FreeBSD-2023-0004", "modified": "2023-01-09T00:00:00Z", "published": "2023-01-05T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://github.com/Cacti/cacti/security/advisories/GHSA-6p93-p743-35gf" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-46169" }, { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-46169" } ], "schema_version": "1.7.0", "summary": "net-mgmt/cacti is vulnerable to remote command injection" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "py37-viewvc-devel" }, "ranges": [ { "events": [ { "fixed": "1.3.0.20230104" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "py38-viewvc-devel" }, "ranges": [ { "events": [ { "fixed": "1.3.0.20230104" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "py39-viewvc-devel" }, "ranges": [ { "events": [ { "fixed": "1.3.0.20230104" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://github.com/viewvc/viewvc/releases/tag/1.1.30", "https://github.com/viewvc/viewvc/releases/tag/1.1.29" ], "discovery": "2023-01-04T00:00:00Z", "references": { "cvename": [ "CVE-2023-22464", "CVE-2023-22456" ] }, "vid": "541696ed-8d12-11ed-af80-ecf4bbc0bda0" }, "details": "C. Michael Pilato reports:\n\n> security fix: escape revision view copy paths (#311)\n> \\[CVE-2023-22464\\]\n\n> security fix: escape revision view changed paths (#311)\n> \\[CVE-2023-22456\\]\n", "id": "FreeBSD-2023-0003", "modified": "2023-01-05T00:00:00Z", "published": "2023-01-05T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://github.com/viewvc/viewvc/releases/tag/1.1.30" }, { "type": "REPORT", "url": "https://github.com/viewvc/viewvc/releases/tag/1.1.29" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-22464" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2023-22456" }, { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-22464" }, { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-22456" } ], "schema_version": "1.7.0", "summary": "devel/viewvc-devel is vulnerable to cross-site scripting" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "rxvt-unicode" }, "ranges": [ { "events": [ { "fixed": "9.31" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "http://lists.schmorp.de/pipermail/rxvt-unicode/2023q1/002638.html" ], "discovery": "2022-12-05T00:00:00Z", "references": { "cvename": [ "CVE-2022-4170" ] }, "vid": "5b2eac07-8b4d-11ed-8b23-a0f3c100ae18" }, "details": "Marc Lehmann reports:\n\n> The biggest issue is resolving CVE-2022-4170, which allows command\n> execution inside urxvt from within the terminal (that means anything\n> that can output text in the terminal can start commands in the context\n> of the urxvt process, even remotely).\n", "id": "FreeBSD-2023-0002", "modified": "2023-01-03T00:00:00Z", "published": "2023-01-03T00:00:00Z", "references": [ { "type": "REPORT", "url": "http://lists.schmorp.de/pipermail/rxvt-unicode/2023q1/002638.html" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-4170" }, { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-4170" } ], "schema_version": "1.7.0", "summary": "rxvt-unicode is vulnerable to a remote code execution" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "gitea" }, "ranges": [ { "events": [ { "fixed": "1.18.0" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://github.com/go-gitea/gitea/pull/22219", "https://github.com/go-gitea/gitea/pull/21139", "https://github.com/go-gitea/gitea/pull/20935" ], "discovery": "2022-08-23T00:00:00Z", "vid": "86c330fe-bbae-4ca7-85f7-5321e627a4eb" }, "details": "The Gitea team reports:\n\n> Remove ReverseProxy authentication from the API\n\n> Support Go Vulnerability Management\n\n> Forbid HTML string tooltips\n", "id": "FreeBSD-2023-0001", "modified": "2023-01-02T00:00:00Z", "published": "2023-01-02T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://github.com/go-gitea/gitea/pull/22219" }, { "type": "REPORT", "url": "https://github.com/go-gitea/gitea/pull/21139" }, { "type": "REPORT", "url": "https://github.com/go-gitea/gitea/pull/20935" }, { "type": "WEB", "url": "https://blog.gitea.io/2022/12/gitea-1.18.0-is-released/" }, { "type": "WEB", "url": "https://github.com/go-gitea/gitea/releases/tag/v1.18.0" } ], "schema_version": "1.7.0", "summary": "gitea -- multiple issues" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "webtrees" }, "ranges": [ { "events": [ { "fixed": "1.7.20" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://webtrees.net/blog/2022/06/04/new-webtrees-release-1-7-20.html" ], "discovery": "2022-06-04T00:00:00Z", "vid": "140a20e1-8769-11ed-b074-002b67dfc673" }, "details": "Webtrees reports:\n\n> GEDCOM imports containing errors and HTML displayed unescaped.\n", "id": "FreeBSD-2022-0250", "modified": "2022-12-29T00:00:00Z", "published": "2022-12-29T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://webtrees.net/blog/2022/06/04/new-webtrees-release-1-7-20.html" }, { "type": "WEB", "url": "https://webtrees.net/blog/2022/06/04/new-webtrees-release-1-7-20.html" } ], "schema_version": "1.7.0", "summary": "webtrees -- vulnerability" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "mediawiki135" }, "ranges": [ { "events": [ { "fixed": "1.35.9" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "mediawiki138" }, "ranges": [ { "events": [ { "fixed": "1.38.5" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "mediawiki139" }, "ranges": [ { "events": [ { "fixed": "1.39.1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://lists.wikimedia.org/hyperkitty/list/mediawiki-announce@lists.wikimedia.org/message/UEMW64LVEH3BEXCJV43CVS6XPYURKWU3/" ], "discovery": "2022-12-01T00:00:00Z", "vid": "d379aa14-8729-11ed-b988-080027d3a315" }, "details": "Mediawikwi reports:\n\n> (T322637, CVE-2022-PENDING) SECURITY: Make sqlite DB files not world\n> readable.\n", "id": "FreeBSD-2022-0249", "modified": "2022-12-29T00:00:00Z", "published": "2022-12-29T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://lists.wikimedia.org/hyperkitty/list/mediawiki-announce@lists.wikimedia.org/message/UEMW64LVEH3BEXCJV43CVS6XPYURKWU3/" }, { "type": "WEB", "url": "https://lists.wikimedia.org/hyperkitty/list/mediawiki-announce@lists.wikimedia.org/message/UEMW64LVEH3BEXCJV43CVS6XPYURKWU3/" } ], "schema_version": "1.7.0", "summary": "mediawiki -- multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "netdata" }, "ranges": [ { "events": [ { "fixed": "1.37.0" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://github.com/netdata/netdata/security/advisories" ], "discovery": "2022-11-30T00:00:00Z", "vid": "4b60c3d9-8640-11ed-a762-482ae324f959" }, "details": "Netdata reports:\n\n> GHSA-xg38-3vmw-2978: Netdata Streaming Alert Command Injection\n>\n> GHSA-jx85-39cw-66f2: Netdata Streaming Authentication Bypass\n", "id": "FreeBSD-2022-0248", "modified": "2022-12-27T00:00:00Z", "published": "2022-12-27T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://github.com/netdata/netdata/security/advisories" }, { "type": "WEB", "url": "https://github.com/netdata/netdata/security/advisories/GHSA-xg38-3vmw-2978" }, { "type": "WEB", "url": "https://github.com/netdata/netdata/security/advisories/GHSA-jx85-39cw-66f2" } ], "schema_version": "1.7.0", "summary": "netdata -- multiple vulnerabilities with streaming" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "freerdp" }, "ranges": [ { "events": [ { "fixed": "2.9.0" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://www.freerdp.com/2022/11/16/2_9_0-release" ], "discovery": "2022-12-24T00:00:00Z", "references": { "cvename": [ "CVE-2022-39316", "CVE-2022-39317", "CVE-2022-39318", "CVE-2022-39319", "CVE-2022-39320", "CVE-2022-39347", "CVE-2022-41877" ] }, "vid": "1f0421b1-8398-11ed-973d-002b67dfc673" }, "details": "FreeRDP reports:\n\n> GHSA-5w4j-mrrh-jjrm: Out of bound read in zgfx decoder.\n>\n> GHSA-99cm-4gw7-c8jh: Undefined behaviour in zgfx decoder.\n>\n> GHSA-387j-8j96-7q35: Division by zero in urbdrc channel.\n>\n> GHSA-mvxm-wfj2-5fvh: Missing length validation in urbdrc channel.\n>\n> GHSA-qfq2-82qr-7f4j: Heap buffer overflow in urbdrc channel.\n>\n> GHSA-c5xq-8v35-pffg: Missing path sanitation with \\`drive\\` channel.\n>\n> GHSA-pmv3-wpw4-pw5h: Missing input length validation in \\`drive\\`\n> channel.\n", "id": "FreeBSD-2022-0247", "modified": "2022-12-24T00:00:00Z", "published": "2022-12-24T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://www.freerdp.com/2022/11/16/2_9_0-release" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-39316" }, { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-39316" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-39317" }, { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-39317" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-39318" }, { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-39318" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-39319" }, { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-39319" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-39320" }, { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-39320" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-39347" }, { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-39347" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-41877" }, { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-41877" } ], "schema_version": "1.7.0", "summary": "freerdp -- multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "gitea" }, "ranges": [ { "events": [ { "fixed": "1.17.4" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://github.com/go-gitea/gitea/pull/21849", "https://github.com/go-gitea/gitea/pull/21580" ], "discovery": "2022-10-24T00:00:00Z", "vid": "d0da046a-81e6-11ed-96ca-0800277bb8a8" }, "details": "The Gitea team reports:\n\n> Do not allow Ghost access to limited visible user/org\n\n> Fix package access for admins and inactive users\n", "id": "FreeBSD-2022-0246", "modified": "2022-12-22T00:00:00Z", "published": "2022-12-22T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://github.com/go-gitea/gitea/pull/21849" }, { "type": "REPORT", "url": "https://github.com/go-gitea/gitea/pull/21580" }, { "type": "WEB", "url": "https://github.com/go-gitea/gitea/releases/tag/v1.17.4" } ], "schema_version": "1.7.0", "summary": "gitea -- multiple issues" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "typo3-11-php81" }, "ranges": [ { "events": [ { "fixed": "11.5.20" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "typo3-12-php81" }, "ranges": [ { "events": [ { "fixed": "12.1.2" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://typo3.org/article/typo3-1211-11520-and-10433-security-releases-published" ], "discovery": "2022-12-13T00:00:00Z", "references": { "cvename": [ "CVE-2022-23499", "CVE-2022-23500", "CVE-2022-23501", "CVE-2022-23502", "CVE-2022-23503", "CVE-2022-23504" ] }, "vid": "d9e154c9-7de9-11ed-adca-080027d3a315" }, "details": "TYPO3 reports:\n\n> TYPO3-CORE-SA-2022-012: Denial of Service in Page Error Handling.\n>\n> TYPO3-CORE-SA-2022-013: Weak Authentication in Frontend Login.\n>\n> TYPO3-CORE-SA-2022-014: Insufficient Session Expiration after Password\n> Reset.\n>\n> TYPO3-CORE-SA-2022-015: Arbitrary Code Execution via Form Framework.\n>\n> TYPO3-CORE-SA-2022-016: Sensitive Information Disclosure via YAML\n> Placeholder Expressions in Site Configuration.\n>\n> TYPO3-CORE-SA-2022-017: By-passing Cross-Site Scripting Protection in\n> HTML Sanitizer.\n", "id": "FreeBSD-2022-0245", "modified": "2022-12-17T00:00:00Z", "published": "2022-12-17T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://typo3.org/article/typo3-1211-11520-and-10433-security-releases-published" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-23499" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-23500" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-23501" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-23502" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-23503" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-23504" }, { "type": "WEB", "url": "https://typo3.org/article/typo3-1211-11520-and-10433-security-releases-published" } ], "schema_version": "1.7.0", "summary": "typo3 -- multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "chromium" }, "ranges": [ { "events": [ { "fixed": "108.0.5359.124" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "ungoogled-chromium" }, "ranges": [ { "events": [ { "fixed": "108.0.5359.124" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://chromereleases.googleblog.com/2022/12/stable-channel-update-for-desktop_13.html" ], "discovery": "2022-12-13T00:00:00Z", "references": { "cvename": [ "CVE-2022-4436", "CVE-2022-4437", "CVE-2022-4438", "CVE-2022-4439", "CVE-2022-4440" ] }, "vid": "83eb9374-7b97-11ed-be8f-3065ec8fd3ec" }, "details": "Chrome Releases reports:\n\n> This release contains 8 security fixes, including:\n>\n> - \\[1383991\\] High CVE-2022-4436: Use after free in Blink Media.\n> Reported by Anonymous on 2022-11-15\n> - \\[1394692\\] High CVE-2022-4437: Use after free in Mojo IPC. Reported\n> by koocola(@alo_cook) and Guang Gong of 360 Vulnerability Research\n> Institute on 2022-11-30\n> - \\[1381871\\] High CVE-2022-4438: Use after free in Blink Frames.\n> Reported by Anonymous on 2022-11-07\n> - \\[1392661\\] High CVE-2022-4439: Use after free in Aura. Reported by\n> Anonymous on 2022-11-22\n> - \\[1382761\\] Medium CVE-2022-4440: Use after free in Profiles.\n> Reported by Anonymous on 2022-11-09\n", "id": "FreeBSD-2022-0244", "modified": "2022-12-14T00:00:00Z", "published": "2022-12-14T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://chromereleases.googleblog.com/2022/12/stable-channel-update-for-desktop_13.html" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-4436" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-4437" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-4438" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-4439" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-4440" }, { "type": "WEB", "url": "https://chromereleases.googleblog.com/2022/12/stable-channel-update-for-desktop_13.html" } ], "schema_version": "1.7.0", "summary": "chromium -- multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "curl" }, "ranges": [ { "events": [ { "fixed": "7.86.0" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://curl.se/docs/security.html" ], "discovery": "2022-10-26T00:00:00Z", "references": { "cvename": [ "CVE-2022-32221", "CVE-2022-35260", "CVE-2022-42915", "CVE-2022-42916" ] }, "vid": "0f99a30c-7b4b-11ed-9168-080027f5fec9" }, "details": "Daniel Stenberg reports:\n\n> \n>\n> CVE-2022-32221: POST following PUT confusion\n> : When doing HTTP(S) transfers, libcurl might erroneously use the\n> read callback (`CURLOPT_READFUNCTION`) to ask for data to send,\n> even when the `CURLOPT_POSTFIELDS` option has been set, if the\n> same handle previously was used to issue a `PUT` request which\n> used that callback. This flaw may surprise the application and\n> cause it to misbehave and either send off the wrong data or use\n> memory after free or similar in the subsequent `POST` request. The\n> problem exists in the logic for a reused handle when it is changed\n> from a PUT to a POST.\n>\n> CVE-2022-35260: .netrc parser out-of-bounds access\n> : curl can be told to parse a .netrc file for credentials. If that\n> file ends in a line with consecutive non-white space letters and\n> no newline, curl could read past the end of the stack-based\n> buffer, and if the read works, write a zero byte possibly beyond\n> its boundary. This will in most cases cause a segfault or similar,\n> but circumstances might also cause different outcomes. If a\n> malicious user can provide a custom netrc file to an application\n> or otherwise affect its contents, this flaw could be used as\n> denial-of-service.\n>\n> CVE-2022-42915: HTTP proxy double-free\n> : f curl is told to use an HTTP proxy for a transfer with a\n> non-HTTP(S) URL, it sets up the connection to the remote server by\n> issuing a CONNECT request to the proxy, and then tunnels the rest\n> of protocol through. An HTTP proxy might refuse this request (HTTP\n> proxies often only allow outgoing connections to specific port\n> numbers, like 443 for HTTPS) and instead return a non-200 response\n> code to the client. Due to flaws in the error/cleanup handling,\n> this could trigger a double-free in curl if one of the following\n> schemes were used in the URL for the transfer: dict, gopher,\n> gophers, ldap, ldaps, rtmp, rtmps, telnet\n>\n> CVE-2022-42916: HSTS bypass via IDN\n> : curl\\'s HSTS check could be bypassed to trick it to keep using\n> HTTP. Using its HSTS support, curl can be instructed to use HTTPS\n> directly instead of using an insecure clear-text HTTP step even\n> when HTTP is provided in the URL. This mechanism could be bypassed\n> if the host name in the given URL uses IDN characters that get\n> replaced to ASCII counterparts as part of the IDN conversion. Like\n> using the character UTF-8 U+3002 (IDEOGRAPHIC FULL STOP) instead\n> of the common ASCII full stop (U+002E) .. Like this:\n> http://curl\u3002se\u3002\n", "id": "FreeBSD-2022-0243", "modified": "2022-12-14T00:00:00Z", "published": "2022-12-14T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://curl.se/docs/security.html" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-32221" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-35260" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-42915" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-42916" }, { "type": "WEB", "url": "https://curl.se/docs/CVE-2022-32221.html" }, { "type": "WEB", "url": "https://curl.se/docs/CVE-2022-35260.html" }, { "type": "WEB", "url": "https://curl.se/docs/CVE-2022-42915.html" }, { "type": "WEB", "url": "https://curl.se/docs/CVE-2022-42916.html" } ], "schema_version": "1.7.0", "summary": "curl -- multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "phpmyfaq" }, "ranges": [ { "events": [ { "fixed": "3.1.9" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://www.phpmyfaq.de/security/advisory-2022-10-24" ], "discovery": "2022-12-11T00:00:00Z", "vid": "439f3f81-7a49-11ed-97ac-589cfc0f81b0" }, "details": "phpmyfaq developers report:\n\n> an authenticated SQL injection when adding categories in the admin\n> backend\n>\n> a stored cross-site scripting vulnerability in the category name\n>\n> a stored cross-site scripting vulnerability in the admin logging\n>\n> a stored cross-site scripting vulnerability in the FAQ title\n>\n> a PostgreSQL based SQL injection for the lang parameter\n>\n> a SQL injection when storing an instance name in the admin backend\n>\n> a SQL injection when adding attachments in the admin backend\n>\n> a stored cross-site scripting vulnerability when adding users by\n> admins\n>\n> a missing \\\"secure\\\" flag for cookies when using TLS\n>\n> a cross-site request forgery / cross-site scripting vulnerability when\n> saving new questions\n>\n> a reflected cross-site scripting vulnerability in the admin backend\n", "id": "FreeBSD-2022-0242", "modified": "2022-12-12T00:00:00Z", "published": "2022-12-12T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://www.phpmyfaq.de/security/advisory-2022-10-24" }, { "type": "WEB", "url": "https://huntr.dev/bounties/a1649f43-78c9-4927-b313-36911872a84b/" }, { "type": "WEB", "url": "https://huntr.dev/bounties/2ec4ddd4-de22-4f2d-ba92-3382b452bfea/" }, { "type": "WEB", "url": "https://huntr.dev/bounties/5915ed4c-5fe2-42e7-8fac-5dd0d032727c/" }, { "type": "WEB", "url": "https://huntr.dev/bounties/5944f154-c0ab-4547-9d9d-3101e86eb975/" }, { "type": "WEB", "url": "https://huntr.dev/bounties/315aa78d-7bd2-4b14-86f2-b5c211e62034/" }, { "type": "WEB", "url": "https://huntr.dev/bounties/eb3a8ea3-daea-4555-a3e6-80b82f533792/" }, { "type": "WEB", "url": "https://huntr.dev/bounties/faac0c92-8d4b-4901-a933-662b661a3f99/" }, { "type": "WEB", "url": "https://huntr.dev/bounties/56499a60-2358-41fe-9b38-8cb23cdfc17c/" }, { "type": "WEB", "url": "https://huntr.dev/bounties/f531bbf2-32c8-4efe-8156-ae9bc6b5d3aa/" }, { "type": "WEB", "url": "https://huntr.dev/bounties/322c12b1-08d5-4ee3-9d94-d4bb40366c7a/" }, { "type": "WEB", "url": "https://huntr.dev/bounties/f2857bc7-8fbc-489a-9a38-30b93300eec5/" } ], "schema_version": "1.7.0", "summary": "phpmyfaq -- multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "traefik" }, "ranges": [ { "events": [ { "fixed": "2.9.6" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://github.com/traefik/traefik/releases/tag/v2.9.6" ], "discovery": "2022-12-08T00:00:00Z", "references": { "cvename": [ "CVE-2022-23469", "CVE-2022-46153" ] }, "vid": "508da89c-78b9-11ed-854f-5404a68ad561" }, "details": "The Traefik project reports:\n\n> This update is recommended for all traefik users and provides\n> following important security fixes:\n>\n> - CVE-2022-23469: Authorization header displayed in the debug logs\n> - CVE-2022-46153: Routes exposed with an empty TLSOption in traefik\n", "id": "FreeBSD-2022-0241", "modified": "2022-12-10T00:00:00Z", "published": "2022-12-10T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://github.com/traefik/traefik/releases/tag/v2.9.6" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-23469" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-46153" }, { "type": "WEB", "url": "https://github.com/traefik/traefik/releases/tag/v2.9.6" } ], "schema_version": "1.7.0", "summary": "traefik -- multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "xrdp" }, "ranges": [ { "events": [ { "fixed": "0.9.21" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://github.com/neutrinolabs/xrdp/releases/tag/v0.9.21" ], "discovery": "2022-12-01T00:00:00Z", "references": { "cvename": [ "CVE-2022-23468", "CVE-2022-23477", "CVE-2022-23478", "CVE-2022-23479", "CVE-2022-23480", "CVE-2022-23481", "CVE-2022-23483", "CVE-2022-23482", "CVE-2022-23484", "CVE-2022-23493" ] }, "vid": "ba94433c-7890-11ed-859e-1c61b4739ac9" }, "details": "xrdp project reports:\n\n> This update is recommended for all xrdp users and provides following\n> important security fixes:\n>\n> - CVE-2022-23468\n> - CVE-2022-23477\n> - CVE-2022-23478\n> - CVE-2022-23479\n> - CVE-2022-23480\n> - CVE-2022-23481\n> - CVE-2022-23483\n> - CVE-2022-23482\n> - CVE-2022-23484\n> - CVE-2022-23493\n>\n> These security issues are reported by Team BT5 (BoB 11th). We\n> appreciate their great help with making and reviewing patches.\n", "id": "FreeBSD-2022-0240", "modified": "2022-12-10T00:00:00Z", "published": "2022-12-10T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://github.com/neutrinolabs/xrdp/releases/tag/v0.9.21" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-23468" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-23477" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-23478" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-23479" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-23480" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-23481" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-23483" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-23482" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-23484" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-23493" }, { "type": "WEB", "url": "https://github.com/neutrinolabs/xrdp/releases/tag/v0.9.21" } ], "schema_version": "1.7.0", "summary": "xrdp -- multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "python37" }, "ranges": [ { "events": [ { "fixed": "3.7.16" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "python38" }, "ranges": [ { "events": [ { "fixed": "3.8.16" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "python39" }, "ranges": [ { "events": [ { "fixed": "3.9.16" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "python310" }, "ranges": [ { "events": [ { "fixed": "3.10.9" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "python311" }, "ranges": [ { "events": [ { "fixed": "3.11.1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://docs.python.org/3/whatsnew/changelog.html#changelog" ], "discovery": "2022-09-28T00:00:00Z", "vid": "050eba46-7638-11ed-820d-080027d3a315" }, "details": "Python reports:\n\n> gh-100001: python -m http.server no longer allows terminal control\n> characters sent within a garbage request to be printed to the stderr\n> server log. This is done by changing the http.server\n> BaseHTTPRequestHandler .log_message method to replace control\n> characters with a \\\\xHH hex escape before printing.\n>\n> gh-87604: Avoid publishing list of active per-interpreter audit hooks\n> via the gc module.\n>\n> gh-98433: The IDNA codec decoder used on DNS hostnames by socket or\n> asyncio related name resolution functions no longer involves a\n> quadratic algorithm. This prevents a potential CPU denial of service\n> if an out-of-spec excessive length hostname involving bidirectional\n> characters were decoded. Some protocols such as urllib http 3xx\n> redirects potentially allow for an attacker to supply such a name.\n>\n> gh-98739: Update bundled libexpat to 2.5.0.\n>\n> gh-97612: Fix a shell code injection vulnerability in the\n> get-remote-certificate.py example script. The script no longer uses a\n> shell to run openssl commands. Issue reported and initial fix by Caleb\n> Shortt. Patch by Victor Stinner.\n", "id": "FreeBSD-2022-0239", "modified": "2022-12-07T00:00:00Z", "published": "2022-12-07T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://docs.python.org/3/whatsnew/changelog.html#changelog" }, { "type": "WEB", "url": "https://docs.python.org/3/whatsnew/changelog.html#changelog" } ], "schema_version": "1.7.0", "summary": "Python -- multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "go118" }, "ranges": [ { "events": [ { "fixed": "1.18.9" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "go119" }, "ranges": [ { "events": [ { "fixed": "1.19.4" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://go.dev/issue/56694", "https://go.dev/issue/56350" ], "discovery": "2022-10-20T00:00:00Z", "references": { "cvename": [ "CVE-2022-41720", "CVE-2022-41717" ] }, "vid": "6f5192f5-75a7-11ed-83c0-411d43ce7fe4" }, "details": "The Go project reports:\n\n> os, net/http: avoid escapes from os.DirFS and http.Dir on Windows\n>\n> The os.DirFS function and http.Dir type provide access to a tree of\n> files rooted at a given directory. These functions permitted access to\n> Windows device files under that root. For example,\n> os.DirFS(\\\"C:/tmp\\\").Open(\\\"COM1\\\") would open the COM1 device. Both\n> os.DirFS and http.Dir only provide read-only filesystem access.\n>\n> In addition, on Windows, an os.DirFS for the directory \\\\(the root of\n> the current drive) can permit a maliciously crafted path to escape\n> from the drive and access any path on the system.\n>\n> The behavior of os.DirFS(\\\"\\\") has changed. Previously, an empty root\n> was treated equivalently to \\\"/\\\", so os.DirFS(\\\"\\\").Open(\\\"tmp\\\")\n> would open the path \\\"/tmp\\\". This now returns an error.\n\n> net/http: limit canonical header cache by bytes, not entries\n>\n> An attacker can cause excessive memory growth in a Go server accepting\n> HTTP/2 requests. HTTP/2 server connections contain a cache of HTTP\n> header keys sent by the client. While the total number of entries in\n> this cache is capped, an attacker sending very large keys can cause\n> the server to allocate approximately 64 MiB per open connection.\n", "id": "FreeBSD-2022-0238", "modified": "2022-12-06T00:00:00Z", "published": "2022-12-06T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://go.dev/issue/56694" }, { "type": "REPORT", "url": "https://go.dev/issue/56350" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-41720" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-41717" }, { "type": "WEB", "url": "https://groups.google.com/g/golang-dev/c/G9Jj4cO4Gpk/m/kOkLVG6TAgAJ" } ], "schema_version": "1.7.0", "summary": "go -- multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "chromium" }, "ranges": [ { "events": [ { "fixed": "108.0.5359.94" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "ungoogled-chromium" }, "ranges": [ { "events": [ { "fixed": "108.0.5359.94" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://chromereleases.googleblog.com/2022/12/stable-channel-update-for-desktop.html" ], "discovery": "2022-12-02T00:00:00Z", "references": { "cvename": [ "CVE-2022-4262" ] }, "vid": "2899da38-7300-11ed-92ce-3065ec8fd3ec" }, "details": "Chrome Releases reports:\n\n> This release contains 1 security fix:\n>\n> - \\[1394403\\] High CVE-2022-4262: Type Confusion in V8. Reported by\n> Clement Lecigne of Google\\'s Threat Analysis Group on 2022-11-29\n>\n> Google is aware that an exploit for CVE-2022-4262 exists in the wild.\n", "id": "FreeBSD-2022-0237", "modified": "2022-12-03T00:00:00Z", "published": "2022-12-03T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://chromereleases.googleblog.com/2022/12/stable-channel-update-for-desktop.html" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-4262" }, { "type": "WEB", "url": "https://chromereleases.googleblog.com/2022/12/stable-channel-update-for-desktop.html" } ], "schema_version": "1.7.0", "summary": "chromium -- Type confusion in V8" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "rpm4" }, "ranges": [ { "events": [ { "fixed": "4.18.0" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://rpm.org/wiki/Releases/4.18.0" ], "discovery": "2022-08-22T00:00:00Z", "references": { "cvename": [ "CVE-2021-35939", "CVE-2021-3521", "CVE-2021-35938" ] }, "vid": "0c52abde-717b-11ed-98ca-40b034429ecf" }, "details": "rpm project reports:\n\n> Fix intermediate symlinks not verified (CVE-2021-35939).\n>\n> Fix subkey binding signatures not checked on PGP public keys\n> (CVE-2021-3521).\n>\n> Refactor file and directory operations to use fd-based APIs throughout\n> (CVE-2021-35938)\n", "id": "FreeBSD-2022-0236", "modified": "2022-12-01T00:00:00Z", "published": "2022-12-01T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://rpm.org/wiki/Releases/4.18.0" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-35939" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-3521" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-35938" } ], "schema_version": "1.7.0", "summary": "rpm4 -- Multiple Vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "gitlab-ce" }, "ranges": [ { "events": [ { "introduced": "15.6.0" }, { "fixed": "15.6.1" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "15.5.0" }, { "fixed": "15.5.5" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "9.3.0" }, { "fixed": "15.4.6" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://about.gitlab.com/releases/2022/11/30/security-release-gitlab-15-6-1-released/" ], "discovery": "2022-11-30T00:00:00Z", "references": { "cvename": [ "CVE-2022-4206", "CVE-2022-3820", "CVE-2022-3740", "CVE-2022-4205", "CVE-2022-3902", "CVE-2022-4054", "CVE-2022-3572", "CVE-2022-3482", "CVE-2022-3478", "CVE-2022-4201" ] }, "vid": "3cde510a-7135-11ed-a28b-bff032704f00" }, "details": "Gitlab reports:\n\n> DAST API scanner exposes Authorization headers in vulnerabilities\n>\n> Group IP allow-list not fully respected by the Package Registry\n>\n> Deploy keys and tokens may bypass External Authorization service if it\n> is enabled\n>\n> Repository import still allows to import 40 hexadecimal branches\n>\n> Webhook secret tokens leaked in webhook logs\n>\n> Maintainer can leak webhook secret token by changing the webhook URL\n>\n> Cross-site scripting in Jira Integration affecting self-hosted\n> instances without strict CSP\n>\n> Release names visible in public projects despite release set as\n> project members only\n>\n> Sidekiq background job DoS by uploading malicious NuGet packages\n>\n> SSRF in Web Terminal advertise_address\n", "id": "FreeBSD-2022-0235", "modified": "2022-12-01T00:00:00Z", "published": "2022-12-01T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://about.gitlab.com/releases/2022/11/30/security-release-gitlab-15-6-1-released/" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-4206" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-3820" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-3740" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-4205" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-3902" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-4054" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-3572" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-3482" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-3478" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-4201" }, { "type": "WEB", "url": "https://about.gitlab.com/releases/2022/11/30/security-release-gitlab-15-6-1-released/" } ], "schema_version": "1.7.0", "summary": "Gitlab -- Multiple Vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "chromium" }, "ranges": [ { "events": [ { "fixed": "108.0.5359.71" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "ungoogled-chromium" }, "ranges": [ { "events": [ { "fixed": "108.0.5359.71" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://chromereleases.googleblog.com/2022/11/stable-channel-update-for-desktop_29.html" ], "discovery": "2022-11-29T00:00:00Z", "references": { "cvename": [ "CVE-2022-4174", "CVE-2022-4175", "CVE-2022-4176", "CVE-2022-4177", "CVE-2022-4178", "CVE-2022-4179", "CVE-2022-4180", "CVE-2022-4181", "CVE-2022-4182", "CVE-2022-4183", "CVE-2022-4184", "CVE-2022-4185", "CVE-2022-4186", "CVE-2022-4187", "CVE-2022-4188", "CVE-2022-4189", "CVE-2022-4190", "CVE-2022-4191", "CVE-2022-4192", "CVE-2022-4193", "CVE-2022-4194", "CVE-2022-4195" ] }, "vid": "5f7ed6ea-70a7-11ed-92ce-3065ec8fd3ec" }, "details": "Chrome Releases reports:\n\n> This release contains 28 security fixes, including:\n>\n> - \\[1379054\\] High CVE-2022-4174: Type Confusion in V8. Reported by\n> Zhenghang Xiao (@Kipreyyy) on 2022-10-27\n> - \\[1381401\\] High CVE-2022-4175: Use after free in Camera Capture.\n> Reported by Leecraso and Guang Gong of 360 Alpha Lab on 2022-11-04\n> - \\[1361066\\] High CVE-2022-4176: Out of bounds write in Lacros\n> Graphics. Reported by \\@ginggilBesel on 2022-09-08\n> - \\[1379242\\] High CVE-2022-4177: Use after free in Extensions.\n> Reported by Chaoyuan Peng (@ret2happy) on 2022-10-28\n> - \\[1376099\\] High CVE-2022-4178: Use after free in Mojo. Reported by\n> Sergei Glazunov of Google Project Zero on 2022-10-18\n> - \\[1377783\\] High CVE-2022-4179: Use after free in Audio. Reported by\n> Sergei Glazunov of Google Project Zero on 2022-10-24\n> - \\[1378564\\] High CVE-2022-4180: Use after free in Mojo. Reported by\n> Anonymous on 2022-10-26\n> - \\[1382581\\] High CVE-2022-4181: Use after free in Forms. Reported by\n> Aviv A. on 2022-11-09\n> - \\[1368739\\] Medium CVE-2022-4182: Inappropriate implementation in\n> Fenced Frames. Reported by Peter Nemeth on 2022-09-28\n> - \\[1251790\\] Medium CVE-2022-4183: Insufficient policy enforcement in\n> Popup Blocker. Reported by David Sievers on 2021-09-22\n> - \\[1358647\\] Medium CVE-2022-4184: Insufficient policy enforcement in\n> Autofill. Reported by Ahmed ElMasry on 2022-09-01\n> - \\[1373025\\] Medium CVE-2022-4185: Inappropriate implementation in\n> Navigation. Reported by James Lee (@Windowsrcer) on 2022-10-10\n> - \\[1377165\\] Medium CVE-2022-4186: Insufficient validation of\n> untrusted input in Downloads. Reported by Luan Herrera\n> (@lbherrera\\_) on 2022-10-21\n> - \\[1381217\\] Medium CVE-2022-4187: Insufficient policy enforcement in\n> DevTools. Reported by Axel Chong on 2022-11-04\n> - \\[1340879\\] Medium CVE-2022-4188: Insufficient validation of\n> untrusted input in CORS. Reported by Philipp Beer (TU Wien) on\n> 2022-06-30\n> - \\[1344647\\] Medium CVE-2022-4189: Insufficient policy enforcement in\n> DevTools. Reported by NDevTK on 2022-07-15\n> - \\[1378997\\] Medium CVE-2022-4190: Insufficient data validation in\n> Directory. Reported by Axel Chong on 2022-10-27\n> - \\[1373941\\] Medium CVE-2022-4191: Use after free in Sign-In.\n> Reported by Jaehun Jeong(@n3sk) of Theori on 2022-10-12\n> - \\[1344514\\] Medium CVE-2022-4192: Use after free in Live Caption.\n> Reported by Samet Bekmezci \\@sametbekmezci on 2022-07-14\n> - \\[1354518\\] Medium CVE-2022-4193: Insufficient policy enforcement in\n> File System API. Reported by Axel Chong on 2022-08-19\n> - \\[1370562\\] Medium CVE-2022-4194: Use after free in Accessibility.\n> Reported by Anonymous on 2022-10-03\n> - \\[1371926\\] Medium CVE-2022-4195: Insufficient policy enforcement in\n> Safe Browsing. Reported by Eric Lawrence of Microsoft on 2022-10-06\n", "id": "FreeBSD-2022-0234", "modified": "2022-11-30T00:00:00Z", "published": "2022-11-30T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://chromereleases.googleblog.com/2022/11/stable-channel-update-for-desktop_29.html" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-4174" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-4175" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-4176" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-4177" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-4178" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-4179" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-4180" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-4181" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-4182" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-4183" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-4184" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-4185" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-4186" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-4187" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-4188" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-4189" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-4190" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-4191" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-4192" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-4193" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-4194" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-4195" }, { "type": "WEB", "url": "https://chromereleases.googleblog.com/2022/11/stable-channel-update-for-desktop_29.html" } ], "schema_version": "1.7.0", "summary": "chromium -- multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "chromium" }, "ranges": [ { "events": [ { "fixed": "107.0.5304.121" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "ungoogled-chromium" }, "ranges": [ { "events": [ { "fixed": "107.0.5304.121" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://chromereleases.googleblog.com/2022/11/stable-channel-update-for-desktop_24.html" ], "discovery": "2022-11-24T00:00:00Z", "references": { "cvename": [ "CVE-2022-4135" ] }, "vid": "8d3838b0-6ca8-11ed-92ce-3065ec8fd3ec" }, "details": "Chrome Releases reports:\n\n> This release contains 1 security fix:\n>\n> - \\[1392715\\] High CVE-2022-4135: Heap buffer overflow in GPU.\n> Reported by Clement Lecigne of Google\\'s Threat Analysis Group on\n> 2022-11-22\n>\n> Google is aware that an exploit for CVE-2022-4135 exists in the wild.\n", "id": "FreeBSD-2022-0233", "modified": "2022-11-25T00:00:00Z", "published": "2022-11-25T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://chromereleases.googleblog.com/2022/11/stable-channel-update-for-desktop_24.html" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-4135" }, { "type": "WEB", "url": "https://chromereleases.googleblog.com/2022/11/stable-channel-update-for-desktop_24.html" } ], "schema_version": "1.7.0", "summary": "chromium -- multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "rubygem-cgi" }, "ranges": [ { "events": [ { "fixed": "0.3.4" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "ruby" }, "ranges": [ { "events": [ { "introduced": "2.7.0,1" }, { "fixed": "2.7.7,1" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "3.0.0,1" }, { "fixed": "3.0.5,1" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "3.1.0,1" }, { "fixed": "3.1.3,1" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "3.2.0.p1,1" }, { "fixed": "3.2.0.r1,1" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "ruby27" }, "ranges": [ { "events": [ { "introduced": "2.7.0,1" }, { "fixed": "2.7.7,1" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "ruby30" }, "ranges": [ { "events": [ { "introduced": "3.0.0,1" }, { "fixed": "3.0.5,1" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "ruby31" }, "ranges": [ { "events": [ { "introduced": "3.1.0,1" }, { "fixed": "3.1.3,1" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "ruby32" }, "ranges": [ { "events": [ { "introduced": "3.2.0.p1,1" }, { "fixed": "3.2.0.r1,1" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://www.ruby-lang.org/en/news/2022/11/22/http-response-splitting-in-cgi-cve-2021-33621/" ], "discovery": "2022-11-22T00:00:00Z", "references": { "cvename": [ "CVE-2021-33621" ] }, "vid": "84ab03b6-6c20-11ed-b519-080027f5fec9" }, "details": "Hiroshi Tokumaru reports:\n\n> If an application that generates HTTP responses using the cgi gem with\n> untrusted user input, an attacker can exploit it to inject a malicious\n> HTTP response header and/or body.\n>\n> Also, the contents for a `CGI::Cookie` object were not checked\n> properly. If an application creates a `CGI::Cookie` object based on\n> user input, an attacker may exploit it to inject invalid attributes in\n> `Set-Cookie` header. We think such applications are unlikely, but we\n> have included a change to check arguments for `CGI::Cookie#initialize`\n> preventatively.\n", "id": "FreeBSD-2022-0232", "modified": "2022-11-24T00:00:00Z", "published": "2022-11-24T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://www.ruby-lang.org/en/news/2022/11/22/http-response-splitting-in-cgi-cve-2021-33621/" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-33621" }, { "type": "WEB", "url": "https://www.ruby-lang.org/en/news/2022/11/22/http-response-splitting-in-cgi-cve-2021-33621/" } ], "schema_version": "1.7.0", "summary": "rubygem-cgi -- HTTP response splitting vulnerability" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "zeek" }, "ranges": [ { "events": [ { "fixed": "5.0.4" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://github.com/zeek/zeek/releases/tag/v5.0.4" ], "discovery": "2022-11-24T00:00:00Z", "vid": "658b9198-8106-4c3d-a2aa-dc4a0a7cc3b6" }, "details": "Tim Wojtulewicz of Corelight reports:\n\n> A specially-crafted series of HTTP 0.9 packets can cause Zeek to spend\n> large amounts of time processing the packets.\n>\n> A specially-crafted FTP packet can cause Zeek to spend large amounts\n> of time processing the command.\n>\n> A specially-crafted IPv6 packet can cause Zeek to overflow memory and\n> potentially crash.\n", "id": "FreeBSD-2022-0231", "modified": "2022-11-24T00:00:00Z", "published": "2022-11-24T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://github.com/zeek/zeek/releases/tag/v5.0.4" }, { "type": "WEB", "url": "https://github.com/zeek/zeek/releases/tag/v5.0.4" } ], "schema_version": "1.7.0", "summary": "zeek -- potential DoS vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "advancecomp" }, "ranges": [ { "events": [ { "fixed": "2.4" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://github.com/advisories/GHSA-8xqx-5mpr-g8xj" ], "discovery": "2022-08-29T00:00:00Z", "references": { "cvename": [ "CVE-2022-35014", "CVE-2022-35015", "CVE-2022-35016", "CVE-2022-35017", "CVE-2022-35018", "CVE-2022-35019", "CVE-2022-35020" ] }, "vid": "b6a84729-6bd0-11ed-8d9a-b42e991fc52e" }, "details": "GitHub advisories reports:\n\n> Multiple vulnerabilities found in advancecomp including:\n>\n> - Three segmentation faults.\n> - Heap buffer overflow via le_uint32_read at /lib/endianrw.h.\n> - Three more heap buffer overflows.\n", "id": "FreeBSD-2022-0230", "modified": "2022-11-24T00:00:00Z", "published": "2022-11-24T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://github.com/advisories/GHSA-8xqx-5mpr-g8xj" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-35014" }, { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-35014" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-35015" }, { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-35015" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-35016" }, { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-35016" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-35017" }, { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-35017" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-35018" }, { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-35018" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-35019" }, { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-35019" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-35020" }, { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-35020" } ], "schema_version": "1.7.0", "summary": "advancecomp -- Multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "tailscale" }, "ranges": [ { "events": [ { "fixed": "1.32.3" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://tailscale.com/security-bulletins/#ts-2022-005" ], "discovery": "2022-11-21T00:00:00Z", "references": { "cvename": [ "CVE-2022-41925" ] }, "vid": "e0f26ac5-6a17-11ed-93e7-901b0e9408dc" }, "details": "Tailscale team reports:\n\n> A vulnerability identified in the Tailscale client allows a malicious\n> website to access the peer API, which can then be used to access\n> Tailscale environment variables.\n", "id": "FreeBSD-2022-0229", "modified": "2022-11-22T00:00:00Z", "published": "2022-11-22T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://tailscale.com/security-bulletins/#ts-2022-005" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-41925" }, { "type": "WEB", "url": "https://tailscale.com/security-bulletins/#ts-2022-005" } ], "schema_version": "1.7.0", "summary": "tailscale -- Security vulnerability in the client" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "tomcat" }, "ranges": [ { "events": [ { "introduced": "8.5.0" }, { "fixed": "8.5.83" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "9.0.0-M1" }, { "fixed": "9.0.68" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "10.0.0-M1" }, { "fixed": "10.0.27" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "10.1.0-M1" }, { "fixed": "10.1.1" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "tomcat85" }, "ranges": [ { "events": [ { "introduced": "8.5.0" }, { "fixed": "8.5.83" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "tomcat9" }, "ranges": [ { "events": [ { "introduced": "9.0.0-M1" }, { "fixed": "9.0.68" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "tomcat10" }, "ranges": [ { "events": [ { "introduced": "10.0.0-M1" }, { "fixed": "10.0.27" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "tomcat101" }, "ranges": [ { "events": [ { "introduced": "10.1.0-M1" }, { "fixed": "10.1.1" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "tomcat-devel" }, "ranges": [ { "events": [ { "introduced": "10.1.0-M1" }, { "fixed": "10.1.1" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://lists.apache.org/thread/zzcxzvqfdqn515zfs3dxb7n8gty589sq" ], "discovery": "2022-10-31T00:00:00Z", "references": { "cvename": [ "CVE-2022-42252" ] }, "vid": "556fdf03-6785-11ed-953b-002b67dfc673" }, "details": "Apache Tomcat reports:\n\n> If Tomcat was configured to ignore invalid HTTP headers via setting\n> rejectIllegalHeader to false (the default for 8.5.x only), Tomcat did\n> not reject a request containing an invalid Content-Length header\n> making a request smuggling attack possible if Tomcat was located\n> behind a reverse proxy that also failed to reject the request with the\n> invalid header.\n>\n> The CVSS score for this vulnerability is 7.5 High\n", "id": "FreeBSD-2022-0228", "modified": "2022-11-18T00:00:00Z", "published": "2022-11-18T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://lists.apache.org/thread/zzcxzvqfdqn515zfs3dxb7n8gty589sq" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-42252" }, { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-42252" } ], "schema_version": "1.7.0", "summary": "Tomcat -- Request Smuggling" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "krb5" }, "ranges": [ { "events": [ { "fixed": "1.19.3_1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "1.20,1" }, { "fixed": "1.20_1" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "krb5-120" }, "ranges": [ { "events": [ { "fixed": "1.20_1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "krb5-119" }, "ranges": [ { "events": [ { "fixed": "1.19.3_1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "krb5-devel" }, "ranges": [ { "events": [ { "fixed": "1.20.2022.11.03" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://web.mit.edu/kerberos/advisories/MITKRB5-SA-2022-001.txt" ], "discovery": "2022-11-05T00:00:00Z", "references": { "cvename": [ "CVE-2022-42898" ] }, "vid": "094e4a5b-6511-11ed-8c5e-206a8a720317" }, "details": "MITKRB5-SA-2022-001 Vulnerabilities in PAC parsing:\n\n> Due to an integer overflow vulnerabilities in PAC parsing An\n> authenticated attacker may be able to cause a KDC or kadmind process\n> to crash by reading beyond the bounds of allocated memory, creating a\n> denial of service.\n>\n> On 32-bit platforms an authenticated attacker may be able to cause\n> heap corruption resulting in an RCE.\n", "id": "FreeBSD-2022-0227", "modified": "2022-11-15T00:00:00Z", "published": "2022-11-15T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://web.mit.edu/kerberos/advisories/MITKRB5-SA-2022-001.txt" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-42898" }, { "type": "ADVISORY", "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42898" } ], "schema_version": "1.7.0", "summary": "krb5 -- Integer overflow vulnerabilities in PAC parsing" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "grafana" }, "ranges": [ { "events": [ { "introduced": "8.0.0" }, { "fixed": "8.5.15" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "9.0.0" }, { "fixed": "9.2.4" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "grafana8" }, "ranges": [ { "events": [ { "introduced": "8.0.0" }, { "fixed": "8.5.15" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "grafana9" }, "ranges": [ { "events": [ { "introduced": "9.0.0" }, { "fixed": "9.2.4" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://grafana.com/blog/2022/11/08/security-release-new-versions-of-grafana-with-critical-and-moderate-fixes-for-cve-2022-39328-cve-2022-39307-and-cve-2022-39306/" ], "discovery": "2022-10-24T00:00:00Z", "references": { "cvename": [ "CVE-2022-39307" ] }, "vid": "0a80f159-629b-11ed-9ca2-6c3be5272acd" }, "details": "Grafana Labs reports:\n\n> When using the forget password on the login page, a POST request is\n> made to the `/api/user/password/sent-reset-email` URL. When the\n> username or email does not exist, a JSON response contains a \"user not\n> found\" message.\n>\n> The CVSS score for this vulnerability is 5.3 Moderate\n", "id": "FreeBSD-2022-0226", "modified": "2022-11-12T00:00:00Z", "published": "2022-11-12T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://grafana.com/blog/2022/11/08/security-release-new-versions-of-grafana-with-critical-and-moderate-fixes-for-cve-2022-39328-cve-2022-39307-and-cve-2022-39306/" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-39307" }, { "type": "WEB", "url": "https://github.com/grafana/grafana/security/advisories/GHSA-3p62-42x7-gxg5" } ], "schema_version": "1.7.0", "summary": "Grafana -- Username enumeration" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "grafana" }, "ranges": [ { "events": [ { "introduced": "8.0.0" }, { "fixed": "8.5.15" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "9.0.0" }, { "fixed": "9.2.4" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "grafana8" }, "ranges": [ { "events": [ { "introduced": "8.0.0" }, { "fixed": "8.5.15" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "grafana9" }, "ranges": [ { "events": [ { "introduced": "9.0.0" }, { "fixed": "9.2.4" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://grafana.com/blog/2022/11/08/security-release-new-versions-of-grafana-with-critical-and-moderate-fixes-for-cve-2022-39328-cve-2022-39307-and-cve-2022-39306/" ], "discovery": "2022-10-24T00:00:00Z", "references": { "cvename": [ "CVE-2022-39306" ] }, "vid": "6eb6a442-629a-11ed-9ca2-6c3be5272acd" }, "details": "Grafana Labs reports:\n\n> Grafana admins can invite other members to the organization they are\n> an admin for. When admins add members to the organization, non\n> existing users get an email invite, existing members are added\n> directly to the organization. When an invite link is sent, it allows\n> users to sign up with whatever username/email address the user chooses\n> and become a member of the organization.\n>\n> The CVSS score for this vulnerability is 6.4 Moderate\n", "id": "FreeBSD-2022-0225", "modified": "2022-11-12T00:00:00Z", "published": "2022-11-12T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://grafana.com/blog/2022/11/08/security-release-new-versions-of-grafana-with-critical-and-moderate-fixes-for-cve-2022-39328-cve-2022-39307-and-cve-2022-39306/" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-39306" }, { "type": "WEB", "url": "https://github.com/grafana/grafana/security/advisories/GHSA-2x6g-h2hg-rq84" } ], "schema_version": "1.7.0", "summary": "Grafana -- Privilege escalation" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "grafana" }, "ranges": [ { "events": [ { "introduced": "9.2.0" }, { "fixed": "9.2.4" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "grafana9" }, "ranges": [ { "events": [ { "introduced": "9.2.0" }, { "fixed": "9.2.4" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://grafana.com/blog/2022/11/08/security-release-new-versions-of-grafana-with-critical-and-moderate-fixes-for-cve-2022-39328-cve-2022-39307-and-cve-2022-39306/" ], "discovery": "2022-11-08T00:00:00Z", "references": { "cvename": [ "CVE-2022-39328" ] }, "vid": "db895ed0-6298-11ed-9ca2-6c3be5272acd" }, "details": "Grafana Labs reports:\n\n> Internal security audit identified a race condition in the Grafana\n> codebase, which allowed an unauthenticated user to query an arbitrary\n> endpoint in Grafana. A race condition in the [HTTP\n> context](https://github.com/grafana/grafana/blob/main/pkg/web/router.go#L153)\n> creation could make a HTTP request being assigned the\n> authentication/authorization middlewares of another call. Under heavy\n> load it is possible that a call protected by a privileged middleware\n> receives instead the middleware of a public query. As a result, an\n> unauthenticated user can successfully query protected endpoints.\n>\n> The CVSS score for this vulnerability is 9.8 Critical\n", "id": "FreeBSD-2022-0224", "modified": "2022-11-12T00:00:00Z", "published": "2022-11-12T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://grafana.com/blog/2022/11/08/security-release-new-versions-of-grafana-with-critical-and-moderate-fixes-for-cve-2022-39328-cve-2022-39307-and-cve-2022-39306/" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-39328" }, { "type": "WEB", "url": "https://github.com/grafana/grafana/security/advisories/GHSA-vqc4-mpj8-jxch" } ], "schema_version": "1.7.0", "summary": "Grafana -- Privilege escalation" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "grafana" }, "ranges": [ { "events": [ { "introduced": "7.0.0" }, { "fixed": "8.5.14" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "9.0.0" }, { "fixed": "9.1.8" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "grafana7" }, "ranges": [ { "events": [ { "introduced": "7.0.0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "grafana8" }, "ranges": [ { "events": [ { "introduced": "8.0.0" }, { "fixed": "8.5.14" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "grafana9" }, "ranges": [ { "events": [ { "introduced": "9.0.0" }, { "fixed": "9.1.8" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://grafana.com/blog/2022/10/12/grafana-security-releases-new-versions-with-fixes-for-cve-2022-39229-cve-2022-39201-cve-2022-31130-cve-2022-31123/" ], "discovery": "2022-07-04T00:00:00Z", "references": { "cvename": [ "CVE-2022-31123" ] }, "vid": "4e60d660-6298-11ed-9ca2-6c3be5272acd" }, "details": "Grafana Labs reports:\n\n> On July 4th as a result of an internal security audit we have\n> discovered a bypass in the plugin signature verification by exploiting\n> a versioning flaw.\n>\n> We believe that this vulnerability is rated at CVSS 6.1\n> (CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:L).\n", "id": "FreeBSD-2022-0223", "modified": "2022-11-12T00:00:00Z", "published": "2022-11-12T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://grafana.com/blog/2022/10/12/grafana-security-releases-new-versions-with-fixes-for-cve-2022-39229-cve-2022-39201-cve-2022-31130-cve-2022-31123/" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-31123" }, { "type": "WEB", "url": "https://github.com/grafana/grafana/security/advisories/GHSA-rhxj-gh46-jvw8" } ], "schema_version": "1.7.0", "summary": "Grafana -- Plugin signature bypass" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "grafana" }, "ranges": [ { "events": [ { "introduced": "7.0.0" }, { "fixed": "8.5.14" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "9.0.0" }, { "fixed": "9.1.8" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "grafana7" }, "ranges": [ { "events": [ { "introduced": "7.0.0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "grafana8" }, "ranges": [ { "events": [ { "introduced": "8.0.0" }, { "fixed": "8.5.14" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "grafana9" }, "ranges": [ { "events": [ { "introduced": "9.0.0" }, { "fixed": "9.1.8" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://grafana.com/blog/2022/10/12/grafana-security-releases-new-versions-with-fixes-for-cve-2022-39229-cve-2022-39201-cve-2022-31130-cve-2022-31123/" ], "discovery": "2022-06-26T00:00:00Z", "references": { "cvename": [ "CVE-2022-31130" ] }, "vid": "6f6c9420-6297-11ed-9ca2-6c3be5272acd" }, "details": "Grafana Labs reports:\n\n> On June 26 a security researcher contacted Grafana Labs to disclose a\n> vulnerability with the GitLab data source plugin that could leak the\n> API key to GitLab. After further analysis the vulnerability impacts\n> data source and plugin proxy endpoints with authentication tokens but\n> under some conditions.\n>\n> We believe that this vulnerability is rated at CVSS 4.9\n> (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N)\n", "id": "FreeBSD-2022-0222", "modified": "2022-11-12T00:00:00Z", "published": "2022-11-12T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://grafana.com/blog/2022/10/12/grafana-security-releases-new-versions-with-fixes-for-cve-2022-39229-cve-2022-39201-cve-2022-31130-cve-2022-31123/" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-31130" }, { "type": "WEB", "url": "https://github.com/grafana/grafana/security/advisories/GHSA-jv32-5578-pxjc" } ], "schema_version": "1.7.0", "summary": "Grafana -- Data source and plugin proxy endpoints leaking authentication tokens to some destination plugins" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "grafana" }, "ranges": [ { "events": [ { "introduced": "5.0.0" }, { "fixed": "8.5.14" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "9.0.0" }, { "fixed": "9.1.8" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "grafana7" }, "ranges": [ { "events": [ { "introduced": "7.0.0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "grafana8" }, "ranges": [ { "events": [ { "introduced": "8.0.0" }, { "fixed": "8.5.14" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "grafana9" }, "ranges": [ { "events": [ { "introduced": "9.0.0" }, { "fixed": "9.1.8" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://grafana.com/blog/2022/10/12/grafana-security-releases-new-versions-with-fixes-for-cve-2022-39229-cve-2022-39201-cve-2022-31130-cve-2022-31123/" ], "discovery": "2022-09-07T00:00:00Z", "references": { "cvename": [ "CVE-2022-39201" ] }, "vid": "6877e164-6296-11ed-9ca2-6c3be5272acd" }, "details": "Grafana Labs reports:\n\n> On September 7th as a result of an internal security audit we have\n> discovered that Grafana could leak the authentication cookie of users\n> to plugins. After further analysis the vulnerability impacts data\n> source and plugin proxy endpoints under certain conditions.\n>\n> We believe that this vulnerability is rated at CVSS 6.8\n> (CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H)\n", "id": "FreeBSD-2022-0221", "modified": "2022-11-12T00:00:00Z", "published": "2022-11-12T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://grafana.com/blog/2022/10/12/grafana-security-releases-new-versions-with-fixes-for-cve-2022-39229-cve-2022-39201-cve-2022-31130-cve-2022-31123/" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-39201" }, { "type": "WEB", "url": "https://github.com/grafana/grafana/security/advisories/GHSA-x744-mm8v-vpgr" } ], "schema_version": "1.7.0", "summary": "Grafana -- Data source and plugin proxy endpoints leaking authentication tokens to some destination plugins" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "grafana" }, "ranges": [ { "events": [ { "introduced": "8.0.0" }, { "fixed": "8.5.14" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "9.0.0" }, { "fixed": "9.1.8" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "grafana8" }, "ranges": [ { "events": [ { "introduced": "8.0.0" }, { "fixed": "8.5.14" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "grafana9" }, "ranges": [ { "events": [ { "introduced": "9.0.0" }, { "fixed": "9.1.8" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://grafana.com/blog/2022/10/12/grafana-security-releases-new-versions-with-fixes-for-cve-2022-39229-cve-2022-39201-cve-2022-31130-cve-2022-31123/" ], "discovery": "2022-09-07T00:00:00Z", "references": { "cvename": [ "CVE-2022-39229" ] }, "vid": "909a80ba-6294-11ed-9ca2-6c3be5272acd" }, "details": "Grafana Labs reports:\n\n> On September 7, as a result of an internal security audit, we\n> discovered a security vulnerability in Grafana's basic authentication\n> related to the usage of username and email address.\n>\n> n Grafana, a user's username and email address are unique fields,\n> which means no other user can have the same username or email address\n> as another user.\n>\n> In addition, a user can have an email address as a username, and the\n> Grafana login allows users to sign in with either username or email\n> address. This creates an unusual behavior, where *user_1* can register\n> with one email address and *user_2* can register their username as\n> *user_1*'s email address. As a result, *user_1* would be prevented\n> from signing in to Grafana, since *user_1* password won't match with\n> *user_2* email address.\n>\n> The CVSS score for this vulnerability is 4.3 moderate\n> (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L).\n", "id": "FreeBSD-2022-0220", "modified": "2022-11-12T00:00:00Z", "published": "2022-11-12T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://grafana.com/blog/2022/10/12/grafana-security-releases-new-versions-with-fixes-for-cve-2022-39229-cve-2022-39201-cve-2022-31130-cve-2022-31123/" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-39229" }, { "type": "WEB", "url": "https://github.com/grafana/grafana/security/advisories/GHSA-gj7m-853r-289r" } ], "schema_version": "1.7.0", "summary": "Grafana -- Improper authentication" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "py37-ipython" }, "ranges": [ { "events": [ { "fixed": "7.31.1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "py38-ipython" }, "ranges": [ { "events": [ { "fixed": "7.31.1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "py39-ipython" }, "ranges": [ { "events": [ { "fixed": "7.31.1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "py310-ipython" }, "ranges": [ { "events": [ { "fixed": "7.31.1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "py311-ipython" }, "ranges": [ { "events": [ { "fixed": "7.31.1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://ipython.readthedocs.io/en/stable/whatsnew/version8.html#ipython-8-0-1-cve-2022-21699" ], "discovery": "2022-01-19T00:00:00Z", "references": { "cvename": [ "CVE-2022-21699" ] }, "vid": "35d1e192-628e-11ed-8c5e-641c67a117d8" }, "details": "IPython project reports:\n\n> IPython 8.0.1, 7.31.1 and 5.11 are security releases that change some\n> default values in order to prevent potential Execution with\n> Unnecessary Privileges.\n", "id": "FreeBSD-2022-0219", "modified": "2022-11-12T00:00:00Z", "published": "2022-11-12T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://ipython.readthedocs.io/en/stable/whatsnew/version8.html#ipython-8-0-1-cve-2022-21699" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-21699" }, { "type": "WEB", "url": "https://github.com/ipython/ipython/security/advisories/GHSA-pq7m-3gw7-gq5x" }, { "type": "WEB", "url": "https://ipython.readthedocs.io/en/stable/whatsnew/version8.html#ipython-8-0-1-cve-2022-21699" } ], "schema_version": "1.7.0", "summary": "ipython -- Execution with Unnecessary Privileges" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "phpmyfaq" }, "ranges": [ { "events": [ { "fixed": "3.1.8" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://www.phpmyfaq.de/security/advisory-2022-10-24" ], "discovery": "2022-10-24T00:00:00Z", "vid": "f5a48a7a-61d3-11ed-9094-589cfc0f81b0" }, "details": "phpmyfaq developers report:\n\n> a pre-auth SQL injection in then saving user comments\n>\n> a reflected cross-site scripting vulnerability in the search\n>\n> a stored cross-site scripting vulnerability in the meta data\n> administration\n>\n> a weak password requirement\n", "id": "FreeBSD-2022-0218", "modified": "2022-11-11T00:00:00Z", "published": "2022-11-11T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://www.phpmyfaq.de/security/advisory-2022-10-24" }, { "type": "WEB", "url": "https://huntr.dev/bounties/613143a1-8e51-449a-b214-12458308835d/" }, { "type": "WEB", "url": "https://huntr.dev/bounties/d9666520-4ff5-43bb-aacf-50c8e5570983/" }, { "type": "WEB", "url": "https://huntr.dev/bounties/f4711d7f-1368-48ab-9bef-45f32e356c47/" } ], "schema_version": "1.7.0", "summary": "phpmyfaq -- multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "varnish7" }, "ranges": [ { "events": [ { "fixed": "7.2.1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "varnish6" }, "ranges": [ { "events": [ { "last_affected": "6.6.2" }, { "fixed": "6.6.2" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://varnish-cache.org/security/VSV00011.html" ], "discovery": "2022-11-08T00:00:00Z", "vid": "5b8d8dee-6088-11ed-8c5e-641c67a117d8" }, "details": "Varnish Cache Project reports:\n\n> A request forgery attack can be performed on Varnish Cache servers\n> that have the HTTP/2 protocol turned on. An attacker may introduce\n> characters through the HTTP/2 pseudo-headers that are invalid in the\n> context of an HTTP/1 request line, causing the Varnish server to\n> produce invalid HTTP/1 requests to the backend. This may in turn be\n> used to successfully exploit vulnerabilities in a server behind the\n> Varnish server.\n", "id": "FreeBSD-2022-0217", "modified": "2022-11-09T00:00:00Z", "published": "2022-11-09T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://varnish-cache.org/security/VSV00011.html" }, { "type": "WEB", "url": "https://varnish-cache.org/security/VSV00011.html" } ], "schema_version": "1.7.0", "summary": "varnish -- HTTP/2 Request Forgery Vulnerability" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "varnish7" }, "ranges": [ { "events": [ { "fixed": "7.2.1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://varnish-cache.org/security/VSV00010.html" ], "discovery": "2022-11-08T00:00:00Z", "vid": "b10d1afa-6087-11ed-8c5e-641c67a117d8" }, "details": "Varnish Cache Project reports:\n\n> A request smuggling attack can be performed on Varnish Cache servers\n> by requesting that certain headers are made hop-by-hop, preventing the\n> Varnish Cache servers from forwarding critical headers to the backend.\n> Among the headers that can be filtered this way are both\n> Content-Length and Host, making it possible for an attacker to both\n> break the HTTP/1 protocol framing, and bypass request to host routing\n> in VCL.\n", "id": "FreeBSD-2022-0216", "modified": "2022-11-09T00:00:00Z", "published": "2022-11-09T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://varnish-cache.org/security/VSV00010.html" }, { "type": "WEB", "url": "https://varnish-cache.org/security/VSV00010.html" } ], "schema_version": "1.7.0", "summary": "varnish -- Request Smuggling Vulnerability" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "chromium" }, "ranges": [ { "events": [ { "fixed": "107.0.5304.110" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "ungoogled-chromium" }, "ranges": [ { "events": [ { "fixed": "107.0.5304.110" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://chromereleases.googleblog.com/2022/11/stable-channel-update-for-desktop.html" ], "discovery": "2022-11-08T00:00:00Z", "references": { "cvename": [ "CVE-2022-3885", "CVE-2022-3886", "CVE-2022-3887", "CVE-2022-3888", "CVE-2022-3889", "CVE-2022-3890" ] }, "vid": "6b04476f-601c-11ed-92ce-3065ec8fd3ec" }, "details": "Chrome Releases reports:\n\n> This release contains 10 security fixes, including:\n>\n> - \\[1377816\\] High CVE-2022-3885: Use after free in V8. Reported by\n> gzobqq@ on 2022-10-24\n> - \\[1372999\\] High CVE-2022-3886: Use after free in Speech\n> Recognition. Reported by anonymous on 2022-10-10\n> - \\[1372695\\] High CVE-2022-3887: Use after free in Web Workers.\n> Reported by anonymous on 2022-10-08\n> - \\[1375059\\] High CVE-2022-3888: Use after free in WebCodecs.\n> Reported by Peter Nemeth on 2022-10-16\n> - \\[1380063\\] High CVE-2022-3889: Type Confusion in V8. Reported by\n> anonymous on 2022-11-01\n> - \\[1380083\\] High CVE-2022-3890: Heap buffer overflow in Crashpad.\n> Reported by anonymous on 2022-11-01\n", "id": "FreeBSD-2022-0215", "modified": "2022-11-09T00:00:00Z", "published": "2022-11-09T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://chromereleases.googleblog.com/2022/11/stable-channel-update-for-desktop.html" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-3885" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-3886" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-3887" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-3888" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-3889" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-3890" }, { "type": "WEB", "url": "https://chromereleases.googleblog.com/2022/11/stable-channel-update-for-desktop.html" } ], "schema_version": "1.7.0", "summary": "chromium -- multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "zeek" }, "ranges": [ { "events": [ { "fixed": "5.0.3" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://github.com/zeek/zeek/releases/tag/v5.0.3" ], "discovery": "2022-11-09T00:00:00Z", "vid": "60d4d31a-a573-41bd-8c1e-5af7513c1ee9" }, "details": "Tim Wojtulewicz of Corelight reports:\n\n> Fix an issue where a specially-crafted FTP packet can cause Zeek to\n> spend large amounts of time attempting to search for valid commands in\n> the data stream.\n>\n> Fix a possible overflow in the Zeek dictionary code that may lead to a\n> memory leak.\n>\n> Fix an issue where a specially-crafted packet can cause Zeek to spend\n> large amounts of time reporting analyzer violations.\n>\n> Fix a possible assert and crash in the HTTP analyzer when receiving a\n> specially crafted packet.\n>\n> Fix an issue where a specially-crafted HTTP or SMTP packet can cause\n> Zeek to spend a large amount of time attempting to search for\n> filenames within the packet data.\n>\n> Fix two separate possible crashes when converting processed IP headers\n> for logging via the raw_packet event handlers.\n", "id": "FreeBSD-2022-0214", "modified": "2022-11-09T00:00:00Z", "published": "2022-11-09T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://github.com/zeek/zeek/releases/tag/v5.0.3" }, { "type": "WEB", "url": "https://github.com/zeek/zeek/releases/tag/v5.0.3" } ], "schema_version": "1.7.0", "summary": "zeek -- potential DoS vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "darkhttpd" }, "ranges": [ { "events": [ { "fixed": "1.14" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25691" ], "discovery": "2020-11-02T00:00:00Z", "references": { "cvename": [ "CVE-2020-25691" ] }, "vid": "9c399521-5f80-11ed-8ac4-b42e991fc52e" }, "details": "Mitre reports:\n\n> flaw was found in darkhttpd. Invalid error handling allows remote\n> attackers to cause denial-of-service by accessing a file with a large\n> modification date. The highest threat from this vulnerability is to\n> system availability.\n", "id": "FreeBSD-2022-0213", "modified": "2022-11-08T00:00:00Z", "published": "2022-11-08T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25691" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-25691" }, { "type": "ADVISORY", "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25691" } ], "schema_version": "1.7.0", "summary": "darkhttpd -- DOS vulnerability" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "sudo" }, "ranges": [ { "events": [ { "introduced": "1.8.0" }, { "fixed": "1.9.12p1" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://www.cve.org/CVERecord?id=CVE-2022-43995" ], "discovery": "2022-11-07T00:00:00Z", "references": { "cvename": [ "CVE-2022-43995" ] }, "vid": "3310014a-5ef9-11ed-812b-206a8a720317" }, "details": "CVE.org reports:\n\n> Sudo 1.8.0 through 1.9.12, with the crypt() password backend, contains\n> a plugins/sudoers/auth/passwd.c array-out-of-bounds error that can\n> result in a heap-based buffer over-read. This can be triggered by\n> arbitrary local users with access to sudo by entering a password of\n> seven characters or fewer. The impact could vary depending on the\n> system libraries, compiler, and processor architecture.\n", "id": "FreeBSD-2022-0212", "modified": "2022-11-07T00:00:00Z", "published": "2022-11-07T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://www.cve.org/CVERecord?id=CVE-2022-43995" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-43995" }, { "type": "ADVISORY", "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-43995" } ], "schema_version": "1.7.0", "summary": "sudo -- Potential out-of-bounds write for small passwords" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "gitlab-ce" }, "ranges": [ { "events": [ { "introduced": "15.5.0" }, { "fixed": "15.5.2" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "15.4.0" }, { "fixed": "15.4.4" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "9.3.0" }, { "fixed": "15.3.5" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://about.gitlab.com/releases/2022/11/02/security-release-gitlab-15-5-2-released/" ], "discovery": "2022-11-02T00:00:00Z", "references": { "cvename": [ "CVE-2022-3767", "CVE-2022-3265", "CVE-2022-3483", "CVE-2022-3818", "CVE-2022-3726", "CVE-2022-2251", "CVE-2022-3486", "CVE-2022-3793", "CVE-2022-3413", "CVE-2022-2761", "CVE-2022-3819", "CVE-2022-3280", "CVE-2022-3706" ] }, "vid": "16f7ec68-5cce-11ed-9be7-454b1dd82c64" }, "details": "Gitlab reports:\n\n> DAST analyzer sends custom request headers with every request\n>\n> Stored-XSS with CSP-bypass via scoped labels\\' color\n>\n> Maintainer can leak Datadog API key by changing integration URL\n>\n> Uncontrolled resource consumption when parsing URLs\n>\n> Issue HTTP requests when users view an OpenAPI document and click\n> buttons\n>\n> Command injection in CI jobs via branch name in CI pipelines\n>\n> Open redirection\n>\n> Prefill variables do not check permission of the project in external\n> CI config\n>\n> Disclosure of audit events to insufficiently permissioned group and\n> project members\n>\n> Arbitrary GFM references rendered in Jira issue description leak\n> private/confidential resources\n>\n> Award emojis API for an internal note is accessible to users without\n> access to the note\n>\n> Open redirect in pipeline artifacts when generating HTML documents\n>\n> Retrying a job in a downstream pipeline allows the retrying user to\n> take ownership of the retried jobs in upstream pipelines\n>\n> Project-level Secure Files can be written out of the target directory\n", "id": "FreeBSD-2022-0211", "modified": "2022-11-05T00:00:00Z", "published": "2022-11-05T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://about.gitlab.com/releases/2022/11/02/security-release-gitlab-15-5-2-released/" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-3767" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-3265" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-3483" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-3818" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-3726" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-2251" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-3486" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-3793" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-3413" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-2761" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-3819" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-3280" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-3706" }, { "type": "WEB", "url": "https://about.gitlab.com/releases/2022/11/02/security-release-gitlab-15-5-2-released/" } ], "schema_version": "1.7.0", "summary": "Gitlab -- Multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "pixman" }, "ranges": [ { "events": [ { "fixed": "0.42.2" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://lists.freedesktop.org/archives/pixman/2022-November/004994.html" ], "discovery": "2022-11-02T00:00:00Z", "references": { "cvename": [ "CVE-2022-44638" ] }, "vid": "b278783f-5c1d-11ed-a21f-001fc69cd6dc" }, "details": "Pixman reports: for release 0.42.2\n\n> Avoid integer overflow leading to out-of-bounds write\n", "id": "FreeBSD-2022-0210", "modified": "2022-11-03T00:00:00Z", "published": "2022-11-03T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://lists.freedesktop.org/archives/pixman/2022-November/004994.html" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-44638" }, { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-44638" } ], "schema_version": "1.7.0", "summary": "pixman -- heap overflow" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "go118" }, "ranges": [ { "events": [ { "fixed": "1.18.8" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "go119" }, "ranges": [ { "events": [ { "fixed": "1.19.3" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://go.dev/issue/56284" ], "discovery": "2022-10-17T00:00:00Z", "references": { "cvename": [ "CVE-2022-41716" ] }, "vid": "26b1100a-5a27-11ed-abfe-29ac76ec31b5" }, "details": "The Go project reports:\n\n> syscall, os/exec: unsanitized NUL in environment variables\n>\n> On Windows, syscall.StartProcess and os/exec.Cmd did not properly\n> check for invalid environment variable values. A malicious environment\n> variable value could exploit this behavior to set a value for a\n> different environment variable. For example, the environment variable\n> string \\\"A=B\\\\x00C=D\\\" set the variables \\\"A=B\\\" and \\\"C=D\\\".\n", "id": "FreeBSD-2022-0209", "modified": "2022-11-01T00:00:00Z", "published": "2022-11-01T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://go.dev/issue/56284" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-41716" }, { "type": "WEB", "url": "https://groups.google.com/g/golang-dev/c/83nKqv2W1Dk/m/gEJdD5vjDwAJ" } ], "schema_version": "1.7.0", "summary": "go -- syscall, os/exec: unsanitized NUL in environment variables" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "openssl-devel" }, "ranges": [ { "events": [ { "fixed": "3.0.7" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://www.openssl.org/news/secadv/20221101.txt" ], "discovery": "2022-11-01T00:00:00Z", "references": { "cvename": [ "CVE-2022-3602", "CVE-2022-3786" ] }, "vid": "0844671c-5a09-11ed-856e-d4c9ef517024" }, "details": "The OpenSSL project reports:\n\n> X.509 Email Address 4-byte Buffer Overflow (CVE-2022-3602) (High): A\n> buffer overrun can be triggered in X.509 certificate verification,\n> specifically in name constraint checking.\n>\n> X.509 Email Address Variable Length Buffer Overflow (CVE-2022-3786)\n> (High): A buffer overrun can be triggered in X.509 certificate\n> verification, specifically in name constraint checking.\n", "id": "FreeBSD-2022-0208", "modified": "2022-11-01T00:00:00Z", "published": "2022-11-01T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://www.openssl.org/news/secadv/20221101.txt" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-3602" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-3786" }, { "type": "WEB", "url": "https://www.openssl.org/news/secadv/20221101.txt" } ], "schema_version": "1.7.0", "summary": "OpenSSL -- Buffer overflows in Email verification" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "mysql-connector-c++" }, "ranges": [ { "events": [ { "fixed": "8.0.31" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "mysql-connector-odbc" }, "ranges": [ { "events": [ { "fixed": "8.0.31" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "mysql-client57" }, "ranges": [ { "events": [ { "fixed": "5.7.40" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "mysql-server57" }, "ranges": [ { "events": [ { "fixed": "5.7.40" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "mysql-client80" }, "ranges": [ { "events": [ { "fixed": "8.0.31" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "mysql-server80" }, "ranges": [ { "events": [ { "fixed": "8.0.31" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://www.oracle.com/security-alerts/cpuoct2022.html#AppendixMSQL" ], "discovery": "2022-10-18T00:00:00Z", "references": { "cvename": [ "CVE-2022-21600", "CVE-2022-21635", "CVE-2022-39408", "CVE-2022-39410", "CVE-2022-2097", "CVE-2022-21604", "CVE-2022-21637", "CVE-2022-21617", "CVE-2022-21605", "CVE-2022-21594", "CVE-2022-21607", "CVE-2022-21608", "CVE-2022-21638", "CVE-2022-21640", "CVE-2022-21641", "CVE-2022-39400", "CVE-2022-21633", "CVE-2022-21632", "CVE-2022-21599", "CVE-2022-21595", "CVE-2022-21625", "CVE-2022-21592", "CVE-2022-21589", "CVE-2022-39402", "CVE-2022-39404", "CVE-2022-21611", "CVE-2022-39403" ] }, "vid": "4b9c1c17-587c-11ed-856e-d4c9ef517024" }, "details": "Oracle reports:\n\n> This Critical Patch Update contains 37 new security patches for Oracle\n> MySQL. 11 of these vulnerabilities may be remotely exploitable without\n> authentication, i.e., may be exploited over a network without\n> requiring user credentials\n", "id": "FreeBSD-2022-0207", "modified": "2022-10-30T00:00:00Z", "published": "2022-10-30T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://www.oracle.com/security-alerts/cpuoct2022.html#AppendixMSQL" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-21600" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-21635" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-39408" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-39410" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-2097" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-21604" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-21637" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-21617" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-21605" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-21594" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-21607" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-21608" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-21638" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-21640" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-21641" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-39400" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-21633" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-21632" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-21599" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-21595" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-21625" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-21592" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-21589" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-39402" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-39404" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-21611" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-39403" }, { "type": "WEB", "url": "https://www.oracle.com/security-alerts/cpuoct2022.html#AppendixMSQL" } ], "schema_version": "1.7.0", "summary": "MySQL -- Multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "chromium" }, "ranges": [ { "events": [ { "fixed": "107.0.5304.87" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "ungoogled-chromium" }, "ranges": [ { "events": [ { "fixed": "107.0.5304.87" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://chromereleases.googleblog.com/2022/10/stable-channel-update-for-desktop_27.html" ], "discovery": "2022-10-27T00:00:00Z", "references": { "cvename": [ "CVE-2022-3723" ] }, "vid": "1225c888-56ea-11ed-b5c3-3065ec8fd3ec" }, "details": "Chrome Releases reports:\n\n> This release contains 1 security fix:\n>\n> - \\[1378239\\] High CVE-2022-3723: Type Confusion in V8. Reported by\n> Jan Vojte\u0161ek, Mil\u00e1nek, and Przemek Gmerek of Avast on 2022-10-25\n", "id": "FreeBSD-2022-0206", "modified": "2022-10-28T00:00:00Z", "published": "2022-10-28T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://chromereleases.googleblog.com/2022/10/stable-channel-update-for-desktop_27.html" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-3723" }, { "type": "WEB", "url": "https://chromereleases.googleblog.com/2022/10/stable-channel-update-for-desktop_27.html" } ], "schema_version": "1.7.0", "summary": "chromium -- Type confusion in V8" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "samba412" }, "ranges": [ { "events": [ { "fixed": "4.12.16" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "samba413" }, "ranges": [ { "events": [ { "fixed": "4.13.17_4" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "samba416" }, "ranges": [ { "events": [ { "fixed": "4.16.6" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://www.samba.org/samba/security/CVE-2022-3437.html" ], "discovery": "2022-08-02T00:00:00Z", "references": { "cvename": [ "CVE-2022-3437" ] }, "vid": "1c5f3fd7-54bf-11ed-8d1e-005056a311d1" }, "details": "The Samba Team reports:\n\n> The DES (for Samba 4.11 and earlier) and Triple-DES decryption\n> routines in the Heimdal GSSAPI library allow a length-limited write\n> buffer overflow on malloc() allocated memory when presented with a\n> maliciously small packet.\n", "id": "FreeBSD-2022-0205", "modified": "2022-10-25T00:00:00Z", "published": "2022-10-25T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://www.samba.org/samba/security/CVE-2022-3437.html" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-3437" }, { "type": "WEB", "url": "https://www.samba.org/samba/security/CVE-2022-3437.html" } ], "schema_version": "1.7.0", "summary": "samba -- buffer overflow in Heimdal unwrap_des3()" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "chromium" }, "ranges": [ { "events": [ { "fixed": "107.0.5304.68" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "ungoogled-chromium" }, "ranges": [ { "events": [ { "fixed": "107.0.5304.68" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://chromereleases.googleblog.com/2022/10/stable-channel-update-for-desktop_25.html" ], "discovery": "2022-10-25T00:00:00Z", "references": { "cvename": [ "CVE-2022-3652", "CVE-2022-3653", "CVE-2022-3654", "CVE-2022-3655", "CVE-2022-3656", "CVE-2022-3657", "CVE-2022-3658", "CVE-2022-3659", "CVE-2022-3660", "CVE-2022-3661" ] }, "vid": "b4ef02f4-549f-11ed-8ad9-3065ec8fd3ec" }, "details": "Chrome Releases reports:\n\n> This release contains 14 security fixes, including:\n>\n> - \\[1369871\\] High CVE-2022-3652: Type Confusion in V8. Reported by\n> srodulv and ZNMchtss at S.S.L Team on 2022-09-30\n> - \\[1354271\\] High CVE-2022-3653: Heap buffer overflow in Vulkan.\n> Reported by SeongHwan Park (SeHwa) on 2022-08-19\n> - \\[1365330\\] High CVE-2022-3654: Use after free in Layout. Reported\n> by Sergei Glazunov of Google Project Zero on 2022-09-19\n> - \\[1343384\\] Medium CVE-2022-3655: Heap buffer overflow in Media\n> Galleries. Reported by koocola(@alo_cook) and Guang Gong of 360\n> Vulnerability Research Institute on 2022-07-11\n> - \\[1345275\\] Medium CVE-2022-3656: Insufficient data validation in\n> File System. Reported by Ron Masas, Imperva on 2022-07-18\n> - \\[1351177\\] Medium CVE-2022-3657: Use after free in Extensions.\n> Reported by Omri Bushari, Talon Cyber Security on 2022-08-09\n> - \\[1352817\\] Medium CVE-2022-3658: Use after free in Feedback service\n> on Chrome OS. Reported by Nan Wang(@eternalsakura13) and Guang Gong\n> of 360 Vulnerability Research Institute on 2022-08-14\n> - \\[1355560\\] Medium CVE-2022-3659: Use after free in Accessibility.\n> Reported by \\@ginggilBesel on 2022-08-23\n> - \\[1327505\\] Medium CVE-2022-3660: Inappropriate implementation in\n> Full screen mode. Reported by Irvan Kurniawan (sourc7) on 2022-05-20\n> - \\[1350111\\] Low CVE-2022-3661: Insufficient data validation in\n> Extensions. Reported by Young Min Kim (@ylemkimon), CompSec Lab at\n> Seoul National University on 2022-08-04\n", "id": "FreeBSD-2022-0204", "modified": "2022-10-25T00:00:00Z", "published": "2022-10-25T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://chromereleases.googleblog.com/2022/10/stable-channel-update-for-desktop_25.html" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-3652" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-3653" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-3654" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-3655" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-3656" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-3657" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-3658" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-3659" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-3660" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-3661" }, { "type": "WEB", "url": "https://chromereleases.googleblog.com/2022/10/stable-channel-update-for-desktop_25.html" } ], "schema_version": "1.7.0", "summary": "chromium -- multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "libudisks" }, "ranges": [ { "events": [ { "fixed": "2.9.4" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://github.com/storaged-project/udisks/blob/udisks-2.9.4/NEWS" ], "discovery": "2021-09-29T00:00:00Z", "vid": "68fcee9b-5259-11ed-89c9-0800276af896" }, "details": "From libudisks 2.9.4 NEWS:\n\n> udiskslinuxblock: Fix leaking cleartext block interface\n", "id": "FreeBSD-2022-0203", "modified": "2022-10-22T00:00:00Z", "published": "2022-10-22T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://github.com/storaged-project/udisks/blob/udisks-2.9.4/NEWS" }, { "type": "WEB", "url": "https://github.com/storaged-project/udisks/blob/udisks-2.9.4/NEWS" } ], "schema_version": "1.7.0", "summary": "Cleartext leak in libudisks" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "phpmyfaq" }, "ranges": [ { "events": [ { "fixed": "3.1.7" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://www.phpmyfaq.de/security/advisory-2022-10-02" ], "discovery": "2022-10-02T00:00:00Z", "vid": "c253c4aa-5126-11ed-8a21-589cfc0f81b0" }, "details": "phpmyfaq developers report:\n\n> phpMyFAQ does not implement sufficient checks to avoid CSRF when\n> logging out an user.\n", "id": "FreeBSD-2022-0202", "modified": "2022-10-21T00:00:00Z", "published": "2022-10-21T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://www.phpmyfaq.de/security/advisory-2022-10-02" }, { "type": "WEB", "url": "https://huntr.dev/bounties/76095ac1-da12-449b-9564-4a086be96592/" } ], "schema_version": "1.7.0", "summary": "phpmyfaq -- CSRF vulnerability" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "python37" }, "ranges": [ { "events": [ { "fixed": "3.7.15" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "python38" }, "ranges": [ { "events": [ { "fixed": "3.8.15" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "python39" }, "ranges": [ { "events": [ { "fixed": "3.9.15" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "python310" }, "ranges": [ { "events": [ { "fixed": "3.10.8" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://docs.python.org/release/3.9.15/whatsnew/changelog.html" ], "discovery": "2022-09-29T00:00:00Z", "vid": "d6d088c9-5064-11ed-bade-080027881239" }, "details": "Python reports:\n\n> gh-97616: Fix multiplying a list by an integer (list \\*= int): detect\n> the integer overflow when the new allocated length is close to the\n> maximum size. Issue reported by Jordan Limor. Patch by Victor Stinner.\n>\n> gh-97612: Fix a shell code injection vulnerability in the\n> get-remote-certificate.py example script. The script no longer uses a\n> shell to run openssl commands. Issue reported and initial fix by Caleb\n> Shortt. Patch by Victor Stinner.\n", "id": "FreeBSD-2022-0201", "modified": "2022-10-20T00:00:00Z", "published": "2022-10-20T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://docs.python.org/release/3.9.15/whatsnew/changelog.html" }, { "type": "WEB", "url": "https://docs.python.org/release/3.9.15/whatsnew/changelog.html" } ], "schema_version": "1.7.0", "summary": "Python -- multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "nginx" }, "ranges": [ { "events": [ { "introduced": "1.0.7" }, { "fixed": "1.22.1" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "nginx-devel" }, "ranges": [ { "events": [ { "introduced": "1.1.3" }, { "fixed": "1.23.2" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://mailman.nginx.org/archives/list/nginx@nginx.org/thread/F7TMIHDNNU3M52GYS23UWDWW2R2BLVVH/" ], "discovery": "2022-10-19T00:00:00Z", "references": { "cvename": [ "CVE-2022-41741", "CVE-2022-41742" ] }, "vid": "676d4f16-4fb3-11ed-a374-8c164567ca3c" }, "details": "NGINX Development Team reports:\n\n> Two security issues were identified in the ngx_http_mp4_module, which\n> might allow an attacker to cause a worker process crash or worker\n> process memory disclosure by using a specially crafted mp4 file, or\n> might have potential other impact (CVE-2022-41741, CVE-2022-41742).\n", "id": "FreeBSD-2022-0200", "modified": "2022-10-19T00:00:00Z", "published": "2022-10-19T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://mailman.nginx.org/archives/list/nginx@nginx.org/thread/F7TMIHDNNU3M52GYS23UWDWW2R2BLVVH/" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-41741" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-41742" }, { "type": "WEB", "url": "https://mailman.nginx.org/archives/list/nginx@nginx.org/thread/F7TMIHDNNU3M52GYS23UWDWW2R2BLVVH/" } ], "schema_version": "1.7.0", "summary": "nginx -- Two vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "git" }, "ranges": [ { "events": [ { "fixed": "2.38.1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "git-lite" }, "ranges": [ { "events": [ { "fixed": "2.38.1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "git-tiny" }, "ranges": [ { "events": [ { "fixed": "2.38.1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://lore.kernel.org/git/xmqq4jw1uku5.fsf@gitster.g/T/#u" ], "discovery": "2022-06-09T00:00:00Z", "references": { "cvename": [ "CVE-2022-39253", "CVE-2022-39260" ] }, "vid": "2523bc76-4f01-11ed-929b-002590f2a714" }, "details": "> # This release contains 2 security fixes:\n>\n> ## CVE-2022-39253\n>\n> When relying on the \\`\\--local\\` clone optimization, Git dereferences\n> symbolic links in the source repository before creating hardlinks (or\n> copies) of the dereferenced link in the destination repository. This\n> can lead to surprising behavior where arbitrary files are present in a\n> repository\\'s \\`\\$GIT_DIR\\` when cloning from a malicious repository.\n> Git will no longer dereference symbolic links via the \\`\\--local\\`\n> clone mechanism, and will instead refuse to clone repositories that\n> have symbolic links present in the \\`\\$GIT_DIR/objects\\` directory.\n> Additionally, the value of \\`protocol.file.allow\\` is changed to be\n> \\\"user\\\" by default.\n>\n> ## CVE-2022-39260\n>\n> An overly-long command string given to \\`git shell\\` can result in\n> overflow in \\`split_cmdline()\\`, leading to arbitrary heap writes and\n> remote code execution when \\`git shell\\` is exposed and the directory\n> \\`\\$HOME/git-shell-commands\\` exists. \\`git shell\\` is taught to\n> refuse interactive commands that are longer than 4MiB in size.\n> \\`split_cmdline()\\` is hardened to reject inputs larger than 2GiB.\n", "id": "FreeBSD-2022-0199", "modified": "2022-10-18T00:00:00Z", "published": "2022-10-18T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://lore.kernel.org/git/xmqq4jw1uku5.fsf@gitster.g/T/#u" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-39253" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-39260" }, { "type": "WEB", "url": "https://lore.kernel.org/git/xmqq4jw1uku5.fsf@gitster.g/T/#u" } ], "schema_version": "1.7.0", "summary": "git -- Multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "openssl-devel" }, "ranges": [ { "events": [ { "fixed": "3.0.6" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "://www.openssl.org/news/secadv/20221011.txt" ], "discovery": "2022-10-11T00:00:00Z", "references": { "cvename": [ "CVE-2022-3358" ] }, "vid": "7392e1e3-4eb9-11ed-856e-d4c9ef517024" }, "details": "The OpenSSL project reports:\n\n> Using a Custom Cipher with NID_undef may lead to NULL encryption (low)\n", "id": "FreeBSD-2022-0198", "modified": "2022-10-18T00:00:00Z", "published": "2022-10-18T00:00:00Z", "references": [ { "type": "REPORT", "url": "://www.openssl.org/news/secadv/20221011.txt" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-3358" }, { "type": "WEB", "url": "https://www.openssl.org/news/secadv/20221011.txt" } ], "schema_version": "1.7.0", "summary": "OpenSSL -- Potential NULL encryption in NID_undef with Custom Cipher" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "gitea" }, "ranges": [ { "events": [ { "fixed": "1.17.3" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://github.com/go-gitea/gitea/pull/21463", "https://github.com/go-gitea/gitea/pull/21412", "https://github.com/go-gitea/gitea/pull/21281" ], "discovery": "2022-09-27T00:00:00Z", "vid": "d713d709-4cc9-11ed-a621-0800277bb8a8" }, "details": "The Gitea team reports:\n\n> Sanitize and Escape refs in git backend\n\n> Bump golang.org/x/text\n\n> Update bluemonday\n", "id": "FreeBSD-2022-0197", "modified": "2022-10-15T00:00:00Z", "published": "2022-10-15T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://github.com/go-gitea/gitea/pull/21463" }, { "type": "REPORT", "url": "https://github.com/go-gitea/gitea/pull/21412" }, { "type": "REPORT", "url": "https://github.com/go-gitea/gitea/pull/21281" }, { "type": "WEB", "url": "https://github.com/go-gitea/gitea/releases/tag/v1.17.3" } ], "schema_version": "1.7.0", "summary": "gitea -- multiple issues" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "roundcube-thunderbird_labels" }, "ranges": [ { "events": [ { "last_affected": "1.4.12" }, { "fixed": "1.4.12" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://roundcube.net/news/2021/12/30/security-update-1.4.13-released" ], "discovery": "2022-10-10T00:00:00Z", "vid": "127674c6-4a27-11ed-9f93-002b67dfc673" }, "details": "The Roundcube project reports:\n\n> # Description:\n>\n> Remote code execution vulnerability in roundcube-thunderbird_labels\n> when tb_label_modify_labels is enabled.\n>\n> # Workaround:\n>\n> If you cannot upgrade to roundcube-thunderbird_labels-1.4.13 disable\n> the tb_label_modify_labels config option.\n", "id": "FreeBSD-2022-0196", "modified": "2022-10-12T00:00:00Z", "published": "2022-10-12T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://roundcube.net/news/2021/12/30/security-update-1.4.13-released" }, { "type": "WEB", "url": "https://github.com/mike-kfed/roundcube-thunderbird_labels/security/advisories/GHSA-wp6h-wgxq-v949" } ], "schema_version": "1.7.0", "summary": "roundcube-thunderbird_labels -- RCE with custom label titles" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "chromium" }, "ranges": [ { "events": [ { "fixed": "106.0.5249.119" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "ungoogled-chromium" }, "ranges": [ { "events": [ { "fixed": "106.0.5249.119" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://chromereleases.googleblog.com/2022/10/stable-channel-update-for-desktop_11.html" ], "discovery": "2022-10-11T00:00:00Z", "references": { "cvename": [ "CVE-2022-3445", "CVE-2022-3446", "CVE-2022-3447", "CVE-2022-3448", "CVE-2022-3449", "CVE-2022-3450" ] }, "vid": "7cb12ee0-4a13-11ed-8ad9-3065ec8fd3ec" }, "details": "Chrome Releases reports:\n\n> This release contains 6 security fixes:\n>\n> - \\[1364604\\] High CVE-2022-3445: Use after free in Skia. Reported by\n> Nan Wang (@eternalsakura13) and Yong Liu of 360 Vulnerability\n> Research Institute on 2022-09-16\n> - \\[1368076\\] High CVE-2022-3446: Heap buffer overflow in WebSQL.\n> Reported by Kaijie Xu (@kaijieguigui) on 2022-09-26\n> - \\[1366582\\] High CVE-2022-3447: Inappropriate implementation in\n> Custom Tabs. Reported by Narendra Bhati of Suma Soft Pvt. Ltd. Pune\n> (India) on 2022-09-22\n> - \\[1363040\\] High CVE-2022-3448: Use after free in Permissions API.\n> Reported by raven at KunLun lab on 2022-09-13\n> - \\[1364662\\] High CVE-2022-3449: Use after free in Safe Browsing.\n> Reported by asnine on 2022-09-17\n> - \\[1369882\\] High CVE-2022-3450: Use after free in Peer Connection.\n> Reported by Anonymous on 2022-09-30\n", "id": "FreeBSD-2022-0195", "modified": "2022-10-12T00:00:00Z", "published": "2022-10-12T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://chromereleases.googleblog.com/2022/10/stable-channel-update-for-desktop_11.html" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-3445" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-3446" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-3447" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-3448" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-3449" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-3450" }, { "type": "WEB", "url": "https://chromereleases.googleblog.com/2022/10/stable-channel-update-for-desktop_11.html" } ], "schema_version": "1.7.0", "summary": "chromium -- mulitple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "samba412" }, "ranges": [ { "events": [ { "fixed": "4.12.16" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "samba413" }, "ranges": [ { "events": [ { "fixed": "4.13.17_2" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://lists.samba.org/archive/samba-announce/2022/000609.html" ], "discovery": "2022-07-27T00:00:00Z", "references": { "cvename": [ "CVE-2022-2031", "CVE-2022-32744", "CVE-2022-32745", "CVE-2022-32746", "CVE-2022-32742" ] }, "vid": "f9140ad4-4920-11ed-a07e-080027f5fec9" }, "details": "The Samba Team reports:\n\n> \n>\n> CVE-2022-2031\n> : The KDC and the kpasswd service share a single account and set of\n> keys, allowing them to decrypt each other\\'s tickets. A user who\n> has been requested to change their password can exploit this to\n> obtain and use tickets to other services.\n>\n> CVE-2022-32744\n> : The KDC accepts kpasswd requests encrypted with any key known to\n> it. By encrypting forged kpasswd requests with its own key, a user\n> can change the passwords of other users, enabling full domain\n> takeover.\n>\n> CVE-2022-32745\n> : Samba AD users can cause the server to access uninitialised data\n> with an LDAP add or modify request, usually resulting in a\n> segmentation fault.\n>\n> CVE-2022-32746\n> : The AD DC database audit logging module can be made to access LDAP\n> message values that have been freed by a preceding database\n> module, resulting in a use-after-free. This is only possible when\n> modifying certain privileged attributes, such as\n> userAccountControl.\n>\n> CVE-2022-32742\n> : SMB1 Client with write access to a share can cause server memory\n> contents to be written into a file or printer.\n", "id": "FreeBSD-2022-0194", "modified": "2022-10-11T00:00:00Z", "published": "2022-10-11T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://lists.samba.org/archive/samba-announce/2022/000609.html" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-2031" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-32744" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-32745" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-32746" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-32742" }, { "type": "WEB", "url": "https://lists.samba.org/archive/samba-announce/2022/000609.html" }, { "type": "WEB", "url": "https://www.samba.org/samba/security/CVE-2022-2031.html" }, { "type": "WEB", "url": "https://www.samba.org/samba/security/CVE-2022-32744.html" }, { "type": "WEB", "url": "https://www.samba.org/samba/security/CVE-2022-32745.html" }, { "type": "WEB", "url": "https://www.samba.org/samba/security/CVE-2022-32746.html" }, { "type": "WEB", "url": "https://www.samba.org/samba/security/CVE-2022-32742.html" } ], "schema_version": "1.7.0", "summary": "samba -- Multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "strongswan" }, "ranges": [ { "events": [ { "fixed": "5.9.8" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://www.strongswan.org/blog/2022/10/03/strongswan-vulnerability-(cve-2022-40617).html" ], "discovery": "2022-10-03T00:00:00Z", "references": { "cvename": [ "CVE-2022-40617" ] }, "vid": "0ae56f3e-488c-11ed-bb31-b42e99a1b9c3" }, "details": "Lahav Schlesinger reported a bug related to online certificate\nrevocation checking that can lead to a denial-of-service attack\n\n> .\n", "id": "FreeBSD-2022-0193", "modified": "2022-10-10T00:00:00Z", "published": "2022-10-10T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://www.strongswan.org/blog/2022/10/03/strongswan-vulnerability-(cve-2022-40617).html" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-40617" }, { "type": "ADVISORY", "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=2022-40617" } ], "schema_version": "1.7.0", "summary": "strongswan -- DOS attack vulnerability" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "routinator" }, "ranges": [ { "events": [ { "introduced": "0.9.0" }, { "fixed": "0.11.3" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://www.cvedetails.com/cve/CVE-2022-3029/" ], "discovery": "2022-10-06T00:00:00Z", "references": { "cvename": [ "CVE-2022-3029" ] }, "vid": "e4133d8b-ab33-451a-bc68-3719de73d54a" }, "details": "Due to a mistake in error handling, data in RRDP snapshot and delta\nfiles that isn't correctly base 64 encoded is treated as a fatal error\nand causes Routinator to exit. Worst case impact of this vulnerability\nis denial of service for the RPKI data that Routinator provides to\nrouters. This may stop your network from validating route origins based\non RPKI data. This vulnerability does not allow an attacker to\nmanipulate RPKI data. We are not aware of exploitation of this\nvulnerability at this point in time. Starting with release 0.11.3,\nRoutinator handles encoding errors by rejecting the snapshot or delta\nfile and continuing with validation. In case of an invalid delta file,\nit will try using the snapshot instead. If a snapshot file is invalid,\nthe update of the repository will fail and an update through rsync is\nattempted.\n\n> .\n", "id": "FreeBSD-2022-0192", "modified": "2022-10-07T00:00:00Z", "published": "2022-10-07T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://www.cvedetails.com/cve/CVE-2022-3029/" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-3029" }, { "type": "WEB", "url": "https://nlnetlabs.nl/downloads/routinator/CVE-2022-3029.txt" } ], "schema_version": "1.7.0", "summary": "routinator -- potential DOS attack" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "py37-django32" }, "ranges": [ { "events": [ { "fixed": "3.2.16" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "py38-django32" }, "ranges": [ { "events": [ { "fixed": "3.2.16" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "py39-django32" }, "ranges": [ { "events": [ { "fixed": "3.2.16" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "py310-django32" }, "ranges": [ { "events": [ { "fixed": "3.2.16" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "py38-django40" }, "ranges": [ { "events": [ { "fixed": "4.0.8" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "py39-django40" }, "ranges": [ { "events": [ { "fixed": "4.0.8" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "py310-django40" }, "ranges": [ { "events": [ { "fixed": "4.0.8" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "py38-django41" }, "ranges": [ { "events": [ { "fixed": "4.1.2" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "py39-django41" }, "ranges": [ { "events": [ { "fixed": "4.1.2" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "py310-django41" }, "ranges": [ { "events": [ { "fixed": "4.1.2" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://www.djangoproject.com/weblog/2022/oct/04/security-releases/" ], "discovery": "2022-09-23T00:00:00Z", "references": { "cvename": [ "CVE-2022-41323" ] }, "vid": "f4f15051-4574-11ed-81a1-080027881239" }, "details": "Django reports:\n\n> CVE-2022-41323: Potential denial-of-service vulnerability in\n> internationalized URLs.\n", "id": "FreeBSD-2022-0191", "modified": "2022-10-06T00:00:00Z", "published": "2022-10-06T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://www.djangoproject.com/weblog/2022/oct/04/security-releases/" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-41323" }, { "type": "WEB", "url": "https://www.djangoproject.com/weblog/2022/oct/04/security-releases/" } ], "schema_version": "1.7.0", "summary": "Django -- multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "jenkins" }, "ranges": [ { "events": [ { "fixed": "2.370" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://www.jenkins.io/security/advisory/2022-09-21/" ], "discovery": "2022-09-21T00:00:00Z", "references": { "cvename": [ "CVE-2022-41224" ] }, "vid": "c2a89e8f-44e9-11ed-9215-00e081b7aa2d" }, "details": "Jenkins Security Advisory:\n\n> # Description\n>\n> ##### (High) SECURITY-2886 / CVE-2022-41224\n>\n> Jenkins 2.367 through 2.369 (both inclusive) does not escape tooltips\n> of the l:helpIcon UI component used for some help icons on the Jenkins\n> web UI.\n>\n> This results in a stored cross-site scripting (XSS) vulnerability\n> exploitable by attackers able to control tooltips for this component.\n>\n> Jenkins 2.370 escapes tooltips of the l:helpIcon UI component.\n", "id": "FreeBSD-2022-0190", "modified": "2022-10-07T00:00:00Z", "published": "2022-10-05T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://www.jenkins.io/security/advisory/2022-09-21/" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-41224" }, { "type": "WEB", "url": "https://www.jenkins.io/security/advisory/2022-09-21/" } ], "schema_version": "1.7.0", "summary": "jenkins -- XSS vulnerability" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "go118" }, "ranges": [ { "events": [ { "fixed": "1.18.7" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "go119" }, "ranges": [ { "events": [ { "fixed": "1.19.2" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://go.dev/issue/54853", "https://go.dev/issue/54663", "https://go.dev/issue/55949" ], "discovery": "2022-10-04T00:00:00Z", "references": { "cvename": [ "CVE-2022-2879", "CVE-2022-2880", "CVE-2022-41715" ] }, "vid": "854c2afb-4424-11ed-af97-adcabf310f9b" }, "details": "The Go project reports:\n\n> archive/tar: unbounded memory consumption when reading headers\n>\n> Reader.Read did not set a limit on the maximum size of file headers. A\n> maliciously crafted archive could cause Read to allocate unbounded\n> amounts of memory, potentially causing resource exhaustion or panics.\n> Reader.Read now limits the maximum size of header blocks to 1 MiB.\n\n> net/http/httputil: ReverseProxy should not forward unparseable query\n> parameters\n>\n> Requests forwarded by ReverseProxy included the raw query parameters\n> from the inbound request, including unparseable parameters rejected by\n> net/http. This could permit query parameter smuggling when a Go proxy\n> forwards a parameter with an unparseable value.\n>\n> ReverseProxy will now sanitize the query parameters in the forwarded\n> query when the outbound request\\'s Form field is set after the\n> ReverseProxy.Director function returns, indicating that the proxy has\n> parsed the query parameters. Proxies which do not parse query\n> parameters continue to forward the original query parameters\n> unchanged.\n\n> regexp/syntax: limit memory used by parsing regexps\n>\n> The parsed regexp representation is linear in the size of the input,\n> but in some cases the constant factor can be as high as 40,000, making\n> relatively small regexps consume much larger amounts of memory.\n>\n> Each regexp being parsed is now limited to a 256 MB memory footprint.\n> Regular expressions whose representation would use more space than\n> that are now rejected. Normal use of regular expressions is\n> unaffected.\n", "id": "FreeBSD-2022-0189", "modified": "2022-10-04T00:00:00Z", "published": "2022-10-04T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://go.dev/issue/54853" }, { "type": "REPORT", "url": "https://go.dev/issue/54663" }, { "type": "REPORT", "url": "https://go.dev/issue/55949" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-2879" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-2880" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-41715" }, { "type": "WEB", "url": "https://groups.google.com/g/golang-announce/c/xtuG5faxtaU/m/jEhlI_5WBgAJ" } ], "schema_version": "1.7.0", "summary": "go -- multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "zydis" }, "ranges": [ { "events": [ { "fixed": "3.2.1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://github.com/zyantific/zydis/security/advisories/GHSA-q42v-hv86-3m4g" ], "discovery": "2021-11-08T00:00:00Z", "references": { "cvename": [ "CVE-2021-41253" ] }, "vid": "d487d4fc-43a8-11ed-8b01-b42e991fc52e" }, "details": "Zyantific reports:\n\n> Zydis users of versions v3.2.0 and older that use the string functions\n> provided in zycore in order to append untrusted user data to the\n> formatter buffer within their custom formatter hooks can run into heap\n> buffer overflows. Older versions of Zydis failed to properly\n> initialize the string object within the formatter buffer, forgetting\n> to initialize a few fields, leaving their value to chance. This could\n> then in turn cause zycore functions like ZyanStringAppend to make\n> incorrect calculations for the new target size, resulting in heap\n> memory corruption.\n", "id": "FreeBSD-2022-0188", "modified": "2022-10-04T00:00:00Z", "published": "2022-10-04T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://github.com/zyantific/zydis/security/advisories/GHSA-q42v-hv86-3m4g" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-41253" }, { "type": "WEB", "url": "https://www.cvedetails.com/cve/CVE-2021-41253" } ], "schema_version": "1.7.0", "summary": "zydis -- heap buffer overflow" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "mediawiki135" }, "ranges": [ { "events": [ { "fixed": "1.35.8" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "mediawiki137" }, "ranges": [ { "events": [ { "fixed": "1.37.6" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "mediawiki138" }, "ranges": [ { "events": [ { "fixed": "1.38.4" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://lists.wikimedia.org/hyperkitty/list/mediawiki-announce@lists.wikimedia.org/message/SPYFDCGZE7KJNO73ET7QVSUXMHXVRFTE/" ], "discovery": "2022-09-29T00:00:00Z", "references": { "cvename": [ "CVE-2022-41765", "CVE-2022-41766", "CVE-2022-41767" ] }, "vid": "67057b48-41f4-11ed-86c3-080027881239" }, "details": "Mediawiki reports:\n\n> (T316304, CVE-2022-41767) SECURITY: reassignEdits doesn\\'t update\n> results in an IP range check on Special:Contributions..\n>\n> (T309894, CVE-2022-41765) SECURITY: HTMLUserTextField exposes\n> existence of hidden users.\n>\n> (T307278, CVE-2022-41766) SECURITY: On action=rollback the message\n> \\\"alreadyrolled\\\" can leak revision deleted user name.\n", "id": "FreeBSD-2022-0187", "modified": "2022-10-02T00:00:00Z", "published": "2022-10-02T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://lists.wikimedia.org/hyperkitty/list/mediawiki-announce@lists.wikimedia.org/message/SPYFDCGZE7KJNO73ET7QVSUXMHXVRFTE/" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-41765" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-41766" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-41767" }, { "type": "WEB", "url": "https://lists.wikimedia.org/hyperkitty/list/mediawiki-announce@lists.wikimedia.org/message/SPYFDCGZE7KJNO73ET7QVSUXMHXVRFTE/" } ], "schema_version": "1.7.0", "summary": "mediawiki -- multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "chromium" }, "ranges": [ { "events": [ { "fixed": "106.0.5249.91" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://chromereleases.googleblog.com/2022/09/stable-channel-update-for-desktop_30.html" ], "discovery": "2022-09-30T00:00:00Z", "references": { "cvename": [ "CVE-2022-3370", "CVE-2022-3373" ] }, "vid": "d459c914-4100-11ed-9bc7-3065ec8fd3ec" }, "details": "Chrome Releases reports:\n\n> This release contains 3 security fixes, including:\n>\n> - \\[1366813\\] High CVE-2022-3370: Use after free in Custom Elements.\n> Reported by Aviv A. on 2022-09-22\n> - \\[1366399\\] High CVE-2022-3373: Out of bounds write in V8. Reported\n> by Tibor Klajnscek on 2022-09-21\n", "id": "FreeBSD-2022-0186", "modified": "2022-09-30T00:00:00Z", "published": "2022-09-30T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://chromereleases.googleblog.com/2022/09/stable-channel-update-for-desktop_30.html" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-3370" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-3373" }, { "type": "WEB", "url": "https://chromereleases.googleblog.com/2022/09/stable-channel-update-for-desktop_30.html" } ], "schema_version": "1.7.0", "summary": "chromium -- multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "gitlab-ce" }, "ranges": [ { "events": [ { "introduced": "15.4.0" }, { "fixed": "15.4.1" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "15.3.0" }, { "fixed": "15.3.4" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "9.3.0" }, { "fixed": "15.2.5" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://about.gitlab.com/releases/2022/09/29/security-release-gitlab-15-4-1-released/" ], "discovery": "2022-09-29T00:00:00Z", "references": { "cvename": [ "CVE-2022-3283", "CVE-2022-3060", "CVE-2022-2904", "CVE-2022-3018", "CVE-2022-3291", "CVE-2022-3067", "CVE-2022-2882", "CVE-2022-3066", "CVE-2022-3286", "CVE-2022-3285", "CVE-2022-3330", "CVE-2022-3351", "CVE-2022-3288", "CVE-2022-3293", "CVE-2022-3279", "CVE-2022-3325" ] }, "vid": "04422df1-40d8-11ed-9be7-454b1dd82c64" }, "details": "Gitlab reports:\n\n> Denial of Service via cloning an issue\n>\n> Arbitrary PUT request as victim user through Sentry error list\n>\n> Content injection via External Status Checks\n>\n> Project maintainers can access Datadog API Key from logs\n>\n> Unsafe serialization of Json data could lead to sensitive data leakage\n>\n> Import bug allows importing of private local git repos\n>\n> Maintainer can leak Github access tokens by changing integration URL\n> (even after 15.2.1 patch)\n>\n> Unauthorized users able to create issues in any project\n>\n> Bypass group IP restriction on Dependency Proxy\n>\n> Healthcheck endpoint allow list can be bypassed when accessed over\n> HTTP in an HTTPS enabled system\n>\n> Disclosure of Todo details to guest users\n>\n> A user\\'s primary email may be disclosed through group member events\n> webhooks\n>\n> Content manipulation due to branch/tag name confusion with the default\n> branch name\n>\n> Leakage of email addresses in WebHook logs\n>\n> Specially crafted output makes job logs inaccessible\n>\n> Enforce editing approval rules on project level\n", "id": "FreeBSD-2022-0185", "modified": "2022-09-30T00:00:00Z", "published": "2022-09-30T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://about.gitlab.com/releases/2022/09/29/security-release-gitlab-15-4-1-released/" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-3283" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-3060" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-2904" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-3018" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-3291" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-3067" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-2882" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-3066" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-3286" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-3285" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-3330" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-3351" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-3288" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-3293" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-3279" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-3325" }, { "type": "WEB", "url": "https://about.gitlab.com/releases/2022/09/29/security-release-gitlab-15-4-1-released/" } ], "schema_version": "1.7.0", "summary": "Gitlab -- Multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "unbound" }, "ranges": [ { "events": [ { "fixed": "1.16.2" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://www.cvedetails.com/cve/CVE-2022-3204" ], "discovery": "2022-09-26T00:00:00Z", "references": { "cvename": [ "CVE-2022-3204" ] }, "vid": "5a1c2e06-3fb7-11ed-a402-b42e991fc52e" }, "details": "A vulnerability named \\'Non-Responsive Delegation Attack\\' (NRDelegation\nAttack) has been discovered in various DNS resolving software. The\nNRDelegation Attack works by having a malicious delegation with a\nconsiderable number of non responsive nameservers. The attack starts by\nquerying a resolver for a record that relies on those unresponsive\nnameservers. The attack can cause a resolver to spend a lot of\ntime/resources resolving records under a malicious delegation point\nwhere a considerable number of unresponsive NS records reside. It can\ntrigger high CPU usage in some resolver implementations that continually\nlook in the cache for resolved NS records in that delegation.\n\n> .\n", "id": "FreeBSD-2022-0184", "modified": "2022-09-29T00:00:00Z", "published": "2022-09-29T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://www.cvedetails.com/cve/CVE-2022-3204" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-3204" }, { "type": "WEB", "url": "https://nlnetlabs.nl/downloads/unbound/CVE-2022-3204.txt" } ], "schema_version": "1.7.0", "summary": "unbound -- Non-Responsive Delegation Attack" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "cinny" }, "ranges": [ { "events": [ { "fixed": "2.2.1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "element-web" }, "ranges": [ { "events": [ { "fixed": "1.11.7" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://matrix.org/blog/2022/09/28/upgrade-now-to-address-encryption-vulns-in-matrix-sdks-and-clients" ], "discovery": "2022-09-23T00:00:00Z", "references": { "cvename": [ "CVE-2022-39249", "CVE-2022-39250", "CVE-2022-39251", "CVE-2022-39236" ] }, "vid": "cb902a77-3f43-11ed-9402-901b0e9408dc" }, "details": "Matrix developers report:\n\n> Two critical severity vulnerabilities in end-to-end encryption were\n> found in the SDKs which power Element, Beeper, Cinny, SchildiChat,\n> Circuli, Synod.im and any other clients based on matrix-js-sdk,\n> matrix-ios-sdk or matrix-android-sdk2.\n", "id": "FreeBSD-2022-0183", "modified": "2022-09-28T00:00:00Z", "published": "2022-09-28T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://matrix.org/blog/2022/09/28/upgrade-now-to-address-encryption-vulns-in-matrix-sdks-and-clients" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-39249" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-39250" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-39251" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-39236" }, { "type": "WEB", "url": "https://matrix.org/blog/2022/09/28/upgrade-now-to-address-encryption-vulns-in-matrix-sdks-and-clients" } ], "schema_version": "1.7.0", "summary": "Matrix clients -- several vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "chromium" }, "ranges": [ { "events": [ { "fixed": "106.0.5249.61" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://chromereleases.googleblog.com/2022/09/stable-channel-update-for-desktop_27.html" ], "discovery": "2022-09-27T00:00:00Z", "references": { "cvename": [ "CVE-2022-3201", "CVE-2022-3304", "CVE-2022-3305", "CVE-2022-3306", "CVE-2022-3307", "CVE-2022-3308", "CVE-2022-3309", "CVE-2022-3310", "CVE-2022-3311", "CVE-2022-3312", "CVE-2022-3313", "CVE-2022-3314", "CVE-2022-3315", "CVE-2022-3316", "CVE-2022-3317", "CVE-2022-3318" ] }, "vid": "18529cb0-3e9c-11ed-9bc7-3065ec8fd3ec" }, "details": "Chrome Releases reports:\n\n> This release contains 20 security fixes, including:\n>\n> - \\[1358907\\] High CVE-2022-3304: Use after free in CSS. Reported by\n> Anonymous on 2022-09-01\n> - \\[1343104\\] High CVE-2022-3201: Insufficient validation of untrusted\n> input in Developer Tools. Reported by NDevTK on 2022-07-09\n> - \\[1319229\\] High CVE-2022-3305: Use after free in Survey. Reported\n> by Nan Wang(@eternalsakura13) and Guang Gong of 360 Vulnerability\n> Research Institute on 2022-04-24\n> - \\[1320139\\] High CVE-2022-3306: Use after free in Survey. Reported\n> by Nan Wang(@eternalsakura13) and Guang Gong of 360 Vulnerability\n> Research Institute on 2022-04-27\n> - \\[1323488\\] High CVE-2022-3307: Use after free in Media. Reported by\n> Anonymous Telecommunications Corp. Ltd. on 2022-05-08\n> - \\[1342722\\] Medium CVE-2022-3308: Insufficient policy enforcement in\n> Developer Tools. Reported by Andrea Cappa (zi0Black) @ Shielder on\n> 2022-07-08\n> - \\[1348415\\] Medium CVE-2022-3309: Use after free in Assistant.\n> Reported by zh1x1an1221 of Ant Group Tianqiong Security Lab on\n> 2022-07-29\n> - \\[1240065\\] Medium CVE-2022-3310: Insufficient policy enforcement in\n> Custom Tabs. Reported by Ashwin Agrawal from Optus, Sydney on\n> 2021-08-16\n> - \\[1302813\\] Medium CVE-2022-3311: Use after free in Import. Reported\n> by Samet Bekmezci \\@sametbekmezci on 2022-03-04\n> - \\[1303306\\] Medium CVE-2022-3312: Insufficient validation of\n> untrusted input in VPN. Reported by Andr.Ess on 2022-03-06\n> - \\[1317904\\] Medium CVE-2022-3313: Incorrect security UI in Full\n> Screen. Reported by Irvan Kurniawan (sourc7) on 2022-04-20\n> - \\[1328708\\] Medium CVE-2022-3314: Use after free in Logging.\n> Reported by Anonymous on 2022-05-24\n> - \\[1322812\\] Medium CVE-2022-3315: Type confusion in Blink. Reported\n> by Anonymous on 2022-05-05\n> - \\[1333623\\] Low CVE-2022-3316: Insufficient validation of untrusted\n> input in Safe Browsing. Reported by Sven Dysthe (@svn_dy) on\n> 2022-06-07\n> - \\[1300539\\] Low CVE-2022-3317: Insufficient validation of untrusted\n> input in Intents. Reported by Hafiizh on 2022-02-24\n> - \\[1318791\\] Low CVE-2022-3318: Use after free in ChromeOS\n> Notifications. Reported by GraVity0 on 2022-04-22\n", "id": "FreeBSD-2022-0182", "modified": "2022-09-27T00:00:00Z", "published": "2022-09-27T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://chromereleases.googleblog.com/2022/09/stable-channel-update-for-desktop_27.html" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-3201" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-3304" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-3305" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-3306" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-3307" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-3308" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-3309" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-3310" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-3311" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-3312" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-3313" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-3314" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-3315" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-3316" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-3317" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-3318" }, { "type": "WEB", "url": "https://chromereleases.googleblog.com/2022/09/stable-channel-update-for-desktop_27.html" } ], "schema_version": "1.7.0", "summary": "chromium -- multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "expat" }, "ranges": [ { "events": [ { "fixed": "2.4.9" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://www.debian.org/security/2022/dsa-5236" ], "discovery": "2022-09-14T00:00:00Z", "references": { "cvename": [ "CVE-2022-40674" ] }, "vid": "0a0670a1-3e1a-11ed-b48b-e0d55e2a8bf9" }, "details": "Debian Security Advisory reports:\n\n> Rhodri James discovered a heap use-after-free vulnerability in the\n> doContent function in Expat, an XML parsing C library, which could\n> result in denial of service or potentially the execution of arbitrary\n> code, if a malformed XML file is processed.\n", "id": "FreeBSD-2022-0181", "modified": "2022-09-27T00:00:00Z", "published": "2022-09-27T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://www.debian.org/security/2022/dsa-5236" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-40674" }, { "type": "ADVISORY", "url": "https://www.debian.org/security/2022/dsa-5236" }, { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-40674" } ], "schema_version": "1.7.0", "summary": "expat -- Heap use-after-free vulnerability" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "squid" }, "ranges": [ { "events": [ { "fixed": "5.7" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://github.com/squid-cache/squid/security/advisories/GHSA-rcg9-7fqm-83mq" ], "discovery": "2022-04-17T00:00:00Z", "references": { "cvename": [ "CVE-2022-41317" ] }, "vid": "f9ada0b5-3d80-11ed-9330-080027f5fec9" }, "details": "Mikhail Evdokimov (aka konata) reports:\n\n> Due to inconsistent handling of internal URIs Squid is vulnerable to\n> Exposure of Sensitive Information about clients using the proxy. This\n> problem allows a trusted client to directly access cache manager\n> information bypassing the manager ACL protection. The available cache\n> manager information contains records of internal network structure,\n> client credentials, client identity and client traffic behaviour.\n", "id": "FreeBSD-2022-0180", "modified": "2022-09-26T00:00:00Z", "published": "2022-09-26T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://github.com/squid-cache/squid/security/advisories/GHSA-rcg9-7fqm-83mq" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-41317" }, { "type": "WEB", "url": "https://github.com/squid-cache/squid/security/advisories/GHSA-rcg9-7fqm-83mq" } ], "schema_version": "1.7.0", "summary": "squid -- Exposure of sensitive information in cache manager" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "redis" }, "ranges": [ { "events": [ { "introduced": "7.0.0" }, { "fixed": "7.0.5" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://github.com/redis/redis/releases/tag/7.0.5" ], "discovery": "2022-09-21T00:00:00Z", "references": { "cvename": [ "CVE-2022-35951" ] }, "vid": "f1f637d1-39eb-11ed-ab44-080027f5fec9" }, "details": "The Redis core team reports:\n\n> Executing a XAUTOCLAIM command on a stream key in a specific state,\n> with a specially crafted COUNT argument, may cause an integer\n> overflow, a subsequent heap overflow, and potentially lead to remote\n> code execution. The problem affects Redis versions 7.0.0 or newer.\n", "id": "FreeBSD-2022-0179", "modified": "2022-09-21T00:00:00Z", "published": "2022-09-21T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://github.com/redis/redis/releases/tag/7.0.5" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-35951" }, { "type": "WEB", "url": "https://github.com/redis/redis/releases/tag/7.0.5" } ], "schema_version": "1.7.0", "summary": "redis -- Potential remote code execution vulnerability" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "grafana" }, "ranges": [ { "events": [ { "introduced": "2.1.0" }, { "fixed": "8.5.13" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "9.0.0" }, { "fixed": "9.0.9" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "9.1.0" }, { "fixed": "9.1.6" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "grafana7" }, "ranges": [ { "events": [ { "introduced": "7.0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "grafana8" }, "ranges": [ { "events": [ { "introduced": "8.0.0" }, { "fixed": "8.5.13" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "grafana9" }, "ranges": [ { "events": [ { "introduced": "9.0.0" }, { "fixed": "9.0.9" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "9.1.0" }, { "fixed": "9.1.6" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://grafana.com/blog/2022/09/20/grafana-security-releases-new-versions-with-moderate-severity-security-fixes-for-cve-2022-35957-and-cve-2022-36062/" ], "discovery": "2022-08-09T00:00:00Z", "references": { "cvename": [ "CVE-2022-35957" ] }, "vid": "95e6e6ca-3986-11ed-8e0c-6c3be5272acd" }, "details": "Grafana Labs reports:\n\n> On August 9 an internal security review identified a vulnerability in\n> the Grafana which allows an escalation from Admin privileges to Server\n> Admin when Auth proxy authentication is used.\n>\n> [Auth\n> proxy](https://grafana.com/docs/grafana/latest/setup-grafana/configure-security/configure-authentication/auth-proxy/#configure-auth-proxy-authentication)\n> allows to authenticate a user by only providing the username (or\n> email) in a `X-WEBAUTH-USER` HTTP header: the trust assumption is that\n> a front proxy will take care of authentication and that Grafana server\n> is publicly reachable only with this front proxy.\n>\n> [Datasource\n> proxy](https://grafana.com/docs/grafana/latest/developers/http_api/data_source/#data-source-proxy-calls)\n> breaks this assumption:\n>\n> - it is possible to configure a fake datasource pointing to a\n> localhost Grafana install with a `X-WEBAUTH-USER` HTTP header\n> containing admin username.\n> - This fake datasource can be called publicly via this proxying\n> feature.\n>\n> The CVSS score for this vulnerability is 6.6 Moderate\n> (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H).\n", "id": "FreeBSD-2022-0178", "modified": "2022-09-21T00:00:00Z", "published": "2022-09-21T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://grafana.com/blog/2022/09/20/grafana-security-releases-new-versions-with-moderate-severity-security-fixes-for-cve-2022-35957-and-cve-2022-36062/" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-35957" }, { "type": "WEB", "url": "https://github.com/grafana/grafana/security/advisories/GHSA-ff5c-938w-8c9q" } ], "schema_version": "1.7.0", "summary": "Grafana -- Privilege escalation" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "zeek" }, "ranges": [ { "events": [ { "fixed": "5.0.2" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://github.com/zeek/zeek/releases/tag/v5.0.2" ], "discovery": "2022-09-19T00:00:00Z", "vid": "656b0152-faa9-4755-b08d-aee4a774bd04" }, "details": "Tim Wojtulewicz of Corelight reports:\n\n> Fix a possible overflow and crash in the ICMP analyzer when receiving\n> a specially crafted packet.\n>\n> Fix a possible overflow and crash in the IRC analyzer when receiving a\n> specially crafted packet.\n>\n> Fix a possible overflow and crash in the SMB analyzer when receiving a\n> specially crafted packet.\n>\n> Fix two possible crashes when converting IP headers for output via the\n> raw_packet event.\n", "id": "FreeBSD-2022-0177", "modified": "2022-09-19T00:00:00Z", "published": "2022-09-19T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://github.com/zeek/zeek/releases/tag/v5.0.2" }, { "type": "WEB", "url": "https://github.com/zeek/zeek/releases/tag/v5.0.2" } ], "schema_version": "1.7.0", "summary": "zeek -- potential DoS vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "puppetdb6" }, "ranges": [ { "events": [ { "fixed": "6.22.1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "puppetdb7" }, "ranges": [ { "events": [ { "fixed": "7.11.1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://puppet.com/docs/puppetdb/7/release_notes.html#puppetdb-7111" ], "discovery": "2022-08-03T00:00:00Z", "references": { "cvename": [ "CVE-2022-31197" ] }, "vid": "aeb4c85b-3600-11ed-b52d-589cfc007716" }, "details": "Puppet reports:\n\n> The org.postgresql/postgresql driver has been updated to version\n> 42.4.1 to address CVE-2022-31197, which is an SQL injection risk that\n> according to the CVE report, can only be exploited if an attacker\n> controls the database to the extent that they can adjust relevant\n> tables to have \\\"malicious\\\" column names.\n", "id": "FreeBSD-2022-0176", "modified": "2022-09-16T00:00:00Z", "published": "2022-09-16T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://puppet.com/docs/puppetdb/7/release_notes.html#puppetdb-7111" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-31197" }, { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-31197" }, { "type": "WEB", "url": "https://github.com/pgjdbc/pgjdbc/security/advisories/GHSA-r38f-c4h4-hqq2" } ], "schema_version": "1.7.0", "summary": "puppetdb -- Potential SQL injection" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "chromium" }, "ranges": [ { "events": [ { "fixed": "105.0.5195.125" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://chromereleases.googleblog.com/2022/09/stable-channel-update-for-desktop_14.html" ], "discovery": "2022-09-14T00:00:00Z", "references": { "cvename": [ "CVE-2022-3195", "CVE-2022-3196", "CVE-2022-3197", "CVE-2022-3198", "CVE-2022-3199", "CVE-2022-3200", "CVE-2022-3201" ] }, "vid": "b59847e0-346d-11ed-8fe9-3065ec8fd3ec" }, "details": "Chrome Releases reports:\n\n> This release includes 11 security fixes, including:\n>\n> - \\[1358381\\] High CVE-2022-3195: Out of bounds write in Storage.\n> Reported by Ziling Chen and Nan Wang (@eternalsakura13) of 360\n> Vulnerability Research Institute on 2022-08-31\n> - \\[1358090\\] High CVE-2022-3196: Use after free in PDF. Reported by\n> triplepwns on 2022-08-30\n> - \\[1358075\\] High CVE-2022-3197: Use after free in PDF. Reported by\n> triplepwns on 2022-08-30\n> - \\[1355682\\] High CVE-2022-3198: Use after free in PDF. Reported by\n> MerdroidSG on 2022-08-23\n> - \\[1355237\\] High CVE-2022-3199: Use after free in Frames. Reported\n> by Anonymous on 2022-08-22\n> - \\[1355103\\] High CVE-2022-3200: Heap buffer overflow in Internals.\n> Reported by Richard Lorenz, SAP on 2022-08-22\n> - \\[1343104\\] High CVE-2022-3201: Insufficient validation of untrusted\n> input in DevTools. Reported by NDevTK on 2022-07-09\n", "id": "FreeBSD-2022-0175", "modified": "2022-09-14T00:00:00Z", "published": "2022-09-14T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://chromereleases.googleblog.com/2022/09/stable-channel-update-for-desktop_14.html" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-3195" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-3196" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-3197" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-3198" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-3199" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-3200" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-3201" }, { "type": "WEB", "url": "https://chromereleases.googleblog.com/2022/09/stable-channel-update-for-desktop_14.html" } ], "schema_version": "1.7.0", "summary": "chromium -- multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "dendrite" }, "ranges": [ { "events": [ { "fixed": "0.9.8" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://github.com/matrix-org/dendrite/security/advisories/GHSA-pfw4-xjgm-267c" ], "discovery": "2022-09-12T00:00:00Z", "vid": "4ebaa983-3299-11ed-95f8-901b0e9408dc" }, "details": "Dendrite team reports:\n\n> Events retrieved from a remote homeserver using /get_missing_events\n> did not have their signatures verified correctly. This could\n> potentially allow a remote homeserver to provide invalid/modified\n> events to Dendrite via this endpoint.\n>\n> Note that this does not apply to events retrieved through other\n> endpoints (e.g. /event, /state) as they have been correctly verified.\n>\n> Homeservers that have federation disabled are not vulnerable.\n", "id": "FreeBSD-2022-0174", "modified": "2022-09-12T00:00:00Z", "published": "2022-09-12T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://github.com/matrix-org/dendrite/security/advisories/GHSA-pfw4-xjgm-267c" }, { "type": "WEB", "url": "https://github.com/matrix-org/dendrite/security/advisories/GHSA-pfw4-xjgm-267c" } ], "schema_version": "1.7.0", "summary": "dendrite -- Signature checks not applied to some retrieved missing events" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "gitea" }, "ranges": [ { "events": [ { "fixed": "1.17.2" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://github.com/go-gitea/gitea/pull/20869", "https://github.com/go-gitea/gitea/pull/21011" ], "discovery": "2022-08-19T00:00:00Z", "vid": "f75722ce-31b0-11ed-8b56-0800277bb8a8" }, "details": "The Gitea team reports:\n\n> Double check CloneURL is acceptable\n\n> Add more checks in migration code\n", "id": "FreeBSD-2022-0173", "modified": "2022-09-11T00:00:00Z", "published": "2022-09-11T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://github.com/go-gitea/gitea/pull/20869" }, { "type": "REPORT", "url": "https://github.com/go-gitea/gitea/pull/21011" }, { "type": "WEB", "url": "https://blog.gitea.io/2022/09/gitea-1.17.2-is-released/" } ], "schema_version": "1.7.0", "summary": "gitea -- multiple issues" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "python37" }, "ranges": [ { "events": [ { "fixed": "3.7.14" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "python38" }, "ranges": [ { "events": [ { "fixed": "3.8.14" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "python39" }, "ranges": [ { "events": [ { "fixed": "3.9.14" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "python310" }, "ranges": [ { "events": [ { "fixed": "3.10.7" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://docs.python.org/release/3.7.14/whatsnew/changelog.html#changelog" ], "discovery": "2020-03-20T00:00:00Z", "references": { "cvename": [ "CVE-2020-10735" ] }, "vid": "80e057e7-2f0a-11ed-978f-fcaa147e860e" }, "details": "Python reports:\n\n> gh-95778: Converting between int and str in bases other than 2\n> (binary), 4, 8 (octal), 16 (hexadecimal), or 32 such as base 10\n> (decimal) now raises a ValueError if the number of digits in string\n> form is above a limit to avoid potential denial of service attacks due\n> to the algorithmic complexity.\n>\n> gh-87389: http.server: Fix an open redirection vulnerability in the\n> HTTP server when an URI path starts with //. Vulnerability discovered,\n> and initial fix proposed, by Hamza Avvan.\n", "id": "FreeBSD-2022-0172", "modified": "2022-09-08T00:00:00Z", "published": "2022-09-08T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://docs.python.org/release/3.7.14/whatsnew/changelog.html#changelog" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-10735" }, { "type": "WEB", "url": "https://docs.python.org/release/3.7.14/whatsnew/changelog.html#changelog" } ], "schema_version": "1.7.0", "summary": "Python -- multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "go118" }, "ranges": [ { "events": [ { "fixed": "1.18.6" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "go119" }, "ranges": [ { "events": [ { "fixed": "1.19.1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://go.dev/issue/54658", "https://go.dev/issue/54385" ], "discovery": "2022-09-06T00:00:00Z", "references": { "cvename": [ "CVE-2022-27664", "CVE-2022-32190" ] }, "vid": "6fea7103-2ea4-11ed-b403-3dae8ac60d3e" }, "details": "The Go project reports:\n\n> net/http: handle server errors after sending GOAWAY\n>\n> A closing HTTP/2 server connection could hang forever waiting for a\n> clean shutdown that was preempted by a subsequent fatal error. This\n> failure mode could be exploited to cause a denial of service.\n\n> net/url: JoinPath does not strip relative path components in all\n> circumstances\n>\n> JoinPath and URL.JoinPath would not remove ../ path components\n> appended to a relative path.\n", "id": "FreeBSD-2022-0171", "modified": "2022-09-07T00:00:00Z", "published": "2022-09-07T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://go.dev/issue/54658" }, { "type": "REPORT", "url": "https://go.dev/issue/54385" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-27664" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-32190" }, { "type": "WEB", "url": "https://groups.google.com/g/golang-announce/c/x49AQzIVX-s/m/0tgO0pjiBQAJ" } ], "schema_version": "1.7.0", "summary": "go -- multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "chromium" }, "ranges": [ { "events": [ { "fixed": "105.0.5195.102" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://chromereleases.googleblog.com/2022/09/stable-channel-update-for-desktop.html" ], "discovery": "2022-09-02T00:00:00Z", "references": { "cvename": [ "CVE-2022-3075" ] }, "vid": "f38d25ac-2b7a-11ed-a1ef-3065ec8fd3ec" }, "details": "Chrome Releases reports:\n\n> This release contains 1 security fix:\n>\n> - \\[1358134\\] High CVE-2022-3075: Insufficient data validation in\n> Mojo. Reported by Anonymous on 2022-08-30\n>\n> Google is aware that an exploit of CVE-2022-3075 exists in the wild.\n", "id": "FreeBSD-2022-0170", "modified": "2022-09-03T00:00:00Z", "published": "2022-09-03T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://chromereleases.googleblog.com/2022/09/stable-channel-update-for-desktop.html" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-3075" }, { "type": "WEB", "url": "https://chromereleases.googleblog.com/2022/09/stable-channel-update-for-desktop.html" } ], "schema_version": "1.7.0", "summary": "chromium -- insufficient data validation in Mojo" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "powerdns-recursor" }, "ranges": [ { "events": [ { "fixed": "4.7.2" }, { "introduced": "0" } ], "type": "ECOSYSTEM" }, { "events": [ { "fixed": "4.6.3" }, { "introduced": "0" } ], "type": "ECOSYSTEM" }, { "events": [ { "fixed": "4.5.10" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://www.powerdns.com/news.html#20220823" ], "discovery": "2022-08-23T00:00:00Z", "references": { "cvename": [ "CVE-2022-37428" ] }, "vid": "5418b360-29cc-11ed-a6d4-6805ca2fa271" }, "details": "PowerDNS Team reports:\n\n> PowerDNS Security Advisory 2022-02: incomplete exception handling\n> related to protobuf message generation.\n", "id": "FreeBSD-2022-0169", "modified": "2022-09-01T00:00:00Z", "published": "2022-09-01T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://www.powerdns.com/news.html#20220823" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-37428" }, { "type": "WEB", "url": "https://doc.powerdns.com/recursor/security-advisories/powerdns-advisory-2022-02.html" } ], "schema_version": "1.7.0", "summary": "powerdns-recursor -- denial of service" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "grafana" }, "ranges": [ { "events": [ { "introduced": "5.2.0" }, { "fixed": "8.3.11" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "8.4.0" }, { "fixed": "8.4.11" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "8.5.0" }, { "fixed": "8.5.11" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "9.0.0" }, { "fixed": "9.0.8" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "9.1.0" }, { "fixed": "9.1.2" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "grafana7" }, "ranges": [ { "events": [ { "introduced": "7.0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "grafana8" }, "ranges": [ { "events": [ { "introduced": "8.3.0" }, { "fixed": "8.3.11" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "8.4.0" }, { "fixed": "8.4.11" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "8.5.0" }, { "fixed": "8.5.11" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "grafana9" }, "ranges": [ { "events": [ { "introduced": "9.0.0" }, { "fixed": "9.0.8" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "9.1.0" }, { "fixed": "9.1.2" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://grafana.com/blog/2022/08/30/security-release-new-versions-of-grafana-and-grafana-image-renderer-with-a-high-severity-security-fix-for-cve-2022-31176/" ], "discovery": "2022-07-21T00:00:00Z", "references": { "cvename": [ "CVE-2022-31176" ] }, "vid": "827b95ff-290e-11ed-a2e7-6c3be5272acd" }, "details": "Grafana Labs reports:\n\n> On July 21, an internal security review identified an unauthorized\n> file disclosure vulnerability in the [Grafana Image Renderer\n> plugin](https://grafana.com/grafana/plugins/grafana-image-renderer/)\n> when HTTP remote rendering is used. The Chromium browser embedded in\n> the Grafana Image Renderer allows for \"printing\" of unauthorized files\n> in a PNG file. This makes it possible for a malicious user to retrieve\n> unauthorized files under some network conditions or via a fake data\n> source (this applies if the user has admin permissions in Grafana).\n", "id": "FreeBSD-2022-0168", "modified": "2022-09-01T00:00:00Z", "published": "2022-09-01T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://grafana.com/blog/2022/08/30/security-release-new-versions-of-grafana-and-grafana-image-renderer-with-a-high-severity-security-fix-for-cve-2022-31176/" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-31176" }, { "type": "WEB", "url": "https://github.com/grafana/grafana-image-renderer/security/advisories/GHSA-2cfh-233g-m4c5" } ], "schema_version": "1.7.0", "summary": "Grafana -- Unauthorized file disclosure" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "cinny" }, "ranges": [ { "events": [ { "fixed": "2.1.3" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "element-web" }, "ranges": [ { "events": [ { "fixed": "1.11.4" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://matrix.org/blog/2022/08/31/security-releases-matrix-js-sdk-19-4-0-and-matrix-react-sdk-3-53-0" ], "discovery": "2022-08-31T00:00:00Z", "references": { "cvename": [ "CVE-2022-36059", "CVE-2022-36060" ] }, "vid": "e4d93d07-297a-11ed-95f8-901b0e9408dc" }, "details": "Matrix developers report:\n\n> The vulnerabilities give an adversary who you share a room with the\n> ability to carry out a denial-of-service attack against the affected\n> clients, making it not show all of a user\\'s rooms or spaces and/or\n> causing minor temporary corruption.\n", "id": "FreeBSD-2022-0167", "modified": "2022-08-31T00:00:00Z", "published": "2022-08-31T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://matrix.org/blog/2022/08/31/security-releases-matrix-js-sdk-19-4-0-and-matrix-react-sdk-3-53-0" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-36059" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-36060" }, { "type": "WEB", "url": "https://matrix.org/blog/2022/08/31/security-releases-matrix-js-sdk-19-4-0-and-matrix-react-sdk-3-53-0" } ], "schema_version": "1.7.0", "summary": "Matrix clients -- several vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "chromium" }, "ranges": [ { "events": [ { "fixed": "105.0.5195.52" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://chromereleases.googleblog.com/2022/08/stable-channel-update-for-desktop_30.html" ], "discovery": "2022-08-30T00:00:00Z", "references": { "cvename": [ "CVE-2022-3038", "CVE-2022-3039", "CVE-2022-3040", "CVE-2022-3041", "CVE-2022-3042", "CVE-2022-3043", "CVE-2022-3044", "CVE-2022-3045", "CVE-2022-3046", "CVE-2022-3047", "CVE-2022-3048", "CVE-2022-3049", "CVE-2022-3050", "CVE-2022-3051", "CVE-2022-3052", "CVE-2022-3053", "CVE-2022-3054", "CVE-2022-3055", "CVE-2022-3056", "CVE-2022-3057", "CVE-2022-3058" ] }, "vid": "f2043ff6-2916-11ed-a1ef-3065ec8fd3ec" }, "details": "Chrome Releases reports:\n\n> This release contains 24 security fixes, including:\n>\n> - \\[1340253\\] Critical CVE-2022-3038: Use after free in Network\n> Service. Reported by Sergei Glazunov of Google Project Zero on\n> 2022-06-28\n> - \\[1343348\\] High CVE-2022-3039: Use after free in WebSQL. Reported\n> by Nan Wang(@eternalsakura13) and Guang Gong of 360 Vulnerability\n> Research Institute on 2022-07-11\n> - \\[1341539\\] High CVE-2022-3040: Use after free in Layout. Reported\n> by Anonymous on 2022-07-03\n> - \\[1345947\\] High CVE-2022-3041: Use after free in WebSQL. Reported\n> by Ziling Chen and Nan Wang(@eternalsakura13) of 360 Vulnerability\n> Research Institute on 2022-07-20\n> - \\[1338553\\] High CVE-2022-3042: Use after free in PhoneHub. Reported\n> by koocola(@alo_cook) and Guang Gong of 360 Vulnerability Research\n> Institute on 2022-06-22\n> - \\[1336979\\] High CVE-2022-3043: Heap buffer overflow in Screen\n> Capture. Reported by \\@ginggilBesel on 2022-06-16\n> - \\[1051198\\] High CVE-2022-3044: Inappropriate implementation in Site\n> Isolation. Reported by Lucas Pinheiro, Microsoft Browser\n> Vulnerability Research on 2020-02-12\n> - \\[1339648\\] High CVE-2022-3045: Insufficient validation of untrusted\n> input in V8. Reported by Ben Noordhuis \\ on\n> 2022-06-26\n> - \\[1346245\\] High CVE-2022-3046: Use after free in Browser Tag.\n> Reported by Rong Jian of VRI on 2022-07-21\n> - \\[1342586\\] Medium CVE-2022-3047: Insufficient policy enforcement in\n> Extensions API. Reported by Maurice Dauer on 2022-07-07\n> - \\[1303308\\] Medium CVE-2022-3048: Inappropriate implementation in\n> Chrome OS lockscreen. Reported by Andr.Ess on 2022-03-06\n> - \\[1316892\\] Medium CVE-2022-3049: Use after free in SplitScreen.\n> Reported by \\@ginggilBesel on 2022-04-17\n> - \\[1337132\\] Medium CVE-2022-3050: Heap buffer overflow in WebUI.\n> Reported by Zhihua Yao of KunLun Lab on 2022-06-17\n> - \\[1345245\\] Medium CVE-2022-3051: Heap buffer overflow in Exosphere.\n> Reported by \\@ginggilBesel on 2022-07-18\n> - \\[1346154\\] Medium CVE-2022-3052: Heap buffer overflow in Window\n> Manager. Reported by Khalil Zhani on 2022-07-21\n> - \\[1267867\\] Medium CVE-2022-3053: Inappropriate implementation in\n> Pointer Lock. Reported by Jesper van den Ende (Pelican Party\n> Studios) on 2021-11-08\n> - \\[1290236\\] Medium CVE-2022-3054: Insufficient policy enforcement in\n> DevTools. Reported by Kuilin Li on 2022-01-24\n> - \\[1351969\\] Medium CVE-2022-3055: Use after free in Passwords.\n> Reported by Weipeng Jiang (@Krace) and Guang Gong of 360\n> Vulnerability Research Institute on 2022-08-11\n> - \\[1329460\\] Low CVE-2022-3056: Insufficient policy enforcement in\n> Content Security Policy. Reported by Anonymous on 2022-05-26\n> - \\[1336904\\] Low CVE-2022-3057: Inappropriate implementation in\n> iframe Sandbox. Reported by Gareth Heyes on 2022-06-16\n> - \\[1337676\\] Low CVE-2022-3058: Use after free in Sign-In Flow.\n> Reported by raven at KunLun lab on 2022-06-20\n", "id": "FreeBSD-2022-0166", "modified": "2022-08-31T00:00:00Z", "published": "2022-08-31T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://chromereleases.googleblog.com/2022/08/stable-channel-update-for-desktop_30.html" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-3038" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-3039" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-3040" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-3041" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-3042" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-3043" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-3044" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-3045" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-3046" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-3047" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-3048" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-3049" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-3050" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-3051" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-3052" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-3053" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-3054" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-3055" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-3056" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-3057" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-3058" }, { "type": "WEB", "url": "https://chromereleases.googleblog.com/2022/08/stable-channel-update-for-desktop_30.html" } ], "schema_version": "1.7.0", "summary": "chromium -- multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "FreeBSD" }, "ranges": [ { "events": [ { "introduced": "13.1" }, { "fixed": "13.1_2" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "13.0" }, { "fixed": "13.0_13" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "12.3" }, { "fixed": "12.3_7" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "discovery": "2022-08-30T00:00:00Z", "references": { "cvename": [ "CVE-2022-37434" ], "freebsdsa": [ "SA-22:13.zlib" ] }, "vid": "a1323a76-28f1-11ed-a72a-002590c1f29c" }, "details": "# Problem Description:\n\nzlib through 1.2.12 has a heap-based buffer over-read or buffer overflow\nin inflate in inflate.c via a large gzip header extra field.\n\n# Impact:\n\nApplications that call inflateGetHeader may be vulnerable to a buffer\noverflow. Note that inflateGetHeader is not used by anything in the\nFreeBSD base system, but may be used by third party software.\n", "id": "FreeBSD-2022-0165", "modified": "2022-08-31T00:00:00Z", "published": "2022-08-31T00:00:00Z", "references": [ { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-37434" }, { "type": "ADVISORY", "url": "https://www.freebsd.org/security/advisories/FreeBSD-SA-22:13.zlib.asc" } ], "schema_version": "1.7.0", "summary": "FreeBSD -- zlib heap buffer overflow" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "gitlab-ce" }, "ranges": [ { "events": [ { "introduced": "15.3.0" }, { "fixed": "15.3.2" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "15.2.0" }, { "fixed": "15.2.4" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "10.0.0" }, { "fixed": "15.1.6" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://about.gitlab.com/releases/2022/08/30/critical-security-release-gitlab-15-3-2-released/" ], "discovery": "2022-08-30T00:00:00Z", "references": { "cvename": [ "CVE-2022-2992", "CVE-2022-2865", "CVE-2022-2527", "CVE-2022-2592", "CVE-2022-2533", "CVE-2022-2455", "CVE-2022-2428", "CVE-2022-2908", "CVE-2022-2630", "CVE-2022-2931", "CVE-2022-2907", "CVE-2022-3031" ] }, "vid": "e6b994e2-2891-11ed-9be7-454b1dd82c64" }, "details": "Gitlab reports:\n\n> Remote Command Execution via GitHub import\n>\n> Stored XSS via labels color\n>\n> Content injection via Incidents Timeline description\n>\n> Lack of length validation in Snippets leads to Denial of Service\n>\n> Group IP allow-list not fully respected by the Package Registry\n>\n> Abusing Gitaly.GetTreeEntries calls leads to denial of service\n>\n> Arbitrary HTTP Requests Possible in .ipynb Notebook with Malicious\n> Form Tags\n>\n> Regular Expression Denial of Service via special crafted input\n>\n> Information Disclosure via Arbitrary GFM references rendered in\n> Incident Timeline Events\n>\n> Regex backtracking through the Commit message field\n>\n> Read repository content via LivePreview feature\n>\n> Denial of Service via the Create branch API\n>\n> Denial of Service via Issue preview\n>\n> IDOR in Zentao integration leaked issue details\n>\n> Brute force attack may guess a password even when 2FA is enabled\n", "id": "FreeBSD-2022-0164", "modified": "2022-08-30T00:00:00Z", "published": "2022-08-30T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://about.gitlab.com/releases/2022/08/30/critical-security-release-gitlab-15-3-2-released/" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-2992" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-2865" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-2527" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-2592" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-2533" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-2455" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-2428" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-2908" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-2630" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-2931" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-2907" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-3031" }, { "type": "WEB", "url": "https://about.gitlab.com/releases/2022/08/30/critical-security-release-gitlab-15-3-2-released/" } ], "schema_version": "1.7.0", "summary": "Gitlab -- multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "zeek" }, "ranges": [ { "events": [ { "fixed": "5.0.1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://github.com/zeek/zeek/releases/tag/v5.0.1" ], "discovery": "2022-08-23T00:00:00Z", "vid": "3110b29e-c82d-4287-9f6c-db82bb883b1e" }, "details": "Tim Wojtulewicz of Corelight reports:\n\n> Fix a possible overflow and crash in the ARP analyzer when receiving a\n> specially crafted packet. Due to the possibility of this happening\n> with packets received from the network, this is a potential DoS\n> vulnerability.\n>\n> Fix a possible overflow and crash in the Modbus analyzer when\n> receiving a specially crafted packet. Due to the possibility of this\n> happening with packets received from the network, this is a potential\n> DoS vulnerability.\n>\n> Fix two possible crashes when converting IP headers for output via the\n> raw_packet event. Due to the possibility of this happening with\n> packets received from the network, this is a potential DoS\n> vulnerability. Note that the raw_packet event is not enabled by\n> default so these are likely low-severity issues.\n>\n> Fix an abort related to an error related to the ordering of record\n> fields when processing DNS EDNS headers via events. Due to the\n> possibility of this happening with packets received from the network,\n> this is a potential DoS vulnerability. Note that the dns_EDNS events\n> are not implemented by default so this is likely a low-severity issue.\n", "id": "FreeBSD-2022-0163", "modified": "2022-08-26T00:00:00Z", "published": "2022-08-26T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://github.com/zeek/zeek/releases/tag/v5.0.1" }, { "type": "WEB", "url": "https://github.com/zeek/zeek/releases/tag/v5.0.1" } ], "schema_version": "1.7.0", "summary": "zeek -- potential DoS vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "mariadb103-server" }, "ranges": [ { "events": [ { "fixed": "10.3.36" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "mariadb104-server" }, "ranges": [ { "events": [ { "fixed": "10.4.26" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "mariadb105-server" }, "ranges": [ { "events": [ { "fixed": "10.5.17" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "mariadb106-server" }, "ranges": [ { "events": [ { "fixed": "10.6.9" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://mariadb.com/kb/en/cve/" ], "discovery": "2022-08-22T00:00:00Z", "references": { "cvename": [ "CVE-2022-32082", "CVE-2022-32089", "CVE-2022-32081", "CVE-2018-25032", "CVE-2022-32091", "CVE-2022-32084" ] }, "vid": "36d10af7-248d-11ed-856e-d4c9ef517024" }, "details": "The MariaDB project reports:\n\n> Multiple vulnerabilities, mostly segfaults, in the server component\n", "id": "FreeBSD-2022-0162", "modified": "2022-08-25T00:00:00Z", "published": "2022-08-25T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://mariadb.com/kb/en/cve/" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-32082" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-32089" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-32081" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-25032" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-32091" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-32084" }, { "type": "WEB", "url": "https://mariadb.com/kb/en/cve/" } ], "schema_version": "1.7.0", "summary": "MariaDB -- Multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "gitlab-ce" }, "ranges": [ { "events": [ { "introduced": "15.3.0" }, { "fixed": "15.3.1" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "15.2.0" }, { "fixed": "15.2.3" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "11.3.4" }, { "fixed": "15.1.5" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://about.gitlab.com/releases/2022/08/22/critical-security-release-gitlab-15-3-1-released/" ], "discovery": "2022-08-22T00:00:00Z", "references": { "cvename": [ "CVE-2022-2884" ] }, "vid": "8a0cd618-22a0-11ed-b1e7-001b217b3468" }, "details": "Gitlab reports:\n\n> Remote Command Execution via Github import\n", "id": "FreeBSD-2022-0161", "modified": "2022-08-23T00:00:00Z", "published": "2022-08-23T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://about.gitlab.com/releases/2022/08/22/critical-security-release-gitlab-15-3-1-released/" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-2884" }, { "type": "WEB", "url": "https://about.gitlab.com/releases/2022/08/22/critical-security-release-gitlab-15-3-1-released/" } ], "schema_version": "1.7.0", "summary": "Gitlab -- Remote Code Execution" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "drupal9" }, "ranges": [ { "events": [ { "fixed": "9.4.5" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://www.drupal.org/project/drupal/releases/9.4.5" ], "discovery": "2022-08-01T00:00:00Z", "references": { "cvename": [ "CVE-2022-31175" ] }, "vid": "03bb8373-2026-11ed-9d70-080027240888" }, "details": "Drupal reports:\n\n> CVE-2022-31175: Cross-site scripting (XSS) caused by the editor\n> instance destroying process.\n", "id": "FreeBSD-2022-0160", "modified": "2022-08-20T00:00:00Z", "published": "2022-08-20T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://www.drupal.org/project/drupal/releases/9.4.5" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-31175" }, { "type": "WEB", "url": "https://www.drupal.org/project/drupal/releases/9.4.5" } ], "schema_version": "1.7.0", "summary": "drupal9 -- multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "chromium" }, "ranges": [ { "events": [ { "fixed": "104.0.5112.101" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://chromereleases.googleblog.com/2022/08/stable-channel-update-for-desktop_16.html" ], "discovery": "2022-08-16T00:00:00Z", "references": { "cvename": [ "CVE-2022-2852", "CVE-2022-2853", "CVE-2022-2854", "CVE-2022-2855", "CVE-2022-2856", "CVE-2022-2857", "CVE-2022-2858", "CVE-2022-2859", "CVE-2022-2860", "CVE-2022-2861" ] }, "vid": "f12368a8-1e05-11ed-a1ef-3065ec8fd3ec" }, "details": "Chrome Releases reports:\n\n> This release contains 11 security fixes, including:\n>\n> - \\[1349322\\] Critical CVE-2022-2852: Use after free in FedCM.\n> Reported by Sergei Glazunov of Google Project Zero on 2022-08-02\n> - \\[1337538\\] High CVE-2022-2854: Use after free in SwiftShader.\n> Reported by Cassidy Kim of Amber Security Lab, OPPO Mobile\n> Telecommunications Corp. Ltd. on 2022-06-18\n> - \\[1345042\\] High CVE-2022-2855: Use after free in ANGLE. Reported by\n> Cassidy Kim of Amber Security Lab, OPPO Mobile Telecommunications\n> Corp. Ltd. on 2022-07-16\n> - \\[1338135\\] High CVE-2022-2857: Use after free in Blink. Reported by\n> Anonymous on 2022-06-21\n> - \\[1341918\\] High CVE-2022-2858: Use after free in Sign-In Flow.\n> Reported by raven at KunLun lab on 2022-07-05\n> - \\[1350097\\] High CVE-2022-2853: Heap buffer overflow in Downloads.\n> Reported by Sergei Glazunov of Google Project Zero on 2022-08-04\n> - \\[1345630\\] High CVE-2022-2856: Insufficient validation of untrusted\n> input in Intents. Reported by Ashley Shen and Christian Resell of\n> Google Threat Analysis Group on 2022-07-19\n> - \\[1338412\\] Medium CVE-2022-2859: Use after free in Chrome OS Shell.\n> Reported by Nan Wang(@eternalsakura13) and Guang Gong of 360 Alpha\n> Lab on 2022-06-22\n> - \\[1345193\\] Medium CVE-2022-2860: Insufficient policy enforcement in\n> Cookies. Reported by Axel Chong on 2022-07-18\n> - \\[1346236\\] Medium CVE-2022-2861: Inappropriate implementation in\n> Extensions API. Reported by Rong Jian of VRI on 2022-07-21\n", "id": "FreeBSD-2022-0159", "modified": "2022-08-17T00:00:00Z", "published": "2022-08-17T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://chromereleases.googleblog.com/2022/08/stable-channel-update-for-desktop_16.html" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-2852" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-2853" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-2854" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-2855" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-2856" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-2857" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-2858" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-2859" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-2860" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-2861" }, { "type": "WEB", "url": "https://chromereleases.googleblog.com/2022/08/stable-channel-update-for-desktop_16.html" } ], "schema_version": "1.7.0", "summary": "chromium -- multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "dendrite" }, "ranges": [ { "events": [ { "fixed": "0.9.3" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://github.com/matrix-org/gomatrixserverlib/security/advisories/GHSA-grvv-h2f9-7v9c" ], "discovery": "2022-08-15T00:00:00Z", "references": { "cvename": [ "CVE-2022-36009" ] }, "vid": "d658042c-1c98-11ed-95f8-901b0e9408dc" }, "details": "Dendrite team reports:\n\n> The power level parsing within gomatrixserverlib was failing to parse\n> the \\\"events_default\\\" key of the m.room.power_levels event,\n> defaulting the event default power level to zero in all cases.\n>\n> In rooms where the \\\"events_default\\\" power level had been changed,\n> this could result in events either being incorrectly authorised or\n> rejected by Dendrite servers.\n", "id": "FreeBSD-2022-0158", "modified": "2022-08-25T00:00:00Z", "published": "2022-08-15T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://github.com/matrix-org/gomatrixserverlib/security/advisories/GHSA-grvv-h2f9-7v9c" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-36009" }, { "type": "WEB", "url": "https://github.com/matrix-org/gomatrixserverlib/security/advisories/GHSA-grvv-h2f9-7v9c" } ], "schema_version": "1.7.0", "summary": "dendrite -- Incorrect parsing of the event default power level in event auth" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "tomcat" }, "ranges": [ { "events": [ { "introduced": "8.5.50" }, { "fixed": "8.5.81" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "9.0.30" }, { "fixed": "9.0.64" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "10.0.0-M1" }, { "fixed": "10.0.22" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "10.1.0-M1" }, { "fixed": "10.1.0-M16" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "tomcat85" }, "ranges": [ { "events": [ { "introduced": "8.5.50" }, { "fixed": "8.5.81" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "tomcat9" }, "ranges": [ { "events": [ { "introduced": "9.0.30" }, { "fixed": "9.0.64" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "tomcat10" }, "ranges": [ { "events": [ { "introduced": "10.0.0-M1" }, { "fixed": "10.0.22" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "tomcat-devel" }, "ranges": [ { "events": [ { "introduced": "10.1.0-M1" }, { "fixed": "10.1.0-M16" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://lists.apache.org/thread/k04zk0nq6w57m72w5gb0r6z9ryhmvr4k" ], "discovery": "2022-06-22T00:00:00Z", "references": { "cvename": [ "CVE-2022-34305" ] }, "vid": "e2e7faf9-1b51-11ed-ae46-002b67dfc673" }, "details": "Apache Tomcat reports:\n\n> The Form authentication example in the examples web application\n> displayed user provided data without filtering, exposing a XSS\n> vulnerability.\n", "id": "FreeBSD-2022-0157", "modified": "2022-08-14T00:00:00Z", "published": "2022-08-14T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://lists.apache.org/thread/k04zk0nq6w57m72w5gb0r6z9ryhmvr4k" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-34305" }, { "type": "ADVISORY", "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34305" } ], "schema_version": "1.7.0", "summary": "Tomcat -- XSS in examples web application" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "xfce4-tumbler" }, "ranges": [ { "events": [ { "fixed": "4.16.1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://mail.xfce.org/pipermail/xfce-announce/2022-August/001133.html" ], "discovery": "2022-08-02T00:00:00Z", "vid": "75c073cc-1a1d-11ed-bea0-48ee0c739857" }, "details": "The XFCE project reports:\n\n> Added mime type check to the gst-thumbnailer plugin to fix an\n> undisclosed vulnerability.\n", "id": "FreeBSD-2022-0156", "modified": "2022-08-12T00:00:00Z", "published": "2022-08-12T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://mail.xfce.org/pipermail/xfce-announce/2022-August/001133.html" }, { "type": "WEB", "url": "https://mail.xfce.org/pipermail/xfce-announce/2022-August/001133.html" }, { "type": "WEB", "url": "https://gitlab.xfce.org/xfce/tumbler/-/commit/a0fc191e8ab41fe579f3333085d649fdacb2daa5" } ], "schema_version": "1.7.0", "summary": "XFCE tumbler -- Vulnerability in the GStreamer plugin" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "varnish7" }, "ranges": [ { "events": [ { "fixed": "7.1.1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://varnish-cache.org/security/VSV00009.html" ], "discovery": "2022-08-09T00:00:00Z", "vid": "c3610f39-18f1-11ed-9854-641c67a117d8" }, "details": "Varnish Cache Project reports:\n\n> A denial of service attack can be performed against Varnish Cache\n> servers by specially formatting the reason phrase of the backend\n> response status line. In order to execute an attack, the attacker\n> would have to be able to influence the HTTP/1 responses that the\n> Varnish Server receives from its configured backends. A successful\n> attack would cause the Varnish Server to assert and automatically\n> restart.\n", "id": "FreeBSD-2022-0155", "modified": "2022-08-10T00:00:00Z", "published": "2022-08-10T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://varnish-cache.org/security/VSV00009.html" }, { "type": "WEB", "url": "https://varnish-cache.org/security/VSV00009.html" } ], "schema_version": "1.7.0", "summary": "varnish -- Denial of Service Vulnerability" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "FreeBSD" }, "ranges": [ { "events": [ { "introduced": "13.1" }, { "fixed": "13.1_1" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "13.0" }, { "fixed": "13.0_12" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "discovery": "2022-08-09T00:00:00Z", "references": { "cvename": [ "CVE-2022-23092" ], "freebsdsa": [ "SA-22:12.lib9p" ] }, "vid": "8eaaf135-1893-11ed-9b22-002590c1f29c" }, "details": "# Problem Description:\n\nThe implementation of lib9p\\'s handling of RWALK messages was missing a\nbounds check needed when unpacking the message contents. The missing\ncheck means that the receipt of a specially crafted message will cause\nlib9p to overwrite unrelated memory.\n\n# Impact:\n\nThe bug can be triggered by a malicious bhyve guest kernel to overwrite\nmemory in the bhyve(8) process. This could potentially lead to user-mode\ncode execution on the host, subject to bhyve\\'s Capsicum sandbox.\n", "id": "FreeBSD-2022-0154", "modified": "2022-08-10T00:00:00Z", "published": "2022-08-10T00:00:00Z", "references": [ { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-23092" }, { "type": "ADVISORY", "url": "https://www.freebsd.org/security/advisories/FreeBSD-SA-22:12.lib9p.asc" } ], "schema_version": "1.7.0", "summary": "FreeBSD -- Missing bounds check in 9p message handling" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:kernel", "name": "FreeBSD-kernel" }, "ranges": [ { "events": [ { "introduced": "13.1" }, { "fixed": "13.1_1" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "13.0" }, { "fixed": "13.0_12" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "12.3" }, { "fixed": "12.3_6" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "discovery": "2022-08-09T00:00:00Z", "references": { "cvename": [ "CVE-2022-23091" ], "freebsdsa": [ "SA-22:11.vm" ] }, "vid": "02fb9764-1893-11ed-9b22-002590c1f29c" }, "details": "# Problem Description:\n\nA particular case of memory sharing is mishandled in the virtual memory\nsystem. This is very similar to SA-21:08.vm, but with a different root\ncause.\n\n# Impact:\n\nAn unprivileged local user process can maintain a mapping of a page\nafter it is freed, allowing that process to read private data belonging\nto other processes or the kernel.\n", "id": "FreeBSD-2022-0153", "modified": "2022-08-10T00:00:00Z", "published": "2022-08-10T00:00:00Z", "references": [ { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-23091" }, { "type": "ADVISORY", "url": "https://www.freebsd.org/security/advisories/FreeBSD-SA-22:11.vm.asc" } ], "schema_version": "1.7.0", "summary": "FreeBSD -- Memory disclosure by stale virtual memory mapping" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:kernel", "name": "FreeBSD-kernel" }, "ranges": [ { "events": [ { "introduced": "13.0" }, { "fixed": "13.0_12" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "12.3" }, { "fixed": "12.3_6" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "discovery": "2022-08-09T00:00:00Z", "references": { "cvename": [ "CVE-2022-23090" ], "freebsdsa": [ "SA-22:10.aio" ] }, "vid": "5ddbe47b-1891-11ed-9b22-002590c1f29c" }, "details": "# Problem Description:\n\nThe aio_aqueue function, used by the lio_listio system call, fails to\nrelease a reference to a credential in an error case.\n\n# Impact:\n\nAn attacker may cause the reference count to overflow, leading to a use\nafter free (UAF).\n", "id": "FreeBSD-2022-0152", "modified": "2022-08-10T00:00:00Z", "published": "2022-08-10T00:00:00Z", "references": [ { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-23090" }, { "type": "ADVISORY", "url": "https://www.freebsd.org/security/advisories/FreeBSD-SA-22:10.aio.asc" } ], "schema_version": "1.7.0", "summary": "FreeBSD -- AIO credential reference count leak" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:kernel", "name": "FreeBSD-kernel" }, "ranges": [ { "events": [ { "introduced": "13.1" }, { "fixed": "13.1_1" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "13.0" }, { "fixed": "13.0_12" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "12.3" }, { "fixed": "12.3_6" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "discovery": "2022-08-09T00:00:00Z", "references": { "cvename": [ "CVE-2022-23089" ], "freebsdsa": [ "SA-22:09.elf" ] }, "vid": "5028c1ae-1890-11ed-9b22-002590c1f29c" }, "details": "# Problem Description:\n\nWhen dumping core and saving process information, proc_getargv() might\nreturn an sbuf which have a sbuf_len() of 0 or -1, which is not properly\nhandled.\n\n# Impact:\n\nAn out-of-bound read can happen when user constructs a specially crafted\nps_string, which in turn can cause the kernel to crash.\n", "id": "FreeBSD-2022-0151", "modified": "2022-08-10T00:00:00Z", "published": "2022-08-10T00:00:00Z", "references": [ { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-23089" }, { "type": "ADVISORY", "url": "https://www.freebsd.org/security/advisories/FreeBSD-SA-22:09.elf.asc" } ], "schema_version": "1.7.0", "summary": "FreeBSD -- Out of bound read in elf_note_prpsinfo()" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "rsync" }, "ranges": [ { "events": [ { "fixed": "3.2.5" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://www.openwall.com/lists/oss-security/2022/08/02/1" ], "discovery": "2022-08-02T00:00:00Z", "references": { "cvename": [ "CVE-2022-29154" ] }, "vid": "21f43976-1887-11ed-9911-40b034429ecf" }, "details": "Openwall oss-security reports:\n\n> We have discovered a critical arbitrary file write vulnerability in\n> the rsync utility that allows malicious remote servers to write\n> arbitrary files inside the directories of connecting peers. The server\n> chooses which files/directories are sent to the client. Due to the\n> insufficient controls inside the do_server_recv function a malicious\n> rysnc server (or Man-in-The-Middle attacker) can overwrite arbitrary\n> files in the rsync client target directory and subdirectories.\n", "id": "FreeBSD-2022-0150", "modified": "2022-08-10T00:00:00Z", "published": "2022-08-10T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://www.openwall.com/lists/oss-security/2022/08/02/1" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-29154" }, { "type": "WEB", "url": "https://www.openwall.com/lists/oss-security/2022/08/02/1" } ], "schema_version": "1.7.0", "summary": "rsync -- client-side arbitrary file write vulnerability" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "gnutls" }, "ranges": [ { "events": [ { "introduced": "3.6.0" }, { "fixed": "3.7.7" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://www.gnutls.org/security-new.html#GNUTLS-SA-2022-07-07" ], "discovery": "2022-07-07T00:00:00Z", "references": { "cvename": [ "CVE-2022-2509" ] }, "vid": "1cd0c17a-17c0-11ed-91a5-080027f5fec9" }, "details": "The GnuTLS project reports:\n\n> When gnutls_pkcs7_verify cannot verify signature against given trust\n> list, it starts creating a chain of certificates starting from\n> identified signer up to known root. During the creation of this chain\n> the signer certificate gets freed which results in double free when\n> the same signer certificate is freed at the end of the algorithm.\n", "id": "FreeBSD-2022-0149", "modified": "2022-08-09T00:00:00Z", "published": "2022-08-09T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://www.gnutls.org/security-new.html#GNUTLS-SA-2022-07-07" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-2509" }, { "type": "WEB", "url": "https://www.gnutls.org/security-new.html#GNUTLS-SA-2022-07-07" } ], "schema_version": "1.7.0", "summary": "gnutls -- double free vulnerability" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "wolfssl" }, "ranges": [ { "events": [ { "fixed": "5.4.0" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://www.wolfssl.com/wolfssl-5-4-0-release/" ], "discovery": "2022-07-11T00:00:00Z", "references": { "cvename": [ "CVE-2022-34293", "CVE-2020-12966", "CVE-2021-46744" ] }, "vid": "9b9a5f6e-1755-11ed-adef-589cfc01894a" }, "details": "wolfSSL blog reports:\n\n> In release 5.4.0 there were 3 vulnerabilities listed as fixed in\n> wolfSSL. Two relatively new reports, one dealing with a DTLS 1.0/1.2\n> denial of service attack and the other a ciphertext attack on ECC/DH\n> operations. The last vulnerability listed was a public disclosure of a\n> previous attack on AMD devices fixed since wolfSSL version 5.1.0.\n> Coordination of the disclosure of the attack was done responsibly, in\n> cooperation with the researchers, waiting for the public release of\n> the attack details since it affects multiple security libraries.\n", "id": "FreeBSD-2022-0148", "modified": "2022-08-08T00:00:00Z", "published": "2022-08-08T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://www.wolfssl.com/wolfssl-5-4-0-release/" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-34293" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-12966" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-46744" }, { "type": "WEB", "url": "https://github.com/wolfSSL/wolfssl/releases/tag/v5.4.0-stable" }, { "type": "WEB", "url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1013" }, { "type": "WEB", "url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1033" } ], "schema_version": "1.7.0", "summary": "wolfssl -- multiple issues" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "gitea" }, "ranges": [ { "events": [ { "fixed": "1.17.0" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://github.com/go-gitea/gitea/pull/20114", "https://github.com/go-gitea/gitea/pull/20332", "https://github.com/go-gitea/gitea/pull/18697" ], "discovery": "2022-07-12T00:00:00Z", "vid": "8bec3994-104d-11ed-a7ac-0800273f11ea" }, "details": "The Gitea team reports:\n\n> Use git.HOME_PATH for Git HOME directory\n\n> Add write check for creating Commit status\n\n> Remove deprecated SSH ciphers from default\n", "id": "FreeBSD-2022-0147", "modified": "2022-08-05T00:00:00Z", "published": "2022-08-05T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://github.com/go-gitea/gitea/pull/20114" }, { "type": "REPORT", "url": "https://github.com/go-gitea/gitea/pull/20332" }, { "type": "REPORT", "url": "https://github.com/go-gitea/gitea/pull/18697" }, { "type": "WEB", "url": "https://github.com/go-gitea/gitea/releases/tag/v1.17.0" } ], "schema_version": "1.7.0", "summary": "gitea -- multiple issues" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "unbound" }, "ranges": [ { "events": [ { "fixed": "1.16.2" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://www.nlnetlabs.nl/projects/unbound/security-advisories/" ], "discovery": "2022-08-01T00:00:00Z", "references": { "cvename": [ "CVE-2022-30699", "CVE-2022-30698" ] }, "vid": "bc43a578-14ec-11ed-856e-d4c9ef517024" }, "details": "NLnet Labs reports:\n\n> novel type of the \\\"ghost domain names\\\" attack. The vulnerability\n> works by targeting an Unbound instance. Unbound is queried for a rogue\n> domain name when the cached delegation information is about to expire.\n> The rogue nameserver delays the response so that the cached delegation\n> information is expired. Upon receiving the delayed answer containing\n> the delegation information, Unbound overwrites the now expired\n> entries. This action can be repeated when the delegation information\n> is about to expire making the rogue delegation information\n> ever-updating.\n>\n> novel type of the \\\"ghost domain names\\\" attack. The vulnerability\n> works by targeting an Unbound instance. Unbound is queried for a\n> subdomain of a rogue domain name. The rogue nameserver returns\n> delegation information for the subdomain that updates Unbound\\'s\n> delegation cache. This action can be repeated before expiry of the\n> delegation information by querying Unbound for a second level\n> subdomain which the rogue nameserver provides new delegation\n> information.\n", "id": "FreeBSD-2022-0146", "modified": "2022-08-05T00:00:00Z", "published": "2022-08-05T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://www.nlnetlabs.nl/projects/unbound/security-advisories/" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-30699" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-30698" }, { "type": "WEB", "url": "https://www.nlnetlabs.nl/projects/unbound/security-advisories/" } ], "schema_version": "1.7.0", "summary": "Unbound -- Multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "gitea" }, "ranges": [ { "events": [ { "fixed": "1.16.9" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://github.com/go-gitea/gitea/pull/20334", "https://github.com/go-gitea/gitea/pull/20196" ], "discovery": "2022-07-12T00:00:00Z", "vid": "df29c391-1046-11ed-a7ac-0800273f11ea" }, "details": "The Gitea team reports:\n\n> Add write check for creating Commit status\n\n> Check for permission when fetching user controlled issues\n", "id": "FreeBSD-2022-0145", "modified": "2022-08-05T00:00:00Z", "published": "2022-08-05T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://github.com/go-gitea/gitea/pull/20334" }, { "type": "REPORT", "url": "https://github.com/go-gitea/gitea/pull/20196" }, { "type": "WEB", "url": "https://github.com/go-gitea/gitea/releases/tag/v1.16.9" } ], "schema_version": "1.7.0", "summary": "gitea -- multiple issues" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "py38-django32" }, "ranges": [ { "events": [ { "fixed": "3.2.15" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "py39-django32" }, "ranges": [ { "events": [ { "fixed": "3.2.15" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "py310-django32" }, "ranges": [ { "events": [ { "fixed": "3.2.15" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "py38-django40" }, "ranges": [ { "events": [ { "fixed": "4.0.7" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "py39-django40" }, "ranges": [ { "events": [ { "fixed": "4.0.7" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "py310-django40" }, "ranges": [ { "events": [ { "fixed": "4.0.7" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://www.djangoproject.com/weblog/2022/aug/03/security-releases/" ], "discovery": "2022-08-01T00:00:00Z", "references": { "cvename": [ "CVE-2022-36359" ] }, "vid": "3b47104f-1461-11ed-a0c5-080027240888" }, "details": "Django reports:\n\n> CVE-2022-36359: Potential reflected file download vulnerability in\n> FileResponse.\n", "id": "FreeBSD-2022-0144", "modified": "2022-08-05T00:00:00Z", "published": "2022-08-05T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://www.djangoproject.com/weblog/2022/aug/03/security-releases/" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-36359" }, { "type": "WEB", "url": "https://www.djangoproject.com/weblog/2022/aug/03/security-releases/" } ], "schema_version": "1.7.0", "summary": "Django -- multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "chromium" }, "ranges": [ { "events": [ { "fixed": "104.0.5112.79" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://chromereleases.googleblog.com/2022/08/stable-channel-update-for-desktop.html" ], "discovery": "2022-08-02T00:00:00Z", "references": { "cvename": [ "CVE-2022-2603", "CVE-2022-2604", "CVE-2022-2605", "CVE-2022-2606", "CVE-2022-2607", "CVE-2022-2608", "CVE-2022-2609", "CVE-2022-2610", "CVE-2022-2611", "CVE-2022-2612", "CVE-2022-2613", "CVE-2022-2614", "CVE-2022-2615", "CVE-2022-2616", "CVE-2022-2617", "CVE-2022-2618", "CVE-2022-2619", "CVE-2022-2620", "CVE-2022-2621", "CVE-2022-2622", "CVE-2022-2623", "CVE-2022-2624" ] }, "vid": "96a41723-133a-11ed-be3b-3065ec8fd3ec" }, "details": "Chrome Releases reports:\n\n> This release contains 27 security fixes, including:\n>\n> - \\[1325699\\] High CVE-2022-2603: Use after free in Omnibox. Reported\n> by Anonymous on 2022-05-16\n> - \\[1335316\\] High CVE-2022-2604: Use after free in Safe Browsing.\n> Reported by Nan Wang(@eternalsakura13) and Guang Gong of 360 Alpha\n> Lab on 2022-06-10\n> - \\[1338470\\] High CVE-2022-2605: Out of bounds read in Dawn. Reported\n> by Looben Yang on 2022-06-22\n> - \\[1330489\\] High CVE-2022-2606: Use after free in Managed devices\n> API. Reported by Nan Wang(@eternalsakura13) and Guang Gong of 360\n> Alpha Lab on 2022-05-31\n> - \\[1286203\\] High CVE-2022-2607: Use after free in Tab Strip.\n> Reported by \\@ginggilBesel on 2022-01-11\n> - \\[1330775\\] High CVE-2022-2608: Use after free in Overview Mode.\n> Reported by Khalil Zhani on 2022-06-01\n> - \\[1338560\\] High CVE-2022-2609: Use after free in Nearby Share.\n> Reported by koocola(@alo_cook) and Guang Gong of 360 Vulnerability\n> Research Institute on 2022-06-22\n> - \\[1278255\\] Medium CVE-2022-2610: Insufficient policy enforcement in\n> Background Fetch. Reported by Maurice Dauer on 2021-12-09\n> - \\[1320538\\] Medium CVE-2022-2611: Inappropriate implementation in\n> Fullscreen API. Reported by Irvan Kurniawan (sourc7) on 2022-04-28\n> - \\[1321350\\] Medium CVE-2022-2612: Side-channel information leakage\n> in Keyboard input. Reported by Erik Kraft (erik.kraft5@gmx.at),\n> Martin Schwarzl (martin.schwarzl@iaik.tugraz.at) on 2022-04-30\n> - \\[1325256\\] Medium CVE-2022-2613: Use after free in Input. Reported\n> by Piotr Tworek (Vewd) on 2022-05-13\n> - \\[1341907\\] Medium CVE-2022-2614: Use after free in Sign-In Flow.\n> Reported by raven at KunLun lab on 2022-07-05\n> - \\[1268580\\] Medium CVE-2022-2615: Insufficient policy enforcement in\n> Cookies. Reported by Maurice Dauer on 2021-11-10\n> - \\[1302159\\] Medium CVE-2022-2616: Inappropriate implementation in\n> Extensions API. Reported by Alesandro Ortiz on 2022-03-02\n> - \\[1292451\\] Medium CVE-2022-2617: Use after free in Extensions API.\n> Reported by \\@ginggilBesel on 2022-01-31\n> - \\[1308422\\] Medium CVE-2022-2618: Insufficient validation of\n> untrusted input in Internals. Reported by asnine on 2022-03-21\n> - \\[1332881\\] Medium CVE-2022-2619: Insufficient validation of\n> untrusted input in Settings. Reported by Oliver Dunk on 2022-06-04\n> - \\[1337304\\] Medium CVE-2022-2620: Use after free in WebUI. Reported\n> by Nan Wang(@eternalsakura13) and Guang Gong of 360 Alpha Lab on\n> 2022-06-17\n> - \\[1323449\\] Medium CVE-2022-2621: Use after free in Extensions.\n> Reported by Huyna at Viettel Cyber Security on 2022-05-07\n> - \\[1332392\\] Medium CVE-2022-2622: Insufficient validation of\n> untrusted input in Safe Browsing. Reported by Imre Rad (@ImreRad)\n> and \\@j00sean on 2022-06-03\n> - \\[1337798\\] Medium CVE-2022-2623: Use after free in Offline.\n> Reported by raven at KunLun lab on 2022-06-20\n> - \\[1339745\\] Medium CVE-2022-2624: Heap buffer overflow in PDF.\n> Reported by YU-CHANG CHEN and CHIH-YEN CHANG, working with DEVCORE\n> Internship Program on 2022-06-27\n", "id": "FreeBSD-2022-0143", "modified": "2022-08-03T00:00:00Z", "published": "2022-08-03T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://chromereleases.googleblog.com/2022/08/stable-channel-update-for-desktop.html" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-2603" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-2604" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-2605" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-2606" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-2607" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-2608" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-2609" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-2610" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-2611" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-2612" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-2613" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-2614" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-2615" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-2616" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-2617" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-2618" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-2619" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-2620" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-2621" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-2622" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-2623" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-2624" }, { "type": "WEB", "url": "https://chromereleases.googleblog.com/2022/08/stable-channel-update-for-desktop.html" } ], "schema_version": "1.7.0", "summary": "chromium -- multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "go118" }, "ranges": [ { "events": [ { "fixed": "1.18.5" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "go117" }, "ranges": [ { "events": [ { "fixed": "1.17.13" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://go.dev/issue/53871" ], "discovery": "2022-07-14T00:00:00Z", "references": { "cvename": [ "CVE-2022-32189" ] }, "vid": "7f8d5435-125a-11ed-9a69-10c37b4ac2ea" }, "details": "The Go project reports:\n\n> encoding/gob & math/big: decoding big.Float and big.Rat can panic\n>\n> Decoding big.Float and big.Rat types can panic if the encoded message\n> is too short.\n", "id": "FreeBSD-2022-0142", "modified": "2022-08-02T00:00:00Z", "published": "2022-08-02T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://go.dev/issue/53871" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-32189" }, { "type": "WEB", "url": "https://groups.google.com/g/golang-announce/c/YqYYG87xB10" } ], "schema_version": "1.7.0", "summary": "go -- decoding big.Float and big.Rat can panic" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "gitlab-ce" }, "ranges": [ { "events": [ { "introduced": "15.2.0" }, { "fixed": "15.2.1" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "15.1.0" }, { "fixed": "15.1.4" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "0" }, { "fixed": "15.0.5" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://about.gitlab.com/releases/2022/07/28/security-release-gitlab-15-2-1-released/" ], "discovery": "2022-07-28T00:00:00Z", "references": { "cvename": [ "CVE-2022-2512", "CVE-2022-2498", "CVE-2022-2326", "CVE-2022-2417", "CVE-2022-2501", "CVE-2022-2497", "CVE-2022-2531", "CVE-2022-2539", "CVE-2022-2456", "CVE-2022-2500", "CVE-2022-2303", "CVE-2022-2095", "CVE-2022-2499", "CVE-2022-2307", "CVE-2022-2459", "CVE-2022-2534" ] }, "vid": "4c26f668-0fd2-11ed-a83d-001b217b3468" }, "details": "Gitlab reports:\n\n> Revoke access to confidential notes todos\n>\n> Pipeline subscriptions trigger new pipelines with the wrong author\n>\n> Ability to gain access to private project through an email invite by\n> using other user\\'s email address as an unverified secondary email\n>\n> Import via git protocol allows to bypass checks on repository\n>\n> Unauthenticated IP allowlist bypass when accessing job artifacts\n> through GitLab Pages\n>\n> Maintainer can leak Packagist and other integration access tokens by\n> changing integration URL\n>\n> Unauthenticated access to victims Grafana datasources through path\n> traversal\n>\n> Unauthorized users can filter issues by contact and organization\n>\n> Malicious Maintainer may change the visibility of project or a group\n>\n> Stored XSS in job error messages\n>\n> Enforced group MFA can be bypassed when using Resource Owner Password\n> Credentials grant\n>\n> Non project members can view public project\\'s Deploy Keys\n>\n> IDOR in project with Jira integration leaks project owner\\'s other\n> projects Jira issues\n>\n> Group Bot Users and Tokens not deleted after group deletion\n>\n> Email invited members can join projects even after the member lock has\n> been enabled\n>\n> Datadog integration returns user emails\n", "id": "FreeBSD-2022-0141", "modified": "2022-07-30T00:00:00Z", "published": "2022-07-30T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://about.gitlab.com/releases/2022/07/28/security-release-gitlab-15-2-1-released/" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-2512" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-2498" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-2326" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-2417" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-2501" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-2497" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-2531" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-2539" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-2456" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-2500" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-2303" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-2095" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-2499" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-2307" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-2459" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-2534" }, { "type": "WEB", "url": "https://about.gitlab.com/releases/2022/07/28/security-release-gitlab-15-2-1-released/" } ], "schema_version": "1.7.0", "summary": "Gitlab -- multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "virtualbox-ose" }, "ranges": [ { "events": [ { "fixed": "6.1.36" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://www.oracle.com/security-alerts/cpujul2022.html" ], "discovery": "2022-07-20T00:00:00Z", "references": { "cvename": [ "CVE-2022-21554", "CVE-2022-21571" ] }, "vid": "e1387e95-08d0-11ed-be26-001999f8d30b" }, "details": "Oracle reports:\n\n> Easily exploitable vulnerability allows high privileged attacker with\n> logon to the infrastructure where Oracle VM VirtualBox executes to\n> compromise Oracle VM VirtualBox. Successful attacks of this\n> vulnerability can result in unauthorized ability to cause a hang or\n> frequently repeatable crash (complete DOS) of Oracle VM VirtualBox.\n", "id": "FreeBSD-2022-0140", "modified": "2022-07-21T00:00:00Z", "published": "2022-07-21T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://www.oracle.com/security-alerts/cpujul2022.html" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-21554" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-21571" }, { "type": "WEB", "url": "https://www.oracle.com/security-alerts/cpujul2022.html" } ], "schema_version": "1.7.0", "summary": "VirtualBox -- Multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "mysql-server56" }, "ranges": [ { "events": [ { "fixed": "5.6.52" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "mysql-server57" }, "ranges": [ { "events": [ { "fixed": "5.7.39" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "mysql-client80" }, "ranges": [ { "events": [ { "fixed": "8.0.30" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "mysql-server80" }, "ranges": [ { "events": [ { "fixed": "8.0.30" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://www.oracle.com/security-alerts/cpujul2022.html#AppendixMSQL" ], "discovery": "2022-07-19T00:00:00Z", "references": { "cvename": [ "CVE-2022-1292", "CVE-2022-21824", "CVE-2022-27778", "CVE-2018-25032", "CVE-2022-21556", "CVE-2022-21569", "CVE-2022-21550", "CVE-2022-21519", "CVE-2022-21527", "CVE-2022-21528", "CVE-2022-21509", "CVE-2022-21539", "CVE-2022-21517", "CVE-2022-21537", "CVE-2022-21547", "CVE-2022-21525", "CVE-2022-21526", "CVE-2022-21529", "CVE-2022-21530", "CVE-2022-21531", "CVE-2022-21553", "CVE-2022-21515", "CVE-2022-21455", "CVE-2022-21534", "CVE-2022-21522", "CVE-2022-21538", "CVE-2022-21535" ] }, "vid": "8e150606-08c9-11ed-856e-d4c9ef517024" }, "details": "Oracle reports:\n\n> This Critical Patch Update contains 34 new security patches plus\n> additional third party patches noted below for Oracle MySQL. 10 of\n> these vulnerabilities may be remotely exploitable without\n> authentication, i.e., may be exploited over a network without\n> requiring user credentials.\n", "id": "FreeBSD-2022-0139", "modified": "2022-07-21T00:00:00Z", "published": "2022-07-21T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://www.oracle.com/security-alerts/cpujul2022.html#AppendixMSQL" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-1292" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-21824" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-27778" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-25032" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-21556" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-21569" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-21550" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-21519" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-21527" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-21528" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-21509" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-21539" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-21517" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-21537" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-21547" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-21525" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-21526" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-21529" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-21530" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-21531" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-21553" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-21515" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-21455" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-21534" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-21522" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-21538" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-21535" }, { "type": "WEB", "url": "https://www.oracle.com/security-alerts/cpujul2022.html#AppendixMSQL" } ], "schema_version": "1.7.0", "summary": "MySQL -- Multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "chromium" }, "ranges": [ { "events": [ { "fixed": "103.0.5060.134" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://chromereleases.googleblog.com/2022/07/stable-channel-update-for-desktop_19.html" ], "discovery": "2022-07-19T00:00:00Z", "references": { "cvename": [ "CVE-2022-2163", "CVE-2022-2477", "CVE-2022-2478", "CVE-2022-2479", "CVE-2022-2480", "CVE-2022-2481" ] }, "vid": "27cc4258-0805-11ed-8ac1-3065ec8fd3ec" }, "details": "Chrome Releases reports:\n\n> This release contains 11 security fixes, including:\n>\n> - \\[1336266\\] High CVE-2022-2477: Use after free in Guest View.\n> Reported by anonymous on 2022-06-14\n> - \\[1335861\\] High CVE-2022-2478: Use after free in PDF. Reported by\n> triplepwns on 2022-06-13\n> - \\[1329987\\] High CVE-2022-2479: Insufficient validation of untrusted\n> input in File. Reported by anonymous on 2022-05-28\n> - \\[1339844\\] High CVE-2022-2480: Use after free in Service Worker\n> API. Reported by Sergei Glazunov of Google Project Zero on\n> 2022-06-27\n> - \\[1341603\\] High CVE-2022-2481: Use after free in Views. Reported by\n> YoungJoo Lee(@ashuu_lee) of CompSecLab at Seoul National University\n> on 2022-07-04\n> - \\[1308341\\] Low CVE-2022-2163: Use after free in Cast UI and\n> Toolbar. Reported by Chaoyuan Peng (@ret2happy) on 2022-03-21\n", "id": "FreeBSD-2022-0138", "modified": "2022-07-20T00:00:00Z", "published": "2022-07-20T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://chromereleases.googleblog.com/2022/07/stable-channel-update-for-desktop_19.html" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-2163" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-2477" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-2478" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-2479" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-2480" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-2481" }, { "type": "WEB", "url": "https://chromereleases.googleblog.com/2022/07/stable-channel-update-for-desktop_19.html" } ], "schema_version": "1.7.0", "summary": "chromium -- multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "redis" }, "ranges": [ { "events": [ { "introduced": "7.0.0" }, { "fixed": "7.0.4" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://groups.google.com/g/redis-db/c/FWngtg3WpfA" ], "discovery": "2022-07-18T00:00:00Z", "references": { "cvename": [ "CVE-2022-31144" ] }, "vid": "871d93f9-06aa-11ed-8d5f-080027f5fec9" }, "details": "The Redis core team reports:\n\n> A specially crafted XAUTOCLAIM command on a stream key in a specific\n> state may result with heap overflow, and potentially remote code\n> execution.\n", "id": "FreeBSD-2022-0137", "modified": "2022-07-18T00:00:00Z", "published": "2022-07-18T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://groups.google.com/g/redis-db/c/FWngtg3WpfA" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-31144" }, { "type": "WEB", "url": "https://groups.google.com/g/redis-db/c/FWngtg3WpfA" } ], "schema_version": "1.7.0", "summary": "redis -- Potential remote code execution vulnerability" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "grafana" }, "ranges": [ { "events": [ { "introduced": "8.3.0" }, { "fixed": "8.3.10" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "8.4.0" }, { "fixed": "8.4.10" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "8.5.0" }, { "fixed": "8.5.9" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "9.0.0" }, { "fixed": "9.0.3" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "9.1.0" }, { "fixed": "9.2.7" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "grafana8" }, "ranges": [ { "events": [ { "introduced": "8.3.0" }, { "fixed": "8.3.10" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "8.4.0" }, { "fixed": "8.4.10" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "8.5.0" }, { "fixed": "8.5.9" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "grafana9" }, "ranges": [ { "events": [ { "fixed": "9.0.3" }, { "introduced": "0" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "9.1.0" }, { "fixed": "9.2.7" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://grafana.com/blog/2022/07/14/grafana-v9-0-3-8-5-9-8-4-10-and-8-3-10-released-with-high-severity-security-fix/" ], "discovery": "2022-06-19T00:00:00Z", "references": { "cvename": [ "CVE-2022-31097" ] }, "vid": "0c367e98-0415-11ed-a53b-6c3be5272acd" }, "details": "Grafana Labs reports:\n\n> An attacker can exploit this vulnerability to escalate privilege from\n> editor to admin by tricking an authenticated admin to click on a link.\n> (Note: Grafana Alerting is activated by default in Grafana 9.0.)\n", "id": "FreeBSD-2022-0136", "modified": "2022-07-15T00:00:00Z", "published": "2022-07-15T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://grafana.com/blog/2022/07/14/grafana-v9-0-3-8-5-9-8-4-10-and-8-3-10-released-with-high-severity-security-fix/" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-31097" }, { "type": "WEB", "url": "https://github.com/grafana/grafana/security/advisories/GHSA-vw7q-p2qg-4m5f" } ], "schema_version": "1.7.0", "summary": "Grafana -- Stored XSS" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "grafana" }, "ranges": [ { "events": [ { "introduced": "5.3.0" }, { "fixed": "8.3.10" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "8.4.0" }, { "fixed": "8.4.10" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "8.5.0" }, { "fixed": "8.5.9" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "9.0.0" }, { "fixed": "9.0.3" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "grafana7" }, "ranges": [ { "events": [ { "introduced": "7.0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "grafana8" }, "ranges": [ { "events": [ { "introduced": "8.3.0" }, { "fixed": "8.3.10" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "8.4.0" }, { "fixed": "8.4.10" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "8.5.0" }, { "fixed": "8.5.9" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "grafana9" }, "ranges": [ { "events": [ { "fixed": "9.0.3" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://grafana.com/blog/2022/07/14/grafana-v9-0-3-8-5-9-8-4-10-and-8-3-10-released-with-high-severity-security-fix/" ], "discovery": "2022-06-27T00:00:00Z", "references": { "cvename": [ "CVE-2022-31107" ] }, "vid": "0859e6d5-0415-11ed-a53b-6c3be5272acd" }, "details": "Grafana Labs reports:\n\n> It is possible for a malicious user who has authorization to log into\n> a Grafana instance via a configured OAuth IdP to take over an existing\n> Grafana account under some conditions.\n", "id": "FreeBSD-2022-0135", "modified": "2022-07-15T00:00:00Z", "published": "2022-07-15T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://grafana.com/blog/2022/07/14/grafana-v9-0-3-8-5-9-8-4-10-and-8-3-10-released-with-high-severity-security-fix/" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-31107" }, { "type": "WEB", "url": "https://github.com/grafana/grafana/security/advisories/GHSA-mx47-6497-3fv2" } ], "schema_version": "1.7.0", "summary": "Grafana -- OAuth Account Takeover" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "go118" }, "ranges": [ { "events": [ { "fixed": "1.18.4" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "go117" }, "ranges": [ { "events": [ { "fixed": "1.17.12" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://go.dev/issue/53188", "https://go.dev/issue/53423", "https://go.dev/issue/53168", "https://go.dev/issue/53611", "https://go.dev/issue/53614", "https://go.dev/issue/53615", "https://go.dev/issue/53416", "https://go.dev/issue/53415", "https://go.dev/issue/53616" ], "discovery": "2022-07-12T00:00:00Z", "references": { "cvename": [ "CVE-2022-1705", "CVE-2022-32148", "CVE-2022-30631", "CVE-2022-30633", "CVE-2022-28131", "CVE-2022-30635", "CVE-2022-30632", "CVE-2022-30630", "CVE-2022-1962" ] }, "vid": "a4f2416c-02a0-11ed-b817-10c37b4ac2ea" }, "details": "The Go project reports:\n\n> net/http: improper sanitization of Transfer-Encoding header\n>\n> The HTTP/1 client accepted some invalid Transfer-Encoding headers as\n> indicating a \\\"chunked\\\" encoding. This could potentially allow for\n> request smuggling, but only if combined with an intermediate server\n> that also improperly failed to reject the header as invalid.\n\n> When httputil.ReverseProxy.ServeHTTP was called with a Request.Header\n> map containing a nil value for the X-Forwarded-For header,\n> ReverseProxy would set the client IP as the value of the\n> X-Forwarded-For header, contrary to its documentation. In the more\n> usual case where a Director function set the X-Forwarded-For header\n> value to nil, ReverseProxy would leave the header unmodified as\n> expected.\n\n> compress/gzip: stack exhaustion in Reader.Read\n>\n> Calling Reader.Read on an archive containing a large number of\n> concatenated 0-length compressed files can cause a panic due to stack\n> exhaustion.\n\n> encoding/xml: stack exhaustion in Unmarshal\n>\n> Calling Unmarshal on a XML document into a Go struct which has a\n> nested field that uses the any field tag can cause a panic due to\n> stack exhaustion.\n\n> encoding/xml: stack exhaustion in Decoder.Skip\n>\n> Calling Decoder.Skip when parsing a deeply nested XML document can\n> cause a panic due to stack exhaustion.\n\n> encoding/gob: stack exhaustion in Decoder.Decode\n>\n> Calling Decoder.Decode on a message which contains deeply nested\n> structures can cause a panic due to stack exhaustion.\n\n> path/filepath: stack exhaustion in Glob\n>\n> Calling Glob on a path which contains a large number of path\n> separators can cause a panic due to stack exhaustion.\n\n> io/fs: stack exhaustion in Glob\n>\n> Calling Glob on a path which contains a large number of path\n> separators can cause a panic due to stack exhaustion.\n\n> go/parser: stack exhaustion in all Parse\\* functions\n>\n> Calling any of the Parse functions on Go source code which contains\n> deeply nested types or declarations can cause a panic due to stack\n> exhaustion.\n", "id": "FreeBSD-2022-0134", "modified": "2022-07-13T00:00:00Z", "published": "2022-07-13T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://go.dev/issue/53188" }, { "type": "REPORT", "url": "https://go.dev/issue/53423" }, { "type": "REPORT", "url": "https://go.dev/issue/53168" }, { "type": "REPORT", "url": "https://go.dev/issue/53611" }, { "type": "REPORT", "url": "https://go.dev/issue/53614" }, { "type": "REPORT", "url": "https://go.dev/issue/53615" }, { "type": "REPORT", "url": "https://go.dev/issue/53416" }, { "type": "REPORT", "url": "https://go.dev/issue/53415" }, { "type": "REPORT", "url": "https://go.dev/issue/53616" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-1705" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-32148" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-30631" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-30633" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-28131" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-30635" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-30632" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-30630" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-1962" }, { "type": "WEB", "url": "https://groups.google.com/g/golang-dev/c/frczlF8OFQ0" } ], "schema_version": "1.7.0", "summary": "go -- multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "git" }, "ranges": [ { "events": [ { "fixed": "2.37.1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://lkml.org/lkml/2022/7/12/1137" ], "discovery": "2022-07-12T00:00:00Z", "references": { "cvename": [ "CVE-2022-29187" ] }, "vid": "b99f99f6-021e-11ed-8c6f-000c29ffbb6c" }, "details": "The git project reports:\n\n> Git is vulnerable to privilege escalation in all platforms. An\n> unsuspecting user could still be affected by the issue reported in\n> CVE-2022-24765, for example when navigating as root into a shared tmp\n> directory that is owned by them, but where an attacker could create a\n> git repository.\n", "id": "FreeBSD-2022-0133", "modified": "2022-07-12T00:00:00Z", "published": "2022-07-12T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://lkml.org/lkml/2022/7/12/1137" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-29187" }, { "type": "ADVISORY", "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29187" } ], "schema_version": "1.7.0", "summary": "git -- privilege escalation" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "mat2" }, "ranges": [ { "events": [ { "fixed": "0.13.0" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-35410" ], "discovery": "2022-07-08T00:00:00Z", "references": { "cvename": [ "CVE-2022-35410" ] }, "vid": "830855f3-ffcc-11ec-9d41-d05099c8b5a7" }, "details": "> mat2 (aka metadata anonymisation toolkit) before 0.13.0 allows ../\n> directory traversal during the ZIP archive cleaning process. This\n> primarily affects mat2 web instances, in which clients could obtain\n> sensitive information via a crafted archive.\n", "id": "FreeBSD-2022-0132", "modified": "2022-07-10T00:00:00Z", "published": "2022-07-10T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-35410" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-35410" }, { "type": "ADVISORY", "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-35410" } ], "schema_version": "1.7.0", "summary": "mat2 -- directory traversal/arbitrary file read during ZIP file processing" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "gitlab-ce" }, "ranges": [ { "events": [ { "introduced": "15.1.0" }, { "fixed": "15.1.1" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "15.0.0" }, { "fixed": "15.0.4" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "0" }, { "fixed": "14.10.5" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://about.gitlab.com/releases/2022/06/30/critical-security-release-gitlab-15-1-1-released/" ], "discovery": "2022-06-30T00:00:00Z", "references": { "cvename": [ "CVE-2022-2185", "CVE-2022-2235", "CVE-2022-2230", "CVE-2022-2229", "CVE-2022-1983", "CVE-2022-1963", "CVE-2022-2228", "CVE-2022-2243", "CVE-2022-2244", "CVE-2022-1954", "CVE-2022-2270", "CVE-2022-2250", "CVE-2022-1999", "CVE-2022-2281", "CVE-2022-1981", "CVE-2022-2227" ] }, "vid": "d1b35142-ff4a-11ec-8be3-001b217b3468" }, "details": "Gitlab reports:\n\n> Remote Command Execution via Project Imports\n>\n> XSS in ZenTao integration affecting self hosted instances without\n> strict CSP\n>\n> XSS in project settings page\n>\n> Unallowed users can read unprotected CI variables\n>\n> IP allow-list bypass to access Container Registries\n>\n> 2FA status is disclosed to unauthenticated users\n>\n> CI variables provided to runners outside of a group\\'s restricted IP\n> range\n>\n> IDOR in sentry issues\n>\n> Reporters can manage issues in error tracking\n>\n> Regular Expression Denial of Service via malicious web server\n> responses\n>\n> Unauthorized read for conan repository\n>\n> Open redirect vulnerability\n>\n> Group labels are editable through subproject\n>\n> Release titles visible for any users if group milestones are\n> associated with any project releases\n>\n> Restrict membership by email domain bypass\n>\n> Job information is leaked to users who previously were maintainers via\n> the Runner Jobs API endpoint\n", "id": "FreeBSD-2022-0131", "modified": "2022-07-09T00:00:00Z", "published": "2022-07-09T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://about.gitlab.com/releases/2022/06/30/critical-security-release-gitlab-15-1-1-released/" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-2185" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-2235" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-2230" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-2229" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-1983" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-1963" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-2228" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-2243" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-2244" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-1954" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-2270" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-2250" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-1999" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-2281" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-1981" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-2227" }, { "type": "WEB", "url": "https://about.gitlab.com/releases/2022/06/30/critical-security-release-gitlab-15-1-1-released/" } ], "schema_version": "1.7.0", "summary": "Gitlab -- multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "node" }, "ranges": [ { "events": [ { "introduced": "14.0.0" }, { "fixed": "14.20.0" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "16.0.0" }, { "fixed": "16.16.0" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "18.0.0" }, { "fixed": "18.5.0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "node16" }, "ranges": [ { "events": [ { "fixed": "16.16.0" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "node14" }, "ranges": [ { "events": [ { "fixed": "14.20.0" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://nodejs.org/en/blog/vulnerability/july-2022-security-releases/" ], "discovery": "2022-07-05T00:00:00Z", "references": { "cvename": [ "CVE-2022-32212", "CVE-2022-32213", "CVE-2022-32214", "CVE-2022-32215", "CVE-2022-32222", "CVE-2022-2097" ] }, "vid": "b9210706-feb0-11ec-81fa-1c697a616631" }, "details": "Node.js reports:\n\n> # HTTP Request Smuggling - Flawed Parsing of Transfer-Encoding (Medium)(CVE-2022-32213)\n>\n> The llhttp parser in the http module does not correctly parse and\n> validate Transfer-Encoding headers. This can lead to HTTP Request\n> Smuggling (HRS).\n>\n> # HTTP Request Smuggling - Improper Delimiting of Header Fields (Medium)(CVE-2022-32214)\n>\n> The llhttp parser in the http module does not strictly use the CRLF\n> sequence to delimit HTTP requests. This can lead to HTTP Request\n> Smuggling (HRS).\n>\n> # HTTP Request Smuggling - Incorrect Parsing of Multi-line Transfer-Encoding (Medium)(CVE-2022-32215)\n>\n> The llhttp parser in the http module does not correctly handle\n> multi-line Transfer-Encoding headers. This can lead to HTTP Request\n> Smuggling (HRS).\n>\n> # DNS rebinding in \\--inspect via invalid IP addresses (High)(CVE-2022-32212)\n>\n> The IsAllowedHost check can easily be bypassed because IsIPAddress\n> does not properly check if an IP address is invalid or not. When an\n> invalid IPv4 address is provided (for instance 10.0.2.555 is\n> provided), browsers (such as Firefox) will make DNS requests to the\n> DNS server, providing a vector for an attacker-controlled DNS server\n> or a MITM who can spoof DNS responses to perform a rebinding attack\n> and hence connect to the WebSocket debugger, allowing for arbitrary\n> code execution. This is a bypass of CVE-2021-22884.\n>\n> # Attempt to read openssl.cnf from /home/iojs/build/ upon startup (Medium)(CVE-2022-32222)\n>\n> When Node.js starts on linux based systems, it attempts to read\n> /home/iojs/build/ws/out/Release/obj.target/deps/openssl/openssl.cnf,\n> which ordinarily doesn\\'t exist. On some shared systems an attacker\n> may be able create this file and therefore affect the default OpenSSL\n> configuration for other users.\n>\n> # OpenSSL - AES OCB fails to encrypt some bytes (Medium)(CVE-2022-2097)\n>\n> AES OCB mode for 32-bit x86 platforms using the AES-NI assembly\n> optimised implementation will not encrypt the entirety of the data\n> under some circumstances. This could reveal sixteen bytes of data that\n> was preexisting in the memory that wasn\\'t written. In the special\n> case of \\\"in place\\\" encryption, sixteen bytes of the plaintext would\n> be revealed. Since OpenSSL does not support OCB based cipher suites\n> for TLS and DTLS, they are both unaffected.\n", "id": "FreeBSD-2022-0130", "modified": "2022-07-08T00:00:00Z", "published": "2022-07-08T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://nodejs.org/en/blog/vulnerability/july-2022-security-releases/" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-32212" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-32213" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-32214" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-32215" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-32222" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-2097" }, { "type": "WEB", "url": "https://nodejs.org/en/blog/vulnerability/july-2022-security-releases/" } ], "schema_version": "1.7.0", "summary": "Node.js -- July 7th 2022 Security Releases" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "chromium" }, "ranges": [ { "events": [ { "fixed": "103.0.5060.114" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://chromereleases.googleblog.com/2022/07/stable-channel-update-for-desktop.html" ], "discovery": "2022-07-04T00:00:00Z", "references": { "cvename": [ "CVE-2022-2294", "CVE-2022-2295", "CVE-2022-2296" ] }, "vid": "744ec9d7-fe0f-11ec-bcd2-3065ec8fd3ec" }, "details": "Chrome Releases reports:\n\n> This release contains 4 security fixes, including:\n>\n> - \\[1341043\\] High CVE-2022-2294: Heap buffer overflow in WebRTC.\n> Reported by Jan Vojtesek from the Avast Threat Intelligence team on\n> 2022-07-01\n> - \\[1336869\\] High CVE-2022-2295: Type Confusion in V8. Reported by\n> avaue and Buff3tts at S.S.L. on 2022-06-16\n> - \\[1327087\\] High CVE-2022-2296: Use after free in Chrome OS Shell.\n> Reported by Khalil Zhani on 2022-05-19\n", "id": "FreeBSD-2022-0129", "modified": "2022-07-07T00:00:00Z", "published": "2022-07-07T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://chromereleases.googleblog.com/2022/07/stable-channel-update-for-desktop.html" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-2294" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-2295" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-2296" }, { "type": "WEB", "url": "https://chromereleases.googleblog.com/2022/07/stable-channel-update-for-desktop.html" } ], "schema_version": "1.7.0", "summary": "chromium -- multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "openssl" }, "ranges": [ { "events": [ { "fixed": "1.1.1q,1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "openssl-devel" }, "ranges": [ { "events": [ { "fixed": "3.0.5" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://www.openssl.org/news/secadv/20220705.txt" ], "discovery": "2022-07-05T00:00:00Z", "references": { "cvename": [ "CVE-2022-2097" ] }, "vid": "a28e8b7e-fc70-11ec-856e-d4c9ef517024" }, "details": "The OpenSSL project reports:\n\n> AES OCB mode for 32-bit x86 platforms using the AES-NI assembly\n> optimised implementation will not encrypt the entirety of the data\n> under some circumstances. This could reveal sixteen bytes of data that\n> was preexisting in the memory that wasn\\'t written. In the special\n> case of \\\"in place\\\" encryption, sixteen bytes of the plaintext would\n> be revealed.\n", "id": "FreeBSD-2022-0128", "modified": "2022-07-05T00:00:00Z", "published": "2022-07-05T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://www.openssl.org/news/secadv/20220705.txt" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-2097" }, { "type": "WEB", "url": "https://www.openssl.org/news/secadv/20220705.txt" } ], "schema_version": "1.7.0", "summary": "OpenSSL -- AES OCB fails to encrypt some bytes" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "py37-django32" }, "ranges": [ { "events": [ { "fixed": "3.2.14" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "py38-django32" }, "ranges": [ { "events": [ { "fixed": "3.2.14" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "py39-django32" }, "ranges": [ { "events": [ { "fixed": "3.2.14" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "py310-django32" }, "ranges": [ { "events": [ { "fixed": "3.2.14" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "py38-django40" }, "ranges": [ { "events": [ { "fixed": "4.0.6" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "py39-django40" }, "ranges": [ { "events": [ { "fixed": "4.0.6" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "py310-django40" }, "ranges": [ { "events": [ { "fixed": "4.0.6" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://www.djangoproject.com/weblog/2022/jul/04/security-releases/" ], "discovery": "2022-06-21T00:00:00Z", "references": { "cvename": [ "CVE-2022-34265" ] }, "vid": "5be19b0d-fb85-11ec-95cd-080027b24e86" }, "details": "The Django Project reports:\n\n> CVE-2022-34265: Potential SQL injection via Trunc(kind) and\n> Extract(lookup_name) arguments.\n", "id": "FreeBSD-2022-0127", "modified": "2022-07-04T00:00:00Z", "published": "2022-07-04T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://www.djangoproject.com/weblog/2022/jul/04/security-releases/" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-34265" }, { "type": "WEB", "url": "https://www.djangoproject.com/weblog/2022/jul/04/security-releases/" } ], "schema_version": "1.7.0", "summary": "Django -- multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "openssl-devel" }, "ranges": [ { "events": [ { "introduced": "3.0.4" }, { "fixed": "3.0.5" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://mta.openssl.org/pipermail/openssl-announce/2022-July/000229.html" ], "discovery": "2022-07-01T00:00:00Z", "references": { "cvename": [ "CVE-2022-2274" ] }, "vid": "f0e45968-faff-11ec-856e-d4c9ef517024" }, "details": "The OpenSSL project reports:\n\n> The OpenSSL 3.0.4 release introduced a serious bug in the RSA\n> implementation for X86_64 CPUs supporting the AVX512IFMA instructions.\n> This issue makes the RSA implementation with 2048 bit private keys\n> incorrect on such machines and memory corruption will happen during\n> the computation. As a consequence of the memory corruption an attacker\n> may be able to trigger a remote code execution on the machine\n> performing the computation.\n>\n> SSL/TLS servers or other servers using 2048 bit RSA private keys\n> running on machines supporting AVX512IFMA instructions of the X86_64\n> architecture are affected by this issue.\n", "id": "FreeBSD-2022-0126", "modified": "2022-07-05T00:00:00Z", "published": "2022-07-03T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://mta.openssl.org/pipermail/openssl-announce/2022-July/000229.html" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-2274" }, { "type": "WEB", "url": "https://www.openssl.org/news/secadv/20220705.txt" } ], "schema_version": "1.7.0", "summary": "OpenSSL -- Heap memory corruption with RSA private key operation" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "mediawiki135" }, "ranges": [ { "events": [ { "fixed": "1.35.7" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "mediawiki137" }, "ranges": [ { "events": [ { "fixed": "1.37.3" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "mediawiki138" }, "ranges": [ { "events": [ { "fixed": "1.38.2" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://lists.wikimedia.org/hyperkitty/list/mediawiki-announce@lists.wikimedia.org/message/PIPYDRSHXOYW5DB7X755QDNUV5EZWPWB/" ], "discovery": "2022-05-16T00:00:00Z", "references": { "cvename": [ "CVE-2022-29248", "CVE-2022-27776" ] }, "vid": "5ab54ea0-fa94-11ec-996c-080027b24e86" }, "details": "Mediawiki reports:\n\n> (T308471) Username is not escaped in the \\\"welcomeuser\\\" message.\n>\n> (T308473) Username not escaped in the contributions-title message.\n>\n> (T309377, CVE-2022-29248) Update \\\"guzzlehttp/guzzle\\\" to version\n> 6.5.6.\n>\n> (T311384, CVE-2022-27776) Update \\\"guzzlehttp/guzzle\\\" to 6.5.8/7.4.5.\n", "id": "FreeBSD-2022-0125", "modified": "2022-07-03T00:00:00Z", "published": "2022-07-03T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://lists.wikimedia.org/hyperkitty/list/mediawiki-announce@lists.wikimedia.org/message/PIPYDRSHXOYW5DB7X755QDNUV5EZWPWB/" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-29248" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-27776" }, { "type": "WEB", "url": "https://lists.wikimedia.org/hyperkitty/list/mediawiki-announce@lists.wikimedia.org/message/PIPYDRSHXOYW5DB7X755QDNUV5EZWPWB/" } ], "schema_version": "1.7.0", "summary": "mediawiki -- multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "py37-matrix-synapse" }, "ranges": [ { "events": [ { "fixed": "1.61.1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "py38-matrix-synapse" }, "ranges": [ { "events": [ { "fixed": "1.61.1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "py39-matrix-synapse" }, "ranges": [ { "events": [ { "fixed": "1.61.1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "py310-matrix-synapse" }, "ranges": [ { "events": [ { "fixed": "1.61.1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "py311-matrix-synapse" }, "ranges": [ { "events": [ { "fixed": "1.61.1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://matrix.org/blog/2022/06/28/security-release-synapse-1-61-1" ], "discovery": "2022-06-28T00:00:00Z", "references": { "cvename": [ "CVE-2022-31052" ] }, "vid": "07c0d782-f758-11ec-acaa-901b0e9408dc" }, "details": "Matrix developers report:\n\n> This release fixes a vulnerability with Synapse\\'s URL preview\n> feature. URL previews of some web pages can lead to unbounded\n> recursion, causing the request to either fail, or in some cases crash\n> the running Synapse process.\n>\n> Note that:\n>\n> - Homeservers with the url_preview_enabled configuration option set to\n> false (the default value) are unaffected.\n> - Instances with the enable_media_repo configuration option set to\n> false are also unaffected, as this also disables the URL preview\n> functionality.\n", "id": "FreeBSD-2022-0124", "modified": "2022-06-29T00:00:00Z", "published": "2022-06-29T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://matrix.org/blog/2022/06/28/security-release-synapse-1-61-1" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-31052" }, { "type": "WEB", "url": "https://matrix.org/blog/2022/06/28/security-release-synapse-1-61-1" } ], "schema_version": "1.7.0", "summary": "py-matrix-synapse -- unbounded recursion in urlpreview" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "curl" }, "ranges": [ { "events": [ { "introduced": "7.16.4" }, { "fixed": "7.84.0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://curl.se/docs/security.html" ], "discovery": "2022-06-27T00:00:00Z", "references": { "cvename": [ "CVE-2022-32205", "CVE-2022-32206", "CVE-2022-32207", "CVE-2022-32208" ] }, "vid": "ae5722a6-f5f0-11ec-856e-d4c9ef517024" }, "details": "The cURL project reports:\n\n> - CVE-2022-32205: Set-Cookie denial of service\n> - CVE-2022-32206: HTTP compression denial of service\n> - CVE-2022-32207: Unpreserved file permissions\n> - CVE-2022-32208: FTP-KRB bad message verification\n", "id": "FreeBSD-2022-0123", "modified": "2022-06-27T00:00:00Z", "published": "2022-06-27T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://curl.se/docs/security.html" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-32205" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-32206" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-32207" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-32208" }, { "type": "WEB", "url": "https://curl.se/docs/security.html" } ], "schema_version": "1.7.0", "summary": "cURL -- Multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "jenkins" }, "ranges": [ { "events": [ { "fixed": "2.356" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "jenkins-lts" }, "ranges": [ { "events": [ { "fixed": "2.346.1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://www.jenkins.io/security/advisory/2022-06-22/" ], "discovery": "2022-06-22T00:00:00Z", "references": { "cvename": [ "CVE-2022-34170", "CVE-2022-34171", "CVE-2022-34172", "CVE-2022-34173", "CVE-2022-34174", "CVE-2022-34175" ] }, "vid": "25be46f0-f25d-11ec-b62a-00e081b7aa2d" }, "details": "Jenkins Security Advisory:\n\n> # Description\n>\n> ##### (High) SECURITY-2781 / CVE-2022-34170 (SECURITY-2779), CVE-2022-34171 (SECURITY-2761), CVE-2022-34172 (SECURITY-2776), CVE-2022-34173 (SECURITY-2780)\n>\n> Multiple XSS vulnerabilities\n>\n> ##### (Medium) SECURITY-2566 / CVE-2022-34174\n>\n> Observable timing discrepancy allows determining username validity\n>\n> ##### (Medium) Unauthorized view fragment access\n>\n> SECURITY-2777 / CVE-2022-34175\n", "id": "FreeBSD-2022-0122", "modified": "2022-06-22T00:00:00Z", "published": "2022-06-22T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://www.jenkins.io/security/advisory/2022-06-22/" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-34170" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-34171" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-34172" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-34173" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-34174" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-34175" }, { "type": "WEB", "url": "https://www.jenkins.io/security/advisory/2022-06-22/" } ], "schema_version": "1.7.0", "summary": "jenkins -- multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "openssl" }, "ranges": [ { "events": [ { "fixed": "1.1.1p,1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "openssl-devel" }, "ranges": [ { "events": [ { "fixed": "3.0.4" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "openssl-quictls" }, "ranges": [ { "events": [ { "fixed": "3.0.4" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://www.openssl.org/news/secadv/20220621.txt" ], "discovery": "2022-06-21T00:00:00Z", "references": { "cvename": [ "CVE-2022-2068" ] }, "vid": "4eeb93bf-f204-11ec-8fbd-d4c9ef517024" }, "details": "The OpenSSL project reports:\n\n> Circumstances where the c_rehash script does not properly sanitise\n> shell metacharacters to prevent command injection were found by code\n> review.\n", "id": "FreeBSD-2022-0121", "modified": "2022-06-22T00:00:00Z", "published": "2022-06-22T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://www.openssl.org/news/secadv/20220621.txt" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-2068" }, { "type": "WEB", "url": "https://www.openssl.org/news/secadv/20220621.txt" } ], "schema_version": "1.7.0", "summary": "OpenSSL -- Command injection vulnerability" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "chromium" }, "ranges": [ { "events": [ { "fixed": "103.0.5060.53" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://chromereleases.googleblog.com/2022/06/stable-channel-update-for-desktop_21.html" ], "discovery": "2022-06-21T00:00:00Z", "references": { "cvename": [ "CVE-2022-2156", "CVE-2022-2157", "CVE-2022-2158", "CVE-2022-2160", "CVE-2022-2161", "CVE-2022-2162", "CVE-2022-2163", "CVE-2022-2164", "CVE-2022-2165" ] }, "vid": "b2a4c5f1-f1fe-11ec-bcd2-3065ec8fd3ec" }, "details": "Chrome Releases reports:\n\n> This release contains 14 security fixes, including:\n>\n> - \\[1335458\\] Critical CVE-2022-2156: Use after free in Base. Reported\n> by Mark Brand of Google Project Zero on 2022-06-11\n> - \\[1327312\\] High CVE-2022-2157: Use after free in Interest groups.\n> Reported by Nan Wang(@eternalsakura13) and Guang Gong of 360 Alpha\n> Lab on 2022-05-19\n> - \\[1321078\\] High CVE-2022-2158: Type Confusion in V8. Reported by\n> Bohan Liu (@P4nda20371774) of Tencent Security Xuanwu Lab on\n> 2022-04-29\n> - \\[1116450\\] Medium CVE-2022-2160: Insufficient policy enforcement in\n> DevTools. Reported by David Erceg on 2020-08-14\n> - \\[1330289\\] Medium CVE-2022-2161: Use after free in WebApp Provider.\n> Reported by Zhihua Yao of KunLun Lab on 2022-05-30\n> - \\[1307930\\] Medium CVE-2022-2162: Insufficient policy enforcement in\n> File System API. Reported by Abdelhamid Naceri (halov) on 2022-03-19\n> - \\[1308341\\] Low CVE-2022-2163: Use after free in Cast UI and\n> Toolbar. Reported by Chaoyuan Peng (@ret2happy) on 2022-03-21\n> - \\[1268445\\] Low CVE-2022-2164: Inappropriate implementation in\n> Extensions API. Reported by Jos\u00e9 Miguel Moreno Computer Security Lab\n> (COSEC) at UC3M on 2021-11-10\n> - \\[1250993\\] Low CVE-2022-2165: Insufficient data validation in URL\n> formatting. Reported by Rayyan Bijoora on 2021-09-19\n", "id": "FreeBSD-2022-0120", "modified": "2022-06-22T00:00:00Z", "published": "2022-06-22T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://chromereleases.googleblog.com/2022/06/stable-channel-update-for-desktop_21.html" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-2156" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-2157" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-2158" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-2160" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-2161" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-2162" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-2163" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-2164" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-2165" }, { "type": "WEB", "url": "https://chromereleases.googleblog.com/2022/06/stable-channel-update-for-desktop_21.html" } ], "schema_version": "1.7.0", "summary": "chromium -- multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "p5-Image-ExifTool" }, "ranges": [ { "events": [ { "fixed": "12.38" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://security-tracker.debian.org/tracker/CVE-2022-23935" ], "discovery": "2022-01-25T00:00:00Z", "references": { "cvename": [ "CVE-2022-23935" ] }, "vid": "482456fb-e9af-11ec-93b6-318d1419ea39" }, "details": "Debian Security tracker reports:\n\n> ExifTool.pm in ExifTool before 12.38 mishandles a file special\n> characters check, leading to command injection\n", "id": "FreeBSD-2022-0119", "modified": "2022-06-11T00:00:00Z", "published": "2022-06-11T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://security-tracker.debian.org/tracker/CVE-2022-23935" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-23935" }, { "type": "WEB", "url": "https://www.cvedetails.com/cve/CVE-2022-23935" } ], "schema_version": "1.7.0", "summary": "Security Vulnerability found in ExifTool leading to RCE" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "mitmproxy" }, "ranges": [ { "events": [ { "fixed": "8.0.0" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://github.com/mitmproxy/mitmproxy/commit/b06fb6d157087d526bd02e7aadbe37c56865c71b" ], "discovery": "2022-03-21T00:00:00Z", "references": { "cvename": [ "CVE-2022-24766" ] }, "vid": "ad37a349-ebb7-11ec-b9f7-21427354249d" }, "details": "Zeyu Zhang reports:\n\n> In mitmproxy 7.0.4 and below, a malicious client or server is able to\n> perform HTTP request smuggling attacks through mitmproxy. This means\n> that a malicious client/server could smuggle a request/response\n> through mitmproxy as part of another request/response\\'s HTTP message\n> body. While mitmproxy would only see one request, the target server\n> would see multiple requests. A smuggled request is still captured as\n> part of another request\\'s body, but it does not appear in the request\n> list and does not go through the usual mitmproxy event hooks, where\n> users may have implemented custom access control checks or input\n> sanitization.\n>\n> Unless you use mitmproxy to protect an HTTP/1 service, no action is\n> required.\n", "id": "FreeBSD-2022-0118", "modified": "2022-06-20T00:00:00Z", "published": "2022-06-20T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://github.com/mitmproxy/mitmproxy/commit/b06fb6d157087d526bd02e7aadbe37c56865c71b" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-24766" }, { "type": "WEB", "url": "https://github.com/mitmproxy/mitmproxy/commit/b06fb6d157087d526bd02e7aadbe37c56865c71b" } ], "schema_version": "1.7.0", "summary": "mitmproxy -- Insufficient Protection against HTTP Request Smuggling" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "tor" }, "ranges": [ { "events": [ { "fixed": "0.4.7.8" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://gitlab.torproject.org/tpo/core/team/-/wikis/NetworkTeam/TROVE" ], "discovery": "2022-06-14T00:00:00Z", "vid": "5d1e4f6a-ee4f-11ec-86c2-485b3931c969" }, "details": "Tor organization reports:\n\n> TROVE-2022-001\n", "id": "FreeBSD-2022-0117", "modified": "2022-06-17T00:00:00Z", "published": "2022-06-17T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://gitlab.torproject.org/tpo/core/team/-/wikis/NetworkTeam/TROVE" }, { "type": "WEB", "url": "https://gitlab.torproject.org/tpo/core/team/-/wikis/NetworkTeam/TROVE" } ], "schema_version": "1.7.0", "summary": "Tor - Unspecified high severity vulnerability" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "libexo" }, "ranges": [ { "events": [ { "fixed": "4.16.4" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://gitlab.xfce.org/xfce/exo/-/commit/cc047717c3b5efded2cc7bd419c41a3d1f1e48b6" ], "discovery": "2022-06-11T00:00:00Z", "references": { "cvename": [ "CVE-2022-32278" ] }, "vid": "55cff5d2-e95c-11ec-ae20-001999f8d30b" }, "details": "XFCE Project reports:\n\n> Prevent executing possibly malicious .desktop files from online\n> sources (ftp://, http:// etc.).\n", "id": "FreeBSD-2022-0116", "modified": "2022-06-11T00:00:00Z", "published": "2022-06-11T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://gitlab.xfce.org/xfce/exo/-/commit/cc047717c3b5efded2cc7bd419c41a3d1f1e48b6" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-32278" }, { "type": "WEB", "url": "https://gitlab.xfce.org/xfce/exo/-/commit/cc047717c3b5efded2cc7bd419c41a3d1f1e48b6" } ], "schema_version": "1.7.0", "summary": "XFCE -- Allows executing malicious .desktop files pointing to remote code" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "py38-numpy" }, "ranges": [ { "events": [ { "fixed": "1.22.4" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "py39-numpy" }, "ranges": [ { "events": [ { "fixed": "1.22.4" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "py310-numpy" }, "ranges": [ { "events": [ { "fixed": "1.22.4" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://github.com/numpy/numpy/pull/20960" ], "discovery": "2021-05-19T00:00:00Z", "references": { "cvename": [ "CVE-2021-41495" ] }, "vid": "b51cfaea-e919-11ec-9fba-080027240888" }, "details": "Numpy reports:\n\n> At most call-sites for PyArray_DescrNew, there are no validations of\n> its return, but an invalid address may be returned.\n", "id": "FreeBSD-2022-0115", "modified": "2022-06-11T00:00:00Z", "published": "2022-06-11T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://github.com/numpy/numpy/pull/20960" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-41495" }, { "type": "WEB", "url": "https://github.com/numpy/numpy/pull/20960" } ], "schema_version": "1.7.0", "summary": "py-numpy -- Missing return-value validation of the function PyArray_DescrNew" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "chromium" }, "ranges": [ { "events": [ { "fixed": "102.0.5005.115" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://chromereleases.googleblog.com/2022/06/stable-channel-update-for-desktop.html" ], "discovery": "2022-06-09T00:00:00Z", "references": { "cvename": [ "CVE-2022-2007", "CVE-2022-2008", "CVE-2022-2010", "CVE-2022-2011" ] }, "vid": "c80ce2dd-e831-11ec-bcd2-3065ec8fd3ec" }, "details": "Chrome Releases reports:\n\n> This release contains 7 security fixes, including:\n>\n> - \\[1326210\\] High CVE-2022-2007: Use after free in WebGPU. Reported\n> by David Manouchehri on 2022-05-17\n> - \\[1317673\\] High CVE-2022-2008: Out of bounds memory access in\n> WebGL. Reported by khangkito - Tran Van Khang (VinCSS) on 2022-04-19\n> - \\[1325298\\] High CVE-2022-2010: Out of bounds read in compositing.\n> Reported by Mark Brand of Google Project Zero on 2022-05-13\n> - \\[1330379\\] High CVE-2022-2011: Use after free in ANGLE. Reported by\n> SeongHwan Park (SeHwa) on 2022-05-31\n", "id": "FreeBSD-2022-0114", "modified": "2022-06-09T00:00:00Z", "published": "2022-06-09T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://chromereleases.googleblog.com/2022/06/stable-channel-update-for-desktop.html" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-2007" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-2008" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-2010" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-2011" }, { "type": "WEB", "url": "https://chromereleases.googleblog.com/2022/06/stable-channel-update-for-desktop.html" } ], "schema_version": "1.7.0", "summary": "chromium -- multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "apache24" }, "ranges": [ { "events": [ { "fixed": "2.4.54" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "http://downloads.apache.org/httpd/CHANGES_2.4.54" ], "discovery": "2022-06-08T00:00:00Z", "references": { "cvename": [ "CVE-2022-31813", "CVE-2022-30556", "CVE-2022-30522", "CVE-2022-29404", "CVE-2022-28615", "CVE-2022-28614", "CVE-2022-28330", "CVE-2022-26377" ] }, "vid": "49adfbe5-e7d1-11ec-8fbd-d4c9ef517024" }, "details": "The Apache httpd project reports:\n\n> - CVE-2022-31813: mod_proxy X-Forwarded-For dropped by hop-by-hop\n> mechanism. Apache HTTP Server 2.4.53 and earlier may not send the\n> X-Forwarded-\\* headers to the origin server based on client side\n> Connection header hop-by-hop mechanism. This may be used to bypass\n> IP based authentication on the origin server/application.\n> - CVE-2022-30556: Information Disclosure in mod_lua with websockets.\n> Apache HTTP Server 2.4.53 and earlier may return lengths to\n> applications calling r:wsread() that point past the end of the\n> storage allocated for the buffer.\n> - CVE-2022-30522: mod_sed denial of service. If Apache HTTP Server\n> 2.4.53 is configured to do transformations with mod_sed in contexts\n> where the input to mod_sed may be very large, mod_sed may make\n> excessively large memory allocations and trigger an abort.\n> - CVE-2022-29404: Denial of service in mod_lua r:parsebody. In Apache\n> HTTP Server 2.4.53 and earlier, a malicious request to a lua script\n> that calls r:parsebody(0) may cause a denial of service due to no\n> default limit on possible input size.\n> - CVE-2022-28615: Read beyond bounds in ap_strcmp_match(). Apache HTTP\n> Server 2.4.53 and earlier may crash or disclose information due to a\n> read beyond bounds in ap_strcmp_match() when provided with an\n> extremely large input buffer. While no code distributed with the\n> server can be coerced into such a call, third-party modules or lua\n> scripts that use ap_strcmp_match() may hypothetically be affected.\n> - CVE-2022-28614: read beyond bounds via ap_rwrite(). The ap_rwrite()\n> function in Apache HTTP Server 2.4.53 and earlier may read\n> unintended memory if an attacker can cause the server to reflect\n> very large input using ap_rwrite() or ap_rputs(), such as with\n> mod_luas r:puts() function.\n> - CVE-2022-28330: read beyond bounds in mod_isapi. Apache HTTP Server\n> 2.4.53 and earlier on Windows may read beyond bounds when configured\n> to process requests with the mod_isapi module.\n> - CVE-2022-26377: mod_proxy_ajp: Possible request smuggling.\n> Inconsistent Interpretation of HTTP Requests (\\'HTTP Request\n> Smuggling\\') vulnerability in mod_proxy_ajp of Apache HTTP Server\n> allows an attacker to smuggle requests to the AJP server it forwards\n> requests to.\n", "id": "FreeBSD-2022-0113", "modified": "2022-06-10T00:00:00Z", "published": "2022-06-09T00:00:00Z", "references": [ { "type": "REPORT", "url": "http://downloads.apache.org/httpd/CHANGES_2.4.54" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-31813" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-30556" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-30522" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-29404" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-28615" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-28614" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-28330" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-26377" }, { "type": "WEB", "url": "http://downloads.apache.org/httpd/CHANGES_2.4.54" } ], "schema_version": "1.7.0", "summary": "Apache httpd -- Multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "go118" }, "ranges": [ { "events": [ { "fixed": "1.18.3" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "go117" }, "ranges": [ { "events": [ { "fixed": "1.17.11" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://go.dev/issue/52561", "https://go.dev/issue/52814", "https://go.dev/issue/52574", "https://go.dev/issue/52476" ], "discovery": "2022-06-01T00:00:00Z", "references": { "cvename": [ "CVE-2022-30634", "CVE-2022-30629", "CVE-2022-30580", "CVE-2022-29804" ] }, "vid": "15888c7e-e659-11ec-b7fe-10c37b4ac2ea" }, "details": "The Go project reports:\n\n> crypto/rand: rand.Read hangs with extremely large buffers\n>\n> On Windows, rand.Read will hang indefinitely if passed a buffer larger\n> than 1 \\<\\< 32 - 1 bytes.\n\n> crypto/tls: session tickets lack random ticket_age_add\n>\n> Session tickets generated by crypto/tls did not contain a randomly\n> generated ticket_age_add. This allows an attacker that can observe TLS\n> handshakes to correlate successive connections by comparing ticket\n> ages during session resumption.\n\n> os/exec: empty Cmd.Path can result in running unintended binary on\n> Windows\n>\n> If, on Windows, Cmd.Run, cmd.Start, cmd.Output, or cmd.CombinedOutput\n> are executed when Cmd.Path is unset and, in the working directory,\n> there are binaries named either \\\"..com\\\" or \\\"..exe\\\", they will be\n> executed.\n\n> path/filepath: Clean(\\`.\\\\c:\\`) returns \\`c:\\` on Windows\n>\n> On Windows, the filepath.Clean function could convert an invalid path\n> to a valid, absolute path. For example, Clean(\\`.\\\\c:\\`) returned\n> \\`c:\\`.\n", "id": "FreeBSD-2022-0112", "modified": "2022-06-07T00:00:00Z", "published": "2022-06-07T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://go.dev/issue/52561" }, { "type": "REPORT", "url": "https://go.dev/issue/52814" }, { "type": "REPORT", "url": "https://go.dev/issue/52574" }, { "type": "REPORT", "url": "https://go.dev/issue/52476" }, { "type": "WEB", "url": "https://groups.google.com/g/golang-dev/c/DidEMYAH_n0" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-30634" }, { "type": "WEB", "url": "https://go.dev/issue/52561" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-30629" }, { "type": "WEB", "url": "https://go.dev/issue/52814" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-30580" }, { "type": "WEB", "url": "https://go.dev/issue/52574" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-29804" }, { "type": "WEB", "url": "https://go.dev/issue/52476" } ], "schema_version": "1.7.0", "summary": "go -- multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "e2fsprogs" }, "ranges": [ { "events": [ { "fixed": "1.46.5_1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "e2fsprogs-nobootfsck" }, "ranges": [ { "events": [ { "fixed": "1.46.5_1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "e2fsprogs-roothardlinks" }, "ranges": [ { "events": [ { "fixed": "1.46.5_1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://bugzilla.redhat.com/show_bug.cgi?id=2068113" ], "discovery": "2022-03-24T00:00:00Z", "references": { "cvename": [ "CVE-2022-1304" ] }, "vid": "a58f3fde-e4e0-11ec-8340-2d623369b8b5" }, "details": "Nils Bars reports:\n\n> During the processing of \\[a specially fuzzed disk image\\], an\n> out-of-bounds write is triggered and causes a segmentation fault\n> (SIGSEGV).\n", "id": "FreeBSD-2022-0111", "modified": "2022-06-05T00:00:00Z", "published": "2022-06-05T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2068113" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-1304" }, { "type": "REPORT", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2068113" }, { "type": "REPORT", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2069726" }, { "type": "WEB", "url": "https://lore.kernel.org/linux-ext4/20220421173148.20193-1-lczerner@redhat.com/T/#u" } ], "schema_version": "1.7.0", "summary": "e2fsprogs -- out-of-bounds read/write vulnerability" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "gitlab-ce" }, "ranges": [ { "events": [ { "introduced": "15.0.0" }, { "fixed": "15.0.1" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "14.10.0" }, { "fixed": "14.10.4" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "11.10.0" }, { "fixed": "14.9.5" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://about.gitlab.com/releases/2022/06/01/critical-security-release-gitlab-15-0-1-released/" ], "discovery": "2022-06-01T00:00:00Z", "references": { "cvename": [ "CVE-2022-1680", "CVE-2022-1940", "CVE-2022-1948", "CVE-2022-1935", "CVE-2022-1936", "CVE-2022-1944", "CVE-2022-1821", "CVE-2022-1783" ] }, "vid": "f414d69f-e43d-11ec-9ea4-001b217b3468" }, "details": "Gitlab reports:\n\n> Account take over via SCIM email change\n>\n> Stored XSS in Jira integration\n>\n> Quick action commands susceptible to XSS\n>\n> IP allowlist bypass when using Trigger tokens\n>\n> IP allowlist bypass when using Project Deploy Tokens\n>\n> Improper authorization in the Interactive Web Terminal\n>\n> Subgroup member can list members of parent group\n>\n> Group member lock bypass\n", "id": "FreeBSD-2022-0110", "modified": "2022-06-04T00:00:00Z", "published": "2022-06-04T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://about.gitlab.com/releases/2022/06/01/critical-security-release-gitlab-15-0-1-released/" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-1680" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-1940" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-1948" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-1935" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-1936" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-1944" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-1821" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-1783" }, { "type": "WEB", "url": "https://about.gitlab.com/releases/2022/06/01/critical-security-release-gitlab-15-0-1-released/" } ], "schema_version": "1.7.0", "summary": "Gitlab -- multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "zeek" }, "ranges": [ { "events": [ { "fixed": "4.0.7" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://github.com/zeek/zeek/releases/tag/v4.0.7" ], "discovery": "2022-06-01T00:00:00Z", "vid": "204f1a7a-43df-412f-ad25-7dbe88f54fa4" }, "details": "Tim Wojtulewicz of Corelight reports:\n\n> Fix potential hang in the DNS analyzer when receiving a\n> specially-crafted packet. Due to the possibility of this happening\n> with packets received from the network, this is a potential DoS\n> vulnerability.\n", "id": "FreeBSD-2022-0109", "modified": "2022-06-03T00:00:00Z", "published": "2022-06-03T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://github.com/zeek/zeek/releases/tag/v4.0.7" }, { "type": "WEB", "url": "https://github.com/zeek/zeek/releases/tag/v4.0.7" } ], "schema_version": "1.7.0", "summary": "zeek -- potential DoS vulnerabilty" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "chromium" }, "ranges": [ { "events": [ { "fixed": "102.0.5005.61" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://chromereleases.googleblog.com/2022/05/stable-channel-update-for-desktop_24.html" ], "discovery": "2022-05-24T00:00:00Z", "references": { "cvename": [ "CVE-2022-1853", "CVE-2022-1854", "CVE-2022-1855", "CVE-2022-1856", "CVE-2022-1857", "CVE-2022-1858", "CVE-2022-1859", "CVE-2022-1860", "CVE-2022-1861", "CVE-2022-1862", "CVE-2022-1863", "CVE-2022-1864", "CVE-2022-1865", "CVE-2022-1866", "CVE-2022-1867", "CVE-2022-1868", "CVE-2022-1869", "CVE-2022-1870", "CVE-2022-1871", "CVE-2022-1872", "CVE-2022-1873", "CVE-2022-1874", "CVE-2022-1875", "CVE-2022-1876" ] }, "vid": "40e2c35e-db99-11ec-b0cf-3065ec8fd3ec" }, "details": "Chrome Releases reports:\n\n> This release contains 32 security fixes, including:\n>\n> - \\[1324864\\] Critical CVE-2022-1853: Use after free in Indexed DB.\n> Reported by Anonymous on 2022-05-12\n> - \\[1320024\\] High CVE-2022-1854: Use after free in ANGLE. Reported by\n> SeongHwan Park (SeHwa) on 2022-04-27\n> - \\[1228661\\] High CVE-2022-1855: Use after free in Messaging.\n> Reported by Anonymous on 2021-07-13\n> - \\[1323239\\] High CVE-2022-1856: Use after free in User Education.\n> Reported by Nan Wang(@eternalsakura13) and Guang Gong of 360 Alpha\n> Lab on 2022-05-06\n> - \\[1227995\\] High CVE-2022-1857: Insufficient policy enforcement in\n> File System API. Reported by Daniel Rhea on 2021-07-11\n> - \\[1314310\\] High CVE-2022-1858: Out of bounds read in DevTools.\n> Reported by EllisVlad on 2022-04-07\n> - \\[1322744\\] High CVE-2022-1859: Use after free in Performance\n> Manager. Reported by Guannan Wang (@Keenan7310) of Tencent Security\n> Xuanwu Lab on 2022-05-05\n> - \\[1297209\\] High CVE-2022-1860: Use after free in UI Foundations.\n> Reported by \\@ginggilBesel on 2022-02-15\n> - \\[1316846\\] High CVE-2022-1861: Use after free in Sharing. Reported\n> by Khalil Zhani on 2022-04-16\n> - \\[1236325\\] Medium CVE-2022-1862: Inappropriate implementation in\n> Extensions. Reported by Alesandro Ortiz on 2021-08-04\n> - \\[1292870\\] Medium CVE-2022-1863: Use after free in Tab Groups.\n> Reported by David Erceg on 2022-02-01\n> - \\[1320624\\] Medium CVE-2022-1864: Use after free in WebApp Installs.\n> Reported by Yuntao You (@GraVity0) of Bytedance Wuheng Lab on\n> 2022-04-28\n> - \\[1289192\\] Medium CVE-2022-1865: Use after free in Bookmarks.\n> Reported by Rong Jian of VRI on 2022-01-20\n> - \\[1292264\\] Medium CVE-2022-1866: Use after free in Tablet Mode.\n> Reported by \\@ginggilBesel on 2022-01-29\n> - \\[1315563\\] Medium CVE-2022-1867: Insufficient validation of\n> untrusted input in Data Transfer. Reported by Michal Bentkowski of\n> Securitum on 2022-04-12\n> - \\[1301203\\] Medium CVE-2022-1868: Inappropriate implementation in\n> Extensions API. Reported by Alesandro Ortiz on 2022-02-28\n> - \\[1309467\\] Medium CVE-2022-1869: Type Confusion in V8. Reported by\n> Man Yue Mo of GitHub Security Lab on 2022-03-23\n> - \\[1323236\\] Medium CVE-2022-1870: Use after free in App Service.\n> Reported by Nan Wang(@eternalsakura13) and Guang Gong of 360 Alpha\n> Lab on 2022-05-06\n> - \\[1308199\\] Low CVE-2022-1871: Insufficient policy enforcement in\n> File System API. Reported by Thomas Orlita on 2022-03-21\n> - \\[1310461\\] Low CVE-2022-1872: Insufficient policy enforcement in\n> Extensions API. Reported by ChaobinZhang on 2022-03-26\n> - \\[1305394\\] Low CVE-2022-1873: Insufficient policy enforcement in\n> COOP. Reported by NDevTK on 2022-03-11\n> - \\[1251588\\] Low CVE-2022-1874: Insufficient policy enforcement in\n> Safe Browsing. Reported by hjy79425575 on 2021-09-21\n> - \\[1306443\\] Low CVE-2022-1875: Inappropriate implementation in PDF.\n> Reported by NDevTK on 2022-03-15\n> - \\[1313600\\] Low CVE-2022-1876: Heap buffer overflow in DevTools.\n> Reported by \\@ginggilBesel on 2022-04-06\n", "id": "FreeBSD-2022-0108", "modified": "2022-05-24T00:00:00Z", "published": "2022-05-24T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://chromereleases.googleblog.com/2022/05/stable-channel-update-for-desktop_24.html" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-1853" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-1854" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-1855" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-1856" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-1857" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-1858" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-1859" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-1860" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-1861" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-1862" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-1863" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-1864" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-1865" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-1866" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-1867" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-1868" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-1869" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-1870" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-1871" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-1872" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-1873" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-1874" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-1875" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-1876" }, { "type": "WEB", "url": "https://chromereleases.googleblog.com/2022/05/stable-channel-update-for-desktop_24.html" } ], "schema_version": "1.7.0", "summary": "chromium -- multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "mariadb103-client" }, "ranges": [ { "events": [ { "fixed": "10.3.35" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "mariadb103-server" }, "ranges": [ { "events": [ { "fixed": "10.3.35" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "mariadb104-client" }, "ranges": [ { "events": [ { "fixed": "10.4.25" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "mariadb104-server" }, "ranges": [ { "events": [ { "fixed": "10.4.25" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "mariadb105-client" }, "ranges": [ { "events": [ { "fixed": "10.5.16" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "mariadb105-server" }, "ranges": [ { "events": [ { "fixed": "10.5.16" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "mariadb106-client" }, "ranges": [ { "events": [ { "fixed": "10.6.8" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "mariadb106-server" }, "ranges": [ { "events": [ { "fixed": "10.6.8" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://mariadb.com/kb/en/security/#full-list-of-cves-fixed-in-mariadb" ], "discovery": "2022-05-20T00:00:00Z", "references": { "cvename": [ "CVE-2021-46669", "CVE-2022-27376", "CVE-2022-27377", "CVE-2022-27378", "CVE-2022-27379", "CVE-2022-27380", "CVE-2022-27381", "CVE-2022-27382", "CVE-2022-27383", "CVE-2022-27384", "CVE-2022-27386", "CVE-2022-27387", "CVE-2022-27444", "CVE-2022-27445", "CVE-2022-27446", "CVE-2022-27447", "CVE-2022-27448", "CVE-2022-27449", "CVE-2022-27451", "CVE-2022-27452", "CVE-2022-27455", "CVE-2022-27456", "CVE-2022-27457", "CVE-2022-27458" ] }, "vid": "04fecc47-dad2-11ec-8fbd-d4c9ef517024" }, "details": "The MariaDB project reports:\n\n> MariaDB fixed 23 vulnerabilities across all supported versions\n", "id": "FreeBSD-2022-0107", "modified": "2022-05-23T00:00:00Z", "published": "2022-05-23T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://mariadb.com/kb/en/security/#full-list-of-cves-fixed-in-mariadb" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-46669" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-27376" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-27377" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-27378" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-27379" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-27380" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-27381" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-27382" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-27383" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-27384" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-27386" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-27387" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-27444" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-27445" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-27446" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-27447" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-27448" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-27449" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-27451" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-27452" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-27455" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-27456" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-27457" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-27458" }, { "type": "WEB", "url": "https://mariadb.com/kb/en/security/#full-list-of-cves-fixed-in-mariadb" } ], "schema_version": "1.7.0", "summary": "MariaDB -- Multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "clamav" }, "ranges": [ { "events": [ { "fixed": "0.104.3,1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "clamav-lts" }, "ranges": [ { "events": [ { "fixed": "0.103.6,1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://blog.clamav.net/2022/05/clamav-01050-01043-01036-released.html" ], "discovery": "2022-05-04T00:00:00Z", "references": { "cvename": [ "CVE-2022-20803", "CVE-2022-20770", "CVE-2022-20796", "CVE-2022-20771", "CVE-2022-20785", "CVE-2022-20792" ] }, "vid": "b2407db1-d79f-11ec-a15f-589cfc0f81b0" }, "details": "The ClamAV project reports:\n\n> Fixed a possible double-free vulnerability in the OLE2 file parser.\n> Issue affects versions 0.104.0 through 0.104.2. Issue identified by\n> OSS-Fuzz.\n>\n> Fixed a possible infinite loop vulnerability in the CHM file parser.\n> Issue affects versions 0.104.0 through 0.104.2 and LTS version 0.103.5\n> and prior versions. Thank you to Micha\u0142 Dardas for reporting this\n> issue.\n>\n> Fixed a possible NULL-pointer dereference crash in the scan verdict\n> cache check. Issue affects versions 0.103.4, 0.103.5, 0.104.1, and\n> 0.104.2. Thank you to Alexander Patrakov and Antoine Gatineau for\n> reporting this issue.\n>\n> Fixed a possible infinite loop vulnerability in the TIFF file parser.\n> Issue affects versions 0.104.0 through 0.104.2 and LTS version 0.103.5\n> and prior versions. The issue only occurs if the\n> \\\"\\--alert-broken-media\\\" ClamScan option is enabled. For ClamD, the\n> affected option is \\\"AlertBrokenMedia yes\\\", and for libclamav it is\n> the \\\"CL_SCAN_HEURISTIC_BROKEN_MEDIA\\\" scan option. Thank you to\n> Micha\u0142 Dardas for reporting this issue.\n>\n> Fixed a possible memory leak in the HTML file parser / Javascript\n> normalizer. Issue affects versions 0.104.0 through 0.104.2 and LTS\n> version 0.103.5 and prior versions. Thank you to Micha\u0142 Dardas for\n> reporting this issue.\n>\n> Fixed a possible multi-byte heap buffer overflow write vulnerability\n> in the signature database load module. The fix was to update the\n> vendored regex library to the latest version. Issue affects versions\n> 0.104.0 through 0.104.2 and LTS version 0.103.5 and prior versions.\n> Thank you to Micha\u0142 Dardas for reporting this issue.\n", "id": "FreeBSD-2022-0106", "modified": "2022-05-19T00:00:00Z", "published": "2022-05-19T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://blog.clamav.net/2022/05/clamav-01050-01043-01036-released.html" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-20803" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-20770" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-20796" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-20771" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-20785" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-20792" }, { "type": "WEB", "url": "https://blog.clamav.net/2022/05/clamav-01050-01043-01036-released.html#more" } ], "schema_version": "1.7.0", "summary": "clamav -- Multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "go" }, "ranges": [ { "events": [ { "fixed": "1.18.2,1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "go117" }, "ranges": [ { "events": [ { "fixed": "1.17.10" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://github.com/golang/go/issues/52313" ], "discovery": "2022-04-12T00:00:00Z", "references": { "cvename": [ "CVE-2022-29526" ] }, "vid": "a1360138-d446-11ec-8ea1-10c37b4ac2ea" }, "details": "The Go project reports:\n\n> When called with a non-zero flags parameter, the syscall.Faccessat\n> function could incorrectly report that a file is accessible. This bug\n> only occurs on Linux systems.\n", "id": "FreeBSD-2022-0105", "modified": "2022-05-15T00:00:00Z", "published": "2022-05-15T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://github.com/golang/go/issues/52313" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-29526" }, { "type": "WEB", "url": "https://github.com/golang/go/issues/52313" }, { "type": "WEB", "url": "https://groups.google.com/g/golang-dev/c/CPU3TB6d4oY" } ], "schema_version": "1.7.0", "summary": "go -- syscall.Faccessat checks wrong group on Linux" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "curl" }, "ranges": [ { "events": [ { "fixed": "7.83.1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://curl.se/docs/security.html" ], "discovery": "2022-05-11T00:00:00Z", "references": { "cvename": [ "CVE-2022-27778", "CVE-2022-27779", "CVE-2022-27780", "CVE-2022-27781", "CVE-2022-27782", "CVE-2022-30115" ] }, "vid": "11e36890-d28c-11ec-a06f-d4c9ef517024" }, "details": "The curl project reports:\n\n> CVE-2022-27778: curl removes wrong file on error\n>\n> CVE-2022-27779: cookie for trailing dot TLD\n>\n> CVE-2022-27780: percent-encoded path separator in URL host\n>\n> CVE-2022-27781: CERTINFO never-ending busy-loop\n>\n> CVE-2022-27782: TLS and SSH connection too eager reuse\n>\n> CVE-2022-30115: HSTS bypass via trailing dot\n", "id": "FreeBSD-2022-0104", "modified": "2022-05-13T00:00:00Z", "published": "2022-05-13T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://curl.se/docs/security.html" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-27778" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-27779" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-27780" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-27781" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-27782" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-30115" }, { "type": "WEB", "url": "https://curl.se/docs/security.html" } ], "schema_version": "1.7.0", "summary": "curl -- Multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "postgresql14-server" }, "ranges": [ { "events": [ { "fixed": "14.3" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "postgresql13-server" }, "ranges": [ { "events": [ { "fixed": "13.7" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "postgresql12-server" }, "ranges": [ { "events": [ { "fixed": "12.11" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "postgresql11-server" }, "ranges": [ { "events": [ { "fixed": "11.16" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "postgresql10-server" }, "ranges": [ { "events": [ { "fixed": "10.21" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "discovery": "2022-05-11T00:00:00Z", "references": { "cvename": [ "CVE-2022-1552" ] }, "vid": "157ce083-d145-11ec-ab9b-6cc21735f730" }, "details": "The PostgreSQL project reports:\n\n> Confine additional operations within \\\"security restricted operation\\\"\n> sandboxes.\n>\n> Autovacuum, CLUSTER, CREATE INDEX, REINDEX, REFRESH MATERIALIZED VIEW,\n> and pg_amcheck activated the \\\"security restricted operation\\\"\n> protection mechanism too late, or even not at all in some code paths.\n> A user having permission to create non-temporary objects within a\n> database could define an object that would execute arbitrary SQL code\n> with superuser permissions the next time that autovacuum processed the\n> object, or that some superuser ran one of the affected commands\n> against it.\n", "id": "FreeBSD-2022-0103", "modified": "2022-05-11T00:00:00Z", "published": "2022-05-11T00:00:00Z", "references": [ { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-1552" } ], "schema_version": "1.7.0", "summary": "PostgreSQL Server -- execute arbitrary SQL code as DBA user" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "chromium" }, "ranges": [ { "events": [ { "fixed": "101.0.4951.64" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://chromereleases.googleblog.com/2022/05/stable-channel-update-for-desktop_10.html" ], "discovery": "2022-05-10T00:00:00Z", "references": { "cvename": [ "CVE-2022-1633", "CVE-2022-1634", "CVE-2022-1635", "CVE-2022-1636", "CVE-2022-1637", "CVE-2022-1638", "CVE-2022-1639", "CVE-2022-1640", "CVE-2022-1641" ] }, "vid": "ac91cf5e-d098-11ec-bead-3065ec8fd3ec" }, "details": "Chrome Releases reports:\n\n> This release contains 13 security fixes, including:\n>\n> - \\[1316990\\] High CVE-2022-1633: Use after free in Sharesheet.\n> Reported by Khalil Zhani on 2022-04-18\n> - \\[1314908\\] High CVE-2022-1634: Use after free in Browser UI.\n> Reported by Khalil Zhani on 2022-04-09\n> - \\[1319797\\] High CVE-2022-1635: Use after free in Permission\n> Prompts. Reported by Anonymous on 2022-04-26\n> - \\[1297283\\] High CVE-2022-1636: Use after free in Performance APIs.\n> Reported by Seth Brenith, Microsoft on 2022-02-15\n> - \\[1311820\\] High CVE-2022-1637: Inappropriate implementation in Web\n> Contents. Reported by Alesandro Ortiz on 2022-03-31\n> - \\[1316946\\] High CVE-2022-1638: Heap buffer overflow in V8\n> Internationalization. Reported by DoHyun Lee (@l33d0hyun) of DNSLab,\n> Korea University on 2022-04-17\n> - \\[1317650\\] High CVE-2022-1639: Use after free in ANGLE. Reported by\n> SeongHwan Park (SeHwa) on 2022-04-19\n> - \\[1320592\\] High CVE-2022-1640: Use after free in Sharing. Reported\n> by Weipeng Jiang (@Krace) and Guang Gong of 360 Vulnerability\n> Research Institute on 2022-04-28\n> - \\[1305068\\] Medium CVE-2022-1641: Use after free in Web UI\n> Diagnostics. Reported by Rong Jian of VRI on 2022-03-10\n", "id": "FreeBSD-2022-0102", "modified": "2022-05-10T00:00:00Z", "published": "2022-05-10T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://chromereleases.googleblog.com/2022/05/stable-channel-update-for-desktop_10.html" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-1633" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-1634" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-1635" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-1636" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-1637" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-1638" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-1639" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-1640" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-1641" }, { "type": "WEB", "url": "https://chromereleases.googleblog.com/2022/05/stable-channel-update-for-desktop_10.html" } ], "schema_version": "1.7.0", "summary": "chromium -- multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "rsyslog" }, "ranges": [ { "events": [ { "fixed": "8.2204.1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://github.com/rsyslog/rsyslog/security/advisories/GHSA-ggw7-xr6h-mmr8" ], "discovery": "2022-05-05T00:00:00Z", "references": { "cvename": [ "CVE-2022-24903" ] }, "vid": "b9837fa1-cd72-11ec-98f1-6805ca0b3d42" }, "details": "Rainer Gerhards reports:\n\n> Modules for TCP syslog reception have a heap buffer overflow when\n> octet-counted framing is used. The attacker can corrupt heap values,\n> leading to data integrity issues and availability impact. Remote code\n> execution is unlikely to happen but not impossible..\n", "id": "FreeBSD-2022-0101", "modified": "2022-05-06T00:00:00Z", "published": "2022-05-06T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://github.com/rsyslog/rsyslog/security/advisories/GHSA-ggw7-xr6h-mmr8" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-24903" }, { "type": "WEB", "url": "https://github.com/rsyslog/rsyslog/security/advisories/GHSA-ggw7-xr6h-mmr8" } ], "schema_version": "1.7.0", "summary": "rsyslog8 -- heap buffer overflow on receiving TCP syslog" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "gogs" }, "ranges": [ { "events": [ { "fixed": "0.12.7" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://github.com/gogs/gogs/issues/6919" ], "discovery": "2022-04-12T00:00:00Z", "references": { "cvename": [ "CVE-2022-1464" ] }, "vid": "647ac600-cc70-11ec-9cfc-10c37b4ac2ea" }, "details": "The gogs project reports:\n\n> Repository issues page allows HTML attachments with arbitrary JS code.\n", "id": "FreeBSD-2022-0100", "modified": "2022-05-05T00:00:00Z", "published": "2022-05-05T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://github.com/gogs/gogs/issues/6919" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-1464" }, { "type": "WEB", "url": "https://github.com/gogs/gogs/issues/6919" }, { "type": "WEB", "url": "https://huntr.dev/bounties/34a12146-3a5d-4efc-a0f8-7a3ae04b198d/" } ], "schema_version": "1.7.0", "summary": "gogs -- XSS in issue attachments" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "gitea" }, "ranges": [ { "events": [ { "fixed": "1.16.7" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://github.com/go-gitea/gitea/pull/19487" ], "discovery": "2022-04-25T00:00:00Z", "vid": "95ee401d-cc6a-11ec-9cfc-10c37b4ac2ea" }, "details": "The Gitea team reports:\n\n> Escape git fetch remote in services/migrations/gitea_uploader.go\n", "id": "FreeBSD-2022-0099", "modified": "2022-05-05T00:00:00Z", "published": "2022-05-05T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://github.com/go-gitea/gitea/pull/19487" }, { "type": "WEB", "url": "https://github.com/go-gitea/gitea/pull/19487" } ], "schema_version": "1.7.0", "summary": "gitea -- Escape git fetch remote" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "openssl" }, "ranges": [ { "events": [ { "fixed": "1.1.1o,1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "openssl-devel" }, "ranges": [ { "events": [ { "fixed": "3.0.3" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "openssl-quictls" }, "ranges": [ { "events": [ { "fixed": "3.0.3" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://www.openssl.org/news/secadv/20220503.txt" ], "discovery": "2022-05-03T00:00:00Z", "references": { "cvename": [ "CVE-2022-1292", "CVE-2022-1343", "CVE-2022-1434", "CVE-2022-1473" ] }, "vid": "fceb2b08-cb76-11ec-a06f-d4c9ef517024" }, "details": "The OpenSSL project reports:\n\n> - The c_rehash script allows command injection (CVE-2022-1292)\n> (Moderate)\\\n> The c_rehash script does not properly sanitise shell metacharacters\n> to prevent command injection. This script is distributed by some\n> operating systems in a manner where it is automatically executed. On\n> such operating systems, an attacker could execute arbitrary commands\n> with the privileges of the script.\n> - OCSP_basic_verify may incorrectly verify the response signing\n> certificate (CVE-2022-1343) (Moderate)\\\n> The function \\`OCSP_basic_verify\\` verifies the signer certificate\n> on an OCSP response. In the case where the (non-default) flag\n> OCSP_NOCHECKS is used then the response will be positive (meaning a\n> successful verification) even in the case where the response signing\n> certificate fails to verify.\n> - Incorrect MAC key used in the RC4-MD5 ciphersuite (CVE-2022-1434)\n> (Low)\\\n> The OpenSSL 3.0 implementation of the RC4-MD5 ciphersuite\n> incorrectly uses the AAD data as the MAC key. This makes the MAC key\n> trivially predictable.\n> - Resource leakage when decoding certificates and keys (CVE-2022-1473)\n> (Low)\\\n> The OPENSSL_LH_flush() function, which empties a hash table,\n> containsa bug that breaks reuse of the memory occuppied by the\n> removed hash table entries.\n", "id": "FreeBSD-2022-0098", "modified": "2022-05-05T00:00:00Z", "published": "2022-05-04T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://www.openssl.org/news/secadv/20220503.txt" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-1292" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-1343" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-1434" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-1473" }, { "type": "WEB", "url": "https://www.openssl.org/news/secadv/20220503.txt" } ], "schema_version": "1.7.0", "summary": "OpenSSL -- Multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "rainloop-php74" }, "ranges": [ { "events": [ { "fixed": "1.16.0_2" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "rainloop-php80" }, "ranges": [ { "events": [ { "fixed": "1.16.0_2" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "rainloop-php81" }, "ranges": [ { "events": [ { "fixed": "1.16.0_2" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "rainloop-community-php74" }, "ranges": [ { "events": [ { "fixed": "1.16.0_2" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "rainloop-community-php80" }, "ranges": [ { "events": [ { "fixed": "1.16.0_2" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "rainloop-community-php81" }, "ranges": [ { "events": [ { "fixed": "1.16.0_2" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://blog.sonarsource.com/rainloop-emails-at-risk-due-to-code-flaw" ], "discovery": "2022-04-19T00:00:00Z", "references": { "cvename": [ "CVE-2022-29360" ] }, "vid": "a8118db0-cac2-11ec-9288-0800270512f4" }, "details": "Simon Scannell reports:\n\n> The code vulnerability can be easily exploited by an attacker by\n> sending a malicious email to a victim that uses RainLoop as a mail\n> client. When the email is viewed by the victim, the attacker gains\n> full control over the session of the victim and can steal any of their\n> emails, including those that contain highly sensitive information such\n> as passwords, documents, and password reset links.\n", "id": "FreeBSD-2022-0097", "modified": "2022-05-03T00:00:00Z", "published": "2022-05-03T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://blog.sonarsource.com/rainloop-emails-at-risk-due-to-code-flaw" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-29360" }, { "type": "WEB", "url": "https://blog.sonarsource.com/rainloop-emails-at-risk-due-to-code-flaw" }, { "type": "WEB", "url": "https://github.com/RainLoop/rainloop-webmail/issues/2142" } ], "schema_version": "1.7.0", "summary": "rainloop -- cross-site-scripting (XSS) vulnerability" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "go" }, "ranges": [ { "events": [ { "fixed": "1.18.1,1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "go117" }, "ranges": [ { "events": [ { "fixed": "1.17.9" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://github.com/golang/go/issues/51853", "https://github.com/golang/go/issues/52075", "https://github.com/golang/go/issues/51759" ], "discovery": "2022-04-12T00:00:00Z", "references": { "cvename": [ "CVE-2022-24675", "CVE-2022-28327", "CVE-2022-27536" ] }, "vid": "61bce714-ca0c-11ec-9cfc-10c37b4ac2ea" }, "details": "The Go project reports:\n\n> encoding/pem: fix stack overflow in Decode.\n>\n> A large (more than 5 MB) PEM input can cause a stack overflow in\n> Decode, leading the program to crash.\n\n> crypto/elliptic: tolerate all oversized scalars in generic P-256.\n>\n> A crafted scalar input longer than 32 bytes can cause\n> P256().ScalarMult or P256().ScalarBaseMult to panic. Indirect uses\n> through crypto/ecdsa and crypto/tls are unaffected. amd64, arm64,\n> ppc64le, and s390x are unaffected.\n\n> crypto/x509: non-compliant certificates can cause a panic in Verify on\n> macOS in Go 1.18.\n>\n> Verifying certificate chains containing certificates which are not\n> compliant with RFC 5280 causes Certificate.Verify to panic on macOS.\n> These chains can be delivered through TLS and can cause a crypto/tls\n> or net/http client to crash.\n", "id": "FreeBSD-2022-0096", "modified": "2022-05-02T00:00:00Z", "published": "2022-05-02T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://github.com/golang/go/issues/51853" }, { "type": "REPORT", "url": "https://github.com/golang/go/issues/52075" }, { "type": "REPORT", "url": "https://github.com/golang/go/issues/51759" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-24675" }, { "type": "WEB", "url": "https://github.com/golang/go/issues/51853" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-28327" }, { "type": "WEB", "url": "https://github.com/golang/go/issues/52075" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-27536" }, { "type": "WEB", "url": "https://github.com/golang/go/issues/51759" } ], "schema_version": "1.7.0", "summary": "go -- multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "rubygem-actionpack52" }, "ranges": [ { "events": [ { "fixed": "5.2.7.1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "rubygem-actionpack60" }, "ranges": [ { "events": [ { "fixed": "6.0.4.8" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "rubygem-actionpack61" }, "ranges": [ { "events": [ { "fixed": "6.1.5.1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "rubygem-actionpack70" }, "ranges": [ { "events": [ { "fixed": "7.0.2.4" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "rubygem-actionview52" }, "ranges": [ { "events": [ { "fixed": "5.2.7.1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "rubygem-actionview60" }, "ranges": [ { "events": [ { "fixed": "6.0.4.8" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "rubygem-actionview61" }, "ranges": [ { "events": [ { "fixed": "6.1.5.1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "rubygem-actionview70" }, "ranges": [ { "events": [ { "fixed": "7.0.2.4" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://rubyonrails.org/2022/4/26/Rails-7-0-2-4-6-1-5-1-6-0-4-8-and-5-2-7-1-have-been-released" ], "discovery": "2022-04-26T00:00:00Z", "references": { "cvename": [ "CVE-2022-22577", "CVE-2022-27777" ] }, "vid": "9db93f3d-c725-11ec-9618-000d3ac47524" }, "details": "Ruby on Rails blog:\n\n> This is an announcement to let you know that Rails 7.0.2.4, 6.1.5.1,\n> 6.0.4.8, and 5.2.7.1 have been released!\n>\n> These are security releases so please update as soon as you can. Once\n> again we\\'ve made these releases based on the last release tag, so\n> hopefully upgrading will go smoothly.\n>\n> The releases address two vulnerabilities, CVE-2022-22577, and\n> CVS-2022-27777. They are both XSS vulnerabilities, so please take a\n> look at the forum posts to see how (or if) they might possibly impact\n> your application.\n", "id": "FreeBSD-2022-0095", "modified": "2022-04-30T00:00:00Z", "published": "2022-04-30T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://rubyonrails.org/2022/4/26/Rails-7-0-2-4-6-1-5-1-6-0-4-8-and-5-2-7-1-have-been-released" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-22577" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-27777" }, { "type": "WEB", "url": "https://rubyonrails.org/2022/4/26/Rails-7-0-2-4-6-1-5-1-6-0-4-8-and-5-2-7-1-have-been-released" } ], "schema_version": "1.7.0", "summary": "Rails -- XSS vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "hiredis" }, "ranges": [ { "events": [ { "fixed": "1.0.1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://github.com/redis/hiredis/security/advisories/GHSA-hfm9-39pp-55p2" ], "discovery": "2021-10-04T00:00:00Z", "references": { "cvename": [ "CVE-2021-32765" ] }, "vid": "2220827b-c732-11ec-b272-901b0e934d69" }, "details": "hiredis maintainers report:\n\n> Hiredis is vulnurable to integer overflow if provided maliciously\n> crafted or corrupted RESP mult-bulk protocol data. When parsing\n> multi-bulk (array-like) replies, hiredis fails to check if count \\*\n> sizeof(redisReply\\*) can be represented in SIZE_MAX. If it can not,\n> and the calloc() call doesn\\'t itself make this check, it would result\n> in a short allocation and subsequent buffer overflow.\n", "id": "FreeBSD-2022-0094", "modified": "2022-04-29T00:00:00Z", "published": "2022-04-29T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://github.com/redis/hiredis/security/advisories/GHSA-hfm9-39pp-55p2" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-32765" }, { "type": "ADVISORY", "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-32765" }, { "type": "WEB", "url": "https://github.com/redis/hiredis/security/advisories/GHSA-hfm9-39pp-55p2" } ], "schema_version": "1.7.0", "summary": "hiredis -- integer/buffer overflow" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "curl" }, "ranges": [ { "events": [ { "fixed": "7.83.0" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://curl.se/docs/vuln-7.82.0.html" ], "discovery": "2022-04-27T00:00:00Z", "references": { "cvename": [ "CVE-2022-22576", "CVE-2022-27774", "CVE-2022-27775", "CVE-2022-27776" ] }, "vid": "92a4d881-c6cf-11ec-a06f-d4c9ef517024" }, "details": "The cURL project reports:\n\n> - OAUTH2 bearer bypass in connection re-use (CVE-2022-22576)\n> - Credential leak on redirect (CVE-2022-27774)\n> - Bad local IPv6 connection reuse (CVE-2022-27775)\n> - Auth/cookie leak on redirect (CVE-2022-27776)\n", "id": "FreeBSD-2022-0093", "modified": "2022-04-28T00:00:00Z", "published": "2022-04-28T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://curl.se/docs/vuln-7.82.0.html" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-22576" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-27774" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-27775" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-27776" }, { "type": "WEB", "url": "https://curl.se/docs/vuln-7.82.0.html" } ], "schema_version": "1.7.0", "summary": "cURL -- Multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "chromium" }, "ranges": [ { "events": [ { "fixed": "101.0.4951.41" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://chromereleases.googleblog.com/2022/04/stable-channel-update-for-desktop_26.html" ], "discovery": "2022-04-26T00:00:00Z", "references": { "cvename": [ "CVE-2022-1477", "CVE-2022-1478", "CVE-2022-1479", "CVE-2022-1480", "CVE-2022-1481", "CVE-2022-1482", "CVE-2022-1483", "CVE-2022-1484", "CVE-2022-1485", "CVE-2022-1486", "CVE-2022-1487", "CVE-2022-1488", "CVE-2022-1489", "CVE-2022-1490", "CVE-2022-1491", "CVE-2022-1492", "CVE-2022-1493", "CVE-2022-1494", "CVE-2022-1495", "CVE-2022-1496", "CVE-2022-1497", "CVE-2022-1498", "CVE-2022-1499", "CVE-2022-1500", "CVE-2022-1501" ] }, "vid": "26f2123b-c6c6-11ec-b66f-3065ec8fd3ec" }, "details": "Chrome Releases reports:\n\n> This release contains 30 security fixes, including:\n>\n> - \\[1313905\\] High CVE-2022-1477: Use after free in Vulkan. Reported\n> by SeongHwan Park (SeHwa) on 2022-04-06\n> - \\[1299261\\] High CVE-2022-1478: Use after free in SwiftShader.\n> Reported by SeongHwan Park (SeHwa) on 2022-02-20\n> - \\[1305190\\] High CVE-2022-1479: Use after free in ANGLE. Reported by\n> Jeonghoon Shin of Theori on 2022-03-10\n> - \\[1307223\\] High CVE-2022-1480: Use after free in Device API.\n> Reported by \\@uwu7586 on 2022-03-17\n> - \\[1302949\\] High CVE-2022-1481: Use after free in Sharing. Reported\n> by Weipeng Jiang (@Krace) and Guang Gong of 360 Vulnerability\n> Research Institute on 2022-03-04\n> - \\[1304987\\] High CVE-2022-1482: Inappropriate implementation in\n> WebGL. Reported by Christoph Diehl, Microsoft on 2022-03-10\n> - \\[1314754\\] High CVE-2022-1483: Heap buffer overflow in WebGPU.\n> Reported by Mark Brand of Google Project Zero on 2022-04-08\n> - \\[1297429\\] Medium CVE-2022-1484: Heap buffer overflow in Web UI\n> Settings. Reported by Chaoyuan Peng (@ret2happy) on 2022-02-15\n> - \\[1299743\\] Medium CVE-2022-1485: Use after free in File System API.\n> Reported by Anonymous on 2022-02-22\n> - \\[1314616\\] Medium CVE-2022-1486: Type Confusion in V8. Reported by\n> Brendon Tiszka on 2022-04-08\n> - \\[1304368\\] Medium CVE-2022-1487: Use after free in Ozone. Reported\n> by Sri on 2022-03-09\n> - \\[1302959\\] Medium CVE-2022-1488: Inappropriate implementation in\n> Extensions API. Reported by Thomas Beverley from Wavebox.io on\n> 2022-03-04\n> - \\[1300561\\] Medium CVE-2022-1489: Out of bounds memory access in UI\n> Shelf. Reported by Khalil Zhani on 2022-02-25\n> - \\[1301840\\] Medium CVE-2022-1490: Use after free in Browser\n> Switcher. Reported by raven at KunLun lab on 2022-03-01\n> - \\[1305706\\] Medium CVE-2022-1491: Use after free in Bookmarks.\n> Reported by raven at KunLun lab on 2022-03-12\n> - \\[1315040\\] Medium CVE-2022-1492: Insufficient data validation in\n> Blink Editing. Reported by Michal Bentkowski of Securitum on\n> 2022-04-11\n> - \\[1275414\\] Medium CVE-2022-1493: Use after free in Dev Tools.\n> Reported by Zhihua Yao of KunLun Lab on 2021-12-01\n> - \\[1298122\\] Medium CVE-2022-1494: Insufficient data validation in\n> Trusted Types. Reported by Masato Kinugawa on 2022-02-17\n> - \\[1301180\\] Medium CVE-2022-1495: Incorrect security UI in\n> Downloads. Reported by Umar Farooq on 2022-02-28\n> - \\[1306391\\] Medium CVE-2022-1496: Use after free in File Manager.\n> Reported by Zhiyi Zhang and Zhunki from Codesafe Team of Legendsec\n> at Qi\\'anxin Group on 2022-03-15\n> - \\[1264543\\] Medium CVE-2022-1497: Inappropriate implementation in\n> Input. Reported by Abdulrahman Alqabandi, Microsoft Browser\n> Vulnerability Research on 2021-10-29\n> - \\[1297138\\] Low CVE-2022-1498: Inappropriate implementation in HTML\n> Parser. Reported by SeungJu Oh (@real_as3617) on 2022-02-14\n> - \\[1000408\\] Low CVE-2022-1499: Inappropriate implementation in\n> WebAuthentication. Reported by Jun Kokatsu, Microsoft Browser\n> Vulnerability Research on 2019-09-04\n> - \\[1223475\\] Low CVE-2022-1500: Insufficient data validation in Dev\n> Tools. Reported by Hoang Nguyen on 2021-06-25\n> - \\[1293191\\] Low CVE-2022-1501: Inappropriate implementation in\n> iframe. Reported by Oriol Brufau on 2022-02-02\n", "id": "FreeBSD-2022-0092", "modified": "2022-04-28T00:00:00Z", "published": "2022-04-28T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://chromereleases.googleblog.com/2022/04/stable-channel-update-for-desktop_26.html" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-1477" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-1478" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-1479" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-1480" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-1481" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-1482" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-1483" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-1484" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-1485" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-1486" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-1487" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-1488" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-1489" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-1490" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-1491" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-1492" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-1493" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-1494" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-1495" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-1496" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-1497" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-1498" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-1499" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-1500" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-1501" }, { "type": "WEB", "url": "https://chromereleases.googleblog.com/2022/04/stable-channel-update-for-desktop_26.html" } ], "schema_version": "1.7.0", "summary": "chromium -- multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "redis" }, "ranges": [ { "events": [ { "fixed": "6.2.7" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "redis-devel" }, "ranges": [ { "events": [ { "fixed": "7.0.0.20220428" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "redis62" }, "ranges": [ { "events": [ { "fixed": "6.2.7" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://groups.google.com/g/redis-db/c/7iWUlwtoDqU" ], "discovery": "2022-04-27T00:00:00Z", "references": { "cvename": [ "CVE-2022-24735", "CVE-2022-24736" ] }, "vid": "cc42db1c-c65f-11ec-ad96-0800270512f4" }, "details": "Aviv Yahav reports:\n\n> \n>\n> CVE-2022-24735\n> : By exploiting weaknesses in the Lua script execution environment,\n> an attacker with access to Redis can inject Lua code that will\n> execute with the (potentially higher) privileges of another Redis\n> user.\n>\n> CVE-2022-24736\n> : An attacker attempting to load a specially crafted Lua script can\n> cause NULL pointer dereference which will result with a crash of\n> the redis-server process.\n", "id": "FreeBSD-2022-0091", "modified": "2022-04-27T00:00:00Z", "published": "2022-04-27T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://groups.google.com/g/redis-db/c/7iWUlwtoDqU" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-24735" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-24736" }, { "type": "WEB", "url": "https://groups.google.com/g/redis-db/c/7iWUlwtoDqU" } ], "schema_version": "1.7.0", "summary": "redis -- Multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "ja-eb" }, "ranges": [ { "events": [ { "fixed": "4.4.3_5" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "mailto:edict@ring.gr.jp" ], "discovery": "2022-04-25T00:00:00Z", "vid": "17a30a24-c579-11ec-bbbd-0800270512f4" }, "details": "Kazuhiro Ito reports:\n\n> Potential buffer overrun vulnerability is found in eb/multiplex.c.\n", "id": "FreeBSD-2022-0090", "modified": "2022-04-26T00:00:00Z", "published": "2022-04-26T00:00:00Z", "references": [ { "type": "REPORT", "url": "mailto:edict@ring.gr.jp" }, { "type": "WEB", "url": "mailto:edict@ring.gr.jp" } ], "schema_version": "1.7.0", "summary": "eb -- Potential buffer overrun vulnerability" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "zeek" }, "ranges": [ { "events": [ { "fixed": "4.0.6" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://github.com/zeek/zeek/releases/tag/v4.0.6" ], "discovery": "2022-04-21T00:00:00Z", "vid": "a00c76d9-0c05-4d99-bef7-ae4521cb2a4d" }, "details": "Tim Wojtulewicz of Corelight reports:\n\n> Fix potential unbounded state growth in the FTP analyzer when\n> receiving a specially-crafted stream of commands. This may lead to a\n> buffer overflow and cause Zeek to crash. Due to the possibility of\n> this happening with packets received from the network, this is a\n> potential DoS vulnerabilty.\n", "id": "FreeBSD-2022-0089", "modified": "2022-04-21T00:00:00Z", "published": "2022-04-21T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://github.com/zeek/zeek/releases/tag/v4.0.6" }, { "type": "WEB", "url": "https://github.com/zeek/zeek/releases/tag/v4.0.6" } ], "schema_version": "1.7.0", "summary": "zeek -- potential DoS vulnerabilty" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "gzip" }, "ranges": [ { "events": [ { "fixed": "1.12" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://access.redhat.com/security/cve/cve-2022-1271" ], "discovery": "2022-04-07T00:00:00Z", "references": { "cvename": [ "CVE-2022-1271" ] }, "vid": "b019585a-bfea-11ec-b46c-b42e991fc52e" }, "details": "RedHat reports:\n\n> An arbitrary file write vulnerability was found in GNU gzip\\'s zgrep\n> utility. When zgrep is applied on the attacker\\'s chosen file name\n> (for example, a crafted file name), this can overwrite an attacker\\'s\n> content to an arbitrary attacker-selected file. This flaw occurs due\n> to insufficient validation when processing filenames with two or more\n> newlines where selected content and the target file names are embedded\n> in crafted multi-line file names. This flaw allows a remote, low\n> privileged attacker to force zgrep to write arbitrary files on the\n> system.\n", "id": "FreeBSD-2022-0088", "modified": "2022-04-19T00:00:00Z", "published": "2022-04-19T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://access.redhat.com/security/cve/cve-2022-1271" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-1271" }, { "type": "REPORT", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2073310" } ], "schema_version": "1.7.0", "summary": "zgrep -- arbitrary file write" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "nextcloud-calendar" }, "ranges": [ { "events": [ { "fixed": "3.2.2" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://github.com/nextcloud/security-advisories/security/advisories/GHSA-8xv5-4855-24qf" ], "discovery": "2022-04-11T00:00:00Z", "references": { "cvename": [ "CVE-2022-24838" ] }, "vid": "2a314635-be46-11ec-a06f-d4c9ef517024" }, "details": "reports:\n\n> SMTP Command Injection in Appointment Emails via Newlines: as newlines\n> and special characters are not sanitized in the email value in the\n> JSON request, a malicious attacker can inject newlines to break out of\n> the \\`RCPT TO:\\\\` SMTP command and begin\n> injecting arbitrary SMTP commands.\n", "id": "FreeBSD-2022-0087", "modified": "2022-04-17T00:00:00Z", "published": "2022-04-17T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://github.com/nextcloud/security-advisories/security/advisories/GHSA-8xv5-4855-24qf" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-24838" }, { "type": "WEB", "url": "https://github.com/nextcloud/security-advisories/security/advisories/GHSA-8xv5-4855-24qf" } ], "schema_version": "1.7.0", "summary": "Nextcloud Calendar -- SMTP Command Injection" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "mysql57-server" }, "ranges": [ { "events": [ { "fixed": "5.7.38" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "mysql80-client" }, "ranges": [ { "events": [ { "fixed": "8.0.29" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "mysql80-server" }, "ranges": [ { "events": [ { "fixed": "8.0.29" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://www.oracle.com/security-alerts/cpuapr2022.html" ], "discovery": "2022-04-16T00:00:00Z", "references": { "cvename": [ "CVE-2022-0778", "CVE-2021-22570", "CVE-2022-0778", "CVE-2022-21454", "CVE-2022-21482", "CVE-2022-21483", "CVE-2022-21489", "CVE-2022-21490", "CVE-2022-21457", "CVE-2022-21425", "CVE-2022-21440", "CVE-2022-21459", "CVE-2022-21478", "CVE-2022-21479", "CVE-2022-21418", "CVE-2022-21417", "CVE-2022-21413", "CVE-2022-21427", "CVE-2022-21412", "CVE-2022-21414", "CVE-2022-21435", "CVE-2022-21436", "CVE-2022-21437", "CVE-2022-21438", "CVE-2022-21452", "CVE-2022-21462", "CVE-2022-21415", "CVE-2022-21451", "CVE-2022-21444", "CVE-2022-21460", "CVE-2022-21484", "CVE-2022-21485", "CVE-2022-21486", "CVE-2022-21423" ] }, "vid": "add683be-bd76-11ec-a06f-d4c9ef517024" }, "details": "Oracle reports:\n\n> The 2022 April Critical Patch Update contains 43 new security patches\n> for Oracle MySQL. 11 of these vulnerabilities may be remotely\n> exploitable without authentication, i.e., may be exploited over a\n> network without requiring user credentials.\n", "id": "FreeBSD-2022-0086", "modified": "2022-05-23T00:00:00Z", "published": "2022-04-16T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://www.oracle.com/security-alerts/cpuapr2022.html" }, { "type": "WEB", "url": "https://www.oracle.com/security-alerts/cpuapr2022.html" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-0778" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-22570" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-0778" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-21454" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-21482" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-21483" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-21489" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-21490" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-21457" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-21425" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-21440" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-21459" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-21478" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-21479" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-21418" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-21417" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-21413" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-21427" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-21412" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-21414" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-21435" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-21436" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-21437" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-21438" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-21452" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-21462" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-21415" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-21451" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-21444" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-21460" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-21484" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-21485" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-21486" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-21423" } ], "schema_version": "1.7.0", "summary": "MySQL -- Multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "chromium" }, "ranges": [ { "events": [ { "fixed": "100.0.4896.127" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://chromereleases.googleblog.com/2022/04/stable-channel-update-for-desktop_14.html" ], "discovery": "2022-04-14T00:00:00Z", "references": { "cvename": [ "CVE-2022-1364" ] }, "vid": "a25ea27b-bced-11ec-87b5-3065ec8fd3ec" }, "details": "Chrome Releases reports:\n\n> This release contains 2 security fixes, including:\n>\n> - \\[1315901\\] High CVE-2022-1364: Type Confusion in V8. Reported by\n> Cl\u00e9ment Lecigne of Google\\'s Threat Analysis Group on 2022-0-13\n", "id": "FreeBSD-2022-0085", "modified": "2022-04-15T00:00:00Z", "published": "2022-04-15T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://chromereleases.googleblog.com/2022/04/stable-channel-update-for-desktop_14.html" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-1364" }, { "type": "WEB", "url": "https://chromereleases.googleblog.com/2022/04/stable-channel-update-for-desktop_14.html" } ], "schema_version": "1.7.0", "summary": "chromium -- multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "asterisk16" }, "ranges": [ { "events": [ { "fixed": "16.25.2" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "asterisk18" }, "ranges": [ { "events": [ { "fixed": "18.11.2" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://www.asterisk.org/downloads/security-advisories/" ], "discovery": "2022-04-14T00:00:00Z", "references": { "cvename": [ "CVE-2022-26651" ] }, "vid": "a5de43ed-bc49-11ec-b516-0897988a1c07" }, "details": "The Asterisk project reports:\n\n> Some databases can use backslashes to escape certain characters, such\n> as backticks. If input is provided to func_odbc which includes\n> backslashes it is possible for func_odbc to construct a broken SQL\n> query and the SQL query to fail.\n", "id": "FreeBSD-2022-0084", "modified": "2022-04-14T00:00:00Z", "published": "2022-04-14T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://www.asterisk.org/downloads/security-advisories/" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-26651" }, { "type": "WEB", "url": "https://downloads.asterisk.org/pub/security/AST-2022-003.html" } ], "schema_version": "1.7.0", "summary": "Asterisk -- func_odbc: Possible SQL Injection" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "asterisk16" }, "ranges": [ { "events": [ { "introduced": "16.15.0,1" }, { "fixed": "16.25.2" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "asterisk18" }, "ranges": [ { "events": [ { "fixed": "18.11.2" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://www.asterisk.org/downloads/security-advisories/" ], "discovery": "2022-04-14T00:00:00Z", "references": { "cvename": [ "CVE-2022-26498", "CVE-2022-26499" ] }, "vid": "8838abf0-bc47-11ec-b516-0897988a1c07" }, "details": "The Asterisk project reports:\n\n> AST-2022-001 - When using STIR/SHAKEN, its possible to download files\n> that are not certificates. These files could be much larger than what\n> you would expect to download.\n>\n> AST-2022-002 - When using STIR/SHAKEN, its possible to send arbitrary\n> requests like GET to interfaces such as localhost using the Identity\n> header.\n", "id": "FreeBSD-2022-0083", "modified": "2022-04-14T00:00:00Z", "published": "2022-04-14T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://www.asterisk.org/downloads/security-advisories/" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-26498" }, { "type": "WEB", "url": "https://downloads.asterisk.org/pub/security/AST-2022-001.html" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-26499" }, { "type": "WEB", "url": "https://downloads.asterisk.org/pub/security/AST-2022-002.html" } ], "schema_version": "1.7.0", "summary": "Asterisk -- multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "php74-composer" }, "ranges": [ { "events": [ { "fixed": "1.10.26" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "php80-composer" }, "ranges": [ { "events": [ { "fixed": "1.10.26" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "php81-composer" }, "ranges": [ { "events": [ { "fixed": "1.10.26" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "php74-composer2" }, "ranges": [ { "events": [ { "introduced": "2.0.0" }, { "fixed": "2.2.12" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "2.3.0" }, { "fixed": "2.3.5" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "php80-composer2" }, "ranges": [ { "events": [ { "introduced": "2.0.0" }, { "fixed": "2.2.12" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "2.3.0" }, { "fixed": "2.3.5" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "php81-composer2" }, "ranges": [ { "events": [ { "introduced": "2.0.0" }, { "fixed": "2.2.12" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "2.3.0" }, { "fixed": "2.3.5" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://github.com/composer/composer/security/advisories/GHSA-x7cr-6qr6-2hh6" ], "discovery": "2022-04-13T00:00:00Z", "references": { "cvename": [ "CVE-2022-24828" ] }, "vid": "24a9bd2b-bb43-11ec-af81-0897988a1c07" }, "details": "Composer developers reports:\n\n> The Composer method VcsDriver::getFileContent() with user-controlled\n> \\$file or \\$identifier arguments is susceptible to an argument\n> injection vulnerability. It can be leveraged to gain arbitrary command\n> execution if the Mercurial or the Git driver are used.\n", "id": "FreeBSD-2022-0082", "modified": "2022-04-13T00:00:00Z", "published": "2022-04-13T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://github.com/composer/composer/security/advisories/GHSA-x7cr-6qr6-2hh6" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-24828" }, { "type": "WEB", "url": "https://github.com/composer/composer/security/advisories/GHSA-x7cr-6qr6-2hh6" } ], "schema_version": "1.7.0", "summary": "Composer -- Command injection vulnerability" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "subversion" }, "ranges": [ { "events": [ { "introduced": "1.10.0" }, { "fixed": "1.10.8" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "1.11.0" }, { "fixed": "1.14.2" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "mod_dav_svn" }, "ranges": [ { "events": [ { "introduced": "1.10.0" }, { "fixed": "1.10.8" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "1.11.0" }, { "fixed": "1.14.2" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "subversion-lts" }, "ranges": [ { "events": [ { "introduced": "1.10.0" }, { "fixed": "1.10.8" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "mod_dav_svn-lts" }, "ranges": [ { "events": [ { "introduced": "1.10.0" }, { "fixed": "1.10.8" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://subversion.apache.org/security/CVE-2021-28544-advisory.txt", "https://subversion.apache.org/security/CVE-2022-24070-advisory.txt" ], "discovery": "2022-04-12T00:00:00Z", "references": { "cvename": [ "CVE-2021-28544", "CVE-2022-24070" ] }, "vid": "3a1dc8c8-bb27-11ec-98d1-d43d7eed0ce2" }, "details": "Subversion project reports:\n\n> Subversion servers reveal \\'copyfrom\\' paths that should be hidden\n> according to configured path-based authorization (authz) rules. When a\n> node has been copied from a protected location, users with access to\n> the copy can see the \\'copyfrom\\' path of the original. This also\n> reveals the fact that the node was copied. Only the \\'copyfrom\\' path\n> is revealed; not its contents. Both httpd and svnserve servers are\n> vulnerable.\n\n> While looking up path-based authorization rules, mod_dav_svn servers\n> may attempt to use memory which has already been freed.\n", "id": "FreeBSD-2022-0081", "modified": "2022-04-13T00:00:00Z", "published": "2022-04-13T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://subversion.apache.org/security/CVE-2021-28544-advisory.txt" }, { "type": "REPORT", "url": "https://subversion.apache.org/security/CVE-2022-24070-advisory.txt" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-28544" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-24070" }, { "type": "WEB", "url": "https://subversion.apache.org/security/CVE-2021-28544-advisory.txt" }, { "type": "WEB", "url": "https://subversion.apache.org/security/CVE-2022-24070-advisory.txt" } ], "schema_version": "1.7.0", "summary": "Subversion -- Multiple vulnerabilities in server code" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "ruby" }, "ranges": [ { "events": [ { "introduced": "2.7.0,1" }, { "fixed": "2.7.6,1" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "3.0.0,1" }, { "fixed": "3.0.4,1" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "3.1.0,1" }, { "fixed": "3.1.2,1" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "3.2.0.p1,1" }, { "fixed": "3.2.0.p1_1,1" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "ruby27" }, "ranges": [ { "events": [ { "introduced": "2.7.0,1" }, { "fixed": "2.7.6,1" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "ruby30" }, "ranges": [ { "events": [ { "introduced": "3.0.0,1" }, { "fixed": "3.0.4,1" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "ruby31" }, "ranges": [ { "events": [ { "introduced": "3.1.0,1" }, { "fixed": "3.1.2,1" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "ruby32" }, "ranges": [ { "events": [ { "introduced": "3.2.0.p1,1" }, { "fixed": "3.2.0.p1_1,1" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://www.ruby-lang.org/en/news/2022/04/12/buffer-overrun-in-string-to-float-cve-2022-28739/" ], "discovery": "2022-04-12T00:00:00Z", "references": { "cvename": [ "CVE-2022-28739" ] }, "vid": "06ed6a49-bad4-11ec-9cfe-0800270512f4" }, "details": "piao reports:\n\n> Due to a bug in an internal function that converts a String to a\n> Float, some convertion methods like `Kernel#Float` and `String#to_f`\n> could cause buffer over-read. A typical consequence is a process\n> termination due to segmentation fault, but in a limited circumstances,\n> it may be exploitable for illegal memory read.\n", "id": "FreeBSD-2022-0080", "modified": "2022-04-13T00:00:00Z", "published": "2022-04-13T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://www.ruby-lang.org/en/news/2022/04/12/buffer-overrun-in-string-to-float-cve-2022-28739/" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-28739" }, { "type": "WEB", "url": "https://www.ruby-lang.org/en/news/2022/04/12/buffer-overrun-in-string-to-float-cve-2022-28739/" } ], "schema_version": "1.7.0", "summary": "Ruby -- Buffer overrun in String-to-Float conversion" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "ruby" }, "ranges": [ { "events": [ { "introduced": "3.0.0,1" }, { "fixed": "3.0.4,1" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "3.1.0,1" }, { "fixed": "3.1.2,1" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "3.2.0.p1,1" }, { "fixed": "3.2.0.p1_1,1" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "ruby30" }, "ranges": [ { "events": [ { "introduced": "3.0.0,1" }, { "fixed": "3.0.4,1" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "ruby31" }, "ranges": [ { "events": [ { "introduced": "3.1.0,1" }, { "fixed": "3.1.2,1" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "ruby32" }, "ranges": [ { "events": [ { "introduced": "3.2.0.p1,1" }, { "fixed": "3.2.0.p1_1,1" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://www.ruby-lang.org/en/news/2022/04/12/double-free-in-regexp-compilation-cve-2022-28738/" ], "discovery": "2022-04-12T00:00:00Z", "references": { "cvename": [ "CVE-2022-28738" ] }, "vid": "f22144d7-bad1-11ec-9cfe-0800270512f4" }, "details": "piao reports:\n\n> Due to a bug in the Regexp compilation process, creating a Regexp\n> object with a crafted source string could cause the same memory to be\n> freed twice. This is known as a \\\"double free\\\" vulnerability. Note\n> that, in general, it is considered unsafe to create and use a Regexp\n> object generated from untrusted input. In this case, however,\n> following a comprehensive assessment, we treat this issue as a\n> vulnerability.\n", "id": "FreeBSD-2022-0079", "modified": "2022-04-13T00:00:00Z", "published": "2022-04-13T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://www.ruby-lang.org/en/news/2022/04/12/double-free-in-regexp-compilation-cve-2022-28738/" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-28738" }, { "type": "WEB", "url": "https://www.ruby-lang.org/en/news/2022/04/12/double-free-in-regexp-compilation-cve-2022-28738/" } ], "schema_version": "1.7.0", "summary": "Ruby -- Double free in Regexp compilation" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "mutt" }, "ranges": [ { "events": [ { "fixed": "2.2.3" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://gitlab.com/muttmua/mutt/-/issues/404" ], "discovery": "2022-04-04T00:00:00Z", "references": { "cvename": [ "CVE-2022-1328" ] }, "vid": "6eb9cf14-bab0-11ec-8f59-4437e6ad11c4" }, "details": "Tavis Ormandy reports:\n\n> mutt_decode_uuencoded(), the line length is read from the untrusted\n> uuencoded part without validation. This could result in including\n> private memory in message parts, for example fragments of other\n> messages, passphrases or keys in replys\n", "id": "FreeBSD-2022-0078", "modified": "2022-04-12T00:00:00Z", "published": "2022-04-12T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://gitlab.com/muttmua/mutt/-/issues/404" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-1328" }, { "type": "WEB", "url": "https://gitlab.com/muttmua/mutt/-/issues/404" } ], "schema_version": "1.7.0", "summary": "mutt -- mutt_decode_uuencoded() can read past the of the input line" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "chromium" }, "ranges": [ { "events": [ { "fixed": "100.0.4896.88" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://chromereleases.googleblog.com/2022/04/stable-channel-update-for-desktop_11.html" ], "discovery": "2022-04-11T00:00:00Z", "references": { "cvename": [ "CVE-2022-1305", "CVE-2022-1306", "CVE-2022-1307", "CVE-2022-1308", "CVE-2022-1309", "CVE-2022-1310", "CVE-2022-1311", "CVE-2022-1312", "CVE-2022-1313", "CVE-2022-1314" ] }, "vid": "b582a85a-ba4a-11ec-8d1e-3065ec8fd3ec" }, "details": "Chrome Releases reports:\n\n> This release contains 11 security fixes, including:\n>\n> - \\[1285234\\] High CVE-2022-1305: Use after free in storage. Reported\n> by Anonymous on 2022-01-07\n> - \\[1299287\\] High CVE-2022-1306: Inappropriate implementation in\n> compositing. Reported by Sven Dysthe on 2022-02-21\n> - \\[1301873\\] High CVE-2022-1307: Inappropriate implementation in full\n> screen. Reported by Irvan Kurniawan (sourc7) on 2022-03-01\n> - \\[1283050\\] High CVE-2022-1308: Use after free in BFCache. Reported\n> by Samet Bekmezci (@sametbekmezci) on 2021-12-28\n> - \\[1106456\\] High CVE-2022-1309: Insufficient policy enforcement in\n> developer tools. Reported by David Erceg on 2020-07-17\n> - \\[1307610\\] High CVE-2022-1310: Use after free in regular\n> expressions. Reported by Brendon Tiszka on 2022-03-18\n> - \\[1310717\\] High CVE-2022-1311: Use after free in Chrome OS shell.\n> Reported by Nan Wang (@eternalsakura13) and Guang Gong of 360 Alpha\n> Lab on 2022-03-28\n> - \\[1311701\\] High CVE-2022-1312: Use after free in storage. Reported\n> by Leecraso and Guang Gong of 360 Vulnerability Research Institute\n> on 2022-03-30\n> - \\[1270539\\] Medium CVE-2022-1313: Use after free in tab groups.\n> Reported by Thomas Orlita on 2021-11-16\n> - \\[1304658\\] Medium CVE-2022-1314: Type Confusion in V8. Reported by\n> Bohan Liu (@P4nda20371774) of Tencent Security Xuanwu Lab on\n> 2022-03-09\n", "id": "FreeBSD-2022-0077", "modified": "2022-04-12T00:00:00Z", "published": "2022-04-12T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://chromereleases.googleblog.com/2022/04/stable-channel-update-for-desktop_11.html" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-1305" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-1306" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-1307" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-1308" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-1309" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-1310" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-1311" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-1312" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-1313" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-1314" }, { "type": "WEB", "url": "https://chromereleases.googleblog.com/2022/04/stable-channel-update-for-desktop_11.html" } ], "schema_version": "1.7.0", "summary": "Chromium -- mulitple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "py37-django22" }, "ranges": [ { "events": [ { "fixed": "2.2.28" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "py38-django22" }, "ranges": [ { "events": [ { "fixed": "2.2.28" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "py39-django22" }, "ranges": [ { "events": [ { "fixed": "2.2.28" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "py310-django22" }, "ranges": [ { "events": [ { "fixed": "2.2.28" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "py37-django32" }, "ranges": [ { "events": [ { "fixed": "3.2.13" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "py38-django32" }, "ranges": [ { "events": [ { "fixed": "3.2.13" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "py39-django32" }, "ranges": [ { "events": [ { "fixed": "3.2.13" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "py310-django32" }, "ranges": [ { "events": [ { "fixed": "3.2.13" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "py38-django40" }, "ranges": [ { "events": [ { "fixed": "4.0.4" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "py39-django40" }, "ranges": [ { "events": [ { "fixed": "4.0.4" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "py310-django40" }, "ranges": [ { "events": [ { "fixed": "4.0.4" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://www.djangoproject.com/weblog/2022/apr/11/security-releases/" ], "discovery": "2022-04-02T00:00:00Z", "references": { "cvename": [ "CVE-2022-28346", "CVE-2022-28347" ] }, "vid": "0db46f84-b9fa-11ec-89df-080027240888" }, "details": "Django Release reports:\n\n> CVE-2022-28346: Potential SQL injection in QuerySet.annotate(),\n> aggregate(), and extra().\n>\n> CVE-2022-28347: Potential SQL injection via\n> QuerySet.explain(\\*\\*options) on PostgreSQL.\n", "id": "FreeBSD-2022-0076", "modified": "2022-04-12T00:00:00Z", "published": "2022-04-12T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://www.djangoproject.com/weblog/2022/apr/11/security-releases/" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-28346" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-28347" }, { "type": "WEB", "url": "https://www.djangoproject.com/weblog/2022/apr/11/security-releases/" } ], "schema_version": "1.7.0", "summary": "Django -- multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "FreeBSD" }, "ranges": [ { "events": [ { "introduced": "13.0" }, { "fixed": "13.0_11" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "12.3" }, { "fixed": "12.3_5" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "discovery": "2022-04-06T00:00:00Z", "references": { "cvename": [ "CVE-2018-25032" ], "freebsdsa": [ "SA-22:08.zlib" ] }, "vid": "38f2e3a0-b61e-11ec-9ebc-1c697aa5a594" }, "details": "# Problem Description:\n\nCertain inputs can cause zlib\\'s compression routine to overwrite an\ninternal buffer with compressed data. This issue may require the use of\nuncommon or non-default compression parameters.\n\n# Impact:\n\nThe out-of-bounds write may result in memory corruption and an\napplication crash or kernel panic.\n", "id": "FreeBSD-2022-0075", "modified": "2022-04-07T00:00:00Z", "published": "2022-04-07T00:00:00Z", "references": [ { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-25032" }, { "type": "ADVISORY", "url": "https://www.freebsd.org/security/advisories/FreeBSD-SA-22:08.zlib.asc" } ], "schema_version": "1.7.0", "summary": "FreeBSD -- zlib compression out-of-bounds write" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:kernel", "name": "FreeBSD-kernel" }, "ranges": [ { "events": [ { "introduced": "13.0" }, { "fixed": "13.0_11" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "12.3" }, { "fixed": "12.3_5" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "discovery": "2022-04-06T00:00:00Z", "references": { "cvename": [ "CVE-2022-23088" ], "freebsdsa": [ "SA-22:07.wifi_meshid" ] }, "vid": "d4cc994f-b61d-11ec-9ebc-1c697aa5a594" }, "details": "# Problem Description:\n\nThe 802.11 beacon handling routine failed to validate the length of an\nIEEE 802.11s Mesh ID before copying it to a heap-allocated buffer.\n\n# Impact:\n\nWhile a FreeBSD Wi-Fi client is in scanning mode (i.e., not associated\nwith a SSID) a malicious beacon frame may overwrite kernel memory,\nleading to remote code execution.\n", "id": "FreeBSD-2022-0074", "modified": "2022-04-07T00:00:00Z", "published": "2022-04-07T00:00:00Z", "references": [ { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-23088" }, { "type": "ADVISORY", "url": "https://www.freebsd.org/security/advisories/FreeBSD-SA-22:07.wifi_meshid.asc" } ], "schema_version": "1.7.0", "summary": "FreeBSD -- 802.11 heap buffer overflow" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:kernel", "name": "FreeBSD-kernel" }, "ranges": [ { "events": [ { "introduced": "13.0" }, { "fixed": "13.0_11" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "12.3" }, { "fixed": "12.3_5" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "discovery": "2022-04-06T00:00:00Z", "references": { "cvename": [ "CVE-2022-23086" ], "freebsdsa": [ "SA-22:06.ioctl" ] }, "vid": "703c4761-b61d-11ec-9ebc-1c697aa5a594" }, "details": "# Problem Description:\n\nHandlers for \\*\\_CFG_PAGE read / write ioctls in the mpr, mps, and mpt\ndrivers allocated a buffer of a caller-specified size, but copied to it\na fixed size header. Other heap content would be overwritten if the\nspecified size was too small.\n\n# Impact:\n\nUsers with access to the mpr, mps or mpt device node may overwrite heap\ndata, potentially resulting in privilege escalation. Note that the\ndevice node is only accessible to root and members of the operator\ngroup.\n", "id": "FreeBSD-2022-0073", "modified": "2022-04-07T00:00:00Z", "published": "2022-04-07T00:00:00Z", "references": [ { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-23086" }, { "type": "ADVISORY", "url": "https://www.freebsd.org/security/advisories/FreeBSD-SA-22:06.ioctl.asc" } ], "schema_version": "1.7.0", "summary": "FreeBSD -- mpr/mps/mpt driver ioctl heap out-of-bounds write" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:kernel", "name": "FreeBSD-kernel" }, "ranges": [ { "events": [ { "introduced": "13.0" }, { "fixed": "13.0_11" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "12.3" }, { "fixed": "12.3_5" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "discovery": "2022-04-06T00:00:00Z", "references": { "cvename": [ "CVE-2022-23087" ], "freebsdsa": [ "SA-22:05.bhyve" ] }, "vid": "ba796b98-b61c-11ec-9ebc-1c697aa5a594" }, "details": "# Problem Description:\n\nThe e1000 network adapters permit a variety of modifications to an\nEthernet packet when it is being transmitted. These include the\ninsertion of IP and TCP checksums, insertion of an Ethernet VLAN header,\nand TCP segmentation offload (\\\"TSO\\\"). The e1000 device model uses an\non-stack buffer to generate the modified packet header when simulating\nthese modifications on transmitted packets.\n\nWhen checksum offload is requested for a transmitted packet, the e1000\ndevice model used a guest-provided value to specify the checksum offset\nin the on-stack buffer. The offset was not validated for certain packet\ntypes.\n\n# Impact:\n\nA misbehaving bhyve guest could overwrite memory in the bhyve process on\nthe host, possibly leading to code execution in the host context.\n\nThe bhyve process runs in a Capsicum sandbox, which (depending on the\nFreeBSD version and bhyve configuration) limits the impact of exploiting\nthis issue.\n", "id": "FreeBSD-2022-0072", "modified": "2022-04-07T00:00:00Z", "published": "2022-04-07T00:00:00Z", "references": [ { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-23087" }, { "type": "ADVISORY", "url": "https://www.freebsd.org/security/advisories/FreeBSD-SA-22:05.bhyve.asc" } ], "schema_version": "1.7.0", "summary": "FreeBSD -- Bhyve e82545 device emulation out-of-bounds write" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:kernel", "name": "FreeBSD-kernel" }, "ranges": [ { "events": [ { "introduced": "13.0" }, { "fixed": "13.0_11" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "12.3" }, { "fixed": "12.3_5" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "discovery": "2022-04-06T00:00:00Z", "references": { "cvename": [ "CVE-2022-23084", "CVE-2022-23085" ], "freebsdsa": [ "SA-22:04.netmap" ] }, "vid": "27d39055-b61b-11ec-9ebc-1c697aa5a594" }, "details": "# Problem Description:\n\nThe total size of the user-provided nmreq to nmreq_copyin() was first\ncomputed and then trusted during the copyin. This time-of-check to\ntime-of-use bug could lead to kernel memory corruption.\n\\[CVE-2022-23084\\]\n\nA user-provided integer option was passed to nmreq_copyin() without\nchecking if it would overflow. This insufficient bounds checking could\nlead to kernel memory corruption. \\[CVE-2022-23085\\]\n\n# Impact:\n\nOn systems configured to include netmap in their devfs_ruleset, a\nprivileged process running in a jail can affect the host environment.\n", "id": "FreeBSD-2022-0071", "modified": "2022-04-07T00:00:00Z", "published": "2022-04-07T00:00:00Z", "references": [ { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-23084" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-23085" }, { "type": "ADVISORY", "url": "https://www.freebsd.org/security/advisories/FreeBSD-SA-22:04.netmap.asc" } ], "schema_version": "1.7.0", "summary": "FreeBSD -- Potential jail escape vulnerabilities in netmap" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "chromium" }, "ranges": [ { "events": [ { "fixed": "100.0.4896.75" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://chromereleases.googleblog.com/2022/04/stable-channel-update-for-desktop.html" ], "discovery": "2022-04-04T00:00:00Z", "references": { "cvename": [ "CVE-2022-1232" ] }, "vid": "fe15f30a-b4c9-11ec-94a3-3065ec8fd3ec" }, "details": "Chrome Releases reports:\n\n> This release includes one security fix:\n>\n> - \\[1311641\\] High CVE-2022-1232: Type Confusion in V8. Reported by\n> Sergei Glazunov of Google Project Zero on 2022-03-30\n", "id": "FreeBSD-2022-0070", "modified": "2022-04-05T00:00:00Z", "published": "2022-04-05T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://chromereleases.googleblog.com/2022/04/stable-channel-update-for-desktop.html" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-1232" }, { "type": "WEB", "url": "https://chromereleases.googleblog.com/2022/04/stable-channel-update-for-desktop.html" } ], "schema_version": "1.7.0", "summary": "chromium -- Type confusion in V8" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "gitlab-ce" }, "ranges": [ { "events": [ { "introduced": "14.9.0" }, { "fixed": "14.9.2" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "14.8.0" }, { "fixed": "14.8.5" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "0" }, { "fixed": "14.7.7" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://about.gitlab.com/releases/2022/03/31/critical-security-release-gitlab-14-9-2-released/" ], "discovery": "2022-03-31T00:00:00Z", "references": { "cvename": [ "CVE-2022-1162", "CVE-2022-1175", "CVE-2022-1190", "CVE-2022-1185", "CVE-2022-1148", "CVE-2022-1121", "CVE-2022-1120", "CVE-2022-1100", "CVE-2022-1193", "CVE-2022-1105", "CVE-2022-1099", "CVE-2022-1174", "CVE-2022-1188", "CVE-2022-0740", "CVE-2022-1189", "CVE-2022-1157", "CVE-2022-1111" ] }, "vid": "8657eedd-b423-11ec-9559-001b217b3468" }, "details": "Gitlab reports:\n\n> Static passwords inadvertently set during OmniAuth-based registration\n>\n> Stored XSS in notes\n>\n> Stored XSS on Multi-word milestone reference\n>\n> Denial of service caused by a specially crafted RDoc file\n>\n> GitLab Pages access tokens can be reused on multiple domains\n>\n> GitLab Pages uses default (disabled) server Timeouts and a weak TCP\n> Keep-Alive timeout\n>\n> Incorrect include in pipeline definition exposes masked CI variables\n> in UI\n>\n> Regular expression denial of service in release asset link\n>\n> Latest Commit details from private projects leaked to guest users via\n> Merge Requests\n>\n> CI/CD analytics are available even when public pipelines are disabled\n>\n> Absence of limit for the number of tags that can be added to a runner\n> can cause performance issues\n>\n> Client DoS through rendering crafted comments\n>\n> Blind SSRF Through Repository Mirroring\n>\n> Bypass of branch restriction in Asana integration\n>\n> Readable approval rules by Guest user\n>\n> Redact InvalidURIError error messages\n>\n> Project import maps members\\' created_by_id users based on source user\n> ID\n", "id": "FreeBSD-2022-0069", "modified": "2022-04-04T00:00:00Z", "published": "2022-04-04T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://about.gitlab.com/releases/2022/03/31/critical-security-release-gitlab-14-9-2-released/" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-1162" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-1175" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-1190" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-1185" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-1148" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-1121" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-1120" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-1100" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-1193" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-1105" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-1099" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-1174" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-1188" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-0740" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-1189" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-1157" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-1111" }, { "type": "WEB", "url": "https://about.gitlab.com/releases/2022/03/31/critical-security-release-gitlab-14-9-2-released/" } ], "schema_version": "1.7.0", "summary": "Gitlab -- multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "mediawiki135" }, "ranges": [ { "events": [ { "fixed": "1.35.6" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "mediawiki136" }, "ranges": [ { "events": [ { "fixed": "1.36.4" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "mediawiki137" }, "ranges": [ { "events": [ { "fixed": "1.37.2" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://lists.wikimedia.org/hyperkitty/list/mediawiki-announce@lists.wikimedia.org/message/YJNXKPV5Z56NSUQ4G3SXPDUIZG5EQ7UR/" ], "discovery": "2021-12-12T00:00:00Z", "references": { "cvename": [ "CVE-2022-28201", "CVE-2022-28202", "CVE-2022-28203", "CVE-2022-28204" ] }, "vid": "79ea6066-b40e-11ec-8b93-080027b24e86" }, "details": "Mediawiki reports:\n\n> (T297543, CVE-2022-28202) Messages widthheight/widthheightpage/nbytes\n> not escaped when used in galleries or Special:RevisionDelete.\n>\n> (T297571, CVE-2022-28201) Title::newMainPage() goes into an infinite\n> recursion loop if it points to a local interwiki.\n>\n> (T297731, CVE-2022-28203) Requesting Special:NewFiles on a wiki with\n> many file uploads with actor as a condition can result in a DoS.\n>\n> (T297754, CVE-2022-28204) Special:WhatLinksHere can result in a DoS\n> when a page is used on a extremely large number of other pages.\n", "id": "FreeBSD-2022-0068", "modified": "2022-04-04T00:00:00Z", "published": "2022-04-04T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://lists.wikimedia.org/hyperkitty/list/mediawiki-announce@lists.wikimedia.org/message/YJNXKPV5Z56NSUQ4G3SXPDUIZG5EQ7UR/" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-28201" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-28202" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-28203" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-28204" }, { "type": "WEB", "url": "https://lists.wikimedia.org/hyperkitty/list/mediawiki-announce@lists.wikimedia.org/message/YJNXKPV5Z56NSUQ4G3SXPDUIZG5EQ7UR/" } ], "schema_version": "1.7.0", "summary": "mediawiki -- multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "dnsmasq" }, "ranges": [ { "events": [ { "fixed": "2.86_4,1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "dnsmasq-devel" }, "ranges": [ { "events": [ { "fixed": "2.86_4,1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/2022q1/016272.html" ], "discovery": "2022-03-31T00:00:00Z", "references": { "cvename": [ "CVE-2022-0934" ] }, "vid": "3f321a5a-b33b-11ec-80c2-1bb2c6a00592" }, "details": "Petr Men\u0161\u00edk reports:\n\n> Possible vulnerability \\[\\...\\] found in latest dnsmasq. It \\[was\\]\n> found with help of oss-fuzz Google project by me and short after that\n> independently also by Richard Johnson of Trellix Threat Labs.\n>\n> It is affected only by DHCPv6 requests, which could be crafted to\n> modify already freed memory. \\[\\...\\] We think it might be triggered\n> remotely, but we do not think it could be used to execute remote code.\n", "id": "FreeBSD-2022-0067", "modified": "2022-04-03T00:00:00Z", "published": "2022-04-03T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/2022q1/016272.html" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-0934" }, { "type": "WEB", "url": "https://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/2022q1/016272.html" } ], "schema_version": "1.7.0", "summary": "dnsmasq -- heap use-after-free in dhcp6_no_relay" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "gitea" }, "ranges": [ { "events": [ { "fixed": "1.16.5" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1058" ], "discovery": "2022-03-23T00:00:00Z", "references": { "cvename": [ "CVE-2022-1058" ] }, "vid": "83466f76-aefe-11ec-b4b6-d05099c0c059" }, "details": "Andrew Thornton reports:\n\n> When a location containing backslashes is presented, the existing\n> protections against open redirect are bypassed, because browsers will\n> convert adjacent forward and backslashes within the location to double\n> forward slashes.\n", "id": "FreeBSD-2022-0066", "modified": "2022-03-29T00:00:00Z", "published": "2022-03-29T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1058" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-1058" }, { "type": "WEB", "url": "https://huntr.dev/bounties/4fb42144-ac70-4f76-a5e1-ef6b5e55dc0d/" } ], "schema_version": "1.7.0", "summary": "gitea -- Open Redirect on login" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "gitea" }, "ranges": [ { "events": [ { "fixed": "1.16.4" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0905" ], "discovery": "2022-03-06T00:00:00Z", "references": { "cvename": [ "CVE-2022-0905" ] }, "vid": "0ff80f41-aefe-11ec-b4b6-d05099c0c059" }, "details": "Youssef Rebahi-Gilbert reports:\n\n> When Gitea is built and configured for PAM authentication it skips\n> checking authorization completely. Therefore expired accounts and\n> accounts with expired passwords can still login.\n", "id": "FreeBSD-2022-0065", "modified": "2022-03-29T00:00:00Z", "published": "2022-03-29T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0905" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-0905" }, { "type": "WEB", "url": "https://huntr.dev/bounties/8d221f92-b2b1-4878-bc31-66ff272e5ceb" } ], "schema_version": "1.7.0", "summary": "gitea -- Improper/incorrect authorization" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "chromium" }, "ranges": [ { "events": [ { "fixed": "100.0.4896.60" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://chromereleases.googleblog.com/2022/03/stable-channel-update-for-desktop_29.html" ], "discovery": "2022-03-29T00:00:00Z", "references": { "cvename": [ "CVE-2022-1125", "CVE-2022-1127", "CVE-2022-1128", "CVE-2022-1129", "CVE-2022-1130", "CVE-2022-1131", "CVE-2022-1132", "CVE-2022-1133", "CVE-2022-1134", "CVE-2022-1135", "CVE-2022-1136", "CVE-2022-1137", "CVE-2022-1138", "CVE-2022-1139", "CVE-2022-1141", "CVE-2022-1142", "CVE-2022-1143", "CVE-2022-1144", "CVE-2022-1145", "CVE-2022-1146" ] }, "vid": "ab2d7f62-af9d-11ec-a0b8-3065ec8fd3ec" }, "details": "Chrome Releases reports:\n\n> This release contains 28 security fixes, including:\n>\n> - \\[1292261\\] High CVE-2022-1125: Use after free in Portals. Reported\n> by Khalil Zhani on 2022-01-29\n> - \\[1291891\\] High CVE-2022-1127: Use after free in QR Code Generator.\n> Reported by anonymous on 2022-01-28\n> - \\[1301920\\] High CVE-2022-1128: Inappropriate implementation in Web\n> Share API. Reported by Abdel Adim (@smaury92) Oisfi of Shielder on\n> 2022-03-01\n> - \\[1300253\\] High CVE-2022-1129: Inappropriate implementation in Full\n> Screen Mode. Reported by Irvan Kurniawan (sourc7) on 2022-02-24\n> - \\[1142269\\] High CVE-2022-1130: Insufficient validation of untrusted\n> input in WebOTP. Reported by Sergey Toshin of Oversecurity Inc. on\n> 2020-10-25\n> - \\[1297404\\] High CVE-2022-1131: Use after free in Cast UI. Reported\n> by Abdulrahman Alqabandi, Microsoft Browser Vulnerability Research\n> on 2022-02-15\n> - \\[1303410\\] High CVE-2022-1132: Inappropriate implementation in\n> Virtual Keyboard. Reported by Andr.Ess on 2022-03-07\n> - \\[1305776\\] High CVE-2022-1133: Use after free in WebRTC. Reported\n> by Anonymous on 2022-03-13\n> - \\[1308360\\] High CVE-2022-1134: Type Confusion in V8. Reported by\n> Man Yue Mo of GitHub Security Lab on 2022-03-21\n> - \\[1285601\\] Medium CVE-2022-1135: Use after free in Shopping Cart.\n> Reported by Wei Yuan of MoyunSec VLab on 2022-01-09\n> - \\[1280205\\] Medium CVE-2022-1136: Use after free in Tab Strip.\n> Reported by Krace on 2021-12-15\n> - \\[1289846\\] Medium CVE-2022-1137: Inappropriate implementation in\n> Extensions. Reported by Thomas Orlita on 2022-01-22\n> - \\[1246188\\] Medium CVE-2022-1138: Inappropriate implementation in\n> Web Cursor. Reported by Alesandro Ortiz on 2021-09-03\n> - \\[1268541\\] Medium CVE-2022-1139: Inappropriate implementation in\n> Background Fetch API. Reported by Maurice Dauer on 2021-11-10\n> - \\[1303253\\] Medium CVE-2022-1141: Use after free in File Manager.\n> Reported by raven at KunLun lab on 2022-03-05\n> - \\[1303613\\] Medium CVE-2022-1142: Heap buffer overflow in WebUI.\n> Reported by Leecraso and Guang Gong of 360 Alpha Lab on 2022-03-07\n> - \\[1303615\\] Medium CVE-2022-1143: Heap buffer overflow in WebUI.\n> Reported by Leecraso and Guang Gong of 360 Alpha Lab on 2022-03-07\n> - \\[1304145\\] Medium CVE-2022-1144: Use after free in WebUI. Reported\n> by Leecraso and Guang Gong of 360 Alpha Lab on 2022-03-08\n> - \\[1304545\\] Medium CVE-2022-1145: Use after free in Extensions.\n> Reported by Yakun Zhang of Baidu Security on 2022-03-09\n> - \\[1290150\\] Low CVE-2022-1146: Inappropriate implementation in\n> Resource Timing. Reported by Sohom Datta on 2022-01-23\n", "id": "FreeBSD-2022-0064", "modified": "2022-03-29T00:00:00Z", "published": "2022-03-29T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://chromereleases.googleblog.com/2022/03/stable-channel-update-for-desktop_29.html" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-1125" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-1127" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-1128" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-1129" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-1130" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-1131" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-1132" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-1133" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-1134" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-1135" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-1136" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-1137" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-1138" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-1139" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-1141" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-1142" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-1143" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-1144" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-1145" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-1146" }, { "type": "WEB", "url": "https://chromereleases.googleblog.com/2022/03/stable-channel-update-for-desktop_29.html" } ], "schema_version": "1.7.0", "summary": "chromium -- multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "powerdns-recursor" }, "ranges": [ { "events": [ { "introduced": "4.6.0" }, { "last_affected": "4.6.0" }, { "fixed": "4.6.0" } ], "type": "ECOSYSTEM" } ], "versions": [ "4.6.0" ] } ], "database_specific": { "cite": [ "https://www.powerdns.com/news.html#20220325" ], "discovery": "2022-03-25T00:00:00Z", "references": { "cvename": [ "CVE-2022-27227" ] }, "vid": "cb84b940-add5-11ec-9bc8-6805ca2fa271" }, "details": "PowerDNS Team reports:\n\n> PowerDNS Security Advisory 2022-01: incomplete validation of incoming\n> IXFR transfer in Authoritative Server and Recursor.\n", "id": "FreeBSD-2022-0063", "modified": "2022-03-27T00:00:00Z", "published": "2022-03-27T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://www.powerdns.com/news.html#20220325" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-27227" }, { "type": "WEB", "url": "https://doc.powerdns.com/authoritative/security-advisories/powerdns-advisory-2022-01.html" } ], "schema_version": "1.7.0", "summary": "powerdns-recursor -- denial of service" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "powerdns" }, "ranges": [ { "events": [ { "introduced": "4.6.0" }, { "last_affected": "4.6.0" }, { "fixed": "4.6.0" } ], "type": "ECOSYSTEM" } ], "versions": [ "4.6.0" ] } ], "database_specific": { "cite": [ "https://www.powerdns.com/news.html#20220325" ], "discovery": "2022-03-25T00:00:00Z", "references": { "cvename": [ "CVE-2022-27227" ] }, "vid": "2cda5c88-add4-11ec-9bc8-6805ca2fa271" }, "details": "PowerDNS Team reports:\n\n> PowerDNS Security Advisory 2022-01: incomplete validation of incoming\n> IXFR transfer in Authoritative Server and Recursor.\n", "id": "FreeBSD-2022-0062", "modified": "2022-03-27T00:00:00Z", "published": "2022-03-27T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://www.powerdns.com/news.html#20220325" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-27227" }, { "type": "WEB", "url": "https://doc.powerdns.com/authoritative/security-advisories/powerdns-advisory-2022-01.html" } ], "schema_version": "1.7.0", "summary": "powerdns -- denial of service" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "chromium" }, "ranges": [ { "events": [ { "fixed": "99.0.4844.84" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://chromereleases.googleblog.com/2022/03/stable-channel-update-for-desktop_25.html" ], "discovery": "2022-03-25T00:00:00Z", "references": { "cvename": [ "CVE-2022-1096" ] }, "vid": "323f900d-ac6d-11ec-a0b8-3065ec8fd3ec" }, "details": "Chrome Releases reports:\n\n> This release contains 1 security fix:\n>\n> - \\[1309225\\] High CVE-2022-1096: Type Confusion in V8. Reported by\n> anonymous on 2022-03-23\n>\n> Google is aware that an exploit for CVE-2022-1096 exists in the wild.\n", "id": "FreeBSD-2022-0061", "modified": "2022-03-25T00:00:00Z", "published": "2022-03-25T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://chromereleases.googleblog.com/2022/03/stable-channel-update-for-desktop_25.html" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-1096" }, { "type": "WEB", "url": "https://chromereleases.googleblog.com/2022/03/stable-channel-update-for-desktop_25.html" } ], "schema_version": "1.7.0", "summary": "chromium -- V8 type confusion" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "p5-Image-ExifTool" }, "ranges": [ { "events": [ { "introduced": "7.44" }, { "fixed": "12.24" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://www.debian.org/security/2021/dsa-4910" ], "discovery": "2021-01-04T00:00:00Z", "references": { "cvename": [ "CVE-2021-22204" ] }, "vid": "955f377e-7bc3-11ec-a51c-7533f219d428" }, "details": "Debian Security Advisory reports:\n\n> A vulnerability was discovered in libimage-exiftool-perl, a library\n> and program to read and write meta information in multimedia files,\n> which may result in execution of arbitrary code if a malformed DjVu\n> file is processed.\n", "id": "FreeBSD-2022-0060", "modified": "2022-03-25T00:00:00Z", "published": "2022-03-25T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://www.debian.org/security/2021/dsa-4910" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-22204" }, { "type": "WEB", "url": "https://www.cvedetails.com/cve/CVE-2021-22204/" } ], "schema_version": "1.7.0", "summary": "Security Vulnerability found in ExifTool" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "tcpslice" }, "ranges": [ { "events": [ { "fixed": "1.5,1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://github.com/the-tcpdump-group/tcpslice/commit/030859fce9c77417de657b9bb29c0f78c2d68f4a" ], "discovery": "2021-09-13T00:00:00Z", "references": { "cvename": [ "CVE-2021-41043" ] }, "vid": "61f416ff-aa00-11ec-b439-000d3a450398" }, "details": "The Tcpdump Group reports:\n\n> heap-based use-after-free in extract_slice()\n", "id": "FreeBSD-2022-0059", "modified": "2022-03-22T00:00:00Z", "published": "2022-03-22T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://github.com/the-tcpdump-group/tcpslice/commit/030859fce9c77417de657b9bb29c0f78c2d68f4a" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-41043" }, { "type": "WEB", "url": "https://github.com/the-tcpdump-group/tcpslice/issues/11" } ], "schema_version": "1.7.0", "summary": "tcpslice -- heap-based use-after-free in extract_slice()" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "go" }, "ranges": [ { "events": [ { "fixed": "1.17.8,1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://github.com/golang/go/issues/51112" ], "discovery": "2022-02-09T00:00:00Z", "references": { "cvename": [ "CVE-2022-24921" ] }, "vid": "e2af876f-a7c8-11ec-9a2a-002324b2fba8" }, "details": "The Go project reports:\n\n> regexp: stack exhaustion compiling deeply nested expressions\n>\n> On 64-bit platforms, an extremely deeply nested expression can cause\n> regexp.Compile to cause goroutine stack exhaustion, forcing the\n> program to exit. Note this applies to very large expressions, on the\n> order of 2MB.\n", "id": "FreeBSD-2022-0058", "modified": "2022-03-19T00:00:00Z", "published": "2022-03-19T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://github.com/golang/go/issues/51112" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-24921" }, { "type": "WEB", "url": "https://github.com/golang/go/issues/51112" } ], "schema_version": "1.7.0", "summary": "go -- multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "openvpn" }, "ranges": [ { "events": [ { "fixed": "2.5.6" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "openvpn-mbedtls" }, "ranges": [ { "events": [ { "fixed": "2.5.6" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://community.openvpn.net/openvpn/wiki/CVE-2022-0547" ], "discovery": "2022-03-10T00:00:00Z", "references": { "cvename": [ "CVE-2022-0547" ] }, "vid": "45a72180-a640-11ec-a08b-85298243e224" }, "details": "David Sommerseth reports:\n\n> OpenVPN 2.1 until v2.4.12 and v2.5.6 may enable authentication bypass\n> in external authentication plug-ins when more than one of them makes\n> use of deferred authentication replies, which allows an external user\n> to be granted access with only partially correct credentials. This\n> issue is resolved in OpenVPN 2.4.12 and v2.5.6.\n", "id": "FreeBSD-2022-0057", "modified": "2022-03-17T00:00:00Z", "published": "2022-03-17T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://community.openvpn.net/openvpn/wiki/CVE-2022-0547" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-0547" }, { "type": "WEB", "url": "https://community.openvpn.net/openvpn/wiki/CVE-2022-0547" }, { "type": "WEB", "url": "https://github.com/OpenVPN/openvpn/blob/release/2.5/Changes.rst#overview-of-changes-in-256" } ], "schema_version": "1.7.0", "summary": "openvpn -- Potential authentication by-pass with multiple deferred authentication plug-ins" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "wordpress" }, "ranges": [ { "events": [ { "fixed": "5.9.2,1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "fr-wordpress" }, "ranges": [ { "events": [ { "fixed": "5.9.2,1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "de-wordpress" }, "ranges": [ { "events": [ { "fixed": "5.9.2" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "zh_CN-wordpress" }, "ranges": [ { "events": [ { "fixed": "5.9.2" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "th_TW-wordpress" }, "ranges": [ { "events": [ { "fixed": "5.9.2" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "ja-wordpress" }, "ranges": [ { "events": [ { "fixed": "5.9.2" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "ru-wordpress" }, "ranges": [ { "events": [ { "fixed": "5.9.2" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://wordpress.org/news/2022/03/wordpress-5-9-2-security-maintenance-release/" ], "discovery": "2022-03-11T00:00:00Z", "vid": "5df757ef-a564-11ec-85fa-a0369f7f7be0" }, "details": "wordpress developers reports:\n\n> This security and maintenance release features 1 bug fix in addition\n> to 3 security fixes. Because this is a security release, it is\n> recommended that you update your sites immediately. All versions since\n> WordPress 3.7 have also been updated. The security team would like to\n> thank the following people for responsively reporting vulnerabilities,\n> allowing them to be fixed in this release: -Melar Dev, for finding a\n> Prototype Pollution Vulnerability in a jQuery dependency -Ben Bidner\n> of the WordPress security team, for finding a Stored Cross Site\n> Scripting Vulnerability -Researchers from Johns Hopkins University,\n> for finding a Prototype Pollution Vulnerability in the block editor\n", "id": "FreeBSD-2022-0056", "modified": "2022-03-16T00:00:00Z", "published": "2022-03-16T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://wordpress.org/news/2022/03/wordpress-5-9-2-security-maintenance-release/" }, { "type": "WEB", "url": "https://wordpress.org/news/2022/03/wordpress-5-9-2-security-maintenance-release/" } ], "schema_version": "1.7.0", "summary": "wordpress -- multiple issues" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "weechat" }, "ranges": [ { "events": [ { "fixed": "3.4.1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://weechat.org/doc/security/WSA-2022-1/" ], "discovery": "2022-03-13T00:00:00Z", "vid": "3ba1ca94-a563-11ec-8be6-d4c9ef517024" }, "details": "The Weechat project reports:\n\n> After changing the options weechat.network.gnutls_ca_system or\n> weechat.network.gnutls_ca_user, the TLS verification function is lost.\n> Consequently, any connection to a server with TLS is made without\n> verifying the certificate, which could lead to a man-in-the-middle\n> attack. Connection to IRC servers with TLS is affected, as well as any\n> connection a server made by a plugin or a script using the function\n> hook_connect.\n", "id": "FreeBSD-2022-0055", "modified": "2022-03-16T00:00:00Z", "published": "2022-03-16T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://weechat.org/doc/security/WSA-2022-1/" }, { "type": "WEB", "url": "https://weechat.org/doc/security/WSA-2022-1/" } ], "schema_version": "1.7.0", "summary": "Weechat -- Possible man-in-the-middle attack in TLS connection to servers" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "openssl" }, "ranges": [ { "events": [ { "fixed": "1.1.1n,1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "openssl-devel" }, "ranges": [ { "events": [ { "fixed": "3.0.2" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "openssl-quictls" }, "ranges": [ { "events": [ { "fixed": "3.0.2" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "libressl" }, "ranges": [ { "events": [ { "fixed": "3.4.3" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "libressl-devel" }, "ranges": [ { "events": [ { "fixed": "3.5.1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "FreeBSD" }, "ranges": [ { "events": [ { "introduced": "13.0" }, { "fixed": "13.0_8" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "12.3" }, { "fixed": "12.3_3" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "12.2" }, { "fixed": "12.2_14" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://www.openssl.org/news/secadv/20220315.txt" ], "discovery": "2022-03-15T00:00:00Z", "references": { "cvename": [ "CVE-2022-0778" ], "freebsdsa": [ "SA-22:03.openssl" ] }, "vid": "ea05c456-a4fd-11ec-90de-1c697aa5a594" }, "details": "The OpenSSL project reports:\n\n> Infinite loop in BN_mod_sqrt() reachable when parsing certificates\n> (High)\n>\n> The BN_mod_sqrt() function, which computes a modular square root,\n> contains a bug that can cause it to loop forever for non-prime moduli.\n>\n> Internally this function is used when parsing certificates that\n> contain elliptic curve public keys in compressed form or explicit\n> elliptic curve parameters with a base point encoded in compressed\n> form.\n>\n> It is possible to trigger the infinite loop by crafting a certificate\n> that has invalid explicit curve parameters.\n>\n> Since certificate parsing happens prior to verification of the\n> certificate signature, any process that parses an externally supplied\n> certificate may thus be subject to a denial of service attack. The\n> infinite loop can also be reached when parsing crafted private keys as\n> they can contain explicit elliptic curve parameters.\n>\n> Thus vulnerable situations include:\n>\n> - TLS clients consuming server certificates\n> - TLS servers consuming client certificates\n> - Hosting providers taking certificates or private keys from customers\n> - Certificate authorities parsing certification requests from\n> subscribers\n> - Anything else which parses ASN.1 elliptic curve parameters\n>\n> Also any other applications that use the BN_mod_sqrt() where the\n> attacker can control the parameter values are vulnerable to this DoS\n> issue.\n", "id": "FreeBSD-2022-0054", "modified": "2022-03-16T00:00:00Z", "published": "2022-03-16T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://www.openssl.org/news/secadv/20220315.txt" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-0778" }, { "type": "WEB", "url": "https://www.openssl.org/news/secadv/20220315.txt" }, { "type": "ADVISORY", "url": "https://www.freebsd.org/security/advisories/FreeBSD-SA-22:03.openssl.asc" } ], "schema_version": "1.7.0", "summary": "OpenSSL -- Infinite loop in BN_mod_sqrt parsing certificates" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:kernel", "name": "FreeBSD-kernel" }, "ranges": [ { "events": [ { "introduced": "13.0" }, { "fixed": "13.0_8" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "12.3" }, { "fixed": "12.3_3" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "12.2" }, { "fixed": "12.2_14" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "discovery": "2022-03-15T00:00:00Z", "references": { "cvename": [ "CVE-2020-26147", "CVE-2020-24588", "CVE-2020-26144" ], "freebsdsa": [ "SA-22:02.wifi" ] }, "vid": "8d20bd48-a4f3-11ec-90de-1c697aa5a594" }, "details": "# Problem Description:\n\nThe paper \\\"Fragment and Forge: Breaking Wi-Fi Through Frame Aggregation\nand Fragmentation\\\" reported a number of security vulnerabilities in the\n802.11 specification related to frame aggregation and fragmentation.\n\nAdditionally, FreeBSD 12.x missed length validation of SSIDs and\nInformation Elements (IEs).\n\n# Impact:\n\nAs reported on the FragAttacks website, the \\\"design flaws are hard to\nabuse because doing so requires user interaction or is only possible\nwhen using uncommon network settings.\\\" Under suitable conditions an\nattacker may be able to extract sensitive data or inject data.\n", "id": "FreeBSD-2022-0053", "modified": "2022-03-16T00:00:00Z", "published": "2022-03-16T00:00:00Z", "references": [ { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-26147" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-24588" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-26144" }, { "type": "ADVISORY", "url": "https://www.freebsd.org/security/advisories/FreeBSD-SA-22:02.wifi.asc" } ], "schema_version": "1.7.0", "summary": "FreeBSD-kernel -- Multiple WiFi issues" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "chromium" }, "ranges": [ { "events": [ { "fixed": "98.0.4844.74" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://chromereleases.googleblog.com/2022/03/stable-channel-update-for-desktop_15.html" ], "discovery": "2022-03-15T00:00:00Z", "references": { "cvename": [ "CVE-2022-0971", "CVE-2022-0972", "CVE-2022-0973", "CVE-2022-0974", "CVE-2022-0975", "CVE-2022-0976", "CVE-2022-0977", "CVE-2022-0978", "CVE-2022-0979", "CVE-2022-0980" ] }, "vid": "857be71a-a4b0-11ec-95fc-3065ec8fd3ec" }, "details": "Chrome Releases reports:\n\n> This release contains 11 security fixes, including:\n>\n> - \\[1299422\\] Critical CVE-2022-0971: Use after free in Blink Layout.\n> Reported by Sergei Glazunov of Google Project Zero on 2022-02-21\n> - \\[1301320\\] High CVE-2022-0972: Use after free in Extensions.\n> Reported by Sergei Glazunov of Google Project Zero on 2022-02-28\n> - \\[1297498\\] High CVE-2022-0973: Use after free in Safe Browsing.\n> Reported by avaue and Buff3tts at S.S.L. on 2022-02-15\n> - \\[1291986\\] High CVE-2022-0974: Use after free in Splitscreen.\n> Reported by \\@ginggilBesel on 2022-01-28\n> - \\[1295411\\] High CVE-2022-0975: Use after free in ANGLE. Reported by\n> SeongHwan Park (SeHwa) on 2022-02-09\n> - \\[1296866\\] High CVE-2022-0976: Heap buffer overflow in GPU.\n> Reported by Omair on 2022-02-13\n> - \\[1299225\\] High CVE-2022-0977: Use after free in Browser UI.\n> Reported by Khalil Zhani on 2022-02-20\n> - \\[1299264\\] High CVE-2022-0978: Use after free in ANGLE. Reported by\n> Cassidy Kim of Amber Security Lab, OPPO Mobile Telecommunications\n> Corp. Ltd. on 2022-02-20\n> - \\[1302644\\] High CVE-2022-0979: Use after free in Safe Browsing.\n> Reported by anonymous on 2022-03-03\n> - \\[1302157\\] Medium CVE-2022-0980: Use after free in New Tab Page.\n> Reported by Krace on 2022-03-02\n", "id": "FreeBSD-2022-0052", "modified": "2022-03-15T00:00:00Z", "published": "2022-03-15T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://chromereleases.googleblog.com/2022/03/stable-channel-update-for-desktop_15.html" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-0971" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-0972" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-0973" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-0974" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-0975" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-0976" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-0977" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-0978" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-0979" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-0980" }, { "type": "WEB", "url": "https://chromereleases.googleblog.com/2022/03/stable-channel-update-for-desktop_15.html" } ], "schema_version": "1.7.0", "summary": "chromium -- multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "apache24" }, "ranges": [ { "events": [ { "fixed": "2.4.53" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://httpd.apache.org/security/vulnerabilities_24.html" ], "discovery": "2022-03-14T00:00:00Z", "references": { "cvename": [ "CVE-2022-22719", "CVE-2022-22720", "CVE-2022-22721", "CVE-2022-23943" ] }, "vid": "6601c08d-a46c-11ec-8be6-d4c9ef517024" }, "details": "The Apache httpd project reports:\n\n> - mod_lua: Use of uninitialized value of in r:parsebody (moderate)\n> (CVE-2022-22719)\n>\n> A carefully crafted request body can cause a read to a random memory\n> area which could cause the process to crash.\n>\n> - HTTP request smuggling vulnerability (important) (CVE-2022-22720)\n>\n> httpd fails to close inbound connection when errors are encountered\n> discarding the request body, exposing the server to HTTP Request\n> Smuggling\n>\n> - core: Possible buffer overflow with very large or unlimited\n> LimitXMLRequestBody (low) (CVE-2022-22721)\n>\n> If LimitXMLRequestBody is set to allow request bodies larger than\n> 350MB (defaults to 1M) on 32 bit systems an integer overflow happens\n> which later causes out of bounds writes.\n>\n> - mod_sed: Read/write beyond bounds (important) (CVE-2022-23924)\n>\n> Out-of-bounds Write vulnerability in mod_sed of Apache HTTP Server\n> allows an attacker to overwrite heap memory with possibly attacker\n> provided data.\n", "id": "FreeBSD-2022-0051", "modified": "2022-03-15T00:00:00Z", "published": "2022-03-15T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://httpd.apache.org/security/vulnerabilities_24.html" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-22719" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-22720" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-22721" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-23943" }, { "type": "WEB", "url": "https://httpd.apache.org/security/vulnerabilities_24.html" } ], "schema_version": "1.7.0", "summary": "Apache httpd -- Multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "teeworlds" }, "ranges": [ { "events": [ { "fixed": "0.7.5_2" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://nvd.nist.gov/vuln/detail/CVE-2021-43518" ], "discovery": "2021-10-23T00:00:00Z", "references": { "cvename": [ "CVE-2021-43518" ] }, "vid": "5aaf534c-a069-11ec-acdc-14dae9d5a9d2" }, "details": "NVD reports:\n\n> Teeworlds up to and including 0.7.5 is vulnerable to Buffer Overflow.\n> A map parser does not validate m_Channels value coming from a map\n> file, leading to a buffer overflow. A malicious server may offer a\n> specially crafted map that will overwrite client\\'s stack causing\n> denial of service or code execution.\n", "id": "FreeBSD-2022-0050", "modified": "2022-03-10T00:00:00Z", "published": "2022-03-10T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-43518" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-43518" }, { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-43518" } ], "schema_version": "1.7.0", "summary": "Teeworlds -- Buffer Overflow" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "gitlab-ce" }, "ranges": [ { "events": [ { "introduced": "14.8.0" }, { "fixed": "14.8.2" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "14.7.0" }, { "fixed": "14.7.4" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "0" }, { "fixed": "14.6.5" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://about.gitlab.com/releases/2022/02/25/critical-security-release-gitlab-14-8-2-released/" ], "discovery": "2022-02-25T00:00:00Z", "references": { "cvename": [ "CVE-2022-0735", "CVE-2022-0549", "CVE-2022-0751", "CVE-2022-0741", "CVE-2021-4191", "CVE-2022-0738", "CVE-2022-0489" ] }, "vid": "2823048d-9f8f-11ec-8c9c-001b217b3468" }, "details": "Gitlab reports:\n\n> Runner registration token disclosure through Quick Actions\n>\n> Unprivileged users can add other users to groups through an API\n> endpoint\n>\n> Inaccurate display of Snippet contents can be potentially misleading\n> to users\n>\n> Environment variables can be leaked via the sendmail delivery method\n>\n> Unauthenticated user enumeration on GraphQL API\n>\n> Adding a mirror with SSH credentials can leak password\n>\n> Denial of Service via user comments\n", "id": "FreeBSD-2022-0049", "modified": "2022-03-09T00:00:00Z", "published": "2022-03-09T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://about.gitlab.com/releases/2022/02/25/critical-security-release-gitlab-14-8-2-released/" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-0735" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-0549" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-0751" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-0741" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-4191" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-0738" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-0489" }, { "type": "WEB", "url": "https://about.gitlab.com/releases/2022/02/25/critical-security-release-gitlab-14-8-2-released/" } ], "schema_version": "1.7.0", "summary": "Gitlab -- multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "asterisk16" }, "ranges": [ { "events": [ { "fixed": "16.24.1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "asterisk18" }, "ranges": [ { "events": [ { "fixed": "18.10.1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://www.asterisk.org/downloads/security-advisories/" ], "discovery": "2022-03-03T00:00:00Z", "references": { "cvename": [ "CVE-2021-37706", "CVE-2022-23608", "CVE-2022-21723" ] }, "vid": "964c5460-9c66-11ec-ad3a-001999f8d30b" }, "details": "The Asterisk project reports:\n\n> AST-2022-004 - The header length on incoming STUN messages that\n> contain an ERROR-CODE attribute is not properly checked. This can\n> result in an integer underflow. Note, this requires ICE or WebRTC\n> support to be in use with a malicious remote party.\n>\n> AST-2022-005 - When acting as a UAC, and when placing an outgoing call\n> to a target that then forks Asterisk may experience undefined behavior\n> (crashes, hangs, etc) after a dialog set is prematurely freed.\n>\n> AST-2022-006 - If an incoming SIP message contains a malformed\n> multi-part body an out of bounds read access may occur, which can\n> result in undefined behavior. Note, its currently uncertain if there\n> is any externally exploitable vector within Asterisk for this issue,\n> but providing this as a security issue out of caution.\n", "id": "FreeBSD-2022-0048", "modified": "2022-03-05T00:00:00Z", "published": "2022-03-05T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://www.asterisk.org/downloads/security-advisories/" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-37706" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-23608" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-21723" }, { "type": "WEB", "url": "https://downloads.asterisk.org/pub/security/AST-2022-004.html" }, { "type": "WEB", "url": "https://downloads.asterisk.org/pub/security/AST-2022-005.html" }, { "type": "WEB", "url": "https://downloads.asterisk.org/pub/security/AST-2022-006.html" } ], "schema_version": "1.7.0", "summary": "asterisk -- multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "chromium" }, "ranges": [ { "events": [ { "fixed": "99.0.4844.51" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://chromereleases.googleblog.com/2022/03/stable-channel-update-for-desktop.html" ], "discovery": "2022-03-01T00:00:00Z", "references": { "cvename": [ "CVE-2022-0789", "CVE-2022-0790", "CVE-2022-0791", "CVE-2022-0792", "CVE-2022-0793", "CVE-2022-0794", "CVE-2022-0795", "CVE-2022-0796", "CVE-2022-0797", "CVE-2022-0798", "CVE-2022-0799", "CVE-2022-0800", "CVE-2022-0801", "CVE-2022-0802", "CVE-2022-0803", "CVE-2022-0804", "CVE-2022-0805", "CVE-2022-0806", "CVE-2022-0807", "CVE-2022-0808", "CVE-2022-0809" ] }, "vid": "e0914087-9a09-11ec-9e61-3065ec8fd3ec" }, "details": "Chrome Releases reports:\n\n> This release contains 28 security fixes, including:\n>\n> - \\[1289383\\] High CVE-2022-0789: Heap buffer overflow in ANGLE.\n> Reported by SeongHwan Park (SeHwa) on 2022-01-21\n> - \\[1274077\\] High CVE-2022-0790: Use after free in Cast UI. Reported\n> by Anonymous on 2021-11-26\n> - \\[1278322\\] High CVE-2022-0791: Use after free in Omnibox. Reported\n> by Zhihua Yao of KunLun Lab on 2021-12-09\n> - \\[1285885\\] High CVE-2022-0792: Out of bounds read in ANGLE.\n> Reported by Jaehun Jeong (@n3sk) of Theori on 2022-01-11\n> - \\[1291728\\] High CVE-2022-0793: Use after free in Views. Reported by\n> Thomas Orlita on 2022-01-28\n> - \\[1294097\\] High CVE-2022-0794: Use after free in WebShare. Reported\n> by Khalil Zhani on 2022-02-04\n> - \\[1282782\\] High CVE-2022-0795: Type Confusion in Blink Layout.\n> Reported by 0x74960 on 2021-12-27\n> - \\[1295786\\] High CVE-2022-0796: Use after free in Media. Reported by\n> Cassidy Kim of Amber Security Lab, OPPO Mobile Telecommunications\n> Corp. Ltd. on 2022-02-10\n> - \\[1281908\\] High CVE-2022-0797: Out of bounds memory access in Mojo.\n> Reported by Sergei Glazunov of Google Project Zero on 2021-12-21\n> - \\[1283402\\] Medium CVE-2022-0798: Use after free in MediaStream.\n> Reported by Samet Bekmezci \\@sametbekmezci on 2021-12-30\n> - \\[1279188\\] Medium CVE-2022-0799: Insufficient policy enforcement in\n> Installer. Reported by Abdelhamid Naceri (halov) on 2021-12-12\n> - \\[1242962\\] Medium CVE-2022-0800: Heap buffer overflow in Cast UI.\n> Reported by Khalil Zhani on 2021-08-24\n> - \\[1231037\\] Medium CVE-2022-0801: Inappropriate implementation in\n> HTML parser. Reported by Michal Bentkowski of Securitum on\n> 2021-07-20\n> - \\[1270052\\] Medium CVE-2022-0802: Inappropriate implementation in\n> Full screen mode. Reported by Irvan Kurniawan (sourc7) on 2021-11-14\n> - \\[1280233\\] Medium CVE-2022-0803: Inappropriate implementation in\n> Permissions. Reported by Abdulla Aldoseri on 2021-12-15\n> - \\[1264561\\] Medium CVE-2022-0804: Inappropriate implementation in\n> Full screen mode. Reported by Irvan Kurniawan (sourc7) on 2021-10-29\n> - \\[1290700\\] Medium CVE-2022-0805: Use after free in Browser\n> Switcher. Reported by raven at KunLun Lab on 2022-01-25\n> - \\[1283434\\] Medium CVE-2022-0806: Data leak in Canvas. Reported by\n> Paril on 2021-12-31\n> - \\[1287364\\] Medium CVE-2022-0807: Inappropriate implementation in\n> Autofill. Reported by Alesandro Ortiz on 2022-01-14\n> - \\[1292271\\] Medium CVE-2022-0808: Use after free in Chrome OS Shell.\n> Reported by \\@ginggilBesel on 2022-01-29\n> - \\[1293428\\] Medium CVE-2022-0809: Out of bounds memory access in\n> WebXR. Reported by \\@uwu7586 on 2022-02-03\n", "id": "FreeBSD-2022-0047", "modified": "2022-03-02T00:00:00Z", "published": "2022-03-02T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://chromereleases.googleblog.com/2022/03/stable-channel-update-for-desktop.html" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-0789" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-0790" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-0791" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-0792" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-0793" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-0794" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-0795" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-0796" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-0797" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-0798" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-0799" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-0800" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-0801" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-0802" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-0803" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-0804" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-0805" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-0806" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-0807" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-0808" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-0809" }, { "type": "WEB", "url": "https://chromereleases.googleblog.com/2022/03/stable-channel-update-for-desktop.html" } ], "schema_version": "1.7.0", "summary": "chromium -- multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "cyrus-sasl" }, "ranges": [ { "events": [ { "introduced": "2.1.27" }, { "fixed": "2.1.28" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://www.cyrusimap.org/sasl/sasl/release-notes/2.1/index.html#new-in-2-1-28" ], "discovery": "2019-12-19T00:00:00Z", "references": { "cvename": [ "CVE-2019-19906" ] }, "vid": "a80c6273-988c-11ec-83ac-080027415d17" }, "details": "Cyrus SASL 2.1.x Release Notes New in 2.1.28 reports:\n\n> Fix off by one error\n", "id": "FreeBSD-2022-0046", "modified": "2022-02-28T00:00:00Z", "published": "2022-02-28T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://www.cyrusimap.org/sasl/sasl/release-notes/2.1/index.html#new-in-2-1-28" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-19906" }, { "type": "ADVISORY", "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19906" } ], "schema_version": "1.7.0", "summary": "cyrus-sasl -- Fix off by one error" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "typo3-10-php74" }, "ranges": [ { "events": [ { "fixed": "10.4.25" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "typo3-11-php74" }, "ranges": [ { "events": [ { "fixed": "11.5.7" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "typo3-11-php80" }, "ranges": [ { "events": [ { "fixed": "11.5.7" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "typo3-11-php81" }, "ranges": [ { "events": [ { "fixed": "11.5.7" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://typo3.org/article/typo3-psa-2022-001" ], "discovery": "2022-02-22T00:00:00Z", "references": { "cvename": [ "CVE-2022-23638" ] }, "vid": "0eab001a-9708-11ec-96c9-589cfc0f81b0" }, "details": "The TYPO3 project reports:\n\n> The SVG sanitizer library enshrined/svg-sanitize before version 0.15.0\n> did not remove HTML elements wrapped in a CDATA section. As a result,\n> SVG content embedded in HTML (fetched as text/html) was susceptible to\n> cross-site scripting. Plain SVG files (fetched as image/svg+xml) were\n> not affected.\n", "id": "FreeBSD-2022-0045", "modified": "2022-02-27T00:00:00Z", "published": "2022-02-27T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://typo3.org/article/typo3-psa-2022-001" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-23638" }, { "type": "WEB", "url": "https://github.com/typo3/typo3/commit/9940defb21" }, { "type": "WEB", "url": "https://typo3.org/article/typo3-psa-2022-001" } ], "schema_version": "1.7.0", "summary": "typo3 -- XSS vulnerability in svg-sanitize" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "grafana6" }, "ranges": [ { "events": [ { "introduced": "6.0.0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "grafana7" }, "ranges": [ { "events": [ { "fixed": "7.5.15" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "grafana8" }, "ranges": [ { "events": [ { "fixed": "8.3.5" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://grafana.com/blog/2022/02/08/grafana-7.5.15-and-8.3.5-released-with-moderate-severity-security-fixes/" ], "discovery": "2022-01-18T00:00:00Z", "references": { "cvename": [ "CVE-2022-21713" ] }, "vid": "d71d154a-8b83-11ec-b369-6c3be5272acd" }, "details": "Grafana Labs reports:\n\n> On Jan. 18, an external security researcher, K\u00fcr\u015fad ALSAN from\n> [NSPECT.IO](https://www.nspect.io/)\n> ([\\@nspectio](https://twitter.com/nspectio) on Twitter), contacted\n> Grafana to disclose an IDOR (Insecure Direct Object Reference)\n> vulnerability on Grafana Teams APIs. This vulnerability only impacts\n> the following API endpoints:\n>\n> - **/teams/:teamId** - an authenticated attacker can view unintended\n> data by querying for the specific team ID.\n> - **/teams/:search** - an authenticated attacker can search for teams\n> and see the total number of available teams, including for those\n> teams that the user does not have access to.\n> - **/teams/:teamId/members** - when editors_can_admin flag is enabled,\n> an authenticated attacker can see unintended data by querying for\n> the specific team ID.\n>\n> We believe that this vulnerability is rated at CVSS 4.3\n> (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N).\n", "id": "FreeBSD-2022-0044", "modified": "2022-02-12T00:00:00Z", "published": "2022-02-12T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://grafana.com/blog/2022/02/08/grafana-7.5.15-and-8.3.5-released-with-moderate-severity-security-fixes/" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-21713" }, { "type": "WEB", "url": "https://grafana.com/blog/2022/02/08/grafana-7.5.15-and-8.3.5-released-with-moderate-severity-security-fixes/" } ], "schema_version": "1.7.0", "summary": "Grafana -- Teams API IDOR" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "grafana6" }, "ranges": [ { "events": [ { "introduced": "6.0.0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "grafana7" }, "ranges": [ { "events": [ { "fixed": "7.5.15" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "grafana8" }, "ranges": [ { "events": [ { "fixed": "8.3.5" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://grafana.com/blog/2022/02/08/grafana-7.5.15-and-8.3.5-released-with-moderate-severity-security-fixes/" ], "discovery": "2022-01-18T00:00:00Z", "references": { "cvename": [ "CVE-2022-21703" ] }, "vid": "d4284c2e-8b83-11ec-b369-6c3be5272acd" }, "details": "Grafana Labs reports:\n\n> On Jan. 18, security researchers\n> [\\@jub0bs](https://twitter.com/jub0bs) and\n> [\\@abrahack](https://twitter.com/theabrahack) contacted Grafana to\n> [disclose a CSRF\n> vulnerability](https://jub0bs.com/posts/2022-02-08-cve-2022-21703-writeup/)\n> which allows anonymous attackers to elevate their privileges by\n> mounting cross-origin attacks against authenticated high-privilege\n> Grafana users (for example, Editors or Admins). An attacker can\n> exploit this vulnerability for privilege escalation by tricking an\n> authenticated user into inviting the attacker as a new user with high\n> privileges. We believe that this vulnerability is rated at CVSS 6.8\n> (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:N/A:N).\n", "id": "FreeBSD-2022-0043", "modified": "2022-02-12T00:00:00Z", "published": "2022-02-12T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://grafana.com/blog/2022/02/08/grafana-7.5.15-and-8.3.5-released-with-moderate-severity-security-fixes/" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-21703" }, { "type": "WEB", "url": "https://grafana.com/blog/2022/02/08/grafana-7.5.15-and-8.3.5-released-with-moderate-severity-security-fixes/" } ], "schema_version": "1.7.0", "summary": "Grafana -- CSRF" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "grafana6" }, "ranges": [ { "events": [ { "introduced": "6.0.0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "grafana7" }, "ranges": [ { "events": [ { "fixed": "7.5.15" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "grafana8" }, "ranges": [ { "events": [ { "fixed": "8.3.5" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://grafana.com/blog/2022/02/08/grafana-7.5.15-and-8.3.5-released-with-moderate-severity-security-fixes/" ], "discovery": "2022-01-16T00:00:00Z", "references": { "cvename": [ "CVE-2022-21702" ] }, "vid": "cecbc674-8b83-11ec-b369-6c3be5272acd" }, "details": "Grafana Labs reports:\n\n> On Jan. 16, an external security researcher, Jasu Viding contacted\n> Grafana to disclose an XSS vulnerability in the way that Grafana\n> handles data sources. Should an existing data source connected to\n> Grafana be compromised, it could be used to inappropriately gain\n> access to other data sources connected to the same Grafana org. We\n> believe that this vulnerability is rated at CVSS 6.8\n> (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:N/A:N).\n", "id": "FreeBSD-2022-0042", "modified": "2022-02-12T00:00:00Z", "published": "2022-02-12T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://grafana.com/blog/2022/02/08/grafana-7.5.15-and-8.3.5-released-with-moderate-severity-security-fixes/" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-21702" }, { "type": "WEB", "url": "https://grafana.com/blog/2022/02/08/grafana-7.5.15-and-8.3.5-released-with-moderate-severity-security-fixes/" } ], "schema_version": "1.7.0", "summary": "Grafana -- XSS" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "cryptopp" }, "ranges": [ { "events": [ { "fixed": "8.6.0" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://www.cryptopp.com/release860.html" ], "discovery": "2021-09-06T00:00:00Z", "references": { "cvename": [ "CVE-2021-40530" ] }, "vid": "7695b0af-958f-11ec-9aa3-4ccc6adda413" }, "details": "Crypto++ 8.6 release notes reports:\n\n> The ElGamal implementation in Crypto++ through 8.5 allows plaintext\n> recovery because, during interaction between two cryptographic\n> libraries, a certain dangerous combination of the prime defined by the\n> receiver\\'s public key, the generator defined by the receiver\\'s\n> public key, and the sender\\'s ephemeral exponents can lead to a\n> cross-configuration attack against OpenPGP.\n", "id": "FreeBSD-2022-0041", "modified": "2022-02-24T00:00:00Z", "published": "2022-02-24T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://www.cryptopp.com/release860.html" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-40530" }, { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-40530" } ], "schema_version": "1.7.0", "summary": "cryptopp -- ElGamal implementation allows plaintext recovery" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "flac" }, "ranges": [ { "events": [ { "fixed": "1.3.4" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://xiph.org/flac/changelog.html" ], "discovery": "2022-02-20T00:00:00Z", "references": { "cvename": [ "CVE-2021-0561" ] }, "vid": "5e1440c6-95af-11ec-b320-f8b156b6dcc8" }, "details": "The FLAC 1.3.4 release reports:\n\n> Fix 12 decoder bugs found by oss-fuzz.\n>\n> Fix encoder bug CVE-2021-0561.\n", "id": "FreeBSD-2022-0040", "modified": "2022-02-24T00:00:00Z", "published": "2022-02-24T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://xiph.org/flac/changelog.html" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-0561" }, { "type": "ADVISORY", "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-0561" } ], "schema_version": "1.7.0", "summary": "flac -- fix encoder bug" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "cyrus-sasl-sql" }, "ranges": [ { "events": [ { "introduced": "2.1.27" }, { "fixed": "2.1.27_1" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://www.cyrusimap.org/sasl/sasl/release-notes/2.1/index.html#new-in-2-1-28" ], "discovery": "2022-02-04T00:00:00Z", "references": { "cvename": [ "CVE-2022-24407" ] }, "vid": "022dde12-8f4a-11ec-83ac-080027415d17" }, "details": "Cyrus SASL 2.1.x Release Notes New in 2.1.28 reports:\n\n> Escape password for SQL insert/update commands.\n", "id": "FreeBSD-2022-0039", "modified": "2022-02-23T00:00:00Z", "published": "2022-02-23T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://www.cyrusimap.org/sasl/sasl/release-notes/2.1/index.html#new-in-2-1-28" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-24407" }, { "type": "ADVISORY", "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24407" } ], "schema_version": "1.7.0", "summary": "cyrus-sasl -- Escape password for SQL insert/update commands" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "py37-tuf" }, "ranges": [ { "events": [ { "last_affected": "0.18.1" }, { "fixed": "0.18.1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "py38-tuf" }, "ranges": [ { "events": [ { "last_affected": "0.18.1" }, { "fixed": "0.18.1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "py39-tuf" }, "ranges": [ { "events": [ { "last_affected": "0.18.1" }, { "fixed": "0.18.1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "py310-tuf" }, "ranges": [ { "events": [ { "last_affected": "0.18.1" }, { "fixed": "0.18.1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "py311-tuf" }, "ranges": [ { "events": [ { "last_affected": "0.18.1" }, { "fixed": "0.18.1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://nvd.nist.gov/vuln/detail/CVE-2021-41131" ], "discovery": "2021-10-22T00:00:00Z", "references": { "cvename": [ "CVE-2021-41131" ] }, "vid": "85d976be-93e3-11ec-aaad-14dae9d5a9d2" }, "details": "NVD reports:\n\n> python-tuf is a Python reference implementation of The Update\n> Framework (TUF). In both clients (\\`tuf/client\\` and\n> \\`tuf/ngclient\\`), there is a path traversal vulnerability that in the\n> worst case can overwrite files ending in \\`.json\\` anywhere on the\n> client system on a call to \\`get_one_valid_targetinfo()\\`. It occurs\n> because the rolename is used to form the filename, and may contain\n> path traversal characters (ie \\`../../name.json\\`). The impact is\n> mitigated by a few facts: It only affects implementations that allow\n> arbitrary rolename selection for delegated targets metadata, The\n> attack requires the ability to A) insert new metadata for the\n> path-traversing role and B) get the role delegated by an existing\n> targets metadata, The written file content is heavily restricted since\n> it needs to be a valid, signed targets file. The file extension is\n> always .json. A fix is available in version 0.19 or newer. There are\n> no workarounds that do not require code changes. Clients can restrict\n> the allowed character set for rolenames, or they can store metadata in\n> files named in a way that is not vulnerable: neither of these\n> approaches is possible without modifying python-tuf.\n", "id": "FreeBSD-2022-0038", "modified": "2022-02-22T00:00:00Z", "published": "2022-02-22T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-41131" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-41131" }, { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-41131" } ], "schema_version": "1.7.0", "summary": "The Update Framwork -- path traversal vulnerability" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "seatd" }, "ranges": [ { "events": [ { "introduced": "0.6.0" }, { "fixed": "0.6.4" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://lists.sr.ht/~kennylevinsen/seatd-announce/%3CETEO7R.QG8B1KGD531R1%40kl.wtf%3E" ], "discovery": "2022-02-21T00:00:00Z", "references": { "cvename": [ "CVE-2022-25643" ] }, "vid": "1cd565da-455e-41b7-a5b9-86ad8e81e33e" }, "details": "Kenny Levinsen reports:\n\n> seatd-launch could use a user-specified socket path instead of the\n> internally generated socket path, and would unlink the socket path\n> before use to guard against collision with leftover sockets. This\n> meant that a caller could freely control what file path would be\n> unlinked and replaced with a user-owned seatd socket for the duration\n> of the session.\n>\n> If seatd-launch had the SUID bit set, this could be used by a\n> malicious user to remove files with the privileges of the owner of\n> seatd-launch, which is likely root, and replace it with a user-owned\n> domain socket.\n>\n> This does not directly allow retrieving the contents of existing\n> files, and the user-owned socket file is at the current time not\n> believed to be directly useful for further exploitation.\n", "id": "FreeBSD-2022-0037", "modified": "2022-02-22T00:00:00Z", "published": "2022-02-21T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://lists.sr.ht/~kennylevinsen/seatd-announce/%3CETEO7R.QG8B1KGD531R1%40kl.wtf%3E" }, { "type": "WEB", "url": "https://lists.sr.ht/~kennylevinsen/seatd-announce/%3CETEO7R.QG8B1KGD531R1%40kl.wtf%3E" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-25643" } ], "schema_version": "1.7.0", "summary": "seatd-launch -- remove files with escalated privileges with SUID" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "qt5-core" }, "ranges": [ { "events": [ { "fixed": "5.15.2p263_1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://lists.qt-project.org/pipermail/announce/2022-February/000333.html" ], "discovery": "2022-02-17T00:00:00Z", "references": { "cvename": [ "CVE-2022-25255" ] }, "vid": "43ae57f6-92ab-11ec-81b4-2cf05d620ecc" }, "details": "The Qt Company reports:\n\n> Recently, the Qt Project\\'s security team was made aware of an issue\n> regarding QProcess and determined it to be a security issue on\n> Unix-based platforms only. We do not believe this to be a considerable\n> risk for applications as the likelihood of it being triggered is\n> minimal.\n>\n> Specifically, the problem is around using QProcess to start an\n> application without having an absolute path, and as a result, it\n> depends on it finding it in the PATH environment variable. As a\n> result, it may be possible for an attacker to place their copy of the\n> executable in question inside the working/current directory for the\n> QProcess and have it invoked that instead.\n", "id": "FreeBSD-2022-0036", "modified": "2022-02-21T00:00:00Z", "published": "2022-02-21T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://lists.qt-project.org/pipermail/announce/2022-February/000333.html" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-25255" }, { "type": "ADVISORY", "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-25255" } ], "schema_version": "1.7.0", "summary": "Qt5 -- QProcess unexpected search path" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "libmysofa" }, "ranges": [ { "events": [ { "fixed": "1.2.1.13" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://huntr.dev/bounties/7ca8d9ea-e2a6-4294-af28-70260bb53bc1/" ], "discovery": "2021-09-27T00:00:00Z", "references": { "cvename": [ "CVE-2021-3756" ] }, "vid": "4d763c65-9246-11ec-9aa3-4ccc6adda413" }, "details": "Zhengjie Du reports:\n\n> There are some heap-buffer-overflows in mysofa2json of libmysofa. They\n> are in function loudness, mysofa_check and\n> readOHDRHeaderMessageDataLayout.\n", "id": "FreeBSD-2022-0035", "modified": "2022-02-20T00:00:00Z", "published": "2022-02-20T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://huntr.dev/bounties/7ca8d9ea-e2a6-4294-af28-70260bb53bc1/" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-3756" }, { "type": "WEB", "url": "https://www.huntr.dev/bounties/7ca8d9ea-e2a6-4294-af28-70260bb53bc1/" } ], "schema_version": "1.7.0", "summary": "libmysoft -- Heap-based buffer overflow vulnerability" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "mariadb103-client" }, "ranges": [ { "events": [ { "fixed": "10.3.34" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "mariadb103-server" }, "ranges": [ { "events": [ { "fixed": "10.3.34" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "mariadb104-client" }, "ranges": [ { "events": [ { "fixed": "10.4.24" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "mariadb104-server" }, "ranges": [ { "events": [ { "fixed": "10.4.24" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "mariadb105-client" }, "ranges": [ { "events": [ { "fixed": "10.5.15" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "mariadb105-server" }, "ranges": [ { "events": [ { "fixed": "10.5.15" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://mariadb.com/kb/en/cve/" ], "discovery": "2022-02-12T00:00:00Z", "references": { "cvename": [ "CVE-2021-46661", "CVE-2021-46663", "CVE-2021-46664", "CVE-2021-46665", "CVE-2021-46668" ] }, "vid": "27bf9378-8ffd-11ec-8be6-d4c9ef517024" }, "details": "MariaDB reports:\n\n> MariaDB reports 5 vulnerabilities in supported versions resulting from\n> fuzzing tests\n", "id": "FreeBSD-2022-0034", "modified": "2022-02-18T00:00:00Z", "published": "2022-02-18T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://mariadb.com/kb/en/cve/" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-46661" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-46663" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-46664" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-46665" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-46668" }, { "type": "WEB", "url": "https://mariadb.com/kb/en/cve/" }, { "type": "WEB", "url": "https://mariadb.com/kb/en/mdb-10334-rn/" }, { "type": "WEB", "url": "https://mariadb.com/kb/en/mdb-10424-rn/" }, { "type": "WEB", "url": "https://mariadb.com/kb/en/mdb-10515-rn/" } ], "schema_version": "1.7.0", "summary": "MariaDB -- Multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "go" }, "ranges": [ { "events": [ { "fixed": "1.17.7,1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://github.com/golang/go/issues/50974", "https://github.com/golang/go/issues/50699", "https://github.com/golang/go/issues/35671" ], "discovery": "2022-02-10T00:00:00Z", "references": { "cvename": [ "CVE-2022-23806", "CVE-2022-23772", "CVE-2022-23773" ] }, "vid": "096ab080-907c-11ec-bb14-002324b2fba8" }, "details": "The Go project reports:\n\n> crypto/elliptic: fix IsOnCurve for big.Int values that are not valid\n> coordinates\n>\n> Some big.Int values that are not valid field elements (negative or\n> overflowing) might cause Curve.IsOnCurve to incorrectly return true.\n> Operating on those values may cause a panic or an invalid curve\n> operation. Note that Unmarshal will never return such values.\n\n> math/big: prevent large memory consumption in Rat.SetString\n>\n> An attacker can cause unbounded memory growth in a program using\n> (\\*Rat).SetString due to an unhandled overflow.\n\n> cmd/go: prevent branches from materializing into versions\n>\n> A branch whose name resembles a version tag (such as \\\"v1.0.0\\\" or\n> \\\"subdir/v2.0.0-dev\\\") can be considered a valid version by the go\n> command. Materializing versions from branches might be unexpected and\n> bypass ACLs that limit the creation of tags but not branches.\n", "id": "FreeBSD-2022-0033", "modified": "2022-02-18T00:00:00Z", "published": "2022-02-18T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://github.com/golang/go/issues/50974" }, { "type": "REPORT", "url": "https://github.com/golang/go/issues/50699" }, { "type": "REPORT", "url": "https://github.com/golang/go/issues/35671" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-23806" }, { "type": "WEB", "url": "https://github.com/golang/go/issues/50974" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-23772" }, { "type": "WEB", "url": "https://github.com/golang/go/issues/50699" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-23773" }, { "type": "WEB", "url": "https://github.com/golang/go/issues/35671" } ], "schema_version": "1.7.0", "summary": "go -- multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "chromium" }, "ranges": [ { "events": [ { "fixed": "98.0.4758.102" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://chromereleases.googleblog.com/2022/02/stable-channel-update-for-desktop_14.html" ], "discovery": "2022-02-14T00:00:00Z", "references": { "cvename": [ "CVE-2022-0603", "CVE-2022-0604", "CVE-2022-0605", "CVE-2022-0606", "CVE-2022-0607", "CVE-2022-0608", "CVE-2022-0609", "CVE-2022-0610" ] }, "vid": "e12432af-8e73-11ec-8bc4-3065ec8fd3ec" }, "details": "Chrome Releases reports:\n\n> This release contains 11 security fixes, including:\n>\n> - \\[1290008\\] High CVE-2022-0603: Use after free in File Manager.\n> Reported by Chaoyuan Peng (@ret2happy) on 2022-01-22\n> - \\[1273397\\] High CVE-2022-0604: Heap buffer overflow in Tab Groups.\n> Reported by Krace on 2021-11-24\n> - \\[1286940\\] High CVE-2022-0605: Use after free in Webstore API.\n> Reported by Thomas Orlita on 2022-01-13\n> - \\[1288020\\] High CVE-2022-0606: Use after free in ANGLE. Reported by\n> Cassidy Kim of Amber Security Lab, OPPO Mobile Telecommunications\n> Corp. Ltd. on 2022-01-17\n> - \\[1250655\\] High CVE-2022-0607: Use after free in GPU. Reported by\n> 0x74960 on 2021-09-17\n> - \\[1270333\\] High CVE-2022-0608: Integer overflow in Mojo. Reported\n> by Sergei Glazunov of Google Project Zero on 2021-11-16\n> - \\[1296150\\] High CVE-2022-0609: Use after free in Animation.\n> Reported by Adam Weidemann and Cl\u00e9ment Lecigne of Google\\' Threat\n> Analysis Group on 2022-02-10\n> - \\[1285449\\] Medium CVE-2022-0610: Inappropriate implementation in\n> Gamepad API. Reported by Anonymous on 2022-01-08\n", "id": "FreeBSD-2022-0032", "modified": "2022-02-15T00:00:00Z", "published": "2022-02-15T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://chromereleases.googleblog.com/2022/02/stable-channel-update-for-desktop_14.html" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-0603" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-0604" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-0605" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-0606" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-0607" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-0608" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-0609" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-0610" }, { "type": "WEB", "url": "https://chromereleases.googleblog.com/2022/02/stable-channel-update-for-desktop_14.html" } ], "schema_version": "1.7.0", "summary": "chromium -- multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "py37-twisted" }, "ranges": [ { "events": [ { "fixed": "22.1.0" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "py38-twisted" }, "ranges": [ { "events": [ { "fixed": "22.1.0" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "py39-twisted" }, "ranges": [ { "events": [ { "fixed": "22.1.0" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "py310-twisted" }, "ranges": [ { "events": [ { "fixed": "22.1.0" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://github.com/twisted/twisted/security/advisories/GHSA-92x2-jw7w-xvvx" ], "discovery": "2022-02-07T00:00:00Z", "vid": "24049967-88ec-11ec-88f5-901b0e934d69" }, "details": "Twisted developers report:\n\n> Cookie and Authorization headers are leaked when following\n> cross-origin redirects in `twited.web.client.RedirectAgent` and\n> `twisted.web.client.BrowserLikeRedirectAgent`.\n", "id": "FreeBSD-2022-0031", "modified": "2022-02-13T00:00:00Z", "published": "2022-02-13T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://github.com/twisted/twisted/security/advisories/GHSA-92x2-jw7w-xvvx" }, { "type": "WEB", "url": "https://github.com/twisted/twisted/security/advisories/GHSA-92x2-jw7w-xvvx" } ], "schema_version": "1.7.0", "summary": "py-twisted -- cookie and authorization headers are leaked when following cross-origin redirects" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "zsh" }, "ranges": [ { "events": [ { "fixed": "5.8.1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://zsh.sourceforge.io/releases.html" ], "discovery": "2022-02-12T00:00:00Z", "references": { "cvename": [ "CVE-2021-45444" ] }, "vid": "d923fb0c-8c2f-11ec-aa85-0800270512f4" }, "details": "Marc Cornell\u00e0 reports:\n\n> Some prompt expansion sequences, such as %F, support \\'arguments\\'\n> which are themselves expanded in case they contain colour values, etc.\n> This additional expansion would trigger PROMPT_SUBST evaluation, if\n> enabled. This could be abused to execute code the user didn\\'t expect.\n> e.g., given a certain prompt configuration, an attacker could trick a\n> user into executing arbitrary code by having them check out a Git\n> branch with a specially crafted name.\n", "id": "FreeBSD-2022-0030", "modified": "2022-02-12T00:00:00Z", "published": "2022-02-12T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://zsh.sourceforge.io/releases.html" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-45444" }, { "type": "WEB", "url": "https://zsh.sourceforge.io/releases.html" } ], "schema_version": "1.7.0", "summary": "zsh -- Arbitrary command execution vulnerability" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "node" }, "ranges": [ { "events": [ { "introduced": "12.0.0" }, { "fixed": "12.22.9" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "14.0.0" }, { "fixed": "14.18.3" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "16.0.0" }, { "fixed": "16.13.2" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "17.0.0" }, { "fixed": "17.3.1" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "node16" }, "ranges": [ { "events": [ { "fixed": "16.13.2" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "node14" }, "ranges": [ { "events": [ { "fixed": "14.18.3" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://nodejs.org/en/blog/vulnerability/jan-2022-security-releases/" ], "discovery": "2022-01-10T00:00:00Z", "references": { "cvename": [ "CVE-2021-44531", "CVE-2021-44532", "CVE-2021-44533", "CVE-2022-21824" ] }, "vid": "972ba0e8-8b8a-11ec-b369-6c3be5272acd" }, "details": "Node.js reports:\n\n> # Improper handling of URI Subject Alternative Names (Medium)(CVE-2021-44531)\n>\n> Accepting arbitrary Subject Alternative Name (SAN) types, unless a PKI\n> is specifically defined to use a particular SAN type, can result in\n> bypassing name-constrained intermediates. Node.js was accepting URI\n> SAN types, which PKIs are often not defined to use. Additionally, when\n> a protocol allows URI SANs, Node.js did not match the URI correctly.\n>\n> # Certificate Verification Bypass via String Injection (Medium)(CVE-2021-44532)\n>\n> Node.js converts SANs (Subject Alternative Names) to a string format.\n> It uses this string to check peer certificates against hostnames when\n> validating connections. The string format was subject to an injection\n> vulnerability when name constraints were used within a certificate\n> chain, allowing the bypass of these name constraints.\n>\n> # Incorrect handling of certificate subject and issuer fields (Medium)(CVE-2021-44533)\n>\n> Node.js did not handle multi-value Relative Distinguished Names\n> correctly. Attackers could craft certificate subjects containing a\n> single-value Relative Distinguished Name that would be interpreted as\n> a multi-value Relative Distinguished Name, for example, in order to\n> inject a Common Name that would allow bypassing the certificate\n> subject verification.\n>\n> # Prototype pollution via `console.table` properties (Low)(CVE-2022-21824)\n>\n> Due to the formatting logic of the `console.table()` function it was\n> not safe to allow user controlled input to be passed to the\n> `properties` parameter while simultaneously passing a plain object\n> with at least one property as the first parameter, which could be\n> `__proto__`. The prototype pollution has very limited control, in that\n> it only allows an empty string to be assigned to numerical keys of the\n> object prototype.\n", "id": "FreeBSD-2022-0029", "modified": "2022-02-12T00:00:00Z", "published": "2022-02-12T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://nodejs.org/en/blog/vulnerability/jan-2022-security-releases/" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-44531" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-44532" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-44533" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-21824" }, { "type": "WEB", "url": "https://nodejs.org/en/blog/vulnerability/jan-2022-security-releases/" } ], "schema_version": "1.7.0", "summary": "Node.js -- January 2022 Security Releases" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "jenkins" }, "ranges": [ { "events": [ { "fixed": "2.334" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "jenkins-lts" }, "ranges": [ { "events": [ { "fixed": "2.319.3" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://www.jenkins.io/security/advisory/2022-02-09/" ], "discovery": "2022-02-09T00:00:00Z", "references": { "cvename": [ "CVE-2021-43859", "CVE-2022-0538" ] }, "vid": "0b0ad196-1ee8-4a98-89b1-4d5d82af49a9" }, "details": "Jenkins Security Advisory:\n\n> # Description\n>\n> ##### (Medium) SECURITY-2602 / CVE-2021-43859 (upstream issue), CVE-2022-0538 (Jenkins-specific converters)\n>\n> DoS vulnerability in bundled XStream library\n", "id": "FreeBSD-2022-0028", "modified": "2022-02-10T00:00:00Z", "published": "2022-02-10T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://www.jenkins.io/security/advisory/2022-02-09/" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-43859" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-0538" }, { "type": "WEB", "url": "https://www.jenkins.io/security/advisory/2022-02-09/" } ], "schema_version": "1.7.0", "summary": "jenkins -- DoS vulnerability in bundled XStream library" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "mariadb103-client" }, "ranges": [ { "events": [ { "fixed": "10.3.33" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "mariadb103-server" }, "ranges": [ { "events": [ { "fixed": "10.3.33" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "mariadb104-client" }, "ranges": [ { "events": [ { "fixed": "10.4.23" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "mariadb104-server" }, "ranges": [ { "events": [ { "fixed": "10.4.23" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "mariadb105-client" }, "ranges": [ { "events": [ { "fixed": "10.5.14" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "mariadb105-server" }, "ranges": [ { "events": [ { "fixed": "10.5.14" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://mariadb.com/kb/en/cve/" ], "discovery": "2022-02-10T00:00:00Z", "references": { "cvename": [ "CVE-2022-24052", "CVE-2022-24051", "CVE-2022-24050", "CVE-2022-24048", "CVE-2021-46659" ] }, "vid": "ff5606f7-8a45-11ec-8be6-d4c9ef517024" }, "details": "MariaDB reports:\n\n> MariaDB reports 5 vulnerabilities in supported versions without\n> further detailed information.\n", "id": "FreeBSD-2022-0027", "modified": "2022-02-17T00:00:00Z", "published": "2022-02-10T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://mariadb.com/kb/en/cve/" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-24052" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-24051" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-24050" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-24048" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-46659" }, { "type": "WEB", "url": "https://mariadb.com/kb/en/cve/" }, { "type": "WEB", "url": "https://mariadb.com/kb/en/mdb-10333-rn/" }, { "type": "WEB", "url": "https://mariadb.com/kb/en/mdb-10423-rn/" }, { "type": "WEB", "url": "https://mariadb.com/kb/en/mdb-10514-rn/" } ], "schema_version": "1.7.0", "summary": "MariaDB -- Multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "xrdp" }, "ranges": [ { "events": [ { "introduced": "0.9.17,1" }, { "fixed": "0.9.18.1,1" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "xrdp-devel" }, "ranges": [ { "events": [ { "introduced": "0.9.17,1" }, { "fixed": "0.9.18.1,1" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://github.com/neutrinolabs/xrdp/security/advisories/GHSA-8h98-h426-xf32" ], "discovery": "2022-01-23T00:00:00Z", "references": { "cvename": [ "CVE-2022-23613" ] }, "vid": "fc2a9541-8893-11ec-9d01-80ee73419af3" }, "details": "xrdp project reports:\n\n> An integer underflow leading to a heap overflow in the sesman server\n> allows any unauthenticated attacker which is accessible to a sesman\n> server (listens by default on localhost when installing xrdp, but can\n> be remote if configured otherwise) to execute code as root.\n", "id": "FreeBSD-2022-0026", "modified": "2022-02-15T00:00:00Z", "published": "2022-02-08T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://github.com/neutrinolabs/xrdp/security/advisories/GHSA-8h98-h426-xf32" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-23613" }, { "type": "WEB", "url": "https://github.com/neutrinolabs/xrdp/security/advisories/GHSA-8h98-h426-xf32" } ], "schema_version": "1.7.0", "summary": "xrdp -- privilege escalation" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "gitlab-ce" }, "ranges": [ { "events": [ { "introduced": "14.7.0" }, { "fixed": "14.7.1" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "14.6.0" }, { "fixed": "14.6.4" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "0" }, { "fixed": "14.5.4" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://about.gitlab.com/releases/2022/02/03/security-release-gitlab-14-7-1-released/" ], "discovery": "2022-02-03T00:00:00Z", "references": { "cvename": [ "CVE-2022-0427", "CVE-2022-0425", "CVE-2022-0123", "CVE-2022-0136", "CVE-2022-0283", "CVE-2022-0390", "CVE-2022-0373", "CVE-2022-0371", "CVE-2021-39943", "CVE-2022-0477", "CVE-2022-0167", "CVE-2022-0249", "CVE-2022-0344", "CVE-2022-0488", "CVE-2021-39931" ] }, "vid": "3507bfb3-85d5-11ec-8c9c-001b217b3468" }, "details": "Gitlab reports:\n\n> Arbitrary POST requests via special HTML attributes in Jupyter\n> Notebooks\n>\n> DNS Rebinding vulnerability in Irker IRC Gateway integration\n>\n> Missing certificate validation for external CI services\n>\n> Blind SSRF Through Project Import\n>\n> Open redirect vulnerability in Jira Integration\n>\n> Issue link was disclosing the linked issue\n>\n> Service desk email accessible by project non-members\n>\n> Authenticated users can search other users by their private email\n>\n> \\\"External status checks\\\" can be accepted by users below developer\n> access if the user is either author or assignee of the target merge\n> request\n>\n> Deleting packages in bulk from package registries may cause table\n> locks\n>\n> Autocomplete enabled on specific pages\n>\n> Possible SSRF due to not blocking shared address space\n>\n> System notes reveals private project path when Issue is moved to a\n> public project\n>\n> Timeout for pages using Markdown\n>\n> Certain branch names could not be protected\n", "id": "FreeBSD-2022-0025", "modified": "2022-02-04T00:00:00Z", "published": "2022-02-04T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://about.gitlab.com/releases/2022/02/03/security-release-gitlab-14-7-1-released/" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-0427" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-0425" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-0123" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-0136" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-0283" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-0390" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-0373" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-0371" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-39943" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-0477" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-0167" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-0249" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-0344" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-0488" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-39931" }, { "type": "WEB", "url": "https://about.gitlab.com/releases/2022/02/03/security-release-gitlab-14-7-1-released/" } ], "schema_version": "1.7.0", "summary": "Gitlab -- multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "chromium" }, "ranges": [ { "events": [ { "fixed": "98.0.4758.80" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://chromereleases.googleblog.com/2022/02/stable-channel-update-for-desktop.html" ], "discovery": "2022-02-01T00:00:00Z", "references": { "cvename": [ "CVE-2022-0452", "CVE-2022-0453", "CVE-2022-0454", "CVE-2022-0455", "CVE-2022-0456", "CVE-2022-0457", "CVE-2022-0458", "CVE-2022-0459", "CVE-2022-0460", "CVE-2022-0461", "CVE-2022-0462", "CVE-2022-0463", "CVE-2022-0464", "CVE-2022-0465", "CVE-2022-0466", "CVE-2022-0467", "CVE-2022-0468", "CVE-2022-0469", "CVE-2022-0470" ] }, "vid": "e852f43c-846e-11ec-b043-3065ec8fd3ec" }, "details": "Chrome Releases reports:\n\n> This release contains 27 security fixes, including:\n>\n> - \\[1284584\\] High CVE-2022-0452: Use after free in Safe Browsing.\n> Reported by avaue at S.S.L. on 2022-01-05\n> - \\[1284916\\] High CVE-2022-0453: Use after free in Reader Mode.\n> Reported by Rong Jian of VRI on 2022-01-06\n> - \\[1287962\\] High CVE-2022-0454: Heap buffer overflow in ANGLE.\n> Reported by Seong-Hwan Park (SeHwa) of SecunologyLab on 2022-01-17\n> - \\[1270593\\] High CVE-2022-0455: Inappropriate implementation in Full\n> Screen Mode. Reported by Irvan Kurniawan (sourc7) on 2021-11-16\n> - \\[1289523\\] High CVE-2022-0456: Use after free in Web Search.\n> Reported by Zhihua Yao of KunLun Lab on 2022-01-21\n> - \\[1274445\\] High CVE-2022-0457: Type Confusion in V8. Reported by\n> rax of the Group0x58 on 2021-11-29\n> - \\[1267060\\] High CVE-2022-0458: Use after free in Thumbnail Tab\n> Strip. Reported by Leecraso and Guang Gong of 360 Alpha Lab on\n> 2021-11-05\n> - \\[1244205\\] High CVE-2022-0459: Use after free in Screen Capture.\n> Reported by raven (@raid_akame) on 2021-08-28\n> - \\[1250227\\] Medium CVE-2022-0460: Use after free in Window Dialog.\n> Reported by 0x74960 on 2021-09-16\n> - \\[1256823\\] Medium CVE-2022-0461: Policy bypass in COOP. Reported by\n> NDevTK on 2021-10-05\n> - \\[1270470\\] Medium CVE-2022-0462: Inappropriate implementation in\n> Scroll. Reported by Youssef Sammouda on 2021-11-16\n> - \\[1268240\\] Medium CVE-2022-0463: Use after free in Accessibility.\n> Reported by Zhihua Yao of KunLun Lab on 2021-11-09\n> - \\[1270095\\] Medium CVE-2022-0464: Use after free in Accessibility.\n> Reported by Zhihua Yao of KunLun Lab on 2021-11-14\n> - \\[1281941\\] Medium CVE-2022-0465: Use after free in Extensions.\n> Reported by Samet Bekmezci \\@sametbekmezci on 2021-12-22\n> - \\[1115460\\] Medium CVE-2022-0466: Inappropriate implementation in\n> Extensions Platform. Reported by David Erceg on 2020-08-12\n> - \\[1239496\\] Medium CVE-2022-0467: Inappropriate implementation in\n> Pointer Lock. Reported by Alesandro Ortiz on 2021-08-13\n> - \\[1252716\\] Medium CVE-2022-0468: Use after free in Payments.\n> Reported by Krace on 2021-09-24\n> - \\[1279531\\] Medium CVE-2022-0469: Use after free in Cast. Reported\n> by Thomas Orlita on 2021-12-14\n> - \\[1269225\\] Low CVE-2022-0470: Out of bounds memory access in V8.\n> Reported by Looben Yang on 2021-11-11\n", "id": "FreeBSD-2022-0024", "modified": "2022-02-02T00:00:00Z", "published": "2022-02-02T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://chromereleases.googleblog.com/2022/02/stable-channel-update-for-desktop.html" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-0452" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-0453" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-0454" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-0455" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-0456" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-0457" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-0458" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-0459" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-0460" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-0461" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-0462" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-0463" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-0464" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-0465" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-0466" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-0467" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-0468" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-0469" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-0470" }, { "type": "WEB", "url": "https://chromereleases.googleblog.com/2022/02/stable-channel-update-for-desktop.html" } ], "schema_version": "1.7.0", "summary": "chromium -- multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "h2o-devel" }, "ranges": [ { "events": [ { "fixed": "2.3.0.d.20220131" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://github.com/h2o/h2o/security/advisories/GHSA-f9xw-j925-m4m4" ], "discovery": "2021-01-31T00:00:00Z", "references": { "cvename": [ "CVE-2021-43848" ] }, "vid": "1d3677a8-9143-42d8-84a3-0585644dff4b" }, "details": "Emil Lerner reports:\n\n> When receiving QUIC frames in certain order, HTTP/3 server-side\n> implementation of h2o can be misguided to treat uninitialized memory\n> as HTTP/3 frames that have been received. When h2o is used as a\n> reverse proxy, an attacker can abuse this vulnerability to send\n> internal state of h2o to backend servers controlled by the attacker or\n> third party. Also, if there is an HTTP endpoint that reflects the\n> traffic sent from the client, an attacker can use that reflector to\n> obtain internal state of h2o.\n>\n> This internal state includes traffic of other connections in\n> unencrypted form and TLS session tickets.\n>\n> This vulnerability exists in h2o server with HTTP/3 support, between\n> commit 93af138 and d1f0f65. None of the released versions of h2o are\n> affected by this vulnerability.\n", "id": "FreeBSD-2022-0023", "modified": "2022-02-02T00:00:00Z", "published": "2022-02-02T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://github.com/h2o/h2o/security/advisories/GHSA-f9xw-j925-m4m4" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-43848" }, { "type": "WEB", "url": "https://github.com/h2o/h2o/security/advisories/GHSA-f9xw-j925-m4m4" } ], "schema_version": "1.7.0", "summary": "h2o -- uninitialised memory access in HTTP3" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "FreeBSD" }, "ranges": [ { "events": [ { "introduced": "13.0" }, { "fixed": "13.0_6" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "12.2" }, { "fixed": "12.2_12" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "discovery": "2022-01-11T00:00:00Z", "references": { "cvename": [ "CVE-2021-29632" ], "freebsdsa": [ "SA-22:01.vt" ] }, "vid": "b1b6d623-83e4-11ec-90de-1c697aa5a594" }, "details": "# Problem Description:\n\nUnder certain conditions involving use of the highlight buffer while\ntext is scrolling on the console, console data may overwrite data\nstructures associated with the system console or other kernel memory.\n\n# Impact:\n\nUsers with access to the system console may be able to cause system\nmisbehaviour.\n", "id": "FreeBSD-2022-0022", "modified": "2022-02-02T00:00:00Z", "published": "2022-02-02T00:00:00Z", "references": [ { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-29632" }, { "type": "ADVISORY", "url": "https://www.freebsd.org/security/advisories/FreeBSD-SA-22:01.vt.asc" } ], "schema_version": "1.7.0", "summary": "FreeBSD -- vt console buffer overflow" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "samba413" }, "ranges": [ { "events": [ { "fixed": "4.13.17" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "samba414" }, "ranges": [ { "events": [ { "fixed": "4.14.12" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "samba415" }, "ranges": [ { "events": [ { "fixed": "4.15.5" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://www.samba.org/samba/history/security.html" ], "discovery": "2022-01-31T00:00:00Z", "references": { "cvename": [ "CVE-2021-43566", "CVE-2021-44141", "CVE-2021-44142", "CVE-2022-0336" ] }, "vid": "8579074c-839f-11ec-a3b2-005056a311d1" }, "details": "The Samba Team reports:\n\n> - CVE-2021-43566: Malicious client using an SMB1 or NFS race to allow\n> a directory to be created in an area of the server file system not\n> exported under the share definition.\n> - CVE-2021-44141: Information leak via symlinks of existance of files\n> or directories outside of the exported share.\n> - CVE-2021-44142: Out-of-bounds heap read/write vulnerability in VFS\n> module vfs_fruit allows code execution.\n> - CVE-2022-0336: Samba AD users with permission to write to an account\n> can impersonate arbitrary services.\n", "id": "FreeBSD-2022-0021", "modified": "2022-02-01T00:00:00Z", "published": "2022-02-01T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://www.samba.org/samba/history/security.html" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-43566" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-44141" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-44142" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-0336" }, { "type": "WEB", "url": "https://www.samba.org/samba/security/CVE-2021-43566.html" }, { "type": "WEB", "url": "https://www.samba.org/samba/security/CVE-2021-44141.html" }, { "type": "WEB", "url": "https://www.samba.org/samba/security/CVE-2021-44142.html" }, { "type": "WEB", "url": "https://www.samba.org/samba/security/CVE-2022-0336.html" } ], "schema_version": "1.7.0", "summary": "samba -- Multiple Vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "rust" }, "ranges": [ { "events": [ { "fixed": "1.58.1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "rust-nightly" }, "ranges": [ { "events": [ { "fixed": "1.60.0.20220202" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://blog.rust-lang.org/2022/01/20/cve-2022-21658.html" ], "discovery": "2022-01-20T00:00:00Z", "references": { "cvename": [ "CVE-2022-21658" ] }, "vid": "ee26f513-826e-11ec-8be6-d4c9ef517024" }, "details": "> The Rust Security Response WG was notified that the\n> std::fs::remove_dir_all standard library function is vulnerable to a\n> race condition enabling symlink following (CWE-363). An attacker could\n> use this security issue to trick a privileged program into deleting\n> files and directories the attacker couldn\\'t otherwise access or\n> delete.\n", "id": "FreeBSD-2022-0020", "modified": "2022-02-03T00:00:00Z", "published": "2022-01-31T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://blog.rust-lang.org/2022/01/20/cve-2022-21658.html" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-21658" }, { "type": "WEB", "url": "https://blog.rust-lang.org/2022/01/20/cve-2022-21658.html" } ], "schema_version": "1.7.0", "summary": "Rust -- Race condition enabling symlink following" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "varnish6" }, "ranges": [ { "events": [ { "fixed": "6.6.2" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "varnish4" }, "ranges": [ { "events": [ { "fixed": "4.1.11r6" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://varnish-cache.org/security/VSV00008.html" ], "discovery": "2022-01-25T00:00:00Z", "references": { "cvename": [ "CVE-2022-23959" ] }, "vid": "b0c83e1a-8153-11ec-84f9-641c67a117d8" }, "details": "Varnish Cache Project reports:\n\n> A request smuggling attack can be performed on HTTP/1 connections on\n> Varnish Cache servers. The smuggled request would be treated as an\n> additional request by the Varnish server, go through normal VCL\n> processing, and injected as a spurious response on the client\n> connection.\n", "id": "FreeBSD-2022-0019", "modified": "2022-01-29T00:00:00Z", "published": "2022-01-29T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://varnish-cache.org/security/VSV00008.html" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-23959" }, { "type": "WEB", "url": "https://varnish-cache.org/security/VSV00008.html" }, { "type": "WEB", "url": "https://docs.varnish-software.com/security/VSV00008/" }, { "type": "ADVISORY", "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23959" } ], "schema_version": "1.7.0", "summary": "varnish -- Request Smuggling Vulnerability" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "openexr" }, "ranges": [ { "events": [ { "fixed": "3.1.4" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://github.com/AcademySoftwareFoundation/openexr/blob/v3.1.4/CHANGES.md#version-314-january-26-2022" ], "discovery": "2021-11-26T00:00:00Z", "references": { "cvename": [ "CVE-2021-45942" ] }, "vid": "b6ef8a53-8062-11ec-9af3-fb232efe4d2e" }, "details": "Cary Phillips reports:\n\n> \\[OpenEXR Version 3.1.4 is a\\] patch release that \\[\\...\\] addresses\n> one public security vulnerability: CVE-2021-45942 Heap-buffer-overflow\n> in Imf_3_1::LineCompositeTask::execute \\[and several\\] specific\n> OSS-fuzz issues \\[\\...\\].\n", "id": "FreeBSD-2022-0018", "modified": "2022-01-28T00:00:00Z", "published": "2022-01-28T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://github.com/AcademySoftwareFoundation/openexr/blob/v3.1.4/CHANGES.md#version-314-january-26-2022" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-45942" }, { "type": "WEB", "url": "https://github.com/AcademySoftwareFoundation/openexr/blob/v3.1.4/CHANGES.md#version-314-january-26-2022" }, { "type": "WEB", "url": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=41416" }, { "type": "WEB", "url": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=41999" }, { "type": "WEB", "url": "https://github.com/AcademySoftwareFoundation/openexr/pull/1209" } ], "schema_version": "1.7.0", "summary": "OpenEXR -- Heap-buffer-overflow in Imf_3_1::LineCompositeTask::execute" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "openssl" }, "ranges": [ { "events": [ { "fixed": "1.1.1m,1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "openssl-devel" }, "ranges": [ { "events": [ { "fixed": "3.0.1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "openssl-quictls" }, "ranges": [ { "events": [ { "fixed": "3.0.1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://www.openssl.org/news/secadv/20220128.txt" ], "discovery": "2022-01-28T00:00:00Z", "references": { "cvename": [ "CVE-2021-4160" ] }, "vid": "1aaaa5c6-804d-11ec-8be6-d4c9ef517024" }, "details": "The OpenSSL project reports:\n\n> BN_mod_exp may produce incorrect results on MIPS (Moderate)\n>\n> There is a carry propagation bug in the MIPS32 and MIPS64 squaring\n> procedure. Many EC algorithms are affected, including some of the TLS\n> 1.3 default curves. Impact was not analyzed in detail, because the\n> pre-requisites for attack are considered unlikely and include reusing\n> private keys. Analysis suggests that attacks against RSA and DSA as a\n> result of this defect would be very difficult to perform and are not\n> believed likely. Attacks against DH are considered just feasible\n> (although very difficult) because most of the work necessary to deduce\n> information about a private key may be performed offline. The amount\n> of resources required for such an attack would be significant.\n> However, for an attack on TLS to be meaningful, the server would have\n> to share the DH private key among multiple clients, which is no longer\n> an option since CVE-2016-0701.\n", "id": "FreeBSD-2022-0017", "modified": "2022-01-28T00:00:00Z", "published": "2022-01-28T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://www.openssl.org/news/secadv/20220128.txt" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-4160" }, { "type": "WEB", "url": "https://www.openssl.org/news/secadv/20220128.txt" } ], "schema_version": "1.7.0", "summary": "OpenSSL -- BN_mod_exp incorrect results on MIPS" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "phpmustache" }, "ranges": [ { "events": [ { "fixed": "2.14.1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://huntr.dev/bounties/a5f5a988-aa52-4443-839d-299a63f44fb7/" ], "discovery": "2022-01-20T00:00:00Z", "references": { "cvename": [ "CVE-2022-0323" ] }, "vid": "65847d9d-7f3e-11ec-8624-b42e991fc52e" }, "details": "huntr.dev reports:\n\n> In Mustache.php v2.0.0 through v2.14.0, Sections tag can lead to\n> arbitrary php code execution even if strict_callables is true when\n> section value is controllable.\n", "id": "FreeBSD-2022-0016", "modified": "2022-01-27T00:00:00Z", "published": "2022-01-27T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://huntr.dev/bounties/a5f5a988-aa52-4443-839d-299a63f44fb7/" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-0323" }, { "type": "ADVISORY", "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=2022-0323" } ], "schema_version": "1.7.0", "summary": "mustache - Possible Remote Code Execution" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "polkit" }, "ranges": [ { "events": [ { "fixed": "0.120_1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://seclists.org/oss-sec/2022/q1/80" ], "discovery": "2022-01-25T00:00:00Z", "references": { "cvename": [ "CVE-2021-4034" ], "freebsdpr": [ "ports/261482" ] }, "vid": "0f8bf913-7efa-11ec-8c04-2cf05d620ecc" }, "details": "Qualys reports:\n\n> We discovered a Local Privilege Escalation (from any user to root) in\n> polkit\\'s pkexec, a SUID-root program that is installed by default on\n> every major Linux distribution.\n", "id": "FreeBSD-2022-0015", "modified": "2022-01-26T00:00:00Z", "published": "2022-01-26T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://seclists.org/oss-sec/2022/q1/80" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-4034" }, { "type": "WEB", "url": "https://seclists.org/oss-sec/2022/q1/80" }, { "type": "REPORT", "url": "https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=261482" } ], "schema_version": "1.7.0", "summary": "polkit -- Local Privilege Escalation" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "strongswan" }, "ranges": [ { "events": [ { "fixed": "5.9.5" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://github.com/strongswan/strongswan/releases/tag/5.9.5" ], "discovery": "2021-12-16T00:00:00Z", "references": { "cvename": [ "CVE-2021-45079" ] }, "vid": "ccaea96b-7dcd-11ec-93df-00224d821998" }, "details": "Strongswan Release Notes reports:\n\n> Fixed a vulnerability in the EAP client implementation that was caused\n> by incorrectly handling early EAP-Success messages. It may allow to\n> bypass the client and in some scenarios even the server\n> authentication, or could lead to a denial-of-service attack. This\n> vulnerability has been registered as CVE-2021-45079.\n", "id": "FreeBSD-2022-0014", "modified": "2022-01-25T00:00:00Z", "published": "2022-01-25T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://github.com/strongswan/strongswan/releases/tag/5.9.5" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-45079" }, { "type": "WEB", "url": "https://www.strongswan.org/blog/2022/01/24/strongswan-vulnerability-(cve-2021-45079).html" } ], "schema_version": "1.7.0", "summary": "strongswan - Incorrect Handling of Early EAP-Success Messages" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "strongswan" }, "ranges": [ { "events": [ { "fixed": "5.9.4" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://github.com/strongswan/strongswan/releases/tag/5.9.4" ], "discovery": "2021-10-04T00:00:00Z", "references": { "cvename": [ "CVE-2021-41990", "CVE-2021-41991" ] }, "vid": "58528a94-5100-4208-a04d-edc01598cf01" }, "details": "Strongswan Release Notes reports:\n\n> Fixed a denial-of-service vulnerability in the gmp plugin that was\n> caused by an integer overflow when processing RSASSA-PSS signatures\n> with very large salt lengths. This vulnerability has been registered\n> as CVE-2021-41990.\n>\n> Fixed a denial-of-service vulnerability in the in-memory certificate\n> cache if certificates are replaced and a very large random value\n> caused an integer overflow. This vulnerability has been registered as\n> CVE-2021-41991.\n", "id": "FreeBSD-2022-0013", "modified": "2022-01-25T00:00:00Z", "published": "2022-01-25T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://github.com/strongswan/strongswan/releases/tag/5.9.4" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-41990" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-41991" }, { "type": "WEB", "url": "https://www.strongswan.org/blog/2021/10/18/strongswan-vulnerability-(cve-2021-41990).html" }, { "type": "WEB", "url": "https://www.strongswan.org/blog/2021/10/18/strongswan-vulnerability-(cve-2021-41991).html" } ], "schema_version": "1.7.0", "summary": "strongswan - denial-of-service vulnerability in the gmp plugin/denial-of-service vulnerability in the in-memory certificate cache" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "aide" }, "ranges": [ { "events": [ { "fixed": "0.17.4" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "INSERT URL HERE" ], "discovery": "2022-01-15T00:00:00Z", "references": { "cvename": [ "CVE-2021-45417" ] }, "vid": "309c35f4-7c9f-11ec-a739-206a8a720317" }, "details": "David Bouman reports:\n\n> AIDE before 0.17.4 allows local users to obtain root privileges via\n> crafted file metadata (such as XFS extended attributes or tmpfs ACLs),\n> because of a heap-based buffer overflow.\n>\n> Aide uses a fixed size (16k bytes) for the return buffer in\n> encode_base64/decode_base64 functions. This results in a segfault if\n> aide processes a file with too large extended attribute value or ACL.\n", "id": "FreeBSD-2022-0012", "modified": "2022-01-23T00:00:00Z", "published": "2022-01-23T00:00:00Z", "references": [ { "type": "REPORT", "url": "INSERT URL HERE" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-45417" }, { "type": "ADVISORY", "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-45417" } ], "schema_version": "1.7.0", "summary": "aide -- heap-based buffer overflow" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "chromium" }, "ranges": [ { "events": [ { "fixed": "97.0.4692.99" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://chromereleases.googleblog.com/2022/01/stable-channel-update-for-desktop_19.html" ], "discovery": "2022-01-19T00:00:00Z", "references": { "cvename": [ "CVE-2022-0289", "CVE-2022-0290", "CVE-2022-0291", "CVE-2022-0292", "CVE-2022-0293", "CVE-2022-0294", "CVE-2022-0295", "CVE-2022-0296", "CVE-2022-0297", "CVE-2022-0298", "CVE-2022-0300", "CVE-2022-0301", "CVE-2022-0302", "CVE-2022-0303", "CVE-2022-0304", "CVE-2022-0305", "CVE-2022-0306", "CVE-2022-0307", "CVE-2022-0308", "CVE-2022-0309", "CVE-2022-0310", "CVE-2022-0311" ] }, "vid": "51496cbc-7a0e-11ec-a323-3065ec8fd3ec" }, "details": "Chrome Releases reports:\n\n> This release contains 26 security fixes, including:\n>\n> - \\[1284367\\] Critical CVE-2022-0289: Use after free in Safe browsing.\n> Reported by Sergei Glazunov of Google Project Zero on 2022-01-05\n> - \\[1260134\\]\\[1260007\\] High CVE-2022-0290: Use after free in Site\n> isolation. Reported by Brendon Tiszka and Sergei Glazunov of Google\n> Project Zero on 2021-10-15\n> - \\[1281084\\] High CVE-2022-0291: Inappropriate implementation in\n> Storage. Reported by Anonymous on 2021-12-19\n> - \\[1270358\\] High CVE-2022-0292: Inappropriate implementation in\n> Fenced Frames. Reported by Brendon Tiszka on 2021-11-16\n> - \\[1283371\\] High CVE-2022-0293: Use after free in Web packaging.\n> Reported by Rong Jian and Guang Gong of 360 Alpha Lab on 2021-12-30\n> - \\[1273017\\] High CVE-2022-0294: Inappropriate implementation in Push\n> messaging. Reported by Rong Jian and Guang Gong of 360 Alpha Lab on\n> 2021-11-23\n> - \\[1278180\\] High CVE-2022-0295: Use after free in Omnibox. Reported\n> by Weipeng Jiang (@Krace) and Guang Gong of 360 Vulnerability\n> Research Institute on 2021-12-09\n> - \\[1283375\\] High CVE-2022-0296: Use after free in Printing. Reported\n> by koocola(@alo_cook) and Guang Gong of 360 Vulnerability Research\n> Institute on 2021-12-30\n> - \\[1274316\\] High CVE-2022-0297: Use after free in Vulkan. Reported\n> by Cassidy Kim of Amber Security Lab, OPPO Mobile Telecommunications\n> Corp. Ltd. on 2021-11-28\n> - \\[1212957\\] High CVE-2022-0298: Use after free in Scheduling.\n> Reported by Yangkang (@dnpushme) of 360 ATA on 2021-05-25\n> - \\[1275438\\] High CVE-2022-0300: Use after free in Text Input Method\n> Editor. Reported by Rong Jian and Guang Gong of 360 Alpha Lab on\n> 2021-12-01\n> - \\[1276331\\] High CVE-2022-0301: Heap buffer overflow in DevTools.\n> Reported by Abdulrahman Alqabandi, Microsoft Browser Vulnerability\n> Research on 2021-12-03\n> - \\[1278613\\] High CVE-2022-0302: Use after free in Omnibox. Reported\n> by Weipeng Jiang (@Krace) and Guang Gong of 360 Vulnerability\n> Research Institute on 2021-12-10\n> - \\[1281979\\] High CVE-2022-0303: Race in GPU Watchdog. Reported by\n> Yigit Can YILMAZ (@yilmazcanyigit) on 2021-12-22\n> - \\[1282118\\] High CVE-2022-0304: Use after free in Bookmarks.\n> Reported by Rong Jian and Guang Gong of 360 Alpha Lab on 2021-12-22\n> - \\[1282354\\] High CVE-2022-0305: Inappropriate implementation in\n> Service Worker API. Reported by \\@uwu7586 on 2021-12-23\n> - \\[1283198\\] High CVE-2022-0306: Heap buffer overflow in PDFium.\n> Reported by Sergei Glazunov of Google Project Zero on 2021-12-29\n> - \\[1281881\\] Medium CVE-2022-0307: Use after free in Optimization\n> Guide. Reported by Samet Bekmezci \\@sametbekmezci on 2021-12-21\n> - \\[1282480\\] Medium CVE-2022-0308: Use after free in Data Transfer.\n> Reported by \\@ginggilBesel on 2021-12-24\n> - \\[1240472\\] Medium CVE-2022-0309: Inappropriate implementation in\n> Autofill. Reported by Alesandro Ortiz on 2021-08-17\n> - \\[1283805\\] Medium CVE-2022-0310: Heap buffer overflow in Task\n> Manager. Reported by Samet Bekmezci \\@sametbekmezci on 2022-01-03\n> - \\[1283807\\] Medium CVE-2022-0311: Heap buffer overflow in Task\n> Manager. Reported by Samet Bekmezci \\@sametbekmezci on 2022-01-03\n", "id": "FreeBSD-2022-0011", "modified": "2022-01-20T00:00:00Z", "published": "2022-01-20T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://chromereleases.googleblog.com/2022/01/stable-channel-update-for-desktop_19.html" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-0289" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-0290" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-0291" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-0292" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-0293" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-0294" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-0295" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-0296" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-0297" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-0298" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-0300" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-0301" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-0302" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-0303" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-0304" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-0305" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-0306" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-0307" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-0308" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-0309" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-0310" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-0311" }, { "type": "WEB", "url": "https://chromereleases.googleblog.com/2022/01/stable-channel-update-for-desktop_19.html" } ], "schema_version": "1.7.0", "summary": "chromium -- multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "mysql-connector-odbc" }, "ranges": [ { "events": [ { "fixed": "8.0.28" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "mysql-connector-c++" }, "ranges": [ { "events": [ { "fixed": "8.0.28" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "mysql-connector-java" }, "ranges": [ { "events": [ { "fixed": "8.0.28" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "mysql-connector-java51" }, "ranges": [ { "events": [ { "fixed": "8.0.28" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "mysql-server55" }, "ranges": [ { "events": [ { "fixed": "5.5.63" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "mysql-server56" }, "ranges": [ { "events": [ { "fixed": "5.6.52" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "mysql-server57" }, "ranges": [ { "events": [ { "fixed": "5.7.37" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "mysql-server80" }, "ranges": [ { "events": [ { "fixed": "8.0.27" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://www.oracle.com/security-alerts/cpujan2022.html#AppendixMSQL" ], "discovery": "2022-01-18T00:00:00Z", "references": { "cvename": [ "CVE-2021-22946", "CVE-2021-3712", "CVE-2022-21278", "CVE-2022-21351", "CVE-2022-21363", "CVE-2022-21358", "CVE-2022-21352", "CVE-2022-21367", "CVE-2022-21301", "CVE-2022-21378", "CVE-2022-21302", "CVE-2022-21254", "CVE-2022-21348", "CVE-2022-21270", "CVE-2022-21256", "CVE-2022-21379", "CVE-2022-21362", "CVE-2022-21374", "CVE-2022-21253", "CVE-2022-21264", "CVE-2022-21297", "CVE-2022-21339", "CVE-2022-21342", "CVE-2022-21370", "CVE-2022-21304", "CVE-2022-21344", "CVE-2022-21303", "CVE-2022-21368", "CVE-2022-21245", "CVE-2022-21265", "CVE-2022-21249", "CVE-2022-21372" ] }, "vid": "7262f826-795e-11ec-8be6-d4c9ef517024" }, "details": "Oracle reports:\n\n> This Critical Patch Update contains 78 new security patches for Oracle\n> MySQL. 3 of these vulnerabilities may be remotely exploitable without\n> authentication, i.e., may be exploited over a network without\n> requiring user credentials.\\\n> The highest CVSS v3.1 Base Score of vulnerabilities affecting Oracle\n> MySQL is 7.4\n", "id": "FreeBSD-2022-0010", "modified": "2022-01-19T00:00:00Z", "published": "2022-01-19T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://www.oracle.com/security-alerts/cpujan2022.html#AppendixMSQL" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-22946" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-3712" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-21278" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-21351" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-21363" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-21358" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-21352" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-21367" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-21301" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-21378" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-21302" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-21254" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-21348" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-21270" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-21256" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-21379" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-21362" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-21374" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-21253" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-21264" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-21297" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-21339" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-21342" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-21370" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-21304" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-21344" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-21303" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-21368" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-21245" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-21265" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-21249" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-21372" }, { "type": "WEB", "url": "https://www.oracle.com/security-alerts/cpujan2022.html#AppendixMSQL" } ], "schema_version": "1.7.0", "summary": "MySQL -- Multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "prosody" }, "ranges": [ { "events": [ { "fixed": "0.11.12" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://prosody.im/security/advisory_20220113/" ], "discovery": "2022-01-10T00:00:00Z", "references": { "cvename": [ "CVE-2022-0217" ] }, "vid": "e3ec8b30-757b-11ec-922f-654747404482" }, "details": "The Prosody teaM reports:\n\n> It was discovered that an internal Prosody library to load XML based\n> on does not properly restrict the XML features allowed in parsed XML\n> data. Given suitable attacker input, this results in expansion of\n> recursive entity references from DTDs (CWE-776). In addition,\n> depending on the libexpat version used, it may also allow injections\n> using XML External Entity References (CWE-611).\n", "id": "FreeBSD-2022-0009", "modified": "2022-01-14T00:00:00Z", "published": "2022-01-14T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://prosody.im/security/advisory_20220113/" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-0217" }, { "type": "WEB", "url": "https://prosody.im/security/advisory_20220113/" } ], "schema_version": "1.7.0", "summary": "Prosody XMPP server advisory 2022-01-13" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "wordpress" }, "ranges": [ { "events": [ { "fixed": "5.8.3,1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://wordpress.org/news/2022/01/wordpress-5-8-3-security-release/" ], "discovery": "2022-01-06T00:00:00Z", "vid": "79b65dc5-749f-11ec-8be6-d4c9ef517024" }, "details": "The WordPress project reports:\n\n> - Issue with stored XSS through post slugs\n> - Issue with Object injection in some multisite installations\n> - SQL injection vulnerability in WP_Query\n> - SQL injection vulnerability in WP_Meta_Query\n", "id": "FreeBSD-2022-0008", "modified": "2022-01-13T00:00:00Z", "published": "2022-01-13T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://wordpress.org/news/2022/01/wordpress-5-8-3-security-release/" }, { "type": "WEB", "url": "https://wordpress.org/news/2022/01/wordpress-5-8-3-security-release/" } ], "schema_version": "1.7.0", "summary": "WordPress -- Multiple Vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "clamav" }, "ranges": [ { "events": [ { "fixed": "0.104.2,1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "clamav-lts" }, "ranges": [ { "events": [ { "fixed": "0.103.5,1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://blog.clamav.net/2022/01/clamav-01035-and-01042-security-patch.html" ], "discovery": "2022-01-12T00:00:00Z", "references": { "cvename": [ "CVE-2022-20698" ] }, "vid": "2a6106c6-73e5-11ec-8fa2-0800270512f4" }, "details": "Laurent Delosieres reports:\n\n> Fix for invalid pointer read that may cause a crash. This issue\n> affects 0.104.1, 0.103.4 and prior when ClamAV is compiled with\n> libjson-c and the `CL_SCAN_GENERAL_COLLECT_METADATA` scan option (the\n> `clamscan --gen-json` option) is enabled.\n", "id": "FreeBSD-2022-0007", "modified": "2022-01-12T00:00:00Z", "published": "2022-01-12T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://blog.clamav.net/2022/01/clamav-01035-and-01042-security-patch.html" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-20698" }, { "type": "WEB", "url": "https://blog.clamav.net/2022/01/clamav-01035-and-01042-security-patch.html" } ], "schema_version": "1.7.0", "summary": "clamav -- invalid pointer read that may cause a crash" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "jenkins" }, "ranges": [ { "events": [ { "fixed": "2.330" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "jenkins-lts" }, "ranges": [ { "events": [ { "fixed": "2.319.2" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://www.jenkins.io/security/advisory/2021-11-04/" ], "discovery": "2022-01-12T00:00:00Z", "references": { "cvename": [ "CVE-2022-20612" ] }, "vid": "672eeea9-a070-4f88-b0f1-007e90a2cbc3" }, "details": "Jenkins Security Advisory:\n\n> # Description\n>\n> ##### (Medium) SECURITY-2558 / CVE-2022-20612\n>\n> CSRF vulnerability in build triggers\n", "id": "FreeBSD-2022-0006", "modified": "2022-01-12T00:00:00Z", "published": "2022-01-12T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://www.jenkins.io/security/advisory/2021-11-04/" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-20612" }, { "type": "WEB", "url": "https://www.jenkins.io/security/advisory/2022-01-12/" } ], "schema_version": "1.7.0", "summary": "jenkins -- multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "gitlab-ce" }, "ranges": [ { "events": [ { "introduced": "14.6.0" }, { "fixed": "14.6.2" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "14.5.0" }, { "fixed": "14.5.3" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "7.7" }, { "fixed": "14.4.5" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://about.gitlab.com/releases/2022/01/11/security-release-gitlab-14-6-2-released/" ], "discovery": "2022-01-11T00:00:00Z", "references": { "cvename": [ "CVE-2021-39946", "CVE-2022-0154", "CVE-2022-0152", "CVE-2022-0151", "CVE-2022-0172", "CVE-2022-0090", "CVE-2022-0125", "CVE-2022-0124", "CVE-2021-39942", "CVE-2022-0093", "CVE-2021-39927" ] }, "vid": "43f84437-73ab-11ec-a587-001b217b3468" }, "details": "Gitlab reports:\n\n> Arbitrary file read via group import feature\n>\n> Stored XSS in notes\n>\n> Lack of state parameter on GitHub import project OAuth\n>\n> Vulnerability related fields are available to unauthorized users on\n> GraphQL API\n>\n> Deleting packages may cause table locks\n>\n> IP restriction bypass via GraphQL\n>\n> Repository content spoofing using Git replacement references\n>\n> Users can import members from projects that they are not a maintainer\n> on through API\n>\n> Possibility to direct user to malicious site through Slack integration\n>\n> Bypassing file size limits to the NPM package repository\n>\n> User with expired password can still access sensitive information\n>\n> Incorrect port validation allows access to services on ports 80 and\n> 443 if GitLab is configured to run on another port\n", "id": "FreeBSD-2022-0005", "modified": "2022-01-12T00:00:00Z", "published": "2022-01-12T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://about.gitlab.com/releases/2022/01/11/security-release-gitlab-14-6-2-released/" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-39946" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-0154" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-0152" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-0151" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-0172" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-0090" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-0125" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-0124" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-39942" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-0093" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-39927" }, { "type": "WEB", "url": "https://about.gitlab.com/releases/2022/01/11/security-release-gitlab-14-6-2-released/" } ], "schema_version": "1.7.0", "summary": "Gitlab -- Multiple Vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "uriparser" }, "ranges": [ { "events": [ { "fixed": "0.9.6" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://github.com/uriparser/uriparser/blob/uriparser-0.9.6/ChangeLog" ], "discovery": "2022-01-06T00:00:00Z", "references": { "cvename": [ "CVE-2021-46141", "CVE-2021-46142" ] }, "vid": "b927b654-7146-11ec-ad4b-5404a68ad561" }, "details": "Upstream project reports:\n\n> Fix a bug affecting both uriNormalizeSyntax\\* and uriMakeOwner\\*\n> functions where the text range in .hostText would not be duped using\n> malloc but remain unchanged (and hence \\\"not owned\\\") for URIs with an\n> IPv4 or IPv6 address hostname; depending on how an application uses\n> uriparser, this could lead the application into a use-after-free\n> situation. As the second half, fix uriFreeUriMembers\\* functions that\n> would not free .hostText memory for URIs with an IPv4 or IPv6 address\n> host; also, calling uriFreeUriMembers\\* multiple times on a URI of\n> this very nature would result in trying to free pointers to stack\n> (rather than heap) memory. Fix functions uriNormalizeSyntax\\* for\n> out-of-memory situations (i.e. malloc returning NULL) for URIs\n> containing empty segments (any of user info, host text, query, or\n> fragment) where previously pointers to stack (rather than heap) memory\n> were freed.\n", "id": "FreeBSD-2022-0004", "modified": "2022-01-09T00:00:00Z", "published": "2022-01-09T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://github.com/uriparser/uriparser/blob/uriparser-0.9.6/ChangeLog" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-46141" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-46142" }, { "type": "WEB", "url": "https://github.com/uriparser/uriparser/blob/uriparser-0.9.6/ChangeLog" } ], "schema_version": "1.7.0", "summary": "uriparser -- Multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "py37-django22" }, "ranges": [ { "events": [ { "fixed": "2.2.26" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "py38-django22" }, "ranges": [ { "events": [ { "fixed": "2.2.26" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "py39-django22" }, "ranges": [ { "events": [ { "fixed": "2.2.26" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "py37-django32" }, "ranges": [ { "events": [ { "fixed": "3.2.11" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "py38-django32" }, "ranges": [ { "events": [ { "fixed": "3.2.11" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "py39-django32" }, "ranges": [ { "events": [ { "fixed": "3.2.11" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "py37-django40" }, "ranges": [ { "events": [ { "fixed": "4.0.1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "py38-django40" }, "ranges": [ { "events": [ { "fixed": "4.0.1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "py39-django40" }, "ranges": [ { "events": [ { "fixed": "4.0.1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://www.djangoproject.com/weblog/2022/jan/04/security-releases/" ], "discovery": "2021-12-20T00:00:00Z", "references": { "cvename": [ "CVE-2021-45115", "CVE-2021-45116", "CVE-2021-45452" ] }, "vid": "d3e023fb-6e88-11ec-b948-080027240888" }, "details": "Django Release reports:\n\n> CVE-2021-45115: Denial-of-service possibility in\n> UserAttributeSimilarityValidator.\n>\n> CVE-2021-45116: Potential information disclosure in dictsort template\n> filter.\n>\n> CVE-2021-45452: Potential directory-traversal via Storage.save().\n", "id": "FreeBSD-2022-0003", "modified": "2022-01-06T00:00:00Z", "published": "2022-01-06T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://www.djangoproject.com/weblog/2022/jan/04/security-releases/" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-45115" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-45116" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-45452" }, { "type": "WEB", "url": "https://www.djangoproject.com/weblog/2022/jan/04/security-releases/" } ], "schema_version": "1.7.0", "summary": "Django -- multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "routinator" }, "ranges": [ { "events": [ { "fixed": "0.10.1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://nlnetlabs.nl/projects/rpki/security-advisories/" ], "discovery": "2021-11-09T00:00:00Z", "references": { "cvename": [ "CVE-2021-43172", "CVE-2021-43173", "CVE-2021-43174" ] }, "vid": "9c990e67-6e30-11ec-82db-b42e991fc52e" }, "details": "nlnetlabs reports:\n\n> Release 0.10.2 contains fixes for the following issues:\n>\n> - Medium CVE-2021-43172: Infinite length chain of RRDP repositories.\n> Credit: Koen van Hove. Date: 2021-11-09\n> - Medium CVE-2021-43173: Hanging RRDP request. Credit: Koen van Hove.\n> Date: 2021-11-09\n> - Medium CVE-2021-43174: gzip transfer encoding caused out-of-memory\n> crash. Credit Koen van Hove. Date: 2021-11-09\n", "id": "FreeBSD-2022-0002", "modified": "2022-01-05T00:00:00Z", "published": "2022-01-05T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://nlnetlabs.nl/projects/rpki/security-advisories/" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-43172" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-43173" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-43174" }, { "type": "WEB", "url": "https://nlnetlabs.nl/projects/rpki/security-advisories/" } ], "schema_version": "1.7.0", "summary": "routinator -- multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "chromium" }, "ranges": [ { "events": [ { "fixed": "97.0.4692.71" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://chromereleases.googleblog.com/2022/01/stable-channel-update-for-desktop.html" ], "discovery": "2022-01-04T00:00:00Z", "references": { "cvename": [ "CVE-2022-0096", "CVE-2022-0097", "CVE-2022-0098", "CVE-2022-0099", "CVE-2022-0100", "CVE-2022-0101", "CVE-2022-0102", "CVE-2022-0103", "CVE-2022-0104", "CVE-2022-0105", "CVE-2022-0106", "CVE-2022-0107", "CVE-2022-0108", "CVE-2022-0109", "CVE-2022-0110", "CVE-2022-0111", "CVE-2022-0112", "CVE-2022-0113", "CVE-2022-0114", "CVE-2022-0115", "CVE-2022-0116", "CVE-2022-0117", "CVE-2022-0118", "CVE-2022-0120" ] }, "vid": "9eeccbf3-6e26-11ec-bb10-3065ec8fd3ec" }, "details": "Chrome Releases reports:\n\n> This release contains 37 security fixes, including:\n>\n> - \\[\\$TBD\\]\\[1275020\\] Critical CVE-2022-0096: Use after free in\n> Storage. Reported by Yangkang (@dnpushme) of 360 ATA on 2021-11-30\n> - \\[1117173\\] High CVE-2022-0097: Inappropriate implementation in\n> DevTools. Reported by David Erceg on 2020-08-17\n> - \\[1273609\\] High CVE-2022-0098: Use after free in Screen Capture.\n> Reported by \\@ginggilBesel on 2021-11-24\n> - \\[1245629\\] High CVE-2022-0099: Use after free in Sign-in. Reported\n> by Rox on 2021-09-01\n> - \\[1238209\\] High CVE-2022-0100: Heap buffer overflow in Media\n> streams API. Reported by Cassidy Kim of Amber Security Lab, OPPO\n> Mobile Telecommunications Corp. Ltd. on 2021-08-10\n> - \\[1249426\\] High CVE-2022-0101: Heap buffer overflow in Bookmarks.\n> Reported by raven (@raid_akame) on 2021-09-14\n> - \\[1260129\\] High CVE-2022-0102: Type Confusion in V8 . Reported by\n> Brendon Tiszka on 2021-10-14\n> - \\[1272266\\] High CVE-2022-0103: Use after free in SwiftShader.\n> Reported by Abraruddin Khan and Omair on 2021-11-21\n> - \\[1273661\\] High CVE-2022-0104: Heap buffer overflow in ANGLE.\n> Reported by Abraruddin Khan and Omair on 2021-11-25\n> - \\[1274376\\] High CVE-2022-0105: Use after free in PDF. Reported by\n> Cassidy Kim of Amber Security Lab, OPPO Mobile Telecommunications\n> Corp. Ltd. on 2021-11-28\n> - \\[1278960\\] High CVE-2022-0106: Use after free in Autofill. Reported\n> by Khalil Zhani on 2021-12-10\n> - \\[1248438\\] Medium CVE-2022-0107: Use after free in File Manager\n> API. Reported by raven (@raid_akame) on 2021-09-10\n> - \\[1248444\\] Medium CVE-2022-0108: Inappropriate implementation in\n> Navigation. Reported by Luan Herrera (@lbherrera\\_) on 2021-09-10\n> - \\[1261689\\] Medium CVE-2022-0109: Inappropriate implementation in\n> Autofill. Reported by Young Min Kim (@ylemkimon), CompSec Lab at\n> Seoul National University on 2021-10-20\n> - \\[1237310\\] Medium CVE-2022-0110: Incorrect security UI in Autofill.\n> Reported by Alesandro Ortiz on 2021-08-06\n> - \\[1241188\\] Medium CVE-2022-0111: Inappropriate implementation in\n> Navigation. Reported by garygreen on 2021-08-18\n> - \\[1255713\\] Medium CVE-2022-0112: Incorrect security UI in Browser\n> UI. Reported by Thomas Orlita on 2021-10-04\n> - \\[1039885\\] Medium CVE-2022-0113: Inappropriate implementation in\n> Blink. Reported by Luan Herrera (@lbherrera\\_) on 2020-01-07\n> - \\[1267627\\] Medium CVE-2022-0114: Out of bounds memory access in Web\n> Serial. Reported by Looben Yang on 2021-11-06\n> - \\[1268903\\] Medium CVE-2022-0115: Uninitialized Use in File API.\n> Reported by Mark Brand of Google Project Zero on 2021-11-10\n> - \\[1272250\\] Medium CVE-2022-0116: Inappropriate implementation in\n> Compositing. Reported by Irvan Kurniawan (sourc7) on 2021-11-20\n> - \\[1115847\\] Low CVE-2022-0117: Policy bypass in Service Workers.\n> Reported by Dongsung Kim (@kid1ng) on 2020-08-13\n> - \\[1238631\\] Low CVE-2022-0118: Inappropriate implementation in\n> WebShare. Reported by Alesandro Ortiz on 2021-08-11\n> - \\[1262953\\] Low CVE-2022-0120: Inappropriate implementation in\n> Passwords. Reported by CHAKRAVARTHI (Ruler96) on 2021-10-25\n", "id": "FreeBSD-2022-0001", "modified": "2022-01-05T00:00:00Z", "published": "2022-01-05T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://chromereleases.googleblog.com/2022/01/stable-channel-update-for-desktop.html" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-0096" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-0097" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-0098" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-0099" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-0100" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-0101" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-0102" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-0103" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-0104" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-0105" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-0106" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-0107" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-0108" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-0109" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-0110" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-0111" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-0112" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-0113" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-0114" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-0115" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-0116" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-0117" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-0118" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2022-0120" }, { "type": "WEB", "url": "https://chromereleases.googleblog.com/2022/01/stable-channel-update-for-desktop.html" } ], "schema_version": "1.7.0", "summary": "chromium -- multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "roundcube" }, "ranges": [ { "events": [ { "fixed": "1.5.2,1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "://roundcube.net/news/2021/12/30/update-1.5.2-released" ], "discovery": "2021-12-30T00:00:00Z", "vid": "47197b47-6a1a-11ec-8be6-d4c9ef517024" }, "details": "The Roundcube project reports:\n\n> Cross-site scripting (XSS) via HTML messages with malicious CSS\n> content\n", "id": "FreeBSD-2021-0314", "modified": "2021-12-31T00:00:00Z", "published": "2021-12-31T00:00:00Z", "references": [ { "type": "REPORT", "url": "://roundcube.net/news/2021/12/30/update-1.5.2-released" }, { "type": "WEB", "url": "https://roundcube.net/news/2021/12/30/update-1.5.2-released" } ], "schema_version": "1.7.0", "summary": "Roundcube -- XSS vulnerability" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "mbedtls" }, "ranges": [ { "events": [ { "fixed": "2.16.12" }, { "introduced": "0" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "2.17.0" }, { "fixed": "2.28.0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://tls.mbed.org/tech-updates/security-advisories/mbedtls-security-advisory-2021-12" ], "discovery": "2021-12-14T00:00:00Z", "references": { "cvename": [ "CVE-2021-44732" ] }, "vid": "c1b2b492-6999-11ec-a50c-001cc0382b2f" }, "details": "Manuel P\u00e9gouri\u00e9-Gonnard reports:\n\n> If mbedtls_ssl_set_session() or mbedtls_ssl_get_session() were to fail\n> with MBEDTLS_ERR_SSL_ALLOC_FAILED (in an out of memory condition),\n> then calling mbedtls_ssl_session_free() and mbedtls_ssl_free() in the\n> usual manner would cause an internal session buffer to be freed twice,\n> due to two structures both having valid pointers to it after a call to\n> ssl_session_copy().\n>\n> An attacker could potentially trigger the out of memory condition, and\n> therefore use this bug to create memory corruption, which could then\n> be further exploited or targetted.\n", "id": "FreeBSD-2021-0313", "modified": "2021-12-30T00:00:00Z", "published": "2021-12-30T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://tls.mbed.org/tech-updates/security-advisories/mbedtls-security-advisory-2021-12" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-44732" }, { "type": "WEB", "url": "https://tls.mbed.org/tech-updates/security-advisories/mbedtls-security-advisory-2021-12" } ], "schema_version": "1.7.0", "summary": "Mbed TLS -- Potential double-free after an out of memory error" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "opendmarc" }, "ranges": [ { "events": [ { "introduced": "1.4.1" }, { "fixed": "1.4.2" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "discovery": "2021-06-09T00:00:00Z", "references": { "cvename": [ "CVE-2021-34555" ] }, "vid": "ede832bf-6576-11ec-a636-000c29061ce6" }, "details": "OpenDMARC 1.4.1 and 1.4.1.1 will dereference a NULL pointer when\nencountering a multi-value From: header field. A remote attacker can\nsend a specially crafted message resulting in a denial of service.\n", "id": "FreeBSD-2021-0312", "modified": "2021-12-30T00:00:00Z", "published": "2021-12-30T00:00:00Z", "references": [ { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-34555" }, { "type": "WEB", "url": "https://github.com/trusteddomainproject/OpenDMARC/issues/179" } ], "schema_version": "1.7.0", "summary": "OpenDMARC - Remote denial of service" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "opendmarc" }, "ranges": [ { "events": [ { "fixed": "1.4.1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "discovery": "2021-04-06T00:00:00Z", "references": { "cvename": [ "CVE-2019-16378", "CVE-2019-20790", "CVE-2020-12272", "CVE-2020-12460" ] }, "vid": "937aa1d6-685e-11ec-a636-000c29061ce6" }, "details": "OpenDMARC releases prior to 1.4.1 are susceptible to the following\nvulnerabilities:\n\n- (CVE-2019-16378) OpenDMARC through 1.3.2 and 1.4.x through 1.4.0-Beta1\n is prone to a signature-bypass vulnerability with multiple From:\n addresses, which might affect applications that consider a domain name\n to be relevant to the origin of an e-mail message.\n- (CVE-2019-20790) OpenDMARC through 1.3.2 and 1.4.x, when used with\n pypolicyd-spf 2.0.2, allows attacks that bypass SPF and DMARC\n authentication in situations where the HELO field is inconsistent with\n the MAIL FROM field.\n- (CVE-2020-12272) OpenDMARC through 1.3.2 and 1.4.x allows attacks that\n inject authentication results to provide false information about the\n domain that originated an e-mail message.\n- (CVE-2020-12460) OpenDMARC through 1.3.2 and 1.4.x through 1.4.0-Beta1\n has improper null termination in the function opendmarc_xml_parse that\n can result in a one-byte heap overflow in opendmarc_xml when parsing a\n specially crafted DMARC aggregate report. This can cause remote memory\n corruption.\n", "id": "FreeBSD-2021-0311", "modified": "2021-12-30T00:00:00Z", "published": "2021-12-30T00:00:00Z", "references": [ { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-16378" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-20790" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-12272" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-12460" }, { "type": "WEB", "url": "https://github.com/trusteddomainproject/OpenDMARC/blob/rel-opendmarc-1-4-1-1/RELEASE_NOTES" } ], "schema_version": "1.7.0", "summary": "OpenDMARC - Multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "minio" }, "ranges": [ { "events": [ { "fixed": "2021.12.27.07.23.18" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://github.com/minio/minio/security/advisories/GHSA-j6jc-jqqc-p6cx" ], "discovery": "2021-12-27T00:00:00Z", "references": { "cvename": [ "CVE-2021-43858" ] }, "vid": "a4ff3673-d742-4b83-8c2b-3ddafe732034" }, "details": "minio developers report:\n\n> AddUser() API endpoint was exposed to a legacy behavior. i.e it\n> accepts a \\\"policy\\\" field\n>\n> This API is mainly used to create a user or update a user\\'s password.\n>\n> However, a malicious client can hand-craft an HTTP API call that\n> allows for updating Policy for a user and gaining higher privileges.\n", "id": "FreeBSD-2021-0310", "modified": "2021-12-29T00:00:00Z", "published": "2021-12-29T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://github.com/minio/minio/security/advisories/GHSA-j6jc-jqqc-p6cx" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-43858" }, { "type": "WEB", "url": "https://github.com/minio/minio/security/advisories/GHSA-j6jc-jqqc-p6cx" } ], "schema_version": "1.7.0", "summary": "minio -- User privilege escalation" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "py38-pillow" }, "ranges": [ { "events": [ { "introduced": "5.2.0" }, { "fixed": "8.3.2" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://github.com/advisories/GHSA-98vv-pw6r-q6q4" ], "discovery": "2021-09-02T00:00:00Z", "references": { "cvename": [ "CVE-2021-23437" ] }, "vid": "ed8a4215-675c-11ec-8dd4-a0f3c100ae18" }, "details": "GitHub Advisory Database reports:\n\n> Uncontrolled Resource Consumption in pillow.\n>\n> The package pillow from 0 and before 8.3.2 are vulnerable to Regular\n> Expression Denial of Service (ReDoS) via the getrgb function.\n>\n> References:\n>\n> - https://nvd.nist.gov/vuln/detail/CVE-2021-23437\n> - https://github.com/python-pillow/Pillow/commit/9e08eb8f78fdfd2f476e1b20b7cf38683754866b\n> - https://pillow.readthedocs.io/en/stable/releasenotes/8.3.2.html\n> - https://snyk.io/vuln/SNYK-PYTHON-PILLOW-1319443\n> - https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RNSG6VFXTAROGF7ACYLMAZNQV4EJ6I2C/\n> - https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VKRCL7KKAKOXCVD7M6WC5OKFGL4L3SJT/\n", "id": "FreeBSD-2021-0309", "modified": "2021-09-03T00:00:00Z", "published": "2021-09-03T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://github.com/advisories/GHSA-98vv-pw6r-q6q4" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-23437" }, { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-23437" } ], "schema_version": "1.7.0", "summary": "Pillow -- Regular Expression Denial of Service (ReDoS)" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "opensearch" }, "ranges": [ { "events": [ { "fixed": "1.2.3" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://opensearch.org/blog/releases/2021/12/update-1-2-3/" ], "discovery": "2021-12-16T00:00:00Z", "references": { "cvename": [ "CVE-2021-45105" ] }, "vid": "d1be3d73-6737-11ec-9eea-589cfc007716" }, "details": "OpenSearch reports:\n\n> CVE-2021-45105 for Log4j was issued after the release of OpenSearch\n> 1.2.2. This CVE advises upgrading to Log4j 2.17.0. While there has\n> been no observed reproduction of the issue described in CVE-2021-45105\n> in OpenSearch, we have released OpenSearch 1.2.3 which updates Log4j\n> to version 2.17.0.\n", "id": "FreeBSD-2021-0308", "modified": "2021-12-27T00:00:00Z", "published": "2021-12-27T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://opensearch.org/blog/releases/2021/12/update-1-2-3/" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-45105" }, { "type": "WEB", "url": "https://opensearch.org/blog/releases/2021/12/update-1-2-3/" } ], "schema_version": "1.7.0", "summary": "OpenSearch -- Log4Shell" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "opensearch" }, "ranges": [ { "events": [ { "fixed": "1.2.2" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://opensearch.org/blog/releases/2021/12/update-1-2-2/" ], "discovery": "2021-12-14T00:00:00Z", "references": { "cvename": [ "CVE-2021-45046" ] }, "vid": "b0f49cb9-6736-11ec-9eea-589cfc007716" }, "details": "OpenSearch reports:\n\n> CVE-2021-45046 was issued shortly following the release of OpenSearch\n> 1.2.1. This new CVE advises upgrading from Log4j 2.15.0 (used in\n> OpenSearch 1.2.1) to Log4j 2.16.0. Out of an abundance of caution, the\n> team is releasing OpenSearch 1.2.2 which includes Log4j 2.16.0. While\n> there has been no observed reproduction of the issue described in\n> CVE-2021-45046, Log4j 2.16.0 takes much more extensive JNDI mitigation\n> measures.\n", "id": "FreeBSD-2021-0307", "modified": "2021-12-27T00:00:00Z", "published": "2021-12-27T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://opensearch.org/blog/releases/2021/12/update-1-2-2/" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-45046" }, { "type": "WEB", "url": "https://opensearch.org/blog/releases/2021/12/update-1-2-2/" } ], "schema_version": "1.7.0", "summary": "OpenSearch -- Log4Shell" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "opengrok" }, "ranges": [ { "events": [ { "last_affected": "1.6.7" }, { "fixed": "1.6.7" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://medium.com/@bobbyrsec/oracle-opengrok-rce-cve-2021-2322-a284e5621bfe" ], "discovery": "2021-04-07T00:00:00Z", "references": { "cvename": [ "CVE-2021-2322" ] }, "vid": "1135e939-62b4-11ec-b8e2-1c1b0d9ea7e6" }, "details": "Bobby Rauch of Accenture reports:\n\n> I ended up finding OpenGrok, and after careful testing, discovered\n> that OpenGrok insecurely deserializes XML input, which can lead to\n> Remote Code Execution. This vulnerability was found in all versions of\n> OpenGrok \\<1.6.8 and was reported to Oracle. The vulnerability has now\n> been patched in OpenGrok 1.6.9, and has been issued a CVE.\n> (https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-2322)\n", "id": "FreeBSD-2021-0306", "modified": "2021-12-21T00:00:00Z", "published": "2021-12-21T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://medium.com/@bobbyrsec/oracle-opengrok-rce-cve-2021-2322-a284e5621bfe" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-2322" }, { "type": "WEB", "url": "https://www.oracle.com/security-alerts/oracle-open-source-cves-outside-other-oracle-public-documents.html" }, { "type": "WEB", "url": "https://www.oracle.com/security-alerts/oracle-open-source-cves-outside-other-oracle-public-documents.html" }, { "type": "WEB", "url": "https://github.com/oracle/opengrok/pull/3528" } ], "schema_version": "1.7.0", "summary": "opengrok -- Easily exploitable vulnerability allows low privileged attacker with network access via HTTPS to compromise OpenGrok." }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "mediawiki135" }, "ranges": [ { "events": [ { "fixed": "1.35.5" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "mediawiki136" }, "ranges": [ { "events": [ { "fixed": "1.36.3" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "mediawiki137" }, "ranges": [ { "events": [ { "fixed": "1.37.1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://lists.wikimedia.org/hyperkitty/list/mediawiki-announce@lists.wikimedia.org/message/QEN3EK4JXAVJMJ5GF3GYOAKNJPEKFQYA/" ], "discovery": "2021-12-01T00:00:00Z", "references": { "cvename": [ "CVE-2021-44854", "CVE-2021-44856", "CVE-2021-44857", "CVE-2021-44858", "CVE-2021-45038", "CVE-2021-44855" ] }, "vid": "0a50bb48-625f-11ec-a1fb-080027cb2f6f" }, "details": "Mediawiki reports:\n\n> (T292763. CVE-2021-44854) REST API incorrectly publicly caches\n> autocomplete search results from private wikis.\n>\n> (T271037, CVE-2021-44856) Title blocked in AbuseFilter can be created\n> via Special:ChangeContentModel.\n>\n> (T297322, CVE-2021-44857) Unauthorized users can use action=mcrundo to\n> replace the content of arbitrary pages.\n>\n> (T297322, CVE-2021-44858) Unauthorized users can view contents of\n> private wikis using various actions.\n>\n> (T297574, CVE-2021-45038) Unauthorized users can access private wiki\n> contents using rollback action\n>\n> (T293589, CVE-2021-44855) Blind Stored XSS in VisualEditor media\n> dialog.\n>\n> (T294686) Special:Nuke doesn\\'t actually delete pages.\n", "id": "FreeBSD-2021-0305", "modified": "2021-12-21T00:00:00Z", "published": "2021-12-21T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://lists.wikimedia.org/hyperkitty/list/mediawiki-announce@lists.wikimedia.org/message/QEN3EK4JXAVJMJ5GF3GYOAKNJPEKFQYA/" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-44854" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-44856" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-44857" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-44858" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-45038" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-44855" }, { "type": "WEB", "url": "https://lists.wikimedia.org/hyperkitty/list/mediawiki-announce@lists.wikimedia.org/message/QEN3EK4JXAVJMJ5GF3GYOAKNJPEKFQYA/" } ], "schema_version": "1.7.0", "summary": "mediawiki -- multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "graylog" }, "ranges": [ { "events": [ { "fixed": "4.2.4" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://logging.apache.org/log4j/2.x/security.html" ], "discovery": "2021-11-14T00:00:00Z", "references": { "cvename": [ "CVE-2021-45046" ] }, "vid": "650734b2-7665-4170-9a0a-eeced5e10a5e" }, "details": "Apache Software Foundation reports:\n\n> It was found that the fix to address CVE-2021-44228 in Apache Log4j\n> 2.15.0 was incomplete in certain non-default configurations. This\n> could allows attackers with control over Thread Context Map (MDC)\n> input data when the logging configuration uses a non-default Pattern\n> Layout with either a Context Lookup (for example, \\$\\${ctx:loginId})\n> or a Thread Context Map pattern (%X, %mdc, or %MDC) to craft malicious\n> input data using a JNDI Lookup pattern resulting in a denial of\n> service (DOS) attack. Log4j 2.15.0 makes a best-effort attempt to\n> restrict JNDI LDAP lookups to localhost by default. Log4j 2.16.0 fixes\n> this issue by removing support for message lookup patterns and\n> disabling JNDI functionality by default.\n", "id": "FreeBSD-2021-0304", "modified": "2021-12-17T00:00:00Z", "published": "2021-12-17T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://logging.apache.org/log4j/2.x/security.html" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-45046" }, { "type": "WEB", "url": "https://github.com/Graylog2/graylog2-server/commit/d3e441f" }, { "type": "WEB", "url": "https://github.com/Graylog2/graylog2-server/commit/dd24b85" }, { "type": "WEB", "url": "https://logging.apache.org/log4j/2.x/security.html" } ], "schema_version": "1.7.0", "summary": "graylog -- remote code execution in log4j from user-controlled log input" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "apache24" }, "ranges": [ { "events": [ { "fixed": "2.4.52" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://httpd.apache.org/security/vulnerabilities_24.html" ], "discovery": "2021-12-20T00:00:00Z", "references": { "cvename": [ "CVE-2021-44224", "CVE-2021-44790" ] }, "vid": "ca982e2d-61a9-11ec-8be6-d4c9ef517024" }, "details": "The Apache httpd project reports:\n\n> moderate: Possible NULL dereference or SSRF in forward proxy\n> configurations in Apache HTTP Server 2.4.51 and earlier\n> (CVE-2021-44224)\\\n> A crafted URI sent to httpd configured as a forward proxy\n> (ProxyRequests on) can cause a crash (NULL pointer dereference) or,\n> for configurations mixing forward and reverse proxy declarations, can\n> allow for requests to be directed to a declared Unix Domain Socket\n> endpoint (Server Side Request Forgery).\n>\n> high: Possible buffer overflow when parsing multipart content in\n> mod_lua of Apache HTTP Server 2.4.51 and earlier (CVE-2021-44790)\\\n> A carefully crafted request body can cause a buffer overflow in the\n> mod_lua multipart parser (r:parsebody() called from Lua scripts).\n", "id": "FreeBSD-2021-0303", "modified": "2021-12-20T00:00:00Z", "published": "2021-12-20T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://httpd.apache.org/security/vulnerabilities_24.html" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-44224" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-44790" }, { "type": "WEB", "url": "https://httpd.apache.org/security/vulnerabilities_24.html" } ], "schema_version": "1.7.0", "summary": "Apache httpd -- Multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "serviio" }, "ranges": [ { "events": [ { "fixed": "2.2.1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://serviio.org/news/124-version-2-2-1-released" ], "discovery": "2021-12-13T00:00:00Z", "references": { "cvename": [ "CVE-2021-44228" ] }, "vid": "1ea05bb8-5d74-11ec-bb1e-001517a2e1a4" }, "details": "Serviio reports:\n\n> Serviio is affectred by the log4j vulnerability.\n", "id": "FreeBSD-2021-0302", "modified": "2021-12-15T00:00:00Z", "published": "2021-12-15T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://serviio.org/news/124-version-2-2-1-released" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-44228" } ], "schema_version": "1.7.0", "summary": "serviio -- affected by log4j vulnerability" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "dropbear" }, "ranges": [ { "events": [ { "fixed": "3.0.33" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://lists.privoxy.org/pipermail/privoxy-announce/2021-December/000009.html" ], "discovery": "2021-12-09T00:00:00Z", "references": { "cvename": [ "CVE-2021-44540", "CVE-2021-44541", "CVE-2021-44542", "CVE-2021-44543" ] }, "vid": "897e1962-5d5a-11ec-a3ed-040e3c3cf7e7" }, "details": "Privoxy reports:\n\n> cgi_error_no_template(): Encode the template name to prevent XSS\n> (cross-site scripting) when Privoxy is configured to servce the\n> user-manual itself.\n>\n> Commit 0e668e9409c. OVE-20211102-0001. CVE-2021-44543. Reported by:\n> Artem Ivanov\n>\n> get_url_spec_param(): Free memory of compiled pattern spec before\n> bailing. Reported by Joshua Rogers (Opera) who also provided the fix.\n> Commit 652b4b7cb0. OVE-20211201-0003. CVE-2021-44540.\n>\n> process_encrypted_request_headers(): Free header memory when failing\n> to get the request destination. Reported by Joshua Rogers (Opera) who\n> also provided the fix. Commit 0509c58045. OVE-20211201-0002.\n> CVE-2021-44541.\n>\n> send_http_request(): Prevent memory leaks when handling errors\n> Reported by Joshua Rogers (Opera) who also provided the fix. Commit\n> c48d1d6d08. OVE-20211201-0001. CVE-2021-44542.\n", "id": "FreeBSD-2021-0301", "modified": "2021-12-15T00:00:00Z", "published": "2021-12-15T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://lists.privoxy.org/pipermail/privoxy-announce/2021-December/000009.html" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-44540" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-44541" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-44542" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-44543" }, { "type": "WEB", "url": "https://lists.privoxy.org/pipermail/privoxy-announce/2021-December/000009.html" } ], "schema_version": "1.7.0", "summary": "Privoxy -- Multiple vulnerabilities (memory leak, XSS)" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "openssl-devel" }, "ranges": [ { "events": [ { "fixed": "3.0.1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://www.openssl.org/news/secadv/20211214.txt" ], "discovery": "2021-12-14T00:00:00Z", "references": { "cvename": [ "CVE-2021-4044" ] }, "vid": "0132ca5b-5d11-11ec-8be6-d4c9ef517024" }, "details": "The OpenSSL project reports:\n\n> Invalid handling of X509_verify_cert() internal errors in libssl\n> (Moderate)\n>\n> Internally libssl in OpenSSL calls X509_verify_cert() on the client\n> side to verify a certificate supplied by a server. That function may\n> return a negative return value to indicate an internal error (for\n> example out of memory). Such a negative return value is mishandled by\n> OpenSSL and will cause an IO function (such as SSL_connect() or\n> SSL_do_handshake()) to not indicate success and a subsequent call to\n> SSL_get_error() to return the value SSL_ERROR_WANT_RETRY_VERIFY. This\n> return value is only supposed to be returned by OpenSSL if the\n> application has previously called SSL_CTX_set_cert_verify_callback().\n> Since most applications do not do this the SSL_ERROR_WANT_RETRY_VERIFY\n> return value from SSL_get_error() will be totally unexpected and\n> applications may not behave correctly as a result. The exact behaviour\n> will depend on the application but it could result in crashes,\n> infinite loops or other similar incorrect responses.\n", "id": "FreeBSD-2021-0300", "modified": "2021-12-14T00:00:00Z", "published": "2021-12-14T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://www.openssl.org/news/secadv/20211214.txt" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-4044" }, { "type": "WEB", "url": "https://www.openssl.org/news/secadv/20211214.txt" } ], "schema_version": "1.7.0", "summary": "OpenSSL -- Certificate validation issue" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "bastillion" }, "ranges": [ { "events": [ { "fixed": "3.10.00_1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "discovery": "2021-12-10T00:00:00Z", "references": { "cvename": [ "CVE-2021-44228" ] }, "vid": "515df85a-5cd7-11ec-a16d-001517a2e1a4" }, "details": "FreeBSD port maintainer reports:\n\n> Bastillion uses log4j.\n", "id": "FreeBSD-2021-0299", "modified": "2021-12-14T00:00:00Z", "published": "2021-12-14T00:00:00Z", "references": [ { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-44228" } ], "schema_version": "1.7.0", "summary": "bastillion -- log4j vulnerability" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "chromium" }, "ranges": [ { "events": [ { "fixed": "96.0.4664.110" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://chromereleases.googleblog.com/2021/12/stable-channel-update-for-desktop_13.html" ], "discovery": "2021-12-13T00:00:00Z", "references": { "cvename": [ "CVE-2021-4098", "CVE-2021-4099", "CVE-2021-4100", "CVE-2021-4101", "CVE-2021-4102" ] }, "vid": "fb9ba490-5cc4-11ec-aac7-3065ec8fd3ec" }, "details": "Chrome Releases reports:\n\n> This release contains 5 security fixes, including:\n>\n> - \\[1263457\\] Critical CVE-2021-4098: Insufficient data validation in\n> Mojo. Reported by Sergei Glazunov of Google Project Zero on\n> 2021-10-26\n> - \\[1270658\\] High CVE-2021-4099: Use after free in Swiftshader.\n> Reported by Aki Helin of Solita on 2021-11-16\n> - \\[1272068\\] High CVE-2021-4100: Object lifecycle issue in ANGLE.\n> Reported by Aki Helin of Solita on 2021-11-19\n> - \\[1262080\\] High CVE-2021-4101: Heap buffer overflow in Swiftshader.\n> Reported by Abraruddin Khan and Omair on 2021-10-21\n> - \\[1278387\\] High CVE-2021-4102: Use after free in V8. Reported by\n> Anonymous on 2021-12-09\n", "id": "FreeBSD-2021-0298", "modified": "2021-12-14T00:00:00Z", "published": "2021-12-14T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://chromereleases.googleblog.com/2021/12/stable-channel-update-for-desktop_13.html" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-4098" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-4099" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-4100" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-4101" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-4102" }, { "type": "WEB", "url": "https://chromereleases.googleblog.com/2021/12/stable-channel-update-for-desktop_13.html" } ], "schema_version": "1.7.0", "summary": "chromium -- multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "cinny" }, "ranges": [ { "events": [ { "fixed": "1.6.0" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "element-web" }, "ranges": [ { "events": [ { "fixed": "1.9.7" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://matrix.org/blog/2021/12/13/disclosure-buffer-overflow-in-libolm-and-matrix-js-sdk" ], "discovery": "2021-12-03T00:00:00Z", "vid": "0dcf68fa-5c31-11ec-875e-901b0e9408dc" }, "details": "Matrix developers report:\n\n> Today we are releasing security updates to libolm, matrix-js-sdk, and\n> several clients including Element Web / Desktop. Users are encouraged\n> to upgrade as soon as possible.\n>\n> These releases mitigate a buffer overflow in olm_session_describe, a\n> libolm debugging function used by matrix-js-sdk in its end-to-end\n> encryption (E2EE) implementation. If you rely on matrix-js-sdk for\n> E2EE, you are affected.\n", "id": "FreeBSD-2021-0297", "modified": "2021-12-13T00:00:00Z", "published": "2021-12-13T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://matrix.org/blog/2021/12/13/disclosure-buffer-overflow-in-libolm-and-matrix-js-sdk" }, { "type": "WEB", "url": "https://matrix.org/blog/2021/12/13/disclosure-buffer-overflow-in-libolm-and-matrix-js-sdk" } ], "schema_version": "1.7.0", "summary": "Matrix clients -- several vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "openhab2" }, "ranges": [ { "events": [ { "last_affected": "2.5.12" }, { "fixed": "2.5.12" }, { "introduced": "0" } ], "type": "ECOSYSTEM" }, { "events": [ { "fixed": "3.1.1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "openhab" }, "ranges": [ { "events": [ { "last_affected": "2.5.12" }, { "fixed": "2.5.12" }, { "introduced": "0" } ], "type": "ECOSYSTEM" }, { "events": [ { "fixed": "3.1.1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://github.com/openhab/openhab-distro/security/advisories/GHSA-j99j-qp89-pcfq" ], "discovery": "2021-12-10T00:00:00Z", "references": { "cvename": [ "CVE-2021-44228" ] }, "vid": "93a1c9a7-5bef-11ec-a47a-001517a2e1a4" }, "details": "Openhab reports:\n\n> Any openHAB instance that is publicly available or which consumes\n> untrusted content from remote servers is potentially a target of this\n> attack.\n", "id": "FreeBSD-2021-0296", "modified": "2021-12-13T00:00:00Z", "published": "2021-12-13T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://github.com/openhab/openhab-distro/security/advisories/GHSA-j99j-qp89-pcfq" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-44228" }, { "type": "WEB", "url": "https://github.com/openhab/openhab-distro/security/advisories/GHSA-j99j-qp89-pcfq" }, { "type": "WEB", "url": "https://github.com/ops4j/org.ops4j.pax.logging/security/advisories/GHSA-xxfh-x98p-j8fr" }, { "type": "ADVISORY", "url": "https://github.com/advisories/GHSA-jfh8-c2jp-5v3q" } ], "schema_version": "1.7.0", "summary": "openhab -- log4j remote code injection" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "apache-solr" }, "ranges": [ { "events": [ { "fixed": "8.11.1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://solr.apache.org/security.html" ], "discovery": "2021-12-10T00:00:00Z", "vid": "66cf7c43-5be3-11ec-a587-001b217b3468" }, "details": "Solr reports:\n\n> Apache Solr affected by Apache Log4J\n", "id": "FreeBSD-2021-0295", "modified": "2021-12-13T00:00:00Z", "published": "2021-12-13T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://solr.apache.org/security.html" }, { "type": "WEB", "url": "https://solr.apache.org/security.html" } ], "schema_version": "1.7.0", "summary": "Solr -- Apache Log4J" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "opensearch" }, "ranges": [ { "events": [ { "fixed": "1.2.1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://opensearch.org/blog/releases/2021/12/update-to-1-2-1/" ], "discovery": "2021-12-11T00:00:00Z", "references": { "cvename": [ "CVE-2021-44228" ] }, "vid": "4b1ac5a3-5bd4-11ec-8602-589cfc007716" }, "details": "OpenSearch reports:\n\n> A [recently\n> published](https://www.lunasec.io/docs/blog/log4j-zero-day/) security\n> issue\n> ([CVE-2021-44228](https://nvd.nist.gov/vuln/detail/CVE-2021-44228))\n> affects several versions of the broadly-used [Apache\n> Log4j](https://logging.apache.org/log4j/2.x/) library. Some software\n> in the OpenSearch project includes versions of Log4j referenced in\n> this CVE. While, at time of writing, the team has not found a\n> reproduceable example in OpenSearch of remote code execution (RCE)\n> described in this issue, its severity is such that all users should\n> take mitigation measures. As recommended by the advisory, the team has\n> released OpenSearch 1.2.1, which updates Log4j to version 2.15.0. For\n> those who cannot upgrade to 1.2.1, the [Log4j website outlines\n> additional measures to mitigate the\n> issue](https://logging.apache.org/log4j/2.x/). This patch release also\n> addresses\n> [CVE-2021-4352](https://alas.aws.amazon.com/AL2/ALAS-2021-1722.html)\n> in the OpenSearch Docker distributions..\n", "id": "FreeBSD-2021-0294", "modified": "2021-12-13T00:00:00Z", "published": "2021-12-13T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://opensearch.org/blog/releases/2021/12/update-to-1-2-1/" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-44228" }, { "type": "WEB", "url": "https://opensearch.org/blog/releases/2021/12/update-to-1-2-1/" } ], "schema_version": "1.7.0", "summary": "OpenSearch -- Log4Shell" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "grafana" }, "ranges": [ { "events": [ { "introduced": "8.0.0" }, { "fixed": "8.3.2" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "grafana8" }, "ranges": [ { "events": [ { "introduced": "8.0.0" }, { "fixed": "8.3.2" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://github.com/grafana/grafana/security/advisories/GHSA-7533-c8qv-jm9m" ], "discovery": "2021-12-09T00:00:00Z", "references": { "cvename": [ "CVE-2021-43815" ] }, "vid": "c2a7de31-5b42-11ec-8398-6c3be5272acd" }, "details": "GitHub Security Labs reports:\n\n> A vulnerability through which authenticated users could read out fully\n> lowercase or fully uppercase `.md` files through directory traversal.\n> Doing our own follow-up investigation we found a related vulnerability\n> through which authenticated users could read out arbitrary `.csv`\n> files through directory traversal. Thanks to our defense-in-depth\n> approach, at no time has [Grafana Cloud](https://grafana.com/cloud)\n> been vulnerable.\n>\n> **The vulnerable URL path is:** `/api/ds/query`\n", "id": "FreeBSD-2021-0293", "modified": "2021-12-12T00:00:00Z", "published": "2021-12-12T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://github.com/grafana/grafana/security/advisories/GHSA-7533-c8qv-jm9m" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-43815" }, { "type": "WEB", "url": "https://grafana.com/blog/2021/12/10/grafana-8.3.2-and-7.5.12-released-with-moderate-severity-security-fix/" } ], "schema_version": "1.7.0", "summary": "Grafana -- Directory Traversal" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "grafana" }, "ranges": [ { "events": [ { "introduced": "5.0.0" }, { "fixed": "7.5.12" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "8.0.0" }, { "fixed": "8.3.2" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "grafana6" }, "ranges": [ { "events": [ { "introduced": "6.0.0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "grafana7" }, "ranges": [ { "events": [ { "introduced": "7.0.0" }, { "fixed": "7.5.12" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "grafana8" }, "ranges": [ { "events": [ { "introduced": "8.0.0" }, { "fixed": "8.3.2" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://github.com/grafana/grafana/security/advisories/GHSA-c3q8-26ph-9g2q" ], "discovery": "2021-12-09T00:00:00Z", "references": { "cvename": [ "CVE-2021-43813" ] }, "vid": "a994ff7d-5b3f-11ec-8398-6c3be5272acd" }, "details": "GitHub Security Labs reports:\n\n> A vulnerability through which authenticated users could read out fully\n> lowercase or fully uppercase `.md` files through directory traversal.\n> Doing our own follow-up investigation we found a related vulnerability\n> through which authenticated users could read out arbitrary `.csv`\n> files through directory traversal. Thanks to our defense-in-depth\n> approach, at no time has [Grafana Cloud](https://grafana.com/cloud)\n> been vulnerable.\n>\n> **The vulnerable URL path is:** `/api/plugins/.*/markdown/.*` for\n> `.md` files\n", "id": "FreeBSD-2021-0292", "modified": "2021-12-12T00:00:00Z", "published": "2021-12-12T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://github.com/grafana/grafana/security/advisories/GHSA-c3q8-26ph-9g2q" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-43813" }, { "type": "WEB", "url": "https://grafana.com/blog/2021/12/10/grafana-8.3.2-and-7.5.12-released-with-moderate-severity-security-fix/" } ], "schema_version": "1.7.0", "summary": "Grafana -- Directory Traversal" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "grafana8" }, "ranges": [ { "events": [ { "introduced": "8.0.0" }, { "fixed": "8.0.7" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "8.1.0" }, { "fixed": "8.1.8" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "8.2.0" }, { "fixed": "8.2.7" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "8.3.0" }, { "fixed": "8.3.1" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "grafana" }, "ranges": [ { "events": [ { "introduced": "8.0.0" }, { "fixed": "8.0.7" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "8.1.0" }, { "fixed": "8.1.8" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "8.2.0" }, { "fixed": "8.2.7" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "8.3.0" }, { "fixed": "8.3.1" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://grafana.com/blog/2021/12/07/grafana-8.3.1-8.2.7-8.1.8-and-8.0.7-released-with-high-severity-security-fix/" ], "discovery": "2021-12-03T00:00:00Z", "references": { "cvename": [ "CVE-2021-43798" ] }, "vid": "e33880ed-5802-11ec-8398-6c3be5272acd" }, "details": "Grafana Labs reports:\n\n> Grafana is vulnerable to directory traversal, allowing access to local\n> files. We have confirmed this for versions v8.0.0-beta1 to v8.3.0.\n> Thanks to our defense-in-depth approach, at no time has [Grafana\n> Cloud](https://grafana.com/cloud/?pg=blog) been vulnerable.\n>\n> **The vulnerable URL path is:**\n> \\*/public/plugins/\\<\"plugin-id\"\\>* where\n> *\\<\"plugin-id\"\\>* is the plugin ID for any installed plugin.\n>\n> Every Grafana instance comes with pre-installed plugins like the\n> Prometheus plugin or MySQL plugin so the following URLs are vulnerable\n> for every instance:\n>\n> - \\/public/plugins/alertlist/\n> - \\/public/plugins/annolist/\n> - \\/public/plugins/barchart/\n> - \\/public/plugins/bargauge/\n> - \\/public/plugins/candlestick/\n> - \\/public/plugins/cloudwatch/\n> - \\/public/plugins/dashlist/\n> - \\/public/plugins/elasticsearch/\n> - \\/public/plugins/gauge/\n> - \\/public/plugins/geomap/\n> - \\/public/plugins/gettingstarted/\n> - \\/public/plugins/grafana-azure-monitor-datasource/\n> - \\/public/plugins/graph/\n> - \\/public/plugins/heatmap/\n> - \\/public/plugins/histogram/\n> - \\/public/plugins/influxdb/\n> - \\/public/plugins/jaeger/\n> - \\/public/plugins/logs/\n> - \\/public/plugins/loki/\n> - \\/public/plugins/mssql/\n> - \\/public/plugins/mysql/\n> - \\/public/plugins/news/\n> - \\/public/plugins/nodeGraph/\n> - \\/public/plugins/opentsdb\n> - \\/public/plugins/piechart/\n> - \\/public/plugins/pluginlist/\n> - \\/public/plugins/postgres/\n> - \\/public/plugins/prometheus/\n> - \\/public/plugins/stackdriver/\n> - \\/public/plugins/stat/\n> - \\/public/plugins/state-timeline/\n> - \\/public/plugins/status-history/\n> - \\/public/plugins/table/\n> - \\/public/plugins/table-old/\n> - \\/public/plugins/tempo/\n> - \\/public/plugins/testdata/\n> - \\/public/plugins/text/\n> - \\/public/plugins/timeseries/\n> - \\/public/plugins/welcome/\n> - \\/public/plugins/zipkin/\n", "id": "FreeBSD-2021-0291", "modified": "2021-12-11T00:00:00Z", "published": "2021-12-11T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://grafana.com/blog/2021/12/07/grafana-8.3.1-8.2.7-8.1.8-and-8.0.7-released-with-high-severity-security-fix/" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-43798" }, { "type": "WEB", "url": "https://grafana.com/blog/2021/12/07/grafana-8.3.1-8.2.7-8.1.8-and-8.0.7-released-with-high-severity-security-fix/" } ], "schema_version": "1.7.0", "summary": "Grafana -- Path Traversal" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "grafana8" }, "ranges": [ { "events": [ { "introduced": "8.0.0" }, { "fixed": "8.2.4" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "grafana" }, "ranges": [ { "events": [ { "introduced": "8.0.0" }, { "fixed": "8.2.4" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://grafana.com/blog/2021/11/15/grafana-8.2.4-released-with-security-fixes/" ], "discovery": "2021-11-02T00:00:00Z", "references": { "cvename": [ "CVE-2021-41244" ] }, "vid": "99bff2bd-4852-11ec-a828-6c3be5272acd" }, "details": "Grafana Labs reports:\n\n> When the fine-grained access control beta feature is enabled and there\n> is more than one organization in the Grafana instance, Grafana 8.0\n> introduced a mechanism which allowed users with the Organization Admin\n> role to list, add, remove, and update users' roles in other\n> organizations in which they are not an admin.\n", "id": "FreeBSD-2021-0290", "modified": "2021-12-11T00:00:00Z", "published": "2021-12-11T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://grafana.com/blog/2021/11/15/grafana-8.2.4-released-with-security-fixes/" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-41244" }, { "type": "WEB", "url": "https://grafana.com/blog/2021/11/15/grafana-8.2.4-released-with-security-fixes/" } ], "schema_version": "1.7.0", "summary": "Grafana -- Incorrect Access Control" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "grafana8" }, "ranges": [ { "events": [ { "introduced": "8.0.0" }, { "fixed": "8.2.3" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "grafana" }, "ranges": [ { "events": [ { "introduced": "8.0.0" }, { "fixed": "8.2.3" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://grafana.com/blog/2021/11/03/grafana-8.2.3-released-with-medium-severity-security-fix-cve-2021-41174-grafana-xss/" ], "discovery": "2021-10-21T00:00:00Z", "references": { "cvename": [ "CVE-2021-41174" ] }, "vid": "4b478274-47a0-11ec-bd24-6c3be5272acd" }, "details": "Grafana Labs reports:\n\n> If an attacker is able to convince a victim to visit a URL referencing\n> a vulnerable page, arbitrary JavaScript content may be executed within\n> the context of the victim's browser.\n>\n> The user visiting the malicious link must be unauthenticated, and the\n> link must be for a page that contains the login button in the menu\n> bar.\n>\n> There are two ways an unauthenticated user can open a page in Grafana\n> that contains the login button:\n>\n> - Anonymous authentication is enabled. This means all pages in Grafana\n> would be open for the attack.\n> - The link is to an unauthenticated page. The following pages are\n> vulnerable:\n> - `/dashboard-solo/snapshot/*`\n> - `/dashboard/snapshot/*`\n> - `/invite/:code`\n>\n> The url has to be crafted to exploit AngularJS rendering and contain\n> the interpolation binding for AngularJS expressions. AngularJS uses\n> double curly braces for interpolation binding: `{{ }}`\n>\n> An example of an expression would be:\n> `{{constructor.constructor(\u2018alert(1)\u2019)()}}`. This can be included in\n> the link URL like this:\n>\n> \n>\n> When the user follows the link and the page renders, the login button\n> will contain the original link with a query parameter to force a\n> redirect to the login page. The URL is not validated, and the\n> AngularJS rendering engine will execute the JavaScript expression\n> contained in the URL.\n", "id": "FreeBSD-2021-0289", "modified": "2021-12-11T00:00:00Z", "published": "2021-12-11T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://grafana.com/blog/2021/11/03/grafana-8.2.3-released-with-medium-severity-security-fix-cve-2021-41174-grafana-xss/" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-41174" }, { "type": "WEB", "url": "https://grafana.com/blog/2021/11/03/grafana-8.2.3-released-with-medium-severity-security-fix-cve-2021-41174-grafana-xss/" } ], "schema_version": "1.7.0", "summary": "Grafana -- XSS" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "p7zip" }, "ranges": [ { "events": [ { "fixed": "18.05" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://nvd.nist.gov/vuln/detail/CVE-2018-10115" ], "discovery": "2018-05-02T00:00:00Z", "references": { "cvename": [ "CVE-2018-10115" ] }, "vid": "942fff11-5ac4-11ec-89ea-c85b76ce9b5a" }, "details": "NVD reports:\n\n> Incorrect initialization logic of RAR decoder objects in 7-Zip 18.03\n> and before can lead to usage of uninitialized memory, allowing remote\n> attackers to cause a denial of service (segmentation fault) or execute\n> arbitrary code via a crafted RAR archive.\n", "id": "FreeBSD-2021-0288", "modified": "2021-12-11T00:00:00Z", "published": "2021-12-11T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-10115" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-10115" }, { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-10115" } ], "schema_version": "1.7.0", "summary": "p7zip -- usage of uninitialized memory" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "graylog" }, "ranges": [ { "events": [ { "fixed": "4.2.3" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://logging.apache.org/log4j/2.x/security.html" ], "discovery": "2021-12-10T00:00:00Z", "references": { "cvename": [ "CVE-2021-44228" ] }, "vid": "3fadd7e4-f8fb-45a0-a218-8fd6423c338f" }, "details": "Apache Software Foundation repos:\n\n> Apache Log4j2 JNDI features do not protect against attacker controlled\n> LDAP and other JNDI related endpoints. An attacker who can control log\n> messages or paramters can execute arbitrary code from\n> attacker-controller LDAP servers when message lookup substitution is\n> enabled.\n", "id": "FreeBSD-2021-0287", "modified": "2021-12-11T00:00:00Z", "published": "2021-12-11T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://logging.apache.org/log4j/2.x/security.html" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-44228" }, { "type": "WEB", "url": "https://github.com/Graylog2/graylog2-server/commit/d3e441f1126f0dc292e986879039a87c59375b2a" }, { "type": "WEB", "url": "https://logging.apache.org/log4j/2.x/security.html" } ], "schema_version": "1.7.0", "summary": "graylog -- include log4j patches" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "go" }, "ranges": [ { "events": [ { "fixed": "1.17.5,1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://github.com/golang/go/issues/50058", "https://github.com/golang/go/issues/50057" ], "discovery": "2021-12-08T00:00:00Z", "references": { "cvename": [ "CVE-2021-44716", "CVE-2021-44717" ] }, "vid": "720505fe-593f-11ec-9ba8-002324b2fba8" }, "details": "The Go project reports:\n\n> net/http: limit growth of header canonicalization cache. An attacker\n> can cause unbounded memory growth in a Go server accepting HTTP/2\n> requests.\n\n> syscall: don't close fd 0 on ForkExec error. When a Go program running\n> on a Unix system is out of file descriptors and calls syscall.ForkExec\n> (including indirectly by using the os/exec package), syscall.ForkExec\n> can close file descriptor 0 as it fails. If this happens (or can be\n> provoked) repeatedly, it can result in misdirected I/O such as writing\n> network traffic intended for one connection to a different connection,\n> or content intended for one file to a different one.\n", "id": "FreeBSD-2021-0286", "modified": "2021-12-09T00:00:00Z", "published": "2021-12-09T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://github.com/golang/go/issues/50058" }, { "type": "REPORT", "url": "https://github.com/golang/go/issues/50057" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-44716" }, { "type": "WEB", "url": "https://github.com/golang/go/issues/50058" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-44717" }, { "type": "WEB", "url": "https://github.com/golang/go/issues/50057" } ], "schema_version": "1.7.0", "summary": "go -- multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "chromium" }, "ranges": [ { "events": [ { "fixed": "96.0.4664.93" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://chromereleases.googleblog.com/2021/12/stable-channel-update-for-desktop.html" ], "discovery": "2021-12-06T00:00:00Z", "references": { "cvename": [ "CVE-2021-4052", "CVE-2021-4053", "CVE-2021-4054", "CVE-2021-4055", "CVE-2021-4056", "CVE-2021-4057", "CVE-2021-4058", "CVE-2021-4059", "CVE-2021-4061", "CVE-2021-4062", "CVE-2021-4063", "CVE-2021-4064", "CVE-2021-4065", "CVE-2021-4066", "CVE-2021-4067", "CVE-2021-4068", "CVE-2021-4078", "CVE-2021-4079" ] }, "vid": "18ac074c-579f-11ec-aac7-3065ec8fd3ec" }, "details": "Chrome Releases reports:\n\n> This release contains 22 security fixes, including:\n>\n> - \\[1267661\\] High CVE-2021-4052: Use after free in web apps. Reported\n> by Wei Yuan of MoyunSec VLab on 2021-11-07\n> - \\[1267791\\] High CVE-2021-4053: Use after free in UI. Reported by\n> Rox on 2021-11-08\n> - \\[1265806\\] High CVE-2021-4079: Out of bounds write in WebRTC.\n> Reported by Brendon Tiszka on 2021-11-01\n> - \\[1239760\\] High CVE-2021-4054: Incorrect security UI in autofill.\n> Reported by Alesandro Ortiz on 2021-08-13\n> - \\[1268738\\] High CVE-2021-4078: Type confusion in V8. Reported by\n> Nan Wang (@eternalsakura13) and Guang Gong of 360 Alpha Lab on\n> 2021-11-09\n> - \\[1266510\\] High CVE-2021-4055: Heap buffer overflow in extensions.\n> Reported by Chen Rong on 2021-11-03\n> - \\[1260939\\] High CVE-2021-4056: Type Confusion in loader. Reported\n> by \\@\\_\\_R0ng of 360 Alpha Lab on 2021-10-18\n> - \\[1262183\\] High CVE-2021-4057: Use after free in file API. Reported\n> by Sergei Glazunov of Google Project Zero on 2021-10-21\n> - \\[1267496\\] High CVE-2021-4058: Heap buffer overflow in ANGLE.\n> Reported by Abraruddin Khan and Omair on 2021-11-06\n> - \\[1270990\\] High CVE-2021-4059: Insufficient data validation in\n> loader. Reported by Luan Herrera (@lbherrera\\_) on 2021-11-17\n> - \\[1271456\\] High CVE-2021-4061: Type Confusion in V8. Reported by\n> Paolo Severini on 2021-11-18\n> - \\[1272403\\] High CVE-2021-4062: Heap buffer overflow in BFCache.\n> Reported by Leecraso and Guang Gong of 360 Alpha Lab on 2021-11-22\n> - \\[1273176\\] High CVE-2021-4063: Use after free in developer tools.\n> Reported by Abdulrahman Alqabandi, Microsoft Browser Vulnerability\n> Research on 2021-11-23\n> - \\[1273197\\] High CVE-2021-4064: Use after free in screen capture.\n> Reported by \\@ginggilBesel on 2021-11-23\n> - \\[1273674\\] High CVE-2021-4065: Use after free in autofill. Reported\n> by 5n1p3r0010 on 2021-11-25\n> - \\[1274499\\] High CVE-2021-4066: Integer underflow in ANGLE. Reported\n> by Jaehun Jeong(@n3sk) of Theori on 2021-11-29\n> - \\[1274641\\] High CVE-2021-4067: Use after free in window manager.\n> Reported by \\@ginggilBesel on 2021-11-29\n> - \\[1265197\\] Low CVE-2021-4068: Insufficient validation of untrusted\n> input in new tab page. Reported by NDevTK on 2021-10-31\n", "id": "FreeBSD-2021-0285", "modified": "2021-12-07T00:00:00Z", "published": "2021-12-07T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://chromereleases.googleblog.com/2021/12/stable-channel-update-for-desktop.html" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-4052" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-4053" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-4054" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-4055" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-4056" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-4057" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-4058" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-4059" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-4061" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-4062" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-4063" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-4064" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-4065" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-4066" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-4067" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-4068" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-4078" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-4079" }, { "type": "WEB", "url": "https://chromereleases.googleblog.com/2021/12/stable-channel-update-for-desktop.html" } ], "schema_version": "1.7.0", "summary": "chromium -- multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "gitlab-ce" }, "ranges": [ { "events": [ { "introduced": "14.5.0" }, { "fixed": "14.5.2" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "14.4.0" }, { "fixed": "14.4.4" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "0" }, { "fixed": "14.3.6" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://about.gitlab.com/releases/2021/12/06/security-release-gitlab-14-5-2-released/" ], "discovery": "2021-12-06T00:00:00Z", "references": { "cvename": [ "CVE-2021-39944", "CVE-2021-39935", "CVE-2021-39937", "CVE-2021-39915", "CVE-2021-39919", "CVE-2021-39930", "CVE-2021-39940", "CVE-2021-39932", "CVE-2021-39933", "CVE-2021-39934", "CVE-2021-39917", "CVE-2021-39916", "CVE-2021-39941", "CVE-2021-39936", "CVE-2021-39938", "CVE-2021-39918", "CVE-2021-39931", "CVE-2021-39945", "CVE-2021-39910" ] }, "vid": "b299417a-5725-11ec-a587-001b217b3468" }, "details": "Gitlab reports:\n\n> Group members with developer role can escalate their privilege to\n> maintainer on projects that they import\n>\n> When user registration is limited, external users that aren\\'t\n> developers shouldn\\'t have access to the CI Lint API\n>\n> Collision in access memoization leads to potential elevated privileges\n> on groups and projects\n>\n> Project access token names are returned for unauthenticated requesters\n>\n> Sensitive info disclosure in logs\n>\n> Disclosure of a user\\'s custom project and group templates\n>\n> ReDoS in Maven package version\n>\n> Potential denial of service via the Diff feature\n>\n> Regular Expression Denial of Service via user comments\n>\n> Service desk email accessible by any project member\n>\n> Regular Expression Denial of Service via quick actions\n>\n> IDOR in \\\"external status check\\\" API leaks data about any status\n> check on the instance\n>\n> Default branch name visible in public projects restricting access to\n> the source code repository\n>\n> Deploy token allows access to disabled project Wiki\n>\n> Regular Expression Denial of Service via deploy Slash commands\n>\n> Users can reply to Vulnerability Report discussions despite Only\n> Project Members settings\n>\n> Unauthorised deletion of protected branches\n>\n> Author can approve Merge Request after having access revoked\n>\n> HTML Injection via Swagger UI\n", "id": "FreeBSD-2021-0284", "modified": "2021-12-07T00:00:00Z", "published": "2021-12-07T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://about.gitlab.com/releases/2021/12/06/security-release-gitlab-14-5-2-released/" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-39944" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-39935" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-39937" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-39915" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-39919" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-39930" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-39940" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-39932" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-39933" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-39934" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-39917" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-39916" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-39941" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-39936" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-39938" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-39918" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-39931" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-39945" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-39910" }, { "type": "WEB", "url": "https://about.gitlab.com/releases/2021/12/06/security-release-gitlab-14-5-2-released/" } ], "schema_version": "1.7.0", "summary": "Gitlab -- Multiple Vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "nss" }, "ranges": [ { "events": [ { "fixed": "3.73" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://www.mozilla.org/en-US/security/advisories/mfsa2021-51/" ], "discovery": "2021-12-01T00:00:00Z", "references": { "cvename": [ "CVE-2021-43527" ] }, "vid": "47695a9c-5377-11ec-8be6-d4c9ef517024" }, "details": "The Mozilla project reports:\n\n> Memory corruption in NSS via DER-encoded DSA and RSA-PSS signatures\n> (Critical)\n>\n> NSS (Network Security Services) versions prior to 3.73 or 3.68.1 ESR\n> are vulnerable to a heap overflow when handling DER-encoded DSA or\n> RSA-PSS signatures. Applications using NSS for handling signatures\n> encoded within CMS, S/MIME, PKCS #7, or PKCS #12 are likely to be\n> impacted. Applications using NSS for certificate validation or other\n> TLS, X.509, OCSP or CRL functionality may be impacted, depending on\n> how they configure NSS.\n", "id": "FreeBSD-2021-0283", "modified": "2021-12-02T00:00:00Z", "published": "2021-12-02T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2021-51/" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-43527" }, { "type": "WEB", "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2021-51/" } ], "schema_version": "1.7.0", "summary": "NSS -- Memory corruption" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "mailman" }, "ranges": [ { "events": [ { "fixed": "2.1.38" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "mailman-exim4" }, "ranges": [ { "events": [ { "fixed": "2.1.38" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "mailman-exim4-with-htdig" }, "ranges": [ { "events": [ { "fixed": "2.1.38" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "mailman-postfix" }, "ranges": [ { "events": [ { "fixed": "2.1.38" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "mailman-postfix-with-htdig" }, "ranges": [ { "events": [ { "fixed": "2.1.38" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "mailman-with-htdig" }, "ranges": [ { "events": [ { "fixed": "2.1.38" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://bugs.launchpad.net/mailman/+bug/1952384" ], "discovery": "2021-11-25T00:00:00Z", "references": { "cvename": [ "CVE-2021-44227" ] }, "vid": "0d6efbe3-52d9-11ec-9472-e3667ed6088e" }, "details": "Mark Sapiro reports:\n\n> A list moderator or list member can potentially carry out a CSRF\n> attack by getting a list admin to visit a crafted web page.\n", "id": "FreeBSD-2021-0282", "modified": "2021-12-01T00:00:00Z", "published": "2021-12-01T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://bugs.launchpad.net/mailman/+bug/1952384" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-44227" }, { "type": "WEB", "url": "https://bugs.launchpad.net/mailman/+bug/1952384" }, { "type": "WEB", "url": "https://www.mail-archive.com/mailman-users@python.org/msg73979.html" } ], "schema_version": "1.7.0", "summary": "mailman < 2.1.38 -- CSRF vulnerability of list mod or member against list admin page" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "ruby" }, "ranges": [ { "events": [ { "introduced": "2.6.0,1" }, { "fixed": "2.6.9,1" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "2.7.0,1" }, { "fixed": "2.7.5,1" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "3.0.0,1" }, { "fixed": "3.0.3,1" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "ruby26" }, "ranges": [ { "events": [ { "introduced": "2.6.0,1" }, { "fixed": "2.6.9,1" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "ruby27" }, "ranges": [ { "events": [ { "introduced": "2.7.0,1" }, { "fixed": "2.7.5,1" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "ruby30" }, "ranges": [ { "events": [ { "introduced": "3.0.0,1" }, { "fixed": "3.0.3,1" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "rubygem-cgi" }, "ranges": [ { "events": [ { "fixed": "0.3.1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://www.ruby-lang.org/en/news/2021/11/24/cookie-prefix-spoofing-in-cgi-cookie-parse-cve-2021-41819/" ], "discovery": "2021-11-24T00:00:00Z", "references": { "cvename": [ "CVE-2021-41819" ] }, "vid": "4548ec97-4d38-11ec-a539-0800270512f4" }, "details": "ooooooo_q reports:\n\n> The old versions of `CGI::Cookie.parse` applied URL decoding to cookie\n> names. An attacker could exploit this vulnerability to spoof security\n> prefixes in cookie names, which may be able to trick a vulnerable\n> application.\n>\n> By this fix, `CGI::Cookie.parse` no longer decodes cookie names. Note\n> that this is an incompatibility if cookie names that you are using\n> include non-alphanumeric characters that are URL-encoded.\n", "id": "FreeBSD-2021-0281", "modified": "2021-11-24T00:00:00Z", "published": "2021-11-24T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://www.ruby-lang.org/en/news/2021/11/24/cookie-prefix-spoofing-in-cgi-cookie-parse-cve-2021-41819/" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-41819" }, { "type": "WEB", "url": "https://www.ruby-lang.org/en/news/2021/11/24/cookie-prefix-spoofing-in-cgi-cookie-parse-cve-2021-41819/" } ], "schema_version": "1.7.0", "summary": "rubygem-cgi -- cookie prefix spoofing in CGI::Cookie.parse" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "ruby" }, "ranges": [ { "events": [ { "introduced": "2.7.0,1" }, { "fixed": "2.7.5,1" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "3.0.0,1" }, { "fixed": "3.0.3,1" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "ruby27" }, "ranges": [ { "events": [ { "introduced": "2.7.0,1" }, { "fixed": "2.7.5,1" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "ruby30" }, "ranges": [ { "events": [ { "introduced": "3.0.0,1" }, { "fixed": "3.0.3,1" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "rubygem-cgi" }, "ranges": [ { "events": [ { "fixed": "0.3.1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://www.ruby-lang.org/en/news/2021/11/24/buffer-overrun-in-cgi-escape_html-cve-2021-41816/" ], "discovery": "2021-11-24T00:00:00Z", "references": { "cvename": [ "CVE-2021-41816" ] }, "vid": "2c6af5c3-4d36-11ec-a539-0800270512f4" }, "details": "chamal reports:\n\n> A security vulnerability that causes buffer overflow when you pass a\n> very large string (\\> 700 MB) to `CGI.escape_html` on a platform where\n> `long` type takes 4 bytes, typically, Windows.\n", "id": "FreeBSD-2021-0280", "modified": "2021-11-24T00:00:00Z", "published": "2021-11-24T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://www.ruby-lang.org/en/news/2021/11/24/buffer-overrun-in-cgi-escape_html-cve-2021-41816/" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-41816" }, { "type": "WEB", "url": "https://www.ruby-lang.org/en/news/2021/11/24/buffer-overrun-in-cgi-escape_html-cve-2021-41816/" } ], "schema_version": "1.7.0", "summary": "rubygem-cgi -- buffer overrun in CGI.escape_html" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "py36-matrix-synapse" }, "ranges": [ { "events": [ { "fixed": "1.47.1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "py37-matrix-synapse" }, "ranges": [ { "events": [ { "fixed": "1.47.1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "py38-matrix-synapse" }, "ranges": [ { "events": [ { "fixed": "1.47.1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "py39-matrix-synapse" }, "ranges": [ { "events": [ { "fixed": "1.47.1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "py310-matrix-synapse" }, "ranges": [ { "events": [ { "fixed": "1.47.1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://matrix.org/blog/2021/11/23/synapse-1-47-1-released" ], "discovery": "2021-11-18T00:00:00Z", "references": { "cvename": [ "CVE-2021-41281" ], "freebsdpr": [ "ports/259994" ] }, "vid": "27aa2253-4c72-11ec-b6b9-e86a64caca56" }, "details": "Matrix developers report:\n\n> This release patches one high severity issue affecting Synapse\n> installations 1.47.0 and earlier using the media repository. An\n> attacker could cause these Synapses to download a remote file and\n> store it in a directory outside the media repository.\n>\n> Note that:\n>\n> - This only affects homeservers using Synapse\\'s built-in media\n> repository, as opposed to synapse-s3-storage-provider or\n> matrix-media-repo.\n> - Attackers cannot control the exact name or destination of the stored\n> file.\n", "id": "FreeBSD-2021-0279", "modified": "2021-11-23T00:00:00Z", "published": "2021-11-23T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://matrix.org/blog/2021/11/23/synapse-1-47-1-released" }, { "type": "REPORT", "url": "https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=259994" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-41281" }, { "type": "WEB", "url": "https://matrix.org/blog/2021/11/23/synapse-1-47-1-released" } ], "schema_version": "1.7.0", "summary": "py-matrix-synapse -- several vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "advancecomp" }, "ranges": [ { "events": [ { "fixed": "2.1.6" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=889270" ], "discovery": "2018-07-29T00:00:00Z", "references": { "cvename": [ "CVE-2018-1056", "CVE-2019-8379", "CVE-2019-8383", "CVE-2019-9210" ] }, "vid": "0bf816f6-3cfe-11ec-86cd-dca632b19f10" }, "details": "Joonun Jang reports:\n\n> heap buffer overflow running advzip with \\\"-l poc\\\" option\n>\n> Running \\'advzip -l poc\\' with the attached file raises heap buffer\n> overflow which may allow a remote attacker to cause unspecified impact\n> including denial-of-service attack. I expected the program to\n> terminate without segfault, but the program crashes as follow.\n> \\[\\...\\]\n\nand other vulnerabilities.\n", "id": "FreeBSD-2021-0278", "modified": "2021-11-19T00:00:00Z", "published": "2021-11-19T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=889270" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-1056" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-8379" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-8383" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-9210" } ], "schema_version": "1.7.0", "summary": "advancecomp -- multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "chromium" }, "ranges": [ { "events": [ { "fixed": "96.0.4664.45" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://chromereleases.googleblog.com/2021/11/stable-channel-update-for-desktop.html" ], "discovery": "2021-11-15T00:00:00Z", "references": { "cvename": [ "CVE-2021-38005", "CVE-2021-38006", "CVE-2021-38007", "CVE-2021-38008", "CVE-2021-38009", "CVE-2021-38010", "CVE-2021-38011", "CVE-2021-38012", "CVE-2021-38013", "CVE-2021-38014", "CVE-2021-38015", "CVE-2021-38016", "CVE-2021-38017", "CVE-2021-38018", "CVE-2021-38019", "CVE-2021-38020", "CVE-2021-38021", "CVE-2021-38022" ] }, "vid": "b8c0cbca-472d-11ec-83dc-3065ec8fd3ec" }, "details": "Chrome Releases reports:\n\n> This release contains 25 security fixes, including:\n>\n> - \\[1263620\\] High CVE-2021-38008: Use after free in media. Reported\n> by Marcin Towalski of Cisco Talos on 2021-10-26\n> - \\[1260649\\] High CVE-2021-38009: Inappropriate implementation in\n> cache. Reported by Luan Herrera (@lbherrera\\_) on 2021-10-16\n> - \\[1240593\\] High CVE-2021-38006: Use after free in storage\n> foundation. Reported by Sergei Glazunov of Google Project Zero on\n> 2021-08-17\n> - \\[1254189\\] High CVE-2021-38007: Type Confusion in V8. Reported by\n> Polaris Feng and SGFvamll at Singular Security Lab on 2021-09-29\n> - \\[1241091\\] High CVE-2021-38005: Use after free in loader. Reported\n> by Sergei Glazunov of Google Project Zero on 2021-08-18\n> - \\[1264477\\] High CVE-2021-38010: Inappropriate implementation in\n> service workers. Reported by Sergei Glazunov of Google Project Zero\n> on 2021-10-28\n> - \\[1268274\\] High CVE-2021-38011: Use after free in storage\n> foundation. Reported by Sergei Glazunov of Google Project Zero on\n> 2021-11-09\n> - \\[1262791\\] Medium CVE-2021-38012: Type Confusion in V8. Reported by\n> Yonghwi Jin (@jinmo123) on 2021-10-24\n> - \\[1242392\\] Medium CVE-2021-38013: Heap buffer overflow in\n> fingerprint recognition. Reported by raven (@raid_akame) on\n> 2021-08-23\n> - \\[1248567\\] Medium CVE-2021-38014: Out of bounds write in\n> Swiftshader. Reported by Atte Kettunen of OUSPG on 2021-09-10\n> - \\[957553\\] Medium CVE-2021-38015: Inappropriate implementation in\n> input. Reported by David Erceg on 2019-04-29\n> - \\[1244289\\] Medium CVE-2021-38016: Insufficient policy enforcement\n> in background fetch. Reported by Maurice Dauer on 2021-08-28\n> - \\[1256822\\] Medium CVE-2021-38017: Insufficient policy enforcement\n> in iframe sandbox. Reported by NDevTK on 2021-10-05\n> - \\[1197889\\] Medium CVE-2021-38018: Inappropriate implementation in\n> navigation. Reported by Alesandro Ortiz on 2021-04-11\n> - \\[1251179\\] Medium CVE-2021-38019: Insufficient policy enforcement\n> in CORS. Reported by Maurice Dauer on 2021-09-20\n> - \\[1259694\\] Medium CVE-2021-38020: Insufficient policy enforcement\n> in contacts picker. Reported by Luan Herrera (@lbherrera\\_) on\n> 2021-10-13\n> - \\[1233375\\] Medium CVE-2021-38021: Inappropriate implementation in\n> referrer. Reported by Prakash (@1lastBr3ath) and Jun Kokatsu on\n> 2021-07-27\n> - \\[1248862\\] Low CVE-2021-38022: Inappropriate implementation in\n> WebAuthentication. Reported by Michal Kepkowski on 2021-09-13\n", "id": "FreeBSD-2021-0277", "modified": "2021-11-16T00:00:00Z", "published": "2021-11-16T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://chromereleases.googleblog.com/2021/11/stable-channel-update-for-desktop.html" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-38005" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-38006" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-38007" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-38008" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-38009" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-38010" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-38011" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-38012" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-38013" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-38014" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-38015" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-38016" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-38017" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-38018" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-38019" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-38020" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-38021" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-38022" }, { "type": "WEB", "url": "https://chromereleases.googleblog.com/2021/11/stable-channel-update-for-desktop.html" } ], "schema_version": "1.7.0", "summary": "chromium -- multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "ruby" }, "ranges": [ { "events": [ { "introduced": "2.6.0,1" }, { "fixed": "2.6.9,1" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "2.7.0,1" }, { "fixed": "2.7.5,1" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "3.0.0,1" }, { "fixed": "3.0.3,1" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "ruby26" }, "ranges": [ { "events": [ { "introduced": "2.6.0,1" }, { "fixed": "2.6.9,1" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "ruby27" }, "ranges": [ { "events": [ { "introduced": "2.7.0,1" }, { "fixed": "2.7.5,1" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "ruby30" }, "ranges": [ { "events": [ { "introduced": "3.0.0,1" }, { "fixed": "3.0.3,1" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "rubygem-date" }, "ranges": [ { "events": [ { "fixed": "3.2.1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://www.ruby-lang.org/en/news/2021/11/15/date-parsing-method-regexp-dos-cve-2021-41817/" ], "discovery": "2021-11-15T00:00:00Z", "references": { "cvename": [ "CVE-2021-41817" ] }, "vid": "6916ea94-4628-11ec-bbe2-0800270512f4" }, "details": "Stanislav Valkanov reports:\n\n> Date\\'s parsing methods including `Date.parse` are using Regexps\n> internally, some of which are vulnerable against regular expression\n> denial of service. Applications and libraries that apply such methods\n> to untrusted input may be affected.\n", "id": "FreeBSD-2021-0276", "modified": "2021-11-24T00:00:00Z", "published": "2021-11-15T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://www.ruby-lang.org/en/news/2021/11/15/date-parsing-method-regexp-dos-cve-2021-41817/" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-41817" }, { "type": "WEB", "url": "https://www.ruby-lang.org/en/news/2021/11/15/date-parsing-method-regexp-dos-cve-2021-41817/" } ], "schema_version": "1.7.0", "summary": "rubygem-date -- Regular Expression Denial of Service Vunlerability of Date Parsing Methods" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "roundcube" }, "ranges": [ { "events": [ { "fixed": "1.4.12,1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://roundcube.net/news/2021/11/12/security-updates-1.4.12-and-1.3.17-released" ], "discovery": "2021-11-12T00:00:00Z", "vid": "42a4d82d-4603-11ec-8be6-d4c9ef517024" }, "details": "The Roundcube project reports:\n\n> XSS issue in handling attachment filename extension in mimetype\n> mismatch warning\n>\n> possible SQL injection via some session variables\n", "id": "FreeBSD-2021-0275", "modified": "2021-11-15T00:00:00Z", "published": "2021-11-15T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://roundcube.net/news/2021/11/12/security-updates-1.4.12-and-1.3.17-released" }, { "type": "WEB", "url": "https://roundcube.net/news/2021/11/12/security-updates-1.4.12-and-1.3.17-released" } ], "schema_version": "1.7.0", "summary": "Roundcube -- Multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "mailman" }, "ranges": [ { "events": [ { "fixed": "2.1.37" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "mailman-exim4" }, "ranges": [ { "events": [ { "fixed": "2.1.37" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "mailman-exim4-with-htdig" }, "ranges": [ { "events": [ { "fixed": "2.1.37" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "mailman-postfix" }, "ranges": [ { "events": [ { "fixed": "2.1.37" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "mailman-postfix-with-htdig" }, "ranges": [ { "events": [ { "fixed": "2.1.37" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "mailman-with-htdig" }, "ranges": [ { "events": [ { "fixed": "2.1.37" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://bazaar.launchpad.net/~mailman-coders/mailman/2.1/view/1879/NEWS#L8" ], "discovery": "2021-11-01T00:00:00Z", "references": { "cvename": [ "CVE-2021-43331", "CVE-2021-43332" ] }, "vid": "9d7a2b54-4468-11ec-8532-0d24c37c72c8" }, "details": "Mark Sapiro reports:\n\n> A potential XSS attack via the user options page has been reported by\n> Harsh Jaiswal. This is fixed. CVE-2021-43331 (LP: #1949401).\n>\n> A potential for for a list moderator to carry out an off-line brute\n> force attack to obtain the list admin password has been reported by\n> Andre Protas, Richard Cloke and Andy Nuttall of Apple. This is fixed.\n> CVE-2021-43332 (LP: #1949403)\n", "id": "FreeBSD-2021-0274", "modified": "2021-11-13T00:00:00Z", "published": "2021-11-13T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://bazaar.launchpad.net/~mailman-coders/mailman/2.1/view/1879/NEWS#L8" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-43331" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-43332" }, { "type": "WEB", "url": "https://bazaar.launchpad.net/~mailman-coders/mailman/2.1/view/1879/NEWS#L8" }, { "type": "WEB", "url": "https://bugs.launchpad.net/mailman/+bug/1949401" }, { "type": "WEB", "url": "https://bugs.launchpad.net/mailman/+bug/1949403" } ], "schema_version": "1.7.0", "summary": "mailman -- 2.1.37 fixes XSS via user options, and moderator offline brute-force vuln against list admin password" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "postgresql14-server" }, "ranges": [ { "events": [ { "fixed": "14.1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "postgresql13-server" }, "ranges": [ { "events": [ { "fixed": "13.5" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "postgresql12-server" }, "ranges": [ { "events": [ { "fixed": "12.9" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "postgresql11-server" }, "ranges": [ { "events": [ { "fixed": "11.14" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "postgresql10-server" }, "ranges": [ { "events": [ { "fixed": "10.19" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "postgresql96-server" }, "ranges": [ { "events": [ { "fixed": "9.6.24" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://www.postgresql.org/about/news/postgresql-141-135-129-1114-1019-and-9624-released-2349/" ], "discovery": "2021-11-08T00:00:00Z", "references": { "cvename": [ "CVE-2021-23214", "CVE-2021-23222" ] }, "vid": "2ccd71bd-426b-11ec-87db-6cc21735f730" }, "details": "The PostgreSQL Project reports:\n\n> CVE-2021-23214: A man-in-the-middle with the ability to inject data\n> into the TCP connection could stuff some cleartext data into the start\n> of a supposedly encryption-protected database session. This could be\n> abused to send faked SQL commands to the server, although that would\n> only work if the server did not demand any authentication data.\n> (However, a server relying on SSL certificate authentication might\n> well not do so.)\n>\n> CVE-2021-23222: A man-in-the-middle with the ability to inject data\n> into the TCP connection could stuff some cleartext data into the start\n> of a supposedly encryption-protected database session. This could\n> probably be abused to inject faked responses to the client\\'s first\n> few queries, although other details of libpq\\'s behavior make that\n> harder than it sounds. A different line of attack is to exfiltrate the\n> client\\'s password, or other sensitive data that might be sent early\n> in the session. That has been shown to be possible with a server\n> vulnerable to CVE-2021-23214.\n", "id": "FreeBSD-2021-0273", "modified": "2021-11-10T00:00:00Z", "published": "2021-11-10T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://www.postgresql.org/about/news/postgresql-141-135-129-1114-1019-and-9624-released-2349/" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-23214" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-23222" } ], "schema_version": "1.7.0", "summary": "PostgreSQL -- Possible man-in-the-middle attacks" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "puppet6" }, "ranges": [ { "events": [ { "fixed": "6.25.1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "puppet7" }, "ranges": [ { "events": [ { "fixed": "7.12.1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://puppet.com/security/cve/cve-2021-27025" ], "discovery": "2021-11-09T00:00:00Z", "references": { "cvename": [ "CVE-2021-27025" ] }, "vid": "bfea59e0-41ee-11ec-9bac-589cfc007716" }, "details": "Puppet reports:\n\n> A flaw was discovered in Puppet Agent where the agent may silently\n> ignore Augeas settings or may be vulnerable to a Denial of Service\n> condition prior to the first pluginsync.\n", "id": "FreeBSD-2021-0272", "modified": "2021-11-10T00:00:00Z", "published": "2021-11-10T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://puppet.com/security/cve/cve-2021-27025" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-27025" }, { "type": "WEB", "url": "https://puppet.com/security/cve/cve-2021-27025" } ], "schema_version": "1.7.0", "summary": "puppet -- Silent Configuration Failure" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "puppet6" }, "ranges": [ { "events": [ { "fixed": "6.25.1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "puppet7" }, "ranges": [ { "events": [ { "fixed": "7.12.1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "puppetserver6" }, "ranges": [ { "events": [ { "fixed": "6.17.1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "puppetserver7" }, "ranges": [ { "events": [ { "fixed": "7.4.2" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://puppet.com/security/cve/cve-2021-27023" ], "discovery": "2021-11-09T00:00:00Z", "references": { "cvename": [ "CVE-2021-27023" ] }, "vid": "3bd3c9f8-41ee-11ec-9bac-589cfc007716" }, "details": "Puppet reports:\n\n> A flaw was discovered in Puppet Agent and Puppet Server that may\n> result in a leak of HTTP credentials when following HTTP redirects to\n> a different host. This is similar to CVE-2018-1000007.\n", "id": "FreeBSD-2021-0271", "modified": "2021-11-10T00:00:00Z", "published": "2021-11-10T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://puppet.com/security/cve/cve-2021-27023" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-27023" }, { "type": "WEB", "url": "https://puppet.com/security/cve/cve-2021-27023" } ], "schema_version": "1.7.0", "summary": "puppet -- Unsafe HTTP Redirect" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "samba413" }, "ranges": [ { "events": [ { "fixed": "4.13.14" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "samba414" }, "ranges": [ { "events": [ { "fixed": "4.14.10" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "samba415" }, "ranges": [ { "events": [ { "fixed": "4.15.2" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://www.samba.org/samba/history/security.html" ], "discovery": "2021-11-10T00:00:00Z", "references": { "cvename": [ "CVE-2020-25717", "CVE-2020-25718", "CVE-2020-25719", "CVE-2020-25721", "CVE-2020-25722", "CVE-2016-2124", "CVE-2021-3738", "CVE-2021-23192" ] }, "vid": "646923b0-41c7-11ec-a3b2-005056a311d1" }, "details": "The Samba Team reports:\n\n> - CVE-2020-25717: A user in an AD Domain could become root on domain\n> members.\n> - CVE-2020-25718: Samba AD DC did not correctly sandbox Kerberos\n> tickets issued by an RODC.\n> - CVE-2020-25719: Samba AD DC did not always rely on the SID and PAC\n> in Kerberos tickets.\n> - CVE-2020-25721: Kerberos acceptors need easy access to stable AD\n> identifiers (eg objectSid).\n> - CVE-2020-25722: Samba AD DC did not do sufficient access and\n> conformance checking of data stored.\n> - CVE-2016-2124: SMB1 client connections can be downgraded to\n> plaintext authentication.\n> - CVE-2021-3738: Use after free in Samba AD DC RPC server.\n> - CVE-2021-23192: Subsequent DCE/RPC fragment injection vulnerability.\n", "id": "FreeBSD-2021-0270", "modified": "2021-11-10T00:00:00Z", "published": "2021-11-10T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://www.samba.org/samba/history/security.html" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-25717" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-25718" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-25719" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-25721" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-25722" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2016-2124" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-3738" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-23192" }, { "type": "WEB", "url": "https://www.samba.org/samba/security/CVE-2020-25717.html" }, { "type": "WEB", "url": "https://www.samba.org/samba/security/CVE-2020-25718.html" }, { "type": "WEB", "url": "https://www.samba.org/samba/security/CVE-2020-25719.html" }, { "type": "WEB", "url": "https://www.samba.org/samba/security/CVE-2020-25721.html" }, { "type": "WEB", "url": "https://www.samba.org/samba/security/CVE-2020-25722.html" }, { "type": "WEB", "url": "https://www.samba.org/samba/security/CVE-2016-2124.html" }, { "type": "WEB", "url": "https://www.samba.org/samba/security/CVE-2021-3738.html" }, { "type": "WEB", "url": "https://www.samba.org/samba/security/CVE-2021-23192.html" } ], "schema_version": "1.7.0", "summary": "samba -- Multiple Vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "py36-pyrad" }, "ranges": [ { "events": [ { "fixed": "2.1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "py37-pyrad" }, "ranges": [ { "events": [ { "fixed": "2.1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "py38-pyrad" }, "ranges": [ { "events": [ { "fixed": "2.1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "py39-pyrad" }, "ranges": [ { "events": [ { "fixed": "2.1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "py310-pyrad" }, "ranges": [ { "events": [ { "fixed": "2.1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://bugzilla.redhat.com/show_bug.cgi?id=911682", "https://bugzilla.redhat.com/show_bug.cgi?id=911685" ], "discovery": "2013-01-15T00:00:00Z", "references": { "cvename": [ "CVE-2013-0294", "CVE-2013-0342" ] }, "vid": "17702e54-3da0-11ec-b7e0-3085a9a95629" }, "details": "Nathaniel McCallum reports:\n\n> packet.py in pyrad before 2.1 uses weak random numbers to generate\n> RADIUS authenticators and hash passwords, which makes it easier for\n> remote attackers to obtain sensitive information via a brute force\n> attack.\n\n> The CreateID function in packet.py in pyrad before 2.1 uses sequential\n> packet IDs, which makes it easier for remote attackers to spoof\n> packets by predicting the next ID, a different vulnerability than\n> CVE-2013-0294.\n", "id": "FreeBSD-2021-0269", "modified": "2021-11-05T00:00:00Z", "published": "2021-11-05T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=911682" }, { "type": "REPORT", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=911685" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2013-0294" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2013-0342" }, { "type": "REPORT", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=911682" }, { "type": "REPORT", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=911685" } ], "schema_version": "1.7.0", "summary": "pyrad -- multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "go" }, "ranges": [ { "events": [ { "fixed": "1.17.3,1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://github.com/golang/go/issues/48990", "https://github.com/golang/go/issues/48085" ], "discovery": "2021-11-04T00:00:00Z", "references": { "cvename": [ "CVE-2021-41771", "CVE-2021-41772" ] }, "vid": "930def19-3e05-11ec-9ba8-002324b2fba8" }, "details": "The Go project reports:\n\n> debug/macho fails out when loading a file that contains a dynamic\n> symbol table command that indicates a larger number of symbols than\n> exist in the loaded symbol table.\n\n> Previously, opening a zip with (\\*Reader).Open could result in a panic\n> if the zip contained a file whose name was exclusively made up of\n> slash characters or \\\"..\\\" path elements. Open could also panic if\n> passed the empty string directly as an argument.\n", "id": "FreeBSD-2021-0268", "modified": "2021-11-05T00:00:00Z", "published": "2021-11-05T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://github.com/golang/go/issues/48990" }, { "type": "REPORT", "url": "https://github.com/golang/go/issues/48085" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-41771" }, { "type": "WEB", "url": "https://github.com/golang/go/issues/48990" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-41772" }, { "type": "WEB", "url": "https://github.com/golang/go/issues/48085" } ], "schema_version": "1.7.0", "summary": "go -- multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "jenkins" }, "ranges": [ { "events": [ { "fixed": "2.319" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "jenkins-lts" }, "ranges": [ { "events": [ { "fixed": "2.303.3" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://www.jenkins.io/security/advisory/2021-11-04/" ], "discovery": "2021-11-04T00:00:00Z", "references": { "cvename": [ "CVE-2021-21685", "CVE-2021-21686", "CVE-2021-21687", "CVE-2021-21688", "CVE-2021-21689", "CVE-2021-21690", "CVE-2021-21691", "CVE-2021-21692", "CVE-2021-21693", "CVE-2021-21694", "CVE-2021-21695", "CVE-2021-21696", "CVE-2021-21697", "CVE-2021-21698" ] }, "vid": "2bf56269-90f8-4a82-b82f-c0e289f2a0dc" }, "details": "Jenkins Security Advisory:\n\n> # Description\n>\n> ##### (Critical) SECURITY-2455 / CVE-2021-21685, CVE-2021-21686, CVE-2021-21687, CVE-2021-21688, CVE-2021-21689, CVE-2021-21690, CVE-2021-21691, CVE-2021-21692, CVE-2021-21693, CVE-2021-21694, CVE-2021-21695\n>\n> Multiple vulnerabilities allow bypassing path filtering of\n> agent-to-controller access control\n>\n> ##### (High) SECURITY-2423 / CVE-2021-21696\n>\n> Agent-to-controller access control allowed writing to sensitive\n> directory used by Pipeline: Shared Groovy Libraries Plugin\n>\n> ##### (High) SECURITY-2428 / CVE-2021-21697\n>\n> Agent-to-controller access control allows reading/writing most content\n> of build directories\n>\n> ##### (Medium) SECURITY-2506 / CVE-2021-21698\n>\n> Path traversal vulnerability in Subversion Plugin allows reading\n> arbitrary files\n", "id": "FreeBSD-2021-0267", "modified": "2021-11-04T00:00:00Z", "published": "2021-11-04T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://www.jenkins.io/security/advisory/2021-11-04/" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-21685" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-21686" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-21687" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-21688" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-21689" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-21690" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-21691" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-21692" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-21693" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-21694" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-21695" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-21696" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-21697" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-21698" }, { "type": "WEB", "url": "https://www.jenkins.io/security/advisory/2021-11-04/" } ], "schema_version": "1.7.0", "summary": "jenkins -- multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "gitea" }, "ranges": [ { "events": [ { "fixed": "1.15.5" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://blog.gitea.io/2021/10/gitea-1.15.5-is-released/" ], "discovery": "2021-10-21T00:00:00Z", "references": { "freebsdpr": [ "ports/259548" ] }, "vid": "df794e5d-3975-11ec-84e8-0800273f11ea" }, "details": "The Gitea Team reports for release 1.15.5:\n\n> - Upgrade Bluemonday to v1.0.16 (#17372) (#17374)\n> - Ensure correct SSH permissions check for private and restricted\n> users (#17370) (#17373)\n", "id": "FreeBSD-2021-0266", "modified": "2021-11-04T00:00:00Z", "published": "2021-11-04T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://blog.gitea.io/2021/10/gitea-1.15.5-is-released/" }, { "type": "WEB", "url": "https://github.com/go-gitea/gitea/releases/tag/v1.15.5" }, { "type": "REPORT", "url": "https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=259548" } ], "schema_version": "1.7.0", "summary": "gitea -- multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "gitlab-ce" }, "ranges": [ { "events": [ { "introduced": "14.4.0" }, { "fixed": "14.4.1" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "14.3.0" }, { "fixed": "14.3.4" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "0" }, { "fixed": "14.2.6" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://about.gitlab.com/releases/2021/10/28/security-release-gitlab-14-4-1-released/" ], "discovery": "2021-10-28T00:00:00Z", "references": { "cvename": [ "CVE-2021-39906", "CVE-2021-39895", "CVE-2021-39907", "CVE-2021-39904", "CVE-2021-39905", "CVE-2021-39902", "CVE-2021-39913", "CVE-2021-39912", "CVE-2021-39909", "CVE-2021-39903", "CVE-2021-39898", "CVE-2021-39901", "CVE-2021-39897", "CVE-2021-39914", "CVE-2021-39911" ] }, "vid": "33557582-3958-11ec-90ba-001b217b3468" }, "details": "Gitlab reports:\n\n> Stored XSS via ipynb files\n>\n> Pipeline schedules on imported projects can be set to automatically\n> active after import\n>\n> Potential Denial of service via Workhorse\n>\n> Improper Access Control allows Merge Request creator to bypass locked\n> status\n>\n> Projects API discloses ID and name of private groups\n>\n> Severity of an incident can be changed by a guest user\n>\n> System root password accidentally written to log file\n>\n> Potential DoS via a malformed TIFF image\n>\n> Bypass of CODEOWNERS Merge Request approval requirement\n>\n> Change project visibility to a restricted option\n>\n> Project exports leak external webhook token value\n>\n> SCIM token is visible after creation\n>\n> Invited group members, with access inherited from parent group,\n> continue to have project access even after invited subgroup is\n> transfered\n>\n> Regular expression denial of service issue when cleaning namespace\n> path\n>\n> Prevent creation of scopeless apps using applications API\n>\n> Webhook data exposes assignee\\'s private email address\n", "id": "FreeBSD-2021-0265", "modified": "2021-10-30T00:00:00Z", "published": "2021-10-30T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://about.gitlab.com/releases/2021/10/28/security-release-gitlab-14-4-1-released/" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-39906" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-39895" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-39907" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-39904" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-39905" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-39902" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-39913" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-39912" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-39909" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-39903" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-39898" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-39901" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-39897" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-39914" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-39911" }, { "type": "WEB", "url": "https://about.gitlab.com/releases/2021/10/28/security-release-gitlab-14-4-1-released/" } ], "schema_version": "1.7.0", "summary": "Gitlab -- Multiple Vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "chromium" }, "ranges": [ { "events": [ { "fixed": "95.0.4638.69" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://chromereleases.googleblog.com/2021/10/stable-channel-update-for-desktop_28.html" ], "discovery": "2021-10-28T00:00:00Z", "references": { "cvename": [ "CVE-2021-37997", "CVE-2021-37998", "CVE-2021-37999", "CVE-2021-38000", "CVE-2021-38001", "CVE-2021-38002", "CVE-2021-38003" ] }, "vid": "976d7bf9-38ea-11ec-b3b0-3065ec8fd3ec" }, "details": "Chrome Releases reports:\n\n> This release contains 8 security fixes, including:\n>\n> - \\[1259864\\] High CVE-2021-37997 : Use after free in Sign-In.\n> Reported by Wei Yuan of MoyunSec VLab on 2021-10-14\n> - \\[1259587\\] High CVE-2021-37998 : Use after free in Garbage\n> Collection. Reported by Cassidy Kim of Amber Security Lab, OPPO\n> Mobile Telecommunications Corp. Ltd. on 2021-10-13\n> - \\[1251541\\] High CVE-2021-37999 : Insufficient data validation in\n> New Tab Page. Reported by Ashish Arun Dhone on 2021-09-21\n> - \\[1249962\\] High CVE-2021-38000 : Insufficient validation of\n> untrusted input in Intents. Reported by Clement Lecigne, Neel Mehta,\n> and Maddie Stone of Google Threat Analysis Group on 2021-09-15\n> - \\[1260577\\] High CVE-2021-38001 : Type Confusion in V8. Reported by\n> \\@s0rrymybad of Kunlun Lab via Tianfu Cup on 2021-10-16\n> - \\[1260940\\] High CVE-2021-38002 : Use after free in Web Transport.\n> Reported by \\@\\_\\_R0ng of 360 Alpha Lab, ? via Tianfu Cup on\n> 2021-10-16\n> - \\[1263462\\] High CVE-2021-38003 : Inappropriate implementation in\n> V8. Reported by Cl\u00e9ment Lecigne from Google TAG and Samuel Gross\n> from Google Project Zero on 2021-10-26\n>\n> Google is aware that exploits for CVE-2021-38000 and CVE-2021-38003\n> exist in the wild.\n", "id": "FreeBSD-2021-0264", "modified": "2021-10-29T00:00:00Z", "published": "2021-10-29T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://chromereleases.googleblog.com/2021/10/stable-channel-update-for-desktop_28.html" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-37997" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-37998" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-37999" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-38000" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-38001" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-38002" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-38003" }, { "type": "WEB", "url": "https://chromereleases.googleblog.com/2021/10/stable-channel-update-for-desktop_28.html" } ], "schema_version": "1.7.0", "summary": "chromium -- multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "py36-fail2ban" }, "ranges": [ { "events": [ { "fixed": "0.11.2_3" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "py37-fail2ban" }, "ranges": [ { "events": [ { "fixed": "0.11.2_3" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "py38-fail2ban" }, "ranges": [ { "events": [ { "fixed": "0.11.2_3" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "py39-fail2ban" }, "ranges": [ { "events": [ { "fixed": "0.11.2_3" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "py310-fail2ban" }, "ranges": [ { "events": [ { "fixed": "0.11.2_3" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://github.com/fail2ban/fail2ban/security/advisories/GHSA-m985-3f3v-cwmm" ], "discovery": "2021-07-16T00:00:00Z", "references": { "cvename": [ "CVE-2021-32749" ] }, "vid": "c848059a-318b-11ec-aa15-0800270512f4" }, "details": "Jakub \u017boczek reports:\n\n> Command `mail` from mailutils package used in mail actions like\n> `mail-whois` can execute command if unescaped sequences (`\\n~`) are\n> available in \\\"foreign\\\" input (for instance in whois output).\n", "id": "FreeBSD-2021-0263", "modified": "2021-10-28T00:00:00Z", "published": "2021-10-28T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://github.com/fail2ban/fail2ban/security/advisories/GHSA-m985-3f3v-cwmm" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-32749" }, { "type": "WEB", "url": "https://github.com/fail2ban/fail2ban/security/advisories/GHSA-m985-3f3v-cwmm" } ], "schema_version": "1.7.0", "summary": "fail2ban -- possible RCE vulnerability in mailing action using mailutils" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "grafana8" }, "ranges": [ { "events": [ { "introduced": "8.0.0" }, { "fixed": "8.1.6" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "2.0.1" }, { "fixed": "7.5.11" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "grafana7" }, "ranges": [ { "events": [ { "introduced": "8.0.0" }, { "fixed": "8.1.6" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "2.0.1" }, { "fixed": "7.5.11" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "grafana6" }, "ranges": [ { "events": [ { "introduced": "8.0.0" }, { "fixed": "8.1.6" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "2.0.1" }, { "fixed": "7.5.11" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "grafana" }, "ranges": [ { "events": [ { "introduced": "8.0.0" }, { "fixed": "8.1.6" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "2.0.1" }, { "fixed": "7.5.11" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://grafana.com/blog/2021/10/05/grafana-7.5.11-and-8.1.6-released-with-critical-security-fix/" ], "discovery": "2021-09-15T00:00:00Z", "references": { "cvename": [ "CVE-2021-39226" ] }, "vid": "757ee63b-269a-11ec-a616-6c3be5272acd" }, "details": "Grafana Labs reports:\n\n> Unauthenticated and authenticated users are able to view the snapshot\n> with the lowest database key by accessing the literal paths:\n>\n> - `/dashboard/snapshot/:key`, or\n> - `/api/snapshots/:key`\n>\n> If the snapshot \\\"public_mode\\\" configuration setting is set to true\n> (vs default of false), unauthenticated users are able to delete the\n> snapshot with the lowest database key by accessing the literal path:\n>\n> - `/api/snapshots-delete/:deleteKey`\n>\n> Regardless of the snapshot \\\"public_mode\\\" setting, authenticated\n> users are able to delete the snapshot with the lowest database key by\n> accessing the literal paths:\n>\n> - `/api/snapshots/:key`, or\n> - `/api/snapshots-delete/:deleteKey`\n>\n> The combination of deletion and viewing enables a complete walk\n> through all snapshot data while resulting in complete snapshot data\n> loss.\n", "id": "FreeBSD-2021-0262", "modified": "2021-10-06T00:00:00Z", "published": "2021-10-06T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://grafana.com/blog/2021/10/05/grafana-7.5.11-and-8.1.6-released-with-critical-security-fix/" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-39226" }, { "type": "WEB", "url": "https://grafana.com/blog/2021/10/05/grafana-7.5.11-and-8.1.6-released-with-critical-security-fix/" } ], "schema_version": "1.7.0", "summary": "Grafana -- Snapshot authentication bypass" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "minio" }, "ranges": [ { "events": [ { "fixed": "2021.10.23.03.28.24" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://github.com/minio/minio/security/advisories/GHSA-v64v-g97p-577c" ], "discovery": "2021-10-12T00:00:00Z", "references": { "cvename": [ "CVE-2021-41137" ] }, "vid": "f4b15f7d-d33a-4cd0-a97b-709d6af0e43e" }, "details": "minio developers report:\n\n> Looks like policy restriction was not working properly for normal\n> users when they are not svc or STS accounts.\n>\n> - svc accounts are now properly fixed to get right permissions when\n> its inherited, so we do not have to set \\'owner = true\\'\n> - sts accounts have always been using right permissions, do not need\n> an explicit lookup\n> - regular users always have proper policy mapping\n", "id": "FreeBSD-2021-0261", "modified": "2021-10-23T00:00:00Z", "published": "2021-10-23T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://github.com/minio/minio/security/advisories/GHSA-v64v-g97p-577c" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-41137" }, { "type": "WEB", "url": "https://github.com/minio/minio/security/advisories/GHSA-v64v-g97p-577c" } ], "schema_version": "1.7.0", "summary": "minio -- policy restriction issue" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "mailman" }, "ranges": [ { "events": [ { "fixed": "2.1.35" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "mailman-with-htdig" }, "ranges": [ { "events": [ { "fixed": "2.1.35" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://bazaar.launchpad.net/~mailman-coders/mailman/2.1/view/1873/NEWS#L8" ], "discovery": "2021-10-18T00:00:00Z", "references": { "cvename": [ "CVE-2021-42096", "CVE-2021-42097" ] }, "vid": "8d65aa3b-31ce-11ec-8c32-a14e8e520dc7" }, "details": "Mark Sapiro reports:\n\n> A potential for for a list member to carry out an off-line brute force\n> attack to obtain the list admin password has been reported by Andre\n> Protas, Richard Cloke and Andy Nuttall of Apple. This is fixed.\n>\n> A CSRF attack via the user options page could allow takeover of a\n> users account. This is fixed.\n", "id": "FreeBSD-2021-0260", "modified": "2021-10-20T00:00:00Z", "published": "2021-10-20T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://bazaar.launchpad.net/~mailman-coders/mailman/2.1/view/1873/NEWS#L8" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-42096" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-42097" }, { "type": "WEB", "url": "https://bazaar.launchpad.net/~mailman-coders/mailman/2.1/view/1873/NEWS#L8" }, { "type": "WEB", "url": "https://bugs.launchpad.net/mailman/+bug/1947639" }, { "type": "WEB", "url": "https://bugs.launchpad.net/mailman/+bug/1947640" } ], "schema_version": "1.7.0", "summary": "mailman -- brute-force vuln on list admin password, and CSRF vuln in releases before 2.1.35" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "chromium" }, "ranges": [ { "events": [ { "fixed": "95.0.4638.54" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://chromereleases.googleblog.com/2021/10/stable-channel-update-for-desktop_19.html" ], "discovery": "2021-10-19T00:00:00Z", "references": { "cvename": [ "CVE-2021-37981", "CVE-2021-37982", "CVE-2021-37983", "CVE-2021-37984", "CVE-2021-37985", "CVE-2021-37986", "CVE-2021-37987", "CVE-2021-37988", "CVE-2021-37989", "CVE-2021-37990", "CVE-2021-37991", "CVE-2021-37992", "CVE-2021-37993", "CVE-2021-37994", "CVE-2021-37995", "CVE-2021-37996" ] }, "vid": "bdaecfad-3117-11ec-b3b0-3065ec8fd3ec" }, "details": "Chrome Releases reports:\n\n> This release contains 19 security fixes, including:\n>\n> - \\[1246631\\] High CVE-2021-37981: Heap buffer overflow in Skia.\n> Reported by Yangkang (@dnpushme) of 360 ATA on 2021-09-04\n> - \\[1248661\\] High CVE-2021-37982: Use after free in Incognito.\n> Reported by Weipeng Jiang (@Krace) from Codesafe Team of Legendsec\n> at Qi\\'anxin Group on 2021-09-11\n> - \\[1249810\\] High CVE-2021-37983: Use after free in Dev Tools.\n> Reported by Zhihua Yao of KunLun Lab on 2021-09-15\n> - \\[1253399\\] High CVE-2021-37984: Heap buffer overflow in PDFium.\n> Reported by Antti Levom\u00e4ki, Joonas Pihlaja andChristian Jali from\n> Forcepoint on 2021-09-27\n> - \\[1241860\\] High CVE-2021-37985: Use after free in V8. Reported by\n> Yangkang (@dnpushme) of 360 ATA on 2021-08-20\n> - \\[1242404\\] Medium CVE-2021-37986: Heap buffer overflow in Settings.\n> Reported by raven (@raid_akame) on 2021-08-23\n> - \\[1206928\\] Medium CVE-2021-37987: Use after free in Network APIs.\n> Reported by Yangkang (@dnpushme) of 360 ATA on 2021-05-08\n> - \\[1228248\\] Medium CVE-2021-37988: Use after free in Profiles.\n> Reported by raven (@raid_akame) on 2021-07-12\n> - \\[1233067\\] Medium CVE-2021-37989: Inappropriate implementation in\n> Blink. Reported by Matt Dyas, Ankur Sundara on 2021-07-26\n> - \\[1247395\\] Medium CVE-2021-37990: Inappropriate implementation in\n> WebView. Reported by Kareem Selim of CyShield on 2021-09-07\n> - \\[1250660\\] Medium CVE-2021-37991: Race in V8. Reported by Samuel\n> Gross of Google Project Zero on 2021-09-17\n> - \\[1253746\\] Medium CVE-2021-37992: Out of bounds read in WebAudio.\n> Reported by sunburst@Ant Security Light-Year Lab on 2021-09-28\n> - \\[1255332\\] Medium CVE-2021-37993: Use after free in PDF\n> Accessibility. Reported by Cassidy Kim of Amber Security Lab, OPPO\n> Mobile Telecommunications Corp. Ltd. on 2021-10-02\n> - \\[1243020\\] Medium CVE-2021-37996: Insufficient validation of\n> untrusted input in Downloads. Reported by Anonymous on 2021-08-24\n> - \\[1100761\\] Low CVE-2021-37994: Inappropriate implementation in\n> iFrame Sandbox. Reported by David Erceg on 2020-06-30\n> - \\[1242315\\] Low CVE-2021-37995: Inappropriate implementation in\n> WebApp Installer. Reported by Terence Eden on 2021-08-23\n", "id": "FreeBSD-2021-0259", "modified": "2021-10-19T00:00:00Z", "published": "2021-10-19T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://chromereleases.googleblog.com/2021/10/stable-channel-update-for-desktop_19.html" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-37981" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-37982" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-37983" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-37984" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-37985" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-37986" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-37987" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-37988" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-37989" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-37990" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-37991" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-37992" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-37993" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-37994" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-37995" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-37996" }, { "type": "WEB", "url": "https://chromereleases.googleblog.com/2021/10/stable-channel-update-for-desktop_19.html" } ], "schema_version": "1.7.0", "summary": "chromium -- multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "mysql57-server" }, "ranges": [ { "events": [ { "fixed": "5.7.36" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "mysql80-client" }, "ranges": [ { "events": [ { "fixed": "8.0.27" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "mysql-connector-java" }, "ranges": [ { "events": [ { "fixed": "8.0.27" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "mysql80-server" }, "ranges": [ { "events": [ { "fixed": "8.0.27" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "mariadb103-server" }, "ranges": [ { "events": [ { "fixed": "10.3.32" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "mariadb104-server" }, "ranges": [ { "events": [ { "fixed": "10.4.22" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "mariadb105-server" }, "ranges": [ { "events": [ { "fixed": "10.5.13" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://www.oracle.com/security-alerts/cpujul2021.html" ], "discovery": "2021-10-16T00:00:00Z", "references": { "cvename": [ "CVE-2021-22931", "CVE-2021-3711", "CVE-2021-22926", "CVE-2021-36222", "CVE-2021-35583", "CVE-2021-35610", "CVE-2021-35597", "CVE-2021-35607", "CVE-2021-2481", "CVE-2021-35590", "CVE-2021-35592", "CVE-2021-35593", "CVE-2021-35594", "CVE-2021-35598", "CVE-2021-35621", "CVE-2021-2471", "CVE-2021-35604", "CVE-2021-35612", "CVE-2021-35608", "CVE-2021-35602", "CVE-2021-35577", "CVE-2021-2478", "CVE-2021-2479", "CVE-2021-35537", "CVE-2021-35591", "CVE-2021-35596", "CVE-2021-35648", "CVE-2021-35631", "CVE-2021-35626", "CVE-2021-35627", "CVE-2021-35628", "CVE-2021-35629", "CVE-2021-35575", "CVE-2021-35634", "CVE-2021-35635", "CVE-2021-35636", "CVE-2021-35638", "CVE-2021-35641", "CVE-2021-35642", "CVE-2021-35643", "CVE-2021-35644", "CVE-2021-35645", "CVE-2021-35646", "CVE-2021-35647", "CVE-2021-35630", "CVE-2021-35637", "CVE-2021-35546", "CVE-2021-35622", "CVE-2021-35624", "CVE-2021-35639", "CVE-2021-35632", "CVE-2021-35584", "CVE-2021-35613", "CVE-2021-35640", "CVE-2021-35633", "CVE-2021-35625", "CVE-2021-35623", "CVE-2021-35618" ] }, "vid": "c9387e4d-2f5f-11ec-8be6-d4c9ef517024" }, "details": "Oracle reports:\n\n> This Critical Patch Update contains 66 new security patches for Oracle\n> MySQL. 8 of these vulnerabilities may be remotely exploitable without\n> authentication, i.e., may be exploited over a network without\n> requiring user credentials.\\\n> The highest CVSS v3.1 Base Score of vulnerabilities affecting Oracle\n> MySQL is 9.8.\n>\n> Note: MariaDB only vulnerable against CVE-2021-35604\n", "id": "FreeBSD-2021-0258", "modified": "2021-11-09T00:00:00Z", "published": "2021-10-17T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://www.oracle.com/security-alerts/cpujul2021.html" }, { "type": "WEB", "url": "https://www.oracle.com/security-alerts/cpuoct2021.html" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-22931" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-3711" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-22926" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-36222" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-35583" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-35610" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-35597" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-35607" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-2481" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-35590" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-35592" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-35593" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-35594" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-35598" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-35621" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-2471" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-35604" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-35612" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-35608" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-35602" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-35577" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-2478" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-2479" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-35537" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-35591" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-35596" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-35648" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-35631" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-35626" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-35627" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-35628" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-35629" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-35575" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-35634" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-35635" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-35636" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-35638" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-35641" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-35642" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-35643" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-35644" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-35645" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-35646" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-35647" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-35630" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-35637" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-35546" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-35622" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-35624" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-35639" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-35632" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-35584" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-35613" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-35640" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-35633" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-35625" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-35623" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-35618" } ], "schema_version": "1.7.0", "summary": "MySQL -- Multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "node" }, "ranges": [ { "events": [ { "fixed": "16.11.1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "node14" }, "ranges": [ { "events": [ { "fixed": "14.18.1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://nodejs.org/en/blog/vulnerability/oct-2021-security-releases/" ], "discovery": "2021-10-12T00:00:00Z", "references": { "cvename": [ "CVE-2021-22959", "CVE-2021-22960" ] }, "vid": "a9c5e89d-2d15-11ec-8363-0022489ad614" }, "details": "Node.js reports:\n\n> # HTTP Request Smuggling due to spaced in headers (Medium)(CVE-2021-22959)\n>\n> The http parser accepts requests with a space (SP) right after the\n> header name before the colon. This can lead to HTTP Request Smuggling\n> (HRS).\n>\n> # HTTP Request Smuggling when parsing the body (Medium)(CVE-2021-22960)\n>\n> The parse ignores chunk extensions when parsing the body of chunked\n> requests. This leads to HTTP Request Smuggling (HRS) under certain\n> conditions.\n", "id": "FreeBSD-2021-0257", "modified": "2021-10-14T00:00:00Z", "published": "2021-10-14T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://nodejs.org/en/blog/vulnerability/oct-2021-security-releases/" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-22959" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-22960" }, { "type": "WEB", "url": "https://nodejs.org/en/blog/vulnerability/oct-2021-security-releases/" } ], "schema_version": "1.7.0", "summary": "Node.js -- October 2021 Security Releases" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "openssh-portable" }, "ranges": [ { "events": [ { "introduced": "6.2.p1,1" }, { "fixed": "8.7.p1_2,1" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "openssh-portable-hpn" }, "ranges": [ { "events": [ { "introduced": "6.2.p1,1" }, { "fixed": "8.7.p1_2,1" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "openssh-portable-gssapi" }, "ranges": [ { "events": [ { "introduced": "6.2.p1,1" }, { "fixed": "8.7.p1_2,1" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://www.openssh.com/txt/release-8.8" ], "discovery": "2021-09-26T00:00:00Z", "references": { "cvename": [ "CVE-2021-41617" ] }, "vid": "2a1b931f-2b86-11ec-8acd-c80aa9043978" }, "details": "OpenBSD Project reports:\n\n> sshd(8) from OpenSSH 6.2 through 8.7 failed to correctly initialise\n> supplemental groups when executing an AuthorizedKeysCommand or\n> AuthorizedPrincipalsCommand, where a AuthorizedKeysCommandUser or\n> AuthorizedPrincipalsCommandUser directive has been set to run the\n> command as a different user. Instead these commands would inherit the\n> groups that sshd(8) was started with.\n>\n> Depending on system configuration, inherited groups may allow\n> AuthorizedKeysCommand/AuthorizedPrincipalsCommand helper programs to\n> gain unintended privilege.\n>\n> Neither AuthorizedKeysCommand nor AuthorizedPrincipalsCommand are\n> enabled by default in sshd_config(5).\n", "id": "FreeBSD-2021-0256", "modified": "2021-10-12T00:00:00Z", "published": "2021-10-12T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://www.openssh.com/txt/release-8.8" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-41617" }, { "type": "WEB", "url": "https://www.openssh.com/txt/release-8.8" } ], "schema_version": "1.7.0", "summary": "OpenSSH -- OpenSSH 6.2 through 8.7 failed to correctly initialise supplemental groups when executing an AuthorizedKeysCommand or AuthorizedPrincipalsCommand" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "couchdb" }, "ranges": [ { "events": [ { "fixed": "3.1.2,2" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://docs.couchdb.org/en/stable/cve/2021-38295.html" ], "discovery": "2021-08-09T00:00:00Z", "references": { "cvename": [ "CVE-2021-39205" ] }, "vid": "a7dd4c2d-77e4-46de-81a2-c453c317f9de" }, "details": "Cory Sabol reports:\n\n> A malicious user with permission to create documents in a database is\n> able to attach a HTML attachment to a document. If a CouchDB admin\n> opens that attachment in a browser, e.g. via the CouchDB admin\n> interface Fauxton, any JavaScript code embedded in that HTML\n> attachment will be executed within the security context of that admin.\n> A similar route is available with the already deprecated \\_show and\n> \\_list functionality.\n", "id": "FreeBSD-2021-0255", "modified": "2021-10-12T00:00:00Z", "published": "2021-10-12T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://docs.couchdb.org/en/stable/cve/2021-38295.html" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-39205" }, { "type": "WEB", "url": "https://docs.couchdb.org/en/stable/cve/2021-38295.html" } ], "schema_version": "1.7.0", "summary": "couchdb -- user privilege escalation" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "py36-ansible-core" }, "ranges": [ { "events": [ { "fixed": "2.11.6" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "py37-ansible-core" }, "ranges": [ { "events": [ { "fixed": "2.11.6" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "py38-ansible-core" }, "ranges": [ { "events": [ { "fixed": "2.11.6" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "py39-ansible-core" }, "ranges": [ { "events": [ { "fixed": "2.11.6" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "py310-ansible-core" }, "ranges": [ { "events": [ { "fixed": "2.11.6" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "py36-ansible-base" }, "ranges": [ { "events": [ { "fixed": "2.10.15" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "py37-ansible-base" }, "ranges": [ { "events": [ { "fixed": "2.10.15" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "py38-ansible-base" }, "ranges": [ { "events": [ { "fixed": "2.10.15" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "py39-ansible-base" }, "ranges": [ { "events": [ { "fixed": "2.10.15" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "py310-ansible-base" }, "ranges": [ { "events": [ { "fixed": "2.10.15" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "py36-ansible2" }, "ranges": [ { "events": [ { "fixed": "2.9.27" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "py37-ansible2" }, "ranges": [ { "events": [ { "fixed": "2.9.27" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "py38-ansible2" }, "ranges": [ { "events": [ { "fixed": "2.9.27" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "py39-ansible2" }, "ranges": [ { "events": [ { "fixed": "2.9.27" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "py310-ansible2" }, "ranges": [ { "events": [ { "fixed": "2.9.27" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "py36-ansible" }, "ranges": [ { "events": [ { "fixed": "2.9.27" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "py37-ansible" }, "ranges": [ { "events": [ { "fixed": "2.9.27" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "py38-ansible" }, "ranges": [ { "events": [ { "fixed": "2.9.27" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "py39-ansible" }, "ranges": [ { "events": [ { "fixed": "2.9.27" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "py310-ansible" }, "ranges": [ { "events": [ { "fixed": "2.9.27" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "discovery": "2021-06-25T00:00:00Z", "references": { "cvename": [ "CVE-2021-3620" ] }, "vid": "9a8514f3-2ab8-11ec-b3a1-8c164582fbac" }, "details": "Red Hat reports:\n\n> A flaw was found in Ansible Engine\\'s ansible-connection module, where\n> sensitive information such as the Ansible user credentials is\n> disclosed by default in the traceback error message. The highest\n> threat from this vulnerability is to confidentiality.\n", "id": "FreeBSD-2021-0254", "modified": "2021-10-11T00:00:00Z", "published": "2021-10-11T00:00:00Z", "references": [ { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-3620" }, { "type": "WEB", "url": "https://access.redhat.com/security/cve/CVE-2021-3620" }, { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-3620" }, { "type": "WEB", "url": "https://github.com/ansible/ansible/blob/stable-2.9/changelogs/CHANGELOG-v2.9.rst#v2-9-27" }, { "type": "WEB", "url": "https://github.com/ansible/ansible/blob/stable-2.10/changelogs/CHANGELOG-v2.10.rst#v2-10-15" }, { "type": "WEB", "url": "https://github.com/ansible/ansible/blob/stable-2.11/changelogs/CHANGELOG-v2.11.rst#v2-11-6" } ], "schema_version": "1.7.0", "summary": "Ansible -- Ansible user credentials disclosure in ansible-connection module" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "apache-openoffice" }, "ranges": [ { "events": [ { "fixed": "4.1.11" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "apache-openoffice-devel" }, "ranges": [ { "events": [ { "fixed": "4.2.1633255994,4" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://cve.mitre.org/cgi-bin/cvename.cgi?name=2021-33035", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=2021-41830", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=2021-41831", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=2021-41832" ], "discovery": "2021-05-04T00:00:00Z", "references": { "cvename": [ "CVE-2021-33035", "CVE-2021-41830", "CVE-2021-41831", "CVE-2021-41832" ] }, "vid": "04d2cf7f-2942-11ec-b48c-1c1b0d9ea7e6" }, "details": "The Apache Openoffice project reports:\n\n> Apache OpenOffice opens dBase/DBF documents and shows the contents as\n> spreadsheets. DBF are database files with data organized in fields.\n> When reading DBF data the size of certain fields is not checked: the\n> data is just copied into local variables. A carefully crafted document\n> could overflow the allocated space, leading to the execution of\n> arbitrary code by altering the contents of the program stack. This\n> issue affects Apache OpenOffice up to and including version 4.1.10\n\n> It is possible for an attacker to manipulate signed documents and\n> macros to appear to come from a trusted source. All versions of Apache\n> OpenOffice up to 4.1.10 are affected. Users are advised to update to\n> version 4.1.11. See CVE-2021-25633 for the LibreOffice advisory\n\n> It is possible for an attacker to manipulate the timestamp of signed\n> documents. All versions of Apache OpenOffice up to 4.1.10 are\n> affected. Users are advised to update to version 4.1.11. See\n> CVE-2021-25634 for the LibreOffice advisory.\n\n> It is possible for an attacker to manipulate documents to appear to be\n> signed by a trusted source. All versions of Apache OpenOffice up to\n> 4.1.10 are affected. Users are advised to update to version 4.1.11.\n> See CVE-2021-25635 for the LibreOffice advisory.\n", "id": "FreeBSD-2021-0253", "modified": "2021-10-09T00:00:00Z", "published": "2021-10-09T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=2021-33035" }, { "type": "REPORT", "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=2021-41830" }, { "type": "REPORT", "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=2021-41831" }, { "type": "REPORT", "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=2021-41832" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-33035" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-41830" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-41831" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-41832" }, { "type": "WEB", "url": "https://cwiki.apache.org/confluence/display/OOOUSERS/AOO+4.1.11+Release+Notes/#AOO4.1.11ReleaseNotes-Security" } ], "schema_version": "1.7.0", "summary": "Apache OpenOffice -- multiple vulnerabilities." }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "go" }, "ranges": [ { "events": [ { "fixed": "1.17.2,1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://github.com/golang/go/issues/48797" ], "discovery": "2021-10-06T00:00:00Z", "references": { "cvename": [ "CVE-2021-38297" ] }, "vid": "4fce9635-28c0-11ec-9ba8-002324b2fba8" }, "details": "The Go project reports:\n\n> When invoking functions from WASM modules, built using GOARCH=wasm\n> GOOS=js, passing very large arguments can cause portions of the module\n> to be overwritten with data from the arguments.\n>\n> If using wasm_exec.js to execute WASM modules, users will need to\n> replace their copy after rebuilding any modules.\n", "id": "FreeBSD-2021-0252", "modified": "2021-10-09T00:00:00Z", "published": "2021-10-09T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://github.com/golang/go/issues/48797" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-38297" }, { "type": "WEB", "url": "https://github.com/golang/go/issues/48797" } ], "schema_version": "1.7.0", "summary": "go -- misc/wasm, cmd/link: do not let command line arguments overwrite global data" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "chromium" }, "ranges": [ { "events": [ { "fixed": "94.0.4606.81" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://chromereleases.googleblog.com/2021/10/stable-channel-update-for-desktop.html" ], "discovery": "2021-10-07T00:00:00Z", "references": { "cvename": [ "CVE-2021-37977", "CVE-2021-37978", "CVE-2021-37979", "CVE-2021-37980" ] }, "vid": "7d3d94d3-2810-11ec-9c51-3065ec8fd3ec" }, "details": "Chrome Releases reports:\n\n> This release contains 4 security fixes, including:\n>\n> - \\[1252878\\] High CVE-2021-37977: Use after free in Garbage\n> Collection. Reported by Anonymous on 2021-09-24\n> - \\[1236318\\] High CVE-2021-37978: Heap buffer overflow in Blink.\n> Reported by Yangkang (@dnpushme) of 360 ATA on 2021-08-04\n> - \\[1247260\\] High CVE-2021-37979: Heap buffer overflow in WebRTC.\n> Reported by Marcin Towalski of Cisco Talos on 2021-09-07\n> - \\[1254631\\] High CVE-2021-37980: Inappropriate implementation in\n> Sandbox. Reported by Yonghwi Jin (@jinmo123) on 2021-09-30\n", "id": "FreeBSD-2021-0251", "modified": "2021-10-08T00:00:00Z", "published": "2021-10-08T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://chromereleases.googleblog.com/2021/10/stable-channel-update-for-desktop.html" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-37977" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-37978" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-37979" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-37980" }, { "type": "WEB", "url": "https://chromereleases.googleblog.com/2021/10/stable-channel-update-for-desktop.html" } ], "schema_version": "1.7.0", "summary": "chromium -- multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "apache24" }, "ranges": [ { "events": [ { "introduced": "2.4.49" }, { "fixed": "2.4.51" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://httpd.apache.org/security/vulnerabilities_24.html" ], "discovery": "2021-10-07T00:00:00Z", "references": { "cvename": [ "CVE-2021-42013" ] }, "vid": "d001c189-2793-11ec-8fb1-206a8a720317" }, "details": "The Apache http server project reports:\n\n> critical: Path Traversal and Remote Code Execution in Apache HTTP\n> Server 2.4.49 and 2.4.50 (incomplete fix of CVE-2021-41773)\n> (CVE-2021-42013).\n>\n> It was found that the fix for CVE-2021-41773 in Apache HTTP Server\n> 2.4.50 was insufficient. An attacker could use a path traversal attack\n> to map URLs to files outside the directories configured by Alias-like\n> directives.\n>\n> If files outside of these directories are not protected by the usual\n> default configuration \\\"require all denied\\\", these requests can\n> succeed. If CGI scripts are also enabled for these aliased pathes,\n> this could allow for remote code execution.\n>\n> This issue only affects Apache 2.4.49 and Apache 2.4.50 and not\n> earlier versions.\n>\n> Acknowledgements: Reported by Juan Escobar from Dreamlab Technologies,\n> Fernando Munoz from NULL Life CTF Team, and Shungo Kumasaka\n", "id": "FreeBSD-2021-0250", "modified": "2021-10-07T00:00:00Z", "published": "2021-10-07T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://httpd.apache.org/security/vulnerabilities_24.html" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-42013" } ], "schema_version": "1.7.0", "summary": "Apache httpd -- Path Traversal and Remote Code Execution" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "jenkins" }, "ranges": [ { "events": [ { "fixed": "2.315" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "jenkins-lts" }, "ranges": [ { "events": [ { "fixed": "2.303.2" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://www.jenkins.io/security/advisory/2021-10-06/" ], "discovery": "2021-10-06T00:00:00Z", "references": { "cvename": [ "CVE-2014-3577" ] }, "vid": "9bad457e-b396-4452-8773-15bec67e1ceb" }, "details": "Jenkins Security Advisory:\n\n> # Description\n>\n> ##### (Medium) SECURITY-2475 / CVE-2014-3577\n>\n> Jenkins core bundles vulnerable version of the commons-httpclient\n> library\n", "id": "FreeBSD-2021-0249", "modified": "2021-10-07T00:00:00Z", "published": "2021-10-07T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://www.jenkins.io/security/advisory/2021-10-06/" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2014-3577" }, { "type": "WEB", "url": "https://www.jenkins.io/security/advisory/2021-10-06/" } ], "schema_version": "1.7.0", "summary": "jenkins -- Jenkins core bundles vulnerable version of the commons-httpclient library" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "apache24" }, "ranges": [ { "events": [ { "introduced": "2.4.49" }, { "fixed": "2.4.50" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://httpd.apache.org/security/vulnerabilities_24.html" ], "discovery": "2021-10-05T00:00:00Z", "references": { "cvename": [ "CVE-2021-41524", "CVE-2021-41773" ] }, "vid": "25b78bdd-25b8-11ec-a341-d4c9ef517024" }, "details": "The Apache http server project reports:\n\n> - moderate: null pointer dereference in h2 fuzzing (CVE-2021-41524)\n> - important: Path traversal and file disclosure vulnerability in\n> Apache HTTP Server 2.4.49 (CVE-2021-41773)\n", "id": "FreeBSD-2021-0248", "modified": "2021-10-06T00:00:00Z", "published": "2021-10-05T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://httpd.apache.org/security/vulnerabilities_24.html" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-41524" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-41773" }, { "type": "WEB", "url": "https://httpd.apache.org/security/vulnerabilities_24.html" } ], "schema_version": "1.7.0", "summary": "Apache httpd -- Multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "bacula-web" }, "ranges": [ { "events": [ { "fixed": "8.4.2" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://www.bacula-web.org/releases/2021-07-11-bacula-web-8.4.2/" ], "discovery": "2021-07-11T00:00:00Z", "references": { "cvename": [ "CVE-2021-26119", "CVE-2021-26120" ] }, "vid": "f05dbd1f-2599-11ec-91be-001b217b3468" }, "details": "Bacula-Web reports:\n\n> Address Smarty CVE\n", "id": "FreeBSD-2021-0247", "modified": "2021-10-05T00:00:00Z", "published": "2021-10-05T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://www.bacula-web.org/releases/2021-07-11-bacula-web-8.4.2/" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-26119" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-26120" }, { "type": "WEB", "url": "https://www.bacula-web.org/releases/2021-07-11-bacula-web-8.4.2/" } ], "schema_version": "1.7.0", "summary": "Bacula-Web -- Multiple Vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "redis-devel" }, "ranges": [ { "events": [ { "fixed": "7.0.0.20211005" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "redis" }, "ranges": [ { "events": [ { "fixed": "6.2.6" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "redis6" }, "ranges": [ { "events": [ { "fixed": "6.0.16" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "redis5" }, "ranges": [ { "events": [ { "fixed": "5.0.14" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://groups.google.com/g/redis-db/c/GS_9L2KCk9g/m/Q7ZN1R1cDAAJ" ], "discovery": "2021-10-04T00:00:00Z", "references": { "cvename": [ "CVE-2021-41099", "CVE-2021-32762", "CVE-2021-32687", "CVE-2021-32675", "CVE-2021-32672", "CVE-2021-32628", "CVE-2021-32627", "CVE-2021-32626" ] }, "vid": "9b4806c1-257f-11ec-9db5-0800270512f4" }, "details": "The Redis Team reports:\n\n> \n>\n> CVE-2021-41099\n> : Integer to heap buffer overflow handling certain string commands\n> and network payloads, when proto-max-bulk-len is manually\n> configured.\n>\n> CVE-2021-32762\n> : Integer to heap buffer overflow issue in redis-cli and\n> redis-sentinel parsing large multi-bulk replies on some older and\n> less common platforms.\n>\n> CVE-2021-32687\n> : Integer to heap buffer overflow with intsets, when\n> set-max-intset-entries is manually configured to a non-default,\n> very large value.\n>\n> CVE-2021-32675\n> : Denial Of Service when processing RESP request payloads with a\n> large number of elements on many connections.\n>\n> CVE-2021-32672\n> : Random heap reading issue with Lua Debugger.\n>\n> CVE-2021-32628\n> : Integer to heap buffer overflow handling ziplist-encoded data\n> types, when configuring a large, non-default value for\n> hash-max-ziplist-entries, hash-max-ziplist-value,\n> zset-max-ziplist-entries or zset-max-ziplist-value.\n>\n> CVE-2021-32627\n> : Integer to heap buffer overflow issue with streams, when\n> configuring a non-default, large value for proto-max-bulk-len and\n> client-query-buffer-limit.\n>\n> CVE-2021-32626\n> : Specially crafted Lua scripts may result with Heap buffer\n> overflow.\n", "id": "FreeBSD-2021-0246", "modified": "2021-10-05T00:00:00Z", "published": "2021-10-05T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://groups.google.com/g/redis-db/c/GS_9L2KCk9g/m/Q7ZN1R1cDAAJ" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-41099" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-32762" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-32687" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-32675" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-32672" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-32628" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-32627" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-32626" }, { "type": "WEB", "url": "https://groups.google.com/g/redis-db/c/GS_9L2KCk9g" } ], "schema_version": "1.7.0", "summary": "redis -- multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "mediawiki131" }, "ranges": [ { "events": [ { "fixed": "1.31.16" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "mediawiki135" }, "ranges": [ { "events": [ { "fixed": "1.35.4" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "mediawiki136" }, "ranges": [ { "events": [ { "fixed": "1.36.2" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://lists.wikimedia.org/hyperkitty/list/mediawiki-announce@lists.wikimedia.org/message/2IFS5CM2YV4VMSODPX3J2LFHKSEWVFV5/" ], "discovery": "2021-06-24T00:00:00Z", "references": { "cvename": [ "CVE-2021-41798", "CVE-2021-41799", "CVE-2021-41800", "CVE-2021-41801" ] }, "vid": "f84ab297-2285-11ec-9e79-08002789875b" }, "details": "Mediawiki reports:\n\n> (T285515, CVE-2021-41798) SECURITY: XSS vulnerability in\n> Special:Search.\n>\n> (T290379, CVE-2021-41799) SECURITY: ApiQueryBacklinks can cause a full\n> table scan.\n>\n> (T284419, CVE-2021-41800) SECURITY: fix PoolCounter protection of\n> Special:Contributions.\n>\n> (T279090, CVE-2021-41801) SECURITY: ReplaceText continues performing\n> actions if the user no longer has the correct permission (such as by\n> being blocked).\n", "id": "FreeBSD-2021-0245", "modified": "2021-10-01T00:00:00Z", "published": "2021-10-01T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://lists.wikimedia.org/hyperkitty/list/mediawiki-announce@lists.wikimedia.org/message/2IFS5CM2YV4VMSODPX3J2LFHKSEWVFV5/" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-41798" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-41799" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-41800" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-41801" }, { "type": "WEB", "url": "https://lists.wikimedia.org/hyperkitty/list/mediawiki-announce@lists.wikimedia.org/message/2IFS5CM2YV4VMSODPX3J2LFHKSEWVFV5/" } ], "schema_version": "1.7.0", "summary": "mediawiki -- multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "chromium" }, "ranges": [ { "events": [ { "fixed": "94.0.4606.71" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://chromereleases.googleblog.com/2021/09/stable-channel-update-for-desktop_30.html" ], "discovery": "2021-09-30T00:00:00Z", "references": { "cvename": [ "CVE-2021-37974", "CVE-2021-37975", "CVE-2021-37976" ] }, "vid": "777edbbe-2230-11ec-8869-704d7b472482" }, "details": "Chrome Releases/Stable updates reports:\n\n> This release contains 4 security fixes, including:\n>\n> - \\[1245578\\] High CVE-2021-37974: Use after free in Safe Browsing.\n> Reported by Weipeng Jiang (@Krace) from Codesafe Team of Legendsec\n> at Qi\\'anxin Group on 2021-09-01\n> - \\[1252918\\] High CVE-2021-37975: Use after free in V8. Reported by\n> Anonymous on 2021-09-24\n> - \\[1251787\\] Medium CVE-2021-37976: Information leak in core.\n> Reported by Clement Lecigne from Google TAG, with technical\n> assistance from Sergei Glazunov and Mark Brand from Google Project\n> Zero on 2021-09-21\n>\n> Google is aware the exploits for CVE-2021-37975 and CVE-2021-37976\n> exist in the wild.\n", "id": "FreeBSD-2021-0244", "modified": "2021-09-30T00:00:00Z", "published": "2021-09-30T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://chromereleases.googleblog.com/2021/09/stable-channel-update-for-desktop_30.html" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-37974" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-37975" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-37976" }, { "type": "WEB", "url": "https://chromereleases.googleblog.com/2021/09/stable-channel-update-for-desktop_30.html" } ], "schema_version": "1.7.0", "summary": "chromium -- multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "gitlab-ce" }, "ranges": [ { "events": [ { "introduced": "14.3.0" }, { "fixed": "14.3.1" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "14.2.0" }, { "fixed": "14.2.5" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "0" }, { "fixed": "14.1.7" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://about.gitlab.com/releases/2021/09/30/security-release-gitlab-14-3-1-released/" ], "discovery": "2021-09-30T00:00:00Z", "references": { "cvename": [ "CVE-2021-39885", "CVE-2021-39877", "CVE-2021-39887", "CVE-2021-39867", "CVE-2021-39869", "CVE-2021-39872", "CVE-2021-39878", "CVE-2021-39866", "CVE-2021-39882", "CVE-2021-39875", "CVE-2021-39870", "CVE-2021-39884", "CVE-2021-39883", "CVE-2021-22259", "CVE-2021-39868", "CVE-2021-39871", "CVE-2021-39874", "CVE-2021-39873", "CVE-2021-39881", "CVE-2021-39886", "CVE-2021-39879" ] }, "vid": "1bdd4db6-2223-11ec-91be-001b217b3468" }, "details": "Gitlab reports:\n\n> Stored XSS in merge request creation page\n>\n> Denial-of-service attack in Markdown parser\n>\n> Stored Cross-Site Scripting vulnerability in the GitLab Flavored\n> Markdown\n>\n> DNS Rebinding vulnerability in Gitea importer\n>\n> Exposure of trigger tokens on project exports\n>\n> Improper access control for users with expired password\n>\n> Access tokens are not cleared after impersonation\n>\n> Reflected Cross-Site Scripting in Jira Integration\n>\n> DNS Rebinding vulnerability in Fogbugz importer\n>\n> Access tokens persist after project deletion\n>\n> User enumeration vulnerability\n>\n> Potential DOS via API requests\n>\n> Pending invitations of public groups and public projects are visible\n> to any user\n>\n> Bypass Disabled Repo by URL Project Creation\n>\n> Low privileged users can see names of the private groups shared in\n> projects\n>\n> API discloses sensitive info to low privileged users\n>\n> Epic listing do not honour group memberships\n>\n> Insecure Direct Object Reference vulnerability may lead to protected\n> branch names getting disclosed\n>\n> Low privileged users can import users from projects that they they are\n> not a maintainer on\n>\n> Potential DOS via dependencies API\n>\n> Create a project with unlimited repository size through malicious\n> Project Import\n>\n> Bypass disabled Bitbucket Server import source project creation\n>\n> Requirement to enforce 2FA is not honored when using git commands\n>\n> Content spoofing vulnerability\n>\n> Improper session management in impersonation feature\n>\n> Create OAuth application with arbitrary scopes through content\n> spoofing\n>\n> Lack of account lockout on change password functionality\n>\n> Epic reference was not updated while moved between groups\n>\n> Missing authentication allows disabling of two-factor authentication\n>\n> Information disclosure in SendEntry\n", "id": "FreeBSD-2021-0243", "modified": "2021-09-30T00:00:00Z", "published": "2021-09-30T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://about.gitlab.com/releases/2021/09/30/security-release-gitlab-14-3-1-released/" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-39885" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-39877" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-39887" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-39867" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-39869" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-39872" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-39878" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-39866" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-39882" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-39875" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-39870" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-39884" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-39883" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-22259" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-39868" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-39871" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-39874" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-39873" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-39881" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-39886" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-39879" }, { "type": "WEB", "url": "https://about.gitlab.com/releases/2021/09/30/security-release-gitlab-14-3-1-released/" } ], "schema_version": "1.7.0", "summary": "Gitlab -- vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "ha" }, "ranges": [ { "events": [ { "fixed": "0.999b_2" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "http://www.openwall.com/lists/oss-security/2015/01/18/8" ], "discovery": "2015-01-18T00:00:00Z", "references": { "cvename": [ "CVE-2015-1198" ] }, "vid": "5436f9a2-2190-11ec-a90b-0cc47a49470e" }, "details": "Alexander Cherepanov reports:\n\n> Version 0.999b and older of ha archiver is susceptible to directory\n> traversal vulnerabilities via absolute and relative paths.\n", "id": "FreeBSD-2021-0242", "modified": "2021-09-30T00:00:00Z", "published": "2021-09-30T00:00:00Z", "references": [ { "type": "REPORT", "url": "http://www.openwall.com/lists/oss-security/2015/01/18/8" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2015-1198" }, { "type": "WEB", "url": "http://www.openwall.com/lists/oss-security/2015/01/18/8" } ], "schema_version": "1.7.0", "summary": "ha -- Directory traversals" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "nexus2-oss" }, "ranges": [ { "events": [ { "fixed": "2.14.20" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://help.sonatype.com/repomanager2/release-notes/2020-release-notes#id-2020ReleaseNotes-RepositoryManage" ], "discovery": "2020-12-28T00:00:00Z", "references": { "cvename": [ "CVE-2020-13920" ] }, "vid": "730e922f-20e7-11ec-a574-080027eedc6a" }, "details": "Sonatype reports:\n\n> - CVE-2020-13920: Apache ActiveMQ JMX is vulnerable to a MITM attack\n", "id": "FreeBSD-2021-0241", "modified": "2021-09-29T00:00:00Z", "published": "2021-09-29T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://help.sonatype.com/repomanager2/release-notes/2020-release-notes#id-2020ReleaseNotes-RepositoryManage" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-13920" }, { "type": "WEB", "url": "https://help.sonatype.com/repomanager2/release-notes/2020-release-notes#id-2020ReleaseNotes-RepositoryManage" } ], "schema_version": "1.7.0", "summary": "nexus2-oss -- Apache ActiveMQ JMX vulnerability" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "nexus2-oss" }, "ranges": [ { "events": [ { "fixed": "2.14.19" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://help.sonatype.com/repomanager2/release-notes/2020-release-notes#id-2020ReleaseNotes-RepositoryManager2.14.20" ], "discovery": "2020-06-23T00:00:00Z", "references": { "cvename": [ "CVE-2020-15012" ] }, "vid": "b2f1f86f-20e6-11ec-a574-080027eedc6a" }, "details": "Sonatype reports:\n\n> - CVE-2020-15012: NXRM2 Directory Traversal vulnerability\n", "id": "FreeBSD-2021-0240", "modified": "2021-09-29T00:00:00Z", "published": "2021-09-29T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://help.sonatype.com/repomanager2/release-notes/2020-release-notes#id-2020ReleaseNotes-RepositoryManager2.14.20" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-15012" }, { "type": "WEB", "url": "https://help.sonatype.com/repomanager2/release-notes/2020-release-notes#id-2020ReleaseNotes-RepositoryManage" } ], "schema_version": "1.7.0", "summary": "nexus2-oss -- NXRM2 Directory Traversal vulnerability" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "webkit2-gtk3" }, "ranges": [ { "events": [ { "fixed": "2.32.4" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://webkitgtk.org/security/WSA-2021-0005.html" ], "discovery": "2021-09-20T00:00:00Z", "references": { "cvename": [ "CVE-2021-30858" ] }, "vid": "576aa394-1d85-11ec-8b7d-4f5b624574e2" }, "details": "The WebKitGTK project reports vulnerabilities:\n\n> - CVE-2021-30858: Processing maliciously crafted web content may lead\n> to arbitrary code execution.\n", "id": "FreeBSD-2021-0239", "modified": "2021-09-24T00:00:00Z", "published": "2021-09-24T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://webkitgtk.org/security/WSA-2021-0005.html" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-30858" }, { "type": "WEB", "url": "https://webkitgtk.org/security/WSA-2021-0005.html" } ], "schema_version": "1.7.0", "summary": "webkit2-gtk3 -- multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "chromium" }, "ranges": [ { "events": [ { "fixed": "94.0.4606.61" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://chromereleases.googleblog.com/2021/09/stable-channel-update-for-desktop_24.html" ], "discovery": "2021-09-24T00:00:00Z", "references": { "cvename": [ "CVE-2021-37973" ] }, "vid": "b6c875f1-1d76-11ec-ae80-704d7b472482" }, "details": "Chrome Releases reports:\n\n> \\]\\[1251727\\] High CVE-2021-37973 : Use after free in Portals.\n> Reported by Clement Lecigne from Google TAG, with technical assistance\n> from Sergei Glazunov and Mark Brand from Google Project Zero on\n> 2021-09-21\n>\n> Google is aware that an exploit for CVE-2021-37973 exists in the wild.\n", "id": "FreeBSD-2021-0238", "modified": "2021-09-24T00:00:00Z", "published": "2021-09-24T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://chromereleases.googleblog.com/2021/09/stable-channel-update-for-desktop_24.html" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-37973" }, { "type": "WEB", "url": "https://chromereleases.googleblog.com/2021/09/stable-channel-update-for-desktop_24.html" } ], "schema_version": "1.7.0", "summary": "chromium -- use after free in Portals" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "zeek" }, "ranges": [ { "events": [ { "fixed": "4.0.4" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://github.com/zeek/zeek/releases/tag/v4.0.4" ], "discovery": "2021-08-26T00:00:00Z", "vid": "d4d21998-bdc4-4a09-9849-2898d9b41459" }, "details": "Tim Wojtulewicz of Corelight reports:\n\n> Paths from log stream make it into system() unchecked, potentially\n> leading to commands being run on the system unintentionally. This\n> requires either bad scripting or a malicious package to be installed,\n> and is considered low severity.\n>\n> Fix potential unbounded state growth in the PIA analyzer when\n> receiving a connection with either a large number of zero-length\n> packets, or one which continues ack-ing unseen segments. It is\n> possible to run Zeek out of memory in these instances and cause it to\n> crash. Due to the possibility of this happening with packets received\n> from the network, this is a potential DoS vulnerability.\n", "id": "FreeBSD-2021-0237", "modified": "2021-09-22T00:00:00Z", "published": "2021-09-22T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://github.com/zeek/zeek/releases/tag/v4.0.4" }, { "type": "WEB", "url": "https://github.com/zeek/zeek/releases/tag/v4.0.4" } ], "schema_version": "1.7.0", "summary": "zeek -- several vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "mod_auth_mellon" }, "ranges": [ { "events": [ { "fixed": "0.18.0" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://github.com/latchset/mod_auth_mellon/releases/tag/v0.18.0" ], "discovery": "2021-07-30T00:00:00Z", "references": { "cvename": [ "CVE-2019-13038" ] }, "vid": "7bba5b3b-1b7f-11ec-b335-d4c9ef517024" }, "details": "Jakub Hrozek reports:\n\n> Version 0.17.0 and older of mod_auth_mellon allows the redirect URL\n> validation to be bypassed by specifying an URL formatted as\n> ///fishing-site.example.com/logout.html\n", "id": "FreeBSD-2021-0236", "modified": "2021-09-22T00:00:00Z", "published": "2021-09-22T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://github.com/latchset/mod_auth_mellon/releases/tag/v0.18.0" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-13038" }, { "type": "WEB", "url": "https://github.com/latchset/mod_auth_mellon/releases/tag/v0.18.0" } ], "schema_version": "1.7.0", "summary": "mod_auth_mellon -- Redirect URL validation bypass" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "node14" }, "ranges": [ { "events": [ { "fixed": "14.17.6" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://nodejs.org/en/blog/vulnerability/aug-2021-security-releases2/" ], "discovery": "2021-08-31T00:00:00Z", "references": { "cvename": [ "CVE-2021-32803", "CVE-2021-32804", "CVE-2021-37701", "CVE-2021-37712", "CVE-2021-37713", "CVE-2021-39134", "CVE-2021-39135" ] }, "vid": "7062bce0-1b17-11ec-9d9d-0022489ad614" }, "details": "Node.js reports:\n\n> # npm 6 update - node-tar, arborist, npm cli modules\n>\n> These are vulnerabilities in the node-tar, arborist, and npm cli\n> modules which are related to the initial reports and subsequent\n> remediation of node-tar vulnerabilities CVE-2021-32803 and\n> CVE-2021-32804. Subsequent internal security review of node-tar and\n> additional external bounty reports have resulted in another 5 CVE\n> being remediated in core npm CLI dependencies including node-tar, and\n> npm arborist.\n", "id": "FreeBSD-2021-0235", "modified": "2021-09-21T00:00:00Z", "published": "2021-09-21T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://nodejs.org/en/blog/vulnerability/aug-2021-security-releases2/" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-32803" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-32804" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-37701" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-37712" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-37713" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-39134" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-39135" }, { "type": "WEB", "url": "https://nodejs.org/en/blog/vulnerability/aug-2021-security-releases2/" } ], "schema_version": "1.7.0", "summary": "Node.js -- August 2021 Security Releases (2)" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "node14" }, "ranges": [ { "events": [ { "fixed": "14.17.4" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "node" }, "ranges": [ { "events": [ { "fixed": "16.6.2" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://nodejs.org/en/blog/vulnerability/aug-2021-security-releases/" ], "discovery": "2021-08-11T00:00:00Z", "references": { "cvename": [ "CVE-2021-22931", "CVE-2021-22940", "CVE-2021-22939" ] }, "vid": "b092bd4f-1b16-11ec-9d9d-0022489ad614" }, "details": "Node.js reports:\n\n> # cares upgrade - Improper handling of untypical characters in domain names (High) (CVE-2021-22931)\n>\n> Node.js was vulnerable to Remote Code Execution, XSS, application\n> crashes due to missing input validation of host names returned by\n> Domain Name Servers in the Node.js DNS library which can lead to\n> output of wrong hostnames (leading to Domain Hijacking) and injection\n> vulnerabilities in applications using the library.\n>\n> # Use after free on close http2 on stream canceling (High) (CVE-2021-22940)\n>\n> Node.js was vulnerable to a use after free attack where an attacker\n> might be able to exploit memory corruption to change process behavior.\n> The issue is a follow on to CVE-2021-22930 as the issue was not\n> completely resolved in the fix for CVE-2021-22930.\n>\n> # Incomplete validation of rejectUnauthorized parameter (Low) (CVE-2021-22939)\n>\n> If the Node.js https API was used incorrectly and \\\"undefined\\\" was in\n> passed for the \\\"rejectUnauthorized\\\" parameter, no error was returned\n> and connections to servers with an expired certificate would have been\n> accepted.\n", "id": "FreeBSD-2021-0234", "modified": "2021-09-21T00:00:00Z", "published": "2021-09-21T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://nodejs.org/en/blog/vulnerability/aug-2021-security-releases/" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-22931" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-22940" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-22939" }, { "type": "WEB", "url": "https://nodejs.org/en/blog/vulnerability/aug-2021-security-releases/" } ], "schema_version": "1.7.0", "summary": "Node.js -- August 2021 Security Releases" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "node14" }, "ranges": [ { "events": [ { "fixed": "14.17.4" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "node" }, "ranges": [ { "events": [ { "fixed": "16.6.0" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "ihttps://nodejs.org/en/blog/vulnerability/july-2021-security-releases-2/" ], "discovery": "2021-07-29T00:00:00Z", "references": { "cvename": [ "CVE-2021-22930" ] }, "vid": "f53dab71-1b15-11ec-9d9d-0022489ad614" }, "details": "Node.js reports:\n\n> # Use after free on close http2 on stream canceling (High) (CVE-2021-22930)\n>\n> Node.js is vulnerable to a use after free attack where an attacker\n> might be able to exploit the memory corruption, to change process\n> behavior.\n", "id": "FreeBSD-2021-0233", "modified": "2021-09-21T00:00:00Z", "published": "2021-09-21T00:00:00Z", "references": [ { "type": "REPORT", "url": "ihttps://nodejs.org/en/blog/vulnerability/july-2021-security-releases-2/" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-22930" }, { "type": "WEB", "url": "https://nodejs.org/en/blog/vulnerability/july-2021-security-releases-2/" } ], "schema_version": "1.7.0", "summary": "Node.js -- July 2021 Security Releases (2)" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "node14" }, "ranges": [ { "events": [ { "fixed": "14.17.2" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "node" }, "ranges": [ { "events": [ { "fixed": "16.4.1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://nodejs.org/en/blog/vulnerability/july-2021-security-releases/" ], "discovery": "2021-07-01T00:00:00Z", "references": { "cvename": [ "CVE-2021-22918", "CVE-2021-22921", "CVE-2021-27290", "CVE-2021-23362" ] }, "vid": "c174118e-1b11-11ec-9d9d-0022489ad614" }, "details": "Node.js reports:\n\n> # libuv upgrade - Out of bounds read (Medium) (CVE-2021-22918)\n>\n> Node.js is vulnerable to out-of-bounds read in libuv\\'s\n> uv\\_\\_idna_toascii() function which is used to convert strings to\n> ASCII. This is called by Node\\'s dns module\\'s lookup() function and\n> can lead to information disclosures or crashes.\n>\n> # Windows installer - Node Installer Local Privilege Escalation (Medium) (CVE-2021-22921)\n>\n> Node.js is vulnerable to local privilege escalation attacks under\n> certain conditions on Windows platforms. More specifically, improper\n> configuration of permissions in the installation directory allows an\n> attacker to perform two different escalation attacks: PATH and DLL\n> hijacking.\n>\n> # npm upgrade - ssri Regular Expression Denial of Service (ReDoS) (High) (CVE-2021-27290)\n>\n> This is a vulnerability in the ssri npm module which may be vulnerable\n> to denial of service attacks.\n>\n> # npm upgrade - hosted-git-info Regular Expression Denial of Service (ReDoS) (Medium) (CVE-2021-23362)\n>\n> This is a vulnerability in the hosted-git-info npm module which may be\n> vulnerable to denial of service attacks.\n", "id": "FreeBSD-2021-0232", "modified": "2021-09-21T00:00:00Z", "published": "2021-09-21T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://nodejs.org/en/blog/vulnerability/july-2021-security-releases/" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-22918" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-22921" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-27290" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-23362" }, { "type": "WEB", "url": "https://nodejs.org/en/blog/vulnerability/july-2021-security-releases/" } ], "schema_version": "1.7.0", "summary": "Node.js -- July 2021 Security Releases" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "chromium" }, "ranges": [ { "events": [ { "fixed": "94.0.4606.54" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://chromereleases.googleblog.com/2021/09/stable-channel-update-for-desktop_21.html" ], "discovery": "2021-09-21T00:00:00Z", "references": { "cvename": [ "CVE-2021-37956", "CVE-2021-37957", "CVE-2021-37958", "CVE-2021-37959", "CVE-2021-37960", "CVE-2021-37961", "CVE-2021-37962", "CVE-2021-37963", "CVE-2021-37964", "CVE-2021-37965", "CVE-2021-37966", "CVE-2021-37967", "CVE-2021-37968", "CVE-2021-37969", "CVE-2021-37970", "CVE-2021-37971", "CVE-2021-37972" ] }, "vid": "3551e106-1b17-11ec-a8a7-704d7b472482" }, "details": "Chrome Releases reports:\n\n> This update contains 19 security fixes, including:\n>\n> - \\[1243117\\] High CVE-2021-37956: Use after free in Offline use.\n> Reported by Huyna at Viettel Cyber Security on 2021-08-24\n> - \\[1242269\\] High CVE-2021-37957: Use after free in WebGPU. Reported\n> by Looben Yang on 2021-08-23\n> - \\[1223290\\] High CVE-2021-37958: Inappropriate implementation in\n> Navigation. Reported by James Lee (@Windowsrcer) on 2021-06-24\n> - \\[1229625\\] High CVE-2021-37959: Use after free in Task Manager.\n> Reported by raven (@raid_akame) on 2021-07-15\n> - \\[1247196\\] High CVE-2021-37960: Inappropriate implementation in\n> Blink graphics. Reported by Atte Kettunen of OUSPG on 2021-09-07\n> - \\[1228557\\] Medium CVE-2021-37961: Use after free in Tab Strip.\n> Reported by Khalil Zhani on 2021-07-13\n> - \\[1231933\\] Medium CVE-2021-37962: Use after free in Performance\n> Manager. Reported by Sri on 2021-07-22\n> - \\[1199865\\] Medium CVE-2021-37963: Side-channel information leakage\n> in DevTools. Reported by Daniel Genkin and Ayush Agarwal, University\n> of Michigan, Eyal Ronen and Shaked Yehezkel, Tel Aviv University,\n> Sioli O\\'Connell, University of Adelaide, and Jason Kim, Georgia\n> Institute of Technology on 2021-04-16\n> - \\[1203612\\] Medium CVE-2021-37964: Inappropriate implementation in\n> ChromeOS Networking. Reported by Hugo Hue and Sze Yiu Chau of the\n> Chinese University of Hong Kong on 2021-04-28\n> - \\[1239709\\] Medium CVE-2021-37965: Inappropriate implementation in\n> Background Fetch API. Reported by Maurice Dauer on 2021-08-13\n> - \\[1238944\\] Medium CVE-2021-37966: Inappropriate implementation in\n> Compositing. Reported by Mohit Raj (shadow2639) on 2021-08-11\n> - \\[1243622\\] Medium CVE-2021-37967: Inappropriate implementation in\n> Background Fetch API. Reported by SorryMybad (@S0rryMybad) of Kunlun\n> Lab on 2021-08-26\n> - \\[1245053\\] Medium CVE-2021-37968: Inappropriate implementation in\n> Background Fetch API. Reported by Maurice Dauer on 2021-08-30\n> - \\[1245879\\] Medium CVE-2021-37969: Inappropriate implementation in\n> Google Updater. Reported by Abdelhamid Naceri (halov) on 2021-09-02\n> - \\[1248030\\] Medium CVE-2021-37970: Use after free in File System\n> API. Reported by SorryMybad (@S0rryMybad) of Kunlun Lab on\n> 2021-09-09\n> - \\[1219354\\] Low CVE-2021-37971: Incorrect security UI in Web Browser\n> UI. Reported by Rayyan Bijoora on 2021-06-13\n> - \\[1234259\\] Low CVE-2021-37972: Out of bounds read in libjpeg-turbo.\n> Reported by Xu Hanyu and Lu Yutao from Panguite-Forensics-Lab of\n> Qianxin on 2021-07-29\n", "id": "FreeBSD-2021-0231", "modified": "2021-09-21T00:00:00Z", "published": "2021-09-21T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://chromereleases.googleblog.com/2021/09/stable-channel-update-for-desktop_21.html" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-37956" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-37957" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-37958" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-37959" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-37960" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-37961" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-37962" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-37963" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-37964" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-37965" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-37966" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-37967" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-37968" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-37969" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-37970" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-37971" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-37972" }, { "type": "WEB", "url": "https://chromereleases.googleblog.com/2021/09/stable-channel-update-for-desktop_21.html" } ], "schema_version": "1.7.0", "summary": "chromium -- multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "libssh" }, "ranges": [ { "events": [ { "introduced": "0.9.1" }, { "last_affected": "0.9.5" }, { "fixed": "0.9.5" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://www.libssh.org/security/advisories/CVE-2021-3634.txt" ], "discovery": "2021-08-26T00:00:00Z", "references": { "cvename": [ "CVE-2021-3634" ] }, "vid": "57b1ee25-1a7c-11ec-9376-0800272221cc" }, "details": "libssh security advisories:\n\n> The SSH protocol keeps track of two shared secrets during the lifetime\n> of the session. One of them is called \\`secret_hash\\` and and the\n> other \\`session_id\\`. Initially, both of them are the same, but after\n> key re-exchange, previous \\`session_id\\` is kept and used as an input\n> to new \\`secret_hash\\`.\n>\n> Historically, both of these buffers had shared length variable, which\n> worked as long as these buffers were same. But the key re-exchange\n> operation can also change the key exchange method, which can be based\n> on hash of different size, eventually creating \\`secret_hash\\` of\n> different size than the \\`session_id\\` has.\n>\n> This becomes an issue when the \\`session_id\\` memory is zeroized or\n> when it is used again during second key re-exchange.\n", "id": "FreeBSD-2021-0230", "modified": "2021-09-21T00:00:00Z", "published": "2021-09-21T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://www.libssh.org/security/advisories/CVE-2021-3634.txt" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-3634" }, { "type": "WEB", "url": "https://www.libssh.org/security/advisories/CVE-2021-3634.txt" }, { "type": "WEB", "url": "https://www.libssh.org/2021/08/26/libssh-0-9-6-security-release/" } ], "schema_version": "1.7.0", "summary": "libssh -- possible heap-buffer overflow vulnerability" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "apache24" }, "ranges": [ { "events": [ { "fixed": "2.4.49" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "http://httpd.apache.org/security/vulnerabilities_24.html" ], "discovery": "2021-09-16T00:00:00Z", "references": { "cvename": [ "CVE-2021-33193", "CVE-2021-34798", "CVE-2021-36160", "CVE-2021-39275", "CVE-2021-40438" ] }, "vid": "882a38f9-17dd-11ec-b335-d4c9ef517024" }, "details": "The Apache project reports:\n\n> - moderate: Request splitting via HTTP/2 method injection and\n> mod_proxy (CVE-2021-33193)\n> - moderate: NULL pointer dereference in httpd core (CVE-2021-34798)\n> - moderate: mod_proxy_uwsgi out of bound read (CVE-2021-36160)\n> - low: ap_escape_quotes buffer overflow (CVE-2021-39275)\n> - high: mod_proxy SSRF (CVE-2021-40438)\n", "id": "FreeBSD-2021-0229", "modified": "2021-09-28T00:00:00Z", "published": "2021-09-17T00:00:00Z", "references": [ { "type": "REPORT", "url": "http://httpd.apache.org/security/vulnerabilities_24.html" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-33193" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-34798" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-36160" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-39275" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-40438" }, { "type": "WEB", "url": "http://httpd.apache.org/security/vulnerabilities_24.html" } ], "schema_version": "1.7.0", "summary": "Apache httpd -- multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "curl" }, "ranges": [ { "events": [ { "introduced": "7.20.0" }, { "fixed": "7.79.0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://curl.se/docs/security.html" ], "discovery": "2021-09-15T00:00:00Z", "references": { "cvename": [ "CVE-2021-22945", "CVE-2021-22946", "CVE-2021-22947" ] }, "vid": "c9221ec9-17a2-11ec-b335-d4c9ef517024" }, "details": "The cURL project reports:\n\n> - UAF and double-free in MQTT sending (CVE-2021-22945)\n> - Protocol downgrade required TLS bypassed (CVE-2021-22946)\n> - STARTTLS protocol injection via MITM (CVE-2021-22945)\n", "id": "FreeBSD-2021-0228", "modified": "2021-09-28T00:00:00Z", "published": "2021-09-17T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://curl.se/docs/security.html" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-22945" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-22946" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-22947" }, { "type": "WEB", "url": "https://curl.se/docs/security.html" } ], "schema_version": "1.7.0", "summary": "cURL -- Multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "libpano13" }, "ranges": [ { "events": [ { "fixed": "2.9.20" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://sourceforge.net/projects/panotools/files/libpano13/libpano13-2.9.20/README.txt" ], "discovery": "2021-05-04T00:00:00Z", "references": { "cvename": [ "CVE-2021-20307" ] }, "vid": "15e74795-0fd7-11ec-9f2e-dca632b19f10" }, "details": "libpano13 developers reports:\n\n> Fix crash and security issue caused by malformed filename prefix\n", "id": "FreeBSD-2021-0227", "modified": "2021-09-07T00:00:00Z", "published": "2021-09-07T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://sourceforge.net/projects/panotools/files/libpano13/libpano13-2.9.20/README.txt" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-20307" }, { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-20307" } ], "schema_version": "1.7.0", "summary": "libpano13 -- arbitrary memory access through format string vulnerability" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "seatd" }, "ranges": [ { "events": [ { "introduced": "0.6.0" }, { "fixed": "0.6.2" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://lists.sr.ht/~kennylevinsen/seatd-announce/%3CGJ2IZQ.HCKS1J0LSI803%40kl.wtf%3E" ], "discovery": "2021-09-15T00:00:00Z", "references": { "cvename": [ "CVE-2021-41387" ] }, "vid": "49c35943-0eeb-421c-af4f-78e04582e5fb" }, "details": "Kenny Levinsen reports:\n\n> seatd-launch used execlp, which reads the PATH environment variable to\n> search for the requested executable, to execute seatd. This meant that\n> the caller could freely control what executable was loaded by adding a\n> user-writable directory to PATH.\n>\n> If seatd-launch had the SUID bit set, this could be used by a\n> malicious user with the ability to execute seatd-launch to mount a\n> privilege escalation attack to the owner of seatd-launch, which is\n> likely root.\n", "id": "FreeBSD-2021-0226", "modified": "2021-09-18T00:00:00Z", "published": "2021-09-16T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://lists.sr.ht/~kennylevinsen/seatd-announce/%3CGJ2IZQ.HCKS1J0LSI803%40kl.wtf%3E" }, { "type": "WEB", "url": "https://lists.sr.ht/~kennylevinsen/seatd-announce/%3CGJ2IZQ.HCKS1J0LSI803%40kl.wtf%3E" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-41387" } ], "schema_version": "1.7.0", "summary": "seatd-launch -- privilege escalation with SUID" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "chromium" }, "ranges": [ { "events": [ { "fixed": "93.0.4577.82" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://chromereleases.googleblog.com/2021/09/stable-channel-update-for-desktop.html" ], "discovery": "2021-09-13T00:00:00Z", "references": { "cvename": [ "CVE-2021-30625", "CVE-2021-30626", "CVE-2021-30627", "CVE-2021-30628", "CVE-2021-30629", "CVE-2021-30630", "CVE-2021-30631", "CVE-2021-30632", "CVE-2021-30633" ] }, "vid": "47b571f2-157b-11ec-ae98-704d7b472482" }, "details": "Chrome Releases reports:\n\n> This release includes 11 security fixes, including:\n>\n> - \\[1237533\\] High CVE-2021-30625: Use after free in Selection API.\n> Reported by Marcin Towalski of Cisco Talos on 2021-08-06\n> - \\[1241036\\] High CVE-2021-30626: Out of bounds memory access in\n> ANGLE. Reported by Jeonghoon Shin of Theori on 2021-08-18\n> - \\[1245786\\] High CVE-2021-30627: Type Confusion in Blink layout.\n> Reported by Aki Helin of OUSPG on 2021-09-01\n> - \\[1241123\\] High CVE-2021-30628: Stack buffer overflow in ANGLE.\n> Reported by Jaehun Jeong(@n3sk) of Theori on 2021-08-18\n> - \\[1243646\\] High CVE-2021-30629: Use after free in Permissions.\n> Reported by Weipeng Jiang (@Krace) from Codesafe Team of Legendsec\n> at Qi\\'anxin Group on 2021-08-26\n> - \\[1244568\\] High CVE-2021-30630: Inappropriate implementation in\n> Blink. Reported by SorryMybad (@S0rryMybad) of Kunlun Lab on\n> 2021-08-30\n> - \\[1246932\\] High CVE-2021-30631: Type Confusion in Blink layout.\n> Reported by Atte Kettunen of OUSPG on 2021-09-06\n> - \\[1247763\\] High CVE-2021-30632: Out of bounds write in V8. Reported\n> by Anonymous on 2021-09-08\n> - \\[1247766\\] High CVE-2021-30633: Use after free in Indexed DB API.\n> Reported by Anonymous on 2021-09-08\n>\n> Google is aware that exploits for CVE-2021-30632 and CVE-2021-30633\n> exist in the wild.\n", "id": "FreeBSD-2021-0225", "modified": "2021-09-14T00:00:00Z", "published": "2021-09-14T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://chromereleases.googleblog.com/2021/09/stable-channel-update-for-desktop.html" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-30625" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-30626" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-30627" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-30628" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-30629" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-30630" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-30631" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-30632" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-30633" }, { "type": "WEB", "url": "https://chromereleases.googleblog.com/2021/09/stable-channel-update-for-desktop.html" } ], "schema_version": "1.7.0", "summary": "chromium -- multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "cinny" }, "ranges": [ { "events": [ { "fixed": "1.2.1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "element-web" }, "ranges": [ { "events": [ { "fixed": "1.8.3" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "nheko" }, "ranges": [ { "events": [ { "last_affected": "0.8.2_2" }, { "fixed": "0.8.2_2" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://matrix.org/blog/2021/09/13/vulnerability-disclosure-key-sharing" ], "discovery": "2021-08-23T00:00:00Z", "references": { "cvename": [ "CVE-2021-40823", "CVE-2021-40824" ] }, "vid": "93eb0e48-14ba-11ec-875e-901b0e9408dc" }, "details": "Matrix developers report:\n\n> Today we are disclosing a critical security issue affecting multiple\n> Matrix clients and libraries including Element (Web/Desktop/Android),\n> FluffyChat, Nheko, Cinny, and SchildiChat.\n>\n> Specifically, in certain circumstances it may be possible to trick\n> vulnerable clients into disclosing encryption keys for messages\n> previously sent by that client to user accounts later compromised by\n> an attacker.\n>\n> Exploiting this vulnerability to read encrypted messages requires\n> gaining control over the recipient's account. This requires either\n> compromising their credentials directly or compromising their\n> homeserver.\n", "id": "FreeBSD-2021-0224", "modified": "2021-09-13T00:00:00Z", "published": "2021-09-13T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://matrix.org/blog/2021/09/13/vulnerability-disclosure-key-sharing" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-40823" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-40824" }, { "type": "WEB", "url": "https://matrix.org/blog/2021/09/13/vulnerability-disclosure-key-sharing" } ], "schema_version": "1.7.0", "summary": "Matrix clients -- several vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "consul" }, "ranges": [ { "events": [ { "fixed": "1.10.2" }, { "introduced": "0" } ], "type": "ECOSYSTEM" }, { "events": [ { "fixed": "1.9.9" }, { "introduced": "0" } ], "type": "ECOSYSTEM" }, { "events": [ { "fixed": "1.8.15" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://github.com/hashicorp/consul/releases/tag/v1.9.9" ], "discovery": "2021-08-27T00:00:00Z", "references": { "cvename": [ "CVE-2021-37219" ] }, "vid": "376df2f1-1295-11ec-859e-000c292ee6b8" }, "details": "Hashicorp reports:\n\n> HashiCorp Consul Raft RPC layer allows non-server agents with a valid\n> certificate signed by the same CA to access server-only functionality,\n> enabling privilege escalation.\n", "id": "FreeBSD-2021-0223", "modified": "2021-09-11T00:00:00Z", "published": "2021-09-11T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://github.com/hashicorp/consul/releases/tag/v1.9.9" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-37219" }, { "type": "WEB", "url": "https://github.com/hashicorp/consul/releases/tag/v1.9.9" } ], "schema_version": "1.7.0", "summary": "consul -- rpc: authorize raft requests" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "go" }, "ranges": [ { "events": [ { "fixed": "1.17.1,1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://github.com/golang/go/issues/47801" ], "discovery": "2021-08-18T00:00:00Z", "references": { "cvename": [ "CVE-2021-39293" ] }, "vid": "4ea1082a-1259-11ec-b4fa-dd5a552bdd17" }, "details": "The Go project reports:\n\n> An oversight in the previous fix still allows for an OOM panic when\n> the indicated directory size in the archive header is so large that\n> subtracting it from the archive size overflows a uint64, effectively\n> bypassing the check that the number of files in the archive is\n> reasonable.\n", "id": "FreeBSD-2021-0222", "modified": "2021-09-10T00:00:00Z", "published": "2021-09-10T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://github.com/golang/go/issues/47801" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-39293" }, { "type": "WEB", "url": "https://github.com/golang/go/issues/47801" } ], "schema_version": "1.7.0", "summary": "go -- archive/zip: overflow in preallocation check can cause OOM panic" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "python38" }, "ranges": [ { "events": [ { "fixed": "3.8.12" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://docs.python.org/3.8/whatsnew/changelog.html#changelog" ], "discovery": "2021-08-30T00:00:00Z", "vid": "145ce848-1165-11ec-ac7e-08002789875b" }, "details": "Python reports:\n\n> bpo-42278: Replaced usage of tempfile.mktemp() with TemporaryDirectory\n> to avoid a potential race condition.\n>\n> bpo-44394: Update the vendored copy of libexpat to 2.4.1 (from 2.2.8)\n> to get the fix for the CVE-2013-0340 \\\"Billion Laughs\\\" vulnerability.\n> This copy is most used on Windows and macOS.\n>\n> bpo-43124: Made the internal putcmd function in smtplib sanitize input\n> for presence of \\\\r and \\\\n characters to avoid (unlikely) command\n> injection.\n>\n> bpo-36384: ipaddress module no longer accepts any leading zeros in\n> IPv4 address strings. Leading zeros are ambiguous and interpreted as\n> octal notation by some libraries. For example the legacy function\n> socket.inet_aton() treats leading zeros as octal notation. glibc\n> implementation of modern inet_pton() does not accept any leading\n> zeros. For a while the ipaddress module used to accept ambiguous\n> leading zeros.\n", "id": "FreeBSD-2021-0221", "modified": "2021-09-09T00:00:00Z", "published": "2021-09-09T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://docs.python.org/3.8/whatsnew/changelog.html#changelog" }, { "type": "WEB", "url": "https://docs.python.org/3.8/whatsnew/changelog.html#changelog" } ], "schema_version": "1.7.0", "summary": "Python -- multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "mpd5" }, "ranges": [ { "events": [ { "introduced": "5.0" }, { "fixed": "5.9_2" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "discovery": "2021-09-04T00:00:00Z", "vid": "f55921aa-10c9-11ec-8647-00e0670f2660" }, "details": "Version 5.9_2 contains security fix for PPPoE servers. Insufficient\nvalidation of incoming PPPoE Discovery request specially crafted by\nunauthenticated user might lead to unexpected termination of the\nprocess. The problem affects mpd versions since 5.0. Installations not\nusing PPPoE server configuration were not affected.\n", "id": "FreeBSD-2021-0220", "modified": "2021-09-09T00:00:00Z", "published": "2021-09-09T00:00:00Z", "references": [ { "type": "WEB", "url": "http://mpd.sourceforge.net/doc5/mpd4.html#4" } ], "schema_version": "1.7.0", "summary": "MPD5 PPPoE Server remotely exploitable crash" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "python36" }, "ranges": [ { "events": [ { "fixed": "3.6.15" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "python37" }, "ranges": [ { "events": [ { "fixed": "3.7.12" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://docs.python.org/3.6/whatsnew/changelog.html#changelog" ], "discovery": "2021-08-30T00:00:00Z", "vid": "0e561173-0fa9-11ec-a2fa-080027948c12" }, "details": "Python reports:\n\n> bpo-44394: Update the vendored copy of libexpat to 2.4.1 (from 2.2.8)\n> to get the fix for the CVE-2013-0340 \\\"Billion Laughs\\\" vulnerability.\n> This copy is most used on Windows and macOS.\n>\n> bpo-43124: Made the internal putcmd function in smtplib sanitize input\n> for presence of \\\\r and \\\\n characters to avoid (unlikely) command\n> injection.\n", "id": "FreeBSD-2021-0219", "modified": "2021-09-07T00:00:00Z", "published": "2021-09-07T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://docs.python.org/3.6/whatsnew/changelog.html#changelog" }, { "type": "WEB", "url": "https://docs.python.org/3.6/whatsnew/changelog.html#changelog" }, { "type": "WEB", "url": "https://docs.python.org/3.7/whatsnew/changelog.html#changelog" } ], "schema_version": "1.7.0", "summary": "Python -- multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "weechat" }, "ranges": [ { "events": [ { "fixed": "3.2.1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://weechat.org/doc/security/" ], "discovery": "2021-09-04T00:00:00Z", "vid": "65f05b71-0e3c-11ec-b335-d4c9ef517024" }, "details": "The WeeChat project reports:\n\n> Crash when decoding a malformed websocket frame in relay plugin.\n", "id": "FreeBSD-2021-0218", "modified": "2021-09-05T00:00:00Z", "published": "2021-09-05T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://weechat.org/doc/security/" }, { "type": "WEB", "url": "https://weechat.org/doc/security/" }, { "type": "WEB", "url": "https://github.com/weechat/weechat/commit/8b1331f98de1714bae15a9ca2e2b393ba49d735b" } ], "schema_version": "1.7.0", "summary": "WeeChat -- Crash when decoding a malformed websocket frame in relay plugin." }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "py36-matrix-synapse" }, "ranges": [ { "events": [ { "fixed": "1.41.1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "py37-matrix-synapse" }, "ranges": [ { "events": [ { "fixed": "1.41.1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "py38-matrix-synapse" }, "ranges": [ { "events": [ { "fixed": "1.41.1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "py39-matrix-synapse" }, "ranges": [ { "events": [ { "fixed": "1.41.1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "py310-matrix-synapse" }, "ranges": [ { "events": [ { "fixed": "1.41.1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://matrix.org/blog/2021/08/31/synapse-1-41-1-released" ], "discovery": "2021-08-31T00:00:00Z", "references": { "cvename": [ "CVE-2021-39164", "CVE-2021-39163" ], "freebsdpr": [ "ports/258187" ] }, "vid": "a67e358c-0bf6-11ec-875e-901b0e9408dc" }, "details": "Matrix developers report:\n\n> This release patches two moderate severity issues which could reveal\n> metadata about private rooms:\n>\n> - CVE-2021-39164: Enumerating a private room\\'s list of members and\n> their display names.\n> - CVE-2021-39163: Disclosing a private room\\'s name, avatar, topic,\n> and number of members.\n", "id": "FreeBSD-2021-0217", "modified": "2021-09-02T00:00:00Z", "published": "2021-09-02T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://matrix.org/blog/2021/08/31/synapse-1-41-1-released" }, { "type": "REPORT", "url": "https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=258187" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-39164" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-39163" }, { "type": "WEB", "url": "https://matrix.org/blog/2021/08/31/synapse-1-41-1-released" } ], "schema_version": "1.7.0", "summary": "py-matrix-synapse -- several vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "python39" }, "ranges": [ { "events": [ { "fixed": "3.9.7" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://docs.python.org/release/3.9.7/whatsnew/changelog.html" ], "discovery": "2021-08-30T00:00:00Z", "vid": "032643d7-0ba7-11ec-a689-080027e50e6d" }, "details": "Python reports:\n\n> bpo-42278: Replaced usage of tempfile.mktemp() with TemporaryDirectory\n> to avoid a potential race condition.\n>\n> bpo-41180: Add auditing events to the marshal module, and stop raising\n> code.\\_\\_init\\_\\_ events for every unmarshalled code object. Directly\n> instantiated code objects will continue to raise an event, and audit\n> event handlers should inspect or collect the raw marshal data. This\n> reduces a significant performance overhead when loading from .pyc\n> files.\n>\n> bpo-44394: Update the vendored copy of libexpat to 2.4.1 (from 2.2.8)\n> to get the fix for the CVE-2013-0340 \\\"Billion Laughs\\\" vulnerability.\n> This copy is most used on Windows and macOS.\n>\n> bpo-43124: Made the internal putcmd function in smtplib sanitize input\n> for presence of \\\\r and \\\\n characters to avoid (unlikely) command\n> injection.\n", "id": "FreeBSD-2021-0216", "modified": "2021-09-02T00:00:00Z", "published": "2021-09-02T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://docs.python.org/release/3.9.7/whatsnew/changelog.html" }, { "type": "WEB", "url": "https://docs.python.org/release/3.9.7/whatsnew/changelog.html" } ], "schema_version": "1.7.0", "summary": "Python -- multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "chromium" }, "ranges": [ { "events": [ { "fixed": "93.0.4577.63" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://chromereleases.googleblog.com/2021/08/stable-channel-update-for-desktop_31.html" ], "discovery": "2021-08-31T00:00:00Z", "references": { "cvename": [ "CVE-2021-30606", "CVE-2021-30607", "CVE-2021-30608", "CVE-2021-30609", "CVE-2021-30610", "CVE-2021-30611", "CVE-2021-30612", "CVE-2021-30613", "CVE-2021-30614", "CVE-2021-30615", "CVE-2021-30616", "CVE-2021-30617", "CVE-2021-30618", "CVE-2021-30619", "CVE-2021-30620", "CVE-2021-30621", "CVE-2021-30622", "CVE-2021-30623", "CVE-2021-30624" ] }, "vid": "a7732806-0b2a-11ec-836b-3065ec8fd3ec" }, "details": "Chrome Releases reports:\n\n> This release contains 27 security fixes, including:\n>\n> - \\[1233975\\] High CVE-2021-30606: Use after free in Blink. Reported\n> by Nan Wang (@eternalsakura13) and koocola (@alo_cook) of 360 Alpha\n> Lab on 2021-07-28\n> - \\[1235949\\] High CVE-2021-30607: Use after free in Permissions.\n> Reported by Weipeng Jiang (@Krace) from Codesafe Team of Legendsec\n> at Qi\\'anxin Group on 2021-08-03\n> - \\[1219870\\] High CVE-2021-30608: Use after free in Web Share.\n> Reported by Huyna at Viettel Cyber Security on 2021-06-15\n> - \\[1239595\\] High CVE-2021-30609: Use after free in Sign-In. Reported\n> by raven (@raid_akame) on 2021-08-13\n> - \\[1200440\\] High CVE-2021-30610: Use after free in Extensions API.\n> Reported by Igor Bukanov from Vivaldi on 2021-04-19\n> - \\[1233942\\] Medium CVE-2021-30611: Use after free in WebRTC.\n> Reported by Nan Wang (@eternalsakura13) and koocola (@alo_cook) of\n> 360 Alpha Lab on 2021-07-28\n> - \\[1234284\\] Medium CVE-2021-30612: Use after free in WebRTC.\n> Reported by Nan Wang (@eternalsakura13) and koocola (@alo_cook) of\n> 360 Alpha Lab on 2021-07-29\n> - \\[1209622\\] Medium CVE-2021-30613: Use after free in Base internals.\n> Reported by Yangkang (@dnpushme) of 360 ATA on 2021-05-16\n> - \\[1207315\\] Medium CVE-2021-30614: Heap buffer overflow in TabStrip.\n> Reported by Huinian Yang (@vmth6) of Amber Security Lab, OPPO Mobile\n> Telecommunications Corp. Ltd. on 2021-05-10\n> - \\[1208614\\] Medium CVE-2021-30615: Cross-origin data leak in\n> Navigation. Reported by NDevTK on 2021-05-12\n> - \\[1231432\\] Medium CVE-2021-30616: Use after free in Media. Reported\n> by Anonymous on 2021-07-21\n> - \\[1226909\\] Medium CVE-2021-30617: Policy bypass in Blink. Reported\n> by NDevTK on 2021-07-07\n> - \\[1232279\\] Medium CVE-2021-30618: Inappropriate implementation in\n> DevTools. Reported by \\@DanAmodio and \\@mattaustin from Contrast\n> Security on 2021-07-23\n> - \\[1235222\\] Medium CVE-2021-30619: UI Spoofing in Autofill. Reported\n> by Alesandro Ortiz on 2021-08-02\n> - \\[1063518\\] Medium CVE-2021-30620: Insufficient policy enforcement\n> in Blink. Reported by Jun Kokatsu, Microsoft Browser Vulnerability\n> Research on 2020-03-20\n> - \\[1204722\\] Medium CVE-2021-30621: UI Spoofing in Autofill. Reported\n> by Abdulrahman Alqabandi, Microsoft Browser Vulnerability Research\n> on 2021-04-30\n> - \\[1224419\\] Medium CVE-2021-30622: Use after free in WebApp\n> Installs. Reported by Jun Kokatsu, Microsoft Browser Vulnerability\n> Research on 2021-06-28\n> - \\[1223667\\] Low CVE-2021-30623: Use after free in Bookmarks.\n> Reported by Leecraso and Guang Gong of 360 Alpha Lab on 2021-06-25\n> - \\[1230513\\] Low CVE-2021-30624: Use after free in Autofill. Reported\n> by Wei Yuan of MoyunSec VLab on 2021-07-19\n", "id": "FreeBSD-2021-0215", "modified": "2021-09-01T00:00:00Z", "published": "2021-09-01T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://chromereleases.googleblog.com/2021/08/stable-channel-update-for-desktop_31.html" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-30606" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-30607" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-30608" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-30609" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-30610" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-30611" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-30612" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-30613" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-30614" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-30615" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-30616" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-30617" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-30618" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-30619" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-30620" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-30621" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-30622" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-30623" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-30624" }, { "type": "WEB", "url": "https://chromereleases.googleblog.com/2021/08/stable-channel-update-for-desktop_31.html" } ], "schema_version": "1.7.0", "summary": "chromium -- multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "cyrus-imapd34" }, "ranges": [ { "events": [ { "fixed": "3.4.2" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "cyrus-imapd32" }, "ranges": [ { "events": [ { "fixed": "3.2.8" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "cyrus-imapd30" }, "ranges": [ { "events": [ { "fixed": "3.0.16" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "cyrus-imapd25" }, "ranges": [ { "events": [ { "introduced": "0,1" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "cyrus-imapd24" }, "ranges": [ { "events": [ { "introduced": "0,1" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "cyrus-imapd23" }, "ranges": [ { "events": [ { "introduced": "0,1" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://www.cyrusimap.org/imap/download/release-notes/3.4/x/3.4.2.html" ], "discovery": "2021-05-26T00:00:00Z", "references": { "cvename": [ "CVE-2021-33582" ] }, "vid": "3d915d96-0b1f-11ec-8d9f-080027415d17" }, "details": "Cyrus IMAP 3.4.2 Release Notes states:\n\n> Fixed CVE-2021-33582: Certain user inputs are used as hash table keys\n> during processing. A poorly chosen string hashing algorithm meant that\n> the user could control which bucket their data was stored in, allowing\n> a malicious user to direct many inputs to a single bucket. Each\n> subsequent insertion to the same bucket requires a strcmp of every\n> other entry in it. At tens of thousands of entries, each new insertion\n> could keep the CPU busy in a strcmp loop for minutes. The string\n> hashing algorithm has been replaced with a better one, and now also\n> uses a random seed per hash table, so malicious inputs cannot be\n> precomputed.\n", "id": "FreeBSD-2021-0214", "modified": "2021-09-01T00:00:00Z", "published": "2021-09-01T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://www.cyrusimap.org/imap/download/release-notes/3.4/x/3.4.2.html" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-33582" }, { "type": "ADVISORY", "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-33582" } ], "schema_version": "1.7.0", "summary": "cyrus-imapd -- multiple-minute daemon hang via input that is mishandled during hash-table interaction" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "gitlab-ce" }, "ranges": [ { "events": [ { "introduced": "14.2.0" }, { "fixed": "14.2.2" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "14.1.0" }, { "fixed": "14.1.4" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "0" }, { "fixed": "14.0.9" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://about.gitlab.com/releases/2021/08/31/security-release-gitlab-14-2-2-released/" ], "discovery": "2021-08-31T00:00:00Z", "references": { "cvename": [ "CVE-2021-22257", "CVE-2021-22258", "CVE-2021-22238" ] }, "vid": "6c22bb39-0a9a-11ec-a265-001b217b3468" }, "details": "Gitlab reports:\n\n> Stored XSS in DataDog Integration\n>\n> Invited group members continue to have project access even after\n> invited group is deleted\n>\n> Specially crafted requests to apollo_upload_server middleware leads to\n> denial of service\n>\n> Privilege escalation of an external user through project token\n>\n> Missing access control allows non-admin users to add/remove Jira\n> Connect Namespaces\n>\n> User enumeration on private instances\n>\n> Member e-mails can be revealed via project import/export feature\n>\n> Stored XSS in Jira integration\n>\n> Stored XSS in markdown via the Design reference\n", "id": "FreeBSD-2021-0213", "modified": "2021-08-31T00:00:00Z", "published": "2021-08-31T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://about.gitlab.com/releases/2021/08/31/security-release-gitlab-14-2-2-released/" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-22257" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-22258" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-22238" }, { "type": "WEB", "url": "https://about.gitlab.com/releases/2021/08/31/security-release-gitlab-14-2-2-released/" } ], "schema_version": "1.7.0", "summary": "Gitlab -- Vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "fetchmail" }, "ranges": [ { "events": [ { "fixed": "6.4.22.r1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://www.fetchmail.info/fetchmail-SA-2021-02.txt" ], "discovery": "2021-08-10T00:00:00Z", "references": { "cvename": [ "CVE-2021-39272" ] }, "vid": "1d6410e8-06c1-11ec-a35d-03ca114d16d6" }, "details": "Problem:\n\n> In certain circumstances, fetchmail 6.4.21 and older would not encrypt\n> the session using STARTTLS/STLS, and might not have cleared session\n> state across the TLS negotiation.\n", "id": "FreeBSD-2021-0212", "modified": "2021-08-26T00:00:00Z", "published": "2021-08-26T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://www.fetchmail.info/fetchmail-SA-2021-02.txt" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-39272" }, { "type": "WEB", "url": "https://www.fetchmail.info/fetchmail-SA-2021-02.txt" } ], "schema_version": "1.7.0", "summary": "fetchmail -- STARTTLS bypass vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "FreeBSD" }, "ranges": [ { "events": [ { "introduced": "13.0" }, { "fixed": "13.0_4" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "12.2" }, { "fixed": "12.2_10" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "11.4" }, { "fixed": "11.4_13" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "discovery": "2021-08-24T00:00:00Z", "references": { "cvename": [ "CVE-2021-36159" ], "freebsdsa": [ "SA-21:15.libfetch" ] }, "vid": "d22b336d-0567-11ec-b69d-4062311215d5" }, "details": "# Problem Description:\n\nThe passive mode in FTP communication allows an out of boundary read\nwhile libfetch uses strtol to parse the relevant numbers into address\nbytes. It does not check if the line ends prematurely. If it does, the\nfor-loop condition checks for \\*p == \\'\\\\0\\' one byte too late because\np++ was already performed.\n\n# Impact:\n\nThe connection buffer size can be controlled by a malicious FTP server\nbecause the size is increased until a newline is encountered (or no more\ncharacters are read). This also allows to move the buffer into more\ninteresting areas within the address space, potentially parsing relevant\nnumbers for the attacker. Since these bytes become available to the\nserver in form of a new TCP connection to a constructed port number or\neven part of the IPv6 address this is a potential information leak.\n", "id": "FreeBSD-2021-0211", "modified": "2021-08-25T00:00:00Z", "published": "2021-08-25T00:00:00Z", "references": [ { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-36159" }, { "type": "ADVISORY", "url": "https://www.freebsd.org/security/advisories/FreeBSD-SA-21:15.libfetch.asc" } ], "schema_version": "1.7.0", "summary": "FreeBSD -- libfetch out of bounds read" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "FreeBSD" }, "ranges": [ { "events": [ { "introduced": "13.0" }, { "fixed": "13.0_4" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "12.2" }, { "fixed": "12.2_10" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "11.4" }, { "fixed": "11.4_13" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "discovery": "2021-08-24T00:00:00Z", "references": { "cvename": [ "CVE-2021-29630" ], "freebsdsa": [ "SA-21:14.ggatec" ] }, "vid": "3e9d2fde-0567-11ec-b69d-4062311215d5" }, "details": "# Problem Description:\n\nThe ggatec(8) daemon does not validate the size of a response before\nwriting it to a fixed-sized buffer. This allows to overwrite the stack\nof ggatec(8).\n\n# Impact:\n\nA malicious ggated(8) or an attacker in a priviledged network position\ncan overwrite the stack with crafted content and potentially execute\narbitrary code.\n", "id": "FreeBSD-2021-0210", "modified": "2021-08-25T00:00:00Z", "published": "2021-08-25T00:00:00Z", "references": [ { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-29630" }, { "type": "ADVISORY", "url": "https://www.freebsd.org/security/advisories/FreeBSD-SA-21:14.ggatec.asc" } ], "schema_version": "1.7.0", "summary": "FreeBSD -- Remote code execution in ggatec(8)" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "FreeBSD" }, "ranges": [ { "events": [ { "introduced": "13.0" }, { "fixed": "13.0_4" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "12.2" }, { "fixed": "12.2_10" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "11.4" }, { "fixed": "11.4_13" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "discovery": "2021-08-24T00:00:00Z", "references": { "cvename": [ "CVE-2021-29631" ], "freebsdsa": [ "SA-21:13.bhyve" ] }, "vid": "a6d5d4c1-0564-11ec-b69d-4062311215d5" }, "details": "# Problem Description:\n\nCertain VirtIO-based device models failed to handle errors when fetching\nI/O descriptors. Such errors could be triggered by a malicious guest. As\na result, the device model code could be tricked into operating on\nuninitialized I/O vectors, leading to memory corruption.\n\n# Impact:\n\nA malicious guest may be able to crash the bhyve process. It may be\npossible to exploit the memory corruption bugs to achieve arbitrary code\nexecution in the bhyve process.\n", "id": "FreeBSD-2021-0209", "modified": "2021-08-25T00:00:00Z", "published": "2021-08-25T00:00:00Z", "references": [ { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-29631" }, { "type": "ADVISORY", "url": "https://www.freebsd.org/security/advisories/FreeBSD-SA-21:13.bhyve.asc" } ], "schema_version": "1.7.0", "summary": "FreeBSD -- Missing error handling in bhyve(8) device models" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "openssl" }, "ranges": [ { "events": [ { "fixed": "1.1.1l,1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "openssl-devel" }, "ranges": [ { "events": [ { "fixed": "3.0.0.b3" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "FreeBSD" }, "ranges": [ { "events": [ { "introduced": "13.0" }, { "fixed": "13.0_4" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "12.2" }, { "fixed": "12.2_10" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://www.openssl.org/news/secadv/20210824.txt" ], "discovery": "2021-08-24T00:00:00Z", "references": { "cvename": [ "CVE-2021-3711", "CVE-2021-3712" ], "freebsdsa": [ "SA-21:16.openssl" ] }, "vid": "96811d4a-04ec-11ec-9b84-d4c9ef517024" }, "details": "The OpenSSL project reports:\n\n> SM2 Decryption Buffer Overflow (CVE-2021-3711: High)\n>\n> Read buffer overruns processing ASN.1 strings (CVE-2021-3712:\n> Moderate)\n", "id": "FreeBSD-2021-0208", "modified": "2021-08-25T00:00:00Z", "published": "2021-08-24T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://www.openssl.org/news/secadv/20210824.txt" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-3711" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-3712" }, { "type": "WEB", "url": "https://www.openssl.org/news/secadv/20210824.txt" }, { "type": "ADVISORY", "url": "https://www.freebsd.org/security/advisories/FreeBSD-SA-21:16.openssl.asc" } ], "schema_version": "1.7.0", "summary": "OpenSSL -- multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "gitea" }, "ranges": [ { "events": [ { "fixed": "1.15.0" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://blog.gitea.io/2021/08/gitea-1.15.0-is-released/" ], "discovery": "2021-04-29T00:00:00Z", "references": { "freebsdpr": [ "ports/257994" ] }, "vid": "d3180f02-031e-11ec-875f-0800273f11ea" }, "details": "The Gitea Team reports for release 1.15.0:\n\n> - Encrypt LDAP bind password in db with SECRET_KEY (#15547)\n> - Remove random password in Dockerfiles (#15362)\n> - Upgrade to the latest version of golang-jwt and increase minimum go\n> to 1.15 (#16590) (#16606)\n> - Correctly create of git-daemon-export-ok files (#16508) (#16514)\n> - Don\\'t show private user\\'s repo in explore view (#16550) (#16554)\n> - Update node tar dependency to 6.1.6 (#16622) (#16623)\n", "id": "FreeBSD-2021-0207", "modified": "2021-08-22T00:00:00Z", "published": "2021-08-22T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://blog.gitea.io/2021/08/gitea-1.15.0-is-released/" }, { "type": "WEB", "url": "https://github.com/go-gitea/gitea/releases/tag/v1.15.0" }, { "type": "REPORT", "url": "https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=257994" } ], "schema_version": "1.7.0", "summary": "gitea -- multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "gitea" }, "ranges": [ { "events": [ { "fixed": "1.14.6" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://blog.gitea.io/2021/08/gitea-1.14.6-is-released/" ], "discovery": "2021-07-24T00:00:00Z", "references": { "freebsdpr": [ "ports/257973" ] }, "vid": "733afd81-01cf-11ec-aec9-0800273f11ea" }, "details": "The Gitea Team reports for release 1.14.6:\n\n> - Bump github.com/markbates/goth from v1.67.1 to v1.68.0 (#16538)\n> (#16540)\n> - Switch to maintained JWT lib (#16532) (#16535)\n> - Upgrade to latest version of golang-jwt (as forked for 1.14)\n> (#16590) (#16607)\n", "id": "FreeBSD-2021-0206", "modified": "2021-08-20T00:00:00Z", "published": "2021-08-20T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://blog.gitea.io/2021/08/gitea-1.14.6-is-released/" }, { "type": "WEB", "url": "https://github.com/go-gitea/gitea/releases/tag/v1.14.6" }, { "type": "REPORT", "url": "https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=257973" } ], "schema_version": "1.7.0", "summary": "gitea -- multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "bouncycastle15" }, "ranges": [ { "events": [ { "introduced": "1.65" }, { "fixed": "1.67" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28052" ], "discovery": "2020-11-02T00:00:00Z", "references": { "cvename": [ "CVE-2020-28052" ] }, "vid": "70e71a24-0151-11ec-bf0c-080027eedc6a" }, "details": "The Bouncy Castle team reports:\n\n> The OpenBSDBCrypt.checkPassword utility method compared incorrect data\n> when checking the password, allowing incorrect passwords to indicate\n> they were matching with previously hashed ones that were different.\n", "id": "FreeBSD-2021-0205", "modified": "2021-08-20T00:00:00Z", "published": "2021-08-20T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28052" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-28052" }, { "type": "ADVISORY", "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28052" } ], "schema_version": "1.7.0", "summary": "bouncycastle15 -- bcrypt password checking vulnerability" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "bouncycastle15" }, "ranges": [ { "events": [ { "fixed": "1.66" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "bouncycastle" }, "ranges": [ { "events": [ { "fixed": "1.66" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15522" ], "discovery": "2020-07-04T00:00:00Z", "references": { "cvename": [ "CVE-2020-15522" ] }, "vid": "89d5bca6-0150-11ec-bf0c-080027eedc6a" }, "details": "The Bouncy Castle team reports::\n\n> Bouncy Castle BC Java before 1.66 has a timing issue within the EC\n> math library that can expose information about the private key when an\n> attacker is able to observe timing information for the generation of\n> multiple deterministic ECDSA signatures.\n", "id": "FreeBSD-2021-0204", "modified": "2021-08-20T00:00:00Z", "published": "2021-08-20T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15522" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-15522" }, { "type": "ADVISORY", "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15522" } ], "schema_version": "1.7.0", "summary": "The Bouncy Castle Crypto APIs -- EC math vulnerability" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "binutils" }, "ranges": [ { "events": [ { "fixed": "2.33.1_5" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3487" ], "discovery": "2020-11-25T00:00:00Z", "references": { "cvename": [ "CVE-2021-3487" ] }, "vid": "f4c54b81-bcc8-11eb-a7a6-080027f515ea" }, "details": "Hao Wang reports:\n\n> There\\'s a flaw in the BFD library of binutils in versions before\n> 2.36. An attacker who supplies a crafted file to an application linked\n> with BFD, and using the DWARF functionality, could cause an impact to\n> system availability by way of excessive memory consumption.\n", "id": "FreeBSD-2021-0203", "modified": "2021-08-13T00:00:00Z", "published": "2021-08-13T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3487" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-3487" }, { "type": "WEB", "url": "https://sourceware.org/bugzilla/show_bug.cgi?id=26946" } ], "schema_version": "1.7.0", "summary": "binutils -- excessive debug section size can cause excessive memory consumption in bfd's dwarf2.c read_section()" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "chromium" }, "ranges": [ { "events": [ { "fixed": "92.0.4515.159" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://chromereleases.googleblog.com/2021/08/stable-channel-update-for-desktop.html" ], "discovery": "2021-08-16T00:00:00Z", "references": { "cvename": [ "CVE-2021-30598", "CVE-2021-30599", "CVE-2021-30600", "CVE-2021-30601", "CVE-2021-30602", "CVE-2021-30603", "CVE-2021-30604" ] }, "vid": "128deba6-ff56-11eb-8514-3065ec8fd3ec" }, "details": "Chrome Releases reports:\n\n> This release contains 9 security fixes, including:\n>\n> - \\[1234764\\] High CVE-2021-30598: Type Confusion in V8. Reported by\n> Manfred Paul on 2021-07-30\n> - \\[1234770\\] High CVE-2021-30599: Type Confusion in V8. Reported by\n> Manfred Paul on 2021-07-30\n> - \\[1231134\\] High CVE-2021-30600: Use after free in Printing.\n> Reported by Leecraso and Guang Gong of 360 Alpha Lab on 2021-07-20\n> - \\[1234009\\] High CVE-2021-30601: Use after free in Extensions API.\n> Reported by koocola(@alo_cook) and Nan Wang(@eternalsakura13) of 360\n> Alpha Lab on 2021-07-28\n> - \\[1230767\\] High CVE-2021-30602: Use after free in WebRTC. Reported\n> by Marcin Towalski of Cisco Talos on 2021-07-19\n> - \\[1233564\\] High CVE-2021-30603: Race in WebAudio. Reported by\n> Sergei Glazunov of Google Project Zero on 2021-07-27\n> - \\[1234829\\] High CVE-2021-30604: Use after free in ANGLE. Reported\n> by Seong-Hwan Park (SeHwa) of SecunologyLab on 2021-07-30\n", "id": "FreeBSD-2021-0202", "modified": "2021-08-17T00:00:00Z", "published": "2021-08-17T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://chromereleases.googleblog.com/2021/08/stable-channel-update-for-desktop.html" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-30598" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-30599" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-30600" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-30601" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-30602" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-30603" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-30604" }, { "type": "WEB", "url": "https://chromereleases.googleblog.com/2021/08/stable-channel-update-for-desktop.html" } ], "schema_version": "1.7.0", "summary": "chromium -- multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "ja-lynx" }, "ranges": [ { "events": [ { "fixed": "2.8.10" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "ja-lynx-current" }, "ranges": [ { "events": [ { "fixed": "2.9.0d9" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "lynx" }, "ranges": [ { "events": [ { "fixed": "2.8.10" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "lynx-current" }, "ranges": [ { "events": [ { "fixed": "2.9.0d9" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://lists.nongnu.org/archive/html/lynx-dev/2021-08/msg00002.html" ], "discovery": "2021-08-07T00:00:00Z", "vid": "e9200f8e-fd34-11eb-afb1-c85b76ce9b5a" }, "details": "Axel Beckert reports:\n\n> \\[\\...\\] I was able to capture the password given on the commandline\n> in traffic of an TLS handshake using tcpdump and analysing it with\n> Wireshark: \\[\\...\\]\n", "id": "FreeBSD-2021-0201", "modified": "2021-08-15T00:00:00Z", "published": "2021-08-14T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://lists.nongnu.org/archive/html/lynx-dev/2021-08/msg00002.html" }, { "type": "WEB", "url": "https://lists.nongnu.org/archive/html/lynx-dev/2021-08/msg00002.html" } ], "schema_version": "1.7.0", "summary": "lynx -- SSL certificate validation error" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "postgresql13-server" }, "ranges": [ { "events": [ { "fixed": "13.4" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "postgresql12-server" }, "ranges": [ { "events": [ { "fixed": "12.8" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "postgresql11-server" }, "ranges": [ { "events": [ { "fixed": "11.13" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://www.postgresql.org/support/security/CVE-2021-3677/" ], "discovery": "2021-08-12T00:00:00Z", "references": { "cvename": [ "CVE-2021-3677" ] }, "vid": "b471130b-fb86-11eb-87db-6cc21735f730" }, "details": "The PostgreSQL Project reports:\n\n> A purpose-crafted query can read arbitrary bytes of server memory. In\n> the default configuration, any authenticated database user can\n> complete this attack at will. The attack does not require the ability\n> to create objects. If server settings include max_worker_processes=0,\n> the known versions of this attack are infeasible. However,\n> undiscovered variants of the attack may be independent of that\n> setting.\n", "id": "FreeBSD-2021-0200", "modified": "2021-08-12T00:00:00Z", "published": "2021-08-12T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://www.postgresql.org/support/security/CVE-2021-3677/" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-3677" }, { "type": "WEB", "url": "https://www.postgresql.org/support/security/CVE-2021-3677/" } ], "schema_version": "1.7.0", "summary": "PostgreSQL server -- Memory disclosure in certain queries" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "xtrlock" }, "ranges": [ { "events": [ { "fixed": "2.12" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://lists.debian.org/debian-lts-announce/2019/10/msg00019.html" ], "discovery": "2016-07-10T00:00:00Z", "references": { "cvename": [ "CVE-2016-10894" ] }, "vid": "e80073d7-f8ba-11eb-b141-589cfc007716" }, "details": "Debian reports:\n\n> xtrlock did not block multitouch events so an attacker could still\n> input and thus control various programs such as Chromium, etc. via\n> so-called \\\"multitouch\\\" events including pan scrolling, \\\"pinch and\n> zoom\\\" or even being able to provide regular mouse clicks by\n> depressing the touchpad once and then clicking with a secondary\n> finger.\n", "id": "FreeBSD-2021-0199", "modified": "2021-08-09T00:00:00Z", "published": "2021-08-09T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://lists.debian.org/debian-lts-announce/2019/10/msg00019.html" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2016-10894" }, { "type": "WEB", "url": "https://lists.debian.org/debian-lts-announce/2019/10/msg00019.html" } ], "schema_version": "1.7.0", "summary": "xtrlock -- xtrlock does not block multitouch events" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "cde" }, "ranges": [ { "events": [ { "fixed": "2.4.0" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://seclists.org/bugtraq/2020/Jan/22" ], "discovery": "2020-01-15T00:00:00Z", "references": { "cvename": [ "CVE-2020-2696" ] }, "vid": "848bdd06-f93a-11eb-9f7d-206a8a720317" }, "details": "Marco Ivaldi (marco.ivaldi () mediaservice net) reports:\n\n> A buffer overflow in the CheckMonitor() function in the Common Desktop\n> Environment 2.3.1 and earlier and 1.6 and earlier, as distributed with\n> Oracle Solaris 10 1/13 (Update 11) and earlier, allows local users to\n> gain root privileges via a long palette name passed to dtsession in a\n> malicious .Xdefaults file.\n", "id": "FreeBSD-2021-0198", "modified": "2021-08-09T00:00:00Z", "published": "2021-08-09T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://seclists.org/bugtraq/2020/Jan/22" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-2696" }, { "type": "ADVISORY", "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-2696" } ], "schema_version": "1.7.0", "summary": "x11/cde -- Local privilege escalation via CDE dtsession" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "go" }, "ranges": [ { "events": [ { "fixed": "1.16.7,1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://github.com/golang/go/issues/46866" ], "discovery": "2021-06-21T00:00:00Z", "references": { "cvename": [ "CVE-2021-36221" ] }, "vid": "880552c4-f63f-11eb-9d56-7186043316e9" }, "details": "The Go project reports:\n\n> A net/http/httputil ReverseProxy can panic due to a race condition if\n> its Handler aborts with ErrAbortHandler, for example due to an error\n> in copying the response body. An attacker might be able to force the\n> conditions leading to the race condition.\n", "id": "FreeBSD-2021-0197", "modified": "2021-08-05T00:00:00Z", "published": "2021-08-05T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://github.com/golang/go/issues/46866" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-36221" }, { "type": "WEB", "url": "https://github.com/golang/go/issues/46866" } ], "schema_version": "1.7.0", "summary": "go -- net/http: panic due to racy read of persistConn after handler panic" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "gitlab-ce" }, "ranges": [ { "events": [ { "introduced": "14.1.0" }, { "fixed": "14.1.2" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "14.0.0" }, { "fixed": "14.0.7" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "0" }, { "fixed": "13.12.9" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://about.gitlab.com/releases/2021/08/03/security-release-gitlab-14-1-2-released/" ], "discovery": "2021-08-03T00:00:00Z", "references": { "cvename": [ "CVE-2021-22237", "CVE-2021-22236", "CVE-2021-22239" ] }, "vid": "1d651770-f4f5-11eb-ba49-001b217b3468" }, "details": "Gitlab reports:\n\n> Stored XSS in Mermaid when viewing Markdown files\n>\n> Stored XSS in default branch name\n>\n> Perform Git actions with an impersonation token even if impersonation\n> is disabled\n>\n> Tag and branch name confusion allows Developer to access protected CI\n> variables\n>\n> New subscriptions generate OAuth tokens on an incorrect OAuth client\n> application\n>\n> Ability to list and delete impersonation tokens for your own user\n>\n> Pipelines page is partially visible for users that have no right to\n> see CI/CD\n>\n> Improper email validation on an invite URL\n>\n> Unauthorised user was able to add meta data upon issue creation\n>\n> Unauthorized user can trigger deployment to a protected environment\n>\n> Guest in private project can see CI/CD Analytics\n>\n> Guest users can create issues for Sentry errors and track their status\n>\n> Private user email disclosure via group invitation\n>\n> Projects are allowed to add members with email address domain that\n> should be blocked by group settings\n>\n> Misleading username could lead to impersonation in using SSH\n> Certificates\n>\n> Unauthorized user is able to access and view project vulnerability\n> reports\n>\n> Denial of service in repository caused by malformed commit author\n", "id": "FreeBSD-2021-0196", "modified": "2021-08-04T00:00:00Z", "published": "2021-08-04T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://about.gitlab.com/releases/2021/08/03/security-release-gitlab-14-1-2-released/" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-22237" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-22236" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-22239" }, { "type": "WEB", "url": "https://about.gitlab.com/releases/2021/08/03/security-release-gitlab-14-1-2-released/" } ], "schema_version": "1.7.0", "summary": "Gitlab -- Gitlab" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "prosody" }, "ranges": [ { "events": [ { "fixed": "0.11.10" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://prosody.im/security/advisory_20210722/" ], "discovery": "2021-07-22T00:00:00Z", "references": { "cvename": [ "CVE-2021-37601" ] }, "vid": "5ef14250-f47c-11eb-8f13-5b4de959822e" }, "details": "A Prosody XMPP server advisory reports:\n\n> It was discovered that Prosody allows any entity to access the list of\n> admins, members, owners and banned entities of any federated XMPP\n> group chat of which they know the address.\n", "id": "FreeBSD-2021-0195", "modified": "2021-08-03T00:00:00Z", "published": "2021-08-03T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://prosody.im/security/advisory_20210722/" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-37601" }, { "type": "WEB", "url": "https://prosody.im/security/advisory_20210722/" } ], "schema_version": "1.7.0", "summary": "Prosody -- Remote Information Disclosure" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "chromium" }, "ranges": [ { "events": [ { "fixed": "92.0.4515.131" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://chromereleases.googleblog.com/search/label/Stable%20updates" ], "discovery": "2021-08-02T00:00:00Z", "references": { "cvename": [ "CVE-2021-30590", "CVE-2021-30591", "CVE-2021-30592", "CVE-2021-30593", "CVE-2021-30594", "CVE-2021-30596", "CVE-2021-30597" ] }, "vid": "c3c6c4a3-f47d-11eb-b632-3065ec8fd3ec" }, "details": "Chrome Releases reports:\n\n> This release contains 10 security fixes, including:\n>\n> - \\[1227777\\] High CVE-2021-30590: Heap buffer overflow in Bookmarks.\n> Reported by Leecraso and Guang Gong of 360 Alpha Lab on 2021-07-09\n> - \\[1229298\\] High CVE-2021-30591: Use after free in File System API.\n> Reported by SorryMybad (@S0rryMybad) of Kunlun Lab on 2021-07-14\n> - \\[1209469\\] High CVE-2021-30592: Out of bounds write in Tab Groups.\n> Reported by David Erceg on 2021-05-15\n> - \\[1209616\\] High CVE-2021-30593: Out of bounds read in Tab Strip.\n> Reported by David Erceg on 2021-05-16\n> - \\[1218468\\] High CVE-2021-30594: Use after free in Page Info UI.\n> Reported by raven (@raid_akame) on 2021-06-10\n> - \\[1214481\\] Medium CVE-2021-30596: Incorrect security UI in\n> Navigation. Reported by Mohit Raj (shadow2639) on 2021-05-29\n> - \\[1232617\\] Medium CVE-2021-30597: Use after free in Browser UI.\n> Reported by raven (@raid_akame) on 2021-07-24\n", "id": "FreeBSD-2021-0194", "modified": "2021-08-03T00:00:00Z", "published": "2021-08-03T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://chromereleases.googleblog.com/search/label/Stable%20updates" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-30590" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-30591" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-30592" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-30593" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-30594" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-30596" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-30597" }, { "type": "WEB", "url": "https://chromereleases.googleblog.com/search/label/Stable%20updates" } ], "schema_version": "1.7.0", "summary": "chromium -- multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "rabbitmq" }, "ranges": [ { "events": [ { "fixed": "3.8.16" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://tanzu.vmware.com/security/cve-2021-22116" ], "discovery": "2021-05-10T00:00:00Z", "references": { "cvename": [ "CVE-2016-9877" ] }, "vid": "b1aa54ae-74cb-42a0-b462-cbb6831c5c50" }, "details": "Pivotal.io reports:\n\n> All versions prior to 3.8.16 are prone to a denial of service\n> vulnerability due to improper input validation in AMQP 1.0 client\n> connection endpoint.\n", "id": "FreeBSD-2021-0193", "modified": "2021-05-10T00:00:00Z", "published": "2021-05-10T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://tanzu.vmware.com/security/cve-2021-22116" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2016-9877" }, { "type": "WEB", "url": "https://tanzu.vmware.com/security/cve-2021-22116" }, { "type": "WEB", "url": "https://github.com/rabbitmq/rabbitmq-server/releases/tag/v3.8.19" } ], "schema_version": "1.7.0", "summary": "RabbitMQ -- Denial of Service in AMQP1.0 plugin" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "tomcat85" }, "ranges": [ { "events": [ { "introduced": "8.5.0" }, { "last_affected": "8.5.66" }, { "fixed": "8.5.66" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "tomcat9" }, "ranges": [ { "events": [ { "introduced": "9.0.0" }, { "last_affected": "9.0.46" }, { "fixed": "9.0.46" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "tomcat10" }, "ranges": [ { "events": [ { "introduced": "10.0.0" }, { "last_affected": "10.0.6" }, { "fixed": "10.0.6" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://tomcat.apache.org/security.html" ], "discovery": "2021-05-07T00:00:00Z", "references": { "cvename": [ "CVE-2021-33037" ] }, "vid": "d34bef0b-f312-11eb-b12b-fc4dd43e2b6a" }, "details": "Bahruz Jabiyev, Steven Sprecher and Kaan Onarlioglu of NEU seclab\nreports:\n\n> Apache Tomcat did not correctly parse the HTTP transfer-encoding\n> request header in some circumstances leading to the possibility to\n> request smuggling when used with a reverse proxy. Specifically: Tomcat\n> incorrectly ignored the transfer-encoding header if the client\n> declared it would only accept an HTTP/1.0 response; Tomcat honoured\n> the identify encoding; and Tomcat did not ensure that, if present, the\n> chunked encoding was the final encoding.\n", "id": "FreeBSD-2021-0192", "modified": "2021-08-01T00:00:00Z", "published": "2021-08-01T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://tomcat.apache.org/security.html" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-33037" }, { "type": "WEB", "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-33037" } ], "schema_version": "1.7.0", "summary": "tomcat -- HTTP request smuggling in multiple versions" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "tomcat7" }, "ranges": [ { "events": [ { "introduced": "7.0.0" }, { "last_affected": "7.0.108" }, { "fixed": "7.0.108" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "tomcat85" }, "ranges": [ { "events": [ { "introduced": "8.5.0" }, { "last_affected": "8.5.65" }, { "fixed": "8.5.65" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "tomcat9" }, "ranges": [ { "events": [ { "introduced": "9.0.0" }, { "last_affected": "9.0.45" }, { "fixed": "9.0.45" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "tomcat10" }, "ranges": [ { "events": [ { "introduced": "10.0.0" }, { "last_affected": "10.0.5" }, { "fixed": "10.0.5" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://tomcat.apache.org/security.html" ], "discovery": "2021-04-08T00:00:00Z", "references": { "cvename": [ "CVE-2021-30640" ] }, "vid": "8b571fb2-f311-11eb-b12b-fc4dd43e2b6a" }, "details": "ilja.farber reports:\n\n> Queries made by the JNDI Realm did not always correctly escape\n> parameters. Parameter values could be sourced from user provided data\n> (eg user names) as well as configuration data provided by an\n> administrator. In limited circumstances it was possible for users to\n> authenticate using variations of their user name and/or to bypass some\n> of the protection provided by the LockOut Realm.\n", "id": "FreeBSD-2021-0191", "modified": "2021-08-01T00:00:00Z", "published": "2021-08-01T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://tomcat.apache.org/security.html" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-30640" }, { "type": "WEB", "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30640" } ], "schema_version": "1.7.0", "summary": "tomcat -- JNDI Realm Authentication Weakness in multiple versions" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "tomcat85" }, "ranges": [ { "events": [ { "introduced": "8.5.64" }, { "last_affected": "8.5.64" }, { "fixed": "8.5.64" } ], "type": "ECOSYSTEM" } ], "versions": [ "8.5.64" ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "tomcat9" }, "ranges": [ { "events": [ { "introduced": "9.0.44" }, { "last_affected": "9.0.44" }, { "fixed": "9.0.44" } ], "type": "ECOSYSTEM" } ], "versions": [ "9.0.44" ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "tomcat10" }, "ranges": [ { "events": [ { "introduced": "10.0.3" }, { "last_affected": "10.0.4" }, { "fixed": "10.0.4" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://tomcat.apache.org/security.html" ], "discovery": "2021-03-24T00:00:00Z", "references": { "cvename": [ "CVE-2021-30639" ] }, "vid": "cc7c85d9-f30a-11eb-b12b-fc4dd43e2b6a" }, "details": "rbeaudry reports:\n\n> A vulnerability in Apache Tomcat allows an attacker to remotely\n> trigger a denial of service. An error introduced as part of a change\n> to improve error handling during non-blocking I/O meant that the error\n> flag associated with the Request object was not reset between\n> requests. This meant that once a non-blocking I/O error occurred, all\n> future requests handled by that request object would fail. Users were\n> able to trigger non-blocking I/O errors, e.g. by dropping a\n> connection, thereby creating the possibility of triggering a DoS.\n>\n> Applications that do not use non-blocking I/O are not exposed to this\n> vulnerability. This issue affects Apache Tomcat 10.0.3 to 10.0.4;\n> 9.0.44; 8.5.64.\n", "id": "FreeBSD-2021-0190", "modified": "2021-08-01T00:00:00Z", "published": "2021-08-01T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://tomcat.apache.org/security.html" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-30639" }, { "type": "WEB", "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30639" } ], "schema_version": "1.7.0", "summary": "tomcat -- Remote Denial of Service in multiple versions" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "fetchmail" }, "ranges": [ { "events": [ { "fixed": "6.3.9" }, { "introduced": "0" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "6.3.17" }, { "fixed": "6.4.20" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://sourceforge.net/p/fetchmail/mailman/message/37327392/" ], "discovery": "2021-07-07T00:00:00Z", "references": { "cvename": [ "CVE-2021-36386", "CVE-2008-2711" ] }, "vid": "cbfd1874-efea-11eb-8fe9-036bd763ff35" }, "details": "Matthias Andree reports:\n\n> When a log message exceeds c. 2 kByte in size, for instance, with very\n> long header contents, and depending on verbosity option, fetchmail can\n> crash or misreport each first log message that requires a buffer\n> reallocation.\n", "id": "FreeBSD-2021-0189", "modified": "2021-08-03T00:00:00Z", "published": "2021-07-28T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://sourceforge.net/p/fetchmail/mailman/message/37327392/" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-36386" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2008-2711" }, { "type": "WEB", "url": "https://sourceforge.net/p/fetchmail/mailman/message/37327392/" } ], "schema_version": "1.7.0", "summary": "fetchmail -- 6.4.19 and older denial of service or information disclosure" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "redis" }, "ranges": [ { "events": [ { "fixed": "6.0.15" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "redis-devel" }, "ranges": [ { "events": [ { "fixed": "6.2.5" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "redis5" }, "ranges": [ { "events": [ { "fixed": "5.0.13" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://github.com/redis/redis/security/advisories/GHSA-8wxq-j7rp-g8wj" ], "discovery": "2021-07-04T00:00:00Z", "references": { "cvename": [ "CVE-2021-32761" ] }, "vid": "c561ce49-eabc-11eb-9c3f-0800270512f4" }, "details": "Huang Zhw reports:\n\n> On 32-bit versions, Redis BITFIELD command is vulnerable to integer\n> overflow that can potentially be exploited to corrupt the heap, leak\n> arbitrary heap contents or trigger remote code execution. The\n> vulnerability involves constructing specially crafted bit commands\n> which overflow the bit offset.\n>\n> This problem only affects 32-bit versions of Redis.\n", "id": "FreeBSD-2021-0188", "modified": "2021-07-27T00:00:00Z", "published": "2021-07-27T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://github.com/redis/redis/security/advisories/GHSA-8wxq-j7rp-g8wj" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-32761" }, { "type": "WEB", "url": "https://github.com/redis/redis/security/advisories/GHSA-8wxq-j7rp-g8wj" } ], "schema_version": "1.7.0", "summary": "redis -- Integer overflow issues with BITFIELD command on 32-bit systems" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "powerdns" }, "ranges": [ { "events": [ { "introduced": "4.5.0" }, { "last_affected": "4.5.0" }, { "fixed": "4.5.0" } ], "type": "ECOSYSTEM" } ], "versions": [ "4.5.0" ] } ], "database_specific": { "cite": [ "https://www.powerdns.com/news.html#20210726" ], "discovery": "2021-07-26T00:00:00Z", "references": { "cvename": [ "CVE-2021-36754" ] }, "vid": "ce79167f-ee1c-11eb-9785-b42e99a1b9c3" }, "details": "powerdns reports:\n\n> PowerDNS Security Advisory 2021-01: Specific query crashes\n> Authoritative Server\n", "id": "FreeBSD-2021-0187", "modified": "2021-07-27T00:00:00Z", "published": "2021-07-27T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://www.powerdns.com/news.html#20210726" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-36754" }, { "type": "WEB", "url": "https://blog.powerdns.com/2021/07/26/security-advisory-2021-01-for-powerdns-authoritative-server-4-5-0/" } ], "schema_version": "1.7.0", "summary": "powerdns -- remotely triggered crash" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "mosquitto" }, "ranges": [ { "events": [ { "introduced": "2.0.0" }, { "fixed": "2.0.10" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://github.com/eclipse/mosquitto/blob/d5ecd9f5aa98d42e7549eea09a71a23eef241f31/ChangeLog.txt" ], "discovery": "2021-04-10T00:00:00Z", "vid": "cc553d79-e1f0-4b94-89f2-bacad42ee826" }, "details": "Roger Light reports:\n\n> If an authenticated client connected with MQTT v5 sent a malformed\n> CONNACK message to the broker a NULL pointer dereference occurred,\n> most likely resulting in a segfault.\n>\n> (Note: a CVE is referenced in the github commit but it appears to be\n> for a python-bleach vulnerability so it is not included here.)\n", "id": "FreeBSD-2021-0186", "modified": "2021-07-24T00:00:00Z", "published": "2021-07-24T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://github.com/eclipse/mosquitto/blob/d5ecd9f5aa98d42e7549eea09a71a23eef241f31/ChangeLog.txt" }, { "type": "WEB", "url": "https://github.com/eclipse/mosquitto/blob/d5ecd9f5aa98d42e7549eea09a71a23eef241f31/ChangeLog.txt" } ], "schema_version": "1.7.0", "summary": "mosquitto -- NULL pointer dereference" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "pjsip" }, "ranges": [ { "events": [ { "fixed": "2.11.1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://github.com/pjsip/pjproject/security/advisories" ], "discovery": "2021-07-23T00:00:00Z", "references": { "cvename": [ "CVE-2021-32686" ] }, "vid": "92ad12b8-ec09-11eb-aef1-0897988a1c07" }, "details": "pjsip reports:\n\n> There are a couple of issues found in the SSL socket:\n>\n> - A race condition between callback and destroy, due to the accepted\n> socket having no group lock.\n> - SSL socket parent/listener may get destroyed during handshake.\n", "id": "FreeBSD-2021-0185", "modified": "2021-07-23T00:00:00Z", "published": "2021-07-23T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://github.com/pjsip/pjproject/security/advisories" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-32686" }, { "type": "WEB", "url": "https://github.com/pjsip/pjproject/security/advisories/GHSA-cv8x-p47p-99wr" } ], "schema_version": "1.7.0", "summary": "pjsip -- Race condition in SSL socket server" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "asterisk13" }, "ranges": [ { "events": [ { "fixed": "13.38.3" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "asterisk16" }, "ranges": [ { "events": [ { "fixed": "16.19.1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "asterisk18" }, "ranges": [ { "events": [ { "fixed": "18.5.1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://www.asterisk.org/downloads/security-advisories" ], "discovery": "2021-05-05T00:00:00Z", "references": { "cvename": [ "CVE-2021-32686" ] }, "vid": "53fbffe6-ebf7-11eb-aef1-0897988a1c07" }, "details": "The Asterisk project reports:\n\n> Depending on the timing, it\\'s possible for Asterisk to crash when\n> using a TLS connection if the underlying socket parent/listener gets\n> destroyed during the handshake.\n", "id": "FreeBSD-2021-0184", "modified": "2021-07-23T00:00:00Z", "published": "2021-07-23T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://www.asterisk.org/downloads/security-advisories" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-32686" }, { "type": "WEB", "url": "https://downloads.asterisk.org/pub/security/AST-2021-009.html" } ], "schema_version": "1.7.0", "summary": "asterisk -- pjproject/pjsip: crash when SSL socket destroyed during handshake" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "asterisk13" }, "ranges": [ { "events": [ { "fixed": "13.38.3" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "asterisk16" }, "ranges": [ { "events": [ { "fixed": "16.19.1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "asterisk18" }, "ranges": [ { "events": [ { "fixed": "18.5.1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://www.asterisk.org/downloads/security-advisories" ], "discovery": "2021-04-13T00:00:00Z", "references": { "cvename": [ "CVE-2021-32558" ] }, "vid": "fb3455be-ebf6-11eb-aef1-0897988a1c07" }, "details": "The Asterisk project reports:\n\n> If the IAX2 channel driver receives a packet that contains an\n> unsupported media format it can cause a crash to occur in Asterisk.\n", "id": "FreeBSD-2021-0183", "modified": "2021-07-23T00:00:00Z", "published": "2021-07-23T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://www.asterisk.org/downloads/security-advisories" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-32558" }, { "type": "WEB", "url": "https://downloads.asterisk.org/pub/security/AST-2021-008.html" } ], "schema_version": "1.7.0", "summary": "asterisk -- Remote crash when using IAX2 channel driver" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "asterisk16" }, "ranges": [ { "events": [ { "introduced": "16.17.0" }, { "fixed": "16.19.1" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "asterisk18" }, "ranges": [ { "events": [ { "introduced": "18.3.0" }, { "fixed": "18.5.1" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://www.asterisk.org/downloads/security-advisories" ], "discovery": "2021-04-06T00:00:00Z", "references": { "cvename": [ "CVE-2021-31878" ] }, "vid": "ffa364e1-ebf5-11eb-aef1-0897988a1c07" }, "details": "The Asterisk project reports:\n\n> When Asterisk receives a re-INVITE without SDP after having sent a BYE\n> request a crash will occur. This occurs due to the Asterisk channel no\n> longer being present while code assumes it is.\n", "id": "FreeBSD-2021-0182", "modified": "2021-07-23T00:00:00Z", "published": "2021-07-23T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://www.asterisk.org/downloads/security-advisories" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-31878" }, { "type": "WEB", "url": "https://downloads.asterisk.org/pub/security/AST-2021-007.html" } ], "schema_version": "1.7.0", "summary": "asterisk -- Remote Crash Vulnerability in PJSIP channel driver" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "chromium" }, "ranges": [ { "events": [ { "fixed": "92.0.4515.107" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://chromereleases.googleblog.com/2021/07/stable-channel-update-for-desktop_20.html" ], "discovery": "2021-07-20T00:00:00Z", "references": { "cvename": [ "CVE-2021-30565", "CVE-2021-30566", "CVE-2021-30567", "CVE-2021-30568", "CVE-2021-30569", "CVE-2021-30571", "CVE-2021-30572", "CVE-2021-30573", "CVE-2021-30574", "CVE-2021-30575", "CVE-2021-30576", "CVE-2021-30577", "CVE-2021-30578", "CVE-2021-30579", "CVE-2021-30580", "CVE-2021-30581", "CVE-2021-30582", "CVE-2021-30583", "CVE-2021-30584", "CVE-2021-30585", "CVE-2021-30586", "CVE-2021-30587", "CVE-2021-30588", "CVE-2021-30589" ] }, "vid": "76487640-ea29-11eb-a686-3065ec8fd3ec" }, "details": "Chrome Releases reports:\n\n> This release contains 35 security fixes, including:\n>\n> - \\]\\[1210985\\] High CVE-2021-30565: Out of bounds write in Tab\n> Groups. Reported by David Erceg on 2021-05-19\n> - \\[1202661\\] High CVE-2021-30566: Stack buffer overflow in Printing.\n> Reported by Leecraso and Guang Gong of 360 Alpha Lab on 2021-04-26\n> - \\[1211326\\] High CVE-2021-30567: Use after free in DevTools.\n> Reported by DDV_UA on 2021-05-20\n> - \\[1219886\\] High CVE-2021-30568: Heap buffer overflow in WebGL.\n> Reported by Yangkang (@dnpushme) of 360 ATA on 2021-06-15\n> - \\[1218707\\] High CVE-2021-30569: Use after free in sqlite. Reported\n> by Chris Salls (@salls) of Makai Security on 2021-06-11\n> - \\[1101897\\] High CVE-2021-30571: Insufficient policy enforcement in\n> DevTools. Reported by David Erceg on 2020-07-03\n> - \\[1214234\\] High CVE-2021-30572: Use after free in Autofill.\n> Reported by Weipeng Jiang (@Krace) from Codesafe Team of Legendsec\n> at Qi\\'anxin Group on 2021-05-28\n> - \\[1216822\\] High CVE-2021-30573: Use after free in GPU. Reported by\n> Security For Everyone Team - https://securityforeveryone.com on\n> 2021-06-06\n> - \\[1227315\\] High CVE-2021-30574: Use after free in protocol\n> handling. Reported by Leecraso and Guang Gong of 360 Alpha Lab on\n> 2021-07-08\n> - \\[1213313\\] Medium CVE-2021-30575: Out of bounds read in Autofill.\n> Reported by Leecraso and Guang Gong of 360 Alpha Lab on 2021-05-26\n> - \\[1194896\\] Medium CVE-2021-30576: Use after free in DevTools.\n> Reported by David Erceg on 2021-04-01\n> - \\[1204811\\] Medium CVE-2021-30577: Insufficient policy enforcement\n> in Installer. Reported by Jan van der Put (REQON B.V) on 2021-05-01\n> - \\[1201074\\] Medium CVE-2021-30578: Uninitialized Use in Media.\n> Reported by Chaoyuan Peng on 2021-04-21\n> - \\[1207277\\] Medium CVE-2021-30579: Use after free in UI framework.\n> Reported by Weipeng Jiang (@Krace) from Codesafe Team of Legendsec\n> at Qi\\'anxin Group on 2021-05-10\n> - \\[1189092\\] Medium CVE-2021-30580: Insufficient policy enforcement\n> in Android intents. Reported by \\@retsew0x01 on 2021-03-17\n> - \\[1194431\\] Medium CVE-2021-30581: Use after free in DevTools.\n> Reported by David Erceg on 2021-03-31\n> - \\[1205981\\] Medium CVE-2021-30582: Inappropriate implementation in\n> Animation. Reported by George Liu on 2021-05-05\n> - \\[1179290\\] Medium CVE-2021-30583: Insufficient policy enforcement\n> in image handling on Windows. Reported by Muneaki Nishimura\n> (nishimunea) on 2021-02-17\n> - \\[1213350\\] Medium CVE-2021-30584: Incorrect security UI in\n> Downloads. Reported by \\@retsew0x01 on 2021-05-26\n> - \\[1023503\\] Medium CVE-2021-30585: Use after free in sensor\n> handling. Reported by niarci on 2019-11-11\n> - \\[1201032\\] Medium CVE-2021-30586: Use after free in dialog box\n> handling on Windows. Reported by kkomdal with kkwon and neodal on\n> 2021-04-21\n> - \\[1204347\\] Medium CVE-2021-30587: Inappropriate implementation in\n> Compositing on Windows. Reported by Abdulrahman Alqabandi, Microsoft\n> Browser Vulnerability Research on 2021-04-30\n> - \\[1195650\\] Low CVE-2021-30588: Type Confusion in V8. Reported by\n> Jose Martinez (tr0y4) from VerSprite Inc. on 2021-04-04\n> - \\[1180510\\] Low CVE-2021-30589: Insufficient validation of untrusted\n> input in Sharing. Reported by Kirtikumar Anandrao\n> Ramchandani (@Kirtikumar_A_R) and Patrick Walker (@homesen) on\n> 2021-02-20\n", "id": "FreeBSD-2021-0181", "modified": "2021-07-21T00:00:00Z", "published": "2021-07-21T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://chromereleases.googleblog.com/2021/07/stable-channel-update-for-desktop_20.html" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-30565" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-30566" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-30567" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-30568" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-30569" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-30571" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-30572" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-30573" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-30574" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-30575" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-30576" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-30577" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-30578" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-30579" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-30580" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-30581" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-30582" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-30583" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-30584" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-30585" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-30586" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-30587" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-30588" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-30589" }, { "type": "WEB", "url": "https://chromereleases.googleblog.com/2021/07/stable-channel-update-for-desktop_20.html" } ], "schema_version": "1.7.0", "summary": "chromium -- multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "curl" }, "ranges": [ { "events": [ { "fixed": "7.78.0" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://curl.se/docs/vuln-7.77.0.html" ], "discovery": "2021-07-21T00:00:00Z", "references": { "cvename": [ "CVE-2021-22922", "CVE-2021-22923", "CVE-2021-22924", "CVE-2021-22925", "CVE-2021-22926" ] }, "vid": "aa646c01-ea0d-11eb-9b84-d4c9ef517024" }, "details": "The cURL project reports:\n\n> CURLOPT_SSLCERT mixup with Secure Transport (CVE-2021-22926)\n>\n> TELNET stack contents disclosure again (CVE-2021-22925)\n>\n> Bad connection reuse due to flawed path name checks (CVE-2021-92254)\n>\n> Metalink download sends credentials (CVE-2021-92253)\n>\n> Wrong content via metalink not discarded (CVE-2021-92252)\n", "id": "FreeBSD-2021-0180", "modified": "2021-07-21T00:00:00Z", "published": "2021-07-21T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://curl.se/docs/vuln-7.77.0.html" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-22922" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-22923" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-22924" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-22925" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-22926" }, { "type": "WEB", "url": "https://curl.se/docs/vuln-7.77.0.html" } ], "schema_version": "1.7.0", "summary": "cURL -- Multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "mysql57-server" }, "ranges": [ { "events": [ { "fixed": "5.7.35" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "mysql80-server" }, "ranges": [ { "events": [ { "fixed": "8.0.26" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "mariadb103-server" }, "ranges": [ { "events": [ { "fixed": "10.3.31" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "mariadb104-server" }, "ranges": [ { "events": [ { "fixed": "10.4.21" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "mariadb105-server" }, "ranges": [ { "events": [ { "fixed": "10.5.12" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://www.oracle.com/security-alerts/cpujul2021.html" ], "discovery": "2021-07-20T00:00:00Z", "references": { "cvename": [ "CVE-2019-17543", "CVE-2021-2339", "CVE-2021-2340", "CVE-2021-2342", "CVE-2021-2352", "CVE-2021-2354", "CVE-2021-2356", "CVE-2021-2357", "CVE-2021-2367", "CVE-2021-2370", "CVE-2021-2372", "CVE-2021-2374", "CVE-2021-2383", "CVE-2021-2384", "CVE-2021-2385", "CVE-2021-2387", "CVE-2021-2389", "CVE-2021-2390", "CVE-2021-2399", "CVE-2021-2402", "CVE-2021-2410", "CVE-2021-2411", "CVE-2021-2412", "CVE-2021-2417", "CVE-2021-2418", "CVE-2021-2422", "CVE-2021-2424", "CVE-2021-2425", "CVE-2021-2426", "CVE-2021-2427", "CVE-2021-2429", "CVE-2021-2437", "CVE-2021-2440", "CVE-2021-2441", "CVE-2021-2444", "CVE-2021-3450", "CVE-2021-22884", "CVE-2021-22901" ] }, "vid": "38a4a043-e937-11eb-9b84-d4c9ef517024" }, "details": "Oracle reports:\n\n> This Critical Patch Update contains 41 new security patches for Oracle\n> MySQL. 10 of these vulnerabilities may be remotely exploitable without\n> authentication, i.e., may be exploited over a network without\n> requiring user credentials.\\\n> The highest CVSS v3.1 Base Score of vulnerabilities affecting Oracle\n> MySQL is 8.8.\n>\n> MariaDB is affected by CVE-2021-2372 and CVE-2021-2389 only.\n", "id": "FreeBSD-2021-0179", "modified": "2021-08-04T00:00:00Z", "published": "2021-07-20T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://www.oracle.com/security-alerts/cpujul2021.html" }, { "type": "WEB", "url": "https://www.oracle.com/security-alerts/cpujul2021.html" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-17543" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-2339" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-2340" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-2342" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-2352" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-2354" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-2356" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-2357" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-2367" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-2370" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-2372" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-2374" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-2383" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-2384" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-2385" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-2387" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-2389" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-2390" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-2399" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-2402" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-2410" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-2411" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-2412" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-2417" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-2418" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-2422" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-2424" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-2425" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-2426" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-2427" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-2429" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-2437" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-2440" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-2441" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-2444" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-3450" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-22884" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-22901" } ], "schema_version": "1.7.0", "summary": "MySQL -- Multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "gitea" }, "ranges": [ { "events": [ { "fixed": "1.14.5" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://blog.gitea.io/2021/07/gitea-1.14.5-is-released/" ], "discovery": "2021-05-16T00:00:00Z", "references": { "freebsdpr": [ "ports/257221" ] }, "vid": "943d23b6-e65e-11eb-ad30-0800273f11ea" }, "details": "The Gitea Team reports for release 1.14.5:\n\n> - Hide mirror passwords on repo settings page (#16022) (#16355)\n> - Update bluemonday to v1.0.15 (#16379) (#16380)\n", "id": "FreeBSD-2021-0178", "modified": "2021-07-18T00:00:00Z", "published": "2021-07-18T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://blog.gitea.io/2021/07/gitea-1.14.5-is-released/" }, { "type": "WEB", "url": "https://github.com/go-gitea/gitea/releases/tag/v1.14.5" }, { "type": "REPORT", "url": "https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=257221" } ], "schema_version": "1.7.0", "summary": "gitea -- multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "chromium" }, "ranges": [ { "events": [ { "fixed": "91.0.4472.164" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://chromereleases.googleblog.com/2021/07/stable-channel-update-for-desktop.html" ], "discovery": "2021-07-15T00:00:00Z", "references": { "cvename": [ "CVE-2021-30541", "CVE-2021-30559", "CVE-2021-30560", "CVE-2021-30561", "CVE-2021-30562", "CVE-2021-30563", "CVE-2021-30564" ] }, "vid": "1ba21ff1-e672-11eb-a686-3065ec8fd3ec" }, "details": "Chrome Releases reports:\n\n> This release contains 8 security fixes, including:\n>\n> - \\[1219082\\] High CVE-2021-30559: Out of bounds write in ANGLE.\n> Reported by Seong-Hwan Park (SeHwa) of SecunologyLab on 2021-06-11\n> - \\[1214842\\] High CVE-2021-30541: Use after free in V8. Reported by\n> Richard Wheeldon on 2021-05-31\n> - \\[1219209\\] High CVE-2021-30560: Use after free in Blink XSLT.\n> Reported by Nick Wellnhofer on 2021-06-12\n> - \\[1219630\\] High CVE-2021-30561: Type Confusion in V8. Reported by\n> Sergei Glazunov of Google Project Zero on 2021-06-14\n> - \\[1220078\\] High CVE-2021-30562: Use after free in WebSerial.\n> Reported by Anonymous on 2021-06-15\n> - \\[1228407\\] High CVE-2021-30563: Type Confusion in V8. Reported by\n> Anonymous on 2021-07-12\n> - \\[1221309\\] Medium CVE-2021-30564: Heap buffer overflow in WebXR.\n> Reported by Ali Merchant, iQ3Connect VR Platform on 2021-06-17\n>\n> Google is aware of reports that an exploit for CVE-2021-30563 exists\n> in the wild.\n", "id": "FreeBSD-2021-0177", "modified": "2021-07-16T00:00:00Z", "published": "2021-07-16T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://chromereleases.googleblog.com/2021/07/stable-channel-update-for-desktop.html" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-30541" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-30559" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-30560" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-30561" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-30562" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-30563" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-30564" }, { "type": "WEB", "url": "https://chromereleases.googleblog.com/2021/07/stable-channel-update-for-desktop.html" } ], "schema_version": "1.7.0", "summary": "chromium -- multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "ruby26" }, "ranges": [ { "events": [ { "fixed": "2.6.8,1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "ruby" }, "ranges": [ { "events": [ { "fixed": "2.7.4,1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "ruby30" }, "ranges": [ { "events": [ { "fixed": "3.0.2,1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://www.ruby-lang.org/en/news/2021/07/07/ruby-3-0-2-released/" ], "discovery": "2021-07-07T00:00:00Z", "references": { "cvename": [ "CVE-2021-31799", "CVE-2021-31810", "CVE-2021-32066" ] }, "vid": "7ed5779c-e4c7-11eb-91d7-08002728f74c" }, "details": "Ruby news:\n\n> This release includes security fixes. Please check the topics below\n> for details.\n>\n> CVE-2021-31810: Trusting FTP PASV responses vulnerability in Net::FTP\n>\n> CVE-2021-32066: A StartTLS stripping vulnerability in Net::IMAP\n>\n> CVE-2021-31799: A command injection vulnerability in RDoc\n", "id": "FreeBSD-2021-0176", "modified": "2021-07-14T00:00:00Z", "published": "2021-07-14T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://www.ruby-lang.org/en/news/2021/07/07/ruby-3-0-2-released/" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-31799" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-31810" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-32066" }, { "type": "WEB", "url": "https://www.ruby-lang.org/en/news/2021/07/07/ruby-2-6-8-released/" }, { "type": "WEB", "url": "https://www.ruby-lang.org/en/news/2021/07/07/ruby-2-7-4-released/" }, { "type": "WEB", "url": "https://www.ruby-lang.org/en/news/2021/07/07/ruby-3-0-2-released/" }, { "type": "WEB", "url": "https://www.ruby-lang.org/en/news/2021/05/02/os-command-injection-in-rdoc/" }, { "type": "WEB", "url": "https://www.ruby-lang.org/en/news/2021/07/07/starttls-stripping-in-net-imap/" }, { "type": "WEB", "url": "https://www.ruby-lang.org/en/news/2021/07/07/trusting-pasv-responses-in-net-ftp/" } ], "schema_version": "1.7.0", "summary": "Ruby -- multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "go" }, "ranges": [ { "events": [ { "fixed": "1.16.6,1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://github.com/golang/go/issues/47143" ], "discovery": "2021-07-07T00:00:00Z", "references": { "cvename": [ "CVE-2021-34558" ] }, "vid": "c365536d-e3cf-11eb-9d8d-b37b683944c2" }, "details": "The Go project reports:\n\n> crypto/tls clients can panic when provided a certificate of the wrong\n> type for the negotiated parameters. net/http clients performing HTTPS\n> requests are also affected. The panic can be triggered by an attacker\n> in a privileged network position without access to the server\n> certificate\\'s private key, as long as a trusted ECDSA or Ed25519\n> certificate for the server exists (or can be issued), or the client is\n> configured with Config.InsecureSkipVerify. Clients that disable all\n> TLS_RSA cipher suites (that is, TLS 1.0--1.2 cipher suites without\n> ECDHE), as well as TLS 1.3-only clients, are unaffected.\n", "id": "FreeBSD-2021-0175", "modified": "2021-07-12T00:00:00Z", "published": "2021-07-12T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://github.com/golang/go/issues/47143" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-34558" }, { "type": "WEB", "url": "https://github.com/golang/go/issues/47143" } ], "schema_version": "1.7.0", "summary": "go -- crypto/tls: clients can panic when provided a certificate of the wrong type for the negotiated parameters" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "mantis-php73" }, "ranges": [ { "events": [ { "fixed": "2.25.2,1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "mantis-php74" }, "ranges": [ { "events": [ { "fixed": "2.25.2,1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "mantis-php80" }, "ranges": [ { "events": [ { "fixed": "2.25.2,1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://mantisbt.org/bugs/changelog_page.php?version_id=362" ], "discovery": "2021-04-28T00:00:00Z", "references": { "cvename": [ "CVE-2021-33557", "CVE-2021-3603", "CVE-2020-36326" ] }, "vid": "9b1699ff-d84c-11eb-92d6-1b6ff3dfe4d3" }, "details": "Mantis 2.25.1 and 2.25.2 releases report:\n\n> Security and maintenance release, PHPMailer update to 6.5.0\n>\n> - 0028552: XSS in manage_custom_field_edit_page.php (CVE-2021-33557)\n> - 0028821: Update PHPMailer to 6.5.0 (CVE-2021-3603, CVE-2020-36326)\n", "id": "FreeBSD-2021-0174", "modified": "2021-07-09T00:00:00Z", "published": "2021-07-09T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://mantisbt.org/bugs/changelog_page.php?version_id=362" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-33557" }, { "type": "ADVISORY", "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=2021-33557" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-3603" }, { "type": "ADVISORY", "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=2021-3603" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-36326" }, { "type": "ADVISORY", "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=2020-36326" } ], "schema_version": "1.7.0", "summary": "mantis -- multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "gitlab-ce" }, "ranges": [ { "events": [ { "introduced": "14.0.0" }, { "fixed": "14.0.4" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "13.12.0" }, { "fixed": "13.12.8" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "13.11.0" }, { "fixed": "13.11.7" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://about.gitlab.com/releases/2021/07/07/critical-security-release-gitlab-14-0-4-released/" ], "discovery": "2021-07-07T00:00:00Z", "vid": "01974420-dfaf-11eb-ba49-001b217b3468" }, "details": "Gitlab reports:\n\n> Arbitrary file read via design feature\n", "id": "FreeBSD-2021-0173", "modified": "2021-07-08T00:00:00Z", "published": "2021-07-08T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://about.gitlab.com/releases/2021/07/07/critical-security-release-gitlab-14-0-4-released/" }, { "type": "WEB", "url": "https://about.gitlab.com/releases/2021/07/07/critical-security-release-gitlab-14-0-4-released/" } ], "schema_version": "1.7.0", "summary": "Gitlab -- vulnerability" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "exiv2" }, "ranges": [ { "events": [ { "fixed": "0.27.4,1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://github.com/Exiv2/exiv2/security/advisories" ], "discovery": "2021-04-25T00:00:00Z", "references": { "cvename": [ "CVE-2021-29457", "CVE-2021-29458", "CVE-2021-29463", "CVE-2021-29464", "CVE-2021-29470", "CVE-2021-29473", "CVE-2021-29623", "CVE-2021-32617", "CVE-2021-3482" ] }, "vid": "d49f86ab-d9c7-11eb-a200-00155d01f201" }, "details": "Exiv2 teams reports:\n\n> Multiple vulnerabilities covering buffer overflows, out-of-bounds,\n> read of uninitialized memory and denial of serivce. The heap overflow\n> is triggered when Exiv2 is used to read the metadata of a crafted\n> image file. An attacker could potentially exploit the vulnerability to\n> gain code execution, if they can trick the victim into running Exiv2\n> on a crafted image file. The out-of-bounds read is triggered when\n> Exiv2 is used to write metadata into a crafted image file. An attacker\n> could potentially exploit the vulnerability to cause a denial of\n> service by crashing Exiv2, if they can trick the victim into running\n> Exiv2 on a crafted image file. The read of uninitialized memory is\n> triggered when Exiv2 is used to read the metadata of a crafted image\n> file. An attacker could potentially exploit the vulnerability to leak\n> a few bytes of stack memory, if they can trick the victim into running\n> Exiv2 on a crafted image file.\n", "id": "FreeBSD-2021-0172", "modified": "2021-06-30T00:00:00Z", "published": "2021-06-30T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://github.com/Exiv2/exiv2/security/advisories" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-29457" }, { "type": "WEB", "url": "https://github.com/Exiv2/exiv2/security/advisories/GHSA-v74w-h496-cgqm" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-29458" }, { "type": "WEB", "url": "https://github.com/Exiv2/exiv2/security/advisories/GHSA-57jj-75fm-9rq5" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-29463" }, { "type": "WEB", "url": "https://github.com/Exiv2/exiv2/security/advisories/GHSA-5p8g-9xf3-gfrr" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-29464" }, { "type": "WEB", "url": "https://github.com/Exiv2/exiv2/security/advisories/GHSA-jgm9-5fw5-pw9p" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-29470" }, { "type": "WEB", "url": "https://github.com/Exiv2/exiv2/security/advisories/GHSA-8949-hhfh-j7rj" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-29473" }, { "type": "WEB", "url": "https://github.com/Exiv2/exiv2/security/advisories/GHSA-7569-phvm-vwc2" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-29623" }, { "type": "WEB", "url": "https://github.com/Exiv2/exiv2/security/advisories/GHSA-6253-qjwm-3q4v" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-32617" }, { "type": "WEB", "url": "https://github.com/Exiv2/exiv2/security/advisories/GHSA-w8mv-g8qq-36mj" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-3482" }, { "type": "WEB", "url": "https://github.com/Exiv2/exiv2/security/advisories/GHSA-9jp9-m3fv-2vg9" } ], "schema_version": "1.7.0", "summary": "Exiv2 -- Multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "openexr" }, "ranges": [ { "events": [ { "fixed": "3.0.5" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://github.com/AcademySoftwareFoundation/openexr/releases/tag/v3.0.5" ], "discovery": "2021-06-03T00:00:00Z", "vid": "f2596f27-db4c-11eb-8bc6-c556d71493c9" }, "details": "Cary Phillips reports:\n\n> - 1038 fix/extend part number validation in MultiPart methods\n> - 1037 verify data size in deepscanlines with NO_COMPRESSION\n> - 1036 detect buffer overflows in RleUncompress\n", "id": "FreeBSD-2021-0171", "modified": "2021-07-02T00:00:00Z", "published": "2021-07-02T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://github.com/AcademySoftwareFoundation/openexr/releases/tag/v3.0.5" }, { "type": "WEB", "url": "https://github.com/AcademySoftwareFoundation/openexr/releases/tag/v3.0.5" } ], "schema_version": "1.7.0", "summary": "openexr v3.0.5 -- fixes miscellaneous security issues" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "gitlab-ce" }, "ranges": [ { "events": [ { "introduced": "14.0.0" }, { "fixed": "14.0.2" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "13.12.0" }, { "fixed": "13.12.6" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "8.0.0" }, { "fixed": "13.11.6" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://about.gitlab.com/releases/2021/07/01/security-release-gitlab-14-0-2-released/" ], "discovery": "2021-07-01T00:00:00Z", "vid": "8ba8278d-db06-11eb-ba49-001b217b3468" }, "details": "Gitlab reports:\n\n> DoS using Webhook connections\n>\n> CSRF on GraphQL API allows executing mutations through GET requests\n>\n> Private projects information disclosure\n>\n> Denial of service of user profile page\n>\n> Single sign-on users not getting blocked\n>\n> Some users can push to Protected Branch with Deploy keys\n>\n> A deactivated user can access data through GraphQL\n>\n> Reflected XSS in release edit page\n>\n> Clipboard DOM-based XSS\n>\n> Stored XSS on Audit Log\n>\n> Forks of public projects by project members could leak codebase\n>\n> Improper text rendering\n>\n> HTML Injection in full name field\n", "id": "FreeBSD-2021-0170", "modified": "2021-07-02T00:00:00Z", "published": "2021-07-02T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://about.gitlab.com/releases/2021/07/01/security-release-gitlab-14-0-2-released/" }, { "type": "WEB", "url": "https://about.gitlab.com/releases/2021/07/01/security-release-gitlab-14-0-2-released/" } ], "schema_version": "1.7.0", "summary": "Gitlab -- Multiple Vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "jenkins" }, "ranges": [ { "events": [ { "fixed": "2.300" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "jenkins-lts" }, "ranges": [ { "events": [ { "fixed": "2.289.2" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://www.jenkins.io/security/advisory/2021-06-30/" ], "discovery": "2021-06-30T00:00:00Z", "references": { "cvename": [ "CVE-2021-21670", "CVE-2021-21671" ] }, "vid": "9d271bab-da22-11eb-86f0-94c691a700a6" }, "details": "Jenkins Security Advisory:\n\n> # Description\n>\n> ##### (Medium) SECURITY-2278 / CVE-2021-21670\n>\n> Improper permission checks allow canceling queue items and aborting\n> builds\n>\n> ##### (High) SECURITY-2371 / CVE-2021-21671\n>\n> Session fixation vulnerability\n", "id": "FreeBSD-2021-0169", "modified": "2021-07-01T00:00:00Z", "published": "2021-07-01T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://www.jenkins.io/security/advisory/2021-06-30/" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-21670" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-21671" }, { "type": "WEB", "url": "https://www.jenkins.io/security/advisory/2021-06-30/" } ], "schema_version": "1.7.0", "summary": "jenkins -- multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "rabbitmq" }, "ranges": [ { "events": [ { "fixed": "3.8.16" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://tanzu.vmware.com/security/cve-2021-22116" ], "discovery": "2021-05-10T00:00:00Z", "references": { "cvename": [ "CVE-2021-22116" ] }, "vid": "7003b62d-7252-46ff-a9df-1b1900f1e65b" }, "details": "Jonathon Knudsen of Synopsys Cybersecurity Research Center reports:\n\n> All versions prior to 3.8.16 are prone to a denial of service\n> vulnerability due to improper input validation in AMQP 1.0 client\n> connection endpoint. A malicious client can exploit the vulnerability\n> by sending malicious AMQP messages to the target RabbitMQ instance\n> having the AMQP 1.0 plugin enabled.\n", "id": "FreeBSD-2021-0168", "modified": "2021-06-28T00:00:00Z", "published": "2021-06-28T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://tanzu.vmware.com/security/cve-2021-22116" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-22116" }, { "type": "WEB", "url": "https://tanzu.vmware.com/security/cve-2021-22116" }, { "type": "ADVISORY", "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22116" } ], "schema_version": "1.7.0", "summary": "RabbitMQ -- Denial of Service via improper input validation" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "rabbitmq-c" }, "ranges": [ { "events": [ { "fixed": "0.10.0" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "rabbitmq-c-devel" }, "ranges": [ { "events": [ { "fixed": "0.10.0" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://github.com/alanxz/rabbitmq-c/commit/fc85be7123050b91b054e45b91c78d3241a5047a" ], "discovery": "2019-10-29T00:00:00Z", "references": { "cvename": [ "CVE-2019-18609" ] }, "vid": "7c555ce3-658d-4589-83dd-4b6a31c5d610" }, "details": "alanxz reports:\n\n> When parsing a frame header, validate that the frame_size is less than\n> or equal to INT32_MAX. Given frame_max is limited between 0 and\n> INT32_MAX in amqp_login and friends, this does not change the API.\n> This prevents a potential buffer overflow when a malicious client\n> sends a frame_size that is close to UINT32_MAX, in which causes an\n> overflow when computing state-\\>target_size resulting in a small value\n> there. A buffer is then allocated with the small amount, then memcopy\n> copies the frame_size writing to memory beyond the end of the buffer.\n", "id": "FreeBSD-2021-0167", "modified": "2021-06-25T00:00:00Z", "published": "2021-06-25T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://github.com/alanxz/rabbitmq-c/commit/fc85be7123050b91b054e45b91c78d3241a5047a" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-18609" }, { "type": "ADVISORY", "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18609" } ], "schema_version": "1.7.0", "summary": "RabbitMQ-C -- integer overflow leads to heap corruption" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "puppetdb6" }, "ranges": [ { "events": [ { "fixed": "6.17.0" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "puppetdb7" }, "ranges": [ { "events": [ { "fixed": "7.4.1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://puppet.com/docs/puppetdb/latest/release_notes.html#security-fixes" ], "discovery": "2021-06-24T00:00:00Z", "references": { "cvename": [ "CVE-2021-27021" ] }, "vid": "41bc849f-d5ef-11eb-ae37-589cfc007716" }, "details": "Puppet reports:\n\n> Fixed an issue where someone with the ability to query PuppetDB could\n> arbitrarily write, update, or delete data CVE-2021-27021 PDB-5138.\n", "id": "FreeBSD-2021-0166", "modified": "2021-06-25T00:00:00Z", "published": "2021-06-25T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://puppet.com/docs/puppetdb/latest/release_notes.html#security-fixes" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-27021" }, { "type": "WEB", "url": "https://puppet.com/security/cve/cve-2021-27021/" }, { "type": "WEB", "url": "https://tickets.puppetlabs.com/browse/PDB-5138" } ], "schema_version": "1.7.0", "summary": "PuppetDB -- SQL Injection" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "py36-ansible-core" }, "ranges": [ { "events": [ { "fixed": "2.11.2" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "py37-ansible-core" }, "ranges": [ { "events": [ { "fixed": "2.11.2" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "py38-ansible-core" }, "ranges": [ { "events": [ { "fixed": "2.11.2" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "py39-ansible-core" }, "ranges": [ { "events": [ { "fixed": "2.11.2" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "py36-ansible-base" }, "ranges": [ { "events": [ { "fixed": "2.10.11" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "py37-ansible-base" }, "ranges": [ { "events": [ { "fixed": "2.10.11" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "py38-ansible-base" }, "ranges": [ { "events": [ { "fixed": "2.10.11" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "py39-ansible-base" }, "ranges": [ { "events": [ { "fixed": "2.10.11" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "py36-ansible2" }, "ranges": [ { "events": [ { "fixed": "2.9.23" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "py37-ansible2" }, "ranges": [ { "events": [ { "fixed": "2.9.23" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "py38-ansible2" }, "ranges": [ { "events": [ { "fixed": "2.9.23" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "py39-ansible2" }, "ranges": [ { "events": [ { "fixed": "2.9.23" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "py36-ansible" }, "ranges": [ { "events": [ { "fixed": "2.9.23" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "py37-ansible" }, "ranges": [ { "events": [ { "fixed": "2.9.23" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "py38-ansible" }, "ranges": [ { "events": [ { "fixed": "2.9.23" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "py39-ansible" }, "ranges": [ { "events": [ { "fixed": "2.9.23" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://github.com/ansible/ansible/blob/stable-2.11/changelogs/CHANGELOG-v2.11.rst#security-fixes" ], "discovery": "2021-06-10T00:00:00Z", "references": { "cvename": [ "CVE-2021-3583" ] }, "vid": "4c9159ea-d4c9-11eb-aeee-8c164582fbac" }, "details": "Ansible developers report:\n\n> Templating engine fix for not preserving usnafe status when trying to\n> preserve newlines.\n", "id": "FreeBSD-2021-0165", "modified": "2021-06-25T00:00:00Z", "published": "2021-06-24T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://github.com/ansible/ansible/blob/stable-2.11/changelogs/CHANGELOG-v2.11.rst#security-fixes" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-3583" }, { "type": "WEB", "url": "https://github.com/ansible/ansible/blob/stable-2.11/changelogs/CHANGELOG-v2.11.rst#security-fixes" }, { "type": "WEB", "url": "https://github.com/ansible/ansible/blob/stable-2.10/changelogs/CHANGELOG-v2.10.rst#security-fixes" }, { "type": "WEB", "url": "https://github.com/ansible/ansible/pull/74960" }, { "type": "WEB", "url": "https://groups.google.com/g/ansible-announce/c/tmIgD1DpZJg" } ], "schema_version": "1.7.0", "summary": "Ansible -- Templating engine bug" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "dovecot-pigeonhole" }, "ranges": [ { "events": [ { "fixed": "0.5.15" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://dovecot.org/pipermail/dovecot-news/2021-June/000460.html" ], "discovery": "2020-09-23T00:00:00Z", "references": { "cvename": [ "CVE-2020-28200" ] }, "vid": "f3fc2b50-d36a-11eb-a32c-00a0989e4ec1" }, "details": "Dovecot team reports reports:\n\n> Sieve interpreter is not protected against abusive scripts that claim\n> excessive resource usage. Fixed by limiting the user CPU time per\n> single script execution and cumulatively over several script runs\n> within a configurable timeout period. Sufficiently large CPU time\n> usage is summed in the Sieve script binary and execution is blocked\n> when the sum exceeds the limit within that time. The block is lifted\n> when the script is updated after the resource usage times out.\n", "id": "FreeBSD-2021-0164", "modified": "2021-06-22T00:00:00Z", "published": "2021-06-22T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://dovecot.org/pipermail/dovecot-news/2021-June/000460.html" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-28200" }, { "type": "WEB", "url": "https://dovecot.org/pipermail/dovecot-news/2021-June/000460.html" } ], "schema_version": "1.7.0", "summary": "dovecot-pigeonhole -- Sieve excessive resource usage" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "dovecot" }, "ranges": [ { "events": [ { "introduced": "2.3.11" }, { "fixed": "2.3.14.1" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://dovecot.org/pipermail/dovecot-news/2021-June/000461.html", "https://dovecot.org/pipermail/dovecot-news/2021-June/000462.html" ], "discovery": "2021-03-22T00:00:00Z", "references": { "cvename": [ "CVE-2021-29157", "CVE-2021-33515" ] }, "vid": "d18f431d-d360-11eb-a32c-00a0989e4ec1" }, "details": "Dovecot team reports:\n\n> CVE-2021-29157: Dovecot does not correctly escape kid and azp fields\n> in JWT tokens. This may be used to supply attacker controlled keys to\n> validate tokens in some configurations. This requires attacker to be\n> able to write files to local disk.\n\n> CVE-2021-33515: On-path attacker could inject plaintext commands\n> before STARTTLS negotiation that would be executed after STARTTLS\n> finished with the client. Only the SMTP submission service is\n> affected.\n", "id": "FreeBSD-2021-0163", "modified": "2021-06-22T00:00:00Z", "published": "2021-06-22T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://dovecot.org/pipermail/dovecot-news/2021-June/000461.html" }, { "type": "REPORT", "url": "https://dovecot.org/pipermail/dovecot-news/2021-June/000462.html" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-29157" }, { "type": "WEB", "url": "https://dovecot.org/pipermail/dovecot-news/2021-June/000461.html" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-33515" }, { "type": "WEB", "url": "https://dovecot.org/pipermail/dovecot-news/2021-June/000462.html" } ], "schema_version": "1.7.0", "summary": "dovecot -- multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "gitea" }, "ranges": [ { "events": [ { "fixed": "1.14.3" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://blog.gitea.io/2021/06/gitea-1.14.3-is-released/" ], "discovery": "2021-05-16T00:00:00Z", "references": { "freebsdpr": [ "ports/256720" ] }, "vid": "0e561c06-d13a-11eb-92be-0800273f11ea" }, "details": "The Gitea Team reports for release 1.14.3:\n\n> - Encrypt migration credentials at rest (#15895) (#16187)\n> - Only check access tokens if they are likely to be tokens (#16164)\n> (#16171)\n> - Add missing SameSite settings for the i_like_gitea cookie (#16037)\n> (#16039)\n> - Fix setting of SameSite on cookies (#15989) (#15991)\n", "id": "FreeBSD-2021-0162", "modified": "2021-06-19T00:00:00Z", "published": "2021-06-19T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://blog.gitea.io/2021/06/gitea-1.14.3-is-released/" }, { "type": "WEB", "url": "https://github.com/go-gitea/gitea/releases/tag/v1.14.3" }, { "type": "REPORT", "url": "https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=256720" } ], "schema_version": "1.7.0", "summary": "gitea -- multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "chromium" }, "ranges": [ { "events": [ { "fixed": "91.0.4472.114" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://chromereleases.googleblog.com/2021/06/stable-channel-update-for-desktop_17.html" ], "discovery": "2021-06-17T00:00:00Z", "references": { "cvename": [ "CVE-2021-30554", "CVE-2021-30555", "CVE-2021-30556", "CVE-2021-30557" ] }, "vid": "afdc7579-d023-11eb-bcad-3065ec8fd3ec" }, "details": "Chrome Releases reports:\n\n> This release includes 4 security fixes, including:\n>\n> - \\[1219857\\] High CVE-2021-30554: Use after free in WebGL. Reported\n> by anonymous on 2021-06-15\n> - \\[1215029\\] High CVE-2021-30555: Use after free in Sharing. Reported\n> by David Erceg on 2021-06-01\n> - \\[1212599\\] High CVE-2021-30556: Use after free in WebAudio.\n> Reported by Yangkang (@dnpushme) of 360 ATA on 2021-05-24\n> - \\[1202102\\] High CVE-2021-30557: Use after free in TabGroups.\n> Reported by David Erceg on 2021-04-23\n", "id": "FreeBSD-2021-0161", "modified": "2021-06-18T00:00:00Z", "published": "2021-06-18T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://chromereleases.googleblog.com/2021/06/stable-channel-update-for-desktop_17.html" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-30554" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-30555" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-30556" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-30557" }, { "type": "WEB", "url": "https://chromereleases.googleblog.com/2021/06/stable-channel-update-for-desktop_17.html" } ], "schema_version": "1.7.0", "summary": "chromium -- multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "ircii" }, "ranges": [ { "events": [ { "fixed": "20210314" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://www.openwall.com/lists/oss-security/2021/03/24/2" ], "discovery": "2021-03-02T00:00:00Z", "references": { "cvename": [ "CVE-2021-29376" ] }, "vid": "9f27ac74-cdee-11eb-930d-fc4dd43e2b6a" }, "details": "Michael Ortmann reports:\n\n> ircii has a bug in parsing CTCP UTC messages.\n>\n> Its unknown if this could also be used for arbitrary code execution.\n", "id": "FreeBSD-2021-0160", "modified": "2021-03-30T00:00:00Z", "published": "2021-03-30T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://www.openwall.com/lists/oss-security/2021/03/24/2" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-29376" }, { "type": "ADVISORY", "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29376" } ], "schema_version": "1.7.0", "summary": "ircII -- denial of service" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "apache24" }, "ranges": [ { "events": [ { "fixed": "2.4.48" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://httpd.apache.org/security/vulnerabilities_24.html" ], "discovery": "2021-06-09T00:00:00Z", "references": { "cvename": [ "CVE-2019-17567", "CVE-2020-13938", "CVE-2020-13950", "CVE-2020-35452", "CVE-2021-26690", "CVE-2021-26691", "CVE-2021-30641", "CVE-2021-31618" ] }, "vid": "cce76eca-ca16-11eb-9b84-d4c9ef517024" }, "details": "The Apache httpd reports:\n\n> - moderate: mod_proxy_wstunnel tunneling of non Upgraded connections\n> (CVE-2019-17567)\n> - moderate: Improper Handling of Insufficient Privileges\n> (CVE-2020-13938)\n> - low: mod_proxy_http NULL pointer dereference (CVE-2020-13950)\n> - low: mod_auth_digest possible stack overflow by one nul byte\n> (CVE-2020-35452)\n> - low: mod_session NULL pointer dereference (CVE-2021-26690)\n> - low: mod_session response handling heap overflow (CVE-2021-26691)\n> - moderate: Unexpected URL matching with \\'MergeSlashes OFF\\'\n> (CVE-2021-30641)\n> - important: NULL pointer dereference on specially crafted HTTP/2\n> request (CVE-2021-31618)\n", "id": "FreeBSD-2021-0159", "modified": "2021-06-10T00:00:00Z", "published": "2021-06-10T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://httpd.apache.org/security/vulnerabilities_24.html" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-17567" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-13938" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-13950" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-35452" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-26690" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-26691" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-30641" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-31618" }, { "type": "WEB", "url": "https://httpd.apache.org/security/vulnerabilities_24.html" } ], "schema_version": "1.7.0", "summary": "Apache httpd -- Multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "rubygem-dragonfly" }, "ranges": [ { "events": [ { "fixed": "2.4.0" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://nvd.nist.gov/vuln/detail/CVE-2021-33564" ], "discovery": "2021-05-24T00:00:00Z", "references": { "cvename": [ "CVE-2021-33564" ] }, "vid": "c9e2a1a7-caa1-11eb-904f-14dae9d5a9d2" }, "details": "NVD reports:\n\n> An argument injection vulnerability in the Dragonfly gem before 1.4.0\n> for Ruby allows remote attackers to read and write to arbitrary files\n> via a crafted URL when the verify_url option is disabled. This may\n> lead to code execution. The problem occurs because the generate and\n> process features mishandle use of the ImageMagick convert utility.\n", "id": "FreeBSD-2021-0158", "modified": "2021-06-11T00:00:00Z", "published": "2021-06-11T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-33564" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-33564" }, { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-33564" }, { "type": "WEB", "url": "https://github.com/mlr0p/CVE-2021-33564" }, { "type": "WEB", "url": "https://zxsecurity.co.nz/research/argunment-injection-ruby-dragonfly/" }, { "type": "ADVISORY", "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-33564" } ], "schema_version": "1.7.0", "summary": "dragonfly -- argument injection" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "cacti" }, "ranges": [ { "events": [ { "introduced": "1.2" }, { "fixed": "1.2.17" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://github.com/Cacti/cacti/issues/4022" ], "discovery": "2020-12-24T00:00:00Z", "references": { "cvename": [ "CVE-2020-35701" ] }, "vid": "e4cd0b38-c9f9-11eb-87e1-08002750c711" }, "details": "Cati team reports:\n\n> Due to a lack of validation, data_debug.php can be the source of a SQL\n> injection.\n", "id": "FreeBSD-2021-0157", "modified": "2021-06-24T00:00:00Z", "published": "2021-06-10T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://github.com/Cacti/cacti/issues/4022" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-35701" }, { "type": "WEB", "url": "https://github.com/Cacti/cacti/issues/4022" } ], "schema_version": "1.7.0", "summary": "cacti -- SQL Injection was possible due to incorrect validation order" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "chromium" }, "ranges": [ { "events": [ { "fixed": "91.0.4472.101" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://chromereleases.googleblog.com/2021/06/stable-channel-update-for-desktop.html" ], "discovery": "2021-06-10T00:00:00Z", "references": { "cvename": [ "CVE-2021-30544", "CVE-2021-30545", "CVE-2021-30546", "CVE-2021-30547", "CVE-2021-30548", "CVE-2021-30549", "CVE-2021-30550", "CVE-2021-30551", "CVE-2021-30552", "CVE-2021-30553" ] }, "vid": "20b3ab21-c9df-11eb-8558-3065ec8fd3ec" }, "details": "Chrome Releases reports:\n\n> This release contains 14 security fixes, including:\n>\n> - \\[1212618\\] Critical CVE-2021-30544: Use after free in BFCache.\n> Reported by Rong Jian and Guang Gong of 360 Alpha Lab on 2021-05-24\n> - \\[1201031\\] High CVE-2021-30545: Use after free in Extensions.\n> Reported by kkwon with everpall and kkomdal on 2021-04-21\n> - \\[1206911\\] High CVE-2021-30546: Use after free in Autofill.\n> Reported by Abdulrahman Alqabandi, Microsoft Browser Vulnerability\n> Research on 2021-05-08\n> - \\[1210414\\] High CVE-2021-30547: Out of bounds write in ANGLE.\n> Reported by Seong-Hwan Park (SeHwa) of SecunologyLab on 2021-05-18\n> - \\[1210487\\] High CVE-2021-30548: Use after free in Loader. Reported\n> by Yangkang(@dnpushme) & Wanglu of Qihoo360 Qex Team on 2021-05-18\n> - \\[1212498\\] High CVE-2021-30549: Use after free in Spell check.\n> Reported by David Erceg on 2021-05-23\n> - \\[1212500\\] High CVE-2021-30550: Use after free in Accessibility.\n> Reported by David Erceg on 2021-05-23\n> - \\[1216437\\] High CVE-2021-30551: Type Confusion in V8. Reported by\n> Sergei Glazunov of Google Project Zero on 2021-06-04\n> - \\[1200679\\] Medium CVE-2021-30552: Use after free in Extensions.\n> Reported by David Erceg on 2021-04-20\n> - \\[1209769\\] Medium CVE-2021-30553: Use after free in Network\n> service. Reported by Anonymous on 2021-05-17\n>\n> Google is aware that an exploit for CVE-2021-30551 exists in the wild.\n", "id": "FreeBSD-2021-0156", "modified": "2021-06-10T00:00:00Z", "published": "2021-06-10T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://chromereleases.googleblog.com/2021/06/stable-channel-update-for-desktop.html" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-30544" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-30545" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-30546" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-30547" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-30548" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-30549" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-30550" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-30551" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-30552" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-30553" }, { "type": "WEB", "url": "https://chromereleases.googleblog.com/2021/06/stable-channel-update-for-desktop.html" } ], "schema_version": "1.7.0", "summary": "chromium -- multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "dino" }, "ranges": [ { "events": [ { "fixed": "0.2.1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://dino.im/security/cve-2021-33896/" ], "discovery": "2021-06-07T00:00:00Z", "references": { "cvename": [ "CVE-2021-33896" ] }, "vid": "fc1bcbca-c88b-11eb-9120-f02f74d0e4bd" }, "details": "Dino team reports:\n\n> It was discovered that when a user receives and downloads a file in\n> Dino, URI-encoded path separators in the file name will be decoded,\n> allowing an attacker to traverse directories and create arbitrary\n> files in the context of the user.\n", "id": "FreeBSD-2021-0155", "modified": "2021-06-08T00:00:00Z", "published": "2021-06-08T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://dino.im/security/cve-2021-33896/" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-33896" }, { "type": "DISCUSSION", "url": "https://marc.info/?l=oss-security&m=162308719412719" }, { "type": "WEB", "url": "https://dino.im/security/cve-2021-33896/" } ], "schema_version": "1.7.0", "summary": "dino -- Path traversal in Dino file transfers" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "pglogical" }, "ranges": [ { "events": [ { "fixed": "2.3.4" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://github.com/2ndQuadrant/pglogical/releases/tag/REL2_3_4" ], "discovery": "2021-06-01T00:00:00Z", "references": { "cvename": [ "CVE-2021-3515" ] }, "vid": "45b8716b-c707-11eb-b9a0-6805ca0b3d42" }, "details": "2ndQuadrant reports:\n\n> - Fix pg_dump/pg_restore execution (CVE-2021-3515)\\\n> \\\n> Correctly escape the connection string for both pg_dump and\n> pg_restore so that exotic database and user names are handled\n> correctly.\\\n> \\\n> Reported by Pedro Gallegos\n", "id": "FreeBSD-2021-0154", "modified": "2021-06-06T00:00:00Z", "published": "2021-06-06T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://github.com/2ndQuadrant/pglogical/releases/tag/REL2_3_4" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-3515" }, { "type": "WEB", "url": "https://github.com/2ndQuadrant/pglogical/releases/tag/REL2_3_4" }, { "type": "REPORT", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1954112" } ], "schema_version": "1.7.0", "summary": "pglogical -- shell command injection in pglogical.create_subscription()" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "drupal7" }, "ranges": [ { "events": [ { "introduced": "7.0,1" }, { "fixed": "7.80" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://www.drupal.org/sa-core-2021-002" ], "discovery": "2021-04-21T00:00:00Z", "references": { "cvename": [ "CVE-2020-13672" ] }, "vid": "f70ab05e-be06-11eb-b983-000c294bb613" }, "details": "Drupal Security team reports:\n\n> Drupal core\\'s sanitization API fails to properly filter cross-site\n> scripting under certain circumstances. Not all sites and users are\n> affected, but configuration changes to prevent the exploit might be\n> impractical and will vary between sites. Therefore, we recommend all\n> sites update to this release as soon as possible.\n", "id": "FreeBSD-2021-0153", "modified": "2021-06-06T00:00:00Z", "published": "2021-06-06T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://www.drupal.org/sa-core-2021-002" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-13672" } ], "schema_version": "1.7.0", "summary": "drupal7 -- fix possible CSS" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "polkit" }, "ranges": [ { "events": [ { "fixed": "0.119" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://seclists.org/oss-sec/2021/q2/180" ], "discovery": "2021-06-03T00:00:00Z", "references": { "cvename": [ "CVE-2021-3560" ] }, "vid": "36a35d83-c560-11eb-84ab-e0d55e2a8bf9" }, "details": "Cedric Buissart reports:\n\n> The function `polkit_system_bus_name_get_creds_sync` is used to get\n> the uid and pid of the process requesting the action. It does this by\n> sending the unique bus name of the requesting process, which is\n> typically something like \\\":1.96\\\", to `dbus-daemon`. These unique\n> names are assigned and managed by `dbus-daemon` and cannot be forged,\n> so this is a good way to check the privileges of the requesting\n> process.\n>\n> The vulnerability happens when the requesting process disconnects from\n> `dbus-daemon` just before the call to\n> `polkit_system_bus_name_get_creds_sync` starts. In this scenario, the\n> unique bus name is no longer valid, so `dbus-daemon` sends back an\n> error reply. This error case is handled in\n> `polkit_system_bus_name_get_creds_sync` by setting the value of the\n> `error` parameter, but it still returns `TRUE`, rather than `FALSE`.\n> This behavior means that all callers of\n> `polkit_system_bus_name_get_creds_sync` need to carefully check\n> whether an error was set. If the calling function forgets to check for\n> errors then it will think that the uid of the requesting process is 0\n> (because the `AsyncGetBusNameCredsData` struct is zero initialized).\n> In other words, it will think that the action was requested by a root\n> process, and will therefore allow it.\n", "id": "FreeBSD-2021-0152", "modified": "2021-06-04T00:00:00Z", "published": "2021-06-04T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://seclists.org/oss-sec/2021/q2/180" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-3560" }, { "type": "WEB", "url": "https://seclists.org/oss-sec/2021/q2/180" }, { "type": "ADVISORY", "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3560" }, { "type": "WEB", "url": "https://gitlab.freedesktop.org/polkit/polkit/-/commit/a04d13a" } ], "schema_version": "1.7.0", "summary": "polkit -- local privilege escalation using polkit_system_bus_name_get_creds_sync" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "sogo" }, "ranges": [ { "events": [ { "fixed": "5.1.1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "sogo-activesync" }, "ranges": [ { "events": [ { "fixed": "5.1.1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "sogo2" }, "ranges": [ { "events": [ { "fixed": "2.4.1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "sogo2-activesync" }, "ranges": [ { "events": [ { "fixed": "2.4.1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://www.sogo.nu/news/2021/saml-vulnerability.html" ], "discovery": "2021-06-01T00:00:00Z", "references": { "cvename": [ "CVE-2021-33054" ] }, "vid": "69815a1d-c31d-11eb-9633-b42e99a1b9c3" }, "details": "sogo.nu reports:\n\n> SOGo was not validating the signatures of any SAML assertions it\n> received.\n>\n> This means any actor with network access to the deployment could\n> impersonate\n>\n> users when SAML was the authentication method.\n", "id": "FreeBSD-2021-0151", "modified": "2021-06-02T00:00:00Z", "published": "2021-06-02T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://www.sogo.nu/news/2021/saml-vulnerability.html" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-33054" }, { "type": "WEB", "url": "https://www.sogo.nu/news/2021/saml-vulnerability.html" }, { "type": "WEB", "url": "https://blogs.akamai.com/2021/06/sogo-and-packetfence-impacted-by-saml-implementation-vulnerabilities.html" } ], "schema_version": "1.7.0", "summary": "SOGo -- SAML user authentication impersonation" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "tauthon" }, "ranges": [ { "events": [ { "fixed": "2.8.3" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://github.com/naftaliharris/tauthon/blob/master/Misc/NEWS.d/2.8.3.rst" ], "discovery": "2020-01-30T00:00:00Z", "references": { "cvename": [ "CVE-2020-8492" ] }, "vid": "c7855866-c511-11eb-ae1d-b42e991fc52e" }, "details": "> The :class:\\`\\~urllib.request.AbstractBasicAuthHandler\\` class of the\n> :mod:\\`urllib.request\\` module uses an inefficient regular expression\n> which can be exploited by an attacker to cause a denial of service\n", "id": "FreeBSD-2021-0150", "modified": "2021-06-04T00:00:00Z", "published": "2021-06-04T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://github.com/naftaliharris/tauthon/blob/master/Misc/NEWS.d/2.8.3.rst" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-8492" }, { "type": "ADVISORY", "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8492" } ], "schema_version": "1.7.0", "summary": "tauthon -- Regular Expression Denial of Service" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "lasso" }, "ranges": [ { "events": [ { "fixed": "2.7.0" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://git.entrouvert.org/lasso.git/tree/NEWS?id=v2.7.0" ], "discovery": "2021-06-01T00:00:00Z", "references": { "cvename": [ "CVE-2021-28091" ] }, "vid": "417de1e6-c31b-11eb-9633-b42e99a1b9c3" }, "details": "entrouvert reports:\n\n> When AuthnResponse messages are not signed (which is permitted by the\n> specifiation), all assertion\\'s signatures should be checked, but\n> currently after the first signed assertion is checked all following\n> assertions are accepted without checking their signature, and the last\n> one is considered the main assertion.\n", "id": "FreeBSD-2021-0149", "modified": "2021-06-01T00:00:00Z", "published": "2021-06-01T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://git.entrouvert.org/lasso.git/tree/NEWS?id=v2.7.0" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-28091" }, { "type": "WEB", "url": "https://git.entrouvert.org/lasso.git/tree/NEWS?id=v2.7.0" } ], "schema_version": "1.7.0", "summary": "lasso -- signature checking failure" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "go" }, "ranges": [ { "events": [ { "fixed": "1.16.5,1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://github.com/golang/go/issues/45910", "https://github.com/golang/go/issues/46313", "https://github.com/golang/go/issues/46241", "https://github.com/golang/go/issues/46242" ], "discovery": "2021-05-01T00:00:00Z", "references": { "cvename": [ "CVE-2021-33198", "CVE-2021-33197", "CVE-2021-33195", "CVE-2021-33196" ] }, "vid": "079b3641-c4bd-11eb-a22a-693f0544ae52" }, "details": "The Go project reports:\n\n> The SetString and UnmarshalText methods of math/big.Rat may cause a\n> panic or an unrecoverable fatal error if passed inputs with very large\n> exponents.\n\n> ReverseProxy in net/http/httputil could be made to forward certain\n> hop-by-hop headers, including Connection. In case the target of the\n> ReverseProxy was itself a reverse proxy, this would let an attacker\n> drop arbitrary headers, including those set by the\n> ReverseProxy.Director.\n\n> The LookupCNAME, LookupSRV, LookupMX, LookupNS, and LookupAddr\n> functions in net, and their respective methods on the Resolver type\n> may return arbitrary values retrieved from DNS which do not follow the\n> established RFC 1035 rules for domain names. If these names are used\n> without further sanitization, for instance unsafely included in HTML,\n> they may allow for injection of unexpected content. Note that\n> LookupTXT may still return arbitrary values that could require\n> sanitization before further use.\n\n> The NewReader and OpenReader functions in archive/zip can cause a\n> panic or an unrecoverable fatal error when reading an archive that\n> claims to contain a large number of files, regardless of its actual\n> size.\n", "id": "FreeBSD-2021-0148", "modified": "2021-06-03T00:00:00Z", "published": "2021-06-03T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://github.com/golang/go/issues/45910" }, { "type": "REPORT", "url": "https://github.com/golang/go/issues/46313" }, { "type": "REPORT", "url": "https://github.com/golang/go/issues/46241" }, { "type": "REPORT", "url": "https://github.com/golang/go/issues/46242" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-33198" }, { "type": "WEB", "url": "https://github.com/golang/go/issues/45910" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-33197" }, { "type": "WEB", "url": "https://github.com/golang/go/issues/46313" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-33195" }, { "type": "WEB", "url": "https://github.com/golang/go/issues/46241" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-33196" }, { "type": "WEB", "url": "https://github.com/golang/go/issues/46242" } ], "schema_version": "1.7.0", "summary": "go -- multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "py36-aiohttp" }, "ranges": [ { "events": [ { "last_affected": "3.7.3" }, { "fixed": "3.7.3" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "py37-aiohttp" }, "ranges": [ { "events": [ { "last_affected": "3.7.3" }, { "fixed": "3.7.3" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "py38-aiohttp" }, "ranges": [ { "events": [ { "last_affected": "3.7.3" }, { "fixed": "3.7.3" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "py39-aiohttp" }, "ranges": [ { "events": [ { "last_affected": "3.7.3" }, { "fixed": "3.7.3" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://github.com/aio-libs/aiohttp/security/advisories/GHSA-v6wp-4m6f-gcjg" ], "discovery": "2021-02-25T00:00:00Z", "references": { "cvename": [ "CVE-2021-21330" ] }, "vid": "3000acee-c45d-11eb-904f-14dae9d5a9d2" }, "details": "Sviatoslav Sydorenko reports:\n\n> Open redirect vulnerability --- a maliciously crafted link to an\n> aiohttp-based web-server could redirect the browser to a different\n> website.\n>\n> It is caused by a bug in the\n> `aiohttp.web_middlewares.normalize_path_middleware` middleware.\n", "id": "FreeBSD-2021-0147", "modified": "2021-06-23T00:00:00Z", "published": "2021-06-03T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://github.com/aio-libs/aiohttp/security/advisories/GHSA-v6wp-4m6f-gcjg" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-21330" }, { "type": "WEB", "url": "https://github.com/aio-libs/aiohttp/security/advisories/GHSA-v6wp-4m6f-gcjg" }, { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-21330" } ], "schema_version": "1.7.0", "summary": "aiohttp -- open redirect vulnerability" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "zeek" }, "ranges": [ { "events": [ { "fixed": "4.0.2" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://github.com/zeek/zeek/releases/tag/v4.0.2" ], "discovery": "2021-04-30T00:00:00Z", "vid": "a550d62c-f78d-4407-97d9-93876b6741b9" }, "details": "Tim Wojtulewicz of Corelight reports:\n\n> Fix potential Undefined Behavior in decode_netbios_name() and\n> decode_netbios_name_type() BIFs. The latter has a possibility of a\n> remote heap-buffer-overread, making this a potential DoS\n> vulnerability.\n>\n> Add some extra length checking when parsing mobile ipv6 packets. Due\n> to the possibility of reading invalid headers from remote sources,\n> this is a potential DoS vulnerability.\n", "id": "FreeBSD-2021-0146", "modified": "2021-06-02T00:00:00Z", "published": "2021-06-02T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://github.com/zeek/zeek/releases/tag/v4.0.2" }, { "type": "WEB", "url": "https://github.com/zeek/zeek/releases/tag/v4.0.2" } ], "schema_version": "1.7.0", "summary": "zeek -- several potential DoS vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "py36-yaml" }, "ranges": [ { "events": [ { "fixed": "5.4" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "py37-yaml" }, "ranges": [ { "events": [ { "fixed": "5.4" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "py38-yaml" }, "ranges": [ { "events": [ { "fixed": "5.4" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "py39-yaml" }, "ranges": [ { "events": [ { "fixed": "5.4" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "discovery": "2020-07-22T00:00:00Z", "references": { "cvename": [ "CVE-2020-14343" ] }, "vid": "c7ec6375-c3cf-11eb-904f-14dae9d5a9d2" }, "details": "A vulnerability was discovered in the PyYAML library in versions before\n5.4, where it is susceptible to arbitrary code execution when it\nprocesses untrusted YAML files through the full_load method or with the\nFullLoader loader. Applications that use the library to process\nuntrusted input may be vulnerable to this flaw. This flaw allows an\nattacker to execute arbitrary code on the system by abusing the\npython/object/new constructor. This flaw is due to an incomplete fix for\nCVE-2020-1747.\n", "id": "FreeBSD-2021-0145", "modified": "2021-06-02T00:00:00Z", "published": "2021-06-02T00:00:00Z", "references": [ { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-14343" }, { "type": "WEB", "url": "https://github.com/yaml/pyyaml/issues/420" }, { "type": "WEB", "url": "https://access.redhat.com/security/cve/CVE-2020-14343" }, { "type": "REPORT", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1860466" } ], "schema_version": "1.7.0", "summary": "PyYAML -- arbitrary code execution" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "isc-dhcp44-relay" }, "ranges": [ { "events": [ { "fixed": "4.4.2-P1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "isc-dhcp44-server" }, "ranges": [ { "events": [ { "fixed": "4.4.2-P1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "isc-dhcp44-client" }, "ranges": [ { "events": [ { "fixed": "4.4.2-P1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://seclists.org/oss-sec/2021/q2/170" ], "discovery": "2021-05-26T00:00:00Z", "references": { "cvename": [ "CVE-2021-25217" ] }, "vid": "e24fb8f8-c39a-11eb-9370-b42e99a1b9c3" }, "details": "Michael McNally reports:\n\n> Program code used by the ISC DHCP package to read and parse stored\n> leases\n>\n> has a defect that can be exploited by an attacker to cause one of\n> several undesirable outcomes\n", "id": "FreeBSD-2021-0144", "modified": "2021-06-02T00:00:00Z", "published": "2021-06-02T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://seclists.org/oss-sec/2021/q2/170" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-25217" }, { "type": "WEB", "url": "https://kb.isc.org/docs/cve-2021-25217" } ], "schema_version": "1.7.0", "summary": "isc-dhcp -- remotely exploitable vulnerability" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "gitlab-ce" }, "ranges": [ { "events": [ { "introduced": "13.12.0" }, { "fixed": "13.12.2" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "13.11.0" }, { "fixed": "13.11.5" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "7.10.0" }, { "fixed": "13.10.5" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://about.gitlab.com/releases/2021/06/01/security-release-gitlab-13-12-2-released/" ], "discovery": "2021-06-01T00:00:00Z", "references": { "cvename": [ "CVE-2021-22181" ] }, "vid": "5f52d646-c31f-11eb-8dcf-001b217b3468" }, "details": "Gitlab reports:\n\n> Stealing GitLab OAuth access tokens using XSLeaks in Safari\n>\n> Denial of service through recursive triggered pipelines\n>\n> Unauthenticated CI lint API may lead to information disclosure and\n> SSRF\n>\n> Server-side DoS through rendering crafted Markdown documents\n>\n> Issue and merge request length limit is not being enforced\n>\n> Insufficient Expired Password Validation\n>\n> XSS in blob viewer of notebooks\n>\n> Logging of Sensitive Information\n>\n> On-call rotation information exposed when removing a member\n>\n> Spoofing commit author for signed commits\n>\n> Enable qsh verification for Atlassian Connect\n", "id": "FreeBSD-2021-0143", "modified": "2021-06-01T00:00:00Z", "published": "2021-06-01T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://about.gitlab.com/releases/2021/06/01/security-release-gitlab-13-12-2-released/" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-22181" }, { "type": "WEB", "url": "https://about.gitlab.com/releases/2021/06/01/security-release-gitlab-13-12-2-released/" } ], "schema_version": "1.7.0", "summary": "Gitlab -- Multiple Vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "redis" }, "ranges": [ { "events": [ { "introduced": "6.0.0" }, { "fixed": "6.0.14" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "redis-devel" }, "ranges": [ { "events": [ { "introduced": "6.2.0" }, { "fixed": "6.2.4" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://groups.google.com/g/redis-db/c/RLTwi1kKsCI" ], "discovery": "2021-06-01T00:00:00Z", "references": { "cvename": [ "CVE-2021-32625" ] }, "vid": "8eb69cd0-c2ec-11eb-b6e7-8c164567ca3c" }, "details": "Redis development team reports:\n\n> An integer overflow bug in Redis version 6.0 or newer can be exploited\n> using the STRALGO LCS command to corrupt the heap and potentially\n> result with remote code execution. This is a result of an incomplete\n> fix by CVE-2021-29477.\n", "id": "FreeBSD-2021-0142", "modified": "2021-06-01T00:00:00Z", "published": "2021-06-01T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://groups.google.com/g/redis-db/c/RLTwi1kKsCI" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-32625" }, { "type": "WEB", "url": "https://groups.google.com/g/redis-db/c/RLTwi1kKsCI" } ], "schema_version": "1.7.0", "summary": "redis -- integer overflow" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "libX11" }, "ranges": [ { "events": [ { "fixed": "1.7.1,1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://lists.freedesktop.org/archives/xorg/2021-May/060699.html" ], "discovery": "2021-05-11T00:00:00Z", "references": { "cvename": [ "CVE-2021-31535" ] }, "vid": "58d6ed66-c2e8-11eb-9fb0-6451062f0f7a" }, "details": "The X.org project reports:\n\n> XLookupColor() and other X libraries function lack proper validation\n> of the length of their string parameters. If those parameters can be\n> controlled by an external application (for instance a color name that\n> can be emitted via a terminal control sequence) it can lead to the\n> emission of extra X protocol requests to the X server.\n", "id": "FreeBSD-2021-0141", "modified": "2022-02-08T00:00:00Z", "published": "2021-06-01T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://lists.freedesktop.org/archives/xorg/2021-May/060699.html" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-31535" }, { "type": "WEB", "url": "https://lists.freedesktop.org/archives/xorg/2021-May/060699.html" }, { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-31535" } ], "schema_version": "1.7.0", "summary": "libX11 -- Arbitrary code execution" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "prometheus2" }, "ranges": [ { "events": [ { "introduced": "2.23.0" }, { "fixed": "2.26.1" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "2.27.0" }, { "last_affected": "2.27.0" }, { "fixed": "2.27.0" } ], "type": "ECOSYSTEM" } ], "versions": [ "2.27.0" ] } ], "database_specific": { "cite": [ "https://nvd.nist.gov/vuln/detail/CVE-2021-29622" ], "discovery": "2021-05-18T00:00:00Z", "references": { "cvename": [ "CVE-2021-29622" ] }, "vid": "59ab72fb-bccf-11eb-a38d-6805ca1caf5c" }, "details": "Prometheus reports:\n\n> Prometheus is an open-source monitoring system and time series\n> database. In 2.23.0, Prometheus changed its default UI to the New ui.\n> To ensure a seamless transition, the URL\\'s prefixed by /new redirect\n> to /. Due to a bug in the code, it is possible for an attacker to\n> craft an URL that can redirect to any other URL, in the /new endpoint.\n> If a user visits a prometheus server with a specially crafted address,\n> they can be redirected to an arbitrary URL. The issue was patched in\n> the 2.26.1 and 2.27.1 releases. In 2.28.0, the /new endpoint will be\n> removed completely. The workaround is to disable access to /new via a\n> reverse proxy in front of Prometheus.\n", "id": "FreeBSD-2021-0140", "modified": "2021-06-01T00:00:00Z", "published": "2021-06-01T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-29622" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-29622" }, { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-29622" } ], "schema_version": "1.7.0", "summary": "Prometheus -- arbitrary redirects" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "wayland" }, "ranges": [ { "events": [ { "fixed": "1.19.0_1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://gitlab.freedesktop.org/wayland/wayland/-/merge_requests/133" ], "discovery": "2021-05-02T00:00:00Z", "references": { "cvename": [ "CVE-2013-2003" ], "freebsdpr": [ "ports/256273" ] }, "vid": "fd24a530-c202-11eb-b217-b42e99639323" }, "details": "Tobias Stoeckmann reports:\n\n> The libXcursor fix for CVE-2013-2003 has never been imported into\n> wayland, leaving it vulnerable to it.\n", "id": "FreeBSD-2021-0139", "modified": "2021-05-31T00:00:00Z", "published": "2021-05-31T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://gitlab.freedesktop.org/wayland/wayland/-/merge_requests/133" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2013-2003" }, { "type": "WEB", "url": "https://gitlab.freedesktop.org/wayland/wayland/-/merge_requests/133" }, { "type": "REPORT", "url": "https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=256273" } ], "schema_version": "1.7.0", "summary": "wayland -- integer overflow" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "FreeBSD" }, "ranges": [ { "events": [ { "introduced": "13.0" }, { "fixed": "13.0_1" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "12.2" }, { "fixed": "12.2_7" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "11.4" }, { "fixed": "11.4_10" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "discovery": "2021-05-27T00:00:00Z", "references": { "cvename": [ "CVE-2021-29629" ], "freebsdsa": [ "SA-21:12.libradius" ] }, "vid": "107c7a76-beaa-11eb-b87a-901b0ef719ab" }, "details": "# Problem Description:\n\nlibradius did not perform sufficient validation of received messages.\n\nrad_get_attr(3) did not verify that the attribute length is valid before\nsubtracting the length of the Type and Length fields. As a result, it\ncould return success while also providing a bogus length of SIZE_T_MAX -\n2 for the Value field.\n\nWhen processing attributes to find an optional authenticator,\nis_valid_response() failed to verify that each attribute length is\nnon-zero and could thus enter an infinite loop.\n\n# Impact:\n\nA server may use libradius(3) to process messages from RADIUS clients.\nIn this case, a malicious client could trigger a denial-of-service in\nthe server. A client using libradius(3) to process messages from a\nserver is susceptible to the same problem.\n\nThe impact of the rad_get_attr(3) bug depends on how the returned length\nis validated and used by the consumer. It is possible that libradius(3)\napplications will crash or enter an infinite loop when calling\nrad_get_attr(3) on untrusted RADIUS messages.\n", "id": "FreeBSD-2021-0138", "modified": "2021-05-27T00:00:00Z", "published": "2021-05-27T00:00:00Z", "references": [ { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-29629" }, { "type": "ADVISORY", "url": "https://www.freebsd.org/security/advisories/FreeBSD-SA-21:12.libradius.asc" } ], "schema_version": "1.7.0", "summary": "FreeBSD -- Missing message validation in libradius(3)" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:kernel", "name": "FreeBSD-kernel" }, "ranges": [ { "events": [ { "introduced": "13.0" }, { "fixed": "13.0_1" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "12.2" }, { "fixed": "12.2_7" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "discovery": "2021-05-27T00:00:00Z", "references": { "cvename": [ "CVE-2021-29628" ], "freebsdsa": [ "SA-21:11.smap" ] }, "vid": "d1ac6a6a-bea8-11eb-b87a-901b0ef719ab" }, "details": "# Problem Description:\n\nThe FreeBSD kernel enables SMAP during boot when the CPU reports that\nthe SMAP capability is present. Subroutines such as copyin() and\ncopyout() are responsible for disabling SMAP around the sections of code\nthat perform user memory accesses.\n\nSuch subroutines must handle page faults triggered when user memory is\nnot mapped. The kernel\\'s page fault handler checks the validity of the\nfault, and if it is indeed valid it will map a page and resume copying.\nIf the fault is invalid, the fault handler returns control to a\ntrampoline which aborts the operation and causes an error to be\nreturned. In this second scenario, a bug in the implementation of SMAP\nsupport meant that SMAP would remain disabled until the thread returns\nto user mode.\n\n# Impact:\n\nThis bug may be used to bypass the protections provided by SMAP for the\nduration of a system call. It could thus be combined with other kernel\nbugs to craft an exploit.\n", "id": "FreeBSD-2021-0137", "modified": "2021-05-27T00:00:00Z", "published": "2021-05-27T00:00:00Z", "references": [ { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-29628" }, { "type": "ADVISORY", "url": "https://www.freebsd.org/security/advisories/FreeBSD-SA-21:11.smap.asc" } ], "schema_version": "1.7.0", "summary": "FreeBSD-kernel -- SMAP bypass" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "chromium" }, "ranges": [ { "events": [ { "fixed": "91.0.4472.77" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://chromereleases.googleblog.com/2021/05/stable-channel-update-for-desktop_25.html" ], "discovery": "2021-05-25T00:00:00Z", "references": { "cvename": [ "CVE-2021-30521", "CVE-2021-30522", "CVE-2021-30523", "CVE-2021-30524", "CVE-2021-30525", "CVE-2021-30526", "CVE-2021-30527", "CVE-2021-30528", "CVE-2021-30529", "CVE-2021-30530", "CVE-2021-30531", "CVE-2021-30532", "CVE-2021-30533", "CVE-2021-30534", "CVE-2021-30535", "CVE-2021-21212", "CVE-2021-30536", "CVE-2021-30537", "CVE-2021-30538", "CVE-2021-30539", "CVE-2021-30540" ] }, "vid": "674ed047-be0a-11eb-b927-3065ec8fd3ec" }, "details": "Chrome Releases reports:\n\n> This release contains 32 security fixes, including:\n>\n> - \\[1208721\\] High CVE-2021-30521: Heap buffer overflow in Autofill.\n> Reported by ZhanJia Song on 2021-05-13\n> - \\[1176218\\] High CVE-2021-30522: Use after free in WebAudio.\n> Reported by Piotr Bania of Cisco Talos on 2021-02-09\n> - \\[1187797\\] High CVE-2021-30523: Use after free in WebRTC. Reported\n> by Tolyan Korniltsev on 2021-03-13\n> - \\[1197146\\] High CVE-2021-30524: Use after free in TabStrip.\n> Reported by David Erceg on 2021-04-08\n> - \\[1197888\\] High CVE-2021-30525: Use after free in TabGroups.\n> Reported by David Erceg on 2021-04-11\n> - \\[1198717\\] High CVE-2021-30526: Out of bounds write in TabStrip.\n> Reported by David Erceg on 2021-04-13\n> - \\[1199198\\] High CVE-2021-30527: Use after free in WebUI. Reported\n> by David Erceg on 2021-04-15\n> - \\[1206329\\] High CVE-2021-30528: Use after free in\n> WebAuthentication. Reported by Man Yue Mo of GitHub Security Lab on\n> 2021-05-06\n> - \\[1195278\\] Medium CVE-2021-30529: Use after free in Bookmarks.\n> Reported by koocola (@alo_cook) and Nan Wang (@eternalsakura13) of\n> 360 Alpha Lab on 2021-04-02\n> - \\[1201033\\] Medium CVE-2021-30530: Out of bounds memory access in\n> WebAudio. Reported by kkwon on 2021-04-21\n> - \\[1115628\\] Medium CVE-2021-30531: Insufficient policy enforcement\n> in Content Security Policy. Reported by Philip Papurt on 2020-08-12\n> - \\[1117687\\] Medium CVE-2021-30532: Insufficient policy enforcement\n> in Content Security Policy. Reported by Philip Papurt on 2020-08-18\n> - \\[1145553\\] Medium CVE-2021-30533: Insufficient policy enforcement\n> in PopupBlocker. Reported by Eliya Stein on 2020-11-04\n> - \\[1151507\\] Medium CVE-2021-30534: Insufficient policy enforcement\n> in iFrameSandbox. Reported by Alesandro Ortiz on 2020-11-20\n> - \\[1194899\\] Medium CVE-2021-30535: Double free in ICU. Reported by\n> nocma, leogan, cheneyxu of WeChat Open Platform Security Team on\n> 2021-04-01\n> - \\[1145024\\] Medium CVE-2021-21212: Insufficient data validation in\n> networking. Reported by Hugo Hue and Sze Yiu Chau of the Chinese\n> University of Hong Kong on 2020-11-03\n> - \\[1194358\\] Low CVE-2021-30536: Out of bounds read in V8. Reported\n> by Chris Salls (@salls) on 2021-03-31\n> - \\[830101\\] Low CVE-2021-30537: Insufficient policy enforcement in\n> cookies. Reported by Jun Kokatsu (@shhnjk) on 2018-04-06\n> - \\[1115045\\] Low CVE-2021-30538: Insufficient policy enforcement in\n> content security policy. Reported by Tianze Ding (@D1iv3) of Tencent\n> Security Xuanwu Lab on 2020-08-11\n> - \\[971231\\] Low CVE-2021-30539: Insufficient policy enforcement in\n> content security policy. Reported by unnamed researcher on\n> 2019-06-05\n> - \\[1184147\\] Low CVE-2021-30540: Incorrect security UI in payments.\n> Reported by \\@retsew0x01 on 2021-03-03\n", "id": "FreeBSD-2021-0136", "modified": "2021-05-26T00:00:00Z", "published": "2021-05-26T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://chromereleases.googleblog.com/2021/05/stable-channel-update-for-desktop_25.html" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-30521" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-30522" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-30523" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-30524" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-30525" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-30526" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-30527" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-30528" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-30529" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-30530" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-30531" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-30532" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-30533" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-30534" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-30535" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-21212" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-30536" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-30537" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-30538" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-30539" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-30540" }, { "type": "WEB", "url": "https://chromereleases.googleblog.com/2021/05/stable-channel-update-for-desktop_25.html" } ], "schema_version": "1.7.0", "summary": "chromium -- multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "libzmq4" }, "ranges": [ { "events": [ { "fixed": "4.3.3" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://github.com/zeromq/libzmq/releases/tag/v4.3.3" ], "discovery": "2020-09-07T00:00:00Z", "references": { "cvename": [ "CVE-2020-15166" ], "freebsdpr": [ "ports/255102" ] }, "vid": "21ec4428-bdaa-11eb-a04e-641c67a117d8" }, "details": "Google\\'s oss-fuzz project reports:\n\n> Denial-of-Service on CURVE/ZAP-protected servers by unauthenticated\n> clients. If a raw TCP socket is opened and connected to an endpoint\n> that is fully configured with CURVE/ZAP, legitimate clients will not\n> be able to exchange any message. Handshakes complete successfully, and\n> messages are delivered to the library, but the server application\n> never receives them.\n", "id": "FreeBSD-2021-0135", "modified": "2021-05-25T00:00:00Z", "published": "2021-05-25T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://github.com/zeromq/libzmq/releases/tag/v4.3.3" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-15166" }, { "type": "WEB", "url": "https://github.com/zeromq/libzmq/releases/tag/v4.3.3" }, { "type": "WEB", "url": "https://github.com/zeromq/libzmq/security/advisories/GHSA-25wp-cf8g-938m" }, { "type": "REPORT", "url": "https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=255102" } ], "schema_version": "1.7.0", "summary": "libzmq4 -- Denial of Service" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "libzmq4" }, "ranges": [ { "events": [ { "fixed": "4.3.2" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://github.com/zeromq/libzmq/releases/tag/v4.3.2" ], "discovery": "2019-06-27T00:00:00Z", "references": { "cvename": [ "CVE-2019-13132" ], "freebsdpr": [ "ports/255102" ] }, "vid": "6954a2b0-bda8-11eb-a04e-641c67a117d8" }, "details": "Fang-Pen Lin reports:\n\n> A remote, unauthenticated client connecting to a libzmq application,\n> running with a socket listening with CURVE encryption/authentication\n> enabled, may cause a stack overflow and overwrite the stack with\n> arbitrary data, due to a buffer overflow in the library. Users running\n> public servers with the above configuration are highly encouraged to\n> upgrade as soon as possible, as there are no known mitigations.\n", "id": "FreeBSD-2021-0134", "modified": "2021-05-25T00:00:00Z", "published": "2021-05-25T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://github.com/zeromq/libzmq/releases/tag/v4.3.2" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-13132" }, { "type": "WEB", "url": "https://github.com/zeromq/libzmq/releases/tag/v4.3.2" }, { "type": "WEB", "url": "https://github.com/zeromq/libzmq/issues/3558" }, { "type": "REPORT", "url": "https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=255102" } ], "schema_version": "1.7.0", "summary": "libzmq4 -- Stack overflow" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "nginx" }, "ranges": [ { "events": [ { "fixed": "1.20.1,2" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "nginx-devel" }, "ranges": [ { "events": [ { "fixed": "1.21.0" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23017" ], "discovery": "2021-05-25T00:00:00Z", "references": { "cvename": [ "CVE-2021-23017" ] }, "vid": "0882f019-bd60-11eb-9bdd-8c164567ca3c" }, "details": "NGINX team reports:\n\n> 1-byte memory overwrite might occur during DNS server response\n> processing if the \\\"resolver\\\" directive was used, allowing an\n> attacker who is able to forge UDP packets from the DNS server to cause\n> worker process crash or, potentially, arbitrary code execution.\n", "id": "FreeBSD-2021-0133", "modified": "2021-05-25T00:00:00Z", "published": "2021-05-25T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23017" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-23017" }, { "type": "ADVISORY", "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23017" } ], "schema_version": "1.7.0", "summary": "NGINX -- 1-byte memory overwrite in resolver" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "pg_partman" }, "ranges": [ { "events": [ { "fixed": "4.5.1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://nvd.nist.gov/vuln/detail/CVE-2021-33204" ], "discovery": "2021-05-21T00:00:00Z", "references": { "cvename": [ "CVE-2021-33204" ] }, "vid": "58b22f3a-bc71-11eb-b9c9-6cc21735f730" }, "details": "PG Partition Manager reports:\n\n> In the pg_partman (aka PG Partition Manager) extension before 4.5.1\n> for PostgreSQL, arbitrary code execution can be achieved via SECURITY\n> DEFINER functions because an explicit search_path is not set.\n", "id": "FreeBSD-2021-0132", "modified": "2021-05-24T00:00:00Z", "published": "2021-05-24T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-33204" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-33204" }, { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-33204" } ], "schema_version": "1.7.0", "summary": "PG Partition Manager -- arbitrary code execution" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "expat" }, "ranges": [ { "events": [ { "fixed": "2.4.1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://blog.hartwork.org/posts/cve-2013-0340-billion-laughs-fixed-in-expat-2-4-0/" ], "discovery": "2013-02-21T00:00:00Z", "references": { "cvename": [ "CVE-2013-0340" ] }, "vid": "5fa90ee6-bc9e-11eb-a287-e0d55e2a8bf9" }, "details": "Kurt Seifried reports:\n\n> So here are the CVE\\'s for the two big ones, libxml2 and expat. Both\n> are affected by the expansion of internal entities (which can be used\n> to consume resources) and external entities (which can cause a denial\n> of service against other services, be used to port scan, etc.).\n>\n> A billion laughs attack is a type of denial-of-service attack which is\n> aimed at parsers of XML documents.\n", "id": "FreeBSD-2021-0131", "modified": "2021-05-24T00:00:00Z", "published": "2021-05-24T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://blog.hartwork.org/posts/cve-2013-0340-billion-laughs-fixed-in-expat-2-4-0/" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2013-0340" }, { "type": "WEB", "url": "https://www.openwall.com/lists/oss-security/2013/02/22/3" }, { "type": "WEB", "url": "https://blog.hartwork.org/posts/cve-2013-0340-billion-laughs-fixed-in-expat-2-4-0/" }, { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-0340" } ], "schema_version": "1.7.0", "summary": "texproc/expat2 -- billion laugh attack" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "libxml2" }, "ranges": [ { "events": [ { "fixed": "2.9.10_4" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://ubuntu.com/security/CVE-2021-3541" ], "discovery": "2021-05-18T00:00:00Z", "references": { "cvename": [ "CVE-2021-3541" ] }, "vid": "524bd03a-bb75-11eb-bf35-080027f515ea" }, "details": "Daniel Veillard reports:\n\n> A flaw was found in libxml2. Exponential entity expansion attack its\n> possible bypassing all existing protection mechanisms and leading to\n> denial of service.\n", "id": "FreeBSD-2021-0130", "modified": "2021-05-23T00:00:00Z", "published": "2021-05-23T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://ubuntu.com/security/CVE-2021-3541" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-3541" }, { "type": "WEB", "url": "https://ubuntu.com/security/CVE-2021-3541" }, { "type": "WEB", "url": "https://gitlab.gnome.org/GNOME/libxml2/-/commit/8598060bacada41a0eb09d95c97744ff4e428f8e" } ], "schema_version": "1.7.0", "summary": "libxml2 -- Possible denial of service" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "postgresql13-server" }, "ranges": [ { "events": [ { "fixed": "13.3" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "postgresql12-server" }, "ranges": [ { "events": [ { "fixed": "12.7" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "postgresql11-server" }, "ranges": [ { "events": [ { "fixed": "11.12" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "postgresql10-server" }, "ranges": [ { "events": [ { "fixed": "10.17" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "postgresql96-server" }, "ranges": [ { "events": [ { "fixed": "9.6.22" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://www.postgresql.org/support/security/CVE-2021-32028/", "https://www.postgresql.org/support/security/CVE-2021-32027/" ], "discovery": "2021-05-13T00:00:00Z", "vid": "62da9702-b4cc-11eb-b9c9-6cc21735f730" }, "details": "The PostgreSQL project reports:\n\n> Memory disclosure in INSERT \\... ON CONFLICT \\... DO UPDATE\n>\n> Using an INSERT \\... ON CONFLICT \\... DO UPDATE command on a\n> purpose-crafted table, an attacker can read arbitrary bytes of server\n> memory. In the default configuration, any authenticated database user\n> can create prerequisite objects and complete this attack at will. A\n> user lacking the CREATE and TEMPORARY privileges on all databases and\n> the CREATE privilege on all schemas cannot use this attack at will..\n\n> Buffer overrun from integer overflow in array subscripting\n> calculations\n>\n> While modifying certain SQL array values, missing bounds checks let\n> authenticated database users write arbitrary bytes to a wide area of\n> server memory.\n", "id": "FreeBSD-2021-0129", "modified": "2021-05-14T00:00:00Z", "published": "2021-05-14T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://www.postgresql.org/support/security/CVE-2021-32028/" }, { "type": "REPORT", "url": "https://www.postgresql.org/support/security/CVE-2021-32027/" }, { "type": "WEB", "url": "https://www.postgresql.org/support/security/CVE-2021-32027/" }, { "type": "WEB", "url": "https://www.postgresql.org/support/security/CVE-2021-32028/" } ], "schema_version": "1.7.0", "summary": "PostgreSQL server -- two security issues" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "postgresql13-server" }, "ranges": [ { "events": [ { "fixed": "13.3" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "postgresql12-server" }, "ranges": [ { "events": [ { "fixed": "12.7" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "postgresql11-server" }, "ranges": [ { "events": [ { "fixed": "11.12" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://www.postgresql.org/support/security/CVE-2021-32029/" ], "discovery": "2021-05-13T00:00:00Z", "vid": "76e0bb86-b4cb-11eb-b9c9-6cc21735f730" }, "details": "The PostgreSQL project reports:\n\n> Using an UPDATE \\... RETURNING on a purpose-crafted partitioned table,\n> an attacker can read arbitrary bytes of server memory. In the default\n> configuration, any authenticated database user can create prerequisite\n> objects and complete this attack at will. A user lacking the CREATE\n> and TEMPORARY privileges on all databases and the CREATE privilege on\n> all schemas typically cannot use this attack at will.\n", "id": "FreeBSD-2021-0128", "modified": "2021-05-14T00:00:00Z", "published": "2021-05-14T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://www.postgresql.org/support/security/CVE-2021-32029/" }, { "type": "WEB", "url": "https://www.postgresql.org/support/security/CVE-2021-32029/" } ], "schema_version": "1.7.0", "summary": "PostgreSQL -- Memory disclosure in partitioned-table UPDATE ... RETURNING" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "prosody" }, "ranges": [ { "events": [ { "fixed": "0.11.9" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://prosody.im/security/advisory_20210512/" ], "discovery": "2021-05-12T00:00:00Z", "references": { "cvename": [ "CVE-2021-32918", "CVE-2021-32920", "CVE-2021-32921", "CVE-2021-32917", "CVE-2021-32919" ] }, "vid": "fc75570a-b417-11eb-a23d-c7ab331fd711" }, "details": "The Prosody security advisory 2021-05-12 reports:\n\n> This advisory details 5 new security vulnerabilities discovered in the\n> Prosody.im XMPP server software. All issues are fixed in the 0.11.9\n> release default configuration.\n>\n> - CVE-2021-32918: DoS via insufficient memory consumption controls\n> - CVE-2021-32920: DoS via repeated TLS renegotiation causing excessive\n> CPU consumption\n> - CVE-2021-32921: Use of timing-dependent string comparison with\n> sensitive values\n> - CVE-2021-32917: Use of mod_proxy65 is unrestricted in default\n> configuration\n> - CVE-2021-32919: Undocumented dialback-without-dialback option\n> insecure\n", "id": "FreeBSD-2021-0127", "modified": "2021-05-13T00:00:00Z", "published": "2021-05-13T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://prosody.im/security/advisory_20210512/" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-32918" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-32920" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-32921" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-32917" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-32919" } ], "schema_version": "1.7.0", "summary": "Prosody -- multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "ImageMagick6" }, "ranges": [ { "events": [ { "fixed": "6.9.12.12,1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "ImageMagick6-nox11" }, "ranges": [ { "events": [ { "fixed": "6.9.12.12,1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=ImageMagick" ], "discovery": "2020-12-17T00:00:00Z", "references": { "cvename": [ "CVE-2020-29599", "CVE-2021-20176", "CVE-2021-20309" ] }, "vid": "3e0ca488-b3f6-11eb-a5f7-a0f3c100ae18" }, "details": "CVE reports:\n\n> Several vulnerabilities have been discovered in ImageMagick:\n>\n> - CVE-2021-20309: A flaw was found in ImageMagick in versions before\n> 6.9.12, where a division by zero in WaveImage() of\n> MagickCore/visual-effects.c may trigger undefined behavior via a\n> crafted image file submitted to an application using ImageMagick.\n> - CVE-2021-20176: A divide-by-zero flaw was found in ImageMagick\n> 6.9.11-57 in gem.c. This flaw allows an attacker who submits a\n> crafted file that is processed by ImageMagick to trigger undefined\n> behavior through a division by zero.\n> - CVE-2020-29599: ImageMagick before 6.9.11-40 mishandles the\n> -authenticate option, which allows setting a password for\n> password-protected PDF files.\n> - And maybe some others...\n", "id": "FreeBSD-2021-0126", "modified": "2021-05-13T00:00:00Z", "published": "2021-05-13T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=ImageMagick" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-29599" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-20176" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-20309" } ], "schema_version": "1.7.0", "summary": "ImageMagick6 -- multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "ImageMagick7" }, "ranges": [ { "events": [ { "fixed": "7.0.11.12" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "ImageMagick7-nox11" }, "ranges": [ { "events": [ { "fixed": "7.0.11.12" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=ImageMagick" ], "discovery": "2020-10-27T00:00:00Z", "references": { "cvename": [ "CVE-2020-27829", "CVE-2020-29599", "CVE-2021-20176", "CVE-2021-20241", "CVE-2021-20243", "CVE-2021-20244", "CVE-2021-20245", "CVE-2021-20246", "CVE-2021-20309", "CVE-2021-20310", "CVE-2021-20311", "CVE-2021-20312", "CVE-2021-20313" ] }, "vid": "a7c60af1-b3f1-11eb-a5f7-a0f3c100ae18" }, "details": "CVE reports:\n\n> Several vulnerabilities have been discovered in ImageMagick:\n>\n> - CVE-2021-20313: A flaw was found in ImageMagick in versions before\n> 7.0.11. A potential cipher leak when the calculate signatures in\n> TransformSignature is possible.\n> - CVE-2021-20312: A flaw was found in ImageMagick in versions 7.0.11,\n> where an integer overflow in WriteTHUMBNAILImage of\n> coders/thumbnail.c may trigger undefined behavior via a crafted\n> image file that is submitted by an attacker and processed by an\n> application using ImageMagick.\n> - CVE-2021-20311: A flaw was found in ImageMagick in versions before\n> 7.0.11, where a division by zero in sRGBTransformImage() in the\n> MagickCore/colorspace.c may trigger undefined behavior via a crafted\n> image file that is submitted by an attacker processed by an\n> application using ImageMagick.\n> - CVE-2021-20310: A flaw was found in ImageMagick in versions before\n> 7.0.11, where a division by zero ConvertXYZToJzazbz() of\n> MagickCore/colorspace.c may trigger undefined behavior via a crafted\n> image file that is submitted by an attacker and processed by an\n> application using ImageMagick.\n> - CVE-2021-20309: A flaw was found in ImageMagick in versions before\n> 7.0.11, where a division by zero in WaveImage() of\n> MagickCore/visual-effects.c may trigger undefined behavior via a\n> crafted image file submitted to an application using ImageMagick.\n> - And several others...\n", "id": "FreeBSD-2021-0125", "modified": "2021-05-13T00:00:00Z", "published": "2021-05-13T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=ImageMagick" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-27829" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-29599" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-20176" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-20241" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-20243" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-20244" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-20245" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-20246" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-20309" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-20310" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-20311" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-20312" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-20313" } ], "schema_version": "1.7.0", "summary": "ImageMagick7 -- multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "py38-pillow" }, "ranges": [ { "events": [ { "fixed": "8.2.0" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://github.com/python-pillow/Pillow/pull/5377/commits/8ec027867f19633d9adfc5c8b7504d9b609fc5f1" ], "discovery": "2021-04-01T00:00:00Z", "references": { "cvename": [ "CVE-2021-25288", "CVE-2021-28675", "CVE-2021-28676", "CVE-2021-28677", "CVE-2021-28678" ] }, "vid": "f947aa26-b2f9-11eb-a5f7-a0f3c100ae18" }, "details": "python-pillow reports:\n\n> This release fixes several vulnerabilities found with \\`OSS-Fuzz\\`.\n>\n> - \\`CVE-2021-25288\\`: Fix OOB read in Jpeg2KDecode. This dates to\n> Pillow 2.4.0.\n> - \\`CVE-2021-28675\\`: Fix DOS in PsdImagePlugin. This dates to the PIL\n> fork.\n> - \\`CVE-2021-28676\\`: Fix FLI DOS. This dates to the PIL fork.\n> - \\`CVE-2021-28677\\`: Fix EPS DOS on \\_open. This dates to the PIL\n> fork.\n> - \\`CVE-2021-28678\\`: Fix BLP DOS. This dates to Pillow 5.1.0.\n> - Fix memory DOS in ImageFont. This dates to the PIL fork.\n", "id": "FreeBSD-2021-0124", "modified": "2021-05-12T00:00:00Z", "published": "2021-05-12T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://github.com/python-pillow/Pillow/pull/5377/commits/8ec027867f19633d9adfc5c8b7504d9b609fc5f1" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-25288" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-28675" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-28676" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-28677" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-28678" } ], "schema_version": "1.7.0", "summary": "Pillow -- multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "chromium" }, "ranges": [ { "events": [ { "fixed": "90.0.4430.212" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://chromereleases.googleblog.com/2021/05/stable-channel-update-for-desktop.html" ], "discovery": "2021-05-10T00:00:00Z", "references": { "cvename": [ "CVE-2021-30506", "CVE-2021-30507", "CVE-2021-30508", "CVE-2021-30509", "CVE-2021-30510", "CVE-2021-30511", "CVE-2021-30512", "CVE-2021-30513", "CVE-2021-30514", "CVE-2021-30515", "CVE-2021-30516", "CVE-2021-30517", "CVE-2021-30518", "CVE-2021-30519", "CVE-2021-30520" ] }, "vid": "3cac007f-b27e-11eb-97a0-e09467587c17" }, "details": "Chrome Releases reports:\n\n> This release contains 19 security fixes, including:\n>\n> - \\[1180126\\] High CVE-2021-30506: Incorrect security UI in Web App\n> Installs. Reported by \\@retsew0x01 on 2021-02-19\n> - \\[1178202\\] High CVE-2021-30507: Inappropriate implementation in\n> Offline. Reported by Alison Huffman, Microsoft Browser Vulnerability\n> Research on 2021-02-14\n> - \\[1195340\\] High CVE-2021-30508: Heap buffer overflow in Media\n> Feeds. Reported by Leecraso and Guang Gong of 360 Alpha Lab on\n> 2021-04-02\n> - \\[1196309\\] High CVE-2021-30509: Out of bounds write in Tab Strip.\n> Reported by David Erceg on 2021-04-06\n> - \\[1197436\\] High CVE-2021-30510: Race in Aura. Reported by Weipeng\n> Jiang (@Krace) from Codesafe Team of Legendsec at Qi\\'anxin Group on\n> 2021-04-09\n> - \\[1197875\\] High CVE-2021-30511: Out of bounds read in Tab Groups.\n> Reported by David Erceg on 2021-04-10\n> - \\[1200019\\] High CVE-2021-30512: Use after free in Notifications.\n> Reported by ZhanJia Song on 2021-04-17\n> - \\[1200490\\] High CVE-2021-30513: Type Confusion in V8. Reported by\n> Man Yue Mo of GitHub Security Lab on 2021-04-19\n> - \\[1200766\\] High CVE-2021-30514: Use after free in Autofill.\n> Reported by koocola (@alo_cook) and Nan Wang (@eternalsakura13) of\n> 360 Alpha Lab on 2021-04-20\n> - \\[1201073\\] High CVE-2021-30515: Use after free in File API.\n> Reported by Rong Jian and Guang Gong of 360 Alpha Lab on 2021-04-21\n> - \\[1201446\\] High CVE-2021-30516: Heap buffer overflow in History.\n> Reported by ZhanJia Song on 2021-04-22\n> - \\[1203122\\] High CVE-2021-30517: Type Confusion in V8. Reported by\n> laural on 2021-04-27\n> - \\[1203590\\] High CVE-2021-30518: Heap buffer overflow in Reader\n> Mode. Reported by Jun Kokatsu, Microsoft Browser Vulnerability\n> Research on 2021-04-28\n> - \\[1194058\\] Medium CVE-2021-30519: Use after free in Payments.\n> Reported by asnine on 2021-03-30\n> - \\[1193362\\] Medium CVE-2021-30520: Use after free in Tab Strip.\n> Reported by Khalil Zhani on 2021-04-03\n", "id": "FreeBSD-2021-0123", "modified": "2021-05-11T00:00:00Z", "published": "2021-05-11T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://chromereleases.googleblog.com/2021/05/stable-channel-update-for-desktop.html" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-30506" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-30507" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-30508" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-30509" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-30510" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-30511" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-30512" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-30513" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-30514" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-30515" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-30516" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-30517" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-30518" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-30519" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-30520" }, { "type": "WEB", "url": "https://chromereleases.googleblog.com/2021/05/stable-channel-update-for-desktop.html" } ], "schema_version": "1.7.0", "summary": "chromium -- multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "py36-matrix-synapse" }, "ranges": [ { "events": [ { "fixed": "1.33.2" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "py37-matrix-synapse" }, "ranges": [ { "events": [ { "fixed": "1.33.2" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "py38-matrix-synapse" }, "ranges": [ { "events": [ { "fixed": "1.33.2" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "py39-matrix-synapse" }, "ranges": [ { "events": [ { "fixed": "1.33.2" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://github.com/matrix-org/synapse/security/advisories/GHSA-x345-32rc-8h85" ], "discovery": "2021-05-11T00:00:00Z", "references": { "cvename": [ "CVE-2021-29471" ] }, "vid": "278561d7-b261-11eb-b788-901b0e934d69" }, "details": "Matrix developers report:\n\n> \\\"Push rules\\\" can specify conditions under which they will match,\n> including event_match, which matches event content against a pattern\n> including wildcards. Certain patterns can cause very poor performance\n> in the matching engine, leading to a denial-of-service when processing\n> moderate length events.\n", "id": "FreeBSD-2021-0122", "modified": "2021-05-11T00:00:00Z", "published": "2021-05-11T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://github.com/matrix-org/synapse/security/advisories/GHSA-x345-32rc-8h85" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-29471" }, { "type": "WEB", "url": "https://github.com/matrix-org/synapse/security/advisories/GHSA-x345-32rc-8h85" } ], "schema_version": "1.7.0", "summary": "py-matrix-synapse -- malicious push rules may be used for a denial of service attack." }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "cyrus-imapd34" }, "ranges": [ { "events": [ { "introduced": "3.4.0" }, { "fixed": "3.4.1" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "cyrus-imapd32" }, "ranges": [ { "events": [ { "introduced": "3.2.0" }, { "fixed": "3.2.7" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://www.cyrusimap.org/imap/download/release-notes/3.4/x/3.4.1.html" ], "discovery": "2021-05-05T00:00:00Z", "references": { "cvename": [ "CVE-2021-32056" ] }, "vid": "12156786-b18a-11eb-8cba-080027b00c2e" }, "details": "Cyrus IMAP 3.4.1 Release Notes states:\n\n> Fixed CVE-2021-32056: Remote authenticated users could bypass intended\n> access restrictions on certain server annotations. Additionally, a\n> long-standing bug in replication did not allow server annotations to\n> be replicated. Combining these two bugs, a remote authenticated user\n> could stall replication, requiring administrator intervention.\n", "id": "FreeBSD-2021-0121", "modified": "2021-05-10T00:00:00Z", "published": "2021-05-10T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://www.cyrusimap.org/imap/download/release-notes/3.4/x/3.4.1.html" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-32056" }, { "type": "ADVISORY", "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-32056" } ], "schema_version": "1.7.0", "summary": "cyrus-imapd -- Remote authenticated users could bypass intended access restrictions on certain server annotations." }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "flac" }, "ranges": [ { "events": [ { "fixed": "1.3.3_1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=17069" ], "discovery": "2019-09-08T00:00:00Z", "references": { "cvename": [ "CVE-2020-0499" ] }, "vid": "49346de2-b015-11eb-9bdf-f8b156b6dcc8" }, "details": "Oss-Fuzz reports:\n\n> There is a possible out of bounds read due to a heap buffer overflow\n> in FLAC\\_\\_bitreader_read_rice_signed_block of bitreader.c.\n", "id": "FreeBSD-2021-0120", "modified": "2021-05-08T00:00:00Z", "published": "2021-05-08T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=17069" }, { "type": "WEB", "url": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=17069" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-0499" } ], "schema_version": "1.7.0", "summary": "FLAC -- out-of-bounds read" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "rubygem-actionpack52" }, "ranges": [ { "events": [ { "fixed": "5.2.6" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "rubygem-actionpack60" }, "ranges": [ { "events": [ { "fixed": "6.0.3.7" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "rubygem-actionpack61" }, "ranges": [ { "events": [ { "fixed": "6.1.3.2" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://weblog.rubyonrails.org/2021/5/5/Rails-versions-6-1-3-2-6-0-3-7-5-2-4-6-and-5-2-6-have-been-released/" ], "discovery": "2021-05-05T00:00:00Z", "references": { "cvename": [ "CVE-2021-22885", "CVE-2021-22902", "CVE-2021-22903", "CVE-2021-22904" ] }, "vid": "f7a00ad7-ae75-11eb-8113-08002728f74c" }, "details": "Ruby on Rails blog:\n\n> Rails versions 6.1.3.2, 6.0.3.7, and 5.2.6 have been released! These\n> releases contain important security fixes. Here is a list of the\n> issues fixed:\n>\n> CVE-2021-22885: Possible Information Disclosure / Unintended Method\n> Execution in Action Pack\n>\n> CVE-2021-22902: Possible Denial of Service vulnerability in Action\n> Dispatch\n>\n> CVE-2021-22903: Possible Open Redirect Vulnerability in Action Pack\n>\n> CVE-2021-22904: Possible DoS Vulnerability in Action Controller Token\n> Authentication\n", "id": "FreeBSD-2021-0119", "modified": "2021-05-07T00:00:00Z", "published": "2021-05-07T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://weblog.rubyonrails.org/2021/5/5/Rails-versions-6-1-3-2-6-0-3-7-5-2-4-6-and-5-2-6-have-been-released/" }, { "type": "WEB", "url": "https://weblog.rubyonrails.org/2021/5/5/Rails-versions-6-1-3-2-6-0-3-7-5-2-4-6-and-5-2-6-have-been-released/" }, { "type": "WEB", "url": "https://discuss.rubyonrails.org/t/cve-2021-22885-possible-information-disclosure-unintended-method-execution-in-action-pack/77868" }, { "type": "WEB", "url": "https://discuss.rubyonrails.org/t/cve-2021-22902-possible-denial-of-service-vulnerability-in-action-dispatch/77866" }, { "type": "WEB", "url": "https://discuss.rubyonrails.org/t/cve-2021-22903-possible-open-redirect-vulnerability-in-action-pack/77867" }, { "type": "WEB", "url": "https://discuss.rubyonrails.org/t/cve-2021-22904-possible-dos-vulnerability-in-action-controller-token-authentication/77869" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-22885" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-22902" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-22903" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-22904" } ], "schema_version": "1.7.0", "summary": "Rails -- multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "go" }, "ranges": [ { "events": [ { "fixed": "1.16.4,1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://github.com/golang/go/issues/45710" ], "discovery": "2021-04-22T00:00:00Z", "references": { "cvename": [ "CVE-2021-31525" ] }, "vid": "7f242313-aea5-11eb-8151-67f74cf7c704" }, "details": "The Go project reports:\n\n> http.ReadRequest can stack overflow due to recursion when given a\n> request with a very large header (\\~8-10MB depending on the\n> architecture). A http.Server which overrides the default max header of\n> 1MB by setting Server.MaxHeaderBytes to a much larger value could also\n> be vulnerable in the same way.\n", "id": "FreeBSD-2021-0118", "modified": "2021-05-06T00:00:00Z", "published": "2021-05-06T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://github.com/golang/go/issues/45710" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-31525" }, { "type": "WEB", "url": "https://github.com/golang/go/issues/45710" } ], "schema_version": "1.7.0", "summary": "go -- net/http: ReadRequest can stack overflow due to recursion with very large headers" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "py36-ansible" }, "ranges": [ { "events": [ { "introduced": "2.9.0" }, { "last_affected": "2.9.9" }, { "fixed": "2.9.9" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "py37-ansible" }, "ranges": [ { "events": [ { "introduced": "2.9.0" }, { "last_affected": "2.9.9" }, { "fixed": "2.9.9" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "py38-ansible" }, "ranges": [ { "events": [ { "introduced": "2.9.0" }, { "last_affected": "2.9.9" }, { "fixed": "2.9.9" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "py39-ansible" }, "ranges": [ { "events": [ { "introduced": "2.9.0" }, { "last_affected": "2.9.9" }, { "fixed": "2.9.9" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "py36-ansible27" }, "ranges": [ { "events": [ { "introduced": "2.9.0" }, { "last_affected": "2.9.9" }, { "fixed": "2.9.9" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "py37-ansible27" }, "ranges": [ { "events": [ { "introduced": "2.7.0" }, { "last_affected": "2.7.18" }, { "fixed": "2.7.18" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "py38-ansible27" }, "ranges": [ { "events": [ { "introduced": "2.7.0" }, { "last_affected": "2.7.18" }, { "fixed": "2.7.18" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "py39-ansible27" }, "ranges": [ { "events": [ { "introduced": "2.7.0" }, { "last_affected": "2.7.18" }, { "fixed": "2.7.18" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "py36-ansible28" }, "ranges": [ { "events": [ { "introduced": "2.8.0" }, { "last_affected": "2.8.12" }, { "fixed": "2.8.12" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "py37-ansible28" }, "ranges": [ { "events": [ { "introduced": "2.8.0" }, { "last_affected": "2.8.12" }, { "fixed": "2.8.12" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "py38-ansible28" }, "ranges": [ { "events": [ { "introduced": "2.8.0" }, { "last_affected": "2.8.12" }, { "fixed": "2.8.12" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "py39-ansible28" }, "ranges": [ { "events": [ { "introduced": "2.8.0" }, { "last_affected": "2.8.12" }, { "fixed": "2.8.12" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://nvd.nist.gov/vuln/detail/CVE-2020-10744" ], "discovery": "2020-05-15T00:00:00Z", "references": { "cvename": [ "CVE-2020-10744" ] }, "vid": "50ec3a01-ad77-11eb-8528-8c164582fbac" }, "details": "NVD reports:\n\n> An incomplete fix was found for the fix of the flaw CVE-2020-1733\n> ansible: insecure temporary directory when running become_user from\n> become directive. The provided fix is insufficient to prevent the race\n> condition on systems using ACLs and FUSE filesystems..\n", "id": "FreeBSD-2021-0117", "modified": "2021-05-05T00:00:00Z", "published": "2021-05-05T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-10744" }, { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-10744" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-10744" } ], "schema_version": "1.7.0", "summary": "Ansible -- Insecure Temporary File" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "py36-django22" }, "ranges": [ { "events": [ { "fixed": "2.2.21" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "py37-django22" }, "ranges": [ { "events": [ { "fixed": "2.2.21" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "py38-django22" }, "ranges": [ { "events": [ { "fixed": "2.2.21" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "py39-django22" }, "ranges": [ { "events": [ { "fixed": "2.2.21" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "py36-django31" }, "ranges": [ { "events": [ { "fixed": "3.1.9" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "py37-django31" }, "ranges": [ { "events": [ { "fixed": "3.1.9" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "py38-django31" }, "ranges": [ { "events": [ { "fixed": "3.1.9" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "py39-django31" }, "ranges": [ { "events": [ { "fixed": "3.1.9" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "py36-django32" }, "ranges": [ { "events": [ { "fixed": "3.2.1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "py37-django32" }, "ranges": [ { "events": [ { "fixed": "3.2.1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "py38-django32" }, "ranges": [ { "events": [ { "fixed": "3.2.1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "py39-django32" }, "ranges": [ { "events": [ { "fixed": "3.2.1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://www.djangoproject.com/weblog/2021/may/04/security-releases/" ], "discovery": "2021-04-22T00:00:00Z", "references": { "cvename": [ "CVE-2021-31542" ] }, "vid": "1766359c-ad6e-11eb-b2a4-080027e50e6d" }, "details": "Django Release reports:\n\n> CVE-2021-31542:Potential directory-traversal via uploaded files.\n>\n> MultiPartParser, UploadedFile, and FieldFile allowed\n> directory-traversal via uploaded files with suitably crafted file\n> names.\n", "id": "FreeBSD-2021-0116", "modified": "2021-05-05T00:00:00Z", "published": "2021-05-05T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://www.djangoproject.com/weblog/2021/may/04/security-releases/" }, { "type": "WEB", "url": "https://www.djangoproject.com/weblog/2021/may/04/security-releases/" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-31542" } ], "schema_version": "1.7.0", "summary": "Django -- multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "python38" }, "ranges": [ { "events": [ { "fixed": "3.8.10" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "python39" }, "ranges": [ { "events": [ { "fixed": "3.9.5" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://docs.python.org/3/whatsnew/changelog.html#changelog" ], "discovery": "2021-03-08T00:00:00Z", "vid": "bffa40db-ad50-11eb-86b8-080027846a02" }, "details": "Python reports:\n\n> bpo-43434: Creating a sqlite3.Connection object now also produces a\n> sqlite3.connect auditing event. Previously this event was only\n> produced by sqlite3.connect() calls. Patch by Erlend E. Aasland.\n>\n> bpo-43882: The presence of newline or tab characters in parts of a URL\n> could allow some forms of attacks.Following the controlling\n> specification for URLs defined by WHATWG urllib.parse() now removes A\n> SCII newlines and tabs from URLs, preventing such attacks.\n>\n> bpo-43472: Ensures interpreter-level audit hooks receive the cpython.\n> PyInterpreterState_New event when called through the\n> \\_xxsubinterpreters module.\n>\n> bpo-36384: ipaddress module no longer accepts any leading zeros in\n> IPv4 address strings. Leading zeros are ambiguous and interpreted as\n> octal notation by some libraries. For example the legacy function\n> socket.inet_aton() treats leading zeros as octal notatation. glibc\n> implementation of modern inet_pton() does not accept any leading\n> zeros. For a while the ipaddress module used to accept ambiguous\n> leading zeros.\n>\n> bpo-43075: Fix Regular Expression Denial of Service (ReDoS)\n> vulnerability in urllib.request.AbstractBasicAuthHandler. The\n> ReDoS-vulnerable regex has quadratic worst-case complexity and it\n> allows cause a denial of service when identifying crafted invalid\n> RFCs. This ReDoS issue is on the client side and needs remote\n> attackers to control the HTTP server.\n>\n> bpo-42800: Audit hooks are now fired for frame.f_code,\n> traceback.tb_frame, and generator code/frame attribute access.\n", "id": "FreeBSD-2021-0115", "modified": "2021-05-05T00:00:00Z", "published": "2021-05-05T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://docs.python.org/3/whatsnew/changelog.html#changelog" }, { "type": "WEB", "url": "https://docs.python.org/3/whatsnew/changelog.html#changelog" }, { "type": "WEB", "url": "https://docs.python.org/3.8/whatsnew/changelog.html#changelog" } ], "schema_version": "1.7.0", "summary": "Python -- multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "redis" }, "ranges": [ { "events": [ { "introduced": "6.0.0" }, { "fixed": "6.0.13" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "redis-devel" }, "ranges": [ { "events": [ { "introduced": "6.2.0" }, { "fixed": "6.2.3" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://groups.google.com/g/redis-db/c/6GSWzTW0PR8" ], "discovery": "2021-05-03T00:00:00Z", "references": { "cvename": [ "CVE-2021-29477", "CVE-2021-29478" ] }, "vid": "1606b03b-ac57-11eb-9bdd-8c164567ca3c" }, "details": "Redis project reports:\n\n> \n>\n> Vulnerability in the STRALGO LCS command\n> : An integer overflow bug in Redis version 6.0 or newer could be\n> exploited using the STRALGO LCS command to corrupt the heap and\n> potentially result with remote code execution.\n>\n> Vulnerability in the COPY command for large intsets\n> : An integer overflow bug in Redis 6.2 could be exploited to corrupt\n> the heap and potentially result with remote code execution. The\n> vulnerability involves changing the default set-max-intset-entries\n> configuration value, creating a large set key that consists of\n> integer values and using the COPY command to duplicate it. The\n> integer overflow bug exists in all versions of Redis starting with\n> 2.6, where it could result with a corrupted RDB or DUMP payload,\n> but not exploited through COPY (which did not exist before 6.2).\n", "id": "FreeBSD-2021-0114", "modified": "2021-05-03T00:00:00Z", "published": "2021-05-03T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://groups.google.com/g/redis-db/c/6GSWzTW0PR8" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-29477" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-29478" }, { "type": "WEB", "url": "https://groups.google.com/g/redis-db/c/6GSWzTW0PR8" } ], "schema_version": "1.7.0", "summary": "redis -- multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "rubygem-rdoc" }, "ranges": [ { "events": [ { "fixed": "6.3.1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://www.ruby-lang.org/en/news/2021/05/02/os-command-injection-in-rdoc/" ], "discovery": "2021-05-02T00:00:00Z", "references": { "cvename": [ "CVE-2021-31799" ] }, "vid": "57027417-ab7f-11eb-9596-080027f515ea" }, "details": "Alexandr Savca reports:\n\n> RDoc used to call Kernel#open to open a local file. If a Ruby project\n> has a file whose name starts with \\| and ends with tags, the command\n> following the pipe character is executed. A malicious Ruby project\n> could exploit it to run an arbitrary command execution against a user\n> who attempts to run rdoc command.\n", "id": "FreeBSD-2021-0113", "modified": "2021-05-02T00:00:00Z", "published": "2021-05-02T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://www.ruby-lang.org/en/news/2021/05/02/os-command-injection-in-rdoc/" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-31799" }, { "type": "WEB", "url": "https://www.ruby-lang.org/en/news/2021/05/02/os-command-injection-in-rdoc/" } ], "schema_version": "1.7.0", "summary": "RDoc -- command injection vulnerability" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "sympa" }, "ranges": [ { "events": [ { "fixed": "6.2.60" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://github.com/sympa-community/sympa/issues/1041" ], "discovery": "2020-11-24T00:00:00Z", "references": { "cvename": [ "CVE-2020-29668" ] }, "vid": "0add6e6b-6883-11eb-b0cb-f8b156c2bfe9" }, "details": "Sympa community reports:\n\n> Unauthorised full access via SOAP API due to illegal cookie\n", "id": "FreeBSD-2021-0112", "modified": "2021-02-06T00:00:00Z", "published": "2021-02-06T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://github.com/sympa-community/sympa/issues/1041" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-29668" }, { "type": "WEB", "url": "https://sympa-community.github.io/security/2020-003.html" } ], "schema_version": "1.7.0", "summary": "sympa -- Unauthorised full access via SOAP API due to illegal cookie" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "samba412" }, "ranges": [ { "events": [ { "fixed": "4.12.15" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "samba413" }, "ranges": [ { "events": [ { "fixed": "4.13.8" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "samba414" }, "ranges": [ { "events": [ { "fixed": "4.14.4" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://www.samba.org/samba/history/security.html" ], "discovery": "2021-04-29T00:00:00Z", "references": { "cvename": [ "CVE-2021-20254" ] }, "vid": "6f33d38b-aa18-11eb-b3f1-005056a311d1" }, "details": "The Samba Team reports:\n\n> - CVE-2021-20254: Negative idmap cache entries can cause incorrect\n> group entries in the Samba file server process token.\n", "id": "FreeBSD-2021-0111", "modified": "2021-05-01T00:00:00Z", "published": "2021-05-01T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://www.samba.org/samba/history/security.html" }, { "type": "WEB", "url": "https://www.samba.org/samba/security/CVE-2021-20254.html" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-20254" } ], "schema_version": "1.7.0", "summary": "samba -- negative idmap cache entries vulnerability" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "gitlab-ce" }, "ranges": [ { "events": [ { "introduced": "13.11.0" }, { "fixed": "13.11.2" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "13.10.0" }, { "fixed": "13.10.4" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "11.6.0" }, { "fixed": "13.9.7" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://about.gitlab.com/releases/2021/04/28/security-release-gitlab-13-11-2-released/" ], "discovery": "2021-04-28T00:00:00Z", "references": { "cvename": [ "CVE-2021-22209", "CVE-2021-22206", "CVE-2021-22210", "CVE-2021-22208", "CVE-2021-22211" ] }, "vid": "518a119c-a864-11eb-8ddb-001b217b3468" }, "details": "Gitlab reports:\n\n> Read API scoped tokens can execute mutations\n>\n> Pull mirror credentials were exposed\n>\n> Denial of Service when querying repository branches API\n>\n> Non-owners can set system_note_timestamp when creating / updating\n> issues\n>\n> DeployToken will impersonate a User with the same ID when using\n> Dependency Proxy\n", "id": "FreeBSD-2021-0110", "modified": "2021-04-28T00:00:00Z", "published": "2021-04-28T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://about.gitlab.com/releases/2021/04/28/security-release-gitlab-13-11-2-released/" }, { "type": "WEB", "url": "https://about.gitlab.com/releases/2021/04/28/security-release-gitlab-13-11-2-released/" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-22209" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-22206" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-22210" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-22208" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-22211" } ], "schema_version": "1.7.0", "summary": "Gitlab -- Vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "rubygem-carrierwave" }, "ranges": [ { "events": [ { "fixed": "1.3.2" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://github.com/carrierwaveuploader/carrierwave/blob/master/CHANGELOG.md#132---2021-02-08" ], "discovery": "2021-02-08T00:00:00Z", "references": { "cvename": [ "CVE-2021-21288", "CVE-2021-21305" ] }, "vid": "76a07f31-a860-11eb-8ddb-001b217b3468" }, "details": "Community reports:\n\n> Fix Code Injection vulnerability in CarrierWave::RMagick\n>\n> Fix SSRF vulnerability in the remote file download feature\n", "id": "FreeBSD-2021-0109", "modified": "2021-04-28T00:00:00Z", "published": "2021-04-28T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://github.com/carrierwaveuploader/carrierwave/blob/master/CHANGELOG.md#132---2021-02-08" }, { "type": "WEB", "url": "https://github.com/carrierwaveuploader/carrierwave/blob/master/CHANGELOG.md#132---2021-02-08" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-21288" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-21305" } ], "schema_version": "1.7.0", "summary": "Carrierwave -- Multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "sympa" }, "ranges": [ { "events": [ { "fixed": "6.2.62" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://sympa-community.github.io/security/2021-001.html" ], "discovery": "2021-04-27T00:00:00Z", "vid": "31a7ffb1-a80a-11eb-b159-f8b156c2bfe9" }, "details": "Earlier versions of Sympa require a parameter named cookie in sympa.conf\nconfiguration file.\n\n> This parameter was used to make some identifiers generated by the\n> system unpredictable. For example, it was used as following:\n>\n> - To be used as a salt to encrypt passwords stored in the database by\n> the RC4 symmetric key algorithm.\n>\n> Note that RC4 is no longer considered secure enough and is not\n> supported in the current version of Sympa.\n>\n> - To prevent attackers from sending crafted messages to achieve XSS\n> and so on in message archives.\n>\n> There were the following problems with the use of this parameter.\n>\n> 1. This parameter, for its purpose, should be different for each\n> installation, and once set, it cannot be changed. As a result,\n> some sites have been operating without setting this parameter.\n> This completely invalidates the security measures described above.\n> 2. Even if this parameter is properly set, it may be considered not\n> being strong enough against brute force attacks.\n", "id": "FreeBSD-2021-0108", "modified": "2021-04-27T00:00:00Z", "published": "2021-04-27T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://sympa-community.github.io/security/2021-001.html" }, { "type": "WEB", "url": "https://sympa-community.github.io/security/2021-001.html" } ], "schema_version": "1.7.0", "summary": "sympa -- Inappropriate use of the cookie parameter can be a security threat. This parameter may also not provide sufficient security." }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "chromium" }, "ranges": [ { "events": [ { "fixed": "90.0.4430.93" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://chromereleases.googleblog.com/2021/04/stable-channel-update-for-desktop_26.html" ], "discovery": "2021-04-26T00:00:00Z", "references": { "cvename": [ "CVE-2021-21227", "CVE-2021-21228", "CVE-2021-21229", "CVE-2021-21230", "CVE-2021-21231", "CVE-2021-21232", "CVE-2021-21233" ] }, "vid": "9fba80e0-a771-11eb-97a0-e09467587c17" }, "details": "Chrome Releases reports:\n\n> This release contains 9 security fixes, including:\n>\n> - \\[1199345\\] High CVE-2021-21227: Insufficient data validation in V8.\n> Reported by Gengming Liu of Singular Security Lab on 2021-04-15\n> - \\[1175058\\] High CVE-2021-21232: Use after free in Dev Tools.\n> Reported by Abdulrahman Alqabandi, Microsoft Browser Vulnerability\n> Research on 2021-02-05\n> - \\[1182937\\] High CVE-2021-21233: Heap buffer overflow in ANGLE.\n> Reported by Omair on 2021-02-26\n> - \\[1139156\\] Medium CVE-2021-21228: Insufficient policy enforcement\n> in extensions. Reported by Rob Wu on 2020-10-16\n> - \\[\\$TBD\\]\\[1198165\\] Medium CVE-2021-21229: Incorrect security UI in\n> downloads. Reported by Mohit Raj (shadow2639) on 2021-04-12\n> - \\[1198705\\] Medium CVE-2021-21230: Type Confusion in V8. Reported by\n> Manfred Paul on 2021-04-13\n> - \\[1198696\\] Low CVE-2021-21231: Insufficient data validation in V8.\n> Reported by Sergei Glazunov of Google Project Zero on 2021-04-13\n", "id": "FreeBSD-2021-0107", "modified": "2021-04-27T00:00:00Z", "published": "2021-04-27T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://chromereleases.googleblog.com/2021/04/stable-channel-update-for-desktop_26.html" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-21227" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-21228" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-21229" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-21230" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-21231" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-21232" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-21233" }, { "type": "WEB", "url": "https://chromereleases.googleblog.com/2021/04/stable-channel-update-for-desktop_26.html" } ], "schema_version": "1.7.0", "summary": "chromium -- multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "shibboleth-sp" }, "ranges": [ { "events": [ { "introduced": "3.0.0" }, { "fixed": "3.2.1_1" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://shibboleth.net/community/advisories/secadv_20210426.txt" ], "discovery": "2021-04-23T00:00:00Z", "vid": "e4403051-a667-11eb-b9c9-6cc21735f730" }, "details": "Shibboleth project reports:\n\n> Session recovery feature contains a null pointer deference.\n>\n> The cookie-based session recovery feature added in V3.0 contains a\n> flaw that is exploitable on systems \\*not\\* using the feature if a\n> specially crafted cookie is supplied.\n>\n> This manifests as a crash in the shibd daemon/service process.\n>\n> Because it is very simple to trigger this condition remotely, it\n> results in a potential denial of service condition exploitable by a\n> remote, unauthenticated attacker.\n", "id": "FreeBSD-2021-0106", "modified": "2021-04-26T00:00:00Z", "published": "2021-04-26T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://shibboleth.net/community/advisories/secadv_20210426.txt" }, { "type": "WEB", "url": "https://shibboleth.net/community/advisories/secadv_20210426.txt" } ], "schema_version": "1.7.0", "summary": "sbibboleth-sp -- denial of service vulnerability" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "zeek" }, "ranges": [ { "events": [ { "fixed": "4.0.1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://github.com/zeek/zeek/releases/tag/v4.0.1" ], "discovery": "2021-04-01T00:00:00Z", "vid": "bc83cfc9-42cf-4b00-97ad-d352ba0c5e2b" }, "details": "Jon Siwek of Corelight reports:\n\n> Fix null-pointer dereference when encountering an invalid enum name in\n> a config/input file that tries to read it into a set\\[enum\\]. For\n> those that have such an input feed whose contents may come from\n> external/remote sources, this is a potential DoS vulnerability.\n", "id": "FreeBSD-2021-0105", "modified": "2021-04-21T00:00:00Z", "published": "2021-04-21T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://github.com/zeek/zeek/releases/tag/v4.0.1" }, { "type": "WEB", "url": "https://github.com/zeek/zeek/releases/tag/v4.0.1" } ], "schema_version": "1.7.0", "summary": "zeek -- null-pointer dereference vulnerability" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "openvpn" }, "ranges": [ { "events": [ { "fixed": "2.5.2" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "openvpn-mbedtls" }, "ranges": [ { "events": [ { "fixed": "2.5.2" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://community.openvpn.net/openvpn/wiki/CVE-2020-15078" ], "discovery": "2021-03-02T00:00:00Z", "references": { "cvename": [ "CVE-2020-15078" ] }, "vid": "efb965be-a2c0-11eb-8956-1951a8617e30" }, "details": "Gert D\u00f6ring reports:\n\n> OpenVPN 2.5.1 and earlier versions allows a remote attackers to bypass\n> authentication and access control channel data on servers configured\n> with deferred authentication, which can be used to potentially trigger\n> further information leaks.\n", "id": "FreeBSD-2021-0104", "modified": "2021-04-21T00:00:00Z", "published": "2021-04-21T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://community.openvpn.net/openvpn/wiki/CVE-2020-15078" }, { "type": "WEB", "url": "https://community.openvpn.net/openvpn/wiki/CVE-2020-15078" }, { "type": "WEB", "url": "https://github.com/OpenVPN/openvpn/blob/release/2.5/Changes.rst#overview-of-changes-in-252" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-15078" } ], "schema_version": "1.7.0", "summary": "openvpn -- deferred authentication can be bypassed in specific circumstances" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "chromium" }, "ranges": [ { "events": [ { "fixed": "90.0.4430.85" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://chromereleases.googleblog.com/2021/04/stable-channel-update-for-desktop_20.html" ], "discovery": "2021-04-20T00:00:00Z", "references": { "cvename": [ "CVE-2021-21222", "CVE-2021-21223", "CVE-2021-21224", "CVE-2021-21225", "CVE-2021-21226" ] }, "vid": "cb13a765-a277-11eb-97a0-e09467587c17" }, "details": "Chrome Reelases reports:\n\n> This release includes 7 security fixes, including:\n>\n> - 1194046\\] High CVE-2021-21222: Heap buffer overflow in V8. Reported\n> by Guang Gong of Alpha Lab, Qihoo 360 on 2021-03-30\n> - \\[1195308\\] High CVE-2021-21223: Integer overflow in Mojo. Reported\n> by Guang Gong of Alpha Lab, Qihoo 360 on 2021-04-02\n> - \\[1195777\\] High CVE-2021-21224: Type Confusion in V8. Reported by\n> Jose Martinez (tr0y4) from VerSprite Inc. on 2021-04-05\n> - \\[1195977\\] High CVE-2021-21225: Out of bounds memory access in V8.\n> Reported by Brendon Tiszka (@btiszka) supporting the EFF on\n> 2021-04-05\n> - \\[1197904\\] High CVE-2021-21226: Use after free in navigation.\n> Reported by Brendon Tiszka (@btiszka) supporting the EFF on\n> 2021-04-11\n", "id": "FreeBSD-2021-0103", "modified": "2021-04-21T00:00:00Z", "published": "2021-04-21T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://chromereleases.googleblog.com/2021/04/stable-channel-update-for-desktop_20.html" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-21222" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-21223" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-21224" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-21225" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-21226" }, { "type": "WEB", "url": "https://chromereleases.googleblog.com/2021/04/stable-channel-update-for-desktop_20.html" } ], "schema_version": "1.7.0", "summary": "chromium -- multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "jenkins" }, "ranges": [ { "events": [ { "fixed": "2.286" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "jenkins-lts" }, "ranges": [ { "events": [ { "fixed": "2.277.3" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://www.jenkins.io/security/advisory/2021-04-20/" ], "discovery": "2021-04-20T00:00:00Z", "references": { "cvename": [ "CVE-2021-28165" ] }, "vid": "e358b470-b37d-4e47-bc8a-2cd9adbeb63c" }, "details": "Jenkins Security Advisory:\n\n> # Description\n>\n> ##### (High) JENKINS-65280 / CVE-2021-28165\n>\n> Denial of service vulnerability in bundled Jetty\n", "id": "FreeBSD-2021-0102", "modified": "2021-04-20T00:00:00Z", "published": "2021-04-20T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://www.jenkins.io/security/advisory/2021-04-20/" }, { "type": "WEB", "url": "https://www.jenkins.io/security/advisory/2021-04-20/" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-28165" } ], "schema_version": "1.7.0", "summary": "jenkins -- Denial of service vulnerability in bundled Jetty" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "mariadb103-server" }, "ranges": [ { "events": [ { "fixed": "10.3.29" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "mariadb104-server" }, "ranges": [ { "events": [ { "fixed": "10.4.19" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "mariadb105-server" }, "ranges": [ { "events": [ { "fixed": "10.5.10" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "mysql56-server" }, "ranges": [ { "events": [ { "fixed": "5.6.52" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "mysql57-server" }, "ranges": [ { "events": [ { "fixed": "5.7.34" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "mysql80-server" }, "ranges": [ { "events": [ { "fixed": "8.0.24" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://www.oracle.com/security-alerts/cpuapr2021.html" ], "discovery": "2021-04-20T00:00:00Z", "references": { "cvename": [ "CVE-2020-8277", "CVE-2020-1971", "CVE-2021-3449", "CVE-2020-28196", "CVE-2021-23841", "CVE-2021-2144", "CVE-2021-2172", "CVE-2021-2298", "CVE-2021-2178", "CVE-2021-2202", "CVE-2021-2307", "CVE-2021-2304", "CVE-2021-2180", "CVE-2021-2194", "CVE-2021-2154", "CVE-2021-2166", "CVE-2021-2196", "CVE-2021-2300", "CVE-2021-2305", "CVE-2021-2179", "CVE-2021-2226", "CVE-2021-2160", "CVE-2021-2164", "CVE-2021-2169", "CVE-2021-2170", "CVE-2021-2193", "CVE-2021-2203", "CVE-2021-2212", "CVE-2021-2213", "CVE-2021-2278", "CVE-2021-2299", "CVE-2021-2230", "CVE-2021-2146", "CVE-2021-2201", "CVE-2021-2208", "CVE-2021-2215", "CVE-2021-2217", "CVE-2021-2293", "CVE-2021-2174", "CVE-2021-2171", "CVE-2021-2162", "CVE-2021-2301", "CVE-2021-2308", "CVE-2021-2232" ] }, "vid": "56ba4513-a1be-11eb-9072-d4c9ef517024" }, "details": "Oracle reports:\n\n> This Critical Patch Update contains 49 new security patches for Oracle\n> MySQL. 10 of these vulnerabilities may be remotely exploitable without\n> authentication, i.e., may be exploited over a network without\n> requiring user credentials.\\\n> The highest CVSS v3.1 Base Score of vulnerabilities affecting Oracle\n> MySQL is 9.8.\n>\n> MariaDB is affected by CVE-2021-2166 and CVE-2021-2154 only\n", "id": "FreeBSD-2021-0101", "modified": "2021-05-04T00:00:00Z", "published": "2021-04-20T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://www.oracle.com/security-alerts/cpuapr2021.html" }, { "type": "WEB", "url": "https://www.oracle.com/security-alerts/cpuapr2021.html" }, { "type": "WEB", "url": "https://mariadb.com/kb/en/mariadb-10510-release-notes/" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-8277" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-1971" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-3449" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-28196" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-23841" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-2144" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-2172" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-2298" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-2178" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-2202" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-2307" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-2304" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-2180" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-2194" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-2154" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-2166" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-2196" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-2300" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-2305" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-2179" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-2226" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-2160" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-2164" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-2169" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-2170" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-2193" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-2203" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-2212" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-2213" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-2278" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-2299" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-2230" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-2146" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-2201" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-2208" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-2215" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-2217" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-2293" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-2174" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-2171" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-2162" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-2301" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-2308" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-2232" } ], "schema_version": "1.7.0", "summary": "MySQL -- Multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "apache-openoffice" }, "ranges": [ { "events": [ { "fixed": "4.1.10" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "apache-openoffice-devel" }, "ranges": [ { "events": [ { "fixed": "4.2.1619649022,4" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30245" ], "discovery": "2021-01-25T00:00:00Z", "references": { "cvename": [ "CVE-2021-30245" ] }, "vid": "e87c2647-a188-11eb-8806-1c1b0d9ea7e6" }, "details": "The Apache Openofffice project reports:\n\n> The project received a report that all versions of Apache OpenOffice\n> through 4.1.8 can open non-http(s) hyperlinks. The problem has existed\n> since about 2006 and the issue is also in 4.1.9. If the link is\n> specifically crafted this could lead to untrusted code execution. It\n> is always best practice to be careful opening documents from unknown\n> and unverified sources. The mitigation in Apache OpenOffice 4.1.10\n> (unreleased) assures that a security warning is displayed giving the\n> user the option of continuing to open the hyperlink.\n", "id": "FreeBSD-2021-0100", "modified": "2021-04-20T00:00:00Z", "published": "2021-04-20T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30245" }, { "type": "ADVISORY", "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30245" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-30245" } ], "schema_version": "1.7.0", "summary": "All versions of Apache OpenOffice through 4.1.9 can open non-http(s) hyperlinks. If the link is specifically crafted this could lead to untrusted code execution." }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "maven" }, "ranges": [ { "events": [ { "fixed": "3.8.1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "http://maven.apache.org/docs/3.8.1/release-notes.html#cve-2021-26291" ], "discovery": "2021-04-04T00:00:00Z", "references": { "cvename": [ "CVE-2021-26291", "CVE-2020-13956" ] }, "vid": "20006b5f-a0bc-11eb-8ae6-fc4dd43e2b6a" }, "details": "The Apache Maven project reports:\n\n> We received a report from Jonathan Leitschuh about a vulnerability of\n> custom repositories in dependency POMs. We\\'ve split this up into\n> three separate issues:\n>\n> - Possible Man-In-The-Middle-Attack due to custom repositories using\n> HTTP. More and more repositories use HTTPS nowadays, but this\n> hasn\\'t always been the case. This means that Maven Central contains\n> POMs with custom repositories that refer to a URL over HTTP. This\n> makes downloads via such repository a target for a MITM attack. At\n> the same time, developers are probably not aware that for some\n> downloads an insecure URL is being used. Because uploaded POMs to\n> Maven Central are immutable, a change for Maven was required. To\n> solve this, we extended the mirror configuration with blocked\n> parameter, and we added a new external:http:\\* mirror selector (like\n> existing external:\\*), meaning \\\"any external URL using HTTP\\\". The\n> decision was made to block such external HTTP repositories by\n> default: this is done by providing a mirror in the conf/settings.xml\n> blocking insecure HTTP external URLs.\n> - Possible Domain Hijacking due to custom repositories using abandoned\n> domains Sonatype has analyzed which domains were abandoned and has\n> claimed these domains.\n> - Possible hijacking of downloads by redirecting to custom\n> repositories This one was the hardest to analyze and explain. The\n> short story is: you\\'re safe, dependencies are only downloaded from\n> repositories within their context. So there are two main questions:\n> what is the context and what is the order? The order is described on\n> the Repository Order page. The first group of repositories are\n> defined in the settings.xml (both user and global). The second group\n> of repositories are based on inheritence, with ultimately the super\n> POM containing the URL to Maven Central. The third group is the most\n> complex one but is important to understand the term context:\n> repositories from the effective POMs from the dependency path to the\n> artifact. So if a dependency was defined by another dependency or by\n> a Maven project, it will also include their repositories. In the end\n> this is not a bug, but a design feature.\n", "id": "FreeBSD-2021-0099", "modified": "2021-04-19T00:00:00Z", "published": "2021-04-19T00:00:00Z", "references": [ { "type": "REPORT", "url": "http://maven.apache.org/docs/3.8.1/release-notes.html#cve-2021-26291" }, { "type": "WEB", "url": "http://maven.apache.org/docs/3.8.1/release-notes.html#cve-2021-26291" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-26291" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-13956" } ], "schema_version": "1.7.0", "summary": "Apache Maven -- multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "consul" }, "ranges": [ { "events": [ { "fixed": "1.9.5" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://github.com/hashicorp/consul/releases/tag/v1.9.5" ], "discovery": "2021-04-15T00:00:00Z", "references": { "cvename": [ "CVE-2020-25864", "CVE-2021-28156" ] }, "vid": "093a6baf-9f99-11eb-b150-000c292ee6b8" }, "details": "Hashicorp reports:\n\n> Add content-type headers to raw KV responses to prevent XSS attacks\n> (CVE-2020-25864). audit-logging: Parse endpoint URL to prevent\n> requests from bypassing the audit log (CVE-2021-28156).\n", "id": "FreeBSD-2021-0098", "modified": "2021-04-17T00:00:00Z", "published": "2021-04-17T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://github.com/hashicorp/consul/releases/tag/v1.9.5" }, { "type": "WEB", "url": "https://github.com/hashicorp/consul/releases/tag/v1.9.5" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-25864" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-28156" } ], "schema_version": "1.7.0", "summary": "Consul -- Multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "accountsservice" }, "ranges": [ { "events": [ { "fixed": "0.6.50" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://nvd.nist.gov/vuln/detail/CVE-2018-14036" ], "discovery": "2018-07-13T00:00:00Z", "references": { "cvename": [ "CVE-2018-14036" ] }, "vid": "75aae50b-9e3c-11eb-9bc3-8c164582fbac" }, "details": "NVD reports:\n\n> Directory Traversal with ../ sequences occurs in AccountsService\n> before 0.6.50 because of an insufficient path check in\n> user_change_icon_file_authorized_cb() in user.c.\n", "id": "FreeBSD-2021-0097", "modified": "2021-04-15T00:00:00Z", "published": "2021-04-15T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-14036" }, { "type": "WEB", "url": "http://www.openwall.com/lists/oss-security/2018/07/02/2" }, { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-14036" }, { "type": "WEB", "url": "https://www.securityfocus.com/bid/104757" }, { "type": "WEB", "url": "https://bugs.freedesktop.org/show_bug.cgi?id=107085" }, { "type": "REPORT", "url": "https://bugzilla.suse.com/show_bug.cgi?id=1099699" }, { "type": "WEB", "url": "https://cgit.freedesktop.org/accountsservice/commit/?id=f9abd359f71a5bce421b9ae23432f539a067847a" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-14036" } ], "schema_version": "1.7.0", "summary": "AccountsService -- Insufficient path check in user_change_icon_file_authorized_cb()" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "mdbook" }, "ranges": [ { "events": [ { "fixed": "0.4.5" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://github.com/rust-lang/mdBook/security/advisories/GHSA-gx5w-rrhp-f436" ], "discovery": "2021-04-01T00:00:00Z", "references": { "cvename": [ "CVE-2020-26297" ] }, "vid": "40b481a9-9df7-11eb-9bc3-8c164582fbac" }, "details": "Rust Security Response Working Group reports:\n\n> The search feature of mdBook (introduced in version 0.1.4) was\n> affected by a cross site scripting vulnerability that allowed an\n> attacker to execute arbitrary JavaScript code on an user\\'s browser by\n> tricking the user into typing a malicious search query, or tricking\n> the user into clicking a link to the search page with the malicious\n> search query prefilled. mdBook 0.4.5 fixes the vulnerability by\n> properly escaping the search query.\n", "id": "FreeBSD-2021-0096", "modified": "2021-04-15T00:00:00Z", "published": "2021-04-15T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://github.com/rust-lang/mdBook/security/advisories/GHSA-gx5w-rrhp-f436" }, { "type": "WEB", "url": "https://github.com/rust-lang/mdBook/blob/master/CHANGELOG.md#mdbook-045" }, { "type": "WEB", "url": "https://github.com/rust-lang/mdBook/commit/32abeef088e98327ca0dfccdad92e84afa9d2e9b" }, { "type": "WEB", "url": "https://github.com/rust-lang/mdBook/security/advisories/GHSA-gx5w-rrhp-f436" }, { "type": "WEB", "url": "https://groups.google.com/g/rustlang-security-announcements/c/3-sO6of29O0?pli=1" }, { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-26297" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-26297" } ], "schema_version": "1.7.0", "summary": "mdbook -- XSS in mdBook's search page" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "gitlab-ce" }, "ranges": [ { "events": [ { "introduced": "13.10.0" }, { "fixed": "13.10.3" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "13.9.0" }, { "fixed": "13.9.6" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "7.12" }, { "fixed": "13.8.8" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://about.gitlab.com/releases/2021/04/14/security-release-gitlab-13-10-3-released/" ], "discovery": "2021-04-14T00:00:00Z", "references": { "cvename": [ "CVE-2021-28965" ] }, "vid": "fb6e53ae-9df6-11eb-ba8c-001b217b3468" }, "details": "GitLab Team reports:\n\n> Remote code execution when uploading specially crafted image files\n>\n> Update Rexml\n", "id": "FreeBSD-2021-0095", "modified": "2021-04-15T00:00:00Z", "published": "2021-04-15T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://about.gitlab.com/releases/2021/04/14/security-release-gitlab-13-10-3-released/" }, { "type": "WEB", "url": "https://about.gitlab.com/releases/2021/04/14/security-release-gitlab-13-10-3-released/" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-28965" } ], "schema_version": "1.7.0", "summary": "Gitlab -- Vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "chromium" }, "ranges": [ { "events": [ { "fixed": "90.0.4430.72" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://chromereleases.googleblog.com/2021/04/stable-channel-update-for-desktop_14.html" ], "discovery": "2021-04-14T00:00:00Z", "references": { "cvename": [ "CVE-2021-21201", "CVE-2021-21202", "CVE-2021-21203", "CVE-2021-21204", "CVE-2021-21205", "CVE-2021-21221", "CVE-2021-21207", "CVE-2021-21208", "CVE-2021-21209", "CVE-2021-21210", "CVE-2021-21211", "CVE-2021-21212", "CVE-2021-21213", "CVE-2021-21214", "CVE-2021-21215", "CVE-2021-21216", "CVE-2021-21217", "CVE-2021-21218", "CVE-2021-21219" ] }, "vid": "f3d86439-9def-11eb-97a0-e09467587c17" }, "details": "Chrome Releases reports:\n\n> This release contains 37 security fixes, including:\n>\n> - \\[1025683\\] High CVE-2021-21201: Use after free in permissions.\n> Reported by Gengming Liu, Jianyu Chen at Tencent Keen Security Lab\n> on 2019-11-18\n> - \\[1188889\\] High CVE-2021-21202: Use after free in extensions.\n> Reported by David Erceg on 2021-03-16\n> - \\[1192054\\] High CVE-2021-21203: Use after free in Blink. Reported\n> by asnine on 2021-03-24\n> - \\[1189926\\] High CVE-2021-21204: Use after free in Blink. Reported\n> by Chelse Tsai-Simek, Jeanette Ulloa, and Emily Voigtlander of\n> Seesaw on 2021-03-19\n> - \\[1165654\\] High CVE-2021-21205: Insufficient policy enforcement in\n> navigation. Reported by Alison Huffman, Microsoft Browser\n> Vulnerability Research on 2021-01-12\n> - \\[1195333\\] High CVE-2021-21221: Insufficient validation of\n> untrusted input in Mojo. Reported by Guang Gong of Alpha Lab, Qihoo\n> 360 on 2021-04-02\n> - \\[1185732\\] Medium CVE-2021-21207: Use after free in IndexedDB.\n> Reported by koocola (@alo_cook) and Nan Wang (@eternalsakura13) of\n> 360 Alpha Lab on 2021-03-08\n> - \\[1039539\\] Medium CVE-2021-21208: Insufficient data validation in\n> QR scanner. Reported by Ahmed Elsobky (@0xsobky) on 2020-01-07\n> - \\[1143526\\] Medium CVE-2021-21209: Inappropriate implementation in\n> storage. Reported by Tom Van Goethem (@tomvangoethem) on 2020-10-29\n> - \\[1184562\\] Medium CVE-2021-21210: Inappropriate implementation in\n> Network. Reported by \\@bananabr on 2021-03-04\n> - \\[1103119\\] Medium CVE-2021-21211: Inappropriate implementation in\n> Navigation. Reported by Akash Labade (m0ns7er) on 2020-07-08\n> - \\[1145024\\] Medium CVE-2021-21212: Incorrect security UI in Network\n> Config UI. Reported by Hugo Hue and Sze Yiu Chau of the Chinese\n> University of Hong Kong on 2020-11-03\n> - \\[1161806\\] Medium CVE-2021-21213: Use after free in WebMIDI.\n> Reported by raven (@raid_akame) on 2020-12-25\n> - \\[1170148\\] Medium CVE-2021-21214: Use after free in Network API.\n> Reported by Anonymous on 2021-01-24\n> - \\[1172533\\] Medium CVE-2021-21215: Inappropriate implementation in\n> Autofill. Reported by Abdulrahman Alqabandi, Microsoft Browser\n> Vulnerability Research on 2021-01-30\n> - \\[1173297\\] Medium CVE-2021-21216: Inappropriate implementation in\n> Autofill. Reported by Abdulrahman Alqabandi, Microsoft Browser\n> Vulnerability Research on 2021-02-02\n> - \\[1166462\\] Low CVE-2021-21217: Uninitialized Use in PDFium.\n> Reported by Zhou Aiting (@zhouat1) of Qihoo 360 Vulcan Team on\n> 2021-01-14\n> - \\[1166478\\] Low CVE-2021-21218: Uninitialized Use in PDFium.\n> Reported by Zhou Aiting (@zhouat1) of Qihoo 360 Vulcan Team on\n> 2021-01-14\n> - \\[1166972\\] Low CVE-2021-21219: Uninitialized Use in PDFium.\n> Reported by Zhou Aiting (@zhouat1) of Qihoo 360 Vulcan Team on\n> 2021-01-15\n", "id": "FreeBSD-2021-0094", "modified": "2021-04-15T00:00:00Z", "published": "2021-04-15T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://chromereleases.googleblog.com/2021/04/stable-channel-update-for-desktop_14.html" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-21201" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-21202" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-21203" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-21204" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-21205" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-21221" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-21207" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-21208" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-21209" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-21210" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-21211" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-21212" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-21213" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-21214" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-21215" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-21216" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-21217" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-21218" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-21219" }, { "type": "WEB", "url": "https://chromereleases.googleblog.com/2021/04/stable-channel-update-for-desktop_14.html" } ], "schema_version": "1.7.0", "summary": "chromium -- multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "chromium" }, "ranges": [ { "events": [ { "fixed": "89.0.4389.128" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://chromereleases.googleblog.com/2021/04/stable-channel-update-for-desktop.html" ], "discovery": "2021-04-13T00:00:00Z", "references": { "cvename": [ "CVE-2021-21206", "CVE-2021-21220" ] }, "vid": "7c0d71a9-9d48-11eb-97a0-e09467587c17" }, "details": "Chrome Releases reports:\n\n> This release contains two security fixes:\n>\n> - \\[1196781\\] High CVE-2021-21206: Use after free in Blink. Reported\n> by Anonymous on 2021-04-07\n> - \\[1196683\\] High CVE-2021-21220: Insufficient validation of\n> untrusted input in V8 for x86_64. Reported by Bruno Keith (@bkth\\_)\n> and Niklas Baumstark (@\\_niklasb) of Dataflow Security (@dfsec_it)\n> via ZDI (ZDI-CAN-13569) on 2021-04-07\\>\n", "id": "FreeBSD-2021-0093", "modified": "2021-04-14T00:00:00Z", "published": "2021-04-14T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://chromereleases.googleblog.com/2021/04/stable-channel-update-for-desktop.html" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-21206" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-21220" }, { "type": "WEB", "url": "https://chromereleases.googleblog.com/2021/04/stable-channel-update-for-desktop.html" } ], "schema_version": "1.7.0", "summary": "chromium -- multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "xorg-server" }, "ranges": [ { "events": [ { "fixed": "1.20.11,1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "xwayland" }, "ranges": [ { "events": [ { "fixed": "1.20.11,1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "xwayland-devel" }, "ranges": [ { "events": [ { "last_affected": "1.20.0.877" }, { "fixed": "1.20.0.877" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://lists.x.org/archives/xorg/2021-April/060678.html" ], "discovery": "2021-04-13T00:00:00Z", "vid": "465db5b6-9c6d-11eb-8e8a-bc542f4bd1dd" }, "details": "X.Org server security reports for release 1.20.11:\n\n> - Fix XChangeFeedbackControl() request underflow\n>\n> .\n", "id": "FreeBSD-2021-0092", "modified": "2021-04-13T00:00:00Z", "published": "2021-04-13T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://lists.x.org/archives/xorg/2021-April/060678.html" }, { "type": "WEB", "url": "https://gitlab.freedesktop.org/xorg/xserver/-/tags/xorg-server-1.20.11" } ], "schema_version": "1.7.0", "summary": "xorg-server -- Input validation failures in X server XInput extension" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "gitea" }, "ranges": [ { "events": [ { "fixed": "1.14.0" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://blog.gitea.io/2021/04/gitea-1.14.0-is-released/" ], "discovery": "2021-03-11T00:00:00Z", "references": { "freebsdpr": [ "ports/254976" ] }, "vid": "094fb2ec-9aa3-11eb-83cb-0800278d94f0" }, "details": "The Gitea Team reports for release 1.14.0:\n\n> - Validate email in external authenticator registration form\n> - Ensure validation occurs on clone addresses too\n", "id": "FreeBSD-2021-0091", "modified": "2021-04-11T00:00:00Z", "published": "2021-04-11T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://blog.gitea.io/2021/04/gitea-1.14.0-is-released/" }, { "type": "WEB", "url": "https://github.com/go-gitea/gitea/releases/tag/v1.14.0" }, { "type": "REPORT", "url": "https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=254976" } ], "schema_version": "1.7.0", "summary": "gitea -- multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "syncthing" }, "ranges": [ { "events": [ { "fixed": "1.15.0" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://github.com/syncthing/syncthing/security/advisories/GHSA-x462-89pf-6r5h" ], "discovery": "2021-04-06T00:00:00Z", "references": { "cvename": [ "CVE-2021-21404" ] }, "vid": "9ee01e60-6045-43df-98e5-a794007e54ef" }, "details": "syncthing developers report:\n\n> syncthing can be caused to crash and exit if sent a malformed relay\n> protocol message message with a negative length field.\n>\n> The relay server strelaysrv can be caused to crash and exit if sent a\n> malformed relay protocol message with a negative length field.\n", "id": "FreeBSD-2021-0090", "modified": "2021-04-12T00:00:00Z", "published": "2021-04-12T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://github.com/syncthing/syncthing/security/advisories/GHSA-x462-89pf-6r5h" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-21404" }, { "type": "WEB", "url": "https://github.com/syncthing/syncthing/security/advisories/GHSA-x462-89pf-6r5h" } ], "schema_version": "1.7.0", "summary": "syncthing -- crash due to malformed relay protocol message" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "python38" }, "ranges": [ { "events": [ { "fixed": "3.8.9" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "python39" }, "ranges": [ { "events": [ { "fixed": "3.9.3" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://pythoninsider.blogspot.com/2021/04/python-393-and-389-are-now-available.html" ], "discovery": "2021-01-21T00:00:00Z", "references": { "cvename": [ "CVE-2021-3426" ] }, "vid": "f671c282-95ef-11eb-9c34-080027f515ea" }, "details": "David Schw\u00f6rer reports:\n\n> Remove the getfile feature of the pydoc module which could be abused\n> to read arbitrary files on the disk (directory traversal\n> vulnerability). Moreover, even source code of Python modules can\n> contain sensitive data like passwords.\n", "id": "FreeBSD-2021-0089", "modified": "2021-04-10T00:00:00Z", "published": "2021-04-10T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://pythoninsider.blogspot.com/2021/04/python-393-and-389-are-now-available.html" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-3426" }, { "type": "WEB", "url": "https://pythoninsider.blogspot.com/2021/04/python-393-and-389-are-now-available.html" }, { "type": "WEB", "url": "https://bugs.python.org/issue42988" } ], "schema_version": "1.7.0", "summary": "python -- Information disclosure via pydoc -p: /getfile?key=path allows to read arbitrary file on the filesystem" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "curl" }, "ranges": [ { "events": [ { "introduced": "7.63.0" }, { "fixed": "7.76.0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://curl.se/docs/CVE-2021-22890.html" ], "discovery": "2021-03-31T00:00:00Z", "references": { "cvename": [ "CVE-2021-22890" ] }, "vid": "d10fc771-958f-11eb-9c34-080027f515ea" }, "details": "Daniel Stenberg reports:\n\n> Enabled by default, libcurl supports the use of TLS 1.3 session\n> tickets to resume previous TLS sessions to speed up subsequent TLS\n> handshakes.\n>\n> When using a HTTPS proxy and TLS 1.3, libcurl can confuse session\n> tickets arriving from the HTTPS proxy but work as if they arrived from\n> the remote server and then wrongly \\\"short-cut\\\" the host handshake.\n> The reason for this confusion is the modified sequence from TLS 1.2\n> when the session ids would provided only during the TLS handshake,\n> while in TLS 1.3 it happens post hand-shake and the code was not\n> updated to take that changed behavior into account.\n>\n> When confusing the tickets, a HTTPS proxy can trick libcurl to use the\n> wrong session ticket resume for the host and thereby circumvent the\n> server TLS certificate check and make a MITM attack to be possible to\n> perform unnoticed.\n>\n> This flaw can allow a malicious HTTPS proxy to MITM the traffic. Such\n> a malicious HTTPS proxy needs to provide a certificate that curl will\n> accept for the MITMed server for an attack to work - unless curl has\n> been told to ignore the server certificate check.\n", "id": "FreeBSD-2021-0088", "modified": "2021-04-10T00:00:00Z", "published": "2021-04-10T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://curl.se/docs/CVE-2021-22890.html" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-22890" }, { "type": "WEB", "url": "https://curl.se/docs/CVE-2021-22890.html" } ], "schema_version": "1.7.0", "summary": "curl -- TLS 1.3 session ticket proxy host mixup" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "curl" }, "ranges": [ { "events": [ { "introduced": "7.1.1" }, { "fixed": "7.76.0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://curl.se/docs/CVE-2021-22876.html" ], "discovery": "2021-03-31T00:00:00Z", "references": { "cvename": [ "CVE-2021-22876" ] }, "vid": "b1194286-958e-11eb-9c34-080027f515ea" }, "details": "Daniel Stenberg reports:\n\n> libcurl does not strip off user credentials from the URL when\n> automatically populating the Referer: HTTP request header field in\n> outgoing HTTP requests, and therefore risks leaking sensitive data to\n> the server that is the target of the second HTTP request.\n>\n> libcurl automatically sets the Referer: HTTP request header field in\n> outgoing HTTP requests if the CURLOPT_AUTOREFERER option is set. With\n> the curl tool, it is enabled with \\--referer \\\";auto\\\".\n", "id": "FreeBSD-2021-0087", "modified": "2021-04-10T00:00:00Z", "published": "2021-04-10T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://curl.se/docs/CVE-2021-22876.html" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-22876" }, { "type": "WEB", "url": "https://curl.se/docs/CVE-2021-22876.html" } ], "schema_version": "1.7.0", "summary": "curl -- Automatic referer leaks credentials" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "gitea" }, "ranges": [ { "events": [ { "fixed": "1.13.7" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://blog.gitea.io/2021/04/gitea-1.13.7-is-released/" ], "discovery": "2021-04-07T00:00:00Z", "references": { "freebsdpr": [ "ports/254930" ] }, "vid": "8ba23a62-997d-11eb-9f0e-0800278d94f0" }, "details": "The Gitea Team reports for release 1.13.7:\n\n> - Update to bluemonday-1.0.6\n> - Clusterfuzz found another way\n", "id": "FreeBSD-2021-0086", "modified": "2021-04-09T00:00:00Z", "published": "2021-04-09T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://blog.gitea.io/2021/04/gitea-1.13.7-is-released/" }, { "type": "WEB", "url": "https://github.com/go-gitea/gitea/releases/tag/v1.13.7" }, { "type": "REPORT", "url": "https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=254930" } ], "schema_version": "1.7.0", "summary": "gitea -- multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "clamav" }, "ranges": [ { "events": [ { "fixed": "0.103.2,1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://blog.clamav.net/2021/04/clamav-01032-security-patch-release.html" ], "discovery": "2021-04-07T00:00:00Z", "references": { "cvename": [ "CVE-2021-1252", "CVE-2021-1404", "CVE-2021-1405" ] }, "vid": "9ae2c00f-97d0-11eb-8cd6-080027f515ea" }, "details": "Micah Snyder reports:\n\n> \n>\n> CVE-2021-1252\n> : Excel XLM parser infinite loop\n>\n> CVE-2021-1404\n> : PDF parser buffer over-read; possible crash.\n>\n> CVE-2021-1405\n> : Mail parser NULL-dereference crash.\n", "id": "FreeBSD-2021-0085", "modified": "2021-04-07T00:00:00Z", "published": "2021-04-07T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://blog.clamav.net/2021/04/clamav-01032-security-patch-release.html" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-1252" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-1404" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-1405" }, { "type": "WEB", "url": "https://blog.clamav.net/2021/04/clamav-01032-security-patch-release.html" } ], "schema_version": "1.7.0", "summary": "clamav -- Multiple vulnerabilites" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "jenkins" }, "ranges": [ { "events": [ { "fixed": "2.287" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "jenkins-lts" }, "ranges": [ { "events": [ { "fixed": "2.277.2" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://www.jenkins.io/security/advisory/2021-04-07/" ], "discovery": "2021-04-07T00:00:00Z", "vid": "9595d002-edeb-4602-be2d-791cd654247e" }, "details": "Jenkins Security Advisory:\n\n> # Description\n>\n> ##### (Low) SECURITY-1721 / CVE-2021-21639\n>\n> Lack of type validation in agent related REST API\n>\n> ##### (Medium) SECURITY-1871 / CVE-2021-21640\n>\n> View name validation bypass\n", "id": "FreeBSD-2021-0084", "modified": "2021-04-08T00:00:00Z", "published": "2021-04-08T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://www.jenkins.io/security/advisory/2021-04-07/" }, { "type": "WEB", "url": "https://www.jenkins.io/security/advisory/2021-04-07/" } ], "schema_version": "1.7.0", "summary": "jenkins -- multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "node10" }, "ranges": [ { "events": [ { "fixed": "10.24.1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "node12" }, "ranges": [ { "events": [ { "fixed": "12.22.1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "node14" }, "ranges": [ { "events": [ { "fixed": "14.16.1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "node" }, "ranges": [ { "events": [ { "fixed": "15.14.0" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://nodejs.org/en/blog/vulnerability/april-2021-security-releases/" ], "discovery": "2021-04-06T00:00:00Z", "references": { "cvename": [ "CVE-2021-3450", "CVE-2021-3449", "CVE-2020-7774" ] }, "vid": "c0c1834c-9761-11eb-acfd-0022489ad614" }, "details": "Node.js reports:\n\n> # OpenSSL - CA certificate check bypass with X509_V_FLAG_X509_STRICT (High) (CVE-2021-3450)\n>\n> This is a vulnerability in OpenSSL which may be exploited through\n> Node.js. You can read more about it in\n> https://www.openssl.org/news/secadv/20210325.txt\n>\n> # OpenSSL - NULL pointer deref in signature_algorithms processing (High) (CVE-2021-3449)\n>\n> This is a vulnerability in OpenSSL which may be exploited through\n> Node.js. You can read more about it in\n> https://www.openssl.org/news/secadv/20210325.txt\n>\n> # npm upgrade - Update y18n to fix Prototype-Pollution (High) (CVE-2020-7774)\n>\n> This is a vulnerability in the y18n npm module which may be exploited\n> by prototype pollution. You can read more about it in\n> https://github.com/advisories/GHSA-c4w7-xm78-47vh\n", "id": "FreeBSD-2021-0083", "modified": "2021-04-07T00:00:00Z", "published": "2021-04-07T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://nodejs.org/en/blog/vulnerability/april-2021-security-releases/" }, { "type": "WEB", "url": "https://nodejs.org/en/blog/vulnerability/april-2021-security-releases/" }, { "type": "WEB", "url": "https://www.openssl.org/news/secadv/20210325.txt" }, { "type": "ADVISORY", "url": "https://github.com/advisories/GHSA-c4w7-xm78-47vh" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-3450" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-3449" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-7774" } ], "schema_version": "1.7.0", "summary": "Node.js -- April 2021 Security Releases" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:kernel", "name": "FreeBSD-kernel" }, "ranges": [ { "events": [ { "introduced": "12.2" }, { "fixed": "12.2_6" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "11.4" }, { "fixed": "11.4_9" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "discovery": "2021-04-06T00:00:00Z", "references": { "cvename": [ "CVE-2020-25584" ], "freebsdsa": [ "SA-21:10.jail_mount" ] }, "vid": "a7b97d26-9792-11eb-b87a-901b0ef719ab" }, "details": "# Problem Description:\n\nDue to a race condition between lookup of \\\"..\\\" and remounting a\nfilesystem, a process running inside a jail might access filesystem\nhierarchy outside of jail.\n\n# Impact:\n\nA process with superuser privileges running inside a jail configured\nwith the allow.mount permission (not enabled by default) could change\nthe root directory outside of the jail, and thus gain full read and\nwrite access to all files and directories in the system.\n", "id": "FreeBSD-2021-0082", "modified": "2021-04-07T00:00:00Z", "published": "2021-04-07T00:00:00Z", "references": [ { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-25584" }, { "type": "ADVISORY", "url": "https://www.freebsd.org/security/advisories/FreeBSD-SA-21:10.jail_mount.asc" } ], "schema_version": "1.7.0", "summary": "FreeBSD -- jail escape possible by mounting over jail root" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:kernel", "name": "FreeBSD-kernel" }, "ranges": [ { "events": [ { "introduced": "12.2" }, { "fixed": "12.2_6" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "discovery": "2021-04-06T00:00:00Z", "references": { "cvename": [ "CVE-2021-29627" ], "freebsdsa": [ "SA-21:09.accept_filter" ] }, "vid": "f8e1e2a6-9791-11eb-b87a-901b0ef719ab" }, "details": "# Problem Description:\n\nAn unprivileged process can configure an accept filter on a listening\nsocket. This is done using the setsockopt(2) system call. The process\nsupplies the name of the accept filter which is to be attached to the\nsocket, as well as a string containing filter-specific information.\n\nIf the filter implements the accf_create callback, the socket option\nhandler attempts to preserve the process-supplied argument string. A bug\nin the socket option handler caused this string to be freed prematurely,\nleaving a dangling pointer. Additional operations on the socket can turn\nthis into a double free or a use-after-free.\n\n# Impact:\n\nThe bug may be exploited to trigger local privilege escalation or kernel\nmemory disclosure.\n", "id": "FreeBSD-2021-0081", "modified": "2021-04-07T00:00:00Z", "published": "2021-04-07T00:00:00Z", "references": [ { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-29627" }, { "type": "ADVISORY", "url": "https://www.freebsd.org/security/advisories/FreeBSD-SA-21:09.accept_filter.asc" } ], "schema_version": "1.7.0", "summary": "FreeBSD -- double free in accept_filter(9) socket configuration interface" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:kernel", "name": "FreeBSD-kernel" }, "ranges": [ { "events": [ { "introduced": "12.2" }, { "fixed": "12.2_6" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "11.4" }, { "fixed": "11.4_9" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "discovery": "2021-04-06T00:00:00Z", "references": { "cvename": [ "CVE-2021-29626" ], "freebsdsa": [ "SA-21:08.vm" ] }, "vid": "13d37672-9791-11eb-b87a-901b0ef719ab" }, "details": "# Problem Description:\n\nA particular case of memory sharing is mishandled in the virtual memory\nsystem. It is possible and legal to establish a relationship where\nmultiple descendant processes share a mapping which shadows memory of an\nancestor process. In this scenario, when one process modifies memory\nthrough such a mapping, the copy-on-write logic fails to invalidate\nother mappings of the source page. These stale mappings may remain even\nafter the mapped pages have been reused for another purpose.\n\n# Impact:\n\nAn unprivileged local user process can maintain a mapping of a page\nafter it is freed, allowing that process to read private data belonging\nto other processes or the kernel.\n", "id": "FreeBSD-2021-0080", "modified": "2021-04-07T00:00:00Z", "published": "2021-04-07T00:00:00Z", "references": [ { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-29626" }, { "type": "ADVISORY", "url": "https://www.freebsd.org/security/advisories/FreeBSD-SA-21:08.vm.asc" } ], "schema_version": "1.7.0", "summary": "FreeBSD -- Memory disclosure by stale virtual memory mapping" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "upnp" }, "ranges": [ { "events": [ { "fixed": "1.14.5,1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28302" ], "discovery": "2021-03-12T00:00:00Z", "references": { "cvename": [ "CVE-2021-28302" ] }, "vid": "79fa9f23-9725-11eb-b530-7085c2fb2c14" }, "details": "Mitre reports:\n\n> A stack overflow in pupnp 1.16.1 can cause the denial of service\n> through the Parser_parseDocument() function. ixmlNode_free() will\n> release a child node recursively, which will consume stack space and\n> lead to a crash.\n", "id": "FreeBSD-2021-0079", "modified": "2021-04-06T00:00:00Z", "published": "2021-04-06T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28302" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-28302" }, { "type": "WEB", "url": "https://github.com/pupnp/pupnp/issues/249" } ], "schema_version": "1.7.0", "summary": "upnp -- stack overflow vulnerability" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "ruby" }, "ranges": [ { "events": [ { "introduced": "2.5.0,1" }, { "fixed": "2.5.9,1" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "2.6.0,1" }, { "fixed": "2.6.7,1" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "2.7.0,1" }, { "fixed": "2.7.3,1" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "3.0.0.p1,1" }, { "fixed": "3.0.1,1" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "rubygem-rexml" }, "ranges": [ { "events": [ { "fixed": "3.2.5" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://www.ruby-lang.org/en/news/2021/04/05/xml-round-trip-vulnerability-in-rexml-cve-2021-28965/" ], "discovery": "2021-04-05T00:00:00Z", "references": { "cvename": [ "CVE-2021-28965" ] }, "vid": "dec7e4b6-961a-11eb-9c34-080027f515ea" }, "details": "Juho Nurminen reports:\n\n> When parsing and serializing a crafted XML document, REXML gem\n> (including the one bundled with Ruby) can create a wrong XML document\n> whose structure is different from the original one. The impact of this\n> issue highly depends on context, but it may lead to a vulnerability in\n> some programs that are using REXML.\n", "id": "FreeBSD-2021-0078", "modified": "2021-04-05T00:00:00Z", "published": "2021-04-05T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://www.ruby-lang.org/en/news/2021/04/05/xml-round-trip-vulnerability-in-rexml-cve-2021-28965/" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-28965" }, { "type": "WEB", "url": "https://www.ruby-lang.org/en/news/2021/04/05/xml-round-trip-vulnerability-in-rexml-cve-2021-28965/" } ], "schema_version": "1.7.0", "summary": "ruby -- XML round-trip vulnerability in REXML" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "chromium" }, "ranges": [ { "events": [ { "fixed": "89.0.4389.114" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://chromereleases.googleblog.com/2021/03/stable-channel-update-for-desktop_30.html" ], "discovery": "2021-03-31T00:00:00Z", "references": { "cvename": [ "CVE-2021-21194", "CVE-2021-21195", "CVE-2021-21196", "CVE-2021-21197", "CVE-2021-21198", "CVE-2021-21199" ] }, "vid": "bddadaa4-9227-11eb-99c5-e09467587c17" }, "details": "Chrome Releases reports:\n\n> This update contains 8 security fixes, including:\n>\n> - \\[1181228\\] High CVE-2021-21194: Use after free in screen capture.\n> Reported by Leecraso and Guang Gong of 360 Alpha Lab on 2021-02-23\n> - \\[1182647\\] High CVE-2021-21195: Use after free in V8. Reported by\n> Bohan Liu (@P4nda20371774) and Moon Liang of Tencent Security Xuanwu\n> Lab on 2021-02-26\n> - \\[1175992\\] High CVE-2021-21196: Heap buffer overflow in TabStrip.\n> Reported by Khalil Zhani on 2021-02-08\n> - \\[1173903\\] High CVE-2021-21197: Heap buffer overflow in TabStrip.\n> Reported by Abdulrahman Alqabandi, Microsoft Browser Vulnerability\n> Research on 2021-02-03\n> - \\[1184399\\] High CVE-2021-21198: Out of bounds read in IPC. Reported\n> by Mark Brand of Google Project Zero on 2021-03-03\n> - \\[1179635\\] High CVE-2021-21199: Use Use after free in Aura.\n> Reported by Weipeng Jiang (@Krace) from Codesafe Team of Legendsec\n> at Qi\\'anxin Group and Evangelos Foutras\n", "id": "FreeBSD-2021-0077", "modified": "2021-03-31T00:00:00Z", "published": "2021-03-31T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://chromereleases.googleblog.com/2021/03/stable-channel-update-for-desktop_30.html" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-21194" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-21195" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-21196" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-21197" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-21198" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-21199" }, { "type": "WEB", "url": "https://chromereleases.googleblog.com/2021/03/stable-channel-update-for-desktop_30.html" } ], "schema_version": "1.7.0", "summary": "chromium -- multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "gitlab-ce" }, "ranges": [ { "events": [ { "introduced": "13.10.0" }, { "fixed": "13.10.1" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "13.9.0" }, { "fixed": "13.9.5" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "9" }, { "fixed": "13.8.7" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://about.gitlab.com/releases/2021/03/31/security-release-gitlab-13-10-1-released/" ], "discovery": "2021-03-31T00:00:00Z", "vid": "56abf87b-96ad-11eb-a218-001b217b3468" }, "details": "Gitlab reports:\n\n> Arbitrary File Read During Project Import\n>\n> Kroki Arbitrary File Read/Write\n>\n> Stored Cross-Site-Scripting in merge requests\n>\n> Access data of an internal project through a public project fork as an\n> anonymous user\n>\n> Incident metric images can be deleted by any user\n>\n> Infinite Loop When a User Access a Merge Request\n>\n> Stored XSS in scoped labels\n>\n> Admin CSRF in System Hooks Execution Through API\n>\n> Update OpenSSL dependency\n>\n> Update PostgreSQL dependency\n", "id": "FreeBSD-2021-0076", "modified": "2021-04-06T00:00:00Z", "published": "2021-04-06T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://about.gitlab.com/releases/2021/03/31/security-release-gitlab-13-10-1-released/" }, { "type": "WEB", "url": "https://about.gitlab.com/releases/2021/03/31/security-release-gitlab-13-10-1-released/" } ], "schema_version": "1.7.0", "summary": "Gitlab -- Multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "samba411" }, "ranges": [ { "events": [ { "last_affected": "4.11.15" }, { "fixed": "4.11.15" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "samba412" }, "ranges": [ { "events": [ { "fixed": "4.12.14" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "samba413" }, "ranges": [ { "events": [ { "fixed": "4.13.7" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "samba414" }, "ranges": [ { "events": [ { "fixed": "4.14.2" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://www.samba.org/samba/history/security.html" ], "discovery": "2021-03-24T00:00:00Z", "references": { "cvename": [ "CVE-2020-27840", "CVE-2021-20277" ] }, "vid": "1f6d97da-8f72-11eb-b3f1-005056a311d1" }, "details": "The Samba Team reports:\n\n> - CVE-2020-27840: An anonymous attacker can crash the Samba AD DC LDAP\n> server by sending easily crafted DNs as part of a bind request. More\n> serious heap corruption is likely also possible.\n> - CVE-2021-20277: User-controlled LDAP filter strings against the AD\n> DC LDAP server may crash the LDAP server.\n", "id": "FreeBSD-2021-0075", "modified": "2021-03-28T00:00:00Z", "published": "2021-03-28T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://www.samba.org/samba/history/security.html" }, { "type": "WEB", "url": "https://www.samba.org/samba/security/CVE-2020-27840.html" }, { "type": "WEB", "url": "https://www.samba.org/samba/security/CVE-2021-20277.html" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-27840" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-20277" } ], "schema_version": "1.7.0", "summary": "samba -- Multiple Vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "nettle" }, "ranges": [ { "events": [ { "fixed": "3.7.2" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "linux-c7-nettle" }, "ranges": [ { "events": [ { "fixed": "3.7.2" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://lists.lysator.liu.se/pipermail/nettle-bugs/2021/009458.html" ], "discovery": "2021-03-21T00:00:00Z", "vid": "80f9dbd3-8eec-11eb-b9e8-3525f51429a0" }, "details": "Niels M\u00f6ller reports:\n\n> I\\'ve prepared a new bug-fix release of Nettle, a low-level\n> cryptographics library, to fix a serious bug in the function to verify\n> ECDSA signatures. Implications include an assertion failure, which\n> could be used for denial-of-service, when verifying signatures on the\n> secp_224r1 and secp521_r1 curves.\n>\n> Even when no assert is triggered in ecdsa_verify, ECC point\n> multiplication may get invalid intermediate values as input, and\n> produce incorrect results. \\[\\...\\] It appears difficult to construct\n> an alleged signature that makes the function misbehave in such a way\n> that an invalid signature is accepted as valid, but such attacks\n> can\\'t be ruled out without further analysis.\n", "id": "FreeBSD-2021-0074", "modified": "2021-03-27T00:00:00Z", "published": "2021-03-27T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://lists.lysator.liu.se/pipermail/nettle-bugs/2021/009458.html" }, { "type": "WEB", "url": "https://lists.lysator.liu.se/pipermail/nettle-bugs/2021/009458.html" } ], "schema_version": "1.7.0", "summary": "nettle 3.7.2 -- fix serious ECDSA signature verify bug" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "openssl" }, "ranges": [ { "events": [ { "fixed": "1.1.1k,1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "FreeBSD" }, "ranges": [ { "events": [ { "introduced": "12.2" }, { "fixed": "12.2_5" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://www.openssl.org/news/secadv/20210325.txt" ], "discovery": "2021-03-25T00:00:00Z", "references": { "cvename": [ "CVE-2021-3449", "CVE-2021-3450" ], "freebsdsa": [ "SA-21:07.openssl" ] }, "vid": "5a668ab3-8d86-11eb-b8d6-d4c9ef517024" }, "details": "The OpenSSL project reports:\n\n> High: CA certificate check bypass with X509_V_FLAG_X509_STRICT\n> (CVE-2021-3450)\\\n> The X509_V_FLAG_X509_STRICT flag enables additional security checks of\n> the certificates present in a certificate chain. It is not set by\n> default.\n>\n> High: NULL pointer deref in signature_algorithms processing\n> (CVE-2021-3449)\\\n> An OpenSSL TLS server may crash if sent a maliciously crafted\n> renegotiation ClientHello message from a client. If a TLSv1.2\n> renegotiation ClientHello omits the signature_algorithms extension\n> (where it was present in the initial ClientHello), but includes a\n> signature_algorithms_cert extension then a NULL pointer dereference\n> will result, leading to a crash and a denial of service attack.\n", "id": "FreeBSD-2021-0073", "modified": "2021-04-07T00:00:00Z", "published": "2021-03-26T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://www.openssl.org/news/secadv/20210325.txt" }, { "type": "WEB", "url": "https://www.openssl.org/news/secadv/20210325.txt" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-3449" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-3450" }, { "type": "ADVISORY", "url": "https://www.freebsd.org/security/advisories/FreeBSD-SA-21:07.openssl.asc" } ], "schema_version": "1.7.0", "summary": "OpenSSL -- Multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "spamassassin" }, "ranges": [ { "events": [ { "fixed": "3.4.5" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://mail-archives.apache.org/mod_mbox/spamassassin-announce/202103.mbox/%3C5b7cfd35-27b7-584b-1b39-b7ff0a55f586%40apache.org%3E" ], "discovery": "2021-03-24T00:00:00Z", "references": { "cvename": [ "CVE-2020-1946" ] }, "vid": "ec04f3d0-8cd9-11eb-bb9f-206a8a720317" }, "details": "The Apache SpamAssassin project reports:\n\n> Apache SpamAssassin 3.4.5 was recently released \\[1\\], and fixes an\n> issue of security note where malicious rule configuration (.cf) files\n> can be configured to run system commands.\n>\n> In Apache SpamAssassin before 3.4.5, exploits can be injected in a\n> number of scenarios. In addition to upgrading to SA 3.4.5, users\n> should only use update channels or 3rd party .cf files from trusted\n> places.\n", "id": "FreeBSD-2021-0072", "modified": "2021-03-24T00:00:00Z", "published": "2021-03-24T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://mail-archives.apache.org/mod_mbox/spamassassin-announce/202103.mbox/%3C5b7cfd35-27b7-584b-1b39-b7ff0a55f586%40apache.org%3E" }, { "type": "WEB", "url": "https://spamassassin.apache.org/news.html" }, { "type": "WEB", "url": "https://mail-archives.apache.org/mod_mbox/spamassassin-announce/202103.mbox/%3C5b7cfd35-27b7-584b-1b39-b7ff0a55f586%40apache.org%3E" }, { "type": "ADVISORY", "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=2020-1946" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-1946" } ], "schema_version": "1.7.0", "summary": "spamassassin -- Malicious rule configuration (.cf) files can be configured to run system commands" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "gitea" }, "ranges": [ { "events": [ { "fixed": "1.13.6" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://blog.gitea.io/2021/03/gitea-1.13.6-is-released/" ], "discovery": "2021-03-21T00:00:00Z", "references": { "freebsdpr": [ "ports/254515" ] }, "vid": "c4d2f950-8c27-11eb-a3ae-0800278d94f0" }, "details": "The Gitea Team reports for release 1.13.6:\n\n> - Fix bug on avatar middleware\n> - Fix another clusterfuzz identified issue\n", "id": "FreeBSD-2021-0071", "modified": "2021-03-23T00:00:00Z", "published": "2021-03-23T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://blog.gitea.io/2021/03/gitea-1.13.6-is-released/" }, { "type": "WEB", "url": "https://github.com/go-gitea/gitea/releases/tag/v1.13.5" }, { "type": "REPORT", "url": "https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=254515" } ], "schema_version": "1.7.0", "summary": "gitea -- multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "gitea" }, "ranges": [ { "events": [ { "fixed": "1.13.5" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://blog.gitea.io/2021/03/gitea-1.13.5-is-released/" ], "discovery": "2021-03-20T00:00:00Z", "references": { "freebsdpr": [ "ports/254130" ] }, "vid": "1431a25c-8a70-11eb-bd16-0800278d94f0" }, "details": "The Gitea Team reports for release 1.13.5:\n\n> - Update to goldmark 1.3.3\n", "id": "FreeBSD-2021-0070", "modified": "2021-03-21T00:00:00Z", "published": "2021-03-21T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://blog.gitea.io/2021/03/gitea-1.13.5-is-released/" }, { "type": "WEB", "url": "https://github.com/go-gitea/gitea/releases/tag/v1.13.5" }, { "type": "REPORT", "url": "https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=254130" } ], "schema_version": "1.7.0", "summary": "gitea -- quoting in markdown text" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "openssh-portable" }, "ranges": [ { "events": [ { "introduced": "8.2.p1,1" }, { "fixed": "8.4.p1_4,1" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "openssh-portable-hpn" }, "ranges": [ { "events": [ { "introduced": "8.2.p1,1" }, { "fixed": "8.4.p1_4,1" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "openssh-portable-gssapi" }, "ranges": [ { "events": [ { "introduced": "8.2.p1,1" }, { "fixed": "8.4.p1_4,1" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://www.openssh.com/txt/release-8.5" ], "discovery": "2021-03-03T00:00:00Z", "references": { "cvename": [ "CVE-2021-28041" ] }, "vid": "76b5068c-8436-11eb-9469-080027f515ea" }, "details": "OpenBSD Project reports:\n\n> ssh-agent(1): fixed a double-free memory corruption that was\n> introduced in OpenSSH 8.2 . We treat all such memory faults as\n> potentially exploitable. This bug could be reached by an attacker with\n> access to the agent socket.\n>\n> On modern operating systems where the OS can provide information about\n> the user identity connected to a socket, OpenSSH ssh-agent and sshd\n> limit agent socket access only to the originating user and root.\n> Additional mitigation may be afforded by the system\\'s\n> malloc(3)/free(3) implementation, if it detects double-free\n> conditions.\n>\n> The most likely scenario for exploitation is a user forwarding an\n> agent either to an account shared with a malicious user or to a host\n> with an attacker holding root access.\n", "id": "FreeBSD-2021-0069", "modified": "2021-04-20T00:00:00Z", "published": "2021-03-13T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://www.openssh.com/txt/release-8.5" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-28041" }, { "type": "WEB", "url": "https://www.openssh.com/txt/release-8.5" } ], "schema_version": "1.7.0", "summary": "OpenSSH -- Double-free memory corruption in ssh-agent" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "gitlab-ce" }, "ranges": [ { "events": [ { "introduced": "13.9.0" }, { "fixed": "13.9.4" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "13.8.0" }, { "fixed": "13.8.6" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "13.2.0" }, { "fixed": "13.7.9" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://about.gitlab.com/releases/2021/03/17/security-release-gitlab-13-9-4-released/" ], "discovery": "2021-03-17T00:00:00Z", "vid": "50e59056-87f2-11eb-b6a2-001b217b3468" }, "details": "Gigtlab reports:\n\n> Remote code execution via unsafe user-controlled markdown rendering\n> options\n", "id": "FreeBSD-2021-0068", "modified": "2021-03-18T00:00:00Z", "published": "2021-03-18T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://about.gitlab.com/releases/2021/03/17/security-release-gitlab-13-9-4-released/" }, { "type": "WEB", "url": "https://about.gitlab.com/releases/2021/03/17/security-release-gitlab-13-9-4-released/" } ], "schema_version": "1.7.0", "summary": "Gitlab -- Multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "dnsmasq" }, "ranges": [ { "events": [ { "fixed": "2.85.r1,1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "dnsmasq-devel" }, "ranges": [ { "events": [ { "fixed": "2.85.r1,3" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/2021q1/014835.html" ], "discovery": "2021-03-17T00:00:00Z", "references": { "cvename": [ "CVE-2021-3448" ] }, "vid": "5b72b1ff-877c-11eb-bd4f-2f1d57dafe46" }, "details": "Simon Kelley reports:\n\n> \\[In configurations where the forwarding server address contains an @\n> character for specifying a sending interface or source address, the\\]\n> random source port behavior was disabled, making cache poisoning\n> attacks possible.\n\nThis only affects configurations of the form server=1.1.1.1@em0 or\nserver=1.1.1.1@192.0.2.1, i. e. those that specify an interface to send\nthrough, or an IP address to send from, or use together with\nNetworkManager.\n", "id": "FreeBSD-2021-0067", "modified": "2021-03-18T00:00:00Z", "published": "2021-03-18T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/2021q1/014835.html" }, { "type": "WEB", "url": "https://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/2021q1/014835.html" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-3448" } ], "schema_version": "1.7.0", "summary": "dnsmasq -- cache poisoning vulnerability in certain configurations" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "minio" }, "ranges": [ { "events": [ { "fixed": "2021.03.17.02.33.02" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://github.com/minio/minio/security/advisories/GHSA-xr7r-7gpj-5pgp" ], "discovery": "2021-03-17T00:00:00Z", "vid": "b073677f-253a-41f9-bf2b-2d16072a25f6" }, "details": "minio developer report:\n\n> This is a security issue because it enables MITM modification of\n> request bodies that are meant to have integrity guaranteed by chunk\n> signatures.\n>\n> In a PUT request using aws-chunked encoding, MinIO ordinarily verifies\n> signatures at the end of a chunk. This check can be skipped if the\n> client sends a false chunk size that is much greater than the actual\n> data sent: the server accepts and completes the request without ever\n> reaching the end of the chunk + thereby without ever checking the\n> chunk signature.\n", "id": "FreeBSD-2021-0066", "modified": "2021-03-17T00:00:00Z", "published": "2021-03-17T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://github.com/minio/minio/security/advisories/GHSA-xr7r-7gpj-5pgp" }, { "type": "WEB", "url": "https://github.com/minio/minio/security/advisories/GHSA-xr7r-7gpj-5pgp" } ], "schema_version": "1.7.0", "summary": "minio -- MITM attack" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "libressl" }, "ranges": [ { "events": [ { "fixed": "3.2.4_1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://marc.info/?l=openbsd-announce&m=161582456312832&w=2" ], "discovery": "2021-03-15T00:00:00Z", "vid": "eeca52dc-866c-11eb-b8d6-d4c9ef517024" }, "details": "OpenBSD reports:\n\n> A TLS client using session resumption may cause a use-after-free.\n", "id": "FreeBSD-2021-0065", "modified": "2021-03-16T00:00:00Z", "published": "2021-03-16T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://marc.info/?l=openbsd-announce&m=161582456312832&w=2" }, { "type": "WEB", "url": "https://marc.info/?l=openbsd-announce&m=161582456312832&w=2" }, { "type": "WEB", "url": "https://ftp.openbsd.org/pub/OpenBSD/patches/6.8/common/017_libssl.patch.sig" } ], "schema_version": "1.7.0", "summary": "LibreSSL -- use-after-free" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "chromium" }, "ranges": [ { "events": [ { "fixed": "89.0.4389.90" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://chromereleases.googleblog.com/2021/03/stable-channel-update-for-desktop_12.html" ], "discovery": "2021-03-12T00:00:00Z", "references": { "cvename": [ "CVE-2021-11191", "CVE-2021-11192", "CVE-2021-11193" ] }, "vid": "b81ad6d6-8633-11eb-99c5-e09467587c17" }, "details": "Chrome Releases reports:\n\n> This release includes 5 security fixes, including:\n>\n> - \\[1167357\\] High CVE-2021-21191: Use after free in WebRTC. Reported\n> by raven (@raid_akame) on 2021-01-15\n> - \\[1181387\\] High CVE-2021-21192: Heap buffer overflow in tab groups.\n> Reported by Abdulrahman Alqabandi, Microsoft Browser Vulnerability\n> Research on 2021-02-23\n> - \\[1186287\\] High CVE-2021-21193: Use after free in Blink. Reported\n> by Anonymous on 2021-03-09\n", "id": "FreeBSD-2021-0064", "modified": "2021-03-16T00:00:00Z", "published": "2021-03-16T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://chromereleases.googleblog.com/2021/03/stable-channel-update-for-desktop_12.html" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-11191" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-11192" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-11193" }, { "type": "WEB", "url": "https://chromereleases.googleblog.com/2021/03/stable-channel-update-for-desktop_12.html" } ], "schema_version": "1.7.0", "summary": "chromium -- multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "squashfs-tools" }, "ranges": [ { "events": [ { "fixed": "4.4" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://github.com/plougher/squashfs-tools/commit/f95864afe8833fe3ad782d714b41378e860977b1" ], "discovery": "2017-03-17T00:00:00Z", "references": { "cvename": [ "CVE-2015-4645" ] }, "vid": "317487c6-85ca-11eb-80fa-14dae938ec40" }, "details": "Phillip Lougher reports:\n\n> Integer overflow in the read_fragment_table_4 function in unsquash-4.c\n> in Squashfs and sasquatch allows remote attackers to cause a denial of\n> service (application crash) via a crafted input, which triggers a\n> stack-based buffer overflow.\n", "id": "FreeBSD-2021-0063", "modified": "2021-03-15T00:00:00Z", "published": "2021-03-15T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://github.com/plougher/squashfs-tools/commit/f95864afe8833fe3ad782d714b41378e860977b1" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2015-4645" }, { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-4645" } ], "schema_version": "1.7.0", "summary": "squashfs-tools -- Integer overflow" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "go" }, "ranges": [ { "events": [ { "fixed": "1.16.1,1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://github.com/golang/go/issues/44913", "https://github.com/golang/go/issues/44916" ], "discovery": "2021-03-05T00:00:00Z", "references": { "cvename": [ "CVE-2021-27918", "CVE-2021-27919" ] }, "vid": "72709326-81f7-11eb-950a-00155d646401" }, "details": "The Go project reports:\n\n> The Decode, DecodeElement, and Skip methods of an xml.Decoder provided\n> by xml.NewTokenDecoder may enter an infinite loop when operating on a\n> custom xml.TokenReader which returns an EOF in the middle of an open\n> XML element.\n\n> The Reader.Open API, new in Go 1.16, will panic when used on a ZIP\n> archive containing files that start with \\\"../\\\".\n", "id": "FreeBSD-2021-0062", "modified": "2021-03-10T00:00:00Z", "published": "2021-03-10T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://github.com/golang/go/issues/44913" }, { "type": "REPORT", "url": "https://github.com/golang/go/issues/44916" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-27918" }, { "type": "WEB", "url": "http://golang.org/issue/44913" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-27919" }, { "type": "WEB", "url": "http://golang.org/issue/44916" } ], "schema_version": "1.7.0", "summary": "go -- encoding/xml: infinite loop when using xml.NewTokenDecoder with a custom TokenReader; archive/zip: panic when calling Reader.Open" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "gitea" }, "ranges": [ { "events": [ { "fixed": "1.13.4" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://blog.gitea.io/2021/03/gitea-1.13.3-is-released/", "https://blog.gitea.io/2021/03/gitea-1.13.4-is-released/" ], "discovery": "2021-01-07T00:00:00Z", "references": { "freebsdpr": [ "ports/254130" ] }, "vid": "502ba001-7ffa-11eb-911c-0800278d94f0" }, "details": "The Gitea Team reports for release 1.13.3:\n\n> - Turn default hash password algorithm back to pbkdf2 from argon2\n> until we find a better one\n\nThe Gitea Team reports for release 1.13.4:\n\n> - Fix issue popups\n", "id": "FreeBSD-2021-0061", "modified": "2021-02-06T00:00:00Z", "published": "2021-02-06T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://blog.gitea.io/2021/03/gitea-1.13.3-is-released/" }, { "type": "REPORT", "url": "https://blog.gitea.io/2021/03/gitea-1.13.4-is-released/" }, { "type": "WEB", "url": "https://github.com/go-gitea/gitea/releases/tag/v1.13.3" }, { "type": "WEB", "url": "https://github.com/go-gitea/gitea/releases/tag/v1.13.4" }, { "type": "REPORT", "url": "https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=254130" } ], "schema_version": "1.7.0", "summary": "gitea -- multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "mantis-php72" }, "ranges": [ { "events": [ { "fixed": "2.24.4,1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "mantis-php73" }, "ranges": [ { "events": [ { "fixed": "2.24.4,1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "mantis-php74" }, "ranges": [ { "events": [ { "fixed": "2.24.4,1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "mantis-php80" }, "ranges": [ { "events": [ { "fixed": "2.24.4,1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://mantisbt.org/bugs/changelog_page.php?project=mantisbt&version=2.24.4" ], "discovery": "2020-11-10T00:00:00Z", "references": { "cvename": [ "CVE-2020-28413", "CVE-2020-35849" ] }, "vid": "2dc8927b-54e0-11eb-9342-1c697a013f4b" }, "details": "Mantis 2.24.4 release reports:\n\n> Security and maintenance release, addressing 6 CVEs:\n>\n> - 0027726: CVE-2020-29603: disclosure of private project name\n> - 0027727: CVE-2020-29605: disclosure of private issue summary\n> - 0027728: CVE-2020-29604: full disclosure of private issue contents,\n> including bugnotes and attachments\n> - 0027361: Private category can be access/used by a non member of a\n> private project (IDOR)\n> - 0027779: CVE-2020-35571: XSS in helper_ensure_confirmed() calls\n> - 0026794: User Account - Takeover\n> - 0027363: Fixed in version can be changed to a version that doesn\\'t\n> exist\n> - 0027350: When updating an issue, a Viewer user can be set as\n> Reporter\n> - 0027370: CVE-2020-35849: Revisions allow viewing private bugnotes id\n> and summary\n> - 0027495: CVE-2020-28413: SQL injection in the parameter \\\"access\\\"\n> on the mc_project_get_users function throught the API SOAP.\n> - 0027444: Printing unsanitized user input in install.php\n", "id": "FreeBSD-2021-0060", "modified": "2021-03-10T00:00:00Z", "published": "2021-03-10T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://mantisbt.org/bugs/changelog_page.php?project=mantisbt&version=2.24.4" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-28413" }, { "type": "ADVISORY", "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28413" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-35849" }, { "type": "ADVISORY", "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35849" } ], "schema_version": "1.7.0", "summary": "mantis -- multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "node10" }, "ranges": [ { "events": [ { "fixed": "10.24.0" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "node12" }, "ranges": [ { "events": [ { "fixed": "12.21.0" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "node14" }, "ranges": [ { "events": [ { "fixed": "14.16.0" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "node" }, "ranges": [ { "events": [ { "fixed": "15.10.0" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://nodejs.org/en/blog/vulnerability/february-2021-security-releases/" ], "discovery": "2021-02-23T00:00:00Z", "references": { "cvename": [ "CVE-2021-22883", "CVE-2021-22884", "CVE-2021-23840" ] }, "vid": "2f3cd69e-7dee-11eb-b92e-0022489ad614" }, "details": "Node.js reports:\n\n> # HTTP2 \\'unknownProtocol\\' cause Denial of Service by resource exhaustion (Critical) (CVE-2021-22883)\n>\n> Affected Node.js versions are vulnerable to denial of service attacks\n> when too many connection attempts with an \\'unknownProtocol\\' are\n> established. This leads to a leak of file descriptors. If a file\n> descriptor limit is configured on the system, then the server is\n> unable to accept new connections and prevent the process also from\n> opening, e.g. a file. If no file descriptor limit is configured, then\n> this lead to an excessive memory usage and cause the system to run out\n> of memory.\n>\n> # DNS rebinding in \\--inspect (CVE-2021-22884)\n>\n> Affected Node.js versions are vulnerable to a DNS rebinding attack\n> when the whitelist includes \\\"localhost6\\\". When \\\"localhost6\\\" is not\n> present in /etc/hosts, it is just an ordinary domain that is resolved\n> via DNS, i.e., over network. If the attacker controls the victim\\'s\n> DNS server or can spoof its responses, the DNS rebinding protection\n> can be bypassed by using the \\\"localhost6\\\" domain. As long as the\n> attacker uses the \\\"localhost6\\\" domain, they can still apply the\n> attack described in CVE-2018-7160.\n>\n> # OpenSSL - Integer overflow in CipherUpdate (CVE-2021-23840)\n>\n> This is a vulnerability in OpenSSL which may be exploited through\n> Node.js. You can read more about it in\n> https://www.openssl.org/news/secadv/20210216.txt\n", "id": "FreeBSD-2021-0059", "modified": "2021-03-09T00:00:00Z", "published": "2021-03-09T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://nodejs.org/en/blog/vulnerability/february-2021-security-releases/" }, { "type": "WEB", "url": "https://nodejs.org/en/blog/vulnerability/february-2021-security-releases/" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-22883" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-22884" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-23840" } ], "schema_version": "1.7.0", "summary": "Node.js -- February 2021 Security Releases" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "gitlab-ce" }, "ranges": [ { "events": [ { "introduced": "13.9.0" }, { "fixed": "13.9.2" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "13.8.0" }, { "fixed": "13.8.5" } ], "type": "ECOSYSTEM" }, { "events": [ { "fixed": "13.7.8" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://about.gitlab.com/releases/2021/03/04/security-release-gitlab-13-9-2-released/" ], "discovery": "2021-03-04T00:00:00Z", "references": { "cvename": [ "CVE-2021-22185", "CVE-2021-22186" ] }, "vid": "8bf856ea-7df7-11eb-9aad-001b217b3468" }, "details": "Gitlab reports:\n\n> JWT token leak via Workhorse\n>\n> Stored XSS in wiki pages\n>\n> Group Maintainers are able to use the Group CI/CD Variables API\n>\n> Insecure storage of GitLab session keys\n", "id": "FreeBSD-2021-0058", "modified": "2021-03-05T00:00:00Z", "published": "2021-03-05T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://about.gitlab.com/releases/2021/03/04/security-release-gitlab-13-9-2-released/" }, { "type": "WEB", "url": "https://about.gitlab.com/releases/2021/03/04/security-release-gitlab-13-9-2-released/" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-22185" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-22186" } ], "schema_version": "1.7.0", "summary": "Gitlab -- Multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "asterisk16" }, "ranges": [ { "events": [ { "fixed": "16.16.2" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "asterisk18" }, "ranges": [ { "events": [ { "fixed": "18.2.2" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://www.asterisk.org/downloads/security-advisories" ], "discovery": "2021-02-20T00:00:00Z", "references": { "cvename": [ "CVE-2019-15297" ] }, "vid": "9e8f0766-7d21-11eb-a2be-001999f8d30b" }, "details": "The Asterisk project reports:\n\n> When Asterisk sends a re-invite initiating T.38 faxing and the\n> endpoint responds with a m=image line and zero port, a crash will\n> occur in Asterisk. This is a reoccurrence of AST-2019-004.\n", "id": "FreeBSD-2021-0057", "modified": "2021-03-04T00:00:00Z", "published": "2021-03-04T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://www.asterisk.org/downloads/security-advisories" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-15297" }, { "type": "WEB", "url": "https://downloads.asterisk.org/pub/security/AST-2021-006.html" } ], "schema_version": "1.7.0", "summary": "asterisk -- Crash when negotiating T.38 with a zero port" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "chromium" }, "ranges": [ { "events": [ { "fixed": "89.0.4389.72" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://chromereleases.googleblog.com/2021/03/stable-channel-update-for-desktop.html" ], "discovery": "2021-03-02T00:00:00Z", "references": { "cvename": [ "CVE-2021-21159", "CVE-2021-21160", "CVE-2021-21161", "CVE-2021-21162", "CVE-2021-21163", "CVE-2021-21164", "CVE-2021-21165", "CVE-2021-21166", "CVE-2021-21167", "CVE-2021-21168", "CVE-2021-21169", "CVE-2021-21170", "CVE-2021-21171", "CVE-2021-21172", "CVE-2021-21173", "CVE-2021-21174", "CVE-2021-21175", "CVE-2021-21176", "CVE-2021-21177", "CVE-2021-21178", "CVE-2021-21179", "CVE-2021-21180", "CVE-2021-21181", "CVE-2021-21182", "CVE-2021-21183", "CVE-2021-21184", "CVE-2021-21185", "CVE-2021-21186", "CVE-2021-21187", "CVE-2021-21188", "CVE-2021-21189", "CVE-2021-21190", "CVE-2020-27844" ] }, "vid": "f00b65d8-7ccb-11eb-b3be-e09467587c17" }, "details": "Chrome Releases reports:\n\n> This release includes 47 security fixes, including the below. Google\n> is aware of reports that an exploit for CVE-2021-21166 exists in the\n> wild. Please see URL for details.\n", "id": "FreeBSD-2021-0056", "modified": "2021-03-04T00:00:00Z", "published": "2021-03-04T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://chromereleases.googleblog.com/2021/03/stable-channel-update-for-desktop.html" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-21159" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-21160" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-21161" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-21162" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-21163" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-21164" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-21165" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-21166" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-21167" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-21168" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-21169" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-21170" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-21171" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-21172" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-21173" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-21174" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-21175" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-21176" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-21177" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-21178" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-21179" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-21180" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-21181" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-21182" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-21183" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-21184" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-21185" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-21186" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-21187" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-21188" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-21189" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-21190" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-27844" }, { "type": "WEB", "url": "https://chromereleases.googleblog.com/2021/03/stable-channel-update-for-desktop.html" } ], "schema_version": "1.7.0", "summary": "chromium -- multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "jasper" }, "ranges": [ { "events": [ { "fixed": "2.0.25" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://github.com/jasper-software/jasper/releases" ], "discovery": "2021-02-07T00:00:00Z", "references": { "cvename": [ "CVE-2021-26926", "CVE-2021-26927", "CVE-2021-3272" ] }, "vid": "3a469cbc-7a66-11eb-bd3f-08002728f74c" }, "details": "JasPer Releases:\n\n> \\- Fix memory-related bugs in the JPEG-2000 codec resulting from\n> attempting to decode invalid code streams. (#264, #265)\n>\n> This fix is associated with CVE-2021-26926 and CVE-2021-26927.\n>\n> \\- Fix wrong return value under some compilers (#260)\n>\n> \\- Fix CVE-2021-3272 heap buffer overflow in jp2_decode (#259)\n", "id": "FreeBSD-2021-0055", "modified": "2021-03-03T00:00:00Z", "published": "2021-03-03T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://github.com/jasper-software/jasper/releases" }, { "type": "WEB", "url": "https://github.com/jasper-software/jasper/releases" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-26926" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-26927" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-3272" } ], "schema_version": "1.7.0", "summary": "jasper -- multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "py36-salt-2019" }, "ranges": [ { "events": [ { "fixed": "2019.2.8" }, { "introduced": "0" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "3000" }, { "fixed": "3002.5" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "py37-salt-2019" }, "ranges": [ { "events": [ { "fixed": "2019.2.8" }, { "introduced": "0" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "3000" }, { "fixed": "3002.5" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "py38-salt-2019" }, "ranges": [ { "events": [ { "fixed": "2019.2.8" }, { "introduced": "0" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "3000" }, { "fixed": "3002.5" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "py36-salt" }, "ranges": [ { "events": [ { "fixed": "2019.2.8" }, { "introduced": "0" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "3000" }, { "fixed": "3002.5" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "py37-salt" }, "ranges": [ { "events": [ { "fixed": "2019.2.8" }, { "introduced": "0" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "3000" }, { "fixed": "3002.5" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "py38-salt" }, "ranges": [ { "events": [ { "fixed": "2019.2.8" }, { "introduced": "0" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "3000" }, { "fixed": "3002.5" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "py39-salt" }, "ranges": [ { "events": [ { "fixed": "2019.2.8" }, { "introduced": "0" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "3000" }, { "fixed": "3002.5" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://saltproject.io/security_announcements/active-saltstack-cve-release-2021-feb-25/" ], "discovery": "2021-02-25T00:00:00Z", "references": { "cvename": [ "CVE-2021-3197", "CVE-2021-25281", "CVE-2021-25282", "CVE-2021-25283", "CVE-2021-25284", "CVE-2021-3148", "CVE-2020-35662", "CVE-2021-3144", "CVE-2020-28972", "CVE-2020-28243" ] }, "vid": "a1e03a3d-7be0-11eb-b392-20cf30e32f6d" }, "details": "SaltStack reports multiple security vulnerabilities in Salt\n\n> - CVE-2021-3197: The Salt-API.s SSH client is vulnerable to a shell\n> injection by including ProxyCommand in an argument, or via\n> ssh_options provided in an API request.\n> - CVE-2021-25281: The Salt-API does not have eAuth credentials for the\n> wheel_async client.\n> - CVE-2021-25282: The salt.wheel.pillar_roots.write method is\n> vulnerable to directory traversal.\n> - CVE-2021-25283: The jinja renderer does not protect against\n> server-side template injection attacks.\n> - CVE-2021-25284: webutils write passwords in cleartext to\n> /var/log/salt/minion\n> - CVE-2021-3148: command injection in salt.utils.thin.gen_thin()\n> - CVE-2020-35662: Several places where Salt was not verifying the SSL\n> cert by default.\n> - CVE-2021-3144: eauth Token can be used once after expiration.\n> - CVE-2020-28972: Code base not validating SSL/TLS certificate of the\n> server, which might allow attackers to obtain sensitive information\n> via a man-in-the-middle attack\n> - CVE-2020-28243: Local Privilege Escalation in the Minion.\n", "id": "FreeBSD-2021-0054", "modified": "2021-03-03T00:00:00Z", "published": "2021-03-03T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://saltproject.io/security_announcements/active-saltstack-cve-release-2021-feb-25/" }, { "type": "WEB", "url": "\"https://saltproject.io/security_announcements/active-saltstack-cve-release-2021-feb-25/\"" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-3197" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-25281" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-25282" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-25283" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-25284" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-3148" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-35662" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-3144" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-28972" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-28243" } ], "schema_version": "1.7.0", "summary": "salt -- multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "vault" }, "ranges": [ { "events": [ { "fixed": "1.6.3" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://github.com/hashicorp/vault/releases/tag/v1.6.3" ], "discovery": "2021-02-26T00:00:00Z", "references": { "cvename": [ "CVE-2021-27668" ] }, "vid": "52bd2d59-4ab5-4bef-a599-7aac4e92238b" }, "details": "vault developers report:\n\n> Limited Unauthenticated License Read: We addressed a security\n> vulnerability that allowed for the unauthenticated reading of Vault\n> licenses from DR Secondaries.\n", "id": "FreeBSD-2021-0053", "modified": "2021-02-27T00:00:00Z", "published": "2021-02-27T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://github.com/hashicorp/vault/releases/tag/v1.6.3" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-27668" }, { "type": "WEB", "url": "https://github.com/hashicorp/vault/releases/tag/v1.6.3" } ], "schema_version": "1.7.0", "summary": "vault -- unauthenticated license read" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:kernel", "name": "FreeBSD-kernel" }, "ranges": [ { "events": [ { "introduced": "12.2" }, { "fixed": "12.2_4" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "11.4" }, { "fixed": "11.4_8" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "discovery": "2021-02-24T00:00:00Z", "references": { "cvename": [ "CVE-2020-25581" ], "freebsdsa": [ "SA-21:04.jail_remove" ] }, "vid": "31ad2f10-7711-11eb-b87a-901b0ef719ab" }, "details": "# Problem Description:\n\nDue to a race condition in the jail_remove(2) implementation, it may\nfail to kill some of the processes.\n\n# Impact:\n\nA process running inside a jail can avoid being killed during jail\ntermination. If a jail is subsequently started with the same root path,\na lingering jailed process may be able to exploit the window during\nwhich a devfs filesystem is mounted but the jail\\'s devfs ruleset has\nnot been applied, to access device nodes which are ordinarily\ninaccessible. If the process is privileged, it may be able to escape the\njail and gain full access to the system.\n", "id": "FreeBSD-2021-0052", "modified": "2021-02-25T00:00:00Z", "published": "2021-02-25T00:00:00Z", "references": [ { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-25581" }, { "type": "ADVISORY", "url": "https://www.freebsd.org/security/advisories/FreeBSD-SA-21:04.jail_remove.asc" } ], "schema_version": "1.7.0", "summary": "FreeBSD -- jail_remove(2) fails to kill all jailed processes" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:kernel", "name": "FreeBSD-kernel" }, "ranges": [ { "events": [ { "introduced": "12.2" }, { "fixed": "12.2_4" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "11.4" }, { "fixed": "11.4_8" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "discovery": "2021-02-24T00:00:00Z", "references": { "cvename": [ "CVE-2021-26932" ], "freebsdsa": [ "SA-21:06.xen" ] }, "vid": "5b8c6e1e-770f-11eb-b87a-901b0ef719ab" }, "details": "# Problem Description:\n\nGrant mapping operations often occur in batch hypercalls, where a number\nof operations are done in a single hypercall, the success or failure of\neach one reported to the backend driver, and the backend driver then\nloops over the results, performing follow-up actions based on the\nsuccess or failure of each operation.\n\nUnfortunately, when running in HVM/PVH mode, the FreeBSD backend drivers\nmishandle this: Some errors are ignored, effectively implying their\nsuccess from the success of related batch elements. In other cases,\nerrors resulting from one batch element lead to further batch elements\nnot being inspected, and hence successful ones to not be possible to\nproperly unmap upon error recovery.\n\n# Impact:\n\nA malicious or buggy frontend driver may be able to cause resource leaks\nin the domain running the corresponding backend driver.\n", "id": "FreeBSD-2021-0051", "modified": "2021-02-25T00:00:00Z", "published": "2021-02-25T00:00:00Z", "references": [ { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-26932" }, { "type": "ADVISORY", "url": "https://www.freebsd.org/security/advisories/FreeBSD-SA-21:06.xen.asc" } ], "schema_version": "1.7.0", "summary": "FreeBSD -- Xen grant mapping error handling issues" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:kernel", "name": "FreeBSD-kernel" }, "ranges": [ { "events": [ { "introduced": "12.2" }, { "fixed": "12.2_4" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "11.4" }, { "fixed": "11.4_8" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "discovery": "2021-02-24T00:00:00Z", "references": { "cvename": [ "CVE-2020-25582" ], "freebsdsa": [ "SA-21:05.jail_chdir" ] }, "vid": "bba850fd-770e-11eb-b87a-901b0ef719ab" }, "details": "# Problem Description:\n\nWhen a process, such as jexec(8) or killall(1), calls jail_attach(2) to\nenter a jail, the jailed root can attach to it using ptrace(2) before\nthe current working directory is changed.\n\n# Impact:\n\nA process with superuser privileges running inside a jail could change\nthe root directory outside of the jail, thereby gaining full read and\nwriting access to all files and directories in the system.\n", "id": "FreeBSD-2021-0050", "modified": "2021-02-25T00:00:00Z", "published": "2021-02-25T00:00:00Z", "references": [ { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-25582" }, { "type": "ADVISORY", "url": "https://www.freebsd.org/security/advisories/FreeBSD-SA-21:05.jail_chdir.asc" } ], "schema_version": "1.7.0", "summary": "FreeBSD -- jail_attach(2) relies on the caller to change the cwd" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "FreeBSD" }, "ranges": [ { "events": [ { "introduced": "12.2" }, { "fixed": "12.2_4" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "11.4" }, { "fixed": "11.4_8" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "discovery": "2021-02-24T00:00:00Z", "references": { "cvename": [ "CVE-2020-25580" ], "freebsdsa": [ "SA-21:03.pam_login_access" ] }, "vid": "a8654f1d-770d-11eb-b87a-901b0ef719ab" }, "details": "# Problem Description:\n\nA regression in the login.access(5) rule processor has the effect of\ncausing rules to fail to match even when they should not. This means\nthat rules denying access may be ignored.\n\n# Impact:\n\nThe configuration in login.access(5) may not be applied, permitting\nlogin access to users even when the system is configured to deny it.\n", "id": "FreeBSD-2021-0049", "modified": "2021-02-25T00:00:00Z", "published": "2021-02-25T00:00:00Z", "references": [ { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-25580" }, { "type": "ADVISORY", "url": "https://www.freebsd.org/security/advisories/FreeBSD-SA-21:03.pam_login_access.asc" } ], "schema_version": "1.7.0", "summary": "FreeBSD -- login.access fails to apply rules" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "redis-devel" }, "ranges": [ { "events": [ { "fixed": "6.2.0" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "redis" }, "ranges": [ { "events": [ { "fixed": "6.0.11" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "redis5" }, "ranges": [ { "events": [ { "fixed": "5.0.11" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://github.com/redis/redis/releases/tag/6.2.0" ], "discovery": "2021-02-22T00:00:00Z", "references": { "cvename": [ "CVE-2021-21309" ] }, "vid": "0e38b8f8-75dd-11eb-83f2-8c164567ca3c" }, "details": "Redis Development team reports:\n\n> Redis 4.0 or newer uses a configurable limit for the maximum supported\n> bulk input size. By default, it is 512MB which is a safe value for all\n> platforms. If the limit is significantly increased, receiving a large\n> request from a client may trigger several integer overflow scenarios,\n> which would result with buffer overflow and heap corruption.\n", "id": "FreeBSD-2021-0048", "modified": "2021-02-23T00:00:00Z", "published": "2021-02-23T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://github.com/redis/redis/releases/tag/6.2.0" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-21309" } ], "schema_version": "1.7.0", "summary": "redis -- Integer overflow on 32-bit systems" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "zeek" }, "ranges": [ { "events": [ { "fixed": "3.0.13" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://github.com/zeek/zeek/releases/tag/v3.0.13" ], "discovery": "2021-02-10T00:00:00Z", "vid": "3e9624b3-e92b-4460-8a5a-93247c52c5a1" }, "details": "Jon Siwek of Corelight reports:\n\n> Fix ASCII Input reader\\'s treatment of input files containing\n> null-bytes. An input file containing null-bytes could lead to a\n> buffer-over-read, crash Zeek, and be exploited to cause Denial of\n> Service.\n", "id": "FreeBSD-2021-0047", "modified": "2021-02-22T00:00:00Z", "published": "2021-02-22T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://github.com/zeek/zeek/releases/tag/v3.0.13" }, { "type": "WEB", "url": "https://github.com/zeek/zeek/releases/tag/v3.0.13" } ], "schema_version": "1.7.0", "summary": "zeek -- Remote crash vulnerability" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "raptor2" }, "ranges": [ { "events": [ { "fixed": "2.0.15_17" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://bugs.librdf.org/mantis/view.php?id=650" ], "discovery": "2020-11-24T00:00:00Z", "vid": "9c03845c-7398-11eb-bc0e-2cf05d620ecc" }, "details": "Redland Issue Tracker reports:\n\n> due to an out of bounds array access in\n> raptor_xml_writer_start_element_common.\n", "id": "FreeBSD-2021-0046", "modified": "2021-02-20T00:00:00Z", "published": "2021-02-20T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://bugs.librdf.org/mantis/view.php?id=650" }, { "type": "WEB", "url": "https://bugs.librdf.org/mantis/view.php?id=650" } ], "schema_version": "1.7.0", "summary": "raptor2 -- malformed input file can lead to a segfault" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "jenkins" }, "ranges": [ { "events": [ { "fixed": "2.280" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://www.jenkins.io/security/advisory/2021-02-19/" ], "discovery": "2021-02-19T00:00:00Z", "vid": "a45d945a-cc2c-4cd7-a941-fb58fdb1b01e" }, "details": "Jenkins Security Advisory:\n\n> # Description\n>\n> ##### (high) SECURITY-2195 / CVE-2021-22112\n>\n> Privilege escalation vulnerability in bundled Spring Security library\n", "id": "FreeBSD-2021-0045", "modified": "2021-02-20T00:00:00Z", "published": "2021-02-20T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://www.jenkins.io/security/advisory/2021-02-19/" }, { "type": "WEB", "url": "https://www.jenkins.io/security/advisory/2021-02-19/" } ], "schema_version": "1.7.0", "summary": "jenkins -- Privilege escalation vulnerability in bundled Spring Security library" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "asterisk13" }, "ranges": [ { "events": [ { "fixed": "13.38.2" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "asterisk16" }, "ranges": [ { "events": [ { "fixed": "16.16.1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "asterisk18" }, "ranges": [ { "events": [ { "fixed": "18.2.1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://www.asterisk.org/downloads/security-advisories" ], "discovery": "2021-02-08T00:00:00Z", "references": { "cvename": [ "CVE-2021-26906" ] }, "vid": "1bb2826b-7229-11eb-8386-001999f8d30b" }, "details": "The Asterisk project reports:\n\n> Given a scenario where an outgoing call is placed from Asterisk to a\n> remote SIP server it is possible for a crash to occur.\n", "id": "FreeBSD-2021-0044", "modified": "2021-02-18T00:00:00Z", "published": "2021-02-18T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://www.asterisk.org/downloads/security-advisories" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-26906" }, { "type": "WEB", "url": "https://downloads.asterisk.org/pub/security/AST-2021-005.html" } ], "schema_version": "1.7.0", "summary": "asterisk -- Remote Crash Vulnerability in PJSIP channel driver" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "asterisk16" }, "ranges": [ { "events": [ { "introduced": "16.16.0" }, { "fixed": "16.16.1" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "asterisk18" }, "ranges": [ { "events": [ { "introduced": "18.2.0" }, { "fixed": "18.2.1" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://www.asterisk.org/downloads/security-advisories" ], "discovery": "2021-02-11T00:00:00Z", "references": { "cvename": [ "CVE-2021-26714" ] }, "vid": "ca21f5e7-7228-11eb-8386-001999f8d30b" }, "details": "The Asterisk project reports:\n\n> Due to a signedness comparison mismatch, an authenticated WebRTC\n> client could cause a stack overflow and Asterisk crash by sending\n> multiple hold/unhold requests in quick succession.\n", "id": "FreeBSD-2021-0043", "modified": "2021-02-18T00:00:00Z", "published": "2021-02-18T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://www.asterisk.org/downloads/security-advisories" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-26714" }, { "type": "WEB", "url": "https://downloads.asterisk.org/pub/security/AST-2021-004.html" } ], "schema_version": "1.7.0", "summary": "asterisk -- An unsuspecting user could crash Asterisk with multiple hold/unhold requests" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "asterisk13" }, "ranges": [ { "events": [ { "introduced": "13.38.1" }, { "fixed": "13.38.2" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "asterisk16" }, "ranges": [ { "events": [ { "introduced": "16.16.0" }, { "fixed": "16.16.1" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "asterisk18" }, "ranges": [ { "events": [ { "introduced": "18.2.0" }, { "fixed": "18.2.1" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://www.asterisk.org/downloads/security-advisories" ], "discovery": "2021-02-18T00:00:00Z", "references": { "cvename": [ "CVE-2021-26712" ] }, "vid": "5d8ef725-7228-11eb-8386-001999f8d30b" }, "details": "The Asterisk project reports:\n\n> An unauthenticated remote attacker could replay SRTP packets which\n> could cause an Asterisk instance configured without strict RTP\n> validation to tear down calls prematurely.\n", "id": "FreeBSD-2021-0042", "modified": "2021-02-18T00:00:00Z", "published": "2021-02-18T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://www.asterisk.org/downloads/security-advisories" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-26712" }, { "type": "WEB", "url": "https://downloads.asterisk.org/pub/security/AST-2021-003.html" } ], "schema_version": "1.7.0", "summary": "asterisk -- Remote attacker could prematurely tear down SRTP calls" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "asterisk16" }, "ranges": [ { "events": [ { "introduced": "16.15.0" }, { "fixed": "16.16.1" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "asterisk18" }, "ranges": [ { "events": [ { "introduced": "18.1.0" }, { "fixed": "18.2.1" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://www.asterisk.org/downloads/security-advisories" ], "discovery": "2021-02-05T00:00:00Z", "references": { "cvename": [ "CVE-2021-26717" ] }, "vid": "e3894955-7227-11eb-8386-001999f8d30b" }, "details": "The Asterisk project reports:\n\n> When re-negotiating for T.38 if the initial remote response was\n> delayed just enough Asterisk would send both audio and T.38 in the\n> SDP. If this happened, and the remote responded with a declined T.38\n> stream then Asterisk would crash.\n", "id": "FreeBSD-2021-0041", "modified": "2021-02-18T00:00:00Z", "published": "2021-02-18T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://www.asterisk.org/downloads/security-advisories" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-26717" }, { "type": "WEB", "url": "https://downloads.asterisk.org/pub/security/AST-2021-002.html" } ], "schema_version": "1.7.0", "summary": "asterisk -- Remote crash possible when negotiating T.38" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "asterisk13" }, "ranges": [ { "events": [ { "introduced": "13.38.1" }, { "fixed": "13.38.2" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "asterisk16" }, "ranges": [ { "events": [ { "introduced": "16.15.1" }, { "fixed": "16.16.1" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "asterisk18" }, "ranges": [ { "events": [ { "introduced": "18.1.1" }, { "fixed": "18.2.1" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://www.asterisk.org/downloads/security-advisories" ], "discovery": "2021-01-04T00:00:00Z", "references": { "cvename": [ "CVE-2020-35776" ] }, "vid": "b330db5f-7225-11eb-8386-001999f8d30b" }, "details": "The Asterisk project reports:\n\n> If a registered user is tricked into dialing a malicious number that\n> sends lots of 181 responses to Asterisk, each one will cause a 181 to\n> be sent back to the original caller with an increasing number of\n> entries in the \\\"Supported\\\" header. Eventually the number of entries\n> in the header exceeds the size of the entry array and causes a crash.\n", "id": "FreeBSD-2021-0040", "modified": "2021-02-18T00:00:00Z", "published": "2021-02-18T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://www.asterisk.org/downloads/security-advisories" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-35776" }, { "type": "WEB", "url": "https://downloads.asterisk.org/pub/security/AST-2021-001.html" } ], "schema_version": "1.7.0", "summary": "asterisk -- Remote crash in res_pjsip_diversion" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "rubygem-activerecord52" }, "ranges": [ { "events": [ { "fixed": "5.2.4.5" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "rubygem-actionpack60" }, "ranges": [ { "events": [ { "fixed": "6.0.3.5" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "rubygem-activerecord60" }, "ranges": [ { "events": [ { "fixed": "6.0.3.5" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "rubygem-actionpack61" }, "ranges": [ { "events": [ { "fixed": "6.1.2.1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "rubygem-activerecord61" }, "ranges": [ { "events": [ { "fixed": "6.1.2.1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://weblog.rubyonrails.org/2021/2/10/Rails-5-2-4-5-6-0-3-5-and-6-1-2-1-have-been-released/" ], "discovery": "2021-02-10T00:00:00Z", "references": { "cvename": [ "CVE-2021-22880", "CVE-2021-22881" ] }, "vid": "8e670b85-706e-11eb-abb2-08002728f74c" }, "details": "Ruby on Rails blog:\n\n> Rails version 5.2.4.5, 6.0.3.5 and 6.1.2.1 have been released! Those\n> version are security releases and addresses two issues:\n>\n> CVE-2021-22880: Possible DoS Vulnerability in Active Record PostgreSQL\n> adapter.\n>\n> CVE-2021-22881: Possible Open Redirect in Host Authorization\n> Middleware.\n", "id": "FreeBSD-2021-0039", "modified": "2021-02-17T00:00:00Z", "published": "2021-02-17T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://weblog.rubyonrails.org/2021/2/10/Rails-5-2-4-5-6-0-3-5-and-6-1-2-1-have-been-released/" }, { "type": "WEB", "url": "https://weblog.rubyonrails.org/2021/2/10/Rails-5-2-4-5-6-0-3-5-and-6-1-2-1-have-been-released/" }, { "type": "WEB", "url": "https://discuss.rubyonrails.org/t/cve-2021-22880-possible-dos-vulnerability-in-active-record-postgresql-adapter/77129" }, { "type": "WEB", "url": "https://discuss.rubyonrails.org/t/cve-2021-22881-possible-open-redirect-in-host-authorization-middleware/77130" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-22880" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-22881" } ], "schema_version": "1.7.0", "summary": "Rails -- multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "chromium" }, "ranges": [ { "events": [ { "fixed": "88.0.4324.182" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://chromereleases.googleblog.com/2021/02/stable-channel-update-for-desktop_16.html" ], "discovery": "2021-02-16T00:00:00Z", "references": { "cvename": [ "CVE-2021-21149", "CVE-2021-21150", "CVE-2021-21151", "CVE-2021-21152", "CVE-2021-21153", "CVE-2021-21154", "CVE-2021-21155", "CVE-2021-21156", "CVE-2021-21157" ] }, "vid": "48514901-711d-11eb-9846-e09467587c17" }, "details": "Chrome Releases reports:\n\n> This release contains 10 security fixes, including:\n>\n> - \\[1138143\\] High CVE-2021-21149: Stack overflow in Data Transfer.\n> Reported by Ryoya Tsukasaki on 2020-10-14\n> - \\[1172192\\] High CVE-2021-21150: Use after free in Downloads.\n> Reported by Woojin Oh(@pwn_expoit) of STEALIEN on 2021-01-29\n> - \\[1165624\\] High CVE-2021-21151: Use after free in Payments.\n> Reported by Khalil Zhani on 2021-01-12\n> - \\[1166504\\] High CVE-2021-21152: Heap buffer overflow in Media.\n> Reported by Anonymous on 2021-01-14\n> - \\[1155974\\] High CVE-2021-21153: Stack overflow in GPU Process.\n> Reported by Jan Ruge of ERNW GmbH on 2020-12-06\n> - \\[1173269\\] High CVE-2021-21154: Heap buffer overflow in Tab Strip.\n> Reported by Abdulrahman Alqabandi, Microsoft Browser Vulnerability\n> Research on 2021-02-01\n> - \\[1175500\\] High CVE-2021-21155: Heap buffer overflow in Tab Strip.\n> Reported by Khalil Zhani on 2021-02-07\n> - \\[1177341\\] High CVE-2021-21156: Heap buffer overflow in V8.\n> Reported by Sergei Glazunov of Google Project Zero on 2021-02-11\n> - \\[1170657\\] Medium CVE-2021-21157: Use after free in Web Sockets.\n> Reported by Anonymous on 2021-01-26\n", "id": "FreeBSD-2021-0038", "modified": "2021-02-17T00:00:00Z", "published": "2021-02-17T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://chromereleases.googleblog.com/2021/02/stable-channel-update-for-desktop_16.html" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-21149" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-21150" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-21151" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-21152" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-21153" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-21154" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-21155" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-21156" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-21157" }, { "type": "WEB", "url": "https://chromereleases.googleblog.com/2021/02/stable-channel-update-for-desktop_16.html" } ], "schema_version": "1.7.0", "summary": "chromium -- multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "openssl" }, "ranges": [ { "events": [ { "fixed": "1.1.1j,1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "openssl-devel" }, "ranges": [ { "events": [ { "fixed": "3.0.0.a12" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "FreeBSD" }, "ranges": [ { "events": [ { "introduced": "12.2" }, { "fixed": "12.2_10" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "11.4" }, { "fixed": "11.4_13" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://www.openssl.org/news/secadv/20210216.txt" ], "discovery": "2021-02-16T00:00:00Z", "references": { "cvename": [ "CVE-2021-23841", "CVE-2021-23840", "CVE-2021-23839" ], "freebsdsa": [ "SA-21:17.openssl" ] }, "vid": "96a21236-707b-11eb-96d8-d4c9ef517024" }, "details": "The OpenSSL project reports:\n\n> Null pointer deref in X509_issuer_and_serial_hash() CVE-2021-23841\\\n> (Moderate) The OpenSSL public API function\n> X509_issuer_and_serial_hash() attempts to create a unique hash value\n> based on the issuer and serial number data contained within an X509\n> certificate. However it fails to correctly handle any errors that may\n> occur while parsing the issuer field (which might occur if the issuer\n> field is maliciously constructed). This may subsequently result in a\n> NULL pointer deref and a crash leading to a potential denial of\n> service attack.\n>\n> Integer overflow in CipherUpdate CVE-2021-23840\\\n> (Low) Calls to EVP_CipherUpdate, EVP_EncryptUpdate and\n> EVP_DecryptUpdate may overflow the output length argument in some\n> cases where the input length is close to the maximum permissable\n> length for an integer on the platform. In such cases the return value\n> from the function call will be 1 (indicating success), but the output\n> length value will be negative. This could cause applications to behave\n> incorrectly or crash.\n", "id": "FreeBSD-2021-0037", "modified": "2021-08-25T00:00:00Z", "published": "2021-02-16T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://www.openssl.org/news/secadv/20210216.txt" }, { "type": "WEB", "url": "https://www.openssl.org/news/secadv/20210216.txt" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-23841" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-23840" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-23839" }, { "type": "ADVISORY", "url": "https://www.freebsd.org/security/advisories/FreeBSD-SA-21:17.openssl.asc" } ], "schema_version": "1.7.0", "summary": "OpenSSL -- Multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "ilmbase" }, "ranges": [ { "events": [ { "fixed": "2.5.5" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "openexr" }, "ranges": [ { "events": [ { "fixed": "2.5.5" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://github.com/AcademySoftwareFoundation/openexr/releases/tag/v2.5.5" ], "discovery": "2021-02-12T00:00:00Z", "references": { "cvename": [ "CVE-2021-20296", "CVE-2021-3479", "CVE-2021-3478", "CVE-2021-3477", "CVE-2021-3476", "CVE-2021-3475", "CVE-2021-3474" ] }, "vid": "98044aba-6d72-11eb-aed7-1b1b8a70cc8b" }, "details": "Cary Phillips reports:\n\n> Patch release with various bug/sanitizer/security fixes, primarily\n> related to reading corrupted input files\\[\\...\\].\n", "id": "FreeBSD-2021-0036", "modified": "2021-02-12T00:00:00Z", "published": "2021-02-12T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://github.com/AcademySoftwareFoundation/openexr/releases/tag/v2.5.5" }, { "type": "WEB", "url": "https://github.com/AcademySoftwareFoundation/openexr/releases/tag/v2.5.5" }, { "type": "WEB", "url": "https://github.com/AcademySoftwareFoundation/openexr/releases/tag/v2.5.4" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-20296" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-3479" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-3478" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-3477" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-3476" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-3475" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-3474" } ], "schema_version": "1.7.0", "summary": "openexr, ilmbase -- security fixes related to reading corrupted input files" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "gitlab-ce" }, "ranges": [ { "events": [ { "introduced": "13.8.0" }, { "fixed": "13.8.4" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "13.7.0" }, { "fixed": "13.7.7" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "10.5" }, { "fixed": "13.6.7" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://about.gitlab.com/releases/2021/02/11/security-release-gitlab-13-8-4-released/" ], "discovery": "2021-02-11T00:00:00Z", "vid": "1020d401-6d2d-11eb-ab0b-001b217b3468" }, "details": "Gitlab reports:\n\n> Improper Certificate Validation for Fortinet OTP\n>\n> Denial of Service Attack on gitlab-shell\n>\n> Resource exhaustion due to pending jobs\n>\n> Confidential issue titles were exposed\n>\n> Improper access control allowed demoted project members to access\n> authored merge requests\n>\n> Improper access control allowed unauthorized users to access analytic\n> pages\n>\n> Unauthenticated CI lint API may lead to information disclosure and\n> SSRF\n>\n> Prometheus integration in Gitlab may lead to SSRF\n", "id": "FreeBSD-2021-0035", "modified": "2021-02-12T00:00:00Z", "published": "2021-02-12T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://about.gitlab.com/releases/2021/02/11/security-release-gitlab-13-8-4-released/" }, { "type": "WEB", "url": "https://about.gitlab.com/releases/2021/02/11/security-release-gitlab-13-8-4-released/" } ], "schema_version": "1.7.0", "summary": "Gitlab -- Multiple Vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "oauth2-proxy" }, "ranges": [ { "events": [ { "fixed": "7.0.0" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://nvd.nist.gov/vuln/detail/CVE-2021-21291" ], "discovery": "2021-02-02T00:00:00Z", "vid": "3003ba60-6cec-11eb-8815-040e3c1b8a02" }, "details": "The oauth2-proxy Team reports:\n\n> In OAuth2 Proxy before version 7.0.0, for users that use the whitelist\n> domain feature, a domain that ended in a similar way to the intended\n> domain could have been allowed as a redirect.\n", "id": "FreeBSD-2021-0034", "modified": "2021-02-12T00:00:00Z", "published": "2021-02-12T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-21291" }, { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-21291" } ], "schema_version": "1.7.0", "summary": "oauth2-proxy -- domain whitelist could be used as redirect" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "mod_dav_svn" }, "ranges": [ { "events": [ { "introduced": "1.9.0" }, { "last_affected": "1.10.6" }, { "fixed": "1.10.6" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "1.11.0" }, { "last_affected": "1.14.0" }, { "fixed": "1.14.0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://subversion.apache.org/security/CVE-2020-17525-advisory.txt" ], "discovery": "2021-01-29T00:00:00Z", "vid": "06a5abd4-6bc2-11eb-b292-90e2baa3bafc" }, "details": "Subversion project reports:\n\n> Subversion\\'s mod_authz_svn module will crash if the server is using\n> in-repository authz rules with the AuthzSVNReposRelativeAccessFile\n> option and a client sends a request for a non-existing repository URL.\n", "id": "FreeBSD-2021-0033", "modified": "2021-02-10T00:00:00Z", "published": "2021-02-10T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://subversion.apache.org/security/CVE-2020-17525-advisory.txt" }, { "type": "WEB", "url": "https://subversion.apache.org/security/CVE-2020-17525-advisory.txt" } ], "schema_version": "1.7.0", "summary": "mod_dav_svn -- server crash" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "gitea" }, "ranges": [ { "events": [ { "fixed": "1.13.2" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://blog.gitea.io/2021/02/gitea-1.13.2-is-released/" ], "discovery": "2021-01-07T00:00:00Z", "references": { "freebsdpr": [ "ports/253295" ] }, "vid": "cdb10765-6879-11eb-a7d8-08002734b9ed" }, "details": "The Gitea Team reports for release 1.13.2:\n\n> - Prevent panic on fuzzer provided string\n> - Add secure/httpOnly attributes to the lang cookie\n", "id": "FreeBSD-2021-0032", "modified": "2021-02-06T00:00:00Z", "published": "2021-02-06T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://blog.gitea.io/2021/02/gitea-1.13.2-is-released/" }, { "type": "WEB", "url": "https://github.com/go-gitea/gitea/releases/tag/v1.13.2" }, { "type": "REPORT", "url": "https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=253295" } ], "schema_version": "1.7.0", "summary": "gitea -- multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "chromium" }, "ranges": [ { "events": [ { "fixed": "88.0.4324.150" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://chromereleases.googleblog.com/2021/02/stable-channel-update-for-desktop_4.html" ], "discovery": "2021-02-04T00:00:00Z", "references": { "cvename": [ "CVE-2021-21148" ] }, "vid": "3e01aad2-680e-11eb-83e2-e09467587c17" }, "details": "Chrome Releases reports:\n\n> \\[1170176\\] High CVE-2021-21148: Heap buffer overflow in V8. Reported\n> by Mattias Buelens on 2021-01-24. Google is aware of reports that an\n> exploit for CVE-2021-21148 exists in the wild.\n", "id": "FreeBSD-2021-0031", "modified": "2021-02-05T00:00:00Z", "published": "2021-02-05T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://chromereleases.googleblog.com/2021/02/stable-channel-update-for-desktop_4.html" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-21148" }, { "type": "WEB", "url": "https://chromereleases.googleblog.com/2021/02/stable-channel-update-for-desktop_4.html" } ], "schema_version": "1.7.0", "summary": "chromium -- heap buffer overflow in V8" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "chromium" }, "ranges": [ { "events": [ { "fixed": "88.0.4324.146" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://chromereleases.googleblog.com/2021/02/stable-channel-update-for-desktop.html" ], "discovery": "2021-02-02T00:00:00Z", "references": { "cvename": [ "CVE-2021-21142", "CVE-2021-21143", "CVE-2021-21144", "CVE-2021-21145", "CVE-2021-21146", "CVE-2021-21147" ] }, "vid": "479fdfda-6659-11eb-83e2-e09467587c17" }, "details": "Chrome Releases reports:\n\n> This update include 6 security fixes:\n>\n> - 1169317\\] Critical CVE-2021-21142: Use after free in Payments.\n> Reported by Khalil Zhani on 2021-01-21\n> - \\[1163504\\] High CVE-2021-21143: Heap buffer overflow in Extensions.\n> Reported by Allen Parker and Alex Morgan of MU on 2021-01-06\n> - \\[1163845\\] High CVE-2021-21144: Heap buffer overflow in Tab Groups.\n> Reported by Leecraso and Guang Gong of 360 Alpha Lab on 2021-01-07\n> - \\[1154965\\] High CVE-2021-21145: Use after free in Fonts. Reported\n> by Anonymous on 2020-12-03\n> - \\[1161705\\] High CVE-2021-21146: Use after free in Navigation.\n> Reported by Alison Huffman and Choongwoo Han of Microsoft Browser\n> Vulnerability Research on 2020-12-24\n> - \\[1162942\\] Medium CVE-2021-21147: Inappropriate implementation in\n> Skia. Reported by Roman Starkov on 2021-01-04\n", "id": "FreeBSD-2021-0030", "modified": "2021-02-03T00:00:00Z", "published": "2021-02-03T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://chromereleases.googleblog.com/2021/02/stable-channel-update-for-desktop.html" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-21142" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-21143" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-21144" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-21145" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-21146" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-21147" }, { "type": "WEB", "url": "https://chromereleases.googleblog.com/2021/02/stable-channel-update-for-desktop.html" } ], "schema_version": "1.7.0", "summary": "www/chromium -- multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "gitlab-ce" }, "ranges": [ { "events": [ { "introduced": "13.8.0" }, { "fixed": "13.8.2" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "13.7.0" }, { "fixed": "13.7.6" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "11.8" }, { "fixed": "13.6.6" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://about.gitlab.com/blog/2021/02/01/security-release-gitlab-13-8-2-released/" ], "discovery": "2021-02-01T00:00:00Z", "references": { "cvename": [ "CVE-2021-22172", "CVE-2021-22169" ] }, "vid": "66d1c277-652a-11eb-bb3f-001b217b3468" }, "details": "Gitlab reports:\n\n> Stored XSS in merge request\n>\n> Stored XSS in epic\\'s pages\n>\n> Sensitive GraphQL variables exposed in structured log\n>\n> Guest user can see tag names in private projects\n>\n> Information disclosure via error message\n>\n> DNS rebinding protection bypass\n>\n> Validate existence of private project\n", "id": "FreeBSD-2021-0029", "modified": "2021-02-02T00:00:00Z", "published": "2021-02-02T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://about.gitlab.com/blog/2021/02/01/security-release-gitlab-13-8-2-released/" }, { "type": "WEB", "url": "https://about.gitlab.com/blog/2021/02/01/security-release-gitlab-13-8-2-released/" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-22172" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-22169" } ], "schema_version": "1.7.0", "summary": "Gitlab -- Multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "minio" }, "ranges": [ { "events": [ { "fixed": "2021.01.30.00.20.58" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://github.com/minio/minio/security/advisories/GHSA-m4qq-5f7c-693q" ], "discovery": "2021-01-29T00:00:00Z", "vid": "8ec7d426-055d-46bc-8f5a-a9d73a5a71ab" }, "details": "Minio developers report:\n\n> Thanks to \\@phith0n from our community upon a code review, discovered\n> an SSRF (Server Side Request Forgery) in our Browser API\n> implementation. We have not observed this report/attack in the wild or\n> reported elsewhere in the community at large.\n>\n> All users are advised to upgrade ASAP.\n>\n> The target application may have functionality for importing data from\n> a URL, publishing data to a URL, or otherwise reading data from a URL\n> that can be tampered with. The attacker modifies the calls to this\n> functionality by supplying a completely different URL or by\n> manipulating how URLs are built (path traversal etc.).\n>\n> In a Server-Side Request Forgery (SSRF) attack, the attacker can abuse\n> functionality on the server to read or update internal resources. The\n> attacker can supply or modify a URL which the code running on the\n> server will read or submit data, and by carefully selecting the URLs,\n> the attacker may be able to read server configuration such as AWS\n> metadata, connect to internal services like HTTP enabled databases, or\n> perform post requests towards internal services which are not intended\n> to be exposed.\n", "id": "FreeBSD-2021-0028", "modified": "2021-01-31T00:00:00Z", "published": "2021-01-31T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://github.com/minio/minio/security/advisories/GHSA-m4qq-5f7c-693q" }, { "type": "WEB", "url": "https://github.com/minio/minio/security/advisories/GHSA-m4qq-5f7c-693q" } ], "schema_version": "1.7.0", "summary": "minio -- Server Side Request Forgery" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:kernel", "name": "FreeBSD-kernel" }, "ranges": [ { "events": [ { "introduced": "12.2" }, { "fixed": "12.2_3" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "12.1" }, { "fixed": "12.1_13" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "11.4" }, { "fixed": "11.4_7" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "discovery": "2021-01-29T00:00:00Z", "references": { "cvename": [ "CVE-2020-29568" ], "freebsdsa": [ "SA-21:02.xenoom" ] }, "vid": "5d91370b-61fd-11eb-b87a-901b0ef719ab" }, "details": "# Problem Description:\n\nSome OSes (including Linux, FreeBSD, and NetBSD) are processing watch\nevents using a single thread. If the events are received faster than the\nthread is able to handle, they will get queued.\n\nAs the queue is unbound, a guest may be able to trigger a OOM in the\nbackend.\n", "id": "FreeBSD-2021-0027", "modified": "2021-01-29T00:00:00Z", "published": "2021-01-29T00:00:00Z", "references": [ { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-29568" }, { "type": "ADVISORY", "url": "https://www.freebsd.org/security/advisories/FreeBSD-SA-21:02.xenoom.asc" } ], "schema_version": "1.7.0", "summary": "FreeBSD -- Xen guests can triger backend Out Of Memory" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:kernel", "name": "FreeBSD-kernel" }, "ranges": [ { "events": [ { "introduced": "12.2" }, { "fixed": "12.2_3" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "12.1" }, { "fixed": "12.1_13" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "11.4" }, { "fixed": "11.4_7" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "discovery": "2021-01-29T00:00:00Z", "references": { "cvename": [ "CVE-2020-25578", "CVE-2020-25579" ], "freebsdsa": [ "SA-21:01.fsdisclosure" ] }, "vid": "a9c6e9be-61fb-11eb-b87a-901b0ef719ab" }, "details": "# Problem Description:\n\nSeveral file systems were not properly initializing the d_off field of\nthe dirent structures returned by VOP_READDIR. In particular, tmpfs(5),\nsmbfs(5), autofs(5) and mqueuefs(5) were failing to do so. As a result,\neight uninitialized kernel stack bytes may be leaked to userspace by\nthese file systems. This problem is not present in FreeBSD 11.\n\nAdditionally, msdosfs(5) was failing to zero-fill a pair of padding\nfields in the dirent structure, resulting in a leak of three\nuninitialized bytes.\n\n# Impact:\n\nKernel stack disclosures may leak sensitive information which could be\nused to compromise the security of the system.\n", "id": "FreeBSD-2021-0026", "modified": "2021-01-29T00:00:00Z", "published": "2021-01-29T00:00:00Z", "references": [ { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-25578" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-25579" }, { "type": "ADVISORY", "url": "https://www.freebsd.org/security/advisories/FreeBSD-SA-21:01.fsdisclosure.asc" } ], "schema_version": "1.7.0", "summary": "FreeBSD -- Uninitialized kernel stack leaks in several file systems" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "pngcheck" }, "ranges": [ { "events": [ { "fixed": "3.0.1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "http://www.libpng.org/pub/png/apps/pngcheck.html" ], "discovery": "2021-01-24T00:00:00Z", "vid": "13ca36b8-6141-11eb-8a36-7085c2fb2c14" }, "details": "The libpng project reports:\n\n> pngcheck versions 3.0.0 and earlier have a pair of buffer-overrun bugs\n> related to the sPLT and PPLT chunks (the latter is a MNG-only chunk,\n> but it gets noticed even in PNG files if the -s option is used). Both\n> bugs are fixed in version 3.0.1, released on 24 January 2021. Again,\n> while all known vulnerabilities are fixed in this version, the code is\n> quite crufty, so it would be safest to assume there are still some\n> problems hidden in there. As always, use at your own risk.\n", "id": "FreeBSD-2021-0025", "modified": "2021-01-28T00:00:00Z", "published": "2021-01-28T00:00:00Z", "references": [ { "type": "REPORT", "url": "http://www.libpng.org/pub/png/apps/pngcheck.html" }, { "type": "WEB", "url": "http://www.libpng.org/pub/png/apps/pngcheck.html" } ], "schema_version": "1.7.0", "summary": "pngcheck -- Buffer-overrun vulnerability" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "sudo" }, "ranges": [ { "events": [ { "fixed": "1.9.5p2" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://www.sudo.ws/stable.html#1.9.5p2" ], "discovery": "2021-01-26T00:00:00Z", "references": { "cvename": [ "CVE-2021-3156" ] }, "vid": "f3cf4b33-6013-11eb-9a0e-206a8a720317" }, "details": "Todd C. Miller reports:\n\n> When invoked as sudoedit, the same set of command line options are now\n> accepted as for sudo -e. The -H and -P options are now rejected for\n> sudoedit and sudo -e which matches the sudo 1.7 behavior. This is part\n> of the fix for CVE-2021-3156.\n>\n> Fixed a potential buffer overflow when unescaping backslashes in the\n> command\\'s arguments. Normally, sudo escapes special characters when\n> running a command via a shell (sudo -s or sudo -i). However, it was\n> also possible to run sudoedit with the -s or -i flags in which case no\n> escaping had actually been done, making a buffer overflow possible.\n> This fixes CVE-2021-3156.\n", "id": "FreeBSD-2021-0024", "modified": "2021-01-26T00:00:00Z", "published": "2021-01-26T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://www.sudo.ws/stable.html#1.9.5p2" }, { "type": "WEB", "url": "https://www.sudo.ws/stable.html#1.9.5p2" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-3156" } ], "schema_version": "1.7.0", "summary": "sudo -- Multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "py36-pysaml2" }, "ranges": [ { "events": [ { "fixed": "6.5.0" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "py37-pysaml2" }, "ranges": [ { "events": [ { "fixed": "6.5.0" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "py38-pysaml2" }, "ranges": [ { "events": [ { "fixed": "6.5.0" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "py39-pysaml2" }, "ranges": [ { "events": [ { "fixed": "6.5.0" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://github.com/IdentityPython/pysaml2/releases" ], "discovery": "2021-01-20T00:00:00Z", "references": { "cvename": [ "CVE-2021-21238", "CVE-2021-21239" ] }, "vid": "fb67567a-5d95-11eb-a955-08002728f74c" }, "details": "pysaml2 Releases:\n\n> Fix processing of invalid SAML XML documents - CVE-2021-21238\n>\n> Fix unspecified xmlsec1 key-type preference - CVE-2021-21239\n", "id": "FreeBSD-2021-0023", "modified": "2021-01-26T00:00:00Z", "published": "2021-01-26T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://github.com/IdentityPython/pysaml2/releases" }, { "type": "WEB", "url": "https://github.com/IdentityPython/pysaml2/releases" }, { "type": "WEB", "url": "https://github.com/IdentityPython/pysaml2/security/advisories/GHSA-f4g9-h89h-jgv9" }, { "type": "WEB", "url": "https://github.com/IdentityPython/pysaml2/security/advisories/GHSA-5p3x-r448-pc62" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-21238" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-21239" } ], "schema_version": "1.7.0", "summary": "pysaml2 -- multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "jenkins" }, "ranges": [ { "events": [ { "fixed": "2.276" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "jenkins-lts" }, "ranges": [ { "events": [ { "fixed": "2.263.3" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://www.jenkins.io/security/advisory/2021-01-26/" ], "discovery": "2021-01-26T00:00:00Z", "vid": "425f2143-8876-4b0a-af84-e0238c5c2062" }, "details": "Jenkins Security Advisory:\n\n> # Description\n>\n> ##### (Medium) SECURITY-2197 / CVE-2021-21615\n>\n> Arbitrary file read vulnerability in workspace browsers\n", "id": "FreeBSD-2021-0022", "modified": "2021-01-26T00:00:00Z", "published": "2021-01-26T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://www.jenkins.io/security/advisory/2021-01-26/" }, { "type": "WEB", "url": "https://www.jenkins.io/security/advisory/2021-01-26/" } ], "schema_version": "1.7.0", "summary": "jenkins -- Arbitrary file read vulnerability in workspace browsers" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "mutt" }, "ranges": [ { "events": [ { "fixed": "2.0.5" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://gitlab.com/muttmua/mutt/-/issues/323" ], "discovery": "2021-01-17T00:00:00Z", "references": { "cvename": [ "CVE-2021-3181" ] }, "vid": "387bbade-5d1d-11eb-bf20-4437e6ad11c4" }, "details": "Tavis Ormandy reports:\n\n> rfc822.c in Mutt through 2.0.4 allows remote attackers to cause a\n> denial of service (mailbox unavailability) by sending email messages\n> with sequences of semicolon characters in RFC822 address fields (aka\n> terminators of empty groups). A small email message from the attacker\n> can cause large memory consumption, and the victim may then be unable\n> to see email messages from other persons.\n", "id": "FreeBSD-2021-0021", "modified": "2021-01-23T00:00:00Z", "published": "2021-01-23T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://gitlab.com/muttmua/mutt/-/issues/323" }, { "type": "WEB", "url": "https://gitlab.com/muttmua/mutt/-/issues/323" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-3181" } ], "schema_version": "1.7.0", "summary": "mutt -- denial of service" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "mysql56-client" }, "ranges": [ { "events": [ { "fixed": "5.6.51" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "mysql57-client" }, "ranges": [ { "events": [ { "fixed": "5.7.33" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "mysql80-client" }, "ranges": [ { "events": [ { "fixed": "8.0.23" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "mysql56-server" }, "ranges": [ { "events": [ { "fixed": "5.6.51" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "mysql57-server" }, "ranges": [ { "events": [ { "fixed": "5.7.33" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "mysql80-server" }, "ranges": [ { "events": [ { "fixed": "8.0.23" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://www.oracle.com/security-alerts/cpujan2021.html#AppendixMSQL" ], "discovery": "2021-01-23T00:00:00Z", "vid": "31344707-5d87-11eb-929d-d4c9ef517024" }, "details": "Oracle reports:\n\n> This Critical Patch Update contains 34 new security patches for Oracle\n> MySQL Server and 4 for MySQL Client.\n>\n> The highest CVSS v3.1 Base Score of vulnerabilities affecting Oracle\n> MySQL is 6.8.\n", "id": "FreeBSD-2021-0020", "modified": "2021-01-23T00:00:00Z", "published": "2021-01-23T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://www.oracle.com/security-alerts/cpujan2021.html#AppendixMSQL" }, { "type": "WEB", "url": "https://www.oracle.com/security-alerts/cpujan2021.html#AppendixMSQL" }, { "type": "WEB", "url": "CVE-2021-2046" }, { "type": "WEB", "url": "CVE-2021-2020" }, { "type": "WEB", "url": "CVE-2021-2024" }, { "type": "WEB", "url": "CVE-2021-2011" }, { "type": "WEB", "url": "CVE-2021-2006" }, { "type": "WEB", "url": "CVE-2021-2048" }, { "type": "WEB", "url": "CVE-2021-2028" }, { "type": "WEB", "url": "CVE-2021-2122" }, { "type": "WEB", "url": "CVE-2021-2058" }, { "type": "WEB", "url": "CVE-2021-2001" }, { "type": "WEB", "url": "CVE-2021-2016" }, { "type": "WEB", "url": "CVE-2021-2021" }, { "type": "WEB", "url": "CVE-2021-2030" }, { "type": "WEB", "url": "CVE-2021-2031" }, { "type": "WEB", "url": "CVE-2021-2036" }, { "type": "WEB", "url": "CVE-2021-2055" }, { "type": "WEB", "url": "CVE-2021-2060" }, { "type": "WEB", "url": "CVE-2021-2070" }, { "type": "WEB", "url": "CVE-2021-2076" }, { "type": "WEB", "url": "CVE-2021-2065" }, { "type": "WEB", "url": "CVE-2021-2014" }, { "type": "WEB", "url": "CVE-2021-2002" }, { "type": "WEB", "url": "CVE-2021-2012" }, { "type": "WEB", "url": "CVE-2021-2009" }, { "type": "WEB", "url": "CVE-2021-2072" }, { "type": "WEB", "url": "CVE-2021-2081" }, { "type": "WEB", "url": "CVE-2021-2022" }, { "type": "WEB", "url": "CVE-2021-2038" }, { "type": "WEB", "url": "CVE-2021-2061" }, { "type": "WEB", "url": "CVE-2021-2056" }, { "type": "WEB", "url": "CVE-2021-2087" }, { "type": "WEB", "url": "CVE-2021-2088" }, { "type": "WEB", "url": "CVE-2021-2032" }, { "type": "WEB", "url": "CVE-2021-2010" }, { "type": "WEB", "url": "CVE-2021-1998" }, { "type": "WEB", "url": "CVE-2021-2007" }, { "type": "WEB", "url": "CVE-2021-2019" }, { "type": "WEB", "url": "CVE-2021-2042" } ], "schema_version": "1.7.0", "summary": "MySQL -- Multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "chromium" }, "ranges": [ { "events": [ { "fixed": "88.0.4324.96" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://chromereleases.googleblog.com/2021/01/stable-channel-update-for-desktop_19.html" ], "discovery": "2021-01-19T00:00:00Z", "references": { "cvename": [ "CVE-2020-16044", "CVE-2021-21117", "CVE-2021-21118", "CVE-2021-21119", "CVE-2021-21120", "CVE-2021-21121", "CVE-2021-21122", "CVE-2021-21123", "CVE-2021-21124", "CVE-2021-21125", "CVE-2021-21126", "CVE-2021-21127", "CVE-2021-21128", "CVE-2021-21129", "CVE-2021-21130", "CVE-2021-21131", "CVE-2021-21132", "CVE-2021-21133", "CVE-2021-21134", "CVE-2021-21135", "CVE-2021-21136", "CVE-2021-21137", "CVE-2021-21138", "CVE-2021-21139", "CVE-2021-21140", "CVE-2021-21141" ] }, "vid": "4ed0e43c-5cef-11eb-bafd-3065ec8fd3ec" }, "details": "Chrome Releases reports:\n\n> This release contains 36 security fixes, including:\n>\n> - \\[1137179\\] Critical CVE-2021-21117: Insufficient policy enforcement\n> in Cryptohome. Reported by Rory McNamara on 2020-10-10\n> - \\[1161357\\] High CVE-2021-21118: Insufficient data validation in V8.\n> Reported by Tyler Nighswander (@tylerni7) of Theori on 2020-12-23\n> - \\[1160534\\] High CVE-2021-21119: Use after free in Media. Reported\n> by Anonymous on 2020-12-20\n> - \\[1160602\\] High CVE-2021-21120: Use after free in WebSQL. Reported\n> by Nan Wang(@eternalsakura13) and Guang Gong of 360 Alpha Lab on\n> 2020-12-21\n> - \\[1161143\\] High CVE-2021-21121: Use after free in Omnibox. Reported\n> by Leecraso and Guang Gong of 360 Alpha Lab on 2020-12-22\n> - \\[1162131\\] High CVE-2021-21122: Use after free in Blink. Reported\n> by Renata Hodovan on 2020-12-28\n> - \\[1137247\\] High CVE-2021-21123: Insufficient data validation in\n> File System API. Reported by Maciej Pulikowski on 2020-10-11\n> - \\[1131346\\] High CVE-2021-21124: Potential user after free in Speech\n> Recognizer. Reported by Chaoyang Ding(@V4kst1z) from Codesafe Team\n> of Legendsec at Qi\\'anxin Group on 2020-09-23\n> - \\[1152327\\] High CVE-2021-21125: Insufficient policy enforcement in\n> File System API. Reported by Ron Masas (Imperva) on 2020-11-24\n> - \\[1163228\\] High CVE-2020-16044: Use after free in WebRTC. Reported\n> by Ned Williamson of Project Zero on 2021-01-05\n> - \\[1108126\\] Medium CVE-2021-21126: Insufficient policy enforcement\n> in extensions. Reported by David Erceg on 2020-07-22\n> - \\[1115590\\] Medium CVE-2021-21127: Insufficient policy enforcement\n> in extensions. Reported by Jasminder Pal Singh, Web Services Point\n> WSP, Kotkapura on 2020-08-12\n> - \\[1138877\\] Medium CVE-2021-21128: Heap buffer overflow in Blink.\n> Reported by Liang Dong on 2020-10-15\n> - \\[1140403\\] Medium CVE-2021-21129: Insufficient policy enforcement\n> in File System API. Reported by Maciej Pulikowski on 2020-10-20\n> - \\[1140410\\] Medium CVE-2021-21130: Insufficient policy enforcement\n> in File System API. Reported by Maciej Pulikowski on 2020-10-20\n> - \\[1140417\\] Medium CVE-2021-21131: Insufficient policy enforcement\n> in File System API. Reported by Maciej Pulikowski on 2020-10-20\n> - \\[1128206\\] Medium CVE-2021-21132: Inappropriate implementation in\n> DevTools. Reported by David Erceg on 2020-09-15\n> - \\[1157743\\] Medium CVE-2021-21133: Insufficient policy enforcement\n> in Downloads. Reported by wester0x01\n> (https://twitter.com/wester0x01) on 2020-12-11\n> - \\[1157800\\] Medium CVE-2021-21134: Incorrect security UI in Page\n> Info. Reported by wester0x01 (https://twitter.com/wester0x01) on\n> 2020-12-11\n> - \\[1157818\\] Medium CVE-2021-21135: Inappropriate implementation in\n> Performance API. Reported by ndevtk on 2020-12-11\n> - \\[1038002\\] Low CVE-2021-21136: Insufficient policy enforcement in\n> WebView. Reported by Shiv Sahni, Movnavinothan V and Imdad Mohammed\n> on 2019-12-27\n> - \\[1093791\\] Low CVE-2021-21137: Inappropriate implementation in\n> DevTools. Reported by bobblybear on 2020-06-11\n> - \\[1122487\\] Low CVE-2021-21138: Use after free in DevTools. Reported\n> by Weipeng Jiang (@Krace) from Codesafe Team of Legendsec at\n> Qi\\'anxin Group on 2020-08-27\n> - \\[1136327\\] Low CVE-2021-21140: Uninitialized Use in USB. Reported\n> by David Manouchehri on 2020-10-08\n> - \\[1140435\\] Low CVE-2021-21141: Insufficient policy enforcement in\n> File System API. Reported by Maciej Pulikowski on 2020-10-20\n", "id": "FreeBSD-2021-0019", "modified": "2021-01-22T00:00:00Z", "published": "2021-01-22T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://chromereleases.googleblog.com/2021/01/stable-channel-update-for-desktop_19.html" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-16044" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-21117" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-21118" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-21119" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-21120" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-21121" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-21122" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-21123" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-21124" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-21125" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-21126" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-21127" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-21128" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-21129" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-21130" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-21131" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-21132" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-21133" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-21134" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-21135" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-21136" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-21137" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-21138" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-21139" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-21140" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-21141" }, { "type": "WEB", "url": "https://chromereleases.googleblog.com/2021/01/stable-channel-update-for-desktop_19.html" } ], "schema_version": "1.7.0", "summary": "chromium -- multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "chocolate-doom" }, "ranges": [ { "events": [ { "fixed": "3.0.1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "crispy-doom" }, "ranges": [ { "events": [ { "fixed": "5.9.0" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://github.com/chocolate-doom/chocolate-doom/issues/1293" ], "discovery": "2020-06-22T00:00:00Z", "references": { "cvename": [ "CVE-2020-14983" ] }, "vid": "35aef72c-5c8e-11eb-8309-4ccc6adda413" }, "details": "Michal Dardas from LogicalTrust reports:\n\n> The server in Chocolate Doom 3.0.0 and Crispy Doom 5.8.0 doesn\\'t\n> validate the user-controlled num_players value, leading to a buffer\n> overflow. A malicious user can overwrite the server\\'s stack.\n", "id": "FreeBSD-2021-0018", "modified": "2021-01-22T00:00:00Z", "published": "2021-01-22T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://github.com/chocolate-doom/chocolate-doom/issues/1293" }, { "type": "WEB", "url": "https://github.com/chocolate-doom/chocolate-doom/issues/1293" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-14983" } ], "schema_version": "1.7.0", "summary": "chocolate-doom -- Arbitrary code execution" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "rubygem-nokogiri" }, "ranges": [ { "events": [ { "fixed": "1.11.0.rc3" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "rubygem-nokogiri18" }, "ranges": [ { "events": [ { "fixed": "1.11.0.rc3" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://nokogiri.org/CHANGELOG.html" ], "discovery": "2021-01-22T00:00:00Z", "references": { "cvename": [ "CVE-2020-26247" ] }, "vid": "13c54e6d-5c45-11eb-b4e2-001b217b3468" }, "details": "Nokogiri reports:\n\n> In Nokogiri versions \\<= 1.11.0.rc3, XML Schemas parsed by\n> Nokogiri::XML::Schema were trusted by default, allowing external\n> resources to be accessed over the network, potentially enabling XXE or\n> SSRF attacks.\n", "id": "FreeBSD-2021-0017", "modified": "2021-01-22T00:00:00Z", "published": "2021-01-22T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://nokogiri.org/CHANGELOG.html" }, { "type": "WEB", "url": "https://nokogiri.org/CHANGELOG.html" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-26247" } ], "schema_version": "1.7.0", "summary": "nokogiri -- Security vulnerability" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "dnsmasq" }, "ranges": [ { "events": [ { "fixed": "2.83" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "dnsmasq-devel" }, "ranges": [ { "events": [ { "fixed": "2.83" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "http://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/2021q1/014599.html" ], "discovery": "2020-09-16T00:00:00Z", "references": { "cvename": [ "CVE-2020-25684", "CVE-2020-25685", "CVE-2020-25686", "CVE-2020-25681", "CVE-2020-25682", "CVE-2020-25683", "CVE-2020-25687" ] }, "vid": "5b5cf6e5-5b51-11eb-95ac-7f9491278677" }, "details": "Simon Kelley reports:\n\n> There are broadly two sets of problems. The first is subtle errors in\n> dnsmasq\\'s protections against the chronic weakness of the DNS\n> protocol to cache-poisoning attacks; the Birthday attack, Kaminsky,\n> etc.\\[\\...\\]\n>\n> the second set of errors is a good old fashioned buffer overflow in\n> dnsmasq\\'s DNSSEC code. If DNSSEC validation is enabled, an\n> installation is at risk.\n", "id": "FreeBSD-2021-0016", "modified": "2021-01-20T00:00:00Z", "published": "2021-01-20T00:00:00Z", "references": [ { "type": "REPORT", "url": "http://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/2021q1/014599.html" }, { "type": "WEB", "url": "https://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/2021q1/014599.html" }, { "type": "WEB", "url": "https://www.jsof-tech.com/disclosures/dnspooq/" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-25684" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-25685" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-25686" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-25681" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-25682" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-25683" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-25687" } ], "schema_version": "1.7.0", "summary": "dnsmasq -- DNS cache poisoning, and DNSSEC buffer overflow, vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "go" }, "ranges": [ { "events": [ { "fixed": "1.15.7,1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://github.com/golang/go/issues/43783", "https://github.com/golang/go/issues/43786" ], "discovery": "2021-01-13T00:00:00Z", "references": { "cvename": [ "CVE-2021-3115", "CVE-2021-3114" ] }, "vid": "6a4805d5-5aaf-11eb-a21d-79f5bc5ef6a9" }, "details": "The Go project reports:\n\n> The go command may execute arbitrary code at build time when cgo is in\n> use on Windows. This may occur when running \\\"go get\\\", or any other\n> command that builds code. Only users who build untrusted code (and\n> don\\'t execute it) are affected. In addition to Windows users, this\n> can also affect Unix users who have \\\".\\\" listed explicitly in their\n> PATH and are running \\\"go get\\\" or build commands outside of a module\n> or with module mode disabled.\n\n> The P224() Curve implementation can in rare circumstances generate\n> incorrect outputs, including returning invalid points from ScalarMult.\n> The crypto/x509 and golang.org/x/crypto/ocsp (but not crypto/tls)\n> packages support P-224 ECDSA keys, but they are not supported by\n> publicly trusted certificate authorities. No other standard library or\n> golang.org/x/crypto package supports or uses the P-224 curve.\n", "id": "FreeBSD-2021-0015", "modified": "2021-01-19T00:00:00Z", "published": "2021-01-19T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://github.com/golang/go/issues/43783" }, { "type": "REPORT", "url": "https://github.com/golang/go/issues/43786" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-3115" }, { "type": "WEB", "url": "http://golang.org/issue/43783" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-3114" }, { "type": "WEB", "url": "http://golang.org/issue/43786" } ], "schema_version": "1.7.0", "summary": "go -- cmd/go: packages using cgo can cause arbitrary code execution at build time; crypto/elliptic: incorrect operations on the P-224 curve" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "cloud-init" }, "ranges": [ { "events": [ { "introduced": "20.4" }, { "fixed": "20.4.1" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://bugs.launchpad.net/cloud-init/+bug/1911680" ], "discovery": "2021-01-14T00:00:00Z", "vid": "8899298f-5a92-11eb-8558-3085a9a47796" }, "details": "cloud-init reports:\n\n> cloud-init release 20.4.1 is now available. This is a hotfix release,\n> that contains a single patch to address a security issue in cloud-init\n> 20.4.\n>\n> Briefly, for users who provide more than one unique SSH key to\n> cloud-init and have a shared AuthorizedKeysFile configured in\n> sshd_config, cloud-init 20.4 started writing all of these keys to such\n> a file, granting all such keys SSH access as root.\n>\n> It\\'s worth restating this implication: if you are using the default\n> AuthorizedKeysFile setting in /etc/ssh/sshd_config, as most will be,\n> then you are \\_not\\_ affected by this issue.\n", "id": "FreeBSD-2021-0014", "modified": "2021-01-19T00:00:00Z", "published": "2021-01-19T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://bugs.launchpad.net/cloud-init/+bug/1911680" }, { "type": "WEB", "url": "https://bugs.launchpad.net/cloud-init/+bug/1911680" } ], "schema_version": "1.7.0", "summary": "cloud-init -- Wrong access permissions of authorized keys" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "moinmoin" }, "ranges": [ { "events": [ { "fixed": "1.9.11" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://github.com/moinwiki/moin-1.9/blob/1.9.11/docs/CHANGES#L13" ], "discovery": "2020-11-08T00:00:00Z", "references": { "cvename": [ "CVE-2020-25074", "CVE-2020-15275" ] }, "vid": "abed4ff0-7da1-4236-880d-de33e4895315" }, "details": "MoinMoin reports:\n\n> - Security fix for CVE-2020-25074: fix remote code execution via cache\n> action\n>\n> - Security fix for CVE-2020-15275: fix malicious SVG attachment\n> causing stored XSS vulnerability\n", "id": "FreeBSD-2021-0013", "modified": "2021-01-18T00:00:00Z", "published": "2021-01-18T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://github.com/moinwiki/moin-1.9/blob/1.9.11/docs/CHANGES#L13" }, { "type": "WEB", "url": "https://github.com/moinwiki/moin-1.9/blob/1.9.11/docs/CHANGES#L13" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-25074" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-15275" } ], "schema_version": "1.7.0", "summary": "moinmoin -- multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "ghostscript9-agpl-base" }, "ranges": [ { "events": [ { "introduced": "9.50" }, { "fixed": "9.52_8" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://nvd.nist.gov/vuln/detail/CVE-2020-15900" ], "discovery": "2020-07-28T00:00:00Z", "vid": "62642942-590f-11eb-a0dc-8c164582fbac" }, "details": "NVD reports:\n\n> A memory corruption issue was found in Artifex Ghostscript 9.50 and\n> 9.52. Use of a non-standard PostScript operator can allow overriding\n> of file access controls. The \\'rsearch\\' calculation for the \\'post\\'\n> size resulted in a size that was too large, and could underflow to max\n> uint32_t. This was fixed in commit\n> 5d499272b95a6b890a1397e11d20937de000d31b.\n", "id": "FreeBSD-2021-0012", "modified": "2021-01-17T00:00:00Z", "published": "2021-01-17T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-15900" }, { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-15900" } ], "schema_version": "1.7.0", "summary": "Ghostscript -- SAFER Sandbox Breakout" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "node10" }, "ranges": [ { "events": [ { "fixed": "10.23.1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "node12" }, "ranges": [ { "events": [ { "fixed": "12.20.1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "node14" }, "ranges": [ { "events": [ { "fixed": "14.15.4" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "node" }, "ranges": [ { "events": [ { "fixed": "15.5.1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://nodejs.org/en/blog/vulnerability/january-2021-security-releases/" ], "discovery": "2021-01-04T00:00:00Z", "references": { "cvename": [ "CVE-2020-8265", "CVE-2020-8287", "CVE-2020-1971" ] }, "vid": "08b553ed-537a-11eb-be6e-0022489ad614" }, "details": "Node.js reports:\n\n> # use-after-free in TLSWrap (High) (CVE-2020-8265)\n>\n> Affected Node.js versions are vulnerable to a use-after-free bug in\n> its TLS implementation. When writing to a TLS enabled socket,\n> node::StreamBase::Write calls node::TLSWrap::DoWrite with a freshly\n> allocated WriteWrap object as first argument. If the DoWrite method\n> does not return an error, this object is passed back to the caller as\n> part of a StreamWriteResult structure. This may be exploited to\n> corrupt memory leading to a Denial of Service or potentially other\n> exploits.\n>\n> # HTTP Request Smuggling in nodejs (Low) (CVE-2020-8287)\n>\n> Affected versions of Node.js allow two copies of a header field in a\n> http request. For example, two Transfer-Encoding header fields. In\n> this case Node.js identifies the first header field and ignores the\n> second. This can lead to HTTP Request Smuggling.\n>\n> # OpenSSL - EDIPARTYNAME NULL pointer de-reference (CVE-2020-1971)\n>\n> iThis is a vulnerability in OpenSSL which may be exploited through\n> Node.js. You can read more about it in\n> https://www.openssl.org/news/secadv/20201208.txt.\n", "id": "FreeBSD-2021-0011", "modified": "2021-01-14T00:00:00Z", "published": "2021-01-14T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://nodejs.org/en/blog/vulnerability/january-2021-security-releases/" }, { "type": "WEB", "url": "https://nodejs.org/en/blog/vulnerability/january-2021-security-releases/" }, { "type": "WEB", "url": "https://www.openssl.org/news/secadv/20201208.txt" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-8265" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-8287" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-1971" } ], "schema_version": "1.7.0", "summary": "Node.js -- January 2021 Security Releases" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "gitlab-ce" }, "ranges": [ { "events": [ { "introduced": "13.7.0" }, { "fixed": "13.7.4" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "13.6.0" }, { "fixed": "13.6.5" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "12.2" }, { "fixed": "13.5.7" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://about.gitlab.com/releases/2021/01/14/critical-security-release-gitlab-13-7-4-released/" ], "discovery": "2021-01-14T00:00:00Z", "vid": "0a8ebf4a-5660-11eb-b4e2-001b217b3468" }, "details": "The GitLab Team reports:\n\n> Ability to steal a user\\'s API access token through GitLab Pages\n", "id": "FreeBSD-2021-0010", "modified": "2021-01-14T00:00:00Z", "published": "2021-01-14T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://about.gitlab.com/releases/2021/01/14/critical-security-release-gitlab-13-7-4-released/" }, { "type": "WEB", "url": "https://about.gitlab.com/releases/2021/01/14/critical-security-release-gitlab-13-7-4-released/" } ], "schema_version": "1.7.0", "summary": "Gitlab -- vulnerability" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "wavpack" }, "ranges": [ { "events": [ { "fixed": "5.4.0" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://github.com/dbry/WavPack/blob/733616993d53cc1f9a7ffb88a858447ba51eb0ee/ChangeLog" ], "discovery": "2020-12-29T00:00:00Z", "references": { "cvename": [ "CVE-2020-35738" ] }, "vid": "6d554d6e-5638-11eb-9d36-5404a68ad561" }, "details": "The wavpack project reports:\n\n> src/pack_utils.c - issue #91: fix integer overflows resulting in\n> buffer overruns (CVE-2020-35738) - sanitize configuration parameters\n> better (improves clarity and aids debugging)\n", "id": "FreeBSD-2021-0009", "modified": "2021-01-14T00:00:00Z", "published": "2021-01-14T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://github.com/dbry/WavPack/blob/733616993d53cc1f9a7ffb88a858447ba51eb0ee/ChangeLog" }, { "type": "WEB", "url": "https://github.com/dbry/WavPack/blob/733616993d53cc1f9a7ffb88a858447ba51eb0ee/ChangeLog" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-35738" } ], "schema_version": "1.7.0", "summary": "wavpack -- integer overflow in pack_utils.c" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "jenkins" }, "ranges": [ { "events": [ { "fixed": "2.275" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "jenkins-lts" }, "ranges": [ { "events": [ { "fixed": "2.263.2" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://www.jenkins.io/security/advisory/2021-01-13/" ], "discovery": "2021-01-13T00:00:00Z", "vid": "d6f76976-e86d-4f9a-9362-76c849b10db2" }, "details": "Jenkins Security Advisory:\n\n> # Description\n>\n> ##### (Medium) SECURITY-1452 / CVE-2021-21602\n>\n> Arbitrary file read vulnerability in workspace browsers\n>\n> ##### (High) SECURITY-1889 / CVE-2021-21603\n>\n> XSS vulnerability in notification bar\n>\n> ##### (High) SECURITY-1923 / CVE-2021-21604\n>\n> Improper handling of REST API XML deserialization errors\n>\n> ##### (High) SECURITY-2021 / CVE-2021-21605\n>\n> Path traversal vulnerability in agent names\n>\n> ##### (Medium) SECURITY-2023 / CVE-2021-21606\n>\n> Arbitrary file existence check in file fingerprints\n>\n> ##### (Medium) SECURITY-2025 / CVE-2021-21607\n>\n> Excessive memory allocation in graph URLs leads to denial of service\n>\n> ##### (High) SECURITY-2035 / CVE-2021-21608\n>\n> Stored XSS vulnerability in button labels\n>\n> ##### (Low) SECURITY-2047 / CVE-2021-21609\n>\n> Missing permission check for paths with specific prefix\n>\n> ##### (High) SECURITY-2153 / CVE-2021-21610\n>\n> Reflected XSS vulnerability in markup formatter preview\n>\n> ##### (High) SECURITY-2171 / CVE-2021-21611\n>\n> Stored XSS vulnerability on new item page\n", "id": "FreeBSD-2021-0008", "modified": "2021-01-13T00:00:00Z", "published": "2021-01-13T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://www.jenkins.io/security/advisory/2021-01-13/" }, { "type": "WEB", "url": "https://www.jenkins.io/security/advisory/2021-01-13/" } ], "schema_version": "1.7.0", "summary": "jenkins -- multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "phpmyfaq" }, "ranges": [ { "events": [ { "last_affected": "3.0.6" }, { "fixed": "3.0.6" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://www.phpmyfaq.de/security/advisory-2020-12-23" ], "discovery": "2020-12-23T00:00:00Z", "vid": "1f655433-551b-11eb-9cda-589cfc0f81b0" }, "details": "phpmyfaq developers report:\n\n> phpMyFAQ does not implement sufficient checks to avoid XSS injection\n> for displaying tags.\n", "id": "FreeBSD-2021-0007", "modified": "2021-01-12T00:00:00Z", "published": "2021-01-12T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://www.phpmyfaq.de/security/advisory-2020-12-23" }, { "type": "WEB", "url": "https://www.phpmyfaq.de/security/advisory-2020-12-23" } ], "schema_version": "1.7.0", "summary": "phpmyfaq -- XSS vulnerability" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "sudo" }, "ranges": [ { "events": [ { "fixed": "1.9.5" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://www.sudo.ws/stable.html#1.9.5" ], "discovery": "2021-01-11T00:00:00Z", "references": { "cvename": [ "CVE-2021-23239" ] }, "vid": "6193b3f6-548c-11eb-ba01-206a8a720317" }, "details": "Todd C. Miller reports:\n\n> A potential information leak in sudoedit that could be used to test\n> for the existence of directories not normally accessible to the user\n> in certain circumstances. When creating a new file, sudoedit checks to\n> make sure the parent directory of the new file exists before running\n> the editor. However, a race condition exists if the invoking user can\n> replace (or create) the parent directory. If a symbolic link is\n> created in place of the parent directory, sudoedit will run the editor\n> as long as the target of the link exists.If the target of the link\n> does not exist, an error message will be displayed. The race condition\n> can be used to test for the existence of an arbitrary directory.\n> However, it \\_cannot\\_ be used to write to an arbitrary location.\n", "id": "FreeBSD-2021-0006", "modified": "2021-01-11T00:00:00Z", "published": "2021-01-11T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://www.sudo.ws/stable.html#1.9.5" }, { "type": "WEB", "url": "https://www.sudo.ws/stable.html#1.9.5" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-23239" } ], "schema_version": "1.7.0", "summary": "sudo -- Potential information leak in sudoedit" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "py36-cairosvg" }, "ranges": [ { "events": [ { "introduced": "2.0.0" }, { "fixed": "2.5.1" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "py37-cairosvg" }, "ranges": [ { "events": [ { "introduced": "2.0.0" }, { "fixed": "2.5.1" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "py38-cairosvg" }, "ranges": [ { "events": [ { "introduced": "2.0.0" }, { "fixed": "2.5.1" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "py39-cairosvg" }, "ranges": [ { "events": [ { "introduced": "2.0.0" }, { "fixed": "2.5.1" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://github.com/Kozea/CairoSVG/security/advisories/GHSA-hq37-853p-g5cf" ], "discovery": "2020-12-30T00:00:00Z", "vid": "a3cef1e6-51d8-11eb-9b8d-08002728f74c" }, "details": "CairoSVG security advisories:\n\n> When processing SVG files, the python package CairoSVG uses two\n> regular expressions which are vulnerable to Regular Expression Denial\n> of Service (REDoS).\n>\n> If an attacker provides a malicious SVG, it can make cairosvg get\n> stuck processing the file for a very long time.\n", "id": "FreeBSD-2021-0005", "modified": "2021-01-10T00:00:00Z", "published": "2021-01-10T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://github.com/Kozea/CairoSVG/security/advisories/GHSA-hq37-853p-g5cf" }, { "type": "WEB", "url": "https://github.com/Kozea/CairoSVG/security/advisories/GHSA-hq37-853p-g5cf" } ], "schema_version": "1.7.0", "summary": "CairoSVG -- Regular Expression Denial of Service vulnerability" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "gitlab-ce" }, "ranges": [ { "events": [ { "introduced": "13.7.0" }, { "fixed": "13.7.2" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "13.6.0" }, { "fixed": "13.6.4" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "12.2" }, { "fixed": "13.5.6" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://about.gitlab.com/releases/2021/01/07/security-release-gitlab-13-7-2-released/" ], "discovery": "2021-01-07T00:00:00Z", "references": { "cvename": [ "CVE-2021-22166", "CVE-2020-26414", "CVE-2019-3881" ] }, "vid": "a2a2b34d-52b4-11eb-87cb-001b217b3468" }, "details": "Gitlab reports:\n\n> Ability to steal a user\\'s API access token through GitLab Pages\n>\n> Prometheus denial of service via HTTP request with custom method\n>\n> Unauthorized user is able to access private repository information\n> under specific conditions\n>\n> Regular expression denial of service in NuGet API\n>\n> Regular expression denial of service in package uploads\n>\n> Update curl dependency\n>\n> CVE-2019-3881 mitigation\n", "id": "FreeBSD-2021-0004", "modified": "2021-01-09T00:00:00Z", "published": "2021-01-09T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://about.gitlab.com/releases/2021/01/07/security-release-gitlab-13-7-2-released/" }, { "type": "WEB", "url": "https://about.gitlab.com/releases/2021/01/07/security-release-gitlab-13-7-2-released/" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-22166" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-26414" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-3881" } ], "schema_version": "1.7.0", "summary": "Gitlab -- multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "chromium" }, "ranges": [ { "events": [ { "fixed": "87.0.4280.141" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://chromereleases.googleblog.com/2021/01/stable-channel-update-for-desktop.html" ], "discovery": "2021-01-06T00:00:00Z", "references": { "cvename": [ "CVE-2020-15995", "CVE-2020-16043", "CVE-2021-21106", "CVE-2021-21107", "CVE-2021-21108", "CVE-2021-21109", "CVE-2021-21110", "CVE-2021-21111", "CVE-2021-21112", "CVE-2021-21113", "CVE-2021-21114", "CVE-2021-21115", "CVE-2021-21116" ] }, "vid": "d153c4d2-50f8-11eb-8046-3065ec8fd3ec" }, "details": "Chrome Releases reports:\n\n> This release includes 16 security fixes, including:\n>\n> - \\[1148749\\] High CVE-2021-21106: Use after free in autofill.\n> Reported by Weipeng Jiang (@Krace) from Codesafe Team of Legendsec\n> at Qi\\'anxin Group on 2020-11-13\n> - \\[1153595\\] High CVE-2021-21107: Use after free in drag and drop.\n> Reported by Leecraso and Guang Gong of 360 Alpha Lab on 2020-11-30\n> - \\[1155426\\] High CVE-2021-21108: Use after free in media. Reported\n> by Leecraso and Guang Gong of 360 Alpha Lab on 2020-12-04\n> - \\[1152334\\] High CVE-2021-21109: Use after free in payments.\n> Reported by Rong Jian and Guang Gong of 360 Alpha Lab on 2020-11-24\n> - \\[1152451\\] High CVE-2021-21110: Use after free in safe browsing.\n> Reported by Anonymous on 2020-11-24\n> - \\[1149125\\] High CVE-2021-21111: Insufficient policy enforcement in\n> WebUI. Reported by Alesandro Ortiz on 2020-11-15\n> - \\[1151298\\] High CVE-2021-21112: Use after free in Blink. Reported\n> by YoungJoo Lee(@ashuu_lee) of Raon Whitehat on 2020-11-20\n> - \\[1155178\\] High CVE-2021-21113: Heap buffer overflow in Skia.\n> Reported by tsubmunu on 2020-12-03\n> - \\[1148309\\] High CVE-2020-16043: Insufficient data validation in\n> networking. Reported by Samy Kamkar, Ben Seri at Armis, Gregory\n> Vishnepolsky at Armis on 2020-11-12\n> - \\[1150065\\] High CVE-2021-21114: Use after free in audio. Reported\n> by Man Yue Mo of GitHub Security Lab on 2020-11-17\n> - \\[1157790\\] High CVE-2020-15995: Out of bounds write in V8. Reported\n> by Bohan Liu (@P4nda20371774) of Tencent Security Xuanwu Lab on\n> 2020-12-11\n> - \\[1157814\\] High CVE-2021-21115: Use after free in safe browsing.\n> Reported by Leecraso and Guang Gong of 360 Alpha Lab on 2020-12-11\n> - \\[1151069\\] Medium CVE-2021-21116: Heap buffer overflow in audio.\n> Reported by Alison Huffman, Microsoft Browser Vulnerability Research\n> on 2020-11-19\n", "id": "FreeBSD-2021-0003", "modified": "2021-01-07T00:00:00Z", "published": "2021-01-07T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://chromereleases.googleblog.com/2021/01/stable-channel-update-for-desktop.html" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-15995" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-16043" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-21106" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-21107" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-21108" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-21109" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-21110" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-21111" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-21112" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-21113" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-21114" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-21115" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2021-21116" }, { "type": "WEB", "url": "https://chromereleases.googleblog.com/2021/01/stable-channel-update-for-desktop.html" } ], "schema_version": "1.7.0", "summary": "chromium -- multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "dovecot" }, "ranges": [ { "events": [ { "fixed": "2.3.13" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://dovecot.org/pipermail/dovecot-news/2021-January/000450.html", "https://dovecot.org/pipermail/dovecot-news/2021-January/000451.html" ], "discovery": "2020-08-17T00:00:00Z", "references": { "cvename": [ "CVE-2020-24386", "CVE-2020-25275" ] }, "vid": "bd98066d-4ea4-11eb-b412-e86a64caca56" }, "details": "Aki Tuomi reports:\n\n> When imap hibernation is active, an attacker can cause Dovecot to\n> discover file system directory structure and access other users\\'\n> emails using specially crafted command. The attacker must have valid\n> credentials to access the mail server.\n\n> Mail delivery / parsing crashed when the 10 000th MIME part was\n> message/rfc822 (or if parent was multipart/digest). This happened due\n> to earlier MIME parsing changes for CVE-2020-12100.\n", "id": "FreeBSD-2021-0002", "modified": "2021-01-04T00:00:00Z", "published": "2021-01-04T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://dovecot.org/pipermail/dovecot-news/2021-January/000450.html" }, { "type": "REPORT", "url": "https://dovecot.org/pipermail/dovecot-news/2021-January/000451.html" }, { "type": "WEB", "url": "https://dovecot.org/pipermail/dovecot-news/2021-January/000448.html" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-24386" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-25275" } ], "schema_version": "1.7.0", "summary": "mail/dovecot -- multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "inspircd" }, "ranges": [ { "events": [ { "fixed": "3.8.1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://docs.inspircd.org/security/2020-02/" ], "discovery": "2020-02-01T00:00:00Z", "vid": "53e9efa1-4be7-11eb-8558-3085a9a47796" }, "details": "The InspIRCd development team reports:\n\n> The websocket module before v3.8.1 contains a double free\n> vulnerability. When combined with a HTTP reverse proxy this\n> vulnerability can be used by any user who is \\[GKZ\\]-lined to remotely\n> crash an InspIRCd server.\n", "id": "FreeBSD-2021-0001", "modified": "2021-01-01T00:00:00Z", "published": "2021-01-01T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://docs.inspircd.org/security/2020-02/" }, { "type": "WEB", "url": "https://docs.inspircd.org/security/2020-02/" } ], "schema_version": "1.7.0", "summary": "InspIRCd websocket module double free vulnerability" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "gitea" }, "ranges": [ { "events": [ { "fixed": "1.13.1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://blog.gitea.io/2020/12/gitea-1.13.1-is-released/" ], "discovery": "2020-12-15T00:00:00Z", "references": { "freebsdpr": [ "ports/252310" ] }, "vid": "2739b88b-4b88-11eb-a4c0-08002734b9ed" }, "details": "The Gitea Team reports for release 1.13.1:\n\n> - Hide private participation in Orgs\n> - Fix escaping issue in diff\n", "id": "FreeBSD-2020-0336", "modified": "2020-12-31T00:00:00Z", "published": "2020-12-31T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://blog.gitea.io/2020/12/gitea-1.13.1-is-released/" }, { "type": "WEB", "url": "https://github.com/go-gitea/gitea/releases/tag/v1.13.1" }, { "type": "REPORT", "url": "https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=252310" } ], "schema_version": "1.7.0", "summary": "gitea -- multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "devcpu-data" }, "ranges": [ { "events": [ { "fixed": "1.31" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00320.html" ], "discovery": "2020-06-09T00:00:00Z", "references": { "cvename": [ "CVE-2020-0543" ] }, "vid": "fbcba194-ac7d-11ea-8b5e-b42e99a1b9c3" }, "details": "Intel reports:\n\n> Intel CPUs suffer Special Register Buffer Data Sampling vulnerability\n", "id": "FreeBSD-2020-0335", "modified": "2020-12-28T00:00:00Z", "published": "2020-12-28T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00320.html" }, { "type": "WEB", "url": "https://software.intel.com/security-software-guidance/insights/processors-affected-special-register-buffer-data-sampling" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-0543" } ], "schema_version": "1.7.0", "summary": "Intel CPU issues" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "asterisk13" }, "ranges": [ { "events": [ { "fixed": "13.38.1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "asterisk16" }, "ranges": [ { "events": [ { "fixed": "16.15.1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "asterisk18" }, "ranges": [ { "events": [ { "fixed": "18.1.1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://www.asterisk.org/downloads/security-advisories" ], "discovery": "2020-12-02T00:00:00Z", "vid": "6adf6ce0-44a6-11eb-95b7-001999f8d30b" }, "details": "The Asterisk project reports:\n\n> AST-2020-003: A crash can occur in Asterisk when a SIP message is\n> received that has a History-Info header, which contains a tel-uri.\n>\n> AST-2020-004: A crash can occur in Asterisk when a SIP 181 response is\n> received that has a Diversion header, which contains a tel-uri.\n", "id": "FreeBSD-2020-0334", "modified": "2020-12-22T00:00:00Z", "published": "2020-12-22T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://www.asterisk.org/downloads/security-advisories" }, { "type": "WEB", "url": "https://downloads.asterisk.org/pub/security/AST-2020-003.html" }, { "type": "WEB", "url": "https://downloads.asterisk.org/pub/security/AST-2020-004.html" } ], "schema_version": "1.7.0", "summary": "asterisk -- Remote crash in res_pjsip_diversion" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "postsrsd" }, "ranges": [ { "events": [ { "fixed": "1.10" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://github.com/roehling/postsrsd/commit/4733fb11f6bec6524bb8518c5e1a699288c26bac" ], "discovery": "2020-12-12T00:00:00Z", "references": { "cvename": [ "CVE-2020-35573" ] }, "vid": "eb2845c4-43ce-11eb-aba5-00a09858faf5" }, "details": "postsrsd developer reports:\n\n> PostSRSd could be tricked into consuming a lot of CPU time with an SRS\n> address that has an excessively long time stamp tag.\n", "id": "FreeBSD-2020-0333", "modified": "2020-12-21T00:00:00Z", "published": "2020-12-21T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://github.com/roehling/postsrsd/commit/4733fb11f6bec6524bb8518c5e1a699288c26bac" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-35573" }, { "type": "WEB", "url": "https://github.com/roehling/postsrsd/commit/4733fb11f6bec6524bb8518c5e1a699288c26bac" }, { "type": "WEB", "url": "https://github.com/roehling/postsrsd/releases/tag/1.10" } ], "schema_version": "1.7.0", "summary": "postsrsd -- Denial of service vulnerability" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "powerdns" }, "ranges": [ { "events": [ { "fixed": "4.4.0" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://doc.powerdns.com/authoritative/security-advisories/powerdns-advisory-2020-06.html" ], "discovery": "2020-08-27T00:00:00Z", "references": { "cvename": [ "CVE-2020-24696", "CVE-2020-24697", "CVE-2020-24698" ] }, "vid": "61d89849-43cb-11eb-aba5-00a09858faf5" }, "details": "PowerDNS developers report:\n\n> A remote, unauthenticated attacker can trigger a race condition\n> leading to a crash, or possibly arbitrary code execution, by sending\n> crafted queries with a GSS-TSIG signature.\n>\n> A remote, unauthenticated attacker can cause a denial of service by\n> sending crafted queries with a GSS-TSIG signature.\n>\n> A remote, unauthenticated attacker might be able to cause a\n> double-free, leading to a crash or possibly arbitrary code execution\n> by sending crafted queries with a GSS-TSIG signature.\n", "id": "FreeBSD-2020-0332", "modified": "2020-12-21T00:00:00Z", "published": "2020-12-21T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://doc.powerdns.com/authoritative/security-advisories/powerdns-advisory-2020-06.html" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-24696" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-24697" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-24698" }, { "type": "WEB", "url": "https://doc.powerdns.com/authoritative/security-advisories/powerdns-advisory-2020-06.html" } ], "schema_version": "1.7.0", "summary": "powerdns -- Various issues in GSS-TSIG support" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "vault" }, "ranges": [ { "events": [ { "fixed": "1.6.1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://discuss.hashicorp.com/t/hcsec-2020-25-vault-s-ldap-auth-method-allows-user-enumeration/18984" ], "discovery": "2020-12-16T00:00:00Z", "references": { "cvename": [ "CVE-2020-35177" ] }, "vid": "cc1fd3da-b8fd-4f4d-a092-c38541c0f993" }, "details": "Vault developers report:\n\n> Vault allowed enumeration of users via the LDAP auth method. This\n> vulnerability, was fixed in Vault 1.6.1 and 1.5.6.\n>\n> An external party reported that they were able to enumerate LDAP users\n> via error messages returned by Vault's LDAP auth method\n", "id": "FreeBSD-2020-0331", "modified": "2020-12-17T00:00:00Z", "published": "2020-12-17T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://discuss.hashicorp.com/t/hcsec-2020-25-vault-s-ldap-auth-method-allows-user-enumeration/18984" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-35177" }, { "type": "WEB", "url": "https://discuss.hashicorp.com/t/hcsec-2020-25-vault-s-ldap-auth-method-allows-user-enumeration/18984" } ], "schema_version": "1.7.0", "summary": "vault -- User Enumeration via LDAP auth" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "jasper" }, "ranges": [ { "events": [ { "fixed": "2.0.23" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://github.com/jasper-software/jasper/blob/master/NEWS" ], "discovery": "2020-12-08T00:00:00Z", "references": { "cvename": [ "CVE-2020-27828" ] }, "vid": "85349584-3ba4-11eb-919d-08002728f74c" }, "details": "JasPer NEWS:\n\n> Fix CVE-2020-27828, heap-overflow in cp_create() in jpc_enc.c.\n", "id": "FreeBSD-2020-0330", "modified": "2020-12-13T00:00:00Z", "published": "2020-12-13T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://github.com/jasper-software/jasper/blob/master/NEWS" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-27828" }, { "type": "WEB", "url": "https://github.com/jasper-software/jasper/blob/master/NEWS" }, { "type": "WEB", "url": "https://github.com/jasper-software/jasper/issues/252" } ], "schema_version": "1.7.0", "summary": "jasper -- heap overflow vulnerability" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "py36-matrix-synapse" }, "ranges": [ { "events": [ { "fixed": "1.23.1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "py37-matrix-synapse" }, "ranges": [ { "events": [ { "fixed": "1.23.1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "py38-matrix-synapse" }, "ranges": [ { "events": [ { "fixed": "1.23.1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "py39-matrix-synapse" }, "ranges": [ { "events": [ { "fixed": "1.23.1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://github.com/matrix-org/synapse/security/advisories/GHSA-hxmp-pqch-c8mm" ], "discovery": "2020-12-09T00:00:00Z", "references": { "cvename": [ "CVE-2020-26257" ], "freebsdpr": [ "ports/251768" ] }, "vid": "cfa0be42-3cd7-11eb-9de7-641c67a117d8" }, "details": "Matrix developers reports:\n\n> A malicious or poorly-implemented homeserver can inject malformed\n> events into a room by specifying a different room id in the path of a\n> /send_join, /send_leave, /invite or /exchange_third_party_invite\n> request. This can lead to a denial of service in which future events\n> will not be correctly sent to other servers over federation. This\n> affects any server which accepts federation requests from untrusted\n> servers.\n", "id": "FreeBSD-2020-0329", "modified": "2020-12-13T00:00:00Z", "published": "2020-12-13T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://github.com/matrix-org/synapse/security/advisories/GHSA-hxmp-pqch-c8mm" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-26257" }, { "type": "WEB", "url": "https://github.com/matrix-org/synapse/security/advisories/GHSA-hxmp-pqch-c8mm" }, { "type": "REPORT", "url": "https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=251768" } ], "schema_version": "1.7.0", "summary": "py-matrix-synapse -- DoS on Federation API" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "p11-kit" }, "ranges": [ { "events": [ { "fixed": "0.23.22" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://lists.freedesktop.org/archives/p11-glue/2020-December/000712.html" ], "discovery": "2020-12-12T00:00:00Z", "references": { "cvename": [ "CVE-2020-29361", "CVE-2020-29362", "CVE-2020-29363" ] }, "vid": "fdc49972-3ca7-11eb-929d-d4c9ef517024" }, "details": "The p11-glue project reports:\n\n> CVE-2020-29363: Out-of-bounds write in\n> p11_rpc_buffer_get_byte_array_value function\\\n> A heap-based buffer overflow has been discovered in the RPC protocol\n> used by p11-kit server/remote commands and the client library. When\n> the remote entity supplies a serialized byte array in a CK_ATTRIBUTE,\n> the receiving entity may not allocate sufficient length for the buffer\n> to store the deserialized value.\n>\n> CVE-2020-29362: Out-of-bounds read in p11_rpc_buffer_get_byte_array\n> function\\\n> A heap-based buffer over-read has been discovered in the RPC protocol\n> used by thep11-kit server/remote commands and the client library. When\n> the remote entity supplies a byte array through a serialized PKCS#11\n> function call, the receiving entity may allow the reading of up to 4\n> bytes of memory past the heap allocation.\n>\n> CVE-2020-29361: Integer overflow when allocating memory for arrays of\n> attributes and object identifiers\\\n> Multiple integer overflows have been discovered in the array\n> allocations in the p11-kit library and the p11-kit list command, where\n> overflow checks are missing before calling realloc or calloc.\n", "id": "FreeBSD-2020-0328", "modified": "2020-12-12T00:00:00Z", "published": "2020-12-12T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://lists.freedesktop.org/archives/p11-glue/2020-December/000712.html" }, { "type": "WEB", "url": "https://lists.freedesktop.org/archives/p11-glue/2020-December/000712.html" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-29361" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-29362" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-29363" } ], "schema_version": "1.7.0", "summary": "p11-kit -- Multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "unbound" }, "ranges": [ { "events": [ { "fixed": "1.13.0" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "nsd" }, "ranges": [ { "events": [ { "fixed": "4.3.4" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://nlnetlabs.nl/downloads/unbound/CVE-2020-28935.txt" ], "discovery": "2020-12-01T00:00:00Z", "references": { "cvename": [ "CVE-2020-28935" ] }, "vid": "388ebb5b-3c95-11eb-929d-d4c9ef517024" }, "details": "NLNetLabs reports:\n\n> Unbound and NSD when writing the PID file would not check if an\n> existing file was a symlink. This could allow for a local symlink \\\\\n> attack if an attacker has access to the user Unbound/NSD runs as.\n", "id": "FreeBSD-2020-0327", "modified": "2020-12-12T00:00:00Z", "published": "2020-12-12T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://nlnetlabs.nl/downloads/unbound/CVE-2020-28935.txt" }, { "type": "WEB", "url": "https://nlnetlabs.nl/downloads/unbound/CVE-2020-28935.txt" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-28935" } ], "schema_version": "1.7.0", "summary": "Unbound/NSD -- Denial of service vulnerability" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "libressl" }, "ranges": [ { "events": [ { "introduced": "3.2.0,1" }, { "fixed": "3.2.3" } ], "type": "ECOSYSTEM" }, { "events": [ { "fixed": "3.1.5" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "libressl-devel" }, "ranges": [ { "events": [ { "fixed": "3.3.1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://ftp.openbsd.org/pub/OpenBSD/LibreSSL/libressl-3.2.3-relnotes.txt" ], "discovery": "2020-12-08T00:00:00Z", "vid": "88dfd92f-3b9c-11eb-929d-d4c9ef517024" }, "details": "The LibreSSL project reports:\n\n> Malformed ASN.1 in a certificate revocation list or a timestamp\n> response token can lead to a NULL pointer dereference.\n", "id": "FreeBSD-2020-0326", "modified": "2020-12-12T00:00:00Z", "published": "2020-12-11T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://ftp.openbsd.org/pub/OpenBSD/LibreSSL/libressl-3.2.3-relnotes.txt" }, { "type": "WEB", "url": "https://ftp.openbsd.org/pub/OpenBSD/LibreSSL/libressl-3.2.3-relnotes.txt" } ], "schema_version": "1.7.0", "summary": "LibreSSL -- NULL pointer dereference" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "glpi" }, "ranges": [ { "events": [ { "fixed": "9.4.6,1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-5248" ], "discovery": "2020-01-02T00:00:00Z", "references": { "cvename": [ "CVE-2020-5248" ] }, "vid": "b3695b08-3b3a-11eb-af2a-080027dbe4b7" }, "details": "MITRE Corporation reports:\n\n> GLPI before before version 9.4.6 has a vulnerability involving a\n> default encryption key. GLPIKEY is public and is used on every\n> instance. This means anyone can decrypt sensitive data stored using\n> this key. It is possible to change the key before installing GLPI. But\n> on existing instances, data must be reencrypted with the new key.\n> Problem is we can not know which columns or rows in the database are\n> using that; espcially from plugins. Changing the key without updating\n> data would lend in bad password sent from glpi; but storing them again\n> from the UI will work.\n", "id": "FreeBSD-2020-0325", "modified": "2024-04-25T00:00:00Z", "published": "2020-01-02T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-5248" }, { "type": "WEB", "url": "https://github.com/glpi-project/glpi/security/advisories/GHSA-j222-j9mf-h6j9" }, { "type": "WEB", "url": "https://github.com/glpi-project/glpi/commit/efd14468c92c4da43333aa9735e65fd20cbc7c6c" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-5248" } ], "schema_version": "1.7.0", "summary": "glpi -- Public GLPIKEY can be used to decrypt any data" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "glpi" }, "ranges": [ { "events": [ { "fixed": "9.5.3,1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-27663" ], "discovery": "2020-10-22T00:00:00Z", "references": { "cvename": [ "CVE-2020-27663" ] }, "vid": "695b2310-3b3a-11eb-af2a-080027dbe4b7" }, "details": "MITRE Corporation reports:\n\n> In GLPI before 9.5.3, ajax/getDropdownValue.php has an Insecure Direct\n> Object Reference (IDOR) vulnerability that allows an attacker to read\n> data from any itemType (e.g., Ticket, Users, etc.).\n", "id": "FreeBSD-2020-0324", "modified": "2024-04-25T00:00:00Z", "published": "2020-10-22T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-27663" }, { "type": "WEB", "url": "https://github.com/glpi-project/glpi/security/advisories/GHSA-pqfv-4pvr-55r4" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-27663" } ], "schema_version": "1.7.0", "summary": "glpi -- Insecure Direct Object Reference on ajax/getDropdownValue.php" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "glpi" }, "ranges": [ { "events": [ { "fixed": "9.5.3,1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-27662" ], "discovery": "2020-10-22T00:00:00Z", "references": { "cvename": [ "CVE-2020-27662" ] }, "vid": "190176ce-3b3a-11eb-af2a-080027dbe4b7" }, "details": "MITRE Corporation reports:\n\n> In GLPI before 9.5.3, ajax/comments.php has an Insecure Direct Object\n> Reference (IDOR) vulnerability that allows an attacker to read data\n> from any database table (e.g., glpi_tickets, glpi_users, etc.).\n", "id": "FreeBSD-2020-0323", "modified": "2024-04-25T00:00:00Z", "published": "2020-10-22T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-27662" }, { "type": "WEB", "url": "https://github.com/glpi-project/glpi/security/advisories/GHSA-wq38-gwxp-8p5p" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-27662" } ], "schema_version": "1.7.0", "summary": "glpi -- Insecure Direct Object Reference on ajax/comments.ph" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "glpi" }, "ranges": [ { "events": [ { "introduced": "9.5.0,1" }, { "fixed": "9.5.3,1" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-26212" ], "discovery": "2020-10-01T00:00:00Z", "references": { "cvename": [ "CVE-2020-26212" ] }, "vid": "6a467439-3b38-11eb-af2a-080027dbe4b7" }, "details": "MITRE Corporation reports:\n\n> In GLPI before version 9.5.3, any authenticated user has read-only\n> permissions to the planning of every other user, even admin ones. This\n> issue is fixed in version 9.5.3. As a workaround, one can remove the\n> caldav.php file to block access to CalDAV server.\n", "id": "FreeBSD-2020-0322", "modified": "2024-04-25T00:00:00Z", "published": "2020-10-01T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-26212" }, { "type": "WEB", "url": "https://github.com/glpi-project/glpi/security/advisories/GHSA-qmw3-87hr-5wgx" }, { "type": "WEB", "url": "https://github.com/glpi-project/glpi/commit/527280358ec78988ac57e9809d2eb21fcd74caf7" }, { "type": "WEB", "url": "https://github.com/glpi-project/glpi/releases/tag/9.5.3" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-26212" } ], "schema_version": "1.7.0", "summary": "glpi -- Any CalDAV calendars is read-only for every authenticated user" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "glpi" }, "ranges": [ { "events": [ { "introduced": "9.1,1" }, { "fixed": "9.5.2,1" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15226" ], "discovery": "2020-06-25T00:00:00Z", "references": { "cvename": [ "CVE-2020-15226" ] }, "vid": "0ba61fcc-3b38-11eb-af2a-080027dbe4b7" }, "details": "MITRE Corporation reports:\n\n> In GLPI before version 9.5.2, there is a SQL Injection in the API\\'s\n> search function. Not only is it possible to break the SQL syntax, but\n> it is also possible to utilise a UNION SELECT query to reflect\n> sensitive information such as the current database version, or\n> database user. The most likely scenario for this vulnerability is with\n> someone who has an API account to the system. The issue is patched in\n> version 9.5.2. A proof-of-concept with technical details is available\n> in the linked advisory.\n", "id": "FreeBSD-2020-0321", "modified": "2024-04-25T00:00:00Z", "published": "2020-06-25T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15226" }, { "type": "WEB", "url": "https://github.com/glpi-project/glpi/commit/3dc4475c56b241ad659cc5c7cb5fb65727409cf0" }, { "type": "WEB", "url": "https://github.com/glpi-project/glpi/security/advisories/GHSA-jwpv-7m4h-5gvc" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-15226" } ], "schema_version": "1.7.0", "summary": "glpi -- SQL Injection in Search API" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "glpi" }, "ranges": [ { "events": [ { "introduced": "9.5.0,1" }, { "fixed": "9.5.2,1" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15217" ], "discovery": "2020-06-25T00:00:00Z", "references": { "cvename": [ "CVE-2020-15217" ] }, "vid": "5acd95db-3b16-11eb-af2a-080027dbe4b7" }, "details": "MITRE Corporation reports:\n\n> In GLPI before version 9.5.2, there is a leakage of user information\n> through the public FAQ. The issue was introduced in version 9.5.0 and\n> patched in 9.5.2. As a workaround, disable public access to the FAQ.\n", "id": "FreeBSD-2020-0320", "modified": "2024-04-25T00:00:00Z", "published": "2020-06-25T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15217" }, { "type": "WEB", "url": "https://github.com/glpi-project/glpi/commit/39e25591efddc560e3679ab07e443ee6198705e2" }, { "type": "WEB", "url": "https://github.com/glpi-project/glpi/security/advisories/GHSA-x9hg-j29f-wvvv" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-15217" } ], "schema_version": "1.7.0", "summary": "glpi -- leakage issue with knowledge base" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "glpi" }, "ranges": [ { "events": [ { "fixed": "9.5.2,1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15177" ], "discovery": "2020-06-25T00:00:00Z", "references": { "cvename": [ "CVE-2020-15177" ] }, "vid": "09eef008-3b16-11eb-af2a-080027dbe4b7" }, "details": "MITRE Corporation reports:\n\n> In GLPI before version 9.5.2, the \\`install/install.php\\` endpoint\n> insecurely stores user input into the database as \\`url_base\\` and\n> \\`url_base_api\\`. These settings are referenced throughout the\n> application and allow for vulnerabilities like Cross-Site Scripting\n> and Insecure Redirection Since authentication is not required to\n> perform these changes,anyone could point these fields at malicious\n> websites or form input in a way to trigger XSS. Leveraging JavaScript\n> it\\'s possible to steal cookies, perform actions as the user, etc. The\n> issue is patched in version 9.5.2.\n", "id": "FreeBSD-2020-0319", "modified": "2024-04-25T00:00:00Z", "published": "2020-06-25T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15177" }, { "type": "WEB", "url": "https://github.com/glpi-project/glpi/commit/a8109d4ee970a222faf48cf48fae2d2f06465796" }, { "type": "WEB", "url": "https://github.com/glpi-project/glpi/security/advisories/GHSA-prvh-9m4h-4m79" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-15177" } ], "schema_version": "1.7.0", "summary": "glpi -- Unauthenticated Stored XSS" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "glpi" }, "ranges": [ { "events": [ { "fixed": "9.5.2,1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15176" ], "discovery": "2020-06-25T00:00:00Z", "references": { "cvename": [ "CVE-2020-15176" ] }, "vid": "b7abdb0f-3b15-11eb-af2a-080027dbe4b7" }, "details": "MITRE Corporation reports:\n\n> In GLPI before version 9.5.2, when supplying a back tick in input that\n> gets put into a SQL query,the application does not escape or sanitize\n> allowing for SQL Injection to occur. Leveraging this vulnerability an\n> attacker is able to exfiltrate sensitive information like passwords,\n> reset tokens, personal details, and more. The issue is patched in\n> version 9.5.2\n", "id": "FreeBSD-2020-0318", "modified": "2024-04-25T00:00:00Z", "published": "2020-06-25T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15176" }, { "type": "WEB", "url": "https://github.com/glpi-project/glpi/commit/f021f1f365b4acea5066d3e57c6d22658cf32575" }, { "type": "WEB", "url": "https://github.com/glpi-project/glpi/security/advisories/GHSA-x93w-64x9-58qw" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-15176" } ], "schema_version": "1.7.0", "summary": "glpi -- Multiple SQL Injections Stemming From isNameQuoted()" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "glpi" }, "ranges": [ { "events": [ { "fixed": "9.5.2,1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15175" ], "discovery": "2020-06-25T00:00:00Z", "references": { "cvename": [ "CVE-2020-15175" ] }, "vid": "675e5098-3b15-11eb-af2a-080027dbe4b7" }, "details": "MITRE Corporation reports:\n\n> In GLPI before version 9.5.2, the pluginimage.send.php endpoint allows\n> a user to specify an image from a plugin. The parameters can be\n> maliciously crafted to instead delete the .htaccess file for the files\n> directory. Any user becomes able to read all the files and folders\n> contained in /files/. Some of the sensitive information that is\n> compromised are the user sessions, logs, and more. An attacker would\n> be able to get the Administrators session token and use that to\n> authenticate. The issue is patched in version 9.5.2.\n", "id": "FreeBSD-2020-0317", "modified": "2024-04-25T00:00:00Z", "published": "2020-06-25T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15175" }, { "type": "WEB", "url": "https://github.com/glpi-project/glpi/security/advisories/GHSA-rm52-jx9h-rwcp" }, { "type": "WEB", "url": "https://github.com/glpi-project/glpi/commit/6ca9a0e77299a755c356d758344a23278df67f65" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-15175" } ], "schema_version": "1.7.0", "summary": "glpi -- Unauthenticated File Deletion" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "glpi" }, "ranges": [ { "events": [ { "introduced": "9.5.0,1" }, { "fixed": "9.5.1,1" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15108" ], "discovery": "2020-06-25T00:00:00Z", "references": { "cvename": [ "CVE-2020-15108" ] }, "vid": "7f163c81-3b12-11eb-af2a-080027dbe4b7" }, "details": "MITRE Corporation reports:\n\n> In glpi before 9.5.1, there is a SQL injection for all usages of\n> \\\"Clone\\\" feature. This has been fixed in 9.5.1.\n", "id": "FreeBSD-2020-0316", "modified": "2024-04-25T00:00:00Z", "published": "2020-06-25T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15108" }, { "type": "WEB", "url": "https://github.com/glpi-project/glpi/security/advisories/GHSA-qv6w-68gq-wx2v" }, { "type": "WEB", "url": "https://github.com/glpi-project/glpi/commit/a4baa64114eb92fd2adf6056a36e0582324414ba" }, { "type": "WEB", "url": "https://github.com/glpi-project/glpi/pull/6684" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-15108" } ], "schema_version": "1.7.0", "summary": "glpi -- SQL injection for all usages of \"Clone\" feature" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "glpi" }, "ranges": [ { "events": [ { "fixed": "9.4.6,1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11062" ], "discovery": "2020-03-30T00:00:00Z", "references": { "cvename": [ "CVE-2020-11062" ] }, "vid": "07aecafa-3b12-11eb-af2a-080027dbe4b7" }, "details": "MITRE Corporation reports:\n\n> In GLPI after 0.68.1 and before 9.4.6, multiple reflexive XSS occur in\n> Dropdown endpoints due to an invalid Content-Type. This has been fixed\n> in version 9.4.6.\n", "id": "FreeBSD-2020-0315", "modified": "2024-04-25T00:00:00Z", "published": "2020-03-30T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11062" }, { "type": "WEB", "url": "https://github.com/glpi-project/glpi/security/advisories/GHSA-3xxh-f5p2-jg3h" }, { "type": "WEB", "url": "https://github.com/glpi-project/glpi/commit/5e1c52c5e8a30ceb4e9572964da7ed89ddfb1aaf" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-11062" } ], "schema_version": "1.7.0", "summary": "glpi -- Reflexive XSS in Dropdown menus" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "glpi" }, "ranges": [ { "events": [ { "fixed": "9.4.6,1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11060" ], "discovery": "2020-03-30T00:00:00Z", "references": { "cvename": [ "CVE-2020-11060" ] }, "vid": "832fd11b-3b11-11eb-af2a-080027dbe4b7" }, "details": "MITRE Corporation reports:\n\n> In GLPI before 9.4.6, an attacker can execute system commands by\n> abusing the backup functionality. Theoretically, this vulnerability\n> can be exploited by an attacker without a valid account by using a\n> CSRF. Due to the difficulty of the exploitation, the attack is only\n> conceivable by an account having Maintenance privileges and the right\n> to add WIFI networks. This is fixed in version 9.4.6.\n", "id": "FreeBSD-2020-0314", "modified": "2024-04-25T00:00:00Z", "published": "2020-03-30T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11060" }, { "type": "WEB", "url": "https://github.com/glpi-project/glpi/security/advisories/GHSA-cvvq-3fww-5v6f" }, { "type": "WEB", "url": "https://github.com/glpi-project/glpi/commit/ad748d59c94da177a3ed25111c453902396f320c" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-11060" } ], "schema_version": "1.7.0", "summary": "glpi -- Remote Code Execution (RCE) via the backup functionality" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "glpi" }, "ranges": [ { "events": [ { "fixed": "9.4.6,1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11036" ], "discovery": "2020-03-30T00:00:00Z", "references": { "cvename": [ "CVE-2020-11036" ] }, "vid": "27a230a2-3b11-11eb-af2a-080027dbe4b7" }, "details": "MITRE Corporation reports:\n\n> In GLPI before version 9.4.6 there are multiple related stored XSS\n> vulnerabilities. The package is vulnerable to Stored XSS in the\n> comments of items in the Knowledge base. Adding a comment with content\n> \\\"alert(1)\\\" reproduces the attack. This can be exploited by a user\n> with administrator privileges in the User-Agent field. It can also be\n> exploited by an outside party through the following steps: 1. Create a\n> user with the surname \\`\\\" onmouseover=\\\"alert(document.cookie)\\` and\n> an empty first name. 2. With this user, create a ticket 3. As an\n> administrator (or other privileged user) open the created ticket 4. On\n> the \\\"last update\\\" field, put your mouse on the name of the user 5.\n> The XSS fires This is fixed in version 9.4.6.\n", "id": "FreeBSD-2020-0313", "modified": "2024-04-25T00:00:00Z", "published": "2020-03-30T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11036" }, { "type": "WEB", "url": "https://github.com/glpi-project/glpi/security/advisories/GHSA-3g3h-rwhr-7385" }, { "type": "WEB", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5WQMONZRWLWOXMHMYWR7A5Q5JJERPMVC/" }, { "type": "WEB", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Q4BG2UTINBVV7MTJRXKBQ26GV2UINA6L/" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-11036" } ], "schema_version": "1.7.0", "summary": "glpi -- multiple related stored XSS vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "glpi" }, "ranges": [ { "events": [ { "introduced": "0.83.3,1" }, { "fixed": "9.4.6,1" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11035" ], "discovery": "2020-03-30T00:00:00Z", "references": { "cvename": [ "CVE-2020-11035" ] }, "vid": "b64edef7-3b10-11eb-af2a-080027dbe4b7" }, "details": "MITRE Corporation reports:\n\n> In GLPI after version 0.83.3 and before version 9.4.6, the CSRF tokens\n> are generated using an insecure algorithm. The implementation uses\n> rand and uniqid and MD5 which does not provide secure values. This is\n> fixed in version 9.4.6.\n", "id": "FreeBSD-2020-0312", "modified": "2024-04-25T00:00:00Z", "published": "2020-03-30T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11035" }, { "type": "WEB", "url": "https://github.com/glpi-project/glpi/security/advisories/GHSA-w7q8-58qp-vmpf" }, { "type": "WEB", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5WQMONZRWLWOXMHMYWR7A5Q5JJERPMVC/" }, { "type": "WEB", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Q4BG2UTINBVV7MTJRXKBQ26GV2UINA6L/" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-11035" } ], "schema_version": "1.7.0", "summary": "glpi -- weak csrf tokens" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "glpi" }, "ranges": [ { "events": [ { "fixed": "9.4.6,1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11034" ], "discovery": "2020-03-30T00:00:00Z", "references": { "cvename": [ "CVE-2020-11034" ] }, "vid": "3a63f478-3b10-11eb-af2a-080027dbe4b7" }, "details": "MITRE Corporation reports:\n\n> In GLPI before version 9.4.6, there is a vulnerability that allows\n> bypassing the open redirect protection based which is based on a\n> regexp. This is fixed in version 9.4.6.\n", "id": "FreeBSD-2020-0311", "modified": "2024-04-25T00:00:00Z", "published": "2020-03-30T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11034" }, { "type": "WEB", "url": "https://github.com/glpi-project/glpi/security/advisories/GHSA-gxv6-xq9q-37hg" }, { "type": "WEB", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5WQMONZRWLWOXMHMYWR7A5Q5JJERPMVC/" }, { "type": "WEB", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Q4BG2UTINBVV7MTJRXKBQ26GV2UINA6L/" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-11034" } ], "schema_version": "1.7.0", "summary": "glpi -- bypass of the open redirect protection" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "glpi" }, "ranges": [ { "events": [ { "introduced": "9.1,1" }, { "fixed": "9.4.6,1" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11033" ], "discovery": "2020-03-30T00:00:00Z", "references": { "cvename": [ "CVE-2020-11033" ] }, "vid": "aec9cbe0-3b0f-11eb-af2a-080027dbe4b7" }, "details": "MITRE Corporation reports:\n\n> In GLPI from version 9.1 and before version 9.4.6, any API user with\n> READ right on User itemtype will have access to full list of users\n> when querying apirest.php/User. The response contains: - All\n> api_tokens which can be used to do privileges escalations or\n> read/update/delete data normally non accessible to the current user. -\n> All personal_tokens can display another users planning. Exploiting\n> this vulnerability requires the api to be enabled, a technician\n> account. It can be mitigated by adding an application token. This is\n> fixed in version 9.4.6.\n", "id": "FreeBSD-2020-0310", "modified": "2024-04-25T00:00:00Z", "published": "2020-03-30T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11033" }, { "type": "WEB", "url": "https://github.com/glpi-project/glpi/security/advisories/GHSA-rf54-3r4w-4h55" }, { "type": "WEB", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5WQMONZRWLWOXMHMYWR7A5Q5JJERPMVC/" }, { "type": "WEB", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Q4BG2UTINBVV7MTJRXKBQ26GV2UINA6L/" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-11033" } ], "schema_version": "1.7.0", "summary": "glpi -- able to read any token through API user endpoint" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "glpi" }, "ranges": [ { "events": [ { "fixed": "9.4.6,1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11032" ], "discovery": "2020-03-30T00:00:00Z", "references": { "cvename": [ "CVE-2020-11032" ] }, "vid": "b3aae7ea-3aef-11eb-af2a-080027dbe4b7" }, "details": "MITRE Corporation reports:\n\n> In GLPI before version 9.4.6, there is a SQL injection vulnerability\n> for all helpdesk instances. Exploiting this vulnerability requires a\n> technician account. This is fixed in version 9.4.6.\n", "id": "FreeBSD-2020-0309", "modified": "2024-04-25T00:00:00Z", "published": "2020-03-30T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11032" }, { "type": "WEB", "url": "https://github.com/glpi-project/glpi/security/advisories/GHSA-344w-34h9-wwhh" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-11032" } ], "schema_version": "1.7.0", "summary": "glpi -- SQL injection for all helpdesk instances" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "glpi" }, "ranges": [ { "events": [ { "fixed": "9.5.0,1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11031" ], "discovery": "2020-03-30T00:00:00Z", "references": { "cvename": [ "CVE-2020-11031" ] }, "vid": "0309c898-3aed-11eb-af2a-080027dbe4b7" }, "details": "MITRE Corporation reports:\n\n> In GLPI before version 9.5.0, the encryption algorithm used is\n> insecure. The security of the data encrypted relies on the password\n> used, if a user sets a weak/predictable password, an attacker could\n> decrypt data. This is fixed in version 9.5.0 by using a more secure\n> encryption library. The library chosen is sodium.\n", "id": "FreeBSD-2020-0308", "modified": "2024-04-25T00:00:00Z", "published": "2020-03-30T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11031" }, { "type": "WEB", "url": "https://github.com/glpi-project/glpi/security/advisories/GHSA-7xwm-4vjr-jvqh" }, { "type": "WEB", "url": "https://github.com/glpi-project/glpi/commit/f1ae6c8481e5c19a6f1801a5548cada45702e01a#diff-b5d0ee8c97c7abd7e3fa29b9a27d1780" }, { "type": "WEB", "url": "https://github.com/glpi-project/glpi/commit/f1ae6c8481e5c19a6f1801a5548cada45702e01a#diff-b5d0ee8c97c7abd7e3fa29b9a27d1780" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-11031" } ], "schema_version": "1.7.0", "summary": "glpi -- Improve encryption algorithm" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "curl" }, "ranges": [ { "events": [ { "introduced": "4.0,1" }, { "fixed": "7.74.0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://curl.se/docs/security.html" ], "discovery": "2020-12-09T00:00:00Z", "references": { "cvename": [ "CVE-2020-8284", "CVE-2020-8285", "CVE-2020-8286" ] }, "vid": "3c77f139-3a09-11eb-929d-d4c9ef517024" }, "details": "The cURL project reports:\n\n> Trusting FTP PASV responses (CVE-2020-8284)\n>\n> FTP wildcard stack overflow (CVE-2020-8285)\n>\n> Inferior OCSP verification (CVE-2020-8286)\n", "id": "FreeBSD-2020-0307", "modified": "2020-12-09T00:00:00Z", "published": "2020-12-09T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://curl.se/docs/security.html" }, { "type": "WEB", "url": "https://curl.se/docs/security.html" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-8284" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-8285" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-8286" } ], "schema_version": "1.7.0", "summary": "cURL -- Multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "openssl" }, "ranges": [ { "events": [ { "introduced": "1.0.2,1" }, { "fixed": "1.1.1i,1" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "FreeBSD" }, "ranges": [ { "events": [ { "introduced": "12.2" }, { "fixed": "12.2_2" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "12.1" }, { "fixed": "12.1_12" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "11.4" }, { "fixed": "11.4_6" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://www.openssl.org/news/secadv/20201208.txt" ], "discovery": "2020-12-08T00:00:00Z", "references": { "cvename": [ "CVE-2020-1971" ], "freebsdsa": [ "SA-20:33.openssl" ] }, "vid": "1d56cfc5-3970-11eb-929d-d4c9ef517024" }, "details": "The OpenSSL project reports:\n\n> EDIPARTYNAME NULL pointer de-reference (High)\n>\n> The X.509 GeneralName type is a generic type for representing\n> different types of names. One of those name types is known as\n> EDIPartyName. OpenSSL provides a function GENERAL_NAME_cmp which\n> compares different instances of a GENERAL_NAME to see if they are\n> equal or not. This function behaves incorrectly when both\n> GENERAL_NAMEs contain an EDIPARTYNAME. A NULL pointer dereference and\n> a crash may occur leading to a possible denial of service attack.\n", "id": "FreeBSD-2020-0306", "modified": "2020-12-15T00:00:00Z", "published": "2020-12-08T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://www.openssl.org/news/secadv/20201208.txt" }, { "type": "WEB", "url": "https://www.openssl.org/news/secadv/20201208.txt" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-1971" }, { "type": "ADVISORY", "url": "https://www.freebsd.org/security/advisories/FreeBSD-SA-20:33.openssl.asc" } ], "schema_version": "1.7.0", "summary": "OpenSSL -- NULL pointer de-reference" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "gitlab-ce" }, "ranges": [ { "events": [ { "introduced": "13.6.0" }, { "fixed": "13.6.2" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "13.5.0" }, { "fixed": "13.5.5" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "12.2" }, { "fixed": "13.4.9" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://about.gitlab.com/releases/2020/12/07/security-release-gitlab-13-6-2-released/" ], "discovery": "2020-12-07T00:00:00Z", "references": { "cvename": [ "CVE-2020-26407", "CVE-2020-26408", "CVE-2020-13357", "CVE-2020-26411", "CVE-2020-26409" ] }, "vid": "5d5e5cda-38e6-11eb-bbbf-001b217b3468" }, "details": "Gitlab reports:\n\n> XSS in Zoom Meeting URL\n>\n> Limited Information Disclosure in Private Profile\n>\n> User email exposed via GraphQL endpoint\n>\n> Group and project membership potentially exposed via GraphQL\n>\n> Search terms logged in search parameter in rails logs\n>\n> Un-authorised access to feature flag user list\n>\n> A specific query on the explore page causes statement timeouts\n>\n> Exposure of starred projects on private user profiles\n>\n> Uncontrolled Resource Consumption in any Markdown field using Mermaid\n>\n> Former group members able to view updates to confidential epics\n>\n> Update GraphicsMagick dependency\n>\n> Update GnuPG dependency\n>\n> Update libxml dependency\n", "id": "FreeBSD-2020-0305", "modified": "2020-12-07T00:00:00Z", "published": "2020-12-07T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://about.gitlab.com/releases/2020/12/07/security-release-gitlab-13-6-2-released/" }, { "type": "WEB", "url": "https://about.gitlab.com/releases/2020/12/07/security-release-gitlab-13-6-2-released/" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-26407" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-26408" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-13357" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-26411" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-26409" } ], "schema_version": "1.7.0", "summary": "Gitlab -- Multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "consul" }, "ranges": [ { "events": [ { "fixed": "1.9.0" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://github.com/hashicorp/consul/blob/master/CHANGELOG.md" ], "discovery": "2020-11-02T00:00:00Z", "references": { "cvename": [ "CVE-2020-28053" ] }, "vid": "8d17229f-3054-11eb-a455-ac1f6b16e566" }, "details": "Hashicorp reports:\n\n> Increase the permissions to read from the /connect/ca/configuration\n> endpoint to operator:write. Previously Connect CA configuration,\n> including the private key, set via this endpoint could be read back by\n> an operator with operator:read privileges.\n", "id": "FreeBSD-2020-0304", "modified": "2020-12-06T00:00:00Z", "published": "2020-12-06T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://github.com/hashicorp/consul/blob/master/CHANGELOG.md" }, { "type": "WEB", "url": "https://github.com/hashicorp/consul/blob/master/CHANGELOG.md" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-28053" } ], "schema_version": "1.7.0", "summary": "consul -- Fix Consul Connect CA private key configuration" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "chromium" }, "ranges": [ { "events": [ { "fixed": "87.0.4280.88" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://chromereleases.googleblog.com/2020/12/stable-channel-update-for-desktop.html" ], "discovery": "2020-12-02T00:00:00Z", "references": { "cvename": [ "CVE-2020-16037", "CVE-2020-16038", "CVE-2020-16039", "CVE-2020-16040", "CVE-2020-16041", "CVE-2020-16042" ] }, "vid": "01ffd06a-36ed-11eb-b655-3065ec8fd3ec" }, "details": "Chrome Releases reports:\n\n> This release contains 8 security fixes, including:\n>\n> - \\[1142331\\] High CVE-2020-16037: Use after free in clipboard.\n> Reported by Ryoya Tsukasaki on 2020-10-26\n> - \\[1138683\\] High CVE-2020-16038: Use after free in media. Reported\n> by Khalil Zhani on 2020-10-14\n> - \\[1149177\\] High CVE-2020-16039: Use after free in extensions.\n> Reported by Anonymous on 2020-11-15\n> - \\[1150649\\] High CVE-2020-16040: Insufficient data validation in V8.\n> Reported by Lucas Pinheiro, Microsoft Browser Vulnerability Research\n> on 2020-11-19\n> - \\[1151865\\] Medium CVE-2020-16041: Out of bounds read in networking.\n> Reported by Sergei Glazunov and Mark Brand of Google Project Zero on\n> 2020-11-23\n> - \\[1151890\\] Medium CVE-2020-16042: Uninitialized Use in V8. Reported\n> by Andr\u00e9 Bargull on 2020-11-2\n", "id": "FreeBSD-2020-0303", "modified": "2020-12-05T00:00:00Z", "published": "2020-12-05T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://chromereleases.googleblog.com/2020/12/stable-channel-update-for-desktop.html" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-16037" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-16038" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-16039" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-16040" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-16041" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-16042" }, { "type": "WEB", "url": "https://chromereleases.googleblog.com/2020/12/stable-channel-update-for-desktop.html" } ], "schema_version": "1.7.0", "summary": "chromium -- multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "gitea" }, "ranges": [ { "events": [ { "fixed": "1.13.0" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://blog.gitea.io/2020/12/gitea-1.13.0-is-released/" ], "discovery": "2020-12-01T00:00:00Z", "references": { "freebsdpr": [ "ports/251577" ] }, "vid": "b99492b2-362b-11eb-9f86-08002734b9ed" }, "details": "The Gitea Team reports for release 1.13.0:\n\n> - Add Allow-/Block-List for Migrate and Mirrors\n> - Prevent git operations for inactive users\n> - Disallow urlencoded new lines in git protocol paths if there is a\n> port\n> - Mitigate Security vulnerability in the git hook feature\n> - Disable DSA ssh keys by default\n> - Set TLS minimum version to 1.2\n> - Use argon as default password hash algorithm\n> - Escape failed highlighted files\n", "id": "FreeBSD-2020-0302", "modified": "2020-12-04T00:00:00Z", "published": "2020-12-04T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://blog.gitea.io/2020/12/gitea-1.13.0-is-released/" }, { "type": "WEB", "url": "https://github.com/go-gitea/gitea/releases/tag/v1.13.0" }, { "type": "REPORT", "url": "https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=251577" } ], "schema_version": "1.7.0", "summary": "gitea -- multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "FreeBSD" }, "ranges": [ { "events": [ { "introduced": "12.2" }, { "fixed": "12.2_1" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "12.1" }, { "fixed": "12.1_11" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "11.4" }, { "fixed": "11.4_5" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "discovery": "2020-12-01T00:00:00Z", "references": { "cvename": [ "CVE-2020-25577" ], "freebsdsa": [ "SA-20:32.rtsold" ] }, "vid": "e2748c9d-3483-11eb-b87a-901b0ef719ab" }, "details": "# Problem Description:\n\nTwo bugs exist in rtsold(8)\\'s RDNSS and DNSSL option handling. First,\nrtsold(8) failed to perform sufficient bounds checking on the extent of\nthe option. In particular, it does not verify that the option does not\nextend past the end of the received packet before processing its\ncontents. The kernel currently ignores such malformed packets but still\npasses them to userspace programs.\n\nSecond, when processing a DNSSL option, rtsold(8) decodes domain name\nlabels per an encoding specified in RFC 1035 in which the first octet of\neach label contains the label\\'s length. rtsold(8) did not validate\nlabel lengths correctly and could overflow the destination buffer.\n\n# Impact:\n\nIt is believed that these bugs could be exploited to gain remote code\nexecution within the rtsold(8) daemon, which runs as root. Note that\nrtsold(8) only processes messages received from hosts attached to the\nsame physical link as the interface(s) on which rtsold(8) is listening.\n\nIn FreeBSD 12.2 rtsold(8) runs in a Capsicum sandbox, limiting the scope\nof a compromised rtsold(8) process.\n", "id": "FreeBSD-2020-0301", "modified": "2020-12-02T00:00:00Z", "published": "2020-12-02T00:00:00Z", "references": [ { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-25577" }, { "type": "ADVISORY", "url": "https://www.freebsd.org/security/advisories/FreeBSD-SA-20:32.rtsold.asc" } ], "schema_version": "1.7.0", "summary": "FreeBSD -- Multiple vulnerabilities in rtsold" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:kernel", "name": "FreeBSD-kernel" }, "ranges": [ { "events": [ { "introduced": "12.2" }, { "fixed": "12.2_1" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "12.1" }, { "fixed": "12.1_11" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "11.4" }, { "fixed": "11.4_5" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "discovery": "2020-12-01T00:00:00Z", "references": { "cvename": [ "CVE-2020-7469" ], "freebsdsa": [ "SA-20:31.icmp6" ] }, "vid": "8eed0c5c-3482-11eb-b87a-901b0ef719ab" }, "details": "# Problem Description:\n\nWhen an ICMPv6 error message is received, the FreeBSD ICMPv6 stack may\nextract information from the message to hand to upper-layer protocols.\nAs a part of this operation, it may parse IPv6 header options from a\npacket embedded in the ICMPv6 message.\n\nThe handler for a routing option caches a pointer into the packet buffer\nholding the ICMPv6 message. However, when processing subsequent options\nthe packet buffer may be freed, rendering the cached pointer invalid.\nThe network stack may later dereference the pointer, potentially\ntriggering a use-after-free.\n\n# Impact:\n\nA remote host may be able to trigger a read of freed kernel memory. This\nmay trigger a kernel panic if the address had been unmapped.\n", "id": "FreeBSD-2020-0300", "modified": "2020-12-02T00:00:00Z", "published": "2020-12-02T00:00:00Z", "references": [ { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-7469" }, { "type": "ADVISORY", "url": "https://www.freebsd.org/security/advisories/FreeBSD-SA-20:31.icmp6.asc" } ], "schema_version": "1.7.0", "summary": "FreeBSD -- ICMPv6 use-after-free in error message handling" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "xorg-server" }, "ranges": [ { "events": [ { "fixed": "1.20.9_1,1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "xephyr" }, "ranges": [ { "events": [ { "fixed": "1.20.9_1,1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "xorg-vfbserver" }, "ranges": [ { "events": [ { "fixed": "1.20.9_1,1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "xorg-nestserver" }, "ranges": [ { "events": [ { "fixed": "1.20.9_1,1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "xwayland" }, "ranges": [ { "events": [ { "fixed": "1.20.9_2,1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "xorg-dmx" }, "ranges": [ { "events": [ { "fixed": "1.20.9_1,1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://lists.x.org/archives/xorg-announce/2020-December/003066.html" ], "discovery": "2020-12-01T00:00:00Z", "references": { "cvename": [ "CVE-2020-14360", "CVE-2020-25712" ] }, "vid": "76c8b690-340b-11eb-a2b7-54e1ad3d6335" }, "details": "The X.org project reports:\n\n> These issues can lead to privileges elevations for authorized clients\n> on systems where the X server is running privileged.\n>\n> Insufficient checks on the lengths of the XkbSetMap request can lead\n> to out of bounds memory accesses in the X server.\n>\n> Insufficient checks on input of the XkbSetDeviceInfo request can lead\n> to a buffer overflow on the head in the X server.\n", "id": "FreeBSD-2020-0299", "modified": "2020-12-01T00:00:00Z", "published": "2020-12-01T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://lists.x.org/archives/xorg-announce/2020-December/003066.html" }, { "type": "WEB", "url": "https://lists.x.org/archives/xorg-announce/2020-December/003066.html" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-14360" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-25712" } ], "schema_version": "1.7.0", "summary": "xorg-server -- Multiple input validation failures in X server XKB extension" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "nomad" }, "ranges": [ { "events": [ { "fixed": "0.12.6" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://github.com/hashicorp/nomad/blob/master/CHANGELOG.md" ], "discovery": "2020-10-21T00:00:00Z", "references": { "cvename": [ "CVE-2020-27195" ] }, "vid": "618010ff-3044-11eb-8112-000c292ee6b8" }, "details": "The HashiCorp team reports:\n\n> - artifact: Fixed a bug where interpolation can be used in the\n> artifact destination field to write artifact payloads outside the\n> allocation directory.\n> - template: Fixed a bug where interpolation can be used in the\n> template source and destination fields to read or write files\n> outside the allocation directory even when disable_file_sandbox was\n> set to false (the default).\n> - template: Fixed a bug where the disable_file_sandbox configuration\n> was only respected for the template file function and not the\n> template source and destination fields.\n", "id": "FreeBSD-2020-0298", "modified": "2020-11-27T00:00:00Z", "published": "2020-11-27T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://github.com/hashicorp/nomad/blob/master/CHANGELOG.md" }, { "type": "WEB", "url": "https://github.com/hashicorp/nomad/blob/master/CHANGELOG.md" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-27195" } ], "schema_version": "1.7.0", "summary": "nomad -- multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "gitea" }, "ranges": [ { "events": [ { "fixed": "1.12.6" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://blog.gitea.io/2020/11/gitea-1.12.6-is-released/" ], "discovery": "2020-11-16T00:00:00Z", "references": { "freebsdpr": [ "ports/251296" ] }, "vid": "55facdb0-2c24-11eb-9aac-08002734b9ed" }, "details": "The Gitea Team reports for release 1.12.6:\n\n> - Prevent git operations for inactive users\n> - Disallow urlencoded new lines in git protocol paths if there is a\n> port\n", "id": "FreeBSD-2020-0297", "modified": "2020-11-21T00:00:00Z", "published": "2020-11-21T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://blog.gitea.io/2020/11/gitea-1.12.6-is-released/" }, { "type": "WEB", "url": "Disallow urlencoded new lines in git protocol paths if there is a port" }, { "type": "REPORT", "url": "https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=251296" } ], "schema_version": "1.7.0", "summary": "gitea -- multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "node" }, "ranges": [ { "events": [ { "fixed": "15.2.1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "node14" }, "ranges": [ { "events": [ { "fixed": "14.15.1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "node12" }, "ranges": [ { "events": [ { "fixed": "12.19.1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://nodejs.org/en/blog/vulnerability/november-2020-security-releases/" ], "discovery": "2020-11-16T00:00:00Z", "references": { "cvename": [ "CVE-2020-8277" ] }, "vid": "ad792169-2aa4-11eb-ab71-0022489ad614" }, "details": "Node.js reports:\n\n> Updates are now available for v12.x, v14.x and v15.x Node.js release\n> lines for the following issues.\n>\n> # Denial of Service through DNS request (CVE-2020-8277)\n>\n> A Node.js application that allows an attacker to trigger a DNS request\n> for a host of their choice could trigger a Denial of service by\n> getting the application to resolve a DNS record with a larger number\n> of responses.\n", "id": "FreeBSD-2020-0296", "modified": "2020-11-21T00:00:00Z", "published": "2020-11-21T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://nodejs.org/en/blog/vulnerability/november-2020-security-releases/" }, { "type": "WEB", "url": "https://nodejs.org/en/blog/vulnerability/november-2020-security-releases/" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-8277" } ], "schema_version": "1.7.0", "summary": "Node.js -- November 2020 Security Releases" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "mutt" }, "ranges": [ { "events": [ { "fixed": "2.0.2" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://gitlab.com/muttmua/mutt/-/commit/04b06aaa3e0cc0022b9b01dbca2863756ebbf59a" ], "discovery": "2020-11-20T00:00:00Z", "references": { "cvename": [ "CVE-2020-28896" ] }, "vid": "dc132c91-2b71-11eb-8cfd-4437e6ad11c4" }, "details": "Kevin J. McCarthy reports:\n\n> Mutt had incorrect error handling when initially connecting to an IMAP\n> server, which could result in an attempt to authenticate without\n> enabling TLS.\n", "id": "FreeBSD-2020-0295", "modified": "2020-11-20T00:00:00Z", "published": "2020-11-20T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://gitlab.com/muttmua/mutt/-/commit/04b06aaa3e0cc0022b9b01dbca2863756ebbf59a" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-28896" }, { "type": "WEB", "url": "https://gitlab.com/muttmua/mutt/-/commit/04b06aaa3e0cc0022b9b01dbca2863756ebbf59a" } ], "schema_version": "1.7.0", "summary": "mutt -- authentication credentials being sent over an unencrypted connection" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "mozjpeg" }, "ranges": [ { "events": [ { "fixed": "4.0.0" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://nvd.nist.gov/vuln/detail/CVE-2020-13790" ], "discovery": "2020-06-03T00:00:00Z", "references": { "cvename": [ "CVE-2020-13790" ] }, "vid": "040707f9-0b2a-11eb-8834-00155d01f202" }, "details": "NIST reports:\n\n> - Heap-based buffer over-read in get_rgb_row() in rdppm.c via a\n> malformed PPM input file.\n", "id": "FreeBSD-2020-0294", "modified": "2020-10-10T00:00:00Z", "published": "2020-10-10T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-13790" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-13790" }, { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-13790" } ], "schema_version": "1.7.0", "summary": "mozjpeg -- heap-based buffer over-read in get_rgb_row() in rdppm.c via a malformed PPM input file" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "libjpeg-turbo" }, "ranges": [ { "events": [ { "fixed": "2.0.4" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://github.com/libjpeg-turbo/libjpeg-turbo/releases/tag/2.0.5" ], "discovery": "2020-06-03T00:00:00Z", "references": { "cvename": [ "CVE-2020-13790" ] }, "vid": "23a667c7-0b28-11eb-8834-00155d01f202" }, "details": "libjpeg-turbo releases reports:\n\n> This release fixes the following security issue:\n>\n> - Heap-based buffer over-read in get_rgb_row() in rdppm.c via a\n> malformed PPM input file.\n", "id": "FreeBSD-2020-0293", "modified": "2020-10-10T00:00:00Z", "published": "2020-10-10T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://github.com/libjpeg-turbo/libjpeg-turbo/releases/tag/2.0.5" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-13790" }, { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-13790" } ], "schema_version": "1.7.0", "summary": "libjpeg-turbo -- Issue in the PPM reader causing a buffer overrun in cjpeg, TJBench, or the tjLoadImage() function." }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "mantis-php72" }, "ranges": [ { "events": [ { "fixed": "2.24.3,1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "mantis-php73" }, "ranges": [ { "events": [ { "fixed": "2.24.3,1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "mantis-php74" }, "ranges": [ { "events": [ { "fixed": "2.24.3,1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "mantis-php80" }, "ranges": [ { "events": [ { "fixed": "2.24.3,1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://mantisbt.org/bugs/changelog_page.php?project=mantisbt&version=2.24.3" ], "discovery": "2020-09-13T00:00:00Z", "references": { "cvename": [ "CVE-2020-25781", "CVE-2020-25288", "CVE-2020-25830" ], "freebsdpr": [ "ports/251141" ] }, "vid": "19259833-26b1-11eb-a239-1c697a013f4b" }, "details": "Mantis 2.24.3 release reports:\n\n> This release fixes 3 security issues:\n>\n> - 0027039: CVE-2020-25781: Access to private bug note attachments\n> - 0027275: CVE-2020-25288: HTML Injection on bug_update_page.php\n> - 0027304: CVE-2020-25830: HTML Injection in bug_actiongroup_page.php\n", "id": "FreeBSD-2020-0292", "modified": "2020-11-15T00:00:00Z", "published": "2020-11-14T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://mantisbt.org/bugs/changelog_page.php?project=mantisbt&version=2.24.3" }, { "type": "REPORT", "url": "https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=251141" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-25781" }, { "type": "ADVISORY", "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25781" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-25288" }, { "type": "ADVISORY", "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25288" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-25830" }, { "type": "ADVISORY", "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25830" } ], "schema_version": "1.7.0", "summary": "mantis -- multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "go" }, "ranges": [ { "events": [ { "fixed": "1.15.5,1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://github.com/golang/go/issues/42552", "https://github.com/golang/go/issues/42556", "https://github.com/golang/go/issues/42559" ], "discovery": "2020-11-09T00:00:00Z", "references": { "cvename": [ "CVE-2020-28362", "CVE-2020-28367", "CVE-2020-28366" ] }, "vid": "db4b2f27-252a-11eb-865c-00155d646400" }, "details": "The Go project reports:\n\n> A number of math/big.Int methods (Div, Exp, DivMod, Quo, Rem, QuoRem,\n> Mod, ModInverse, ModSqrt, Jacobi, and GCD) can panic when provided\n> crafted large inputs. For the panic to happen, the divisor or modulo\n> argument must be larger than 3168 bits (on 32-bit architectures) or\n> 6336 bits (on 64-bit architectures). Multiple math/big.Rat methods are\n> similarly affected.\n\n> The go command may execute arbitrary code at build time when cgo is in\n> use. This may occur when running go get on a malicious package, or any\n> other command that builds untrusted code. This can be caused by a\n> malicious gcc flags specified via a #cgo directive.\n\n> The go command may execute arbitrary code at build time when cgo is in\n> use. This may occur when running go get on a malicious package, or any\n> other command that builds untrusted code. This can be caused by\n> malicious unquoted symbol names.\n", "id": "FreeBSD-2020-0291", "modified": "2020-11-12T00:00:00Z", "published": "2020-11-12T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://github.com/golang/go/issues/42552" }, { "type": "REPORT", "url": "https://github.com/golang/go/issues/42556" }, { "type": "REPORT", "url": "https://github.com/golang/go/issues/42559" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-28362" }, { "type": "WEB", "url": "https://github.com/golang/go/issues/42552" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-28367" }, { "type": "WEB", "url": "https://github.com/golang/go/issues/42556" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-28366" }, { "type": "WEB", "url": "https://github.com/golang/go/issues/42559" } ], "schema_version": "1.7.0", "summary": "go -- math/big: panic during recursive division of very large numbers; cmd/go: arbitrary code execution at build time through cgo" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "py36-salt" }, "ranges": [ { "events": [ { "introduced": "3002" }, { "fixed": "3002.1" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "py37-salt" }, "ranges": [ { "events": [ { "introduced": "3002" }, { "fixed": "3002.1" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "py38-salt" }, "ranges": [ { "events": [ { "introduced": "3002" }, { "fixed": "3002.1" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://docs.saltstack.com/en/latest/topics/releases/3002.1.html" ], "discovery": "2020-11-06T00:00:00Z", "references": { "cvename": [ "CVE-2020-16846", "CVE-2020-17490", "CVE-2020-25592" ] }, "vid": "50259d8b-243e-11eb-8bae-b42e99975750" }, "details": "SaltStack reports multiple security vulnerabilities in Salt 3002:\n\n> - CVE-2020-16846: Prevent shell injections in netapi ssh client.\n> - CVE-2020-17490: Prevent creating world readable private keys with\n> the tls execution module.\n> - CVE-2020-25592: Properly validate eauth credentials and tokens along\n> with their ACLs. Prior to this change eauth was not properly\n> validated when calling Salt ssh via the salt-api. Any value for\n> \\'eauth\\' or \\'token\\' would allow a user to bypass authentication\n> and make calls to Salt ssh.\n", "id": "FreeBSD-2020-0290", "modified": "2020-11-12T00:00:00Z", "published": "2020-11-12T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://docs.saltstack.com/en/latest/topics/releases/3002.1.html" }, { "type": "WEB", "url": "https://docs.saltstack.com/en/latest/topics/releases/3002.1.html" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-16846" }, { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-16846" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-17490" }, { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-17490" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-25592" }, { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-25592" } ], "schema_version": "1.7.0", "summary": "salt -- multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "apache-openoffice" }, "ranges": [ { "events": [ { "fixed": "4.1.8" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "apache-openoffice-devel" }, "ranges": [ { "events": [ { "fixed": "4.2.1602022694,4" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://www.openoffice.org/security/cves/CVE-2020-13958.html" ], "discovery": "2020-04-28T00:00:00Z", "references": { "cvename": [ "CVE-2020-13958" ] }, "vid": "4f15ca7b-23ae-11eb-9f59-1c1b0d9ea7e6" }, "details": "The Apache Openofffice project reports:\n\n> # CVE-2020-13958 Unrestricted actions leads to arbitrary code execution in crafted documents\n>\n> ## Description\n>\n> A vulnerability in Apache OpenOffice scripting events allows an\n> attacker to construct documents containing hyperlinks pointing to an\n> executable on the target users file system. These hyperlinks can be\n> triggered unconditionally. In fixed versions no internal protocol may\n> be called from the document event handler and other hyperlinks require\n> a control-click.\n>\n> ## Severity: Low\n>\n> There are no known exploits of this vulnerability.\\\n> A proof-of-concept demonstration exists.\n>\n> Thanks to the reporter for discovering this issue.\n>\n> ## Acknowledgments\n>\n> The Apache OpenOffice Security Team would like to thank Imre Rad for\n> discovering and reporting this attack vector.\n", "id": "FreeBSD-2020-0289", "modified": "2020-11-10T00:00:00Z", "published": "2020-11-10T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://www.openoffice.org/security/cves/CVE-2020-13958.html" }, { "type": "WEB", "url": "https://www.openoffice.org/security/cves/CVE-2020-13958.html" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-13958" } ], "schema_version": "1.7.0", "summary": "Apache OpenOffice -- Unrestricted actions leads to arbitrary code execution in crafted documents" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "raptor2" }, "ranges": [ { "events": [ { "fixed": "2.0.15_16" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-18926" ], "discovery": "2017-04-16T00:00:00Z", "references": { "cvename": [ "CVE-2017-18926" ] }, "vid": "07c7ae7a-224b-11eb-aa6e-e0d55e2a8bf9" }, "details": "CVE MITRE reports:\n\n> raptor_xml_writer_start_element_common in raptor_xml_writer.c in\n> Raptor RDF Syntax Library 2.0.15 miscalculates the maximum nspace\n> declarations for the XML writer, leading to heap-based buffer\n> overflows (sometimes seen in raptor_qname_format_as_xml).\n", "id": "FreeBSD-2020-0288", "modified": "2020-11-09T00:00:00Z", "published": "2020-11-09T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-18926" }, { "type": "ADVISORY", "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-18926" }, { "type": "WEB", "url": "https://github.com/LibreOffice/core/blob/master/external/redland/raptor/0001-Calcualte-max-nspace-declarations-correctly-for-XML-.patch.1" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-18926" } ], "schema_version": "1.7.0", "summary": "raptor2 -- buffer overflow" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "py37-notebook" }, "ranges": [ { "events": [ { "fixed": "6.1.5" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "py38-notebook" }, "ranges": [ { "events": [ { "fixed": "6.1.5" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "py39-notebook" }, "ranges": [ { "events": [ { "fixed": "6.1.5" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://jupyter-notebook.readthedocs.io/en/stable/changelog.html#release-6-1-5" ], "discovery": "2020-10-15T00:00:00Z", "vid": "cf39ddf8-21be-11eb-8b47-641c67a117d8" }, "details": "Jupyter reports:\n\n> 6.1.5 is a security release, fixing one vulnerability: Fix open\n> redirect vulnerability GHSA-c7vm-f5p4-8fqh (CVE to be assigned)\n", "id": "FreeBSD-2020-0287", "modified": "2020-11-08T00:00:00Z", "published": "2020-11-08T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://jupyter-notebook.readthedocs.io/en/stable/changelog.html#release-6-1-5" }, { "type": "WEB", "url": "https://jupyter-notebook.readthedocs.io/en/stable/changelog.html#release-6-1-5" }, { "type": "WEB", "url": "https://github.com/jupyter/notebook/blob/6.1.5/docs/source/changelog.rst" } ], "schema_version": "1.7.0", "summary": "jupyter notebook -- open redirect vulnerability" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "asterisk13" }, "ranges": [ { "events": [ { "fixed": "13.37.1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "asterisk16" }, "ranges": [ { "events": [ { "fixed": "16.14.1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "asterisk18" }, "ranges": [ { "events": [ { "fixed": "18.0.1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://www.asterisk.org/downloads/security-advisories" ], "discovery": "2020-11-05T00:00:00Z", "vid": "29b7f0be-1fb7-11eb-b9d4-001999f8d30b" }, "details": "The Asterisk project reports:\n\n> If Asterisk is challenged on an outbound INVITE and the nonce is\n> changed in each response, Asterisk will continually send INVITEs in a\n> loop. This causes Asterisk to consume more and more memory since the\n> transaction will never terminate (even if the call is hung up),\n> ultimately leading to a restart or shutdown of Asterisk. Outbound\n> authentication must be configured on the endpoint for this to occur.\n", "id": "FreeBSD-2020-0286", "modified": "2020-11-05T00:00:00Z", "published": "2020-11-05T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://www.asterisk.org/downloads/security-advisories" }, { "type": "WEB", "url": "https://downloads.asterisk.org/pub/security/AST-2020-002.html" } ], "schema_version": "1.7.0", "summary": "asterisk -- Outbound INVITE loop on challenge with different nonce" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "asterisk13" }, "ranges": [ { "events": [ { "fixed": "13.37.1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "asterisk16" }, "ranges": [ { "events": [ { "fixed": "16.14.1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "asterisk18" }, "ranges": [ { "events": [ { "fixed": "18.0.1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://www.asterisk.org/downloads/security-advisories" ], "discovery": "2020-11-05T00:00:00Z", "vid": "972fe546-1fb6-11eb-b9d4-001999f8d30b" }, "details": "The Asterisk project reports:\n\n> Upon receiving a new SIP Invite, Asterisk did not return the created\n> dialog locked or referenced. This caused a gap between the creation of\n> the dialog object, and its next use by the thread that created it.\n> Depending upon some off nominal circumstances, and timing it was\n> possible for another thread to free said dialog in this gap. Asterisk\n> could then crash when the dialog object, or any of its dependent\n> objects were de-referenced, or accessed next by the initial creation\n> thread.\n", "id": "FreeBSD-2020-0285", "modified": "2020-11-05T00:00:00Z", "published": "2020-11-05T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://www.asterisk.org/downloads/security-advisories" }, { "type": "WEB", "url": "https://downloads.asterisk.org/pub/security/AST-2020-001.html" } ], "schema_version": "1.7.0", "summary": "asterisk -- Remote crash in res_pjsip_session" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "chromium" }, "ranges": [ { "events": [ { "fixed": "86.0.4240.183" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://chromereleases.googleblog.com/2020/11/stable-channel-update-for-desktop.html" ], "discovery": "2020-11-02T00:00:00Z", "references": { "cvename": [ "CVE-2020-16004", "CVE-2020-16005", "CVE-2020-16006", "CVE-2020-16007", "CVE-2020-16008", "CVE-2020-16009", "CVE-2020-16011" ] }, "vid": "3ec6ab59-1e0c-11eb-a428-3065ec8fd3ec" }, "details": "Chrome Releases reports:\n\n> This release contains 10 security fixes, including:\n>\n> - \\[1138911\\] High CVE-2020-16004: Use after free in user interface.\n> Reported by Leecraso and Guang Gong of 360 Alpha Lab working with\n> 360 BugCloud on 2020-10-15\n> - \\[1139398\\] High CVE-2020-16005: Insufficient policy enforcement in\n> ANGLE. Reported by Jaehun Jeong (@n3sk) of Theori on 2020-10-16\n> - \\[1133527\\] High CVE-2020-16006: Inappropriate implementation in V8.\n> Reported by Bill Parks on 2020-09-29\n> - \\[1125018\\] High CVE-2020-16007: Insufficient data validation in\n> installer. Reported by Abdelhamid Naceri (halov) on 2020-09-04\n> - \\[1134107\\] High CVE-2020-16008: Stack buffer overflow in WebRTC.\n> Reported by Tolya Korniltsev on 2020-10-01\n> - \\[1143772\\] High CVE-2020-16009: Inappropriate implementation in V8.\n> Reported by Clement Lecigne of Google\\'s Threat Analysis Group and\n> Samuel Gro\u00df of Google Project Zero on 2020-10-29\n> - \\[1144489\\] High CVE-2020-16011: Heap buffer overflow in UI on\n> Windows. Reported by Sergei Glazunov of Google Project Zero on\n> 2020-11-01\n>\n> There are reports that an exploit for CVE-2020-16009 exists in the\n> wild.\n", "id": "FreeBSD-2020-0284", "modified": "2020-11-03T00:00:00Z", "published": "2020-11-03T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://chromereleases.googleblog.com/2020/11/stable-channel-update-for-desktop.html" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-16004" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-16005" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-16006" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-16007" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-16008" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-16009" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-16011" }, { "type": "WEB", "url": "https://chromereleases.googleblog.com/2020/11/stable-channel-update-for-desktop.html" } ], "schema_version": "1.7.0", "summary": "chromium -- multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "gitlab-ce" }, "ranges": [ { "events": [ { "introduced": "13.5.0" }, { "fixed": "13.5.2" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "13.4.0" }, { "fixed": "13.4.5" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "8.8.9" }, { "fixed": "13.3.9" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://about.gitlab.com/releases/2020/11/02/security-release-gitlab-13-5-2-released/" ], "discovery": "2020-11-02T00:00:00Z", "references": { "cvename": [ "CVE-2020-13355", "CVE-2020-26405", "CVE-2020-13358", "CVE-2020-13359", "CVE-2020-13340", "CVE-2020-13353", "CVE-2020-13354", "CVE-2020-13352", "CVE-2020-13356", "CVE-2020-13351", "CVE-2020-13350", "CVE-2020-13349", "CVE-2020-13348" ] }, "vid": "174e466b-1d48-11eb-bd0f-001b217b3468" }, "details": "Gitlab reports:\n\n> Path Traversal in LFS Upload\n>\n> Path traversal allows saving packages in arbitrary location\n>\n> Kubernetes agent API leaks private repos\n>\n> Terraform state deletion API exposes object storage URL\n>\n> Stored-XSS in error message of build-dependencies\n>\n> Git credentials persisted on disk\n>\n> Potential Denial of service via container registry\n>\n> Info leak when group is transferred from private to public group\n>\n> Limited File Disclosure Via Multipart Bypass\n>\n> Unauthorized user is able to access scheduled pipeline variables and\n> values\n>\n> CSRF in runner administration page allows an attacker to pause/resume\n> runners\n>\n> Regex backtracking attack in path parsing of Advanced Search result\n>\n> Bypass of required CODEOWNERS approval\n>\n> SAST CiConfiguration information visible without permissions\n", "id": "FreeBSD-2020-0283", "modified": "2020-11-02T00:00:00Z", "published": "2020-11-02T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://about.gitlab.com/releases/2020/11/02/security-release-gitlab-13-5-2-released/" }, { "type": "WEB", "url": "https://about.gitlab.com/releases/2020/11/02/security-release-gitlab-13-5-2-released/" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-13355" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-26405" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-13358" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-13359" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-13340" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-13353" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-13354" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-13352" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-13356" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-13351" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-13350" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-13349" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-13348" } ], "schema_version": "1.7.0", "summary": "Gitlab -- Multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "wordpress" }, "ranges": [ { "events": [ { "fixed": "5.5.2,1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "fr-wordpress" }, "ranges": [ { "events": [ { "fixed": "5.5.2,1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "de-wordpress" }, "ranges": [ { "events": [ { "fixed": "5.5.2" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "zh_CN-wordpress" }, "ranges": [ { "events": [ { "fixed": "5.5.2" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "zh_TW-wordpress" }, "ranges": [ { "events": [ { "fixed": "5.5.2" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "ja-wordpress" }, "ranges": [ { "events": [ { "fixed": "5.5.2" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "ru-wordpress" }, "ranges": [ { "events": [ { "fixed": "5.5.2" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://wordpress.org/news/2020/10/wordpress-5-5-2-security-and-maintenance-release/" ], "discovery": "2020-10-29T00:00:00Z", "vid": "11325357-1d3c-11eb-ab74-4c72b94353b5" }, "details": "wordpress developers reports:\n\n> Ten security issues affect WordPress versions 5.5.1 and earlier. If\n> you havent yet updated to 5.5, all WordPress versions since 3.7 have\n> also been updated to fix the following security issues: -Props to Alex\n> Concha of the WordPress Security Team for their work in hardening\n> deserialization requests. -Props to David Binovec on a fix to disable\n> spam embeds from disabled sites on a multisite network. -Thanks to\n> Marc Montas from Sucuri for reporting an issue that could lead to XSS\n> from global variables. -Thanks to Justin Tran who reported an issue\n> surrounding privilege escalation in XML-RPC. He also found and\n> disclosed an issue around privilege escalation around post commenting\n> via XML-RPC. -Props to Omar Ganiev who reported a method where a DoS\n> attack could lead to RCE. -Thanks to Karim El Ouerghemmi from RIPS who\n> disclosed a method to store XSS in post slugs. -Thanks to Slavco for\n> reporting, and confirmation from Karim El Ouerghemmi, a method to\n> bypass protected meta that could lead to arbitrary file deletion.\n", "id": "FreeBSD-2020-0282", "modified": "2020-11-02T00:00:00Z", "published": "2020-11-02T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://wordpress.org/news/2020/10/wordpress-5-5-2-security-and-maintenance-release/" }, { "type": "WEB", "url": "https://wordpress.org/news/2020/10/wordpress-5-5-2-security-and-maintenance-release/" } ], "schema_version": "1.7.0", "summary": "wordpress -- multiple issues" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "samba410" }, "ranges": [ { "events": [ { "last_affected": "4.10.18" }, { "fixed": "4.10.18" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "samba411" }, "ranges": [ { "events": [ { "fixed": "4.11.15" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "samba412" }, "ranges": [ { "events": [ { "fixed": "4.12.9" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "samba413" }, "ranges": [ { "events": [ { "fixed": "4.13.1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://www.samba.org/samba/history/security.html" ], "discovery": "2020-10-29T00:00:00Z", "references": { "cvename": [ "CVE-2020-14318", "CVE-2020-14323", "CVE-2020-14383" ] }, "vid": "9ca85b7c-1b31-11eb-8762-005056a311d1" }, "details": "The Samba Team reports:\n\n> - CVE-2020-14318: Missing handle permissions check in SMB1/2/3\n> ChangeNotify\n> - CVE-2020-14323: Unprivileged user can crash winbind\n> - CVE-2020-14383: An authenticated user can crash the DCE/RPC DNS with\n> easily crafted records\n", "id": "FreeBSD-2020-0281", "modified": "2020-10-30T00:00:00Z", "published": "2020-10-30T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://www.samba.org/samba/history/security.html" }, { "type": "WEB", "url": "https://www.samba.org/samba/security/CVE-2020-14318.html" }, { "type": "WEB", "url": "https://www.samba.org/samba/security/CVE-2020-14323.html" }, { "type": "WEB", "url": "https://www.samba.org/samba/security/CVE-2020-14383.html" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-14318" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-14323" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-14383" } ], "schema_version": "1.7.0", "summary": "samba -- Multiple Vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "tmux" }, "ranges": [ { "events": [ { "fixed": "3.1c" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://groups.google.com/g/tmux-users/c/DGfmsD9CM00/m/Six6uZG0AQAJ" ], "discovery": "2020-10-29T00:00:00Z", "vid": "8827134c-1a8f-11eb-9bb0-08002725d892" }, "details": "Nicholas Marriott reports:\n\n> tmux has a stack overflow in CSI parsing.\n", "id": "FreeBSD-2020-0280", "modified": "2020-10-30T00:00:00Z", "published": "2020-10-30T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://groups.google.com/g/tmux-users/c/DGfmsD9CM00/m/Six6uZG0AQAJ" }, { "type": "WEB", "url": "https://groups.google.com/g/tmux-users/c/DGfmsD9CM00/m/Six6uZG0AQAJ" }, { "type": "WEB", "url": "https://marc.info/?l=openbsd-announce&m=160399126725142&w=2" } ], "schema_version": "1.7.0", "summary": "tmux -- stack overflow in CSI parsing" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "motion" }, "ranges": [ { "events": [ { "introduced": "3.2" }, { "fixed": "4.3.1" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://cxsecurity.com/cveshow/CVE-2020-26566/" ], "discovery": "2020-10-05T00:00:00Z", "vid": "94ffc0d9-1915-11eb-b809-b42e991fc52e" }, "details": "cxsecurity.com reports:\n\n> A Denial of Service condition in Motion-Project Motion 3.2 through\n> 4.3.1 allows remote unauthenticated users to cause a webu.c\n> segmentation fault and kill the main process via a crafted HTTP\n> request\n", "id": "FreeBSD-2020-0279", "modified": "2020-10-28T00:00:00Z", "published": "2020-10-28T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://cxsecurity.com/cveshow/CVE-2020-26566/" }, { "type": "WEB", "url": "https://cve-search.iicrai.org/cve/CVE-2020-26566" } ], "schema_version": "1.7.0", "summary": "motion -- Denial of Service" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "freetype2" }, "ranges": [ { "events": [ { "fixed": "2.10.4" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://sourceforge.net/projects/freetype/files/freetype2/2.10.4/" ], "discovery": "2020-10-20T00:00:00Z", "references": { "cvename": [ "CVE-2020-15999" ] }, "vid": "458df97f-1440-11eb-aaec-e0d55e2a8bf9" }, "details": "The freetype project reports:\n\n> A heap buffer overflow has been found in the handling of embedded PNG\n> bitmaps, introduced in FreeType version 2.6.\n", "id": "FreeBSD-2020-0278", "modified": "2020-10-22T00:00:00Z", "published": "2020-10-22T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://sourceforge.net/projects/freetype/files/freetype2/2.10.4/" }, { "type": "WEB", "url": "https://sourceforge.net/projects/freetype/files/freetype2/2.10.4/" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-15999" } ], "schema_version": "1.7.0", "summary": "freetype2 -- heap buffer overlfow" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "mariadb103-server" }, "ranges": [ { "events": [ { "fixed": "10.3.26" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "mariadb104-server" }, "ranges": [ { "events": [ { "fixed": "10.4.16" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "mariadb105-server" }, "ranges": [ { "events": [ { "fixed": "10.5.7" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "mysql56-server" }, "ranges": [ { "events": [ { "fixed": "5.6.50" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "mysql57-server" }, "ranges": [ { "events": [ { "fixed": "5.7.32" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "mysql80-server" }, "ranges": [ { "events": [ { "fixed": "8.0.22" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://www.oracle.com/security-alerts/cpuoct2020.html#AppendixMSQL" ], "discovery": "2020-10-20T00:00:00Z", "references": { "cvename": [ "CVE-2020-14878", "CVE-2020-14828", "CVE-2020-14775", "CVE-2020-14765", "CVE-2020-14769", "CVE-2020-14830", "CVE-2020-14836", "CVE-2020-14846", "CVE-2020-14800", "CVE-2020-14827", "CVE-2020-14760", "CVE-2020-14776", "CVE-2020-14821", "CVE-2020-14829", "CVE-2020-14848", "CVE-2020-14852", "CVE-2020-14814", "CVE-2020-14789", "CVE-2020-14804", "CVE-2020-14812", "CVE-2020-14773", "CVE-2020-14777", "CVE-2020-14785", "CVE-2020-14793", "CVE-2020-14794", "CVE-2020-14809", "CVE-2020-14837", "CVE-2020-14839", "CVE-2020-14845", "CVE-2020-14861", "CVE-2020-14866", "CVE-2020-14868", "CVE-2020-14888", "CVE-2020-14891", "CVE-2020-14893", "CVE-2020-14786", "CVE-2020-14790", "CVE-2020-14844", "CVE-2020-14799", "CVE-2020-14869", "CVE-2020-14672", "CVE-2020-14870", "CVE-2020-14867", "CVE-2020-14873", "CVE-2020-14838", "CVE-2020-14860", "CVE-2020-14791", "CVE-2020-14771" ] }, "vid": "4fba07ca-13aa-11eb-b31e-d4c9ef517024" }, "details": "Oracle reports:\n\n> This Critical Patch Update contains 48 new security patches for Oracle\n> MySQL.\n>\n> The highest CVSS v3.1 Base Score of vulnerabilities affecting Oracle\n> MySQL is 8.\n>\n> NOTE: MariaDB only contains CVE-2020-14812 CVE-2020-14765\n> CVE-2020-14776 and CVE-2020-14789\n", "id": "FreeBSD-2020-0277", "modified": "2020-11-07T00:00:00Z", "published": "2020-10-21T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://www.oracle.com/security-alerts/cpuoct2020.html#AppendixMSQL" }, { "type": "WEB", "url": "https://www.oracle.com/security-alerts/cpuoct2020.html#AppendixMSQL" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-14878" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-14828" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-14775" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-14765" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-14769" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-14830" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-14836" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-14846" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-14800" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-14827" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-14760" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-14776" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-14821" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-14829" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-14848" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-14852" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-14814" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-14789" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-14804" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-14812" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-14773" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-14777" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-14785" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-14793" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-14794" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-14809" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-14837" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-14839" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-14845" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-14861" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-14866" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-14868" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-14888" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-14891" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-14893" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-14786" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-14790" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-14844" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-14799" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-14869" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-14672" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-14870" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-14867" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-14873" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-14838" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-14860" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-14791" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-14771" } ], "schema_version": "1.7.0", "summary": "MySQL -- Multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "chromium" }, "ranges": [ { "events": [ { "fixed": "86.0.4240.111" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://chromereleases.googleblog.com/2020/10/stable-channel-update-for-desktop_20.html" ], "discovery": "2020-10-20T00:00:00Z", "references": { "cvename": [ "CVE-2020-15999", "CVE-2020-16000", "CVE-2020-16001", "CVE-2020-16002", "CVE-2020-16003" ] }, "vid": "f4722927-1375-11eb-8711-3065ec8fd3ec" }, "details": "Chrome Releases reports:\n\n> This release includes 5 security fixes:\n>\n> - \\[1125337\\] High CVE-2020-16000: Inappropriate implementation in\n> Blink. Reported by amaebi_jp on 2020-09-06\n> - \\[1135018\\] High CVE-2020-16001: Use after free in media. Reported\n> by Khalil Zhani on 2020-10-05\n> - \\[1137630\\] High CVE-2020-16002: Use after free in PDFium. Reported\n> by Weipeng Jiang (@Krace) from Codesafe Team of Legendsec at\n> Qi\\'anxin Group on 2020-10-13\n> - \\[1139963\\] High CVE-2020-15999: Heap buffer overflow in Freetype.\n> Reported by Sergei Glazunov of Google Project Zero on 2020-10-19\n> - \\[1134960\\] Medium CVE-2020-16003: Use after free in printing.\n> Reported by Khalil Zhani on 2020-10-04\n", "id": "FreeBSD-2020-0276", "modified": "2020-10-21T00:00:00Z", "published": "2020-10-21T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://chromereleases.googleblog.com/2020/10/stable-channel-update-for-desktop_20.html" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-15999" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-16000" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-16001" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-16002" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-16003" }, { "type": "WEB", "url": "https://chromereleases.googleblog.com/2020/10/stable-channel-update-for-desktop_20.html" } ], "schema_version": "1.7.0", "summary": "chromium -- multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "powerdns-recursor" }, "ranges": [ { "events": [ { "introduced": "4.3.0" }, { "fixed": "4.3.5" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "4.2.0" }, { "fixed": "4.2.5" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "4.1.0" }, { "fixed": "4.1.18" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://doc.powerdns.com/recursor/changelog/4.3.html#change-4.3.5" ], "discovery": "2020-10-13T00:00:00Z", "references": { "cvename": [ "CVE-2020-25829" ] }, "vid": "a6860b11-0dee-11eb-94ff-6805ca2fa271" }, "details": "PowerDNS Team reports:\n\n> CVE-2020-25829: An issue has been found in PowerDNS Recursor where a\n> remote attacker can cause the cached records for a given name to be\n> updated to the 'Bogus' DNSSEC validation state, instead of their\n> actual DNSSEC 'Secure' state, via a DNS ANY query. This results in a\n> denial of service for installations that always validate\n> (dnssec=validate) and for clients requesting validation when on-demand\n> validation is enabled (dnssec=process).\n", "id": "FreeBSD-2020-0275", "modified": "2020-10-14T00:00:00Z", "published": "2020-10-14T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://doc.powerdns.com/recursor/changelog/4.3.html#change-4.3.5" }, { "type": "WEB", "url": "https://doc.powerdns.com/recursor/security-advisories/powerdns-advisory-2020-07.html" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-25829" } ], "schema_version": "1.7.0", "summary": "powerdns-recursor -- cache pollution" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "mariadb103-client" }, "ranges": [ { "events": [ { "fixed": "10.3.25" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "mariadb103-server" }, "ranges": [ { "events": [ { "fixed": "10.3.25" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "mariadb104-client" }, "ranges": [ { "events": [ { "fixed": "10.4.15" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "mariadb104-server" }, "ranges": [ { "events": [ { "fixed": "10.4.15" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "mariadb105-client" }, "ranges": [ { "events": [ { "fixed": "10.5.6" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "mariadb105-server" }, "ranges": [ { "events": [ { "fixed": "10.5.6" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://mariadb.com/kb/en/mariadb-1056-release-notes/" ], "discovery": "2020-10-07T00:00:00Z", "references": { "cvename": [ "CVE-2020-15180" ] }, "vid": "a2565962-1156-11eb-9c9c-d4c9ef517024" }, "details": "The MariaDB project reports:\n\n> Details of this vulnerability have not yet been disclosed\n", "id": "FreeBSD-2020-0274", "modified": "2020-10-18T00:00:00Z", "published": "2020-10-18T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://mariadb.com/kb/en/mariadb-1056-release-notes/" }, { "type": "WEB", "url": "https://mariadb.com/kb/en/mariadb-1056-release-notes/" }, { "type": "WEB", "url": "https://mariadb.com/kb/en/mariadb-10415-release-notes/" }, { "type": "WEB", "url": "https://mariadb.com/kb/en/mariadb-10325-release-notes/" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-15180" } ], "schema_version": "1.7.0", "summary": "MariaDB -- Undisclosed vulnerability" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "py36-matrix-synapse" }, "ranges": [ { "events": [ { "fixed": "1.21.0" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "py37-matrix-synapse" }, "ranges": [ { "events": [ { "fixed": "1.21.0" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "py38-matrix-synapse" }, "ranges": [ { "events": [ { "fixed": "1.21.0" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "py39-matrix-synapse" }, "ranges": [ { "events": [ { "fixed": "1.21.0" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://github.com/matrix-org/synapse/security/advisories/GHSA-3x8c-fmpc-5rmq" ], "discovery": "2020-10-01T00:00:00Z", "references": { "cvename": [ "CVE-2020-26891" ], "freebsdpr": [ "ports/249948" ] }, "vid": "5f39d80f-107c-11eb-8b47-641c67a117d8" }, "details": "Matrix developers reports:\n\n> The fallback authentication endpoint served via Synapse were\n> vulnerable to cross-site scripting (XSS) attacks. The impact depends\n> on the configuration of the domain that Synapse is deployed on, but\n> may allow access to cookies and other browser data, CSRF\n> vulnerabilities, and access to other resources served on the same\n> domain or parent domains.\n", "id": "FreeBSD-2020-0273", "modified": "2020-10-17T00:00:00Z", "published": "2020-10-17T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://github.com/matrix-org/synapse/security/advisories/GHSA-3x8c-fmpc-5rmq" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-26891" }, { "type": "WEB", "url": "https://github.com/matrix-org/synapse/security/advisories/GHSA-3x8c-fmpc-5rmq" }, { "type": "WEB", "url": "https://github.com/matrix-org/synapse/releases/tag/v1.21.2" }, { "type": "REPORT", "url": "https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=249948" } ], "schema_version": "1.7.0", "summary": "py-matrix-synapse -- XSS vulnerability" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "drupal7" }, "ranges": [ { "events": [ { "fixed": "7.72" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://www.drupal.org/project/drupal/releases/7.73" ], "discovery": "2020-09-16T00:00:00Z", "vid": "95d9d986-1078-11eb-ab74-4c72b94353b5" }, "details": "Drupal Security Team reports:\n\n> The Drupal AJAX API does not disable JSONP by default, which can lead\n> to cross-site scripting.\n", "id": "FreeBSD-2020-0272", "modified": "2020-10-17T00:00:00Z", "published": "2020-10-17T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://www.drupal.org/project/drupal/releases/7.73" }, { "type": "WEB", "url": "https://www.drupal.org/sa-core-2020-007" } ], "schema_version": "1.7.0", "summary": "drupal -- Multiple Vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "linux-flashplayer" }, "ranges": [ { "events": [ { "fixed": "32.0.0.445" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://helpx.adobe.com/security/products/flash-player/apsb20-58.html" ], "discovery": "2020-10-13T00:00:00Z", "references": { "cvename": [ "CVE-2020-9746" ] }, "vid": "42926d7b-0da3-11eb-8dbd-6451062f0f7a" }, "details": "Adobe reports:\n\n> - This update resolves a NULL pointer dereference vulnerability that\n> could lead to arbitrary code execution (CVE-2020-9746).\n", "id": "FreeBSD-2020-0271", "modified": "2020-10-13T00:00:00Z", "published": "2020-10-13T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://helpx.adobe.com/security/products/flash-player/apsb20-58.html" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-9746" }, { "type": "WEB", "url": "https://helpx.adobe.com/security/products/flash-player/apsb20-58.html" } ], "schema_version": "1.7.0", "summary": "Flash Player -- arbitrary code execution" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "rubygem-actionpack60" }, "ranges": [ { "events": [ { "fixed": "6.0.3.4" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://weblog.rubyonrails.org/2020/10/7/Rails-6-0-3-4-has-been-released/" ], "discovery": "2020-10-07T00:00:00Z", "references": { "cvename": [ "CVE-2020-8264" ] }, "vid": "95f306a6-0aee-11eb-add4-08002728f74c" }, "details": "Ruby on Rails blog:\n\n> Rails version 6.0.3.4 has been released! This version is a security\n> release and addresses one possible XSS attack vector in Actionable\n> Exceptions.\n", "id": "FreeBSD-2020-0270", "modified": "2020-10-10T00:00:00Z", "published": "2020-10-10T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://weblog.rubyonrails.org/2020/10/7/Rails-6-0-3-4-has-been-released/" }, { "type": "WEB", "url": "https://weblog.rubyonrails.org/2020/10/7/Rails-6-0-3-4-has-been-released/" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-8264" } ], "schema_version": "1.7.0", "summary": "Rails -- Possible XSS vulnerability" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "payara" }, "ranges": [ { "events": [ { "fixed": "5.201" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://docs.payara.fish/community/docs/5.2020.4/security/security-fix-list.html" ], "discovery": "2020-01-13T00:00:00Z", "references": { "cvename": [ "CVE-2020-6950" ] }, "vid": "b07bdd3c-0809-11eb-a3a4-0019dbb15b3f" }, "details": "Payara Releases reports:\n\n> The following is a list of tracked Common Vulnerabilities and\n> Exposures that have been reported and analyzed, which can or have\n> impacted Payara Server across releases:\n>\n> - CVE-2020-6950 Eclipse Mojarra vulnerable to path trasversal flaw via\n> either loc/con parameters\n", "id": "FreeBSD-2020-0269", "modified": "2020-10-06T00:00:00Z", "published": "2020-10-06T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://docs.payara.fish/community/docs/5.2020.4/security/security-fix-list.html" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-6950" }, { "type": "WEB", "url": "https://docs.payara.fish/community/docs/5.2020.4/security/security-fix-list.html" } ], "schema_version": "1.7.0", "summary": "Payara -- path trasversal flaw via either loc/con parameters in Eclipse Mojarra" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "payara" }, "ranges": [ { "events": [ { "fixed": "5.193" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://docs.payara.fish/community/docs/5.193/security/security-fix-list.html" ], "discovery": "2019-05-17T00:00:00Z", "references": { "cvename": [ "CVE-2019-12086" ] }, "vid": "bd159669-0808-11eb-a3a4-0019dbb15b3f" }, "details": "Payara Releases reports:\n\n> The following is a list of tracked Common Vulnerabilities and\n> Exposures that have been reported and analyzed, which can or have\n> impacted Payara Server across releases:\n>\n> - CVE-2019-12086 A Polymorphic Typing issue was discovered in\n> FasterXML jackson-databind 2.x before 2.9.9\n", "id": "FreeBSD-2020-0268", "modified": "2020-10-06T00:00:00Z", "published": "2020-10-06T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://docs.payara.fish/community/docs/5.193/security/security-fix-list.html" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-12086" }, { "type": "WEB", "url": "https://docs.payara.fish/community/docs/5.193/security/security-fix-list.html" } ], "schema_version": "1.7.0", "summary": "Payara -- A Polymorphic Typing issue in FasterXML jackson-databind" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "payara" }, "ranges": [ { "events": [ { "fixed": "5.191" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://docs.payara.fish/community/docs/5.191/security/security-fix-list.html" ], "discovery": "2019-02-01T00:00:00Z", "references": { "cvename": [ "CVE-2018-14721", "CVE-2018-14720", "CVE-2018-14719", "CVE-2018-14718", "CVE-2018-14371" ] }, "vid": "71c71ce0-0805-11eb-a3a4-0019dbb15b3f" }, "details": "Payara Releases reports:\n\n> The following is a list of tracked Common Vulnerabilities and\n> Exposures that have been reported and analyzed, which can or have\n> impacted Payara Server across releases:\n>\n> - CVE-2018-14721 FasterXML jackson-databind 2.x before 2.9.7 might\n> allow remote attackers to conduct server-side request forgery (SSRF)\n> attacks\n> - CVE-2018-14720 FasterXML jackson-databind 2.x before 2.9.7 might\n> allow remote attackers to conduct external XML entity (XXE) attacks\n> - CVE-2018-14719 FasterXML jackson-databind 2.x before 2.9.7 might\n> allow remote attackers to execute arbitrary code\n> - CVE-2018-14718 FasterXML jackson-databind 2.x before 2.9.7 might\n> allow remote attackers to execute arbitrary code\n> - CVE-2018-14371 Eclipse Mojarra before 2.3.7 is affected by Directory\n> Traversal via the loc parameter\n", "id": "FreeBSD-2020-0267", "modified": "2020-10-06T00:00:00Z", "published": "2020-10-06T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://docs.payara.fish/community/docs/5.191/security/security-fix-list.html" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-14721" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-14720" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-14719" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-14718" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-14371" }, { "type": "WEB", "url": "https://docs.payara.fish/community/docs/5.191/security/security-fix-list.html" } ], "schema_version": "1.7.0", "summary": "payara -- multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "zeek" }, "ranges": [ { "events": [ { "fixed": "3.0.11" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://github.com/zeek/zeek/releases/tag/v3.0.11" ], "discovery": "2020-09-29T00:00:00Z", "vid": "769a4f60-9056-4c27-89a1-1758a59a21f8" }, "details": "Jon Siwek of Corelight reports:\n\n> This release fixes the following security issue:\n>\n> - A memory leak in multipart MIME code has potential for remote\n> exploitation and cause for Denial of Service via resource\n> exhaustion.\n", "id": "FreeBSD-2020-0266", "modified": "2020-10-07T00:00:00Z", "published": "2020-10-07T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://github.com/zeek/zeek/releases/tag/v3.0.11" }, { "type": "WEB", "url": "https://github.com/zeek/zeek/releases/tag/v3.0.11" } ], "schema_version": "1.7.0", "summary": "zeek -- Vulnerability due to memory leak" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "chromium" }, "ranges": [ { "events": [ { "fixed": "86.0.4240.75" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://chromereleases.googleblog.com/2020/10/stable-channel-update-for-desktop.html" ], "discovery": "2020-10-06T00:00:00Z", "references": { "cvename": [ "CVE-2020-6557", "CVE-2020-15967", "CVE-2020-15968", "CVE-2020-15969", "CVE-2020-15970", "CVE-2020-15971", "CVE-2020-15972", "CVE-2020-15973", "CVE-2020-15974", "CVE-2020-15975", "CVE-2020-15976", "CVE-2020-15977", "CVE-2020-15978", "CVE-2020-15979", "CVE-2020-15980", "CVE-2020-15981", "CVE-2020-15982", "CVE-2020-15983", "CVE-2020-15984", "CVE-2020-15985", "CVE-2020-15986", "CVE-2020-15987", "CVE-2020-15988", "CVE-2020-15989", "CVE-2020-15990", "CVE-2020-15991", "CVE-2020-15992" ] }, "vid": "64988354-0889-11eb-a01b-e09467587c17" }, "details": "Chrome releases reports:\n\n> This release contains 35 security fixes, including:\n>\n> - \\[1127322\\] Critical CVE-2020-15967: Use after free in payments.\n> Reported by Man Yue Mo of GitHub Security Lab on 2020-09-11\n> - \\[1126424\\] High CVE-2020-15968: Use after free in Blink. Reported\n> by Anonymous on 2020-09-09\n> - \\[1124659\\] High CVE-2020-15969: Use after free in WebRTC. Reported\n> by Anonymous on 2020-09-03\n> - \\[1108299\\] High CVE-2020-15970: Use after free in NFC. Reported by\n> Man Yue Mo of GitHub Security Lab on 2020-07-22\n> - \\[1114062\\] High CVE-2020-15971: Use after free in printing.\n> Reported by Jun Kokatsu, Microsoft Browser Vulnerability Research on\n> 2020-08-07\n> - \\[1115901\\] High CVE-2020-15972: Use after free in audio. Reported\n> by Anonymous on 2020-08-13\n> - \\[1133671\\] High CVE-2020-15990: Use after free in autofill.\n> Reported by Rong Jian and Guang Gong of Alpha Lab, Qihoo 360 on\n> 2020-09-30\n> - \\[1133688\\] High CVE-2020-15991: Use after free in password manager.\n> Reported by Rong Jian and Guang Gong of Alpha Lab, Qihoo 360 on\n> 2020-09-30\n> - \\[1106890\\] Medium CVE-2020-15973: Insufficient policy enforcement\n> in extensions. Reported by David Erceg on 2020-07-17\n> - \\[1104103\\] Medium CVE-2020-15974: Integer overflow in Blink.\n> Reported by Juno Im (junorouse) of Theori on 2020-07-10\n> - \\[1110800\\] Medium CVE-2020-15975: Integer overflow in SwiftShader.\n> Reported by Anonymous on 2020-07-29\n> - \\[1123522\\] Medium CVE-2020-15976: Use after free in WebXR. Reported\n> by YoungJoo Lee (@ashuu_lee) of Raon Whitehat on 2020-08-31\n> - \\[1083278\\] Medium CVE-2020-6557: Inappropriate implementation in\n> networking. Reported by Matthias Gierlings and Marcus Brinkmann (NDS\n> Ruhr-University Bochum) on 2020-05-15\n> - \\[1097724\\] Medium CVE-2020-15977: Insufficient data validation in\n> dialogs. Reported by Narendra Bhati (@imnarendrabhati) on 2020-06-22\n> - \\[1116280\\] Medium CVE-2020-15978: Insufficient data validation in\n> navigation. Reported by Luan Herrera (@lbherrera\\_) on 2020-08-14\n> - \\[1127319\\] Medium CVE-2020-15979: Inappropriate implementation in\n> V8. Reported by Avihay Cohen (@SeraphicAlgorithms) on 2020-09-11\n> - \\[1092453\\] Medium CVE-2020-15980: Insufficient policy enforcement\n> in Intents. Reported by Yongke Wang (@Rudykewang) and\n> Aryb1n (@aryb1n) of Tencent Security Xuanwu Lab on 2020-06-08\n> - \\[1123023\\] Medium CVE-2020-15981: Out of bounds read in audio.\n> Reported by Christoph Guttandin on 2020-08-28\n> - \\[1039882\\] Medium CVE-2020-15982: Side-channel information leakage\n> in cache. Reported by Luan Herrera (@lbherrera\\_) on 2020-01-07\n> - \\[1076786\\] Medium CVE-2020-15983: Insufficient data validation in\n> webUI. Reported by Jun Kokatsu, Microsoft Browser Vulnerability\n> Research on 2020-04-30\n> - \\[1080395\\] Medium CVE-2020-15984: Insufficient policy enforcement\n> in Omnibox. Reported by Rayyan Bijoora on 2020-05-07\n> - \\[1099276\\] Medium CVE-2020-15985: Inappropriate implementation in\n> Blink. Reported by Abdulrahman Alqabandi, Microsoft Browser\n> Vulnerability Research on 2020-06-25\n> - \\[1100247\\] Medium CVE-2020-15986: Integer overflow in media.\n> Reported by Mark Brand of Google Project Zero on 2020-06-29\n> - \\[1127774\\] Medium CVE-2020-15987: Use after free in WebRTC.\n> Reported by Philipp Hancke on 2020-09-14\n> - \\[1110195\\] Medium CVE-2020-15992: Insufficient policy enforcement\n> in networking. Reported by Alison Huffman, Microsoft Browser\n> Vulnerability Research on 2020-07-28\n> - \\[1092518\\] Low CVE-2020-15988: Insufficient policy enforcement in\n> downloads. Reported by Samuel Attard on 2020-06-08\n> - \\[1108351\\] Low CVE-2020-15989: Uninitialized Use in PDFium.\n> Reported by Gareth Evans (Microsoft) on 2020-07-22\n", "id": "FreeBSD-2020-0265", "modified": "2020-10-07T00:00:00Z", "published": "2020-10-07T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://chromereleases.googleblog.com/2020/10/stable-channel-update-for-desktop.html" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-6557" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-15967" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-15968" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-15969" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-15970" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-15971" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-15972" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-15973" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-15974" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-15975" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-15976" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-15977" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-15978" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-15979" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-15980" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-15981" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-15982" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-15983" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-15984" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-15985" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-15986" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-15987" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-15988" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-15989" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-15990" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-15991" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-15992" }, { "type": "WEB", "url": "https://chromereleases.googleblog.com/2020/10/stable-channel-update-for-desktop.html" } ], "schema_version": "1.7.0", "summary": "chromium -- multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "libexif" }, "ranges": [ { "events": [ { "fixed": "0.6.22" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://github.com/libexif/libexif/blob/master/NEWS" ], "discovery": "2020-05-18T00:00:00Z", "vid": "cff0b2e2-0716-11eb-9e5d-08002728f74c" }, "details": "Release notes:\n\n> Lots of fixes exposed by fuzzers like AFL, ClusterFuzz, OSSFuzz and\n> others:\n>\n> CVE-2016-6328: fixed integer overflow when parsing maker notes\n>\n> CVE-2017-7544: fixed buffer overread\n>\n> CVE-2018-20030: Fix for recursion DoS\n>\n> CVE-2019-9278: replaced integer overflow checks the compiler could\n> optimize away by safer constructs\n>\n> CVE-2020-0093: read overflow\n>\n> CVE-2020-12767: fixed division by zero\n>\n> CVE-2020-13112: Various buffer overread fixes due to integer overflows\n> in maker notes\n>\n> CVE-2020-13113: Potential use of uninitialized memory\n>\n> CVE-2020-13114: Time consumption DoS when parsing canon array markers\n", "id": "FreeBSD-2020-0264", "modified": "2020-10-05T00:00:00Z", "published": "2020-10-05T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://github.com/libexif/libexif/blob/master/NEWS" }, { "type": "WEB", "url": "https://github.com/libexif/libexif/blob/master/NEWS" }, { "type": "WEB", "url": "CVE-2016-6328" }, { "type": "WEB", "url": "CVE-2017-7544" }, { "type": "WEB", "url": "CVE-2018-20030" }, { "type": "WEB", "url": "CVE-2019-9278" }, { "type": "WEB", "url": "CVE-2020-0093" }, { "type": "WEB", "url": "CVE-2020-12767" }, { "type": "WEB", "url": "CVE-2020-13112" }, { "type": "WEB", "url": "CVE-2020-13113" }, { "type": "WEB", "url": "CVE-2020-13114" } ], "schema_version": "1.7.0", "summary": "libexif -- multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "kdeconnect-kde" }, "ranges": [ { "events": [ { "last_affected": "20.08.1" }, { "fixed": "20.08.1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://kde.org/info/security/advisory-20201002-1.txt" ], "discovery": "2020-10-02T00:00:00Z", "references": { "cvename": [ "CVE-2020-26164" ] }, "vid": "c71ed065-0600-11eb-8758-e0d55e2a8bf9" }, "details": "Albert Astals Cid reports:\n\n> ### KDE Project Security Advisory\n>\n> ------------- ---------------------------------------------------------------------------------\n> Title KDE Connect: packet manipulation can be exploited in a Denial of Service attack\n> Risk Rating Important\n> CVE CVE-2020-26164\n> Versions kdeconnect \\<= 20.08.1\n> Author Albert Vaca Cintora \\\n> Date 2 October 2020\n> ------------- ---------------------------------------------------------------------------------\n>\n> ### Overview\n>\n> An attacker on your local network could send maliciously crafted\n> packets to other hosts running kdeconnect on the network, causing them\n> to use large amounts of CPU, memory or network connections, which\n> could be used in a Denial of Service attack within the network.\n>\n> ### Impact\n>\n> Computers that run kdeconnect are susceptible to DoS attacks from the\n> local network.\n>\n> ### Workaround\n>\n> We advise you to stop KDE Connect when on untrusted networks like\n> those on airports or conferences.\n>\n> Since kdeconnect is dbus activated it is relatively hard to make sure\n> it stays stopped so the brute force approach is to uninstall the\n> kdeconnect package from your system and then run\n>\n>\n> kquitapp5 kdeconnectd\n> \n>\n> Just install the package again once you\\'re back in a trusted network.\n>\n> ### Solution\n>\n> KDE Connect 20.08.2 patches several code paths that could result in a\n> DoS.\n>\n> You can apply these patches on top of 20.08.1:\n>\n> - https://invent.kde.org/network/kdeconnect-kde/-/commit/f183b5447bad47655c21af87214579f03bf3a163\n> - https://invent.kde.org/network/kdeconnect-kde/-/commit/b279c52101d3f7cc30a26086d58de0b5f1c547fa\n> - https://invent.kde.org/network/kdeconnect-kde/-/commit/d35b88c1b25fe13715f9170f18674d476ca9acdc\n> - https://invent.kde.org/network/kdeconnect-kde/-/commit/b496e66899e5bc9547b6537a7f44ab44dd0aaf38\n> - https://invent.kde.org/network/kdeconnect-kde/-/commit/5310eae85dbdf92fba30375238a2481f2e34943e\n> - https://invent.kde.org/network/kdeconnect-kde/-/commit/721ba9faafb79aac73973410ee1dd3624ded97a5\n> - https://invent.kde.org/network/kdeconnect-kde/-/commit/ae58b9dec49c809b85b5404cee17946116f8a706\n> - https://invent.kde.org/network/kdeconnect-kde/-/commit/66c768aa9e7fba30b119c8b801efd49ed1270b0a\n> - https://invent.kde.org/network/kdeconnect-kde/-/commit/85b691e40f525e22ca5cc4ebe79c361d71d7dc05\n> - https://invent.kde.org/network/kdeconnect-kde/-/commit/48180b46552d40729a36b7431e97bbe2b5379306\n>\n> ### Credits\n>\n> Thanks Matthias Gerstner and the openSUSE security team for reporting\n> the issue.\n>\n> Thanks to Aleix Pol, Nicolas Fella and Albert Vaca Cintora for the\n> patches.\n", "id": "FreeBSD-2020-0263", "modified": "2020-10-04T00:00:00Z", "published": "2020-10-04T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://kde.org/info/security/advisory-20201002-1.txt" }, { "type": "WEB", "url": "https://kde.org/info/security/advisory-20201002-1.txt" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-26164" } ], "schema_version": "1.7.0", "summary": "kdeconnect -- packet manipulation can be exploited in a Denial of Service attack" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "upnp" }, "ranges": [ { "events": [ { "fixed": "1.12.1_1,1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13848" ], "discovery": "2020-06-04T00:00:00Z", "references": { "cvename": [ "CVE-2020-13848" ] }, "vid": "a23871f6-059b-11eb-8758-e0d55e2a8bf9" }, "details": "CVE mitre reports:\n\n> Portable UPnP SDK (aka libupnp) 1.12.1 and earlier allows remote\n> attackers to cause a denial of service (crash) via a crafted SSDP\n> message due to a NULL pointer dereference in the functions\n> FindServiceControlURLPath and FindServiceEventURLPath in\n> genlib/service_table/service_table.c.\n", "id": "FreeBSD-2020-0262", "modified": "2020-10-03T00:00:00Z", "published": "2020-10-03T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13848" }, { "type": "ADVISORY", "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13848" }, { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-13848" }, { "type": "WEB", "url": "https://github.com/pupnp/pupnp/issues/177" }, { "type": "WEB", "url": "https://github.com/pupnp/pupnp/commit/c805c1de1141cb22f74c0d94dd5664bda37398e0" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-13848" } ], "schema_version": "1.7.0", "summary": "upnp -- denial of service (crash)" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "gitlab-ce" }, "ranges": [ { "events": [ { "introduced": "13.4.0" }, { "fixed": "13.4.2" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "13.3.0" }, { "fixed": "13.3.7" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "7.12" }, { "fixed": "13.2.10" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://about.gitlab.com/releases/2020/10/01/security-release-13-4-2-release/" ], "discovery": "2020-10-01T00:00:00Z", "references": { "cvename": [ "CVE-2020-13333", "CVE-2020-13332", "CVE-2020-13335", "CVE-2020-13334", "CVE-2020-13327" ] }, "vid": "a3495e61-047f-11eb-86ea-001b217b3468" }, "details": "Gitlab reports:\n\n> Potential Denial Of Service Via Update Release Links API\n>\n> Insecure Storage of Session Key In Redis\n>\n> Improper Access Expiration Date Validation\n>\n> Cross-Site Scripting in Multiple Pages\n>\n> Unauthorized Users Can View Custom Project Template\n>\n> Cross-Site Scripting in SVG Image Preview\n>\n> Incomplete Handling in Account Deletion\n>\n> Insufficient Rate Limiting at Re-Sending Confirmation Email\n>\n> Improper Type Check in GraphQL\n>\n> To-dos Are Not Redacted When Membership Changes\n>\n> Guest users can modify confidentiality attribute\n>\n> Command injection on runner host\n>\n> Insecure Runner Configuration in Kubernetes Environments\n", "id": "FreeBSD-2020-0261", "modified": "2020-10-02T00:00:00Z", "published": "2020-10-02T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://about.gitlab.com/releases/2020/10/01/security-release-13-4-2-release/" }, { "type": "WEB", "url": "https://about.gitlab.com/releases/2020/10/01/security-release-13-4-2-release/" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-13333" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-13332" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-13335" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-13334" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-13327" } ], "schema_version": "1.7.0", "summary": "Gitlab -- multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "tt-rss" }, "ranges": [ { "events": [ { "fixed": "g20200919" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://community.tt-rss.org/t/heads-up-several-vulnerabilities-fixed/3799", "https://community.tt-rss.org/t/replace-php-gettext/2889" ], "discovery": "2020-09-15T00:00:00Z", "references": { "cvename": [ "CVE-2020-25789", "CVE-2020-25788", "CVE-2020-25787", "CVE-2016-6175" ] }, "vid": "2eec1e85-faf3-11ea-8ac0-4437e6ad11c4" }, "details": "tt-rss project reports:\n\n> The cached_url feature mishandles JavaScript inside an SVG document.\n>\n> imgproxy in plugins/af_proxy_http/init.php mishandles\n> \\$\\_REQUEST\\[\\\"url\\\"\\] in an error message.\n>\n> It does not validate all URLs before requesting them.\n\n> Allows remote attackers to execute arbitrary PHP code via a crafted\n> plural forms header.\n", "id": "FreeBSD-2020-0260", "modified": "2020-09-20T00:00:00Z", "published": "2020-09-20T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://community.tt-rss.org/t/heads-up-several-vulnerabilities-fixed/3799" }, { "type": "REPORT", "url": "https://community.tt-rss.org/t/replace-php-gettext/2889" }, { "type": "WEB", "url": "https://community.tt-rss.org/t/heads-up-several-vulnerabilities-fixed/3799" }, { "type": "WEB", "url": "https://community.tt-rss.org/t/replace-php-gettext/2889" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-25789" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-25788" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-25787" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2016-6175" } ], "schema_version": "1.7.0", "summary": "tt-rss -- multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "apache-ant" }, "ranges": [ { "events": [ { "introduced": "1.1" }, { "fixed": "1.10.8" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://issues.apache.org/jira/browse/RAT-269?page=com.atlassian.jira.plugin.system.issuetabpanels%3Aall-tabpanel" ], "discovery": "2020-05-14T00:00:00Z", "references": { "cvename": [ "CVE-2020-1945" ] }, "vid": "6d5f1b0b-b865-48d5-935b-3fb6ebb425fc" }, "details": "Apache reports:\n\n> Apache Ant 1.1 to 1.9.14 and 1.10.0 to 1.10.7 uses the default\n> temporary directory identified by the Java system property\n> java.io.tmpdir for several tasks and may thus leak sensitive\n> information. The fixcrlf and replaceregexp tasks also copy files from\n> the temporary directory back into the build tree allowing an attacker\n> to inject modified source files into the build process.\n", "id": "FreeBSD-2020-0259", "modified": "2020-09-28T00:00:00Z", "published": "2020-09-28T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://issues.apache.org/jira/browse/RAT-269?page=com.atlassian.jira.plugin.system.issuetabpanels%3Aall-tabpanel" }, { "type": "WEB", "url": "https://issues.apache.org/jira/browse/RAT-269?page=com.atlassian.jira.plugin.system.issuetabpanels%3Aall-tabpanel" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-1945" } ], "schema_version": "1.7.0", "summary": "Apache Ant leaks sensitive information via the java.io.tmpdir" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "powerdns" }, "ranges": [ { "events": [ { "introduced": "4.3.0" }, { "fixed": "4.3.1" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "4.2.0" }, { "fixed": "4.2.3" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "4.1.0" }, { "fixed": "4.1.14" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://doc.powerdns.com/authoritative/changelog/4.3.html#change-4.3.1" ], "discovery": "2020-09-22T00:00:00Z", "references": { "cvename": [ "CVE-2020-17482" ] }, "vid": "b371db92-fe34-11ea-b90e-6805ca2fa271" }, "details": "PowerDNS Team reports\n\n> CVE-2020-17482: An issue has been found in PowerDNS Authoritative\n> Server before 4.3.1 where an authorized user with the ability to\n> insert crafted records into a zone might be able to leak the content\n> of uninitialized memory. Such a user could be a customer inserting\n> data via a control panel, or somebody with access to the REST API.\n> Crafted records cannot be inserted via AXFR.\n", "id": "FreeBSD-2020-0258", "modified": "2020-09-24T00:00:00Z", "published": "2020-09-24T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://doc.powerdns.com/authoritative/changelog/4.3.html#change-4.3.1" }, { "type": "WEB", "url": "https://doc.powerdns.com/authoritative/security-advisories/powerdns-advisory-2020-05.html" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-17482" } ], "schema_version": "1.7.0", "summary": "powerdns -- Leaking uninitialised memory through crafted zone records" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "chromium" }, "ranges": [ { "events": [ { "fixed": "85.0.4183.121" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://chromereleases.googleblog.com/2020/09/stable-channel-update-for-desktop_21.html" ], "discovery": "2020-09-21T00:00:00Z", "references": { "cvename": [ "CVE-2020-15960", "CVE-2020-15961", "CVE-2020-15962", "CVE-2020-15963", "CVE-2020-15964", "CVE-2020-15965", "CVE-2020-15966" ] }, "vid": "e68d3db1-fd04-11ea-a67f-e09467587c17" }, "details": "Chrome Releases reports:\n\n> This release fixes 10 security issues, including:\n>\n> - \\[1100136\\] High CVE-2020-15960: Out of bounds read in storage.\n> Reported by Anonymous on 2020-06-28\n> - \\[1114636\\] High CVE-2020-15961: Insufficient policy enforcement in\n> extensions. Reported by David Erceg on 2020-08-10\n> - \\[1121836\\] High CVE-2020-15962: Insufficient policy enforcement in\n> serial. Reported by Leecraso and Guang Gong of 360 Alpha Lab working\n> with 360 BugCloud on 2020-08-26\n> - \\[1113558\\] High CVE-2020-15963: Insufficient policy enforcement in\n> extensions. Reported by David Erceg on 2020-08-06\n> - \\[1126249\\] High CVE-2020-15965: Out of bounds write in V8. Reported\n> by Lucas Pinheiro, Microsoft Browser Vulnerability Research on\n> 2020-09-08\n> - \\[1113565\\] Medium CVE-2020-15966: Insufficient policy enforcement\n> in extensions. Reported by David Erceg on 2020-08-06\n> - \\[1121414\\] Low CVE-2020-15964: Insufficient data validation in\n> media. Reported by Woojin Oh(@pwn_expoit) of STEALIEN on 2020-08-25\n", "id": "FreeBSD-2020-0257", "modified": "2020-09-22T00:00:00Z", "published": "2020-09-22T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://chromereleases.googleblog.com/2020/09/stable-channel-update-for-desktop_21.html" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-15960" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-15961" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-15962" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-15963" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-15964" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-15965" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-15966" }, { "type": "WEB", "url": "https://chromereleases.googleblog.com/2020/09/stable-channel-update-for-desktop_21.html" } ], "schema_version": "1.7.0", "summary": "chromium -- multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "libxml2" }, "ranges": [ { "events": [ { "fixed": "2.9.10_1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://nvd.nist.gov/vuln/detail/CVE-2019-20388" ], "discovery": "2020-01-21T00:00:00Z", "vid": "f5abafc0-fcf6-11ea-8758-e0d55e2a8bf9" }, "details": "CVE mitre reports:\n\n> ### CVE-2019-20388\n>\n> xmlSchemaPreRun in xmlschemas.c in libxml2 2.9.10 allows an\n> xmlSchemaValidateStream memory leak.\n>\n> ### CVE-2020-7595\n>\n> xmlStringLenDecodeEntities in parser.c in libxml2 2.9.10 has an\n> infinite loop in a certain end-of-file situation.\n>\n> ### CVE-2020-24977\n>\n> GNOME project libxml2 v2.9.10 and earlier have a global buffer\n> over-read vulnerability in xmlEncodeEntitiesInternal\n", "id": "FreeBSD-2020-0256", "modified": "2020-09-22T00:00:00Z", "published": "2020-09-22T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-20388" }, { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-20388" }, { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-7595" }, { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-24977" } ], "schema_version": "1.7.0", "summary": "libxml -- multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "py36-matrix-synapse" }, "ranges": [ { "events": [ { "fixed": "1.19.2" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "py37-matrix-synapse" }, "ranges": [ { "events": [ { "fixed": "1.19.2" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "py38-matrix-synapse" }, "ranges": [ { "events": [ { "fixed": "1.19.2" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "discovery": "2020-09-16T00:00:00Z", "vid": "2327234d-fc4b-11ea-adef-641c67a117d8" }, "details": "# Problem Description:\n\nAffected Synapse versions assume that all events have an \\\"origin\\\"\nfield set. If an event without the \\\"origin\\\" field is sent into a\nfederated room, servers not already joined to the room will be unable to\ndo so due to failing to fetch the malformed event.\n\n# Impact:\n\nAn attacker could cause a denial of service by deliberately sending a\nmalformed event into a room, thus preventing new servers (and thus their\nusers) from joining the room.\n", "id": "FreeBSD-2020-0255", "modified": "2020-09-21T00:00:00Z", "published": "2020-09-21T00:00:00Z", "references": [ { "type": "WEB", "url": "https://github.com/matrix-org/synapse/issues/8319" }, { "type": "WEB", "url": "https://github.com/matrix-org/synapse/pull/8324" }, { "type": "WEB", "url": "https://github.com/matrix-org/synapse/blob/v1.19.3/CHANGES.md" } ], "schema_version": "1.7.0", "summary": "py-matrix-synapse -- malformed events may prevent users from joining federated rooms" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "python35" }, "ranges": [ { "events": [ { "fixed": "3.5.10" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://docs.python.org/3.5/whatsnew/changelog.html#python-3-5-10" ], "discovery": "2020-08-19T00:00:00Z", "references": { "cvename": [ "CVE-2020-15523", "CVE-2020-14422", "CVE-2019-18348", "CVE-2020-8492", "CVE-2019-20907" ] }, "vid": "2cb21232-fb32-11ea-a929-a4bf014bf5f7" }, "details": "Python reports:\n\n> bpo-39603: Prevent http header injection by rejecting control\n> characters in http.client.putrequest(...).\n>\n> bpo-29778: Ensure python3.dll is loaded from correct locations when\n> Python is embedded (CVE-2020-15523).\n>\n> bpo-41004: CVE-2020-14422: The \\_\\_hash\\_\\_() methods of\n> ipaddress.IPv4Interface and ipaddress.IPv6Interface incorrectly\n> generated constant hash values of 32 and 128 respectively. This\n> resulted in always causing hash collisions. The fix uses hash() to\n> generate hash values for the tuple of (address, mask length, network\n> address).\n>\n> bpo-39073: Disallow CR or LF in email.headerregistry.Address arguments\n> to guard against header injection attacks.\n>\n> bpo-38576: Disallow control characters in hostnames in http.client,\n> addressing CVE-2019-18348. Such potentially malicious header injection\n> URLs now cause a InvalidURL to be raised.\n>\n> bpo-39503: CVE-2020-8492: The AbstractBasicAuthHandler class of the\n> urllib.request module uses an inefficient regular expression which can\n> be exploited by an attacker to cause a denial of service. Fix the\n> regex to prevent the catastrophic backtracking. Vulnerability reported\n> by Ben Caller and Matt Schwager.\n>\n> bpo-38945: Newline characters have been escaped when performing uu\n> encoding to prevent them from overflowing into to content section of\n> the encoded file. This prevents malicious or accidental modification\n> of data during the decoding process.\n>\n> bpo-38804: Fixes a ReDoS vulnerability in http.cookiejar. Patch by Ben\n> Caller.\n>\n> bpo-39017: Avoid infinite loop when reading specially crafted TAR\n> files using the tarfile module (CVE-2019-20907).\n>\n> bpo-41183: Use 3072 RSA keys and SHA-256 signature for test certs and\n> keys.\n>\n> bpo-39503: AbstractBasicAuthHandler of urllib.request now parses all\n> WWW-Authenticate HTTP headers and accepts multiple challenges per\n> header: use the realm of the first Basic challenge.\n", "id": "FreeBSD-2020-0254", "modified": "2020-09-20T00:00:00Z", "published": "2020-09-20T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://docs.python.org/3.5/whatsnew/changelog.html#python-3-5-10" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-15523" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-14422" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-18348" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-8492" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-20907" } ], "schema_version": "1.7.0", "summary": "Python -- multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "samba410" }, "ranges": [ { "events": [ { "fixed": "4.10.18" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "samba411" }, "ranges": [ { "events": [ { "fixed": "4.11.13" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "samba412" }, "ranges": [ { "events": [ { "fixed": "4.12.7" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://www.samba.org/samba/security/CVE-2020-1472.html" ], "discovery": "2020-01-01T00:00:00Z", "references": { "cvename": [ "CVE-2020-1472" ] }, "vid": "24ace516-fad7-11ea-8d8c-005056a311d1" }, "details": "The Samba Team reports:\n\n> An unauthenticated attacker on the network can gain administrator\n> access by exploiting a netlogon protocol flaw.\n", "id": "FreeBSD-2020-0253", "modified": "2020-09-20T00:00:00Z", "published": "2020-09-20T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://www.samba.org/samba/security/CVE-2020-1472.html" }, { "type": "WEB", "url": "https://www.samba.org/samba/security/CVE-2020-1472.html" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-1472" } ], "schema_version": "1.7.0", "summary": "samba -- Unauthenticated domain takeover via netlogon" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "nextcloud" }, "ranges": [ { "events": [ { "fixed": "19.0.1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://nextcloud.com/security/advisory/?id=NC-SA-2020-026" ], "discovery": "2020-06-04T00:00:00Z", "references": { "cvename": [ "CVE-2020-8183" ] }, "vid": "eeec4e6f-fa71-11ea-9bb7-d4c9ef517024" }, "details": "The Nextcloud project reports:\n\n> NC-SA-2020-026 (low): Password of share by mail is not hashed when\n> given on the create share call\\\n> A logic error in Nextcloud Server 19.0.0 caused a plaintext storage of\n> the share password when it was given on the initial create API call.\n", "id": "FreeBSD-2020-0252", "modified": "2020-09-19T00:00:00Z", "published": "2020-09-19T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://nextcloud.com/security/advisory/?id=NC-SA-2020-026" }, { "type": "WEB", "url": "https://nextcloud.com/security/advisory/?id=NC-SA-2020-026" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-8183" } ], "schema_version": "1.7.0", "summary": "Nextcloud -- Password share by mail not hashed" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "webkit2-gtk3" }, "ranges": [ { "events": [ { "fixed": "2.28.3" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://webkitgtk.org/security/WSA-2020-0006.html" ], "discovery": "2020-07-10T00:00:00Z", "references": { "cvename": [ "CVE-2020-9802", "CVE-2020-9803", "CVE-2020-9805", "CVE-2020-9806", "CVE-2020-9807", "CVE-2020-9843", "CVE-2020-9850", "CVE-2020-13753" ] }, "vid": "efd03116-c2a9-11ea-82bc-b42e99a1b9c3" }, "details": "The WebKitGTK project reports vulnerabilities:\n\n> - CVE-2020-9802: Processing maliciously crafted web content may lead\n> to arbitrary code execution.\n> - CVE-2020-9803: Processing maliciously crafted web content may lead\n> to arbitrary code execution.\n> - CVE-2020-9805: Processing maliciously crafted web content may lead\n> to universal cross site scripting.\n> - CVE-2020-9806: Processing maliciously crafted web content may lead\n> to arbitrary code execution.\n> - CVE-2020-9807: Processing maliciously crafted web content may lead\n> to arbitrary code execution.\n> - CVE-2020-9843: Processing maliciously crafted web content may lead\n> to a cross site scripting attack.\n> - CVE-2020-9850: A remote attacker may be able to cause arbitrary code\n> execution.\n> - CVE-2020-13753: CLONE_NEWUSER could potentially be used to confuse\n> xdg- desktop-portal, which allows access outside the sandbox.\n> TIOCSTI can be used to directly execute commands outside the sandbox\n> by writing to the controlling terminal's input buffer.\n", "id": "FreeBSD-2020-0251", "modified": "2020-07-10T00:00:00Z", "published": "2020-07-10T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://webkitgtk.org/security/WSA-2020-0006.html" }, { "type": "WEB", "url": "https://webkitgtk.org/security/WSA-2020-0006.html" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-9802" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-9803" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-9805" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-9806" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-9807" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-9843" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-9850" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-13753" } ], "schema_version": "1.7.0", "summary": "webkit2-gtk3 -- multible vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "node" }, "ranges": [ { "events": [ { "fixed": "14.11.0" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "node12" }, "ranges": [ { "events": [ { "fixed": "12.18.4" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "node10" }, "ranges": [ { "events": [ { "fixed": "10.22.1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://nodejs.org/en/blog/vulnerability/september-2020-security-releases/" ], "discovery": "2020-09-08T00:00:00Z", "references": { "cvename": [ "CVE-2020-8201", "CVE-2020-8251", "CVE-2020-8252" ] }, "vid": "4ca5894c-f7f1-11ea-8ff8-0022489ad614" }, "details": "Node.js reports:\n\n> Updates are now available for v10,x, v12.x and v14.x Node.js release\n> lines for the following issues.\n>\n> # HTTP Request Smuggling due to CR-to-Hyphen conversion (High) (CVE-2020-8201)\n>\n> Affected Node.js versions converted carriage returns in HTTP request\n> headers to a hyphen before parsing. This can lead to HTTP Request\n> Smuggling as it is a non-standard interpretation of the header.\n>\n> Impacts:\n>\n> - All versions of the 14.x and 12.x releases line\n>\n> # Denial of Service by resource exhaustion CWE-400 due to unfinished HTTP/1.1 requests (Critical) (CVE-2020-8251)\n>\n> Node.js is vulnerable to HTTP denial of service (DOS) attacks based on\n> delayed requests submission which can make the server unable to accept\n> new connections. The fix a new http.Server option called\n> requestTimeout with a default value of 0 which means it is disabled by\n> default. This should be set when Node.js is used as an edge server,\n> for more details refer to the documentation.\n>\n> Impacts:\n>\n> - All versions of the 14.x release line\n>\n> # fs.realpath.native on may cause buffer overflow (Medium) (CVE-2020-8252)\n>\n> libuv\\'s realpath implementation incorrectly determined the buffer\n> size which can result in a buffer overflow if the resolved path is\n> longer than 256 bytes.\n>\n> Impacts:\n>\n> - All versions of the 10.x release line\n> - All versions of the 12.x release line\n> - All versions of the 14.x release line before 14.9.0\n", "id": "FreeBSD-2020-0250", "modified": "2020-09-16T00:00:00Z", "published": "2020-09-16T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://nodejs.org/en/blog/vulnerability/september-2020-security-releases/" }, { "type": "WEB", "url": "https://nodejs.org/en/blog/vulnerability/september-2020-security-releases/" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-8201" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-8251" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-8252" } ], "schema_version": "1.7.0", "summary": "Node.js -- September 2020 Security Releases" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "FreeBSD" }, "ranges": [ { "events": [ { "introduced": "12.1" }, { "fixed": "12.1_10" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "11.4" }, { "fixed": "11.4_4" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "11.3" }, { "fixed": "11.3_14" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "discovery": "2020-09-15T00:00:00Z", "references": { "cvename": [ "CVE-2020-7468" ], "freebsdsa": [ "SA-20:30.ftpd" ] }, "vid": "6d334fdb-f7e7-11ea-88f8-901b0ef719ab" }, "details": "# Problem Description:\n\nA ftpd(8) bug in the implementation of the file system sandbox, combined\nwith capabilities available to an authenticated FTP user, can be used to\nescape the file system restriction configured in ftpchroot(5). Moreover,\nthe bug allows a malicious client to gain root privileges.\n\n# Impact:\n\nA malicious FTP user can gain privileged access to an affected system.\n", "id": "FreeBSD-2020-0249", "modified": "2020-09-16T00:00:00Z", "published": "2020-09-16T00:00:00Z", "references": [ { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-7468" }, { "type": "ADVISORY", "url": "https://www.freebsd.org/security/advisories/FreeBSD-SA-20:30.ftpd.asc" } ], "schema_version": "1.7.0", "summary": "FreeBSD -- ftpd privilege escalation via ftpchroot feature" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:kernel", "name": "FreeBSD-kernel" }, "ranges": [ { "events": [ { "introduced": "12.1" }, { "fixed": "12.1_10" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "11.4" }, { "fixed": "11.4_4" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "11.3" }, { "fixed": "11.3_14" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "discovery": "2020-09-15T00:00:00Z", "references": { "cvename": [ "CVE-2020-7467" ], "freebsdsa": [ "SA-20:29.bhyve_svm" ] }, "vid": "e73c688b-f7e6-11ea-88f8-901b0ef719ab" }, "details": "# Problem Description:\n\nA number of AMD virtualization instructions operate on host physical\naddresses, are not subject to nested page table translation, and guest\nuse of these instructions was not trapped.\n\n# Impact:\n\nFrom kernel mode a malicious guest can write to arbitrary host memory\n(with some constraints), affording the guest full control of the host.\n", "id": "FreeBSD-2020-0248", "modified": "2020-09-16T00:00:00Z", "published": "2020-09-16T00:00:00Z", "references": [ { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-7467" }, { "type": "ADVISORY", "url": "https://www.freebsd.org/security/advisories/FreeBSD-SA-20:29.bhyve_svm.asc" } ], "schema_version": "1.7.0", "summary": "FreeBSD -- bhyve SVM guest escape" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:kernel", "name": "FreeBSD-kernel" }, "ranges": [ { "events": [ { "introduced": "12.1" }, { "fixed": "12.1_10" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "11.4" }, { "fixed": "11.4_4" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "11.3" }, { "fixed": "11.3_14" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "discovery": "2020-09-15T00:00:00Z", "references": { "cvename": [ "CVE-2020-24718" ], "freebsdsa": [ "SA-20:28.bhyve_vmcs" ] }, "vid": "2c5b9cd7-f7e6-11ea-88f8-901b0ef719ab" }, "details": "# Problem Description:\n\nAMD and Intel CPUs support hardware virtualization using specialized\ndata structures that control various aspects of guest operation. These\nare the Virtual Machine Control Structure (VMCS) on Intel CPUs, and the\nVirtual Machine Control Block (VMCB) on AMD CPUs. Insufficient access\ncontrols allow root users, including those running in a jail, to change\nthese data structures.\n\n# Impact:\n\nAn attacker with host root access (including to a jailed bhyve instance)\ncan use this vulnerability to achieve kernel code execution.\n", "id": "FreeBSD-2020-0247", "modified": "2020-09-16T00:00:00Z", "published": "2020-09-16T00:00:00Z", "references": [ { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-24718" }, { "type": "ADVISORY", "url": "https://www.freebsd.org/security/advisories/FreeBSD-SA-20:28.bhyve_vmcs.asc" } ], "schema_version": "1.7.0", "summary": "FreeBSD -- bhyve privilege escalation via VMCS access" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:kernel", "name": "FreeBSD-kernel" }, "ranges": [ { "events": [ { "introduced": "12.1" }, { "fixed": "12.1_10" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "11.4" }, { "fixed": "11.4_4" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "11.3" }, { "fixed": "11.3_14" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "discovery": "2020-09-15T00:00:00Z", "references": { "cvename": [ "CVE-2020-7464" ], "freebsdsa": [ "SA-20:27.ure" ] }, "vid": "bb53af7b-f7e4-11ea-88f8-901b0ef719ab" }, "details": "# Problem Description:\n\nA programming error in the ure(4) device driver caused some Realtek USB\nEthernet interfaces to incorrectly report packets with more than 2048\nbytes in a single USB transfer as having a length of only 2048 bytes.\n\nAn adversary can exploit this to cause the driver to misinterpret part\nof the payload of a large packet as a separate packet, and thereby\ninject packets across security boundaries such as VLANs.\n\n# Impact:\n\nAn attacker that can send large frames (larger than 2048 bytes in size)\nto be received by the host (be it VLAN, or non-VLAN tagged packet), can\ninject arbitrary packets to be received and processed by the host. This\nincludes spoofing packets from other hosts, or injecting packets to\nother VLANs than the host is on.\n", "id": "FreeBSD-2020-0246", "modified": "2020-09-16T00:00:00Z", "published": "2020-09-16T00:00:00Z", "references": [ { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-7464" }, { "type": "ADVISORY", "url": "https://www.freebsd.org/security/advisories/FreeBSD-SA-20:27.ure.asc" } ], "schema_version": "1.7.0", "summary": "FreeBSD -- ure device driver susceptible to packet-in-packet attack" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "rubygem-actionview52" }, "ranges": [ { "events": [ { "fixed": "5.2.4.4" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "rubygem-actionview60" }, "ranges": [ { "events": [ { "fixed": "6.0.3.3" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://weblog.rubyonrails.org/2020/9/10/Rails-5-2-4-4-and-6-0-3-3-have-been-released/" ], "discovery": "2020-09-09T00:00:00Z", "references": { "cvename": [ "CVE-2020-15169" ] }, "vid": "7b630362-f468-11ea-a96c-08002728f74c" }, "details": "Ruby on Rails blog:\n\n> Rails 5.2.4.4 and 6.0.3.3 have been released! These releases contain\n> an important security fix, so please upgrade when you can.\n>\n> Both releases contain the following fix: \\[CVE-2020-15169\\] Potential\n> XSS vulnerability in Action View\n", "id": "FreeBSD-2020-0245", "modified": "2020-09-12T00:00:00Z", "published": "2020-09-12T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://weblog.rubyonrails.org/2020/9/10/Rails-5-2-4-4-and-6-0-3-3-have-been-released/" }, { "type": "WEB", "url": "https://weblog.rubyonrails.org/2020/9/10/Rails-5-2-4-4-and-6-0-3-3-have-been-released/" }, { "type": "WEB", "url": "https://groups.google.com/forum/#!topic/rubyonrails-security/b-C9kSGXYrc" }, { "type": "WEB", "url": "https://github.com/rails/rails/blob/5-2-stable/actionview/CHANGELOG.md" }, { "type": "WEB", "url": "https://github.com/rails/rails/blob/6-0-stable/actionview/CHANGELOG.md" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-15169" } ], "schema_version": "1.7.0", "summary": "Rails -- Potential XSS vulnerability" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "zeek" }, "ranges": [ { "events": [ { "fixed": "3.0.10" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://github.com/zeek/zeek/releases/tag/v3.0.10" ], "discovery": "2020-08-28T00:00:00Z", "vid": "2c92fdd3-896c-4a5a-a0d8-52acee69182d" }, "details": "Jon Siwek of Corelight reports:\n\n> This release fixes the following security issue:\n>\n> - The AYIYA and GTPv1 parsing/decapsulation logic may leak memory \\--\n> These leaks have potential for remote exploitation to cause Denial\n> of Service via resource exhaustion.\n", "id": "FreeBSD-2020-0244", "modified": "2020-09-09T00:00:00Z", "published": "2020-09-09T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://github.com/zeek/zeek/releases/tag/v3.0.10" }, { "type": "WEB", "url": "https://github.com/zeek/zeek/releases/tag/v3.0.10" } ], "schema_version": "1.7.0", "summary": "zeek -- Various vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "chromium" }, "ranges": [ { "events": [ { "fixed": "85.0.4183.102" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://chromereleases.googleblog.com/2020/09/stable-channel-update-for-desktop.html" ], "discovery": "2020-09-08T00:00:00Z", "references": { "cvename": [ "CVE-2020-6573", "CVE-2020-6574", "CVE-2020-6575", "CVE-2020-6576", "CVE-2020-15969" ] }, "vid": "bed5d41a-f2b4-11ea-a878-e09467587c17" }, "details": "Chrome Releases reports:\n\n> This release contains 5 security fixes:\n>\n> - \\[1116304\\] High CVE-2020-6573: Use after free in video. Reported by\n> Leecraso and Guang Gong of 360 Alpha Lab working with 360 BugCloud\n> on 2020-08-14\n> - \\[1102196\\] High CVE-2020-6574: Insufficient policy enforcement in\n> installer. Reported by CodeColorist of Ant-Financial LightYear Labs\n> on 2020-07-05\n> - \\[1081874\\] High CVE-2020-6575: Race in Mojo. Reported by Microsoft\n> on 2020-05-12\n> - \\[1111737\\] High CVE-2020-6576: Use after free in offscreen canvas.\n> Reported by Looben Yang on 2020-07-31\n> - \\[1122684\\] High CVE-2020-15959: Insufficient policy enforcement in\n> networking. Reported by Eric Lawrence of Microsoft on 2020-08-27\n", "id": "FreeBSD-2020-0243", "modified": "2020-09-09T00:00:00Z", "published": "2020-09-09T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://chromereleases.googleblog.com/2020/09/stable-channel-update-for-desktop.html" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-6573" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-6574" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-6575" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-6576" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-15969" }, { "type": "WEB", "url": "https://chromereleases.googleblog.com/2020/09/stable-channel-update-for-desktop.html" } ], "schema_version": "1.7.0", "summary": "chromium -- multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "mpd5" }, "ranges": [ { "events": [ { "fixed": "5.9" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "discovery": "2020-09-04T00:00:00Z", "references": { "cvename": [ "CVE-2020-7465", "CVE-2020-7466" ] }, "vid": "cd97c7ca-f079-11ea-9c31-001b216d295b" }, "details": "Version 5.9 contains security fix for L2TP clients and servers.\nInsufficient validation of incoming L2TP control packet specially\ncrafted by unauthenticated user might lead to unexpected termination of\nthe process. The problem affects mpd versions since 4.0 that brought in\ninitial support for L2TP. Installations not using L2TP clients nor L2TP\nserver configuration were not affected.\n", "id": "FreeBSD-2020-0242", "modified": "2020-09-07T00:00:00Z", "published": "2020-09-06T00:00:00Z", "references": [ { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-7465" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-7466" }, { "type": "WEB", "url": "http://mpd.sourceforge.net/doc5/mpd4.html#4" } ], "schema_version": "1.7.0", "summary": "Multi-link PPP protocol daemon MPD5 remotely exploitable crash" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "mbedtls" }, "ranges": [ { "events": [ { "fixed": "2.16.8" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://tls.mbed.org/tech-updates/security-advisories/mbedtls-security-advisory-2020-09-2" ], "discovery": "2020-09-01T00:00:00Z", "vid": "bcdeb6d2-f02d-11ea-838a-0011d823eebd" }, "details": "Manuel P\u00e9gouri\u00e9-Gonnard reports:\n\n> An attacker with access to precise enough timing and memory access\n> information (typically an untrusted operating system attacking a\n> secure enclave such as SGX or the TrustZone secure world) can recover\n> the private keys used in RSA or static (finite-field) Diffie-Hellman\n> operations.\n", "id": "FreeBSD-2020-0241", "modified": "2020-09-06T00:00:00Z", "published": "2020-09-06T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://tls.mbed.org/tech-updates/security-advisories/mbedtls-security-advisory-2020-09-2" }, { "type": "WEB", "url": "https://tls.mbed.org/tech-updates/security-advisories/mbedtls-security-advisory-2020-09-2" } ], "schema_version": "1.7.0", "summary": "Mbed TLS -- Local side channel attack on RSA and static Diffie-Hellman" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "mbedtls" }, "ranges": [ { "events": [ { "fixed": "2.16.8" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://tls.mbed.org/tech-updates/security-advisories/mbedtls-security-advisory-2020-09-1" ], "discovery": "2020-09-01T00:00:00Z", "references": { "cvename": [ "CVE-2020-16150" ] }, "vid": "4c69240f-f02c-11ea-838a-0011d823eebd" }, "details": "Manuel P\u00e9gouri\u00e9-Gonnard reports:\n\n> When decrypting/authenticating (D)TLS record in a connection using a\n> CBC ciphersuite without the Encrypt-then-Mac extension RFC 7366, Mbed\n> TLS used dummy rounds of the compression function associated with the\n> hash used for HMAC in order to hide the length of the padding to\n> remote attackers, as recommended in the original Lucky Thirteen paper.\n>\n> A local attacker who is able to observe the state of the cache could\n> monitor the presence of mbedtls_md_process() in the cache in order to\n> determine when the actual computation ends and when the dummy rounds\n> start. This is a reliable target as it\\'s always called at least once,\n> in response to a previous attack. The attacker can then continue with\n> one of many well-documented Lucky 13 variants.\n", "id": "FreeBSD-2020-0240", "modified": "2020-09-06T00:00:00Z", "published": "2020-09-06T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://tls.mbed.org/tech-updates/security-advisories/mbedtls-security-advisory-2020-09-1" }, { "type": "WEB", "url": "https://tls.mbed.org/tech-updates/security-advisories/mbedtls-security-advisory-2020-09-1" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-16150" } ], "schema_version": "1.7.0", "summary": "Mbed TLS -- Local side channel attack on classical CBC decryption in (D)TLS" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "gnutls" }, "ranges": [ { "events": [ { "fixed": "3.6.15" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://gnutls.org/security-new.html#GNUTLS-SA-2020-09-04" ], "discovery": "2020-09-04T00:00:00Z", "references": { "cvename": [ "CVE-2020-24659" ] }, "vid": "2272e6f1-f029-11ea-838a-0011d823eebd" }, "details": "The GnuTLS project reports:\n\n> It was found by oss-fuzz that the server sending a\n> \\\"no_renegotiation\\\" alert in an unexpected timing, followed by an\n> invalid second handshake can cause a TLS 1.3 client to crash via a\n> null-pointer dereference. The crash happens in the application\\'s\n> error handling path, where the gnutls_deinit function is called after\n> detecting a handshake failure.\n", "id": "FreeBSD-2020-0239", "modified": "2020-09-06T00:00:00Z", "published": "2020-09-06T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://gnutls.org/security-new.html#GNUTLS-SA-2020-09-04" }, { "type": "WEB", "url": "https://gnutls.org/security-new.html#GNUTLS-SA-2020-09-04" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-24659" } ], "schema_version": "1.7.0", "summary": "GnuTLS -- null pointer dereference" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "py35-django22" }, "ranges": [ { "events": [ { "fixed": "2.2.16" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "py36-django22" }, "ranges": [ { "events": [ { "fixed": "2.2.16" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "py37-django22" }, "ranges": [ { "events": [ { "fixed": "2.2.16" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "py38-django22" }, "ranges": [ { "events": [ { "fixed": "2.2.16" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "py36-django30" }, "ranges": [ { "events": [ { "fixed": "3.0.10" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "py37-django30" }, "ranges": [ { "events": [ { "fixed": "3.0.10" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "py38-django30" }, "ranges": [ { "events": [ { "fixed": "3.0.10" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "py36-django31" }, "ranges": [ { "events": [ { "fixed": "3.1.1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "py37-django31" }, "ranges": [ { "events": [ { "fixed": "3.1.1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "py38-django31" }, "ranges": [ { "events": [ { "fixed": "3.1.1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://docs.djangoproject.com/en/3.1/releases/3.1.1/" ], "discovery": "2020-09-01T00:00:00Z", "references": { "cvename": [ "CVE-2020-24583", "CVE-2020-24584" ] }, "vid": "002432c8-ef6a-11ea-ba8f-08002728f74c" }, "details": "Django Release notes:\n\n> CVE-2020-24583: Incorrect permissions on intermediate-level\n> directories on Python 3.7+\n>\n> On Python 3.7+, FILE_UPLOAD_DIRECTORY_PERMISSIONS mode was not applied\n> to intermediate-level directories created in the process of uploading\n> files and to intermediate-level collected static directories when\n> using the collectstatic management command.\n>\n> CVE-2020-24584: Permission escalation in intermediate-level\n> directories of the file system cache on Python 3.7+\n>\n> On Python 3.7+, the intermediate-level directories of the file system\n> cache had the system\\'s standard umask rather than 0o077 (no group or\n> others permissions).\n", "id": "FreeBSD-2020-0238", "modified": "2020-09-05T00:00:00Z", "published": "2020-09-05T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://docs.djangoproject.com/en/3.1/releases/3.1.1/" }, { "type": "WEB", "url": "https://docs.djangoproject.com/en/2.2/releases/2.2.16/" }, { "type": "WEB", "url": "https://docs.djangoproject.com/en/3.0/releases/3.0.10/" }, { "type": "WEB", "url": "https://docs.djangoproject.com/en/3.1/releases/3.1.1/" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-24583" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-24584" } ], "schema_version": "1.7.0", "summary": "Django -- multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "gnupg" }, "ranges": [ { "events": [ { "introduced": "2.2.21" }, { "fixed": "2.2.23" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "discovery": "2020-09-03T00:00:00Z", "references": { "cvename": [ "CVE-2020-25125" ] }, "vid": "f9fa7adc-ee51-11ea-a240-002590acae31" }, "details": "Importing an OpenPGP key having a preference list for AEAD algorithms\nwill lead to an array overflow and thus often to a crash or other\nundefined behaviour.\n\nImporting an arbitrary key can often easily be triggered by an attacker\nand thus triggering this bug. Exploiting the bug aside from crashes is\nnot trivial but likely possible for a dedicated attacker. The major\nhurdle for an attacker is that only every second byte is under their\ncontrol with every first byte having a fixed value of 0x04.\n", "id": "FreeBSD-2020-0237", "modified": "2020-09-03T00:00:00Z", "published": "2020-09-03T00:00:00Z", "references": [ { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-25125" }, { "type": "WEB", "url": "https://dev.gnupg.org/T5050" } ], "schema_version": "1.7.0", "summary": "gnupg -- AEAD key import overflow" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "FreeBSD" }, "ranges": [ { "events": [ { "introduced": "12.1" }, { "fixed": "12.1_9" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "11.4" }, { "fixed": "11.4_3" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "11.3" }, { "fixed": "11.3_13" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "discovery": "2020-09-02T00:00:00Z", "references": { "cvename": [ "CVE-2020-7461" ], "freebsdsa": [ "SA-20:26.dhclient" ] }, "vid": "762b7d4a-ec19-11ea-88f8-901b0ef719ab" }, "details": "# Problem Description:\n\nWhen parsing option 119 data, dhclient(8) computes the uncompressed\ndomain list length so that it can allocate an appropriately sized buffer\nto store the uncompressed list. The code to compute the length failed to\nhandle certain malformed input, resulting in a heap overflow when the\nuncompressed list is copied into in inadequately sized buffer.\n\n# Impact:\n\nThe heap overflow could in principle be exploited to achieve remote code\nexecution. The affected process runs with reduced privileges in a\nCapsicum sandbox, limiting the immediate impact of an exploit. However,\nit is possible the bug could be combined with other vulnerabilities to\nescape the sandbox.\n", "id": "FreeBSD-2020-0236", "modified": "2020-09-02T00:00:00Z", "published": "2020-09-02T00:00:00Z", "references": [ { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-7461" }, { "type": "ADVISORY", "url": "https://www.freebsd.org/security/advisories/FreeBSD-SA-20:26.dhclient.asc" } ], "schema_version": "1.7.0", "summary": "FreeBSD -- dhclient heap overflow" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:kernel", "name": "FreeBSD-kernel" }, "ranges": [ { "events": [ { "introduced": "12.1" }, { "fixed": "12.1_9" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "11.4" }, { "fixed": "11.4_3" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "11.3" }, { "fixed": "11.3_13" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "discovery": "2020-09-02T00:00:00Z", "references": { "cvename": [ "CVE-2020-7463" ], "freebsdsa": [ "SA-20:25.sctp" ] }, "vid": "77b877aa-ec18-11ea-88f8-901b0ef719ab" }, "details": "# Problem Description:\n\nDue to improper handling in the kernel, a use-after-free bug can be\ntriggered by sending large user messages from multiple threads on the\nsame socket.\n\n# Impact:\n\nTriggering the use-after-free situation may result in unintended kernel\nbehaviour including a kernel panic.\n", "id": "FreeBSD-2020-0235", "modified": "2020-09-02T00:00:00Z", "published": "2020-09-02T00:00:00Z", "references": [ { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-7463" }, { "type": "ADVISORY", "url": "https://www.freebsd.org/security/advisories/FreeBSD-SA-20:25.sctp.asc" } ], "schema_version": "1.7.0", "summary": "FreeBSD -- SCTP socket use-after-free bug" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:kernel", "name": "FreeBSD-kernel" }, "ranges": [ { "events": [ { "introduced": "11.3" }, { "fixed": "11.3_13" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "discovery": "2020-09-02T00:00:00Z", "references": { "cvename": [ "CVE-2020-7462" ], "freebsdsa": [ "SA-20:24.ipv6" ] }, "vid": "74bbde13-ec17-11ea-88f8-901b0ef719ab" }, "details": "# Problem Description:\n\nDue to improper mbuf handling in the kernel, a use-after-free bug might\nbe triggered by sending IPv6 Hop-by-Hop options over the loopback\ninterface.\n\n# Impact:\n\nTriggering the use-after-free situation may result in unintended kernel\nbehaviour including a kernel panic.\n", "id": "FreeBSD-2020-0234", "modified": "2020-09-02T00:00:00Z", "published": "2020-09-02T00:00:00Z", "references": [ { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-7462" }, { "type": "ADVISORY", "url": "https://www.freebsd.org/security/advisories/FreeBSD-SA-20:24.ipv6.asc" } ], "schema_version": "1.7.0", "summary": "FreeBSD -- IPv6 Hop-by-Hop options use-after-free bug" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "gitlab-ce" }, "ranges": [ { "events": [ { "introduced": "13.3.0" }, { "fixed": "13.3.4" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "13.2.0" }, { "fixed": "13.2.8" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "0" }, { "fixed": "13.1.10" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://about.gitlab.com/releases/2020/09/02/security-release-gitlab-13-3-3-released/" ], "discovery": "2020-09-02T00:00:00Z", "references": { "cvename": [ "CVE-2020-13318", "CVE-2020-13301", "CVE-2020-13284", "CVE-2020-13298", "CVE-2020-13313", "CVE-2020-13311", "CVE-2020-13289", "CVE-2020-13302", "CVE-2020-13314", "CVE-2020-13309", "CVE-2020-13287", "CVE-2020-13306", "CVE-2020-13299", "CVE-2020-13300", "CVE-2020-13317", "CVE-2020-13303", "CVE-2020-13316", "CVE-2020-13304", "CVE-2020-13305", "CVE-2020-13307", "CVE-2020-13308", "CVE-2020-13315", "CVE-2020-13297", "CVE-2020-13310", "CVE-2020-11022" ] }, "vid": "1fb13175-ed52-11ea-8b93-001b217b3468" }, "details": "Gitlab reports:\n\n> Vendor Cross-Account Assume-Role Attack\n>\n> Stored XSS on the Vulnerability Page\n>\n> Outdated Job Token Can Be Reused to Access Unauthorized Resources\n>\n> File Disclosure Via Workhorse File Upload Bypass\n>\n> Unauthorized Maintainer Can Edit Group Badge\n>\n> Denial of Service Within Wiki Functionality\n>\n> Sign-in Vulnerable to Brute-force Attacks\n>\n> Invalidated Session Allows Account Access With an Old Password\n>\n> GitLab Omniauth Endpoint Renders User Controlled Messages\n>\n> Blind SSRF Through Repository Mirroring\n>\n> Information Disclosure Through Incorrect Group Permission\n> Verifications\n>\n> No Rate Limit on GitLab Webhook Feature\n>\n> GitLab Session Revocation Feature Does Not Invalidate All Sessions\n>\n> OAuth Authorization Scope for an External Application Can Be Changed\n> Without User Consent\n>\n> Unauthorized Maintainer Can Delete Repository\n>\n> Improper Verification of Deploy-Key Leads to Access Restricted\n> Repository\n>\n> Disabled Repository Still Accessible With a Deploy-Token\n>\n> Duplicated Secret Code Generated by 2 Factor Authentication Mechanism\n>\n> Lack of Validation Within Project Invitation Flow\n>\n> Current Sessions Not Invalidated Upon Enabling 2 Factor Authentication\n>\n> Users Without 2 Factor Authentication Can Be Blocked Accessing GitLab\n>\n> Lack of Upper Bound Check Leading to Possible Denial of Service\n>\n> 2 Factor Authentication for Groups Was Not Enforced Within API\n> Endpoint\n>\n> GitLab Runner Denial of Service via CI Jobs\n>\n> Update jQuery Dependency\n", "id": "FreeBSD-2020-0233", "modified": "2020-09-02T00:00:00Z", "published": "2020-09-02T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://about.gitlab.com/releases/2020/09/02/security-release-gitlab-13-3-3-released/" }, { "type": "WEB", "url": "https://about.gitlab.com/releases/2020/09/02/security-release-gitlab-13-3-3-released/" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-13318" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-13301" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-13284" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-13298" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-13313" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-13311" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-13289" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-13302" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-13314" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-13309" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-13287" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-13306" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-13299" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-13300" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-13317" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-13303" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-13316" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-13304" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-13305" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-13307" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-13308" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-13315" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-13297" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-13310" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-11022" } ], "schema_version": "1.7.0", "summary": "Gitlab -- multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "go" }, "ranges": [ { "events": [ { "fixed": "1.14.8,1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "1.15,1" }, { "fixed": "1.15.1,1" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://github.com/golang/go/issues/40928" ], "discovery": "2020-08-20T00:00:00Z", "references": { "cvename": [ "CVE-2020-24553" ] }, "vid": "67b050ae-ec82-11ea-9071-10c37b4ac2ea" }, "details": "The Go project reports:\n\n> When a Handler does not explicitly set the Content-Type header, both\n> CGI implementations default to \"text/html\". If an attacker can make a\n> server generate content under their control (e.g. a JSON containing\n> user data or an uploaded image file) this might be mistakenly returned\n> by the server as \"text/html\". If a victim visits such a page they\n> could get the attacker\\'s code executed in the context of the server\n> origin. If an attacker can make a server generate content under their\n> control (e.g. a JSON containing user data or an uploaded image file)\n> this might be mistakenly returned by the server as \"text/html\". If a\n> victim visits such a page they could get the attacker\\'s code executed\n> in the context of the server origin.\n", "id": "FreeBSD-2020-0232", "modified": "2020-09-01T00:00:00Z", "published": "2020-09-01T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://github.com/golang/go/issues/40928" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-24553" }, { "type": "WEB", "url": "https://github.com/golang/go/issues/40928" } ], "schema_version": "1.7.0", "summary": "go -- net/http/cgi, net/http/fcgi: Cross-Site Scripting (XSS) when Content-Type is not specified" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "ark" }, "ranges": [ { "events": [ { "fixed": "20.08.0_1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://kde.org/info/security/advisory-20200827-1.txt" ], "discovery": "2020-08-27T00:00:00Z", "references": { "cvename": [ "CVE-2020-24654" ] }, "vid": "38fdf07b-e8ec-11ea-8bbe-e0d55e2a8bf9" }, "details": "Albert Astals Cid reports:\n\n> ### Overview\n>\n> A maliciously crafted TAR archive containing symlink entries would\n> install files anywhere in the user\\'s home directory upon extraction.\n>\n> ### Proof of concept\n>\n> For testing, an example of malicious archive can be found at\n> [dirsymlink.tar](https://github.com/jwilk/traversal-archives/releases/download/0/dirsymlink.tar)\n>\n> ### Impact\n>\n> Users can unwillingly install files like a modified .bashrc, or a\n> malicious script placed in \\~/.config/autostart.\n>\n> ### Workaround\n>\n> Before extracting a downloaded archive using the Ark GUI, users should\n> inspect it to make sure it doesn\\'t contain symlink entries pointing\n> outside the extraction folder.\n>\n> The \\'Extract\\' context menu from the Dolphin file manager shouldn\\'t\n> be used.\n>\n> ### Solution\n>\n> Ark 20.08.1 skips maliciously crafted symlinks when extracting TAR\n> archives.\n>\n> Alternatively,\n> [8bf8c5ef07b0ac5e914d752681e470dea403a5bd](https://invent.kde.org/utilities/ark/-/commit/8bf8c5ef07b0ac5e914d752681e470dea403a5bd)\n> can be applied to previous releases.\n>\n> ### Credits\n>\n> Thanks to Fabian Vogt for reporting this issue and for fixing it.\n", "id": "FreeBSD-2020-0231", "modified": "2020-08-28T00:00:00Z", "published": "2020-08-28T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://kde.org/info/security/advisory-20200827-1.txt" }, { "type": "WEB", "url": "https://kde.org/info/security/advisory-20200827-1.txt" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-24654" } ], "schema_version": "1.7.0", "summary": "ark -- extraction outside of extraction directory" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "php72" }, "ranges": [ { "events": [ { "fixed": "7.2.33" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "php73" }, "ranges": [ { "events": [ { "fixed": "7.3.21" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "php74" }, "ranges": [ { "events": [ { "fixed": "7.4.9" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://bugs.php.net/bug.php?id=79797" ], "discovery": "2020-07-06T00:00:00Z", "references": { "cvename": [ "CVE-2020-7068" ] }, "vid": "ee261034-b95e-4479-b947-08b0877e029f" }, "details": "grigoritchy at gmail dot com reports:\n\n> The phar_parse_zipfile function had use-after-free vulnerability\n> because of mishandling of the actual_alias variable.\n", "id": "FreeBSD-2020-0230", "modified": "2020-08-27T00:00:00Z", "published": "2020-08-27T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://bugs.php.net/bug.php?id=79797" }, { "type": "ADVISORY", "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7068" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-7068" } ], "schema_version": "1.7.0", "summary": "php72 -- use of freed hash key" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "chromium" }, "ranges": [ { "events": [ { "fixed": "85.0.4183.83" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://chromereleases.googleblog.com/2020/08/stable-channel-update-for-desktop_25.html" ], "discovery": "2020-08-25T00:00:00Z", "references": { "cvename": [ "CVE-2020-6558", "CVE-2020-6559", "CVE-2020-6560", "CVE-2020-6561", "CVE-2020-6562", "CVE-2020-6563", "CVE-2020-6564", "CVE-2020-6565", "CVE-2020-6566", "CVE-2020-6567", "CVE-2020-6568", "CVE-2020-6569", "CVE-2020-6570", "CVE-2020-6571" ] }, "vid": "d73bc4e6-e7c4-11ea-a878-e09467587c17" }, "details": "Chrome Releases reports:\n\n> This update includes 20 security fixes, including:\n>\n> - \\[1109120\\] High CVE-2020-6558: Insufficient policy enforcement in\n> iOS. Reported by Alison Huffman, Microsoft Browser Vulnerability\n> Research on 2020-07-24\n> - \\[1116706\\] High CVE-2020-6559: Use after free in presentation API.\n> Reported by Liu Wei and Wu Zekai of Tencent Security Xuanwu Lab on\n> 2020-08-15\n> - \\[1108181\\] Medium CVE-2020-6560: Insufficient policy enforcement in\n> autofill. Reported by Nadja Ungethuem from www.unnex.de on\n> 2020-07-22\n> - \\[932892\\] Medium CVE-2020-6561: Inappropriate implementation in\n> Content Security Policy. Reported by Rob Wu on 2019-02-16\n> - \\[1086845\\] Medium CVE-2020-6562: Insufficient policy enforcement in\n> Blink. Reported by Masato Kinugawa on 2020-05-27\n> - \\[1104628\\] Medium CVE-2020-6563: Insufficient policy enforcement in\n> intent handling. Reported by Pedro Oliveira on 2020-07-12\n> - \\[841622\\] Medium CVE-2020-6564: Incorrect security UI in\n> permissions. Reported by Khalil Zhani on 2018-05-10\n> - \\[1029907\\] Medium CVE-2020-6565: Incorrect security UI in Omnibox.\n> Reported by Khalil Zhani on 2019-12-02\n> - \\[1065264\\] Medium CVE-2020-6566: Insufficient policy enforcement in\n> media. Reported by Jun Kokatsu, Microsoft Browser Vulnerability\n> Research on 2020-03-27\n> - \\[937179\\] Low CVE-2020-6567: Insufficient validation of untrusted\n> input in command line handling. Reported by Joshua Graham of TSS on\n> 2019-03-01\n> - \\[1092451\\] Low CVE-2020-6568: Insufficient policy enforcement in\n> intent handling. Reported by Yongke Wang(@Rudykewang) and\n> Aryb1n(@aryb1n) of Tencent Security Xuanwu Lab on 2020-06-08\n> - \\[995732\\] Low CVE-2020-6569: Integer overflow in WebUSB. Reported\n> by guaixiaomei on 2019-08-20\n> - \\[1084699\\] Low CVE-2020-6570: Side-channel information leakage in\n> WebRTC. Reported by Signal/Tenable on 2020-05-19\n> - \\[1085315\\] Low CVE-2020-6571: Incorrect security UI in Omnibox.\n> Reported by Rayyan Bijoora on 2020-05-21\n", "id": "FreeBSD-2020-0229", "modified": "2020-08-26T00:00:00Z", "published": "2020-08-26T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://chromereleases.googleblog.com/2020/08/stable-channel-update-for-desktop_25.html" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-6558" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-6559" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-6560" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-6561" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-6562" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-6563" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-6564" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-6565" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-6566" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-6567" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-6568" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-6569" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-6570" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-6571" }, { "type": "WEB", "url": "https://chromereleases.googleblog.com/2020/08/stable-channel-update-for-desktop_25.html" } ], "schema_version": "1.7.0", "summary": "chromium -- multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "jasper" }, "ranges": [ { "events": [ { "fixed": "2.0.20" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://github.com/jasper-software/jasper/blob/master/NEWS" ], "discovery": "2020-07-28T00:00:00Z", "references": { "cvename": [ "CVE-2018-9154", "CVE-2018-19541", "CVE-2016-9399", "CVE-2017-13751", "CVE-2018-19540", "CVE-2018-9055", "CVE-2017-13748", "CVE-2017-5503", "CVE-2017-5504", "CVE-2017-5505", "CVE-2018-9252", "CVE-2018-19139", "CVE-2018-19543", "CVE-2017-9782", "CVE-2018-20570", "CVE-2018-20622", "CVE-2016-9398", "CVE-2017-14132", "CVE-2017-5499", "CVE-2018-18873", "CVE-2017-13750" ] }, "vid": "6842ac7e-d250-11ea-b9b7-08002728f74c" }, "details": "JasPer NEWS:\n\n> \\- Fix CVE-2018-9154\n>\n> \\- Fix CVE-2018-19541\n>\n> \\- Fix CVE-2016-9399, CVE-2017-13751\n>\n> \\- Fix CVE-2018-19540\n>\n> \\- Fix CVE-2018-9055\n>\n> \\- Fix CVE-2017-13748\n>\n> \\- Fix CVE-2017-5503, CVE-2017-5504, CVE-2017-5505\n>\n> \\- Fix CVE-2018-9252\n>\n> \\- Fix CVE-2018-19139\n>\n> \\- Fix CVE-2018-19543, CVE-2017-9782\n>\n> \\- Fix CVE-2018-20570\n>\n> \\- Fix CVE-2018-20622\n>\n> \\- Fix CVE-2016-9398\n>\n> \\- Fix CVE-2017-14132\n>\n> \\- Fix CVE-2017-5499\n>\n> \\- Fix CVE-2018-18873\n>\n> \\- Fix CVE-2017-13750\n", "id": "FreeBSD-2020-0228", "modified": "2020-09-05T00:00:00Z", "published": "2020-08-25T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://github.com/jasper-software/jasper/blob/master/NEWS" }, { "type": "WEB", "url": "https://github.com/jasper-software/jasper/blob/master/NEWS" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-9154" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-19541" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2016-9399" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-13751" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-19540" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-9055" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-13748" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-5503" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-5504" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-5505" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-9252" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-19139" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-19543" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-9782" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-20570" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-20622" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2016-9398" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-14132" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-5499" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-18873" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-13750" } ], "schema_version": "1.7.0", "summary": "jasper -- multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "xorg-server" }, "ranges": [ { "events": [ { "fixed": "1.20.8_4,1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "xephyr" }, "ranges": [ { "events": [ { "fixed": "1.20.8_4,1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "xorg-vfbserver" }, "ranges": [ { "events": [ { "fixed": "1.20.8_4,1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "xorg-nestserver" }, "ranges": [ { "events": [ { "fixed": "1.20.8_4,1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "xwayland" }, "ranges": [ { "events": [ { "fixed": "1.20.8_4,1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "xorg-dmx" }, "ranges": [ { "events": [ { "fixed": "1.20.8_4,1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://lists.x.org/archives/xorg-announce/2020-August/003058.html" ], "discovery": "2020-08-25T00:00:00Z", "references": { "cvename": [ "CVE-2020-14345", "CVE-2020-14346", "CVE-2020-14361", "CVE-2020-14362" ] }, "vid": "ffa15b3b-e6f6-11ea-8cbf-54e1ad3d6335" }, "details": "The X.org project reports:\n\n> All theses issuses can lead to local privileges elevation on systems\n> where the X server is running privileged.\n>\n> The handler for the XkbSetNames request does not validate the request\n> length before accessing its contents.\n>\n> An integer underflow exists in the handler for the XIChangeHierarchy\n> request.\n>\n> An integer underflow exist in the handler for the XkbSelectEvents\n> request.\n>\n> An integer underflow exist in the handler for the CreateRegister\n> request of the X record extension.\n", "id": "FreeBSD-2020-0227", "modified": "2020-08-25T00:00:00Z", "published": "2020-08-25T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://lists.x.org/archives/xorg-announce/2020-August/003058.html" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-14345" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-14346" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-14361" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-14362" }, { "type": "WEB", "url": "https://lists.x.org/archives/xorg-announce/2020-August/003058.html" } ], "schema_version": "1.7.0", "summary": "xorg-server -- Multiple input validation failures in X server extensions" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "libX11" }, "ranges": [ { "events": [ { "fixed": "1.6.12,1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://lists.x.org/archives/xorg-announce/2020-August/003056.html" ], "discovery": "2020-08-25T00:00:00Z", "references": { "cvename": [ "CVE-2020-14363" ] }, "vid": "8da79498-e6f6-11ea-8cbf-54e1ad3d6335" }, "details": "The X.org project reports:\n\n> There is an integer overflow and a double free vulnerability in the\n> way LibX11 handles locales. The integer overflow is a necessary\n> precursor to the double free.\n", "id": "FreeBSD-2020-0226", "modified": "2020-11-15T00:00:00Z", "published": "2020-08-25T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://lists.x.org/archives/xorg-announce/2020-August/003056.html" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-14363" }, { "type": "WEB", "url": "https://lists.x.org/archives/xorg-announce/2020-August/003056.html" } ], "schema_version": "1.7.0", "summary": "libX11 -- Doublefree in locale handlng code" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "chrony" }, "ranges": [ { "events": [ { "fixed": "3.5.1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://listengine.tuxfamily.org/chrony.tuxfamily.org/chrony-announce/2020/08/msg00000.html" ], "discovery": "2020-08-06T00:00:00Z", "references": { "cvename": [ "CVE-2020-14367" ] }, "vid": "719f06af-e45e-11ea-95a1-c3b8167b8026" }, "details": "Miroslav Lichvar reports:\n\n> chrony-3.5.1 \\[\\...\\] fixes a security issue in writing of the\n> pidfile.\n>\n> When chronyd is configured to save the pidfile in a directory where\n> the chrony user has write permissions (e.g. /var/run/chrony - the\n> default since chrony-3.4), an attacker that compromised the chrony\n> user account could create a symbolic link at the location of the\n> pidfile to make chronyd starting with root privileges follow the\n> symlink and write its process ID to a file for which the chrony user\n> doesn\\'t have write permissions, causing a denial of service, or data\n> loss.\n>\n> This issue was reported by Matthias Gerstner of SUSE.\n", "id": "FreeBSD-2020-0225", "modified": "2020-08-22T00:00:00Z", "published": "2020-08-22T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://listengine.tuxfamily.org/chrony.tuxfamily.org/chrony-announce/2020/08/msg00000.html" }, { "type": "WEB", "url": "https://listengine.tuxfamily.org/chrony.tuxfamily.org/chrony-announce/2020/08/msg00000.html" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-14367" } ], "schema_version": "1.7.0", "summary": "chrony <= 3.5.1 data corruption through symlink vulnerability writing the pidfile" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "openzfs-kmod" }, "ranges": [ { "events": [ { "fixed": "2020081800" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=248787" ], "discovery": "2020-08-13T00:00:00Z", "references": { "freebsdpr": [ "ports/248787" ] }, "vid": "2ed7e8db-e234-11ea-9392-002590bc43be" }, "details": "Andrew Walker reports:\n\n> ##### Issue 1:\n>\n> Users are always granted permissions to cd into a directory. The check\n> for whether execute is present on directories is a de-facto no-op.\n> This cannot be mitigated without upgrading. Even setting an explicit\n> \\\"deny - execute\\\" NFSv4 ACE will be bypassed.\n>\n> ##### Issue 2:\n>\n> All ACEs for the owner_group (group@) and regular groups\n> (group:\\) are granted the current user. This means that POSIX\n> mode 770 is de-facto 777, and the below ACL is also de-facto 777\n> because the groupmember check for builtin_administrators returns True.\n>\n>\n> root@TESTBOX[~]# getfacl testfile\n> # file: testfile\n> # owner: root\n> # group: wheel\n> group:builtin_administrators:rwxpDdaARWcCos:-------:allow\n> \n", "id": "FreeBSD-2020-0224", "modified": "2020-08-20T00:00:00Z", "published": "2020-08-20T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=248787" }, { "type": "REPORT", "url": "https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=248787" }, { "type": "WEB", "url": "https://github.com/openzfs/zfs/commit/716b53d0a14c72bda16c0872565dd1909757e73f" }, { "type": "WEB", "url": "https://reviews.freebsd.org/D26107" } ], "schema_version": "1.7.0", "summary": "sysutils/openzfs-kmod -- critical permissions issues" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "elasticsearch6" }, "ranges": [ { "events": [ { "fixed": "6.8.12" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://discuss.elastic.co/t/elastic-stack-7-9-0-and-6-8-12-security-update/245456" ], "discovery": "2020-08-19T00:00:00Z", "references": { "cvename": [ "CVE-2020-7019" ] }, "vid": "fbca6863-e2ad-11ea-9d39-00a09858faf5" }, "details": "Elastic reports:\n\n> A field disclosure flaw was found in Elasticsearch when running a\n> scrolling search with Field Level Security. If a user runs the same\n> query another more privileged user recently ran, the scrolling search\n> can leak fields that should be hidden. This could result in an\n> attacker gaining additional permissions against a restricted index.\n", "id": "FreeBSD-2020-0223", "modified": "2020-08-20T00:00:00Z", "published": "2020-08-20T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://discuss.elastic.co/t/elastic-stack-7-9-0-and-6-8-12-security-update/245456" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-7019" }, { "type": "WEB", "url": "https://discuss.elastic.co/t/elastic-stack-7-9-0-and-6-8-12-security-update/245456" }, { "type": "WEB", "url": "https://github.com/elastic/elasticsearch/pull/39490" } ], "schema_version": "1.7.0", "summary": "textproc/elasticsearch6 -- field disclosure flaw" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "adns" }, "ranges": [ { "events": [ { "fixed": "1.5.2" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://www.chiark.greenend.org.uk/pipermail/adns-announce/2020/000004.html" ], "discovery": "2017-05-21T00:00:00Z", "references": { "cvename": [ "CVE-2017-9103", "CVE-2017-9104", "CVE-2017-9105", "CVE-2017-9106", "CVE-2017-9107", "CVE-2017-9108", "CVE-2017-9109" ] }, "vid": "08de38d2-e2d0-11ea-9538-0c9d925bbbc0" }, "details": "Ian Jackson and the adns project reports:\n\n> Vulnerable applications: all adns callers. Exploitable by: the local\n> recursive resolver. Likely worst case: Remote code execution.\n>\n> Vulnerable applications: those that make SOA queries. Exploitable by:\n> upstream DNS data sources. Likely worst case: DoS (crash of the\n> adns-using application)\n>\n> Vulnerable applications: those that use adns_qf_quoteok_query.\n> Exploitable by: sources of query domain names. Likely worst case: DoS\n> (crash of the adns-using application)\n>\n> Vulnerable applications: adnshost. Exploitable by: code responsible\n> for framing the input. Likely worst case: DoS (adnshost crashes at\n> EOF).\n", "id": "FreeBSD-2020-0222", "modified": "2020-08-20T00:00:00Z", "published": "2020-08-20T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://www.chiark.greenend.org.uk/pipermail/adns-announce/2020/000004.html" }, { "type": "WEB", "url": "https://www.chiark.greenend.org.uk/pipermail/adns-announce/2020/000004.html" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-9103" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-9104" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-9105" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-9106" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-9107" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-9108" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-9109" } ], "schema_version": "1.7.0", "summary": "adns -- multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "icingaweb2" }, "ranges": [ { "events": [ { "last_affected": "2.8.1" }, { "fixed": "2.8.1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-24368" ], "discovery": "2020-08-19T00:00:00Z", "references": { "cvename": [ "CVE-2020-24368" ] }, "vid": "f60561e7-e23e-11ea-be64-507b9d01076a" }, "details": "Icinga development team reports:\n\n> CVE-2020-24368\n>\n> Icinga Icinga Web2 2.0.0 through 2.6.4, 2.7.4 and 2.8.2 has a\n> Directory Traversal vulnerability which allows an attacker to access\n> arbitrary files that are readable by the process running Icinga Web 2.\n> This issue is fixed in Icinga Web 2 in v2.6.4, v2.7.4 and v2.8.2.\n", "id": "FreeBSD-2020-0221", "modified": "2020-08-19T00:00:00Z", "published": "2020-08-19T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-24368" }, { "type": "WEB", "url": "https://icinga.com/2020/08/19/icinga-web-security-release-v2-6-4-v2-7-4-and-v2-8-2/" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-24368" } ], "schema_version": "1.7.0", "summary": "Icinga Web 2 -- directory traversal vulnerability" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "curl" }, "ranges": [ { "events": [ { "introduced": "7.29.0" }, { "fixed": "7.72.0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://curl.haxx.se/docs/security.html" ], "discovery": "2020-08-19T00:00:00Z", "references": { "cvename": [ "CVE-2020-8231" ] }, "vid": "b905dff4-e227-11ea-b0ea-08002728f74c" }, "details": "curl security problems:\n\n> CVE-2020-8231: wrong connect-only connection\n>\n> An application that performs multiple requests with libcurl\\'s multi\n> API and sets the CURLOPT_CONNECT_ONLY option, might in rare\n> circumstances experience that when subsequently using the setup\n> connect-only transfer, libcurl will pick and use the wrong\n> connection - and instead pick another one the application has created\n> since then.\n>\n> CURLOPT_CONNECT_ONLY is the option to tell libcurl to not perform an\n> actual transfer, only connect. When that operation is completed,\n> libcurl remembers which connection it used for that transfer and\n> \\\"easy handle\\\". It remembers the connection using a pointer to the\n> internal connectdata struct in memory.\n>\n> If more transfers are then done with the same multi handle before the\n> connect-only connection is used, leading to the initial connect-only\n> connection to get closed (for example due to idle time-out) while also\n> new transfers (and connections) are setup, such a new connection might\n> end up getting the exact same memory address as the now closed\n> connect-only connection.\n>\n> If after those operations, the application then wants to use the\n> original transfer\\'s connect-only setup to for example use\n> curl_easy_send() to send raw data over that connection, libcurl could\n> erroneously find an existing connection still being alive at the\n> address it remembered since before even though this is now a new and\n> different connection.\n>\n> The application could then accidentally send data over that connection\n> which wasn\\'t at all intended for that recipient, entirely\n> unknowingly.\n", "id": "FreeBSD-2020-0220", "modified": "2020-08-19T00:00:00Z", "published": "2020-08-19T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://curl.haxx.se/docs/security.html" }, { "type": "WEB", "url": "https://curl.haxx.se/docs/security.html" }, { "type": "WEB", "url": "https://curl.haxx.se/docs/CVE-2020-8231.html" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-8231" } ], "schema_version": "1.7.0", "summary": "curl -- expired pointer dereference vulnerability" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "python37" }, "ranges": [ { "events": [ { "fixed": "3.7.9" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "python36" }, "ranges": [ { "events": [ { "fixed": "3.6.12" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://docs.python.org/release/3.7.9/whatsnew/changelog.html#changelog" ], "discovery": "2020-06-17T00:00:00Z", "references": { "cvename": [ "CVE-2020-14422", "CVE-2020-15523" ] }, "vid": "3fcb70a4-e22d-11ea-98b2-080027846a02" }, "details": "Python reports:\n\n> bpo-29778: Ensure python3.dll is loaded from correct locations when\n> Python is embedded (CVE-2020-15523).\n>\n> bpo-41004: CVE-2020-14422: The \\_\\_hash\\_\\_() methods of\n> ipaddress.IPv4Interface and ipaddress.IPv6Interface incorrectly\n> generated constant hash values of 32 and 128 respectively. This\n> resulted in always causing hash collisions. The fix uses hash() to\n> generate hash values for the tuple of (address, mask length, network\n> address).\n>\n> bpo-39603: Prevent http header injection by rejecting control\n> characters in http.client.putrequest(\\...).\n", "id": "FreeBSD-2020-0219", "modified": "2020-08-19T00:00:00Z", "published": "2020-08-19T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://docs.python.org/release/3.7.9/whatsnew/changelog.html#changelog" }, { "type": "WEB", "url": "https://docs.python.org/release/3.7.9/whatsnew/changelog.html#changelog" }, { "type": "WEB", "url": "https://docs.python.org/release/3.6.12/whatsnew/changelog.html#changelog" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-14422" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-15523" } ], "schema_version": "1.7.0", "summary": "Python -- multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "trousers" }, "ranges": [ { "events": [ { "fixed": "0.3.14_3" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://sourceforge.net/p/trousers/trousers/ci/e74dd1d96753b0538192143adf58d04fcd3b242b/" ], "discovery": "2020-05-20T00:00:00Z", "references": { "cvename": [ "CVE-2020-24330", "CVE-2020-24331", "CVE-2020-24332" ] }, "vid": "e37a0a7b-e1a7-11ea-9538-0c9d925bbbc0" }, "details": "the TrouSerS project reports reports:\n\n> If the tcsd daemon is started with root privileges, it fails to drop\n> the root gid after it is no longer needed.\n>\n> If the tcsd daemon is started with root privileges, the tss user has\n> read and write access to the /etc/tcsd.conf file.\n>\n> If the tcsd daemon is started with root privileges, the creation of\n> the system.data file is prone to symlink attacks.\n", "id": "FreeBSD-2020-0218", "modified": "2020-08-18T00:00:00Z", "published": "2020-08-18T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://sourceforge.net/p/trousers/trousers/ci/e74dd1d96753b0538192143adf58d04fcd3b242b/" }, { "type": "WEB", "url": "https://sourceforge.net/p/trousers/trousers/ci/e74dd1d96753b0538192143adf58d04fcd3b242b/" }, { "type": "WEB", "url": "https://www.openwall.com/lists/oss-security/2020/05/20/3" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-24330" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-24331" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-24332" } ], "schema_version": "1.7.0", "summary": "security/trousers -- several vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "chromium" }, "ranges": [ { "events": [ { "fixed": "84.0.4147.135" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://chromereleases.googleblog.com/2020/08/stable-channel-update-for-desktop_18.html" ], "discovery": "2020-08-18T00:00:00Z", "references": { "cvename": [ "CVE-2020-6556" ] }, "vid": "64575bb6-e188-11ea-beed-e09467587c17" }, "details": "Chrome Releases reports:\n\n> This release contains one security fix:\n>\n> - \\[1115345\\] High CVE-2020-6556: Heap buffer overflow in SwiftShader.\n> Reported by Alison Huffman, Microsoft Browser Vulnerability Research\n> on 2020-08-12\n", "id": "FreeBSD-2020-0217", "modified": "2020-08-18T00:00:00Z", "published": "2020-08-18T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://chromereleases.googleblog.com/2020/08/stable-channel-update-for-desktop_18.html" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-6556" }, { "type": "WEB", "url": "https://chromereleases.googleblog.com/2020/08/stable-channel-update-for-desktop_18.html" } ], "schema_version": "1.7.0", "summary": "chromium -- heap buffer overflow" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "ceph14" }, "ranges": [ { "events": [ { "fixed": "14.2.11" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-10753" ], "discovery": "2020-05-27T00:00:00Z", "references": { "cvename": [ "CVE-2020-10753" ], "freebsdpr": [ "ports/248673" ] }, "vid": "f20eb9a4-dfea-11ea-a9b8-9c5c8e84d621" }, "details": "Red Hat bugzilla reports:\n\n> A flaw was found in the Red Hat Ceph Storage RadosGW (Ceph Object\n> Gateway). The vulnerability is related to the injection of HTTP\n> headers via a CORS ExposeHeader tag. The newline character in the\n> ExposeHeader tag in the CORS configuration file generates a header\n> injection in the response when the CORS request is made.\n", "id": "FreeBSD-2020-0216", "modified": "2020-08-16T00:00:00Z", "published": "2020-08-16T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-10753" }, { "type": "REPORT", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-10753" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-10753" }, { "type": "REPORT", "url": "https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=248673" } ], "schema_version": "1.7.0", "summary": "ceph14 -- HTTP header injection via CORS ExposeHeader tag" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "jenkins" }, "ranges": [ { "events": [ { "fixed": "2.243" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "jenkins-lts" }, "ranges": [ { "events": [ { "fixed": "2.235.5" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://www.jenkins.io/security/advisory/2020-08-17/" ], "discovery": "2020-08-17T00:00:00Z", "references": { "cvename": [ "CVE-2019-17638" ] }, "vid": "09ea1b08-1d3e-4bf2-91a1-d6573f4da3d8" }, "details": "Jenkins Security Advisory:\n\n> # Description\n>\n> ##### (Critical) SECURITY-1983 / CVE-2019-17638\n>\n> Buffer corruption in bundled Jetty\n", "id": "FreeBSD-2020-0215", "modified": "2020-08-17T00:00:00Z", "published": "2020-08-17T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://www.jenkins.io/security/advisory/2020-08-17/" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-17638" }, { "type": "WEB", "url": "https://www.jenkins.io/security/advisory/2020-08-17/" } ], "schema_version": "1.7.0", "summary": "jenkins -- Buffer corruption in bundled Jetty" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "rsync" }, "ranges": [ { "events": [ { "fixed": "3.2.0" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://download.samba.org/pub/rsync/NEWS#3.2.0" ], "discovery": "2020-06-19T00:00:00Z", "references": { "cvename": [ "CVE-2016-9843", "CVE-2016-9842", "CVE-2016-9841", "CVE-2016-9840" ] }, "vid": "085399ab-dfd7-11ea-96e4-80ee73bc7b66" }, "details": "rsync developers reports:\n\n> Various zlib fixes, including security fixes for CVE-2016-9843,\n> CVE-2016-9842, CVE-2016-9841, and CVE-2016-9840\n", "id": "FreeBSD-2020-0214", "modified": "2020-08-16T00:00:00Z", "published": "2020-08-16T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://download.samba.org/pub/rsync/NEWS#3.2.0" }, { "type": "WEB", "url": "https://download.samba.org/pub/rsync/NEWS#3.2.0" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2016-9843" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2016-9842" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2016-9841" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2016-9840" } ], "schema_version": "1.7.0", "summary": "net/rsync -- multiple zlib issues" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "py27-ecdsa" }, "ranges": [ { "events": [ { "last_affected": "0.13.3" }, { "fixed": "0.13.3" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "py37-ecdsa" }, "ranges": [ { "events": [ { "last_affected": "0.13.3" }, { "fixed": "0.13.3" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://github.com/warner/python-ecdsa/releases/tag/python-ecdsa-0.13.3" ], "discovery": "2019-10-07T00:00:00Z", "references": { "cvename": [ "CVE-2019-14853", "CVE-2019-14859" ] }, "vid": "a23ebf36-e8b6-4665-b0f3-4c977f9a145c" }, "details": "py-ecdsa developers report:\n\n> Fix CVE-2019-14853 - possible DoS caused by malformed signature\n> decoding.\n>\n> Fix CVE-2019-14859 - signature malleability caused by insufficient\n> checks of DER encoding\n", "id": "FreeBSD-2020-0213", "modified": "2020-08-16T00:00:00Z", "published": "2020-08-16T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://github.com/warner/python-ecdsa/releases/tag/python-ecdsa-0.13.3" }, { "type": "WEB", "url": "https://github.com/warner/python-ecdsa/releases/tag/python-ecdsa-0.13.3" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-14853" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-14859" } ], "schema_version": "1.7.0", "summary": "security/py-ecdsa -- multiple issues" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "snmptt" }, "ranges": [ { "events": [ { "fixed": "1.4.2" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "http://snmptt.sourceforge.net/changelog.shtml" ], "discovery": "2020-07-23T00:00:00Z", "references": { "freebsdpr": [ "ports/248162" ] }, "vid": "b8ea5b66-deff-11ea-adef-641c67a117d8" }, "details": "Snmptt reports:\n\n> Fixed a security issue with EXEC / PREXEC / unknown_trap_exec that\n> could allow malicious shell code to be executed.\n>\n> Fixed a bug with EXEC / PREXEC / unknown_trap_exec that caused\n> commands to be run as root instead of the user defined in daemon_uid.\n", "id": "FreeBSD-2020-0212", "modified": "2020-08-15T00:00:00Z", "published": "2020-08-15T00:00:00Z", "references": [ { "type": "REPORT", "url": "http://snmptt.sourceforge.net/changelog.shtml" }, { "type": "WEB", "url": "http://snmptt.sourceforge.net/changelog.shtml" }, { "type": "REPORT", "url": "https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=248162" } ], "schema_version": "1.7.0", "summary": "snmptt -- malicious shell code" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "dovecot" }, "ranges": [ { "events": [ { "fixed": "2.3.11" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://dovecot.org/pipermail/dovecot-news/2020-August/000440.html", "https://dovecot.org/pipermail/dovecot-news/2020-August/000440.html", "https://dovecot.org/pipermail/dovecot-news/2020-August/000440.html", "https://dovecot.org/pipermail/dovecot-news/2020-August/000440.html" ], "discovery": "2020-04-23T00:00:00Z", "references": { "cvename": [ "CVE-2020-12100", "CVE-2020-12673", "CVE-2020-10967", "CVE-2020-12674" ] }, "vid": "87a07de1-e55e-4d51-bb64-8d117829a26a" }, "details": "Aki Tuomi reports:\n\n> Parsing mails with a large number of MIME parts could have resulted in\n> excessive CPU usage or a crash due to running out of stack memory..\n\n> Dovecot\\'s NTLM implementation does not correctly check message buffer\n> size, which leads to reading past allocation which can lead to crash\n\n> lmtp/submission: Issuing the RCPT command with an address that has the\n> empty quoted string as local-part causes the lmtp service to crash.\n\n> Dovecot\\'s RPA mechanism implementation accepts zero-length message,\n> which leads to assert-crash later on.\n", "id": "FreeBSD-2020-0211", "modified": "2020-08-13T00:00:00Z", "published": "2020-08-13T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://dovecot.org/pipermail/dovecot-news/2020-August/000440.html" }, { "type": "REPORT", "url": "https://dovecot.org/pipermail/dovecot-news/2020-August/000440.html" }, { "type": "REPORT", "url": "https://dovecot.org/pipermail/dovecot-news/2020-August/000440.html" }, { "type": "REPORT", "url": "https://dovecot.org/pipermail/dovecot-news/2020-August/000440.html" }, { "type": "WEB", "url": "https://dovecot.org/pipermail/dovecot-news/2020-August/000440.html" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-12100" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-12673" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-10967" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-12674" } ], "schema_version": "1.7.0", "summary": "mail/dovecot -- multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "ilmbase" }, "ranges": [ { "events": [ { "fixed": "2.5.3" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "openexr" }, "ranges": [ { "events": [ { "fixed": "2.5.3" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://github.com/AcademySoftwareFoundation/openexr/releases/tag/v2.5.3" ], "discovery": "2020-07-13T00:00:00Z", "vid": "b1d6b383-dd51-11ea-a688-7b12871ef3ad" }, "details": "Cary Phillips reports:\n\n> v2.5.3 - Patch release with various bug/security fixes \\[\\...\\]:\n>\n> - Various sanitizer/fuzz-identified issues related to handling of\n> invalid input\n", "id": "FreeBSD-2020-0210", "modified": "2020-08-13T00:00:00Z", "published": "2020-08-13T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://github.com/AcademySoftwareFoundation/openexr/releases/tag/v2.5.3" }, { "type": "WEB", "url": "https://github.com/AcademySoftwareFoundation/openexr/releases/tag/v2.5.3" } ], "schema_version": "1.7.0", "summary": "ilmbase, openexr -- v2.5.3 is a patch release with various bug/security fixes" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "jenkins" }, "ranges": [ { "events": [ { "fixed": "2.252" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "jenkins-lts" }, "ranges": [ { "events": [ { "fixed": "2.235.4" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://www.jenkins.io/security/advisory/2020-08-12/" ], "discovery": "2020-08-12T00:00:00Z", "references": { "cvename": [ "CVE-2020-2229", "CVE-2020-2230", "CVE-2020-2231" ] }, "vid": "eef0d2d9-78c0-441e-8b03-454c5baebe20" }, "details": "Jenkins Security Advisory:\n\n> # Description\n>\n> ##### (High) SECURITY-1955 / CVE-2020-2229\n>\n> Stored XSS vulnerability in help icons\n>\n> ##### (High) SECURITY-1957 / CVE-2020-2230\n>\n> Stored XSS vulnerability in project naming strategy\n>\n> ##### (High) SECURITY-1960 / CVE-2020-2231\n>\n> Stored XSS vulnerability in \\'Trigger builds remotely\\'\n", "id": "FreeBSD-2020-0209", "modified": "2020-08-12T00:00:00Z", "published": "2020-08-12T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://www.jenkins.io/security/advisory/2020-08-12/" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-2229" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-2230" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-2231" }, { "type": "WEB", "url": "https://www.jenkins.io/security/advisory/2020-08-12/" } ], "schema_version": "1.7.0", "summary": "jenkins -- multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "chromium" }, "ranges": [ { "events": [ { "fixed": "84.0.4147.125" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://chromereleases.googleblog.com/2020/08/stable-channel-update-for-desktop.html" ], "discovery": "2020-08-10T00:00:00Z", "references": { "cvename": [ "CVE-2020-6542", "CVE-2020-6543", "CVE-2020-6544", "CVE-2020-6545", "CVE-2020-6546", "CVE-2020-6547", "CVE-2020-6548", "CVE-2020-6549", "CVE-2020-6550", "CVE-2020-6551", "CVE-2020-6552", "CVE-2020-6553", "CVE-2020-6554", "CVE-2020-6555" ] }, "vid": "1110e286-dc08-11ea-beed-e09467587c17" }, "details": "Chrome Releases reports:\n\n> This release contains 15 security fixes, including:\n>\n> - \\[1107433\\] High CVE-2020-6542: Use after free in ANGLE. Reported by\n> Piotr Bania of Cisco Talos on 2020-07-20\n> - \\[1104046\\] High CVE-2020-6543: Use after free in task scheduling.\n> Reported by Looben Yang on 2020-07-10\n> - \\[1108497\\] High CVE-2020-6544: Use after free in media. Reported by\n> Tim Becker of Theori on 2020-07-22\n> - \\[1095584\\] High CVE-2020-6545: Use after free in audio. Reported by\n> Anonymous on 2020-06-16\n> - \\[1100280\\] High CVE-2020-6546: Inappropriate implementation in\n> installer. Reported by Andrew Hess (any1) on 2020-06-29\n> - \\[1102153\\] High CVE-2020-6547: Incorrect security UI in media.\n> Reported by David Albert on 2020-07-05\n> - \\[1103827\\] High CVE-2020-6548: Heap buffer overflow in Skia.\n> Reported by Choongwoo Han, Microsoft Browser Vulnerability Research\n> on 2020-07-09\n> - \\[1105426\\] High CVE-2020-6549: Use after free in media. Reported by\n> Sergei Glazunov of Google Project Zero on 2020-07-14\n> - \\[1106682\\] High CVE-2020-6550: Use after free in IndexedDB.\n> Reported by Sergei Glazunov of Google Project Zero on 2020-07-17\n> - \\[1107815\\] High CVE-2020-6551: Use after free in WebXR. Reported by\n> Sergei Glazunov of Google Project Zero on 2020-07-21\n> - \\[1108518\\] High CVE-2020-6552: Use after free in Blink. Reported by\n> Tim Becker of Theori on 2020-07-22\n> - \\[1111307\\] High CVE-2020-6553: Use after free in offline mode.\n> Reported by Alison Huffman, Microsoft Browser Vulnerability Research\n> on 2020-07-30\n> - \\[1094235\\] Medium CVE-2020-6554: Use after free in extensions.\n> Reported by Anonymous on 2020-06-12\n> - \\[1105202\\] Medium CVE-2020-6555: Out of bounds read in WebGL.\n> Reported by Marcin Towalski of Cisco Talos on 2020-07-13\n", "id": "FreeBSD-2020-0208", "modified": "2020-08-11T00:00:00Z", "published": "2020-08-11T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://chromereleases.googleblog.com/2020/08/stable-channel-update-for-desktop.html" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-6542" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-6543" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-6544" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-6545" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-6546" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-6547" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-6548" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-6549" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-6550" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-6551" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-6552" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-6553" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-6554" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-6555" }, { "type": "WEB", "url": "https://chromereleases.googleblog.com/2020/08/stable-channel-update-for-desktop.html" } ], "schema_version": "1.7.0", "summary": "chromium -- multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "puppetdb5" }, "ranges": [ { "events": [ { "fixed": "5.2.18" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://puppet.com/security/cve/jackson-july-2020-security-fixes/" ], "discovery": "2020-07-23T00:00:00Z", "references": { "cvename": [ "CVE-2020-9548", "CVE-2020-14062", "CVE-2020-14060", "CVE-2020-14061", "CVE-2020-14195" ] }, "vid": "10e3ed8a-db7f-11ea-8bdf-643150d3111d" }, "details": "Puppetlabs reports:\n\n> In June 2020, jackson-databind published security updates addressing\n> several CVEs. Previous releases of PuppetDB contain a vulnerable\n> version of jackson.core:jackson-databind. PuppetDB 5.2.18 contains an\n> updated version of jackson-databind that has patched the\n> vulnerabilities.\n", "id": "FreeBSD-2020-0207", "modified": "2020-08-11T00:00:00Z", "published": "2020-08-11T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://puppet.com/security/cve/jackson-july-2020-security-fixes/" }, { "type": "WEB", "url": "https://puppet.com/security/cve/jackson-july-2020-security-fixes/" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-9548" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-14062" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-14060" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-14061" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-14195" } ], "schema_version": "1.7.0", "summary": "puppetdb -- Multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "bftpd" }, "ranges": [ { "events": [ { "fixed": "5.6" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "http://bftpd.sourceforge.net/news.html" ], "discovery": "2020-04-16T00:00:00Z", "vid": "6b6de127-db0b-11ea-ba1e-1c39475b9f84" }, "details": "Bftpd project reports:\n\n> Bftpd is vulnerable to out of bounds memory access, file descriptor\n> leak and a potential buffer overflow.\n", "id": "FreeBSD-2020-0206", "modified": "2020-08-10T00:00:00Z", "published": "2020-08-10T00:00:00Z", "references": [ { "type": "REPORT", "url": "http://bftpd.sourceforge.net/news.html" }, { "type": "WEB", "url": "http://bftpd.sourceforge.net/news.html" } ], "schema_version": "1.7.0", "summary": "bftpd -- Multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "trafficserver" }, "ranges": [ { "events": [ { "fixed": "8.0.8" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://lists.apache.org/thread.html/rf7f86917f42fdaf904d99560cba0c016e03baea6244c47efeb60ecbe%40%3Cdev.trafficserver.apache.org%3E" ], "discovery": "2020-06-24T00:00:00Z", "references": { "cvename": [ "CVE-2020-9494" ] }, "vid": "6fd773d3-bc5a-11ea-b38d-f0def1d0c3ea" }, "details": "Bryan Call reports:\n\n> ATS is vulnerable to certain types of HTTP/2 HEADERS frames that can\n> cause the server to allocate a large amount of memory and spin the\n> thread.\n", "id": "FreeBSD-2020-0205", "modified": "2020-07-02T00:00:00Z", "published": "2020-07-02T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://lists.apache.org/thread.html/rf7f86917f42fdaf904d99560cba0c016e03baea6244c47efeb60ecbe%40%3Cdev.trafficserver.apache.org%3E" }, { "type": "ADVISORY", "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-9494" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-9494" } ], "schema_version": "1.7.0", "summary": "trafficserver -- resource consumption" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "apache24" }, "ranges": [ { "events": [ { "fixed": "2.4.46" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "mod_http2" }, "ranges": [ { "events": [ { "fixed": "1.15.14" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://downloads.apache.org/httpd/CHANGES_2.4.46" ], "discovery": "2020-08-07T00:00:00Z", "references": { "cvename": [ "CVE-2020-9490", "CVE-2020-11984", "CVE-2020-11993" ] }, "vid": "76700d2f-d959-11ea-b53c-d4c9ef517024" }, "details": "The Apache httpd projec reports:\n\n> - mod_http2: Important: Push Diary Crash on Specifically Crafted\n> HTTP/2 Header (CVE-2020-9490)\\\n> A specially crafted value for the \\'Cache-Digest\\' header in a\n> HTTP/2 request would result in a crash when the server actually\n> tries to HTTP/2 PUSH a resource afterwards.\n> - mod_proxy_uwsgi: Moderate: mod_proxy_uwsgi buffer overflow\n> (CVE-2020-11984)\\\n> info disclosure and possible RCE\n> - mod_http2: Moderate: Push Diary Crash on Specifically Crafted HTTP/2\n> Header (CVE-2020-11993)\\\n> When trace/debug was enabled for the HTTP/2 module and on certain\n> traffic edge patterns, logging statements were made on the wrong\n> connection, causing concurrent use of memory pools.\n", "id": "FreeBSD-2020-0204", "modified": "2020-08-08T00:00:00Z", "published": "2020-08-08T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://downloads.apache.org/httpd/CHANGES_2.4.46" }, { "type": "WEB", "url": "https://downloads.apache.org/httpd/CHANGES_2.4.46" }, { "type": "WEB", "url": "https://httpd.apache.org/security/vulnerabilities_24.html" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-9490" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-11984" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-11993" } ], "schema_version": "1.7.0", "summary": "Apache httpd -- Multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "go" }, "ranges": [ { "events": [ { "fixed": "1.14.7,1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://github.com/golang/go/issues/40618" ], "discovery": "2020-08-06T00:00:00Z", "references": { "cvename": [ "CVE-2020-16845" ] }, "vid": "bc7aff8c-d806-11ea-a5aa-0800272260e5" }, "details": "The Go project reports:\n\n> Certain invalid inputs to ReadUvarint or ReadVarint could cause those\n> functions to read an unlimited number of bytes from the ByteReader\n> argument before returning an error. This could lead to processing more\n> input than expected when the caller is reading directly from the\n> network and depends on ReadUvarint and ReadVarint only consuming a\n> small, bounded number of bytes, even from invalid inputs.\n", "id": "FreeBSD-2020-0203", "modified": "2020-08-06T00:00:00Z", "published": "2020-08-06T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://github.com/golang/go/issues/40618" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-16845" }, { "type": "WEB", "url": "https://github.com/golang/go/issues/40618" } ], "schema_version": "1.7.0", "summary": "go -- encoding/binary: ReadUvarint and ReadVarint can read an unlimited number of bytes from invalid inputs" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "gitlab-ce" }, "ranges": [ { "events": [ { "fixed": "13.3.0" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://about.gitlab.com/releases/2020/08/05/gitlab-13-2-3-released/" ], "discovery": "2020-08-05T00:00:00Z", "references": { "cvename": [ "CVE-2020-10977", "CVE-2020-13280", "CVE-2020-13281", "CVE-2020-14001" ] }, "vid": "a003b74f-d7b3-11ea-9df1-001b217b3468" }, "details": "Gitlab reports:\n\n> Arbitrary File Read when Moving an Issue\n>\n> Memory Exhaustion via Excessive Logging of Invite Email Error\n>\n> Denial of Service Through Project Import Feature\n>\n> User Controlled Git Configuration Settings Resulting in SSRF\n>\n> Stored XSS in Issue Reference Number Tooltip\n>\n> Stored XSS in Issues List via Milestone Title\n>\n> Improper Access Control After Group Transfer\n>\n> Bypass Email Verification Required for OAuth Flow\n>\n> Confusion When Using Hexadecimal Branch Names\n>\n> Insufficient OAuth Revocation\n>\n> Improper Access Control for Project Sharing\n>\n> Stored XSS in Jobs Page\n>\n> Improper Access Control of Applications Page\n>\n> SSRF into Shared Runner\n>\n> Update Kramdown Gem\n", "id": "FreeBSD-2020-0202", "modified": "2020-08-25T00:00:00Z", "published": "2020-08-06T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://about.gitlab.com/releases/2020/08/05/gitlab-13-2-3-released/" }, { "type": "WEB", "url": "https://about.gitlab.com/releases/2020/08/05/gitlab-13-2-3-released/" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-10977" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-13280" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-13281" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-14001" } ], "schema_version": "1.7.0", "summary": "Gitlab -- Multiple Vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:kernel", "name": "FreeBSD-kernel" }, "ranges": [ { "events": [ { "introduced": "12.1" }, { "fixed": "12.1_8" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "11.4" }, { "fixed": "11.4_2" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "11.3" }, { "fixed": "11.3_12" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "discovery": "2020-08-05T00:00:00Z", "references": { "cvename": [ "CVE-2020-7460" ], "freebsdsa": [ "SA-20:23.sendmsg" ] }, "vid": "8db74c04-d794-11ea-88f8-901b0ef719ab" }, "details": "# Problem Description:\n\nWhen handling a 32-bit sendmsg(2) call, the compat32 subsystem copies\nthe control message to be transmitted (if any) into kernel memory, and\nadjusts alignment of control message headers. The code which performs\nthis work contained a time-of-check to time-of-use (TOCTOU)\nvulnerability which allows a malicious userspace program to modify\ncontrol message headers after they were validated by the kernel.\n\n# Impact:\n\nThe TOCTOU bug can be exploited by an unprivileged malicious userspace\nprogram to trigger privilege escalation.\n", "id": "FreeBSD-2020-0201", "modified": "2020-08-06T00:00:00Z", "published": "2020-08-06T00:00:00Z", "references": [ { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-7460" }, { "type": "ADVISORY", "url": "https://www.freebsd.org/security/advisories/FreeBSD-SA-20:23.sendmsg.asc" } ], "schema_version": "1.7.0", "summary": "FreeBSD -- sendmsg(2) privilege escalation" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:kernel", "name": "FreeBSD-kernel" }, "ranges": [ { "events": [ { "introduced": "12.1" }, { "fixed": "12.1_8" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "11.4" }, { "fixed": "11.4_2" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "11.3" }, { "fixed": "11.3_12" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "discovery": "2020-08-05T00:00:00Z", "references": { "cvename": [ "CVE-2020-7459" ], "freebsdsa": [ "SA-20:21.usb_net" ] }, "vid": "9eb01384-d793-11ea-88f8-901b0ef719ab" }, "details": "# Problem Description:\n\nA missing length validation code common to these three drivers means\nthat a malicious USB device could write beyond the end of an allocated\nnetwork packet buffer.\n\n# Impact:\n\nAn attacker with physical access to a USB port and the ability to bring\na network interface up may be able to use a specially crafted USB device\nto gain kernel or user-space code execution.\n", "id": "FreeBSD-2020-0200", "modified": "2020-08-06T00:00:00Z", "published": "2020-08-06T00:00:00Z", "references": [ { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-7459" }, { "type": "ADVISORY", "url": "https://www.freebsd.org/security/advisories/FreeBSD-SA-20:21.usb_net.asc" } ], "schema_version": "1.7.0", "summary": "FreeBSD -- Potential memory corruption in USB network device drivers" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "typo3-9-php72" }, "ranges": [ { "events": [ { "fixed": "9.5.20" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "typo3-9-php73" }, "ranges": [ { "events": [ { "fixed": "9.5.20" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "typo3-9-php74" }, "ranges": [ { "events": [ { "fixed": "9.5.20" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "typo3-10-php72" }, "ranges": [ { "events": [ { "fixed": "10.4.6" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "typo3-10-php73" }, "ranges": [ { "events": [ { "fixed": "10.4.6" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "typo3-10-php74" }, "ranges": [ { "events": [ { "fixed": "10.4.6" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://typo3.org/article/typo3-1046-and-9520-security-releases-published" ], "discovery": "2020-07-28T00:00:00Z", "references": { "cvename": [ "CVE-2020-15098", "CVE-2020-15099" ] }, "vid": "eab964f8-d632-11ea-9172-4c72b94353b5" }, "details": "Typo3 Team reports:\n\n> In case an attacker manages to generate a valid cryptographic message\n> authentication code (HMAC-SHA1) - either by using a different existing\n> vulnerability or in case the internal encryptionKey was exposed - it\n> is possible to retrieve arbitrary files of a TYPO3 installation. This\n> includes the possibility to fetch typo3conf/LocalConfiguration.php\n> which again contains the encryptionKey as well as credentials of the\n> database management system being used. In case a database server is\n> directly accessible either via internet or in a shared hosting\n> network, this allows to completely retrieve, manipulate or delete\n> database contents. This includes creating an administration user\n> account - which can be used to trigger remote code execution by\n> injecting custom extensions.\n>\n> It has been discovered that an internal verification mechanism can be\n> used to generate arbitrary checksums. This allows to inject arbitrary\n> data having a valid cryptographic message authentication code\n> (HMAC-SHA1) and can lead to various attack chains as described below.\n", "id": "FreeBSD-2020-0199", "modified": "2020-08-04T00:00:00Z", "published": "2020-08-04T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://typo3.org/article/typo3-1046-and-9520-security-releases-published" }, { "type": "WEB", "url": "https://typo3.org/article/typo3-1046-and-9520-security-releases-published" }, { "type": "WEB", "url": "https://typo3.org/security/advisory/typo3-core-sa-2020-007" }, { "type": "WEB", "url": "https://typo3.org/security/advisory/typo3-core-sa-2020-008" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-15098" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-15099" } ], "schema_version": "1.7.0", "summary": "typo3 -- multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "xorg-server" }, "ranges": [ { "events": [ { "fixed": "1.20.8_3,1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "xephyr" }, "ranges": [ { "events": [ { "fixed": "1.20.8_3,1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "xorg-vfbserver" }, "ranges": [ { "events": [ { "fixed": "1.20.8_3,1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "xorg-nestserver" }, "ranges": [ { "events": [ { "fixed": "1.20.8_3,1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "xwayland" }, "ranges": [ { "events": [ { "fixed": "1.20.8_3,1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "xorg-dmx" }, "ranges": [ { "events": [ { "fixed": "1.20.8_3,1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://lists.x.org/archives/xorg-announce/2020-July/003051.html" ], "discovery": "2020-07-31T00:00:00Z", "references": { "cvename": [ "CVE-2020-14347" ] }, "vid": "3c7ba82a-d3fb-11ea-9aba-0c9d925bbbc0" }, "details": "The X.org project reports:\n\n> Allocation for pixmap data in AllocatePixmap() does not initialize the\n> memory in xserver, it leads to leak uninitialize heap memory to\n> clients. When the X server runs with elevated privileges.\n>\n> This flaw can lead to ASLR bypass, which when combined with other\n> flaws (known/unknown) could lead to lead to privilege elevation in the\n> client.\n", "id": "FreeBSD-2020-0198", "modified": "2020-08-01T00:00:00Z", "published": "2020-08-01T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://lists.x.org/archives/xorg-announce/2020-July/003051.html" }, { "type": "WEB", "url": "https://lists.x.org/archives/xorg-announce/2020-July/003051.html" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-14347" } ], "schema_version": "1.7.0", "summary": "xorg-server -- Pixel Data Uninitialized Memory Information Disclosure" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "libX11" }, "ranges": [ { "events": [ { "fixed": "1.6.9_3,1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://lists.x.org/archives/xorg-announce/2020-July/003050.html" ], "discovery": "2020-07-31T00:00:00Z", "references": { "cvename": [ "CVE-2020-14344" ] }, "vid": "6faa7feb-d3fa-11ea-9aba-0c9d925bbbc0" }, "details": "The X.org project reports:\n\n> The X Input Method (XIM) client implementation in libX11 has some\n> integer overflows and signed/unsigned comparison issues that can lead\n> to heap corruption when handling malformed messages from an input\n> method.\n", "id": "FreeBSD-2020-0197", "modified": "2020-08-01T00:00:00Z", "published": "2020-08-01T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://lists.x.org/archives/xorg-announce/2020-July/003050.html" }, { "type": "WEB", "url": "https://lists.x.org/archives/xorg-announce/2020-July/003050.html" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-14344" } ], "schema_version": "1.7.0", "summary": "libX11 -- Heap corruption in the X input method client in libX11" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "python38" }, "ranges": [ { "events": [ { "fixed": "3.8.5" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://docs.python.org/3/whatsnew/changelog.html#python-3-8-5-final" ], "discovery": "2020-02-11T00:00:00Z", "references": { "cvename": [ "CVE-2020-15801" ] }, "vid": "7d7221ee-d334-11ea-bc50-080027846a02" }, "details": "Python reports:\n\n> bpo-41304: Fixes python3x.\\_pth being ignored on Windows, caused by\n> the fix for bpo-29778 (CVE-2020-15801).\n>\n> bpo-39603: Prevent http header injection by rejecting control\n> characters in http.client.putreques().\n", "id": "FreeBSD-2020-0196", "modified": "2020-07-31T00:00:00Z", "published": "2020-07-31T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://docs.python.org/3/whatsnew/changelog.html#python-3-8-5-final" }, { "type": "WEB", "url": "https://docs.python.org/3/whatsnew/changelog.html#python-3-8-5-final" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-15801" } ], "schema_version": "1.7.0", "summary": "Python -- multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "ark" }, "ranges": [ { "events": [ { "fixed": "20.04.2_1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "20.04.3" }, { "last_affected": "20.04.3" }, { "fixed": "20.04.3" } ], "type": "ECOSYSTEM" } ], "versions": [ "20.04.3" ] } ], "database_specific": { "cite": [ "https://kde.org/info/security/advisory-20200730-1.txt" ], "discovery": "2020-07-30T00:00:00Z", "references": { "cvename": [ "CVE-2020-16116" ] }, "vid": "d1ef1138-d273-11ea-a757-e0d55e2a8bf9" }, "details": "KDE Project Security Advisory reports:\n\n> ### KDE Project Security Advisory\n>\n> -------------- --------------------------------------------------------------------------------------\n> Title: Ark: maliciously crafted archive can install files outside the extraction directory.\n> Risk Rating: Important\n> CVE: CVE-2020-16116\n> Versions: ark \\<= 20.04.3\n> Author: Elvis Angelaccio \\\n> Date: 30 July 2020\n> -------------- --------------------------------------------------------------------------------------\n>\n> ### Overview\n>\n> A maliciously crafted archive with \\\"../\\\" in the file paths would\n> install files anywhere in the user\\'s home directory upon extraction.\n>\n> ### Proof of concept\n>\n> For testing, an example of malicious archive can be found at\n> https://github.com/jwilk/traversal-archives/releases/download/0/relative2.zip\n>\n> ### Impact\n>\n> Users can unwillingly install files like a modified .bashrc, or a\n> malicious script placed in \\~/.config/autostart\n>\n> ### Workaround\n>\n> Users should not use the \\'Extract\\' context menu from the Dolphin\n> file manager. Before extracting a downloaded archive using the Ark\n> GUI, users should inspect it to make sure it doesn\\'t contain entries\n> with \\\"../\\\" in the file path.\n>\n> ### Solution\n>\n> Ark 20.08.0 prevents loading of malicious archives and shows a warning\n> message to the users.\n>\n> Alternatively,\n> https://invent.kde.org/utilities/ark/-/commit/0df592524fed305d6fbe74ddf8a196bc9ffdb92f\n> can be applied to previous releases.\n>\n> ### Credits\n>\n> Thanks to Dominik Penner for finding and reporting this issue and\n> thanks to Elvis Angelaccio and Albert Astals Cid for fixing it.\n", "id": "FreeBSD-2020-0195", "modified": "2020-07-30T00:00:00Z", "published": "2020-07-30T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://kde.org/info/security/advisory-20200730-1.txt" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-16116" }, { "type": "WEB", "url": "https://kde.org/info/security/advisory-20200730-1.txt" } ], "schema_version": "1.7.0", "summary": "ark -- directory traversal" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "chromium" }, "ranges": [ { "events": [ { "fixed": "84.0.4147.105" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://chromereleases.googleblog.com/2020/07/stable-channel-update-for-desktop_27.html" ], "discovery": "2020-07-27T00:00:00Z", "references": { "cvename": [ "CVE-2020-6532", "CVE-2020-6537", "CVE-2020-6538", "CVE-2020-6539", "CVE-2020-6540", "CVE-2020-6541" ] }, "vid": "9a447f78-d0f8-11ea-9837-e09467587c17" }, "details": "Chrome Releases reports:\n\n> This update contains 8 security fixes, including:\n>\n> - \\[1105318\\] High CVE-2020-6537: Type Confusion in V8. Reported by\n> Alphalaab on 2020-07-14\n> - \\[1096677\\] High CVE-2020-6538: Inappropriate implementation in\n> WebView. Reported by Yongke Wang(@Rudykewang) and Aryb1n(@aryb1n) of\n> Tencent Security Xuanwu Lab on 2020-06-18\n> - \\[1104061\\] High CVE-2020-6532: Use after free in SCTP. Reported by\n> Anonymous on 2020-07-09\n> - \\[1105635\\] High CVE-2020-6539: Use after free in CSS. Reported by\n> Oriol Brufau on 2020-07-14\n> - \\[1105720\\] High CVE-2020-6540: Heap buffer overflow in Skia.\n> Reported by Zhen Zhou of NSFOCUS Security Team on 2020-07-15\n> - \\[1106773\\] High CVE-2020-6541: Use after free in WebUSB. Reported\n> by Sergei Glazunov of Google Project Zero on 2020-07-17\n", "id": "FreeBSD-2020-0194", "modified": "2020-07-28T00:00:00Z", "published": "2020-07-28T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://chromereleases.googleblog.com/2020/07/stable-channel-update-for-desktop_27.html" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-6532" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-6537" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-6538" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-6539" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-6540" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-6541" }, { "type": "WEB", "url": "https://chromereleases.googleblog.com/2020/07/stable-channel-update-for-desktop_27.html" } ], "schema_version": "1.7.0", "summary": "chromium -- multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "libsndfile" }, "ranges": [ { "events": [ { "fixed": "1.0.29.p.20200620" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3832" ], "discovery": "2019-02-14T00:00:00Z", "vid": "086c96cd-d0cb-11ea-b922-5404a68ad561" }, "details": "RedHat reports:\n\n> It was discovered the fix for CVE-2018-19758 was not complete and\n> still allows a read beyond the limits of a buffer in\n> wav_write_header() function in wav.c. A local attacker may use this\n> flaw to make the application crash.\n", "id": "FreeBSD-2020-0193", "modified": "2020-07-28T00:00:00Z", "published": "2020-07-28T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3832" }, { "type": "REPORT", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3832" } ], "schema_version": "1.7.0", "summary": "libsndfile -- out-of-bounds read memory access" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "freerdp" }, "ranges": [ { "events": [ { "fixed": "2.2.0" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-4r38-6hq7-j3j9" ], "discovery": "2020-06-25T00:00:00Z", "references": { "cvename": [ "CVE-2020-15103" ] }, "vid": "a955cdb7-d089-11ea-8c6f-080027eedc6a" }, "details": "Bernhard Miklautz reports:\n\n> - Integer overflow due to missing input sanitation in rdpegfx channel\n> - All FreeRDP clients are affected\n> - The input rectangles from the server are not checked against local\n> surface coordinates and blindly accepted. A malicious server can\n> send data that will crash the client later on (invalid length\n> arguments to a memcpy)\n", "id": "FreeBSD-2020-0192", "modified": "2020-07-28T00:00:00Z", "published": "2020-07-28T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-4r38-6hq7-j3j9" }, { "type": "WEB", "url": "https://www.freerdp.com/2020/07/20/2_2_0-released" }, { "type": "ADVISORY", "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15103" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-15103" } ], "schema_version": "1.7.0", "summary": "FreeRDP -- Integer overflow in RDPEGFX channel" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "zeek" }, "ranges": [ { "events": [ { "fixed": "3.0.8" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://github.com/zeek/zeek/releases/tag/v3.0.8" ], "discovery": "2020-07-28T00:00:00Z", "vid": "e333084c-9588-4eee-8bdc-323e02cb4fe0" }, "details": "Jon Siwek of Corelight reports:\n\n> This release fixes the following security issues:\n>\n> - Fix potential DNS analyzer stack overflow\n> - Fix potential NetbiosSSN analyzer stack overflow\n", "id": "FreeBSD-2020-0191", "modified": "2020-07-28T00:00:00Z", "published": "2020-07-28T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://github.com/zeek/zeek/releases/tag/v3.0.8" }, { "type": "WEB", "url": "https://github.com/zeek/zeek/releases/tag/v3.0.8" } ], "schema_version": "1.7.0", "summary": "zeek -- Various vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "cacti" }, "ranges": [ { "events": [ { "fixed": "1.2.13" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://www.cacti.net/release_notes.php?version=1.2.13" ], "discovery": "2020-07-15T00:00:00Z", "references": { "cvename": [ "CVE-2020-11022", "CVE-2020-11023", "CVE-2020-13625", "CVE-2020-14295" ] }, "vid": "cd2dc126-cfe4-11ea-9172-4c72b94353b5" }, "details": "Cacti developers reports:\n\n> Multiple fixes for bundled jQuery to prevent code exec\n> (CVE-2020-11022, CVE-2020-11023).\n>\n> PHPMail contains a escaping bug (CVE-2020-13625).\n>\n> SQL Injection via color.php in Cacti (CVE-2020-14295).\n", "id": "FreeBSD-2020-0190", "modified": "2020-07-27T00:00:00Z", "published": "2020-07-27T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://www.cacti.net/release_notes.php?version=1.2.13" }, { "type": "WEB", "url": "https://www.cacti.net/release_notes.php?version=1.2.13" }, { "type": "ADVISORY", "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11022" }, { "type": "ADVISORY", "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11023" }, { "type": "ADVISORY", "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13625" }, { "type": "ADVISORY", "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14295" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-11022" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-11023" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-13625" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-14295" } ], "schema_version": "1.7.0", "summary": "Cacti -- multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "py36-wagtail" }, "ranges": [ { "events": [ { "introduced": "2.8.0" }, { "fixed": "2.9.3" } ], "type": "ECOSYSTEM" }, { "events": [ { "fixed": "2.7.4" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "py37-wagtail" }, "ranges": [ { "events": [ { "introduced": "2.8.0" }, { "fixed": "2.9.3" } ], "type": "ECOSYSTEM" }, { "events": [ { "fixed": "2.7.4" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "py38-wagtail" }, "ranges": [ { "events": [ { "introduced": "2.8.0" }, { "fixed": "2.9.3" } ], "type": "ECOSYSTEM" }, { "events": [ { "fixed": "2.7.4" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://github.com/advisories/GHSA-2473-9hgq-j7xw" ], "discovery": "2020-07-20T00:00:00Z", "references": { "cvename": [ "CVE-2020-15118" ] }, "vid": "e1d3a580-cd8b-11ea-bad0-08002728f74c" }, "details": "GitHub Advisory Database:\n\n> When a form page type is made available to Wagtail editors through the\n> wagtail.contrib.forms app, and the page template is built using\n> Django\\'s standard form rendering helpers such as form.as_p (as\n> directed in the documentation), any HTML tags used within a form\n> field\\'s help text will be rendered unescaped in the page. Allowing\n> HTML within help text is an intentional design decision by Django;\n> however, as a matter of policy Wagtail does not allow editors to\n> insert arbitrary HTML by default, as this could potentially be used to\n> carry out cross-site scripting attacks, including privilege\n> escalation. This functionality should therefore not have been made\n> available to editor-level users.\n>\n> The vulnerability is not exploitable by an ordinary site visitor\n> without access to the Wagtail admin.\n", "id": "FreeBSD-2020-0189", "modified": "2020-07-24T00:00:00Z", "published": "2020-07-24T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://github.com/advisories/GHSA-2473-9hgq-j7xw" }, { "type": "ADVISORY", "url": "https://github.com/advisories/GHSA-2473-9hgq-j7xw" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-15118" } ], "schema_version": "1.7.0", "summary": "Wagtail -- XSS vulnerability" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "pango" }, "ranges": [ { "events": [ { "fixed": "1.42.4_5" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1010238" ], "discovery": "2019-07-19T00:00:00Z", "references": { "cvename": [ "CVE-2019-1010238" ] }, "vid": "456375e1-cd09-11ea-9172-4c72b94353b5" }, "details": "> Gnome Pango 1.42 and later is affected by: Buffer Overflow. The impact\n> is: The heap based buffer overflow can be used to get code execution.\n> The component is: function name: pango_log2vis_get_embedding_levels,\n> assignment of nchars and the loop condition. The attack vector is: Bug\n> can be used when application pass invalid utf-8 strings to functions\n> like pango_itemize.\n", "id": "FreeBSD-2020-0188", "modified": "2020-09-26T00:00:00Z", "published": "2020-07-23T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1010238" }, { "type": "ADVISORY", "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1010238" }, { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-1010238" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-1010238" } ], "schema_version": "1.7.0", "summary": "pango -- buffer overflow" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "tomcat7" }, "ranges": [ { "events": [ { "fixed": "7.0.105" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "tomcat85" }, "ranges": [ { "events": [ { "fixed": "8.5.57" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "tomcat9" }, "ranges": [ { "events": [ { "fixed": "9.0.37" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "tomcat-devel" }, "ranges": [ { "events": [ { "fixed": "10.0.0.M7" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "discovery": "2020-07-05T00:00:00Z", "references": { "cvename": [ "CVE-2020-11996", "CVE-2020-13934", "CVE-2020-13935" ] }, "vid": "6a72eff7-ccd6-11ea-9172-4c72b94353b5" }, "details": "The Apache Software Foundation reports:\n\nAn h2c direct connection did not release the HTTP/1.1 processor after\nthe upgrade to HTTP/2. If a sufficient number of such requests were\nmade, an OutOfMemoryException could occur leading to a denial of\nservice.\n\nThe payload length in a WebSocket frame was not correctly validated.\nInvalid payload lengths could trigger an infinite loop. Multiple\nrequests with invalid payload lengths could lead to a denial of service.\n\nA specially crafted sequence of HTTP/2 requests could trigger high CPU\nusage for several seconds. If a sufficient number of such requests were\nmade on concurrent HTTP/2 connections, the server could become\nunresponsive.\n", "id": "FreeBSD-2020-0187", "modified": "2020-07-23T00:00:00Z", "published": "2020-07-23T00:00:00Z", "references": [ { "type": "WEB", "url": "https://tomcat.apache.org/security-7.html" }, { "type": "WEB", "url": "https://tomcat.apache.org/security-8.html" }, { "type": "WEB", "url": "https://tomcat.apache.org/security-9.html" }, { "type": "WEB", "url": "https://tomcat.apache.org/security-10.html" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-11996" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-13934" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-13935" } ], "schema_version": "1.7.0", "summary": "Apache Tomcat -- Multiple Vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "python38" }, "ranges": [ { "events": [ { "fixed": "3.8.4" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://docs.python.org/3/whatsnew/changelog.html#python-3-8-4-final" ], "discovery": "2020-06-29T00:00:00Z", "references": { "cvename": [ "CVE-2020-15523" ] }, "vid": "a9eeb3a3-ca5e-11ea-930b-080027846a02" }, "details": "Python reports:\n\n> bpo-41162:Audit hooks are now cleared later during finalization to\n> avoid missing events.\n>\n> bpo-29778:Ensure python3.dll is loaded from correct locations when\n> Python is embedded.\n", "id": "FreeBSD-2020-0186", "modified": "2020-07-20T00:00:00Z", "published": "2020-07-20T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://docs.python.org/3/whatsnew/changelog.html#python-3-8-4-final" }, { "type": "WEB", "url": "https://docs.python.org/3/whatsnew/changelog.html#python-3-8-4-final" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-15523" } ], "schema_version": "1.7.0", "summary": "Python -- multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "virtualbox-ose" }, "ranges": [ { "events": [ { "introduced": "5.2" }, { "fixed": "5.2.44" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "6.0" }, { "fixed": "6.0.24" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "6.1" }, { "fixed": "6.1.12" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://www.oracle.com/security-alerts/cpujul2020.html" ], "discovery": "2020-07-14T00:00:00Z", "references": { "cvename": [ "CVE-2020-14628", "CVE-2020-14629", "CVE-2020-14646", "CVE-2020-14647", "CVE-2020-14648", "CVE-2020-14649", "CVE-2020-14650", "CVE-2020-14673", "CVE-2020-14674", "CVE-2020-14675", "CVE-2020-14676", "CVE-2020-14677", "CVE-2020-14694", "CVE-2020-14695", "CVE-2020-14698", "CVE-2020-14699", "CVE-2020-14700", "CVE-2020-14703", "CVE-2020-14704", "CVE-2020-14707", "CVE-2020-14711", "CVE-2020-14712", "CVE-2020-14713", "CVE-2020-14714", "CVE-2020-14715" ] }, "vid": "1e7b316b-c6a8-11ea-a7d5-001999f8d30b" }, "details": "Oracle reports:\n\n> Vulnerabilities in VirtualBox core can allow users with logon access\n> to the infrastructure where Oracle VM VirtualBox executes to\n> compromise Oracle VM VirtualBox. Successful attacks of these\n> vulnerabilities can result in unauthorized access to critical data,\n> access to all Oracle VM VirtualBox accessible data, unauthorized\n> ability to cause a hang or frequently repeatable crash (complete DOS)\n> or takeover of Oracle VM VirtualBox.\n", "id": "FreeBSD-2020-0185", "modified": "2020-07-19T00:00:00Z", "published": "2020-07-19T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://www.oracle.com/security-alerts/cpujul2020.html" }, { "type": "WEB", "url": "https://www.oracle.com/security-alerts/cpujul2020.html" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-14628" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-14629" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-14646" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-14647" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-14648" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-14649" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-14650" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-14673" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-14674" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-14675" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-14676" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-14677" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-14694" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-14695" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-14698" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-14699" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-14700" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-14703" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-14704" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-14707" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-14711" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-14712" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-14713" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-14714" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-14715" } ], "schema_version": "1.7.0", "summary": "VirtualBox -- Multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "clamav" }, "ranges": [ { "events": [ { "fixed": "0.102.4,1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://blog.clamav.net/2020/07/clamav-01024-security-patch-released.html" ], "discovery": "2020-07-16T00:00:00Z", "references": { "cvename": [ "CVE-2020-3350", "CVE-2020-3327", "CVE-2020-3481" ] }, "vid": "f7a02651-c798-11ea-81d6-6805cabe6ebb" }, "details": "Micah Snyder reports:\n\n> \n>\n> CVE-2020-3350\n> : Fixed a vulnerability a malicious user could exploit to replace a\n> scan target\\'s directory with a symlink to another path to trick\n> clamscan, clamdscan, or clamonacc into removing or moving a\n> different file (such as a critical system file). The issue would\n> affect users that use the \\--move or \\--remove options for\n> clamscan, clamdscan and clamonacc.\n>\n> CVE-2020-3327\n> : Fixed a vulnerability in the ARJ archive-parsing module in ClamAV\n> 0.102.3 that could cause a denial-of-service (DoS) condition.\n> Improper bounds checking resulted in an out-of-bounds read that\n> could cause a crash. The previous fix for this CVE in version\n> 0.102.3 was incomplete. This fix correctly resolves the issue.\n>\n> CVE-2020-3481\n> : Fixed a vulnerability in the EGG archive module in ClamAV\n> 0.102.0 - 0.102.3 that could cause a denial-of-service (DoS)\n> condition. Improper error handling could cause a crash due to a\n> NULL pointer dereference. This vulnerability is mitigated for\n> those using the official ClamAV signature databases because the\n> file type signatures in daily.cvd will not enable the EGG archive\n> parser in affected versions.\n", "id": "FreeBSD-2020-0184", "modified": "2020-07-16T00:00:00Z", "published": "2020-07-16T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://blog.clamav.net/2020/07/clamav-01024-security-patch-released.html" }, { "type": "WEB", "url": "https://blog.clamav.net/2020/07/clamav-01024-security-patch-released.html" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-3350" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-3327" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-3481" } ], "schema_version": "1.7.0", "summary": "clamav -- multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "ilmbase" }, "ranges": [ { "events": [ { "fixed": "2.5.2" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "openexr" }, "ranges": [ { "events": [ { "fixed": "2.5.2" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://github.com/AcademySoftwareFoundation/openexr/releases/tag/v2.5.2" ], "discovery": "2020-05-18T00:00:00Z", "vid": "714e6c35-c75b-11ea-aa29-d74973d1f9f3" }, "details": "Cary Phillips reports:\n\n> openexr 2.5.2 \\[is a p\\]atch release with various bug/security and\n> build/install fixes:\n>\n> - Invalid input could cause a heap-use-after-free error in\n> DeepScanLineInputFile::DeepScanLineInputFile()\n> - Invalid chunkCount attributes could cause heap buffer overflow in\n> getChunkOffsetTableSize()\n> - Invalid tiled input file could cause invalid memory access\n> TiledInputFile::TiledInputFile()\n", "id": "FreeBSD-2020-0183", "modified": "2020-07-16T00:00:00Z", "published": "2020-07-16T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://github.com/AcademySoftwareFoundation/openexr/releases/tag/v2.5.2" }, { "type": "WEB", "url": "https://github.com/AcademySoftwareFoundation/openexr/releases/tag/v2.5.2" } ], "schema_version": "1.7.0", "summary": "OpenEXR/ilmbase 2.5.2 -- patch release with various bug/security fixes" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "chromium" }, "ranges": [ { "events": [ { "fixed": "84.0.4147.89" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://chromereleases.googleblog.com/2020/07/stable-channel-update-for-desktop.html" ], "discovery": "2020-07-14T00:00:00Z", "references": { "cvename": [ "CVE-2020-6510", "CVE-2020-6511", "CVE-2020-6512", "CVE-2020-6513", "CVE-2020-6514", "CVE-2020-6515", "CVE-2020-6516", "CVE-2020-6517", "CVE-2020-6518", "CVE-2020-6519", "CVE-2020-6520", "CVE-2020-6521", "CVE-2020-6522", "CVE-2020-6523", "CVE-2020-6524", "CVE-2020-6525", "CVE-2020-6526", "CVE-2020-6527", "CVE-2020-6528", "CVE-2020-6529", "CVE-2020-6530", "CVE-2020-6531", "CVE-2020-6533", "CVE-2020-6534", "CVE-2020-6535", "CVE-2020-6536" ] }, "vid": "870d59b0-c6c4-11ea-8015-e09467587c17" }, "details": "Chrome Releases reports:\n\n> This update contains 38 security fixes, including:\n>\n> - \\[1103195\\] Critical CVE-2020-6510: Heap buffer overflow in\n> background fetch. Reported by Leecraso and Guang Gong of 360 Alpha\n> Lab working with 360 BugCloud on 2020-07-08\n> - \\[1074317\\] High CVE-2020-6511: Side-channel information leakage in\n> content security policy. Reported by Mikhail Oblozhikhin on\n> 2020-04-24\n> - \\[1084820\\] High CVE-2020-6512: Type Confusion in V8. Reported by\n> nocma, leogan, cheneyxu of WeChat Open Platform Security Team on\n> 2020-05-20\n> - \\[1091404\\] High CVE-2020-6513: Heap buffer overflow in PDFium.\n> Reported by Aleksandar Nikolic of Cisco Talos on 2020-06-04\n> - \\[1076703\\] High CVE-2020-6514: Inappropriate implementation in\n> WebRTC. Reported by Natalie Silvanovich of Google Project Zero on\n> 2020-04-30\n> - \\[1082755\\] High CVE-2020-6515: Use after free in tab strip.\n> Reported by DDV_UA on 2020-05-14\n> - \\[1092449\\] High CVE-2020-6516: Policy bypass in CORS. Reported by\n> Yongke Wang(@Rudykewang) and Aryb1n(@aryb1n) of Tencent Security\n> Xuanwu Lab on 2020-06-08\n> - \\[1095560\\] High CVE-2020-6517: Heap buffer overflow in history.\n> Reported by ZeKai Wu (@hellowuzekai) of Tencent Security Xuanwu Lab\n> on 2020-06-16\n> - \\[986051\\] Medium CVE-2020-6518: Use after free in developer tools.\n> Reported by David Erceg on 2019-07-20\n> - \\[1064676\\] Medium CVE-2020-6519: Policy bypass in CSP. Reported by\n> Gal Weizman (@WeizmanGal) of PerimeterX on 2020-03-25\n> - \\[1092274\\] Medium CVE-2020-6520: Heap buffer overflow in Skia.\n> Reported by Zhen Zhou of NSFOCUS Security Team on 2020-06-08\n> - \\[1075734\\] Medium CVE-2020-6521: Side-channel information leakage\n> in autofill. Reported by Xu Lin (University of Illinois at Chicago),\n> Panagiotis Ilia (University of Illinois at Chicago), Jason Polakis\n> (University of Illinois at Chicago) on 2020-04-27\n> - \\[1052093\\] Medium CVE-2020-6522: Inappropriate implementation in\n> external protocol handlers. Reported by Eric Lawrence of Microsoft\n> on 2020-02-13\n> - \\[1080481\\] Medium CVE-2020-6523: Out of bounds write in Skia.\n> Reported by Liu Wei and Wu Zekai of Tencent Security Xuanwu Lab on\n> 2020-05-08\n> - \\[1081722\\] Medium CVE-2020-6524: Heap buffer overflow in WebAudio.\n> Reported by Sung Ta (@Mipu94) of SEFCOM Lab, Arizona State\n> University on 2020-05-12\n> - \\[1091670\\] Medium CVE-2020-6525: Heap buffer overflow in Skia.\n> Reported by Zhen Zhou of NSFOCUS Security Team on 2020-06-05\n> - \\[1074340\\] Low CVE-2020-6526: Inappropriate implementation in\n> iframe sandbox. Reported by Jonathan Kingston on 2020-04-24\n> - \\[992698\\] Low CVE-2020-6527: Insufficient policy enforcement in\n> CSP. Reported by Zhong Zhaochen of andsecurity.cn on 2019-08-10\n> - \\[1063690\\] Low CVE-2020-6528: Incorrect security UI in basic auth.\n> Reported by Rayyan Bijoora on 2020-03-22\n> - \\[978779\\] Low CVE-2020-6529: Inappropriate implementation in\n> WebRTC. Reported by kaustubhvats7 on 2019-06-26\n> - \\[1016278\\] Low CVE-2020-6530: Out of bounds memory access in\n> developer tools. Reported by myvyang on 2019-10-21\n> - \\[1042986\\] Low CVE-2020-6531: Side-channel information leakage in\n> scroll to text. Reported by Jun Kokatsu, Microsoft Browser\n> Vulnerability Research on 2020-01-17\n> - \\[1069964\\] Low CVE-2020-6533: Type Confusion in V8. Reported by\n> Avihay Cohen @ SeraphicAlgorithms on 2020-04-11\n> - \\[1072412\\] Low CVE-2020-6534: Heap buffer overflow in WebRTC.\n> Reported by Anonymous on 2020-04-20\n> - \\[1073409\\] Low CVE-2020-6535: Insufficient data validation in\n> WebUI. Reported by Jun Kokatsu, Microsoft Browser Vulnerability\n> Research on 2020-04-22\n> - \\[1080934\\] Low CVE-2020-6536: Incorrect security UI in PWAs.\n> Reported by Zhiyang Zeng of Tencent security platform department on\n> 2020-05-09\n", "id": "FreeBSD-2020-0182", "modified": "2020-07-15T00:00:00Z", "published": "2020-07-15T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://chromereleases.googleblog.com/2020/07/stable-channel-update-for-desktop.html" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-6510" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-6511" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-6512" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-6513" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-6514" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-6515" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-6516" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-6517" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-6518" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-6519" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-6520" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-6521" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-6522" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-6523" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-6524" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-6525" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-6526" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-6527" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-6528" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-6529" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-6530" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-6531" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-6533" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-6534" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-6535" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-6536" }, { "type": "WEB", "url": "https://chromereleases.googleblog.com/2020/07/stable-channel-update-for-desktop.html" } ], "schema_version": "1.7.0", "summary": "chromium -- multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "jenkins" }, "ranges": [ { "events": [ { "fixed": "2.245" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "jenkins-lts" }, "ranges": [ { "events": [ { "fixed": "2.235.2" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://www.jenkins.io/security/advisory/2020-07-15/" ], "discovery": "2020-07-15T00:00:00Z", "references": { "cvename": [ "CVE-2020-2220", "CVE-2020-2221", "CVE-2020-2222", "CVE-2020-2223" ] }, "vid": "1ddab5cb-14c9-4632-959f-802c412a9593" }, "details": "Jenkins Security Advisory:\n\n> # Description\n>\n> ##### (High) SECURITY-1868 / CVE-2020-2220\n>\n> Stored XSS vulnerability in job build time trend\n>\n> ##### (High) SECURITY-1901 / CVE-2020-2221\n>\n> Stored XSS vulnerability in upstream cause\n>\n> ##### (High) SECURITY-1902 / CVE-2020-2222\n>\n> Stored XSS vulnerability in \\'keep forever\\' badge icons\n>\n> ##### (High) SECURITY-1945 / CVE-2020-2223\n>\n> Stored XSS vulnerability in console links\n", "id": "FreeBSD-2020-0181", "modified": "2020-07-15T00:00:00Z", "published": "2020-07-15T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://www.jenkins.io/security/advisory/2020-07-15/" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-2220" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-2221" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-2222" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-2223" }, { "type": "WEB", "url": "https://www.jenkins.io/security/advisory/2020-07-15/" } ], "schema_version": "1.7.0", "summary": "jenkins -- multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "mysql56-client" }, "ranges": [ { "events": [ { "fixed": "5.6.49" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "mysql56-server" }, "ranges": [ { "events": [ { "fixed": "5.6.49" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "mysql57-client" }, "ranges": [ { "events": [ { "fixed": "5.7.31" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "mysql57-server" }, "ranges": [ { "events": [ { "fixed": "5.7.31" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "mysql80-client" }, "ranges": [ { "events": [ { "fixed": "8.0.21" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "mysql80-server" }, "ranges": [ { "events": [ { "fixed": "8.0.21" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://www.oracle.com/security-alerts/cpujul2020.html" ], "discovery": "2020-07-07T00:00:00Z", "vid": "0ed71663-c369-11ea-b53c-d4c9ef517024" }, "details": "Oracle reports:\n\n> This Critical Patch Update contains 40 new security patches for Oracle\n> MySQL. 6 of these vulnerabilities may be remotely exploitable without\n> authentication, i.e., may be exploited over a network without\n> requiring user credentials.\n>\n> The highest CVSS v3.1 Base Score of vulnerabilities affecting Oracle\n> MySQL is 9.8.\n>\n> This Pre-Release Announcement provides advance information about the\n> Oracle Critical Patch Update for July 2020, which will be released on\n> Tuesday, July 14, 2020.\n", "id": "FreeBSD-2020-0180", "modified": "2020-07-11T00:00:00Z", "published": "2020-07-11T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://www.oracle.com/security-alerts/cpujul2020.html" }, { "type": "WEB", "url": "https://www.oracle.com/security-alerts/cpujul2020.html" } ], "schema_version": "1.7.0", "summary": "MySQL -- Multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:kernel", "name": "FreeBSD-kernel" }, "ranges": [ { "events": [ { "introduced": "12.1" }, { "fixed": "12.1_7" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "11.4" }, { "fixed": "11.4_1" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "11.3" }, { "fixed": "11.3_11" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "discovery": "2020-07-09T00:00:00Z", "references": { "cvename": [ "CVE-2020-7457" ], "freebsdsa": [ "SA-20:20.ipv6" ] }, "vid": "c11ee146-c266-11ea-8659-901b0ef719ab" }, "details": "# Problem Description:\n\nThe IPV6_2292PKTOPTIONS set handler was missing synchronization, so\nracing accesses could modify freed memory.\n\n# Impact:\n\nA malicious user application could trigger memory corruption, leading to\nprivilege escalation.\n", "id": "FreeBSD-2020-0179", "modified": "2020-07-10T00:00:00Z", "published": "2020-07-10T00:00:00Z", "references": [ { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-7457" }, { "type": "ADVISORY", "url": "https://www.freebsd.org/security/advisories/FreeBSD-SA-20:20.ipv6.asc" } ], "schema_version": "1.7.0", "summary": "FreeBSD -- IPv6 socket option race condition and use after free" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "FreeBSD" }, "ranges": [ { "events": [ { "introduced": "11.4" }, { "fixed": "11.4_1" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "discovery": "2020-07-09T00:00:00Z", "references": { "cvename": [ "CVE-2020-7458" ], "freebsdsa": [ "SA-20:18.posix_spawnp" ] }, "vid": "f8b46415-c264-11ea-8659-901b0ef719ab" }, "details": "# Problem Description:\n\nposix_spawnp spawns a new thread with a limited stack allocated on the\nheap before delegating to execvp for the final execution within that\nthread.\n\nexecvp would previously make unbounded allocations on the stack,\ndirectly proportional to the length of the user-controlled PATH\nenvironment variable.\n\n# Impact:\n\nLong values in the user-controlled PATH environment variable cause\nposix_spawnp to write beyond the end of stack that was allocated,\nultimately overflowing the heap-allocated stack with a direct copy of\nthe value stored in PATH.\n", "id": "FreeBSD-2020-0178", "modified": "2020-07-10T00:00:00Z", "published": "2020-07-10T00:00:00Z", "references": [ { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-7458" }, { "type": "ADVISORY", "url": "https://www.freebsd.org/security/advisories/FreeBSD-SA-20:18.posix_spawnp.asc" } ], "schema_version": "1.7.0", "summary": "FreeBSD -- posix_spawnp(3) buffer overflow" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "mybb" }, "ranges": [ { "events": [ { "fixed": "1.8.22" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://blog.mybb.com/2019/12/30/mybb-1-8-22-released-security-maintenance-release/" ], "discovery": "2019-12-30T00:00:00Z", "vid": "198a120d-c22d-11ea-9172-4c72b94353b5" }, "details": "mybb Team reports:\n\n> High risk: Installer RCE on settings file write\n>\n> Medium risk: Arbitrary upload paths and Local File Inclusion RCE\n>\n> Medium risk: XSS via insufficient HTML sanitization of Blog feed and\n> Extend data\n>\n> Low risk: Open redirect on login\n>\n> Low risk: SCEditor reflected XSS\n", "id": "FreeBSD-2020-0177", "modified": "2020-07-09T00:00:00Z", "published": "2020-07-09T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://blog.mybb.com/2019/12/30/mybb-1-8-22-released-security-maintenance-release/" }, { "type": "WEB", "url": "https://blog.mybb.com/2019/12/30/mybb-1-8-22-released-security-maintenance-release/" } ], "schema_version": "1.7.0", "summary": "mybb -- multible vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "rubygem-kramdown" }, "ranges": [ { "events": [ { "fixed": "2.3.0" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://kramdown.gettalong.org/news.html" ], "discovery": "2020-06-28T00:00:00Z", "references": { "cvename": [ "CVE-2020-14001" ] }, "vid": "20b46222-c12b-11ea-abe8-08002728f74c" }, "details": "kramdown news:\n\n> CVE-2020-14001 is addressed to avoid problems when using the\n> {::options /} extension together with the \\'template\\' option.\n", "id": "FreeBSD-2020-0176", "modified": "2020-07-08T00:00:00Z", "published": "2020-07-08T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://kramdown.gettalong.org/news.html" }, { "type": "WEB", "url": "https://kramdown.gettalong.org/news.html" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-14001" } ], "schema_version": "1.7.0", "summary": "kramdown -- template option vulnerability" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "mbedtls" }, "ranges": [ { "events": [ { "fixed": "2.16.7" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://tls.mbed.org/tech-updates/security-advisories/mbedtls-security-advisory-2020-07" ], "discovery": "2020-07-01T00:00:00Z", "vid": "c685edd9-c045-11ea-8898-001cc0382b2f" }, "details": "Manuel P\u00e9gouri\u00e9-Gonnard reports:\n\n> The scalar multiplication function in Mbed TLS accepts a random number\n> generator (RNG) as an optional argument and, if provided, uses it to\n> protect against some attacks.\n>\n> It is the caller\\'s responsibility to provide a RNG if protection\n> against side-channel attacks is desired; however two groups of\n> functions in Mbed TLS itself fail to pass a RNG:\n>\n> 1. mbedtls_pk_parse_key() and mbedtls_pk_parse_keyfile()\n> 2. mbedtls_ecp_check_pub_priv() and mbedtls_pk_check_pair()\n>\n> When those functions are called, scalar multiplication is computed\n> without randomisation, a number of old and new attacks apply, allowing\n> a powerful local attacker to fully recover the private key.\n", "id": "FreeBSD-2020-0175", "modified": "2020-07-07T00:00:00Z", "published": "2020-07-07T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://tls.mbed.org/tech-updates/security-advisories/mbedtls-security-advisory-2020-07" }, { "type": "WEB", "url": "https://tls.mbed.org/tech-updates/security-advisories/mbedtls-security-advisory-2020-07" } ], "schema_version": "1.7.0", "summary": "Mbed TLS -- Side-channel attack on ECC key import and validation" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "gitlab-ce" }, "ranges": [ { "events": [ { "introduced": "13.1.0" }, { "fixed": "13.1.3" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "13.0.0" }, { "fixed": "13.0.9" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "0" }, { "fixed": "12.10.14" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://about.gitlab.com/releases/2020/07/06/critical-security-release-gitlab-13-1-3-released/" ], "discovery": "2020-07-06T00:00:00Z", "references": { "cvename": [ "CVE-2020-15525" ] }, "vid": "f7a97d43-c039-11ea-a051-001b217b3468" }, "details": "Gitlab reports:\n\n> Workhorse bypass allows files in /tmp to be read via Maven Repository\n> APIs\n", "id": "FreeBSD-2020-0174", "modified": "2020-07-07T00:00:00Z", "published": "2020-07-07T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://about.gitlab.com/releases/2020/07/06/critical-security-release-gitlab-13-1-3-released/" }, { "type": "WEB", "url": "https://about.gitlab.com/releases/2020/07/06/critical-security-release-gitlab-13-1-3-released/" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-15525" } ], "schema_version": "1.7.0", "summary": "Gitlab -- Multiple Vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "python37" }, "ranges": [ { "events": [ { "fixed": "3.7.8" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://docs.python.org/3.7/whatsnew/changelog.html#changelog" ], "discovery": "2019-10-24T00:00:00Z", "references": { "cvename": [ "CVE-2019-18348", "CVE-2020-8492" ] }, "vid": "33c05d57-bf6e-11ea-ba1e-0800273f78d3" }, "details": "Python reports:\n\n> The AbstractBasicAuthHandler class of the urllib.request module uses\n> an inefficient regular expression which can be exploited by an\n> attacker to cause a denial of service. Fix the regex to prevent the\n> catastrophic backtracking. Vulnerability reported by Ben Caller and\n> Matt Schwager.\n>\n> Disallow control characters in hostnames in http.client, addressing\n> CVE-2019-18348. Such potentially malicious header injection URLs now\n> cause a InvalidURL to be raised.\n>\n> Disallow CR or LF in email.headerregistry.Address arguments to guard\n> against header injection attacks.\n", "id": "FreeBSD-2020-0173", "modified": "2020-07-06T00:00:00Z", "published": "2020-07-06T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://docs.python.org/3.7/whatsnew/changelog.html#changelog" }, { "type": "WEB", "url": "https://docs.python.org/3.7/whatsnew/changelog.html#changelog" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-18348" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-8492" } ], "schema_version": "1.7.0", "summary": "Python -- multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "samba410" }, "ranges": [ { "events": [ { "fixed": "4.10.17" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "samba411" }, "ranges": [ { "events": [ { "fixed": "4.11.11" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "samba412" }, "ranges": [ { "events": [ { "fixed": "4.12.4" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://www.samba.org/samba/history/security.html" ], "discovery": "2020-07-02T00:00:00Z", "references": { "cvename": [ "CVE-2020-10730", "CVE-2020-10745", "CVE-2020-10760", "CVE-2020-14303" ] }, "vid": "ae599263-bca2-11ea-b78f-b42e99a1b9c3" }, "details": "The Samba Team reports:\n\n> Four vulnerabilities were fixed in samba:\n>\n> - CVE-2020-10730: NULL pointer de-reference and use-after-free in\n> Samba AD DC LDAP Server with ASQ, VLV and paged_results\n> - CVE-2020-10745: Parsing and packing of NBT and DNS packets can\n> consume excessive CPU in the AD DC (only)\n> - CVE-2020-10760: LDAP Use-after-free in Samba AD DC Global Catalog\n> with paged_results and VLV\n> - CVE-2020-14303: Empty UDP packet DoS in Samba AD DC nbtd\n", "id": "FreeBSD-2020-0172", "modified": "2020-07-02T00:00:00Z", "published": "2020-07-02T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://www.samba.org/samba/history/security.html" }, { "type": "WEB", "url": "https://www.samba.org/samba/security/CVE-2020-10730.html" }, { "type": "WEB", "url": "https://www.samba.org/samba/security/CVE-2020-10745.html" }, { "type": "WEB", "url": "https://www.samba.org/samba/security/CVE-2020-10760.html" }, { "type": "WEB", "url": "https://www.samba.org/samba/security/CVE-2020-14303.html" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-10730" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-10745" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-10760" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-14303" } ], "schema_version": "1.7.0", "summary": "samba -- Multiple Vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "anydesk" }, "ranges": [ { "events": [ { "fixed": "5.5.5" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://download.anydesk.com/changelog.txt" ], "discovery": "2020-06-10T00:00:00Z", "references": { "cvename": [ "CVE-2020-13160" ] }, "vid": "4344861a-be0b-11ea-9172-4c72b94353b5" }, "details": "Anydesk reports:\n\n> AnyDesk before 5.5.3 on Linux and FreeBSD has a format string\n> vulnerability that can be exploited for remote code execution.\n", "id": "FreeBSD-2020-0171", "modified": "2020-07-04T00:00:00Z", "published": "2020-07-04T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://download.anydesk.com/changelog.txt" }, { "type": "ADVISORY", "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13160" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-13160" } ], "schema_version": "1.7.0", "summary": "Anydesk -- Multiple Vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "py36-matrix-synapse" }, "ranges": [ { "events": [ { "fixed": "1.15.2" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "py37-matrix-synapse" }, "ranges": [ { "events": [ { "fixed": "1.15.2" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "py38-matrix-synapse" }, "ranges": [ { "events": [ { "fixed": "1.15.2" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://github.com/matrix-org/synapse/releases/tag/v1.15.2" ], "discovery": "2020-07-02T00:00:00Z", "vid": "d9f686f3-fde0-48dc-ab0a-01c2fe3e0529" }, "details": "Matrix developers report:\n\n> Due to the two security issues highlighted below, server\n> administrators are encouraged to update Synapse. We are not aware of\n> these vulnerabilities being exploited in the wild.\n>\n> - A malicious homeserver could force Synapse to reset the state in a\n> room to a small subset of the correct state. This affects all\n> Synapse deployments which federate with untrusted servers.\n> - HTML pages served via Synapse were vulnerable to clickjacking\n> attacks. This predominantly affects homeservers with single-sign-on\n> enabled, but all server administrators are encouraged to upgrade.\n", "id": "FreeBSD-2020-0170", "modified": "2020-07-03T00:00:00Z", "published": "2020-07-03T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://github.com/matrix-org/synapse/releases/tag/v1.15.2" }, { "type": "WEB", "url": "https://github.com/matrix-org/synapse/releases/tag/v1.15.2" } ], "schema_version": "1.7.0", "summary": "py-matrix-synapse -- multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "dbus" }, "ranges": [ { "events": [ { "fixed": "1.12.18" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://gitlab.freedesktop.org/dbus/dbus/-/issues/294" ], "discovery": "2020-04-09T00:00:00Z", "references": { "cvename": [ "CVE-2020-12049" ] }, "vid": "27616957-b084-11ea-937b-b42e99a1b9c3" }, "details": "GitHub Security Lab reports:\n\n> D-Bus has a file descriptor leak, which can lead to denial of service\n> when the dbus-daemon runs out of file descriptors. An unprivileged\n> local attacker can use this to attack the system dbus-daemon, leading\n> to denial of service for all users of the machine.\n", "id": "FreeBSD-2020-0169", "modified": "2020-07-03T00:00:00Z", "published": "2020-07-03T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://gitlab.freedesktop.org/dbus/dbus/-/issues/294" }, { "type": "WEB", "url": "https://gitlab.freedesktop.org/dbus/dbus/-/issues/294" }, { "type": "WEB", "url": "https://www.openwall.com/lists/oss-security/2020/06/04/3" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-12049" } ], "schema_version": "1.7.0", "summary": "dbus file descriptor leak" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "gitlab-ce" }, "ranges": [ { "events": [ { "introduced": "13.1.0" }, { "fixed": "13.1.2" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "13.0.0" }, { "fixed": "13.0.8" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "0" }, { "fixed": "12.10.13" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://about.gitlab.com/releases/2020/07/01/security-release-13-1-2-release/" ], "discovery": "2020-07-01T00:00:00Z", "references": { "cvename": [ "CVE-2020-14155", "CVE-2020-11082", "CVE-2019-0542" ] }, "vid": "0a305431-bc98-11ea-a051-001b217b3468" }, "details": "Gitlab reports:\n\n> Missing Permission Check on Time Tracking\n>\n> Cross-Site Scripting in PyPi Files API\n>\n> Insecure Authorization Check on Private Project Security Dashboard\n>\n> Cross-Site Scripting in References\n>\n> Cross-Site Scripting in Group Names\n>\n> Cross-Site Scripting in Blob Viewer\n>\n> Cross-Site Scripting in Error Tracking\n>\n> Insecure Authorisation Check on Creation and Deletion of Deploy Tokens\n>\n> User Name Format Restiction Bypass\n>\n> Denial of Service in Issue Comments\n>\n> Cross-Site Scripting in Wiki Pages\n>\n> Private Merge Request Updates Leaked via Todos\n>\n> Private User Activity Leaked via API\n>\n> Cross-Site Scripting in Bitbucket Import Feature\n>\n> Github Project Restriction Bypass\n>\n> Update PCRE Dependency\n>\n> Update Kaminari Gem\n>\n> Cross-Site Scripting in User Profile\n>\n> Update Xterm.js\n", "id": "FreeBSD-2020-0168", "modified": "2020-07-02T00:00:00Z", "published": "2020-07-02T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://about.gitlab.com/releases/2020/07/01/security-release-13-1-2-release/" }, { "type": "WEB", "url": "https://about.gitlab.com/releases/2020/07/01/security-release-13-1-2-release/" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-14155" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-11082" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-0542" } ], "schema_version": "1.7.0", "summary": "Gitlab -- Multiple Vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "coturn" }, "ranges": [ { "events": [ { "fixed": "4.5.1.3" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://github.com/coturn/coturn/security/advisories/GHSA-c8r8-8vp5-6gcm" ], "discovery": "2020-06-30T00:00:00Z", "references": { "cvename": [ "CVE-2020-4067" ] }, "vid": "fce7a6e7-bc5d-11ea-b38d-f0def1d0c3ea" }, "details": "Felix D\u00f6rre reports:\n\n> The issue is that STUN/TURN response buffer is not initialized\n> properly. (CWE 665) This is a leak of information between different\n> client connections. One client (an attacker) could use their\n> connection to intelligently query coturn to get interesting bytes in\n> the padding bytes from the connection of another client.\n", "id": "FreeBSD-2020-0167", "modified": "2020-07-02T00:00:00Z", "published": "2020-07-02T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://github.com/coturn/coturn/security/advisories/GHSA-c8r8-8vp5-6gcm" }, { "type": "WEB", "url": "https://github.com/coturn/coturn/commit/fdf7065d0f8e676feaf6734e86370f6dadfb8eec" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-4067" } ], "schema_version": "1.7.0", "summary": "coturn -- information leakage" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "powerdns-recursor" }, "ranges": [ { "events": [ { "introduced": "4.3.0" }, { "fixed": "4.3.2" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "4.2.0" }, { "fixed": "4.2.3" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "4.1.0" }, { "fixed": "4.1.17" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://doc.powerdns.com/recursor/changelog/4.3.html#change-4.3.2" ], "discovery": "2020-07-01T00:00:00Z", "references": { "cvename": [ "CVE-2020-14196" ] }, "vid": "641cd669-bc37-11ea-babf-6805ca2fa271" }, "details": "PowerDNS Team reports:\n\n> CVE-2020-14196: An issue has been found in PowerDNS Recursor where the\n> ACL applied to the internal web server via webserver-allow-from is not\n> properly enforced, allowing a remote attacker to send HTTP queries to\n> the internal web server, bypassing the restriction. In the default\n> configuration the API webserver is not enabled. Only installations\n> using a non-default value for webserver and webserver-address are\n> affected.\n", "id": "FreeBSD-2020-0166", "modified": "2020-07-02T00:00:00Z", "published": "2020-07-02T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://doc.powerdns.com/recursor/changelog/4.3.html#change-4.3.2" }, { "type": "WEB", "url": "https://doc.powerdns.com/recursor/security-advisories/index.html" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-14196" } ], "schema_version": "1.7.0", "summary": "powerdns-recursor -- access restriction bypass" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "drupal7" }, "ranges": [ { "events": [ { "fixed": "7.72" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://www.drupal.org/project/drupal/releases/7.72" ], "discovery": "2020-06-17T00:00:00Z", "vid": "b51d5391-bb76-11ea-9172-4c72b94353b5" }, "details": "Drupal Security Team reports:\n\n> The Drupal core Form API does not properly handle certain form input\n> from cross-site requests, which can lead to other vulnerabilities.\n", "id": "FreeBSD-2020-0165", "modified": "2020-07-01T00:00:00Z", "published": "2020-07-01T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://www.drupal.org/project/drupal/releases/7.72" }, { "type": "WEB", "url": "https://www.drupal.org/sa-core-2020-004" } ], "schema_version": "1.7.0", "summary": "drupal -- Multiple Vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "xrdp" }, "ranges": [ { "events": [ { "fixed": "0.9.13.1,1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-4044" ], "discovery": "2020-06-02T00:00:00Z", "references": { "cvename": [ "CVE-2020-4044" ] }, "vid": "2675f0db-baa5-11ea-aa12-80ee73419af3" }, "details": "Ashley Newson reports:\n\n> The xrdp-sesman service can be crashed by connecting over port 3350\n> and supplying a malicious payload. Once the xrdp-sesman process is\n> dead, an unprivileged attacker on the server could then proceed to\n> start their own imposter sesman service listening on port 3350.\n", "id": "FreeBSD-2020-0164", "modified": "2020-06-30T00:00:00Z", "published": "2020-06-30T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-4044" }, { "type": "WEB", "url": "https://github.com/neutrinolabs/xrdp/security/advisories/GHSA-j9fv-6fwf-p3g4" }, { "type": "ADVISORY", "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-4044" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-4044" } ], "schema_version": "1.7.0", "summary": "xrdp -- Local users can perform a buffer overflow attack against the xrdp-sesman service and then inpersonate it" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "mongodb36" }, "ranges": [ { "events": [ { "fixed": "3.6.18" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "mongodb40" }, "ranges": [ { "events": [ { "fixed": "4.0.15" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "mongodb42" }, "ranges": [ { "events": [ { "fixed": "4.2.3" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://jira.mongodb.org/browse/SERVER-45472" ], "discovery": "2020-01-10T00:00:00Z", "references": { "cvename": [ "CVE-2020-7921" ] }, "vid": "d0be8e1f-b19a-11ea-94aa-b827eb2f57d4" }, "details": "reports:\n\n> Improper serialization of MongoDB Server\\'s internal authorization\n> state permits a user with valid credentials to bypass IP source\n> address protection mechanisms following administrative action.\n>\n> Credit\\\n> Discovered by Tony Yesudas.\n", "id": "FreeBSD-2020-0163", "modified": "2020-06-29T00:00:00Z", "published": "2020-06-29T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://jira.mongodb.org/browse/SERVER-45472" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-7921" } ], "schema_version": "1.7.0", "summary": "MongoDB -- Ensure RoleGraph can serialize authentication restrictions to BSON" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "libvorbis" }, "ranges": [ { "events": [ { "fixed": "1.3.6_1,3" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "discovery": "2017-09-21T00:00:00Z", "references": { "cvename": [ "CVE-2017-14160", "CVE-2018-10392" ] }, "vid": "4200d5f5-b985-11ea-b08a-f8b156b6dcc8" }, "details": "Two vulnerabilities were fixed in the upstream repository:\n\n- The bark_noise_hybridmp function allows remote attackers to cause a\n denial of service (out-of-bounds access and application crash) or\n possibly have unspecified other impact via a crafted file.\n- mapping0_forward does not validate the number of channels, which\n allows remote attackers to cause a denial of service (heap-based\n buffer overflow or over-read) or possibly have unspecified other\n impact via a crafted file.\n", "id": "FreeBSD-2020-0162", "modified": "2020-06-28T00:00:00Z", "published": "2020-06-28T00:00:00Z", "references": [ { "type": "WEB", "url": "https://www.openwall.com/lists/oss-security/2017/09/21/2" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-14160" }, { "type": "WEB", "url": "https://gitlab.xiph.org/xiph/vorbis/-/issues/2335" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-10392" } ], "schema_version": "1.7.0", "summary": "libvorbis -- two vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "putty" }, "ranges": [ { "events": [ { "fixed": "0.74" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "putty-gtk2" }, "ranges": [ { "events": [ { "fixed": "0.74" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "putty-nogtk" }, "ranges": [ { "events": [ { "fixed": "0.74" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://lists.tartarus.org/pipermail/putty-announce/2020/000030.html" ], "discovery": "2020-06-27T00:00:00Z", "references": { "cvename": [ "CVE-2020-14002" ] }, "vid": "6190c0cd-b945-11ea-9401-2dcf562daa69" }, "details": "Simon Tatham reports:\n\n> \\[Release 0.74\\] fixes the following security issues:\n>\n> - New configuration option to disable PuTTY\\'s default policy of\n> changing its host key algorithm preferences to prefer keys it\n> already knows. (There is a theoretical information leak in this\n> policy.) \\[CVE-2020-14002\\]\n> - In some situations an SSH server could cause PuTTY to access freed\n> mdmory by pretending to accept an SSH key and then refusing the\n> actual signature. It can only happen if you\\'re using an SSH agent.\n", "id": "FreeBSD-2020-0161", "modified": "2020-06-28T00:00:00Z", "published": "2020-06-28T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://lists.tartarus.org/pipermail/putty-announce/2020/000030.html" }, { "type": "WEB", "url": "https://lists.tartarus.org/pipermail/putty-announce/2020/000030.html" }, { "type": "WEB", "url": "https://www.chiark.greenend.org.uk/~sgtatham/putty/wishlist/vuln-dynamic-hostkey-info-leak.html" }, { "type": "WEB", "url": "https://www.fzi.de/en/news/news/detail-en/artikel/fsa-2020-2-ausnutzung-eines-informationslecks-fuer-gezielte-mitm-angriffe-auf-ssh-clients/" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-14002" }, { "type": "WEB", "url": "https://www.chiark.greenend.org.uk/~sgtatham/putty/wishlist/vuln-agent-keylist-used-after-free.html" } ], "schema_version": "1.7.0", "summary": "PuTTY -- Release 0.74 fixes two security vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "chromium" }, "ranges": [ { "events": [ { "fixed": "83.0.4103.116" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://chromereleases.googleblog.com/2020/06/stable-channel-update-for-desktop_22.html" ], "discovery": "2020-06-22T00:00:00Z", "references": { "cvename": [ "CVE-2020-6509" ] }, "vid": "6a5d15b6-b661-11ea-8015-e09467587c17" }, "details": "Chrome Releases reports:\n\n> This update includes 2 security fixes, including:\n>\n> - \\[1092308\\] High CVE-2020-6509: Use after free in extensions.\n> Reported by Anonymous on 2020-06-08\n", "id": "FreeBSD-2020-0160", "modified": "2020-06-24T00:00:00Z", "published": "2020-06-24T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://chromereleases.googleblog.com/2020/06/stable-channel-update-for-desktop_22.html" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-6509" }, { "type": "WEB", "url": "https://chromereleases.googleblog.com/2020/06/stable-channel-update-for-desktop_22.html" } ], "schema_version": "1.7.0", "summary": "chromium -- multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "mutt" }, "ranges": [ { "events": [ { "last_affected": "1.14.3" }, { "fixed": "1.14.3" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://gitlab.com/muttmua/mutt/-/commit/c547433cdf2e79191b15c6932c57f1472bfb5ff4" ], "discovery": "2020-06-16T00:00:00Z", "references": { "cvename": [ "CVE-2020-14954" ] }, "vid": "29b13a34-b1d2-11ea-a11c-4437e6ad11c4" }, "details": "mutt 1.14.4 updates:\n\n> CVE-2020-14954 - Machine-in-the-middle response injection attack when\n> using STARTTLS with IMAP, POP3, and SMTP\n", "id": "FreeBSD-2020-0159", "modified": "2020-06-24T00:00:00Z", "published": "2020-06-24T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://gitlab.com/muttmua/mutt/-/commit/c547433cdf2e79191b15c6932c57f1472bfb5ff4" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-14954" }, { "type": "WEB", "url": "https://gitlab.com/muttmua/mutt/-/commit/c547433cdf2e79191b15c6932c57f1472bfb5ff4" } ], "schema_version": "1.7.0", "summary": "Machine-in-the-middle response injection attack when using STARTTLS with IMAP, POP3, and SMTP" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "mutt" }, "ranges": [ { "events": [ { "last_affected": "1.14.2" }, { "fixed": "1.14.2" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://github.com/muttmua/mutt/commit/3e88866dc60b5fa6aaba6fd7c1710c12c1c3cd01" ], "discovery": "2020-06-14T00:00:00Z", "references": { "cvename": [ "CVE-2020-14093" ] }, "vid": "5b397852-b1d0-11ea-a11c-4437e6ad11c4" }, "details": "mutt 1.14.3 updates:\n\n> CVE-2020-14093 - IMAP fcc/postpone man-in-the-middle attack via a\n> PREAUTH response.\n", "id": "FreeBSD-2020-0158", "modified": "2020-06-24T00:00:00Z", "published": "2020-06-24T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://github.com/muttmua/mutt/commit/3e88866dc60b5fa6aaba6fd7c1710c12c1c3cd01" }, { "type": "WEB", "url": "https://github.com/muttmua/mutt/commit/3e88866dc60b5fa6aaba6fd7c1710c12c1c3cd01" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-14093" } ], "schema_version": "1.7.0", "summary": "IMAP fcc/postpone machine-in-the-middle attack" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "curl" }, "ranges": [ { "events": [ { "introduced": "7.20.0" }, { "fixed": "7.71.0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://curl.haxx.se/docs/security.html" ], "discovery": "2020-06-24T00:00:00Z", "references": { "cvename": [ "CVE-2020-8169", "CVE-2020-8177" ] }, "vid": "6bff5ca6-b61a-11ea-aef4-08002728f74c" }, "details": "curl security problems:\n\n> CVE-2020-8169: Partial password leak over DNS on HTTP redirect\n>\n> libcurl can be tricked to prepend a part of the password to the host\n> name before it resolves it, potentially leaking the partial password\n> over the network and to the DNS server(s).\n>\n> libcurl can be given a username and password for HTTP authentication\n> when requesting an HTTP resource - used for HTTP Authentication such\n> as Basic, Digest, NTLM and similar. The credentials are set, either\n> together with CURLOPT_USERPWD or separately with CURLOPT_USERNAME and\n> CURLOPT_PASSWORD. Important detail: these strings are given to libcurl\n> as plain C strings and they are not supposed to be URL encoded.\n>\n> In addition, libcurl also allows the credentials to be set in the URL,\n> using the standard RFC 3986 format: http://user:password@host/path. In\n> this case, the name and password are URL encoded as that\\'s how they\n> appear in URLs.\n>\n> If the options are set, they override the credentials set in the URL.\n>\n> Internally, this is handled by storing the credentials in the \\\"URL\n> object\\\" so that there is only a single set of credentials stored\n> associated with this single URL.\n>\n> When libcurl handles a relative redirect (as opposed to an absolute\n> URL redirect) for an HTTP transfer, the server is only sending a new\n> path to the client and that path is applied on to the existing URL.\n> That \\\"applying\\\" of the relative path on top of an absolute URL is\n> done by libcurl first generating a full absolute URL out of all the\n> components it has, then it applies the redirect and finally it\n> deconstructs the URL again into its separate components.\n>\n> This security vulnerability originates in the fact that curl did not\n> correctly URL encode the credential data when set using one of the\n> curl_easy_setopt options described above. This made curl generate a\n> badly formatted full URL when it would do a redirect and the final\n> re-parsing of the URL would then go bad and wrongly consider a part of\n> the password field to belong to the host name.\n>\n> The wrong host name would then be used in a name resolve lookup,\n> potentially leaking the host name + partial password in clear text\n> over the network (if plain DNS was used) and in particular to the used\n> DNS server(s).\n>\n> CVE-2020-8177: curl overwrite local file with -J\n>\n> curl can be tricked by a malicious server to overwrite a local file\n> when using -J (\\--remote-header-name) and -i (\\--include) in the same\n> command line.\n>\n> The command line tool offers the -J option that saves a remote file\n> using the file name present in the Content-Disposition: response\n> header. curl then refuses to overwrite an existing local file using\n> the same name, if one already exists in the current directory.\n>\n> The -J flag is designed to save a response body, and so it doesn\\'t\n> work together with -i and there\\'s logic that forbids it. However, the\n> check is flawed and doesn\\'t properly check for when the options are\n> used in the reversed order: first using -J and then -i were mistakenly\n> accepted.\n>\n> The result of this mistake was that incoming HTTP headers could\n> overwrite a local file if one existed, as the check to avoid the local\n> file was done first when body data was received, and due to the\n> mistake mentioned above, it could already have received and saved\n> headers by that time.\n>\n> The saved file would only get response headers added to it, as it\n> would abort the saving when the first body byte arrives. A malicious\n> server could however still be made to send back virtually anything as\n> headers and curl would save them like this, until the first CRLF-CRLF\n> sequence appears.\n>\n> (Also note that -J needs to be used in combination with -O to have any\n> effect.)\n", "id": "FreeBSD-2020-0157", "modified": "2020-06-24T00:00:00Z", "published": "2020-06-24T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://curl.haxx.se/docs/security.html" }, { "type": "WEB", "url": "https://curl.haxx.se/docs/security.html" }, { "type": "WEB", "url": "https://curl.haxx.se/docs/CVE-2020-8169.html" }, { "type": "WEB", "url": "https://curl.haxx.se/docs/CVE-2020-8177.html" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-8169" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-8177" } ], "schema_version": "1.7.0", "summary": "curl -- multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "cups" }, "ranges": [ { "events": [ { "fixed": "2.3.3_1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://github.com/apple/cups/releases/tag/v2.3.3" ], "discovery": "2020-04-28T00:00:00Z", "references": { "cvename": [ "CVE-2019-8842", "CVE-2020-3898" ] }, "vid": "ce0c8590-b628-11ea-9d28-3c970ee9157c" }, "details": "Apple reports:\n\n> - CVE-2019-8842: The ippReadIO function may under-read an extension.\n> - CVE-2020-3898: The ppdOpen function did not handle invalid UI\n> constraint. ppdcSource::get_resolution function did not handle\n> invalid resolution strings. An application may be able to gain\n> elevated privileges.\n", "id": "FreeBSD-2020-0156", "modified": "2020-06-24T00:00:00Z", "published": "2020-06-24T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://github.com/apple/cups/releases/tag/v2.3.3" }, { "type": "WEB", "url": "https://github.com/apple/cups/releases/tag/v2.3.3" }, { "type": "WEB", "url": "https://support.apple.com/en-us/HT211100" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-8842" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-3898" } ], "schema_version": "1.7.0", "summary": "CUPS -- memory corruption" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "rubygem-actionpack60" }, "ranges": [ { "events": [ { "fixed": "6.0.3.2" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://weblog.rubyonrails.org/2020/6/17/Rails-6-0-3-2-has-been-released/" ], "discovery": "2020-06-17T00:00:00Z", "references": { "cvename": [ "CVE-2020-8185" ] }, "vid": "feb8afdc-b3e5-11ea-9df5-08002728f74c" }, "details": "Ruby on Rails blog:\n\n> Rails 6.0.3.2 has been released! This version of Rails contains an\n> important security patch, and you should upgrade! The release contains\n> only one patch that addresses CVE-2020-8185.\n", "id": "FreeBSD-2020-0155", "modified": "2020-06-22T00:00:00Z", "published": "2020-06-22T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://weblog.rubyonrails.org/2020/6/17/Rails-6-0-3-2-has-been-released/" }, { "type": "WEB", "url": "https://weblog.rubyonrails.org/2020/6/17/Rails-6-0-3-2-has-been-released/" }, { "type": "WEB", "url": "https://github.com/rails/rails/blob/6-0-stable/actionpack/CHANGELOG.md" }, { "type": "WEB", "url": "https://groups.google.com/forum/#!topic/rubyonrails-security/pAe9EV8gbM0" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-8185" } ], "schema_version": "1.7.0", "summary": "Rails -- permission vulnerability" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "vlc" }, "ranges": [ { "events": [ { "fixed": "3.0.11,4" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "http://git.videolan.org/?p=vlc/vlc-3.0.git;a=commit;h=d5c43c21c747ff30ed19fcca745dea3481c733e0" ], "discovery": "2020-05-27T00:00:00Z", "references": { "cvename": [ "CVE-2020-13428" ] }, "vid": "77896891-b08a-11ea-937b-b42e99a1b9c3" }, "details": "Thomas Guillem reports:\n\n> A heap-based buffer overflow in the hxxx_AnnexB_to_xVC function in\n> modules/packetizer/hxxx_nal.c in VideoLAN VLC media player before\n> 3.0.11 allows remote attackers to cause a denial of service\n> (application crash) or execute arbitrary code via a crafted H.264\n> Annex-B video (.avi for example) file.\n", "id": "FreeBSD-2020-0154", "modified": "2020-06-17T00:00:00Z", "published": "2020-06-17T00:00:00Z", "references": [ { "type": "REPORT", "url": "http://git.videolan.org/?p=vlc/vlc-3.0.git;a=commit;h=d5c43c21c747ff30ed19fcca745dea3481c733e0" }, { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-13428" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-13428" } ], "schema_version": "1.7.0", "summary": "vlc heap-based buffer overflow" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "lynis" }, "ranges": [ { "events": [ { "introduced": "2.0.0" }, { "last_affected": "2.7.5" }, { "fixed": "2.7.5" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "discovery": "2020-06-18T00:00:00Z", "vid": "f28476f7-b166-11ea-8775-507b9d01076a" }, "details": "lynis update:\n\nThis release resolves two security issues\n\n- CVE-2020-13882 - Discovered by Sander Bos, code submission by Katarina\n Durechova\n- CVE-2019-13033 - Discovered by Sander Bos\n", "id": "FreeBSD-2020-0153", "modified": "2020-06-18T00:00:00Z", "published": "2020-06-18T00:00:00Z", "references": [ { "type": "WEB", "url": "https://github.com/CISOfy/lynis/blob/master/CHANGELOG.md#security-issues" } ], "schema_version": "1.7.0", "summary": "Several issues in Lynis" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "bind911" }, "ranges": [ { "events": [ { "introduced": "9.11.14" }, { "fixed": "9.11.20" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "bind916" }, "ranges": [ { "events": [ { "introduced": "9.16.0" }, { "fixed": "9.16.4" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://kb.isc.org/docs/cve-2020-8619" ], "discovery": "2020-06-17T00:00:00Z", "references": { "cvename": [ "CVE-2020-8619" ] }, "vid": "f00d1873-b138-11ea-8659-901b0ef719ab" }, "details": "ISC reports:\n\n> The asterisk character (\\\"\\*\\\") is allowed in DNS zone files, where it\n> is most commonly present as a wildcard at a terminal node of the\n> Domain Name System graph. However, the RFCs do not require and BIND\n> does not enforce that an asterisk character be present only at a\n> terminal node.\n>\n> A problem can occur when an asterisk is present in an empty\n> non-terminal location within the DNS graph. If such a node exists,\n> after a series of queries, named can reach an inconsistent state that\n> results in the failure of an assertion check in rbtdb.c, followed by\n> the program exiting due to the assertion failure.\n", "id": "FreeBSD-2020-0152", "modified": "2020-06-18T00:00:00Z", "published": "2020-06-18T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://kb.isc.org/docs/cve-2020-8619" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-8619" }, { "type": "WEB", "url": "https://kb.isc.org/docs/cve-2020-8619" } ], "schema_version": "1.7.0", "summary": "BIND -- Remote Denial of Service vulnerability" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "bind916" }, "ranges": [ { "events": [ { "introduced": "9.16.0" }, { "fixed": "9.16.4" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://kb.isc.org/docs/cve-2020-8618" ], "discovery": "2020-06-17T00:00:00Z", "references": { "cvename": [ "CVE-2020-8618" ] }, "vid": "75d72e03-b137-11ea-8659-901b0ef719ab" }, "details": "ISC reports:\n\n> An assertion check in BIND (that is meant to prevent going beyond the\n> end of a buffer when processing incoming data) can be incorrectly\n> triggered by a large response during zone transfer.\n", "id": "FreeBSD-2020-0151", "modified": "2020-06-18T00:00:00Z", "published": "2020-06-18T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://kb.isc.org/docs/cve-2020-8618" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-8618" }, { "type": "WEB", "url": "https://kb.isc.org/docs/cve-2020-8618" } ], "schema_version": "1.7.0", "summary": "BIND -- Remote Denial of Service vulnerability" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "libreoffice" }, "ranges": [ { "events": [ { "fixed": "6.4.4" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://www.libreoffice.org/about-us/security/advisories/" ], "discovery": "2020-06-08T00:00:00Z", "references": { "cvename": [ "CVE-2020-12802", "CVE-2020-12803" ] }, "vid": "96fb446d-ac7b-11ea-8b5e-b42e99a1b9c3" }, "details": "LibreOffice reports:\n\n> Two flaws were found in LibreOffice:\n>\n> - CVE-2020-12802: remote graphics contained in docx format retrieved\n> in \\'stealth mode\\'\n> - CVE-2020-12803: XForms submissions could overwrite local files\n", "id": "FreeBSD-2020-0150", "modified": "2020-06-12T00:00:00Z", "published": "2020-06-12T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://www.libreoffice.org/about-us/security/advisories/" }, { "type": "WEB", "url": "https://www.libreoffice.org/about-us/security/advisories/CVE-2020-12802" }, { "type": "WEB", "url": "https://www.libreoffice.org/about-us/security/advisories/cve-2020-12803" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-12802" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-12803" } ], "schema_version": "1.7.0", "summary": "LibreOffice Security Advisory" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "sqlite3" }, "ranges": [ { "events": [ { "fixed": "3.32.2,1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "FreeBSD" }, "ranges": [ { "events": [ { "introduced": "12.1" }, { "fixed": "12.1_8" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "11.4" }, { "fixed": "11.4_2" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "11.3" }, { "fixed": "11.3_12" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "discovery": "2020-05-25T00:00:00Z", "references": { "cvename": [ "CVE-2020-11655", "CVE-2020-13434", "CVE-2020-13435", "CVE-2020-13630", "CVE-2020-13631", "CVE-2020-13632" ], "freebsdsa": [ "SA-20:22.sqlite" ] }, "vid": "c4ac9c79-ab37-11ea-8b5e-b42e99a1b9c3" }, "details": "sqlite3 update:\n\nVarious security issues could be used by an attacker to cause SQLite to\ncrash, resulting in a denial of service, or possibly execute arbitrary\ncode.\n\n- CVE-2020-11655: SQLite through 3.31.1 allows attackers to cause a\n denial of service (segmentation fault) via a malformed window-function\n query because the AggInfo object\\'s initialization is mishandled.\n- CVE-2020-13434: SQLite through 3.32.0 has an integer overflow in\n sqlite3_str_vappendf in printf.c.\n- CVE-2020-13435: SQLite through 3.32.0 has a segmentation fault in\n sqlite3ExprCodeTarget in expr.c.\n- CVE-2020-13630: ext/fts3/fts3.c in SQLite before 3.32.0 has a\n use-after-free in fts3EvalNextRow, related to the snippet feature.\n- CVE-2020-13631: SQLite before 3.32.0 allows a virtual table to be\n renamed to the name of one of its shadow tables, related to alter.c\n and build.c.\n- CVE-2020-13632: ext/fts3/fts3_snippet.c in SQLite before 3.32.0 has a\n NULL pointer dereference via a crafted matchinfo() query.\n", "id": "FreeBSD-2020-0149", "modified": "2020-08-06T00:00:00Z", "published": "2020-06-10T00:00:00Z", "references": [ { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-11655" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-11655" }, { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-13434" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-13434" }, { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-13435" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-13435" }, { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-13630" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-13630" }, { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-13631" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-13631" }, { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-13632" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-13632" }, { "type": "ADVISORY", "url": "https://www.freebsd.org/security/advisories/FreeBSD-SA-20:22.sqlite.asc" } ], "schema_version": "1.7.0", "summary": "several security issues in sqlite3" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "node" }, "ranges": [ { "events": [ { "fixed": "14.4.0" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "node12" }, "ranges": [ { "events": [ { "fixed": "12.18.0" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "node10" }, "ranges": [ { "events": [ { "fixed": "10.21.0" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://nodejs.org/en/blog/vulnerability/june-2020-security-releases/" ], "discovery": "2020-06-02T00:00:00Z", "references": { "cvename": [ "CVE-2020-8174", "CVE-2020-8172", "CVE-2020-10531", "CVE-2020-11080" ] }, "vid": "11fcfa8f-ac64-11ea-9dab-000d3ab229d6" }, "details": "Node.js reports:\n\n> Updates are now available for all supported Node.js release lines for\n> the following issues.\n>\n> # TLS session reuse can lead to host certificate verification bypass (High) (CVE-2020-8172)\n>\n> The \\'session\\' event could be emitted before the \\'secureConnect\\'\n> event. It should not be, because the connection may fail to be\n> authorized. If it was saved an authorized connection could be\n> established later with the session ticket. Note that the https agent\n> caches sessions, so is vulnerable to this.\n>\n> The \\'session\\' event will now only be emitted after the\n> \\'secureConnect\\' event, and only for authorized connections.\n>\n> # HTTP/2 Large Settings Frame DoS (Low) (CVE-2020-11080)\n>\n> Receiving unreasonably large HTTP/2 SETTINGS frames can consume 100%\n> CPU to process all the settings, blocking all other activities until\n> complete.\n>\n> The HTTP/2 session frame is limited to 32 settings by default. This\n> can be configured if necessary using the maxSettings option.\n>\n> # napi_get_value_string\\_\\*() allows various kinds of memory corruption (High) (CVE-2020-8174)\n>\n> Calling napi_get_value_string_latin1(), napi_get_value_string_utf8(),\n> or napi_get_value_string_utf16() with a non-NULL buf, and a bufsize of\n> 0 will cause the entire string value to be written to buf, probably\n> overrunning the length of the buffer.\n>\n> A exploit has not been reported and it may be difficult but the\n> following is suggested:\n>\n> - All users of LTS Node.js versions should update to the versions\n> announced in this security post. This will address the issue for any\n> non pre-built add-on.\n> - Maintainers who support EOL Node.js versions and/or build against a\n> version of Node.js that did not support N-API internally should\n> update to use the new versions of node-addon-api 1.x and 2.x that\n> will be released soon after this announcement.\n>\n> # ICU-20958 Prevent SEGV_MAPERR in append (High) (CVE-2020-10531)\n>\n> An issue was discovered in International Components for Unicode (ICU)\n> for C/C++ through 66.1. An integer overflow, leading to a heap-based\n> buffer overflow, exists in the UnicodeString::doAppend() function in\n> common/unistr.cpp.\n>\n> Fix was applied to 10.x in an abundance of caution, even though there\n> is no known way to trigger the overflow in 10.x.\n", "id": "FreeBSD-2020-0148", "modified": "2020-06-12T00:00:00Z", "published": "2020-06-12T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://nodejs.org/en/blog/vulnerability/june-2020-security-releases/" }, { "type": "WEB", "url": "https://nodejs.org/en/blog/vulnerability/june-2020-security-releases/" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-8174" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-8172" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-10531" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-11080" } ], "schema_version": "1.7.0", "summary": "Node.js -- June 2020 Security Releases" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "tcpreplay" }, "ranges": [ { "events": [ { "fixed": "4.3.2" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://github.com/appneta/tcpreplay/releases/tag/v4.3.2" ], "discovery": "2019-03-12T00:00:00Z", "references": { "cvename": [ "CVE-2019-8381", "CVE-2019-8376", "CVE-2019-8377" ] }, "vid": "045e46e8-abe6-11ea-99cb-10bf48e1088e" }, "details": "fklassen on Github reports:\n\n> This release fixes the following security issues:\n>\n> - memory access in do_checksum()\n> - NULL pointer dereference get_layer4_v6()\n> - NULL pointer dereference get_ipv6_l4proto()\n", "id": "FreeBSD-2020-0147", "modified": "2020-06-11T00:00:00Z", "published": "2020-06-11T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://github.com/appneta/tcpreplay/releases/tag/v4.3.2" }, { "type": "WEB", "url": "https://github.com/appneta/tcpreplay/releases/tag/v4.3.2" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-8381" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-8376" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-8377" } ], "schema_version": "1.7.0", "summary": "tcpreplay -- Multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "znc" }, "ranges": [ { "events": [ { "introduced": "1.8.0" }, { "fixed": "1.8.1" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13775" ], "discovery": "2020-06-02T00:00:00Z", "references": { "cvename": [ "CVE-2020-13775" ] }, "vid": "10a24ce0-ab68-11ea-b9b8-641c67a117d8" }, "details": "Mitre reports:\n\n> ZNC 1.8.0 up to 1.8.1-rc1 allows attackers to trigger an application\n> crash (with a NULL pointer dereference) if echo-message is not enabled\n> and there is no network.\n", "id": "FreeBSD-2020-0146", "modified": "2020-06-10T00:00:00Z", "published": "2020-06-10T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13775" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-13775" }, { "type": "WEB", "url": "https://wiki.znc.in/ChangeLog/1.8.1" } ], "schema_version": "1.7.0", "summary": "znc -- Authenticated users can trigger an application crash" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "npm" }, "ranges": [ { "events": [ { "fixed": "6.13.4" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://nodejs.org/en/blog/vulnerability/december-2019-security-releases/" ], "discovery": "2019-12-18T00:00:00Z", "references": { "cvename": [ "CVE-2019-16775", "CVE-2019-16776", "CVE-2019-16777" ] }, "vid": "2a3588b4-ab12-11ea-a051-001b217b3468" }, "details": "NPM reports:\n\n> Global node_modules Binary Overwrite\n>\n> Symlink reference outside of node_modules\n>\n> Arbitrary File Write\n", "id": "FreeBSD-2020-0145", "modified": "2020-06-10T00:00:00Z", "published": "2020-06-10T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://nodejs.org/en/blog/vulnerability/december-2019-security-releases/" }, { "type": "WEB", "url": "https://nodejs.org/en/blog/vulnerability/december-2019-security-releases/" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-16775" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-16776" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-16777" } ], "schema_version": "1.7.0", "summary": "NPM -- Multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "libadplug" }, "ranges": [ { "events": [ { "fixed": "2.3.3" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://github.com/adplug/adplug/releases/tag/adplug-2.3.3" ], "discovery": "2020-06-08T00:00:00Z", "references": { "cvename": [ "CVE-2019-14690", "CVE-2019-14691", "CVE-2019-14692", "CVE-2019-14732", "CVE-2019-14733", "CVE-2019-14734", "CVE-2019-15151" ] }, "vid": "329ecd60-aaf7-11ea-8659-10bf48e1088e" }, "details": "Malvineous on Github reports:\n\n> This release fixes the following security issues:\n>\n> - buffer overflow in .bmf\n> - buffer overflow in .dtm\n> - buffer overflow in .mkj\n> - buffer overflow in .a2m\n> - buffer overflow in .rad\n> - buffer overflow in .mtk\n> - double free and OOB reads in .u6m\n", "id": "FreeBSD-2020-0144", "modified": "2020-06-10T00:00:00Z", "published": "2020-06-10T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://github.com/adplug/adplug/releases/tag/adplug-2.3.3" }, { "type": "WEB", "url": "https://github.com/adplug/adplug/releases/tag/adplug-2.3.3" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-14690" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-14691" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-14692" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-14732" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-14733" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-14734" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-15151" } ], "schema_version": "1.7.0", "summary": "libadplug -- Various vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "zeek" }, "ranges": [ { "events": [ { "fixed": "3.0.7" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://raw.githubusercontent.com/zeek/zeek/v3.0.7/NEWS" ], "discovery": "2020-05-04T00:00:00Z", "vid": "9f7ae7ea-da93-4f86-b257-ba76707f6d5d" }, "details": "Jon Siwek of Corelight reports:\n\n> This release fixes the following security issues:\n>\n> - Fix potential stack overflow in NVT analyzer\n> - Fix NVT analyzer memory leak from multiple telnet authn name options\n> - Fix multiple content-transfer-encoding headers causing a memory leak\n> - Fix potential leak of Analyzers added to tree during Analyzer::Done\n> - Prevent IP fragment reassembly on packets without minimal IP header\n", "id": "FreeBSD-2020-0143", "modified": "2020-06-10T00:00:00Z", "published": "2020-06-10T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://raw.githubusercontent.com/zeek/zeek/v3.0.7/NEWS" }, { "type": "WEB", "url": "https://raw.githubusercontent.com/zeek/zeek/v3.0.7/NEWS" } ], "schema_version": "1.7.0", "summary": "zeek -- Various vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "linux-flashplayer" }, "ranges": [ { "events": [ { "fixed": "32.0.0.387" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://helpx.adobe.com/security/products/flash-player/apsb20-30.html" ], "discovery": "2020-06-09T00:00:00Z", "references": { "cvename": [ "CVE-2020-9633" ] }, "vid": "196b31b8-aa9a-11ea-a59a-6451062f0f7a" }, "details": "Adobe reports:\n\n> - This update resolves a use-after-free vulnerability that could lead\n> to arbitrary code execution (CVE-2020-9633).\n", "id": "FreeBSD-2020-0142", "modified": "2020-06-09T00:00:00Z", "published": "2020-06-09T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://helpx.adobe.com/security/products/flash-player/apsb20-30.html" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-9633" }, { "type": "WEB", "url": "https://helpx.adobe.com/security/products/flash-player/apsb20-30.html" } ], "schema_version": "1.7.0", "summary": "Flash Player -- arbitrary code execution" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:kernel", "name": "FreeBSD-kernel" }, "ranges": [ { "events": [ { "introduced": "12.1" }, { "fixed": "12.1_6" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "11.3" }, { "fixed": "11.3_10" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "discovery": "2020-06-03T00:00:00Z", "references": { "cvename": [ "CVE-2020-7456" ], "freebsdsa": [ "SA-20:17.usb" ] }, "vid": "32c92a75-aa71-11ea-92ab-00163e433440" }, "details": "# Problem Description:\n\nIf the push/pop level of the USB HID state is not restored within the\nprocessing of the same HID item, an invalid memory location may be used\nfor subsequent HID item processing.\n\n# Impact:\n\nAn attacker with physical access to a USB port may be able to use a\nspecially crafted USB device to gain kernel or user-space code\nexecution.\n", "id": "FreeBSD-2020-0141", "modified": "2020-06-09T00:00:00Z", "published": "2020-06-09T00:00:00Z", "references": [ { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-7456" }, { "type": "ADVISORY", "url": "https://www.freebsd.org/security/advisories/FreeBSD-SA-20:17.usb.asc" } ], "schema_version": "1.7.0", "summary": "FreeBSD -- USB HID descriptor parsing error" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "freerdp" }, "ranges": [ { "events": [ { "fixed": "2.1.1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "discovery": "2020-04-10T00:00:00Z", "references": { "cvename": [ "CVE-2020-11521", "CVE-2020-11522", "CVE-2020-11523", "CVE-2020-11524", "CVE-2020-11525", "CVE-2020-11526", "CVE-2020-11039", "CVE-2020-11038", "CVE-2020-11043", "CVE-2020-11040", "CVE-2020-11041", "CVE-2020-11019", "CVE-2020-11017", "CVE-2020-11018" ] }, "vid": "669f3fe8-a07a-11ea-b83e-f0def1f5c5a2" }, "details": "The FreeRDP changelog reports 14 CVEs addressed after 2.0.0-rc4\n", "id": "FreeBSD-2020-0140", "modified": "2020-05-28T00:00:00Z", "published": "2020-05-28T00:00:00Z", "references": [ { "type": "WEB", "url": "https://github.com/FreeRDP/FreeRDP/blob/2.1.1/ChangeLog" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-11521" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-11522" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-11523" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-11524" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-11525" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-11526" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-11039" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-11038" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-11043" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-11040" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-11041" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-11019" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-11017" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-11018" } ], "schema_version": "1.7.0", "summary": "FreeRDP -- multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "chromium" }, "ranges": [ { "events": [ { "fixed": "83.0.4103.97" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://chromereleases.googleblog.com/2020/06/stable-channel-update-for-desktop.html" ], "discovery": "2020-06-03T00:00:00Z", "references": { "cvename": [ "CVE-2020-6493", "CVE-2020-6494", "CVE-2020-6495", "CVE-2020-6496" ] }, "vid": "a2caf7bd-a719-11ea-a857-e09467587c17" }, "details": "Chrome Releases reports:\n\n> This update includes 5 security fixes. Below, we highlight fixes that\n> were contributed by external researchers.\n>\n> - \\[1082105\\] High CVE-2020-6493: Use after free in WebAuthentication.\n> Reported by Anonymous on 2020-05-13\n> - \\[1083972\\] High CVE-2020-6494: Incorrect security UI in payments.\n> Reported by Juho Nurminen on 2020-05-18\n> - \\[1072116\\] High CVE-2020-6495: Insufficient policy enforcement in\n> developer tools. Reported by David Erceg on 2020-04-18\n> - \\[1085990\\] High CVE-2020-6496: Use after free in payments. Reported\n> by Khalil Zhani on 2020-05-24\n", "id": "FreeBSD-2020-0139", "modified": "2020-06-05T00:00:00Z", "published": "2020-06-05T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://chromereleases.googleblog.com/2020/06/stable-channel-update-for-desktop.html" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-6493" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-6494" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-6495" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-6496" }, { "type": "WEB", "url": "https://chromereleases.googleblog.com/2020/06/stable-channel-update-for-desktop.html" } ], "schema_version": "1.7.0", "summary": "chromium -- multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "gitlab-ce" }, "ranges": [ { "events": [ { "introduced": "13.0.0" }, { "fixed": "13.0.4" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "12.10.0" }, { "fixed": "12.10.9" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "10.6.0" }, { "fixed": "12.9.9" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://about.gitlab.com/releases/2020/06/03/critical-security-release-13-0-4-released/" ], "discovery": "2020-06-03T00:00:00Z", "vid": "40bfab16-a68b-11ea-9ea5-001b217b3468" }, "details": "Gitlab reports:\n\n> CI Token Access Control\n", "id": "FreeBSD-2020-0138", "modified": "2020-06-04T00:00:00Z", "published": "2020-06-04T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://about.gitlab.com/releases/2020/06/03/critical-security-release-13-0-4-released/" }, { "type": "WEB", "url": "https://about.gitlab.com/releases/2020/06/03/critical-security-release-13-0-4-released/" } ], "schema_version": "1.7.0", "summary": "Gitlab -- Multiple Vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "py36-django22" }, "ranges": [ { "events": [ { "fixed": "2.2.13" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "py37-django22" }, "ranges": [ { "events": [ { "fixed": "2.2.13" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "py38-django22" }, "ranges": [ { "events": [ { "fixed": "2.2.13" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "py36-django30" }, "ranges": [ { "events": [ { "fixed": "3.0.7" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "py37-django30" }, "ranges": [ { "events": [ { "fixed": "3.0.7" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "py38-django30" }, "ranges": [ { "events": [ { "fixed": "3.0.7" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://www.djangoproject.com/weblog/2020/jun/03/security-releases/" ], "discovery": "2020-06-01T00:00:00Z", "references": { "cvename": [ "CVE-2020-13254", "CVE-2020-13596" ] }, "vid": "597d02ce-a66c-11ea-af32-080027846a02" }, "details": "Django security release reports:\n\n> CVE-2020-13254: Potential data leakage via malformed memcached keys\n>\n> In cases where a memcached backend does not perform key validation,\n> passing malformed cache keys could result in a key collision, and\n> potential data leakage. In order to avoid this vulnerability, key\n> validation is added to the memcached cache backends.\n>\n> CVE-2020-13596: Possible XSS via admin ForeignKeyRawIdWidget\n>\n> Query parameters for the admin ForeignKeyRawIdWidget were not properly\n> URL encoded, posing an XSS attack vector. ForeignKeyRawIdWidget now\n> ensures query parameters are correctly URL encoded.\n", "id": "FreeBSD-2020-0137", "modified": "2020-06-04T00:00:00Z", "published": "2020-06-04T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://www.djangoproject.com/weblog/2020/jun/03/security-releases/" }, { "type": "WEB", "url": "https://www.djangoproject.com/weblog/2020/jun/03/security-releases/" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-13254" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-13596" } ], "schema_version": "1.7.0", "summary": "Django -- multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "git" }, "ranges": [ { "events": [ { "introduced": "2.26.0" }, { "fixed": "2.26.1" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "2.25.0" }, { "fixed": "2.25.3" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "2.24.0" }, { "fixed": "2.24.2" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "2.23.0" }, { "fixed": "2.23.2" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "2.22.0" }, { "fixed": "2.22.3" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "2.21.0" }, { "fixed": "2.21.2" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "2.20.0" }, { "fixed": "2.20.3" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "2.19.0" }, { "fixed": "2.19.4" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "2.18.0" }, { "fixed": "2.18.3" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "0" }, { "fixed": "2.17.4" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "git-lite" }, "ranges": [ { "events": [ { "introduced": "2.26.0" }, { "fixed": "2.26.1" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "2.25.0" }, { "fixed": "2.25.3" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "2.24.0" }, { "fixed": "2.24.2" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "2.23.0" }, { "fixed": "2.23.2" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "2.22.0" }, { "fixed": "2.22.3" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "2.21.0" }, { "fixed": "2.21.2" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "2.20.0" }, { "fixed": "2.20.3" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "2.19.0" }, { "fixed": "2.19.4" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "2.18.0" }, { "fixed": "2.18.3" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "0" }, { "fixed": "2.17.4" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "git-gui" }, "ranges": [ { "events": [ { "introduced": "2.26.0" }, { "fixed": "2.26.1" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "2.25.0" }, { "fixed": "2.25.3" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "2.24.0" }, { "fixed": "2.24.2" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "2.23.0" }, { "fixed": "2.23.2" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "2.22.0" }, { "fixed": "2.22.3" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "2.21.0" }, { "fixed": "2.21.2" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "2.20.0" }, { "fixed": "2.20.3" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "2.19.0" }, { "fixed": "2.19.4" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "2.18.0" }, { "fixed": "2.18.3" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "0" }, { "fixed": "2.17.4" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://github.com/git/git/security/advisories/GHSA-qm7j-c969-7j4q" ], "discovery": "2020-04-14T00:00:00Z", "references": { "cvename": [ "CVE-2020-5260" ] }, "vid": "ced2d47e-8469-11ea-a283-b42e99a1b9c3" }, "details": "git security advisory reports:\n\n> Git uses external \\\"credential helper\\\" programs to store and retrieve\n> passwords or other credentials from secure storage provided by the\n> operating system. Specially-crafted URLs that contain an encoded\n> newline can inject unintended values into the credential helper\n> protocol stream, causing the credential helper to retrieve the\n> password for one server for an HTTP request being made to another\n> server, resulting in credentials for the former being sent to the\n> latter.\n", "id": "FreeBSD-2020-0136", "modified": "2020-04-22T00:00:00Z", "published": "2020-04-22T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://github.com/git/git/security/advisories/GHSA-qm7j-c969-7j4q" }, { "type": "WEB", "url": "https://github.com/git/git/security/advisories/GHSA-qm7j-c969-7j4q" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-5260" } ], "schema_version": "1.7.0", "summary": "malicious URLs may present credentials to wrong server" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "git" }, "ranges": [ { "events": [ { "introduced": "2.26.0" }, { "fixed": "2.26.2" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "2.25.0" }, { "fixed": "2.25.4" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "2.24.0" }, { "fixed": "2.24.3" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "2.23.0" }, { "fixed": "2.23.3" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "2.22.0" }, { "fixed": "2.22.4" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "2.21.0" }, { "fixed": "2.21.3" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "2.20.0" }, { "fixed": "2.20.4" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "2.19.0" }, { "fixed": "2.19.5" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "2.18.0" }, { "fixed": "2.18.4" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "0" }, { "fixed": "2.17.5" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "git-lite" }, "ranges": [ { "events": [ { "introduced": "2.26.0" }, { "fixed": "2.26.2" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "2.25.0" }, { "fixed": "2.25.4" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "2.24.0" }, { "fixed": "2.24.3" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "2.23.0" }, { "fixed": "2.23.3" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "2.22.0" }, { "fixed": "2.22.4" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "2.21.0" }, { "fixed": "2.21.3" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "2.20.0" }, { "fixed": "2.20.4" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "2.19.0" }, { "fixed": "2.19.5" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "2.18.0" }, { "fixed": "2.18.4" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "0" }, { "fixed": "2.17.5" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "git-gui" }, "ranges": [ { "events": [ { "introduced": "2.26.0" }, { "fixed": "2.26.2" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "2.25.0" }, { "fixed": "2.25.4" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "2.24.0" }, { "fixed": "2.24.3" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "2.23.0" }, { "fixed": "2.23.3" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "2.22.0" }, { "fixed": "2.22.4" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "2.21.0" }, { "fixed": "2.21.3" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "2.20.0" }, { "fixed": "2.20.4" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "2.19.0" }, { "fixed": "2.19.5" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "2.18.0" }, { "fixed": "2.18.4" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "0" }, { "fixed": "2.17.5" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://github.com/git/git/security/advisories/GHSA-hjc9-x69f-jqj7" ], "discovery": "2020-04-20T00:00:00Z", "references": { "cvename": [ "CVE-2020-11008" ] }, "vid": "67765237-8470-11ea-a283-b42e99a1b9c3" }, "details": "git security advisory reports:\n\n> Git uses external \\\"credential helper\\\" programs to store and retrieve\n> passwords or other credentials from secure storage provided by the\n> operating system. Specially-crafted URLs that are considered illegal\n> as of the recently published Git versions can cause Git to send a\n> \\\"blank\\\" pattern to helpers, missing hostname and protocol fields.\n> Many helpers will interpret this as matching any URL, and will return\n> some unspecified stored password, leaking the password to an\n> attacker\\'s server.\n", "id": "FreeBSD-2020-0135", "modified": "2020-04-22T00:00:00Z", "published": "2020-04-22T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://github.com/git/git/security/advisories/GHSA-hjc9-x69f-jqj7" }, { "type": "WEB", "url": "https://github.com/git/git/security/advisories/GHSA-hjc9-x69f-jqj7" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-11008" } ], "schema_version": "1.7.0", "summary": "malicious URLs can cause git to send a stored credential to wrong server" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "gnutls" }, "ranges": [ { "events": [ { "fixed": "3.6.14" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://gnutls.org/security-new.html#GNUTLS-SA-2020-06-03" ], "discovery": "2020-06-03T00:00:00Z", "references": { "cvename": [ "CVE-2020-13777" ] }, "vid": "ef5b4f5f-a658-11ea-80d7-001cc0382b2f" }, "details": "The GnuTLS project reports:\n\n> It was found that GnuTLS 3.6.4 introduced a regression in the TLS\n> protocol implementation. This caused the TLS server to not securely\n> construct a session ticket encryption key considering the application\n> supplied secret, allowing a MitM attacker to bypass authentication in\n> TLS 1.3 and recover previous conversations in TLS 1.2.\n", "id": "FreeBSD-2020-0134", "modified": "2020-06-04T00:00:00Z", "published": "2020-06-04T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://gnutls.org/security-new.html#GNUTLS-SA-2020-06-03" }, { "type": "WEB", "url": "https://gnutls.org/security-new.html#GNUTLS-SA-2020-06-03" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-13777" } ], "schema_version": "1.7.0", "summary": "GnuTLS -- flaw in TLS session ticket key construction" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "rubygem-websocket-extensions" }, "ranges": [ { "events": [ { "fixed": "0.1.5" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://github.com/faye/websocket-extensions-ruby/blob/master/CHANGELOG.md#015--2020-06-02" ], "discovery": "2020-06-02T00:00:00Z", "references": { "cvename": [ "CVE-2020-7663" ] }, "vid": "ca8327f7-a5a5-11ea-a860-08002728f74c" }, "details": "Changelog:\n\n> Remove a ReDoS vulnerability in the header parser (CVE-2020-7663)\n", "id": "FreeBSD-2020-0133", "modified": "2020-06-03T00:00:00Z", "published": "2020-06-03T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://github.com/faye/websocket-extensions-ruby/blob/master/CHANGELOG.md#015--2020-06-02" }, { "type": "WEB", "url": "https://github.com/faye/websocket-extensions-ruby/blob/master/CHANGELOG.md" }, { "type": "WEB", "url": "https://github.com/faye/websocket-extensions-ruby/commit/aa156a439da681361ed6f53f1a8131892418838b" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-7663" } ], "schema_version": "1.7.0", "summary": "websocket-extensions -- ReDoS vulnerability" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "nghttp2" }, "ranges": [ { "events": [ { "fixed": "1.41.0" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "libnghttp2" }, "ranges": [ { "events": [ { "fixed": "1.41.0" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://github.com/nghttp2/nghttp2/security/advisories/GHSA-q5wr-xfw9-q7xr" ], "discovery": "2020-06-02T00:00:00Z", "references": { "cvename": [ "CVE-2020-11080" ] }, "vid": "4bb56d2f-a5b0-11ea-a860-08002728f74c" }, "details": "nghttp2 security advisories:\n\n> The overly large HTTP/2 SETTINGS frame payload causes denial of\n> service.\n>\n> The proof of concept attack involves a malicious client constructing a\n> SETTINGS frame with a length of 14,400 bytes (2400 individual settings\n> entries) over and over again. The attack causes the CPU to spike at\n> 100%.\n", "id": "FreeBSD-2020-0132", "modified": "2020-06-03T00:00:00Z", "published": "2020-06-03T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://github.com/nghttp2/nghttp2/security/advisories/GHSA-q5wr-xfw9-q7xr" }, { "type": "WEB", "url": "https://github.com/nghttp2/nghttp2/security/advisories/GHSA-q5wr-xfw9-q7xr" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-11080" } ], "schema_version": "1.7.0", "summary": "nghttp2 -- DoS vulnerability" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "gitea" }, "ranges": [ { "events": [ { "fixed": "1.11.6" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://github.com/go-gitea/gitea/releases/tag/v1.11.6" ], "discovery": "2020-03-01T00:00:00Z", "references": { "freebsdpr": [ "ports/246892" ] }, "vid": "1650cee2-a320-11ea-a090-08002734b9ed" }, "details": "The Gitea Team reports for release 1.11.6:\n\n> - Fix missing authorization check on pull for public repos of\n> private/limited org (#11656) (#11683)\n> - Use session for retrieving org teams (#11438) (#11439)\n", "id": "FreeBSD-2020-0131", "modified": "2020-05-31T00:00:00Z", "published": "2020-05-31T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://github.com/go-gitea/gitea/releases/tag/v1.11.6" }, { "type": "WEB", "url": "https://github.com/go-gitea/gitea/releases/tag/v1.11.6" }, { "type": "REPORT", "url": "https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=246892" } ], "schema_version": "1.7.0", "summary": "gitea -- multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "rubygem-kaminari-core" }, "ranges": [ { "events": [ { "fixed": "1.2.1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://github.com/kaminari/kaminari/security/advisories/GHSA-r5jw-62xg-j433" ], "discovery": "2020-04-22T00:00:00Z", "references": { "cvename": [ "CVE-2020-11082" ] }, "vid": "4e6875a2-a126-11ea-b385-08002728f74c" }, "details": "Kaminari Security Advisories:\n\n> There was a vulnerability in versions of Kaminari that would allow an\n> attacker to inject arbitrary code into pages with pagination links.\n>\n> The 1.2.1 gem including the patch has already been released.\n>\n> All past released versions are affected by this vulnerability.\n", "id": "FreeBSD-2020-0130", "modified": "2020-05-28T00:00:00Z", "published": "2020-05-28T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://github.com/kaminari/kaminari/security/advisories/GHSA-r5jw-62xg-j433" }, { "type": "WEB", "url": "https://github.com/kaminari/kaminari/security/advisories/GHSA-r5jw-62xg-j433" }, { "type": "WEB", "url": "https://github.com/kaminari/kaminari/blob/master/CHANGELOG.md#121" }, { "type": "WEB", "url": "https://github.com/kaminari/kaminari/pull/1020" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-11082" } ], "schema_version": "1.7.0", "summary": "kaminari -- potential XSS vulnerability" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "sane-backends" }, "ranges": [ { "events": [ { "fixed": "1.0.30" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://gitlab.com/sane-project/backends/-/releases/1.0.30" ], "discovery": "2020-05-17T00:00:00Z", "references": { "cvename": [ "CVE-2020-12861", "CVE-2020-12862", "CVE-2020-12863", "CVE-2020-12864", "CVE-2020-12865", "CVE-2020-12866", "CVE-2020-12867" ] }, "vid": "28481349-7e20-4f80-ae1e-e6bf48d4f17c" }, "details": "The Sane Project reports:\n\n> epson2: fixes CVE-2020-12867 (GHSL-2020-075) and several memory\n> management issues found while addressing that CVE\n>\n> epsonds: addresses out-of-bound memory access issues to fix\n> CVE-2020-12862 (GHSL-2020-082) and CVE-2020-12863 (GHSL-2020-083),\n> addresses a buffer overflow fixing CVE-2020-12865 (GHSL-2020-084) and\n> disables network autodiscovery to mitigate CVE-2020-12866\n> (GHSL-2020-079), CVE-2020-12861 (GHSL-2020-080) and CVE-2020-12864\n> (GHSL-2020-081). Note that this backend does not support network\n> scanners to begin with.\n>\n> magicolor: fixes a floating point exception and uninitialized data\n> read\n>\n> fixes an overflow in sanei_tcp_read()\n", "id": "FreeBSD-2020-0129", "modified": "2020-05-28T00:00:00Z", "published": "2020-05-28T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://gitlab.com/sane-project/backends/-/releases/1.0.30" }, { "type": "WEB", "url": "https://gitlab.com/sane-project/backends/-/releases/1.0.30" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-12861" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-12862" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-12863" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-12864" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-12865" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-12866" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-12867" } ], "schema_version": "1.7.0", "summary": "Sane -- Multiple Vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "gitlab-ce" }, "ranges": [ { "events": [ { "introduced": "13.0.0" }, { "fixed": "13.0.1" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "12.10.0" }, { "fixed": "12.10.7" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "12.9.0" }, { "fixed": "12.9.8" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://about.gitlab.com/releases/2020/05/27/security-release-13-0-1-released/" ], "discovery": "2020-05-27T00:00:00Z", "vid": "69cf62a8-a0aa-11ea-9ea5-001b217b3468" }, "details": "Gitlab reports:\n\n> User Email Verification Bypass\n>\n> OAuth Flow Missing Email Verification Checks\n>\n> Notification Email Verification Bypass\n>\n> Undisclosed Vulnerability on a Third-Party Rendering Engine\n>\n> Group Sign-Up Restriction Bypass\n>\n> Mirror Project Owner Impersonation\n>\n> Missing Permission Check on Fork Relation Creation\n>\n> Cross-Site Scripting in Repository Files API\n>\n> Kubernetes Cluster Token Disclosure\n>\n> Object Storage File Enumeration\n>\n> Insecure Authorization Check on Project Deploy Keys\n>\n> Cross-Site Scripting on Metrics Dashboard\n>\n> Denial of Service on Custom Dashboards\n>\n> Client-Side Code Injection through Mermaid Markup\n>\n> Cross-Site Scripting on Static Site Editor\n>\n> Disclosure of Amazon EKS Credentials\n>\n> Denial of Service on Workhorse\n", "id": "FreeBSD-2020-0128", "modified": "2020-05-28T00:00:00Z", "published": "2020-05-28T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://about.gitlab.com/releases/2020/05/27/security-release-13-0-1-released/" }, { "type": "WEB", "url": "https://about.gitlab.com/releases/2020/05/27/security-release-13-0-1-released/" } ], "schema_version": "1.7.0", "summary": "Gitlab -- Multiple Vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "sympa" }, "ranges": [ { "events": [ { "fixed": "6.2.54" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "discovery": "2020-02-24T00:00:00Z", "references": { "cvename": [ "CVE-2020-9369" ] }, "vid": "9908a1cc-35ad-424d-be0b-7e56abd5931a" }, "details": "Javier Moreno discovered a vulnerability in Sympa web interface that can\ncause denial of service (DoS) attack.\n\nBy submitting requests with malformed parameters, this flaw allows to\ncreate junk files in Sympa\\'s directory for temporary files. And\nparticularly by tampering token to prevent CSRF, it allows to originate\nexessive notification messages to listmasters.\n", "id": "FreeBSD-2020-0127", "modified": "2020-05-22T00:00:00Z", "published": "2020-05-22T00:00:00Z", "references": [ { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-9369" }, { "type": "WEB", "url": "https://sympa-community.github.io/security/2020-001.html" } ], "schema_version": "1.7.0", "summary": "sympa -- Denial of service caused by malformed CSRF token" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "sympa" }, "ranges": [ { "events": [ { "fixed": "6.2.56" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "discovery": "2020-05-24T00:00:00Z", "vid": "61bc44ce-9f5a-11ea-aff3-f8b156c2bfe9" }, "details": "A vulnerability has been discovered in Sympa web interface by which\nattacker can execute arbitrary code with root privileges. Sympa uses two\nsorts of setuid wrappers:\n\n- FastCGI wrappers\n- newaliases wrapper\n\nThe FastCGI wrappers wwsympa-wrapper.fcgi and\nsympa_soap_server-wrapper.fcgi were used to make the web interface\nrunning under privileges of a dedicated user.\n\nThe newaliases wrapper (sympa_newaliases-wrapper) allows Sympa to update\nthe alias database with root privileges.\n\nSince these setuid wrappers did not clear environment variables, if\nenvironment variables like PERL5LIB were injected, forged code might be\nloaded and executed under privileges of setuid-ed users.\n", "id": "FreeBSD-2020-0126", "modified": "2020-05-26T00:00:00Z", "published": "2020-05-26T00:00:00Z", "references": [ { "type": "WEB", "url": "https://sympa-community.github.io/security/2020-002.html" } ], "schema_version": "1.7.0", "summary": "sympa - Security flaws in setuid wrappers" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "powerdns-recursor" }, "ranges": [ { "events": [ { "introduced": "4.3.0" }, { "fixed": "4.3.1" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "4.2.0" }, { "fixed": "4.2.2" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "4.1.0" }, { "fixed": "4.1.16" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://doc.powerdns.com/recursor/changelog/4.3.html#change-4.3.1" ], "discovery": "2020-05-19T00:00:00Z", "references": { "cvename": [ "CVE-2020-10995", "CVE-2020-12244", "CVE-2020-10030" ] }, "vid": "f9c5a410-9b4e-11ea-ac3f-6805ca2fa271" }, "details": "PowerDNS Team reports:\n\n> CVE-2020-10995: An issue in the DNS protocol has been found that allow\n> malicious parties to use recursive DNS services to attack third party\n> authoritative name servers. The attack uses a crafted reply by an\n> authoritative name server to amplify the resulting traffic between the\n> recursive and other authoritative name servers. Both types of service\n> can suffer degraded performance as an effect.\n>\n> CVE-2020-12244: An issue has been found in PowerDNS Recursor 4.1.0\n> through 4.3.0 where records in the answer section of a NXDOMAIN\n> response lacking an SOA were not properly validated in\n> SyncRes::processAnswer. This would allow an attacker in position of\n> man-in-the-middle to send a NXDOMAIN answer for a name that does\n> exist, bypassing DNSSEC validation.\n>\n> CVE-2020-10030: An issue has been found in PowerDNS Authoritative\n> Server allowing an attacker with enough privileges to change the\n> system\\'s hostname to cause disclosure of uninitialized memory content\n> via a stack-based out-of-bounds read. It only occurs on systems where\n> gethostname() does not null-terminate the returned string if the\n> hostname is larger than the supplied buffer. Linux systems are not\n> affected because the buffer is always large enough. OpenBSD systems\n> are not affected because the returned hostname is always\n> null-terminated. Under some conditions this issue can lead to the\n> writing of one null-byte out-of-bounds on the stack, causing a denial\n> of service or possibly arbitrary code execution.\n", "id": "FreeBSD-2020-0125", "modified": "2020-05-29T00:00:00Z", "published": "2020-05-26T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://doc.powerdns.com/recursor/changelog/4.3.html#change-4.3.1" }, { "type": "WEB", "url": "https://doc.powerdns.com/recursor/security-advisories/index.html" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-10995" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-12244" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-10030" } ], "schema_version": "1.7.0", "summary": "powerdns-recursor -- multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "chromium" }, "ranges": [ { "events": [ { "fixed": "83.0.4103.61" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://chromereleases.googleblog.com/2020/05/stable-channel-update-for-desktop_19.html" ], "discovery": "2020-05-19T00:00:00Z", "references": { "cvename": [ "CVE-2020-6465", "CVE-2020-6466", "CVE-2020-6467", "CVE-2020-6468", "CVE-2020-6469", "CVE-2020-6470", "CVE-2020-6471", "CVE-2020-6472", "CVE-2020-6473", "CVE-2020-6474", "CVE-2020-6475", "CVE-2020-6476", "CVE-2020-6477", "CVE-2020-6478", "CVE-2020-6479", "CVE-2020-6480", "CVE-2020-6481", "CVE-2020-6482", "CVE-2020-6483", "CVE-2020-6484", "CVE-2020-6485", "CVE-2020-6486", "CVE-2020-6487", "CVE-2020-6488", "CVE-2020-6489", "CVE-2020-6490", "CVE-2020-6491" ] }, "vid": "38c676bd-9def-11ea-a94c-3065ec8fd3ec" }, "details": "Google Chrome Releases reports:\n\n> This release includes 38 security fixes, including CVEs CVE-2020-6465\n> through CVE-2020-6491.\n", "id": "FreeBSD-2020-0124", "modified": "2020-05-24T00:00:00Z", "published": "2020-05-24T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://chromereleases.googleblog.com/2020/05/stable-channel-update-for-desktop_19.html" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-6465" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-6466" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-6467" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-6468" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-6469" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-6470" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-6471" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-6472" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-6473" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-6474" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-6475" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-6476" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-6477" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-6478" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-6479" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-6480" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-6481" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-6482" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-6483" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-6484" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-6485" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-6486" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-6487" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-6488" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-6489" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-6490" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-6491" }, { "type": "WEB", "url": "https://chromereleases.googleblog.com/2020/05/stable-channel-update-for-desktop_19.html" } ], "schema_version": "1.7.0", "summary": "chromium -- multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "piwigo" }, "ranges": [ { "events": [ { "fixed": "2.10.2" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://www.piwigo.org/release-2.10.2" ], "discovery": "2020-02-07T00:00:00Z", "references": { "cvename": [ "CVE-2020-8089" ] }, "vid": "436d7f93-9cf0-11ea-82b8-4c72b94353b5" }, "details": "Piwigo reports:\n\n> Piwigo 2.10.1 is affected by stored XSS via the Group Name Field to\n> the group_list page.\n", "id": "FreeBSD-2020-0123", "modified": "2020-05-23T00:00:00Z", "published": "2020-05-23T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://www.piwigo.org/release-2.10.2" }, { "type": "WEB", "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=2020-8089" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-8089" } ], "schema_version": "1.7.0", "summary": "piwigo -- Multible Vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "tomcat7" }, "ranges": [ { "events": [ { "fixed": "7.0.104" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "tomcat85" }, "ranges": [ { "events": [ { "fixed": "8.5.55" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "tomcat9" }, "ranges": [ { "events": [ { "fixed": "9.0.35" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "tomcat-devel" }, "ranges": [ { "events": [ { "fixed": "10.0.0.M5" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "discovery": "2020-05-12T00:00:00Z", "references": { "cvename": [ "CVE-2020-9484" ] }, "vid": "676ca486-9c1e-11ea-8b5e-b42e99a1b9c3" }, "details": "The Apache Software Foundation reports:\n\nUnder certain circumstances an attacker will be able to trigger remote\ncode execution via deserialization of the file under their control\n", "id": "FreeBSD-2020-0122", "modified": "2020-05-22T00:00:00Z", "published": "2020-05-22T00:00:00Z", "references": [ { "type": "WEB", "url": "http://tomcat.apache.org/security-7.html" }, { "type": "WEB", "url": "http://tomcat.apache.org/security-8.html" }, { "type": "WEB", "url": "http://tomcat.apache.org/security-9.html" }, { "type": "WEB", "url": "http://tomcat.apache.org/security-10.html" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-9484" } ], "schema_version": "1.7.0", "summary": "Apache Tomcat Remote Code Execution via session persistence" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "unbound" }, "ranges": [ { "events": [ { "fixed": "1.10.1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "FreeBSD" }, "ranges": [ { "events": [ { "introduced": "12.1" }, { "fixed": "12.1_7" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "11.4" }, { "fixed": "11.4_1" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "11.3" }, { "fixed": "11.3_11" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://lists.nlnetlabs.nl/pipermail/unbound-users/2020-May/006833.html" ], "discovery": "2020-05-19T00:00:00Z", "references": { "cvename": [ "CVE-2020-12662", "CVE-2020-12663" ], "freebsdsa": [ "SA-20:19.unbound" ] }, "vid": "a2cb7c31-9c79-11ea-a9c2-d05099c0ae8c" }, "details": "NLNetLabs reports:\n\n> This release fixes CVE-2020-12662 and CVE-2020-12663.\n>\n> Bug Fixes:\n>\n> - CVE-2020-12662 Unbound can be tricked into amplifying an incoming\n> query into a large number of queries directed to a target.\n> - CVE-2020-12663 Malformed answers from upstream name servers can be\n> used to make Unbound unresponsive.\n", "id": "FreeBSD-2020-0121", "modified": "2020-07-10T00:00:00Z", "published": "2020-05-22T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://lists.nlnetlabs.nl/pipermail/unbound-users/2020-May/006833.html" }, { "type": "WEB", "url": "https://lists.nlnetlabs.nl/pipermail/unbound-users/2020-May/006833.html" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-12662" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-12663" }, { "type": "ADVISORY", "url": "https://www.freebsd.org/security/advisories/FreeBSD-SA-20:19.unbound.asc" } ], "schema_version": "1.7.0", "summary": "unbound -- mutliple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "drupal7" }, "ranges": [ { "events": [ { "fixed": "7.70" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "drupal8" }, "ranges": [ { "events": [ { "fixed": "8.8.6" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://www.drupal.org/project/drupal/releases/7.70" ], "discovery": "2020-05-20T00:00:00Z", "vid": "c5ec57a9-9c2b-11ea-82b8-4c72b94353b5" }, "details": "Drupal Security Team reports:\n\n> The jQuery project released version 3.5.0, and as part of that,\n> disclosed two security vulnerabilities that affect all prior versions.\n> As mentioned in the jQuery blog, both are: \\... Security issues in\n> jQuerys DOM manipulation methods, as in .html(), .append(), and the\n> others. Security advisories for both of these issues have been\n> published on GitHub.\n>\n> Drupal 7 has an Open Redirect vulnerability. For example, a user could\n> be tricked into visiting a specially crafted link which would redirect\n> them to an arbitrary external URL. The vulnerability is caused by\n> insufficient validation of the destination query parameter in the\n> drupal_goto() function.\n", "id": "FreeBSD-2020-0120", "modified": "2020-05-22T00:00:00Z", "published": "2020-05-22T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://www.drupal.org/project/drupal/releases/7.70" }, { "type": "WEB", "url": "https://www.drupal.org/sa-core-2020-002" }, { "type": "WEB", "url": "https://www.drupal.org/sa-core-2020-003" } ], "schema_version": "1.7.0", "summary": "drupal -- Multiple Vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "zabbix3-server" }, "ranges": [ { "events": [ { "fixed": "3.0.31" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "zabbix3-proxy" }, "ranges": [ { "events": [ { "fixed": "3.0.31" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://www.zabbix.com/rn/rn3.0.31" ], "discovery": "2020-04-15T00:00:00Z", "references": { "cvename": [ "CVE-2020-11800" ] }, "vid": "4d11d37e-9a8d-11ea-b9b8-641c67a117d8" }, "details": "Zabbix reports:\n\n> Fixed security vulnerability cve-2020-11800 (remote code execution).\n> (ZBX-17600)\n", "id": "FreeBSD-2020-0119", "modified": "2020-05-20T00:00:00Z", "published": "2020-05-20T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://www.zabbix.com/rn/rn3.0.31" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-11800" }, { "type": "WEB", "url": "https://www.zabbix.com/rn/rn3.0.31" }, { "type": "WEB", "url": "https://support.zabbix.com/browse/ZBX-17600" } ], "schema_version": "1.7.0", "summary": "Zabbix -- Remote code execution" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "rubygem-actionpack52" }, "ranges": [ { "events": [ { "fixed": "5.2.4.3" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "rubygem-actionview52" }, "ranges": [ { "events": [ { "fixed": "5.2.4.3" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "rubygem-activestorage52" }, "ranges": [ { "events": [ { "fixed": "5.2.4.3" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "rubygem-activesupport52" }, "ranges": [ { "events": [ { "fixed": "5.2.4.3" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "rubygem-actionpack60" }, "ranges": [ { "events": [ { "fixed": "6.0.3.1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "rubygem-actionview60" }, "ranges": [ { "events": [ { "fixed": "6.0.3.1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "rubygem-activestorage60" }, "ranges": [ { "events": [ { "fixed": "6.0.3.1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "rubygem-activesupport60" }, "ranges": [ { "events": [ { "fixed": "6.0.3.1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://weblog.rubyonrails.org/2020/5/18/Rails-5-2-4-3-and-6-0-3-1-have-been-released/" ], "discovery": "2020-05-18T00:00:00Z", "references": { "cvename": [ "CVE-2020-8162", "CVE-2020-8164", "CVE-2020-8165", "CVE-2020-8166", "CVE-2020-8167" ] }, "vid": "85fca718-99f6-11ea-bf1d-08002728f74c" }, "details": "Ruby on Rails blog:\n\n> Hi everyone! Rails 5.2.4.3 and 6.0.3.1 have been released! These\n> releases contain important security fixes, so please upgrade when you\n> can.\n>\n> Both releases contain the following fixes:\n>\n> CVE-2020-8162: Circumvention of file size limits in ActiveStorage\n>\n> CVE-2020-8164: Possible Strong Parameters Bypass in ActionPack\n>\n> CVE-2020-8165: Potentially unintended unmarshalling of user-provided\n> objects in MemCacheStore and RedisCacheStore\n>\n> CVE-2020-8166: Ability to forge per-form CSRF tokens given a global\n> CSRF token\n>\n> CVE-2020-8167: CSRF Vulnerability in rails-ujs\n", "id": "FreeBSD-2020-0118", "modified": "2020-05-19T00:00:00Z", "published": "2020-05-19T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://weblog.rubyonrails.org/2020/5/18/Rails-5-2-4-3-and-6-0-3-1-have-been-released/" }, { "type": "WEB", "url": "https://weblog.rubyonrails.org/2020/5/18/Rails-5-2-4-3-and-6-0-3-1-have-been-released/" }, { "type": "WEB", "url": "https://groups.google.com/forum/#!topic/rubyonrails-security/PjU3946mreQ" }, { "type": "WEB", "url": "https://groups.google.com/forum/#!topic/rubyonrails-security/f6ioe4sdpbY" }, { "type": "WEB", "url": "https://groups.google.com/forum/#!topic/rubyonrails-security/bv6fW4S0Y1c" }, { "type": "WEB", "url": "https://groups.google.com/forum/#!topic/rubyonrails-security/NOjKiGeXUgw" }, { "type": "WEB", "url": "https://groups.google.com/forum/#!topic/rubyonrails-security/x9DixQDG9a0" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-8162" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-8164" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-8165" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-8166" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-8167" } ], "schema_version": "1.7.0", "summary": "Rails -- multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "dovecot" }, "ranges": [ { "events": [ { "fixed": "2.3.10.1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://dovecot.org/pipermail/dovecot-news/2020-May/000438.html" ], "discovery": "2020-04-02T00:00:00Z", "references": { "cvename": [ "CVE-2020-10957", "CVE-2020-10958", "CVE-2020-10967" ] }, "vid": "37d106a8-15a4-483e-8247-fcb68b16eaf8" }, "details": "Aki Tuomi reports:\n\n> Vulnerability Details: Sending malformed NOOP command causes crash in\n> submission, submission-login or lmtp service. Risk: Remote attacker\n> can keep submission-login service down, causing denial of service\n> attack. For lmtp the risk is neglible, as lmtp is usually behind a\n> trusted MTA. Steps to reproduce: Send \\`\\`NOOP EE\\\"FY\\`\\` to\n> submission port, or similarly malformed command.\n>\n> Vulnerability Details: Sending command followed by sufficient number\n> of newlines triggers a use-after-free bug that might crash\n> submission-login, submission or lmtp service. Risk: Remote attacker\n> can keep submission-login service down, causing denial of service\n> attack. For lmtp the risk is neglible, as lmtp is usually behind a\n> trusted MTA. Steps to reproduce: This can be currently reproduced with\n> ASAN or Valgrind. Reliable way to crash has not yet been discovered.\n>\n> Vulnerability Details: Sending mail with empty quoted localpart causes\n> submission or lmtp component to crash. Risk: Malicious actor can cause\n> denial of service to mail delivery by repeatedly sending mails with\n> bad sender or recipient address. Steps to reproduce: Send mail with\n> envelope sender or recipient as \\<\\\"\\\"@example.org\\>. Workaround: For\n> submission there is no workaround, but triggering the bug requires\n> valid credentials. For lmtp, one can implement sufficient filtering on\n> MTA level to prevent mails with such addresses from ending up in LMTP\n> delivery.\n", "id": "FreeBSD-2020-0117", "modified": "2020-05-18T00:00:00Z", "published": "2020-05-18T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://dovecot.org/pipermail/dovecot-news/2020-May/000438.html" }, { "type": "WEB", "url": "https://dovecot.org/pipermail/dovecot-news/2020-May/000438.html" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-10957" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-10958" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-10967" } ], "schema_version": "1.7.0", "summary": "Dovecot -- Multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "clamav" }, "ranges": [ { "events": [ { "fixed": "0.102.3,1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://blog.clamav.net/2020/05/clamav-01023-security-patch-released.html" ], "discovery": "2020-05-12T00:00:00Z", "references": { "cvename": [ "CVE-2020-3327", "CVE-2020-3341" ] }, "vid": "91ce95d5-cd15-4105-b942-af5ccc7144c1" }, "details": "Micah Snyder reports:\n\n> CVE-2020-3327: Fixed a vulnerability in the ARJ archive-parsing module\n> in ClamAV 0.102.2 that could cause a denial-of-service condition.\n> Improper bounds checking of an unsigned variable results in an\n> out-of-bounds read which causes a crash. Special thanks to Daehui\n> Chang and Fady Othman for helping identify the ARJ parsing\n> vulnerability.\n>\n> CVE-2020-3341: Fixed a vulnerability in the PDF-parsing module in\n> ClamAV 0.101 - 0.102.2 that could cause a denial-of-service condition.\n> Improper size checking of a buffer used to initialize AES decryption\n> routines results in an out-of-bounds read, which may cause a crash.\n> OSS-Fuzz discovered this vulnerability.\n", "id": "FreeBSD-2020-0116", "modified": "2020-05-14T00:00:00Z", "published": "2020-05-14T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://blog.clamav.net/2020/05/clamav-01023-security-patch-released.html" }, { "type": "WEB", "url": "https://blog.clamav.net/2020/05/clamav-01023-security-patch-released.html" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-3327" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-3341" } ], "schema_version": "1.7.0", "summary": "clamav -- multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "rubygem-actionview4" }, "ranges": [ { "events": [ { "fixed": "4.2.11.2" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://weblog.rubyonrails.org/2020/5/16/rails-4-2-11-3-has-been-released/" ], "discovery": "2020-05-15T00:00:00Z", "references": { "cvename": [ "CVE-2020-8163" ] }, "vid": "ce6db19b-976e-11ea-93c4-08002728f74c" }, "details": "Ruby on Rails blog:\n\n> Due to an unfortunate oversight, Rails 4.2.11.2 has a missing constant\n> error. To address this Rails 4.2.11.3 has been released.\n>\n> The original announcement for CVE-2020-8163 has a follow-up message\n> with an updated patch if you're unable to use the gems.\n", "id": "FreeBSD-2020-0115", "modified": "2020-05-16T00:00:00Z", "published": "2020-05-16T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://weblog.rubyonrails.org/2020/5/16/rails-4-2-11-3-has-been-released/" }, { "type": "WEB", "url": "https://weblog.rubyonrails.org/2020/5/16/rails-4-2-11-3-has-been-released/" }, { "type": "WEB", "url": "https://groups.google.com/forum/#!topic/rubyonrails-security/hWuKcHyoKh0" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-8163" } ], "schema_version": "1.7.0", "summary": "Rails -- remote code execution vulnerability" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "py27-salt" }, "ranges": [ { "events": [ { "fixed": "2019.2.4" }, { "introduced": "0" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "3000" }, { "fixed": "3000.2" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "py32-salt" }, "ranges": [ { "events": [ { "fixed": "2019.2.4" }, { "introduced": "0" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "3000" }, { "fixed": "3000.2" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "py33-salt" }, "ranges": [ { "events": [ { "fixed": "2019.2.4" }, { "introduced": "0" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "3000" }, { "fixed": "3000.2" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "py34-salt" }, "ranges": [ { "events": [ { "fixed": "2019.2.4" }, { "introduced": "0" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "3000" }, { "fixed": "3000.2" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "py35-salt" }, "ranges": [ { "events": [ { "fixed": "2019.2.4" }, { "introduced": "0" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "3000" }, { "fixed": "3000.2" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "py36-salt" }, "ranges": [ { "events": [ { "fixed": "2019.2.4" }, { "introduced": "0" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "3000" }, { "fixed": "3000.2" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "py37-salt" }, "ranges": [ { "events": [ { "fixed": "2019.2.4" }, { "introduced": "0" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "3000" }, { "fixed": "3000.2" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "py38-salt" }, "ranges": [ { "events": [ { "fixed": "2019.2.4" }, { "introduced": "0" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "3000" }, { "fixed": "3000.2" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://labs.f-secure.com/advisories/saltstack-authorization-bypass" ], "discovery": "2020-04-30T00:00:00Z", "references": { "cvename": [ "CVE-2020-11651", "CVE-2020-11652" ] }, "vid": "6bf55af9-973b-11ea-9f2c-38d547003487" }, "details": "F-Secure reports:\n\n> ### CVE-2020-11651 - Authentication bypass vulnerabilities\n>\n> The ClearFuncs class processes unauthenticated requests and\n> unintentionally exposes the \\_send_pub() method, which can be used to\n> queue messages directly on the master publish server. Such messages\n> can be used to trigger minions to run arbitrary commands as root.\n>\n> The ClearFuncs class also exposes the method \\_prep_auth_info(), which\n> returns the \\\"root key\\\" used to authenticate commands from the local\n> root user on the master server. This \\\"root key\\\" can then be used to\n> remotely call administrative commands on the master server. This\n> unintentional exposure provides a remote un-authenticated attacker\n> with root-equivalent access to the salt master.\n>\n> ### CVE-2020-11652 - Directory traversal vulnerabilities\n>\n> The wheel module contains commands used to read and write files under\n> specific directory paths. The inputs to these functions are\n> concatenated with the target directory and the resulting path is not\n> canonicalized, leading to an escape of the intended path restriction.\n>\n> The get_token() method of the salt.tokens.localfs class (which is\n> exposed to unauthenticated requests by the ClearFuncs class) fails to\n> sanitize the token input parameter which is then used as a filename,\n> allowing insertion of \\\"..\\\" path elements and thus reading of files\n> outside of the intended directory. The only restriction is that the\n> file has to be deserializable by salt.payload.Serial.loads().\n", "id": "FreeBSD-2020-0114", "modified": "2020-05-16T00:00:00Z", "published": "2020-05-16T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://labs.f-secure.com/advisories/saltstack-authorization-bypass" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-11651" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-11652" }, { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-11651" }, { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-11652" }, { "type": "WEB", "url": "https://docs.saltstack.com/en/latest/topics/releases/2019.2.4.html" }, { "type": "WEB", "url": "https://labs.f-secure.com/advisories/saltstack-authorization-bypass" }, { "type": "WEB", "url": "https://blog.f-secure.com/new-vulnerabilities-make-exposed-salt-hosts-easy-targets/" }, { "type": "WEB", "url": "https://www.tenable.com/blog/cve-2020-11651-cve-2020-11652-critical-salt-framework-vulnerabilities-exploited-in-the-wild" } ], "schema_version": "1.7.0", "summary": "salt -- multiple vulnerabilities in salt-master process" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "json-c" }, "ranges": [ { "events": [ { "fixed": "0.14" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://github.com/json-c/json-c/pull/592" ], "discovery": "2020-05-02T00:00:00Z", "references": { "cvename": [ "CVE-2020-12762" ] }, "vid": "abc3ef37-95d4-11ea-9004-25fadb81abf4" }, "details": "Tobias St\u00f6ckmann reports:\n\n> I have discovered a way to trigger an out of boundary write while\n> parsing a huge json file through a malicious input source. It can be\n> triggered if an attacker has control over the input stream or if a\n> huge load during filesystem operations can be triggered.\n", "id": "FreeBSD-2020-0113", "modified": "2020-05-17T00:00:00Z", "published": "2020-05-14T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://github.com/json-c/json-c/pull/592" }, { "type": "WEB", "url": "https://github.com/json-c/json-c/pull/592" }, { "type": "WEB", "url": "https://github.com/json-c/json-c/pull/599" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-12762" } ], "schema_version": "1.7.0", "summary": "json-c -- integer overflow and out-of-bounds write via a large JSON file" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "typo3-9-php72" }, "ranges": [ { "events": [ { "fixed": "9.5.17" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "typo3-9-php73" }, "ranges": [ { "events": [ { "fixed": "9.5.17" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "typo3-9-php74" }, "ranges": [ { "events": [ { "fixed": "9.5.17" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "typo3-10-php72" }, "ranges": [ { "events": [ { "fixed": "10.4.2" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "typo3-10-php73" }, "ranges": [ { "events": [ { "fixed": "10.4.2" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "typo3-10-php74" }, "ranges": [ { "events": [ { "fixed": "10.4.2" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://typo3.org/article/typo3-1042-and-9517-security-releases-published" ], "discovery": "2020-05-12T00:00:00Z", "references": { "cvename": [ "CVE-2020-11063", "CVE-2020-11064", "CVE-2020-11065", "CVE-2020-11066", "CVE-2020-11067", "CVE-2020-11069" ] }, "vid": "59fabdf2-9549-11ea-9448-08002728f74c" }, "details": "Typo3 News:\n\n> CVE-2020-11063: TYPO3-CORE-SA-2020-001: Information Disclosure in\n> Password Reset\n>\n> It has been discovered that time-based attacks can be used with the\n> password reset functionality for backend users. This allows an\n> attacker to verify whether a backend user account with a given email\n> address exists or not.\n>\n> CVE-2020-11064: TYPO3-CORE-SA-2020-002: Cross-Site Scripting in Form\n> Engine\n>\n> It has been discovered that HTML placeholder attributes containing\n> data of other database records are vulnerable to cross-site scripting.\n> A valid backend user account is needed to exploit this vulnerability.\n>\n> CVE-2020-11065: TYPO3-CORE-SA-2020-003: Cross-Site Scripting in Link\n> Handling\n>\n> It has been discovered that link tags generated by typolink\n> functionality are vulnerable to cross-site scripting - properties\n> being assigned as HTML attributes have not been parsed correctly.\n>\n> CVE-2020-11066: TYPO3-CORE-SA-2020-004: Class destructors causing\n> side-effects when being unserialized\n>\n> Calling unserialize() on malicious user-submitted content can result\n> in the following scenarios:\n>\n> \\- trigger deletion of arbitrary directory in file system (if writable\n> for web server)\n>\n> \\- trigger message submission via email using identity of web site\n> (mail relay)\n>\n> Another insecure deserialization vulnerability is required to actually\n> exploit mentioned aspects.\n>\n> CVE-2020-11067: TYPO3-CORE-SA-2020-005: Insecure Deserialization in\n> Backend User Settings\n>\n> It has been discovered that backend user settings (in \\$BE_USER-\\>uc)\n> are vulnerable to insecure deserialization. In combination with\n> vulnerabilities of 3rd party components this can lead to remote code\n> execution. A valid backend user account is needed to exploit this\n> vulnerability.\n>\n> CVE-2020-11069: TYPO3-CORE-SA-2020-006: Same-Site Request Forgery to\n> Backend User Interface\n>\n> It has been discovered that the backend user interface and install\n> tool are vulnerable to same-site request forgery. A backend user can\n> be tricked into interacting with a malicious resource an attacker\n> previously managed to upload to the web server - scripts are then\n> executed with the privileges of the victims' user session.\n>\n> In a worst case scenario new admin users can be created which can\n> directly be used by an attacker. The vulnerability is basically a\n> cross-site request forgery (CSRF) triggered by a cross-site scripting\n> vulnerability (XSS) - but happens on the same target host - thus, it'\n> actually a same-site request forgery (SSRF).\n>\n> Malicious payload such as HTML containing JavaScript might be provided\n> by either an authenticated backend user or by a non-authenticated user\n> using a 3rd party extension - e.g. file upload in a contact form with\n> knowing the target location.\n>\n> The attacked victim requires an active and valid backend or install\n> tool user session at the time of the attack to be successful.\n", "id": "FreeBSD-2020-0112", "modified": "2020-05-13T00:00:00Z", "published": "2020-05-13T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://typo3.org/article/typo3-1042-and-9517-security-releases-published" }, { "type": "WEB", "url": "https://typo3.org/article/typo3-1042-and-9517-security-releases-published" }, { "type": "WEB", "url": "https://get.typo3.org/release-notes/9.5.17" }, { "type": "WEB", "url": "https://get.typo3.org/release-notes/10.4.2" }, { "type": "WEB", "url": "https://typo3.org/security/advisory/typo3-core-sa-2020-001" }, { "type": "WEB", "url": "https://typo3.org/security/advisory/typo3-core-sa-2020-002" }, { "type": "WEB", "url": "https://typo3.org/security/advisory/typo3-core-sa-2020-003" }, { "type": "WEB", "url": "https://typo3.org/security/advisory/typo3-core-sa-2020-004" }, { "type": "WEB", "url": "https://typo3.org/security/advisory/typo3-core-sa-2020-005" }, { "type": "WEB", "url": "https://typo3.org/security/advisory/typo3-core-sa-2020-006" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-11063" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-11064" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-11065" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-11066" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-11067" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-11069" } ], "schema_version": "1.7.0", "summary": "typo3 -- multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:kernel", "name": "FreeBSD-kernel" }, "ranges": [ { "events": [ { "introduced": "12.1" }, { "fixed": "12.1_5" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "discovery": "2020-01-20T00:00:00Z", "references": { "cvename": [ "CVE-2019-15879" ], "freebsdsa": [ "SA-20:15.cryptodev" ] }, "vid": "0bfcae0b-947f-11ea-92ab-00163e433440" }, "details": "# Problem Description:\n\nRequests to create cryptography sessions using a MAC did not validate\nthe user-supplied MAC key length. The cryptodev module allocates a\nbuffer whose size is this user-suppled length.\n\n# Impact:\n\nAn unprivileged process can trigger a kernel panic.\n", "id": "FreeBSD-2020-0111", "modified": "2020-05-12T00:00:00Z", "published": "2020-05-12T00:00:00Z", "references": [ { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-15879" }, { "type": "ADVISORY", "url": "https://www.freebsd.org/security/advisories/FreeBSD-SA-20:15.cryptodev.asc" } ], "schema_version": "1.7.0", "summary": "FreeBSD -- Insufficient cryptodev MAC key length check" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:kernel", "name": "FreeBSD-kernel" }, "ranges": [ { "events": [ { "introduced": "12.1" }, { "fixed": "12.1_5" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "11.3" }, { "fixed": "11.3_9" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "discovery": "2020-01-20T00:00:00Z", "references": { "cvename": [ "CVE-2019-15879" ], "freebsdsa": [ "SA-20:15.cryptodev" ] }, "vid": "9f15c2da-947e-11ea-92ab-00163e433440" }, "details": "# Problem Description:\n\nA race condition permitted a data structure in the kernel to be used\nafter it was freed by the cryptodev module.\n\n# Impact:\n\nAn unprivileged process can overwrite arbitrary kernel memory.\n", "id": "FreeBSD-2020-0110", "modified": "2020-05-12T00:00:00Z", "published": "2020-05-12T00:00:00Z", "references": [ { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-15879" }, { "type": "ADVISORY", "url": "https://www.freebsd.org/security/advisories/FreeBSD-SA-20:15.cryptodev.asc" } ], "schema_version": "1.7.0", "summary": "FreeBSD -- Use after free in cryptodev module" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:kernel", "name": "FreeBSD-kernel" }, "ranges": [ { "events": [ { "introduced": "11.3" }, { "fixed": "11.3_9" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "discovery": "2019-09-19T00:00:00Z", "references": { "cvename": [ "CVE-2019-15878" ], "freebsdsa": [ "SA-20:14.sctp" ] }, "vid": "253486f5-947d-11ea-92ab-00163e433440" }, "details": "# Problem Description:\n\nThe SCTP layer does improper checking when an application tries to\nupdate a shared key. Therefore an unprivileged local user can trigger a\nuse-after- free situation, for example by specific sequences of updating\nshared keys and closing the SCTP association.\n\n# Impact:\n\nTriggering the use-after-free situation may result in unintended kernel\nbehaviour including a kernel panic.\n", "id": "FreeBSD-2020-0109", "modified": "2020-05-12T00:00:00Z", "published": "2020-05-12T00:00:00Z", "references": [ { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-15878" }, { "type": "ADVISORY", "url": "https://www.freebsd.org/security/advisories/FreeBSD-SA-20:14.sctp.asc" } ], "schema_version": "1.7.0", "summary": "FreeBSD -- Improper checking in SCTP-AUTH shared key update" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:kernel", "name": "FreeBSD-kernel" }, "ranges": [ { "events": [ { "introduced": "12.1" }, { "fixed": "12.1_5" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "11.4" }, { "fixed": "11.4_1" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "11.3" }, { "fixed": "11.3_9" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "discovery": "2020-05-12T00:00:00Z", "references": { "cvename": [ "CVE-2020-7455" ], "freebsdsa": [ "SA-20:13.libalias" ] }, "vid": "78992249-947c-11ea-92ab-00163e433440" }, "details": "# Problem Description:\n\nThe FTP packet handler in libalias incorrectly calculates some packet\nlengths. This may result in disclosing small amounts of memory from the\nkernel (for the in-kernel NAT implementation) or from the process space\nfor natd (for the userspace implementation).\n\n# Impact:\n\nA malicious attacker could send specially constructed packets that\nexploit the erroneous calculation allowing the attacker to disclose\nsmall amount of memory either from the kernel (for the in-kernel NAT\nimplementation) or from the process space for natd (for the userspace\nimplementation).\n", "id": "FreeBSD-2020-0108", "modified": "2020-05-12T00:00:00Z", "published": "2020-05-12T00:00:00Z", "references": [ { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-7455" }, { "type": "ADVISORY", "url": "https://www.freebsd.org/security/advisories/FreeBSD-SA-20:13.libalias.asc" } ], "schema_version": "1.7.0", "summary": "FreeBSD -- Memory disclosure vulnerability in libalias" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:kernel", "name": "FreeBSD-kernel" }, "ranges": [ { "events": [ { "introduced": "12.1" }, { "fixed": "12.1_5" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "11.4" }, { "fixed": "11.4_1" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "11.3" }, { "fixed": "11.3_9" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "discovery": "2020-05-12T00:00:00Z", "references": { "cvename": [ "CVE-2020-7454" ], "freebsdsa": [ "SA-20:12.libalias" ] }, "vid": "30ce591c-947b-11ea-92ab-00163e433440" }, "details": "# Problem Description:\n\nlibalias(3) packet handlers do not properly validate the packet length\nbefore accessing the protocol headers. As a result, if a libalias(3)\nmodule does not properly validate the packet length before accessing the\nprotocol header, it is possible for an out of bound read or write\ncondition to occur.\n\n# Impact:\n\nA malicious attacker could send specially constructed packets that\nexploit the lack of validation allowing the attacker to read or write\nmemory either from the kernel (for the in-kernel NAT implementation) or\nfrom the process space for natd (for the userspace implementation).\n", "id": "FreeBSD-2020-0107", "modified": "2020-05-12T00:00:00Z", "published": "2020-05-12T00:00:00Z", "references": [ { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-7454" }, { "type": "ADVISORY", "url": "https://www.freebsd.org/security/advisories/FreeBSD-SA-20:12.libalias.asc" } ], "schema_version": "1.7.0", "summary": "FreeBSD -- Insufficient packet length validation in libalias" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "qutebrowser" }, "ranges": [ { "events": [ { "fixed": "1.11.1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://github.com/qutebrowser/qutebrowser/security/advisories/GHSA-4rcq-jv2f-898j" ], "discovery": "2020-05-02T00:00:00Z", "references": { "cvename": [ "CVE-2020-11054" ] }, "vid": "452d16bb-920d-11ea-9d20-18a6f7016652" }, "details": "Qutebrowser developers report:\n\n> After a certificate error was overridden by the user, qutebrowser\n> displays the URL as yellow (colors.statusbar.url.warn.fg). However,\n> when the affected website was subsequently loaded again, the URL was\n> mistakenly displayed as green (colors.statusbar.url.success_https).\n> While the user already has seen a certificate error prompt at this\n> point (or set content.ssl_strict to false which is not recommended),\n> this could still provide a false sense of security.\n", "id": "FreeBSD-2020-0106", "modified": "2020-05-09T00:00:00Z", "published": "2020-05-09T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://github.com/qutebrowser/qutebrowser/security/advisories/GHSA-4rcq-jv2f-898j" }, { "type": "WEB", "url": "https://github.com/qutebrowser/qutebrowser/security/advisories/GHSA-4rcq-jv2f-898j" }, { "type": "WEB", "url": "https://github.com/qutebrowser/qutebrowser/issues/5403" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-11054" } ], "schema_version": "1.7.0", "summary": "qutebrowser -- Reloading page with certificate errors shows a green URL" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "python27" }, "ranges": [ { "events": [ { "fixed": "2.7.18" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "python38" }, "ranges": [ { "events": [ { "fixed": "3.8.3" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "python37" }, "ranges": [ { "events": [ { "last_affected": "3.7.7" }, { "fixed": "3.7.7" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "python36" }, "ranges": [ { "events": [ { "fixed": "3.6.10" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "python35" }, "ranges": [ { "events": [ { "last_affected": "3.5.9_4" }, { "fixed": "3.5.9_4" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18348" ], "discovery": "2019-10-24T00:00:00Z", "references": { "cvename": [ "CVE-2019-18348" ] }, "vid": "ca595a25-91d8-11ea-b470-080027846a02" }, "details": "Python reports:\n\n> An issue was discovered in urllib2 in Python 2.x through 2.7.17 and\n> urllib in Python 3.x through 3.8.0. CRLF injection is possible if the\n> attacker controls a url parameter, as demonstrated by the first\n> argument to urllib.request.urlopen with \\\\r\\\\n (specifically in the\n> host component of a URL) followed by an HTTP header.\n", "id": "FreeBSD-2020-0105", "modified": "2020-06-13T00:00:00Z", "published": "2020-05-09T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18348" }, { "type": "ADVISORY", "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18348" }, { "type": "WEB", "url": "https://bugs.python.org/issue38576" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-18348" } ], "schema_version": "1.7.0", "summary": "Python -- CRLF injection via the host part of the url passed to urlopen()" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "glpi" }, "ranges": [ { "events": [ { "fixed": "9.4.3,1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13239" ], "discovery": "2019-02-25T00:00:00Z", "references": { "cvename": [ "CVE-2019-13239" ] }, "vid": "d222241d-91cc-11ea-82b8-4c72b94353b5" }, "details": "MITRE Corporation reports:\n\n> inc/user.class.php in GLPI before 9.4.3 allows XSS via a user picture.\n", "id": "FreeBSD-2020-0104", "modified": "2024-04-25T00:00:00Z", "published": "2020-05-09T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13239" }, { "type": "WEB", "url": "https://github.com/glpi-project/glpi/commit/c2aa7a7cd6af28be3809acc7e7842d2d2008c0fb" }, { "type": "WEB", "url": "https://www.synacktiv.com/ressources/advisories/GLPI_9.4.0_stored_XSS.pdf" }, { "type": "ADVISORY", "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13239" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-13239" } ], "schema_version": "1.7.0", "summary": "glpi -- stored XSS" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "zeek" }, "ranges": [ { "events": [ { "fixed": "3.0.6" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://raw.githubusercontent.com/zeek/zeek/v3.0.6/NEWS" ], "discovery": "2020-05-06T00:00:00Z", "vid": "1a6b7641-aed2-4ba1-96f4-c282d5b09c37" }, "details": "Jon Siwek of Corelight reports:\n\n> This release fixes the following security issues:\n>\n> - Fix buffer over-read in Ident analyzer\n> - Fix SSL scripting error leading to uninitialized field access and\n> memory leak\n> - Fix POP3 analyzer global buffer over-read\n> - Fix potential stack overflows due to use of Variable-Length-Arrays\n", "id": "FreeBSD-2020-0103", "modified": "2020-05-06T00:00:00Z", "published": "2020-05-06T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://raw.githubusercontent.com/zeek/zeek/v3.0.6/NEWS" }, { "type": "WEB", "url": "https://raw.githubusercontent.com/zeek/zeek/v3.0.6/NEWS" } ], "schema_version": "1.7.0", "summary": "zeek -- Various vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "py35-wagtail" }, "ranges": [ { "events": [ { "fixed": "2.7.3" }, { "introduced": "0" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "2.8" }, { "fixed": "2.8.2" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "py36-wagtail" }, "ranges": [ { "events": [ { "fixed": "2.7.3" }, { "introduced": "0" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "2.8" }, { "fixed": "2.8.2" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "py37-wagtail" }, "ranges": [ { "events": [ { "fixed": "2.7.3" }, { "introduced": "0" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "2.8" }, { "fixed": "2.8.2" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "py38-wagtail" }, "ranges": [ { "events": [ { "fixed": "2.7.3" }, { "introduced": "0" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "2.8" }, { "fixed": "2.8.2" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://docs.wagtail.io/en/latest/releases/2.8.2.html" ], "discovery": "2020-05-04T00:00:00Z", "references": { "cvename": [ "CVE-2020-11037" ] }, "vid": "d5fead4f-8efa-11ea-a5c8-08002728f74c" }, "details": "Wagtail release notes:\n\n> CVE-2020-11037: Potential timing attack on password-protected private\n> pages\n>\n> This release addresses a potential timing attack on pages or documents\n> that have been protected with a shared password through Wagtail\\'s\n> \\\"Privacy\\\" controls. This password check is performed through a\n> character-by-character string comparison, and so an attacker who is\n> able to measure the time taken by this check to a high degree of\n> accuracy could potentially use timing differences to gain knowledge of\n> the password. (This is understood to be feasible on a local network,\n> but not on the public internet.)\n", "id": "FreeBSD-2020-0102", "modified": "2020-05-05T00:00:00Z", "published": "2020-05-05T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://docs.wagtail.io/en/latest/releases/2.8.2.html" }, { "type": "WEB", "url": "https://docs.wagtail.io/en/latest/releases/2.8.2.html" }, { "type": "WEB", "url": "https://github.com/wagtail/wagtail/security/advisories/GHSA-jjjr-3jcw-f8v6" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-11037" } ], "schema_version": "1.7.0", "summary": "Wagtail -- potential timing attack vulnerability" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "mailman" }, "ranges": [ { "events": [ { "fixed": "2.1.30_4" }, { "introduced": "0" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "2.1.31" }, { "fixed": "2.1.33" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "mailman-with-htdig" }, "ranges": [ { "events": [ { "fixed": "2.1.30_4" }, { "introduced": "0" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "2.1.31" }, { "fixed": "2.1.33" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://bazaar.launchpad.net/~mailman-coders/mailman/2.1/view/1845/NEWS#L8", "https://bugs.launchpad.net/mailman/+bug/1873722", "https://bugs.launchpad.net/mailman/+bug/1877379" ], "discovery": "2020-04-20T00:00:00Z", "references": { "cvename": [ "CVE-2018-13796" ] }, "vid": "88760f4d-8ef7-11ea-a66d-4b2ef158be83" }, "details": "Mark Sapiro reports:\n\n> A content injection vulnerability via the options login page has been\n> discovered and reported by Vishal Singh.\n\n> An issue similar to CVE-2018-13796 exists at different endpoint &\n> param. It can lead to a phishing attack.\n\n> (added 2020-05-07) This is essentially the same as\n> https://bugs.launchpad.net/mailman/+bug/1873722 except the vector is\n> the private archive login page and the attack only succeeds if the\n> list\\'s roster visibility (private_roster) setting is \\'Anyone\\'.\n", "id": "FreeBSD-2020-0101", "modified": "2020-05-07T00:00:00Z", "published": "2020-05-07T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://bazaar.launchpad.net/~mailman-coders/mailman/2.1/view/1845/NEWS#L8" }, { "type": "REPORT", "url": "https://bugs.launchpad.net/mailman/+bug/1873722" }, { "type": "REPORT", "url": "https://bugs.launchpad.net/mailman/+bug/1877379" }, { "type": "WEB", "url": "https://bazaar.launchpad.net/~mailman-coders/mailman/2.1/view/1845/NEWS#L8" }, { "type": "WEB", "url": "https://bugs.launchpad.net/mailman/+bug/1873722" }, { "type": "WEB", "url": "https://bugs.launchpad.net/mailman/+bug/1877379" }, { "type": "WEB", "url": "https://mail.python.org/archives/list/mailman-developers@python.org/thread/SYBIZ3MNSQZLKN6PVKO7ZKR7QMOBMS45/" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-13796" } ], "schema_version": "1.7.0", "summary": "mailman -- arbitrary content injection vulnerability via options or private archive login pages" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "cacti" }, "ranges": [ { "events": [ { "fixed": "1.2.12" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://sourceforge.net/p/cacti/mailman/message/37000502/" ], "discovery": "2020-04-16T00:00:00Z", "references": { "cvename": [ "CVE-2020-7106" ], "freebsdpr": [ "ports/246164" ] }, "vid": "cd864f1a-8e5a-11ea-b5b4-641c67a117d8" }, "details": "Cacti developer reports:\n\n> Lack of escaping of color items can lead to XSS exposure.\n", "id": "FreeBSD-2020-0100", "modified": "2020-05-04T00:00:00Z", "published": "2020-05-04T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://sourceforge.net/p/cacti/mailman/message/37000502/" }, { "type": "WEB", "url": "https://sourceforge.net/p/cacti/mailman/message/37000502/" }, { "type": "WEB", "url": "https://github.com/Cacti/cacti/blob/release/1.2.12/CHANGELOG" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-7106" }, { "type": "REPORT", "url": "https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=246164" } ], "schema_version": "1.7.0", "summary": "cacti -- XSS exposure" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "squid" }, "ranges": [ { "events": [ { "fixed": "4.10" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "http://lists.squid-cache.org/pipermail/squid-announce/2020-February/000107.html" ], "discovery": "2020-02-10T00:00:00Z", "references": { "cvename": [ "CVE-2020-8449", "CVE-2020-8450", "CVE-2019-12528", "CVE-2020-8517" ], "freebsdpr": [ "ports/244026" ] }, "vid": "57c1c2ee-7914-11ea-90bf-0800276545c1" }, "details": "The Squid developers reports:\n\n> Improper Input Validation issues in HTTP Request processing\n> (CVE-2020-8449, CVE-2020-8450).\n>\n> Information Disclosure issue in FTP Gateway (CVE-2019-12528).\n>\n> Buffer Overflow issue in ext_lm_group_acl helper (CVE-2020-8517).\n", "id": "FreeBSD-2020-0099", "modified": "2020-04-07T00:00:00Z", "published": "2020-04-07T00:00:00Z", "references": [ { "type": "REPORT", "url": "http://lists.squid-cache.org/pipermail/squid-announce/2020-February/000107.html" }, { "type": "WEB", "url": "http://lists.squid-cache.org/pipermail/squid-announce/2020-February/000107.html" }, { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-8449" }, { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-8450" }, { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-12528" }, { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-8517" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-8449" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-8450" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-12528" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-8517" }, { "type": "REPORT", "url": "https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=244026" } ], "schema_version": "1.7.0", "summary": "Squid -- multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "taglib" }, "ranges": [ { "events": [ { "fixed": "1.12.b.1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://seclists.org/fulldisclosure/2018/May/49" ], "discovery": "2018-05-28T00:00:00Z", "references": { "cvename": [ "CVE-2018-11439" ] }, "vid": "d3f3e818-8d10-11ea-8668-e0d55e2a8bf9" }, "details": "Webin security lab - dbapp security Ltd reports:\n\n> The TagLib::Ogg::FLAC::File::scan function in oggflacfile.cpp in\n> TagLib 1.11.1 allows remote attackers to cause information disclosure\n> (heap-based buffer over-read) via a crafted audio file.\n", "id": "FreeBSD-2020-0098", "modified": "2020-05-03T00:00:00Z", "published": "2020-05-03T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://seclists.org/fulldisclosure/2018/May/49" }, { "type": "WEB", "url": "https://seclists.org/fulldisclosure/2018/May/49" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-11439" } ], "schema_version": "1.7.0", "summary": "taglib -- heap-based buffer over-read via a crafted audio file" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "gitlab-ce" }, "ranges": [ { "events": [ { "introduced": "12.10.0" }, { "fixed": "12.10.2" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "12.9.0" }, { "fixed": "12.9.5" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "8.4.0" }, { "fixed": "12.8.10" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://about.gitlab.com/releases/2020/04/30/security-release-12-10-2-released/" ], "discovery": "2020-04-30T00:00:00Z", "references": { "cvename": [ "CVE-2020-12448", "CVE-2020-10187", "CVE-2020-7595", "CVE-2020-1967", "CVE-2020-11008" ] }, "vid": "e8483115-8b8e-11ea-bdcf-001b217b3468" }, "details": "Gitlab reports:\n\n> Path Traversal in NuGet Package Registry\n>\n> Workhorse Bypass Leads to File Disclosure\n>\n> OAuth Application Client Secrets Revealed\n>\n> Code Owners Approval Rules Are Not Updated for Existing Merge Requests\n> When Source Branch Changes\n>\n> Code Owners Protection Not Enforced from Web UI\n>\n> Repository Mirror Passwords Exposed To Maintainers\n>\n> Admin Audit Log Page Denial of Service\n>\n> Private Project ID Revealed Through Group API\n>\n> Elasticsearch Credentials Logged to ELK\n>\n> GitHub Personal Access Token Exposed on Integrations Page\n>\n> Update Nokogiri dependency\n>\n> Update OpenSSL Dependency\n>\n> Update git\n", "id": "FreeBSD-2020-0097", "modified": "2020-05-01T00:00:00Z", "published": "2020-05-01T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://about.gitlab.com/releases/2020/04/30/security-release-12-10-2-released/" }, { "type": "WEB", "url": "https://about.gitlab.com/releases/2020/04/30/security-release-12-10-2-released/" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-12448" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-10187" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-7595" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-1967" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-11008" } ], "schema_version": "1.7.0", "summary": "Gitlab -- Multiple Vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "vlc" }, "ranges": [ { "events": [ { "fixed": "3.0.10,4" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://www.videolan.org/security/sb-vlc309.html" ], "discovery": "2020-04-01T00:00:00Z", "vid": "4a10902f-8a48-11ea-8668-e0d55e2a8bf9" }, "details": "VideoLAN reports:\n\n> ### Details\n>\n> A remote user could:\n>\n> - Create a specifically crafted image file that could trigger an out\n> of bounds read\n> - Send a specifically crafter request to the microdns service\n> discovery, potentially triggering various memory management issues\n>\n> ### Impact\n>\n> If successful, a malicious third party could trigger either a crash of\n> VLC or an arbitratry code execution with the privileges of the target\n> user.\n>\n> While these issues in themselves are most likely to just crash the\n> player, we can\\'t exclude that they could be combined to leak user\n> informations or remotely execute code. ASLR and DEP help reduce the\n> likelyness of code execution, but may be bypassed.\n>\n> We have not seen exploits performing code execution through these\n> vulnerabilities\n>\n> CVE-2019-19721 affects VLC 3.0.8 and earlier, and only reads 1 byte\n> out of bound\n", "id": "FreeBSD-2020-0096", "modified": "2020-04-29T00:00:00Z", "published": "2020-04-29T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://www.videolan.org/security/sb-vlc309.html" }, { "type": "WEB", "url": "https://www.videolan.org/security/sb-vlc309.html" } ], "schema_version": "1.7.0", "summary": "vlc -- Multiple vulnerabilities fixed in VLC media player" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "samba410" }, "ranges": [ { "events": [ { "fixed": "4.10.15" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "samba411" }, "ranges": [ { "events": [ { "fixed": "4.11.8" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "samba412" }, "ranges": [ { "events": [ { "fixed": "4.12.2" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://www.samba.org/samba/history/samba-4.12.2.html" ], "discovery": "2020-04-29T00:00:00Z", "references": { "cvename": [ "CVE-2020-10700", "CVE-2020-10704" ] }, "vid": "3c7911c9-8a29-11ea-8d8c-005056a311d1" }, "details": "The Samba Team reports:\n\n> CVE-2020-10700\n>\n> A client combining the \\'ASQ\\' and \\'Paged Results\\' LDAP controls can\n> cause a use-after-free in Samba\\'s AD DC LDAP server.\n>\n> CVE-2020-10704\n>\n> A deeply nested filter in an un-authenticated LDAP search can exhaust\n> the LDAP server\\'s stack memory causing a SIGSEGV.\n", "id": "FreeBSD-2020-0095", "modified": "2020-04-29T00:00:00Z", "published": "2020-04-29T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://www.samba.org/samba/history/samba-4.12.2.html" }, { "type": "WEB", "url": "https://www.samba.org/samba/history/samba-4.12.2.html" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-10700" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-10704" } ], "schema_version": "1.7.0", "summary": "samba -- multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "ceph14" }, "ranges": [ { "events": [ { "introduced": "14.1.1,1" }, { "fixed": "14.2.9" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://access.redhat.com/security/cve/cve-2020-1759", "https://access.redhat.com/security/cve/cve-2020-1760" ], "discovery": "2020-04-07T00:00:00Z", "references": { "cvename": [ "CVE-2020-1759", "CVE-2020-1760" ] }, "vid": "5b6bc863-89dc-11ea-af8b-00155d0a0200" }, "details": "RedHat reports:\n\n> ceph: secure mode of msgr2 breaks both confidentiality and integrity\n> aspects for long-lived sessions.\n\n> ceph: header-splitting in RGW GetObject has a possible XSS.\n", "id": "FreeBSD-2020-0094", "modified": "2020-04-14T00:00:00Z", "published": "2020-04-14T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://access.redhat.com/security/cve/cve-2020-1759" }, { "type": "REPORT", "url": "https://access.redhat.com/security/cve/cve-2020-1760" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-1759" }, { "type": "WEB", "url": "https://www.openwall.com/lists/oss-security/2020/04/07/2" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-1760" }, { "type": "WEB", "url": "https://www.openwall.com/lists/oss-security/2020/04/07/1" } ], "schema_version": "1.7.0", "summary": "ceph14 -- multiple security issues" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "openldap24-server" }, "ranges": [ { "events": [ { "fixed": "2.4.50" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://bugs.openldap.org/show_bug.cgi?id=9202" ], "discovery": "2020-04-28T00:00:00Z", "references": { "cvename": [ "CVE-2020-12243" ] }, "vid": "c7617931-8985-11ea-93ef-b42e99a1b9c3" }, "details": "Howard Chu reports:\n\n> nested filters leads to stack overflow\n", "id": "FreeBSD-2020-0093", "modified": "2020-04-28T00:00:00Z", "published": "2020-04-28T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://bugs.openldap.org/show_bug.cgi?id=9202" }, { "type": "WEB", "url": "https://bugs.openldap.org/show_bug.cgi?id=9202" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-12243" } ], "schema_version": "1.7.0", "summary": "nested filters leads to stack overflow" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "py27-yaml" }, "ranges": [ { "events": [ { "fixed": "5.3.1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "py35-yaml" }, "ranges": [ { "events": [ { "fixed": "5.3.1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "py36-yaml" }, "ranges": [ { "events": [ { "fixed": "5.3.1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "py37-yaml" }, "ranges": [ { "events": [ { "fixed": "5.3.1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "py38-yaml" }, "ranges": [ { "events": [ { "fixed": "5.3.1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://bugzilla.redhat.com/show_bug.cgi?id=1807367" ], "discovery": "2020-03-02T00:00:00Z", "references": { "cvename": [ "CVE-2020-1747" ], "freebsdpr": [ "ports/245937" ] }, "vid": "aae8fecf-888e-11ea-9714-08002718de91" }, "details": "Riccardo Schirone (https://github.com/ret2libc) reports:\n\n> In FullLoader python/object/new constructor, implemented by\n> construct_python_object_apply, has support for setting the state of a\n> deserialized instance through the set_python_instance_state method.\n> After setting the state, some operations are performed on the instance\n> to complete its initialization, however it is possible for an attacker\n> to set the instance\\' state in such a way that arbitrary code is\n> executed by the FullLoader.\n>\n> This patch tries to block such attacks in FullLoader by preventing\n> set_python_instance_state from setting arbitrar properties. It\n> implements a blacklist that includes extend method (called by\n> construct_python_object_apply) and all special methods (e.g.\n> \\_\\_set\\_\\_, \\_\\_setitem\\_\\_, etc.).\n>\n> Users who need special attributes being set in the state of a\n> deserialized object can still do it through the UnsafeLoader, which\n> however should not be used on untrusted input. Additionally, they can\n> subclass FullLoader and redefine state_blacklist_regexp to include the\n> additional attributes they need, passing the subclassed loader to\n> yaml.load.\n", "id": "FreeBSD-2020-0092", "modified": "2020-04-29T00:00:00Z", "published": "2020-04-27T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1807367" }, { "type": "REPORT", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1807367" }, { "type": "WEB", "url": "https://github.com/yaml/pyyaml/pull/386" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-1747" }, { "type": "REPORT", "url": "https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=245937" } ], "schema_version": "1.7.0", "summary": "py-yaml -- FullLoader (still) exploitable for arbitrary command execution" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "py27-bleach" }, "ranges": [ { "events": [ { "fixed": "3.1.4" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "py35-bleach" }, "ranges": [ { "events": [ { "fixed": "3.1.4" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "py36-bleach" }, "ranges": [ { "events": [ { "fixed": "3.1.4" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "py37-bleach" }, "ranges": [ { "events": [ { "fixed": "3.1.4" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "py38-bleach" }, "ranges": [ { "events": [ { "fixed": "3.1.4" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://github.com/mozilla/bleach/security/advisories/GHSA-vqhp-cxgc-6wmm" ], "discovery": "2019-03-09T00:00:00Z", "references": { "cvename": [ "CVE-2020-6817" ], "freebsdpr": [ "ports/245943" ] }, "vid": "4c52ec3c-86f3-11ea-b5b4-641c67a117d8" }, "details": "Bleach developers reports:\n\n> bleach.clean behavior parsing style attributes could result in a\n> regular expression denial of service (ReDoS).\n>\n> Calls to bleach.clean with an allowed tag with an allowed style\n> attribute are vulnerable to ReDoS. For example, bleach.clean(\\...,\n> attributes={\\'a\\': \\[\\'style\\'\\]}).\n", "id": "FreeBSD-2020-0091", "modified": "2020-04-26T00:00:00Z", "published": "2020-04-26T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://github.com/mozilla/bleach/security/advisories/GHSA-vqhp-cxgc-6wmm" }, { "type": "WEB", "url": "https://github.com/mozilla/bleach/security/advisories/GHSA-vqhp-cxgc-6wmm" }, { "type": "REPORT", "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1623633" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-6817" }, { "type": "REPORT", "url": "https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=245943" } ], "schema_version": "1.7.0", "summary": "py-bleach -- regular expression denial-of-service" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "mariadb101-server" }, "ranges": [ { "events": [ { "fixed": "10.1.45" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "mariadb102-server" }, "ranges": [ { "events": [ { "fixed": "10.2.32" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "mariadb103-server" }, "ranges": [ { "events": [ { "fixed": "10.3.23" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "mariadb104-server" }, "ranges": [ { "events": [ { "fixed": "10.4.13" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "mysql56-server" }, "ranges": [ { "events": [ { "fixed": "5.6.48" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "mysql57-server" }, "ranges": [ { "events": [ { "fixed": "5.7.30" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "mysql80-server" }, "ranges": [ { "events": [ { "fixed": "8.0.20" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "percona55-server" }, "ranges": [ { "events": [ { "fixed": "5.5.68" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "percona56-server" }, "ranges": [ { "events": [ { "fixed": "5.6.48" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "percona57-server" }, "ranges": [ { "events": [ { "fixed": "5.7.30" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://www.oracle.com/security-alerts/cpujan2020.html#AppendixMSQL" ], "discovery": "2020-04-14T00:00:00Z", "references": { "cvename": [ "CVE-2019-5482", "CVE-2019-15601", "CVE-2020-2780", "CVE-2020-2790", "CVE-2020-2768", "CVE-2020-2804", "CVE-2020-2760", "CVE-2020-2806", "CVE-2020-2762", "CVE-2020-2814", "CVE-2020-2893", "CVE-2020-2895", "CVE-2020-2898", "CVE-2020-2903", "CVE-2020-2896", "CVE-2020-2770", "CVE-2020-2765", "CVE-2020-2892", "CVE-2020-2897", "CVE-2020-2923", "CVE-2020-2924", "CVE-2020-2901", "CVE-2020-2928", "CVE-2020-2904", "CVE-2020-2925", "CVE-2020-2759", "CVE-2020-2763", "CVE-2020-2761", "CVE-2020-2774", "CVE-2020-2853", "CVE-2020-2779", "CVE-2020-2812", "CVE-2019-1547", "CVE-2020-2926", "CVE-2020-2921", "CVE-2020-2930" ] }, "vid": "21d59ea3-8559-11ea-a5e2-d4c9ef517024" }, "details": "Oracle reports:\n\n> This Critical Patch Update contains 45 new security patches for Oracle\n> MySQL. 9 of these vulnerabilities may be remotely exploitable without\n> authentication, i.e., may be exploited over a network without\n> requiring user credentials.\n>\n> MariaDB reports 4 of these vulnerabilities exist in their software\n", "id": "FreeBSD-2020-0090", "modified": "2020-05-16T00:00:00Z", "published": "2020-04-23T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://www.oracle.com/security-alerts/cpujan2020.html#AppendixMSQL" }, { "type": "WEB", "url": "https://www.oracle.com/security-alerts/cpujan2020.html" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-5482" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-15601" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-2780" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-2790" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-2768" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-2804" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-2760" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-2806" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-2762" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-2814" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-2893" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-2895" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-2898" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-2903" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-2896" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-2770" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-2765" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-2892" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-2897" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-2923" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-2924" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-2901" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-2928" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-2904" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-2925" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-2759" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-2763" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-2761" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-2774" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-2853" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-2779" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-2812" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-1547" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-2926" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-2921" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-2930" } ], "schema_version": "1.7.0", "summary": "MySQL Server -- Multiple vulerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "mysql56-client" }, "ranges": [ { "events": [ { "fixed": "5.6.48" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "mysql57-client" }, "ranges": [ { "events": [ { "fixed": "5.7.30" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "mysql80-client" }, "ranges": [ { "events": [ { "fixed": "8.0.20" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "mysql-connector-c" }, "ranges": [ { "events": [ { "fixed": "8.0.20" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "mysql-connector-c++" }, "ranges": [ { "events": [ { "fixed": "8.0.20" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "mysql-connector-java" }, "ranges": [ { "events": [ { "fixed": "8.0.20" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "percona55-client" }, "ranges": [ { "events": [ { "fixed": "5.5.68" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "percona56-client" }, "ranges": [ { "events": [ { "fixed": "5.6.48" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "percona57-client" }, "ranges": [ { "events": [ { "fixed": "5.7.30" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://www.oracle.com/security-alerts/cpujan2020.html#AppendixMSQL" ], "discovery": "2020-04-14T00:00:00Z", "references": { "cvename": [ "CVE-2020-2752", "CVE-2020-2934", "CVE-2020-2875", "CVE-2020-2922", "CVE-2020-2933" ] }, "vid": "622b5c47-855b-11ea-a5e2-d4c9ef517024" }, "details": "Oracle reports:\n\n> This Critical Patch Update contains 45 new security patches for Oracle\n> MySQL. 9 of these vulnerabilities may be remotely exploitable without\n> authentication, i.e., may be exploited over a network without\n> requiring user credentials.\n", "id": "FreeBSD-2020-0089", "modified": "2020-04-23T00:00:00Z", "published": "2020-04-23T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://www.oracle.com/security-alerts/cpujan2020.html#AppendixMSQL" }, { "type": "WEB", "url": "https://www.oracle.com/security-alerts/cpujan2020.html" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-2752" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-2934" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-2875" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-2922" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-2933" } ], "schema_version": "1.7.0", "summary": "MySQL Client -- Multiple vulerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "nextcloud" }, "ranges": [ { "events": [ { "fixed": "18.0.4" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://nextcloud.com/security/advisories/" ], "discovery": "2020-03-18T00:00:00Z", "vid": "afa018d9-8557-11ea-a5e2-d4c9ef517024" }, "details": "Nextcloud reports:\n\n> XSS in Files PDF viewer (NC-SA-2020-019)\n>\n> Missing ownership check on remote wipe endpoint (NC-SA-2020-018)\n", "id": "FreeBSD-2020-0088", "modified": "2020-04-23T00:00:00Z", "published": "2020-04-23T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://nextcloud.com/security/advisories/" }, { "type": "WEB", "url": "https://nextcloud.com/security/advisories/" }, { "type": "WEB", "url": "https://nextcloud.com/security/advisory/?id=NC-SA-2020-018" }, { "type": "WEB", "url": "https://nextcloud.com/security/advisory/?id=NC-SA-2020-019" } ], "schema_version": "1.7.0", "summary": "Nextcloud -- multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "python38" }, "ranges": [ { "events": [ { "fixed": "3.8.3" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "python37" }, "ranges": [ { "events": [ { "last_affected": "3.7.7" }, { "fixed": "3.7.7" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "python36" }, "ranges": [ { "events": [ { "fixed": "3.6.10" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "python35" }, "ranges": [ { "events": [ { "last_affected": "3.5.9_4" }, { "fixed": "3.5.9_4" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "python27" }, "ranges": [ { "events": [ { "fixed": "2.7.18" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://python-security.readthedocs.io/vuln/urllib-basic-auth-regex.html" ], "discovery": "2019-11-17T00:00:00Z", "references": { "cvename": [ "CVE-2020-8492" ], "freebsdpr": [ "ports/245819" ] }, "vid": "a27b0bb6-84fc-11ea-b5b4-641c67a117d8" }, "details": "Ben Caller and Matt Schwager reports:\n\n> Python 2.7 through 2.7.17, 3.5 through 3.5.9, 3.6 through 3.6.10, 3.7\n> through 3.7.6, and 3.8 through 3.8.1 allows an HTTP server to conduct\n> Regular Expression Denial of Service (ReDoS) attacks against a client\n> because of urllib.request.AbstractBasicAuthHandler catastrophic\n> backtracking.\n", "id": "FreeBSD-2020-0087", "modified": "2020-06-13T00:00:00Z", "published": "2020-04-23T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://python-security.readthedocs.io/vuln/urllib-basic-auth-regex.html" }, { "type": "WEB", "url": "https://python-security.readthedocs.io/vuln/urllib-basic-auth-regex.html" }, { "type": "WEB", "url": "https://bugs.python.org/issue39503" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-8492" }, { "type": "REPORT", "url": "https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=245819" } ], "schema_version": "1.7.0", "summary": "Python -- Regular Expression DoS attack against client" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "py35-wagtail" }, "ranges": [ { "events": [ { "fixed": "2.7.2" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "py36-wagtail" }, "ranges": [ { "events": [ { "fixed": "2.7.2" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "py37-wagtail" }, "ranges": [ { "events": [ { "fixed": "2.7.2" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "py38-wagtail" }, "ranges": [ { "events": [ { "fixed": "2.7.2" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://docs.wagtail.io/en/latest/releases/2.7.2.html" ], "discovery": "2020-04-03T00:00:00Z", "references": { "cvename": [ "CVE-2020-11001" ] }, "vid": "8d85d600-84a9-11ea-97b9-08002728f74c" }, "details": "Wagtail release notes:\n\n> CVE-2020-11001: Possible XSS attack via page revision comparison view\n>\n> This release addresses a cross-site scripting (XSS) vulnerability on\n> the page revision comparison view within the Wagtail admin interface.\n> A user with a limited-permission editor account for the Wagtail admin\n> could potentially craft a page revision history that, when viewed by a\n> user with higher privileges, could perform actions with that user\n> credentials. The vulnerability is not exploitable by an ordinary site\n> visitor without access to the Wagtail admin.\n", "id": "FreeBSD-2020-0086", "modified": "2020-04-22T00:00:00Z", "published": "2020-04-22T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://docs.wagtail.io/en/latest/releases/2.7.2.html" }, { "type": "WEB", "url": "https://docs.wagtail.io/en/latest/releases/2.7.2.html" }, { "type": "ADVISORY", "url": "https://github.com/advisories/GHSA-v2wc-pfq2-5cm6" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-11001" } ], "schema_version": "1.7.0", "summary": "Wagtail -- XSS vulnerability" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "libntlm" }, "ranges": [ { "events": [ { "fixed": "1.6" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://nvd.nist.gov/vuln/detail/CVE-2019-17455" ], "discovery": "2019-10-08T00:00:00Z", "references": { "cvename": [ "CVE-2019-17455" ] }, "vid": "0f798bd6-8325-11ea-9a78-08002728f74c" }, "details": "NVD reports:\n\n> Libntlm through 1.5 relies on a fixed buffer size for\n> tSmbNtlmAuthRequest, tSmbNtlmAuthChallenge, and tSmbNtlmAuthResponse\n> read and write operations, as demonstrated by a stack-based buffer\n> over-read in buildSmbNtlmAuthRequest in smbutil.c for a crafted NTLM\n> request.\n", "id": "FreeBSD-2020-0085", "modified": "2020-04-21T00:00:00Z", "published": "2020-04-21T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-17455" }, { "type": "WEB", "url": "https://gitlab.com/jas/libntlm/-/issues/2" }, { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-17455" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-17455" } ], "schema_version": "1.7.0", "summary": "libntlm -- buffer overflow vulnerability" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "FreeBSD" }, "ranges": [ { "events": [ { "introduced": "12.1" }, { "fixed": "12.1_4" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "openssl" }, "ranges": [ { "events": [ { "introduced": "1.1.1,1" }, { "fixed": "1.1.1g,1" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "discovery": "2020-04-21T00:00:00Z", "references": { "cvename": [ "CVE-2020-1967" ], "freebsdsa": [ "SA-20:11.openssl" ] }, "vid": "012809ce-83f3-11ea-92ab-00163e433440" }, "details": "# Problem Description:\n\nServer or client applications that call the SSL_check_chain() function\nduring or after a TLS 1.3 handshake may crash due to a NULL pointer\ndereference as a result of incorrect handling of the\n\\\"signature_algorithms_cert\\\" TLS extension. The crash occurs if an\ninvalid or unrecognized signature algorithm is received from the peer.\n\n# Impact:\n\nA malicious peer could exploit the NULL pointer dereference crash,\ncausing a denial of service attack.\n", "id": "FreeBSD-2020-0084", "modified": "2020-04-22T00:00:00Z", "published": "2020-04-21T00:00:00Z", "references": [ { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-1967" }, { "type": "ADVISORY", "url": "https://www.freebsd.org/security/advisories/FreeBSD-SA-20:11.openssl.asc" }, { "type": "WEB", "url": "https://www.openssl.org/news/secadv/20200421.txt" } ], "schema_version": "1.7.0", "summary": "OpenSSL remote denial of service vulnerability" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:kernel", "name": "FreeBSD-kernel" }, "ranges": [ { "events": [ { "introduced": "12.1" }, { "fixed": "12.1_4" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "11.3" }, { "fixed": "11.3_8" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "discovery": "2020-04-21T00:00:00Z", "references": { "cvename": [ "CVE-2019-5614", "CVE-2019-15874" ], "freebsdsa": [ "SA-20:10.ipfw" ] }, "vid": "33edcc56-83f2-11ea-92ab-00163e433440" }, "details": "# Problem Description:\n\nIncomplete packet data validation may result in accessing out-of-bounds\nmemory (CVE-2019-5614) or may access memory after it has been freed\n(CVE-2019-15874).\n\n# Impact:\n\nAccess to out of bounds or freed mbuf data can lead to a kernel panic or\nother unpredictable results.\n", "id": "FreeBSD-2020-0083", "modified": "2020-04-21T00:00:00Z", "published": "2020-04-21T00:00:00Z", "references": [ { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-5614" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-15874" }, { "type": "ADVISORY", "url": "https://www.freebsd.org/security/advisories/FreeBSD-SA-20:10.ipfw.asc" } ], "schema_version": "1.7.0", "summary": "FreeBSD -- ipfw invalid mbuf handling" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "py27-twisted" }, "ranges": [ { "events": [ { "fixed": "20.3.0" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "py35-twisted" }, "ranges": [ { "events": [ { "fixed": "20.3.0" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "py36-twisted" }, "ranges": [ { "events": [ { "fixed": "20.3.0" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "py37-twisted" }, "ranges": [ { "events": [ { "fixed": "20.3.0" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "py38-twisted" }, "ranges": [ { "events": [ { "fixed": "20.3.0" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://github.com/twisted/twisted/blob/twisted-20.3.0/NEWS.rst" ], "discovery": "2019-03-01T00:00:00Z", "references": { "cvename": [ "CVE-2019-12387", "CVE-2019-9512", "CVE-2019-9514", "CVE-2019-9515", "CVE-2020-10108", "CVE-2020-10109" ], "freebsdpr": [ "ports/245252" ] }, "vid": "9fbaefb3-837e-11ea-b5b4-641c67a117d8" }, "details": "Twisted developers reports:\n\n> All HTTP clients in twisted.web.client now raise a ValueError when\n> called with a method and/or URL that contain invalid characters. This\n> mitigates CVE-2019-12387. Thanks to Alex Brasetvik for reporting this\n> vulnerability.\n>\n> The HTTP/2 server implementation now enforces TCP flow control on\n> control frame messages and times out clients that send invalid data\n> without reading responses. This closes CVE-2019-9512 (Ping Flood),\n> CVE-2019-9514 (Reset Flood), and CVE-2019-9515 (Settings Flood).\n> Thanks to Jonathan Looney and Piotr Sikora.\n>\n> twisted.web.http was subject to several request smuggling attacks.\n> Requests with multiple Content-Length headers were allowed\n> (CVE-2020-10108, thanks to Jake Miller from Bishop Fox and ZeddYu Lu\n> for reporting this) and now fail with a 400; requests with a\n> Content-Length header and a Transfer-Encoding header honored the first\n> header (CVE-2020-10109, thanks to Jake Miller from Bishop Fox for\n> reporting this) and now fail with a 400; requests whose\n> Transfer-Encoding header had a value other than \\\"chunked\\\" and\n> \\\"identity\\\" (thanks to ZeddYu Lu) were allowed and now fail with a\n> 400.\n", "id": "FreeBSD-2020-0082", "modified": "2020-04-21T00:00:00Z", "published": "2020-04-21T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://github.com/twisted/twisted/blob/twisted-20.3.0/NEWS.rst" }, { "type": "WEB", "url": "https://github.com/twisted/twisted/blob/twisted-20.3.0/NEWS.rst" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-12387" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-9512" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-9514" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-9515" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-10108" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-10109" }, { "type": "REPORT", "url": "https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=245252" } ], "schema_version": "1.7.0", "summary": "py-twisted -- multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "libssh" }, "ranges": [ { "events": [ { "introduced": "0.8.0" }, { "fixed": "0.8.9" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "0.9.0" }, { "fixed": "0.9.4" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://www.libssh.org/security/advisories/CVE-2020-1730.txt" ], "discovery": "2020-01-25T00:00:00Z", "references": { "cvename": [ "CVE-2020-1730" ] }, "vid": "3d7dfd63-823b-11ea-b3a8-240a644dd835" }, "details": "The libssh team reports (originally reported by Yasheng Yang from\nGoogle):\n\n> A malicious client or server could crash the counterpart implemented\n> with libssh AES-CTR ciphers are used and don\\'t get fully initialized.\n> It will crash when it tries to cleanup the AES-CTR ciphers when\n> closing the connection.\n", "id": "FreeBSD-2020-0081", "modified": "2020-04-19T00:00:00Z", "published": "2020-04-19T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://www.libssh.org/security/advisories/CVE-2020-1730.txt" }, { "type": "WEB", "url": "https://www.libssh.org/security/advisories/CVE-2020-1730.txt\"" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-1730" } ], "schema_version": "1.7.0", "summary": "Client/server denial of service when handling AES-CTR ciphers" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "webkit2-gtk3" }, "ranges": [ { "events": [ { "fixed": "2.28.1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://webkitgtk.org/security/WSA-2020-0004.html" ], "discovery": "2020-04-16T00:00:00Z", "references": { "cvename": [ "CVE-2020-11793" ] }, "vid": "e418b8f0-9abb-420b-a7f1-1d8231b352e2" }, "details": "The WebKitGTK project reports the following vulnerability.\n\n> Processing maliciously crafted web content may lead to arbitrary code\n> execution or application crash (denial of service). Description: A\n> memory corruption issue (use-after-free) was addressed with improved\n> memory handling.\n", "id": "FreeBSD-2020-0080", "modified": "2020-04-18T00:00:00Z", "published": "2020-04-18T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://webkitgtk.org/security/WSA-2020-0004.html" }, { "type": "WEB", "url": "https://webkitgtk.org/security/WSA-2020-0004.html" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-11793" } ], "schema_version": "1.7.0", "summary": "webkit2-gtk3 -- Denial of service" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "drupal8" }, "ranges": [ { "events": [ { "fixed": "8.8.4" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://www.drupal.org/sa-core-2020-001" ], "discovery": "2020-03-18T00:00:00Z", "vid": "e24fd421-8128-11ea-aa57-000ffec73f06" }, "details": "Drupal Security Team reports:\n\n> The Drupal project uses the third-party library CKEditor, which has\n> released a security improvement that is needed to protect some Drupal\n> configurations.\n>\n> Vulnerabilities are possible if Drupal is configured to use the\n> WYSIWYG CKEditor for your site\\'s users. An attacker that can createor\n> edit content may be able to exploit this Cross Site Scripting (XSS)\n> vulnerability to target users with access to the WYSIWYG CKEditor, and\n> this may include site admins with privileged access.\n>\n> The latest versions of Drupal update CKEditor to 4.14 to mitigate the\n> vulnerabilities.\n", "id": "FreeBSD-2020-0079", "modified": "2020-04-17T00:00:00Z", "published": "2020-04-17T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://www.drupal.org/sa-core-2020-001" }, { "type": "WEB", "url": "https://www.drupal.org/sa-core-2020-001" } ], "schema_version": "1.7.0", "summary": "drupal -- Drupal Core - Moderately critical - Third-party library" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "ansible" }, "ranges": [ { "events": [ { "fixed": "2.8.9" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "ansible27" }, "ranges": [ { "events": [ { "fixed": "2.7.17" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "ansible26" }, "ranges": [ { "events": [ { "fixed": "2.7.17" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "ansible25" }, "ranges": [ { "events": [ { "fixed": "2.7.17" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "ansible24" }, "ranges": [ { "events": [ { "fixed": "2.7.17" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "ansible23" }, "ranges": [ { "events": [ { "fixed": "2.7.17" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1740" ], "discovery": "2020-02-12T00:00:00Z", "references": { "cvename": [ "CVE-2020-1740" ] }, "vid": "ae2e7871-80f6-11ea-bafd-815569f3852d" }, "details": "Borja Tarraso reports:\n\n> A flaw was found in Ansible Engine when using Ansible Vault for\n> editing encrypted files. When a user executes \\\"ansible-vault edit\\\",\n> another user on the same computer can read the old and new secret, as\n> it is created in a temporary file with mkstemp and the returned file\n> descriptor is closed and the method write_data is called to write the\n> existing secret in the file. This method will delete the file before\n> recreating it insecurely. All versions in 2.7.x, 2.8.x and 2.9.x\n> branches are believed to be vulnerable.\n", "id": "FreeBSD-2020-0078", "modified": "2020-04-17T00:00:00Z", "published": "2020-04-17T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1740" }, { "type": "REPORT", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1740" }, { "type": "WEB", "url": "https://github.com/ansible/ansible/issues/67798" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-1740" } ], "schema_version": "1.7.0", "summary": "ansible - Vault password leak from temporary file" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "ansible" }, "ranges": [ { "events": [ { "fixed": "2.8.9" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "ansible27" }, "ranges": [ { "events": [ { "fixed": "2.7.17" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "ansible26" }, "ranges": [ { "events": [ { "fixed": "2.7.17" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "ansible25" }, "ranges": [ { "events": [ { "fixed": "2.7.17" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "ansible24" }, "ranges": [ { "events": [ { "fixed": "2.7.17" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "ansible23" }, "ranges": [ { "events": [ { "fixed": "2.7.17" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1739" ], "discovery": "2020-02-12T00:00:00Z", "references": { "cvename": [ "CVE-2020-1739" ] }, "vid": "67dbeeb6-80f4-11ea-bafd-815569f3852d" }, "details": "Borja Tarraso reports:\n\n> A flaw was found in Ansible 2.7.16 and prior, 2.8.8 and prior, and\n> 2.9.5 and prior when a password is set with the argument \\\"password\\\"\n> of svn module, it is used on svn command line, disclosing to other\n> users within the same node. An attacker could take advantage by\n> reading the cmdline file from that particular PID on the procfs.\n", "id": "FreeBSD-2020-0077", "modified": "2020-04-17T00:00:00Z", "published": "2020-04-17T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1739" }, { "type": "REPORT", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1739" }, { "type": "WEB", "url": "https://github.com/ansible/ansible/issues/67797" }, { "type": "WEB", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FWDK3QUVBULS3Q3PQTGEKUQYPSNOU5M3/" }, { "type": "WEB", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QT27K5ZRGDPCH7GT3DRI3LO4IVDVQUB7/" }, { "type": "WEB", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U3IMV3XEIUXL6S4KPLYYM4TVJQ2VNEP2/" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-1739" } ], "schema_version": "1.7.0", "summary": "ansible - subversion password leak from PID" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "ansible" }, "ranges": [ { "events": [ { "fixed": "2.8.9" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "ansible27" }, "ranges": [ { "events": [ { "fixed": "2.7.17" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "ansible26" }, "ranges": [ { "events": [ { "fixed": "2.7.17" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "ansible25" }, "ranges": [ { "events": [ { "fixed": "2.7.17" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "ansible24" }, "ranges": [ { "events": [ { "fixed": "2.7.17" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "ansible23" }, "ranges": [ { "events": [ { "fixed": "2.7.17" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1737" ], "discovery": "2020-02-12T00:00:00Z", "references": { "cvename": [ "CVE-2020-1737" ] }, "vid": "0899c0d3-80f2-11ea-bafd-815569f3852d" }, "details": "Borja Tarraso reports:\n\n> A flaw was found in Ansible 2.7.17 and prior, 2.8.9 and prior, and\n> 2.9.6 and prior when using the Extract-Zip function from the win_unzip\n> module as the extracted file(s) are not checked if they belong to the\n> destination folder. An attacker could take advantage of this flaw by\n> crafting an archive anywhere in the file system, using a path\n> traversal. This issue is fixed in 2.10.\n", "id": "FreeBSD-2020-0076", "modified": "2020-04-17T00:00:00Z", "published": "2020-04-17T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1737" }, { "type": "REPORT", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1737" }, { "type": "WEB", "url": "https://github.com/ansible/ansible/issues/67795" }, { "type": "WEB", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FWDK3QUVBULS3Q3PQTGEKUQYPSNOU5M3/" }, { "type": "WEB", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QT27K5ZRGDPCH7GT3DRI3LO4IVDVQUB7/" }, { "type": "WEB", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U3IMV3XEIUXL6S4KPLYYM4TVJQ2VNEP2/" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-1737" } ], "schema_version": "1.7.0", "summary": "ansible - win_unzip path normalization" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "chromium" }, "ranges": [ { "events": [ { "fixed": "81.0.4044.113" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://chromereleases.googleblog.com/2020/04/stable-channel-update-for-desktop_15.html" ], "discovery": "2020-04-15T00:00:00Z", "references": { "cvename": [ "CVE-2020-6457" ] }, "vid": "25efe05c-7ffc-11ea-b594-3065ec8fd3ec" }, "details": "Google Chrome Releases reports:\n\n> \\[1067851\\] Critical CVE-2020-6457: Use after free in speech\n> recognizer. Reported by Leecraso and Guang Gong of Alpha Lab, Qihoo\n> 360 on 2020-04-04\n", "id": "FreeBSD-2020-0075", "modified": "2020-04-16T00:00:00Z", "published": "2020-04-16T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://chromereleases.googleblog.com/2020/04/stable-channel-update-for-desktop_15.html" }, { "type": "WEB", "url": "https://chromereleases.googleblog.com/2020/04/stable-channel-update-for-desktop_15.html" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-6457" } ], "schema_version": "1.7.0", "summary": "chromium -- use after free" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "openvpn" }, "ranges": [ { "events": [ { "fixed": "2.4.8_3" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "openvpn-mbedtls" }, "ranges": [ { "events": [ { "fixed": "2.4.8_3" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "openvpn-devel" }, "ranges": [ { "events": [ { "fixed": "202016" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://github.com/OpenVPN/openvpn/commit/f7b318f811bb43c0d3aa7f337ec6242ed2c33881" ], "discovery": "2020-04-13T00:00:00Z", "references": { "cvename": [ "CVE-2020-11810" ] }, "vid": "8604121c-7fc2-11ea-bcac-7781e90b0c8f" }, "details": "Lev Stipakov and Gert Doering report:\n\n> There is a time frame between allocating peer-id and initializing data\n> channel key (which is performed on receiving push request or on async\n> push-reply) in which the existing peer-id float checks do not work\n> right.\n>\n> If a \\\"rogue\\\" data channel packet arrives during that time frame from\n> another address and with same peer-id, this would cause client to\n> float to that new address.\n>\n> The net effect of this behaviour is that the VPN session for the\n> \\\"victim client\\\" is broken. Since the \\\"attacker client\\\" does not\n> have suitable keys, it can not inject or steal VPN traffic from the\n> other session. The time window is small and it can not be used to\n> attack a specific client\\'s session, unless some other way is found to\n> make it disconnect and reconnect first.\n", "id": "FreeBSD-2020-0074", "modified": "2020-04-16T00:00:00Z", "published": "2020-04-16T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://github.com/OpenVPN/openvpn/commit/f7b318f811bb43c0d3aa7f337ec6242ed2c33881" }, { "type": "WEB", "url": "https://github.com/OpenVPN/openvpn/commit/f7b318f811bb43c0d3aa7f337ec6242ed2c33881" }, { "type": "WEB", "url": "https://sourceforge.net/p/openvpn/openvpn/ci/f7b318f811bb43c0d3aa7f337ec6242ed2c33881/" }, { "type": "WEB", "url": "https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg19720.html" }, { "type": "WEB", "url": "https://community.openvpn.net/openvpn/ticket/1272" }, { "type": "WEB", "url": "https://patchwork.openvpn.net/patch/1077/" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-11810" } ], "schema_version": "1.7.0", "summary": "openvpn -- illegal client float can break VPN session for other users" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "mbedtls" }, "ranges": [ { "events": [ { "fixed": "2.16.6" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://tls.mbed.org/tech-updates/security-advisories/mbedtls-security-advisory-2020-04" ], "discovery": "2020-04-14T00:00:00Z", "references": { "cvename": [ "CVE-2020-10932" ] }, "vid": "bf1f47c4-7f1b-11ea-bf94-001cc0382b2f" }, "details": "Manuel P\u00e9gouri\u00e9-Gonnard reports:\n\n> An attacker with access to precise enough timing and memory access\n> information (typically an untrusted operating system attacking a\n> secure enclave such as SGX or the TrustZone secure world) can fully\n> recover an ECDSA private key after observing a number of signature\n> operations.\n", "id": "FreeBSD-2020-0073", "modified": "2020-04-15T00:00:00Z", "published": "2020-04-15T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://tls.mbed.org/tech-updates/security-advisories/mbedtls-security-advisory-2020-04" }, { "type": "WEB", "url": "https://tls.mbed.org/tech-updates/security-advisories/mbedtls-security-advisory-2020-04" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-10932" } ], "schema_version": "1.7.0", "summary": "Mbed TLS -- Side channel attack on ECDSA" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "gitlab-ce" }, "ranges": [ { "events": [ { "introduced": "12.9.0" }, { "fixed": "12.9.3" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "12.8.0" }, { "fixed": "12.8.9" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "0" }, { "fixed": "12.7.9" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://about.gitlab.com/releases/2020/04/14/critical-security-release-gitlab-12-dot-9-dot-3-released/" ], "discovery": "2020-04-14T00:00:00Z", "references": { "cvename": [ "CVE-2020-11505", "CVE-2020-11506", "CVE-2020-11649", "CVE-2020-16782" ] }, "vid": "570706ff-7ee0-11ea-bd0b-001b217b3468" }, "details": "Gitlab reports:\n\n> NuGet Package and File Disclosure through GitLab Workhorse\n>\n> Job Artifact Uploads and File Disclosure through GitLab Workhorse\n>\n> Incorrect membership following group removal\n>\n> Logging of Praefect tokens\n>\n> Update Rack dependency\n>\n> Update OpenSSL dependency\n", "id": "FreeBSD-2020-0072", "modified": "2020-04-15T00:00:00Z", "published": "2020-04-15T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://about.gitlab.com/releases/2020/04/14/critical-security-release-gitlab-12-dot-9-dot-3-released/" }, { "type": "WEB", "url": "https://about.gitlab.com/releases/2020/04/14/critical-security-release-gitlab-12-dot-9-dot-3-released/" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-11505" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-11506" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-11649" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-16782" } ], "schema_version": "1.7.0", "summary": "Gitlab -- Multiple Vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "zeek" }, "ranges": [ { "events": [ { "fixed": "3.0.4" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://raw.githubusercontent.com/zeek/zeek/e059d4ec2e689b3c8942f4aa08b272f24ed3f612/NEWS" ], "discovery": "2020-04-14T00:00:00Z", "vid": "f59c4c53-c55f-43fe-9920-82b9d1ea9c3d" }, "details": "Jon Siwek of Corelight reports:\n\n> This release fixes the following security issue:\n>\n> - An attacker can crash Zeek remotely via crafted packet sequence.\n", "id": "FreeBSD-2020-0071", "modified": "2020-04-14T00:00:00Z", "published": "2020-04-14T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://raw.githubusercontent.com/zeek/zeek/e059d4ec2e689b3c8942f4aa08b272f24ed3f612/NEWS" }, { "type": "WEB", "url": "https://raw.githubusercontent.com/zeek/zeek/e059d4ec2e689b3c8942f4aa08b272f24ed3f612/NEWS" } ], "schema_version": "1.7.0", "summary": "zeek -- Remote crash vulnerability" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "chromium" }, "ranges": [ { "events": [ { "fixed": "81.0.4044.92" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://chromereleases.googleblog.com/2020/04/stable-channel-update-for-desktop_7.html" ], "discovery": "2020-04-07T00:00:00Z", "references": { "cvename": [ "CVE-2020-6423", "CVE-2020-6430", "CVE-2020-6431", "CVE-2020-6432", "CVE-2020-6433", "CVE-2020-6434", "CVE-2020-6435", "CVE-2020-6436", "CVE-2020-6437", "CVE-2020-6438", "CVE-2020-6439", "CVE-2020-6440", "CVE-2020-6441", "CVE-2020-6442", "CVE-2020-6443", "CVE-2020-6444", "CVE-2020-6445", "CVE-2020-6446", "CVE-2020-6447", "CVE-2020-6448", "CVE-2020-6454", "CVE-2020-6455", "CVE-2020-6456" ] }, "vid": "6e3b700a-7ca3-11ea-b594-3065ec8fd3ec" }, "details": "Google Chrome Releases reports:\n\n> This updates includes 32 security fixes, including:\n>\n> - \\[1019161\\] High CVE-2020-6454: Use after free in extensions.\n> Reported by Leecraso and Guang Gong of Alpha Lab, Qihoo 360 on\n> 2019-10-29\n> - \\[1043446\\] High CVE-2020-6423: Use after free in audio. Reported by\n> Anonymous on 2020-01-18\n> - \\[1059669\\] High CVE-2020-6455: Out of bounds read in WebSQL.\n> Reported by Nan Wang(@eternalsakura13) and Guang Gong of Alpha Lab,\n> Qihoo 360 on 2020-03-09\n> - \\[1031479\\] Medium CVE-2020-6430: Type Confusion in V8. Reported by\n> Avihay Cohen @ SeraphicAlgorithms on 2019-12-06\n> - \\[1040755\\] Medium CVE-2020-6456: Insufficient validation of\n> untrusted input in clipboard. Reported by Micha\u0142 Bentkowski of\n> Securitum on 2020-01-10\n> - \\[852645\\] Medium CVE-2020-6431: Insufficient policy enforcement in\n> full screen. Reported by Luan Herrera (@lbherrera\\_) on 2018-06-14\n> - \\[965611\\] Medium CVE-2020-6432: Insufficient policy enforcement in\n> navigations. Reported by David Erceg on 2019-05-21\n> - \\[1043965\\] Medium CVE-2020-6433: Insufficient policy enforcement in\n> extensions. Reported by David Erceg on 2020-01-21\n> - \\[1048555\\] Medium CVE-2020-6434: Use after free in devtools.\n> Reported by HyungSeok Han (DaramG) of Theori on 2020-02-04\n> - \\[1032158\\] Medium CVE-2020-6435: Insufficient policy enforcement in\n> extensions. Reported by Sergei Glazunov of Google Project Zero on\n> 2019-12-09\n> - \\[1034519\\] Medium CVE-2020-6436: Use after free in window\n> management. Reported by Igor Bukanov from Vivaldi on 2019-12-16\n> - \\[639173\\] Low CVE-2020-6437: Inappropriate implementation in\n> WebView. Reported by Jann Horn on 2016-08-19\n> - \\[714617\\] Low CVE-2020-6438: Insufficient policy enforcement in\n> extensions. Reported by Ng Yik Phang on 2017-04-24\n> - \\[868145\\] Low CVE-2020-6439: Insufficient policy enforcement in\n> navigations. Reported by remkoboonstra on 2018-07-26\n> - \\[894477\\] Low CVE-2020-6440: Inappropriate implementation in\n> extensions. Reported by David Erceg on 2018-10-11\n> - \\[959571\\] Low CVE-2020-6441: Insufficient policy enforcement in\n> omnibox. Reported by David Erceg on 2019-05-04\n> - \\[1013906\\] Low CVE-2020-6442: Inappropriate implementation in\n> cache. Reported by B@rMey on 2019-10-12\n> - \\[1040080\\] Low CVE-2020-6443: Insufficient data validation in\n> developer tools. Reported by \\@lovasoa (Ophir LOJKINE) on 2020-01-08\n> - \\[922882\\] Low CVE-2020-6444: Uninitialized Use in WebRTC. Reported\n> by mlfbrown on 2019-01-17\n> - \\[933171\\] Low CVE-2020-6445: Insufficient policy enforcement in\n> trusted types. Reported by Jun Kokatsu, Microsoft Browser\n> Vulnerability Research on 2019-02-18\n> - \\[933172\\] Low CVE-2020-6446: Insufficient policy enforcement in\n> trusted types. Reported by Jun Kokatsu, Microsoft Browser\n> Vulnerability Research on 2019-02-18\n> - \\[991217\\] Low CVE-2020-6447: Inappropriate implementation in\n> developer tools. Reported by David Erceg on 2019-08-06\n> - \\[1037872\\] Low CVE-2020-6448: Use after free in V8. Reported by\n> Guang Gong of Alpha Lab, Qihoo 360 on 2019-12-26\n", "id": "FreeBSD-2020-0070", "modified": "2020-04-12T00:00:00Z", "published": "2020-04-12T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://chromereleases.googleblog.com/2020/04/stable-channel-update-for-desktop_7.html" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-6423" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-6430" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-6431" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-6432" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-6433" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-6434" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-6435" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-6436" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-6437" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-6438" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-6439" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-6440" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-6441" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-6442" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-6443" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-6444" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-6445" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-6446" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-6447" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-6448" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-6454" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-6455" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-6456" }, { "type": "WEB", "url": "https://chromereleases.googleblog.com/2020/04/stable-channel-update-for-desktop_7.html" } ], "schema_version": "1.7.0", "summary": "chromium -- multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "chromium" }, "ranges": [ { "events": [ { "fixed": "80.0.3987.162" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://chromereleases.googleblog.com/2020/03/stable-channel-update-for-desktop_31.html" ], "discovery": "2020-03-31T00:00:00Z", "references": { "cvename": [ "CVE-2020-6450", "CVE-2020-6451", "CVE-2020-6452" ] }, "vid": "9cb57a06-7517-11ea-b594-3065ec8fd3ec" }, "details": "Google Chrome Releases reports:\n\n> This update contains 8 security fixes.\n>\n> - \\[1062247\\] High CVE-2020-6450: Use after free in WebAudio. Reported\n> by Man Yue Mo of Semmle Security Research Team on 2020-03-17\n> - \\[1061018\\] High CVE-2020-6451: Use after free in WebAudio. Reported\n> by Man Yue Mo of Semmle Security Research Team on 2020-03-12\n> - \\[1059764\\] High CVE-2020-6452: Heap buffer overflow in media\n> Reported by asnine on 2020-03-09\n> - \\[1066247\\] Various fixes from internal audits, fuzzing and other\n> initiatives.\n", "id": "FreeBSD-2020-0069", "modified": "2020-04-02T00:00:00Z", "published": "2020-04-02T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://chromereleases.googleblog.com/2020/03/stable-channel-update-for-desktop_31.html" }, { "type": "WEB", "url": "https://chromereleases.googleblog.com/2020/03/stable-channel-update-for-desktop_31.html" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-6450" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-6451" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-6452" } ], "schema_version": "1.7.0", "summary": "chromium -- multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "haproxy" }, "ranges": [ { "events": [ { "introduced": "2.0.0" }, { "fixed": "2.0.14" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "haproxy18" }, "ranges": [ { "events": [ { "introduced": "1.8.0" }, { "fixed": "1.8.25" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "haproxy19" }, "ranges": [ { "events": [ { "introduced": "1.9.0" }, { "fixed": "1.9.15" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "haproxy21" }, "ranges": [ { "events": [ { "introduced": "2.1.0" }, { "fixed": "2.1.4" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://www.mail-archive.com/haproxy@formilux.org/msg36876.html" ], "discovery": "2020-04-02T00:00:00Z", "references": { "cvename": [ "CVE-2020-11100" ] }, "vid": "7f829d44-7509-11ea-b47c-589cfc0f81b0" }, "details": "The HAproxy Project reports:\n\n> The main driver for this release is that it contains a fix for a\n> serious vulnerability that was responsibly reported last week by Felix\n> Wilhelm from Google Project Zero, affecting the HPACK decoder used for\n> HTTP/2. CVE-2020-11100 was assigned to this issue.\n", "id": "FreeBSD-2020-0068", "modified": "2020-04-02T00:00:00Z", "published": "2020-04-02T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://www.mail-archive.com/haproxy@formilux.org/msg36876.html" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-11100" }, { "type": "WEB", "url": "https://www.mail-archive.com/haproxy@formilux.org/msg36876.html" }, { "type": "WEB", "url": "https://www.mail-archive.com/haproxy@formilux.org/msg36877.html" }, { "type": "WEB", "url": "https://www.mail-archive.com/haproxy@formilux.org/msg36878.html" }, { "type": "WEB", "url": "https://www.mail-archive.com/haproxy@formilux.org/msg36879.html" } ], "schema_version": "1.7.0", "summary": "HAproxy -- serious vulnerability affecting the HPACK decoder used for HTTP/2" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "apache24" }, "ranges": [ { "events": [ { "fixed": "2.4.43" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://downloads.apache.org/httpd/CHANGES_2.4.43" ], "discovery": "2020-04-01T00:00:00Z", "references": { "cvename": [ "CVE-2020-1934", "CVE-2020-1927" ] }, "vid": "b360b120-74b1-11ea-a84a-4c72b94353b5" }, "details": "Apache Team reports:\n\n> # SECURITY: CVE-2020-1934\n>\n> mod_proxy_ftp: Use of uninitialized value with malicious backend FTP\n> server.\n>\n> # SECURITY: CVE-2020-1927\n>\n> rewrite, core: Set PCRE_DOTALL flag by default to avoid unpredictable\n> matches and substitutions with encoded line break characters. The fix\n> for CVE-2019-10098 was not effective.\n", "id": "FreeBSD-2020-0067", "modified": "2020-04-02T00:00:00Z", "published": "2020-04-02T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://downloads.apache.org/httpd/CHANGES_2.4.43" }, { "type": "WEB", "url": "https://downloads.apache.org/httpd/CHANGES_2.4.43" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-1934" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-1927" } ], "schema_version": "1.7.0", "summary": "Apache -- Multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "cacti" }, "ranges": [ { "events": [ { "fixed": "1.2.10" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://github.com/Cacti/cacti/releases/tag/release%2F1.2.10" ], "discovery": "2020-02-04T00:00:00Z", "references": { "cvename": [ "CVE-2020-8813", "CVE-2020-7106", "CVE-2020-7237" ], "freebsdpr": [ "ports/245198" ] }, "vid": "e2b564fc-7462-11ea-af63-38d547003487" }, "details": "The Cacti developers reports:\n\n> When guest users have access to realtime graphs, remote code could be\n> executed (CVE-2020-8813).\n>\n> Lack of escaping on some pages can lead to XSS exposure\n> (CVE-2020-7106).\n>\n> Remote Code Execution due to input validation failure in Performance\n> Boost Debug Log (CVE-2020-7237).\n", "id": "FreeBSD-2020-0066", "modified": "2020-04-02T00:00:00Z", "published": "2020-04-02T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://github.com/Cacti/cacti/releases/tag/release%2F1.2.10" }, { "type": "WEB", "url": "https://github.com/Cacti/cacti/releases/tag/release%2F1.2.10" }, { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-8813" }, { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-7106" }, { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-7237" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-8813" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-7106" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-7237" }, { "type": "REPORT", "url": "https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=245198" } ], "schema_version": "1.7.0", "summary": "cacti -- multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "gnutls" }, "ranges": [ { "events": [ { "fixed": "3.6.13" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://gnutls.org/security-new.html#GNUTLS-SA-2020-03-31" ], "discovery": "2020-03-31T00:00:00Z", "references": { "cvename": [ "CVE-2020-11501" ] }, "vid": "d887b3d9-7366-11ea-b81a-001cc0382b2f" }, "details": "The GnuTLS project reports:\n\n> It was found that GnuTLS 3.6.3 introduced a regression in the DTLS\n> protocol implementation. This caused the DTLS client to not contribute\n> any randomness to the DTLS negotiation breaking the security\n> guarantees of the DTLS protocol.\n", "id": "FreeBSD-2020-0065", "modified": "2020-03-31T00:00:00Z", "published": "2020-03-31T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://gnutls.org/security-new.html#GNUTLS-SA-2020-03-31" }, { "type": "WEB", "url": "https://gnutls.org/security-new.html#GNUTLS-SA-2020-03-31" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-11501" } ], "schema_version": "1.7.0", "summary": "GnuTLS -- flaw in DTLS protocol implementation" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "postgresql12-server" }, "ranges": [ { "events": [ { "fixed": "12.2" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "postgresql11-server" }, "ranges": [ { "events": [ { "fixed": "11.7" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "postgresql10-server" }, "ranges": [ { "events": [ { "fixed": "10.12" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "postgresql96-server" }, "ranges": [ { "events": [ { "fixed": "9.6.17" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://www.postgresql.org/about/news/2011/" ], "discovery": "2020-02-13T00:00:00Z", "references": { "cvename": [ "CVE-2020-1720" ] }, "vid": "d331f691-71f4-11ea-8bb5-6cc21735f730" }, "details": "The PostgreSQL project reports:\n\n> Versions Affected: 9.6 - 12\n>\n> The ALTER \\... DEPENDS ON EXTENSION sub-commands do not perform\n> authorization checks, which can allow an unprivileged user to drop any\n> function, procedure, materialized view, index, or trigger under\n> certain conditions. This attack is possible if an administrator has\n> installed an extension and an unprivileged user can CREATE, or an\n> extension owner either executes DROP EXTENSION predictably or can be\n> convinced to execute DROP EXTENSION.\n", "id": "FreeBSD-2020-0064", "modified": "2020-03-29T00:00:00Z", "published": "2020-03-29T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://www.postgresql.org/about/news/2011/" }, { "type": "WEB", "url": "https://www.postgresql.org/about/news/1960/" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-1720" } ], "schema_version": "1.7.0", "summary": "PostgresSQL -- ALTER ... DEPENDS ON EXTENSION is missing authorization checks" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "mediawiki131" }, "ranges": [ { "events": [ { "fixed": "1.31.7" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "mediawiki133" }, "ranges": [ { "events": [ { "fixed": "1.33.3" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "mediawiki134" }, "ranges": [ { "events": [ { "fixed": "1.34.1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://lists.wikimedia.org/pipermail/mediawiki-announce/2020-March/000247.html" ], "discovery": "2020-03-02T00:00:00Z", "vid": "090763f6-7030-11ea-93dd-080027846a02" }, "details": "Mediawiki reports:\n\n> Security fixes: T246602:jquery.makeCollapsible allows applying event\n> handler to any CSS selector.\n", "id": "FreeBSD-2020-0063", "modified": "2020-03-27T00:00:00Z", "published": "2020-03-27T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://lists.wikimedia.org/pipermail/mediawiki-announce/2020-March/000247.html" }, { "type": "WEB", "url": "https://lists.wikimedia.org/pipermail/mediawiki-announce/2020-March/000247.html" } ], "schema_version": "1.7.0", "summary": "mediawiki -- multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "gitlab-ce" }, "ranges": [ { "events": [ { "introduced": "12.9.0" }, { "fixed": "12.9.1" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "12.8.0" }, { "fixed": "12.8.8" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "0" }, { "fixed": "12.7.8" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://about.gitlab.com/releases/2020/03/26/security-release-12-dot-9-dot-1-released/" ], "discovery": "2020-03-26T00:00:00Z", "references": { "cvename": [ "CVE-2020-10953", "CVE-2020-10956", "CVE-2020-10954", "CVE-2020-10952", "CVE-2020-10955", "CVE-2020-9795" ] }, "vid": "08fba28b-6f9f-11ea-bd0b-001b217b3468" }, "details": "Gitlab reports:\n\n> Arbitrary File Read when Moving an Issue\n>\n> Path Traversal in NPM Package Registry\n>\n> SSRF on Project Import\n>\n> External Users Can Create Personal Snippet\n>\n> Triggers Decription Can be Updated by Other Maintainers in Project\n>\n> Information Disclosure on Confidential Issues Moved to Private\n> Programs\n>\n> Potential DoS in Repository Archive Download\n>\n> Blocked Users Can Still Pull/Push Docker Images\n>\n> Repository Mirroring not Disabled when Feature not Activated\n>\n> Vulnerability Feedback Page Was Leaking Information on Vulnerabilities\n>\n> Stored XSS Vulnerability in Admin Feature\n>\n> Upload Feature Allowed a User to Read Unauthorized Exported Files\n>\n> Unauthorized Users Are Able to See CI Metrics\n>\n> Last Pipeline Status of a Merge Request Leaked\n>\n> Blind SSRF on FogBugz\n>\n> Update Nokogiri dependency\n", "id": "FreeBSD-2020-0062", "modified": "2020-03-26T00:00:00Z", "published": "2020-03-26T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://about.gitlab.com/releases/2020/03/26/security-release-12-dot-9-dot-1-released/" }, { "type": "WEB", "url": "https://about.gitlab.com/releases/2020/03/26/security-release-12-dot-9-dot-1-released/" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-10953" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-10956" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-10954" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-10952" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-10955" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-9795" } ], "schema_version": "1.7.0", "summary": "Gitlab -- Multiple Vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "rubygem-json" }, "ranges": [ { "events": [ { "fixed": "2.3.0" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://www.ruby-lang.org/en/news/2020/03/19/json-dos-cve-2020-10663/" ], "discovery": "2020-03-19T00:00:00Z", "references": { "cvename": [ "CVE-2020-10663" ] }, "vid": "40194e1c-6d89-11ea-8082-80ee73419af3" }, "details": "> When parsing certain JSON documents, the json gem (including the one\n> bundled with Ruby) can be coerced into creating arbitrary objects in\n> the target system.\n>\n> This is the same issue as CVE-2013-0269. The previous fix was\n> incomplete, which addressed JSON.parse(user_input), but didn't address\n> some other styles of JSON parsing including JSON(user_input) and\n> JSON.parse(user_input, nil).\n>\n> See CVE-2013-0269 in detail. Note that the issue was exploitable to\n> cause a Denial of Service by creating many garbage-uncollectable\n> Symbol objects, but this kind of attack is no longer valid because\n> Symbol objects are now garbage-collectable. However, creating\n> arbitrary bjects may cause severe security consequences depending upon\n> the application code.\n>\n> Please update the json gem to version 2.3.0 or later. You can use gem\n> update json to update it. If you are using bundler, please add gem\n> \\\"json\\\", \\\"\\>= 2.3.0\\\" to your Gemfile.\n", "id": "FreeBSD-2020-0061", "modified": "2020-04-02T00:00:00Z", "published": "2020-03-26T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://www.ruby-lang.org/en/news/2020/03/19/json-dos-cve-2020-10663/" }, { "type": "WEB", "url": "https://www.ruby-lang.org/en/news/2020/03/19/json-dos-cve-2020-10663/" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-10663" } ], "schema_version": "1.7.0", "summary": "rubygem-json -- Unsafe Objection Creation Vulnerability in JSON (Additional fix)" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "jenkins" }, "ranges": [ { "events": [ { "last_affected": "2.227" }, { "fixed": "2.227" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "jenkins-lts" }, "ranges": [ { "events": [ { "last_affected": "2.204.5" }, { "fixed": "2.204.5" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://jenkins.io/security/advisory/2020-03-25/" ], "discovery": "2020-03-25T00:00:00Z", "references": { "cvename": [ "CVE-2020-2160", "CVE-2020-2161", "CVE-2020-2162", "CVE-2020-2163" ] }, "vid": "5bf6ed6d-9002-4f43-ad63-458f59e45384" }, "details": "Jenkins Security Advisory:\n\n> # Description\n>\n> ##### (High) SECURITY-1774 / CVE-2020-2160\n>\n> CSRF protection for any URL could be bypassed\n>\n> ##### (Medium) SECURITY-1781 / CVE-2020-2161\n>\n> Stored XSS vulnerability in label expression validation\n>\n> ##### (Medium) SECURITY-1793 / CVE-2020-2162\n>\n> Stored XSS vulnerability in file parameters\n>\n> ##### (Medium) SECURITY-1796 / CVE-2020-2163\n>\n> Stored XSS vulnerability in list view column headers\n", "id": "FreeBSD-2020-0060", "modified": "2020-03-25T00:00:00Z", "published": "2020-03-25T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://jenkins.io/security/advisory/2020-03-25/" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-2160" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-2161" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-2162" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-2163" }, { "type": "WEB", "url": "https://jenkins.io/security/advisory/2020-03-25/" } ], "schema_version": "1.7.0", "summary": "jenkins -- multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "phpMyAdmin" }, "ranges": [ { "events": [ { "fixed": "4.9.5" }, { "introduced": "0" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "5.0" }, { "fixed": "5.0.2" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "phpMyAdmin-php72" }, "ranges": [ { "events": [ { "fixed": "4.9.5" }, { "introduced": "0" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "5.0" }, { "fixed": "5.0.2" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "phpMyAdmin-php73" }, "ranges": [ { "events": [ { "fixed": "4.9.5" }, { "introduced": "0" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "5.0" }, { "fixed": "5.0.2" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "phpMyAdmin-php74" }, "ranges": [ { "events": [ { "fixed": "4.9.5" }, { "introduced": "0" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "5.0" }, { "fixed": "5.0.2" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "phpMyAdmin5" }, "ranges": [ { "events": [ { "fixed": "4.9.5" }, { "introduced": "0" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "5.0" }, { "fixed": "5.0.2" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "phpMyAdmin5-php72" }, "ranges": [ { "events": [ { "fixed": "4.9.5" }, { "introduced": "0" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "5.0" }, { "fixed": "5.0.2" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "phpMyAdmin5-php73" }, "ranges": [ { "events": [ { "fixed": "4.9.5" }, { "introduced": "0" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "5.0" }, { "fixed": "5.0.2" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "phpMyAdmin5-php74" }, "ranges": [ { "events": [ { "fixed": "4.9.5" }, { "introduced": "0" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "5.0" }, { "fixed": "5.0.2" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://www.phpmyadmin.net/news/2020/3/21/phpmyadmin-495-and-502-are-released/" ], "discovery": "2020-03-21T00:00:00Z", "vid": "97fcc60a-6ec0-11ea-a84a-4c72b94353b5" }, "details": "phpMyAdmin Team reports:\n\n> PMASA-2020-2 SQL injection vulnerability in the user accounts page,\n> particularly when changing a password\n>\n> PMASA-2020-3 SQL injection vulnerability relating to the search\n> feature\n>\n> PMASA-2020-4 SQL injection and XSS having to do with displaying\n> results\n>\n> Removing of the \\\"options\\\" field for the external transformation\n", "id": "FreeBSD-2020-0059", "modified": "2020-03-25T00:00:00Z", "published": "2020-03-25T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://www.phpmyadmin.net/news/2020/3/21/phpmyadmin-495-and-502-are-released/" }, { "type": "WEB", "url": "https://www.phpmyadmin.net/news/2020/3/21/phpmyadmin-495-and-502-are-released/" } ], "schema_version": "1.7.0", "summary": "phpMyAdmin -- SQL injection" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "puppetdb5" }, "ranges": [ { "events": [ { "fixed": "5.2.13" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "puppetdb6" }, "ranges": [ { "events": [ { "fixed": "6.9.1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "puppetserver5" }, "ranges": [ { "events": [ { "fixed": "5.3.12" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "puppetserver6" }, "ranges": [ { "events": [ { "fixed": "6.9.2" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://puppet.com/security/cve/CVE-2020-7943/" ], "discovery": "2020-03-10T00:00:00Z", "references": { "cvename": [ "CVE-2020-7943" ] }, "vid": "36def7ba-6d2b-11ea-b115-643150d3111d" }, "details": "Puppetlabs reports:\n\n> Puppet Server and PuppetDB provide useful performance and debugging\n> information via their metrics API endpoints. For PuppetDB this may\n> contain things like hostnames. Puppet Server reports resource names\n> and titles for defined types (which may contain sensitive information)\n> as well as function names and class names. Previously, these endpoints\n> were open to the local network.\n>\n> PE 2018.1.13 & 2019.4.0, Puppet Server 6.9.1 & 5.3.12, and PuppetDB\n> 6.9.1 & 5.2.13 disable trapperkeeper-metrics /v1 metrics API and only\n> allows /v2 access on localhost by default.\n", "id": "FreeBSD-2020-0058", "modified": "2020-03-23T00:00:00Z", "published": "2020-03-23T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://puppet.com/security/cve/CVE-2020-7943/" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-7943" }, { "type": "WEB", "url": "https://puppet.com/security/cve/CVE-2020-7943/" } ], "schema_version": "1.7.0", "summary": "puppetserver and puppetdb -- Puppet Server and PuppetDB may leak sensitive information via metrics API" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "puppet6" }, "ranges": [ { "events": [ { "fixed": "6.13.0" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://puppet.com/security/cve/CVE-2020-7942/" ], "discovery": "2020-02-18T00:00:00Z", "references": { "cvename": [ "CVE-2020-7942" ] }, "vid": "77687355-52aa-11ea-b115-643150d3111d" }, "details": "Puppetlabs reports:\n\n> Previously, Puppet operated on a model that a node with a valid\n> certificate was entitled to all information in the system and that a\n> compromised certificate allowed access to everything in the\n> infrastructure. When a node\\'s catalog falls back to the \\`default\\`\n> node, the catalog can be retrieved for a different node by modifying\n> facts for the Puppet run. This issue can be mitigated by setting\n> \\`strict_hostname_checking = true\\` in \\`puppet.conf\\` on your Puppet\n> master.\n>\n> Puppet 6.13.0 changes the default behavior for\n> strict_hostname_checking from false to true. It is recommended that\n> Puppet Open Source and Puppet Enterprise users that are not upgrading\n> still set strict_hostname_checking to true to ensure secure behavior.\n", "id": "FreeBSD-2020-0057", "modified": "2020-03-23T00:00:00Z", "published": "2020-03-23T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://puppet.com/security/cve/CVE-2020-7942/" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-7942" }, { "type": "WEB", "url": "https://puppet.com/security/cve/CVE-2020-7942/" } ], "schema_version": "1.7.0", "summary": "puppet6 -- Arbitrary Catalog Retrieval" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:kernel", "name": "FreeBSD-kernel" }, "ranges": [ { "events": [ { "introduced": "12.1" }, { "fixed": "12.1_3" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "11.3" }, { "fixed": "11.3_7" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "discovery": "2020-03-19T00:00:00Z", "references": { "cvename": [ "CVE-2020-7453" ], "freebsdsa": [ "SA-20:08.jail" ] }, "vid": "6b90acba-6a0a-11ea-92ab-00163e433440" }, "details": "# Problem Description:\n\nA missing NUL-termination check for the jail_set(2) configration option\n\\\"osrelease\\\" may return more bytes when reading the jail configuration\nback with jail_get(2) than were originally set.\n\n# Impact:\n\nFor jails with a non-default setting of children.max \\> 0 (\\\"nested\njails\\\") a superuser inside a jail can create a jail and may be able to\nread and take advantage of exposed kernel memory.\n", "id": "FreeBSD-2020-0056", "modified": "2020-03-19T00:00:00Z", "published": "2020-03-19T00:00:00Z", "references": [ { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-7453" }, { "type": "ADVISORY", "url": "https://www.freebsd.org/security/advisories/FreeBSD-SA-20:08.jail.asc" } ], "schema_version": "1.7.0", "summary": "FreeBSD -- Kernel memory disclosure with nested jails" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:kernel", "name": "FreeBSD-kernel" }, "ranges": [ { "events": [ { "introduced": "12.1" }, { "fixed": "12.1_3" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "11.3" }, { "fixed": "11.3_7" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "discovery": "2020-03-19T00:00:00Z", "references": { "cvename": [ "CVE-2020-7452" ], "freebsdsa": [ "SA-20:07.epair" ] }, "vid": "0cc7e547-6a0a-11ea-92ab-00163e433440" }, "details": "# Problem Description:\n\nIncorrect use of a potentially user-controlled pointer in the kernel\nallowed vnet jailed users to panic the system and potentially execute\naribitrary code in the kernel.\n\n# Impact:\n\nUsers with root level access (or the PRIV_NET_IFCREATE privilege) can\npanic the system, or potentially escape the jail or execute arbitrary\ncode with kernel priviliges.\n", "id": "FreeBSD-2020-0055", "modified": "2020-03-19T00:00:00Z", "published": "2020-03-19T00:00:00Z", "references": [ { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-7452" }, { "type": "ADVISORY", "url": "https://www.freebsd.org/security/advisories/FreeBSD-SA-20:07.epair.asc" } ], "schema_version": "1.7.0", "summary": "FreeBSD -- Incorrect user-controlled pointer use in epair" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:kernel", "name": "FreeBSD-kernel" }, "ranges": [ { "events": [ { "introduced": "12.1" }, { "fixed": "12.1_3" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "discovery": "2020-03-19T00:00:00Z", "references": { "cvename": [ "CVE-2019-15877" ], "freebsdsa": [ "SA-20:06.if_ixl_ioctl" ] }, "vid": "b2b83761-6a09-11ea-92ab-00163e433440" }, "details": "# Problem Description:\n\nThe driver-specific ioctl(2) command handlers in ixl(4) failed to check\nwhether the caller has sufficient privileges to perform the\ncorresponding operation.\n\n# Impact:\n\nThe ixl(4) handler permits unprivileged users to trigger updates to the\ndevice\\'s non-volatile memory (NVM).\n", "id": "FreeBSD-2020-0054", "modified": "2020-03-19T00:00:00Z", "published": "2020-03-19T00:00:00Z", "references": [ { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-15877" }, { "type": "ADVISORY", "url": "https://www.freebsd.org/security/advisories/FreeBSD-SA-20:06.if_ixl_ioctl.asc" } ], "schema_version": "1.7.0", "summary": "FreeBSD -- Insufficient ixl(4) ioctl(2) privilege checking" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:kernel", "name": "FreeBSD-kernel" }, "ranges": [ { "events": [ { "introduced": "12.1" }, { "fixed": "12.1_3" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "11.3" }, { "fixed": "11.3_7" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "discovery": "2020-03-19T00:00:00Z", "references": { "cvename": [ "CVE-2019-15876" ], "freebsdsa": [ "SA-20:05.if_oce_ioctl" ] }, "vid": "3c10ccdf-6a09-11ea-92ab-00163e433440" }, "details": "# Problem Description:\n\nThe driver-specific ioctl(2) command handlers in oce(4) failed to check\nwhether the caller has sufficient privileges to perform the\ncorresponding operation.\n\n# Impact:\n\nThe oce(4) handler permits unprivileged users to send passthrough\ncommands to device firmware.\n", "id": "FreeBSD-2020-0053", "modified": "2020-03-19T00:00:00Z", "published": "2020-03-19T00:00:00Z", "references": [ { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-15876" }, { "type": "ADVISORY", "url": "https://www.freebsd.org/security/advisories/FreeBSD-SA-20:05.if_oce_ioctl.asc" } ], "schema_version": "1.7.0", "summary": "FreeBSD -- Insufficient oce(4) ioctl(2) privilege checking" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:kernel", "name": "FreeBSD-kernel" }, "ranges": [ { "events": [ { "introduced": "12.1" }, { "fixed": "12.1_3" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "11.3" }, { "fixed": "11.3_7" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "discovery": "2020-03-19T00:00:00Z", "references": { "cvename": [ "CVE-2020-7451" ], "freebsdsa": [ "SA-20:04.tcp" ] }, "vid": "0e06013e-6a06-11ea-92ab-00163e433440" }, "details": "# Problem Description:\n\nWhen a TCP server transmits or retransmits a TCP SYN-ACK segment over\nIPv6, the Traffic Class field is not initialized. This also applies to\nchallenge ACK segments, which are sent in response to received RST\nsegments during the TCP connection setup phase.\n\n# Impact:\n\nFor each TCP SYN-ACK (or challenge TCP-ACK) segment sent over IPv6, one\nbyte of kernel memory is transmitted over the network.\n", "id": "FreeBSD-2020-0052", "modified": "2020-03-19T00:00:00Z", "published": "2020-03-19T00:00:00Z", "references": [ { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-7451" }, { "type": "ADVISORY", "url": "https://www.freebsd.org/security/advisories/FreeBSD-SA-20:04.tcp.asc" } ], "schema_version": "1.7.0", "summary": "FreeBSD -- TCP IPv6 SYN cache kernel information disclosure" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "py27-bleach" }, "ranges": [ { "events": [ { "fixed": "3.1.2" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "py35-bleach" }, "ranges": [ { "events": [ { "fixed": "3.1.2" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "py36-bleach" }, "ranges": [ { "events": [ { "fixed": "3.1.2" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "py37-bleach" }, "ranges": [ { "events": [ { "fixed": "3.1.2" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "py38-bleach" }, "ranges": [ { "events": [ { "fixed": "3.1.2" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "discovery": "2020-02-13T00:00:00Z", "vid": "3d19c776-68e7-11ea-91db-0050562a4d7b" }, "details": "> \\* \\`\\`bleach.clean\\`\\` behavior parsing embedded MathML and SVG\n> content with RCDATA tags did not match browser behavior and could\n> result in a mutation XSS.\n>\n> Calls to \\`\\`bleach.clean\\`\\` with \\`\\`strip=False\\`\\` and\n> \\`\\`math\\`\\` or \\`\\`svg\\`\\` tags and one or more of the RCDATA tags\n> \\`\\`script\\`\\`, \\`\\`noscript\\`\\`, \\`\\`style\\`\\`, \\`\\`noframes\\`\\`,\n> \\`\\`iframe\\`\\`, \\`\\`noembed\\`\\`, or \\`\\`xmp\\`\\` in the allowed tags\n> whitelist were vulnerable to a mutation XSS.\n>\n> \\* \\`\\`bleach.clean\\`\\` behavior parsing \\`\\`noscript\\`\\` tags did not\n> match browser behavior.\n>\n> Calls to \\`\\`bleach.clean\\`\\` allowing \\`\\`noscript\\`\\` and one or\n> more of the raw text tags (\\`\\`title\\`\\`, \\`\\`textarea\\`\\`,\n> \\`\\`script\\`\\`, \\`\\`style\\`\\`, \\`\\`noembed\\`\\`, \\`\\`noframes\\`\\`,\n> \\`\\`iframe\\`\\`, and \\`\\`xmp\\`\\`) were vulnerable to a mutation XSS.\n", "id": "FreeBSD-2020-0051", "modified": "2020-03-18T00:00:00Z", "published": "2020-03-18T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1615315" }, { "type": "REPORT", "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1621692" } ], "schema_version": "1.7.0", "summary": "www/py-bleach -- multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "zeek" }, "ranges": [ { "events": [ { "fixed": "3.0.3" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://raw.githubusercontent.com/zeek/zeek/9dda3602a760f00d9532c6314ea79108106033fa/NEWS" ], "discovery": "2020-02-25T00:00:00Z", "vid": "4ae135f7-85cd-4c32-ad94-358271b31f7f" }, "details": "Jon Siwek of Corelight reports:\n\n> This release addresses the following security issues:\n>\n> - Potential Denial of Service due to memory leak in DNS TSIG message\n> parsing.\n> - Potential Denial of Service due to memory leak (or assertion when\n> compiling with assertions enabled) when receiving a second SSH KEX\n> message after a first.\n> - Potential Denial of Service due to buffer read overflow and/or\n> memory leaks in Kerberos analyzer. The buffer read overflow could\n> occur when the Kerberos message indicates it contains an IPv6\n> address, but does not send enough data to parse out a full IPv6\n> address. A memory leak could occur when processing KRB_KDC_REQ\n> KRB_KDC_REP messages for message types that do not match a\n> known/expected type.\n> - Potential Denial of Service when sending many zero-length SSL/TLS\n> certificate data. Such messages underwent the full Zeek file\n> analysis treatment which is expensive (and meaninguless here)\n> compared to how cheaply one can \\\"create\\\" or otherwise indicate\n> many zero-length contained in an SSL message.\n> - Potential Denial of Service due to buffer read overflow in SMB\n> transaction data string handling. The length of strings being parsed\n> from SMB messages was trusted to be whatever the message claimed\n> instead of the actual length of data found in the message.\n> - Potential Denial of Service due to null pointer dereference in FTP\n> ADAT Base64 decoding.\n> - Potential Denial of Service due buffer read overflow in FTP analyzer\n> word/whitespace handling. This typically won\\'t be a problem in most\n> default deployments of Zeek since the FTP analyzer receives data\n> from a ContentLine (NVT) support analyzer which first\n> null-terminates the buffer used for further FTP parsing.\n", "id": "FreeBSD-2020-0050", "modified": "2020-03-15T00:00:00Z", "published": "2020-03-15T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://raw.githubusercontent.com/zeek/zeek/9dda3602a760f00d9532c6314ea79108106033fa/NEWS" }, { "type": "WEB", "url": "https://github.com/zeek/zeek/blob/9dda3602a760f00d9532c6314ea79108106033fa/NEWS" } ], "schema_version": "1.7.0", "summary": "zeek -- potential denial of service issues" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "okular" }, "ranges": [ { "events": [ { "fixed": "19.12.3_3" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://kde.org/info/security/advisory-20200312-1.txt" ], "discovery": "2020-03-12T00:00:00Z", "vid": "c3600a64-64ea-11ea-bdff-e0d55e2a8bf9" }, "details": "Albert Astals Cid:\n\n> Okular can be tricked into executing local binaries via specially\n> crafted PDF files.\n>\n> This binary execution can require almost no user interaction.\n>\n> No parameters can be passed to those local binaries.\n>\n> We have not been able to identify any binary that will cause actual\n> damage, be it in the hardware or software level, when run without\n> parameters.\n>\n> We remain relatively confident that for this issue to do any actual\n> damage, it has to run a binary specially crafted. That binary must\n> have been deployed to the user system via another method, be it the\n> user downloading it directly as an email attachment, webpage download,\n> etc. or by the system being already compromised.\n", "id": "FreeBSD-2020-0049", "modified": "2020-03-13T00:00:00Z", "published": "2020-03-13T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://kde.org/info/security/advisory-20200312-1.txt" }, { "type": "WEB", "url": "https://kde.org/info/security/advisory-20200312-1.txt" } ], "schema_version": "1.7.0", "summary": "Okular -- Local binary execution via action links" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "gitlab-ce" }, "ranges": [ { "events": [ { "introduced": "12.8.0" }, { "fixed": "12.8.6" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://about.gitlab.com/releases/2020/03/11/critical-security-release-gitlab-12-dot-8-dot-6-released/" ], "discovery": "2020-03-11T00:00:00Z", "vid": "9a09eaa2-6448-11ea-abb7-001b217b3468" }, "details": "Gitlab reports:\n\n> Email Confirmation not Required on Sign-up\n", "id": "FreeBSD-2020-0048", "modified": "2020-03-12T00:00:00Z", "published": "2020-03-12T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://about.gitlab.com/releases/2020/03/11/critical-security-release-gitlab-12-dot-8-dot-6-released/" }, { "type": "WEB", "url": "https://about.gitlab.com/releases/2020/03/11/critical-security-release-gitlab-12-dot-8-dot-6-released/" } ], "schema_version": "1.7.0", "summary": "Gitlab -- Vulnerability" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "py27-django111" }, "ranges": [ { "events": [ { "fixed": "1.11.29" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "py35-django111" }, "ranges": [ { "events": [ { "fixed": "1.11.29" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "py36-django111" }, "ranges": [ { "events": [ { "fixed": "1.11.29" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "py37-django111" }, "ranges": [ { "events": [ { "fixed": "1.11.29" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "py38-django111" }, "ranges": [ { "events": [ { "fixed": "1.11.29" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "py35-django22" }, "ranges": [ { "events": [ { "fixed": "2.2.11" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "py36-django22" }, "ranges": [ { "events": [ { "fixed": "2.2.11" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "py37-django22" }, "ranges": [ { "events": [ { "fixed": "2.2.11" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "py38-django22" }, "ranges": [ { "events": [ { "fixed": "2.2.11" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "py36-django30" }, "ranges": [ { "events": [ { "fixed": "3.0.4" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "py37-django30" }, "ranges": [ { "events": [ { "fixed": "3.0.4" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "py38-django30" }, "ranges": [ { "events": [ { "fixed": "3.0.4" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-9402" ], "discovery": "2020-02-25T00:00:00Z", "references": { "cvename": [ "CVE-2020-9402" ] }, "vid": "1685144e-63ff-11ea-a93a-080027846a02" }, "details": "MITRE CVE reports:\n\n> Django 1.11 before 1.11.29, 2.2 before 2.2.11, and 3.0 before 3.0.4\n> allows SQL Injection if untrusted data is used as a tolerance\n> parameter in GIS functions and aggregates on Oracle. By passing a\n> suitably crafted tolerance to GIS functions and aggregates on Oracle,\n> it was possible to break escaping and inject malicious SQL.\n", "id": "FreeBSD-2020-0047", "modified": "2020-03-12T00:00:00Z", "published": "2020-03-12T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-9402" }, { "type": "ADVISORY", "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-9402" }, { "type": "WEB", "url": "https://www.djangoproject.com/weblog/2020/mar/04/security-releases/" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-9402" } ], "schema_version": "1.7.0", "summary": "Django -- potential SQL injection vulnerability" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "py35-matrix-synapse" }, "ranges": [ { "events": [ { "fixed": "1.11.1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "py36-matrix-synapse" }, "ranges": [ { "events": [ { "fixed": "1.11.1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "py37-matrix-synapse" }, "ranges": [ { "events": [ { "fixed": "1.11.1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://github.com/matrix-org/synapse/releases/tag/v1.11.1" ], "discovery": "2020-03-03T00:00:00Z", "vid": "1afe9552-5ee3-11ea-9b6d-901b0e934d69" }, "details": "Matrix developers report:\n\n> \\[The 1.11.1\\] release includes a security fix impacting installations\n> using Single Sign-On (i.e. SAML2 or CAS) for authentication.\n> Administrators of such installations are encouraged to upgrade as soon\n> as possible.\n", "id": "FreeBSD-2020-0046", "modified": "2020-03-11T00:00:00Z", "published": "2020-03-11T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://github.com/matrix-org/synapse/releases/tag/v1.11.1" }, { "type": "WEB", "url": "https://github.com/matrix-org/synapse/releases/tag/v1.11.1" } ], "schema_version": "1.7.0", "summary": "py-matrix-synapse -- users of single-sign-on are vulnerable to phishing" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "node" }, "ranges": [ { "events": [ { "fixed": "13.8.0" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "node12" }, "ranges": [ { "events": [ { "fixed": "12.15.0" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "node10" }, "ranges": [ { "events": [ { "fixed": "10.19.0" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://nodejs.org/en/blog/vulnerability/february-2020-security-releases/" ], "discovery": "2020-02-06T00:00:00Z", "references": { "cvename": [ "CVE-2019-15605", "CVE-2019-15606", "CVE-2019-15604" ] }, "vid": "0032400f-624f-11ea-b495-000d3ab229d6" }, "details": "Node.js reports:\n\n> Updates are now available for all active Node.js release lines for the\n> following issues.\n>\n> # HTTP request smuggling using malformed Transfer-Encoding header (Critical) (CVE-2019-15605)HTTP request smuggling using malformed Transfer-Encoding header (Critical) (CVE-2019-15605)\n>\n> Affected Node.js versions can be exploited to perform HTTP desync\n> attacks and deliver malicious payloads to unsuspecting users. The\n> payloads can be crafted by an attacker to hijack user sessions, poison\n> cookies, perform clickjacking, and a multitude of other attacks\n> depending on the architecture of the underlying system.\n>\n> # HTTP header values do not have trailing OWS trimmed (High) (CVE-2019-15606)\n>\n> Optional whitespace should be trimmed from HTTP header values. Its\n> presence may allow attackers to bypass security checks based on HTTP\n> header values.\n>\n> # Remotely trigger an assertion on a TLS server with a malformed certificate string (High) (CVE-2019-15604)\n>\n> Connecting to a NodeJS TLS server with a client certificate that has a\n> type 19 string in its subjectAltName will crash the TLS server if it\n> tries to read the peer certificate.\n>\n> # Strict HTTP header parsing (None)\n>\n> Increase the strictness of HTTP header parsing. There are no known\n> vulnerabilities addressed, but lax HTTP parsing has historically been\n> a source of problems. Some commonly used sites are known to generate\n> invalid HTTP headers, a \\--insecure-http-parser CLI option or\n> insecureHTTPParser http option can be used if necessary for\n> interoperability, but is not recommended.\n", "id": "FreeBSD-2020-0045", "modified": "2020-03-09T00:00:00Z", "published": "2020-03-09T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://nodejs.org/en/blog/vulnerability/february-2020-security-releases/" }, { "type": "WEB", "url": "https://nodejs.org/en/blog/vulnerability/february-2020-security-releases/" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-15605" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-15606" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-15604" } ], "schema_version": "1.7.0", "summary": "Node.js -- multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "gitea" }, "ranges": [ { "events": [ { "fixed": "1.11.2" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://github.com/go-gitea/gitea/releases/tag/v1.11.0", "https://github.com/go-gitea/gitea/releases/tag/v1.11.2" ], "discovery": "2019-11-18T00:00:00Z", "references": { "freebsdpr": [ "ports/244025" ] }, "vid": "be088777-6085-11ea-8609-08002731610e" }, "details": "The Gitea Team reports for release 1.11.0:\n\n> - Never allow an empty password to validate (#9682) (#9683)\n> - Prevent redirect to Host (#9678) (#9679)\n> - Swagger hide search field (#9554)\n> - Add \\\"search\\\" to reserved usernames (#9063)\n> - Switch to fomantic-ui (#9374)\n> - Only serve attachments when linked to issue/release and if\n> accessible by user (#9340)\n\nThe Gitea Team reports for release 1.11.2:\n\n> - Ensure only own addresses are updated (#10397) (#10399)\n> - Logout POST action (#10582) (#10585)\n> - Org action fixes and form cleanup (#10512) (#10514)\n> - Change action GETs to POST (#10462) (#10464)\n> - Fix admin notices (#10480) (#10483)\n> - Change admin dashboard to POST (#10465) (#10466)\n> - Update markbates/goth (#10444) (#10445)\n> - Update crypto vendors (#10385) (#10398)\n", "id": "FreeBSD-2020-0044", "modified": "2020-03-07T00:00:00Z", "published": "2020-03-07T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://github.com/go-gitea/gitea/releases/tag/v1.11.0" }, { "type": "REPORT", "url": "https://github.com/go-gitea/gitea/releases/tag/v1.11.2" }, { "type": "WEB", "url": "https://blog.gitea.io/2020/02/gitea-1.11.0-is-released/" }, { "type": "WEB", "url": "https://blog.gitea.io/2020/03/gitea-1.11.2-is-released/" }, { "type": "REPORT", "url": "https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=244025" } ], "schema_version": "1.7.0", "summary": "gitea -- multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "py27-salt" }, "ranges": [ { "events": [ { "fixed": "2019.2.3" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "py32-salt" }, "ranges": [ { "events": [ { "fixed": "2019.2.3" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "py33-salt" }, "ranges": [ { "events": [ { "fixed": "2019.2.3" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "py34-salt" }, "ranges": [ { "events": [ { "fixed": "2019.2.3" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "py35-salt" }, "ranges": [ { "events": [ { "fixed": "2019.2.3" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "py36-salt" }, "ranges": [ { "events": [ { "fixed": "2019.2.3" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "py37-salt" }, "ranges": [ { "events": [ { "fixed": "2019.2.3" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "py38-salt" }, "ranges": [ { "events": [ { "fixed": "2019.2.3" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://docs.saltstack.com/en/latest/topics/releases/2019.2.3.html" ], "discovery": "2020-01-15T00:00:00Z", "references": { "cvename": [ "CVE-2019-17361" ] }, "vid": "8c98e643-6008-11ea-af63-38d547003487" }, "details": "SaltStack reports:\n\n> With the Salt NetAPI enabled in addition to having a SSH roster\n> defined, unauthenticated access is possible when specifying the client\n> as SSH.\n>\n> Additionally, when the raw_shell option is specified any arbitrary\n> command may be run on the Salt master when specifying SSH options.\n", "id": "FreeBSD-2020-0043", "modified": "2020-03-07T00:00:00Z", "published": "2020-03-07T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://docs.saltstack.com/en/latest/topics/releases/2019.2.3.html" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-17361" }, { "type": "WEB", "url": "https://docs.saltstack.com/en/latest/topics/releases/2019.2.3.html" }, { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-17361" } ], "schema_version": "1.7.0", "summary": "salt -- salt-api vulnerability" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "gitlab-ce" }, "ranges": [ { "events": [ { "introduced": "12.8.0" }, { "fixed": "12.8.2" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "12.7.0" }, { "fixed": "12.7.7" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "0" }, { "fixed": "12.6.8" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://about.gitlab.com/releases/2020/03/04/gitlab-12-dot-8-dot-2-released/" ], "discovery": "2020-03-04T00:00:00Z", "references": { "cvename": [ "CVE-2020-8113" ] }, "vid": "62f2182c-5f7a-11ea-abb7-001b217b3468" }, "details": "Gitlab reports:\n\n> Directory Traversal to Arbitrary File Read\n>\n> Account Takeover Through Expired Link\n>\n> Server Side Request Forgery Through Deprecated Service\n>\n> Group Two-Factor Authentication Requirement Bypass\n>\n> Stored XSS in Merge Request Pages\n>\n> Stored XSS in Merge Request Submission Form\n>\n> Stored XSS in File View\n>\n> Stored XSS in Grafana Integration\n>\n> Contribution Analytics Exposed to Non-members\n>\n> Incorrect Access Control in Docker Registry via Deploy Tokens\n>\n> Denial of Service via Permission Checks\n>\n> Denial of Service in Design For Public Issue\n>\n> Incorrect Access Control via LFS Import\n>\n> Unescaped HTML in Header\n>\n> Private Merge Request Titles Leaked via Widget\n>\n> Project Namespace Exposed via Vulnerability Feedback Endpoint\n>\n> Denial of Service Through Recursive Requests\n>\n> Project Authorization Not Being Updated\n>\n> Incorrect Permission Level For Group Invites\n>\n> Disclosure of Private Group Epic Information\n>\n> User IP Address Exposed via Badge images\n", "id": "FreeBSD-2020-0042", "modified": "2020-03-06T00:00:00Z", "published": "2020-03-06T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://about.gitlab.com/releases/2020/03/04/gitlab-12-dot-8-dot-2-released/" }, { "type": "WEB", "url": "https://about.gitlab.com/releases/2020/03/04/gitlab-12-dot-8-dot-2-released/" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-8113" } ], "schema_version": "1.7.0", "summary": "Gitlab -- Multiple Vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "FreeBSD" }, "ranges": [ { "events": [ { "introduced": "11.3" }, { "fixed": "11.3_7" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "12.1" }, { "fixed": "12.1_3" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "ntp" }, "ranges": [ { "events": [ { "fixed": "4.2.8p14" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "ntp-devel" }, "ranges": [ { "events": [ { "last_affected": "4.3.99_6" }, { "fixed": "4.3.99_6" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://support.ntp.org/bin/view/Main/SecurityNotice" ], "discovery": "2019-05-30T00:00:00Z", "references": { "freebsdsa": [ "SA-20:09.ntp" ] }, "vid": "591a706b-5cdc-11ea-9a0a-206a8a720317" }, "details": "nwtime.org reports:\n\n> Three ntp vulnerabilities, Depending on configuration, may have little\n> impact up to termination of the ntpd process.\n>\n> NTP Bug 3610: Process_control() should exit earlier on short packets.\n> On systems that override the default and enable ntpdc (mode 7) fuzz\n> testing detected that a short packet will cause ntpd to read\n> uninitialized data.\n>\n> NTP Bug 3596: An unauthenticated unmonitored ntpd is vulnerable to\n> attack on IPv4 with highly predictable transmit timestamps. An\n> off-path attacker who can query time from the victim\\'s ntp which\n> receives time from an unauthenticated time source must be able to send\n> from a spoofed IPv4 address of upstream ntp server and and the victim\n> must be able to process a large number of packets with the spoofed\n> IPv4 address of the upstream server. After eight or more successful\n> attacks in a row the attacker can either modify the victim\\'s clock by\n> a small amount or cause ntpd to terminate. The attack is especially\n> effective when unusually short poll intervals have been configured.\n>\n> NTP Bug 3592: The fix for https://bugs.ntp.org/3445 introduced a bug\n> such that a ntp can be prevented from initiating a time volley to its\n> peer resulting in a DoS.\n>\n> All three NTP bugs may result in DoS or terimation of the ntp daemon.\n", "id": "FreeBSD-2020-0041", "modified": "2020-03-03T00:00:00Z", "published": "2020-03-03T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://support.ntp.org/bin/view/Main/SecurityNotice" }, { "type": "ADVISORY", "url": "https://www.freebsd.org/security/advisories/FreeBSD-SA-20:09.ntp.asc" } ], "schema_version": "1.7.0", "summary": "ntp -- Multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "librsvg2" }, "ranges": [ { "events": [ { "fixed": "2.40.21" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "librsvg2-rust" }, "ranges": [ { "events": [ { "introduced": "2.41.0" }, { "fixed": "2.46.3" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://mail.gnome.org/archives/ftp-release-list/2020-February/msg00133.htmlE" ], "discovery": "2020-02-26T00:00:00Z", "references": { "cvename": [ "CVE-2019-20446" ] }, "vid": "b66583ae-5aee-4cd5-bb31-b2d397f8b6b3" }, "details": "Librsvg2 developers reports:\n\n> Backport the following fixes from 2.46.x:\n>\n> Librsvg now has limits on the number of loaded XML elements, and the\n> number of referenced elements within an SVG document. This is to\n> mitigate malicious SVGs which try to consume all memory, and those\n> which try to consume an exponential amount of CPU time.\n>\n> Fix stack exhaustion with circular references in \\ elements.\n>\n> Fix a denial-of-service condition from exponential explosion of\n> rendered elements, through nested use of SVG \\ elements in\n> malicious SVGs. This is similar to the XML \\\"billion laughs attack\\\"\n> but for SVG instancing.\n", "id": "FreeBSD-2020-0040", "modified": "2020-03-02T00:00:00Z", "published": "2020-03-02T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://mail.gnome.org/archives/ftp-release-list/2020-February/msg00133.htmlE" }, { "type": "WEB", "url": "https://mail.gnome.org/archives/ftp-release-list/2020-February/msg00133.html" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-20446" } ], "schema_version": "1.7.0", "summary": "librsvg2 -- multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "timidity++" }, "ranges": [ { "events": [ { "fixed": "2.15.0" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "timidity++-emacs" }, "ranges": [ { "events": [ { "fixed": "2.15.0" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "timidity++-gtk" }, "ranges": [ { "events": [ { "fixed": "2.15.0" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "timidity++-motif" }, "ranges": [ { "events": [ { "fixed": "2.15.0" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "timidity++-slang" }, "ranges": [ { "events": [ { "fixed": "2.15.0" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "timidity++-tcltk" }, "ranges": [ { "events": [ { "fixed": "2.15.0" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "timidity++-xaw" }, "ranges": [ { "events": [ { "fixed": "2.15.0" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "timidity++-xskin" }, "ranges": [ { "events": [ { "fixed": "2.15.0" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://seclists.org/fulldisclosure/2017/Jul/83" ], "discovery": "2017-07-31T00:00:00Z", "references": { "cvename": [ "CVE-2017-11546", "CVE-2017-11547", "CVE-2017-11549" ] }, "vid": "d37407bd-5c5f-11ea-bb2a-8c164582fbac" }, "details": "qflb.wu of DBAPPSecurity reports:\n\n> Ihe insert_note_steps function in readmidi.c in TiMidity++ 2.14.0 can\n> cause a denial of service(divide-by-zero error and application crash)\n> via a crafted mid file.\n>\n> The resample_gauss function in resample.c in TiMidity++ 2.14.0 can\n> cause a denial of service(heap-buffer-overflow) via a crafted mid\n> file.\n>\n> The play_midi function in playmidi.c in TiMidity++ 2.14.0 can cause a\n> denial of service(large loop and CPU consumption) via a crafted mid\n> file.\n", "id": "FreeBSD-2020-0039", "modified": "2020-03-02T00:00:00Z", "published": "2020-03-02T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://seclists.org/fulldisclosure/2017/Jul/83" }, { "type": "WEB", "url": "https://seclists.org/fulldisclosure/2017/Jul/83" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-11546" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-11547" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-11549" } ], "schema_version": "1.7.0", "summary": "TiMidity++ -- Multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "apache-solr" }, "ranges": [ { "events": [ { "fixed": "8.3.1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://lucene.apache.org/solr/security.html" ], "discovery": "2019-12-30T00:00:00Z", "references": { "cvename": [ "CVE-2019-17558" ] }, "vid": "e59cb761-5ad8-11ea-abb7-001b217b3468" }, "details": "Community reports:\n\n> 8.1.1 and 8.2.0 users check ENABLE_REMOTE_JMX_OPTS setting\n>\n> Apache Solr RCE vulnerability due to bad config default\n>\n> Apache Solr RCE through VelocityResponseWriter\n", "id": "FreeBSD-2020-0038", "modified": "2020-02-29T00:00:00Z", "published": "2020-02-29T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://lucene.apache.org/solr/security.html" }, { "type": "WEB", "url": "https://lucene.apache.org/solr/security.html" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-17558" } ], "schema_version": "1.7.0", "summary": "Solr -- multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "opensmtpd" }, "ranges": [ { "events": [ { "fixed": "6.6.4,1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://opensmtpd.org/security.html" ], "discovery": "2020-02-22T00:00:00Z", "references": { "cvename": [ "CVE-2020-8793", "CVE-2020-8794" ] }, "vid": "f0683976-5779-11ea-8a77-1c872ccb1e42" }, "details": "OpenSMTPD developers reports:\n\n> An out of bounds read in smtpd allows an attacker to inject arbitrary\n> commands into the envelope file which are then executed as root.\n> Separately, missing privilege revocation in smtpctl allows arbitrary\n> commands to be run with the \\_smtpq group.\n>\n> An unprivileged local attacker can read the first line of an arbitrary\n> file (for example, root\\'s password hash in /etc/master.passwd) or the\n> entire contents of another user\\'s file (if this file and\n> /var/spool/smtpd/ are on the same filesystem).\n", "id": "FreeBSD-2020-0037", "modified": "2020-02-27T00:00:00Z", "published": "2020-02-24T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://opensmtpd.org/security.html" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-8793" }, { "type": "WEB", "url": "https://www.openwall.com/lists/oss-security/2020/02/24/4" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-8794" }, { "type": "WEB", "url": "https://www.openwall.com/lists/oss-security/2020/02/24/5" } ], "schema_version": "1.7.0", "summary": "OpenSMTPd -- LPE and RCE in OpenSMTPD's default install" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "mbedtls" }, "ranges": [ { "events": [ { "fixed": "2.16.5" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://tls.mbed.org/tech-updates/security-advisories/mbedtls-security-advisory-2020-02" ], "discovery": "2020-02-18T00:00:00Z", "vid": "056ea107-5729-11ea-a2f3-001cc0382b2f" }, "details": "Janos Follath reports:\n\n> If Mbed TLS is running in an SGX enclave and the adversary has control\n> of the main operating system, they can launch a side channel attack to\n> recover the RSA private key when it is being imported.\n>\n> The attack only requires access to fine grained measurements to cache\n> usage. Therefore the attack might be applicable to a scenario where\n> Mbed TLS is running in TrustZone secure world and the attacker\n> controls the normal world or possibly when Mbed TLS is part of a\n> hypervisor and the adversary has full control of a guest OS.\n", "id": "FreeBSD-2020-0036", "modified": "2020-02-24T00:00:00Z", "published": "2020-02-24T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://tls.mbed.org/tech-updates/security-advisories/mbedtls-security-advisory-2020-02" }, { "type": "WEB", "url": "https://tls.mbed.org/tech-updates/security-advisories/mbedtls-security-advisory-2020-02" } ], "schema_version": "1.7.0", "summary": "Mbed TLS -- Cache attack against RSA key import in SGX" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "mbedtls" }, "ranges": [ { "events": [ { "fixed": "2.16.4" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://tls.mbed.org/tech-updates/security-advisories/mbedtls-security-advisory-2019-12" ], "discovery": "2019-10-25T00:00:00Z", "references": { "cvename": [ "CVE-2019-18222" ] }, "vid": "b70b880f-5727-11ea-a2f3-001cc0382b2f" }, "details": "Janos Follath reports:\n\n> Our bignum implementation is not constant time/constant trace, so side\n> channel attacks can retrieve the blinded value, factor it (as it is\n> smaller than RSA keys and not guaranteed to have only large prime\n> factors), and then, by brute force, recover the key.\n", "id": "FreeBSD-2020-0035", "modified": "2020-02-24T00:00:00Z", "published": "2020-02-24T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://tls.mbed.org/tech-updates/security-advisories/mbedtls-security-advisory-2019-12" }, { "type": "WEB", "url": "https://tls.mbed.org/tech-updates/security-advisories/mbedtls-security-advisory-2019-12" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-18222" } ], "schema_version": "1.7.0", "summary": "Mbed TLS -- Side channel attack on ECDSA" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "weechat" }, "ranges": [ { "events": [ { "fixed": "2.7.1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://weechat.org/doc/security/" ], "discovery": "2020-02-20T00:00:00Z", "references": { "cvename": [ "CVE-2020-8955" ] }, "vid": "8e3f1812-54d9-11ea-8d49-d4c9ef517024" }, "details": "The WeeChat project reports:\n\n> Buffer overflow when receiving a malformed IRC message 324 (channel\n> mode). (CVE-2020-8955)\n>\n> Buffer overflow when a new IRC message 005 is received with longer\n> nick prefixes.\n>\n> Crash when receiving a malformed IRC message 352 (WHO).\n", "id": "FreeBSD-2020-0034", "modified": "2020-02-21T00:00:00Z", "published": "2020-02-21T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://weechat.org/doc/security/" }, { "type": "WEB", "url": "https://weechat.org/doc/security/" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-8955" } ], "schema_version": "1.7.0", "summary": "WeeChat -- Multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "webkit2-gtk3" }, "ranges": [ { "events": [ { "fixed": "2.26.4" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "discovery": "2020-02-14T00:00:00Z", "references": { "cvename": [ "CVE-2020-3862", "CVE-2020-3864", "CVE-2020-3865", "CVE-2020-3867", "CVE-2020-3868" ] }, "vid": "1cb0af4e-d641-4f99-9432-297a89447a97" }, "details": "The WebKitGTK project reports multiple vulnerabilities.\n", "id": "FreeBSD-2020-0033", "modified": "2020-02-19T00:00:00Z", "published": "2020-02-19T00:00:00Z", "references": [ { "type": "WEB", "url": "https://webkitgtk.org/security/WSA-2020-0002.html" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-3862" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-3864" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-3865" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-3867" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-3868" } ], "schema_version": "1.7.0", "summary": "webkit-gtk3 -- Multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:kernel", "name": "FreeBSD-kernel" }, "ranges": [ { "events": [ { "introduced": "12.1" }, { "fixed": "12.1_2" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "12.0" }, { "fixed": "12.0_13" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "11.3" }, { "fixed": "11.3_6" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "discovery": "2020-01-28T00:00:00Z", "references": { "cvename": [ "CVE-2019-15875" ], "freebsdsa": [ "SA-20:03.thrmisc" ] }, "vid": "6025d173-4279-11ea-b184-f8b156ac3ff9" }, "details": "# Problem Description:\n\nDue to incorrect initialization of a stack data structure, up to 20\nbytes of kernel data stored previously stored on the stack will be\nexposed to a crashing user process.\n\n# Impact:\n\nSensitive kernel data may be disclosed.\n", "id": "FreeBSD-2020-0032", "modified": "2020-01-29T00:00:00Z", "published": "2020-01-29T00:00:00Z", "references": [ { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-15875" }, { "type": "ADVISORY", "url": "https://www.freebsd.org/security/advisories/FreeBSD-SA-20:03.thrmisc.asc" } ], "schema_version": "1.7.0", "summary": "FreeBSD -- kernel stack data disclosure" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:kernel", "name": "FreeBSD-kernel" }, "ranges": [ { "events": [ { "introduced": "12.0" }, { "fixed": "12.0_13" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "discovery": "2020-01-28T00:00:00Z", "references": { "cvename": [ "CVE-2019-5613" ], "freebsdsa": [ "SA-20:02.ipsec" ] }, "vid": "5797c807-4279-11ea-b184-f8b156ac3ff9" }, "details": "# Problem Description:\n\nA missing check means that an attacker can reinject an old packet and it\nwill be accepted and processed by the IPsec endpoint.\n\n# Impact:\n\nThe impact depends on the higher-level protocols in use over IPsec. For\nexample, an attacker who can capture and inject packets could cause an\naction that was intentionally performed once to be repeated.\n", "id": "FreeBSD-2020-0031", "modified": "2020-01-29T00:00:00Z", "published": "2020-01-29T00:00:00Z", "references": [ { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-5613" }, { "type": "ADVISORY", "url": "https://www.freebsd.org/security/advisories/FreeBSD-SA-20:02.ipsec.asc" } ], "schema_version": "1.7.0", "summary": "FreeBSD -- Missing IPsec anti-replay window check" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "FreeBSD" }, "ranges": [ { "events": [ { "introduced": "12.1" }, { "fixed": "12.1_2" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "12.0" }, { "fixed": "12.0_13" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "11.3" }, { "fixed": "11.3_6" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "discovery": "2020-01-28T00:00:00Z", "references": { "cvename": [ "CVE-2020-7450" ], "freebsdsa": [ "SA-20:01.libfetch" ] }, "vid": "22b41bc5-4279-11ea-b184-f8b156ac3ff9" }, "details": "# Problem Description:\n\nA programming error allows an attacker who can specify a URL with a\nusername and/or password components to overflow libfetch(3) buffers.\n\n# Impact:\n\nAn attacker in control of the URL to be fetched (possibly via HTTP\nredirect) may cause a heap buffer overflow, resulting in program\nmisbehavior or malicious code execution.\n", "id": "FreeBSD-2020-0030", "modified": "2020-01-29T00:00:00Z", "published": "2020-01-29T00:00:00Z", "references": [ { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-7450" }, { "type": "ADVISORY", "url": "https://www.freebsd.org/security/advisories/FreeBSD-SA-20:01.libfetch.asc" } ], "schema_version": "1.7.0", "summary": "FreeBSD -- libfetch buffer overflow" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "gitlab-ce" }, "ranges": [ { "events": [ { "introduced": "12.7.0" }, { "fixed": "12.7.6" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "12.6.0" }, { "fixed": "12.6.7" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "12.5.0" }, { "fixed": "12.5.10" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://about.gitlab.com/releases/2020/02/13/critical-security-release-gitlab-12-dot-7-dot-6-released/" ], "discovery": "2020-02-13T00:00:00Z", "references": { "cvename": [ "CVE-2020-8795" ] }, "vid": "1ece5591-4ea9-11ea-86f0-001b217b3468" }, "details": "Gitlab reports:\n\n> Incorrect membership handling of group sharing feature\n", "id": "FreeBSD-2020-0029", "modified": "2020-02-13T00:00:00Z", "published": "2020-02-13T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://about.gitlab.com/releases/2020/02/13/critical-security-release-gitlab-12-dot-7-dot-6-released/" }, { "type": "WEB", "url": "https://about.gitlab.com/releases/2020/02/13/critical-security-release-gitlab-12-dot-7-dot-6-released/" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-8795" } ], "schema_version": "1.7.0", "summary": "Gitlab -- Vulnerability" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "dovecot" }, "ranges": [ { "events": [ { "fixed": "2.3.9.3" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://dovecot.org/pipermail/dovecot-news/2020-February/000431.html", "https://dovecot.org/pipermail/dovecot-news/2020-February/000430.html" ], "discovery": "2020-01-14T00:00:00Z", "references": { "cvename": [ "CVE-2020-7046", "CVE-2020-7967" ] }, "vid": "74db0d02-b140-4c32-aac6-1f1e81e1ad30" }, "details": "Aki Tuomi reports:\n\n> lib-smtp doesn\\'t handle truncated command parameters properly,\n> resulting in infinite loop taking 100% CPU for the process. This\n> happens for LMTP (where it doesn\\'t matter so much) and also for\n> submission-login where unauthenticated users can trigger it.\n\nAki also reports:\n\n> Snippet generation crashes if: message is large enough that\n> message-parser returns multiple body blocks The first block(s) don\\'t\n> contain the full snippet (e.g. full of whitespace) input ends with\n> \\'\\>\\'\n", "id": "FreeBSD-2020-0028", "modified": "2020-02-13T00:00:00Z", "published": "2020-02-13T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://dovecot.org/pipermail/dovecot-news/2020-February/000431.html" }, { "type": "REPORT", "url": "https://dovecot.org/pipermail/dovecot-news/2020-February/000430.html" }, { "type": "WEB", "url": "https://dovecot.org/pipermail/dovecot-news/2020-February/000430.html" }, { "type": "WEB", "url": "https://dovecot.org/pipermail/dovecot-news/2020-February/000431.html" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-7046" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-7967" } ], "schema_version": "1.7.0", "summary": "dovecot -- multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "grub2-bhyve" }, "ranges": [ { "events": [ { "fixed": "0.40_8" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://www.voidsecurity.in/", "https://www.voidsecurity.in/" ], "discovery": "2019-12-09T00:00:00Z", "vid": "9d6a48a7-4dad-11ea-8a1d-7085c25400ea" }, "details": "Reno Robert reports:\n\n> FreeBSD uses a two-process model for running a VM. For booting\n> non-FreeBSD guests, a modified grub-emu is used (grub-bhyve).\n> Grub-bhyve executes command from guest grub.cfg file. This is a\n> security problem because grub was never written to handle inputs from\n> OS as untrusted. In the current design, grub and guest OS works across\n> trust boundaries. This exposes a grub to untrusted inputs from guest.\n>\n> grub-bhyve (emu) is built without SDL graphics support which reduces\n> lot of gfx attack surface, however font loading code is still\n> accessible. Guest can provide arbitrary font file, which is parsed by\n> grub-bhyve running as root.\n>\n> In grub-core/font/font.c, `read_section_as_string()` allocates\n> `section->length + 1` bytes of memory. However, untrusted\n> `section->length` is an unsigned 32-bit number, and the result can\n> overflow to `malloc(0)`. This can result in a controlled buffer\n> overflow via the \\'loadfont\\' command in a guest VM grub2.cfg,\n> eventually leading to privilege escalation from guest to host.\n\nReno Robert also reports:\n\n> GRUB supports commands to read and write addresses of choice. In\n> grub-bhyve, these commands provide a way to write to arbitrary virtual\n> addresses within the grub-bhyve process. This is another way for a\n> guest grub2.cfg, run by the host, to eventually escalate privileges.\n\nThese vulnerabilities are mitigated by disabling the \\'loadfont\\',\n\\'write_dword\\', \\'read_dword\\', \\'inl\\', \\'outl\\', and other width\nvariants of the same functionality in grub2-bhyve.\n\nThere is also work in progress to sandbox the grub-bhyve utility such\nthat an escaped guest ends up with nobody:nobody in a Capsium sandbox.\nIt is not included in 0.40_8.\n", "id": "FreeBSD-2020-0027", "modified": "2020-02-12T00:00:00Z", "published": "2020-02-12T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://www.voidsecurity.in/" }, { "type": "REPORT", "url": "https://www.voidsecurity.in/" }, { "type": "WEB", "url": "https://www.voidsecurity.in/" } ], "schema_version": "1.7.0", "summary": "grub2-bhyve -- multiple privilege escalations" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "libexif" }, "ranges": [ { "events": [ { "fixed": "0.6.21_5" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9278" ], "discovery": "2019-02-06T00:00:00Z", "references": { "cvename": [ "CVE-2019-9278" ] }, "vid": "00f30cba-4d23-11ea-86ba-641c67a117d8" }, "details": "Mitre reports:\n\n> In libexif, there is a possible out of bounds write due to an integer\n> overflow. This could lead to remote escalation of privilege in the\n> media content provider with no additional execution privileges needed.\n> User interaction is needed for exploitation.\n", "id": "FreeBSD-2020-0026", "modified": "2020-02-11T00:00:00Z", "published": "2020-02-11T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9278" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-9278" }, { "type": "ADVISORY", "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9278" }, { "type": "WEB", "url": "https://security-tracker.debian.org/tracker/CVE-2019-9278" }, { "type": "WEB", "url": "https://seclists.org/bugtraq/2020/Feb/9" }, { "type": "WEB", "url": "https://github.com/libexif/libexif/issues/26" } ], "schema_version": "1.7.0", "summary": "libexif -- privilege escalation" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "linux-flashplayer" }, "ranges": [ { "events": [ { "fixed": "32.0.0.330" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://helpx.adobe.com/security/products/flash-player/apsb20-06.html" ], "discovery": "2020-02-11T00:00:00Z", "references": { "cvename": [ "CVE-2020-3757" ] }, "vid": "d460b640-4cdf-11ea-a59e-6451062f0f7a" }, "details": "Adobe reports:\n\n> - This update resolves a type confusion vulnerability that could lead\n> to arbitrary code execution (CVE-2020-3757).\n", "id": "FreeBSD-2020-0025", "modified": "2020-02-11T00:00:00Z", "published": "2020-02-11T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://helpx.adobe.com/security/products/flash-player/apsb20-06.html" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-3757" }, { "type": "WEB", "url": "https://helpx.adobe.com/security/products/flash-player/apsb20-06.html" } ], "schema_version": "1.7.0", "summary": "Flash Player -- arbitrary code execution" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "nginx" }, "ranges": [ { "events": [ { "fixed": "1.16.1_11,2" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "nginx-devel" }, "ranges": [ { "events": [ { "fixed": "1.17.7" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-20372" ], "discovery": "2019-12-10T00:00:00Z", "references": { "cvename": [ "CVE-2019-20372" ] }, "vid": "c1202de8-4b29-11ea-9673-4c72b94353b5" }, "details": "NGINX Team reports:\n\n> NGINX before 1.17.7, with certain error_page configurations, allows\n> HTTP request smuggling, as demonstrated by the ability of an attacker\n> to read unauthorized web pages in environments where NGINX is being\n> fronted by a load balancer.\n", "id": "FreeBSD-2020-0024", "modified": "2020-02-09T00:00:00Z", "published": "2020-02-09T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-20372" }, { "type": "ADVISORY", "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-20372" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-20372" } ], "schema_version": "1.7.0", "summary": "NGINX -- HTTP request smuggling" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "ksh93" }, "ranges": [ { "events": [ { "introduced": "2020.0.0" }, { "fixed": "2020.0.1_1,1" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "ksh93-devel" }, "ranges": [ { "events": [ { "fixed": "2020.02.07" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://access.redhat.com/security/cve/CVE-2019-14868" ], "discovery": "2019-10-01T00:00:00Z", "vid": "8b20d716-49df-11ea-9f7b-206a8a720317" }, "details": "Upstream ksh93 maintainer Siteshwar Vashisht reports:\n\n> A flaw was found in the way ksh evaluates certain environment\n> variables. An attacker could use this flaw to override or bypass\n> environment restrictions to execute shell commands. Services and\n> applications that allow remote unauthenticated attackers to provide\n> one of those environment variables could allow them to exploit this\n> issue remotely.\n", "id": "FreeBSD-2020-0023", "modified": "2020-02-07T00:00:00Z", "published": "2020-02-07T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://access.redhat.com/security/cve/CVE-2019-14868" }, { "type": "REPORT", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1757324" }, { "type": "WEB", "url": "https://access.redhat.com/security/cve/CVE-2019-14868" }, { "type": "WEB", "url": "https://access.redhat.com/errata/RHSA-2020:0431" } ], "schema_version": "1.7.0", "summary": "ksh93 -- certain environment variables interpreted as arithmetic expressions on startup, leading to code injection" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "clamav" }, "ranges": [ { "events": [ { "fixed": "0.102.2,1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://blog.clamav.net/2020/02/clamav-01022-security-patch-released.html" ], "discovery": "2020-02-05T00:00:00Z", "references": { "cvename": [ "CVE-2020-3123" ] }, "vid": "e7bc2b99-485a-11ea-bff9-9c5c8e75236a" }, "details": "Micah Snyder reports:\n\n> A denial-of-service (DoS) condition may occur when using the optional\n> credit card data-loss-prevention (DLP) feature. Improper bounds\n> checking of an unsigned variable resulted in an out-of-bounds read,\n> which causes a crash.\n", "id": "FreeBSD-2020-0022", "modified": "2020-02-05T00:00:00Z", "published": "2020-02-05T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://blog.clamav.net/2020/02/clamav-01022-security-patch-released.html" }, { "type": "WEB", "url": "https://blog.clamav.net/2020/02/clamav-01022-security-patch-released.html" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-3123" } ], "schema_version": "1.7.0", "summary": "clamav -- Denial-of-Service (DoS) vulnerability" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "py27-django111" }, "ranges": [ { "events": [ { "fixed": "1.11.28" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "py35-django111" }, "ranges": [ { "events": [ { "fixed": "1.11.28" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "py36-django111" }, "ranges": [ { "events": [ { "fixed": "1.11.28" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "py37-django111" }, "ranges": [ { "events": [ { "fixed": "1.11.28" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "py38-django111" }, "ranges": [ { "events": [ { "fixed": "1.11.28" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "py35-django22" }, "ranges": [ { "events": [ { "fixed": "2.2.10" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "py36-django22" }, "ranges": [ { "events": [ { "fixed": "2.2.10" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "py37-django22" }, "ranges": [ { "events": [ { "fixed": "2.2.10" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "py38-django22" }, "ranges": [ { "events": [ { "fixed": "2.2.10" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "py36-django30" }, "ranges": [ { "events": [ { "fixed": "3.0.3" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "py37-django30" }, "ranges": [ { "events": [ { "fixed": "3.0.3" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "py38-django30" }, "ranges": [ { "events": [ { "fixed": "3.0.3" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7471" ], "discovery": "2020-02-03T00:00:00Z", "references": { "cvename": [ "CVE-2020-7471" ] }, "vid": "5a45649a-4777-11ea-bdec-08002728f74c" }, "details": "MITRE CVE reports:\n\n> Django 1.11 before 1.11.28, 2.2 before 2.2.10, and 3.0 before 3.0.3\n> allows SQL Injection if untrusted data is used as a StringAgg\n> delimiter (e.g., in Django applications that offer downloads of data\n> as a series of rows with a user-specified column delimiter). By\n> passing a suitably crafted delimiter to a\n> contrib.postgres.aggregates.StringAgg instance, it was possible to\n> break escaping and inject malicious SQL.\n", "id": "FreeBSD-2020-0021", "modified": "2020-02-04T00:00:00Z", "published": "2020-02-04T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7471" }, { "type": "ADVISORY", "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7471" }, { "type": "WEB", "url": "https://docs.djangoproject.com/en/1.11/releases/1.11.28/" }, { "type": "WEB", "url": "https://docs.djangoproject.com/en/2.2/releases/2.2.10/" }, { "type": "WEB", "url": "https://docs.djangoproject.com/en/3.0/releases/3.0.3/" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-7471" } ], "schema_version": "1.7.0", "summary": "Django -- potential SQL injection vulnerability" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "mariadb55-client" }, "ranges": [ { "events": [ { "fixed": "5.5.67" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "mariadb55-server" }, "ranges": [ { "events": [ { "fixed": "5.5.67" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "mariadb101-client" }, "ranges": [ { "events": [ { "fixed": "10.1.44" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "mariadb101-server" }, "ranges": [ { "events": [ { "fixed": "10.1.44" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "mariadb102-client" }, "ranges": [ { "events": [ { "fixed": "10.2.31" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "mariadb102-server" }, "ranges": [ { "events": [ { "fixed": "10.2.31" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "mariadb103-client" }, "ranges": [ { "events": [ { "fixed": "10.3.22" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "mariadb103-server" }, "ranges": [ { "events": [ { "fixed": "10.3.22" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "mariadb104-client" }, "ranges": [ { "events": [ { "fixed": "10.4.12" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "mariadb104-server" }, "ranges": [ { "events": [ { "fixed": "10.4.12" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "mariadb-connector-c" }, "ranges": [ { "events": [ { "fixed": "3.1.7" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://mariadb.com/kb/en/security/" ], "discovery": "2020-01-28T00:00:00Z", "references": { "cvename": [ "CVE-2020-2574" ] }, "vid": "cb0183bb-45f6-11ea-a1c7-b499baebfeaf" }, "details": "MariaDB reports:\n\n> Difficult to exploit vulnerability allows unauthenticated attacker\n> with network access via multiple protocols to compromise MySQL Client.\n", "id": "FreeBSD-2020-0020", "modified": "2020-02-02T00:00:00Z", "published": "2020-02-02T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://mariadb.com/kb/en/security/" }, { "type": "WEB", "url": "https://mariadb.com/kb/en/security/" }, { "type": "WEB", "url": "https://mariadb.com/kb/en/mdb-5567-rn/" }, { "type": "WEB", "url": "https://mariadb.com/kb/en/mdb-10412-rn/" }, { "type": "WEB", "url": "https://mariadb.com/kb/en/mdb-10322-rn/" }, { "type": "WEB", "url": "https://mariadb.com/kb/en/mdb-10231-rn/" }, { "type": "WEB", "url": "https://mariadb.com/kb/en/mdb-10144-rn/" }, { "type": "WEB", "url": "https://mariadb.com/kb/en/mariadb-connector-c-317-release-notes/" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-2574" } ], "schema_version": "1.7.0", "summary": "MariaDB -- Vulnerability in C API" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "libssh" }, "ranges": [ { "events": [ { "introduced": "0.4.0" }, { "fixed": "0.8.8" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "0.9.0" }, { "fixed": "0.9.3" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://www.libssh.org/security/advisories/CVE-2019-14889.txt" ], "discovery": "2019-11-14T00:00:00Z", "references": { "cvename": [ "CVE-2019-14889" ] }, "vid": "1e7fa41b-f6ca-4fe8-bd46-0e176b42b14f" }, "details": "The libssh team reports:\n\n> In an environment where a user is only allowed to copy files and not\n> to execute applications, it would be possible to pass a location which\n> contains commands to be executed in additon.\n>\n> When the libssh SCP client connects to a server, the scp command,\n> which includes a user-provided path, is executed on the server-side.\n> In case the library is used in a way where users can influence the\n> third parameter of ssh_scp_new(), it would become possible for an\n> attacker to inject arbitrary commands, leading to a compromise of the\n> remote target.\n", "id": "FreeBSD-2020-0019", "modified": "2020-02-02T00:00:00Z", "published": "2020-02-02T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://www.libssh.org/security/advisories/CVE-2019-14889.txt" }, { "type": "WEB", "url": "https://www.libssh.org/security/advisories/CVE-2019-14889.txt" }, { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-14889" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-14889" } ], "schema_version": "1.7.0", "summary": "libssh -- Unsanitized location in scp could lead to unwanted command execution" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "spamassassin" }, "ranges": [ { "events": [ { "fixed": "3.4.4" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://mail-archives.apache.org/mod_mbox/spamassassin-announce/202001.mbox/%3c0a91e67a-3190-36e5-41e9-d3553743bcd2@apache.org%3e" ], "discovery": "2020-01-28T00:00:00Z", "references": { "cvename": [ "CVE-2020-1930", "CVE-2020-1931" ] }, "vid": "c86bfee3-4441-11ea-8be3-54e1ad3d6335" }, "details": "The Apache SpamAssassin project reports:\n\n> A nefarious rule configuration (.cf) files can be configured to run\n> system commands. This issue is less stealthy and attempts to exploit\n> the issue will throw warnings.\n>\n> Thanks to Damian Lukowski at credativ for reporting the issue\n> ethically. With this bug unpatched, exploits can be injected in a\n> number of scenarios though doing so remotely is difficult. In addition\n> to upgrading to SA 3.4.4, we again recommend that users should only\n> use update channels or 3rd party .cf files from trusted places.\n", "id": "FreeBSD-2020-0018", "modified": "2020-01-31T00:00:00Z", "published": "2020-01-31T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://mail-archives.apache.org/mod_mbox/spamassassin-announce/202001.mbox/%3c0a91e67a-3190-36e5-41e9-d3553743bcd2@apache.org%3e" }, { "type": "WEB", "url": "https://mail-archives.apache.org/mod_mbox/spamassassin-announce/202001.mbox/%3c0a91e67a-3190-36e5-41e9-d3553743bcd2@apache.org%3e" }, { "type": "WEB", "url": "https://mail-archives.apache.org/mod_mbox/spamassassin-announce/202001.mbox/%3ccdae17ce-acde-6060-148a-6dc5f45ee728@apache.org%3e" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-1930" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-1931" } ], "schema_version": "1.7.0", "summary": "spamassassin -- Nefarious rule configuration files can run system commands" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "sudo" }, "ranges": [ { "events": [ { "fixed": "1.8.31" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://www.sudo.ws/alerts/pwfeedback.html" ], "discovery": "2020-01-30T00:00:00Z", "references": { "cvename": [ "CVE-2019-18634" ] }, "vid": "b4e5f782-442d-11ea-9ba9-206a8a720317" }, "details": "Todd C. Miller reports:\n\n> Sudo\\'s pwfeedback option can be used to provide visual feedback when\n> the user is inputting their password. For each key press, an asterisk\n> is printed. This option was added in response to user confusion over\n> how the standard Password: prompt disables the echoing of key presses.\n> While pwfeedback is not enabled by default in the upstream version of\n> sudo, some systems, such as Linux Mint and Elementary OS, do enable it\n> in their default sudoers files.\n>\n> Due to a bug, when the pwfeedback option is enabled in the sudoers\n> file, a user may be able to trigger a stack-based buffer overflow.\n> This bug can be triggered even by users not listed in the sudoers\n> file. There is no impact unless pwfeedback has been enabled.\n", "id": "FreeBSD-2020-0017", "modified": "2020-01-30T00:00:00Z", "published": "2020-01-30T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://www.sudo.ws/alerts/pwfeedback.html" }, { "type": "WEB", "url": "https://www.sudo.ws/alerts/pwfeedback.html" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-18634" } ], "schema_version": "1.7.0", "summary": "sudo -- Potential bypass of Runas user restrictions" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "gitlab-ce" }, "ranges": [ { "events": [ { "introduced": "12.7.0" }, { "fixed": "12.7.4" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "12.6.0" }, { "fixed": "12.6.6" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "5.3" }, { "fixed": "12.5.9" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://about.gitlab.com/releases/2020/01/30/security-release-gitlab-12-7-4-released/" ], "discovery": "2020-01-30T00:00:00Z", "references": { "cvename": [ "CVE-2020-7966", "CVE-2020-8114", "CVE-2020-7973", "CVE-2020-6833", "CVE-2020-7971", "CVE-2020-7967", "CVE-2020-7972", "CVE-2020-7968", "CVE-2020-7979", "CVE-2020-7969", "CVE-2020-7978", "CVE-2020-7974", "CVE-2020-7977", "CVE-2020-7976", "CVE-2019-16779", "CVE-2019-18978", "CVE-2019-16892" ] }, "vid": "c5bd9068-440f-11ea-9cdb-001b217b3468" }, "details": "Gitlab reports:\n\n> Path Traversal to Arbitrary File Read\n>\n> User Permissions Not Validated in ProjectExportWorker\n>\n> XSS Vulnerability in File API\n>\n> Package and File Disclosure through GitLab Workhorse\n>\n> XSS Vulnerability in Create Groups\n>\n> Issue and Merge Request Activity Counts Exposed\n>\n> Email Confirmation Bypass Using AP\n>\n> Disclosure of Forked Private Project Source Code\n>\n> Private Project Names Exposed in GraphQL queries\n>\n> Disclosure of Issues and Merge Requests via Todos\n>\n> Denial of Service via AsciiDoc\n>\n> Last Pipeline Status Exposed\n>\n> Arbitrary Change of Pipeline Status\n>\n> Grafana Token Displayed in Plaintext\n>\n> Update excon gem\n>\n> Update rdoc gem\n>\n> Update rack-cors gem\n>\n> Update rubyzip gem\n", "id": "FreeBSD-2020-0016", "modified": "2020-01-31T00:00:00Z", "published": "2020-01-31T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://about.gitlab.com/releases/2020/01/30/security-release-gitlab-12-7-4-released/" }, { "type": "WEB", "url": "https://about.gitlab.com/releases/2020/01/30/security-release-gitlab-12-7-4-released/" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-7966" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-8114" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-7973" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-6833" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-7971" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-7967" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-7972" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-7968" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-7979" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-7969" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-7978" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-7974" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-7977" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-7976" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-16779" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-18978" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-16892" } ], "schema_version": "1.7.0", "summary": "Gitlab -- Multiple Vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "opensmtpd" }, "ranges": [ { "events": [ { "introduced": "6.4.0,1" }, { "fixed": "6.6.2,1" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://opensmtpd.org/security.html" ], "discovery": "2020-01-28T00:00:00Z", "references": { "cvename": [ "CVE-2020-7247" ] }, "vid": "08f5c27d-4326-11ea-af8b-00155d0a0200" }, "details": "OpenSMTPD developers report:\n\n> An incorrect check allows an attacker to trick mbox delivery into\n> executing arbitrary commands as root and lmtp delivery into executing\n> arbitrary commands as an unprivileged user\n", "id": "FreeBSD-2020-0015", "modified": "2020-01-29T00:00:00Z", "published": "2020-01-29T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://opensmtpd.org/security.html" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-7247" }, { "type": "WEB", "url": "https://www.openwall.com/lists/oss-security/2020/01/28/3" } ], "schema_version": "1.7.0", "summary": "OpenSMTPd -- critical LPE / RCE vulnerability" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "jenkins" }, "ranges": [ { "events": [ { "last_affected": "2.219" }, { "fixed": "2.219" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "jenkins-lts" }, "ranges": [ { "events": [ { "last_affected": "2.204.2" }, { "fixed": "2.204.2" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://jenkins.io/security/advisory/2020-01-29/" ], "discovery": "2020-01-29T00:00:00Z", "references": { "cvename": [ "CVE-2020-2099", "CVE-2020-2100", "CVE-2020-2101", "CVE-2020-2102", "CVE-2020-2103", "CVE-2020-2104", "CVE-2020-2105", "CVE-2020-2106", "CVE-2020-2107", "CVE-2020-2108" ] }, "vid": "a250539d-d1d4-4591-afd3-c8bdfac335d8" }, "details": "Jenkins Security Advisory:\n\n> # Description\n>\n> ##### (High) SECURITY-1682 / CVE-2020-2099\n>\n> Inbound TCP Agent Protocol/3 authentication bypass\n>\n> ##### (Medium) SECURITY-1641 / CVE-2020-2100\n>\n> Jenkins vulnerable to UDP amplification reflection attack\n>\n> ##### (Medium) SECURITY-1659 / CVE-2020-2101\n>\n> Non-constant time comparison of inbound TCP agent connection secret\n>\n> ##### (Medium) SECURITY-1660 / CVE-2020-2102\n>\n> Non-constant time HMAC comparison\n>\n> ##### (Medium) SECURITY-1695 / CVE-2020-2103\n>\n> Diagnostic page exposed session cookies\n>\n> ##### (Medium) SECURITY-1650 / CVE-2020-2104\n>\n> Memory usage graphs accessible to anyone with Overall/Read\n>\n> ##### (Low) SECURITY-1704 / CVE-2020-2105\n>\n> Jenkins REST APIs vulnerable to clickjacking\n>\n> ##### (Medium) SECURITY-1680 / CVE-2020-2106\n>\n> Stored XSS vulnerability in Code Coverage API Plugin\n>\n> ##### (Medium) SECURITY-1565 / CVE-2020-2107\n>\n> Fortify Plugin stored credentials in plain text\n>\n> ##### (High) SECURITY-1719 / CVE-2020-2108\n>\n> XXE vulnerability in WebSphere Deployer Plugin\n", "id": "FreeBSD-2020-0014", "modified": "2020-01-29T00:00:00Z", "published": "2020-01-29T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://jenkins.io/security/advisory/2020-01-29/" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-2099" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-2100" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-2101" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-2102" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-2103" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-2104" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-2105" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-2106" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-2107" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-2108" }, { "type": "WEB", "url": "https://jenkins.io/security/advisory/2020-01-29/" } ], "schema_version": "1.7.0", "summary": "jenkins -- multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "pkg" }, "ranges": [ { "events": [ { "fixed": "1.12.0_1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "pkg-devel" }, "ranges": [ { "events": [ { "fixed": "1.12.99_1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "discovery": "2020-01-28T00:00:00Z", "references": { "cvename": [ "CVE-2020-7450" ], "freebsdsa": [ "SA-20:01.libfetch" ] }, "vid": "2af10639-4299-11ea-aab1-98fa9bfec35a" }, "details": "A programming error allows an attacker who can specify a URL with a\nusername and/or password components to overflow libfetch(3) buffers.\n", "id": "FreeBSD-2020-0013", "modified": "2020-01-29T00:00:00Z", "published": "2020-01-29T00:00:00Z", "references": [ { "type": "ADVISORY", "url": "https://www.freebsd.org/security/advisories/FreeBSD-SA-20:01.libfetch.asc" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-7450" } ], "schema_version": "1.7.0", "summary": "pkg -- vulnerability in libfetch" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "samba410" }, "ranges": [ { "events": [ { "fixed": "4.10.12" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "samba411" }, "ranges": [ { "events": [ { "fixed": "4.11.4" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://www.samba.org/samba/history/samba-4.10.12.html" ], "discovery": "2020-01-14T00:00:00Z", "references": { "cvename": [ "CVE-2019-14902", "CVE-2019-14907", "CVE-2019-19344" ] }, "vid": "5f0dd349-40a2-11ea-8d8c-005056a311d1" }, "details": "The Samba Team reports:\n\n> CVE-2019-14902\n>\n> The implementation of ACL inheritance in the Samba AD DC was not\n> complete, and so absent a \\'full-sync\\' replication, ACLs could get\n> out of sync between domain controllers.\n>\n> CVE-2019-14907\n>\n> When processing untrusted string input Samba can read past the end of\n> the allocated buffer when printing a \\\"Conversion error\\\" message to\n> the logs.\n>\n> CVE-2019-19344\n>\n> During DNS zone scavenging (of expired dynamic entries) there is a\n> read of memory after it has been freed.\n", "id": "FreeBSD-2020-0012", "modified": "2020-01-27T00:00:00Z", "published": "2020-01-27T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://www.samba.org/samba/history/samba-4.10.12.html" }, { "type": "WEB", "url": "https://www.samba.org/samba/history/samba-4.10.12.html" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-14902" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-14907" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-19344" } ], "schema_version": "1.7.0", "summary": "samba -- multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "webkit2-gtk3" }, "ranges": [ { "events": [ { "fixed": "2.26.3" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "discovery": "2020-01-23T00:00:00Z", "references": { "cvename": [ "CVE-2019-8835", "CVE-2019-8844", "CVE-2019-8846" ] }, "vid": "dc8cff4c-4063-11ea-8a94-3497f6939fdd" }, "details": "The WebKitGTK project reports multiple vulnerabilities.\n", "id": "FreeBSD-2020-0011", "modified": "2020-01-26T00:00:00Z", "published": "2020-01-26T00:00:00Z", "references": [ { "type": "WEB", "url": "https://webkitgtk.org/security/WSA-2020-0001.html" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-8835" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-8844" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-8846" } ], "schema_version": "1.7.0", "summary": "webkit-gtk3 -- Multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "py27-pillow" }, "ranges": [ { "events": [ { "fixed": "6.2.2" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "py35-pillow" }, "ranges": [ { "events": [ { "fixed": "6.2.2" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "py36-pillow" }, "ranges": [ { "events": [ { "fixed": "6.2.2" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "py37-pillow" }, "ranges": [ { "events": [ { "fixed": "6.2.2" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "py38-pillow" }, "ranges": [ { "events": [ { "fixed": "6.2.2" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://pillow.readthedocs.io/en/stable/releasenotes/6.2.2.html" ], "discovery": "2019-12-19T00:00:00Z", "references": { "cvename": [ "CVE-2019-19911", "CVE-2020-5310", "CVE-2020-5311", "CVE-2020-5312", "CVE-2020-5313" ], "freebsdpr": [ "ports/243336" ] }, "vid": "0700e76c-3eb0-11ea-8478-3085a9a95629" }, "details": "Pillow developers report:\n\n> This release addresses several security problems, as well as\n> addressing CVE-2019-19911.\n>\n> CVE-2019-19911 is regarding FPX images. If an image reports that it\n> has a large number of bands, a large amount of resources will be used\n> when trying to process the image. This is fixed by limiting the number\n> of bands to those usable by Pillow.\n>\n> Buffer overruns were found when processing an SGI, PCX or FLI image.\n> Checks have been added to prevent this.\n>\n> Overflow checks have been added when calculating the size of a memory\n> block to be reallocated in the processing of a TIFF image.\n", "id": "FreeBSD-2020-0010", "modified": "2020-01-24T00:00:00Z", "published": "2020-01-24T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://pillow.readthedocs.io/en/stable/releasenotes/6.2.2.html" }, { "type": "WEB", "url": "https://pillow.readthedocs.io/en/stable/releasenotes/6.2.2.html" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-19911" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-5310" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-5311" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-5312" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-5313" }, { "type": "REPORT", "url": "https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=243336" } ], "schema_version": "1.7.0", "summary": "Pillow -- Multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "gitea" }, "ranges": [ { "events": [ { "fixed": "1.10.3" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://github.com/go-gitea/gitea/releases/tag/v1.10.3" ], "discovery": "2019-11-22T00:00:00Z", "references": { "freebsdpr": [ "ports/243437" ] }, "vid": "a512a412-3a33-11ea-af63-0800274e5f20" }, "details": "The Gitea Team reports:\n\n> - Hide credentials when submitting migration\n> - Never allow an empty password to validate\n> - Prevent redirect to Host\n> - Hide public repos owned by private orgs\n", "id": "FreeBSD-2020-0009", "modified": "2020-01-18T00:00:00Z", "published": "2020-01-18T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://github.com/go-gitea/gitea/releases/tag/v1.10.3" }, { "type": "WEB", "url": "https://github.com/go-gitea/gitea/releases/tag/v1.10.3" }, { "type": "REPORT", "url": "https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=243437" } ], "schema_version": "1.7.0", "summary": "gitea -- multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "mysql56-server" }, "ranges": [ { "events": [ { "fixed": "5.6.47" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "mysql57-server" }, "ranges": [ { "events": [ { "fixed": "5.7.29" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "mysql80-server" }, "ranges": [ { "events": [ { "fixed": "8.0.19" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "percona55-server" }, "ranges": [ { "events": [ { "fixed": "5.5.67" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "percona56-server" }, "ranges": [ { "events": [ { "fixed": "5.6.47" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "percona57-server" }, "ranges": [ { "events": [ { "fixed": "5.7.29" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://www.oracle.com/security-alerts/cpujan2020.html#AppendixMSQL" ], "discovery": "2020-01-14T00:00:00Z", "references": { "cvename": [ "CVE-2019-1547", "CVE-2020-2579", "CVE-2020-2686", "CVE-2020-2627", "CVE-2020-2570", "CVE-2020-2573", "CVE-2020-2574", "CVE-2020-2577", "CVE-2020-2589", "CVE-2020-2580", "CVE-2020-2588", "CVE-2020-2660", "CVE-2020-2679", "CVE-2020-2584", "CVE-2020-2694", "CVE-2020-2572", "CVE-2019-8457" ] }, "vid": "a6cf65ad-37d2-11ea-a1c7-b499baebfeaf" }, "details": "Oracle reports:\n\n> This Critical Patch Update contains 17 new security fixes for Oracle\n> MySQL. 5 of these vulnerabilities may be remotely exploitable without\n> authentication, i.e., may be exploited over a network without\n> requiring user credentials.\n", "id": "FreeBSD-2020-0008", "modified": "2020-02-02T00:00:00Z", "published": "2020-01-15T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://www.oracle.com/security-alerts/cpujan2020.html#AppendixMSQL" }, { "type": "WEB", "url": "https://www.oracle.com/security-alerts/cpujan2020.html" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-1547" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-2579" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-2686" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-2627" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-2570" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-2573" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-2574" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-2577" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-2589" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-2580" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-2588" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-2660" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-2679" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-2584" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-2694" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-2572" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-8457" } ], "schema_version": "1.7.0", "summary": "MySQL -- Multiple vulerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "drm-fbsd11.2-kmod" }, "ranges": [ { "events": [ { "fixed": "4.11.g20200115" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "drm-fbsd12.0-kmod" }, "ranges": [ { "events": [ { "fixed": "4.16.g20200115" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "drm-current-kmod" }, "ranges": [ { "events": [ { "fixed": "4.16.g20200115" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "drm-devel-kmod" }, "ranges": [ { "events": [ { "fixed": "5.0.g20200115" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00314.html" ], "discovery": "2020-01-14T00:00:00Z", "references": { "cvename": [ "CVE-2019-14615" ] }, "vid": "d2c2c815-3793-11ea-8be3-54e1ad3d6335" }, "details": "Intel reports:\n\n> .A potential security vulnerability in Intel(R) Processor Graphics may\n> allow information disclosure. Intel is releasing software updates to\n> mitigate this potential vulnerability.\n>\n> Description: Insufficient control flow in certain data structures for\n> some Intel(R) Processors with Intel(R) Processor Graphics may allow an\n> unauthenticated user to potentially enable information disclosure via\n> local access.\n>\n> This patch provides mitigation for Gen9 hardware only. Patches for\n> Gen7 and Gen7.5 will be provided later. Note that Gen8 is not impacted\n> due to a previously implemented workaround. The mitigation involves\n> using an existing hardware feature to forcibly clear down all EU state\n> at each context switch.\n", "id": "FreeBSD-2020-0007", "modified": "2020-01-15T00:00:00Z", "published": "2020-01-15T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00314.html" }, { "type": "WEB", "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00314.html" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-14615" } ], "schema_version": "1.7.0", "summary": "drm graphics drivers -- potential information disclusure via local access" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "p5-Template-Toolkit" }, "ranges": [ { "events": [ { "fixed": "3.004" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://www.kb.cert.org/vuls/id/619785/" ], "discovery": "2019-12-13T00:00:00Z", "references": { "cvename": [ "CVE-2019-19781" ] }, "vid": "2bab995f-36d4-11ea-9dad-002590acae31" }, "details": "Art Manion and Will Dormann report:\n\n> By using an older and less-secure form of open(), it is possible for\n> untrusted template files to cause reads/writes outside of the template\n> directories. This vulnerability is a component of the recent Citrix\n> exploit.\n", "id": "FreeBSD-2020-0006", "modified": "2020-01-14T00:00:00Z", "published": "2020-01-14T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://www.kb.cert.org/vuls/id/619785/" }, { "type": "WEB", "url": "https://www.kb.cert.org/vuls/id/619785/" }, { "type": "ADVISORY", "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19781" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-19781" } ], "schema_version": "1.7.0", "summary": "Template::Toolkit -- Directory traversal on write" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "gitlab-ce" }, "ranges": [ { "events": [ { "introduced": "12.6.0" }, { "fixed": "12.6.4" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "12.5.0" }, { "fixed": "12.5.7" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "8.9.0" }, { "fixed": "12.4.8" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://about.gitlab.com/releases/2020/01/13/critical-security-release-gitlab-12-dot-6-dot-4-released/" ], "discovery": "2020-01-13T00:00:00Z", "references": { "cvename": [ "CVE-2020-6832" ] }, "vid": "f929b172-369e-11ea-9cdb-001b217b3468" }, "details": "Gitlab reports:\n\n> Private objects exposed through project importi\n", "id": "FreeBSD-2020-0005", "modified": "2020-01-14T00:00:00Z", "published": "2020-01-14T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://about.gitlab.com/releases/2020/01/13/critical-security-release-gitlab-12-dot-6-dot-4-released/" }, { "type": "WEB", "url": "https://about.gitlab.com/releases/2020/01/13/critical-security-release-gitlab-12-dot-6-dot-4-released/" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-6832" } ], "schema_version": "1.7.0", "summary": "Gitlab -- Private objects exposed through project import" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "e2fsprogs" }, "ranges": [ { "events": [ { "fixed": "1.45.5" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://talosintelligence.com/vulnerability_reports/TALOS-2019-0973", "http://e2fsprogs.sourceforge.net/e2fsprogs-release.html#1.45.5" ], "discovery": "2019-12-18T00:00:00Z", "references": { "cvename": [ "CVE-2019-5188" ] }, "vid": "8b61308b-322a-11ea-b34b-1de6fb24355d" }, "details": "Lilith of Cisco Talos reports:\n\n> A code execution vulnerability exists in the directory rehashing\n> functionality of E2fsprogs e2fsck 1.45.4. A specially crafted ext4\n> directory can cause an out-of-bounds write on the stack, resulting in\n> code execution. An attacker can corrupt a partition to trigger this\n> vulnerability.\n\nTheodore Y. Ts\\'o reports:\n\n> E2fsprogs 1.45.5 \\[\\...:\\] Fix a potential out of bounds write when\n> checking a maliciously corrupted file system. This is probably not\n> exploitable on 64-bit platforms, but may be exploitable on 32-bit\n> binaries depending on how the compiler lays out the stack variables.\n> (Addresses CVE-2019-5188)\n", "id": "FreeBSD-2020-0004", "modified": "2020-01-08T00:00:00Z", "published": "2020-01-08T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2019-0973" }, { "type": "REPORT", "url": "http://e2fsprogs.sourceforge.net/e2fsprogs-release.html#1.45.5" }, { "type": "WEB", "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2019-0973" }, { "type": "WEB", "url": "http://e2fsprogs.sourceforge.net/e2fsprogs-release.html#1.45.5" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-5188" } ], "schema_version": "1.7.0", "summary": "e2fsprogs -- rehash.c/pass 3a mutate_name() code execution vulnerability" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "phpMyAdmin" }, "ranges": [ { "events": [ { "fixed": "4.9.4" }, { "introduced": "0" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "5.0.0" }, { "fixed": "5.0.1" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "phpMyAdmin-php72" }, "ranges": [ { "events": [ { "fixed": "4.9.4" }, { "introduced": "0" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "5.0.0" }, { "fixed": "5.0.1" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "phpMyAdmin-php73" }, "ranges": [ { "events": [ { "fixed": "4.9.4" }, { "introduced": "0" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "5.0.0" }, { "fixed": "5.0.1" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "phpMyAdmin-php74" }, "ranges": [ { "events": [ { "fixed": "4.9.4" }, { "introduced": "0" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "5.0.0" }, { "fixed": "5.0.1" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "phpMyAdmin5" }, "ranges": [ { "events": [ { "fixed": "4.9.4" }, { "introduced": "0" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "5.0.0" }, { "fixed": "5.0.1" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "phpMyAdmin5-php72" }, "ranges": [ { "events": [ { "fixed": "4.9.4" }, { "introduced": "0" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "5.0.0" }, { "fixed": "5.0.1" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "phpMyAdmin5-php73" }, "ranges": [ { "events": [ { "fixed": "4.9.4" }, { "introduced": "0" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "5.0.0" }, { "fixed": "5.0.1" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "phpMyAdmin5-php74" }, "ranges": [ { "events": [ { "fixed": "4.9.4" }, { "introduced": "0" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "5.0.0" }, { "fixed": "5.0.1" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://www.phpmyadmin.net/security/PMASA-2020-1/" ], "discovery": "2020-01-05T00:00:00Z", "references": { "cvename": [ "CVE-2020-5504" ] }, "vid": "16aed7b7-344a-11ea-9cdb-001b217b3468" }, "details": "The phpMyAdmin development team reports:\n\n> A SQL injection flaw has been discovered in the user accounts page\n", "id": "FreeBSD-2020-0003", "modified": "2020-01-11T00:00:00Z", "published": "2020-01-11T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://www.phpmyadmin.net/security/PMASA-2020-1/" }, { "type": "WEB", "url": "https://www.phpmyadmin.net/security/PMASA-2020-1/" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-5504" } ], "schema_version": "1.7.0", "summary": "phpMyAdmin -- SQL injection" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "cacti" }, "ranges": [ { "events": [ { "fixed": "1.2.8" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://github.com/Cacti/cacti/releases/tag/release%2F1.2.8" ], "discovery": "2019-10-12T00:00:00Z", "references": { "cvename": [ "CVE-2019-17357", "CVE-2019-17358" ], "freebsdpr": [ "ports/242834" ] }, "vid": "86224a04-26de-11ea-97f2-001a8c5c04b6" }, "details": "The cacti developers reports:\n\n> When viewing graphs, some input variables are not properly checked\n> (SQL injection possible).\n>\n> Multiple instances of lib/functions.php are affected by unsafe\n> deserialization of user-controlled data to populate arrays. An\n> authenticated attacker could use this to influence object data values\n> and control actions taken by Cacti or potentially cause memory\n> corruption in the PHP module.\n", "id": "FreeBSD-2020-0002", "modified": "2020-01-06T00:00:00Z", "published": "2020-01-06T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://github.com/Cacti/cacti/releases/tag/release%2F1.2.8" }, { "type": "WEB", "url": "https://github.com/Cacti/cacti/releases/tag/release%2F1.2.8" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-17357" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-17358" }, { "type": "REPORT", "url": "https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=242834" } ], "schema_version": "1.7.0", "summary": "cacti -- multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "gitlab-ce" }, "ranges": [ { "events": [ { "introduced": "12.6.0" }, { "fixed": "12.6.2" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "12.5.0" }, { "fixed": "12.5.6" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "5.1.0" }, { "fixed": "12.4.7" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://about.gitlab.com/blog/2020/01/02/security-release-gitlab-12-6-2-released/" ], "discovery": "2020-01-02T00:00:00Z", "references": { "cvename": [ "CVE-2019-20144", "CVE-2019-20146", "CVE-2019-20143", "CVE-2019-20147", "CVE-2019-20145", "CVE-2019-20142", "CVE-2019-20148", "CVE-2020-5197" ] }, "vid": "01bde18a-2e09-11ea-a935-001b217b3468" }, "details": "The GitLab Team reports:\n\n> Group Maintainers Can Update/Delete Group Runners Using API\n>\n> GraphQL Queries Can Hang the Application\n>\n> Unauthorized Users Have Access to Milestones of Releases\n>\n> Private Group Name Revealed Through Protected Tags API\n>\n> Users Can Publish Reviews on Locked Merge Requests\n>\n> DoS in the Issue and Commit Comments Pages\n>\n> Project Name Disclosed Through Unsubscribe Link\n>\n> Private Project Name Disclosed Through Notification Settings\n", "id": "FreeBSD-2020-0001", "modified": "2020-01-03T00:00:00Z", "published": "2020-01-03T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://about.gitlab.com/blog/2020/01/02/security-release-gitlab-12-6-2-released/" }, { "type": "WEB", "url": "https://about.gitlab.com/blog/2020/01/02/security-release-gitlab-12-6-2-released/" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-20144" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-20146" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-20143" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-20147" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-20145" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-20142" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-20148" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2020-5197" } ], "schema_version": "1.7.0", "summary": "Gitlab -- Multiple Vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "glpi" }, "ranges": [ { "events": [ { "fixed": "9.4.4,1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14666" ], "discovery": "2019-08-05T00:00:00Z", "references": { "cvename": [ "CVE-2019-14666" ] }, "vid": "d3f60db0-3aea-11eb-af2a-080027dbe4b7" }, "details": "MITRE Corporation reports:\n\n> GLPI through 9.4.3 is prone to account takeover by abusing the\n> ajax/autocompletion.php autocompletion feature. The lack of correct\n> validation leads to recovery of the token generated via the password\n> reset functionality, and thus an authenticated attacker can set an\n> arbitrary password for any user. This vulnerability can be exploited\n> to take control of admin account. This vulnerability could be also\n> abused to obtain other sensitive fields like API keys or password\n> hashes.\n", "id": "FreeBSD-2019-0290", "modified": "2024-04-25T00:00:00Z", "published": "2019-08-05T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14666" }, { "type": "ADVISORY", "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14666" }, { "type": "WEB", "url": "https://github.com/glpi-project/glpi/security/advisories/GHSA-47hq-pfrr-jh5q" }, { "type": "WEB", "url": "https://www.tarlogic.com/advisories/Tarlogic-2019-GPLI-Account-Takeover.txt" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-14666" } ], "schema_version": "1.7.0", "summary": "glpi -- Account takeover vulnerability" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "rubygem-rack" }, "ranges": [ { "events": [ { "introduced": "2.0.0" }, { "fixed": "2.0.8,3" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "rubygem-rack16" }, "ranges": [ { "events": [ { "introduced": "1.6.0" }, { "fixed": "1.6.12" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://nvd.nist.gov/vuln/detail/CVE-2019-16782" ], "discovery": "2019-12-08T00:00:00Z", "references": { "cvename": [ "CVE-2019-16782" ] }, "vid": "66e4dc99-28b3-11ea-8dde-08002728f74c" }, "details": "National Vulnerability Database:\n\n> There\\'s a possible information leak / session hijack vulnerability in\n> Rack (RubyGem rack). This vulnerability is patched in versions 1.6.12\n> and 2.0.8. Attackers may be able to find and hijack sessions by using\n> timing attacks targeting the session id. Session ids are usually\n> stored and indexed in a database that uses some kind of scheme for\n> speeding up lookups of that session id. By carefully measuring the\n> amount of time it takes to look up a session, an attacker may be able\n> to find a valid session id and hijack the session. The session id\n> itself may be generated randomly, but the way the session is indexed\n> by the backing store does not use a secure comparison.\n", "id": "FreeBSD-2019-0289", "modified": "2019-12-29T00:00:00Z", "published": "2019-12-29T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-16782" }, { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-16782" }, { "type": "WEB", "url": "https://github.com/rack/rack/blob/master/CHANGELOG.md" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-16782" } ], "schema_version": "1.7.0", "summary": "rack -- information leak / session hijack vulnerability" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "ilmbase" }, "ranges": [ { "events": [ { "fixed": "2.3.0_4" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "openexr" }, "ranges": [ { "events": [ { "fixed": "2.3.0_3" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://github.com/AcademySoftwareFoundation/openexr/releases/tag/v2.4.0" ], "discovery": "2018-10-17T00:00:00Z", "references": { "cvename": [ "CVE-2018-18443", "CVE-2018-18444" ] }, "vid": "e4d9dffb-2a32-11ea-9693-e1b3f6feec79" }, "details": "Cary Phillips reports:\n\n> OpenEXR (IlmBase) v2.4.0 fixes the following security vulnerabilities:\n>\n> - CVE-2018-18444 Issue #351 Out of Memory\n> - CVE-2018-18443 Issue #350 heap-buffer-overflow\n>\n> The relevant patches have been backported to the FreeBSD ports.\n", "id": "FreeBSD-2019-0288", "modified": "2019-12-29T00:00:00Z", "published": "2019-12-29T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://github.com/AcademySoftwareFoundation/openexr/releases/tag/v2.4.0" }, { "type": "WEB", "url": "https://github.com/AcademySoftwareFoundation/openexr/releases/tag/v2.4.0" }, { "type": "WEB", "url": "https://github.com/AcademySoftwareFoundation/openexr/issues/350" }, { "type": "WEB", "url": "https://github.com/AcademySoftwareFoundation/openexr/issues/351" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-18443" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-18444" } ], "schema_version": "1.7.0", "summary": "OpenEXR -- heap buffer overflow, and out-of-memory bugs" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "wordpress" }, "ranges": [ { "events": [ { "fixed": "5.3.1,1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "fr-wordpress" }, "ranges": [ { "events": [ { "fixed": "5.3.1,1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "de-wordpress" }, "ranges": [ { "events": [ { "fixed": "5.3.1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "zh_CN-wordpress" }, "ranges": [ { "events": [ { "fixed": "5.3.1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "zh_TW-wordpress" }, "ranges": [ { "events": [ { "fixed": "5.3.1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "ja-wordpress" }, "ranges": [ { "events": [ { "fixed": "5.3.1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "ru-wordpress" }, "ranges": [ { "events": [ { "fixed": "5.3.1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://wordpress.org/news/2019/12/wordpress-5-3-1-security-and-maintenance-release/" ], "discovery": "2019-12-13T00:00:00Z", "vid": "7b97b32e-27c4-11ea-9673-4c72b94353b5" }, "details": "wordpress developers reports:\n\n> Four security issues affect WordPress versions 5.3 and earlier;\n> version 5.3.1 fixes them, so youll want to upgrade. If you havent yet\n> updated to 5.3, there are also updated versions of 5.2 and earlier\n> that fix the security issues. -Props to Daniel Bachhuber for finding\n> an issue where an unprivileged user could make a post sticky via the\n> REST API. -Props to Simon Scannell of RIPS Technologies for finding\n> and disclosing an issue where cross-site scripting (XSS) could be\n> stored in well-crafted links. -Props to the WordPress.org Security\n> Team for hardening wp_kses_bad_protocol() to ensure that it is aware\n> of the named colon attribute. -Props to Nguyen The Duc for discovering\n> a stored XSS vulnerability using block editor content.\n", "id": "FreeBSD-2019-0287", "modified": "2019-12-26T00:00:00Z", "published": "2019-12-26T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://wordpress.org/news/2019/12/wordpress-5-3-1-security-and-maintenance-release/" }, { "type": "WEB", "url": "https://wordpress.org/news/2019/12/wordpress-5-3-1-security-and-maintenance-release/" } ], "schema_version": "1.7.0", "summary": "wordpress -- multiple issues" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "typo3-8" }, "ranges": [ { "events": [ { "fixed": "8.7.30" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "typo3-9" }, "ranges": [ { "events": [ { "fixed": "9.5.13" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://typo3.org/article/typo3-10-2-1-9-5-12-and-8-7-30-security-releases-published" ], "discovery": "2019-12-17T00:00:00Z", "vid": "1c9178aa-2709-11ea-9673-4c72b94353b5" }, "details": "Typo3 core team reports:\n\n> It has been discovered that the output of field validation errors in\n> the Form Framework is vulnerable to cross-site scripting.\n>\n> It has been discovered that t3:// URL handling and typolink\n> functionality are vulnerable to cross-site scripting. Not only regular\n> backend forms are affected but also frontend extensions which use the\n> rendering with typolink.\n>\n> It has been discovered that the output table listing in the Files\n> backend module is vulnerable to cross-site scripting when a file\n> extension contains malicious sequences. Access to the file system of\n> the server - either directly or through synchronization - is required\n> to exploit the vulnerability.\n>\n> It has been discovered that the extraction of manually uploaded ZIP\n> archives in Extension Manager is vulnerable to directory traversal.\n> Admin privileges are required in order to exploit this vulnerability.\n> Since TYPO3 v9 LTS, System Maintainer privileges are required as well.\n>\n> Failing to properly escape user submitted content, class\n> QueryGenerator is vulnerable to SQL injection. Having system extension\n> ext:lowlevel installed and a valid backend user having administrator\n> privileges are required to exploit this vulnerability.\n>\n> It has been discovered that classes QueryGenerator and QueryView are\n> vulnerable to insecure deserialization. Requirements for successfully\n> exploiting this vulnerability (one of the following): - having system\n> extension ext:lowlevel (Backend Module: DB Check) installed and valid\n> backend user having administrator privileges - having system extension\n> ext:sys_action installed and valid backend user having limited\n> privileges\n>\n> TYPO3 allows to upload files either in the backend user interface as\n> well as in custom developed extensions. To reduce the possibility to\n> upload potential malicious code TYPO3 uses the fileDenyPattern to deny\n> e.g. user submitted PHP scripts from being persisted. Besides that it\n> is possible for any editor to upload file assets using the file module\n> (fileadmin) or changing their avatar image shown in the TYPO3 backend.\n> Per default TYPO3 allows to upload and store HTML and SVG files as\n> well using the mentioned functionalities. Custom extension\n> implementations probably would also accept those files when only the\n> fileDenyPattern is evaluated. Since HTML and SVG files - which might\n> contain executable JavaScript code per W3C standard - could be\n> directly displayed in web clients, the whole web application is\n> exposed to be vulnerable concerning Cross-Site Scripting. Currently\n> the following scenarios are known - given an authenticated regular\n> editor is able to upload files using the TYPO3 backend: - directly\n> target a potential victim to a known public resource in a URL, e.g.\n> /fileadmin/malicious.svg or /fileadmin/malicious.html - using the\n> TypoScript content object \"SVG\" (implemented in class\n> ScalableVectorGraphicsContentObject) having renderMode set to inline\n> for SVG files (available since TYPO3 v9.0) - custom implementations\n> that directly output and render markup of HTML and SVG files SVG files\n> that are embedded using an img src=\"malicious.svg\" tag are not\n> vulnerable since potential scripts are not executed in these scenarios\n> (see https://www.w3.org/wiki/SVG_Security). The icon API of TYPO3 is\n> not scope of this announcement since SVG icons need to be registered\n> using an individual implementation, which is not considered as user\n> submitted content.\n>\n> It has been discovered that request handling in Extbase can be\n> vulnerable to insecure deserialization. User submitted payload has to\n> be signed with a corresponding HMAC-SHA1 using the sensitive TYPO3\n> encryptionKey as secret - invalid or unsigned payload is not\n> deserialized. However, since sensitive information could have been\n> leaked by accident (e.g. in repositories or in commonly known and\n> unprotected backup files), there is the possibility that attackers\n> know the private encryptionKey and are able to calculate the required\n> HMAC-SHA1 to allow a malicious payload to be deserialized.\n> Requirements for successfully exploiting this vulnerability (all of\n> the following): - rendering at least one Extbase plugin in the\n> frontend - encryptionKey has been leaked (from LocalConfiguration.php\n> or corresponding .env file).\n", "id": "FreeBSD-2019-0286", "modified": "2019-12-25T00:00:00Z", "published": "2019-12-25T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://typo3.org/article/typo3-10-2-1-9-5-12-and-8-7-30-security-releases-published" }, { "type": "WEB", "url": "https://typo3.org/security/advisory/typo3-core-sa-2019-021/" }, { "type": "WEB", "url": "https://typo3.org/security/advisory/typo3-core-sa-2019-022/" }, { "type": "WEB", "url": "https://typo3.org/security/advisory/typo3-core-sa-2019-023/" }, { "type": "WEB", "url": "https://typo3.org/security/advisory/typo3-core-sa-2019-024/" }, { "type": "WEB", "url": "https://typo3.org/security/advisory/typo3-core-sa-2019-025/" }, { "type": "WEB", "url": "https://typo3.org/security/advisory/typo3-core-sa-2019-026/" }, { "type": "WEB", "url": "https://typo3.org/security/advisory/typo3-psa-2019-010/" }, { "type": "WEB", "url": "https://typo3.org/security/advisory/typo3-psa-2019-011/" } ], "schema_version": "1.7.0", "summary": "typo3 -- multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "e2fsprogs" }, "ranges": [ { "events": [ { "fixed": "1.45.4" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "http://e2fsprogs.sourceforge.net/e2fsprogs-release.html#1.45.4" ], "discovery": "2019-09-23T00:00:00Z", "references": { "cvename": [ "CVE-2019-5094" ] }, "vid": "ad3451b9-23e0-11ea-8b36-f1925a339a82" }, "details": "Ted Y. Ts\\'o reports:\n\n> A maliciously corrupted file systems can trigger buffer overruns in\n> the quota code used by e2fsck.\n", "id": "FreeBSD-2019-0285", "modified": "2019-12-21T00:00:00Z", "published": "2019-12-21T00:00:00Z", "references": [ { "type": "REPORT", "url": "http://e2fsprogs.sourceforge.net/e2fsprogs-release.html#1.45.4" }, { "type": "WEB", "url": "http://e2fsprogs.sourceforge.net/e2fsprogs-release.html#1.45.4" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-5094" } ], "schema_version": "1.7.0", "summary": "e2fsprogs -- maliciously corrupted file systems can trigger buffer overruns in the quota code used by e2fsck" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "drupal7" }, "ranges": [ { "events": [ { "fixed": "7.69" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "drupal8" }, "ranges": [ { "events": [ { "fixed": "8.8.1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://www.drupal.org/sa-core-2019-009", "https://www.drupal.org/sa-core-2019-010", "https://www.drupal.org/sa-core-2019-011", "https://www.drupal.org/sa-core-2019-012" ], "discovery": "2019-12-18T00:00:00Z", "vid": "3da0352f-2397-11ea-966e-000ffec0b3e1" }, "details": "Drupal Security Team reports:\n\n> A visit to install.php can cause cached data to become corrupted. This\n> could cause a site to be impaired until caches are rebuilt.\n\n> Drupal 8 core\\'s file_save_upload() function does not strip the\n> leading and trailing dot (\\'.\\') from filenames, like Drupal 7 did.\n> Users with the ability to upload files with any extension in\n> conjunction with contributed modules may be able to use this to upload\n> system files such as .htaccess in order to bypass protections afforded\n> by Drupal\\'s default .htaccess file. After this fix,\n> file_save_upload() now trims leading and trailing dots from filenames.\n\n> The Media Library module has a security vulnerability whereby it\n> doesn\\'t sufficiently restrict access to media items in certain\n> configurations.\n\n> The Drupal project uses the third-party library Archive_Tar, which has\n> released a security-related feature that impacts some Drupal\n> configurations. Multiple vulnerabilities are possible if Drupal is\n> configured to allow .tar, .tar.gz, .bz2 or .tlz file uploads and\n> processes them. The latest versions of Drupal update Archive_Tar to\n> 1.4.9 to mitigate the file processing vulnerabilities.\n", "id": "FreeBSD-2019-0284", "modified": "2019-12-21T00:00:00Z", "published": "2019-12-21T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://www.drupal.org/sa-core-2019-009" }, { "type": "REPORT", "url": "https://www.drupal.org/sa-core-2019-010" }, { "type": "REPORT", "url": "https://www.drupal.org/sa-core-2019-011" }, { "type": "REPORT", "url": "https://www.drupal.org/sa-core-2019-012" }, { "type": "WEB", "url": "https://www.drupal.org/sa-core-2019-009" }, { "type": "WEB", "url": "https://www.drupal.org/sa-core-2019-010" }, { "type": "WEB", "url": "https://www.drupal.org/sa-core-2019-011" }, { "type": "WEB", "url": "https://www.drupal.org/sa-core-2019-012" } ], "schema_version": "1.7.0", "summary": "drupal -- Drupal Core - Multiple Vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "py35-matrix-synapse" }, "ranges": [ { "events": [ { "fixed": "1.7.1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "py36-matrix-synapse" }, "ranges": [ { "events": [ { "fixed": "1.7.1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "py37-matrix-synapse" }, "ranges": [ { "events": [ { "fixed": "1.7.1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://github.com/matrix-org/synapse/releases/tag/v1.7.1" ], "discovery": "2019-12-18T00:00:00Z", "vid": "ed8cbad5-21a8-11ea-9b6d-901b0e934d69" }, "details": "Matrix developers report:\n\n> The \\[synapse 1.7.1\\] release includes several security fixes as well\n> as a fix to a bug exposed by the security fixes. All previous releases\n> of Synapse are affected. Administrators are encouraged to upgrade as\n> soon as possible.\n>\n> - Fix a bug which could cause room events to be incorrectly authorized\n> using events from a different room.\n> - Fix a bug causing responses to the /context client endpoint to not\n> use the pruned version of the event.\n> - Fix a cause of state resets in room versions 2 onwards.\n", "id": "FreeBSD-2019-0283", "modified": "2019-12-18T00:00:00Z", "published": "2019-12-18T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://github.com/matrix-org/synapse/releases/tag/v1.7.1" }, { "type": "WEB", "url": "https://github.com/matrix-org/synapse/releases/tag/v1.7.1" } ], "schema_version": "1.7.0", "summary": "py-matrix-synapse -- multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "openssl" }, "ranges": [ { "events": [ { "fixed": "1.0.2u,1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://www.openssl.org/news/secadv/20191206.txt" ], "discovery": "2019-12-06T00:00:00Z", "references": { "cvename": [ "CVE-2019-1551" ] }, "vid": "d778ddb0-2338-11ea-a1c7-b499baebfeaf" }, "details": "The OpenSSL project reports:\n\n> rsaz_512_sqr overflow bug on x86_64 (CVE-2019-1551) (Low)\\\n> There is an overflow bug in the x64_64 Montgomery squaring procedure\n> used in exponentiation with 512-bit moduli. No EC algorithms are\n> affected. Analysis suggests that attacks against 2-prime RSA1024,\n> 3-prime RSA1536, and DSA1024 as a result of this defect would be very\n> difficult to perform and are not believed likely. Attacks against\n> DH512 are considered just feasible. However, for an attack the target\n> would have to re-use the DH512 private key, which is not recommended\n> anyway. Also applications directly using the low level API BN_mod_exp\n> may be affected if they use BN_FLG_CONSTTIME.\n", "id": "FreeBSD-2019-0282", "modified": "2019-12-20T00:00:00Z", "published": "2019-12-20T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://www.openssl.org/news/secadv/20191206.txt" }, { "type": "WEB", "url": "https://www.openssl.org/news/secadv/20191206.txt" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-1551" } ], "schema_version": "1.7.0", "summary": "OpenSSL -- Overflow vulnerability" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "spamassassin" }, "ranges": [ { "events": [ { "fixed": "3.4.3" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://www.cybersecurity-help.cz/vdb/SB2019121311" ], "discovery": "2019-12-11T00:00:00Z", "references": { "cvename": [ "CVE-2019-12420", "CVE-2018-11805" ] }, "vid": "70111759-1dae-11ea-966a-206a8a720317" }, "details": "the Apache Spamassassin project reports:\n\n> An input validation error of user-supplied input parsing multipart\n> emails. Specially crafted emails can consume all resources on the\n> system.\n>\n> A local user is able to execute arbitrary shell commands through\n> specially crafted nefarious CF files.\n", "id": "FreeBSD-2019-0281", "modified": "2019-12-13T00:00:00Z", "published": "2019-12-13T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://www.cybersecurity-help.cz/vdb/SB2019121311" }, { "type": "WEB", "url": "https://www.cybersecurity-help.cz/vdb/SB2019121311" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-12420" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-11805" } ], "schema_version": "1.7.0", "summary": "spamassassin -- multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "samba48" }, "ranges": [ { "events": [ { "introduced": "4.8.0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "samba410" }, "ranges": [ { "events": [ { "fixed": "4.10.11" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "samba411" }, "ranges": [ { "events": [ { "fixed": "4.11.3" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://www.samba.org/samba/history/samba-4.10.11.html" ], "discovery": "2019-12-10T00:00:00Z", "references": { "cvename": [ "CVE-2019-14861", "CVE-2019-14870" ] }, "vid": "1edae47e-1cdd-11ea-8c2a-08002743b791" }, "details": "The Samba Team reports:\n\n> CVE-2019-14861:\n>\n> An authenticated user can crash the DCE/RPC DNS management server by\n> creating records with matching the zone name.\n>\n> CVE-2019-14870:\n>\n> The DelegationNotAllowed Kerberos feature restriction was not being\n> applied when processing protocol transition requests (S4U2Self), in\n> the AD DC KDC.\n", "id": "FreeBSD-2019-0280", "modified": "2019-12-12T00:00:00Z", "published": "2019-12-12T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://www.samba.org/samba/history/samba-4.10.11.html" }, { "type": "WEB", "url": "https://www.samba.org/samba/history/samba-4.10.11.html" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-14861" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-14870" } ], "schema_version": "1.7.0", "summary": "samba -- multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "dovecot" }, "ranges": [ { "events": [ { "introduced": "2.3.9" }, { "fixed": "2.3.9.2" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://dovecot.org/pipermail/dovecot/2019-December/117894.html" ], "discovery": "2019-12-10T00:00:00Z", "references": { "cvename": [ "CVE-2019-19722" ] }, "vid": "b7dc4dde-2e48-43f9-967a-c68461537cf2" }, "details": "Aki Tuomi reports\n\n> Mail with group address as sender will cause a signal 11 crash in push\n> notification drivers. Group address as recipient can cause crash in\n> some drivers.\n", "id": "FreeBSD-2019-0279", "modified": "2019-12-13T00:00:00Z", "published": "2019-12-13T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://dovecot.org/pipermail/dovecot/2019-December/117894.html" }, { "type": "WEB", "url": "https://dovecot.org/pipermail/dovecot/2019-December/117894.html" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-19722" } ], "schema_version": "1.7.0", "summary": "dovecot -- null pointer deref in notify with empty headers" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "gitlab-ce" }, "ranges": [ { "events": [ { "introduced": "12.5.0" }, { "fixed": "12.5.4" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "12.4.0" }, { "fixed": "12.4.6" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "10.5.0" }, { "fixed": "12.3.9" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://about.gitlab.com/blog/2019/12/10/critical-security-release-gitlab-12-5-4-released/" ], "discovery": "2019-12-10T00:00:00Z", "references": { "cvename": [ "CVE-2019-19628", "CVE-2019-19629", "CVE-2019-19604" ] }, "vid": "21944144-1b90-11ea-a2d4-001b217b3468" }, "details": "Gitlab reports:\n\n> Path traversal with potential remote code execution\n>\n> Disclosure of private code via Elasticsearch integration\n>\n> Update Git dependency\n", "id": "FreeBSD-2019-0278", "modified": "2019-12-10T00:00:00Z", "published": "2019-12-10T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://about.gitlab.com/blog/2019/12/10/critical-security-release-gitlab-12-5-4-released/" }, { "type": "WEB", "url": "https://about.gitlab.com/blog/2019/12/10/critical-security-release-gitlab-12-5-4-released/" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-19628" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-19629" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-19604" } ], "schema_version": "1.7.0", "summary": "Gitlab -- Multiple Vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "ghostscript9-agpl-base" }, "ranges": [ { "events": [ { "fixed": "9.50" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "ghostscript9-agpl-x11" }, "ranges": [ { "events": [ { "fixed": "9.50" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14811", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14812", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14813", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14817" ], "discovery": "2019-08-20T00:00:00Z", "references": { "cvename": [ "CVE-2019-14811", "CVE-2019-14812", "CVE-2019-14813", "CVE-2019-14817" ] }, "vid": "22ae307a-1ac4-11ea-b267-001cc0382b2f" }, "details": "Cedric Buissart (Red Hat) reports:\n\n> A flaw was found in, ghostscript versions prior to 9.50, in the\n> .pdf_hook_DSC_Creator procedure where it did not properly secure its\n> privileged calls, enabling scripts to bypass \\`-dSAFER\\` restrictions.\n> A specially crafted PostScript file could disable security protection\n> and then have access to the file system, or execute arbitrary\n> commands.\n\n> A flaw was found in all ghostscript versions 9.x before 9.50, in the\n> .setuserparams2 procedure where it did not properly secure its\n> privileged calls, enabling scripts to bypass \\`-dSAFER\\` restrictions.\n> A specially crafted PostScript file could disable security protection\n> and then have access to the file system, or execute arbitrary\n> commands.\n\n> A flaw was found in ghostscript, versions 9.x before 9.50, in the\n> setsystemparams procedure where it did not properly secure its\n> privileged calls, enabling scripts to bypass \\`-dSAFER\\` restrictions.\n> A specially crafted PostScript file could disable security protection\n> and then have access to the file system, or execute arbitrary\n> commands.\n\n> A flaw was found in, ghostscript versions prior to 9.50, in the\n> .pdfexectoken and other procedures where it did not properly secure\n> its privileged calls, enabling scripts to bypass \\`-dSAFER\\`\n> restrictions. A specially crafted PostScript file could disable\n> security protection and then have access to the file system, or\n> execute arbitrary commands.\n", "id": "FreeBSD-2019-0277", "modified": "2019-12-09T00:00:00Z", "published": "2019-12-09T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14811" }, { "type": "REPORT", "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14812" }, { "type": "REPORT", "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14813" }, { "type": "REPORT", "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14817" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-14811" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-14812" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-14813" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-14817" } ], "schema_version": "1.7.0", "summary": "Ghostscript -- Security bypass vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "phpmyadmin" }, "ranges": [ { "events": [ { "fixed": "4.9.2" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://www.phpmyadmin.net/news/2019/11/22/phpmyadmin-492-released/" ], "discovery": "2019-11-22T00:00:00Z", "vid": "ca3fe5b3-185e-11ea-9673-4c72b94353b5" }, "details": "the phpmyadmin team reports:\n\n> This security fix is part of an ongoing effort to improve the security\n> of the Designer feature and is designated PMASA-2019-5. There is also\n> an improvement for how we sanitize git version information shown on\n> the home page.\n", "id": "FreeBSD-2019-0276", "modified": "2019-12-06T00:00:00Z", "published": "2019-12-06T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://www.phpmyadmin.net/news/2019/11/22/phpmyadmin-492-released/" }, { "type": "WEB", "url": "https://www.phpmyadmin.net/news/2019/11/22/phpmyadmin-492-released/" } ], "schema_version": "1.7.0", "summary": "phpmyadmin -- multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "py35-django21" }, "ranges": [ { "events": [ { "fixed": "2.1.15" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "py36-django21" }, "ranges": [ { "events": [ { "fixed": "2.1.15" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "py37-django21" }, "ranges": [ { "events": [ { "fixed": "2.1.15" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "py38-django21" }, "ranges": [ { "events": [ { "fixed": "2.1.15" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "py35-django22" }, "ranges": [ { "events": [ { "fixed": "2.2.8" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "py36-django22" }, "ranges": [ { "events": [ { "fixed": "2.2.8" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "py37-django22" }, "ranges": [ { "events": [ { "fixed": "2.2.8" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "py38-django22" }, "ranges": [ { "events": [ { "fixed": "2.2.8" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://www.djangoproject.com/weblog/2019/dec/02/security-releases/" ], "discovery": "2019-11-25T00:00:00Z", "references": { "cvename": [ "CVE-2019-19118" ] }, "vid": "4e3fa78b-1577-11ea-b66e-080027bdabe8" }, "details": "Django release reports:\n\n> CVE-2019-19118: Privilege escalation in the Django admin.\n>\n> Since Django 2.1, a Django model admin displaying a parent model with\n> related model inlines, where the user has view-only permissions to a\n> parent model but edit permissions to the inline model, would display a\n> read-only view of the parent model but editable forms for the inline.\n>\n> Submitting these forms would not allow direct edits to the parent\n> model, but would trigger the parent model\\'s save() method, and cause\n> pre and post-save signal handlers to be invoked. This is a privilege\n> escalation as a user who lacks permission to edit a model should not\n> be able to trigger its save-related signals.\n", "id": "FreeBSD-2019-0275", "modified": "2019-12-03T00:00:00Z", "published": "2019-12-03T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://www.djangoproject.com/weblog/2019/dec/02/security-releases/" }, { "type": "WEB", "url": "https://www.djangoproject.com/weblog/2019/dec/02/security-releases/" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-19118" } ], "schema_version": "1.7.0", "summary": "Django -- multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "py35-matrix-synapse" }, "ranges": [ { "events": [ { "fixed": "1.6.1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "py36-matrix-synapse" }, "ranges": [ { "events": [ { "fixed": "1.6.1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "py37-matrix-synapse" }, "ranges": [ { "events": [ { "fixed": "1.6.1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://github.com/matrix-org/synapse/releases/tag/v1.6.1" ], "discovery": "2019-11-28T00:00:00Z", "vid": "9c36d41c-11df-11ea-9b6d-901b0e934d69" }, "details": "Matrix developers report:\n\n> Clean up local threepids from user on account deactivation.\n", "id": "FreeBSD-2019-0274", "modified": "2019-11-28T00:00:00Z", "published": "2019-11-28T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://github.com/matrix-org/synapse/releases/tag/v1.6.1" }, { "type": "WEB", "url": "https://github.com/matrix-org/synapse/releases/tag/v1.6.1" }, { "type": "WEB", "url": "https://github.com/matrix-org/synapse/pull/6426" } ], "schema_version": "1.7.0", "summary": "py-matrix-synapse -- incomplete cleanup of 3rd-party-IDs on user deactivation" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "py35-matrix-synapse" }, "ranges": [ { "events": [ { "fixed": "1.5.0" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "py36-matrix-synapse" }, "ranges": [ { "events": [ { "fixed": "1.5.0" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "py37-matrix-synapse" }, "ranges": [ { "events": [ { "fixed": "1.5.0" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://github.com/matrix-org/synapse/pull/6262" ], "discovery": "2019-10-29T00:00:00Z", "vid": "42675046-fa70-11e9-ba4e-901b0e934d69" }, "details": "Matrix developers report:\n\n> Make sure that \\[\\...\\] events sent over /send_join, /send_leave, and\n> /invite, are correctly signed and come from the expected servers.\n", "id": "FreeBSD-2019-0273", "modified": "2019-10-29T00:00:00Z", "published": "2019-10-29T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://github.com/matrix-org/synapse/pull/6262" }, { "type": "WEB", "url": "https://github.com/matrix-org/synapse/pull/6262" }, { "type": "WEB", "url": "https://github.com/matrix-org/synapse/releases/tag/v1.5.0" } ], "schema_version": "1.7.0", "summary": "py-matrix-synapse -- missing signature checks on some federation APIs" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "gitlab-ce" }, "ranges": [ { "events": [ { "introduced": "12.5.0" }, { "fixed": "12.5.2" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "12.4.0" }, { "fixed": "12.4.5" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "11.9.0" }, { "fixed": "12.3.8" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://about.gitlab.com/blog/2019/11/27/security-release-gitlab-12-5-2-released/" ], "discovery": "2019-11-27T00:00:00Z", "references": { "cvename": [ "CVE-2019-19262" ] }, "vid": "4ce7c28a-11ac-11ea-b537-001b217b3468" }, "details": "Gitlab reports:\n\n> Unauthorized access to grafana metrics\n>\n> Update Mattermost dependency\n", "id": "FreeBSD-2019-0272", "modified": "2019-11-28T00:00:00Z", "published": "2019-11-28T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://about.gitlab.com/blog/2019/11/27/security-release-gitlab-12-5-2-released/" }, { "type": "WEB", "url": "https://about.gitlab.com/blog/2019/11/27/security-release-gitlab-12-5-2-released/" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-19262" } ], "schema_version": "1.7.0", "summary": "Gitlab -- Multiple Vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "gitlab-ce" }, "ranges": [ { "events": [ { "introduced": "12.5.0" }, { "fixed": "12.5.1" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "12.4.0" }, { "fixed": "12.4.4" } ], "type": "ECOSYSTEM" }, { "events": [ { "fixed": "12.3.7" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://about.gitlab.com/blog/2019/11/27/security-release-gitlab-12-5-1-released/" ], "discovery": "2019-11-27T00:00:00Z", "references": { "cvename": [ "CVE-2019-19088", "CVE-2019-19309", "CVE-2019-19086", "CVE-2019-19087", "CVE-2019-19261", "CVE-2019-19256", "CVE-2019-19254", "CVE-2019-19257", "CVE-2019-19263", "CVE-2019-19258", "CVE-2019-19259", "CVE-2019-19260", "CVE-2019-19262", "CVE-2019-19255", "CVE-2019-19310", "CVE-2019-19311", "CVE-2019-19312", "CVE-2019-19313", "CVE-2019-19314" ] }, "vid": "1aa7a094-1147-11ea-b537-001b217b3468" }, "details": "Gitlab reports:\n\n> Path traversal with potential remote code execution\n>\n> Private objects exposed through project import\n>\n> Disclosure of notes via Elasticsearch integration\n>\n> Disclosure of comments via Elasticsearch integration\n>\n> DNS Rebind SSRF in various chat notifications\n>\n> Disclosure of vulnerability status in dependency list\n>\n> Disclosure of commit count in Cycle Analytics\n>\n> Exposure of related branch names\n>\n> Tags pushes from blocked users\n>\n> Branches and Commits exposed to Guest members via integration\n>\n> IDOR when adding users to protected environments\n>\n> Former project members able to access repository information\n>\n> Unauthorized access to grafana metrics\n>\n> Todos created for former project members\n>\n> Update Mattermost dependency\n>\n> Disclosure of AWS secret keys on certain Admin pages\n>\n> Stored XSS in Group and User profile fields\n>\n> Forked project information disclosed via Project API\n>\n> Denial of Service in the issue and commit comment pages\n>\n> Tokens stored in plaintext\n", "id": "FreeBSD-2019-0271", "modified": "2019-11-27T00:00:00Z", "published": "2019-11-27T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://about.gitlab.com/blog/2019/11/27/security-release-gitlab-12-5-1-released/" }, { "type": "WEB", "url": "https://about.gitlab.com/blog/2019/11/27/security-release-gitlab-12-5-1-released/" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-19088" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-19309" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-19086" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-19087" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-19261" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-19256" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-19254" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-19257" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-19263" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-19258" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-19259" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-19260" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-19262" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-19255" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-19310" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-19311" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-19312" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-19313" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-19314" } ], "schema_version": "1.7.0", "summary": "Gitlab -- Multiple Vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "webkit2-gtk3" }, "ranges": [ { "events": [ { "fixed": "2.26.2" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "discovery": "2019-11-08T00:00:00Z", "references": { "cvename": [ "CVE-2019-8710", "CVE-2019-8743", "CVE-2019-8764", "CVE-2019-8765", "CVE-2019-8766", "CVE-2019-8782", "CVE-2019-8783", "CVE-2019-8808", "CVE-2019-8811", "CVE-2019-8812", "CVE-2019-8813", "CVE-2019-8814", "CVE-2019-8815", "CVE-2019-8816", "CVE-2019-8819", "CVE-2019-8820", "CVE-2019-8821", "CVE-2019-8822", "CVE-2019-8823" ] }, "vid": "3e748551-c732-45f6-bd88-928da16f23a8" }, "details": "The WebKitGTK project reports multiple vulnerabilities.\n", "id": "FreeBSD-2019-0270", "modified": "2019-11-27T00:00:00Z", "published": "2019-11-27T00:00:00Z", "references": [ { "type": "WEB", "url": "https://webkitgtk.org/security/WSA-2019-0006.html" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-8710" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-8743" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-8764" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-8765" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-8766" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-8782" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-8783" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-8808" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-8811" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-8812" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-8813" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-8814" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-8815" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-8816" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-8819" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-8820" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-8821" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-8822" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-8823" } ], "schema_version": "1.7.0", "summary": "webkit2-gtk3 -- Multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "py27-urllib3" }, "ranges": [ { "events": [ { "fixed": "1.24.3,1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "py35-urllib3" }, "ranges": [ { "events": [ { "fixed": "1.24.3,1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "py36-urllib3" }, "ranges": [ { "events": [ { "fixed": "1.24.3,1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "py37-urllib3" }, "ranges": [ { "events": [ { "fixed": "1.24.3,1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "py38-urllib3" }, "ranges": [ { "events": [ { "fixed": "1.24.3,1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://nvd.nist.gov/vuln/search/results?form_type=Advanced&results_type=overview&query=urllib3&search_type=all&pub_start_date=01%2F01%2F2018&pub_end_date=11%2F10%2F2019" ], "discovery": "2018-12-11T00:00:00Z", "references": { "cvename": [ "CVE-2018-20060", "CVE-2019-11236", "CVE-2019-11324" ], "freebsdpr": [ "ports/229322" ] }, "vid": "87270ba5-03d3-11ea-b81f-3085a9a95629" }, "details": "NIST reports: (by search in the range 2018/01/01 - 2019/11/10):\n\n> urllib3 before version 1.23 does not remove the Authorization HTTP\n> header when following a cross-origin redirect (i.e., a redirect that\n> differs in host, port, or scheme). This can allow for credentials in\n> the Authorization header to be exposed to unintended hosts or\n> transmitted in cleartext.\n>\n> In the urllib3 library through 1.24.1 for Python, CRLF injection is\n> possible if the attacker controls the request parameter.\n>\n> The urllib3 library before 1.24.2 for Python mishandles certain cases\n> where the desired set of CA certificates is different from the OS\n> store of CA certificates, which results in SSL connections succeeding\n> in situations where a verification failure is the correct outcome.\n> This is related to use of the ssl_context, ca_certs, or ca_certs_dir\n> argument.\n", "id": "FreeBSD-2019-0269", "modified": "2019-11-26T00:00:00Z", "published": "2019-11-26T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://nvd.nist.gov/vuln/search/results?form_type=Advanced&results_type=overview&query=urllib3&search_type=all&pub_start_date=01%2F01%2F2018&pub_end_date=11%2F10%2F2019" }, { "type": "WEB", "url": "https://nvd.nist.gov/vuln/search/results?form_type=Advanced&results_type=overview&query=urllib3&search_type=all&pub_start_date=01%2F01%2F2018&pub_end_date=11%2F10%2F2019" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-20060" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-11236" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-11324" }, { "type": "REPORT", "url": "https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=229322" } ], "schema_version": "1.7.0", "summary": "urllib3 -- multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:kernel", "name": "FreeBSD-kernel" }, "ranges": [ { "events": [ { "introduced": "12.1" }, { "fixed": "12.1_1" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "12.0" }, { "fixed": "12.0_12" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "11.3" }, { "fixed": "11.3_5" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "discovery": "2019-11-14T00:00:00Z", "references": { "cvename": [ "CVE-2019-11135", "CVE-2019-11139", "CVE-2018-12126", "CVE-2018-12127", "CVE-2018-12130", "CVE-2018-11091", "CVE-2017-5715" ], "freebsdsa": [ "SA-19:26.mcu" ] }, "vid": "fbe10a8a-05a1-11ea-9dfa-f8b156ac3ff9" }, "details": "Starting with version 1.26, the devcpu-data port/package includes\nupdates and mitigations for the following technical and security\nadvisories (depending on CPU model).\n\nIntel TSX Updates (TAA) CVE-2019-11135 Voltage Modulation Vulnerability\nCVE-2019-11139 MD_CLEAR Operations CVE-2018-12126 CVE-2018-12127\nCVE-2018-12130 CVE-2018-11091 TA Indirect Sharing CVE-2017-5715 EGETKEY\nCVE-2018-12126 CVE-2018-12127 CVE-2018-12130 CVE-2018-11091 JCC SKX102\nErratum\n\nUpdated microcode includes mitigations for CPU issues, but may also\ncause a performance regression due to the JCC erratum mitigation. Please\nvisit http://www.intel.com/benchmarks for further information.\n\nPlease visit http://www.intel.com/security for detailed information on\nthese advisories as well as a list of CPUs that are affected.\n\nOperating a CPU without the latest microcode may result in erratic or\nunpredictable behavior, including system crashes and lock ups. Certain\nissues listed in this advisory may result in the leakage of privileged\nsystem information to unprivileged users. Please refer to the security\nadvisories listed above for detailed information.\n", "id": "FreeBSD-2019-0268", "modified": "2019-11-25T00:00:00Z", "published": "2019-11-25T00:00:00Z", "references": [ { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-11135" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-11139" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-12126" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-12127" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-12130" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-11091" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-5715" }, { "type": "ADVISORY", "url": "https://www.freebsd.org/security/advisories/FreeBSD-SA-19:26.mcu.asc" } ], "schema_version": "1.7.0", "summary": "FreeBSD -- Intel CPU Microcode Update" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:kernel", "name": "FreeBSD-kernel" }, "ranges": [ { "events": [ { "introduced": "12.1" }, { "fixed": "12.1_1" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "12.0" }, { "fixed": "12.0_12" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "11.3" }, { "fixed": "11.3_5" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "discovery": "2019-11-14T00:00:00Z", "references": { "cvename": [ "CVE-2018-12207" ], "freebsdsa": [ "SA-19:25.mcepsc" ] }, "vid": "edc0bf7e-05a1-11ea-9dfa-f8b156ac3ff9" }, "details": "Intel discovered a previously published erratum on some Intel platforms\ncan be exploited by malicious software to potentially cause a denial of\nservice by triggering a machine check that will crash or hang the\nsystem.\n\nMalicious guest operating systems may be able to crash the host.\n", "id": "FreeBSD-2019-0267", "modified": "2019-11-25T00:00:00Z", "published": "2019-11-25T00:00:00Z", "references": [ { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-12207" }, { "type": "ADVISORY", "url": "https://www.freebsd.org/security/advisories/FreeBSD-SA-19:25.mcepsc.asc" } ], "schema_version": "1.7.0", "summary": "FreeBSD -- Machine Check Exception on Page Size Change" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "clamav" }, "ranges": [ { "events": [ { "fixed": "0.102.1,1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://blog.clamav.net/2019/11/clamav-01021-and-01015-patches-have.html" ], "discovery": "2019-09-06T00:00:00Z", "references": { "cvename": [ "CVE-2019-15961" ] }, "vid": "6ade62d9-0f62-11ea-9673-4c72b94353b5" }, "details": "Micah Snyder reports:\n\n> A Denial-of-Service (DoS) vulnerability may occur when scanning a\n> specially crafted email file as a result of excessively long scan\n> times. The issue is resolved by implementing several maximums in\n> parsing MIME messages and by optimizing use of memory allocation.\n", "id": "FreeBSD-2019-0266", "modified": "2019-11-25T00:00:00Z", "published": "2019-11-25T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://blog.clamav.net/2019/11/clamav-01021-and-01015-patches-have.html" }, { "type": "WEB", "url": "https://blog.clamav.net/2019/11/clamav-01021-and-01015-patches-have.html" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-15961" } ], "schema_version": "1.7.0", "summary": "clamav -- Denial-of-Service (DoS) vulnerability" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "unbound" }, "ranges": [ { "events": [ { "fixed": "1.9.5" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://nlnetlabs.nl/projects/unbound/security-advisories/#vulnerability-in-ipsec-module" ], "discovery": "2019-11-19T00:00:00Z", "references": { "cvename": [ "CVE-2019-18934" ] }, "vid": "ffc80e58-0dcb-11ea-9673-4c72b94353b5" }, "details": "Unbound Security Advisories:\n\n> Recent versions of Unbound contain a vulnerability that can cause\n> shell code execution after receiving a specially crafted answer. This\n> issue can only be triggered if unbound was compiled with\n> \\--enable-ipsecmod support, and ipsecmod is enabled and used in the\n> configuration.\n", "id": "FreeBSD-2019-0265", "modified": "2019-11-23T00:00:00Z", "published": "2019-11-23T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://nlnetlabs.nl/projects/unbound/security-advisories/#vulnerability-in-ipsec-module" }, { "type": "WEB", "url": "https://nlnetlabs.nl/projects/unbound/security-advisories/#vulnerability-in-ipsec-module" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-18934" } ], "schema_version": "1.7.0", "summary": "unbound -- parsing vulnerability" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "gitea" }, "ranges": [ { "events": [ { "fixed": "1.9.10" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://blog.gitea.io/2019/11/gitea-1.10.0-is-released/" ], "discovery": "2019-11-17T00:00:00Z", "references": { "freebsdpr": [ "ports/241981" ] }, "vid": "b12a341a-0932-11ea-bf09-080027e0baa0" }, "details": "The Gitea Team reports:\n\n> This release contains five security fixes, so we recommend updating:\n>\n> - Fix issue with user.fullname\n> - Ignore mentions for users with no access\n> - Be more strict with git arguments\n> - Extract the username and password from the mirror url\n> - Reserve .well-known username\n", "id": "FreeBSD-2019-0264", "modified": "2019-11-22T00:00:00Z", "published": "2019-11-22T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://blog.gitea.io/2019/11/gitea-1.10.0-is-released/" }, { "type": "WEB", "url": "https://blog.gitea.io/2019/11/gitea-1.10.0-is-released/" }, { "type": "REPORT", "url": "https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=241981" } ], "schema_version": "1.7.0", "summary": "gitea -- multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "asterisk13" }, "ranges": [ { "events": [ { "fixed": "13.29.2" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://www.asterisk.org/downloads/security-advisories" ], "discovery": "2019-11-07T00:00:00Z", "references": { "cvename": [ "CVE-2019-18976" ] }, "vid": "94c6951a-0d04-11ea-87ca-001999f8d30b" }, "details": "The Asterisk project reports:\n\n> If Asterisk receives a re-invite initiating T.38 faxing and has a port\n> of 0 and no c line in the SDP, a crash will occur.\n", "id": "FreeBSD-2019-0263", "modified": "2019-11-22T00:00:00Z", "published": "2019-11-22T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://www.asterisk.org/downloads/security-advisories" }, { "type": "WEB", "url": "https://downloads.asterisk.org/pub/security/AST-2019-008.html" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-18976" } ], "schema_version": "1.7.0", "summary": "asterisk -- Re-invite with T.38 and malformed SDP causes crash" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "asterisk13" }, "ranges": [ { "events": [ { "fixed": "13.29.2" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "asterisk16" }, "ranges": [ { "events": [ { "fixed": "16.6.2" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://www.asterisk.org/downloads/security-advisories" ], "discovery": "2019-10-10T00:00:00Z", "references": { "cvename": [ "CVE-2019-18610" ] }, "vid": "49b61ab6-0d04-11ea-87ca-001999f8d30b" }, "details": "The Asterisk project reports:\n\n> A remote authenticated Asterisk Manager Interface (AMI) user without\n> system authorization could use a specially crafted Originate AMI\n> request to execute arbitrary system commands.\n", "id": "FreeBSD-2019-0262", "modified": "2019-11-22T00:00:00Z", "published": "2019-11-22T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://www.asterisk.org/downloads/security-advisories" }, { "type": "WEB", "url": "https://downloads.asterisk.org/pub/security/AST-2019-007.html" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-18610" } ], "schema_version": "1.7.0", "summary": "asterisk -- AMI user could execute system commands" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "asterisk13" }, "ranges": [ { "events": [ { "fixed": "13.29.2" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "asterisk16" }, "ranges": [ { "events": [ { "fixed": "16.6.2" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://www.asterisk.org/downloads/security-advisories" ], "discovery": "2019-10-17T00:00:00Z", "references": { "cvename": [ "CVE-2019-18790" ] }, "vid": "a8d94711-0d03-11ea-87ca-001999f8d30b" }, "details": "The Asterisk project reports:\n\n> A SIP request can be sent to Asterisk that can change a SIP peers IP\n> address. A REGISTER does not need to occur, and calls can be hijacked\n> as a result. The only thing that needs to be known is the peers name;\n> authentication details such as passwords do not need to be known. This\n> vulnerability is only exploitable when the nat option is set to the\n> default, or auto_force_rport.\n", "id": "FreeBSD-2019-0261", "modified": "2019-11-22T00:00:00Z", "published": "2019-11-22T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://www.asterisk.org/downloads/security-advisories" }, { "type": "WEB", "url": "https://downloads.asterisk.org/pub/security/AST-2019-006.html" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-18790" } ], "schema_version": "1.7.0", "summary": "asterisk -- SIP request can change address of a SIP peer" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "drm-current-kmod" }, "ranges": [ { "events": [ { "fixed": "4.16.g20191120" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "drm-devel-kmod" }, "ranges": [ { "events": [ { "fixed": "5.0.g20191120" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "drm-fbsd12.0-kmod" }, "ranges": [ { "events": [ { "fixed": "4.16.g20191120" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "drm-fbsd11.2-kmod" }, "ranges": [ { "events": [ { "fixed": "4.11.g20191204" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://blogs.intel.com/technology/2019/11/ipas-november-2019-intel-platform-update-ipu" ], "discovery": "2019-11-12T00:00:00Z", "references": { "cvename": [ "CVE-2019-0154", "CVE-2019-11112" ] }, "vid": "ecb7fdec-0b82-11ea-874d-0c9d925bbbc0" }, "details": "Intel reports:\n\n> As part of IPU 2019.2, INTEL-SA-00242 advises that insufficient access\n> control may allow an authenticated user to potentially enable\n> escalation of privilege via local access.\n>\n> INTEL-SA-00260 advises that insufficient access control may allow an\n> authenticated user to potentially enable denial of service via local\n> access.\n", "id": "FreeBSD-2019-0260", "modified": "2019-12-04T00:00:00Z", "published": "2019-11-20T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://blogs.intel.com/technology/2019/11/ipas-november-2019-intel-platform-update-ipu" }, { "type": "WEB", "url": "https://blogs.intel.com/technology/2019/11/ipas-november-2019-intel-platform-update-ipu" }, { "type": "WEB", "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00242.html" }, { "type": "WEB", "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00260.html" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-0154" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-11112" } ], "schema_version": "1.7.0", "summary": "drm graphics drivers -- Local privilege escalation and denial of service" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "squid" }, "ranges": [ { "events": [ { "fixed": "4.9" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "http://www.squid-cache.org/Advisories/SQUID-2019_11.txt" ], "discovery": "2019-11-05T00:00:00Z", "references": { "cvename": [ "CVE-2019-18679" ] }, "vid": "620685d6-0aa3-11ea-9673-4c72b94353b5" }, "details": "Squid Team reports:\n\n> Problem Description: Due to incorrect data management Squid is\n> vulnerable to a information disclosure when processing HTTP Digest\n> Authentication.\n>\n> Severity: Nonce tokens contain the raw byte value of a pointer which\n> sits within heap memory allocation. This information reduces ASLR\n> protections and may aid attackers isolating memory areas to target for\n> remote code execution attacks.\n", "id": "FreeBSD-2019-0259", "modified": "2019-11-19T00:00:00Z", "published": "2019-11-19T00:00:00Z", "references": [ { "type": "REPORT", "url": "http://www.squid-cache.org/Advisories/SQUID-2019_11.txt" }, { "type": "WEB", "url": "http://www.squid-cache.org/Advisories/SQUID-2019_11.txt" }, { "type": "WEB", "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18679" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-18679" } ], "schema_version": "1.7.0", "summary": "squid -- Vulnerable to HTTP Digest Authentication" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "libidn2" }, "ranges": [ { "events": [ { "fixed": "2.2.0" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12290" ], "discovery": "2019-11-14T00:00:00Z", "references": { "cvename": [ "CVE-2019-12290" ] }, "vid": "f04f840d-0840-11ea-8d66-75d3253ef913" }, "details": "CVE list:\n\n> GNU libidn2 before 2.2.0 fails to perform the roundtrip checks\n> specified in RFC3490 Section 4.2 when converting A-labels to U-labels.\n> This makes it possible in some circumstances for one domain to\n> impersonate another. By creating a malicious domain that matches a\n> target domain except for the inclusion of certain punycoded Unicode\n> characters (that would be discarded when converted first to a Unicode\n> label and then back to an ASCII label), arbitrary domains can be\n> impersonated.\n", "id": "FreeBSD-2019-0258", "modified": "2020-06-24T00:00:00Z", "published": "2019-11-18T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12290" }, { "type": "WEB", "url": "https://gitlab.com/libidn/libidn2/blob/master/NEWS" }, { "type": "ADVISORY", "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12290" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-12290" } ], "schema_version": "1.7.0", "summary": "libidn2 -- roundtrip check vulnerability" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "gcpio" }, "ranges": [ { "events": [ { "fixed": "2.13" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://lists.gnu.org/archive/html/bug-cpio/2019-11/msg00000.html" ], "discovery": "2019-11-06T00:00:00Z", "references": { "cvename": [ "CVE-2015-1197", "CVE-2016-2037", "CVE-2019-14866" ] }, "vid": "f59af308-07f3-11ea-8c56-f8b156b6dcc8" }, "details": "Sergey Poznyakoff reports:\n\n> This stable release fixes several potential vulnerabilities\n>\n> CVE-2015-1197: cpio, when using the \\--no-absolute-filenames option,\n> allows local users to write to arbitrary files via a symlink attack on\n> a file in an archive.\n>\n> CVE-2016-2037: The cpio_safer_name_suffix function in util.c allows\n> remote attackers to cause a denial of service (out-of-bounds write)\n> via a crafted cpio file.\n>\n> CVE-2019-14866: Improper input validation when writing tar header\n> fields leads to unexpected tar generation.\n", "id": "FreeBSD-2019-0257", "modified": "2019-11-15T00:00:00Z", "published": "2019-11-15T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://lists.gnu.org/archive/html/bug-cpio/2019-11/msg00000.html" }, { "type": "WEB", "url": "https://lists.gnu.org/archive/html/bug-cpio/2019-11/msg00000.html" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2015-1197" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2016-2037" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-14866" } ], "schema_version": "1.7.0", "summary": "GNU cpio -- multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "libmad" }, "ranges": [ { "events": [ { "fixed": "0.15.1b_7" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://nvd.nist.gov/vuln/detail/CVE-2017-8372", "https://nvd.nist.gov/vuln/detail/CVE-2017-8373", "https://nvd.nist.gov/vuln/detail/CVE-2017-8374" ], "discovery": "2017-04-30T00:00:00Z", "references": { "cvename": [ "CVE-2017-8372", "CVE-2017-8373", "CVE-2017-8374" ] }, "vid": "b48e7b14-052a-11ea-a1de-53b029d2b061" }, "details": "National Vulnerability Database:\n\n> CVE-2017-8372: The mad_layer_III function in layer3.c in Underbit MAD\n> libmad 0.15.1b, if NDEBUG is omitted, allows remote attackers to cause\n> a denial of service (assertion failure and application exit) via a\n> crafted audio file.\n\n> CVE-2017-8373: The mad_layer_III function in layer3.c in Underbit MAD\n> libmad 0.15.1b allows remote attackers to cause a denial of service\n> (heap-based buffer overflow and application crash) or possibly have\n> unspecified other impact via a crafted audio file.\n\n> CVE-2017-8374: The mad_bit_skip function in bit.c in Underbit MAD\n> libmad 0.15.1b allows remote attackers to cause a denial of service\n> (heap-based buffer over-read and application crash) via a crafted\n> audio file.\n", "id": "FreeBSD-2019-0256", "modified": "2019-11-13T00:00:00Z", "published": "2019-11-13T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-8372" }, { "type": "REPORT", "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-8373" }, { "type": "REPORT", "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-8374" }, { "type": "WEB", "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=508133#15" }, { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-8372" }, { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-8373" }, { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-8374" }, { "type": "WEB", "url": "https://blogs.gentoo.org/ago/2017/04/30/libmad-assertion-failure-in-layer3-c/" }, { "type": "WEB", "url": "https://blogs.gentoo.org/ago/2017/04/30/libmad-heap-based-buffer-overflow-in-mad_layer_iii-layer3-c/" }, { "type": "WEB", "url": "https://blogs.gentoo.org/ago/2017/04/30/libmad-heap-based-buffer-overflow-in-mad_bit_skip-bit-c/" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-8372" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-8373" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-8374" } ], "schema_version": "1.7.0", "summary": "libmad -- multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "chromium" }, "ranges": [ { "events": [ { "fixed": "78.0.3904.97" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://chromereleases.googleblog.com/2019/11/stable-channel-update-for-desktop.html" ], "discovery": "2019-11-06T00:00:00Z", "vid": "88d00176-058e-11ea-bd1c-3065ec8fd3ec" }, "details": "Google Chrome Releases reports:\n\n> Four security issues were fixed, including:\n>\n> - \\[1021723\\] Various fixes from internal audits, fuzzing and other\n> initiatives\n", "id": "FreeBSD-2019-0255", "modified": "2019-11-12T00:00:00Z", "published": "2019-11-12T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://chromereleases.googleblog.com/2019/11/stable-channel-update-for-desktop.html" }, { "type": "WEB", "url": "https://chromereleases.googleblog.com/2019/11/stable-channel-update-for-desktop.html" } ], "schema_version": "1.7.0", "summary": "chromium -- multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "wordpress" }, "ranges": [ { "events": [ { "fixed": "5.2.4,1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "fr-wordpress" }, "ranges": [ { "events": [ { "fixed": "5.2.4,1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "de-wordpress" }, "ranges": [ { "events": [ { "fixed": "5.2.4" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "zh_CN-wordpress" }, "ranges": [ { "events": [ { "fixed": "5.2.4" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "zh_TW-wordpress" }, "ranges": [ { "events": [ { "fixed": "5.2.4" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "ja-wordpress" }, "ranges": [ { "events": [ { "fixed": "5.2.4" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "ru-wordpress" }, "ranges": [ { "events": [ { "fixed": "5.2.4" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://wordpress.org/news/2019/10/wordpress-5-2-4-security-release/" ], "discovery": "2019-10-14T00:00:00Z", "vid": "459df1ba-051c-11ea-9673-4c72b94353b5" }, "details": "wordpress developers reports:\n\n> Props to Evan Ricafort for finding an issue where stored XSS\n> (cross-site scripting) could be added via the Customizer.\n>\n> rops to J.D. Grimes who found and disclosed a method of viewing\n> unauthenticated posts.\n>\n> Props to Weston Ruter for finding a way to create a stored XSS to\n> inject Javascript into style tags.\n>\n> rops to David Newman for highlighting a method to poison the cache of\n> JSON GET requests via the Vary: Origin header.\n>\n> Props to Eugene Kolodenker who found a server-side request forgery in\n> the way that URLs are validated.\n>\n> Props to Ben Bidner of the WordPress Security Team who discovered\n> issues related to referrer validation in the admin.\n", "id": "FreeBSD-2019-0254", "modified": "2019-11-12T00:00:00Z", "published": "2019-11-12T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://wordpress.org/news/2019/10/wordpress-5-2-4-security-release/" }, { "type": "WEB", "url": "https://wordpress.org/news/2019/10/wordpress-5-2-4-security-release/" } ], "schema_version": "1.7.0", "summary": "wordpress -- multiple issues" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "nexus2-oss" }, "ranges": [ { "events": [ { "fixed": "2.14.15" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://help.sonatype.com/repomanager2/release-notes/2019-release-notes#id-2019ReleaseNotes-RepositoryManager2.14.15" ], "discovery": "2019-09-19T00:00:00Z", "references": { "cvename": [ "CVE-2019-16530", "CVE-2019-15893", "CVE-2019-5475" ] }, "vid": "b2f9573a-008c-11ea-9801-10c37b4ac2ea" }, "details": "Sonatype reports:\n\n> Several RCE vulnerabilities have been found and corrected in 2.14.15:\n>\n> CVE-2019-16530: An attacker with elevated privileges can upload a\n> specially crafted file. That file can contain commands that will be\n> executed on the system, with the same privileges as the user running\n> the server.\n>\n> CVE-2019-15893: A Remote Code Execution vulnerability has been\n> discovered in Nexus Repository Manager requiring immediate action. The\n> vulnerability allows for an attacker with administrative access to\n> NXRM to create repostories that can grant access to read/execute\n> system data outside the scope of NXRM.\n>\n> CVE-2019-5475: A vulnerability has been found that can allow user\\'s\n> with administrative privileges to run processes on the target server,\n> that the nxrm os user has access to.\n", "id": "FreeBSD-2019-0253", "modified": "2019-11-07T00:00:00Z", "published": "2019-11-07T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://help.sonatype.com/repomanager2/release-notes/2019-release-notes#id-2019ReleaseNotes-RepositoryManager2.14.15" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-16530" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-15893" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-5475" } ], "schema_version": "1.7.0", "summary": "nexus2-oss -- Multiple vulerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "php71" }, "ranges": [ { "events": [ { "fixed": "7.1.33" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "php72" }, "ranges": [ { "events": [ { "fixed": "7.2.24" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "php73" }, "ranges": [ { "events": [ { "fixed": "7.3.11" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "php74" }, "ranges": [ { "events": [ { "fixed": "7.4.0.rc5" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://www.php.net/archive/2019.php#2019-10-24-2", "https://www.php.net/archive/2019.php#2019-10-24-1", "https://www.php.net/archive/2019.php#2019-10-24-3" ], "discovery": "2019-10-24T00:00:00Z", "references": { "cvename": [ "CVE-2019-11043" ] }, "vid": "6a7c2ab0-00dd-11ea-83ce-705a0f828759" }, "details": "The PHP project reports:\n\n> The PHP development team announces the immediate availability of PHP\n> 7.3.11. This is a security release which also contains several bug\n> fixes.\n\n> The PHP development team announces the immediate availability of PHP\n> 7.2.24. This is a security release which also contains several bug\n> fixes.\n\n> The PHP development team announces the immediate availability of PHP\n> 7.1.33. This is a security release which also contains several bug\n> fixes.\n", "id": "FreeBSD-2019-0252", "modified": "2019-11-06T00:00:00Z", "published": "2019-11-06T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://www.php.net/archive/2019.php#2019-10-24-2" }, { "type": "REPORT", "url": "https://www.php.net/archive/2019.php#2019-10-24-1" }, { "type": "REPORT", "url": "https://www.php.net/archive/2019.php#2019-10-24-3" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-11043" }, { "type": "WEB", "url": "https://www.php.net/archive/2019.php#2019-10-24-1" }, { "type": "WEB", "url": "https://www.php.net/archive/2019.php#2019-10-24-2" }, { "type": "WEB", "url": "https://www.php.net/archive/2019.php#2019-10-24-3" } ], "schema_version": "1.7.0", "summary": "php -- env_path_info underflow in fpm_main.c can lead to RCE" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "mediawiki131" }, "ranges": [ { "events": [ { "fixed": "1.31.5" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "mediawiki132" }, "ranges": [ { "events": [ { "fixed": "1.32.5" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "mediawiki133" }, "ranges": [ { "events": [ { "fixed": "1.33.1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://lists.wikimedia.org/pipermail/mediawiki-announce/2019-October/000236.html" ], "discovery": "2019-08-13T00:00:00Z", "references": { "cvename": [ "CVE-2019-16738" ] }, "vid": "c32285fe-fde4-11e9-9525-000c29c4dc65" }, "details": "Mediawiki reports:\n\n> Security fixes: T230402, CVE-2019-16738 SECURITY: Add permission check\n> for suppressed account to Special:Redirect.\n", "id": "FreeBSD-2019-0251", "modified": "2019-11-03T00:00:00Z", "published": "2019-11-03T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://lists.wikimedia.org/pipermail/mediawiki-announce/2019-October/000236.html" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-16738" }, { "type": "WEB", "url": "https://lists.wikimedia.org/pipermail/mediawiki-announce/2019-October/000236.html" } ], "schema_version": "1.7.0", "summary": "mediawiki -- multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "mariadb55-server" }, "ranges": [ { "events": [ { "fixed": "5.5.66" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "mariadb101-server" }, "ranges": [ { "events": [ { "fixed": "10.1.42" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "mariadb102-server" }, "ranges": [ { "events": [ { "fixed": "10.2.28" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "mariadb103-server" }, "ranges": [ { "events": [ { "fixed": "10.3.19" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "mariadb104-server" }, "ranges": [ { "events": [ { "fixed": "10.4.9" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "mysql56-server" }, "ranges": [ { "events": [ { "fixed": "5.6.46" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "mysql57-server" }, "ranges": [ { "events": [ { "fixed": "5.7.28" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "mysql80-server" }, "ranges": [ { "events": [ { "fixed": "8.0.18" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "percona55-server" }, "ranges": [ { "events": [ { "fixed": "5.5.66" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "percona56-server" }, "ranges": [ { "events": [ { "fixed": "5.6.46" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "percona57-server" }, "ranges": [ { "events": [ { "fixed": "5.7.28" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://www.oracle.com/security-alerts/cpuoct2019.html" ], "discovery": "2019-10-15T00:00:00Z", "references": { "cvename": [ "CVE-2019-5443", "CVE-2019-1543", "CVE-2019-3011", "CVE-2019-2966", "CVE-2019-2967", "CVE-2019-2974", "CVE-2019-2946", "CVE-2019-3004", "CVE-2019-2914", "CVE-2019-2969", "CVE-2019-2991", "CVE-2019-2920", "CVE-2019-2993", "CVE-2019-2922", "CVE-2019-2923", "CVE-2019-2924", "CVE-2019-2963", "CVE-2019-2968", "CVE-2019-3003", "CVE-2019-2997", "CVE-2019-2948", "CVE-2019-2950", "CVE-2019-2982", "CVE-2019-2998", "CVE-2019-2960", "CVE-2019-2957", "CVE-2019-2938", "CVE-2019-3018", "CVE-2019-3009", "CVE-2019-2910", "CVE-2019-2911" ] }, "vid": "fc91f2ef-fd7b-11e9-a1c7-b499baebfeaf" }, "details": "Oracle reports:\n\n> This Critical Patch Update contains 31 new security fixes for Oracle\n> MySQL. 6 of these vulnerabilities may be remotely exploitable without\n> authentication, i.e., may be exploited over a network without\n> requiring user credentials.\n", "id": "FreeBSD-2019-0250", "modified": "2019-11-02T00:00:00Z", "published": "2019-11-02T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://www.oracle.com/security-alerts/cpuoct2019.html" }, { "type": "WEB", "url": "https://www.oracle.com/security-alerts/cpuoct2019.html" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-5443" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-1543" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-3011" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-2966" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-2967" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-2974" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-2946" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-3004" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-2914" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-2969" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-2991" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-2920" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-2993" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-2922" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-2923" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-2924" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-2963" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-2968" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-3003" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-2997" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-2948" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-2950" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-2982" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-2998" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-2960" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-2957" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-2938" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-3018" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-3009" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-2910" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-2911" } ], "schema_version": "1.7.0", "summary": "MySQL -- Multiple vulerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "file" }, "ranges": [ { "events": [ { "fixed": "5.37" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18218" ], "discovery": "2019-08-26T00:00:00Z", "vid": "381deebb-f5c9-11e9-9c4f-74d435e60b7c" }, "details": "mitre reports\n\n> cdf_read_property_info in cdf.c in file through 5.37 does not restrict\n> the number of CDF_VECTOR elements, which allows a heap-based buffer\n> overflow (4-byte out-of-bounds write).\n", "id": "FreeBSD-2019-0249", "modified": "2019-11-02T00:00:00Z", "published": "2019-11-02T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18218" }, { "type": "WEB", "url": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=16780" }, { "type": "WEB", "url": "https://github.com/file/file/commit/46a8443f76cec4b41ec736eca396984c74664f84" } ], "schema_version": "1.7.0", "summary": "file -- Heap buffer overflow possible" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "webkit2-gtk3" }, "ranges": [ { "events": [ { "fixed": "2.26.1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "discovery": "2019-10-29T00:00:00Z", "references": { "cvename": [ "CVE-2019-8625", "CVE-2019-8674", "CVE-2019-8707", "CVE-2019-8719", "CVE-2019-8720", "CVE-2019-8726", "CVE-2019-8733", "CVE-2019-8735", "CVE-2019-8763", "CVE-2019-8768", "CVE-2019-8769", "CVE-2019-8771" ] }, "vid": "92243b6a-5775-4aea-8727-a938058df5ba" }, "details": "The WebKitGTK project reports multiple vulnerabilities.\n", "id": "FreeBSD-2019-0248", "modified": "2019-10-31T00:00:00Z", "published": "2019-10-31T00:00:00Z", "references": [ { "type": "WEB", "url": "https://webkitgtk.org/security/WSA-2019-0005.html" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-8625" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-8674" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-8707" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-8719" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-8720" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-8726" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-8733" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-8735" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-8763" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-8768" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-8769" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-8771" } ], "schema_version": "1.7.0", "summary": "webkit2-gtk3 -- Multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "gitea" }, "ranges": [ { "events": [ { "fixed": "1.9.5" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://github.com/go-gitea/gitea/issues/8303" ], "discovery": "2019-09-27T00:00:00Z", "vid": "fd10aa77-fb5e-11e9-af7b-0800274e5f20" }, "details": "The Gitea Team reports:\n\n> When a comment in an issue or PR mentions a user using \\@username, the\n> mentioned user receives a mail notification even if they don\\'t have\n> permission to see the originating repository.\n", "id": "FreeBSD-2019-0247", "modified": "2019-10-30T00:00:00Z", "published": "2019-10-30T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://github.com/go-gitea/gitea/issues/8303" }, { "type": "WEB", "url": "https://github.com/go-gitea/gitea/releases/tag/v1.9.5" }, { "type": "WEB", "url": "https://blog.gitea.io/2019/10/gitea-1.9.5-is-released/" } ], "schema_version": "1.7.0", "summary": "gitea -- information disclosure" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "samba48" }, "ranges": [ { "events": [ { "last_affected": "4.8.12" }, { "fixed": "4.8.12" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "samba410" }, "ranges": [ { "events": [ { "fixed": "4.10.10" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "samba411" }, "ranges": [ { "events": [ { "fixed": "4.11.2" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://www.samba.org/samba/security/CVE-2019-10218.html", "https://www.samba.org/samba/security/CVE-2019-14833.html", "https://www.samba.org/samba/security/CVE-2019-14847.html" ], "discovery": "2019-09-29T00:00:00Z", "references": { "cvename": [ "CVE-2019-10218", "CVE-2019-14833", "CVE-2019-14847" ] }, "vid": "50a1bbc9-fb80-11e9-9e70-005056a311d1" }, "details": "The samba project reports:\n\n> Malicious servers can cause Samba client code to return filenames\n> containing path separators to calling code.\n\n> When the password contains multi-byte (non-ASCII) characters, the\n> check password script does not receive the full password string.\n\n> Users with the \\\"get changes\\\" extended access right can crash the AD\n> DC LDAP server by requesting an attribute using the range= syntax.\n", "id": "FreeBSD-2019-0246", "modified": "2019-10-29T00:00:00Z", "published": "2019-10-29T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://www.samba.org/samba/security/CVE-2019-10218.html" }, { "type": "REPORT", "url": "https://www.samba.org/samba/security/CVE-2019-14833.html" }, { "type": "REPORT", "url": "https://www.samba.org/samba/security/CVE-2019-14847.html" }, { "type": "WEB", "url": "https://www.samba.org/samba/security/CVE-2019-10218.html" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-10218" }, { "type": "WEB", "url": "https://www.samba.org/samba/security/CVE-2019-14833.html" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-14833" }, { "type": "WEB", "url": "https://www.samba.org/samba/security/CVE-2019-14847.html" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-14847" } ], "schema_version": "1.7.0", "summary": "samba -- multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "gitlab-ce" }, "ranges": [ { "events": [ { "introduced": "12.4.0" }, { "fixed": "12.4.1" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "12.3.0" }, { "fixed": "12.3.6" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "0" }, { "fixed": "12.2.9" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://about.gitlab.com/blog/2019/10/30/security-release-gitlab-12-dot-4-dot-1-released/" ], "discovery": "2019-10-30T00:00:00Z", "references": { "cvename": [ "CVE-2019-18446", "CVE-2019-18447", "CVE-2019-18460", "CVE-2019-18456", "CVE-2019-18448", "CVE-2019-18449", "CVE-2019-18450", "CVE-2019-18452", "CVE-2019-18455", "CVE-2019-18453", "CVE-2019-18457", "CVE-2019-18458", "CVE-2019-18454", "CVE-2019-18451", "CVE-2019-18459", "CVE-2019-18461", "CVE-2019-18463", "CVE-2019-18462" ] }, "vid": "6eddfa51-fb44-11e9-86e9-001b217b3468" }, "details": "Gitlab reports:\n\n> Source branch of a MR could be removed by an unauthorised user\n>\n> Private group members could be listed\n>\n> Disclosure of System Notes via Elasticsearch integration\n>\n> Disclosure of Private Comments via Elasticsearch integration\n>\n> Confirm existence of private repositories\n>\n> Private group membership could be disclosed\n>\n> Disclosure of Project Labels\n>\n> Disclosure of Private Project Path and Labels\n>\n> Uncontrolled Resource Consumption due to Nested GraphQL Queries\n>\n> Improper access control on comments\n>\n> Sentry Token Access Control\n>\n> Authorisation check for Project Transfer option\n>\n> XSS in Wiki Pages Using RDoc\n>\n> Untrusted Input could be used for Internal Redirect\n>\n> Access control for protected environments\n>\n> Private Sub Group path Disclosure\n>\n> Disclosure of Group Packages List\n>\n> Private Repository Name Disclosure\n", "id": "FreeBSD-2019-0245", "modified": "2019-10-30T00:00:00Z", "published": "2019-10-30T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://about.gitlab.com/blog/2019/10/30/security-release-gitlab-12-dot-4-dot-1-released/" }, { "type": "WEB", "url": "https://about.gitlab.com/blog/2019/10/30/security-release-gitlab-12-dot-4-dot-1-released/" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-18446" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-18447" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-18460" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-18456" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-18448" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-18449" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-18450" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-18452" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-18455" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-18453" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-18457" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-18458" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-18454" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-18451" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-18459" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-18461" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-18463" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-18462" } ], "schema_version": "1.7.0", "summary": "Gitlab -- Disclosure Vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:kernel", "name": "FreeBSD-kernel" }, "ranges": [ { "events": [ { "introduced": "12.0" }, { "fixed": "12.0_10" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "11.3" }, { "fixed": "11.3_3" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "11.2" }, { "fixed": "11.2_14" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "discovery": "2019-08-20T00:00:00Z", "references": { "cvename": [ "CVE-2019-5603" ], "freebsdsa": [ "SA-19:24.mqueuefs" ] }, "vid": "53b3474c-f680-11e9-a87f-a4badb2f4699" }, "details": "# Problem Description:\n\nSystem calls operating on file descriptors obtain a reference to\nrelevant struct file which due to a programming error was not always put\nback, which in turn could be used to overflow the counter of affected\nstruct file.\n\n# Impact:\n\nA local user can use this flaw to obtain access to files, directories,\nsockets, etc., opened by processes owned by other users. If obtained\nstruct file represents a directory from outside of user\\'s jail, it can\nbe used to access files outside of the jail. If the user in question is\na jailed root they can obtain root privileges on the host system.\n", "id": "FreeBSD-2019-0244", "modified": "2019-10-24T00:00:00Z", "published": "2019-10-24T00:00:00Z", "references": [ { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-5603" }, { "type": "ADVISORY", "url": "https://www.freebsd.org/security/advisories/FreeBSD-SA-19:24.mqueuefs.asc" } ], "schema_version": "1.7.0", "summary": "FreeBSD -- Reference count overflow in mqueue filesystem 32-bit compat" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:kernel", "name": "FreeBSD-kernel" }, "ranges": [ { "events": [ { "introduced": "12.0" }, { "fixed": "12.0_10" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "11.3" }, { "fixed": "11.3_3" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "11.2" }, { "fixed": "11.2_14" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "discovery": "2019-08-20T00:00:00Z", "references": { "cvename": [ "CVE-2019-5612" ], "freebsdsa": [ "SA-19:23.midi" ] }, "vid": "5027b62e-f680-11e9-a87f-a4badb2f4699" }, "details": "# Problem Description:\n\nThe kernel driver for /dev/midistat implements a handler for read(2).\nThis handler is not thread-safe, and a multi-threaded program can\nexploit races in the handler to cause it to copy out kernel memory\noutside the boundaries of midistat\\'s data buffer.\n\n# Impact:\n\nThe races allow a program to read kernel memory within a 4GB window\ncentered at midistat\\'s data buffer. The buffer is allocated each time\nthe device is opened, so an attacker is not limited to a static 4GB\nregion of memory.\n\nOn 32-bit platforms, an attempt to trigger the race may cause a page\nfault in kernel mode, leading to a panic.\n", "id": "FreeBSD-2019-0243", "modified": "2019-10-24T00:00:00Z", "published": "2019-10-24T00:00:00Z", "references": [ { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-5612" }, { "type": "ADVISORY", "url": "https://www.freebsd.org/security/advisories/FreeBSD-SA-19:23.midi.asc" } ], "schema_version": "1.7.0", "summary": "FreeBSD -- kernel memory disclosure from /dev/midistat" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:kernel", "name": "FreeBSD-kernel" }, "ranges": [ { "events": [ { "introduced": "12.0" }, { "fixed": "12.0_10" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "11.3" }, { "fixed": "11.3_3" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "11.2" }, { "fixed": "11.2_14" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "discovery": "2019-08-20T00:00:00Z", "references": { "cvename": [ "CVE-2019-5611" ], "freebsdsa": [ "SA-19:22.mbuf" ] }, "vid": "4d3d4f64-f680-11e9-a87f-a4badb2f4699" }, "details": "# Problem Description:\n\nDue do a missing check in the code of m_pulldown(9) data returned may\nnot be contiguous as requested by the caller.\n\n# Impact:\n\nExtra checks in the IPv6 code catch the error condition and trigger a\nkernel panic leading to a remote DoS (denial-of-service) attack with\ncertain Ethernet interfaces. At this point it is unknown if any other\nthan the IPv6 code paths can trigger a similar condition.\n", "id": "FreeBSD-2019-0242", "modified": "2019-10-24T00:00:00Z", "published": "2019-10-24T00:00:00Z", "references": [ { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-5611" }, { "type": "ADVISORY", "url": "https://www.freebsd.org/security/advisories/FreeBSD-SA-19:22.mbuf.asc" } ], "schema_version": "1.7.0", "summary": "FreeBSD -- IPv6 remote Denial-of-Service" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:kernel", "name": "FreeBSD-kernel" }, "ranges": [ { "events": [ { "introduced": "12.0" }, { "fixed": "12.0_9" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "11.3" }, { "fixed": "11.3_2" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "11.2" }, { "fixed": "11.2_13" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "discovery": "2019-08-06T00:00:00Z", "references": { "cvename": [ "CVE-2019-5609" ], "freebsdsa": [ "SA-19:21.bhyve" ] }, "vid": "499b22a3-f680-11e9-a87f-a4badb2f4699" }, "details": "# Problem Description:\n\nThe e1000 network adapters permit a variety of modifications to an\nEthernet packet when it is being transmitted. These include the\ninsertion of IP and TCP checksums, insertion of an Ethernet VLAN header,\nand TCP segmentation offload (\\\"TSO\\\"). The e1000 device model uses an\non-stack buffer to generate the modified packet header when simulating\nthese modifications on transmitted packets.\n\nWhen TCP segmentation offload is requested for a transmitted packet, the\ne1000 device model used a guest-provided value to determine the size of\nthe on-stack buffer without validation. The subsequent header generation\ncould overflow an incorrectly sized buffer or indirect a pointer\ncomposed of stack garbage.\n\n# Impact:\n\nA misbehaving bhyve guest could overwrite memory in the bhyve process on\nthe host.\n", "id": "FreeBSD-2019-0241", "modified": "2019-10-24T00:00:00Z", "published": "2019-10-24T00:00:00Z", "references": [ { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-5609" }, { "type": "ADVISORY", "url": "https://www.freebsd.org/security/advisories/FreeBSD-SA-19:21.bhyve.asc" } ], "schema_version": "1.7.0", "summary": "FreeBSD -- Insufficient validation of guest-supplied data (e1000 device)" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "FreeBSD" }, "ranges": [ { "events": [ { "introduced": "12.0" }, { "fixed": "12.0_9" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "11.3" }, { "fixed": "11.3_2" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "11.2" }, { "fixed": "11.2_13" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "discovery": "2019-08-06T00:00:00Z", "references": { "cvename": [ "CVE-2019-5610" ], "freebsdsa": [ "SA-19:20.bsnmp" ] }, "vid": "45a95fdd-f680-11e9-a87f-a4badb2f4699" }, "details": "# Problem Description:\n\nA function extracting the length from type-length-value encoding is not\nproperly validating the submitted length.\n\n# Impact:\n\nA remote user could cause, for example, an out-of-bounds read, decoding\nof unrelated data, or trigger a crash of the software such as bsnmpd\nresulting in a denial of service.\n", "id": "FreeBSD-2019-0240", "modified": "2019-10-24T00:00:00Z", "published": "2019-10-24T00:00:00Z", "references": [ { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-5610" }, { "type": "ADVISORY", "url": "https://www.freebsd.org/security/advisories/FreeBSD-SA-19:20.bsnmp.asc" } ], "schema_version": "1.7.0", "summary": "FreeBSD -- Insufficient message length validation in bsnmp library" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:kernel", "name": "FreeBSD-kernel" }, "ranges": [ { "events": [ { "introduced": "12.0" }, { "fixed": "12.0_9" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "11.3" }, { "fixed": "11.3_2" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "11.2" }, { "fixed": "11.2_13" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "discovery": "2019-08-06T00:00:00Z", "references": { "cvename": [ "CVE-2019-5608" ], "freebsdsa": [ "SA-19:19.mldv2" ] }, "vid": "41d2f3e6-f680-11e9-a87f-a4badb2f4699" }, "details": "# Problem Description:\n\nThe ICMPv6 input path incorrectly handles cases where an MLDv2 listener\nquery packet is internally fragmented across multiple mbufs.\n\n# Impact:\n\nA remote attacker may be able to cause an out-of-bounds read or write\nthat may cause the kernel to attempt to access an unmapped page and\nsubsequently panic.\n", "id": "FreeBSD-2019-0239", "modified": "2019-10-24T00:00:00Z", "published": "2019-10-24T00:00:00Z", "references": [ { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-5608" }, { "type": "ADVISORY", "url": "https://www.freebsd.org/security/advisories/FreeBSD-SA-19:19.mldv2.asc" } ], "schema_version": "1.7.0", "summary": "FreeBSD -- ICMPv6 / MLDv2 out-of-bounds memory access" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "FreeBSD" }, "ranges": [ { "events": [ { "introduced": "12.0" }, { "fixed": "12.0_9" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "11.3" }, { "fixed": "11.3_2" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "11.2" }, { "fixed": "11.2_13" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "discovery": "2019-08-06T00:00:00Z", "references": { "cvename": [ "CVE-2016-3189", "CVE-2019-1290" ], "freebsdsa": [ "SA-19:18.bzip2" ] }, "vid": "3c7edc7a-f680-11e9-a87f-a4badb2f4699" }, "details": "# Problem Description:\n\nThe decompressor used in bzip2 contains a bug which can lead to an\nout-of-bounds write when processing a specially crafted bzip2(1) file.\n\nbzip2recover contains a heap use-after-free bug which can be triggered\nwhen processing a specially crafted bzip2(1) file.\n\n# Impact:\n\nAn attacker who can cause maliciously crafted input to be processed may\ntrigger either of these bugs. The bzip2recover bug may cause a crash,\npermitting a denial-of-service. The bzip2 decompressor bug could\npotentially be exploited to execute arbitrary code.\n\nNote that some utilities, including the tar(1) archiver and the\nbspatch(1) binary patching utility (used in portsnap(8) and\nfreebsd-update(8)) decompress bzip2(1)-compressed data internally;\nsystem administrators should assume that their systems will at some\npoint decompress bzip2(1)-compressed data even if they never explicitly\ninvoke the bunzip2(1) utility.\n", "id": "FreeBSD-2019-0238", "modified": "2019-10-24T00:00:00Z", "published": "2019-10-24T00:00:00Z", "references": [ { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2016-3189" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-1290" }, { "type": "ADVISORY", "url": "https://www.freebsd.org/security/advisories/FreeBSD-SA-19:18.bzip2.asc" } ], "schema_version": "1.7.0", "summary": "FreeBSD -- Multiple vulnerabilities in bzip2" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "varnish6" }, "ranges": [ { "events": [ { "fixed": "6.3.1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://varnish-cache.org/security/VSV00004.html#vsv00004" ], "discovery": "2019-10-21T00:00:00Z", "vid": "2d4076eb-f679-11e9-a87f-a4badb2f4699" }, "details": "Varnish Software reports:\n\n> A bug has been discovered in Varnish Cache where we fail to clear a\n> pointer between the handling of one client requests and the next on\n> the same connection. This can under specific circumstances lead to\n> information being leaked from the connection workspace.\n", "id": "FreeBSD-2019-0237", "modified": "2019-10-24T00:00:00Z", "published": "2019-10-24T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://varnish-cache.org/security/VSV00004.html#vsv00004" }, { "type": "WEB", "url": "https://varnish-cache.org/security/VSV00004.html#vsv00004" } ], "schema_version": "1.7.0", "summary": "varnish -- Information Disclosure Vulnerability" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "sudo" }, "ranges": [ { "events": [ { "fixed": "1.8.28" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://www.sudo.ws/alerts/minus_1_uid.html" ], "discovery": "2019-10-15T00:00:00Z", "references": { "cvename": [ "CVE-2019-14287" ] }, "vid": "3a1474ba-f646-11e9-b0af-b888e347c638" }, "details": "Todd C. Miller reports:\n\n> When sudo is configured to allow a user to run commands as an\n> arbitrary user via the ALL keyword in a Runas specification, it is\n> possible to run commands as root by specifying the user ID -1 or\n> 4294967295.\n>\n> This can be used by a user with sufficient sudo privileges to run\n> commands as root even if the Runas specification explicitly disallows\n> root access as long as the ALL keyword is listed first in the Runas\n> specification.\n>\n> Log entries for commands run this way will list the target user as\n> 4294967295 instead of root. In addition, PAM session modules will not\n> be run for the command.\n", "id": "FreeBSD-2019-0236", "modified": "2019-10-24T00:00:00Z", "published": "2019-10-24T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://www.sudo.ws/alerts/minus_1_uid.html" }, { "type": "WEB", "url": "https://www.sudo.ws/alerts/minus_1_uid.html" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-14287" } ], "schema_version": "1.7.0", "summary": "sudo -- Potential bypass of Runas user restrictions" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "rubygem-loofah" }, "ranges": [ { "events": [ { "fixed": "2.3.1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://github.com/flavorjones/loofah/issues/171" ], "discovery": "2019-10-22T00:00:00Z", "references": { "cvename": [ "CVE-2019-15587" ] }, "vid": "a90d040e-f5b0-11e9-acc4-4576b265fda6" }, "details": "GitHub issue:\n\n> This issue has been created for public disclosure of an XSS\n> vulnerability that was responsibly reported by\n> https://hackerone.com/vxhex\n>\n> In the Loofah gem, through v2.3.0, unsanitized JavaScript may occur in\n> sanitized output when a crafted SVG element is republished.\n", "id": "FreeBSD-2019-0235", "modified": "2019-10-23T00:00:00Z", "published": "2019-10-23T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://github.com/flavorjones/loofah/issues/171" }, { "type": "WEB", "url": "https://github.com/flavorjones/loofah/releases" }, { "type": "WEB", "url": "https://github.com/flavorjones/loofah/issues/171" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-15587" } ], "schema_version": "1.7.0", "summary": "Loofah -- XSS vulnerability" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "python37" }, "ranges": [ { "events": [ { "fixed": "3.7.5" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://docs.python.org/3.7/whatsnew/changelog.html#python-3-7-5-final" ], "discovery": "2019-09-14T00:00:00Z", "references": { "cvename": [ "CVE-2019-15903" ] }, "vid": "9b7491fb-f253-11e9-a50c-000c29c4dc65" }, "details": "Python changelog:\n\n> bpo-38243: Escape the server title of xmlrpc.server.DocXMLRPCServer\n> when rendering the document page as HTML.\n>\n> bpo-38174: Update vendorized expat library version to 2.2.8, which\n> resolves CVE-2019-15903.\n>\n> bpo-37764: Fixes email.\\_header_value_parser.get_unstructured going\n> into an infinite loop for a specific case in which the email header\n> does not have trailing whitespace, and the case in which it contains\n> an invalid encoded word.\n>\n> bpo-37461: Fix an infinite loop when parsing specially crafted email\n> headers.\n>\n> bpo-34155: Fix parsing of invalid email addresses with more than one @\n> (e.g. a@b@c.com.) to not return the part before 2nd @ as valid email\n> address.\n", "id": "FreeBSD-2019-0234", "modified": "2019-10-19T00:00:00Z", "published": "2019-10-19T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://docs.python.org/3.7/whatsnew/changelog.html#python-3-7-5-final" }, { "type": "WEB", "url": "https://docs.python.org/3.7/whatsnew/changelog.html#python-3-7-5-final" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-15903" } ], "schema_version": "1.7.0", "summary": "python 3.7 -- multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "py27-pillow" }, "ranges": [ { "events": [ { "fixed": "6.2.0" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "py35-pillow" }, "ranges": [ { "events": [ { "fixed": "6.2.0" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "py36-pillow" }, "ranges": [ { "events": [ { "fixed": "6.2.0" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "py37-pillow" }, "ranges": [ { "events": [ { "fixed": "6.2.0" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16865" ], "discovery": "2019-09-24T00:00:00Z", "references": { "cvename": [ "CVE-2019-16865" ], "freebsdpr": [ "ports/241268" ] }, "vid": "998ca824-ef55-11e9-b81f-3085a9a95629" }, "details": "Mitre reports:\n\n> An issue was discovered in Pillow before 6.2.0. When reading specially\n> crafted invalid image files, the library can either allocate very\n> large amounts of memory or take an extremely long period of time to\n> process the image.\n", "id": "FreeBSD-2019-0233", "modified": "2019-10-15T00:00:00Z", "published": "2019-10-15T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16865" }, { "type": "WEB", "url": "https://github.com/python-pillow/Pillow/issues/4123" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-16865" }, { "type": "REPORT", "url": "https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=241268" } ], "schema_version": "1.7.0", "summary": "Pillow -- Allocation of resources without limits or throttling" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "mongodb34" }, "ranges": [ { "events": [ { "fixed": "3.4.22" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "mongodb36" }, "ranges": [ { "events": [ { "fixed": "3.6.14" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "mongodb40" }, "ranges": [ { "events": [ { "fixed": "4.0.11" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://jira.mongodb.org/browse/SERVER-42233" ], "discovery": "2019-08-06T00:00:00Z", "references": { "cvename": [ "CVE-2019-2390" ] }, "vid": "fd2e0ca8-e3ae-11e9-8af7-08002720423d" }, "details": "Rich Mirch reports:\n\n> An unprivileged user or program on Microsoft Windows which can create\n> OpenSSL configuration files in a fixed location may cause utility\n> programs shipped with MongoDB server versions less than 4.0.11,\n> 3.6.14, and 3.4.22 to run attacker defined code as the user running\n> the utility.\n", "id": "FreeBSD-2019-0232", "modified": "2019-09-30T00:00:00Z", "published": "2019-09-30T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://jira.mongodb.org/browse/SERVER-42233" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-2390" }, { "type": "WEB", "url": "https://jira.mongodb.org/browse/SERVER-42233" } ], "schema_version": "1.7.0", "summary": "mongodb -- Bump Windows package dependencies" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "mongodb34" }, "ranges": [ { "events": [ { "fixed": "3.4.22" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "mongodb36" }, "ranges": [ { "events": [ { "fixed": "3.6.14" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "mongodb40" }, "ranges": [ { "events": [ { "fixed": "4.0.11" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://jira.mongodb.org/browse/SERVER-40563" ], "discovery": "2019-08-06T00:00:00Z", "references": { "cvename": [ "CVE-2019-2389" ] }, "vid": "273c6c43-e3ad-11e9-8af7-08002720423d" }, "details": "Sicheng Liu of Beijing DBSEC Technology Co., Ltd reports:\n\n> Incorrect scoping of kill operations in MongoDB Server\\'s packaged\n> SysV init scripts allow users with write access to the PID file to\n> insert arbitrary PIDs to be killed when the root user stops the\n> MongoDB process via SysV init.\n", "id": "FreeBSD-2019-0231", "modified": "2019-09-30T00:00:00Z", "published": "2019-09-30T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://jira.mongodb.org/browse/SERVER-40563" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-2389" }, { "type": "WEB", "url": "https://jira.mongodb.org/browse/SERVER-40563" } ], "schema_version": "1.7.0", "summary": "mongodb -- Our init scripts check /proc/[pid]/stat should validate that `(${procname})` is the process' command name." }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "mongodb34" }, "ranges": [ { "events": [ { "fixed": "3.4.22" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "mongodb36" }, "ranges": [ { "events": [ { "fixed": "3.6.13" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "mongodb40" }, "ranges": [ { "events": [ { "fixed": "4.0.9" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://jira.mongodb.org/browse/SERVER-38984" ], "discovery": "2019-08-06T00:00:00Z", "references": { "cvename": [ "CVE-2019-2386" ] }, "vid": "880bca8f-e201-11e9-8af7-08002720423d" }, "details": "Mitch Wasson of Cisco\\'s Advanced Malware Protection Group reports:\n\n> After user deletion in MongoDB Server the improper invalidation of\n> authorization sessions allows an authenticated user\\'s session to\n> persist and become conflated with new accounts, if those accounts\n> reuse the names of deleted ones.\n", "id": "FreeBSD-2019-0230", "modified": "2019-09-28T00:00:00Z", "published": "2019-09-28T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://jira.mongodb.org/browse/SERVER-38984" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-2386" }, { "type": "WEB", "url": "https://jira.mongodb.org/browse/SERVER-38984" } ], "schema_version": "1.7.0", "summary": "mongodb -- Attach IDs to users" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "ap24-mod_perl2" }, "ranges": [ { "events": [ { "fixed": "2.0.11,3" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://nvd.nist.gov/vuln/detail/CVE-2011-2767" ], "discovery": "2011-07-19T00:00:00Z", "vid": "c360d057-ea8b-11e9-859b-b885849ded8e" }, "details": "mod_perl2 2.0.11 fixes Arbitrary Perl code execution in the context of\nthe user account via a user-owned .htaccess.\n\n> mod_perl 2.0 through 2.0.10 allows attackers to execute arbitrary Perl\n> code by placing it in a user-owned .htaccess file, because (contrary\n> to the documentation) there is no configuration option that permits\n> Perl code for the administrator\\'s control of HTTP request processing\n> without also permitting unprivileged users to run Perl code in the\n> context of the user account that runs Apache HTTP Server processes.\n", "id": "FreeBSD-2019-0229", "modified": "2019-10-09T00:00:00Z", "published": "2019-10-09T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://nvd.nist.gov/vuln/detail/CVE-2011-2767" }, { "type": "ADVISORY", "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2767" }, { "type": "WEB", "url": "https://www.securityfocus.com/bid/105195" }, { "type": "WEB", "url": "https://access.redhat.com/errata/RHSA-2018:2826" }, { "type": "WEB", "url": "https://bugs.debian.org/644169" }, { "type": "WEB", "url": "https://usn.ubuntu.com/3825-2/" } ], "schema_version": "1.7.0", "summary": "mod_perl2 -- execute arbitrary Perl code" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "xpdf" }, "ranges": [ { "events": [ { "fixed": "4.02,1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "xpdf4" }, "ranges": [ { "events": [ { "fixed": "4.02,1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "xpdf3" }, "ranges": [ { "events": [ { "fixed": "3.04_11" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://nvd.nist.gov/vuln/detail/CVE-2019-9877", "https://nvd.nist.gov/vuln/detail/CVE-2019-16927" ], "discovery": "2019-10-01T00:00:00Z", "vid": "791e8f79-e7d1-11e9-8b31-206a8a720317" }, "details": "Xpdf 4.02 fixes two vulnerabilities. Both fixes have been backported to\n3.04.\n\n> An invalid memory access vulnerability in TextPage::findGaps() in Xpdf\n> 4.01 through a crafted PDF document can cause a segfault.\n\n> An out of bounds write exists in TextPage::findGaps() of Xpdf 4.01.01\n", "id": "FreeBSD-2019-0228", "modified": "2019-10-06T00:00:00Z", "published": "2019-10-06T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-9877" }, { "type": "REPORT", "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-16927" }, { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-9877" }, { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-16927" }, { "type": "ADVISORY", "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9877" }, { "type": "ADVISORY", "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1692" } ], "schema_version": "1.7.0", "summary": "Xpdf -- Multiple Vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "unbound" }, "ranges": [ { "events": [ { "introduced": "1.7.1" }, { "fixed": "1.9.4" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://www.nlnetlabs.nl/projects/unbound/security-advisories/#vulnerability-in-parsing-notify-queries" ], "discovery": "2019-10-03T00:00:00Z", "references": { "cvename": [ "CVE-2019-16866" ] }, "vid": "108a4be3-e612-11e9-9963-5f1753e0aca0" }, "details": "Unbound Security Advisories:\n\n> Due to an error in parsing NOTIFY queries, it is possible for Unbound\n> to continue processing malformed queries and may ultimately result in\n> a pointer dereference in uninitialized memory. This results in a crash\n> of the Unbound daemon.\n", "id": "FreeBSD-2019-0227", "modified": "2019-10-03T00:00:00Z", "published": "2019-10-03T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://www.nlnetlabs.nl/projects/unbound/security-advisories/#vulnerability-in-parsing-notify-queries" }, { "type": "WEB", "url": "https://www.nlnetlabs.nl/projects/unbound/security-advisories/#vulnerability-in-parsing-notify-queries" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-16866" } ], "schema_version": "1.7.0", "summary": "unbound -- parsing vulnerability" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "ruby" }, "ranges": [ { "events": [ { "introduced": "2.4.0,1" }, { "fixed": "2.4.9,1" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "2.5.0,1" }, { "fixed": "2.5.7,1" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "2.6.0,1" }, { "fixed": "2.6.5,1" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://www.ruby-lang.org/en/news/2019/10/01/ruby-2-6-5-released/" ], "discovery": "2019-10-01T00:00:00Z", "references": { "cvename": [ "CVE-2019-15845", "CVE-2019-16201", "CVE-2019-16254", "CVE-2019-16255" ] }, "vid": "f7fcb75c-e537-11e9-863e-b9b7af01ba9e" }, "details": "Ruby news:\n\n> This release includes security fixes. Please check the topics below\n> for details.\n>\n> CVE-2019-15845: A NUL injection vulnerability of File.fnmatch and\n> File.fnmatch?\n>\n> A NUL injection vulnerability of Ruby built-in methods (File.fnmatch\n> and File.fnmatch?) was found. An attacker who has the control of the\n> path pattern parameter could exploit this vulnerability to make path\n> matching pass despite the intention of the program author.\n>\n> CVE-2019-16201: Regular Expression Denial of Service vulnerability of\n> WEBrick\\'s Digest access authentication\n>\n> Regular expression denial of service vulnerability of WEBrick\\'s\n> Digest authentication module was found. An attacker can exploit this\n> vulnerability to cause an effective denial of service against a\n> WEBrick service.\n>\n> CVE-2019-16254: HTTP response splitting in WEBrick (Additional fix)\n>\n> There is an HTTP response splitting vulnerability in WEBrick bundled\n> with Ruby.\n>\n> CVE-2019-16255: A code injection vulnerability of Shell#\\[\\] and\n> Shell#test\n>\n> A code injection vulnerability of Shell#\\[\\] and Shell#test in a\n> standard library (lib/shell.rb) was found.\n", "id": "FreeBSD-2019-0226", "modified": "2019-10-02T00:00:00Z", "published": "2019-10-02T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://www.ruby-lang.org/en/news/2019/10/01/ruby-2-6-5-released/" }, { "type": "WEB", "url": "https://www.ruby-lang.org/en/news/2019/10/01/ruby-2-6-5-released/" }, { "type": "WEB", "url": "https://www.ruby-lang.org/en/news/2019/10/01/ruby-2-5-7-released/" }, { "type": "WEB", "url": "https://www.ruby-lang.org/en/news/2019/10/01/ruby-2-4-8-released/" }, { "type": "WEB", "url": "https://www.ruby-lang.org/en/news/2019/10/02/ruby-2-4-9-released/" }, { "type": "WEB", "url": "https://www.ruby-lang.org/en/news/2019/10/01/nul-injection-file-fnmatch-cve-2019-15845/" }, { "type": "WEB", "url": "https://www.ruby-lang.org/en/news/2019/10/01/webrick-regexp-digestauth-dos-cve-2019-16201/" }, { "type": "WEB", "url": "https://www.ruby-lang.org/en/news/2019/10/01/http-response-splitting-in-webrick-cve-2019-16254/" }, { "type": "WEB", "url": "https://www.ruby-lang.org/en/news/2019/10/01/code-injection-shell-test-cve-2019-16255/" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-15845" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-16201" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-16254" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-16255" } ], "schema_version": "1.7.0", "summary": "ruby -- multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "gitlab-ce" }, "ranges": [ { "events": [ { "introduced": "12.3.0" }, { "fixed": "12.3.3" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "12.2.0" }, { "fixed": "12.2.7" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "8.17.0" }, { "fixed": "12.1.13" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://about.gitlab.com/2019/10/02/security-release-gitlab-12-dot-3-dot-3-released/" ], "discovery": "2019-10-02T00:00:00Z", "vid": "0762fa72-e530-11e9-86e9-001b217b3468" }, "details": "Gitlab reports:\n\n> Disclosure of Private Code, Merge Requests and Commits via\n> Elasticsearch integration\n", "id": "FreeBSD-2019-0225", "modified": "2019-10-02T00:00:00Z", "published": "2019-10-02T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://about.gitlab.com/2019/10/02/security-release-gitlab-12-dot-3-dot-3-released/" }, { "type": "WEB", "url": "https://about.gitlab.com/2019/10/02/security-release-gitlab-12-dot-3-dot-3-released/" } ], "schema_version": "1.7.0", "summary": "Gitlab -- Disclosure Vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "gitlab-ce" }, "ranges": [ { "events": [ { "introduced": "12.3.0" }, { "fixed": "12.3.2" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "12.2.0" }, { "fixed": "12.2.6" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "7.12.0" }, { "fixed": "12.1.12" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://about.gitlab.com/2019/09/30/security-release-gitlab-12-dot-3-dot-2-released/" ], "discovery": "2019-09-30T00:00:00Z", "references": { "cvename": [ "CVE-2019-19039" ] }, "vid": "b17c86b9-e52e-11e9-86e9-001b217b3468" }, "details": "The GitLab Team reports:\n\n> XSS in Markdown Preview Using Mermaid\n>\n> Bypass Email Verification using Salesforce Authentication\n>\n> Account Takeover using SAML\n>\n> Uncontrolled Resource Consumption in Markdown using Mermaid\n>\n> Disclosure of Private Project Path and Labels\n>\n> Disclosure of Assignees via Milestones\n>\n> Disclosure of Project Path via Unsubscribe Link\n>\n> Disclosure of Project Milestones via Groups\n>\n> Disclosure of Private System Notes via GraphQL\n>\n> GIT Command Injection via API\n>\n> Bypass User Blocking via CI/CD token\n>\n> IDOR Adding Groups to Protected Environments\n>\n> Disclosure of Group Membership via Merge Request Approval Rules\n>\n> Disclosure of Head Pipeline via Blocking Merge Request Feature\n>\n> Grafana update\n", "id": "FreeBSD-2019-0224", "modified": "2019-10-02T00:00:00Z", "published": "2019-10-02T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://about.gitlab.com/2019/09/30/security-release-gitlab-12-dot-3-dot-2-released/" }, { "type": "WEB", "url": "https://about.gitlab.com/2019/09/30/security-release-gitlab-12-dot-3-dot-2-released/" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-19039" } ], "schema_version": "1.7.0", "summary": "Gitlab -- Multiple Vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "cacti" }, "ranges": [ { "events": [ { "fixed": "1.2.7" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16723" ], "discovery": "2019-09-23T00:00:00Z", "references": { "cvename": [ "CVE-2019-16723" ] }, "vid": "ed18aa92-e4f4-11e9-b6fa-3085a9a95629" }, "details": "The cacti developers reports:\n\n> In Cacti through 1.2.6, authenticated users may bypass authorization\n> checks (for viewing a graph) via a direct graph_json.php request with\n> a modified local_graph_id parameter.\n", "id": "FreeBSD-2019-0223", "modified": "2019-10-02T00:00:00Z", "published": "2019-10-02T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16723" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-16723" }, { "type": "WEB", "url": "https://github.com/Cacti/cacti/releases/tag/release%2F1.2.7" } ], "schema_version": "1.7.0", "summary": "cacti -- Authenticated users may bypass authorization checks" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "exim" }, "ranges": [ { "events": [ { "introduced": "4.92" }, { "fixed": "4.92.3" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://lists.exim.org/lurker/message/20190927.032457.c1044d4c.en.html" ], "discovery": "2019-09-28T00:00:00Z", "vid": "e917caba-e291-11e9-89f1-152fed202bb7" }, "details": "Exim developers team report:\n\n> There is a heap overflow in string_vformat().Using a EHLO message,\n> remote code execution seems to be possible.\n", "id": "FreeBSD-2019-0222", "modified": "2019-09-29T00:00:00Z", "published": "2019-09-29T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://lists.exim.org/lurker/message/20190927.032457.c1044d4c.en.html" }, { "type": "WEB", "url": "https://www.openwall.com/lists/oss-security/2019/09/28/1" } ], "schema_version": "1.7.0", "summary": "Exim -- heap-based buffer overflow in string_vformat leading to RCE" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "go" }, "ranges": [ { "events": [ { "fixed": "1.13.1,1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "go-devel" }, "ranges": [ { "events": [ { "fixed": "g20190925" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://github.com/golang/go/issues/34540" ], "discovery": "2019-09-25T00:00:00Z", "references": { "cvename": [ "CVE-2019-16276" ] }, "vid": "a92dcc5c-e05c-11e9-b589-10c37b4ac2ea" }, "details": "The Go project reports:\n\n> net/http (through net/textproto) used to accept and normalize invalid\n> HTTP/1.1 headers with a space before the colon, in violation of RFC\n> 7230. If a Go server is used behind a reverse proxy that accepts and\n> forwards but doesn\\'t normalize such invalid headers, the reverse\n> proxy and the server can interpret the headers differently. This can\n> lead to filter bypasses or request smuggling, the latter if requests\n> from separate clients are multiplexed onto the same connection by the\n> proxy. Such invalid headers are now rejected by Go servers, and passed\n> without normalization to Go client applications.\n", "id": "FreeBSD-2019-0221", "modified": "2019-09-26T00:00:00Z", "published": "2019-09-26T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://github.com/golang/go/issues/34540" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-16276" }, { "type": "WEB", "url": "https://github.com/golang/go/issues/34540" } ], "schema_version": "1.7.0", "summary": "go -- invalid headers are normalized, allowing request smuggling" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "mantis-php71" }, "ranges": [ { "events": [ { "fixed": "2.22.1,1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "mantis-php72" }, "ranges": [ { "events": [ { "fixed": "2.22.1,1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "mantis-php73" }, "ranges": [ { "events": [ { "fixed": "2.22.1,1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "mantis-php74" }, "ranges": [ { "events": [ { "fixed": "2.22.1,1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://mantisbt.org/bugs/changelog_page.php?project=mantisbt&version=2.22.1" ], "discovery": "2019-08-28T00:00:00Z", "references": { "cvename": [ "CVE-2019-15715", "CVE-2019-8331" ] }, "vid": "81fcc2f9-e15a-11e9-abbf-800dd28b22bd" }, "details": "The Mantis developers report:\n\n> CVE-2019-15715: \\[Admin Required - Post Authentication\\] Command\n> Execution / Injection Vulnerability\n>\n> CVE-2019-8331: In Bootstrap before 3.4.1, XSS is possible in the\n> tooltip or popover data-template attribute\n>\n> Missing integrity hashes for CSS resources from CDNs\n", "id": "FreeBSD-2019-0220", "modified": "2019-09-27T00:00:00Z", "published": "2019-09-27T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://mantisbt.org/bugs/changelog_page.php?project=mantisbt&version=2.22.1" }, { "type": "WEB", "url": "https://mantisbt.org/bugs/changelog_page.php?project=mantisbt&version=2.22.1" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-15715" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-8331" } ], "schema_version": "1.7.0", "summary": "mantis -- multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "jenkins" }, "ranges": [ { "events": [ { "last_affected": "2.196" }, { "fixed": "2.196" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "jenkins-lts" }, "ranges": [ { "events": [ { "last_affected": "2.176.3" }, { "fixed": "2.176.3" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://jenkins.io/security/advisory/2019-09-25/" ], "discovery": "2019-09-25T00:00:00Z", "references": { "cvename": [ "CVE-2019-10401", "CVE-2019-10402", "CVE-2019-10403", "CVE-2019-10404", "CVE-2019-10405", "CVE-2019-10406" ] }, "vid": "9720bb39-f82a-402f-9fe4-e2c875bdda83" }, "details": "Jenkins Security Advisory:\n\n> # Description\n>\n> ##### (Medium) SECURITY-1498 / CVE-2019-10401\n>\n> Stored XSS vulnerability in expandable textbox form control\n>\n> ##### (Medium) SECURITY-1525 / CVE-2019-10402\n>\n> XSS vulnerability in combobox form control\n>\n> ##### (Medium) SECURITY-1537 (1) / CVE-2019-10403\n>\n> Stored XSS vulnerability in SCM tag action tooltip\n>\n> ##### (Medium) SECURITY-1537 (2) / CVE-2019-10404\n>\n> Stored XSS vulnerability in queue item tooltip\n>\n> ##### (Medium) SECURITY-1505 / CVE-2019-10405\n>\n> Diagnostic web page exposed Cookie HTTP header\n>\n> ##### (Medium) SECURITY-1471 / CVE-2019-10406\n>\n> XSS vulnerability in Jenkins URL setting\n", "id": "FreeBSD-2019-0219", "modified": "2019-09-25T00:00:00Z", "published": "2019-09-25T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://jenkins.io/security/advisory/2019-09-25/" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-10401" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-10402" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-10403" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-10404" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-10405" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-10406" }, { "type": "WEB", "url": "https://jenkins.io/security/advisory/2019-09-25/" } ], "schema_version": "1.7.0", "summary": "jenkins -- multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "kea" }, "ranges": [ { "events": [ { "fixed": "1.6.0" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://gitlab.isc.org/isc-projects/kea/issues" ], "discovery": "2019-08-28T00:00:00Z", "references": { "cvename": [ "CVE-2019-6472", "CVE-2019-6473", "CVE-2019-6474" ] }, "vid": "20b92374-d62a-11e9-af73-001b217e4ee5" }, "details": "Internet Systems Consortium, Inc. reports:\n\n> A packet containing a malformed DUID can cause the kea-dhcp6 server to\n> terminate (CVE-2019-6472) \\[Medium\\]\n>\n> An invalid hostname option can cause the kea-dhcp4 server to terminate\n> (CVE-2019-6473) \\[Medium\\]\n>\n> An oversight when validating incoming client requests can lead to a\n> situation where the Kea server\\\n> will exit when trying to restart (CVE-2019-6474) \\[Medium\\]\n", "id": "FreeBSD-2019-0218", "modified": "2019-09-20T00:00:00Z", "published": "2019-09-20T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://gitlab.isc.org/isc-projects/kea/issues" }, { "type": "WEB", "url": "https://gitlab.isc.org/isc-projects/kea/issues" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-6472" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-6473" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-6474" } ], "schema_version": "1.7.0", "summary": "ISC KEA -- Multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "expat" }, "ranges": [ { "events": [ { "fixed": "2.2.8" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://github.com/libexpat/libexpat/blob/R_2_2_8/expat/Changes" ], "discovery": "2019-09-13T00:00:00Z", "vid": "6856d798-d950-11e9-aae4-f079596b62f9" }, "details": "expat project reports:\n\n> Fix heap overflow triggered by XML_GetCurrentLineNumber (or\n> XML_GetCurrentColumnNumber), and deny internal entities closing the\n> doctype\n", "id": "FreeBSD-2019-0217", "modified": "2019-09-17T00:00:00Z", "published": "2019-09-17T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://github.com/libexpat/libexpat/blob/R_2_2_8/expat/Changes" }, { "type": "WEB", "url": "https://github.com/libexpat/libexpat/blob/R_2_2_8/expat/Changes" } ], "schema_version": "1.7.0", "summary": "expat2 -- Fix extraction of namespace prefixes from XML names" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "gitlab-ce" }, "ranges": [ { "events": [ { "introduced": "12.2.0" }, { "fixed": "12.2.5" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "12.1.0" }, { "fixed": "12.1.9" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "11.6.0" }, { "fixed": "12.0.9" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://about.gitlab.com/2019/09/10/critical-security-release-gitlab-12-dot-2-dot-5-released/" ], "discovery": "2019-09-10T00:00:00Z", "references": { "cvename": [ "CVE-2019-16170" ] }, "vid": "b2789b2d-d521-11e9-86e9-001b217b3468" }, "details": "Gitlab reports:\n\n> Project Template Functionality Could Be Used to Access Restricted\n> Project Data\n>\n> Security Enhancements in GitLab Pages\n", "id": "FreeBSD-2019-0216", "modified": "2019-09-12T00:00:00Z", "published": "2019-09-12T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://about.gitlab.com/2019/09/10/critical-security-release-gitlab-12-dot-2-dot-5-released/" }, { "type": "WEB", "url": "https://about.gitlab.com/2019/09/10/critical-security-release-gitlab-12-dot-2-dot-5-released/" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-16170" } ], "schema_version": "1.7.0", "summary": "Gitlab -- Multiple Vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "mbedtls" }, "ranges": [ { "events": [ { "fixed": "2.16.3" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://tls.mbed.org/tech-updates/security-advisories/mbedtls-security-advisory-2019-10" ], "discovery": "2019-09-06T00:00:00Z", "vid": "1c948fd3-dac0-11e9-81b2-0011d823eebd" }, "details": "Janos Follath reports:\n\n> Mbed TLS does not have a constant-time/constant-trace arithmetic\n> library and uses blinding to protect against side channel attacks.\n>\n> In the ECDSA signature routine previous Mbed TLS versions used the\n> same RNG object for generating the ephemeral key pair and for\n> generating the blinding values. The deterministic ECDSA function\n> reused this by passing the RNG object created from the private key and\n> the message to be signed as prescribed by RFC 6979. This meant that\n> the same RNG object was used whenever the same message was signed,\n> rendering the blinding ineffective.\n>\n> If the victim can be tricked to sign the same message repeatedly, the\n> private key may be recoverable through side channels.\n", "id": "FreeBSD-2019-0215", "modified": "2019-09-19T00:00:00Z", "published": "2019-09-19T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://tls.mbed.org/tech-updates/security-advisories/mbedtls-security-advisory-2019-10" }, { "type": "WEB", "url": "https://tls.mbed.org/tech-updates/security-advisories/mbedtls-security-advisory-2019-10" } ], "schema_version": "1.7.0", "summary": "Mbed TLS -- Side channel attack on deterministic ECDSA" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "bro" }, "ranges": [ { "events": [ { "fixed": "2.6.4" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://raw.githubusercontent.com/zeek/zeek/3b5a9f88ece1d274edee897837e280ef751bde94/NEWS" ], "discovery": "2019-08-28T00:00:00Z", "vid": "55571619-454e-4769-b1e5-28354659e152" }, "details": "Jon Siwek of Corelight reports:\n\n> This is a security patch release to address a potential Denial of\n> Service vulnerability:\n>\n> - The NTLM analyzer did not properly handle AV Pair sequences that\n> were either empty or unterminated, resulting in invalid memory\n> access or heap buffer over-read. The NTLM analyzer is enabled by\n> default and used in the analysis of SMB, DCE/RPC, and GSSAPI\n> protocols.\n", "id": "FreeBSD-2019-0214", "modified": "2019-09-17T00:00:00Z", "published": "2019-09-17T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://raw.githubusercontent.com/zeek/zeek/3b5a9f88ece1d274edee897837e280ef751bde94/NEWS" }, { "type": "WEB", "url": "https://raw.githubusercontent.com/zeek/zeek/3b5a9f88ece1d274edee897837e280ef751bde94/NEWS" } ], "schema_version": "1.7.0", "summary": "bro -- invalid memory access or heap buffer over-read" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "expat" }, "ranges": [ { "events": [ { "fixed": "2.2.7" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://github.com/libexpat/libexpat/blob/R_2_2_7/expat/Changes" ], "discovery": "2019-06-19T00:00:00Z", "vid": "c5bd8a25-99a6-11e9-a598-f079596b62f9" }, "details": "expat project reports:\n\n> XML names with multiple colons could end up in the wrong namespace,\n> and take a high amount of RAM and CPU resources while processing,\n> opening the door to use for denial-of-service attacks\n", "id": "FreeBSD-2019-0213", "modified": "2019-09-16T00:00:00Z", "published": "2019-09-16T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://github.com/libexpat/libexpat/blob/R_2_2_7/expat/Changes" }, { "type": "WEB", "url": "https://github.com/libexpat/libexpat/blob/R_2_2_7/expat/Changes" } ], "schema_version": "1.7.0", "summary": "expat2 -- Fix extraction of namespace prefixes from XML names" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "curl" }, "ranges": [ { "events": [ { "introduced": "7.19.4" }, { "fixed": "7.66.0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://curl.haxx.se/docs/security.html" ], "discovery": "2019-09-11T00:00:00Z", "references": { "cvename": [ "CVE-2019-5481", "CVE-2019-5482" ] }, "vid": "9fb4e57b-d65a-11e9-8a5f-e5c82b486287" }, "details": "curl security problems:\n\n> CVE-2019-5481: FTP-KRB double-free\n>\n> libcurl can be told to use kerberos over FTP to a server, as set with\n> the CURLOPT_KRBLEVEL option.\n>\n> During such kerberos FTP data transfer, the server sends data to curl\n> in blocks with the 32 bit size of each block first and then that\n> amount of data immediately following.\n>\n> A malicious or just broken server can claim to send a very large block\n> and if by doing that it makes curl\\'s subsequent call to realloc() to\n> fail, curl would then misbehave in the exit path and double-free the\n> memory.\n>\n> In practical terms, an up to 4 GB memory area may very well be fine to\n> allocate on a modern 64 bit system but on 32 bit systems it will fail.\n>\n> Kerberos FTP is a rarely used protocol with curl. Also, Kerberos\n> authentication is usually only attempted and used with servers that\n> the client has a previous association with.\n>\n> CVE-2019-5482: TFTP small blocksize heap buffer overflow\n>\n> libcurl contains a heap buffer overflow in the function\n> (tftp_receive_packet()) that receives data from a TFTP server. It can\n> call recvfrom() with the default size for the buffer rather than with\n> the size that was used to allocate it. Thus, the content that might\n> overwrite the heap memory is controlled by the server.\n>\n> This flaw is only triggered if the TFTP server sends an OACK without\n> the BLKSIZE option, when a BLKSIZE smaller than 512 bytes was\n> requested by the TFTP client. OACK is a TFTP extension and is not used\n> by all TFTP servers.\n>\n> Users choosing a smaller block size than default should be rare as the\n> primary use case for changing the size is to make it larger.\n>\n> It is rare for users to use TFTP across the Internet. It is most\n> commonly used within local networks. TFTP as a protocol is always\n> inherently insecure.\n>\n> This issue was introduced by the add of the TFTP BLKSIZE option\n> handling. It was previously incompletely fixed by an almost identical\n> issue called CVE-2019-5436.\n", "id": "FreeBSD-2019-0212", "modified": "2019-09-14T00:00:00Z", "published": "2019-09-14T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://curl.haxx.se/docs/security.html" }, { "type": "WEB", "url": "https://curl.haxx.se/docs/security.html" }, { "type": "WEB", "url": "https://curl.haxx.se/docs/CVE-2019-5481.html" }, { "type": "WEB", "url": "https://curl.haxx.se/docs/CVE-2019-5482.html" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-5481" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-5482" } ], "schema_version": "1.7.0", "summary": "curl -- multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "openssl" }, "ranges": [ { "events": [ { "fixed": "1.0.2t,1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "openssl111" }, "ranges": [ { "events": [ { "fixed": "1.1.1d" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://www.openssl.org/news/secadv/20190910.txt" ], "discovery": "2019-09-10T00:00:00Z", "references": { "cvename": [ "CVE-2019-1547", "CVE-2019-1549" ] }, "vid": "9e0c6f7a-d46d-11e9-a1c7-b499baebfeaf" }, "details": "The OpenSSL project reports:\n\n> ECDSA remote timing attack (CVE-2019-1547) \\[Low\\]\n>\n> Fork Protection (CVE-2019-1549) \\[Low\\]\\\n> (OpenSSL 1.1.1 only)\n", "id": "FreeBSD-2019-0211", "modified": "2019-09-11T00:00:00Z", "published": "2019-09-11T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://www.openssl.org/news/secadv/20190910.txt" }, { "type": "WEB", "url": "https://www.openssl.org/news/secadv/20190910.txt" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-1547" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-1549" } ], "schema_version": "1.7.0", "summary": "OpenSSL -- Multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "linux-flashplayer" }, "ranges": [ { "events": [ { "fixed": "32.0.0.255" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://helpx.adobe.com/security/products/flash-player/apsb19-46.html" ], "discovery": "2019-09-10T00:00:00Z", "references": { "cvename": [ "CVE-2019-8069", "CVE-2019-8070" ] }, "vid": "c6f19fe6-d42a-11e9-b4f9-6451062f0f7a" }, "details": "Adobe reports:\n\n> - This update resolves a same origin method execution vulnerability\n> that could lead to arbitrary code execution (CVE-2019-8069).\n> - This update resolves a use-after-free vulnerability that could lead\n> to arbitrary code execution (CVE-2019-8070).\n", "id": "FreeBSD-2019-0210", "modified": "2019-09-10T00:00:00Z", "published": "2019-09-10T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://helpx.adobe.com/security/products/flash-player/apsb19-46.html" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-8069" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-8070" }, { "type": "WEB", "url": "https://helpx.adobe.com/security/products/flash-player/apsb19-46.html" } ], "schema_version": "1.7.0", "summary": "Flash Player -- multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "oniguruma" }, "ranges": [ { "events": [ { "fixed": "6.9.3" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13224", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13225" ], "discovery": "2019-07-03T00:00:00Z", "references": { "cvename": [ "CVE-2019-13224", "CVE-2019-13225" ] }, "vid": "a8d87c7a-d1b1-11e9-a616-0992a4564e7c" }, "details": "> A use-after-free in onig_new_deluxe() in regext.c in Oniguruma 6.9.2\n> allows attackers to potentially cause information disclosure, denial\n> of service, or possibly code execution by providing a crafted regular\n> expression. The attacker provides a pair of a regex pattern and a\n> string, with a multi-byte encoding that gets handled by\n> onig_new_deluxe().\n\n> A NULL Pointer Dereference in match_at() in regexec.c in Oniguruma\n> 6.9.2 allows attackers to potentially cause denial of service by\n> providing a crafted regular expression.\n>\n> Oniguruma issues often affect Ruby, as well as common optional\n> libraries for PHP and Rust.\n", "id": "FreeBSD-2019-0209", "modified": "2019-09-07T00:00:00Z", "published": "2019-09-07T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13224" }, { "type": "REPORT", "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13225" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-13224" }, { "type": "ADVISORY", "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13224" }, { "type": "WEB", "url": "https://github.com/kkos/oniguruma/commit/0f7f61ed1b7b697e283e37bd2d731d0bd57adb55" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-13225" }, { "type": "ADVISORY", "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13225" }, { "type": "WEB", "url": "https://github.com/kkos/oniguruma/commit/c509265c5f6ae7264f7b8a8aae1cfa5fc59d108c" } ], "schema_version": "1.7.0", "summary": "oniguruma -- multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "xymon-server" }, "ranges": [ { "events": [ { "fixed": "4.3.29" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://lists.xymon.com/archive/2019-July/046570.html" ], "discovery": "2019-07-23T00:00:00Z", "references": { "cvename": [ "CVE-2019-13451", "CVE-2019-13452", "CVE-2019-13455", "CVE-2019-13273", "CVE-2019-13274", "CVE-2019-13484", "CVE-2019-13485", "CVE-2019-13486" ] }, "vid": "10e1d580-d174-11e9-a87f-a4badb2f4699" }, "details": "Japheth Cleaver reports:\n\n> Several buffer overflows were reported by University of Cambridge\n> Computer Security Incident Response Team.\n", "id": "FreeBSD-2019-0208", "modified": "2019-09-07T00:00:00Z", "published": "2019-09-07T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://lists.xymon.com/archive/2019-July/046570.html" }, { "type": "WEB", "url": "https://lists.xymon.com/archive/2019-July/046570.html" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-13451" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-13452" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-13455" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-13273" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-13274" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-13484" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-13485" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-13486" } ], "schema_version": "1.7.0", "summary": "xymon-server -- multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "wordpress" }, "ranges": [ { "events": [ { "fixed": "5.2.3,1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "fr-wordpress" }, "ranges": [ { "events": [ { "fixed": "5.2.3,1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "de-wordpress" }, "ranges": [ { "events": [ { "fixed": "5.2.3" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "zh_CN-wordpress" }, "ranges": [ { "events": [ { "fixed": "5.2.3" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "zh_TW-wordpress" }, "ranges": [ { "events": [ { "fixed": "5.2.3" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "ja-wordpress" }, "ranges": [ { "events": [ { "fixed": "5.2.3" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "ru-wordpress" }, "ranges": [ { "events": [ { "fixed": "5.2.3" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://wordpress.org/news/2019/09/wordpress-5-2-3-security-and-maintenance-release/" ], "discovery": "2019-09-05T00:00:00Z", "vid": "8a9f86de-d080-11e9-9051-4c72b94353b5" }, "details": "wordpress developers reports:\n\n> Props to Simon Scannell of RIPS Technologies for finding and\n> disclosing two issues. The first, a cross-site scripting (XSS)\n> vulnerability found in post previews by contributors. The second was a\n> cross-site scripting vulnerability in stored comments.\n>\n> Props to Tim Coen for disclosing an issue where validation and\n> sanitization of a URL could lead to an open redirect.\n>\n> Props to Anshul Jain for disclosing reflected cross-site scripting\n> during media uploads.\n>\n> Props to Zhouyuan Yang of Fortinets FortiGuard Labs who disclosed a\n> vulnerability for cross-site scripting (XSS) in shortcode previews.\n>\n> Props to Ian Dunn of the Core Security Team for finding and disclosing\n> a case where reflected cross-site scripting could be found in the\n> dashboard.\n>\n> Props to Soroush Dalilifrom NCC Group for disclosing an issue with URL\n> sanitization that can lead to cross-site scripting (XSS) attacks.\n>\n> In addition to the above changes, we are also updating jQuery on older\n> versions of WordPress. This change was added in 5.2.1 and is now being\n> brought to older versions.\n", "id": "FreeBSD-2019-0207", "modified": "2019-09-06T00:00:00Z", "published": "2019-09-06T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://wordpress.org/news/2019/09/wordpress-5-2-3-security-and-maintenance-release/" }, { "type": "WEB", "url": "https://wordpress.org/news/2019/09/wordpress-5-2-3-security-and-maintenance-release/" } ], "schema_version": "1.7.0", "summary": "wordpress -- multiple issues" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "exim" }, "ranges": [ { "events": [ { "fixed": "4.92.2" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://git.exim.org/exim.git/blob/2600301ba6dbac5c9d640c87007a07ee6dcea1f4:/doc/doc-txt/cve-2019-15846/cve.txt" ], "discovery": "2019-09-02T00:00:00Z", "vid": "61db9b88-d091-11e9-8d41-97657151f8c2" }, "details": "Exim developers report:\n\n> If your Exim server accepts TLS connections, it is vulnerable. This\n> does not depend on the TLS libray, so both, GnuTLS and OpenSSL are\n> affected.\n>\n> The vulnerability is exploitable by sending a SNI ending in a\n> backslash-null sequence during the initial TLS handshake. The exploit\n> exists as a POC. For more details see the document qualys.mbx\n", "id": "FreeBSD-2019-0206", "modified": "2019-09-06T00:00:00Z", "published": "2019-09-06T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://git.exim.org/exim.git/blob/2600301ba6dbac5c9d640c87007a07ee6dcea1f4:/doc/doc-txt/cve-2019-15846/cve.txt" }, { "type": "WEB", "url": "https://git.exim.org/exim.git/blob_plain/2600301ba6dbac5c9d640c87007a07ee6dcea1f4:/doc/doc-txt/cve-2019-15846/cve.txt" } ], "schema_version": "1.7.0", "summary": "Exim -- RCE with root privileges in TLS SNI handler" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "asterisk13" }, "ranges": [ { "events": [ { "fixed": "13.28.1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "asterisk16" }, "ranges": [ { "events": [ { "fixed": "16.5.1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "http://www.asterisk.org/downloads/security-advisories" ], "discovery": "2019-08-07T00:00:00Z", "references": { "cvename": [ "CVE-2019-15639" ] }, "vid": "7d53d8da-d07a-11e9-8f1a-001999f8d30b" }, "details": "The Asterisk project reports:\n\n> When audio frames are given to the audio transcoding support in\n> Asterisk the number of samples are examined and as part of this a\n> message is output to indicate that no samples are present. A change\n> was done to suppress this message for a particular scenario in which\n> the message was not relevant. This change assumed that information\n> about the origin of a frame will always exist when in reality it may\n> not.\n>\n> This issue presented itself when an RTP packet containing no audio\n> (and thus no samples) was received. In a particular transcoding\n> scenario this audio frame would get turned into a frame with no origin\n> information. If this new frame was then given to the audio transcoding\n> support a crash would occur as no samples and no origin information\n> would be present. The transcoding scenario requires the genericplc\n> option to be set to enabled (the default) and a transcoding path from\n> the source format into signed linear and then from signed linear into\n> another format.\n>\n> Note that there may be other scenarios that have not been found which\n> can cause an audio frame with no origin to be given to the audio\n> transcoding support and thus cause a crash.\n", "id": "FreeBSD-2019-0205", "modified": "2019-09-06T00:00:00Z", "published": "2019-09-06T00:00:00Z", "references": [ { "type": "REPORT", "url": "http://www.asterisk.org/downloads/security-advisories" }, { "type": "WEB", "url": "https://downloads.asterisk.org/pub/security/AST-2019-005.html" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-15639" } ], "schema_version": "1.7.0", "summary": "asterisk -- Remote Crash Vulnerability in audio transcoding" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "asterisk15" }, "ranges": [ { "events": [ { "fixed": "15.7.4" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "asterisk16" }, "ranges": [ { "events": [ { "fixed": "16.5.1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "http://www.asterisk.org/downloads/security-advisories" ], "discovery": "2019-08-05T00:00:00Z", "references": { "cvename": [ "CVE-2019-15297" ] }, "vid": "d94c08d2-d079-11e9-8f1a-001999f8d30b" }, "details": "The Asterisk project reports:\n\n> When Asterisk sends a re-invite initiating T.38 faxing, and the\n> endpoint responds with a declined media stream a crash will then occur\n> in Asterisk.\n", "id": "FreeBSD-2019-0204", "modified": "2019-09-06T00:00:00Z", "published": "2019-09-06T00:00:00Z", "references": [ { "type": "REPORT", "url": "http://www.asterisk.org/downloads/security-advisories" }, { "type": "WEB", "url": "https://downloads.asterisk.org/pub/security/AST-2019-004.html" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-15297" } ], "schema_version": "1.7.0", "summary": "asterisk -- Crash when negotiating for T.38 with a declined stream" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "samba410" }, "ranges": [ { "events": [ { "fixed": "4.10.8" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://www.samba.org/samba/security/CVE-2019-10197.html" ], "discovery": "2019-09-01T00:00:00Z", "references": { "cvename": [ "CVE-2019-10197" ] }, "vid": "145a3e17-cea2-11e9-81e2-005056a311d1" }, "details": "The samba project reports:\n\n> On a Samba SMB server for all versions of Samba from 4.9.0 clients are\n> able to escape outside the share root directory if certain\n> configuration parameters set in the smb.conf file.\n", "id": "FreeBSD-2019-0203", "modified": "2019-09-03T00:00:00Z", "published": "2019-09-03T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://www.samba.org/samba/security/CVE-2019-10197.html" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-10197" }, { "type": "WEB", "url": "https://www.samba.org/samba/security/CVE-2019-10197.html" } ], "schema_version": "1.7.0", "summary": "samba -- combination of parameters and permissions can allow user to escape from the share path definition" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "firefox" }, "ranges": [ { "events": [ { "fixed": "69.0,1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "waterfox" }, "ranges": [ { "events": [ { "fixed": "56.2.14" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "seamonkey" }, "ranges": [ { "events": [ { "fixed": "2.53.0" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "linux-seamonkey" }, "ranges": [ { "events": [ { "fixed": "2.53.0" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "firefox-esr" }, "ranges": [ { "events": [ { "introduced": "61.0,1" }, { "fixed": "68.1.0,1" } ], "type": "ECOSYSTEM" }, { "events": [ { "fixed": "60.9.0,1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "linux-firefox" }, "ranges": [ { "events": [ { "introduced": "61.0,2" }, { "fixed": "68.1.0,2" } ], "type": "ECOSYSTEM" }, { "events": [ { "fixed": "60.9.0,2" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "libxul" }, "ranges": [ { "events": [ { "introduced": "61.0" }, { "fixed": "68.1.0" } ], "type": "ECOSYSTEM" }, { "events": [ { "fixed": "60.9.0" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "thunderbird" }, "ranges": [ { "events": [ { "introduced": "61.0" }, { "fixed": "68.1.0" } ], "type": "ECOSYSTEM" }, { "events": [ { "fixed": "60.9.0" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "linux-thunderbird" }, "ranges": [ { "events": [ { "introduced": "61.0" }, { "fixed": "68.1.0" } ], "type": "ECOSYSTEM" }, { "events": [ { "fixed": "60.9.0" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://www.mozilla.org/en-US/security/advisories/mfsa2019-25/" ], "discovery": "2019-09-03T00:00:00Z", "references": { "cvename": [ "CVE-2019-11734", "CVE-2019-11735", "CVE-2019-11736", "CVE-2019-11737", "CVE-2019-11738", "CVE-2019-11740", "CVE-2019-11741", "CVE-2019-11742", "CVE-2019-11743", "CVE-2019-11744", "CVE-2019-11746", "CVE-2019-11747", "CVE-2019-11748", "CVE-2019-11749", "CVE-2019-11750", "CVE-2019-11751", "CVE-2019-11752", "CVE-2019-11753", "CVE-2019-5849", "CVE-2019-9812" ] }, "vid": "05463e0a-abd3-4fa4-bd5f-cd5ed132d4c6" }, "details": "Mozilla Foundation reports:\n\n> CVE-2019-11751: Malicious code execution through command line\n> parameters\n>\n> CVE-2019-11746: Use-after-free while manipulating video\n>\n> CVE-2019-11744: XSS by breaking out of title and textarea elements\n> using innerHTML\n>\n> CVE-2019-11742: Same-origin policy violation with SVG filters and\n> canvas to steal cross-origin images\n>\n> CVE-2019-11736: File manipulation and privilege escalation in Mozilla\n> Maintenance Service\n>\n> CVE-2019-11753: Privilege escalation with Mozilla Maintenance Service\n> in custom Firefox installation location\n>\n> CVE-2019-11752: Use-after-free while extracting a key value in\n> IndexedDB\n>\n> CVE-2019-9812: Sandbox escape through Firefox Sync\n>\n> CVE-2019-11741: Isolate addons.mozilla.org and accounts.firefox.com\n>\n> CVE-2019-11743: Cross-origin access to unload event attributes\n>\n> CVE-2019-11748: Persistence of WebRTC permissions in a third party\n> context\n>\n> CVE-2019-11749: Camera information available without prompting using\n> getUserMedia\n>\n> CVE-2019-5849: Out-of-bounds read in Skia\n>\n> CVE-2019-11750: Type confusion in Spidermonkey\n>\n> CVE-2019-11737: Content security policy directives ignore port and\n> path if host is a wildcard\n>\n> CVE-2019-11738: Content security policy bypass through hash-based\n> sources in directives\n>\n> CVE-2019-11747: \\'Forget about this site\\' removes sites from\n> pre-loaded HSTS list\n>\n> CVE-2019-11734: Memory safety bugs fixed in Firefox 69\n>\n> CVE-2019-11735: Memory safety bugs fixed in Firefox 69 and Firefox ESR\n> 68.1\n>\n> CVE-2019-11740: Memory safety bugs fixed in Firefox 69, Firefox ESR\n> 68.1, and Firefox ESR 60.9\n", "id": "FreeBSD-2019-0202", "modified": "2019-09-03T00:00:00Z", "published": "2019-09-03T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2019-25/" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-11734" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-11735" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-11736" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-11737" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-11738" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-11740" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-11741" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-11742" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-11743" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-11744" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-11746" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-11747" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-11748" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-11749" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-11750" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-11751" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-11752" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-11753" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-5849" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-9812" }, { "type": "WEB", "url": "https://www.mozilla.org/security/advisories/mfsa2019-25/" }, { "type": "WEB", "url": "https://www.mozilla.org/security/advisories/mfsa2019-26/" }, { "type": "WEB", "url": "https://www.mozilla.org/security/advisories/mfsa2019-27/" } ], "schema_version": "1.7.0", "summary": "mozilla -- multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "varnish6" }, "ranges": [ { "events": [ { "fixed": "6.2.1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://varnish-cache.org/security/VSV00003.html" ], "discovery": "2019-09-02T00:00:00Z", "vid": "ce231189-ce56-11e9-9fa0-0050569f0b83" }, "details": "The Varnish Team reports:\n\n> A failure in HTTP/1 parsing can allow a remote attacker to trigger an\n> assertion in varnish, restarting the daemon and clearing the cache.\n", "id": "FreeBSD-2019-0201", "modified": "2019-09-03T00:00:00Z", "published": "2019-09-03T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://varnish-cache.org/security/VSV00003.html" }, { "type": "WEB", "url": "https://varnish-cache.org/security/VSV00003.html" } ], "schema_version": "1.7.0", "summary": "www/varnish6 -- Denial of Service" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "libgcrypt" }, "ranges": [ { "events": [ { "fixed": "1.8.5" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13627" ], "discovery": "2019-08-29T00:00:00Z", "references": { "cvename": [ "CVE-2019-13627" ] }, "vid": "c9c6c2f8-cd54-11e9-af89-080027ef1a23" }, "details": "GnuPG reports:\n\n> Mitigate an ECDSA timing attack.\n", "id": "FreeBSD-2019-0200", "modified": "2019-09-02T00:00:00Z", "published": "2019-09-02T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13627" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-13627" }, { "type": "ADVISORY", "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13627" } ], "schema_version": "1.7.0", "summary": "libgcrypt -- ECDSA timing attack" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "webkit2-gtk3" }, "ranges": [ { "events": [ { "fixed": "2.24.4" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "discovery": "2019-08-29T00:00:00Z", "references": { "cvename": [ "CVE-2019-8644", "CVE-2019-8649", "CVE-2019-8658", "CVE-2019-8666", "CVE-2019-8669", "CVE-2019-8671", "CVE-2019-8672", "CVE-2019-8673", "CVE-2019-8676", "CVE-2019-8677", "CVE-2019-8678", "CVE-2019-8679", "CVE-2019-8680", "CVE-2019-8681", "CVE-2019-8683", "CVE-2019-8684", "CVE-2019-8686", "CVE-2019-8687", "CVE-2019-8688", "CVE-2019-8689", "CVE-2019-8690" ] }, "vid": "e45c3669-caf2-11e9-851a-dcf3aaa3f3ff" }, "details": "The WebKitGTK project reports many vulnerabilities, including several\narbitrary code execution vulnerabilities.\n", "id": "FreeBSD-2019-0199", "modified": "2019-08-30T00:00:00Z", "published": "2019-08-30T00:00:00Z", "references": [ { "type": "WEB", "url": "https://webkitgtk.org/security/WSA-2019-0004.html" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-8644" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-8649" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-8658" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-8666" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-8669" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-8671" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-8672" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-8673" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-8676" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-8677" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-8678" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-8679" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-8680" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-8681" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-8683" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-8684" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-8686" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-8687" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-8688" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-8689" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-8690" } ], "schema_version": "1.7.0", "summary": "webkit2-gtk3 -- Multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "gitlab-ce" }, "ranges": [ { "events": [ { "introduced": "12.2.0" }, { "fixed": "12.2.3" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "12.1.0" }, { "fixed": "12.1.8" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "0.0.0" }, { "fixed": "12.0.8" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://about.gitlab.com/2019/08/29/security-release-gitlab-12-dot-2-dot-3-released/" ], "discovery": "2019-08-29T00:00:00Z", "references": { "cvename": [ "CVE-2019-15728", "CVE-2019-15730", "CVE-2019-15722", "CVE-2019-15729", "CVE-2019-15721", "CVE-2019-15727", "CVE-2019-15726", "CVE-2019-15724", "CVE-2019-15725", "CVE-2019-15723", "CVE-2019-15732", "CVE-2019-15731", "CVE-2019-15738", "CVE-2019-15737", "CVE-2019-15734", "CVE-2019-15739", "CVE-2019-15740", "CVE-2019-15733", "CVE-2019-15736", "CVE-2019-15741" ] }, "vid": "b68cc195-cae7-11e9-86e9-001b217b3468" }, "details": "Gitlab reports:\n\n> Kubernetes Integration Server-Side Request Forgery\n>\n> Server-Side Request Forgery in Jira Integration\n>\n> Improved Protection Against Credential Stuffing Attacks\n>\n> Markdown Clientside Resource Exhaustion\n>\n> Pipeline Status Disclosure\n>\n> Group Runner Authorization Issue\n>\n> CI Metrics Disclosure\n>\n> User IP Disclosed by Embedded Image and Media\n>\n> Label Description HTML Injection\n>\n> IDOR in Epic Notes API\n>\n> Push Rule Bypass\n>\n> Project Visibility Restriction Bypass\n>\n> Merge Request Discussion Restriction Bypass\n>\n> Disclosure of Merge Request IDs\n>\n> Weak Authentication In Certain Account Actions\n>\n> Disclosure of Commit Title and Comments\n>\n> Stored XSS via Markdown\n>\n> EXIF Geolocation Data Exposure\n>\n> Multiple SSRF Regressions on Gitaly\n>\n> Default Branch Name Exposure\n>\n> Potential Denial of Service via CI Pipelines\n>\n> Privilege Escalation via Logrotate\n", "id": "FreeBSD-2019-0198", "modified": "2019-08-30T00:00:00Z", "published": "2019-08-30T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://about.gitlab.com/2019/08/29/security-release-gitlab-12-dot-2-dot-3-released/" }, { "type": "WEB", "url": "https://about.gitlab.com/2019/08/29/security-release-gitlab-12-dot-2-dot-3-released/" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-15728" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-15730" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-15722" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-15729" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-15721" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-15727" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-15726" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-15724" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-15725" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-15723" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-15732" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-15731" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-15738" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-15737" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-15734" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-15739" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-15740" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-15733" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-15736" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-15741" } ], "schema_version": "1.7.0", "summary": "Gitlab -- Multiple Vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "ruby" }, "ranges": [ { "events": [ { "introduced": "2.4.0,1" }, { "fixed": "2.4.7,1" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "2.5.0,1" }, { "fixed": "2.5.6,1" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "2.6.0,1" }, { "fixed": "2.6.3,1" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "rubygem-rdoc" }, "ranges": [ { "events": [ { "fixed": "6.1.2" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://www.ruby-lang.org/en/news/2019/08/28/multiple-jquery-vulnerabilities-in-rdoc/" ], "discovery": "2019-08-28T00:00:00Z", "references": { "cvename": [ "CVE-2012-6708", "CVE-2015-9251" ] }, "vid": "ed8d5535-ca78-11e9-980b-999ff59c22ea" }, "details": "Ruby news:\n\n> There are multiple vulnerabilities about Cross-Site Scripting (XSS) in\n> jQuery shipped with RDoc which bundled in Ruby. All Ruby users are\n> recommended to update Ruby to the latest release which includes the\n> fixed version of RDoc.\n>\n> The following vulnerabilities have been reported.\n>\n> CVE-2012-6708\n>\n> CVE-2015-9251\n", "id": "FreeBSD-2019-0197", "modified": "2019-08-31T00:00:00Z", "published": "2019-08-29T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://www.ruby-lang.org/en/news/2019/08/28/multiple-jquery-vulnerabilities-in-rdoc/" }, { "type": "WEB", "url": "https://www.ruby-lang.org/en/news/2019/08/28/multiple-jquery-vulnerabilities-in-rdoc/" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2012-6708" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2015-9251" } ], "schema_version": "1.7.0", "summary": "RDoc -- multiple jQuery vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "dovecot" }, "ranges": [ { "events": [ { "fixed": "2.3.7.2" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "dovecot-pigeonhole" }, "ranges": [ { "events": [ { "fixed": "0.5.7.2" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://dovecot.org/pipermail/dovecot/2019-August/116874.html" ], "discovery": "2019-04-13T00:00:00Z", "references": { "cvename": [ "CVE-2019-11500" ] }, "vid": "abaaecda-ea16-43e2-bad0-d34a9ac576b1" }, "details": "Aki Tuomi reports:\n\n> Vulnerability Details: IMAP and ManageSieve protocol parsers do not\n> properly handle NUL byte when scanning data in quoted strings, leading\n> to out of bounds heap memory writes. Risk: This vulnerability allows\n> for out-of-bounds writes to objects stored on the heap up to 8096\n> bytes in pre-login phase, and 65536 bytes post-login phase, allowing\n> sufficiently skilled attacker to perform complicated attacks that can\n> lead to leaking private information or remote code execution. Abuse of\n> this bug is very difficult to observe, as it does not necessarily\n> cause a crash. Attempts to abuse this bug are not directly evident\n> from logs.\n", "id": "FreeBSD-2019-0196", "modified": "2019-08-28T00:00:00Z", "published": "2019-08-28T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://dovecot.org/pipermail/dovecot/2019-August/116874.html" }, { "type": "WEB", "url": "https://dovecot.org/pipermail/dovecot/2019-August/116874.html" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-11500" } ], "schema_version": "1.7.0", "summary": "Dovecot -- improper input validation" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "jenkins" }, "ranges": [ { "events": [ { "last_affected": "2.191" }, { "fixed": "2.191" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "jenkins-lts" }, "ranges": [ { "events": [ { "last_affected": "2.176.2" }, { "fixed": "2.176.2" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://jenkins.io/security/advisory/2019-08-28/" ], "discovery": "2019-08-28T00:00:00Z", "references": { "cvename": [ "CVE-2019-10383", "CVE-2019-10384" ] }, "vid": "7a7891fc-6318-447a-ba45-31d525ec11a0" }, "details": "Jenkins Security Advisory:\n\n> # Description\n>\n> ##### (Medium) SECURITY-1453 / CVE-2019-10383\n>\n> Stored XSS vulnerability in update center\n>\n> ##### (High) SECURITY-1491 / CVE-2019-10384\n>\n> CSRF protection tokens for anonymous users did not expire in some\n> circumstances\n", "id": "FreeBSD-2019-0195", "modified": "2019-08-28T00:00:00Z", "published": "2019-08-28T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://jenkins.io/security/advisory/2019-08-28/" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-10383" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-10384" }, { "type": "WEB", "url": "https://jenkins.io/security/advisory/2019-08-28/" } ], "schema_version": "1.7.0", "summary": "jenkins -- multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "cliqz" }, "ranges": [ { "events": [ { "fixed": "1.28.2" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "firefox" }, "ranges": [ { "events": [ { "fixed": "68.0.2,1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://www.mozilla.org/en-US/security/advisories/mfsa2019-19/" ], "discovery": "2019-08-14T00:00:00Z", "references": { "cvename": [ "CVE-2019-11733" ] }, "vid": "0f31b4e9-c827-11e9-9626-589cfc01894a" }, "details": "Mozilla Foundation reports:\n\n> # CVE-2019-11733: Stored passwords in \\'Saved Logins\\' can be copied without master password entry\n>\n> When a master password is set, it is required to be entered again\n> before stored passwords can be accessed in the \\'Saved Logins\\'\n> dialog. It was found that locally stored passwords can be copied to\n> the clipboard thorough the \\'copy password\\' context menu item without\n> re-entering the master password if the master password had been\n> previously entered in the same session, allowing for potential theft\n> of stored passwords.\n", "id": "FreeBSD-2019-0194", "modified": "2019-08-28T00:00:00Z", "published": "2019-08-28T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2019-19/" }, { "type": "WEB", "url": "https://www.mozilla.org/security/advisories/mfsa2019-24/" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-11733" } ], "schema_version": "1.7.0", "summary": "Mozilla -- Stored passwords in 'Saved Logins' can be copied without master password entry" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "h2o-devel" }, "ranges": [ { "events": [ { "fixed": "2.3.0.b2" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://www.kb.cert.org/vuls/id/605641/" ], "discovery": "2019-08-13T00:00:00Z", "references": { "cvename": [ "CVE-2019-9512", "CVE-2019-9514", "CVE-2019-9515" ] }, "vid": "72a5579e-c765-11e9-8052-0028f8d09152" }, "details": "Jonathon Loomey of Netflix reports:\n\n> HTTP/2 implementations do not robustly handle abnormal traffic and\n> resource exhaustion\n>\n> Recently, a series of DoS attack vulnerabilities have been reported on\n> a broad range of HTTP/2 stacks. Among the vulnerabilities, H2O is\n> exposed to the following:\n>\n> - CVE-2019-9512 \\\"Ping Flood\\\": The attacker sends continual pings to\n> an HTTP/2 peer, causing the peer to build an internal queue of\n> responses. Depending on how efficiently this data is queued, this\n> can consume excess CPU, memory, or both, potentially leading to a\n> denial of service.\n> - CVE-2019-9514 \\\"Reset Flood\\\": The attacker opens a number of\n> streams and sends an invalid request over each stream that should\n> solicit a stream of RST_STREAM frames from the peer. Depending on\n> how the peer queues the RST_STREAM frames, this can consume excess\n> memory, CPU, or both, potentially leading to a denial of service.\n> - CVE-2019-9515 \\\"Settings Flood\\\": The attacker sends a stream of\n> SETTINGS frames to the peer. Since the RFC requires that the peer\n> reply with one acknowledgement per SETTINGS frame, an empty SETTINGS\n> frame is almost equivalent in behavior to a ping. Depending on how\n> efficiently this data is queued, this can consume excess CPU,\n> memory, or both, potentially leading to a denial of service.\n", "id": "FreeBSD-2019-0193", "modified": "2019-08-25T00:00:00Z", "published": "2019-08-25T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://www.kb.cert.org/vuls/id/605641/" }, { "type": "WEB", "url": "https://github.com/h2o/h2o/issues/2090" }, { "type": "WEB", "url": "https://www.kb.cert.org/vuls/id/605641/" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-9512" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-9514" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-9515" } ], "schema_version": "1.7.0", "summary": "h2o -- multiple HTTP/2 vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "h2o" }, "ranges": [ { "events": [ { "fixed": "2.2.6" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://www.kb.cert.org/vuls/id/605641/" ], "discovery": "2019-08-13T00:00:00Z", "references": { "cvename": [ "CVE-2019-9512", "CVE-2019-9514", "CVE-2019-9515" ] }, "vid": "73b1e734-c74e-11e9-8052-0028f8d09152" }, "details": "Jonathon Loomey of Netflix reports:\n\n> HTTP/2 implementations do not robustly handle abnormal traffic and\n> resource exhaustion\n>\n> Recently, a series of DoS attack vulnerabilities have been reported on\n> a broad range of HTTP/2 stacks. Among the vulnerabilities, H2O is\n> exposed to the following:\n>\n> - CVE-2019-9512 \\\"Ping Flood\\\": The attacker sends continual pings to\n> an HTTP/2 peer, causing the peer to build an internal queue of\n> responses. Depending on how efficiently this data is queued, this\n> can consume excess CPU, memory, or both, potentially leading to a\n> denial of service.\n> - CVE-2019-9514 \\\"Reset Flood\\\": The attacker opens a number of\n> streams and sends an invalid request over each stream that should\n> solicit a stream of RST_STREAM frames from the peer. Depending on\n> how the peer queues the RST_STREAM frames, this can consume excess\n> memory, CPU, or both, potentially leading to a denial of service.\n> - CVE-2019-9515 \\\"Settings Flood\\\": The attacker sends a stream of\n> SETTINGS frames to the peer. Since the RFC requires that the peer\n> reply with one acknowledgement per SETTINGS frame, an empty SETTINGS\n> frame is almost equivalent in behavior to a ping. Depending on how\n> efficiently this data is queued, this can consume excess CPU,\n> memory, or both, potentially leading to a denial of service.\n", "id": "FreeBSD-2019-0192", "modified": "2019-08-25T00:00:00Z", "published": "2019-08-25T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://www.kb.cert.org/vuls/id/605641/" }, { "type": "WEB", "url": "https://github.com/h2o/h2o/issues/2090" }, { "type": "WEB", "url": "https://www.kb.cert.org/vuls/id/605641/" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-9512" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-9514" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-9515" } ], "schema_version": "1.7.0", "summary": "h2o -- multiple HTTP/2 vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "gitea" }, "ranges": [ { "events": [ { "fixed": "1.9.2" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://blog.gitea.io/2019/08/gitea-1.9.2-is-released/" ], "discovery": "2019-08-22T00:00:00Z", "vid": "e7392840-c520-11e9-a4ef-0800274e5f20" }, "details": "The Gitea Team reports:\n\n> This release contains two security fixes, so we highly recommend\n> updating.\n", "id": "FreeBSD-2019-0191", "modified": "2019-08-22T00:00:00Z", "published": "2019-08-22T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://blog.gitea.io/2019/08/gitea-1.9.2-is-released/" }, { "type": "WEB", "url": "https://github.com/go-gitea/gitea/releases/tag/v1.9.2" }, { "type": "WEB", "url": "https://blog.gitea.io/2019/08/gitea-1.9.2-is-released/" } ], "schema_version": "1.7.0", "summary": "gitea -- multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "clamav" }, "ranges": [ { "events": [ { "fixed": "0.101.4,1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "clamav-milter" }, "ranges": [ { "events": [ { "fixed": "0.101.4,1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://blog.clamav.net/2019/08/clamav-01014-security-patch-release-has.html" ], "discovery": "2019-08-21T00:00:00Z", "references": { "cvename": [ "CVE-2019-12625", "CVE-2019-12900" ] }, "vid": "dbd1f627-c43b-11e9-a923-9c5c8e75236a" }, "details": "Micah Snyder reports:\n\n> - An out of bounds write was possible within ClamAV&s NSIS bzip2\n> library when attempting decompression in cases where the number of\n> selectors exceeded the max limit set by the library\n> (CVE-2019-12900). The issue has been resolved by respecting that\n> limit.\n> - The zip bomb vulnerability mitigated in 0.101.3 has been assigned\n> the CVE identifier CVE-2019-12625. Unfortunately, a workaround for\n> the zip-bomb mitigation was immediately identified. To remediate the\n> zip-bomb scan time issue, a scan time limit has been introduced in\n> 0.101.4. This limit now resolves ClamAV\\'s vulnerability to\n> CVE-2019-12625.\n", "id": "FreeBSD-2019-0190", "modified": "2019-08-21T00:00:00Z", "published": "2019-08-21T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://blog.clamav.net/2019/08/clamav-01014-security-patch-release-has.html" }, { "type": "WEB", "url": "https://blog.clamav.net/2019/08/clamav-01014-security-patch-release-has.html" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-12625" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-12900" } ], "schema_version": "1.7.0", "summary": "clamav -- multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "node" }, "ranges": [ { "events": [ { "fixed": "12.8.1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "node10" }, "ranges": [ { "events": [ { "fixed": "10.16.3" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "node8" }, "ranges": [ { "events": [ { "fixed": "8.16.1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://nodejs.org/en/blog/vulnerability/aug-2019-security-releases/" ], "discovery": "2019-08-16T00:00:00Z", "references": { "cvename": [ "CVE-2019-9511", "CVE-2019-9512", "CVE-2019-9513", "CVE-2019-9514", "CVE-2019-9515", "CVE-2019-9516", "CVE-2019-9517", "CVE-2019-9518" ] }, "vid": "c97a940b-c392-11e9-bb38-000d3ab229d6" }, "details": "Node.js reports:\n\n> Node.js, as well as many other implementations of HTTP/2, have been\n> found vulnerable to Denial of Service attacks. See\n> https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-002.md\n> for more information.\n>\n> Updates are now available for all active Node.js release lines,\n> including Linux ARMv6 builds for Node.js 8.x (which had been delayed).\n>\n> We recommend that all Node.js users upgrade to a version listed below\n> as soon as possible.\n>\n> # Vulnerabilities Fixed\n>\n> Impact: All versions of Node.js 8 (LTS \\\"Carbon\\\"), Node.js 10 (LTS\n> \\\"Dubnium\\\"), and Node.js 12 (Current) are vulnerable to the\n> following:\n>\n> - CVE-2019-9511 \\\"Data Dribble\\\": The attacker requests a large amount\n> of data from a specified resource over multiple streams. They\n> manipulate window size and stream priority to force the server to\n> queue the data in 1-byte chunks. Depending on how efficiently this\n> data is queued, this can consume excess CPU, memory, or both,\n> potentially leading to a denial of service.\n> - CVE-2019-9512 \\\"Ping Flood\\\": The attacker sends continual pings to\n> an HTTP/2 peer, causing the peer to build an internal queue of\n> responses. Depending on how efficiently this data is queued, this\n> can consume excess CPU, memory, or both, potentially leading to a\n> denial of service.\n> - CVE-2019-9513 \\\"Resource Loop\\\": The attacker creates multiple\n> request streams and continually shuffles the priority of the streams\n> in a way that causes substantial churn to the priority tree. This\n> can consume excess CPU, potentially leading to a denial of service.\n> - CVE-2019-9514 \\\"Reset Flood\\\": The attacker opens a number of\n> streams and sends an invalid request over each stream that should\n> solicit a stream of RST_STREAM frames from the peer. Depending on\n> how the peer queues the RST_STREAM frames, this can consume excess\n> memory, CPU, or both, potentially leading to a denial of service.\n> - CVE-2019-9515 \\\"Settings Flood\\\": The attacker sends a stream of\n> SETTINGS frames to the peer. Since the RFC requires that the peer\n> reply with one acknowledgement per SETTINGS frame, an empty SETTINGS\n> frame is almost equivalent in behavior to a ping. Depending on how\n> efficiently this data is queued, this can consume excess CPU,\n> memory, or both, potentially leading to a denial of service.\n> - CVE-2019-9516 \\\"0-Length Headers Leak\\\": The attacker sends a stream\n> of headers with a 0-length header name and 0-length header value,\n> optionally Huffman encoded into 1-byte or greater headers. Some\n> implementations allocate memory for these headers and keep the\n> allocation alive until the session dies. This can consume excess\n> memory, potentially leading to a denial of service.\n> - CVE-2019-9517 \\\"Internal Data Buffering\\\": The attacker opens the\n> HTTP/2 window so the peer can send without constraint; however, they\n> leave the TCP window closed so the peer cannot actually write (many\n> of) the bytes on the wire. The attacker then sends a stream of\n> requests for a large response object. Depending on how the servers\n> queue the responses, this can consume excess memory, CPU, or both,\n> potentially leading to a denial of service.\n> - CVE-2019-9518 \\\"Empty Frames Flood\\\": The attacker sends a stream of\n> frames with an empty payload and without the end-of-stream flag.\n> These frames can be DATA, HEADERS, CONTINUATION and/or PUSH_PROMISE.\n> The peer spends time processing each frame disproportionate to\n> attack bandwidth. This can consume excess CPU, potentially leading\n> to a denial of service. (Discovered by Piotr Sikora of Google)\n", "id": "FreeBSD-2019-0189", "modified": "2019-08-21T00:00:00Z", "published": "2019-08-21T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://nodejs.org/en/blog/vulnerability/aug-2019-security-releases/" }, { "type": "WEB", "url": "https://nodejs.org/en/blog/vulnerability/aug-2019-security-releases/" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-9511" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-9512" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-9513" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-9514" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-9515" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-9516" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-9517" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-9518" } ], "schema_version": "1.7.0", "summary": "Node.js -- multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "vlc" }, "ranges": [ { "events": [ { "fixed": "3.0.8,4" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://www.videolan.org/developers/vlc-branch/NEWS" ], "discovery": "2019-07-14T00:00:00Z", "references": { "cvename": [ "CVE-2019-13602", "CVE-2019-13962", "CVE-2019-14437", "CVE-2019-14438", "CVE-2019-14498", "CVE-2019-14533", "CVE-2019-14534", "CVE-2019-14535", "CVE-2019-14776", "CVE-2019-14777", "CVE-2019-14778", "CVE-2019-14970" ] }, "vid": "795442e7-c355-11e9-8224-5404a68ad561" }, "details": "The VLC project reports:\n\n> Security: \\* Fix a buffer overflow in the MKV demuxer (CVE-2019-14970)\n> \\* Fix a read buffer overflow in the avcodec decoder (CVE-2019-13962)\n> \\* Fix a read buffer overflow in the FAAD decoder \\* Fix a read buffer\n> overflow in the OGG demuxer (CVE-2019-14437, CVE-2019-14438) \\* Fix a\n> read buffer overflow in the ASF demuxer (CVE-2019-14776) \\* Fix a use\n> after free in the MKV demuxer (CVE-2019-14777, CVE-2019-14778) \\* Fix\n> a use after free in the ASF demuxer (CVE-2019-14533) \\* Fix a couple\n> of integer underflows in the MP4 demuxer (CVE-2019-13602) \\* Fix a\n> null dereference in the dvdnav demuxer \\* Fix a null dereference in\n> the ASF demuxer (CVE-2019-14534) \\* Fix a null dereference in the AVI\n> demuxer \\* Fix a division by zero in the CAF demuxer (CVE-2019-14498)\n> \\* Fix a division by zero in the ASF demuxer (CVE-2019-14535)\n", "id": "FreeBSD-2019-0188", "modified": "2019-08-20T00:00:00Z", "published": "2019-08-20T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://www.videolan.org/developers/vlc-branch/NEWS" }, { "type": "WEB", "url": "https://www.videolan.org/developers/vlc-branch/NEWS" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-13602" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-13962" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-14437" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-14438" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-14498" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-14533" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-14534" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-14535" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-14776" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-14777" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-14778" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-14970" } ], "schema_version": "1.7.0", "summary": "vlc -- multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "nsd" }, "ranges": [ { "events": [ { "fixed": "4.2.2" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://nvd.nist.gov/vuln/detail/CVE-2019-13207" ], "discovery": "2019-07-28T00:00:00Z", "references": { "cvename": [ "CVE-2019-13207" ] }, "vid": "56778a31-c2a1-11e9-9051-4c72b94353b5" }, "details": "Frederic Cambus reports:\n\n> nsd-checkzone in NLnet Labs NSD 4.2.0 has a Stack-based Buffer\n> Overflow in the dname_concatenate() function in dname.c.\n", "id": "FreeBSD-2019-0187", "modified": "2019-08-19T00:00:00Z", "published": "2019-08-19T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-13207" }, { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-13207" }, { "type": "WEB", "url": "https://github.com/NLnetLabs/nsd/issues/20" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-13207" } ], "schema_version": "1.7.0", "summary": "nsd -- Stack-based Buffer Overflow" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "webmin" }, "ranges": [ { "events": [ { "fixed": "1.930" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "usermin" }, "ranges": [ { "events": [ { "fixed": "1.780" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://virtualmin.com/node/66890" ], "discovery": "2019-08-17T00:00:00Z", "references": { "cvename": [ "CVE-2019-15107" ] }, "vid": "ece65d3b-c20c-11e9-8af4-bcaec55be5e5" }, "details": "Joe Cooper reports:\n\n> I\\'ve rolled out Webmin version 1.930 and Usermin version 1.780 for\n> all repositories. This release includes several security fixes,\n> including one potentially serious one caused by malicious code\n> inserted into Webmin and Usermin at some point on our build\n> infrastructure. We\\'re still investigating how and when, but the\n> exploitable code has never existed in our github repositories, so\n> we\\'ve rebuilt from git source on new infrastructure (and checked to\n> be sure the result does not contain the malicious code).\n>\n> I don\\'t have a changelog for these releases yet, but I wanted to\n> announce them immediately due to the severity of this issue. To\n> exploit the malicious code, your Webmin installation must have Webmin\n> -\\> Webmin Configuration -\\> Authentication -\\> Password expiry policy\n> set to Prompt users with expired passwords to enter a new one. This\n> option is not set by default, but if it is set, it allows remote code\n> execution.\n>\n> This release addresses CVE-2019-15107, which was disclosed earlier\n> today. It also addresses a handful of XSS issues that we were notified\n> about, and a bounty was awarded to the researcher (a different one)\n> who found them.\n", "id": "FreeBSD-2019-0186", "modified": "2019-08-17T00:00:00Z", "published": "2019-08-17T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://virtualmin.com/node/66890" }, { "type": "WEB", "url": "https://virtualmin.com/node/66890" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-15107" } ], "schema_version": "1.7.0", "summary": "webmin -- unauthenticated remote code execution" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "gitea" }, "ranges": [ { "events": [ { "fixed": "1.9.1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://blog.gitea.io/2019/08/gitea-1.9.1-is-released/" ], "discovery": "2019-07-31T00:00:00Z", "vid": "3b2ee737-c12d-11e9-aabc-0800274e5f20" }, "details": "The Gitea Team reports:\n\n> This release contains two security fixes, so we highly recommend\n> updating.\n", "id": "FreeBSD-2019-0185", "modified": "2019-07-31T00:00:00Z", "published": "2019-07-31T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://blog.gitea.io/2019/08/gitea-1.9.1-is-released/" }, { "type": "WEB", "url": "https://blog.gitea.io/2019/08/gitea-1.9.1-is-released/" }, { "type": "WEB", "url": "https://github.com/go-gitea/gitea/releases/tag/v1.9.1" } ], "schema_version": "1.7.0", "summary": "gitea -- multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "xdm" }, "ranges": [ { "events": [ { "fixed": "1.1.12" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://nvd.nist.gov/vuln/detail/CVE-2013-2179" ], "discovery": "2013-06-07T00:00:00Z", "references": { "cvename": [ "CVE-2013-2179" ] }, "vid": "d905b219-c1ca-11e9-8c46-0c9d925bbbc0" }, "details": "nvd.nist.gov reports\n\n> X.Org xdm 1.1.10, 1.1.11, and possibly other versions, when performing\n> authentication using certain implementations of the crypt API function\n> that can return NULL, allows remote attackers to cause a denial of\n> service (NULL pointer dereference and crash) by attempting to log into\n> an account whose password field contains invalid characters, as\n> demonstrated using the crypt function from glibc 2.17 and later with\n> (1) the \\\"!\\\" character in the salt portion of a password field or (2)\n> a password that has been encrypted using DES or MD5 in FIPS-140 mode.\n", "id": "FreeBSD-2019-0184", "modified": "2019-08-18T00:00:00Z", "published": "2019-08-18T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-2179" }, { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-2179" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2013-2179" } ], "schema_version": "1.7.0", "summary": "xdm -- remote denial of service" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "libgit2" }, "ranges": [ { "events": [ { "fixed": "0.28.3" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://github.com/libgit2/libgit2/releases/tag/v0.28.3" ], "discovery": "2019-08-13T00:00:00Z", "vid": "d51b52cf-c199-11e9-b13f-001b217b3468" }, "details": "The Git community reports:\n\n> A carefully constructed commit object with a very large number of\n> parents may lead to potential out-of-bounds writes or potential denial\n> of service.\n>\n> The ProgramData configuration file is always read for compatibility\n> with Git for Windows and Portable Git installations. The ProgramData\n> location is not necessarily writable only by administrators, so we now\n> ensure that the configuration file is owned by the administrator or\n> the current user.\n", "id": "FreeBSD-2019-0183", "modified": "2019-08-18T00:00:00Z", "published": "2019-08-18T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://github.com/libgit2/libgit2/releases/tag/v0.28.3" }, { "type": "WEB", "url": "https://github.com/libgit2/libgit2/releases/tag/v0.28.3" } ], "schema_version": "1.7.0", "summary": "Libgit2 -- multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "apache24" }, "ranges": [ { "events": [ { "fixed": "2.4.41" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "http://www.apache.org/dist/httpd/CHANGES_2.4" ], "discovery": "2019-08-14T00:00:00Z", "references": { "cvename": [ "CVE-2019-10081", "CVE-2019-9517", "CVE-2019-10098", "CVE-2019-10092", "CVE-2019-10082" ] }, "vid": "caf545f2-c0d9-11e9-9051-4c72b94353b5" }, "details": "The Apache Team reports:\n\n> # SECURITY: CVE-2019-10081\n>\n> mod_http2: HTTP/2 very early pushes, for example configured with\n> \\\"H2PushResource\\\", could lead to an overwrite of memory in the\n> pushing request\\'s pool, leading to crashes. The memory copied is that\n> of the configured push link header values, not data supplied by the\n> client.\n>\n> # SECURITY: CVE-2019-9517\n>\n> mod_http2: a malicious client could perform a DoS attack by flooding a\n> connection with requests and basically never reading responses on the\n> TCP connection. Depending on h2 worker dimensioning, it was possible\n> to block those with relatively few connections.\n>\n> # SECURITY: CVE-2019-10098\n>\n> rewrite, core: Set PCRE_DOTALL flag by default to avoid unpredictable\n> matches and substitutions with encoded line break characters.\n>\n> # SECURITY: CVE-2019-10092\n>\n> Remove HTML-escaped URLs from canned error responses to prevent\n> misleading text/links being displayed via crafted links.\n>\n> # SECURITY: CVE-2019-10097\n>\n> mod_remoteip: Fix stack buffer overflow and NULL pointer deference\n> when reading the PROXY protocol header.\n>\n> # CVE-2019-10082\n>\n> mod_http2: Using fuzzed network input, the http/2 session handling\n> could be made to read memory after being freed, during connection\n> shutdown.\n", "id": "FreeBSD-2019-0182", "modified": "2019-08-17T00:00:00Z", "published": "2019-08-17T00:00:00Z", "references": [ { "type": "REPORT", "url": "http://www.apache.org/dist/httpd/CHANGES_2.4" }, { "type": "WEB", "url": "http://www.apache.org/dist/httpd/CHANGES_2.4" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-10081" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-9517" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-10098" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-10092" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-10082" } ], "schema_version": "1.7.0", "summary": "Apache -- Multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "libnghttp2" }, "ranges": [ { "events": [ { "fixed": "1.39.2" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "nghttp2" }, "ranges": [ { "events": [ { "fixed": "1.39.2" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://github.com/nghttp2/nghttp2/releases" ], "discovery": "2019-08-13T00:00:00Z", "references": { "cvename": [ "CVE-2019-9511", "CVE-2019-9513" ] }, "vid": "121fec01-c042-11e9-a73f-b36f5969f162" }, "details": "nghttp2 GitHub releases:\n\n> This release fixes CVE-2019-9511 \\\"Data Dribble\\\" and CVE-2019-9513\n> \\\"Resource Loop\\\" vulnerability in nghttpx and nghttpd. Specially\n> crafted HTTP/2 frames cause Denial of Service by consuming CPU time.\n> Check out\n> https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-002.md\n> for details. For nghttpx, additionally limiting inbound traffic by\n> \\--read-rate and \\--read-burst options is quite effective against this\n> kind of attack.\n>\n> CVE-2019-9511 \\\"Data Dribble\\\": The attacker requests a large amount\n> of data from a specified resource over multiple streams. They\n> manipulate window size and stream priority to force the server to\n> queue the data in 1-byte chunks. Depending on how efficiently this\n> data is queued, this can consume excess CPU, memory, or both,\n> potentially leading to a denial of service.\n>\n> CVE-2019-9513 \\\"Ping Flood\\\": The attacker sends continual pings to an\n> HTTP/2 peer, causing the peer to build an internal queue of responses.\n> Depending on how efficiently this data is queued, this can consume\n> excess CPU, memory, or both, potentially leading to a denial of\n> service.\n", "id": "FreeBSD-2019-0181", "modified": "2019-08-16T00:00:00Z", "published": "2019-08-16T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://github.com/nghttp2/nghttp2/releases" }, { "type": "WEB", "url": "https://github.com/nghttp2/nghttp2/releases" }, { "type": "WEB", "url": "https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-002.md" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-9511" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-9513" } ], "schema_version": "1.7.0", "summary": "nghttp2 -- multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "cups" }, "ranges": [ { "events": [ { "fixed": "2.2.12" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://github.com/apple/cups/releases/tag/v2.2.12" ], "discovery": "2019-08-15T00:00:00Z", "references": { "cvename": [ "CVE-2019-8675", "CVE-2019-8696" ] }, "vid": "60e991ac-c013-11e9-b662-001cc0382b2f" }, "details": "Apple reports:\n\n> - CVE-2019-8696 and CVE-2019-8675: SNMP buffer overflows.\n> - IPP buffer overflow.\n> - Memory disclosure in the scheduler.\n> - DoS issues in the scheduler.\n", "id": "FreeBSD-2019-0180", "modified": "2019-08-16T00:00:00Z", "published": "2019-08-16T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://github.com/apple/cups/releases/tag/v2.2.12" }, { "type": "WEB", "url": "https://github.com/apple/cups/releases/tag/v2.2.12" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-8675" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-8696" } ], "schema_version": "1.7.0", "summary": "CUPS -- multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "traefik" }, "ranges": [ { "events": [ { "fixed": "1.7.14" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://github.com/containous/traefik/releases/tag/v1.7.14" ], "discovery": "2019-08-13T00:00:00Z", "references": { "cvename": [ "CVE-2019-9512", "CVE-2019-9514" ] }, "vid": "41f4baac-bf77-11e9-8d2f-5404a68ad561" }, "details": "The traefik project reports:\n\n> Update of dependency to go go1.12.8 resolves potential HTTP/2 denial\n> of service in traefik.\n", "id": "FreeBSD-2019-0179", "modified": "2019-08-15T00:00:00Z", "published": "2019-08-15T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://github.com/containous/traefik/releases/tag/v1.7.14" }, { "type": "WEB", "url": "https://github.com/containous/traefik/releases/tag/v1.7.14" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-9512" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-9514" } ], "schema_version": "1.7.0", "summary": "traefik -- Denial of service in HTTP/2" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "nginx" }, "ranges": [ { "events": [ { "fixed": "1.16.1,2" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "nginx-devel" }, "ranges": [ { "events": [ { "fixed": "1.17.3" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "http://nginx.org/en/security_advisories.html" ], "discovery": "2019-08-13T00:00:00Z", "references": { "cvename": [ "CVE-2019-9511", "CVE-2019-9513", "CVE-2019-9516" ] }, "vid": "87679fcb-be60-11e9-9051-4c72b94353b5" }, "details": "NGINX Team reports:\n\n> Several security issues were identified in nginx HTTP/2 implementation\n> which might cause excessive memory consumption and CPU usage\n> (CVE-2019-9511, CVE-2019-9513, CVE-2019-9516). The issues affect nginx\n> compiled with the ngx_http_v2_module (not compiled by default) if the\n> http2 option of the listen directive is used in a configuration file.\n", "id": "FreeBSD-2019-0178", "modified": "2019-08-14T00:00:00Z", "published": "2019-08-14T00:00:00Z", "references": [ { "type": "REPORT", "url": "http://nginx.org/en/security_advisories.html" }, { "type": "WEB", "url": "http://nginx.org/en/security_advisories.html" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-9511" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-9513" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-9516" } ], "schema_version": "1.7.0", "summary": "NGINX -- Multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "rubygem-nokogiri" }, "ranges": [ { "events": [ { "fixed": "1.10.4" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://github.com/sparklemotion/nokogiri/releases" ], "discovery": "2019-08-11T00:00:00Z", "references": { "cvename": [ "CVE-2019-5477" ] }, "vid": "0569146e-bdef-11e9-bd31-8de4a4470bbb" }, "details": "Nokogiri GitHub release:\n\n> A command injection vulnerability in Nokogiri v1.10.3 and earlier\n> allows commands to be executed in a subprocess by Ruby\\'s Kernel.open\n> method. Processes are vulnerable only if the undocumented method\n> Nokogiri::CSS::Tokenizer#load_file is being passed untrusted user\n> input.\n>\n> This vulnerability appears in code generated by the Rexical gem\n> versions v1.0.6 and earlier. Rexical is used by Nokogiri to generate\n> lexical scanner code for parsing CSS queries. The underlying\n> vulnerability was addressed in Rexical v1.0.7 and Nokogiri upgraded to\n> this version of Rexical in Nokogiri v1.10.4.\n", "id": "FreeBSD-2019-0177", "modified": "2019-08-13T00:00:00Z", "published": "2019-08-13T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://github.com/sparklemotion/nokogiri/releases" }, { "type": "WEB", "url": "https://github.com/sparklemotion/nokogiri/releases" }, { "type": "WEB", "url": "https://github.com/sparklemotion/nokogiri/issues/1915" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-5477" } ], "schema_version": "1.7.0", "summary": "Nokogiri -- injection vulnerability" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "gitlab-ce" }, "ranges": [ { "events": [ { "introduced": "12.1.0" }, { "fixed": "12.1.6" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "12.0.0" }, { "fixed": "12.0.6" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "10.0.0" }, { "fixed": "11.11.8" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://about.gitlab.com/2019/08/12/critical-security-release-gitlab-12-dot-1-dot-6-released/" ], "discovery": "2019-08-12T00:00:00Z", "references": { "cvename": [ "CVE-2019-14943", "CVE-2019-14944", "CVE-2019-14942" ] }, "vid": "ddd48087-bd86-11e9-b13f-001b217b3468" }, "details": "Gitlab reports:\n\n> Insecure Authentication Methods Disabled for Grafana By Default\n>\n> Multiple Command-Line Flag Injection Vulnerabilities\n>\n> Insecure Cookie Handling on GitLab Pages\n", "id": "FreeBSD-2019-0176", "modified": "2019-08-13T00:00:00Z", "published": "2019-08-13T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://about.gitlab.com/2019/08/12/critical-security-release-gitlab-12-dot-1-dot-6-released/" }, { "type": "WEB", "url": "https://about.gitlab.com/2019/08/12/critical-security-release-gitlab-12-dot-1-dot-6-released/" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-14943" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-14944" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-14942" } ], "schema_version": "1.7.0", "summary": "Gitlab -- Multiple Vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "kf5-kconfig" }, "ranges": [ { "events": [ { "fixed": "5.60.0_2" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://kde.org/info/security/advisory-20190807-1.txt" ], "discovery": "2019-08-07T00:00:00Z", "references": { "cvename": [ "CVE-2019-14744" ] }, "vid": "f5f0a640-bae8-11e9-bb3a-001e2a3f778d" }, "details": "The KDE Community has released a security announcement:\n\n> The syntax Key\\[\\$e\\]=\\$(shell command) in \\*.desktop files,\n> .directory files, and configuration files (typically found in\n> \\~/.config) was an intentional feature of KConfig, to allow flexible\n> configuration. This could however be abused by malicious people to\n> make the users install such files and get code executed even without\n> intentional action by the user.\n", "id": "FreeBSD-2019-0175", "modified": "2019-08-09T00:00:00Z", "published": "2019-08-09T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://kde.org/info/security/advisory-20190807-1.txt" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-14744" }, { "type": "WEB", "url": "https://kde.org/info/security/advisory-20190807-1.txt" } ], "schema_version": "1.7.0", "summary": "KDE Frameworks -- malicious .desktop files execute code" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "doas" }, "ranges": [ { "events": [ { "fixed": "6.1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://github.com/slicer69/doas/releases/tag/6.1" ], "discovery": "2019-08-03T00:00:00Z", "vid": "7f7d6412-bae5-11e9-be92-3085a9a95629" }, "details": "Jesse Smith (upstream author of the doas program) reported:\n\n> Previous versions of \\\"doas\\\" transferred most environment variables,\n> such as USER, HOME, and PATH from the original user to the target\n> user. Passing these variables could cause files in the wrong path or\n> home directory to be read (or written to), which resulted in potential\n> security problems.\n>\n> Many thanks to Sander Bos for reporting this issue and explaining how\n> it can be exploited.\n", "id": "FreeBSD-2019-0174", "modified": "2019-08-15T00:00:00Z", "published": "2019-08-09T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://github.com/slicer69/doas/releases/tag/6.1" }, { "type": "DISCUSSION", "url": "https://marc.info/?l=openbsd-tech&m=156105665713340&w=2" }, { "type": "WEB", "url": "https://github.com/slicer69/doas/releases/tag/6.1" } ], "schema_version": "1.7.0", "summary": "doas -- Prevent passing of environment variables" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "bro" }, "ranges": [ { "events": [ { "fixed": "2.6.3" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://raw.githubusercontent.com/zeek/zeek/1d874e5548a58b3b8fd2a342fe4aa0944e779809/NEWS" ], "discovery": "2019-06-22T00:00:00Z", "vid": "f56669f5-d799-4ff5-9174-64a6d571c451" }, "details": "Jon Siwek of Corelight reports:\n\n> This is a security patch release to address potential Denial of\n> Service vulnerabilities:\n>\n> - Null pointer dereference in the RPC analysis code. RPC analyzers\n> (e.g. MOUNT or NFS) are not enabled in the default configuration.\n> - Signed integer overflow in BinPAC-generated parser code. The result\n> of this is Undefined Behavior with respect to the array bounds\n> checking conditions that BinPAC generates, so it\\'s unpredictable\n> what an optimizing compiler may actually do under the assumption\n> that signed integer overlows should never happen. The specific\n> symptom which lead to finding this issue was with the PE analyzer\n> causing out-of-memory crashes due to large allocations that were\n> otherwise prevented when the array bounds checking logic was changed\n> to prevent any possible signed integer overlow.\n", "id": "FreeBSD-2019-0173", "modified": "2019-08-09T00:00:00Z", "published": "2019-08-09T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://raw.githubusercontent.com/zeek/zeek/1d874e5548a58b3b8fd2a342fe4aa0944e779809/NEWS" }, { "type": "WEB", "url": "https://raw.githubusercontent.com/zeek/zeek/1d874e5548a58b3b8fd2a342fe4aa0944e779809/NEWS" } ], "schema_version": "1.7.0", "summary": "bro -- Null pointer dereference and Signed integer overflow" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "postgresql11-server" }, "ranges": [ { "events": [ { "fixed": "11.5" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "postgresql10-server" }, "ranges": [ { "events": [ { "fixed": "10.10" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "postgresql96-server" }, "ranges": [ { "events": [ { "fixed": "9.6.15" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "postgresql95-server" }, "ranges": [ { "events": [ { "fixed": "9.5.19" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "postgresql94-server" }, "ranges": [ { "events": [ { "fixed": "9.4.24" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://www.postgresql.org/about/news/1960/", "https://www.postgresql.org/about/news/1960/" ], "discovery": "2019-08-08T00:00:00Z", "references": { "cvename": [ "CVE-2019-10208", "CVE-2019-10209" ] }, "vid": "9de4c1c1-b9ee-11e9-82aa-6cc21735f730" }, "details": "The PostgreSQL project reports:\n\n> Versions Affected: 9.4 - 11\n>\n> Given a suitable \\`SECURITY DEFINER\\` function, an attacker can\n> execute arbitrary SQL under the identity of the function owner. An\n> attack requires \\`EXECUTE\\` permission on the function, which must\n> itself contain a function call having inexact argument type match. For\n> example, \\`length(\\'foo\\'::varchar)\\` and \\`length(\\'foo\\')\\` are\n> inexact, while \\`length(\\'foo\\'::text)\\` is exact. As part of\n> exploiting this vulnerability, the attacker uses \\`CREATE DOMAIN\\` to\n> create a type in a \\`pg_temp\\` schema. The attack pattern and fix are\n> similar to that for CVE-2007-2138.\n>\n> Writing \\`SECURITY DEFINER\\` functions continues to require following\n> the considerations noted in the documentation:\n>\n> https://www.postgresql.org/docs/devel/sql-createfunction.html#SQL-CREATEFUNCTION-SECURITY\n\n> Versions Affected: 11\n>\n> In a database containing hypothetical, user-defined hash equality\n> operators, an attacker could read arbitrary bytes of server memory.\n> For an attack to become possible, a superuser would need to create\n> unusual operators. It is possible for operators not purpose-crafted\n> for attack to have the properties that enable an attack, but we are\n> not aware of specific examples.\n", "id": "FreeBSD-2019-0172", "modified": "2019-08-08T00:00:00Z", "published": "2019-08-08T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://www.postgresql.org/about/news/1960/" }, { "type": "REPORT", "url": "https://www.postgresql.org/about/news/1960/" }, { "type": "WEB", "url": "https://www.postgresql.org/about/news/1960/" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-10208" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-10209" } ], "schema_version": "1.7.0", "summary": "PostgresSQL -- TYPE in pg_temp execute arbitrary SQL during `SECURITY DEFINER` execution" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "py27-django111" }, "ranges": [ { "events": [ { "fixed": "1.11.23" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "py35-django111" }, "ranges": [ { "events": [ { "fixed": "1.11.23" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "py36-django111" }, "ranges": [ { "events": [ { "fixed": "1.11.23" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "py37-django111" }, "ranges": [ { "events": [ { "fixed": "1.11.23" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "py27-django21" }, "ranges": [ { "events": [ { "fixed": "2.1.11" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "py35-django21" }, "ranges": [ { "events": [ { "fixed": "2.1.11" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "py36-django21" }, "ranges": [ { "events": [ { "fixed": "2.1.11" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "py37-django21" }, "ranges": [ { "events": [ { "fixed": "2.1.11" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "py27-django22" }, "ranges": [ { "events": [ { "fixed": "2.2.4" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "py35-django22" }, "ranges": [ { "events": [ { "fixed": "2.2.4" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "py36-django22" }, "ranges": [ { "events": [ { "fixed": "2.2.4" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "py37-django22" }, "ranges": [ { "events": [ { "fixed": "2.2.4" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://docs.djangoproject.com/en/1.11/releases/1.11.23/" ], "discovery": "2019-08-01T00:00:00Z", "references": { "cvename": [ "CVE-2019-14232", "CVE-2019-14233", "CVE-2019-14234", "CVE-2019-14235" ] }, "vid": "6e65dfea-b614-11e9-a3a2-1506e15611cc" }, "details": "Django release notes:\n\n> CVE-2019-14232: Denial-of-service possibility in\n> django.utils.text.Truncator\n>\n> If django.utils.text.Truncator\\'s chars() and words() methods were\n> passed the html=True argument, they were extremely slow to evaluate\n> certain inputs due to a catastrophic backtracking vulnerability in a\n> regular expression. The chars() and words() methods are used to\n> implement the truncatechars_html and truncatewords_html template\n> filters, which were thus vulnerable\n>\n> The regular expressions used by Truncator have been simplified in\n> order to avoid potential backtracking issues. As a consequence,\n> trailing punctuation may now at times be included in the truncated\n> output.\n>\n> CVE-2019-14233: Denial-of-service possibility in strip_tags()\n>\n> Due to the behavior of the underlying HTMLParser,\n> django.utils.html.strip_tags() would be extremely slow to evaluate\n> certain inputs containing large sequences of nested incomplete HTML\n> entities. The strip_tags() method is used to implement the\n> corresponding striptags template filter, which was thus also\n> vulnerable.\n>\n> strip_tags() now avoids recursive calls to HTMLParser when progress\n> removing tags, but necessarily incomplete HTML entities, stops being\n> made.\n>\n> Remember that absolutely NO guarantee is provided about the results of\n> strip_tags() being HTML safe. So NEVER mark safe the result of a\n> strip_tags() call without escaping it first, for example with\n> django.utils.html.escape().\n>\n> CVE-2019-14234: SQL injection possibility in key and index lookups for\n> JSONField/HStoreField\n>\n> Key and index lookups for JSONField and key lookups for HStoreField\n> were subject to SQL injection, using a suitably crafted dictionary,\n> with dictionary expansion, as the \\*\\*kwargs passed to\n> QuerySet.filter().\n>\n> CVE-2019-14235: Potential memory exhaustion in\n> django.utils.encoding.uri_to_iri()\n>\n> If passed certain inputs, django.utils.encoding.uri_to_iri() could\n> lead to significant memory usage due to excessive recursion when\n> re-percent-encoding invalid UTF-8 octet sequences.\n>\n> uri_to_iri() now avoids recursion when re-percent-encoding invalid\n> UTF-8 octet sequences.\n", "id": "FreeBSD-2019-0171", "modified": "2019-08-03T00:00:00Z", "published": "2019-08-03T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://docs.djangoproject.com/en/1.11/releases/1.11.23/" }, { "type": "WEB", "url": "https://docs.djangoproject.com/en/1.11/releases/1.11.23/" }, { "type": "WEB", "url": "https://docs.djangoproject.com/en/2.1/releases/2.1.11/" }, { "type": "WEB", "url": "https://docs.djangoproject.com/en/2.2/releases/2.2.4/" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-14232" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-14233" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-14234" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-14235" } ], "schema_version": "1.7.0", "summary": "Django -- multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "gitea" }, "ranges": [ { "events": [ { "fixed": "1.9.0" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://blog.gitea.io/2019/07/gitea-1.9.0-is-released/" ], "discovery": "2019-07-31T00:00:00Z", "vid": "e7b69694-b3b5-11e9-9bb6-0800274e5f20" }, "details": "The Gitea Team reports:\n\n> This version of Gitea contains security fixes that could not be\n> backported to 1.8. For this reason, we strongly recommend updating.\n", "id": "FreeBSD-2019-0170", "modified": "2019-07-31T00:00:00Z", "published": "2019-07-31T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://blog.gitea.io/2019/07/gitea-1.9.0-is-released/" }, { "type": "WEB", "url": "https://blog.gitea.io/2019/07/gitea-1.9.0-is-released/" }, { "type": "WEB", "url": "https://github.com/go-gitea/gitea/releases/tag/v1.9.0" } ], "schema_version": "1.7.0", "summary": "gitea -- multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:kernel", "name": "FreeBSD-kernel" }, "ranges": [ { "events": [ { "introduced": "12.0" }, { "fixed": "12.0_8" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "11.2" }, { "fixed": "11.2_12" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "11.3" }, { "fixed": "11.3_1" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "discovery": "2019-07-24T00:00:00Z", "references": { "cvename": [ "CVE-2019-5607" ], "freebsdsa": [ "SA-19:17.fd" ] }, "vid": "0d3f99f7-b30c-11e9-a87f-a4badb2f4699" }, "details": "# Problem Description:\n\nIf a process attempts to transmit rights over a UNIX-domain socket and\nan error causes the attempt to fail, references acquired on the rights\nare not released and are leaked. This bug can be used to cause the\nreference counter to wrap around and free the corresponding file\nstructure.\n\n# Impact:\n\nA local user can exploit the bug to gain root privileges or escape from\na jail.\n", "id": "FreeBSD-2019-0169", "modified": "2019-07-30T00:00:00Z", "published": "2019-07-30T00:00:00Z", "references": [ { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-5607" }, { "type": "ADVISORY", "url": "https://www.freebsd.org/security/advisories/FreeBSD-SA-19:17.fd.asc" } ], "schema_version": "1.7.0", "summary": "FreeBSD -- File description reference count leak" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:kernel", "name": "FreeBSD-kernel" }, "ranges": [ { "events": [ { "introduced": "12.0" }, { "fixed": "12.0_8" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "11.2" }, { "fixed": "11.2_12" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "11.3" }, { "fixed": "11.3_1" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "discovery": "2019-07-24T00:00:00Z", "references": { "cvename": [ "CVE-2019-5604" ], "freebsdsa": [ "SA-19:16.bhyve" ] }, "vid": "edf064fb-b30b-11e9-a87f-a4badb2f4699" }, "details": "# Problem Description:\n\nThe pci_xhci_device_doorbell() function does not validate the \\'epid\\'\nand \\'streamid\\' provided by the guest, leading to an out-of-bounds\nread.\n\n# Impact:\n\nA misbehaving bhyve guest could crash the system or access memory that\nit should not be able to.\n", "id": "FreeBSD-2019-0168", "modified": "2019-07-30T00:00:00Z", "published": "2019-07-30T00:00:00Z", "references": [ { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-5604" }, { "type": "ADVISORY", "url": "https://www.freebsd.org/security/advisories/FreeBSD-SA-19:16.bhyve.asc" } ], "schema_version": "1.7.0", "summary": "FreeBSD -- Bhyve out-of-bounds read in XHCI device" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:kernel", "name": "FreeBSD-kernel" }, "ranges": [ { "events": [ { "introduced": "12.0" }, { "fixed": "12.0_8" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "11.2" }, { "fixed": "11.2_12" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "11.3" }, { "fixed": "11.3_1" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "discovery": "2019-07-24T00:00:00Z", "references": { "cvename": [ "CVE-2019-5603" ], "freebsdsa": [ "SA-19:15.mqueuefs" ] }, "vid": "deb6e164-b30b-11e9-a87f-a4badb2f4699" }, "details": "# Problem Description:\n\nSystem calls operating on file descriptors obtain a reference to\nrelevant struct file which due to a programming error was not always put\nback, which in turn could be used to overflow the counter of affected\nstruct file.\n\n# Impact:\n\nA local user can use this flaw to obtain access to files, directories,\nsockets etc. opened by processes owned by other users. If obtained\nstruct file represents a directory from outside of user\\'s jail, it can\nbe used to access files outside of the jail. If the user in question is\na jailed root they can obtain root privileges on the host system.\n", "id": "FreeBSD-2019-0167", "modified": "2019-07-30T00:00:00Z", "published": "2019-07-30T00:00:00Z", "references": [ { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-5603" }, { "type": "ADVISORY", "url": "https://www.freebsd.org/security/advisories/FreeBSD-SA-19:15.mqueuefs.asc" } ], "schema_version": "1.7.0", "summary": "FreeBSD -- Reference count overflow in mqueue filesystem" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:kernel", "name": "FreeBSD-kernel" }, "ranges": [ { "events": [ { "introduced": "11.2" }, { "fixed": "11.2_12" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "11.3" }, { "fixed": "11.3_1" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "discovery": "2019-07-24T00:00:00Z", "references": { "cvename": [ "CVE-2019-5605" ], "freebsdsa": [ "SA-19:14.freebsd32" ] }, "vid": "6b856e00-b30a-11e9-a87f-a4badb2f4699" }, "details": "# Problem Description:\n\nDue to insufficient initialization of memory copied to userland in the\ncomponents listed above small amounts of kernel memory may be disclosed\nto userland processes.\n\n# Impact:\n\nA user who can invoke 32-bit FreeBSD ioctls may be able to read the\ncontents of small portions of kernel memory.\n\nSuch memory might contain sensitive information, such as portions of the\nfile cache or terminal buffers. This information might be directly\nuseful, or it might be leveraged to obtain elevated privileges in some\nway; for example, a terminal buffer might include a user-entered\npassword.\n", "id": "FreeBSD-2019-0166", "modified": "2019-07-30T00:00:00Z", "published": "2019-07-30T00:00:00Z", "references": [ { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-5605" }, { "type": "ADVISORY", "url": "https://www.freebsd.org/security/advisories/FreeBSD-SA-19:14.freebsd32.asc" } ], "schema_version": "1.7.0", "summary": "FreeBSD -- Kernel memory disclosure in freebsd32_ioctl" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:kernel", "name": "FreeBSD-kernel" }, "ranges": [ { "events": [ { "introduced": "12.0" }, { "fixed": "12.0_8" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "11.2" }, { "fixed": "11.2_12" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "11.3" }, { "fixed": "11.3_1" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "discovery": "2019-07-24T00:00:00Z", "references": { "cvename": [ "CVE-2019-5606" ], "freebsdsa": [ "SA-19:13.pts" ] }, "vid": "5721ae65-b30a-11e9-a87f-a4badb2f4699" }, "details": "# Problem Description:\n\nThe code which handles a close(2) of a descriptor created by\nposix_openpt(2) fails to undo the configuration which causes SIGIO to be\nraised. This bug can lead to a write-after-free of kernel memory.\n\n# Impact:\n\nThe bug permits malicious code to trigger a write-after-free, which may\nbe used to gain root privileges or escape a jail.\n", "id": "FreeBSD-2019-0165", "modified": "2019-07-30T00:00:00Z", "published": "2019-07-30T00:00:00Z", "references": [ { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-5606" }, { "type": "ADVISORY", "url": "https://www.freebsd.org/security/advisories/FreeBSD-SA-19:13.pts.asc" } ], "schema_version": "1.7.0", "summary": "FreeBSD -- pts(4) write-after-free" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "FreeBSD" }, "ranges": [ { "events": [ { "introduced": "12.0" }, { "fixed": "12.0_8" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "11.2" }, { "fixed": "11.2_12" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "11.3" }, { "fixed": "11.3_1" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "discovery": "2019-07-24T00:00:00Z", "references": { "cvename": [ "CVE-2019-0053" ], "freebsdsa": [ "SA-19:12.telnet" ] }, "vid": "39f6cbff-b30a-11e9-a87f-a4badb2f4699" }, "details": "# Problem Description:\n\nInsufficient validation of environment variables in the telnet client\nsupplied in FreeBSD can lead to stack-based buffer overflows. A stack-\nbased overflow is present in the handling of environment variables when\nconnecting via the telnet client to remote telnet servers.\n\nThis issue only affects the telnet client. Inbound telnet sessions to\ntelnetd(8) are not affected by this issue.\n\n# Impact:\n\nThese buffer overflows may be triggered when connecting to a malicious\nserver, or by an active attacker in the network path between the client\nand server. Specially crafted TELNET command sequences may cause the\nexecution of arbitrary code with the privileges of the user invoking\ntelnet(1).\n", "id": "FreeBSD-2019-0164", "modified": "2019-07-30T00:00:00Z", "published": "2019-07-30T00:00:00Z", "references": [ { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-0053" }, { "type": "ADVISORY", "url": "https://www.freebsd.org/security/advisories/FreeBSD-SA-19:12.telnet.asc" } ], "schema_version": "1.7.0", "summary": "FreeBSD -- telnet(1) client multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:kernel", "name": "FreeBSD-kernel" }, "ranges": [ { "events": [ { "introduced": "12.0" }, { "fixed": "12.0_7" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "11.2" }, { "fixed": "11.2_11" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "discovery": "2019-07-02T00:00:00Z", "references": { "cvename": [ "CVE-2019-5602" ], "freebsdsa": [ "SA-19:11.cd_ioctl" ] }, "vid": "14a3b376-b30a-11e9-a87f-a4badb2f4699" }, "details": "# Problem Description:\n\nTo implement one particular ioctl, the Linux emulation code used a\nspecial interface present in the cd(4) driver which allows it to copy\nsubchannel information directly to a kernel address. This interface was\nerroneously made accessible to userland, allowing users with read access\nto a cd(4) device to arbitrarily overwrite kernel memory when some media\nis present in the device.\n\n# Impact:\n\nA user in the operator group can make use of this interface to gain root\nprivileges on a system with a cd(4) device when some media is present in\nthe device.\n", "id": "FreeBSD-2019-0163", "modified": "2019-07-30T00:00:00Z", "published": "2019-07-30T00:00:00Z", "references": [ { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-5602" }, { "type": "ADVISORY", "url": "https://www.freebsd.org/security/advisories/FreeBSD-SA-19:11.cd_ioctl.asc" } ], "schema_version": "1.7.0", "summary": "FreeBSD -- Privilege escalation in cd(4) driver" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:kernel", "name": "FreeBSD-kernel" }, "ranges": [ { "events": [ { "introduced": "12.0" }, { "fixed": "12.0_7" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "11.2" }, { "fixed": "11.2_11" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "discovery": "2019-07-02T00:00:00Z", "references": { "cvename": [ "CVE-2019-5601" ], "freebsdsa": [ "SA-19:10.ufs" ] }, "vid": "ff82610f-b309-11e9-a87f-a4badb2f4699" }, "details": "# Problem Description:\n\nA bug causes up to three bytes of kernel stack memory to be written to\ndisk as uninitialized directory entry padding. This data can be viewed\nby any user with read access to the directory. Additionally, a malicious\nuser with write access to a directory can cause up to 254 bytes of\nkernel stack memory to be exposed.\n\n# Impact:\n\nSome amount of the kernel stack is disclosed and written out to the\nfilesystem.\n", "id": "FreeBSD-2019-0162", "modified": "2019-07-30T00:00:00Z", "published": "2019-07-30T00:00:00Z", "references": [ { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-5601" }, { "type": "ADVISORY", "url": "https://www.freebsd.org/security/advisories/FreeBSD-SA-19:10.ufs.asc" } ], "schema_version": "1.7.0", "summary": "FreeBSD -- Kernel stack disclosure in UFS/FFS" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "FreeBSD" }, "ranges": [ { "events": [ { "introduced": "12.0" }, { "fixed": "12.0_7" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "11.2" }, { "fixed": "11.2_11" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "discovery": "2019-07-02T00:00:00Z", "references": { "cvename": [ "CVE-2019-5600" ], "freebsdsa": [ "SA-19:09.iconv" ] }, "vid": "f62bba56-b309-11e9-a87f-a4badb2f4699" }, "details": "# Problem Description:\n\nWith certain inputs, iconv may write beyond the end of the output\nbuffer.\n\n# Impact:\n\nDepending on the way in which iconv is used, an attacker may be able to\ncreate a denial of service, provoke incorrect program behavior, or\ninduce a remote code execution. iconv is a libc library function and the\nnature of possible attacks will depend on the way in which iconv is used\nby applications or daemons.\n", "id": "FreeBSD-2019-0161", "modified": "2019-07-30T00:00:00Z", "published": "2019-07-30T00:00:00Z", "references": [ { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-5600" }, { "type": "ADVISORY", "url": "https://www.freebsd.org/security/advisories/FreeBSD-SA-19:09.iconv.asc" } ], "schema_version": "1.7.0", "summary": "FreeBSD -- iconv buffer overflow" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:kernel", "name": "FreeBSD-kernel" }, "ranges": [ { "events": [ { "introduced": "12.0" }, { "fixed": "12.0_6" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "discovery": "2019-06-19T00:00:00Z", "references": { "cvename": [ "CVE-2019-5599" ], "freebsdsa": [ "SA-19:08.rack" ] }, "vid": "c294c2e6-b309-11e9-a87f-a4badb2f4699" }, "details": "# Problem Description:\n\nWhile processing acknowledgements, the RACK code uses several linked\nlists to maintain state entries. A malicious attacker can cause the\nlists to grow unbounded. This can cause an expensive list traversal on\nevery packet being processed, leading to resource exhaustion and a\ndenial of service.\n\n# Impact:\n\nAn attacker with the ability to send specially crafted TCP traffic to a\nvictim system can degrade network performance and/or consume excessive\nCPU by exploiting the inefficiency of traversing the potentially very\nlarge RACK linked lists with relatively small bandwidth cost.\n", "id": "FreeBSD-2019-0160", "modified": "2019-07-30T00:00:00Z", "published": "2019-07-30T00:00:00Z", "references": [ { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-5599" }, { "type": "ADVISORY", "url": "https://www.freebsd.org/security/advisories/FreeBSD-SA-19:08.rack.asc" } ], "schema_version": "1.7.0", "summary": "FreeBSD -- Resource exhaustion in non-default RACK TCP stack" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:kernel", "name": "FreeBSD-kernel" }, "ranges": [ { "events": [ { "introduced": "12.0" }, { "fixed": "12.0_5" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "11.2" }, { "fixed": "11.2_10" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "discovery": "2019-05-14T00:00:00Z", "references": { "cvename": [ "CVE-2018-1212", "CVE-2018-1213", "CVE-2019-1109" ], "freebsdsa": [ "SA-19:07.mds" ] }, "vid": "a633651b-b309-11e9-a87f-a4badb2f4699" }, "details": "# Problem Description:\n\nOn some Intel processors utilizing speculative execution a local process\nmay be able to infer stale information from microarchitectural buffers\nto obtain a memory disclosure.\n\n# Impact:\n\nAn attacker may be able to read secret data from the kernel or from a\nprocess when executing untrusted code (for example, in a web browser).\n", "id": "FreeBSD-2019-0159", "modified": "2019-07-30T00:00:00Z", "published": "2019-07-30T00:00:00Z", "references": [ { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-1212" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-1213" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-1109" }, { "type": "ADVISORY", "url": "https://www.freebsd.org/security/advisories/FreeBSD-SA-19:07.mds.asc" } ], "schema_version": "1.7.0", "summary": "FreeBSD -- Microarchitectural Data Sampling (MDS)" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:kernel", "name": "FreeBSD-kernel" }, "ranges": [ { "events": [ { "introduced": "12.0" }, { "fixed": "12.0_4" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "11.2" }, { "fixed": "11.2_10" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "discovery": "2019-05-14T00:00:00Z", "references": { "cvename": [ "CVE-2019-5598" ], "freebsdsa": [ "SA-19:06.pf" ] }, "vid": "59c5f255-b309-11e9-a87f-a4badb2f4699" }, "details": "# Problem Description:\n\nStates in pf(4) let ICMP and ICMP6 packets pass if they have a packet in\ntheir payload matching an existing condition. pf(4) does not check if\nthe outer ICMP or ICMP6 packet has the same destination IP as the source\nIP of the inner protocol packet.\n\n# Impact:\n\nA maliciously crafted ICMP/ICMP6 packet could bypass the packet filter\nrules and be passed to a host that would otherwise be unavailable.\n", "id": "FreeBSD-2019-0158", "modified": "2019-07-30T00:00:00Z", "published": "2019-07-30T00:00:00Z", "references": [ { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-5598" }, { "type": "ADVISORY", "url": "https://www.freebsd.org/security/advisories/FreeBSD-SA-19:06.pf.asc" } ], "schema_version": "1.7.0", "summary": "FreeBSD -- ICMP/ICMP6 packet filter bypass in pf" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:kernel", "name": "FreeBSD-kernel" }, "ranges": [ { "events": [ { "introduced": "12.0" }, { "fixed": "12.0_4" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "11.2" }, { "fixed": "11.2_10" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "discovery": "2019-05-14T00:00:00Z", "references": { "cvename": [ "CVE-2019-5597" ], "freebsdsa": [ "SA-19:05.pf" ] }, "vid": "3d02520d-b309-11e9-a87f-a4badb2f4699" }, "details": "# Problem Description:\n\nA bug in the pf(4) IPv6 fragment reassembly logic incorrectly uses the\nlast extension header offset from the last received packet instead of\nfrom the first packet.\n\n# Impact:\n\nMalicious IPv6 packets with different IPv6 extensions could cause a\nkernel panic or potentially a filtering rule bypass.\n", "id": "FreeBSD-2019-0157", "modified": "2019-07-30T00:00:00Z", "published": "2019-07-30T00:00:00Z", "references": [ { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-5597" }, { "type": "ADVISORY", "url": "https://www.freebsd.org/security/advisories/FreeBSD-SA-19:05.pf.asc" } ], "schema_version": "1.7.0", "summary": "FreeBSD -- IPv6 fragment reassembly panic in pf(4)" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "gitlab-ce" }, "ranges": [ { "events": [ { "introduced": "12.1.0" }, { "fixed": "12.1.2" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "12.0.0" }, { "fixed": "12.0.4" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "8.9.0" }, { "fixed": "11.11.7" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://about.gitlab.com/2019/07/29/security-release-gitlab-12-dot-1-dot-2-released/" ], "discovery": "2019-07-29T00:00:00Z", "vid": "1cd89254-b2db-11e9-8001-001b217b3468" }, "details": "Gitlab reports:\n\n> GitHub Integration SSRF\n>\n> Trigger Token Impersonation\n>\n> Build Status Disclosure\n>\n> SSRF Mitigation Bypass\n>\n> Information Disclosure New Issue ID\n>\n> IDOR Label Name Enumeration\n>\n> Persistent XSS Wiki Pages\n>\n> User Revokation Bypass with Mattermost Integration\n>\n> Arbitrary File Upload via Import Project Archive\n>\n> Information Disclosure Vulnerability Feedback\n>\n> Persistent XSS via Email\n>\n> Denial Of Service Epic Comments\n>\n> Email Verification Bypass\n>\n> Override Merge Request Approval Rules\n", "id": "FreeBSD-2019-0156", "modified": "2019-07-30T00:00:00Z", "published": "2019-07-30T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://about.gitlab.com/2019/07/29/security-release-gitlab-12-dot-1-dot-2-released/" }, { "type": "WEB", "url": "https://about.gitlab.com/2019/07/29/security-release-gitlab-12-dot-1-dot-2-released/" } ], "schema_version": "1.7.0", "summary": "Gitlab -- Multiple Vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "py27-matrix-synapse" }, "ranges": [ { "events": [ { "fixed": "1.2.1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "py35-matrix-synapse" }, "ranges": [ { "events": [ { "fixed": "1.2.1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "py36-matrix-synapse" }, "ranges": [ { "events": [ { "fixed": "1.2.1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "py37-matrix-synapse" }, "ranges": [ { "events": [ { "fixed": "1.2.1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://matrix.org/blog/2019/07/26/critical-security-update-synapse-1-2-1-released" ], "discovery": "2019-07-26T00:00:00Z", "vid": "38d2df4d-b143-11e9-87e7-901b0e934d69" }, "details": "Matrix developers report:\n\n> The matrix team releases Synapse 1.2.1 as a critical security update.\n> It contains patches relating to redactions and event federation:\n>\n> - Prevent an attack where a federated server could send redactions for\n> arbitrary events in v1 and v2 rooms.\n> - Prevent a denial-of-service attack where cycles of redaction events\n> would make Synapse spin infinitely.\n> - Prevent an attack where users could be joined or parted from public\n> rooms without their consent.\n> - Fix a vulnerability where a federated server could spoof\n> read-receipts from users on other servers.\n> - It was possible for a room moderator to send a redaction for an\n> m.room.create event, which would downgrade the room to version 1.\n", "id": "FreeBSD-2019-0155", "modified": "2019-07-28T00:00:00Z", "published": "2019-07-28T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://matrix.org/blog/2019/07/26/critical-security-update-synapse-1-2-1-released" }, { "type": "WEB", "url": "https://matrix.org/blog/2019/07/26/critical-security-update-synapse-1-2-1-released" }, { "type": "WEB", "url": "https://github.com/matrix-org/synapse/releases/tag/v1.2.1" } ], "schema_version": "1.7.0", "summary": "py-matrix-synapse -- multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "exim" }, "ranges": [ { "events": [ { "introduced": "4.85" }, { "fixed": "4.92.1" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://www.exim.org/static/doc/security/CVE-2019-13917.txt" ], "discovery": "2019-07-18T00:00:00Z", "references": { "cvename": [ "CVE-2019-13917" ] }, "vid": "3e0da406-aece-11e9-8d41-97657151f8c2" }, "details": "Exim team report:\n\n> A local or remote attacker can execute programs with root privileges -\n> if you\\'ve an unusual configuration.\n>\n> If your configuration uses the \\${sort } expansion for items that can\n> be controlled by an attacker (e.g. \\$local_part, \\$domain). The\n> default config, as shipped by the Exim developers, does not contain\n> \\${sort }.\n>\n> The vulnerability is exploitable either remotely or locally and could\n> be used to execute other programs with root privilege. The \\${sort }\n> expansion re-evaluates its items.\n>\n> Exim 4.92.1 is not vulnerable.\n", "id": "FreeBSD-2019-0154", "modified": "2019-07-26T00:00:00Z", "published": "2019-07-25T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://www.exim.org/static/doc/security/CVE-2019-13917.txt" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-13917" }, { "type": "WEB", "url": "https://www.exim.org/static/doc/security/CVE-2019-13917.txt" } ], "schema_version": "1.7.0", "summary": "Exim -- RCE in ${sort} expansion" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "mariadb55-server" }, "ranges": [ { "events": [ { "fixed": "5.5.65" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "mariadb101-server" }, "ranges": [ { "events": [ { "fixed": "10.1.41" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "mariadb102-server" }, "ranges": [ { "events": [ { "fixed": "10.2.26" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "mariadb103-server" }, "ranges": [ { "events": [ { "fixed": "10.3.17" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "mariadb104-server" }, "ranges": [ { "events": [ { "fixed": "10.4.7" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "mysql56-server" }, "ranges": [ { "events": [ { "fixed": "5.6.45" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "mysql57-server" }, "ranges": [ { "events": [ { "fixed": "5.7.27" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "mysql80-server" }, "ranges": [ { "events": [ { "fixed": "8.0.17" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "percona55-server" }, "ranges": [ { "events": [ { "fixed": "5.5.65" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "percona56-server" }, "ranges": [ { "events": [ { "fixed": "5.6.45" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "percona57-server" }, "ranges": [ { "events": [ { "fixed": "5.7.27" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html" ], "discovery": "2019-07-16T00:00:00Z", "references": { "cvename": [ "CVE-2019-2730", "CVE-2019-2731", "CVE-2019-2737", "CVE-2019-2738", "CVE-2019-2739", "CVE-2019-2740", "CVE-2019-2741", "CVE-2019-2743", "CVE-2019-2746", "CVE-2019-2747", "CVE-2019-2752", "CVE-2019-2755", "CVE-2019-2757", "CVE-2019-2758", "CVE-2019-2774", "CVE-2019-2778", "CVE-2019-2780", "CVE-2019-2784", "CVE-2019-2785", "CVE-2019-2789", "CVE-2019-2791", "CVE-2019-2795", "CVE-2019-2796", "CVE-2019-2797", "CVE-2019-2798", "CVE-2019-2800", "CVE-2019-2801", "CVE-2019-2802", "CVE-2019-2803", "CVE-2019-2805", "CVE-2019-2808", "CVE-2019-2810", "CVE-2019-2811", "CVE-2019-2812", "CVE-2019-2814", "CVE-2019-2815", "CVE-2019-2819", "CVE-2019-2822", "CVE-2019-2826", "CVE-2019-2830", "CVE-2019-2834", "CVE-2019-2879", "CVE-2019-3822" ] }, "vid": "198e6220-ac8b-11e9-a1c7-b499baebfeaf" }, "details": "Oracle reports:\n\n> This Critical Patch Update contains 45 new security fixes for Oracle\n> MySQL. 4 of these vulnerabilities may be remotely exploitable without\n> authentication, i.e., may be exploited over a network without\n> requiring user credentials.\n", "id": "FreeBSD-2019-0153", "modified": "2019-07-22T00:00:00Z", "published": "2019-07-22T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html" }, { "type": "WEB", "url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-2730" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-2731" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-2737" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-2738" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-2739" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-2740" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-2741" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-2743" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-2746" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-2747" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-2752" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-2755" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-2757" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-2758" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-2774" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-2778" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-2780" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-2784" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-2785" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-2789" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-2791" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-2795" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-2796" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-2797" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-2798" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-2800" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-2801" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-2802" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-2803" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-2805" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-2808" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-2810" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-2811" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-2812" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-2814" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-2815" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-2819" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-2822" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-2826" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-2830" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-2834" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-2879" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-3822" } ], "schema_version": "1.7.0", "summary": "MySQL -- Multiple vulerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "drupal8" }, "ranges": [ { "events": [ { "fixed": "8.7.5" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://www.drupal.org/SA-CORE-2019-008" ], "discovery": "2019-07-17T00:00:00Z", "vid": "19d648e0-ab69-11e9-bfef-000ffec0b3e1" }, "details": "Drupal Security Team reports:\n\n> In Drupal 8.7.4, when the experimental Workspaces module is enabled,\n> an access bypass condition is created.\n>\n> This can be mitigated by disabling the Workspaces module. It does not\n> affect any release other than Drupal 8.7.4.\n", "id": "FreeBSD-2019-0152", "modified": "2019-07-21T00:00:00Z", "published": "2019-07-21T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://www.drupal.org/SA-CORE-2019-008" }, { "type": "WEB", "url": "https://www.drupal.org/SA-CORE-2019-008" } ], "schema_version": "1.7.0", "summary": "drupal -- Drupal core - Access bypass" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "putty" }, "ranges": [ { "events": [ { "fixed": "0.72" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "putty-gtk2" }, "ranges": [ { "events": [ { "fixed": "0.72" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "putty-nogtk" }, "ranges": [ { "events": [ { "fixed": "0.72" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://lists.tartarus.org/pipermail/putty-announce/2019/000028.html" ], "discovery": "2019-07-14T00:00:00Z", "vid": "5914705c-ab03-11e9-a4f9-080027ac955c" }, "details": "Simon Tatham reports:\n\n> Vulnerabilities fixed in this release include:\n>\n> - A malicious SSH-1 server could trigger a buffer overrun by sending\n> extremely short RSA keys, or certain bad packet length fields.\n> Either of these could happen before host key verification, so even\n> if you trust the server you \\*intended\\* to connect to, you would\n> still be at risk.\\\n> (However, the SSH-1 protocol is obsolete, and recent versions of\n> PuTTY do not try it by default, so you are only at risk if you work\n> with old servers and have explicitly configured SSH-1.)\n> - If a malicious process found a way to impersonate Pageant, then it\n> could cause an integer overflow in any of the SSH client tools\n> (PuTTY, Plink, PSCP, PSFTP) which accessed the malicious Pageant.\n>\n> Other security-related bug fixes include:\n>\n> - The \\'trust sigil\\' system introduced in PuTTY 0.71 to protect\n> against server spoofing attacks had multiple bugs. Trust sigils were\n> not turned off after login in the SSH-1 and Rlogin protocols, and\n> not turned back on if you used the Restart Session command. Both are\n> now fixed.\n", "id": "FreeBSD-2019-0151", "modified": "2019-07-20T00:00:00Z", "published": "2019-07-20T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://lists.tartarus.org/pipermail/putty-announce/2019/000028.html" }, { "type": "WEB", "url": "https://lists.tartarus.org/pipermail/putty-announce/2019/000028.html" } ], "schema_version": "1.7.0", "summary": "PuTTY 0.72 -- buffer overflow in SSH-1 and integer overflow in SSH client" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "jenkins" }, "ranges": [ { "events": [ { "fixed": "2.186" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "jenkins-lts" }, "ranges": [ { "events": [ { "fixed": "2.176.2" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://jenkins.io/security/advisory/2019-07-17/" ], "discovery": "2019-07-17T00:00:00Z", "references": { "cvename": [ "CVE-2019-10352", "CVE-2019-10353", "CVE-2019-10354" ] }, "vid": "df3db21d-1a4d-4c78-acf7-4639e5a795e0" }, "details": "Jenkins Security Advisory:\n\n> # Description\n>\n> ##### (Medium) SECURITY-1424 / CVE-2019-10352\n>\n> Arbitrary file write vulnerability using file parameter definitions\n>\n> ##### (High) SECURITY-626 / CVE-2019-10353\n>\n> CSRF protection tokens did not expire\n>\n> ##### (Medium) SECURITY-534 / CVE-2019-10354\n>\n> Unauthorized view fragment access\n", "id": "FreeBSD-2019-0150", "modified": "2019-07-17T00:00:00Z", "published": "2019-07-17T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://jenkins.io/security/advisory/2019-07-17/" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-10352" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-10353" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-10354" }, { "type": "WEB", "url": "https://jenkins.io/security/advisory/2019-07-17/" } ], "schema_version": "1.7.0", "summary": "jenkins -- multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "libxslt" }, "ranges": [ { "events": [ { "fixed": "1.1.33" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11068" ], "discovery": "2019-04-10T00:00:00Z", "vid": "93167bef-9752-11e9-b61c-b885849ded8e" }, "details": "Mitre report:\n\n> libxslt through 1.1.33 allows bypass of a protection mechanism because\n> callers of xsltCheckRead and xsltCheckWrite permit access even upon\n> receiving a -1 error code. xsltCheckRead can return -1 for a crafted\n> URL that is not actually invalid and is subsequently loaded.\n", "id": "FreeBSD-2019-0149", "modified": "2019-07-16T00:00:00Z", "published": "2019-07-16T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11068" }, { "type": "ADVISORY", "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11068" } ], "schema_version": "1.7.0", "summary": "libxslt -- security framework bypass" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "asterisk13" }, "ranges": [ { "events": [ { "fixed": "13.27.1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "asterisk15" }, "ranges": [ { "events": [ { "fixed": "15.7.3" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "asterisk16" }, "ranges": [ { "events": [ { "fixed": "16.4.1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "http://www.asterisk.org/downloads/security-advisories" ], "discovery": "2019-06-13T00:00:00Z", "references": { "cvename": [ "CVE-2019-12827" ] }, "vid": "818b2bcb-a46f-11e9-bed9-001999f8d30b" }, "details": "The Asterisk project reports:\n\n> A specially crafted SIP in-dialog MESSAGE message can cause Asterisk\n> to crash.\n", "id": "FreeBSD-2019-0148", "modified": "2019-07-12T00:00:00Z", "published": "2019-07-12T00:00:00Z", "references": [ { "type": "REPORT", "url": "http://www.asterisk.org/downloads/security-advisories" }, { "type": "WEB", "url": "https://downloads.asterisk.org/pub/security/AST-2019-002.html" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-12827" } ], "schema_version": "1.7.0", "summary": "asterisk -- Remote crash vulnerability with MESSAGE messages" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "asterisk13" }, "ranges": [ { "events": [ { "fixed": "13.27.1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "asterisk15" }, "ranges": [ { "events": [ { "fixed": "15.7.3" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "asterisk16" }, "ranges": [ { "events": [ { "fixed": "16.4.1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "http://www.asterisk.org/downloads/security-advisories" ], "discovery": "2019-06-28T00:00:00Z", "references": { "cvename": [ "CVE-2019-13161" ] }, "vid": "e9d2e981-a46d-11e9-bed9-001999f8d30b" }, "details": "The Asterisk project reports:\n\n> When T.38 faxing is done in Asterisk a T.38 reinvite may be sent to an\n> endpoint to switch it to T.38. If the endpoint responds with an\n> improperly formatted SDP answer including both a T.38 UDPTL stream and\n> an audio or video stream containing only codecs not allowed on the SIP\n> peer or user a crash will occur. The code incorrectly assumes that\n> there will be at least one common codec when T.38 is also in the SDP\n> answer.\n", "id": "FreeBSD-2019-0147", "modified": "2019-07-12T00:00:00Z", "published": "2019-07-12T00:00:00Z", "references": [ { "type": "REPORT", "url": "http://www.asterisk.org/downloads/security-advisories" }, { "type": "WEB", "url": "https://downloads.asterisk.org/pub/security/AST-2019-003.html" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-13161" } ], "schema_version": "1.7.0", "summary": "asterisk -- Remote Crash Vulnerability in chan_sip channel driver" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "python37" }, "ranges": [ { "events": [ { "fixed": "3.7.4" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://docs.python.org/3.7/whatsnew/changelog.html#python-3-7-4-final" ], "discovery": "2019-03-13T00:00:00Z", "references": { "cvename": [ "CVE-2019-9740", "CVE-2019-9948" ] }, "vid": "a449c604-a43a-11e9-b422-fcaa147e860e" }, "details": "Python changelog:\n\n> bpo-37463: ssl.match_hostname() no longer accepts IPv4 addresses with\n> additional text after the address and only quad-dotted notation\n> without trailing whitespaces. Some inet_aton() implementations ignore\n> whitespace and all data after whitespace, e.g.\\'127.0.0.1 whatever\\'.\n>\n> bpo-35907: CVE-2019-9948: Avoid file reading by disallowing\n> local-file:// and local_file:// URL schemes in URLopener().open() and\n> URLopener().retrieve() of urllib.request.\n>\n> bpo-36742: Fixes mishandling of pre-normalization characters in\n> urlsplit().\n>\n> bpo-30458: Address CVE-2019-9740 by disallowing URL paths with\n> embedded whitespace or control characters through into the underlying\n> http client request. Such potentially malicious header injection URLs\n> now cause an http.client.InvalidURL exception to be raised.\n>\n> bpo-33529: Prevent fold function used in email header encoding from\n> entering infinite loop when there are too many non-ASCII characters in\n> a header.\n>\n> bpo-35755: shutil.which() now uses os.confstr(\\\"CS_PATH\\\") if\n> available and if the PATH environment variable is not set. Remove also\n> the current directory from posixpath.defpath. On Unix, shutil.which()\n> and the subprocess module no longer search the executable in the\n> current directory if the PATH environment variable is not set.\n", "id": "FreeBSD-2019-0146", "modified": "2019-07-12T00:00:00Z", "published": "2019-07-12T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://docs.python.org/3.7/whatsnew/changelog.html#python-3-7-4-final" }, { "type": "WEB", "url": "https://docs.python.org/3.7/whatsnew/changelog.html#python-3-7-4-final" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-9740" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-9948" } ], "schema_version": "1.7.0", "summary": "python 3.7 -- multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "firefox" }, "ranges": [ { "events": [ { "fixed": "68.0_4,1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "waterfox" }, "ranges": [ { "events": [ { "fixed": "56.2.12" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "seamonkey" }, "ranges": [ { "events": [ { "fixed": "2.53.0" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "linux-seamonkey" }, "ranges": [ { "events": [ { "fixed": "2.53.0" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "firefox-esr" }, "ranges": [ { "events": [ { "fixed": "60.8.0,1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "linux-firefox" }, "ranges": [ { "events": [ { "fixed": "60.8.0,2" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "libxul" }, "ranges": [ { "events": [ { "fixed": "60.8.0" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "thunderbird" }, "ranges": [ { "events": [ { "fixed": "60.8.0" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "linux-thunderbird" }, "ranges": [ { "events": [ { "fixed": "60.8.0" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://www.mozilla.org/en-US/security/advisories/mfsa2019-21/" ], "discovery": "2019-07-09T00:00:00Z", "references": { "cvename": [ "CVE-2019-11709", "CVE-2019-11710", "CVE-2019-11711", "CVE-2019-11712", "CVE-2019-11713", "CVE-2019-11714", "CVE-2019-11715", "CVE-2019-11716", "CVE-2019-11717", "CVE-2019-11718", "CVE-2019-11719", "CVE-2019-11720", "CVE-2019-11721", "CVE-2019-11723", "CVE-2019-11724", "CVE-2019-11725", "CVE-2019-11727", "CVE-2019-11728", "CVE-2019-11729", "CVE-2019-11730", "CVE-2019-9811" ] }, "vid": "0592f49f-b3b8-4260-b648-d1718762656c" }, "details": "Mozilla Foundation reports:\n\n> CVE-2019-9811: Sandbox escape via installation of malicious language\n> pack\n>\n> CVE-2019-11711: Script injection within domain through inner window\n> reuse\n>\n> CVE-2019-11712: Cross-origin POST requests can be made with NPAPI\n> plugins by following 308 redirects\n>\n> CVE-2019-11713: Use-after-free with HTTP/2 cached stream\n>\n> CVE-2019-11714: NeckoChild can trigger crash when accessed off of main\n> thread\n>\n> CVE-2019-11729: Empty or malformed p256-ECDH public keys may trigger a\n> segmentation fault\n>\n> CVE-2019-11715: HTML parsing error can contribute to content XSS\n>\n> CVE-2019-11716: globalThis not enumerable until accessed\n>\n> CVE-2019-11717: Caret character improperly escaped in origins\n>\n> CVE-2019-11718: Activity Stream writes unsanitized content to\n> innerHTML\n>\n> CVE-2019-11719: Out-of-bounds read when importing curve25519 private\n> key\n>\n> CVE-2019-11720: Character encoding XSS vulnerability\n>\n> CVE-2019-11721: Domain spoofing through unicode latin \\'kra\\'\n> character\n>\n> CVE-2019-11730: Same-origin policy treats all files in a directory as\n> having the same-origin\n>\n> CVE-2019-11723: Cookie leakage during add-on fetching across private\n> browsing boundaries\n>\n> CVE-2019-11724: Retired site input.mozilla.org has remote\n> troubleshooting permissions\n>\n> CVE-2019-11725: Websocket resources bypass safebrowsing protections\n>\n> CVE-2019-11727: PKCS#1 v1.5 signatures can be used for TLS 1.3\n>\n> CVE-2019-11728: Port scanning through Alt-Svc header\n>\n> CVE-2019-11710: Memory safety bugs fixed in Firefox 68\n>\n> CVE-2019-11709: Memory safety bugs fixed in Firefox 68 and Firefox ESR\n> 60.8\n", "id": "FreeBSD-2019-0145", "modified": "2019-07-23T00:00:00Z", "published": "2019-07-09T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2019-21/" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-11709" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-11710" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-11711" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-11712" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-11713" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-11714" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-11715" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-11716" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-11717" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-11718" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-11719" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-11720" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-11721" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-11723" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-11724" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-11725" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-11727" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-11728" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-11729" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-11730" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-9811" }, { "type": "WEB", "url": "https://www.mozilla.org/security/advisories/mfsa2019-21/" }, { "type": "WEB", "url": "https://www.mozilla.org/security/advisories/mfsa2019-22/" } ], "schema_version": "1.7.0", "summary": "mozilla -- multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "gnupg" }, "ranges": [ { "events": [ { "fixed": "2.2.17" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://dev.gnupg.org/T4606" ], "discovery": "2019-07-03T00:00:00Z", "vid": "23f65f58-a261-11e9-b444-002590acae31" }, "details": "From the GnuPG 2.2.17 changelog:\n\n> gpg: Ignore all key-signatures received from keyservers. This change\n> is required to mitigate a DoS due to keys flooded with faked\n> key-signatures.\n", "id": "FreeBSD-2019-0144", "modified": "2019-07-09T00:00:00Z", "published": "2019-07-09T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://dev.gnupg.org/T4606" }, { "type": "WEB", "url": "https://dev.gnupg.org/T4606" }, { "type": "WEB", "url": "https://dev.gnupg.org/T4607" } ], "schema_version": "1.7.0", "summary": "GnuPG -- denial of service" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "python36" }, "ranges": [ { "events": [ { "fixed": "3.6.9" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://docs.python.org/3.6/whatsnew/changelog.html#python-3-6-9-final" ], "discovery": "2019-03-13T00:00:00Z", "references": { "cvename": [ "CVE-2019-9948", "CVE-2019-9740" ] }, "vid": "18ed9650-a1d6-11e9-9b17-fcaa147e860e" }, "details": "Python changelog:\n\n> bpo-35907: CVE-2019-9948: Avoid file reading by disallowing\n> local-file:// and local_file:// URL schemes in URLopener().open() and\n> URLopener().retrieve() of urllib.request.\n>\n> bpo-36742: Fixes mishandling of pre-normalization characters in\n> urlsplit().\n>\n> bpo-30458: Address CVE-2019-9740 by disallowing URL paths with\n> embedded whitespace or control characters through into the underlying\n> http client request. Such potentially malicious header injection URLs\n> now cause an http.client.InvalidURL exception to be raised.\n>\n> bpo-36216: Changes urlsplit() to raise ValueError when the URL\n> contains characters that decompose under IDNA encoding\n> (NFKC-normalization) into characters that affect how the URL is\n> parsed.\n>\n> bpo-33529: Prevent fold function used in email header encoding from\n> entering infinite loop when there are too many non-ASCII characters in\n> a header.\n>\n> bpo-35121: Don\\'t send cookies of domain A without Domain attribute to\n> domain B when domain A is a suffix match of domain B while using a\n> cookiejar with http.cookiejar.DefaultCookiePolicy policy. Patch by\n> Karthikeyan Singaravelan.\n", "id": "FreeBSD-2019-0143", "modified": "2019-07-08T00:00:00Z", "published": "2019-07-08T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://docs.python.org/3.6/whatsnew/changelog.html#python-3-6-9-final" }, { "type": "WEB", "url": "https://docs.python.org/3.6/whatsnew/changelog.html#python-3-6-9-final" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-9948" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-9740" } ], "schema_version": "1.7.0", "summary": "python 3.6 -- multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "webkit2-gtk3" }, "ranges": [ { "events": [ { "fixed": "2.24.2" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "discovery": "2019-04-10T00:00:00Z", "references": { "cvename": [ "CVE-2019-6201", "CVE-2019-6251", "CVE-2019-7285", "CVE-2019-7292", "CVE-2019-8503", "CVE-2019-8506", "CVE-2019-8515", "CVE-2019-8518", "CVE-2019-8523", "CVE-2019-8524", "CVE-2019-8535", "CVE-2019-8536", "CVE-2019-8544", "CVE-2019-8551", "CVE-2019-8558", "CVE-2019-8559", "CVE-2019-8563", "CVE-2019-11070", "CVE-2019-6237", "CVE-2019-8571", "CVE-2019-8583", "CVE-2019-8584", "CVE-2019-8586", "CVE-2019-8587", "CVE-2019-8594", "CVE-2019-8595", "CVE-2019-8596", "CVE-2019-8597", "CVE-2019-8601", "CVE-2019-8607", "CVE-2019-8608", "CVE-2019-8609", "CVE-2019-8610", "CVE-2019-8615", "CVE-2019-8611", "CVE-2019-8619", "CVE-2019-8622", "CVE-2019-8623" ] }, "vid": "3dd46e05-9fb0-11e9-bf65-00012e582166" }, "details": "The WebKitGTK project reports many vulnerabilities, including several\narbitrary code execution vulnerabilities.\n", "id": "FreeBSD-2019-0142", "modified": "2019-07-06T00:00:00Z", "published": "2019-07-06T00:00:00Z", "references": [ { "type": "WEB", "url": "https://webkitgtk.org/security/WSA-2019-0002.html" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-6201" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-6251" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-7285" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-7292" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-8503" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-8506" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-8515" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-8518" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-8523" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-8524" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-8535" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-8536" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-8544" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-8551" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-8558" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-8559" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-8563" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-11070" }, { "type": "WEB", "url": "https://webkitgtk.org/security/WSA-2019-0003.html" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-6237" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-8571" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-8583" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-8584" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-8586" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-8587" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-8594" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-8595" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-8596" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-8597" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-8601" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-8607" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-8608" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-8609" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-8610" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-8615" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-8611" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-8619" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-8622" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-8623" } ], "schema_version": "1.7.0", "summary": "webkit2-gtk3 -- Multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "mediawiki131" }, "ranges": [ { "events": [ { "fixed": "1.31.3" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "mediawiki132" }, "ranges": [ { "events": [ { "fixed": "1.32.3" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://lists.wikimedia.org/pipermail/mediawiki-announce/2019-June/000230.html" ], "discovery": "2019-04-23T00:00:00Z", "references": { "cvename": [ "CVE-2019-11358", "CVE-2019-12466", "CVE-2019-12467", "CVE-2019-12468", "CVE-2019-12469", "CVE-2019-12470", "CVE-2019-12471", "CVE-2019-12472", "CVE-2019-12473", "CVE-2019-12474" ] }, "vid": "3c5a4fe0-9ebb-11e9-9169-fcaa147e860e" }, "details": "Mediawiki reports:\n\n> Security fixes: T197279, CVE-2019-12468: Directly POSTing to\n> Special:ChangeEmail would allow for bypassing reauthentication,\n> allowing for potential account takeover. T204729, CVE-2019-12473:\n> Passing invalid titles to the API could cause a DoS by querying the\n> entire \\`watchlist\\` table. T207603, CVE-2019-12471: Loading user\n> JavaScript from a non-existent account allows anyone to create the\n> account, and XSS the users\\' loading that script. T208881: blacklist\n> CSS var(). T199540, CVE-2019-12472: It is possible to bypass the\n> limits on IP range blocks (\\`\\$wgBlockCIDRLimit\\`) by using the API.\n> T212118, CVE-2019-12474: Privileged API responses that include whether\n> a recent change has been patrolled may be cached publicly. T209794,\n> CVE-2019-12467: A spammer can use Special:ChangeEmail to send out spam\n> with no rate limiting or ability to block them. T25227,\n> CVE-2019-12466: An account can be logged out without using a\n> token(CRRF) T222036, CVE-2019-12469: Exposed suppressed username or\n> log in Special:EditTags. T222038, CVE-2019-12470: Exposed suppressed\n> log in RevisionDelete page. T221739, CVE-2019-11358: Fix potential XSS\n> in jQuery.\n", "id": "FreeBSD-2019-0141", "modified": "2019-07-05T00:00:00Z", "published": "2019-07-05T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://lists.wikimedia.org/pipermail/mediawiki-announce/2019-June/000230.html" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-11358" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-12466" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-12467" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-12468" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-12469" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-12470" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-12471" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-12472" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-12473" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-12474" }, { "type": "WEB", "url": "https://lists.wikimedia.org/pipermail/mediawiki-announce/2019-June/000230.html" } ], "schema_version": "1.7.0", "summary": "mediawiki -- multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "ettercap" }, "ranges": [ { "events": [ { "fixed": "0.8.3,1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://github.com/Ettercap/ettercap/issues/782" ], "discovery": "2019-07-01T00:00:00Z", "references": { "cvename": [ "CVE-2017-6430" ] }, "vid": "b79ec16b-9da7-11e9-a0ea-a92fe7db4867" }, "details": "Ettercap GitHub issue:\n\n> Etterfilter results in an invalid read of 8 bytes when parsing a\n> crafted file.\n", "id": "FreeBSD-2019-0140", "modified": "2019-07-03T00:00:00Z", "published": "2019-07-03T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://github.com/Ettercap/ettercap/issues/782" }, { "type": "WEB", "url": "https://github.com/Ettercap/ettercap/issues/782" }, { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-6430" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-6430" } ], "schema_version": "1.7.0", "summary": "ettercap -- out-of-bound read vulnerability" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "gitlab-ce" }, "ranges": [ { "events": [ { "introduced": "12.0.0" }, { "fixed": "12.0.3" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "11.11.0" }, { "fixed": "11.11.5" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "8.3.0" }, { "fixed": "11.10.8" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://about.gitlab.com/2019/07/03/security-release-gitlab-12-dot-0-dot-3-released/" ], "discovery": "2019-07-03T00:00:00Z", "references": { "cvename": [ "CVE-2019-13001", "CVE-2019-13002", "CVE-2019-13003", "CVE-2019-13004", "CVE-2019-13005", "CVE-2019-13006", "CVE-2019-13007", "CVE-2019-13009", "CVE-2019-13010", "CVE-2019-13011", "CVE-2019-13121" ] }, "vid": "4ea507d1-9da8-11e9-a759-001b217b3468" }, "details": "Gitlab reports:\n\n> Ability to Write a Note to a Private Snippet\n>\n> Recent Pipeline Information Disclosed to Unauthorised Users\n>\n> Resource Exhaustion Attack\n>\n> Error Caused by Encoded Characters in Comments\n>\n> Authorization Issues in GraphQL\n>\n> Number of Merge Requests was Accessible\n>\n> Enabling One of the Service Templates Could Cause Resource Depletion\n>\n> Broken Access Control for the Content of Personal Snippets\n>\n> Decoding Color Codes Caused Resource Depletion\n>\n> Merge Request Template Name Disclosure\n>\n> SSRF Vulnerability in Project GitHub Integration\n", "id": "FreeBSD-2019-0139", "modified": "2019-07-03T00:00:00Z", "published": "2019-07-03T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://about.gitlab.com/2019/07/03/security-release-gitlab-12-dot-0-dot-3-released/" }, { "type": "WEB", "url": "https://about.gitlab.com/2019/07/03/security-release-gitlab-12-dot-0-dot-3-released/" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-13001" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-13002" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-13003" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-13004" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-13005" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-13006" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-13007" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-13009" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-13010" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-13011" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-13121" } ], "schema_version": "1.7.0", "summary": "Gitlab -- Multiple Vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "sdl2_image" }, "ranges": [ { "events": [ { "fixed": "2.0.5" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://www.libsdl.org/projects/SDL_image/" ], "discovery": "2019-07-02T00:00:00Z", "references": { "cvename": [ "CVE-2019-5051", "CVE-2019-5052", "CVE-2019-5057", "CVE-2019-5058", "CVE-2019-5059", "CVE-2019-5060" ] }, "vid": "3394bc2b-9da4-11e9-951e-14dae9d5a9d2" }, "details": "SDL_image developers report:\n\n> Fixed a number of security issues:\n>\n> - TALOS-2019-0820\n> - TALOS-2019-0821\n> - TALOS-2019-0841\n> - TALOS-2019-0842\n> - TALOS-2019-0843\n> - TALOS-2019-0844\n", "id": "FreeBSD-2019-0138", "modified": "2019-07-03T00:00:00Z", "published": "2019-07-03T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://www.libsdl.org/projects/SDL_image/" }, { "type": "WEB", "url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2019-0820" }, { "type": "WEB", "url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2019-0821" }, { "type": "WEB", "url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2019-0841" }, { "type": "WEB", "url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2019-0842" }, { "type": "WEB", "url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2019-0843" }, { "type": "WEB", "url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2019-0844" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-5051" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-5052" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-5057" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-5058" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-5059" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-5060" } ], "schema_version": "1.7.0", "summary": "SDL2_image -- multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "irssi" }, "ranges": [ { "events": [ { "fixed": "1.2.1,1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://irssi.org/security/irssi_sa_2019_06.txt" ], "discovery": "2019-06-29T00:00:00Z", "references": { "cvename": [ "CVE-2019-13045" ] }, "vid": "475f952c-9b29-11e9-a8a5-6805ca0b38e8" }, "details": "Irssi reports:\n\n> Use after free when sending SASL login to the server found by\n> ilbelkyr. (CWE-416, CWE-825)\n", "id": "FreeBSD-2019-0137", "modified": "2019-07-01T00:00:00Z", "published": "2019-07-01T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://irssi.org/security/irssi_sa_2019_06.txt" }, { "type": "WEB", "url": "https://irssi.org/security/irssi_sa_2019_06.txt" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-13045" } ], "schema_version": "1.7.0", "summary": "irssi -- Use after free when sending SASL login to the server" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "py27-django111" }, "ranges": [ { "events": [ { "fixed": "1.11.22" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "py35-django111" }, "ranges": [ { "events": [ { "fixed": "1.11.22" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "py36-django111" }, "ranges": [ { "events": [ { "fixed": "1.11.22" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "py37-django111" }, "ranges": [ { "events": [ { "fixed": "1.11.22" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "py35-django21" }, "ranges": [ { "events": [ { "fixed": "2.1.10" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "py36-django21" }, "ranges": [ { "events": [ { "fixed": "2.1.10" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "py37-django21" }, "ranges": [ { "events": [ { "fixed": "2.1.10" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "py35-django22" }, "ranges": [ { "events": [ { "fixed": "2.2.3" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "py36-django22" }, "ranges": [ { "events": [ { "fixed": "2.2.3" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "py37-django22" }, "ranges": [ { "events": [ { "fixed": "2.2.3" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://www.djangoproject.com/weblog/2019/jul/01/security-releases/" ], "discovery": "2019-07-01T00:00:00Z", "references": { "cvename": [ "CVE-2019-12781" ] }, "vid": "b805d7b4-9c0c-11e9-97f0-000c29e96db4" }, "details": "Django security releases issued:\n\n> When deployed behind a reverse-proxy connecting to Django via HTTPS,\n> django.http.HttpRequest.scheme would incorrectly detect client\n> requests made via HTTP as using HTTPS. This entails incorrect results\n> for is_secure(), and build_absolute_uri(), and that HTTP requests\n> would not be redirected to HTTPS in accordance with\n> SECURE_SSL_REDIRECT.\n", "id": "FreeBSD-2019-0136", "modified": "2019-07-01T00:00:00Z", "published": "2019-07-01T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://www.djangoproject.com/weblog/2019/jul/01/security-releases/" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-12781" }, { "type": "WEB", "url": "https://www.djangoproject.com/weblog/2019/jul/01/security-releases/" } ], "schema_version": "1.7.0", "summary": "Django -- Incorrect HTTP detection with reverse-proxy connecting via HTTPS" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "bzip2" }, "ranges": [ { "events": [ { "fixed": "1.0.7" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://gitlab.com/federicomenaquintero/bzip2/blob/master/NEWS" ], "discovery": "2019-06-23T00:00:00Z", "references": { "cvename": [ "CVE-2016-3189", "CVE-2019-12900" ] }, "vid": "4b6cb45d-881e-447a-a4e0-c97a954ea758" }, "details": "bzip2 developers reports:\n\n> CVE-2016-3189 - Fix use-after-free in bzip2recover (Jakub Martisko)\n>\n> CVE-2019-12900 - Detect out-of-range nSelectors in corrupted files\n> (Albert Astals Cid). Found through fuzzing karchive.\n", "id": "FreeBSD-2019-0135", "modified": "2019-06-30T00:00:00Z", "published": "2019-06-30T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://gitlab.com/federicomenaquintero/bzip2/blob/master/NEWS" }, { "type": "WEB", "url": "https://gitlab.com/federicomenaquintero/bzip2/blob/master/NEWS" }, { "type": "REPORT", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1319648" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2016-3189" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-12900" } ], "schema_version": "1.7.0", "summary": "bzip2 -- multiple issues" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "powerdns" }, "ranges": [ { "events": [ { "fixed": "4.1.10" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://doc.powerdns.com/authoritative/changelog/4.1.html#change-4.1.10" ], "discovery": "2019-06-21T00:00:00Z", "references": { "cvename": [ "CVE-2019-10162", "CVE-2019-10163" ] }, "vid": "1c21f6a3-9415-11e9-95ec-6805ca2fa271" }, "details": "PowerDNS Team reports:\n\n> CVE-2019-10162: An issue has been found in PowerDNS Authoritative\n> Server allowing an authorized user to cause the server to exit by\n> inserting a crafted record in a MASTER type zone under their control.\n> The issue is due to the fact that the Authoritative Server will exit\n> when it runs into a parsing error while looking up the NS/A/AAAA\n> records it is about to use for an outgoing notify.\n>\n> CVE-2019-10163: An issue has been found in PowerDNS Authoritative\n> Server allowing a remote, authorized master server to cause a high CPU\n> load or even prevent any further updates to any slave zone by sending\n> a large number of NOTIFY messages. Note that only servers configured\n> as slaves are affected by this issue.\n", "id": "FreeBSD-2019-0134", "modified": "2019-06-21T00:00:00Z", "published": "2019-06-21T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://doc.powerdns.com/authoritative/changelog/4.1.html#change-4.1.10" }, { "type": "WEB", "url": "https://doc.powerdns.com/authoritative/changelog/4.1.html#change-4.1.10" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-10162" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-10163" } ], "schema_version": "1.7.0", "summary": "powerdns -- multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "typo3-8-php71" }, "ranges": [ { "events": [ { "fixed": "8.7.27" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "typo3-8-php72" }, "ranges": [ { "events": [ { "fixed": "8.7.27" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "typo3-8-php73" }, "ranges": [ { "events": [ { "fixed": "8.7.27" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "typo3-9-php71" }, "ranges": [ { "events": [ { "fixed": "9.5.8" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "typo3-9-php72" }, "ranges": [ { "events": [ { "fixed": "9.5.8" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "typo3-9-php73" }, "ranges": [ { "events": [ { "fixed": "9.5.8" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://typo3.org/article/typo3-958-and-8727-security-releases-published/" ], "discovery": "2019-06-28T00:00:00Z", "references": { "cvename": [ "CVE-2019-10912", "CVE-2019-12747", "CVE-2019-12748" ] }, "vid": "5e35cfba-9994-11e9-b07f-df5abf8b84d6" }, "details": "TYPO3 news:\n\n> Please read the corresponding Security Advisories for details.\n", "id": "FreeBSD-2019-0133", "modified": "2019-06-28T00:00:00Z", "published": "2019-06-28T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://typo3.org/article/typo3-958-and-8727-security-releases-published/" }, { "type": "WEB", "url": "https://typo3.org/article/typo3-958-and-8727-security-releases-published/" }, { "type": "WEB", "url": "https://get.typo3.org/release-notes/8.7.27" }, { "type": "WEB", "url": "https://get.typo3.org/release-notes/9.5.8" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-10912" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-12747" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-12748" } ], "schema_version": "1.7.0", "summary": "TYPO3 -- multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "postgresql11-server" }, "ranges": [ { "events": [ { "fixed": "11.4" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "postgresql10-server" }, "ranges": [ { "events": [ { "fixed": "10.9" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://www.postgresql.org/about/news/1949/" ], "discovery": "2019-06-20T00:00:00Z", "references": { "cvename": [ "CVE-2019-10164" ] }, "vid": "245629d4-991e-11e9-82aa-6cc21735f730" }, "details": "The PostgreSQL project reports:\n\n> An authenticated user could create a stack-based buffer overflow by\n> changing their own password to a purpose-crafted value. In addition to\n> the ability to crash the PostgreSQL server, this could be further\n> exploited to execute arbitrary code as the PostgreSQL operating system\n> account.\n>\n> Additionally, a rogue server could send a specifically crafted message\n> during the SCRAM authentication process and cause a libpq-enabled\n> client to either crash or execute arbitrary code as the client\\'s\n> operating system account.\n>\n> This issue is fixed by upgrading and restarting your PostgreSQL server\n> as well as your libpq installations. All users running PostgreSQL 10,\n> 11, and 12 beta are encouraged to upgrade as soon as possible.\n", "id": "FreeBSD-2019-0132", "modified": "2019-06-27T00:00:00Z", "published": "2019-06-27T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://www.postgresql.org/about/news/1949/" }, { "type": "WEB", "url": "https://www.postgresql.org/about/news/1949/" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-10164" } ], "schema_version": "1.7.0", "summary": "PostgreSQL -- Stack-based buffer overflow via setting a password" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "znc" }, "ranges": [ { "events": [ { "fixed": "1.7.4" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12816" ], "discovery": "2019-06-13T00:00:00Z", "references": { "cvename": [ "CVE-2019-12816" ] }, "vid": "6f15730d-94ea-11e9-a83e-641c67a117d8" }, "details": "Mitre reports:\n\n> Modules.cpp in ZNC before 1.7.4-rc1 allows remote authenticated\n> non-admin users to escalate privileges and execute arbitrary code by\n> loading a module with a crafted name.\n", "id": "FreeBSD-2019-0131", "modified": "2019-06-22T00:00:00Z", "published": "2019-06-22T00:00:00Z", "references": [ { "type": "REPORT", "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12816" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-12816" }, { "type": "WEB", "url": "https://wiki.znc.in/ChangeLog/1.7.4" } ], "schema_version": "1.7.0", "summary": "znc -- privilege escalation" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "thunderbird" }, "ranges": [ { "events": [ { "fixed": "thunderbird-60.7.2" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://www.mozilla.org/en-US/security/advisories/mfsa2019-20/" ], "discovery": "2019-06-20T00:00:00Z", "references": { "cvename": [ "CVE-2019-11707", "CVE-2019-11708" ] }, "vid": "49beb00f-a6e1-4a42-93df-9cb14b4c2bee" }, "details": "Mozilla Foundation reports:\n\n> # CVE-2019-11707: Type confusion in Array.pop\n>\n> A type confusion vulnerability can occur when manipulating JavaScript\n> objects due to issues in Array.pop. This can allow for an exploitable\n> crash. We are aware of targeted attacks in the wild abusing this flaw.\n>\n> # CVE-2019-11708: sandbox escape using Prompt:Open\n>\n> Insufficient vetting of parameters passed with the Prompt:Open IPC\n> message between child and parent processes can result in the\n> non-sandboxed parent process opening web content chosen by a\n> compromised child process. When combined with additional\n> vulnerabilities this could result in executing arbitrary code on the\n> user\\'s computer.\n", "id": "FreeBSD-2019-0130", "modified": "2019-06-21T00:00:00Z", "published": "2019-06-21T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2019-20/" }, { "type": "WEB", "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2019-20/" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-11707" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-11708" } ], "schema_version": "1.7.0", "summary": "Mozilla -- multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "firefox" }, "ranges": [ { "events": [ { "fixed": "67.0.4,1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "waterfox" }, "ranges": [ { "events": [ { "fixed": "56.2.12" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "firefox-esr" }, "ranges": [ { "events": [ { "fixed": "60.7.2,1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://www.mozilla.org/en-US/security/advisories/mfsa2019-19/" ], "discovery": "2019-06-20T00:00:00Z", "references": { "cvename": [ "CVE-2019-11708" ] }, "vid": "39bc2294-ff32-4972-9ecb-b9f40b4ccb74" }, "details": "Mozilla Foundation reports:\n\n> # CVE-2019-11708: sandbox escape using Prompt:Open\n>\n> Insufficient vetting of parameters passed with the Prompt:Open IPC\n> message between child and parent processes can result in the\n> non-sandboxed parent process opening web content chosen by a\n> compromised child process. When combined with additional\n> vulnerabilities this could result in executing arbitrary code on the\n> user\\'s computer.\n", "id": "FreeBSD-2019-0129", "modified": "2019-07-09T00:00:00Z", "published": "2019-06-21T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2019-19/" }, { "type": "WEB", "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2019-19/" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-11708" } ], "schema_version": "1.7.0", "summary": "Mozilla -- multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "thunderbird" }, "ranges": [ { "events": [ { "fixed": "60.7.1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://www.mozilla.org/en-US/security/advisories/mfsa2019-17/" ], "discovery": "2019-06-13T00:00:00Z", "references": { "cvename": [ "CVE-2019-11703", "CVE-2019-11704", "CVE-2019-11705", "CVE-2019-11706" ] }, "vid": "98f1241f-8c09-4237-ad0d-67fb4158ea7a" }, "details": "Mozilla Foundation reports:\n\n> # CVE-2019-11703: Heap buffer overflow in icalparser.c\n>\n> A flaw in Thunderbird\\'s implementation of iCal causes a heap buffer\n> overflow in parser_get_next_char when processing certain email\n> messages, resulting in a potentially exploitable crash.\n>\n> # CVE-2019-11704: Heap buffer overflow in icalvalue.c\n>\n> A flaw in Thunderbird\\'s implementation of iCal causes a heap buffer\n> overflow in icalmemory_strdup_and_dequote when processing certain\n> email messages, resulting in a potentially exploitable crash.\n>\n> # CVE-2019-11705: Stack buffer overflow in icalrecur.c\n>\n> A flaw in Thunderbird\\'s implementation of iCal causes a stack buffer\n> overflow in icalrecur_add_bydayrules when processing certain email\n> messages, resulting in a potentially exploitable crash.\n>\n> # CVE-2019-11706: Type confusion in icalproperty.c\n>\n> A flaw in Thunderbird\\'s implementation of iCal causes a type\n> confusion in icaltimezone_get_vtimezone_properties when processing\n> certain email messages, resulting in a crash.\n", "id": "FreeBSD-2019-0128", "modified": "2019-06-21T00:00:00Z", "published": "2019-06-21T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2019-17/" }, { "type": "WEB", "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2019-17/" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-11703" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-11704" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-11705" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-11706" } ], "schema_version": "1.7.0", "summary": "Mozilla -- multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "vlc" }, "ranges": [ { "events": [ { "fixed": "3.0.7.1,4" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "http://git.videolan.org/?p=vlc.git;a=commit;h=81023659c7de5ac2637b4a879195efef50846102" ], "discovery": "2019-05-20T00:00:00Z", "references": { "cvename": [ "CVE-2019-12874" ] }, "vid": "5b218581-9372-11e9-8fc4-5404a68ad561" }, "details": "The VLC project reports:\n\n> mkv: Fix potential double free\n", "id": "FreeBSD-2019-0127", "modified": "2019-06-20T00:00:00Z", "published": "2019-06-20T00:00:00Z", "references": [ { "type": "REPORT", "url": "http://git.videolan.org/?p=vlc.git;a=commit;h=81023659c7de5ac2637b4a879195efef50846102" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-12874" }, { "type": "ADVISORY", "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12874" }, { "type": "WEB", "url": "http://git.videolan.org/?p=vlc.git;a=commit;h=81023659c7de5ac2637b4a879195efef50846102" } ], "schema_version": "1.7.0", "summary": "vlc -- Double free in Matroska demuxer" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "vlc" }, "ranges": [ { "events": [ { "fixed": "3.0.7,4" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://hackerone.com/reports/484398" ], "discovery": "2019-01-23T00:00:00Z", "references": { "cvename": [ "CVE-2019-5439" ] }, "vid": "f2144530-936f-11e9-8fc4-5404a68ad561" }, "details": "zhangyang reports:\n\n> The ReadFrame function in the avi.c file uses a variable\n> i_width_bytes, which is obtained directly from the file. It is a\n> signed integer. It does not do a strict check before the memory\n> operation(memmove, memcpy), which may cause a buffer overflow.\n", "id": "FreeBSD-2019-0126", "modified": "2019-06-20T00:00:00Z", "published": "2019-06-20T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://hackerone.com/reports/484398" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-5439" }, { "type": "ADVISORY", "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5439" }, { "type": "WEB", "url": "https://hackerone.com/reports/484398" } ], "schema_version": "1.7.0", "summary": "vlc -- Buffer overflow vulnerability" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "firefox" }, "ranges": [ { "events": [ { "fixed": "67.0.3,1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "waterfox" }, "ranges": [ { "events": [ { "fixed": "56.2.11" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "firefox-esr" }, "ranges": [ { "events": [ { "fixed": "60.7.1,1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://www.mozilla.org/en-US/security/advisories/mfsa2019-18/" ], "discovery": "2019-06-18T00:00:00Z", "references": { "cvename": [ "CVE-2019-11707" ] }, "vid": "0cea6e0a-7a39-4dac-b3ec-dbc13d404f76" }, "details": "Mozilla Foundation reports:\n\n> # CVE-2019-11707: Type confusion in Array.pop\n>\n> A type confusion vulnerability can occur when manipulating JavaScript\n> objects due to issues in Array.pop. This can allow for an exploitable\n> crash. We are aware of targeted attacks in the wild abusing this flaw.\n", "id": "FreeBSD-2019-0125", "modified": "2019-06-20T00:00:00Z", "published": "2019-06-19T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2019-18/" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-11707" }, { "type": "WEB", "url": "https://www.mozilla.org/security/advisories/mfsa2019-18/" } ], "schema_version": "1.7.0", "summary": "mozilla -- multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "netatalk3" }, "ranges": [ { "events": [ { "fixed": "3.1.12,1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://nvd.nist.gov/vuln/detail/CVE-2018-1160" ], "discovery": "2018-11-10T00:00:00Z", "vid": "9c9023ff-9057-11e9-b764-00505632d232" }, "details": "NIST reports:\n\n> Netatalk before 3.1.12 is vulnerable to an out of bounds write in\n> dsi_opensess.c. This is due to lack of bounds checking on attacker\n> controlled data. A remote unauthenticated attacker can leverage this\n> vulnerability to achieve arbitrary code execution.\n", "id": "FreeBSD-2019-0124", "modified": "2019-06-16T00:00:00Z", "published": "2019-06-16T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-1160" }, { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-1160" }, { "type": "WEB", "url": "https://medium.com/tenable-techblog/exploiting-an-18-year-old-bug-b47afe54172" } ], "schema_version": "1.7.0", "summary": "netatalk3 -- remote code execution vulnerability" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "GraphicsMagick" }, "ranges": [ { "events": [ { "fixed": "1.3.32,1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "http://www.graphicsmagick.org/NEWS.html" ], "discovery": "2019-06-15T00:00:00Z", "vid": "82c07dfa-9016-11e9-af2f-712c38aa3e4c" }, "details": "GraphicsMagick News:\n\n> Read \\\"Security Fixes:\\\" section for details.\n", "id": "FreeBSD-2019-0123", "modified": "2019-06-16T00:00:00Z", "published": "2019-06-16T00:00:00Z", "references": [ { "type": "REPORT", "url": "http://www.graphicsmagick.org/NEWS.html" }, { "type": "WEB", "url": "http://www.graphicsmagick.org/NEWS.html" } ], "schema_version": "1.7.0", "summary": "GraphicsMagick -- multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "chromium" }, "ranges": [ { "events": [ { "fixed": "75.0.3770.90" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://chromereleases.googleblog.com/2019/06/stable-channel-update-for-desktop_13.html" ], "discovery": "2019-05-09T00:00:00Z", "references": { "cvename": [ "CVE-2019-5842" ] }, "vid": "d4fc4599-8f75-11e9-8d9f-3065ec8fd3ec" }, "details": "Google Chrome Releases reports:\n\n> \\[961413\\] High CVE-2019-5842: Use-after-free in Blink. Reported by\n> BUGFENSE Anonymous Bug Bounties https://bugfense.io on 2019-05-09\n", "id": "FreeBSD-2019-0122", "modified": "2019-06-15T00:00:00Z", "published": "2019-06-15T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://chromereleases.googleblog.com/2019/06/stable-channel-update-for-desktop_13.html" }, { "type": "WEB", "url": "https://chromereleases.googleblog.com/2019/06/stable-channel-update-for-desktop_13.html" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-5842" } ], "schema_version": "1.7.0", "summary": "chromium -- use after free" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "phpMyAdmin" }, "ranges": [ { "events": [ { "fixed": "4.9.0" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "phpMyAdmin-php56" }, "ranges": [ { "events": [ { "fixed": "4.9.0" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "phpMyAdmin-php70" }, "ranges": [ { "events": [ { "fixed": "4.9.0" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "phpMyAdmin-php71" }, "ranges": [ { "events": [ { "fixed": "4.9.0" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "phpMyAdmin-php72" }, "ranges": [ { "events": [ { "fixed": "4.9.0" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://www.phpmyadmin.net/security/PMASA-2019-4/" ], "discovery": "2019-06-04T00:00:00Z", "references": { "cvename": [ "CVE-2019-12616" ] }, "vid": "a5681027-8e03-11e9-85f4-6805ca0b3d42" }, "details": "The phpMyAdmin development team reports:\n\n> ### Summary\n>\n> CSRF vulnerability in login form\n>\n> ### Description\n>\n> A vulnerability was found that allows an attacker to trigger a CSRF\n> attack against a phpMyAdmin user. The attacker can trick the user, for\n> instance through a broken `` tag pointing at the victim\\'s\n> phpMyAdmin database, and the attacker can potentially deliver a\n> payload (such as a specific INSERT or DELETE statement) through the\n> victim.\n>\n> ### Severity\n>\n> We consider this vulnerability to be severe.\n>\n> ### Mitigation factor\n>\n> Only the \\'cookie\\' auth_type is affected; users can temporary use\n> phpMyAdmin\\'s http authentication as a workaround.\n", "id": "FreeBSD-2019-0121", "modified": "2019-06-13T00:00:00Z", "published": "2019-06-13T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://www.phpmyadmin.net/security/PMASA-2019-4/" }, { "type": "WEB", "url": "https://www.phpmyadmin.net/security/PMASA-2019-4/" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-12616" } ], "schema_version": "1.7.0", "summary": "phpMyAdmin -- CSRF vulnerability in login form" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "vim" }, "ranges": [ { "events": [ { "fixed": "8.1.1365" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "vim-console" }, "ranges": [ { "events": [ { "fixed": "8.1.1365" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "vim-tiny" }, "ranges": [ { "events": [ { "fixed": "8.1.1365" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "neovim" }, "ranges": [ { "events": [ { "fixed": "0.3.6" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://nvd.nist.gov/vuln/detail/CVE-2019-12735" ], "discovery": "2019-05-22T00:00:00Z", "vid": "bbdb9713-8e09-11e9-87bc-002590acae31" }, "details": "Security releases for Vim/NeoVim:\n\n> Sandbox escape allows for arbitrary code execution.\n", "id": "FreeBSD-2019-0120", "modified": "2019-06-13T00:00:00Z", "published": "2019-06-13T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-12735" }, { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-12735" } ], "schema_version": "1.7.0", "summary": "Vim/NeoVim -- Security vulnerability" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "mybb" }, "ranges": [ { "events": [ { "fixed": "1.8.21" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://blog.mybb.com/2019/06/10/mybb-1-8-21-released-security-maintenance-release/" ], "discovery": "2019-06-10T00:00:00Z", "vid": "13960f55-8d35-11e9-9ba0-4c72b94353b5" }, "details": "mybb Team reports:\n\n> High risk: Theme import stylesheet name RCE\n>\n> High risk: Nested video MyCode persistent XSS\n>\n> Medium risk: Find Orphaned Attachments reflected XSS\n>\n> Medium risk: Post edit reflected XSS\n>\n> Medium risk: Private Messaging folders SQL injection\n>\n> Low risk: Potential phar deserialization through Upload Path\n", "id": "FreeBSD-2019-0119", "modified": "2019-06-12T00:00:00Z", "published": "2019-06-12T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://blog.mybb.com/2019/06/10/mybb-1-8-21-released-security-maintenance-release/" }, { "type": "WEB", "url": "https://blog.mybb.com/2019/06/10/mybb-1-8-21-released-security-maintenance-release/" } ], "schema_version": "1.7.0", "summary": "mybb -- vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "linux-flashplayer" }, "ranges": [ { "events": [ { "fixed": "32.0.0.207" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://helpx.adobe.com/security/products/flash-player/apsb19-30.html" ], "discovery": "2019-06-11T00:00:00Z", "references": { "cvename": [ "CVE-2019-7845" ] }, "vid": "ab099d2c-8c8c-11e9-8ba7-6451062f0f7a" }, "details": "Adobe reports:\n\n> - This update resolves a use-after-free vulnerability that could lead\n> to arbitrary code execution (CVE-2019-7845).\n", "id": "FreeBSD-2019-0118", "modified": "2019-06-11T00:00:00Z", "published": "2019-06-11T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://helpx.adobe.com/security/products/flash-player/apsb19-30.html" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-7845" }, { "type": "WEB", "url": "https://helpx.adobe.com/security/products/flash-player/apsb19-30.html" } ], "schema_version": "1.7.0", "summary": "Flash Player -- arbitrary code execution" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "drupal7" }, "ranges": [ { "events": [ { "fixed": "7.67" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "drupal8" }, "ranges": [ { "events": [ { "fixed": "8.7.1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://www.drupal.org/SA-CORE-2019-007" ], "discovery": "2019-05-08T00:00:00Z", "vid": "9b8a52fc-89c1-11e9-9ba0-4c72b94353b5" }, "details": "Drupal Security Team reports:\n\n> CVE-2019-11831: By-passing protection of Phar Stream Wrapper\n> Interceptor.\n>\n> In order to intercept file invocations like file_exists or stat on\n> compromised Phar archives the base name has to be determined and\n> checked before allowing to be handled by PHP Phar stream handling. The\n> current implementation is vulnerable to path traversal leading to\n> scenarios where the Phar archive to be assessed is not the actual\n> (compromised) file.\n", "id": "FreeBSD-2019-0117", "modified": "2019-06-08T00:00:00Z", "published": "2019-06-08T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://www.drupal.org/SA-CORE-2019-007" }, { "type": "WEB", "url": "https://www.drupal.org/SA-CORE-2019-007" } ], "schema_version": "1.7.0", "summary": "drupal -- Drupal core - Moderately critical" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "exim" }, "ranges": [ { "events": [ { "introduced": "4.87" }, { "fixed": "4.92" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://www.exim.org/static/doc/security/CVE-2019-10149.txt" ], "discovery": "2019-05-27T00:00:00Z", "references": { "cvename": [ "CVE-2019-10149" ] }, "vid": "45bea6b5-8855-11e9-8d41-97657151f8c2" }, "details": "Exim team and Qualys report:\n\n> We received a report of a possible remote exploit. Currently there is\n> no evidence of an active use of this exploit.\n>\n> A patch exists already, is being tested, and backported to all\n> versions we released since (and including) 4.87.\n>\n> The severity depends on your configuration. It depends on how close to\n> the standard configuration your Exim runtime configuration is. The\n> closer the better.\n>\n> Exim 4.92 is not vulnerable.\n", "id": "FreeBSD-2019-0116", "modified": "2019-06-06T00:00:00Z", "published": "2019-06-06T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://www.exim.org/static/doc/security/CVE-2019-10149.txt" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-10149" }, { "type": "WEB", "url": "https://www.exim.org/static/doc/security/CVE-2019-10149.txt" } ], "schema_version": "1.7.0", "summary": "Exim -- RCE in deliver_message() function" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "py27-django111" }, "ranges": [ { "events": [ { "fixed": "1.11.21" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "py35-django111" }, "ranges": [ { "events": [ { "fixed": "1.11.21" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "py36-django111" }, "ranges": [ { "events": [ { "fixed": "1.11.21" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "py37-django111" }, "ranges": [ { "events": [ { "fixed": "1.11.21" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "py35-django21" }, "ranges": [ { "events": [ { "fixed": "2.1.9" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "py36-django21" }, "ranges": [ { "events": [ { "fixed": "2.1.9" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "py37-django21" }, "ranges": [ { "events": [ { "fixed": "2.1.9" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "py35-django22" }, "ranges": [ { "events": [ { "fixed": "2.2.2" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "py36-django22" }, "ranges": [ { "events": [ { "fixed": "2.2.2" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "py37-django22" }, "ranges": [ { "events": [ { "fixed": "2.2.2" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://www.djangoproject.com/weblog/2019/jun/03/security-releases/" ], "discovery": "2019-06-03T00:00:00Z", "references": { "cvename": [ "CVE-2019-12308", "CVE-2019-11358" ] }, "vid": "ffc73e87-87f0-11e9-ad56-fcaa147e860e" }, "details": "Django security releases issued:\n\n> The clickable \\\"Current URL\\\" link generated by AdminURLFieldWidget\n> displayed the provided value without validating it as a safe URL.\n> Thus, an unvalidated value stored in the database, or a value provided\n> as a URL query parameter payload, could result in an clickable\n> JavaScript link..\n>\n> jQuery before 3.4.0, mishandles jQuery.extend(true, {}, \\...) because\n> of Object.prototype pollution. If an unsanitized source object\n> contained an enumerable \\_\\_proto\\_\\_ property, it could extend the\n> native Object.prototype.\n", "id": "FreeBSD-2019-0115", "modified": "2019-06-06T00:00:00Z", "published": "2019-06-06T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://www.djangoproject.com/weblog/2019/jun/03/security-releases/" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-12308" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-11358" }, { "type": "WEB", "url": "https://www.djangoproject.com/weblog/2019/jun/03/security-releases/" } ], "schema_version": "1.7.0", "summary": "Django -- AdminURLFieldWidget XSS" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "gitlab-ce" }, "ranges": [ { "events": [ { "introduced": "11.11.0" }, { "fixed": "11.11.1" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "11.10.0" }, { "fixed": "11.10.5" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "6.8.0" }, { "fixed": "11.9.12" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://about.gitlab.com/2019/06/03/security-release-gitlab-11-dot-11-dot-1-released/" ], "discovery": "2019-06-03T00:00:00Z", "references": { "cvename": [ "CVE-2019-12430", "CVE-2019-12432", "CVE-2019-12431", "CVE-2019-12434", "CVE-2019-12429", "CVE-2019-12428", "CVE-2019-12433", "CVE-2019-12443", "CVE-2019-12444", "CVE-2019-12445", "CVE-2019-12446", "CVE-2019-12441", "CVE-2019-12442" ] }, "vid": "4091069e-860b-11e9-a05f-001b217b3468" }, "details": "Gitlab reports:\n\n> Remote Command Execution Vulnerability on Repository Download Feature\n>\n> Confidential Issue Titles Revealed to Restricted Users on Unsubscribe\n>\n> Disclosure of Milestone Metadata through the Search API\n>\n> Private Project Discovery via Comment Links\n>\n> Metadata of Confidential Issues Disclosed to Restricted Users\n>\n> Mandatory External Authentication Provider Sign-In Restrictions Bypass\n>\n> Internal Projects Allowed to Be Created on in Private Groups\n>\n> Server-Side Request Forgery Through DNS Rebinding\n>\n> Stored Cross-Site Scripting on Wiki Pages\n>\n> Stored Cross-Site Scripting on Notes\n>\n> Repository Password Disclosed on Import Error Page\n>\n> Protected Branches Restriction Rules Bypass\n>\n> Stored Cross-Site Scripting Vulnerability on Child Epics\n", "id": "FreeBSD-2019-0114", "modified": "2019-06-03T00:00:00Z", "published": "2019-06-03T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://about.gitlab.com/2019/06/03/security-release-gitlab-11-dot-11-dot-1-released/" }, { "type": "WEB", "url": "https://about.gitlab.com/2019/06/03/security-release-gitlab-11-dot-11-dot-1-released/" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-12430" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-12432" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-12431" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-12434" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-12429" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-12428" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-12433" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-12443" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-12444" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-12445" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-12446" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-12441" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-12442" } ], "schema_version": "1.7.0", "summary": "Gitlab -- Multiple Vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "py27-buildbot" }, "ranges": [ { "events": [ { "fixed": "2.3.1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "py35-buildbot" }, "ranges": [ { "events": [ { "fixed": "2.3.1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "py36-buildbot" }, "ranges": [ { "events": [ { "fixed": "2.3.1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "py37-buildbot" }, "ranges": [ { "events": [ { "fixed": "2.3.1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://github.com/buildbot/buildbot/wiki/OAuth-vulnerability-in-using-submitted-authorization-token-for-authentication" ], "discovery": "2019-05-07T00:00:00Z", "references": { "cvename": [ "CVE-2019-12300" ] }, "vid": "ada8db8a-8471-11e9-8170-0050562a4d7b" }, "details": "> Buildbot accepted user-submitted authorization token from OAuth and\n> used it to authenticate user.\n>\n> The vulnerability can lead to malicious attackers to authenticate as\n> legitimate users of a Buildbot instance without knowledge of the\n> victim\\'s login credentials on certain scenarios.\n>\n> If an attacker has an application authorized to access data of another\n> user at the same Identity Provider as the used by the Buildbot\n> instance, then he can acquire a token to access the data of that user,\n> supply the token to the Buildbot instance and successfully login as\n> the victim.\n", "id": "FreeBSD-2019-0113", "modified": "2019-06-01T00:00:00Z", "published": "2019-06-01T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://github.com/buildbot/buildbot/wiki/OAuth-vulnerability-in-using-submitted-authorization-token-for-authentication" }, { "type": "WEB", "url": "https://github.com/buildbot/buildbot/wiki/OAuth-vulnerability-in-using-submitted-authorization-token-for-authentication" }, { "type": "WEB", "url": "https://github.com/buildbot/buildbot/pull/4763" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-12300" } ], "schema_version": "1.7.0", "summary": "buildbot -- OAuth Authentication Vulnerability" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "bro" }, "ranges": [ { "events": [ { "fixed": "2.6.2" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://raw.githubusercontent.com/zeek/zeek/bb979702cf9a2fa67b8d1a1c7f88d0b56c6af104/NEWS" ], "discovery": "2019-05-29T00:00:00Z", "references": { "cvename": [ "CVE-2017-12175" ] }, "vid": "177fa455-48fc-4ded-ba1b-9975caa7f62a" }, "details": "Jon Siwek of Corelight reports:\n\n> The following Denial of Service vulnerabilities are addressed:\n>\n> - Integer type mismatches in BinPAC-generated parser code and Bro\n> analyzer code may allow for crafted packet data to cause\n> unintentional code paths in the analysis logic to be taken due to\n> unsafe integer conversions causing the parser and analysis logic to\n> each expect different fields to have been parsed. One such example,\n> reported by Maksim Shudrak, causes the Kerberos analyzer to\n> dereference a null pointer. CVE-2019-12175 was assigned for this\n> issue.\n> - The Kerberos parser allows for several fields to be left\n> uninitialized, but they were not marked with an &optional attribute\n> and several usages lacked existence checks. Crafted packet data\n> could potentially cause an attempt to access such uninitialized\n> fields, generate a runtime error/exception, and leak memory.\n> Existence checks and &optional attributes have been added to the\n> relevent Kerberos fields.\n> - BinPAC-generated protocol parsers commonly contain fields whose\n> length is derived from other packet input, and for those that allow\n> for incremental parsing, BinPAC did not impose a limit on how large\n> such a field could grow, allowing for remotely-controlled packet\n> data to cause growth of BinPAC\\'s flowbuffer bounded only by the\n> numeric limit of an unsigned 64-bit integer, leading to memory\n> exhaustion. There is now a generalized limit for how large\n> flowbuffers are allowed to grow, tunable by setting\n> \\\"BinPAC::flowbuffer_capacity_max\\\".\n", "id": "FreeBSD-2019-0112", "modified": "2019-05-31T00:00:00Z", "published": "2019-05-31T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://raw.githubusercontent.com/zeek/zeek/bb979702cf9a2fa67b8d1a1c7f88d0b56c6af104/NEWS" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-12175" } ], "schema_version": "1.7.0", "summary": "bro -- Unsafe integer conversions can cause unintentional code paths to be executed" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "ImageMagick7" }, "ranges": [ { "events": [ { "fixed": "7.0.8.47" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "ImageMagick7-nox11" }, "ranges": [ { "events": [ { "fixed": "7.0.8.47" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "ImageMagick6" }, "ranges": [ { "events": [ { "fixed": "6.9.10.47,1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "ImageMagick6-nox11" }, "ranges": [ { "events": [ { "fixed": "6.9.10.47,1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://www.cvedetails.com/vulnerability-list/vendor_id-1749/Imagemagick.html" ], "discovery": "2019-03-07T00:00:00Z", "references": { "cvename": [ "CVE-2019-7175", "CVE-2019-7395", "CVE-2019-7396", "CVE-2019-7397", "CVE-2019-7398", "CVE-2019-9956", "CVE-2019-10131", "CVE-2019-10649", "CVE-2019-10650", "CVE-2019-10714", "CVE-2019-11470", "CVE-2019-11472", "CVE-2019-11597", "CVE-2019-11598" ] }, "vid": "183d700e-ec70-487e-a9c4-632324afa934" }, "details": "cvedetails.com reports:\n\n> CVE-2019-7175: In ImageMagick before 7.0.8-25, some memory leaks exist\n> in DecodeImage in coders/pcd.c.\n>\n> CVE-2019-7395: In ImageMagick before 7.0.8-25, a memory leak exists in\n> WritePSDChannel in coders/psd.c.\n>\n> CVE-2019-7396: In ImageMagick before 7.0.8-25, a memory leak exists in\n> ReadSIXELImage in coders/sixel.c.\n>\n> CVE-2019-7397: In ImageMagick before 7.0.8-25 and GraphicsMagick\n> through 1.3.31, several memory leaks exist in WritePDFImage in\n> coders/pdf.c.\n>\n> CVE-2019-7398: In ImageMagick before 7.0.8-25, a memory leak exists in\n> WriteDIBImage in coders/dib.c.\n>\n> CVE-2019-9956: In ImageMagick 7.0.8-35 Q16, there is a stack-based\n> buffer overflow in the function PopHexPixel of coders/ps.c, which\n> allows an attacker to cause a denial of service or code execution via\n> a crafted image file.\n>\n> CVE-2019-10131: An off-by-one read vulnerability was discovered in\n> ImageMagick before version 7.0.7-28 in the formatIPTCfromBuffer\n> function in coders/meta.c. A local attacker may use this flaw to read\n> beyond the end of the buffer or to crash the program.\n>\n> CVE-2019-10649: In ImageMagick 7.0.8-36 Q16, there is a memory leak in\n> the function SVGKeyValuePairs of coders/svg.c, which allows an\n> attacker to cause a denial of service via a crafted image file.\n>\n> CVE-2019-10650: In ImageMagick 7.0.8-36 Q16, there is a heap-based\n> buffer over-read in the function WriteTIFFImage of coders/tiff.c,\n> which allows an attacker to cause a denial of service or information\n> disclosure via a crafted image file.\n>\n> CVE-2019-10714: LocaleLowercase in MagickCore/locale.c in ImageMagick\n> before 7.0.8-32 allows out-of-bounds access, leading to a SIGSEGV.\n>\n> CVE-2019-11470: The cineon parsing component in ImageMagick 7.0.8-26\n> Q16 allows attackers to cause a denial-of-service (uncontrolled\n> resource consumption) by crafting a Cineon image with an incorrect\n> claimed image size. This occurs because ReadCINImage in coders/cin.c\n> lacks a check for insufficient image data in a file.\n>\n> CVE-2019-11472: ReadXWDImage in coders/xwd.c in the XWD image parsing\n> component of ImageMagick 7.0.8-41 Q16 allows attackers to cause a\n> denial-of-service (divide-by-zero error) by crafting an XWD image file\n> in which the header indicates neither LSB first nor MSB first.\n>\n> CVE-2019-11597: In ImageMagick 7.0.8-43 Q16, there is a heap-based\n> buffer over-read in the function WriteTIFFImage of coders/tiff.c,\n> which allows an attacker to cause a denial of service or possibly\n> information disclosure via a crafted image file.\n>\n> CVE-2019-11598: In ImageMagick 7.0.8-40 Q16, there is a heap-based\n> buffer over-read in the function WritePNMImage of coders/pnm.c, which\n> allows an attacker to cause a denial of service or possibly\n> information disclosure via a crafted image file. This is related to\n> SetGrayscaleImage in MagickCore/quantize.c.\n", "id": "FreeBSD-2019-0111", "modified": "2019-06-17T00:00:00Z", "published": "2019-05-30T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://www.cvedetails.com/vulnerability-list/vendor_id-1749/Imagemagick.html" }, { "type": "WEB", "url": "https://www.cvedetails.com/vulnerability-list/vendor_id-1749/Imagemagick.html" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-7175" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-7395" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-7396" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-7397" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-7398" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-9956" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-10131" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-10649" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-10650" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-10714" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-11470" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-11472" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-11597" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-11598" } ], "schema_version": "1.7.0", "summary": "ImageMagick -- multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "cyrus-imapd30" }, "ranges": [ { "events": [ { "introduced": "3.0.0" }, { "fixed": "3.0.10" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "cyrus-imapd25" }, "ranges": [ { "events": [ { "introduced": "2.5.0" }, { "fixed": "2.5.13" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://www.cyrusimap.org/imap/download/release-notes/3.0/x/3.0.10.html" ], "discovery": "2019-04-19T00:00:00Z", "references": { "cvename": [ "CVE-2019-11356" ] }, "vid": "10fd731c-8088-11e9-b6ae-001871ec5271" }, "details": "Cyrus IMAP 3.0.10 Release Notes states:\n\n> Fixed CVE-2019-11356: buffer overrun in httpd\n", "id": "FreeBSD-2019-0110", "modified": "2019-05-27T00:00:00Z", "published": "2019-05-27T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://www.cyrusimap.org/imap/download/release-notes/3.0/x/3.0.10.html" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-11356" }, { "type": "ADVISORY", "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11356" } ], "schema_version": "1.7.0", "summary": "cyrus-imapd -- buffer overrun in httpd" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "serendipity" }, "ranges": [ { "events": [ { "fixed": "2.1.5" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11870" ], "discovery": "2019-05-01T00:00:00Z", "references": { "cvename": [ "CVE-2019-11870" ] }, "vid": "3ba87032-7fbd-11e9-8a5f-c85b76ce9b5a" }, "details": "MITRE:\n\n> Serendipity before 2.1.5 has XSS via EXIF data that is mishandled in\n> the templates/2k11/admin/media_choose.tpl Editor Preview feature or\n> the templates/2k11/admin/media_items.tpl Media Library feature.\n", "id": "FreeBSD-2019-0109", "modified": "2019-05-26T00:00:00Z", "published": "2019-05-26T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11870" }, { "type": "WEB", "url": "https://blog.s9y.org/archives/282-Serendipity-2.1.5-released.html" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-11870" } ], "schema_version": "1.7.0", "summary": "serendipity -- XSS" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "sqlite3" }, "ranges": [ { "events": [ { "introduced": "3.26.0" }, { "last_affected": "3.26.0" }, { "fixed": "3.26.0" } ], "type": "ECOSYSTEM" } ], "versions": [ "3.26.0" ] } ], "database_specific": { "cite": [ "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5018" ], "discovery": "2019-05-09T00:00:00Z", "references": { "cvename": [ "CVE-2019-5018" ] }, "vid": "36b905ad-7fbb-11e9-8a5f-c85b76ce9b5a" }, "details": "MITRE reports:\n\n> An exploitable use after free vulnerability exists in the window\n> function functionality of Sqlite3 3.26.0. A specially crafted SQL\n> command can cause a use after free vulnerability, potentially\n> resulting in remote code execution. An attacker can send a malicious\n> SQL command to trigger this vulnerability.\n", "id": "FreeBSD-2019-0108", "modified": "2019-05-26T00:00:00Z", "published": "2019-05-26T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5018" }, { "type": "WEB", "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2019-0777" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-5018" } ], "schema_version": "1.7.0", "summary": "sqlite3 -- use after free" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "suricata" }, "ranges": [ { "events": [ { "fixed": "4.1.4" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10053" ], "discovery": "2019-03-15T00:00:00Z", "references": { "cvename": [ "CVE-2019-10053" ] }, "vid": "3b903bf3-7f94-11e9-8a5f-c85b76ce9b5a" }, "details": "Mitre reports:\n\n> An issue was discovered in Suricata 4.1.x before 4.1.4. If the input\n> of the function SSHParseBanner is composed only of a \\\\n character,\n> then the program runs into a heap-based buffer over-read. This occurs\n> because the erroneous search for \\\\r results in an integer underflow.\n", "id": "FreeBSD-2019-0107", "modified": "2019-05-26T00:00:00Z", "published": "2019-05-26T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10053" }, { "type": "WEB", "url": "https://suricata-ids.org/2019/04/30/suricata-4-1-4-released/" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-10053" } ], "schema_version": "1.7.0", "summary": "suricata -- buffer over-read" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "curl" }, "ranges": [ { "events": [ { "introduced": "7.19.4" }, { "fixed": "7.65.0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://curl.haxx.se/docs/security.html" ], "discovery": "2019-05-22T00:00:00Z", "references": { "cvename": [ "CVE-2019-5435", "CVE-2019-5436" ] }, "vid": "dd343a2b-7ee7-11e9-a290-8ddc52868fa9" }, "details": "curl security problems:\n\n> CVE-2019-5435: Integer overflows in curl_url_set()\n>\n> libcurl contains two integer overflows in the curl_url_set() function\n> that if triggered, can lead to a too small buffer allocation and a\n> subsequent heap buffer overflow.\n>\n> The flaws only exist on 32 bit architectures and require excessive\n> string input lengths.\n>\n> CVE-2019-5436: TFTP receive buffer overflow\n>\n> libcurl contains a heap buffer overflow in the function\n> (tftp_receive_packet()) that recevives data from a TFTP server. It\n> calls recvfrom() with the default size for the buffer rather than with\n> the size that was used to allocate it. Thus, the content that might\n> overwrite the heap memory is entirely controlled by the server.\n>\n> The flaw exists if the user selects to use a \\\"blksize\\\" of 504 or\n> smaller (default is 512). The smaller size that is used, the larger\n> the possible overflow becomes.\n>\n> Users chosing a smaller size than default should be rare as the\n> primary use case for changing the size is to make it larger.\n>\n> It is rare for users to use TFTP across the Internet. It is most\n> commonly used within local networks.\n", "id": "FreeBSD-2019-0106", "modified": "2019-05-26T00:00:00Z", "published": "2019-05-25T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://curl.haxx.se/docs/security.html" }, { "type": "WEB", "url": "https://curl.haxx.se/docs/security.html" }, { "type": "WEB", "url": "https://curl.haxx.se/docs/CVE-2019-5435.html" }, { "type": "WEB", "url": "https://curl.haxx.se/docs/CVE-2019-5436.html" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-5435" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-5436" } ], "schema_version": "1.7.0", "summary": "curl -- multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "ocaml" }, "ranges": [ { "events": [ { "fixed": "4.03.0" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "INSERT URL HERE" ], "discovery": "2016-06-13T00:00:00Z", "references": { "cvename": [ "CVE-2015-8869" ] }, "vid": "8d2af843-7d8e-11e9-8464-c85b76ce9b5a" }, "details": "MITRE reports:\n\n> OCaml before 4.03.0 does not properly handle sign extensions, which\n> allows remote attackers to conduct buffer overflow attacks or obtain\n> sensitive information as demonstrated by a long string to the\n> String.copy function.\n", "id": "FreeBSD-2019-0105", "modified": "2019-05-26T00:00:00Z", "published": "2019-05-23T00:00:00Z", "references": [ { "type": "REPORT", "url": "INSERT URL HERE" }, { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-8869" }, { "type": "WEB", "url": "https://github.com/ocaml/ocaml/commit/659615c7b100a89eafe6253e7a5b9d84d0e8df74#diff-a97df53e3ebc59bb457191b496c90762" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2015-8869" } ], "schema_version": "1.7.0", "summary": "OCaml -- Multiple Security Vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "firefox" }, "ranges": [ { "events": [ { "fixed": "67.0,1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "waterfox" }, "ranges": [ { "events": [ { "fixed": "56.2.10" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "seamonkey" }, "ranges": [ { "events": [ { "fixed": "2.53.0" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "linux-seamonkey" }, "ranges": [ { "events": [ { "fixed": "2.53.0" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "firefox-esr" }, "ranges": [ { "events": [ { "fixed": "60.7.0,1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "linux-firefox" }, "ranges": [ { "events": [ { "fixed": "60.7.0,2" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "libxul" }, "ranges": [ { "events": [ { "fixed": "60.7.0" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "thunderbird" }, "ranges": [ { "events": [ { "fixed": "60.7.0" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "linux-thunderbird" }, "ranges": [ { "events": [ { "fixed": "60.7.0" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://www.mozilla.org/en-US/security/advisories/mfsa2019-13/" ], "discovery": "2019-05-21T00:00:00Z", "references": { "cvename": [ "CVE-2019-9815", "CVE-2019-9816", "CVE-2019-9817", "CVE-2019-9818", "CVE-2019-9819", "CVE-2019-9820", "CVE-2019-9821", "CVE-2019-11691", "CVE-2019-11692", "CVE-2019-11693", "CVE-2019-7317", "CVE-2019-11694", "CVE-2019-11695", "CVE-2019-11696", "CVE-2019-11697", "CVE-2019-11698", "CVE-2019-11700", "CVE-2019-11699", "CVE-2019-11701", "CVE-2019-9814", "CVE-2019-9800" ] }, "vid": "44b6dfbf-4ef7-4d52-ad52-2b1b05d81272" }, "details": "Mozilla Foundation reports:\n\n> CVE-2019-9815: Disable hyperthreading on content JavaScript threads on\n> macOS\n>\n> CVE-2019-9816: Type confusion with object groups and UnboxedObjects\n>\n> CVE-2019-9817: Stealing of cross-domain images using canvas\n>\n> CVE-2019-9818: Use-after-free in crash generation server\n>\n> CVE-2019-9819: Compartment mismatch with fetch API\n>\n> CVE-2019-9820: Use-after-free of ChromeEventHandler by DocShell\n>\n> CVE-2019-9821: Use-after-free in AssertWorkerThread\n>\n> CVE-2019-11691: Use-after-free in XMLHttpRequest\n>\n> CVE-2019-11692: Use-after-free removing listeners in the event\n> listener manager\n>\n> CVE-2019-11693: Buffer overflow in WebGL bufferdata on Linux\n>\n> CVE-2019-7317: Use-after-free in png_image_free of libpng library\n>\n> CVE-2019-11694: Uninitialized memory memory leakage in Windows sandbox\n>\n> CVE-2019-11695: Custom cursor can render over user interface outside\n> of web content\n>\n> CVE-2019-11696: Java web start .JNLP files are not recognized as\n> executable files for download prompts\n>\n> CVE-2019-11697: Pressing key combinations can bypass installation\n> prompt delays and install extensions\n>\n> CVE-2019-11698: Theft of user history data through drag and drop of\n> hyperlinks to and from bookmarks\n>\n> CVE-2019-11700: res: protocol can be used to open known local files\n>\n> CVE-2019-11699: Incorrect domain name highlighting during page\n> navigation\n>\n> CVE-2019-11701: webcal: protocol default handler loads vulnerable web\n> page\n>\n> CVE-2019-9814: Memory safety bugs fixed in Firefox 67\n>\n> CVE-2019-9800: Memory safety bugs fixed in Firefox 67 and Firefox ESR\n> 60.7\n", "id": "FreeBSD-2019-0104", "modified": "2019-07-23T00:00:00Z", "published": "2019-05-22T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2019-13/" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-9815" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-9816" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-9817" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-9818" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-9819" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-9820" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-9821" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-11691" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-11692" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-11693" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-7317" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-11694" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-11695" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-11696" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-11697" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-11698" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-11700" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-11699" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-11701" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-9814" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-9800" }, { "type": "WEB", "url": "https://www.mozilla.org/security/advisories/mfsa2019-13/" }, { "type": "WEB", "url": "https://www.mozilla.org/security/advisories/mfsa2019-14/" }, { "type": "WEB", "url": "https://www.mozilla.org/security/advisories/mfsa2019-15/" } ], "schema_version": "1.7.0", "summary": "mozilla -- multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "samba46" }, "ranges": [ { "events": [ { "last_affected": "4.6.16" }, { "fixed": "4.6.16" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "samba47" }, "ranges": [ { "events": [ { "last_affected": "4.7.12" }, { "fixed": "4.7.12" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "samba48" }, "ranges": [ { "events": [ { "fixed": "4.8.12" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "samba49" }, "ranges": [ { "events": [ { "fixed": "4.9.8" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "samba410" }, "ranges": [ { "events": [ { "fixed": "4.10.3" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://www.samba.org/samba/security/CVE-2018-16860.html", "https://www.samba.org/samba/security/CVE-2019-3880.html" ], "discovery": "2019-05-14T00:00:00Z", "references": { "cvename": [ "CVE-2018-16860", "CVE-2019-3880" ] }, "vid": "793a0072-7822-11e9-81e2-005056a311d1" }, "details": "The samba project reports:\n\n> The checksum validation in the S4U2Self handler in the embedded\n> Heimdal KDC did not first confirm that the checksum was keyed,\n> allowing replacement of the requested target (client) principal\n\n> Authenticated users with write permission can trigger a symlink\n> traversal to write or detect files outside the Samba share.\n", "id": "FreeBSD-2019-0103", "modified": "2019-05-14T00:00:00Z", "published": "2019-05-14T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://www.samba.org/samba/security/CVE-2018-16860.html" }, { "type": "REPORT", "url": "https://www.samba.org/samba/security/CVE-2019-3880.html" }, { "type": "WEB", "url": "https://www.samba.org/samba/security/CVE-2018-16860.html" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-16860" }, { "type": "WEB", "url": "https://www.samba.org/samba/security/CVE-2019-3880.html" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-3880" } ], "schema_version": "1.7.0", "summary": "samba -- multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "rust" }, "ranges": [ { "events": [ { "introduced": "1.34.0" }, { "fixed": "1.34.2" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12083" ], "discovery": "2019-05-09T00:00:00Z", "references": { "cvename": [ "CVE-2019-12083" ] }, "vid": "37528379-76a8-11e9-a4fd-00012e582166" }, "details": "Sean McArthur reports:\n\n> The Rust Programming Language Standard Library 1.34.x before 1.34.2\n> contains a stabilized method which, if overridden, can violate Rust\\'s\n> safety guarantees and cause memory unsafety. If the Error::type_id\n> method is overridden then any type can be safely cast to any other\n> type, causing memory safety vulnerabilities in safe code (e.g.,\n> out-of-bounds write or read). Code that does not manually implement\n> Error::type_id is unaffected.\n", "id": "FreeBSD-2019-0102", "modified": "2019-05-15T00:00:00Z", "published": "2019-05-15T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12083" }, { "type": "WEB", "url": "https://blog.rust-lang.org/2019/05/13/Security-advisory.html" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-12083" } ], "schema_version": "1.7.0", "summary": "Rust -- violation of Rust's safety guarantees" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "linux-flashplayer" }, "ranges": [ { "events": [ { "fixed": "32.0.0.192" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://helpx.adobe.com/security/products/flash-player/apsb19-26.html" ], "discovery": "2019-05-14T00:00:00Z", "references": { "cvename": [ "CVE-2019-7837" ] }, "vid": "a99923a9-768c-11e9-885a-6451062f0f7a" }, "details": "Adobe reports:\n\n> - This update resolves a use-after-free vulnerability that could lead\n> to arbitrary code execution (CVE-2019-7837).\n", "id": "FreeBSD-2019-0101", "modified": "2019-05-14T00:00:00Z", "published": "2019-05-14T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://helpx.adobe.com/security/products/flash-player/apsb19-26.html" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-7837" }, { "type": "WEB", "url": "https://helpx.adobe.com/security/products/flash-player/apsb19-26.html" } ], "schema_version": "1.7.0", "summary": "Flash Player -- arbitrary code execution" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "php71-exif" }, "ranges": [ { "events": [ { "fixed": "7.1.28" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "php72-exif" }, "ranges": [ { "events": [ { "fixed": "7.2.17" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "php73-exif" }, "ranges": [ { "events": [ { "fixed": "7.3.4" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://www.php.net/ChangeLog-7.php" ], "discovery": "2019-04-04T00:00:00Z", "references": { "cvename": [ "CVE-2019-11034", "CVE-2019-11035" ] }, "vid": "c2d1693b-73cb-11e9-a1c7-b499baebfeaf" }, "details": "The PHP project reports:\n\n> Heap-buffer-overflow in php_ifd_get32s (CVE-2019-11034)\n>\n> Heap-buffer-overflow in exif_iif_add_value (CVE-2019-11035)\n", "id": "FreeBSD-2019-0100", "modified": "2019-05-11T00:00:00Z", "published": "2019-05-11T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://www.php.net/ChangeLog-7.php" }, { "type": "WEB", "url": "https://www.php.net/ChangeLog-7.php" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-11034" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-11035" } ], "schema_version": "1.7.0", "summary": "PHP -- Multiple vulnerabilities in EXIF module" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "postgresql11-server" }, "ranges": [ { "events": [ { "fixed": "11.3" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "postgresql10-server" }, "ranges": [ { "events": [ { "fixed": "10.8" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "postgresql96-server" }, "ranges": [ { "events": [ { "fixed": "9.6.13" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "postgresql95-server" }, "ranges": [ { "events": [ { "fixed": "9.5.17" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://www.postgresql.org/about/news/1939/" ], "discovery": "2019-05-09T00:00:00Z", "references": { "cvename": [ "CVE-2019-10130" ] }, "vid": "065890c3-725e-11e9-b0e1-6cc21735f730" }, "details": "The PostgreSQL project reports:\n\n> PostgreSQL maintains statistics for tables by sampling data available\n> in columns; this data is consulted during the query planning process.\n> Prior to this release, a user able to execute SQL queries with\n> permissions to read a given column could craft a leaky operator that\n> could read whatever data had been sampled from that column. If this\n> happened to include values from rows that the user is forbidden to see\n> by a row security policy, the user could effectively bypass the\n> policy. This is fixed by only allowing a non-leakproof operator to use\n> this data if there are no relevant row security policies for the\n> table.\n", "id": "FreeBSD-2019-0099", "modified": "2019-05-09T00:00:00Z", "published": "2019-05-09T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://www.postgresql.org/about/news/1939/" }, { "type": "WEB", "url": "https://www.postgresql.org/about/news/1939/" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-10130" } ], "schema_version": "1.7.0", "summary": "PostgreSQL -- Selectivity estimators bypass row security policies" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "postgresql11-server" }, "ranges": [ { "events": [ { "fixed": "11.3" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://www.postgresql.org/about/news/1939/" ], "discovery": "2019-05-09T00:00:00Z", "references": { "cvename": [ "CVE-2019-10129" ] }, "vid": "e66a5440-7258-11e9-b0e1-6cc21735f730" }, "details": "The PostgreSQL project reports:\n\n> Prior to this release, a user running PostgreSQL 11 can read arbitrary\n> bytes of server memory by executing a purpose-crafted INSERT statement\n> to a partitioned table.\n", "id": "FreeBSD-2019-0098", "modified": "2019-05-09T00:00:00Z", "published": "2019-05-09T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://www.postgresql.org/about/news/1939/" }, { "type": "WEB", "url": "https://www.postgresql.org/about/news/1939/" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-10129" } ], "schema_version": "1.7.0", "summary": "PostgreSQL -- Memory disclosure in partition routing" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "gitea" }, "ranges": [ { "events": [ { "fixed": "1.8.0" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://blog.gitea.io/2019/04/gitea-1.8.0-is-released" ], "discovery": "2019-04-21T00:00:00Z", "vid": "a1de4ae9-6fda-11e9-9ba0-4c72b94353b5" }, "details": "Gitea Team reports:\n\n> This release contains two new security fixes which cannot be\n> backported to the 1.7.0 branch, so it is recommended to update to this\n> version.\n", "id": "FreeBSD-2019-0097", "modified": "2019-05-06T00:00:00Z", "published": "2019-05-06T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://blog.gitea.io/2019/04/gitea-1.8.0-is-released" }, { "type": "WEB", "url": "https://blog.gitea.io/2019/04/gitea-1.8.0-is-released/" } ], "schema_version": "1.7.0", "summary": "gitea -- multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "hylafax" }, "ranges": [ { "events": [ { "fixed": "6.0.7" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "ftp://ftp.hylafax.org/security/CVE-2018-17141.html" ], "discovery": "2018-08-24T00:00:00Z", "references": { "cvename": [ "CVE-2018-17141" ] }, "vid": "3df5a920-6edc-11e9-a44b-0050562a4d7b" }, "details": "> A malicious sender that sets both JPEG and MH,MR,MMR or JBIG in the\n> same DCS signal or sends a large JPEG page could lead to remote code\n> execution.\n", "id": "FreeBSD-2019-0096", "modified": "2019-05-05T00:00:00Z", "published": "2019-05-05T00:00:00Z", "references": [ { "type": "REPORT", "url": "ftp://ftp.hylafax.org/security/CVE-2018-17141.html" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-17141" }, { "type": "WEB", "url": "ftp://ftp.hylafax.org/security/CVE-2018-17141.html" }, { "type": "WEB", "url": "https://www.x41-dsec.de/lab/advisories/x41-2018-008-hylafax/" }, { "type": "WEB", "url": "http://bugs.hylafax.org/show_bug.cgi?id=974" }, { "type": "WEB", "url": "http://git.hylafax.org/HylaFAX?a=commit;h=c6cac8d8cd0dbe313689ba77023e12bc5b3027be" } ], "schema_version": "1.7.0", "summary": "comms/hylafax -- Malformed fax sender remote code execution in JPEG support" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "gitlab-ce" }, "ranges": [ { "events": [ { "introduced": "11.10.0" }, { "fixed": "11.10.3" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "11.9.0" }, { "fixed": "11.9.11" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "11.8.0" }, { "fixed": "11.8.10" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://about.gitlab.com/2019/04/30/security-release-gitlab-11-dot-10-dot-3-released/" ], "discovery": "2019-04-30T00:00:00Z", "references": { "cvename": [ "CVE-2019-11605" ] }, "vid": "4faac805-6be0-11e9-a685-001b217b3468" }, "details": "Gitlab reports:\n\n> Information Disclosure with Limited Scope Token\n", "id": "FreeBSD-2019-0095", "modified": "2019-05-01T00:00:00Z", "published": "2019-05-01T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://about.gitlab.com/2019/04/30/security-release-gitlab-11-dot-10-dot-3-released/" }, { "type": "WEB", "url": "https://about.gitlab.com/2019/04/30/security-release-gitlab-11-dot-10-dot-3-released/" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-11605" } ], "schema_version": "1.7.0", "summary": "Gitlab -- Information Disclosure" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "dovecot" }, "ranges": [ { "events": [ { "introduced": "2.3.0" }, { "fixed": "2.3.6" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://dovecot.org/list/dovecot-news/2019-April/000409.html", "https://dovecot.org/list/dovecot-news/2019-April/000410.html" ], "discovery": "2019-03-11T00:00:00Z", "references": { "cvename": [ "CVE-2019-11494", "CVE-2019-11499" ] }, "vid": "3f98ccb3-6b8a-11e9-9b5c-a4badb296695" }, "details": "Aki Tuomi reports:\n\n> Submission-login crashes with signal 11 due to null pointer access\n> when authentication is aborted by disconnecting. This can lead to\n> denial-of-service attack by persistent attacker(s).\n\nAki Tuomi reports:\n\n> Submission-login crashes when authentication is started over TLS\n> secured channel and invalid authentication message is sent. This can\n> lead to denial-of-service attack by persistent attacker(s).\n", "id": "FreeBSD-2019-0094", "modified": "2019-04-30T00:00:00Z", "published": "2019-04-30T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://dovecot.org/list/dovecot-news/2019-April/000409.html" }, { "type": "REPORT", "url": "https://dovecot.org/list/dovecot-news/2019-April/000410.html" }, { "type": "WEB", "url": "https://dovecot.org/list/dovecot-news/2019-April/000409.html" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-11494" }, { "type": "WEB", "url": "https://dovecot.org/list/dovecot-news/2019-April/000410.html" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-11499" } ], "schema_version": "1.7.0", "summary": "Dovecot -- Multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "gitlab-ce" }, "ranges": [ { "events": [ { "introduced": "11.10.0" }, { "fixed": "11.10.2" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "11.9.0" }, { "fixed": "11.9.10" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "6.0.0" }, { "fixed": "11.8.9" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://about.gitlab.com/2019/04/29/security-release-gitlab-11-dot-10-dot-2-released/" ], "discovery": "2019-04-29T00:00:00Z", "references": { "cvename": [ "CVE-2019-11545", "CVE-2019-11544", "CVE-2019-11548", "CVE-2019-11546", "CVE-2019-11547", "CVE-2019-11549" ] }, "vid": "1138b39e-6abb-11e9-a685-001b217b3468" }, "details": "Gitlab reports:\n\n> Moving an Issue to Private Repo Leaks Project Namespace\n>\n> Notification Emails Sent to Restricted Users\n>\n> Unauthorized Comments on Confidential Issues\n>\n> Merge Request Approval Count Inflation\n>\n> Unsanitized Branch Names on New Merge Request Notification Emails\n>\n> Improper Sanitation of Credentials in Gitaly\n", "id": "FreeBSD-2019-0093", "modified": "2019-04-29T00:00:00Z", "published": "2019-04-29T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://about.gitlab.com/2019/04/29/security-release-gitlab-11-dot-10-dot-2-released/" }, { "type": "WEB", "url": "https://about.gitlab.com/2019/04/29/security-release-gitlab-11-dot-10-dot-2-released/" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-11545" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-11544" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-11548" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-11546" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-11547" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-11549" } ], "schema_version": "1.7.0", "summary": "Gitlab -- Multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "py27-buildbot" }, "ranges": [ { "events": [ { "fixed": "1.8.0" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "py35-buildbot" }, "ranges": [ { "events": [ { "fixed": "1.8.0" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "py36-buildbot" }, "ranges": [ { "events": [ { "fixed": "1.8.0" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "py37-buildbot" }, "ranges": [ { "events": [ { "fixed": "1.8.0" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://github.com/buildbot/buildbot/wiki/CRLF-injection-in-Buildbot-login-and-logout-redirect-code" ], "discovery": "2019-01-29T00:00:00Z", "references": { "cvename": [ "CVE-2019-7313" ] }, "vid": "5536ea5f-6814-11e9-a8f7-0050562a4d7b" }, "details": "> A CRLF can be injected in Location header of /auth/login and\n> /auth/logout This is due to lack of input validation in the buildbot\n> redirection code.\n>\n> It was not found a way to impact Buildbot product own security through\n> this vulnerability, but it could be used to compromise other sites\n> hosted on the same domain as Buildbot. - cookie injection a master\n> domain (ie if your buildbot is on buildbot.buildbot.net, one can\n> inject a cookie on \\*.buildbot.net, which could impact another website\n> hosted in your domain) - HTTP response splitting and cache poisoning\n> (browser or proxy) are also typical impact of this vulnerability\n> class, but might be impractical to exploit.\n", "id": "FreeBSD-2019-0092", "modified": "2019-04-26T00:00:00Z", "published": "2019-04-26T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://github.com/buildbot/buildbot/wiki/CRLF-injection-in-Buildbot-login-and-logout-redirect-code" }, { "type": "WEB", "url": "https://github.com/buildbot/buildbot/wiki/CRLF-injection-in-Buildbot-login-and-logout-redirect-code" }, { "type": "ADVISORY", "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7313" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-7313" } ], "schema_version": "1.7.0", "summary": "buildbot -- CRLF injection in Buildbot login and logout redirect code" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "drupal7" }, "ranges": [ { "events": [ { "fixed": "7.66" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "drupal8" }, "ranges": [ { "events": [ { "fixed": "8.6.15" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://www.drupal.org/SA-CORE-2019-005", "https://www.drupal.org/sa-core-2019-006" ], "discovery": "2019-04-17T00:00:00Z", "vid": "2bad8b5d-66fb-11e9-9815-78acc0a3b880" }, "details": "Drupal Security Team reports:\n\n> CVE-2019-10909: Escape validation messages in the PHP templating\n> engine.\n>\n> CVE-2019-10910: Check service IDs are valid.\n>\n> CVE-2019-10911: Add a separator in the remember me cookie hash.\n\n> jQuery 3.4.0 includes a fix for some unintended behavior when using\n> jQuery.extend(true, {}, \\...). If an unsanitized source object\n> contained an enumerable \\_\\_proto\\_\\_ property, it could extend the\n> native Object.prototype. This fix is included in jQuery 3.4.0, but\n> patch diffs exist to patch previous jQuery versions.\n>\n> It\\'s possible that this vulnerability is exploitable with some Drupal\n> modules. As a precaution, this Drupal security release backports the\n> fix to jQuery.extend(), without making any other changes to the jQuery\n> version that is included in Drupal core (3.2.1 for Drupal 8 and 1.4.4\n> for Drupal 7) or running on the site via some other module such as\n> jQuery Update.\n", "id": "FreeBSD-2019-0091", "modified": "2019-04-25T00:00:00Z", "published": "2019-04-25T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://www.drupal.org/SA-CORE-2019-005" }, { "type": "REPORT", "url": "https://www.drupal.org/sa-core-2019-006" }, { "type": "WEB", "url": "https://www.drupal.org/SA-CORE-2019-005" }, { "type": "WEB", "url": "https://www.drupal.org/SA-CORE-2019-006" } ], "schema_version": "1.7.0", "summary": "drupal -- Drupal core - Moderately critical" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "py27-yaml" }, "ranges": [ { "events": [ { "fixed": "4.1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "py35-yaml" }, "ranges": [ { "events": [ { "fixed": "4.1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "py36-yaml" }, "ranges": [ { "events": [ { "fixed": "4.1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "py37-yaml" }, "ranges": [ { "events": [ { "fixed": "4.1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://github.com/yaml/pyyaml/wiki/PyYAML-yaml.load(input)-Deprecation" ], "discovery": "2018-06-27T00:00:00Z", "references": { "cvename": [ "CVE-2017-18342" ] }, "vid": "f6ea18bb-65b9-11e9-8b31-002590045d9c" }, "details": "pyyaml reports:\n\n> the PyYAML.load function could be easily exploited to call any Python\n> function. That means it could call any system command using\n> os.system()\n", "id": "FreeBSD-2019-0090", "modified": "2019-04-23T00:00:00Z", "published": "2019-04-23T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://github.com/yaml/pyyaml/wiki/PyYAML-yaml.load(input)-Deprecation" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-18342" }, { "type": "ADVISORY", "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-18342" }, { "type": "WEB", "url": "https://github.com/yaml/pyyaml/pull/74" } ], "schema_version": "1.7.0", "summary": "py-yaml -- arbitrary code execution" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "FreeBSD" }, "ranges": [ { "events": [ { "introduced": "12.0" }, { "fixed": "12.0_3" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "11.2" }, { "fixed": "11.2_9" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "wpa_supplicant" }, "ranges": [ { "events": [ { "fixed": "2.8" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "hostapd" }, "ranges": [ { "events": [ { "fixed": "2.8" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "discovery": "2019-04-18T00:00:00Z", "vid": "a207bbd8-6572-11e9-8e67-206a8a720317" }, "details": "# Problem Description:\n\nEAP-pwd implementation in hostapd (EAP server) and wpa_supplicant (EAP\npeer) does not to validate fragmentation reassembly state properly for a\ncase where an unexpected fragment could be received. This could result\nin process termination due to NULL pointer dereference.\n\nSee\nhttps://w1.fi/security/2019-5/eap-pwd-message-reassembly-issue-with-unexpected-fragment.txt\nfor a detailed description of the bug.\n\n# Impact:\n\nAll wpa_supplicant and hostapd versions with EAP-pwd support could\nsuffer a denial of service attack through process termination.\n", "id": "FreeBSD-2019-0089", "modified": "2019-04-23T00:00:00Z", "published": "2019-04-23T00:00:00Z", "references": [ { "type": "WEB", "url": "https://w1.fi/security/2019-5/eap-pwd-message-reassembly-issue-with-unexpected-fragment.txt" } ], "schema_version": "1.7.0", "summary": "FreeBSD -- EAP-pwd message reassembly issue with unexpected fragment" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "FreeBSD" }, "ranges": [ { "events": [ { "introduced": "12.0" }, { "fixed": "12.0_3" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "11.2" }, { "fixed": "11.2_9" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "wpa_supplicant" }, "ranges": [ { "events": [ { "fixed": "2.8" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "hostapd" }, "ranges": [ { "events": [ { "fixed": "2.8" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "discovery": "2019-04-10T00:00:00Z", "references": { "cvename": [ "CVE-2019-9497", "CVE-2019-9498", "CVE-2019-9499" ], "freebsdsa": [ "SA-19:03.wpa" ] }, "vid": "2da3cb25-6571-11e9-8e67-206a8a720317" }, "details": "# Problem Description:\n\nEAP-pwd implementation in hostapd (EAP server) and wpa_supplicant (EAP\npeer) does not to validate the received scalar and element values in\nEAP-pwd-Commit messages properly. This could result in attacks that\nwould be able to complete EAP-pwd authentication exchange without the\nattacker having to know the used password.\n\nSee https://w1.fi/security/2019-4/eap-pwd-missing-commit-validation.txt\nfor a detailed description of the bug.\n\n# Impact:\n\nAll wpa_supplicant and hostapd versions with EAP-pwd support.\n", "id": "FreeBSD-2019-0088", "modified": "2019-07-30T00:00:00Z", "published": "2019-04-23T00:00:00Z", "references": [ { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-9497" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-9498" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-9499" }, { "type": "ADVISORY", "url": "https://www.freebsd.org/security/advisories/FreeBSD-SA-19:03.wpa.asc" } ], "schema_version": "1.7.0", "summary": "FreeBSD -- EAP-pwd missing commit validation" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "FreeBSD" }, "ranges": [ { "events": [ { "introduced": "12.0" }, { "fixed": "12.0_3" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "11.2" }, { "fixed": "11.2_9" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "wpa_supplicant" }, "ranges": [ { "events": [ { "fixed": "2.8" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "hostapd" }, "ranges": [ { "events": [ { "fixed": "2.8" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "discovery": "2019-04-10T00:00:00Z", "references": { "cvename": [ "CVE-2019-9496" ] }, "vid": "98b71436-656d-11e9-8e67-206a8a720317" }, "details": "# Problem Description:\n\nWhen hostapd is used to operate an access point with SAE (Simultaneous\nAuthentication of Equals; also known as WPA3-Personal), an invalid\nauthentication sequence could result in the hostapd process terminating\ndue to a NULL pointer dereference when processing SAE confirm message.\nThis was caused by missing state validation steps when processing the\nSAE confirm message in hostapd/AP mode.\n\nSee\nhttps://w1.fi/security/2019-3/sae-confirm-missing-state-validation.txt\nfor a detailed description of the bug.\n\n# Impact:\n\nAll hostapd versions with SAE support (CONFIG_SAE=y in the build\nconfiguration and SAE being enabled in the runtime configuration).\n", "id": "FreeBSD-2019-0087", "modified": "2019-04-23T00:00:00Z", "published": "2019-04-23T00:00:00Z", "references": [ { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-9496" } ], "schema_version": "1.7.0", "summary": "FreeBSD -- SAE confirm missing state validation" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "FreeBSD" }, "ranges": [ { "events": [ { "introduced": "12.0" }, { "fixed": "12.0_3" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "11.2" }, { "fixed": "11.2_9" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "wpa_supplicant" }, "ranges": [ { "events": [ { "fixed": "2.8" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "hostapd" }, "ranges": [ { "events": [ { "fixed": "2.8" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "discovery": "2019-04-10T00:00:00Z", "references": { "cvename": [ "CVE-2019-9495" ] }, "vid": "60129efe-656d-11e9-8e67-206a8a720317" }, "details": "# Problem Description:\n\nPotential side channel attacks in the SAE implementations used by both\nhostapd and wpa_supplicant (see CVE-2019-9494 and VU#871675). EAP-pwd\nuses a similar design for deriving PWE from the password and while a\nspecific attack against EAP-pwd is not yet known to be tested, there is\nno reason to believe that the EAP-pwd implementation would be immune\nagainst the type of cache attack that was identified for the SAE\nimplementation. Since the EAP-pwd implementation in hostapd (EAP server)\nand wpa_supplicant (EAP peer) does not support MODP groups, the timing\nattack described against SAE is not applicable for the EAP-pwd\nimplementation.\n\nSee https://w1.fi/security/2019-2/eap-pwd-side-channel-attack.txt for a\ndetailed description of the bug.\n\n# Impact:\n\nAll wpa_supplicant and hostapd versions with EAP-pwd support\n(CONFIG_EAP_PWD=y in the build configuration and EAP-pwd being enabled\nin the runtime configuration).\n", "id": "FreeBSD-2019-0086", "modified": "2019-04-23T00:00:00Z", "published": "2019-04-23T00:00:00Z", "references": [ { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-9495" } ], "schema_version": "1.7.0", "summary": "FreeBSD -- EAP-pwd side-channel attack" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "FreeBSD" }, "ranges": [ { "events": [ { "introduced": "12.0" }, { "fixed": "12.0_3" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "11.2" }, { "fixed": "11.2_9" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "wpa_supplicant" }, "ranges": [ { "events": [ { "fixed": "2.8" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "hostapd" }, "ranges": [ { "events": [ { "fixed": "2.8" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "discovery": "2019-04-10T00:00:00Z", "references": { "cvename": [ "CVE-2019-9494" ] }, "vid": "7e53f9cc-656d-11e9-8e67-206a8a720317" }, "details": "# Problem Description:\n\nSide channel attacks in the SAE implementations used by both hostapd\n(AP) and wpa_supplicant (infrastructure BSS station/mesh station). SAE\n(Simultaneous Authentication of Equals) is also known as WPA3-Personal.\nThe discovered side channel attacks may be able to leak information\nabout the used password based on observable timing differences and cache\naccess patterns. This might result in full password recovery when\ncombined with an offline dictionary attack and if the password is not\nstrong enough to protect against dictionary attacks.\n\nSee https://w1.fi/security/2019-1/sae-side-channel-attacks.txt for a\ndetailed description of the bug.\n\n# Impact:\n\nAll wpa_supplicant and hostapd versions with SAE support (CONFIG_SAE=y\nin the build configuration and SAE being enabled in the runtime\nconfiguration).\n", "id": "FreeBSD-2019-0085", "modified": "2019-04-23T00:00:00Z", "published": "2019-04-23T00:00:00Z", "references": [ { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-9494" } ], "schema_version": "1.7.0", "summary": "FreeBSD -- SAE side-channel attacks" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "istio" }, "ranges": [ { "events": [ { "fixed": "1.1.2" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://istio.io/blog/2019/announcing-1.1.2/#security-update" ], "discovery": "2019-03-29T00:00:00Z", "references": { "cvename": [ "CVE-2019-9900", "CVE-2019-9901" ] }, "vid": "484d3f5e-653a-11e9-b0e3-1c39475b9f84" }, "details": "Istio reports:\n\n> Two security vulnerabilities have recently been identified in the\n> Envoy proxy. The vulnerabilities are centered on the fact that Envoy\n> did not normalize HTTP URI paths and did not fully validate HTTP/1.1\n> header values. These vulnerabilities impact Istio features that rely\n> on Envoy to enforce any of authorization, routing, or rate limiting.\n", "id": "FreeBSD-2019-0084", "modified": "2019-04-22T00:00:00Z", "published": "2019-04-22T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://istio.io/blog/2019/announcing-1.1.2/#security-update" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-9900" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-9901" }, { "type": "ADVISORY", "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9900" }, { "type": "ADVISORY", "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9901" }, { "type": "WEB", "url": "https://github.com/envoyproxy/envoy/issues/6434" }, { "type": "WEB", "url": "https://github.com/envoyproxy/envoy/issues/6435" } ], "schema_version": "1.7.0", "summary": "Istio -- Security vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "ghostscript9-agpl-base" }, "ranges": [ { "events": [ { "fixed": "9.27" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "ghostscript9-agpl-x11" }, "ranges": [ { "events": [ { "fixed": "9.27" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3835", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3838" ], "discovery": "2019-03-21T00:00:00Z", "references": { "cvename": [ "CVE-2019-3835", "CVE-2019-3838" ] }, "vid": "5ed7102e-6454-11e9-9a3a-001cc0382b2f" }, "details": "Cedric Buissart (Red Hat) reports:\n\n> It was found that the superexec operator was available in the internal\n> dictionary in ghostscript before 9.27. A specially crafted PostScript\n> file could use this flaw in order to, for example, have access to the\n> file system outside of the constrains imposed by -dSAFER.\n\n> It was found that the forceput operator could be extracted from the\n> DefineResource method in ghostscript before 9.27. A specially crafted\n> PostScript file could use this flaw in order to, for example, have\n> access to the file system outside of the constrains imposed by\n> -dSAFER.\n", "id": "FreeBSD-2019-0083", "modified": "2019-04-21T00:00:00Z", "published": "2019-04-21T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3835" }, { "type": "REPORT", "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3838" }, { "type": "ADVISORY", "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3835" }, { "type": "ADVISORY", "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3838" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-3835" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-3838" } ], "schema_version": "1.7.0", "summary": "Ghostscript -- Security bypass vulnerability" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "gnutls" }, "ranges": [ { "events": [ { "fixed": "3.6.7" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://www.gnutls.org/security-new.html#GNUTLS-SA-2019-03-27" ], "discovery": "2019-03-27T00:00:00Z", "references": { "cvename": [ "CVE-2019-3829", "CVE-2019-3836" ] }, "vid": "fb30db8f-62af-11e9-b0de-001cc0382b2f" }, "details": "The GnuTLS project reports:\n\n> - Tavis Ormandy from Google Project Zero found a memory corruption\n> (double free) vulnerability in the certificate verification API. Any\n> client or server application that verifies X.509 certificates with\n> GnuTLS 3.5.8 or later is affected.\n> - It was found using the TLS fuzzer tools that decoding a malformed\n> TLS1.3 asynchronous message can cause a server crash via an invalid\n> pointer access. The issue affects GnuTLS server applications since\n> 3.6.4.\n", "id": "FreeBSD-2019-0082", "modified": "2019-04-19T00:00:00Z", "published": "2019-04-19T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://www.gnutls.org/security-new.html#GNUTLS-SA-2019-03-27" }, { "type": "WEB", "url": "https://www.gnutls.org/security-new.html#GNUTLS-SA-2019-03-27" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-3829" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-3836" } ], "schema_version": "1.7.0", "summary": "GnuTLS -- double free, invalid pointer access" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "dovecot" }, "ranges": [ { "events": [ { "introduced": "2.3.0" }, { "fixed": "2.3.5.2" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "dovecot2" }, "ranges": [ { "events": [ { "introduced": "2.3.0" }, { "fixed": "2.3.5.2" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://dovecot.org/pipermail/dovecot-news/2019-April/000407.html" ], "discovery": "2019-04-09T00:00:00Z", "references": { "cvename": [ "CVE-2019-10691" ] }, "vid": "a64aa22f-61ec-11e9-85b9-a4badb296695" }, "details": "Aki Tuomi reports:\n\n> \\* CVE-2019-10691: Trying to login with 8bit username containing\n> invalid UTF8 input causes auth process to crash if auth policy is\n> enabled. This could be used rather easily to cause a DoS. Similar\n> crash also happens during mail delivery when using invalid UTF8 in\n> From or Subject header when OX push notification driver is used.\n", "id": "FreeBSD-2019-0081", "modified": "2019-05-26T00:00:00Z", "published": "2019-04-18T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://dovecot.org/pipermail/dovecot-news/2019-April/000407.html" }, { "type": "WEB", "url": "https://dovecot.org/pipermail/dovecot-news/2019-April/000407.html" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-10691" } ], "schema_version": "1.7.0", "summary": "dovecot -- json encoder crash" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "libssh2" }, "ranges": [ { "events": [ { "fixed": "1.8.1,3" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "linux-c6-libssh2" }, "ranges": [ { "events": [ { "fixed": "1.4.2_7" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "linux-c7-libssh2" }, "ranges": [ { "events": [ { "fixed": "1.4.3_3" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://github.com/libssh2/libssh2/releases/tag/libssh2-1.8.1" ], "discovery": "2019-03-14T00:00:00Z", "references": { "cvename": [ "CVE-2019-3855", "CVE-2019-3856", "CVE-2019-3857", "CVE-2019-3858", "CVE-2019-3859", "CVE-2019-3860", "CVE-2019-3861", "CVE-2019-3862", "CVE-2019-3863" ] }, "vid": "6e58e1e9-2636-413e-9f84-4c0e21143628" }, "details": "libssh2 developers report:\n\n> - Defend against possible integer overflows in\n> comp_method_zlib_decomp.\n> - Defend against writing beyond the end of the payload in\n> \\_libssh2_transport_read().\n> - Sanitize padding_length - \\_libssh2_transport_read().\n> - This prevents an underflow resulting in a potential out-of-bounds\n> read if a server sends a too-large padding_length, possibly with\n> malicious intent.\n> - Prevent zero-byte allocation in sftp_packet_read() which could lead\n> to an out-of-bounds read.\n> - Check the length of data passed to sftp_packet_add() to prevent\n> out-of-bounds reads.\n> - Add a required_size parameter to sftp_packet_require et. al. to\n> require callers of these functions to handle packets that are too\n> short.\n> - Additional length checks to prevent out-of-bounds reads and writes\n> in \\_libssh2_packet_add().\n", "id": "FreeBSD-2019-0080", "modified": "2019-07-07T00:00:00Z", "published": "2019-04-18T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://github.com/libssh2/libssh2/releases/tag/libssh2-1.8.1" }, { "type": "WEB", "url": "https://github.com/libssh2/libssh2/releases/tag/libssh2-1.8.1" }, { "type": "WEB", "url": "https://libssh2.org/CVE-2019-3855.html" }, { "type": "WEB", "url": "https://libssh2.org/CVE-2019-3856.html" }, { "type": "WEB", "url": "https://libssh2.org/CVE-2019-3857.html" }, { "type": "WEB", "url": "https://libssh2.org/CVE-2019-3858.html" }, { "type": "WEB", "url": "https://libssh2.org/CVE-2019-3859.html" }, { "type": "WEB", "url": "https://libssh2.org/CVE-2019-3860.html" }, { "type": "WEB", "url": "https://libssh2.org/CVE-2019-3861.html" }, { "type": "WEB", "url": "https://libssh2.org/CVE-2019-3862.html" }, { "type": "WEB", "url": "https://libssh2.org/CVE-2019-3863.html" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-3855" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-3856" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-3857" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-3858" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-3859" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-3860" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-3861" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-3862" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-3863" } ], "schema_version": "1.7.0", "summary": "libssh2 -- multiple issues" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "gitea" }, "ranges": [ { "events": [ { "fixed": "1.7.5" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://blog.gitea.io/2019/04/gitea-1.7.6-is-released/" ], "discovery": "2019-04-13T00:00:00Z", "vid": "b747783f-5fb6-11e9-b2ac-08002705f877" }, "details": "The Gitea team reports:\n\n> Prevent remote code execution vulnerability with mirror repo URL\n> settings.\n", "id": "FreeBSD-2019-0079", "modified": "2019-04-17T00:00:00Z", "published": "2019-04-17T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://blog.gitea.io/2019/04/gitea-1.7.6-is-released/" }, { "type": "WEB", "url": "https://blog.gitea.io/2019/04/gitea-1.7.6-is-released/" } ], "schema_version": "1.7.0", "summary": "gitea -- remote code execution" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "mariadb55-server" }, "ranges": [ { "events": [ { "fixed": "5.5.64" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "mariadb101-server" }, "ranges": [ { "events": [ { "fixed": "10.1.39" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "mariadb102-server" }, "ranges": [ { "events": [ { "fixed": "10.2.23" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "mariadb103-server" }, "ranges": [ { "events": [ { "fixed": "10.3.14" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "mysql56-server" }, "ranges": [ { "events": [ { "fixed": "5.6.44" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "mysql57-server" }, "ranges": [ { "events": [ { "fixed": "5.7.26" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "mysql80-server" }, "ranges": [ { "events": [ { "fixed": "8.0.15" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "percona55-server" }, "ranges": [ { "events": [ { "fixed": "5.5.64" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "percona56-server" }, "ranges": [ { "events": [ { "fixed": "5.6.44" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "percona57-server" }, "ranges": [ { "events": [ { "fixed": "5.7.26" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html" ], "discovery": "2019-04-13T00:00:00Z", "vid": "4e1997e8-5de0-11e9-b95c-b499baebfeaf" }, "details": "Oracle reports:\n\n> Critical Patch Update Oracle MySQL Executive Summary\n>\n> This Critical Patch Update contains 44 new security fixes for Oracle\n> MySQL. 3 of these vulnerabilities may be remotely exploitable without\n> authentication, i.e., may be exploited over a network without\n> requiring user credentials.\n>\n> The Oracle MySQL products and versions affected by vulnerabilities\n> that are fixed in this Critical Patch Update are: MySQL Server,\n> versions 5.6.43 and prior, 5.7.25 and prior, 8.0.15 and prior\n>\n> Further details will be published by Oracle on 2019-04-16\n", "id": "FreeBSD-2019-0078", "modified": "2019-04-13T00:00:00Z", "published": "2019-04-13T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html" }, { "type": "WEB", "url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html" } ], "schema_version": "1.7.0", "summary": "MySQL -- multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "wget" }, "ranges": [ { "events": [ { "introduced": "1.19" }, { "fixed": "1.20.1" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20483" ], "discovery": "2018-12-25T00:00:00Z", "references": { "cvename": [ "CVE-2018-20483" ] }, "vid": "a737eb11-5cfc-11e9-ab87-8cec4bf8fcfb" }, "details": "Gynvael Coldwind reports:\n\n> set_file_metadata in xattr.c in GNU Wget before 1.20.1 stores a\n> file\\'s origin URL in the user.xdg.origin.url metadata attribute of\n> the extended attributes of the downloaded file, which allows local\n> users to obtain sensitive information (e.g., credentials contained in\n> the URL) by reading this attribute, as demonstrated by getfattr. This\n> also applies to Referer information in the user.xdg.referrer.url\n> metadata attribute.\n", "id": "FreeBSD-2019-0077", "modified": "2019-04-12T00:00:00Z", "published": "2019-04-12T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20483" }, { "type": "ADVISORY", "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20483" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-20483" } ], "schema_version": "1.7.0", "summary": "wget -- security flaw in caching credentials passed as a part of the URL" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "gitlab-ce" }, "ranges": [ { "events": [ { "introduced": "11.9.0" }, { "fixed": "11.9.7" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "11.8.0" }, { "fixed": "11.8.7" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "10.4.0" }, { "fixed": "11.7.11" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://about.gitlab.com/2019/04/10/critical-security-release-gitlab-11-dot-9-dot-7-released/" ], "discovery": "2019-04-10T00:00:00Z", "references": { "cvename": [ "CVE-2019-11000" ] }, "vid": "a0602fa0-5c1c-11e9-abd6-001b217b3468" }, "details": "Gitlab reports:\n\n> Group Runner Registration Token Exposure\n", "id": "FreeBSD-2019-0076", "modified": "2019-04-11T00:00:00Z", "published": "2019-04-11T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://about.gitlab.com/2019/04/10/critical-security-release-gitlab-11-dot-9-dot-7-released/" }, { "type": "WEB", "url": "https://about.gitlab.com/2019/04/10/critical-security-release-gitlab-11-dot-9-dot-7-released/" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-11000" } ], "schema_version": "1.7.0", "summary": "Gitlab -- Group Runner Registration Token Exposure" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "jenkins" }, "ranges": [ { "events": [ { "fixed": "2.172" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "jenkins-lts" }, "ranges": [ { "events": [ { "fixed": "2.164.2" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://jenkins.io/security/advisory/2019-04-10/" ], "discovery": "2019-04-10T00:00:00Z", "vid": "8e9c3f5a-715b-4336-8d05-19babef55e9e" }, "details": "Jenkins Security Advisory:\n\n> # Description\n>\n> ##### (Medium) SECURITY-1289\n>\n> Jenkins accepted cached legacy CLI authentication\n>\n> ##### (Medium) SECURITY-1327\n>\n> XSS vulnerability in form validation button\n", "id": "FreeBSD-2019-0075", "modified": "2019-04-10T00:00:00Z", "published": "2019-04-10T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://jenkins.io/security/advisory/2019-04-10/" }, { "type": "WEB", "url": "https://jenkins.io/security/advisory/2019-04-10/" } ], "schema_version": "1.7.0", "summary": "jenkins -- multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "linux-flashplayer" }, "ranges": [ { "events": [ { "fixed": "32.0.0.171" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://helpx.adobe.com/security/products/flash-player/apsb19-19.html" ], "discovery": "2019-04-09T00:00:00Z", "references": { "cvename": [ "CVE-2019-7096", "CVE-2019-7108" ] }, "vid": "45d89773-5b64-11e9-80ed-d43d7ef03aa6" }, "details": "Adobe reports:\n\n> - This update resolves a use-after-free vulnerability that could lead\n> to arbitrary code execution (CVE-2019-7096).\n> - This update resolves an out-of-bounds read vulnerability that could\n> lead to information disclosure (CVE-2019-7108).\n", "id": "FreeBSD-2019-0074", "modified": "2019-04-10T00:00:00Z", "published": "2019-04-10T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://helpx.adobe.com/security/products/flash-player/apsb19-19.html" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-7096" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-7108" }, { "type": "WEB", "url": "https://helpx.adobe.com/security/products/flash-player/apsb19-19.html" } ], "schema_version": "1.7.0", "summary": "Flash Player -- multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "clamav" }, "ranges": [ { "events": [ { "fixed": "0.101.2,1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://blog.clamav.net/2019/03/clamav-01012-and-01003-patches-have.html" ], "discovery": "2019-03-29T00:00:00Z", "references": { "cvename": [ "CVE-2019-1787", "CVE-2019-1789", "CVE-2019-1788", "CVE-2019-1786", "CVE-2019-1785", "CVE-2019-1798" ] }, "vid": "84ce26c3-5769-11e9-abd6-001b217b3468" }, "details": "Clamav reports:\n\n> An out-of-bounds heap read condition may occur when scanning PDF\n> documents\n>\n> An out-of-bounds heap read condition may occur when scanning PE files\n>\n> An out-of-bounds heap write condition may occur when scanning OLE2\n> files\n>\n> An out-of-bounds heap read condition may occur when scanning malformed\n> PDF documents\n>\n> A path-traversal write condition may occur as a result of improper\n> input validation when scanning RAR archives\n>\n> A use-after-free condition may occur as a result of improper error\n> handling when scanning nested RAR archives\n", "id": "FreeBSD-2019-0073", "modified": "2019-04-05T00:00:00Z", "published": "2019-04-05T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://blog.clamav.net/2019/03/clamav-01012-and-01003-patches-have.html" }, { "type": "WEB", "url": "https://blog.clamav.net/2019/03/clamav-01012-and-01003-patches-have.html" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-1787" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-1789" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-1788" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-1786" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-1785" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-1798" } ], "schema_version": "1.7.0", "summary": "clamav -- multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "gitlab-ce" }, "ranges": [ { "events": [ { "introduced": "11.9.0" }, { "fixed": "11.9.4" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "11.8.0" }, { "fixed": "11.8.6" } ], "type": "ECOSYSTEM" }, { "events": [ { "fixed": "11.7.10" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://about.gitlab.com/2019/04/01/security-release-gitlab-11-dot-9-dot-4-released/" ], "discovery": "2019-04-01T00:00:00Z", "references": { "cvename": [ "CVE-2019-10640", "CVE-2019-10116", "CVE-2019-10111", "CVE-2019-10110", "CVE-2019-10115", "CVE-2019-10113", "CVE-2019-10114", "CVE-2019-10112", "CVE-2019-10117", "CVE-2018-5158", "CVE-2019-10108", "CVE-2019-10109" ] }, "vid": "da459dbc-5586-11e9-abd6-001b217b3468" }, "details": "Gitlab reports:\n\n> DoS potential for regex in CI/CD refs\n>\n> Related branches visible in issues for guests\n>\n> Persistent XSS at merge request resolve conflicts\n>\n> Improper authorization control \\\"move issue\\\"\n>\n> Guest users of private projects have access to releases\n>\n> DoS potential on project languages page\n>\n> Recurity assessment: information exposure through timing discrepancy\n>\n> Recurity assessment: loginState HMAC issues\n>\n> Recurity assessment: open redirect\n>\n> PDF.js vulnerable to CVE-2018-5158\n>\n> IDOR labels of private projects/groups\n>\n> EXIF geolocation data not stripped from uploaded images\n", "id": "FreeBSD-2019-0072", "modified": "2019-04-02T00:00:00Z", "published": "2019-04-02T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://about.gitlab.com/2019/04/01/security-release-gitlab-11-dot-9-dot-4-released/" }, { "type": "WEB", "url": "https://about.gitlab.com/2019/04/01/security-release-gitlab-11-dot-9-dot-4-released/" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-10640" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-10116" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-10111" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-10110" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-10115" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-10113" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-10114" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-10112" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-10117" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-5158" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-10108" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-10109" } ], "schema_version": "1.7.0", "summary": "Gitlab -- Multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "apache24" }, "ranges": [ { "events": [ { "fixed": "2.4.39" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://httpd.apache.org/security/vulnerabilities_24.html" ], "discovery": "2019-04-01T00:00:00Z", "references": { "cvename": [ "CVE-2019-0211", "CVE-2019-0217", "CVE-2019-0215", "CVE-2019-0196", "CVE-2019-0220" ] }, "vid": "cf2105c6-551b-11e9-b95c-b499baebfeaf" }, "details": "The Apache httpd Project reports:\n\n> Apache HTTP Server privilege escalation from modules\\' scripts\n> (CVE-2019-0211) (important)\n>\n> mod_auth_digest access control bypass (CVE-2019-0217) (important)\n>\n> mod_ssl access control bypass (CVE-2019-0215) (important)\n>\n> mod_http2, possible crash on late upgrade (CVE-2019-0197) (low)\n>\n> mod_http2, read-after-free on a string compare (CVE-2019-0196) (low)\n>\n> Apache httpd URL normalization inconsistincy (CVE-2019-0220) (low)\n", "id": "FreeBSD-2019-0071", "modified": "2019-04-02T00:00:00Z", "published": "2019-04-02T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://httpd.apache.org/security/vulnerabilities_24.html" }, { "type": "WEB", "url": "https://www.apache.org/dist/httpd/CHANGES_2.4.39" }, { "type": "WEB", "url": "https://httpd.apache.org/security/vulnerabilities_24.html" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-0211" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-0217" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-0215" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-0196" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-0220" } ], "schema_version": "1.7.0", "summary": "Apache -- Multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "kubectl" }, "ranges": [ { "events": [ { "fixed": "1.11.9" }, { "introduced": "0" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "1.12.0" }, { "fixed": "1.12.7" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "1.13.0" }, { "fixed": "1.13.5" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://discuss.kubernetes.io/t/announce-security-release-of-kubernetes-kubectl-potential-directory-traversal-releases-1-11-9-1-12-7-1-13-5-and-1-14-0-cve-2019-1002101/5712" ], "discovery": "2019-03-28T00:00:00Z", "references": { "cvename": [ "CVE-2019-1002101" ] }, "vid": "6a0129bf-54ad-11e9-987c-1c39475b9f84" }, "details": "Kubernetes.io reports:\n\n> A security issue was discovered with the Kubernetes kubectl cp command\n> that could enable a directory traversal replacing or deleting files on\n> a user's workstation.\n", "id": "FreeBSD-2019-0070", "modified": "2019-04-01T00:00:00Z", "published": "2019-04-01T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://discuss.kubernetes.io/t/announce-security-release-of-kubernetes-kubectl-potential-directory-traversal-releases-1-11-9-1-12-7-1-13-5-and-1-14-0-cve-2019-1002101/5712" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-1002101" }, { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-1002101" } ], "schema_version": "1.7.0", "summary": "Kubectl -- Potential directory traversal" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "znc" }, "ranges": [ { "events": [ { "fixed": "1.7.3" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9917" ], "discovery": "2019-03-21T00:00:00Z", "references": { "cvename": [ "CVE-2019-9917" ] }, "vid": "b22d6d4c-53b9-11e9-9310-28d244aee256" }, "details": "Mitre reports:\n\n> ZNC before 1.7.3-rc1 allows an existing remote user to cause a Denial\n> of Service (crash) via invalid encoding.\n", "id": "FreeBSD-2019-0069", "modified": "2019-03-31T00:00:00Z", "published": "2019-03-31T00:00:00Z", "references": [ { "type": "REPORT", "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9917" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-9917" }, { "type": "WEB", "url": "https://wiki.znc.in/ChangeLog/1.7.3" } ], "schema_version": "1.7.0", "summary": "znc -- Denial of Service" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "py27-notebook" }, "ranges": [ { "events": [ { "fixed": "5.7.8" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "py35-notebook" }, "ranges": [ { "events": [ { "fixed": "5.7.8" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "py36-notebook" }, "ranges": [ { "events": [ { "fixed": "5.7.8" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "py37-notebook" }, "ranges": [ { "events": [ { "fixed": "5.7.8" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://blog.jupyter.org/open-redirect-vulnerability-in-jupyter-jupyterhub-adf43583f1e4" ], "discovery": "2019-03-28T00:00:00Z", "references": { "cvename": [ "CVE-2019-10255" ] }, "vid": "fe7e322f-522d-11e9-98b5-216e512dad89" }, "details": "Jupyter blog:\n\n> Login pages tend to take a parameter for redirecting back to a page\n> after successful login, e.g. /login?next=/notebooks/mynotebook.ipynb,\n> so that you aren\\'t disrupted too much if you try to visit a page, but\n> have to authenticate first. An Open Redirect Vulnerability is when a\n> malicious person crafts a link pointing to the login page of a trusted\n> site, but setting the \\\"redirect after successful login\\\" parameter to\n> send the user to their own site, instead of a page on the\n> authenticated site (the notebook or JupyterHub server), e.g.\n> /login?next=http://badwebsite.biz. This doesn\\'t necessarily\n> compromise anything immediately, but it enables phishing if users\n> don\\'t notice that the domain has changed, e.g. by showing a fake\n> \\\"re-enter your password\\\" page. Servers generally have to validate\n> the redirect URL to avoid this. Both JupyterHub and Notebook already\n> do this, but the validation didn\\'t take into account all possible\n> ways to redirect to other sites, so some malicious URLs could still be\n> crafted to redirect away from the server (the above example does not\n> work in any recent version of either package). Only certain browsers\n> (Chrome and Firefox, not Safari) could be redirected from the\n> JupyterHub login page, but all browsers could be redirected away from\n> a standalone notebook server.\n", "id": "FreeBSD-2019-0068", "modified": "2019-04-06T00:00:00Z", "published": "2019-03-29T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://blog.jupyter.org/open-redirect-vulnerability-in-jupyter-jupyterhub-adf43583f1e4" }, { "type": "WEB", "url": "https://blog.jupyter.org/open-redirect-vulnerability-in-jupyter-jupyterhub-adf43583f1e4" }, { "type": "WEB", "url": "https://github.com/jupyter/notebook/blob/master/docs/source/changelog.rst" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-10255" } ], "schema_version": "1.7.0", "summary": "Jupyter notebook -- open redirect vulnerability" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "dovecot" }, "ranges": [ { "events": [ { "fixed": "2.3.5.1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "http://cve.mitre.org/cgi-bin/cvename.cgi?name=2019-7524" ], "discovery": "2019-02-05T00:00:00Z", "references": { "cvename": [ "CVE-2019-7524" ] }, "vid": "7862213c-5152-11e9-8b26-a4badb296695" }, "details": "Aki Tuomi reports:\n\n> Vulnerability Details: When reading FTS or POP3-UIDL header from\n> dovecot index, the input buffer size is not bound, and data is copied\n> to target structure causing stack overflow. Risk: This can be used for\n> local root privilege escalation or executing arbitrary code in dovecot\n> process context. This requires ability to directly modify dovecot\n> indexes. Steps to reproduce: Produce dovecot.index.log entry that\n> creates an FTS header which has more than 12 bytes of data. Trigger\n> dovecot indexer-worker or run doveadm index. Dovecot will crash.\n> Mitigations: Since 2.3.0 dovecot has been compiled with stack smash\n> protection, ASLR, read-only GOT tables and other techniques that make\n> exploiting this bug much harder.\n", "id": "FreeBSD-2019-0067", "modified": "2019-03-28T00:00:00Z", "published": "2019-03-28T00:00:00Z", "references": [ { "type": "REPORT", "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=2019-7524" }, { "type": "WEB", "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=2019-7524" }, { "type": "WEB", "url": "https://dovecot.org/list/dovecot-news/2019-March/000401.html" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-7524" } ], "schema_version": "1.7.0", "summary": "dovecot -- Buffer overflow reading extension header" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "drupal7" }, "ranges": [ { "events": [ { "fixed": "7.65" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "drupal8" }, "ranges": [ { "events": [ { "fixed": "8.6.13" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://www.drupal.org/SA-CORE-2019-004" ], "discovery": "2019-03-20T00:00:00Z", "references": { "cvename": [ "CVE-2019-6341" ] }, "vid": "94d63fd7-508b-11e9-9ba0-4c72b94353b5" }, "details": "Drupal Security Team reports:\n\n> Under certain circumstances the File module/subsystem allows a\n> malicious user to upload a file that can trigger a cross-site\n> scripting (XSS) vulnerability.\n", "id": "FreeBSD-2019-0066", "modified": "2019-03-28T00:00:00Z", "published": "2019-03-27T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://www.drupal.org/SA-CORE-2019-004" }, { "type": "WEB", "url": "https://www.drupal.org/project/drupal/releases/8.6.13" }, { "type": "WEB", "url": "https://www.drupal.org/project/drupal/releases/7.65" }, { "type": "WEB", "url": "https://www.drupal.org/SA-CORE-2019-004" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-6341" } ], "schema_version": "1.7.0", "summary": "drupal -- Drupal core - Moderately critical - Cross Site Scripting" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "python27" }, "ranges": [ { "events": [ { "fixed": "2.7.16" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "python35" }, "ranges": [ { "events": [ { "fixed": "3.5.7" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "python36" }, "ranges": [ { "events": [ { "fixed": "3.6.8_1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "python37" }, "ranges": [ { "events": [ { "fixed": "3.7.3" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://docs.python.org/3.7/whatsnew/changelog.html" ], "discovery": "2019-01-15T00:00:00Z", "references": { "cvename": [ "CVE-2019-5010" ] }, "vid": "d74371d2-4fee-11e9-a5cd-1df8a848de3d" }, "details": "Python Changelog:\n\n> bpo-35746: \\[CVE-2019-5010\\] Fix a NULL pointer deref in ssl module.\n> The cert parser did not handle CRL distribution points with empty DP\n> or URI correctly. A malicious or buggy certificate can result into\n> segfault. Vulnerability (TALOS-2018-0758) reported by Colin Read and\n> Nicolas Edet of Cisco.\n", "id": "FreeBSD-2019-0065", "modified": "2019-03-27T00:00:00Z", "published": "2019-03-26T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://docs.python.org/3.7/whatsnew/changelog.html" }, { "type": "WEB", "url": "https://docs.python.org/3.7/whatsnew/changelog.html" }, { "type": "WEB", "url": "https://bugs.python.org/issue35746" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-5010" } ], "schema_version": "1.7.0", "summary": "Python -- NULL pointer dereference vulnerability" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "wordpress" }, "ranges": [ { "events": [ { "fixed": "5.1.1,1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "fr-wordpress" }, "ranges": [ { "events": [ { "fixed": "5.1.1,1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "de-wordpress" }, "ranges": [ { "events": [ { "fixed": "5.1.1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "zh_CN-wordpress" }, "ranges": [ { "events": [ { "fixed": "5.1.1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "zh_TW-wordpress" }, "ranges": [ { "events": [ { "fixed": "5.1.1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "ja-wordpress" }, "ranges": [ { "events": [ { "fixed": "5.1.1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "ru-wordpress" }, "ranges": [ { "events": [ { "fixed": "5.1.1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://wordpress.org/news/2019/03/wordpress-5-1-1-security-and-maintenance-release/" ], "discovery": "2019-03-12T00:00:00Z", "vid": "15ee0e93-4bbb-11e9-9ba0-4c72b94353b5" }, "details": "wordpress developers reports:\n\n> Hosts can now offer a button for their users to update PHP.\n>\n> The recommended PHP version used by the Update PHP notice can now be\n> filtered.\n", "id": "FreeBSD-2019-0064", "modified": "2019-03-21T00:00:00Z", "published": "2019-03-21T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://wordpress.org/news/2019/03/wordpress-5-1-1-security-and-maintenance-release/" }, { "type": "WEB", "url": "https://wordpress.org/news/2019/03/wordpress-5-1-1-security-and-maintenance-release/" } ], "schema_version": "1.7.0", "summary": "wordpress -- multiple issues" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "gitlab-ce" }, "ranges": [ { "events": [ { "introduced": "11.8.0" }, { "fixed": "11.8.3" } ], "type": "ECOSYSTEM" }, { "events": [ { "fixed": "11.7.7" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://about.gitlab.com/2019/03/20/critical-security-release-gitlab-11-dot-8-dot-3-released/" ], "discovery": "2019-03-20T00:00:00Z", "references": { "cvename": [ "CVE-2019-9866" ] }, "vid": "e0382fde-4bb0-11e9-adcb-001b217b3468" }, "details": "Gitlab reports:\n\n> Project Runner Token Exposed Through Issues Quick Actions\n", "id": "FreeBSD-2019-0063", "modified": "2019-03-21T00:00:00Z", "published": "2019-03-21T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://about.gitlab.com/2019/03/20/critical-security-release-gitlab-11-dot-8-dot-3-released/" }, { "type": "WEB", "url": "https://about.gitlab.com/2019/03/20/critical-security-release-gitlab-11-dot-8-dot-3-released/" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-9866" } ], "schema_version": "1.7.0", "summary": "Gitlab -- Vulnerability" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "libXdmcp" }, "ranges": [ { "events": [ { "fixed": "1.1.3" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://nvd.nist.gov/vuln/detail/CVE-2017-2625" ], "discovery": "2017-04-04T00:00:00Z", "references": { "cvename": [ "CVE-2017-2625" ] }, "vid": "1b6a10e9-4b7b-11e9-9e89-54e1ad3d6335" }, "details": "The freedesktop and x.org project reports:\n\n> It was discovered that libXdmcp before 1.1.3 used weak entropy to\n> generate session keys on platforms without arc4random_buf() but with\n> getentropy(). On a multi-user system using xdmcp, a local attacker\n> could potentially use information available from the process list to\n> brute force the key, allowing them to hijack other users\\' sessions.\n>\n> Please note, that since FreeBSD provides arc4random_buf(), it is\n> unknown if FreeBSD is affected by this vulnerability\n", "id": "FreeBSD-2019-0062", "modified": "2019-03-22T00:00:00Z", "published": "2019-03-21T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-2625" }, { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-2625" }, { "type": "WEB", "url": "https://lists.x.org/archives/xorg-announce/2019-March/002974.html" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-2625" } ], "schema_version": "1.7.0", "summary": "libXdmcp -- insufficient entropy generating session keys" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "gitlab-ce" }, "ranges": [ { "events": [ { "fixed": "11.8.2" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://about.gitlab.com/2019/03/14/gitlab-11-8-2-released/" ], "discovery": "2019-03-14T00:00:00Z", "references": { "cvename": [ "CVE-2019-9732" ] }, "vid": "7ba5a3d0-4b18-11e9-adcb-001b217b3468" }, "details": "Gitlab reports:\n\n> Public project in a private group makes the group page publicly\n> accessible\n", "id": "FreeBSD-2019-0061", "modified": "2019-03-20T00:00:00Z", "published": "2019-03-20T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://about.gitlab.com/2019/03/14/gitlab-11-8-2-released/" }, { "type": "WEB", "url": "https://about.gitlab.com/2019/03/14/gitlab-11-8-2-released/" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-9732" } ], "schema_version": "1.7.0", "summary": "Gitlab -- Vulnerability" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "gitea" }, "ranges": [ { "events": [ { "fixed": "1.7.4" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://blog.gitea.io/2019/03/gitea-1.7.4-is-released/" ], "discovery": "2019-03-12T00:00:00Z", "vid": "a8ba7358-4b02-11e9-9ba0-4c72b94353b5" }, "details": "Gitea Team reports:\n\n> Fix potential XSS vulnerability in repository description.\n", "id": "FreeBSD-2019-0060", "modified": "2019-03-20T00:00:00Z", "published": "2019-03-20T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://blog.gitea.io/2019/03/gitea-1.7.4-is-released/" }, { "type": "WEB", "url": "https://blog.gitea.io/2019/03/gitea-1.7.4-is-released/" } ], "schema_version": "1.7.0", "summary": "gitea -- XSS vulnerability" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "firefox" }, "ranges": [ { "events": [ { "fixed": "66.0_3,1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "waterfox" }, "ranges": [ { "events": [ { "fixed": "56.2.9" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "seamonkey" }, "ranges": [ { "events": [ { "fixed": "2.53.0" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "linux-seamonkey" }, "ranges": [ { "events": [ { "fixed": "2.53.0" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "firefox-esr" }, "ranges": [ { "events": [ { "fixed": "60.6.0,1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "linux-firefox" }, "ranges": [ { "events": [ { "fixed": "60.6.0,2" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "libxul" }, "ranges": [ { "events": [ { "fixed": "60.6.0" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "thunderbird" }, "ranges": [ { "events": [ { "fixed": "60.6.0" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "linux-thunderbird" }, "ranges": [ { "events": [ { "fixed": "60.6.0" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://www.mozilla.org/en-US/security/advisories/mfsa2019-07/" ], "discovery": "2019-03-19T00:00:00Z", "references": { "cvename": [ "CVE-2019-9788", "CVE-2019-9789", "CVE-2019-9790", "CVE-2019-9791", "CVE-2019-9792", "CVE-2019-9793", "CVE-2019-9794", "CVE-2019-9795", "CVE-2019-9796", "CVE-2019-9797", "CVE-2019-9798", "CVE-2019-9799", "CVE-2019-9801", "CVE-2019-9802", "CVE-2019-9803", "CVE-2019-9804", "CVE-2019-9805", "CVE-2019-9806", "CVE-2019-9807", "CVE-2019-9808", "CVE-2019-9809" ] }, "vid": "05da6b56-3e66-4306-9ea3-89fafe939726" }, "details": "Mozilla Foundation reports:\n\n> CVE-2019-9790: Use-after-free when removing in-use DOM elements\n>\n> CVE-2019-9791: Type inference is incorrect for constructors entered\n> through on-stack replacement with IonMonkey\n>\n> CVE-2019-9792: IonMonkey leaks JS_OPTIMIZED_OUT magic value to script\n>\n> CVE-2019-9793: Improper bounds checks when Spectre mitigations are\n> disabled\n>\n> CVE-2019-9794: Command line arguments not discarded during execution\n>\n> CVE-2019-9795: Type-confusion in IonMonkey JIT compiler\n>\n> CVE-2019-9796: Use-after-free with SMIL animation controller\n>\n> CVE-2019-9797: Cross-origin theft of images with createImageBitmap\n>\n> CVE-2019-9798: Library is loaded from world writable APITRACE_LIB\n> location\n>\n> CVE-2019-9799: Information disclosure via IPC channel messages\n>\n> CVE-2019-9801: Windows programs that are not \\'URL Handlers\\' are\n> exposed to web content\n>\n> CVE-2019-9802: Chrome process information leak\n>\n> CVE-2019-9803: Upgrade-Insecure-Requests incorrectly enforced for\n> same-origin navigation\n>\n> CVE-2019-9804: Code execution through \\'Copy as cURL\\' in Firefox\n> Developer Tools on macOS\n>\n> CVE-2019-9805: Potential use of uninitialized memory in Prio\n>\n> CVE-2019-9806: Denial of service through successive FTP authorization\n> prompts\n>\n> CVE-2019-9807: Text sent through FTP connection can be incorporated\n> into alert messages\n>\n> CVE-2019-9809: Denial of service through FTP modal alert error\n> messages\n>\n> CVE-2019-9808: WebRTC permissions can display incorrect origin with\n> data: and blob: URLs\n>\n> CVE-2019-9789: Memory safety bugs fixed in Firefox 66\n>\n> CVE-2019-9788: Memory safety bugs fixed in Firefox 66 and Firefox ESR\n> 60.6\n", "id": "FreeBSD-2019-0059", "modified": "2019-07-23T00:00:00Z", "published": "2019-03-19T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2019-07/" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-9788" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-9789" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-9790" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-9791" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-9792" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-9793" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-9794" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-9795" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-9796" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-9797" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-9798" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-9799" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-9801" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-9802" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-9803" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-9804" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-9805" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-9806" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-9807" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-9808" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-9809" }, { "type": "WEB", "url": "https://www.mozilla.org/security/advisories/mfsa2019-07/" }, { "type": "WEB", "url": "https://www.mozilla.org/security/advisories/mfsa2019-08/" } ], "schema_version": "1.7.0", "summary": "mozilla -- multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "powerdns" }, "ranges": [ { "events": [ { "fixed": "4.1.7" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://doc.powerdns.com/authoritative/security-advisories/powerdns-advisory-2019-03.html" ], "discovery": "2019-03-18T00:00:00Z", "references": { "cvename": [ "CVE-2019-3871" ] }, "vid": "6001cfc6-9f0f-4fae-9b4f-9b8fae001425" }, "details": "PowerDNS developers report:\n\n> An issue has been found in PowerDNS Authoritative Server when the HTTP\n> remote backend is used in RESTful mode (without post=1 set), allowing\n> a remote user to cause the HTTP backend to connect to an\n> attacker-specified host instead of the configured one, via a crafted\n> DNS query. This can be used to cause a denial of service by preventing\n> the remote backend from getting a response, content spoofing if the\n> attacker can time its own query so that subsequent queries will use an\n> attacker-controlled HTTP server instead of the configured one, and\n> possibly information disclosure if the Authoritative Server has access\n> to internal servers.\n", "id": "FreeBSD-2019-0058", "modified": "2019-03-19T00:00:00Z", "published": "2019-03-19T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://doc.powerdns.com/authoritative/security-advisories/powerdns-advisory-2019-03.html" }, { "type": "WEB", "url": "https://doc.powerdns.com/authoritative/security-advisories/powerdns-advisory-2019-03.html" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-3871" } ], "schema_version": "1.7.0", "summary": "PowerDNS -- Insufficient validation in the HTTP remote backend" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "rubygem-actionview4" }, "ranges": [ { "events": [ { "fixed": "4.2.11.1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "rubygem-actionview50" }, "ranges": [ { "events": [ { "fixed": "5.0.7.2" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "rubygem-actionview5" }, "ranges": [ { "events": [ { "fixed": "5.1.6.2" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://weblog.rubyonrails.org/2019/3/13/Rails-4-2-5-1-5-1-6-2-have-been-released/" ], "discovery": "2019-03-13T00:00:00Z", "references": { "cvename": [ "CVE-2019-5418", "CVE-2019-5419" ] }, "vid": "1396a74a-4997-11e9-b5f1-83edb3f89ba1" }, "details": "Ruby on Rails blog:\n\n> Rails 4.2.11.1, 5.0.7.2, 5.1.6.2, 5.2.2.1, and 6.0.0.beta3 have been\n> released! These contain the following important security fixes. It is\n> recommended that users upgrade as soon as possible:\n>\n> CVE-2019-5418 File Content Disclosure in Action View\n>\n> CVE-2019-5419 Denial of Service Vulnerability in Action View\n", "id": "FreeBSD-2019-0057", "modified": "2019-03-18T00:00:00Z", "published": "2019-03-18T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://weblog.rubyonrails.org/2019/3/13/Rails-4-2-5-1-5-1-6-2-have-been-released/" }, { "type": "WEB", "url": "https://weblog.rubyonrails.org/2019/3/13/Rails-4-2-5-1-5-1-6-2-have-been-released/" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-5418" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-5419" } ], "schema_version": "1.7.0", "summary": "Rails -- Action View vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "putty" }, "ranges": [ { "events": [ { "fixed": "0.71" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "putty-gtk2" }, "ranges": [ { "events": [ { "fixed": "0.71" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "putty-nogtk" }, "ranges": [ { "events": [ { "fixed": "0.71" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://www.chiark.greenend.org.uk/~sgtatham/putty/changes.html" ], "discovery": "2019-03-16T00:00:00Z", "vid": "46e1ece5-48bd-11e9-9c40-080027ac955c" }, "details": "The PuTTY team reports:\n\n> New in 0.71:\n>\n> - Security fixes found by an EU-funded bug bounty programme:\n> - \\+ a remotely triggerable memory overwrite in RSA key exchange,\n> which can occur before host key verification\n> - \\+ potential recycling of random numbers used in cryptography\n> - \\+ on Unix, remotely triggerable buffer overflow in any kind of\n> server-to-client forwarding\n> - \\+ multiple denial-of-service attacks that can be triggered by\n> writing to the terminal\n> - Other security enhancements: major rewrite of the crypto code to\n> remove cache and timing side channels.\n> - User interface changes to protect against fake authentication\n> prompts from a malicious server.\n", "id": "FreeBSD-2019-0056", "modified": "2019-03-17T00:00:00Z", "published": "2019-03-17T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://www.chiark.greenend.org.uk/~sgtatham/putty/changes.html" }, { "type": "WEB", "url": "https://www.chiark.greenend.org.uk/~sgtatham/putty/changes.html" } ], "schema_version": "1.7.0", "summary": "PuTTY -- security fixes in new release" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "py27-notebook" }, "ranges": [ { "events": [ { "fixed": "5.7.6" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "py35-notebook" }, "ranges": [ { "events": [ { "fixed": "5.7.6" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "py36-notebook" }, "ranges": [ { "events": [ { "fixed": "5.7.6" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "py37-notebook" }, "ranges": [ { "events": [ { "fixed": "5.7.6" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://github.com/jupyter/notebook/blob/master/docs/source/changelog.rst" ], "discovery": "2019-03-10T00:00:00Z", "vid": "72a6e3be-483a-11e9-92d7-f1590402501e" }, "details": "Jupyter notebook Changelog:\n\n> 5.7.6 contains a security fix for a cross-site inclusion (XSSI)\n> vulnerability, where files at a known URL could be included in a page\n> from an unauthorized website if the user is logged into a Jupyter\n> server. The fix involves setting the X-Content-Type-Options: nosniff\n> header, and applying CSRF checks previously on all non-GET API\n> requests to GET requests to API endpoints and the /files/ endpoint.\n>\n> The attacking page is able to access some contents of files when using\n> Internet Explorer through script errors, but this has not been\n> demonstrated with other browsers. A CVE has been requested for this\n> vulnerability.\n", "id": "FreeBSD-2019-0055", "modified": "2019-03-16T00:00:00Z", "published": "2019-03-16T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://github.com/jupyter/notebook/blob/master/docs/source/changelog.rst" }, { "type": "WEB", "url": "https://github.com/jupyter/notebook/blob/master/docs/source/changelog.rst" }, { "type": "WEB", "url": "https://www.chiark.greenend.org.uk/~sgtatham/putty/wishlist/vuln-auth-prompt-spoofing.html" }, { "type": "WEB", "url": "https://www.chiark.greenend.org.uk/~sgtatham/putty/wishlist/vuln-fd-set-overflow.html" }, { "type": "WEB", "url": "https://www.chiark.greenend.org.uk/~sgtatham/putty/wishlist/vuln-rng-reuse.html" }, { "type": "WEB", "url": "https://www.chiark.greenend.org.uk/~sgtatham/putty/wishlist/vuln-rsa-kex-integer-overflow.html" }, { "type": "WEB", "url": "https://www.chiark.greenend.org.uk/~sgtatham/putty/wishlist/vuln-terminal-dos-combining-chars.html" }, { "type": "WEB", "url": "https://www.chiark.greenend.org.uk/~sgtatham/putty/wishlist/vuln-terminal-dos-combining-chars-double-width-gtk.html" }, { "type": "WEB", "url": "https://www.chiark.greenend.org.uk/~sgtatham/putty/wishlist/vuln-terminal-dos-one-column-cjk.html" }, { "type": "WEB", "url": "https://www.chiark.greenend.org.uk/~sgtatham/putty/wishlist/pscp-unsanitised-server-output.html" }, { "type": "WEB", "url": "https://www.chiark.greenend.org.uk/~sgtatham/putty/wishlist/side-channels.html" } ], "schema_version": "1.7.0", "summary": "Jupyter notebook -- cross-site inclusion (XSSI) vulnerability" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "ruby23-gems" }, "ranges": [ { "events": [ { "fixed": "3.0.2" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "ruby24-gems" }, "ranges": [ { "events": [ { "fixed": "3.0.2" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "ruby25-gems" }, "ranges": [ { "events": [ { "fixed": "3.0.2" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://blog.rubygems.org/2019/03/05/security-advisories-2019-03.html" ], "discovery": "2019-03-05T00:00:00Z", "references": { "cvename": [ "CVE-2019-8320", "CVE-2019-8321", "CVE-2019-8322", "CVE-2019-8323", "CVE-2019-8324", "CVE-2019-8325" ] }, "vid": "27b12d04-4722-11e9-8b7c-b5e01141761f" }, "details": "RubyGems Security Advisories:\n\n> CVE-2019-8320: Delete directory using symlink when decompressing tar\n>\n> CVE-2019-8321: Escape sequence injection vulnerability in \\'verbose\\'\n>\n> CVE-2019-8322: Escape sequence injection vulnerability in \\'gem\n> owner\\'\n>\n> CVE-2019-8323: Escape sequence injection vulnerability in API response\n> handling\n>\n> CVE-2019-8324: Installing a malicious gem may lead to arbitrary code\n> execution\n>\n> CVE-2019-8325: Escape sequence injection vulnerability in errors\n", "id": "FreeBSD-2019-0054", "modified": "2019-03-15T00:00:00Z", "published": "2019-03-15T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://blog.rubygems.org/2019/03/05/security-advisories-2019-03.html" }, { "type": "WEB", "url": "https://blog.rubygems.org/2019/03/05/security-advisories-2019-03.html" }, { "type": "WEB", "url": "https://github.com/rubygems/rubygems/blob/master/History.txt" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-8320" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-8321" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-8322" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-8323" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-8324" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-8325" } ], "schema_version": "1.7.0", "summary": "RubyGems -- multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "openssl111" }, "ranges": [ { "events": [ { "fixed": "1.1.1b_1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://www.openssl.org/news/secadv/20190306.txt" ], "discovery": "2019-03-06T00:00:00Z", "references": { "cvename": [ "CVE-2019-1543" ] }, "vid": "e56f2f7c-410e-11e9-b95c-b499baebfeaf" }, "details": "The OpenSSL project reports:\n\n> Low: ChaCha20-Poly1305 with long nonces (CVE-2019-1543)\n>\n> ChaCha20-Poly1305 is an AEAD cipher, and requires a unique nonce input\n> for every encryption operation. RFC 7539 specifies that the nonce\n> value (IV) should be 96 bits (12 bytes). OpenSSL allows a variable\n> nonce length and front pads the nonce with 0 bytes if it is less than\n> 12 bytes. However it also incorrectly allows a nonce to be set of up\n> to 16 bytes. In this case only the last 12 bytes are significant and\n> any additional leading bytes are ignored.\n", "id": "FreeBSD-2019-0053", "modified": "2019-03-07T00:00:00Z", "published": "2019-03-07T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://www.openssl.org/news/secadv/20190306.txt" }, { "type": "WEB", "url": "https://www.openssl.org/news/secadv/20190306.txt" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-1543" } ], "schema_version": "1.7.0", "summary": "OpenSSL -- ChaCha20-Poly1305 nonce vulnerability" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "ntp" }, "ranges": [ { "events": [ { "fixed": "4.2.8p13" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "FreeBSD" }, "ranges": [ { "events": [ { "introduced": "12.0" }, { "fixed": "12.0_2" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "11.2" }, { "fixed": "11.2_8" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "http://support.ntp.org/bin/view/Main/SecurityNotice#March_2019_ntp_4_2_8p13_NTP_Rele" ], "discovery": "2019-01-15T00:00:00Z", "references": { "cvename": [ "CVE-2019-8936" ], "freebsdsa": [ "SA-19:04.ntp" ] }, "vid": "c2576e14-36e2-11e9-9eda-206a8a720317" }, "details": "Network Time Foundation reports:\n\n> A crafted malicious authenticated mode 6 (ntpq) packet from a\n> permitted network address can trigger a NULL pointer dereference,\n> crashing ntpd.\n>\n> Note that for this attack to work, the sending system must be on an\n> address that the target\\'s ntpd accepts mode 6 packets from, and must\n> use a private key that is specifically listed as being used for mode 6\n> authorization.\n>\n> Impact: The ntpd daemon can crash due to the NULL pointer dereference,\n> causing a denial of service.\n>\n> Mitigation:\n>\n> - Use restrict noquery to limit addresses that can send mode 6\n> queries.\n> - Limit access to the private controlkey in ntp.keys.\n> - Upgrade to 4.2.8p13, or later.\n", "id": "FreeBSD-2019-0052", "modified": "2019-07-30T00:00:00Z", "published": "2019-03-07T00:00:00Z", "references": [ { "type": "REPORT", "url": "http://support.ntp.org/bin/view/Main/SecurityNotice#March_2019_ntp_4_2_8p13_NTP_Rele" }, { "type": "WEB", "url": "http://bugs.ntp.org/3565" }, { "type": "WEB", "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-8936" }, { "type": "WEB", "url": "https://nvd.nist.gov/vuln-metrics/cvss/v2-calculator?vector=(AV:N/AC:H/Au:M/C:N/I:N/A:C)" }, { "type": "WEB", "url": "https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?vector=AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:N/A:H" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-8936" }, { "type": "ADVISORY", "url": "https://www.freebsd.org/security/advisories/FreeBSD-SA-19:04.ntp.asc" } ], "schema_version": "1.7.0", "summary": "ntp -- Crafted null dereference attack from a trusted source with an authenticated mode 6 packet" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "rssh" }, "ranges": [ { "events": [ { "fixed": "2.3.4_2" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://nvd.nist.gov/vuln/search/results?form_type=Advanced&cves=on&cpe_version=cpe%3a%2fa%3apizzashack%3arssh%3a2.3.4" ], "discovery": "2019-02-04T00:00:00Z", "references": { "cvename": [ "CVE-2019-1000018", "CVE-2019-3463", "CVE-2019-3464" ] }, "vid": "d193aa9f-3f8c-11e9-9a24-6805ca0b38e8" }, "details": "NVD reports:\n\n> rssh version 2.3.4 contains a CWE-77: Improper Neutralization of\n> Special Elements used in a Command (\\'Command Injection\\')\n> vulnerability in allowscp permission that can result in Local command\n> execution. This attack appear to be exploitable via An authorized SSH\n> user with the allowscp permission.\n>\n> Insufficient sanitization of arguments passed to rsync can bypass the\n> restrictions imposed by rssh, a restricted shell that should restrict\n> users to perform only rsync operations, resulting in the execution of\n> arbitrary shell commands.\n", "id": "FreeBSD-2019-0051", "modified": "2019-03-06T00:00:00Z", "published": "2019-03-06T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://nvd.nist.gov/vuln/search/results?form_type=Advanced&cves=on&cpe_version=cpe%3a%2fa%3apizzashack%3arssh%3a2.3.4" }, { "type": "WEB", "url": "https://nvd.nist.gov/vuln/search/results?form_type=Advanced&cves=on&cpe_version=cpe%3a%2fa%3apizzashack%3arssh%3a2.3.4" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-1000018" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-3463" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-3464" } ], "schema_version": "1.7.0", "summary": "rssh - multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "rt42" }, "ranges": [ { "events": [ { "introduced": "4.2.0" }, { "fixed": "4.2.16" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "rt44" }, "ranges": [ { "events": [ { "introduced": "4.4.0" }, { "fixed": "4.4.4" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://docs.bestpractical.com/release-notes/rt/4.4.4" ], "discovery": "2019-03-05T00:00:00Z", "references": { "cvename": [ "CVE-2015-9251" ] }, "vid": "416ca0f4-3fe0-11e9-bbdd-6805ca0b3d42" }, "details": "BestPractical reports:\n\n> The version of jQuery used in RT 4.2 and 4.4 has a Cross-site\n> Scripting (XSS) vulnerability when using cross-domain Ajax requests.\n> This vulnerability is assigned\n> [CVE-2015-9251](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-9251).\n> RT does not use this jQuery feature so it is not directly vulnerable.\n> jQuery version 1.12 no longer receives official updates, however a fix\n> was posted with recommendations for applications to patch locally, so\n> RT will follow this recommendation and ship with a patched version.\n", "id": "FreeBSD-2019-0050", "modified": "2019-03-06T00:00:00Z", "published": "2019-03-06T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://docs.bestpractical.com/release-notes/rt/4.4.4" }, { "type": "WEB", "url": "https://docs.bestpractical.com/release-notes/rt/4.4.4" }, { "type": "WEB", "url": "https://docs.bestpractical.com/release-notes/rt/4.2.16" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2015-9251" } ], "schema_version": "1.7.0", "summary": "rt -- XSS via jQuery" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "py35-slixmpp" }, "ranges": [ { "events": [ { "fixed": "1.4.2" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "py36-slixmpp" }, "ranges": [ { "events": [ { "fixed": "1.4.2" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "py37-slixmpp" }, "ranges": [ { "events": [ { "fixed": "1.4.2" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://nvd.nist.gov/vuln/detail/CVE-2019-1000021" ], "discovery": "2019-02-04T00:00:00Z", "references": { "cvename": [ "CVE-2019-1000021" ] }, "vid": "526d9642-3ae7-11e9-a669-8c164582fbac" }, "details": "NVD reports:\n\n> slixmpp version before commit 7cd73b594e8122dddf847953fcfc85ab4d316416\n> contains an incorrect Access Control vulnerability in XEP-0223 plugin\n> (Persistent Storage of Private Data via PubSub) options profile, used\n> for the configuration of default access model that can result in all\n> of the contacts of the victim can see private data having been\n> published to a PEP node. This attack appears to be exploitable if the\n> user of this library publishes any private data on PEP, the node\n> isn\\'t configured to be private. This vulnerability appears to have\n> been fixed in commit 7cd73b594e8122dddf847953fcfc85ab4d316416 which is\n> included in slixmpp 1.4.2.\n", "id": "FreeBSD-2019-0049", "modified": "2019-03-05T00:00:00Z", "published": "2019-03-05T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-1000021" }, { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-1000021" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-1000021" } ], "schema_version": "1.7.0", "summary": "slixmpp -- improper access control" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "gitlab-ce" }, "ranges": [ { "events": [ { "introduced": "11.8.0" }, { "fixed": "11.8.1" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "11.7.0" }, { "fixed": "11.7.6" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "2.9.0" }, { "fixed": "11.6.10" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://about.gitlab.com/2019/03/04/security-release-gitlab-11-dot-8-dot-1-released/" ], "discovery": "2019-03-04T00:00:00Z", "references": { "cvename": [ "CVE-2019-9221", "CVE-2019-9176", "CVE-2019-9174", "CVE-2019-9172", "CVE-2019-9170", "CVE-2019-9175", "CVE-2019-9178", "CVE-2019-9179", "CVE-2019-9171", "CVE-2019-9224", "CVE-2019-9225", "CVE-2019-9219", "CVE-2019-9217", "CVE-2019-9222", "CVE-2019-9223", "CVE-2019-9220", "CVE-2019-9485" ] }, "vid": "11292460-3f2f-11e9-adcb-001b217b3468" }, "details": "Gitlab reports:\n\n> Arbitrary file read via MergeRequestDiff\n>\n> CSRF add Kubernetes cluster integration\n>\n> Blind SSRF in prometheus integration\n>\n> Merge request information disclosure\n>\n> IDOR milestone name information disclosure\n>\n> Burndown chart information disclosure\n>\n> Private merge request titles in public project information disclosure\n>\n> Private namespace disclosure in email notification when issue is moved\n>\n> Milestone name disclosure\n>\n> Issue board name disclosure\n>\n> NPM automatic package referencer\n>\n> Path traversal snippet mover\n>\n> Information disclosure repo existence\n>\n> Issue DoS via Mermaid\n>\n> Privilege escalation impersonate user\n", "id": "FreeBSD-2019-0048", "modified": "2019-03-05T00:00:00Z", "published": "2019-03-05T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://about.gitlab.com/2019/03/04/security-release-gitlab-11-dot-8-dot-1-released/" }, { "type": "WEB", "url": "https://about.gitlab.com/2019/03/04/security-release-gitlab-11-dot-8-dot-1-released/" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-9221" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-9176" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-9174" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-9172" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-9170" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-9175" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-9178" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-9179" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-9171" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-9224" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-9225" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-9219" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-9217" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-9222" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-9223" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-9220" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-9485" } ], "schema_version": "1.7.0", "summary": "Gitlab -- Multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "py27-gunicorn" }, "ranges": [ { "events": [ { "fixed": "19.5.0" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "py35-gunicorn" }, "ranges": [ { "events": [ { "fixed": "19.5.0" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "py36-gunicorn" }, "ranges": [ { "events": [ { "fixed": "19.5.0" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "py37-gunicorn" }, "ranges": [ { "events": [ { "fixed": "19.5.0" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000164" ], "discovery": "2018-04-02T00:00:00Z", "references": { "cvename": [ "CVE-2018-1000164" ] }, "vid": "a3e24de7-3f0c-11e9-87d1-00012e582166" }, "details": "Everardo reports:\n\n> gunicorn version 19.4.5 contains a CWE-113: Improper Neutralization of\n> CRLF Sequences in HTTP Headers vulnerability in process_headers\n> function in gunicorn/http/wsgi.py that can result in an attacker\n> causing the server to return arbitrary HTTP headers.\n", "id": "FreeBSD-2019-0047", "modified": "2019-03-05T00:00:00Z", "published": "2019-03-05T00:00:00Z", "references": [ { "type": "REPORT", "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000164" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-1000164" }, { "type": "WEB", "url": "https://epadillas.github.io/2018/04/02/http-header-splitting-in-gunicorn-19.4.5" } ], "schema_version": "1.7.0", "summary": "py-gunicorn -- CWE-113 vulnerability" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "node" }, "ranges": [ { "events": [ { "fixed": "11.10.1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "node10" }, "ranges": [ { "events": [ { "fixed": "10.15.2" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "node8" }, "ranges": [ { "events": [ { "fixed": "8.15.1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "node6" }, "ranges": [ { "events": [ { "fixed": "6.17.0" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://nodejs.org/en/blog/vulnerability/february-2019-security-releases/" ], "discovery": "2019-02-28T00:00:00Z", "references": { "cvename": [ "CVE-2019-5737", "CVE-2019-5739", "CVE-2019-1559" ] }, "vid": "b71d7193-3c54-11e9-a3f9-00155d006b02" }, "details": "Node.js reports:\n\n> Updates are now available for all active Node.js release lines. In\n> addition to fixes for security flaws in Node.js, they also include\n> upgrades of Node.js 6 and 8 to OpenSSL 1.0.2r which contains a fix for\n> a moderate severity security vulnerability.\n>\n> For these releases, we have decided to withhold the fix for the\n> Misinterpretation of Input (CWE-115) flaw mentioned in the original\n> announcement. This flaw is very low severity and we are not satisfied\n> that we had a complete and stable fix ready for release. We will be\n> seeking to address this flaw via alternate mechanisms in the near\n> future. In addition, we have introduced an additional CVE for a change\n> in Node.js 6 that we have decided to classify as a Denial of Service\n> (CWE-400) flaw.\n>\n> We recommend that all Node.js users upgrade to a version listed below\n> as soon as possible.\n>\n> # OpenSSL: 0-byte record padding oracle (CVE-2019-1559)\n>\n> OpenSSL 1.0.2r contains a fix for CVE-2019-1559 and is included in the\n> releases for Node.js versions 6 and 8 only. Node.js 10 and 11 are not\n> impacted by this vulnerability as they use newer versions of OpenSSL\n> which do not contain the flaw.\n>\n> Under certain circumstances, a TLS server can be forced to respond\n> differently to a client if a zero-byte record is received with an\n> invalid padding compared to a zero-byte record with an invalid MAC.\n> This can be used as the basis of a padding oracle attack to decrypt\n> data.\n>\n> Only TLS connections using certain ciphersuites executing under\n> certain conditions are exploitable. We are currently unable to\n> determine whether the use of OpenSSL in Node.js exposes this\n> vulnerability. We are taking a cautionary approach and recommend the\n> same for users. For more information, see the advisory and a detailed\n> write-up by the reporters of the vulnerability.\n", "id": "FreeBSD-2019-0046", "modified": "2019-03-03T00:00:00Z", "published": "2019-03-03T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://nodejs.org/en/blog/vulnerability/february-2019-security-releases/" }, { "type": "WEB", "url": "https://nodejs.org/en/blog/vulnerability/february-2019-security-releases/" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-5737" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-5739" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-1559" } ], "schema_version": "1.7.0", "summary": "Node.js -- multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "mybb" }, "ranges": [ { "events": [ { "fixed": "1.8.20_1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://blog.mybb.com/2019/02/27/mybb-1-8-20-released-security-maintenance-release/" ], "discovery": "2019-02-27T00:00:00Z", "vid": "395ed9d5-3cca-11e9-9ba0-4c72b94353b5" }, "details": "mybb Team reports:\n\n> Medium risk: Reset Password reflected XSS\n>\n> Medium risk: ModCP Profile Editor username reflected XSS\n>\n> Low risk: Predictable CSRF token for guest users\n>\n> Low risk: ACP Stylesheet Properties XSS\n>\n> Low risk: Reset Password username enumeration via email\n", "id": "FreeBSD-2019-0045", "modified": "2019-03-04T00:00:00Z", "published": "2019-03-02T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://blog.mybb.com/2019/02/27/mybb-1-8-20-released-security-maintenance-release/" }, { "type": "WEB", "url": "https://blog.mybb.com/2019/02/27/mybb-1-8-20-released-security-maintenance-release/" } ], "schema_version": "1.7.0", "summary": "mybb -- vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "asterisk15" }, "ranges": [ { "events": [ { "fixed": "15.7.2" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "asterisk16" }, "ranges": [ { "events": [ { "fixed": "16.2.1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://www.asterisk.org/downloads/security-advisories" ], "discovery": "2019-01-24T00:00:00Z", "references": { "cvename": [ "CVE-2019-7251" ] }, "vid": "be0e3817-3bfe-11e9-9cd6-001999f8d30b" }, "details": "The Asterisk project reports:\n\n> When Asterisk makes an outgoing call, a very specific SDP protocol\n> violation by the remote party can cause Asterisk to crash.\n", "id": "FreeBSD-2019-0044", "modified": "2019-03-01T00:00:00Z", "published": "2019-03-01T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://www.asterisk.org/downloads/security-advisories" }, { "type": "WEB", "url": "https://downloads.asterisk.org/pub/security/AST-2019-001.html" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-7251" } ], "schema_version": "1.7.0", "summary": "asterisk -- Remote crash vulnerability with SDP protocol violation" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "webkit2-gtk3" }, "ranges": [ { "events": [ { "fixed": "2.22.6" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "webkit-gtk2" }, "ranges": [ { "events": [ { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "webkit-gtk3" }, "ranges": [ { "events": [ { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://webkitgtk.org/security/WSA-2019-0001.html" ], "discovery": "2019-02-08T00:00:00Z", "references": { "cvename": [ "CVE-2019-6212", "CVE-2019-6215", "CVE-2019-6216", "CVE-2019-6217", "CVE-2019-6226", "CVE-2019-6227", "CVE-2019-6229", "CVE-2019-6233", "CVE-2019-6234" ] }, "vid": "e3aacd6d-3d01-434c-9330-bc9efd40350f" }, "details": "The Webkitgtk project reports:\n\n> CVE-2019-6212 - Processing maliciously crafted web content may lead to\n> arbitrary code execution. Multiple memory corruption issues were\n> addressed with improved memory handling.\n>\n> CVE-2019-6215 - Processing maliciously crafted web content may lead to\n> arbitrary code execution. A type confusion issue was addressed with\n> improved memory handling.\n>\n> CVE-2019-6216 - Processing maliciously crafted web content may lead to\n> arbitrary code execution. Multiple memory corruption issues were\n> addressed with improved memory handling.\n>\n> CVE-2019-6217 - Processing maliciously crafted web content may lead to\n> arbitrary code execution. Multiple memory corruption issues were\n> addressed with improved memory handling.\n>\n> CVE-2019-6226 - Processing maliciously crafted web content may lead to\n> arbitrary code execution. Multiple memory corruption issues were\n> addressed with improved memory handling.\n>\n> CVE-2019-6227 - Processing maliciously crafted web content may lead to\n> arbitrary code execution. A memory corruption issue was addressed with\n> improved memory handling.\n>\n> CVE-2019-6229 - Processing maliciously crafted web content may lead to\n> universal cross site scripting. A logic issue was addressed with\n> improved validation.\n>\n> CVE-2019-6233 - Processing maliciously crafted web content may lead to\n> arbitrary code execution. A memory corruption issue was addressed with\n> improved memory handling.\n>\n> CVE-2019-6234 - Processing maliciously crafted web content may lead to\n> arbitrary code execution. A memory corruption issue was addressed with\n> improved memory handling.\n", "id": "FreeBSD-2019-0043", "modified": "2019-02-24T00:00:00Z", "published": "2019-02-24T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://webkitgtk.org/security/WSA-2019-0001.html" }, { "type": "WEB", "url": "https://webkitgtk.org/security/WSA-2019-0001.html" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-6212" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-6215" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-6216" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-6217" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-6226" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-6227" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-6229" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-6233" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-6234" } ], "schema_version": "1.7.0", "summary": "webkit-gtk -- Multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "rdesktop" }, "ranges": [ { "events": [ { "fixed": "1.8.4" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://github.com/rdesktop/rdesktop/releases/tag/v1.8.4" ], "discovery": "2019-01-02T00:00:00Z", "references": { "cvename": [ "CVE-2018-20175", "CVE-2018-20176", "CVE-2018-8791", "CVE-2018-8792", "CVE-2018-8793", "CVE-2018-8794", "CVE-2018-8795", "CVE-2018-8796", "CVE-2018-8797", "CVE-2018-8798", "CVE-2018-8799", "CVE-2018-8800", "CVE-2018-20174", "CVE-2018-20177", "CVE-2018-20178", "CVE-2018-20179", "CVE-2018-20180", "CVE-2018-20181", "CVE-2018-20182" ] }, "vid": "3e2c9b63-223c-4575-af5c-816acb14e445" }, "details": "> - Fix memory corruption in process_bitmap_data - CVE-2018-8794\n> - Fix remote code execution in process_bitmap_data - CVE-2018-8795\n> - Fix remote code execution in process_plane - CVE-2018-8797\n> - Fix Denial of Service in mcs_recv_connect_response - CVE-2018-20175\n> - Fix Denial of Service in mcs_parse_domain_params - CVE-2018-20175\n> - Fix Denial of Service in sec_parse_crypt_info - CVE-2018-20176\n> - Fix Denial of Service in sec_recv - CVE-2018-20176\n> - Fix minor information leak in rdpdr_process - CVE-2018-8791\n> - Fix Denial of Service in cssp_read_tsrequest - CVE-2018-8792\n> - Fix remote code execution in cssp_read_tsrequest - CVE-2018-8793\n> - Fix Denial of Service in process_bitmap_data - CVE-2018-8796\n> - Fix minor information leak in rdpsnd_process_ping - CVE-2018-8798\n> - Fix Denial of Service in process_secondary_order - CVE-2018-8799\n> - Fix remote code execution in in ui_clip_handle_data - CVE-2018-8800\n> - Fix major information leak in ui_clip_handle_data - CVE-2018-20174\n> - Fix memory corruption in rdp_in_unistr - CVE-2018-20177\n> - Fix Denial of Service in process_demand_active - CVE-2018-20178\n> - Fix remote code execution in lspci_process - CVE-2018-20179\n> - Fix remote code execution in rdpsnddbg_process - CVE-2018-20180\n> - Fix remote code execution in seamless_process - CVE-2018-20181\n> - Fix remote code execution in seamless_process_line - CVE-2018-20182\n", "id": "FreeBSD-2019-0042", "modified": "2019-02-22T00:00:00Z", "published": "2019-02-22T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://github.com/rdesktop/rdesktop/releases/tag/v1.8.4" }, { "type": "WEB", "url": "https://github.com/rdesktop/rdesktop/releases/tag/v1.8.4" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-20175" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-20176" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-8791" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-8792" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-8793" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-8794" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-8795" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-8796" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-8797" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-8798" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-8799" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-8800" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-20174" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-20177" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-20178" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-20179" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-20180" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-20181" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-20182" } ], "schema_version": "1.7.0", "summary": "rdesktop - critical - Remote Code Execution" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "drupal8" }, "ranges": [ { "events": [ { "fixed": "8.6.10" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://www.drupal.org/SA-CORE-2019-003" ], "discovery": "2019-02-20T00:00:00Z", "references": { "cvename": [ "CVE-2019-6340" ] }, "vid": "002b4b05-35dd-11e9-94a8-000ffec0b3e1" }, "details": "Drupal Security Team\n\n> Some field types do not properly sanitize data from non-form sources.\n> This can lead to arbitrary PHP code execution in some cases..\n", "id": "FreeBSD-2019-0041", "modified": "2019-02-21T00:00:00Z", "published": "2019-02-21T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://www.drupal.org/SA-CORE-2019-003" }, { "type": "WEB", "url": "https://www.drupal.org/sa-core-2019-002" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-6340" } ], "schema_version": "1.7.0", "summary": "drupal -- Drupal core - Highly critical - Remote Code Execution" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "openssl" }, "ranges": [ { "events": [ { "fixed": "1.0.2r,1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "linux-c6-openssl" }, "ranges": [ { "events": [ { "fixed": "1.0.1e_16" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://www.openssl.org/news/secadv/20190226.txt" ], "discovery": "2019-02-19T00:00:00Z", "references": { "cvename": [ "CVE-2019-1559" ] }, "vid": "7700061f-34f7-11e9-b95c-b499baebfeaf" }, "details": "The OpenSSL project reports:\n\n> 0-byte record padding oracle (CVE-2019-1559) (Moderate)\\\n> If an application encounters a fatal protocol error and then calls\n> SSL_shutdown() twice (once to send a close_notify, and once to receive\n> one) then OpenSSL can respond differently to the calling application\n> if a 0 byte record is received with invalid padding compared to if a 0\n> byte record is received with an invalid MAC. If the application then\n> behaves differently based on that in a way that is detectable to the\n> remote peer, then this amounts to a padding oracle that could be used\n> to decrypt data.\n", "id": "FreeBSD-2019-0040", "modified": "2019-03-07T00:00:00Z", "published": "2019-02-20T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://www.openssl.org/news/secadv/20190226.txt" }, { "type": "WEB", "url": "https://www.openssl.org/news/secadv/20190226.txt" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-1559" } ], "schema_version": "1.7.0", "summary": "OpenSSL -- Padding oracle vulnerability" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "msmtp" }, "ranges": [ { "events": [ { "introduced": "1.8.1,1" }, { "fixed": "1.8.3" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://marlam.de/msmtp/news/msmtp-1-8-3/" ], "discovery": "2019-02-11T00:00:00Z", "references": { "cvename": [ "CVE-2019-8337" ] }, "vid": "f0416fb5-3130-11e9-a5ba-e0d55e883e26" }, "details": "msmtp developers report:\n\n> In msmtp 1.8.2, when tls_trust_file has its default configuration,\n> certificate-verification results are not properly checked.\n", "id": "FreeBSD-2019-0039", "modified": "2019-02-15T00:00:00Z", "published": "2019-02-15T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://marlam.de/msmtp/news/msmtp-1-8-3/" }, { "type": "WEB", "url": "https://marlam.de/msmtp/news/msmtp-1-8-3/" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-8337" } ], "schema_version": "1.7.0", "summary": "msmtp -- certificate-verification issue" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "firefox" }, "ranges": [ { "events": [ { "fixed": "65.0.1,1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "firefox-esr" }, "ranges": [ { "events": [ { "fixed": "60.5.1,1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "thunderbird" }, "ranges": [ { "events": [ { "fixed": "60.5.1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://www.mozilla.org/en-US/security/advisories/mfsa2019-04/" ], "discovery": "2019-02-13T00:00:00Z", "references": { "cvename": [ "CVE-2018-18511", "CVE-2018-18356", "CVE-2019-5785" ] }, "vid": "18211552-f650-4d86-ba4f-e6d5cbfcdbeb" }, "details": "Mozilla Foundation reports:\n\n> CVE-2018-18356: Use-after-free in Skia\n>\n> CVE-2019-5785: Integer overflow in Skia\n>\n> CVE-2018-18511: Cross-origin theft of images with\n> ImageBitmapRenderingContext\n", "id": "FreeBSD-2019-0038", "modified": "2019-02-13T00:00:00Z", "published": "2019-02-13T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2019-04/" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-18511" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-18356" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-5785" }, { "type": "WEB", "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2019-04/" }, { "type": "WEB", "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2019-05/" } ], "schema_version": "1.7.0", "summary": "mozilla -- multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "linux-flashplayer" }, "ranges": [ { "events": [ { "fixed": "32.0.0.142" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://helpx.adobe.com/security/products/flash-player/apsb19-06.html" ], "discovery": "2019-02-12T00:00:00Z", "references": { "cvename": [ "CVE-2019-7090" ] }, "vid": "de11a8fb-2eda-11e9-8fb5-6451062f0f7a" }, "details": "Adobe reports:\n\n> - This update resolves an out-of-bounds vulnerability that could lead\n> to information disclosure (CVE-2019-7090).\n", "id": "FreeBSD-2019-0037", "modified": "2019-02-12T00:00:00Z", "published": "2019-02-12T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://helpx.adobe.com/security/products/flash-player/apsb19-06.html" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-7090" }, { "type": "WEB", "url": "https://helpx.adobe.com/security/products/flash-player/apsb19-06.html" } ], "schema_version": "1.7.0", "summary": "Flash Player -- information disclosure" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "openjpeg" }, "ranges": [ { "events": [ { "fixed": "2.3.0_4" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://nvd.nist.gov/vuln/detail/CVE-2018-5727" ], "discovery": "2017-12-08T00:00:00Z", "references": { "cvename": [ "CVE-2018-5727" ] }, "vid": "5efd7a93-2dfb-11e9-9549-e980e869c2e9" }, "details": "NVD reports:\n\n> In OpenJPEG 2.3.0, there is an integer overflow vulnerability in the\n> opj_t1_encode_cblks function (openjp2/t1.c). Remote attackers could\n> leverage this vulnerability to cause a denial of service via a crafted\n> bmp file.\n", "id": "FreeBSD-2019-0036", "modified": "2019-03-29T00:00:00Z", "published": "2019-02-11T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-5727" }, { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-5727" }, { "type": "WEB", "url": "https://github.com/uclouvain/openjpeg/issues/1053" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-5727" } ], "schema_version": "1.7.0", "summary": "OpenJPEG -- integer overflow" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:kernel", "name": "FreeBSD-kernel" }, "ranges": [ { "events": [ { "introduced": "12.0" }, { "fixed": "12.0_3" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "discovery": "2019-02-05T00:00:00Z", "references": { "cvename": [ "CVE-2019-5596" ], "freebsdsa": [ "SA-19:02.fd" ] }, "vid": "86c89abf-2d91-11e9-bf3e-a4badb2f4699" }, "details": "# Problem Description:\n\nFreeBSD 12.0 attempts to handle the case where the receiving process\ndoes not provide a sufficiently large buffer for an incoming control\nmessage containing rights. In particular, to avoid leaking the\ncorresponding descriptors into the receiving process\\' descriptor table,\nthe kernel handles the truncation case by closing descriptors referenced\nby the discarded message.\n\nThe code which performs this operation failed to release a reference\nobtained on the file corresponding to a received right. This bug can be\nused to cause the reference counter to wrap around and free the file\nstructure.\n\n# Impact:\n\nA local user can exploit the bug to gain root privileges or escape from\na jail.\n", "id": "FreeBSD-2019-0035", "modified": "2019-02-11T00:00:00Z", "published": "2019-02-11T00:00:00Z", "references": [ { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-5596" }, { "type": "ADVISORY", "url": "https://www.freebsd.org/security/advisories/FreeBSD-SA-19:02.fd.asc" } ], "schema_version": "1.7.0", "summary": "FreeBSD -- File description reference count leak" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:kernel", "name": "FreeBSD-kernel" }, "ranges": [ { "events": [ { "introduced": "12.0" }, { "fixed": "12.0_3" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "11.2" }, { "fixed": "11.2_9" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "discovery": "2019-02-05T00:00:00Z", "references": { "cvename": [ "CVE-2019-5595" ], "freebsdsa": [ "SA-19:01.syscall" ] }, "vid": "683c714d-2d91-11e9-bf3e-a4badb2f4699" }, "details": "# Problem Description:\n\nThe callee-save registers are used by kernel and for some of them (%r8,\n%r10, and for non-PTI configurations, %r9) the content is not sanitized\nbefore return from syscalls, potentially leaking sensitive information.\n\n# Impact:\n\nTypically an address of some kernel data structure used in the syscall\nimplementation, is exposed.\n", "id": "FreeBSD-2019-0034", "modified": "2019-02-11T00:00:00Z", "published": "2019-02-11T00:00:00Z", "references": [ { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-5595" }, { "type": "ADVISORY", "url": "https://www.freebsd.org/security/advisories/FreeBSD-SA-19:01.syscall.asc" } ], "schema_version": "1.7.0", "summary": "FreeBSD -- System call kernel data register leak" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "kf5-kauth" }, "ranges": [ { "events": [ { "fixed": "5.54.0_2" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://www.kde.org/info/security/advisory-20190209-1.txt" ], "discovery": "2019-02-09T00:00:00Z", "references": { "cvename": [ "CVE-2019-7443" ] }, "vid": "e8bcac84-2d5c-11e9-9a74-e0d55e2a8bf9" }, "details": "Albert Astals Cid reports:\n\n> KAuth allows to pass parameters with arbitrary types to helpers\n> running as root over DBus.\n>\n> Certain types can cause crashes and trigger decoding arbitrary images\n> with dynamically loaded plugin\n", "id": "FreeBSD-2019-0033", "modified": "2019-02-10T00:00:00Z", "published": "2019-02-10T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://www.kde.org/info/security/advisory-20190209-1.txt" }, { "type": "WEB", "url": "https://www.kde.org/info/security/advisory-20190209-1.txt" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-7443" } ], "schema_version": "1.7.0", "summary": "kf5-kauth -- Insecure handling of arguments in helpers" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "unit" }, "ranges": [ { "events": [ { "introduced": "0.3.0" }, { "fixed": "1.7.1" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "http://mailman.nginx.org/pipermail/unit/2019-February/000112.html" ], "discovery": "2019-02-07T00:00:00Z", "references": { "cvename": [ "CVE-2019-7401" ] }, "vid": "c95836a0-2b3b-11e9-9838-8c164567ca3c" }, "details": "unit security problems:\n\n> CVE-2019-7401: a head memory buffer overflow might have\n>\n> been caused in the router process by a specially crafted\n>\n> request, potentially resulting in a segmentation fault\n>\n> or other unspecified behavior.\n", "id": "FreeBSD-2019-0032", "modified": "2019-02-08T00:00:00Z", "published": "2019-02-08T00:00:00Z", "references": [ { "type": "REPORT", "url": "http://mailman.nginx.org/pipermail/unit/2019-February/000112.html" }, { "type": "WEB", "url": "http://mailman.nginx.org/pipermail/unit/2019-February/000112.html" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-7401" } ], "schema_version": "1.7.0", "summary": "unit -- heap memory buffer overflow" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "curl" }, "ranges": [ { "events": [ { "fixed": "7.64.0" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://curl.haxx.se/docs/security.html" ], "discovery": "2019-02-07T00:00:00Z", "references": { "cvename": [ "CVE-2018-16890", "CVE-2019-3822", "CVE-2019-3823" ] }, "vid": "714b033a-2b09-11e9-8bc3-610fd6e6cd05" }, "details": "curl security problems:\n\n> CVE-2018-16890: NTLM type-2 out-of-bounds buffer read\n>\n> libcurl contains a heap buffer out-of-bounds read flaw.\n>\n> The function handling incoming NTLM type-2 messages\n> (lib/vauth/ntlm.c:ntlm_decode_type2_target) does not validate incoming\n> data correctly and is subject to an integer overflow vulnerability.\n>\n> Using that overflow, a malicious or broken NTLM server could trick\n> libcurl to accept a bad length + offset combination that would lead to\n> a buffer read out-of-bounds.\n>\n> CVE-2019-3822: NTLMv2 type-3 header stack buffer overflow\n>\n> libcurl contains a stack based buffer overflow vulnerability.\n>\n> The function creating an outgoing NTLM type-3 header\n> (lib/vauth/ntlm.c:Curl_auth_create_ntlm_type3_message()), generates\n> the request HTTP header contents based on previously received data.\n> The check that exists to prevent the local buffer from getting\n> overflowed is implemented wrongly (using unsigned math) and as such it\n> does not prevent the overflow from happening.\n>\n> This output data can grow larger than the local buffer if very large\n> \\\"nt response\\\" data is extracted from a previous NTLMv2 header\n> provided by the malicious or broken HTTP server.\n>\n> Such a \\\"large value\\\" needs to be around 1000 bytes or more. The\n> actual payload data copied to the target buffer comes from the NTLMv2\n> type-2 response header.\n>\n> CVE-2019-3823: SMTP end-of-response out-of-bounds read\n>\n> libcurl contains a heap out-of-bounds read in the code handling the\n> end-of-response for SMTP.\n>\n> If the buffer passed to smtp_endofresp() isn\\'t NUL terminated and\n> contains no character ending the parsed number, and len is set to 5,\n> then the strtol() call reads beyond the allocated buffer. The read\n> contents will not be returned to the caller.\n", "id": "FreeBSD-2019-0031", "modified": "2019-02-07T00:00:00Z", "published": "2019-02-07T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://curl.haxx.se/docs/security.html" }, { "type": "WEB", "url": "https://curl.haxx.se/docs/security.html" }, { "type": "WEB", "url": "https://curl.haxx.se/docs/CVE-2018-16890.html" }, { "type": "WEB", "url": "https://curl.haxx.se/docs/CVE-2019-3822.html" }, { "type": "WEB", "url": "https://curl.haxx.se/docs/CVE-2019-3823.html" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-16890" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-3822" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-3823" } ], "schema_version": "1.7.0", "summary": "curl -- multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "gitlab-ce" }, "ranges": [ { "events": [ { "introduced": "11.7.0" }, { "fixed": "11.7.4" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "11.6.0" }, { "fixed": "11.6.9" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://about.gitlab.com/2019/02/05/critical-security-release-gitlab-11-dot-7-dot-4-released/" ], "discovery": "2019-02-05T00:00:00Z", "references": { "cvename": [ "CVE-2019-7353", "CVE-2019-6796" ] }, "vid": "43ee6c1d-29ee-11e9-82a1-001b217b3468" }, "details": "Gitlab reports:\n\n> Leak of Confidential Issue and Merge Request Titles\n>\n> Persistent XSS in User Status\n", "id": "FreeBSD-2019-0030", "modified": "2019-02-06T00:00:00Z", "published": "2019-02-06T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://about.gitlab.com/2019/02/05/critical-security-release-gitlab-11-dot-7-dot-4-released/" }, { "type": "WEB", "url": "https://about.gitlab.com/2019/02/05/critical-security-release-gitlab-11-dot-7-dot-4-released/" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-7353" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-6796" } ], "schema_version": "1.7.0", "summary": "Gitlab -- Multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "dovecot" }, "ranges": [ { "events": [ { "fixed": "2.3.4.1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://www.mail-archive.com/dovecot@dovecot.org/msg76117.html" ], "discovery": "2019-01-16T00:00:00Z", "references": { "cvename": [ "CVE-2019-3814" ] }, "vid": "1340fcc1-2953-11e9-bc44-a4badb296695" }, "details": "Aki Tuomi (Open-Xchange Oy) reports:\n\n> Normally Dovecot is configured to authenticate\n> imap/pop3/managesieve/submission clients using regular\n> username/password combination. Some installations have also required\n> clients to present a trusted SSL certificate on top of that. It\\'s\n> also possible to configure Dovecot to take the username from the\n> certificate instead of from the user provided authentication. It\\'s\n> also possible to avoid having a password at all, only trusting the SSL\n> certificate. If the provided trusted SSL certificate is missing the\n> username field, Dovecot should be failing the authentication. However,\n> the earlier versions will take the username from the user provided\n> authentication fields (e.g. LOGIN command). If there is no additional\n> password verification, this allows the attacker to login as anyone\n> else in the system. This affects only installations using:\n> auth_ssl_require_client_cert = yes auth_ssl_username_from_cert = yes\n> Attacker must also have access to a valid trusted certificate without\n> the ssl_cert_username_field in it. The default is commonName, which\n> almost certainly exists in all certificates. This could happen for\n> example if ssl_cert_username_field is a field that normally doesn\\'t\n> exist, and attacker has access to a web server\\'s certificate (and\n> key), which is signed with the same CA. Attack can be migitated by\n> having the certificates with proper Extended Key Usage, such as \\'TLS\n> Web Server\\' and \\'TLS Web Server Client\\'. Also,\n> ssl_cert_username_field setting was ignored with external SMTP AUTH,\n> because none of the MTAs (Postfix, Exim) currently send the\n> cert_username field. This may have allowed users with trusted\n> certificate to specify any username in the authentication. This does\n> not apply to Dovecot Submission service.\n", "id": "FreeBSD-2019-0029", "modified": "2019-02-05T00:00:00Z", "published": "2019-02-05T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://www.mail-archive.com/dovecot@dovecot.org/msg76117.html" }, { "type": "WEB", "url": "https://www.mail-archive.com/dovecot@dovecot.org/msg76117.html" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-3814" } ], "schema_version": "1.7.0", "summary": "mail/dovecot -- Suitable client certificate can be used to login as other user" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "typo3-8-php71" }, "ranges": [ { "events": [ { "fixed": "8.7.24" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "typo3-8-php72" }, "ranges": [ { "events": [ { "fixed": "8.7.24" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "typo3-8-php73" }, "ranges": [ { "events": [ { "fixed": "8.7.24" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "typo3-9-php71" }, "ranges": [ { "events": [ { "fixed": "9.5.4" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "typo3-9-php72" }, "ranges": [ { "events": [ { "fixed": "9.5.4" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "typo3-9-php73" }, "ranges": [ { "events": [ { "fixed": "9.5.4" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://typo3.org/article/typo3-954-and-8723-security-releases-published/" ], "discovery": "2019-01-22T00:00:00Z", "vid": "5d8c0876-2716-11e9-9446-b7f8544ce15c" }, "details": "Typo3 news:\n\n> Please read the corresponding Security Advisories for details.\n", "id": "FreeBSD-2019-0028", "modified": "2019-02-02T00:00:00Z", "published": "2019-02-02T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://typo3.org/article/typo3-954-and-8723-security-releases-published/" }, { "type": "WEB", "url": "https://typo3.org/article/typo3-954-and-8723-security-releases-published/" }, { "type": "WEB", "url": "https://typo3.org/article/typo3-v8724-lts-released/" } ], "schema_version": "1.7.0", "summary": "typo3 -- multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "gitea" }, "ranges": [ { "events": [ { "fixed": "1.7.1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://github.com/go-gitea/gitea/releases/tag/v1.7.0" ], "discovery": "2019-01-31T00:00:00Z", "vid": "41c1cd6f-2645-11e9-b5f1-080027fee39c" }, "details": "Gitea Team reports:\n\n> Disable redirect for i18n\n>\n> Only allow local login if password is non-empty\n>\n> Fix go-get URL generation\n", "id": "FreeBSD-2019-0027", "modified": "2019-02-01T00:00:00Z", "published": "2019-02-01T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://github.com/go-gitea/gitea/releases/tag/v1.7.0" }, { "type": "WEB", "url": "https://github.com/go-gitea/gitea/releases/tag/v1.7.1" } ], "schema_version": "1.7.0", "summary": "gitea -- multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "p5-Email-Address-List" }, "ranges": [ { "events": [ { "fixed": "0.06" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://metacpan.org/source/BPS/Email-Address-List-0.06/Changes" ], "discovery": "2019-01-02T00:00:00Z", "references": { "cvename": [ "CVE-2018-18898" ] }, "vid": "22b90fe6-258e-11e9-9c8d-6805ca0b3d42" }, "details": "Best PRactical Solutions reports:\n\n> \n> 0.06 2019-01-02\n>\n> - Changes to address CVE-2018-18898 which could allow DDoS-type attacks.\n> Thanks to Lukas Kramer for reporting the issue and Alex Vandiver for\n> contributing fixes.\n> - Fix pathological backtracking for unkown regex\n> - Fix pathological backtracking in obs-phrase(i.e. obs-display-name)\n> - Fix pathological backtracking in cfws, quoted strings\n> \n", "id": "FreeBSD-2019-0026", "modified": "2019-01-31T00:00:00Z", "published": "2019-01-31T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://metacpan.org/source/BPS/Email-Address-List-0.06/Changes" }, { "type": "WEB", "url": "https://metacpan.org/source/BPS/Email-Address-List-0.06/Changes" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-18898" } ], "schema_version": "1.7.0", "summary": "p5-Email-Address-List -- DDoS related vulnerability" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "gitlab-ce" }, "ranges": [ { "events": [ { "introduced": "11.7.0" }, { "fixed": "11.7.3" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "11.6.0" }, { "fixed": "11.6.8" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "0.0.0" }, { "fixed": "11.5.10" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://about.gitlab.com/2019/01/31/security-release-gitlab-11-dot-7-dot-3-released/" ], "discovery": "2019-01-31T00:00:00Z", "references": { "cvename": [ "CVE-2019-6783", "CVE-2019-6788", "CVE-2019-6785", "CVE-2019-6790", "CVE-2019-6997", "CVE-2019-6784", "CVE-2019-6789", "CVE-2019-6781", "CVE-2019-6786", "CVE-2019-6787", "CVE-2018-16476", "CVE-2019-6782", "CVE-2019-6791", "CVE-2019-6792", "CVE-2019-6796", "CVE-2019-6794", "CVE-2019-6795", "CVE-2019-6960", "CVE-2019-6995", "CVE-2019-7176", "CVE-2019-7155", "CVE-2019-6797", "CVE-2019-6793", "CVE-2019-6996" ] }, "vid": "467b7cbe-257d-11e9-8573-001b217b3468" }, "details": "Gitlab reports:\n\n> Remote Command Execution via GitLab Pages\n>\n> Covert Redirect to Steal GitHub/Bitbucket Tokens\n>\n> Remote Mirror Branches Leaked by Git Transfer Refs\n>\n> Denial of Service with Markdown\n>\n> Guests Can View List of Group Merge Requests\n>\n> Guest Can View Merge Request Titles via System Notes\n>\n> Persistent XSS via KaTeX\n>\n> Emails Sent to Unauthorized Users\n>\n> Hyperlink Injection in Notification Emails\n>\n> Unauthorized Access to LFS Objects\n>\n> Trigger Token Exposure\n>\n> Upgrade Rails to 5.0.7.1 and 4.2.11\n>\n> Contributed Project Information Visible in Private Profile\n>\n> Imported Project Retains Prior Visibility Setting\n>\n> Error disclosure on Project Import\n>\n> Persistent XSS in User Status\n>\n> Last Commit Status Leaked to Guest Users\n>\n> Mitigations for IDN Homograph and RTLO Attacks\n>\n> Access to Internal Wiki When External Wiki Enabled\n>\n> User Can Comment on Locked Project Issues\n>\n> Unauthorized Reaction Emojis by Guest Users\n>\n> User Retains Project Role After Removal from Private Group\n>\n> GitHub Token Leaked to Maintainers\n>\n> Unauthenticated Blind SSRF in Jira Integration\n>\n> Unauthorized Access to Group Membership\n>\n> Validate SAML Response in Group SAML SSO\n", "id": "FreeBSD-2019-0025", "modified": "2019-01-31T00:00:00Z", "published": "2019-01-31T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://about.gitlab.com/2019/01/31/security-release-gitlab-11-dot-7-dot-3-released/" }, { "type": "WEB", "url": "https://about.gitlab.com/2019/01/31/security-release-gitlab-11-dot-7-dot-3-released/" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-6783" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-6788" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-6785" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-6790" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-6997" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-6784" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-6789" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-6781" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-6786" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-6787" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-16476" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-6782" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-6791" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-6792" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-6796" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-6794" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-6795" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-6960" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-6995" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-7176" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-7155" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-6797" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-6793" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-6996" } ], "schema_version": "1.7.0", "summary": "Gitlab -- Multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "turnserver" }, "ranges": [ { "events": [ { "fixed": "4.5.1.0" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://github.com/coturn/coturn/blob/4.5.1.0/ChangeLog" ], "discovery": "2019-01-28T00:00:00Z", "references": { "cvename": [ "CVE-2018-4056", "CVE-2018-4058", "CVE-2018-4059" ] }, "vid": "181beef6-2482-11e9-b4a3-00155d006b02" }, "details": "Mih\u00e1ly M\u00e9sz\u00e1ros reports:\n\n> We made 4.5.1.0 release public today that fixes many vulnerabilities.\n>\n> It fix the following vulnerabilities:\n>\n> - CVE-2018-4056\n> - CVE-2018-4058\n> - CVE-2018-4059\n>\n> They will be exposed very soon..\n", "id": "FreeBSD-2019-0024", "modified": "2019-01-30T00:00:00Z", "published": "2019-01-30T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://github.com/coturn/coturn/blob/4.5.1.0/ChangeLog" }, { "type": "WEB", "url": "https://github.com/coturn/coturn/blob/4.5.1.0/ChangeLog" }, { "type": "WEB", "url": "https://groups.google.com/d/msg/turn-server-project-rfc5766-turn-server/0RuCzcQa0ew/ebZfNEDqBwAJ" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-4056" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-4058" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-4059" } ], "schema_version": "1.7.0", "summary": "turnserver -- multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "firefox" }, "ranges": [ { "events": [ { "fixed": "65.0_1,1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "waterfox" }, "ranges": [ { "events": [ { "fixed": "56.2.7" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "seamonkey" }, "ranges": [ { "events": [ { "fixed": "2.53.0" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "linux-seamonkey" }, "ranges": [ { "events": [ { "fixed": "2.53.0" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "firefox-esr" }, "ranges": [ { "events": [ { "fixed": "60.5.0_1,1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "linux-firefox" }, "ranges": [ { "events": [ { "fixed": "60.5.0,2" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "libxul" }, "ranges": [ { "events": [ { "fixed": "60.5.0" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "thunderbird" }, "ranges": [ { "events": [ { "fixed": "60.5.0" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "linux-thunderbird" }, "ranges": [ { "events": [ { "fixed": "60.5.0" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://www.mozilla.org/en-US/security/advisories/mfsa2019-01/" ], "discovery": "2019-01-29T00:00:00Z", "references": { "cvename": [ "CVE-2018-18500", "CVE-2018-18501", "CVE-2018-18502", "CVE-2018-18503", "CVE-2018-18504", "CVE-2018-18505", "CVE-2018-18506" ] }, "vid": "b1f7d52f-fc42-48e8-8403-87d4c9d26229" }, "details": "Mozilla Foundation reports:\n\n> CVE-2018-18500: Use-after-free parsing HTML5 stream\n>\n> CVE-2018-18503: Memory corruption with Audio Buffer\n>\n> CVE-2018-18504: Memory corruption and out-of-bounds read of texture\n> client buffer\n>\n> CVE-2018-18505: Privilege escalation through IPC channel messages\n>\n> CVE-2018-18506: Proxy Auto-Configuration file can define localhost\n> access to be proxied\n>\n> CVE-2018-18502: Memory safety bugs fixed in Firefox 65\n>\n> CVE-2018-18501: Memory safety bugs fixed in Firefox 65 and Firefox ESR\n> 60.5\n", "id": "FreeBSD-2019-0023", "modified": "2019-07-23T00:00:00Z", "published": "2019-01-29T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2019-01/" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-18500" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-18501" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-18502" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-18503" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-18504" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-18505" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-18506" }, { "type": "WEB", "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2019-01/" }, { "type": "WEB", "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2019-02/" } ], "schema_version": "1.7.0", "summary": "mozilla -- multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "powerdns-recursor" }, "ranges": [ { "events": [ { "fixed": "4.1.9" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://doc.powerdns.com/recursor/changelog/4.1.html" ], "discovery": "2019-01-21T00:00:00Z", "references": { "cvename": [ "CVE-2019-3806", "CVE-2019-3807" ] }, "vid": "40d92cc5-1e2b-11e9-bef6-6805ca2fa271" }, "details": "PowerDNS Team reports:\n\n> CVE-2019-3806: An issue has been found in PowerDNS Recursor where Lua\n> hooks are not properly applied to queries received over TCP in some\n> specific combination of settings, possibly bypassing security policies\n> enforced using Lua. When the recursor is configured to run with more\n> than one thread (threads=X) and to do the distribution of incoming\n> queries to the worker threads itself (pdns-distributes-queries=yes),\n> the Lua script is not properly loaded in the thread handling incoming\n> TCP queries, causing the Lua hooks to not be properly applied.\n>\n> CVE-2019-3807: An issue has been found in PowerDNS Recursor where\n> records in the answer section of responses received from authoritative\n> servers with the AA flag not set were not properly validated, allowing\n> an attacker to bypass DNSSEC validation.\n", "id": "FreeBSD-2019-0022", "modified": "2019-01-22T00:00:00Z", "published": "2019-01-22T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://doc.powerdns.com/recursor/changelog/4.1.html" }, { "type": "WEB", "url": "https://doc.powerdns.com/recursor/changelog/4.1.html" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-3806" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-3807" } ], "schema_version": "1.7.0", "summary": "powerdns-recursor -- multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "mariadb55-server" }, "ranges": [ { "events": [ { "fixed": "5.5.63" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "mariadb100-server" }, "ranges": [ { "events": [ { "fixed": "10.0.38" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "mariadb101-server" }, "ranges": [ { "events": [ { "fixed": "10.1.38" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "mariadb102-server" }, "ranges": [ { "events": [ { "fixed": "10.2.22" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "mariadb103-server" }, "ranges": [ { "events": [ { "fixed": "10.3.13" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "mysql55-server" }, "ranges": [ { "events": [ { "fixed": "5.5.63" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "mysql56-server" }, "ranges": [ { "events": [ { "fixed": "5.6.43" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "mysql57-server" }, "ranges": [ { "events": [ { "fixed": "5.7.25" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "mysql80-server" }, "ranges": [ { "events": [ { "fixed": "8.0.14" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "percona55-server" }, "ranges": [ { "events": [ { "fixed": "5.5.63" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "percona56-server" }, "ranges": [ { "events": [ { "fixed": "5.6.43" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "percona57-server" }, "ranges": [ { "events": [ { "fixed": "5.7.25" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html#AppendixMSQL" ], "discovery": "2019-01-15T00:00:00Z", "references": { "cvename": [ "CVE-2019-2534", "CVE-2019-2533", "CVE-2019-2529", "CVE-2019-2482", "CVE-2019-2434", "CVE-2019-2455", "CVE-2019-2503", "CVE-2019-2436", "CVE-2019-2536", "CVE-2019-2502", "CVE-2019-2510", "CVE-2019-2539", "CVE-2019-2494", "CVE-2019-2495", "CVE-2019-2537", "CVE-2019-2420", "CVE-2019-2481", "CVE-2019-2507", "CVE-2019-2530", "CVE-2019-2528", "CVE-2019-2531", "CVE-2019-2486", "CVE-2019-2532", "CVE-2019-2535", "CVE-2019-2513" ] }, "vid": "d3d02d3a-2242-11e9-b95c-b499baebfeaf" }, "details": "Oracle reports:\n\n> Please reference CVE/URL list for details\n>\n> Not all listed CVE\\'s are present in all versions/flavors\n", "id": "FreeBSD-2019-0021", "modified": "2019-01-27T00:00:00Z", "published": "2019-01-27T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html#AppendixMSQL" }, { "type": "WEB", "url": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html#AppendixMSQL" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-2534" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-2533" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-2529" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-2482" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-2434" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-2455" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-2503" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-2436" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-2536" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-2502" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-2510" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-2539" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-2494" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-2495" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-2537" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-2420" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-2481" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-2507" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-2530" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-2528" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-2531" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-2486" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-2532" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-2535" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-2513" } ], "schema_version": "1.7.0", "summary": "MySQL -- multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "botan2" }, "ranges": [ { "events": [ { "fixed": "2.9.0" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://botan.randombit.net/security.html#id1" ], "discovery": "2018-12-17T00:00:00Z", "references": { "cvename": [ "CVE-2018-20187" ] }, "vid": "d8e7e854-17fa-11e9-bef6-6805ca2fa271" }, "details": "botan2 developers reports:\n\n> A timing side channel during ECC key generation could leak information\n> about the high bits of the secret scalar. Such information allows an\n> attacker to perform a brute force attack on the key somewhat more\n> efficiently than they would otherwise. Found by J\u00e1n Jan\u010d\u00e1r using\n> ECTester.\n>\n> Bug introduced in 1.11.20, fixed in 2.9.0\n", "id": "FreeBSD-2019-0020", "modified": "2019-01-27T00:00:00Z", "published": "2019-01-27T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://botan.randombit.net/security.html#id1" }, { "type": "WEB", "url": "https://botan.randombit.net/security.html#id1" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-20187" } ], "schema_version": "1.7.0", "summary": "botan2 -- Side channel during ECC key generation" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "phpMyAdmin" }, "ranges": [ { "events": [ { "fixed": "4.8.5" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "phpMyAdmin-php56" }, "ranges": [ { "events": [ { "fixed": "4.8.5" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "phpMyAdmin-php70" }, "ranges": [ { "events": [ { "fixed": "4.8.5" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "phpMyAdmin-php71" }, "ranges": [ { "events": [ { "fixed": "4.8.5" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "phpMyAdmin-php72" }, "ranges": [ { "events": [ { "fixed": "4.8.5" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://www.phpmyadmin.net/security/PMASA-2019-1/", "https://www.phpmyadmin.net/security/PMASA-2019-2/" ], "discovery": "2019-01-21T00:00:00Z", "vid": "111aefca-2213-11e9-9c8d-6805ca0b3d42" }, "details": "The phpMyAdmin development team reports:\n\n> ### Summary\n>\n> Arbitrary file read vulnerability\n>\n> ### Description\n>\n> When `AllowArbitraryServer` configuration set to `true`, with the use\n> of a rogue MySQL server, an attacker can read any file on the server\n> that the web server\\'s user can access.\n>\n> phpMyadmin attempts to block the use of `LOAD DATA INFILE`, but due to\n> a [bug in PHP](https://bugs.php.net/bug.php?id=77496), this check is\n> not honored. Additionally, when using the \\'mysql\\' extension,\n> [mysql.allow_local_infile](http://php.net/manual/en/mysql.configuration.php#ini.mysql.allow-local-infile)\n> is enabled by default. Both of these conditions allow the attack to\n> occur.\n>\n> ### Severity\n>\n> We consider this vulnerability to be critical.\n>\n> ### Mitigation factor\n>\n> This attack can be mitigated by setting the \\`AllowArbitraryServer\\`\n> configuration directive to false (which is the default value).\n>\n> ### Affected Versions\n>\n> phpMyAdmin versions from at least 4.0 through 4.8.4 are affected\n\n> ### Summary\n>\n> SQL injection in Designer feature\n>\n> ### Description\n>\n> A vulnerability was reported where a specially crafted username can be\n> used to trigger an SQL injection attack through the designer feature.\n>\n> ### Severity\n>\n> We consider this vulnerability to be serious.\n>\n> ### Affected Versions\n>\n> phpMyAdmin versions from 4.5.0 through 4.8.4 are affected\n", "id": "FreeBSD-2019-0019", "modified": "2019-01-27T00:00:00Z", "published": "2019-01-27T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://www.phpmyadmin.net/security/PMASA-2019-1/" }, { "type": "REPORT", "url": "https://www.phpmyadmin.net/security/PMASA-2019-2/" }, { "type": "WEB", "url": "https://www.phpmyadmin.net/security/PMASA-2019-1/" }, { "type": "WEB", "url": "https://www.phpmyadmin.net/security/PMASA-2019-2/" } ], "schema_version": "1.7.0", "summary": "phpMyAdmin -- File disclosure and SQL injection" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "gitea" }, "ranges": [ { "events": [ { "fixed": "1.7.0" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://github.com/go-gitea/gitea/releases/tag/v1.7.0" ], "discovery": "2019-01-22T00:00:00Z", "vid": "7f6146aa-2157-11e9-9ba0-4c72b94353b5" }, "details": "Gitea Team reports:\n\n> Do not display the raw OpenID error in the UI\n>\n> When redirecting clean the path to avoid redirecting to external site\n>\n> Prevent DeleteFilePost doing arbitrary deletion\n", "id": "FreeBSD-2019-0018", "modified": "2019-01-26T00:00:00Z", "published": "2019-01-26T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://github.com/go-gitea/gitea/releases/tag/v1.7.0" }, { "type": "WEB", "url": "https://github.com/go-gitea/gitea/releases/tag/v1.7.0" } ], "schema_version": "1.7.0", "summary": "gitea -- multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "libzmq4" }, "ranges": [ { "events": [ { "introduced": "4.2.0" }, { "fixed": "4.3.1" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://github.com/zeromq/libzmq/releases/tag/v4.3.1" ], "discovery": "2019-01-08T00:00:00Z", "references": { "cvename": [ "CVE-2019-6250" ] }, "vid": "8e48365a-214d-11e9-9f8a-0050562a4d7b" }, "details": "> A vulnerability has been found that would allow attackers to direct a\n> peer to jump to and execute from an address indicated by the attacker.\n> This issue has been present since v4.2.0. Older releases are not\n> affected. NOTE: The attacker needs to know in advance valid addresses\n> in the peer\\'s memory to jump to, so measures like ASLR are effective\n> mitigations. NOTE: this attack can only take place after\n> authentication, so peers behind CURVE/GSSAPI are not vulnerable to\n> unauthenticated attackers.\n", "id": "FreeBSD-2019-0017", "modified": "2019-01-26T00:00:00Z", "published": "2019-01-26T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://github.com/zeromq/libzmq/releases/tag/v4.3.1" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-6250" }, { "type": "WEB", "url": "https://github.com/zeromq/libzmq/issues/3351" }, { "type": "WEB", "url": "https://github.com/zeromq/libzmq/pull/3353" }, { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-6250" }, { "type": "ADVISORY", "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6250" } ], "schema_version": "1.7.0", "summary": "libzmq4 -- Remote Code Execution Vulnerability" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "apache24" }, "ranges": [ { "events": [ { "fixed": "2.4.38" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "http://httpd.apache.org/security/vulnerabilities_24.html" ], "discovery": "2019-01-22T00:00:00Z", "references": { "cvename": [ "CVE-2018-17199", "CVE-2018-17189", "CVE-2019-0190" ] }, "vid": "eb888ce5-1f19-11e9-be05-4c72b94353b5" }, "details": "The Apache httpd Project reports:\n\n> SECURITY: CVE-2018-17199 mod_session: mod_session_cookie does not\n> respect expiry time allowing sessions to be reused.\n>\n> SECURITY: CVE-2019-0190 mod_ssl: Fix infinite loop triggered by a\n> client-initiated renegotiation in TLSv1.2 (or earlier) with OpenSSL\n> 1.1.1 and later. PR 63052.\n>\n> SECURITY: CVE-2018-17189 mod_http2: fixes a DoS attack vector. By\n> sending slow request bodies to resources not consuming them, httpd\n> cleanup code occupies a server thread unnecessarily. This was changed\n> to an immediate stream reset which discards all stream state and\n> incoming data.\n", "id": "FreeBSD-2019-0016", "modified": "2019-01-23T00:00:00Z", "published": "2019-01-23T00:00:00Z", "references": [ { "type": "REPORT", "url": "http://httpd.apache.org/security/vulnerabilities_24.html" }, { "type": "WEB", "url": "http://www.apache.org/dist/httpd/CHANGES_2.4.38" }, { "type": "WEB", "url": "http://httpd.apache.org/security/vulnerabilities_24.html" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-17199" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-17189" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-0190" } ], "schema_version": "1.7.0", "summary": "Apache -- vulnerability" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "mod_dav_svn" }, "ranges": [ { "events": [ { "introduced": "1.10.0" }, { "fixed": "1.10.3" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "1.11.0" }, { "last_affected": "1.11.0" }, { "fixed": "1.11.0" } ], "type": "ECOSYSTEM" } ], "versions": [ "1.11.0" ] } ], "database_specific": { "cite": [ "http://subversion.apache.org/security/CVE-2018-11803-advisory.txt" ], "discovery": "2019-01-23T00:00:00Z", "vid": "4af3241d-1f0c-11e9-b4bd-d43d7eed0ce2" }, "details": "Subversion project reports:\n\n> Malicious SVN clients can trigger a crash in mod_dav_svn by omitting\n> the root path from a recursive directory listing request.\n", "id": "FreeBSD-2019-0015", "modified": "2019-01-23T00:00:00Z", "published": "2019-01-23T00:00:00Z", "references": [ { "type": "REPORT", "url": "http://subversion.apache.org/security/CVE-2018-11803-advisory.txt" }, { "type": "WEB", "url": "http://subversion.apache.org/security/CVE-2018-11803-advisory.txt" } ], "schema_version": "1.7.0", "summary": "www/mod_dav_svn -- Malicious SVN clients can crash mod_dav_svn." }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "py27-requests" }, "ranges": [ { "events": [ { "fixed": "2.20.0" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "py35-requests" }, "ranges": [ { "events": [ { "fixed": "2.20.0" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "py36-requests" }, "ranges": [ { "events": [ { "fixed": "2.20.0" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "py37-requests" }, "ranges": [ { "events": [ { "fixed": "2.20.0" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://cve.mitre.org/cgi-bin/cvename.cgi?name=2018-18074" ], "discovery": "2018-06-27T00:00:00Z", "vid": "50ad9a9a-1e28-11e9-98d7-0050562a4d7b" }, "details": "> The Requests package before 2.20.0 for Python sends an HTTP\n> Authorization header to an http URI upon receiving a same-hostname\n> https-to-http redirect, which makes it easier for remote attackers to\n> discover credentials by sniffing the network.\n", "id": "FreeBSD-2019-0014", "modified": "2019-01-27T00:00:00Z", "published": "2019-01-22T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=2018-18074" }, { "type": "ADVISORY", "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=2018-18074" }, { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-18074" }, { "type": "WEB", "url": "https://github.com/requests/requests/issues/4716" }, { "type": "WEB", "url": "https://github.com/requests/requests/pull/4718" }, { "type": "WEB", "url": "https://github.com/requests/requests/commit/c45d7c49ea75133e52ab22a8e9e13173938e36ff" } ], "schema_version": "1.7.0", "summary": "www/py-requests -- Information disclosure vulnerability" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "joomla3" }, "ranges": [ { "events": [ { "fixed": "3.9.2" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://developer.joomla.org/security-centre/760-00190101-core-stored-xss-in-mod-banners.html", "https://developer.joomla.org/security-centre/761-20190102-core-stored-xss-in-com-contact.html", "https://developer.joomla.org/security-centre/762-20190103-core-stored-xss-issue-in-the-global-configuration-textfilter-settings.html", "https://developer.joomla.org/security-centre/763-20190104-core-stored-xss-issue-in-the-global-configuration-help-url.html" ], "discovery": "2018-12-01T00:00:00Z", "references": { "cvename": [ "CVE-2019-6264", "CVE-2019-6261", "CVE-2019-6263", "CVE-2019-6262" ] }, "vid": "6aa398d0-1c4d-11e9-96dd-a4badb296695" }, "details": "JSST reports:\n\n> Inadequate escaping in mod_banners leads to a stored XSS\n> vulnerability.\n\n> Inadequate escaping in com_contact leads to a stored XSS vulnerability\n\n> Inadequate checks at the Global Configuration Text Filter settings\n> allowed a stored XSS.\n\n> Inadequate checks at the Global Configuration helpurl settings allowed\n> a stored XSS.\n", "id": "FreeBSD-2019-0013", "modified": "2019-01-20T00:00:00Z", "published": "2019-01-20T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://developer.joomla.org/security-centre/760-00190101-core-stored-xss-in-mod-banners.html" }, { "type": "REPORT", "url": "https://developer.joomla.org/security-centre/761-20190102-core-stored-xss-in-com-contact.html" }, { "type": "REPORT", "url": "https://developer.joomla.org/security-centre/762-20190103-core-stored-xss-issue-in-the-global-configuration-textfilter-settings.html" }, { "type": "REPORT", "url": "https://developer.joomla.org/security-centre/763-20190104-core-stored-xss-issue-in-the-global-configuration-help-url.html" }, { "type": "WEB", "url": "https://developer.joomla.org/security-centre/760-00190101-core-stored-xss-in-mod-banners.html" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-6264" }, { "type": "WEB", "url": "https://developer.joomla.org/security-centre/761-20190102-core-stored-xss-in-com-contact.html" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-6261" }, { "type": "WEB", "url": "https://developer.joomla.org/security-centre/762-20190103-core-stored-xss-issue-in-the-global-configuration-textfilter-settings.html" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-6263" }, { "type": "WEB", "url": "https://developer.joomla.org/security-centre/763-20190104-core-stored-xss-issue-in-the-global-configuration-help-url.html" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-6262" } ], "schema_version": "1.7.0", "summary": "joomla3 -- vulnerabilitiesw" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "drupal7" }, "ranges": [ { "events": [ { "fixed": "7.63" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "drupal8" }, "ranges": [ { "events": [ { "fixed": "8.6.7" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://www.drupal.org/sa-core-2019-002" ], "discovery": "2019-01-16T00:00:00Z", "vid": "e00ed3d9-1c27-11e9-a257-000ffec0b3e1" }, "details": "Drupal Security Team reports:\n\n> A remote code execution vulnerability exists in PHP\\'s built-in phar\n> stream wrapper when performing file operations on an untrusted phar://\n> URI.\n>\n> Some Drupal code (core, contrib, and custom) may be performing file\n> operations on insufficiently validated user input, thereby being\n> exposed to this vulnerability.\n>\n> This vulnerability is mitigated by the fact that such code paths\n> typically require access to an administrative permission or an\n> atypical configuration.\n", "id": "FreeBSD-2019-0012", "modified": "2019-01-19T00:00:00Z", "published": "2019-01-19T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://www.drupal.org/sa-core-2019-002" }, { "type": "WEB", "url": "https://www.drupal.org/SA-CORE-2018-006" } ], "schema_version": "1.7.0", "summary": "drupal -- Drupal core - Arbitrary PHP code execution" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "helm" }, "ranges": [ { "events": [ { "introduced": "2.0.0" }, { "fixed": "2.12.2" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://helm.sh/blog/helm-security-notice-2019/index.html" ], "discovery": "2019-01-14T00:00:00Z", "vid": "2a8b79c3-1b6e-11e9-8cf4-1c39475b9f84" }, "details": "Helm security notice\n\n> A specially crafted chart may be able to unpack content into locations\n> on the filesystem outside of the chart\\'s path, potentially\n> overwriting existing files.\n", "id": "FreeBSD-2019-0011", "modified": "2019-01-18T00:00:00Z", "published": "2019-01-18T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://helm.sh/blog/helm-security-notice-2019/index.html" }, { "type": "WEB", "url": "https://helm.sh/blog/helm-security-notice-2019/index.html" } ], "schema_version": "1.7.0", "summary": "Helm -- client unpacking chart that contains malicious content" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "gitlab-ce" }, "ranges": [ { "events": [ { "introduced": "11.6.0" }, { "fixed": "11.6.4" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "11.5.0" }, { "fixed": "11.5.7" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "8.9.0" }, { "fixed": "11.4.14" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://about.gitlab.com/2019/01/16/critical-security-release-gitlab-11-dot-6-dot-4-released/" ], "discovery": "2019-01-16T00:00:00Z", "references": { "cvename": [ "CVE-2019-6240" ] }, "vid": "ff50192c-19eb-11e9-8573-001b217b3468" }, "details": "Gitlab reports:\n\n> Arbitrary repo read in Gitlab project import\n", "id": "FreeBSD-2019-0010", "modified": "2019-01-17T00:00:00Z", "published": "2019-01-17T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://about.gitlab.com/2019/01/16/critical-security-release-gitlab-11-dot-6-dot-4-released/" }, { "type": "WEB", "url": "https://about.gitlab.com/2019/01/16/critical-security-release-gitlab-11-dot-6-dot-4-released/" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-6240" } ], "schema_version": "1.7.0", "summary": "Gitlab -- Arbitrary repo read in Gitlab project import" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "jenkins" }, "ranges": [ { "events": [ { "fixed": "2.160" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "jenkins-lts" }, "ranges": [ { "events": [ { "fixed": "2.150.2" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://jenkins.io/security/advisory/2019-01-16/" ], "discovery": "2019-01-16T00:00:00Z", "vid": "debf6353-5753-4e9a-b710-a83ecdd743de" }, "details": "Jenkins Security Advisory:\n\n> # Description\n>\n> ##### (High) SECURITY-868\n>\n> Administrators could persist access to Jenkins using crafted\n> \\'Remember me\\' cookie\n>\n> ##### (Medium) SECURITY-901\n>\n> Deleting a user in an external security realm did not invalidate their\n> session or \\'Remember me\\' cookie\n", "id": "FreeBSD-2019-0009", "modified": "2019-01-16T00:00:00Z", "published": "2019-01-16T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://jenkins.io/security/advisory/2019-01-16/" }, { "type": "WEB", "url": "https://jenkins.io/security/advisory/2019-01-16/" } ], "schema_version": "1.7.0", "summary": "jenkins -- multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "py27-matrix-synapse" }, "ranges": [ { "events": [ { "fixed": "0.34.1.1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "py35-matrix-synapse" }, "ranges": [ { "events": [ { "fixed": "0.34.1.1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "py36-matrix-synapse" }, "ranges": [ { "events": [ { "fixed": "0.34.1.1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "py37-matrix-synapse" }, "ranges": [ { "events": [ { "fixed": "0.34.1.1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://matrix.org/blog/2019/01/10/critical-security-update-synapse-0-34-0-1-synapse-0-34-1-1/" ], "discovery": "2019-01-10T00:00:00Z", "references": { "cvename": [ "CVE-2019-5885" ] }, "vid": "383931ba-1818-11e9-92ea-448a5b29e8a9" }, "details": "Matrix developers report:\n\n> The matrix team announces the availablility of synapse security\n> releases 0.34.0.1 and 0.34.1.1, fixing CVE-2019-5885.\n", "id": "FreeBSD-2019-0008", "modified": "2019-01-15T00:00:00Z", "published": "2019-01-15T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://matrix.org/blog/2019/01/10/critical-security-update-synapse-0-34-0-1-synapse-0-34-1-1/" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-5885" }, { "type": "WEB", "url": "https://matrix.org/blog/2019/01/10/critical-security-update-synapse-0-34-0-1-synapse-0-34-1-1/" } ], "schema_version": "1.7.0", "summary": "py-matrix-synapse -- undisclosed vulnerability" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "irssi" }, "ranges": [ { "events": [ { "introduced": "1.1.0,1" }, { "fixed": "1.1.2,1" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://irssi.org/security/irssi_sa_2019_01.txt" ], "discovery": "2019-01-09T00:00:00Z", "references": { "cvename": [ "CVE-2019-5882" ], "freebsdpr": [ "ports/234798" ] }, "vid": "d38bbb79-14f3-11e9-9ce2-28d244aee256" }, "details": "Irssi reports:\n\n> Use after free when hidden lines were expired from the scroll buffer.\n> It may affect the stability of Irssi. (CWE-417, CWE-825)\n", "id": "FreeBSD-2019-0007", "modified": "2019-01-10T00:00:00Z", "published": "2019-01-10T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://irssi.org/security/irssi_sa_2019_01.txt" }, { "type": "WEB", "url": "https://irssi.org/security/irssi_sa_2019_01.txt" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-5882" }, { "type": "REPORT", "url": "https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=234798" } ], "schema_version": "1.7.0", "summary": "irssi -- Use after free" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "uriparser" }, "ranges": [ { "events": [ { "fixed": "0.9.1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://github.com/uriparser/uriparser/blob/uriparser-0.9.1/ChangeLog" ], "discovery": "2019-01-02T00:00:00Z", "vid": "924bd4f8-11e7-11e9-9fe8-5404a68ad561" }, "details": "Upstream project reports:\n\n> Out-of-bounds read in uriParse\\*Ex\\* for incomplete URIs with IPv6\n> addresses with embedded IPv4 address, e.g. \\\"//\\[::44.1\\\"; mitigated\n> if passed parameter afterLast points to readable memory containing a\n> \\'\\\\0\\' byte.\n", "id": "FreeBSD-2019-0006", "modified": "2019-01-06T00:00:00Z", "published": "2019-01-06T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://github.com/uriparser/uriparser/blob/uriparser-0.9.1/ChangeLog" }, { "type": "WEB", "url": "https://github.com/uriparser/uriparser/blob/uriparser-0.9.1/ChangeLog" } ], "schema_version": "1.7.0", "summary": "uriparser -- Out-of-bounds read" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "gitea" }, "ranges": [ { "events": [ { "fixed": "1.6.3" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://blog.gitea.io/2019/01/release-of-1.6.3/" ], "discovery": "2019-01-04T00:00:00Z", "vid": "63e36475-119f-11e9-aba7-080027fee39c" }, "details": "The Gitea project reports:\n\n> Security\n>\n> - Prevent DeleteFilePost doing arbitrary deletion\n", "id": "FreeBSD-2019-0005", "modified": "2019-01-06T00:00:00Z", "published": "2019-01-06T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://blog.gitea.io/2019/01/release-of-1.6.3/" }, { "type": "WEB", "url": "https://github.com/go-gitea/gitea/issues/5631" } ], "schema_version": "1.7.0", "summary": "gitea -- insufficient privilege check" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "chromium" }, "ranges": [ { "events": [ { "fixed": "71.0.3578.98" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://chromereleases.googleblog.com/2018/12/stable-channel-update-for-desktop_12.html" ], "discovery": "2018-12-12T00:00:00Z", "references": { "cvename": [ "CVE-2018-17481" ] }, "vid": "720590df-10eb-11e9-b407-080027ef1a23" }, "details": "Google Chrome Releases reports:\n\n> 1 security fix contributed by external researches:\n>\n> - High CVE-2018-17481: Use after free in PDFium\n", "id": "FreeBSD-2019-0004", "modified": "2019-01-05T00:00:00Z", "published": "2019-01-05T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://chromereleases.googleblog.com/2018/12/stable-channel-update-for-desktop_12.html" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-17481" }, { "type": "WEB", "url": "https://chromereleases.googleblog.com/2018/12/stable-channel-update-for-desktop_12.html" } ], "schema_version": "1.7.0", "summary": "chromium -- Use after free in PDFium" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "chromium" }, "ranges": [ { "events": [ { "fixed": "71.0.3578.80" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://chromereleases.googleblog.com/2018/12/stable-channel-update-for-desktop.html" ], "discovery": "2018-12-04T00:00:00Z", "references": { "cvename": [ "CVE-2018-17480", "CVE-2018-17481", "CVE-2018-18335", "CVE-2018-18336", "CVE-2018-18337", "CVE-2018-18338", "CVE-2018-18339", "CVE-2018-18340", "CVE-2018-18341", "CVE-2018-18342", "CVE-2018-18343", "CVE-2018-18344", "CVE-2018-18345", "CVE-2018-18346", "CVE-2018-18347", "CVE-2018-18348", "CVE-2018-18349", "CVE-2018-18350", "CVE-2018-18351", "CVE-2018-18352", "CVE-2018-18353", "CVE-2018-18354", "CVE-2018-18355", "CVE-2018-18356", "CVE-2018-18357", "CVE-2018-18358", "CVE-2018-18359" ] }, "vid": "546d4dd4-10ea-11e9-b407-080027ef1a23" }, "details": "Google Chrome Releases reports:\n\n> 43 security fixes in this release, including:\n>\n> - High CVE-2018-17480: Out of bounds write in V8\n> - High CVE-2018-17481: Use after free in PDFium\n> - High CVE-2018-18335: Heap buffer overflow in Skia\n> - High CVE-2018-18336: Use after free in PDFium\n> - High CVE-2018-18337: Use after free in Blink\n> - High CVE-2018-18338: Heap buffer overflow in Canvas\n> - High CVE-2018-18339: Use after free in WebAudio\n> - High CVE-2018-18340: Use after free in MediaRecorder\n> - High CVE-2018-18341: Heap buffer overflow in Blink\n> - High CVE-2018-18342: Out of bounds write in V8\n> - High CVE-2018-18343: Use after free in Skia\n> - High CVE-2018-18344: Inappropriate implementation in Extensions\n> - High To be allocated: Multiple issues in SQLite via WebSQL\n> - Medium CVE-2018-18345: Inappropriate implementation in Site\n> Isolation\n> - Medium CVE-2018-18346: Incorrect security UI in Blink\n> - Medium CVE-2018-18347: Inappropriate implementation in Navigation\n> - Medium CVE-2018-18348: Inappropriate implementation in Omnibox\n> - Medium CVE-2018-18349: Insufficient policy enforcement in Blink\n> - Medium CVE-2018-18350: Insufficient policy enforcement in Blink\n> - Medium CVE-2018-18351: Insufficient policy enforcement in Navigation\n> - Medium CVE-2018-18352: Inappropriate implementation in Media\n> - Medium CVE-2018-18353: Inappropriate implementation in Network\n> Authentication\n> - Medium CVE-2018-18354: Insufficient data validation in Shell\n> Integration\n> - Medium CVE-2018-18355: Insufficient policy enforcement in URL\n> Formatter\n> - Medium CVE-2018-18356: Use after free in Skia\n> - Medium CVE-2018-18357: Insufficient policy enforcement in URL\n> Formatter\n> - Medium CVE-2018-18358: Insufficient policy enforcement in Proxy\n> - Medium CVE-2018-18359: Out of bounds read in V8\n> - Low To be allocated: Inappropriate implementation in PDFium\n> - Low To be allocated: Use after free in Extensions\n> - Low To be allocated: Inappropriate implementation in Navigation\n> - Low To be allocated: Inappropriate implementation in Navigation\n> - Low To be allocated: Insufficient policy enforcement in Navigation\n> - Low To be allocated: Insufficient policy enforcement in URL\n> Formatter\n> - Medium To be allocated: Insufficient policy enforcement in Payments\n> - Various fixes from internal audits, fuzzing and other initiatives\n", "id": "FreeBSD-2019-0003", "modified": "2019-01-05T00:00:00Z", "published": "2019-01-05T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://chromereleases.googleblog.com/2018/12/stable-channel-update-for-desktop.html" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-17480" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-17481" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-18335" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-18336" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-18337" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-18338" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-18339" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-18340" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-18341" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-18342" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-18343" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-18344" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-18345" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-18346" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-18347" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-18348" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-18349" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-18350" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-18351" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-18352" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-18353" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-18354" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-18355" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-18356" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-18357" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-18358" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-18359" }, { "type": "WEB", "url": "https://chromereleases.googleblog.com/2018/12/stable-channel-update-for-desktop.html" } ], "schema_version": "1.7.0", "summary": "chromium -- multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "py27-django111" }, "ranges": [ { "events": [ { "fixed": "1.11.18" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "py35-django111" }, "ranges": [ { "events": [ { "fixed": "1.11.18" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "py36-django111" }, "ranges": [ { "events": [ { "fixed": "1.11.18" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "py37-django111" }, "ranges": [ { "events": [ { "fixed": "1.11.18" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "py35-django20" }, "ranges": [ { "events": [ { "fixed": "2.0.10" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "py36-django20" }, "ranges": [ { "events": [ { "fixed": "2.0.10" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "py37-django20" }, "ranges": [ { "events": [ { "fixed": "2.0.10" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "py35-django21" }, "ranges": [ { "events": [ { "fixed": "2.1.5" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "py36-django21" }, "ranges": [ { "events": [ { "fixed": "2.1.5" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "py37-django21" }, "ranges": [ { "events": [ { "fixed": "2.1.5" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://www.djangoproject.com/weblog/2019/jan/04/security-releases/" ], "discovery": "2019-01-03T00:00:00Z", "references": { "cvename": [ "CVE-2019-3498" ] }, "vid": "3e41c1a6-10bc-11e9-bd85-fcaa147e860e" }, "details": "Django security releases issued reports:\n\n> An attacker could craft a malicious URL that could make spoofed\n> content appear on the default page generated by the\n> django.views.defaults.page_not_found() view.\n", "id": "FreeBSD-2019-0002", "modified": "2019-01-05T00:00:00Z", "published": "2019-01-05T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://www.djangoproject.com/weblog/2019/jan/04/security-releases/" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2019-3498" }, { "type": "WEB", "url": "https://www.djangoproject.com/weblog/2019/jan/04/security-releases/" } ], "schema_version": "1.7.0", "summary": "Django -- Content spoofing possibility in the default 404 page" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "gitlab-ce" }, "ranges": [ { "events": [ { "introduced": "11.6.0" }, { "fixed": "11.6.1" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "11.5.0" }, { "fixed": "11.5.6" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "8.0.0" }, { "fixed": "11.4.13" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://about.gitlab.com/2018/12/31/security-release-gitlab-11-dot-6-dot-1-released/" ], "discovery": "2018-12-31T00:00:00Z", "references": { "cvename": [ "CVE-2018-20493", "CVE-2018-20492", "CVE-2018-20489", "CVE-2018-20490", "CVE-2018-20497", "CVE-2018-20495", "CVE-2018-20488", "CVE-2018-20494", "CVE-2018-20496", "CVE-2018-20491", "CVE-2018-20499", "CVE-2018-20500", "CVE-2018-20501", "CVE-2018-20498", "CVE-2018-20507" ] }, "vid": "b2f4ab91-0e6b-11e9-8700-001b217b3468" }, "details": "Gitlab reports:\n\n> Source code disclosure merge request diff\n>\n> Todos improper access control\n>\n> URL rel attribute not set\n>\n> Persistent XSS Autocompletion\n>\n> SSRF repository mirroring\n>\n> CI job token LFS error message disclosure\n>\n> Secret CI variable exposure\n>\n> Guest user CI job disclosure\n>\n> Persistent XSS label reference\n>\n> Persistent XSS wiki in IE browser\n>\n> SSRF in project imports with LFS\n>\n> Improper access control CI/CD settings\n>\n> Missing authorization control merge requests\n>\n> Improper access control branches and tags\n>\n> Missing authentication for Prometheus alert endpoint\n", "id": "FreeBSD-2019-0001", "modified": "2019-01-02T00:00:00Z", "published": "2019-01-02T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://about.gitlab.com/2018/12/31/security-release-gitlab-11-dot-6-dot-1-released/" }, { "type": "WEB", "url": "https://about.gitlab.com/2018/12/31/security-release-gitlab-11-dot-6-dot-1-released/" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-20493" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-20492" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-20489" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-20490" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-20497" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-20495" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-20488" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-20494" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-20496" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-20491" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-20499" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-20500" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-20501" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-20498" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-20507" } ], "schema_version": "1.7.0", "summary": "Gitlab -- Multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "gitea" }, "ranges": [ { "events": [ { "fixed": "1.6.2" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://github.com/go-gitea/gitea/releases/tag/v1.6.2" ], "discovery": "2018-12-19T00:00:00Z", "vid": "29d34524-0542-11e9-a444-080027fee39c" }, "details": "The Gitea project reports:\n\n> Security\n>\n> - Sanitize uploaded file names\n> - HTMLEncode user added text\n", "id": "FreeBSD-2018-0309", "modified": "2018-12-21T00:00:00Z", "published": "2018-12-21T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://github.com/go-gitea/gitea/releases/tag/v1.6.2" }, { "type": "WEB", "url": "https://github.com/go-gitea/gitea/issues/5569" }, { "type": "WEB", "url": "https://github.com/go-gitea/gitea/issues/5565" } ], "schema_version": "1.7.0", "summary": "gitea -- privilege escalation, XSS" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "rpm4" }, "ranges": [ { "events": [ { "fixed": "4.14.2.1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "http://rpm.org/wiki/Releases/4.14.2.1" ], "discovery": "2018-10-22T00:00:00Z", "vid": "f8fe2905-0918-11e9-a550-00262d164c21" }, "details": "rpm4 reports:\n\n> Regression in -setperms, -setugids and -restore\n>\n> Note that this update can not automatically fix possible damage done\n> by using -setperms, -setugids or -restore with rpm 4.14.2, it merely\n> fixes the functionlity itself. Any damage needs to be investigated and\n> fixed manually, such as using -verify and -restore or reinstalling\n> packages.\n", "id": "FreeBSD-2018-0308", "modified": "2018-12-26T00:00:00Z", "published": "2018-12-26T00:00:00Z", "references": [ { "type": "REPORT", "url": "http://rpm.org/wiki/Releases/4.14.2.1" }, { "type": "WEB", "url": "http://rpm.org/wiki/Releases/4.14.2.1" } ], "schema_version": "1.7.0", "summary": "rpm4 -- regression in -setperms, -setugids and -restore" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "gitlab-ce" }, "ranges": [ { "events": [ { "introduced": "11.5.0" }, { "fixed": "11.5.5" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "11.4.0" }, { "fixed": "11.4.12" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "8.9.0" }, { "fixed": "11.3.14" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://about.gitlab.com/2018/12/20/critical-security-release-gitlab-11-dot-5-dot-5-released" ], "discovery": "2018-12-20T00:00:00Z", "references": { "cvename": [ "CVE-2018-20229" ] }, "vid": "70b774a8-05bc-11e9-87ad-001b217b3468" }, "details": "Gitlab reports:\n\n> Arbitrary File read in Gitlab project import\n", "id": "FreeBSD-2018-0307", "modified": "2018-12-22T00:00:00Z", "published": "2018-12-22T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://about.gitlab.com/2018/12/20/critical-security-release-gitlab-11-dot-5-dot-5-released" }, { "type": "WEB", "url": "https://about.gitlab.com/2018/12/20/critical-security-release-gitlab-11-dot-5-dot-5-released/" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-20229" } ], "schema_version": "1.7.0", "summary": "Gitlab -- Arbitrary File read in Gitlab project import" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "shibboleth-sp" }, "ranges": [ { "events": [ { "introduced": "3.0.0" }, { "fixed": "3.0.3" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://shibboleth.net/community/advisories/secadv_20181219a.txt" ], "discovery": "2018-12-19T00:00:00Z", "vid": "4f8665d0-0465-11e9-b77a-6cc21735f730" }, "details": "The Shibboleth Consortium reports:\n\n> SAML messages, assertions, and metadata all commonly contain date/time\n> information in a standard XML format.\n>\n> Invalid formatted data in such fields cause an exception of a type\n> that was not handled properly in the V3 software and causes a crash\n> (usually to the shibd daemon process, but possibly to Apache in rare\n> cases). Note that the crash occurs prior to evaluation of a message\\'s\n> authenticity, so can be exploited by an untrusted attacker.\n>\n> The problem is believed to be specific to the V3 software and would\n> not cause a crash in the older, now unsupported, V2 software.\n", "id": "FreeBSD-2018-0306", "modified": "2018-12-20T00:00:00Z", "published": "2018-12-20T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://shibboleth.net/community/advisories/secadv_20181219a.txt" }, { "type": "WEB", "url": "https://shibboleth.net/community/advisories/secadv_20181219a.txt" } ], "schema_version": "1.7.0", "summary": "shibboleth-sp -- crashes on malformed date/time content" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "couchdb" }, "ranges": [ { "events": [ { "fixed": "2.3.0,2" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "couchdb2" }, "ranges": [ { "events": [ { "fixed": "2.3.0" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://lists.apache.org/thread.html/..." ], "discovery": "2018-12-01T00:00:00Z", "references": { "cvename": [ "CVE-2018-17188" ] }, "vid": "1999a215-fc6b-11e8-8a95-ac1f6b67e138" }, "details": "Apache CouchDB PMC reports:\n\n> Database Administrator could achieve privilege escalation to the\n> account that CouchDB runs under, by abusing insufficient validation in\n> the HTTP API, escaping security controls implemented in previous\n> releases.\n", "id": "FreeBSD-2018-0305", "modified": "2018-12-13T00:00:00Z", "published": "2018-12-13T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://lists.apache.org/thread.html/..." }, { "type": "WEB", "url": "http://docs.couchdb.org/en/stable/cve/2018-17188.html" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-17188" } ], "schema_version": "1.7.0", "summary": "couchdb -- administrator privilege escalation" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "bro" }, "ranges": [ { "events": [ { "fixed": "2.6.1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://www.bro.org/download/NEWS.bro.html" ], "discovery": "2018-12-01T00:00:00Z", "vid": "b80f039d-579e-4b82-95ad-b534a709f220" }, "details": "Bro Network security Monitor reports:\n\n> Bro 2.6.1 updates the embedded SQLite to version 3.26.0 to address the\n> \\\"Magellan\\\" remote code execution vulnerability. The stock Bro\n> configuration/scripts don\\'t use SQLite by default, but custom user\n> scripts/packages may.\n", "id": "FreeBSD-2018-0304", "modified": "2018-12-20T00:00:00Z", "published": "2018-12-20T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://www.bro.org/download/NEWS.bro.html" }, { "type": "WEB", "url": "https://www.bro.org/download/NEWS.bro.html" } ], "schema_version": "1.7.0", "summary": "bro -- \"Magellan\" remote code execution vulnerability in bundled sqlite" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "FreeBSD" }, "ranges": [ { "events": [ { "introduced": "12.0" }, { "fixed": "12.0_1" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "11.2" }, { "fixed": "11.2_7" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "discovery": "2018-12-19T00:00:00Z", "references": { "cvename": [ "CVE-2018-1716" ], "freebsdsa": [ "SA-18:15.bootpd" ] }, "vid": "fa6a4a69-03d1-11e9-be12-a4badb2f4699" }, "details": "# Problem Description:\n\nDue to insufficient validation of network-provided data it may be\npossible for a malicious attacker to craft a bootp packet which could\ncause a stack buffer overflow.\n\n# Impact:\n\nIt is possible that the buffer overflow could lead to a Denial of\nService or remote code execution.\n", "id": "FreeBSD-2018-0303", "modified": "2018-12-19T00:00:00Z", "published": "2018-12-19T00:00:00Z", "references": [ { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-1716" }, { "type": "ADVISORY", "url": "https://www.freebsd.org/security/advisories/FreeBSD-SA-18:15.bootpd.asc" } ], "schema_version": "1.7.0", "summary": "FreeBSD -- bootpd buffer overflow" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "wordpress" }, "ranges": [ { "events": [ { "fixed": "5.0.1,1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "fr-wordpress" }, "ranges": [ { "events": [ { "fixed": "5.0.1,1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "de-wordpress" }, "ranges": [ { "events": [ { "fixed": "5.0.1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "zh_CN-wordpress" }, "ranges": [ { "events": [ { "fixed": "5.0.1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "zh_TW-wordpress" }, "ranges": [ { "events": [ { "fixed": "5.0.1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "ja-wordpress" }, "ranges": [ { "events": [ { "fixed": "5.0.1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "ru-wordpress" }, "ranges": [ { "events": [ { "fixed": "5.0.1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://wordpress.org/news/2018/12/wordpress-5-0-1-security-release/" ], "discovery": "2018-12-13T00:00:00Z", "vid": "4b98613c-0078-11e9-b05b-00e04c1ea73d" }, "details": "wordpress developers reports:\n\n> WordPress versions 5.0 and earlier are affected by the following bugs,\n> which are fixed in version 5.0.1. Updated versions of WordPress 4.9\n> and older releases are also available, for users who have not yet\n> updated to 5.0.\n>\n> Karim El Ouerghemmi discovered that authors could alter meta data to\n> delete files that they weren't authorized to.\n>\n> Simon Scannell of RIPS Technologies discovered that authors could\n> create posts of unauthorized post types with specially crafted input.\n>\n> Sam Thomas discovered that contributors could craft meta data in a way\n> that resulted in PHP object injection.\n>\n> Tim Coen discovered that contributors could edit new comments from\n> higher-privileged users, potentially leading to a cross-site scripting\n> vulnerability.\n>\n> Tim Coen also discovered that specially crafted URL inputs could lead\n> to a cross-site scripting vulnerability in some circumstances.\n> WordPress itself was not affected, but plugins could be in some\n> situations.\n>\n> Team Yoast discovered that the user activation screen could be indexed\n> by search engines in some uncommon configurations, leading to exposure\n> of email addresses, and in some rare cases, default generated\n> passwords.\n>\n> Tim Coen and Slavco discovered that authors on Apache-hosted sites\n> could upload specifically crafted files that bypass MIME verification,\n> leading to a cross-site scripting vulnerability.\n", "id": "FreeBSD-2018-0302", "modified": "2018-12-15T00:00:00Z", "published": "2018-12-15T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://wordpress.org/news/2018/12/wordpress-5-0-1-security-release/" }, { "type": "WEB", "url": "https://wordpress.org/news/2018/12/wordpress-5-0-1-security-release/" } ], "schema_version": "1.7.0", "summary": "wordpress -- multiple issues" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "mbedtls" }, "ranges": [ { "events": [ { "fixed": "2.14.1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://tls.mbed.org/tech-updates/security-advisories/mbedtls-security-advisory-2018-03" ], "discovery": "2018-11-28T00:00:00Z", "references": { "cvename": [ "CVE-2018-19608" ] }, "vid": "293f40a0-ffa1-11e8-b258-0011d823eebd" }, "details": "Janos Follath reports:\n\n> An attacker who can run code on the same machine that is performing an\n> RSA decryption can potentially recover the plaintext through a\n> Bleichenbacher-like oracle.\n", "id": "FreeBSD-2018-0301", "modified": "2018-12-14T00:00:00Z", "published": "2018-12-14T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://tls.mbed.org/tech-updates/security-advisories/mbedtls-security-advisory-2018-03" }, { "type": "WEB", "url": "https://tls.mbed.org/tech-updates/security-advisories/mbedtls-security-advisory-2018-03" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-19608" } ], "schema_version": "1.7.0", "summary": "Mbed TLS -- Local timing attack on RSA decryption" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "typo3-8" }, "ranges": [ { "events": [ { "fixed": "8.7.21" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "typo3-9" }, "ranges": [ { "events": [ { "fixed": "9.5.2" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://typo3.org/article/typo3-952-8721-and-7632-security-releases-published/" ], "discovery": "2018-12-11T00:00:00Z", "vid": "bab29816-ff93-11e8-b05b-00e04c1ea73d" }, "details": "Typo3 core team reports:\n\n> CKEditor 4.11 fixes an XSS vulnerability in the HTML parser reported\n> by maxarr. The vulnerability stemmed from the fact that it was\n> possible to execute XSS inside the CKEditor source area after\n> persuading the victim to: (i) switch CKEditor to source mode, then\n> (ii) paste a specially crafted HTML code, prepared by the attacker,\n> into the opened CKEditor source area, and (iii) switch back to WYSIWYG\n> mode. Although this is an unlikely scenario, we recommend to upgrade\n> to the latest editor version.\n>\n> Failing to properly encode user input, online media asset rendering\n> (\\*.youtube and \\*.vimeo files) is vulnerable to cross-site scripting.\n> A valid backend user account or write access on the server system\n> (e.g. SFTP) is needed in order to exploit this vulnerability.\n>\n> Failing to properly encode user input, notifications shown in modal\n> windows in the TYPO3 backend are vulnerable to cross-site scripting. A\n> valid backend user account is needed in order to exploit this\n> vulnerability.\n>\n> Failing to properly encode user input, login status display is\n> vulnerable to cross-site scripting in the website frontend. A valid\n> user account is needed in order to exploit this vulnerability - either\n> a backend user or a frontend user having the possibility to modify\n> their user profile.\n>\n> Template patterns that are affected are:\n>\n> - ###FEUSER\\_\\[fieldName\\]### using system extension felogin\n> - \\ for regular frontend rendering (pattern\n> can be defined individually using TypoScript setting\n> config.USERNAME_substToken)\n>\n> It has been discovered that cookies created in the Install Tool are\n> not hardened to be submitted only via HTTP. In combination with other\n> vulnerabilities such as cross-site scripting it can lead to hijacking\n> an active and valid session in the Install Tool.\n>\n> The Install Tool exposes the current TYPO3 version number to\n> non-authenticated users.\n>\n> Online Media Asset Handling (\\*.youtube and \\*.vimeo files) in the\n> TYPO3 backend is vulnerable to denial of service. Putting large files\n> with according file extensions results in high consumption of system\n> resources. This can lead to exceeding limits of the current PHP\n> process which results in a dysfunctional backend component. A valid\n> backend user account or write access on the server system (e.g. SFTP)\n> is needed in order to exploit this vulnerability.\n>\n> TYPO3's built-in record registration functionality (aka \"basic\n> shopping cart\") using recs URL parameters is vulnerable to denial of\n> service. Failing to properly ensure that anonymous user sessions are\n> valid, attackers can use this vulnerability in order to create an\n> arbitrary amount of individual session-data records in the database.\n", "id": "FreeBSD-2018-0300", "modified": "2018-12-14T00:00:00Z", "published": "2018-12-14T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://typo3.org/article/typo3-952-8721-and-7632-security-releases-published/" }, { "type": "WEB", "url": "https://typo3.org/article/typo3-952-8721-and-7632-security-releases-published/" } ], "schema_version": "1.7.0", "summary": "typo3 -- multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "gitlab-ce" }, "ranges": [ { "events": [ { "introduced": "11.5.0" }, { "fixed": "11.5.4" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "11.4.0" }, { "fixed": "11.4.11" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "11.0.0" }, { "fixed": "11.4.0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://about.gitlab.com/2018/12/13/critical-security-release-gitlab-11-dot-5-dot-4-released/" ], "discovery": "2018-12-13T00:00:00Z", "references": { "cvename": [ "CVE-2018-20144" ] }, "vid": "757e6ee8-ff91-11e8-a148-001b217b3468" }, "details": "Gitlab reports:\n\n> Arbitrary File read in GitLab project import with Git LFS\n", "id": "FreeBSD-2018-0299", "modified": "2018-12-14T00:00:00Z", "published": "2018-12-14T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://about.gitlab.com/2018/12/13/critical-security-release-gitlab-11-dot-5-dot-4-released/" }, { "type": "WEB", "url": "https://about.gitlab.com/2018/12/13/critical-security-release-gitlab-11-dot-5-dot-4-released/" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-20144" } ], "schema_version": "1.7.0", "summary": "Gitlab -- Arbitrary File read in GitLab project import with Git LFS" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "phpMyAdmin" }, "ranges": [ { "events": [ { "fixed": "4.8.4" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "phpMyAdmin-php56" }, "ranges": [ { "events": [ { "fixed": "4.8.4" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "phpMyAdmin-php70" }, "ranges": [ { "events": [ { "fixed": "4.8.4" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "phpMyAdmin-php71" }, "ranges": [ { "events": [ { "fixed": "4.8.4" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "phpMyAdmin-php72" }, "ranges": [ { "events": [ { "fixed": "4.8.4" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://www.phpmyadmin.net/security/PMASA-2018-6/", "https://www.phpmyadmin.net/security/PMASA-2018-7/", "https://www.phpmyadmin.net/security/PMASA-2018-8/" ], "discovery": "2018-12-11T00:00:00Z", "vid": "ed10ed3f-fddc-11e8-94cf-6805ca0b3d42" }, "details": "The phpMyAdmin development team reports:\n\n> ### Summary\n>\n> Local file inclusion through transformation feature\n>\n> ### Description\n>\n> A flaw has been found where an attacker can exploit phpMyAdmin to leak\n> the contents of a local file. The attacker must have access to the\n> phpMyAdmin Configuration Storage tables, although these can easily be\n> created in any database to which the attacker has access. An attacker\n> must have valid credentials to log in to phpMyAdmin; this\n> vulnerability does not allow an attacker to circumvent the login\n> system.\n>\n> ### Severity\n>\n> We consider this vulnerability to be severe.\n\n> ### Summary\n>\n> XSRF/CSRF vulnerability in phpMyAdmin\n>\n> ### Description\n>\n> By deceiving a user to click on a crafted URL, it is possible to\n> perform harmful SQL operations such as renaming databases, creating\n> new tables/routines, deleting designer pages, adding/deleting users,\n> updating user passwords, killing SQL processes, etc.\n>\n> ### Severity\n>\n> We consider this vulnerability to be of moderate severity.\n\n> ### Summary\n>\n> XSS vulnerability in navigation tree\n>\n> ### Description\n>\n> A Cross-Site Scripting vulnerability was found in the navigation tree,\n> where an attacker can deliver a payload to a user through a\n> specially-crafted database/table name.\n>\n> ### Severity\n>\n> We consider this attack to be of moderate severity.\n>\n> ### Mitigation factor\n>\n> The stored XSS vulnerabilities can be triggered only by someone who\n> logged in to phpMyAdmin, as the usual token protection prevents\n> non-logged-in users from accessing the required forms.\n", "id": "FreeBSD-2018-0298", "modified": "2018-12-12T00:00:00Z", "published": "2018-12-12T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://www.phpmyadmin.net/security/PMASA-2018-6/" }, { "type": "REPORT", "url": "https://www.phpmyadmin.net/security/PMASA-2018-7/" }, { "type": "REPORT", "url": "https://www.phpmyadmin.net/security/PMASA-2018-8/" }, { "type": "WEB", "url": "https://www.phpmyadmin.net/security/PMASA-2018-6/" }, { "type": "WEB", "url": "https://www.phpmyadmin.net/security/PMASA-2018-7/" }, { "type": "WEB", "url": "https://www.phpmyadmin.net/security/PMASA-2018-8/" } ], "schema_version": "1.7.0", "summary": "phpMyAdmin -- multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "firefox" }, "ranges": [ { "events": [ { "fixed": "64.0_3,1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "waterfox" }, "ranges": [ { "events": [ { "fixed": "56.2.6" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "seamonkey" }, "ranges": [ { "events": [ { "fixed": "2.53.0" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "linux-seamonkey" }, "ranges": [ { "events": [ { "fixed": "2.53.0" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "firefox-esr" }, "ranges": [ { "events": [ { "fixed": "60.4.0,1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "linux-firefox" }, "ranges": [ { "events": [ { "fixed": "60.4.0,2" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "libxul" }, "ranges": [ { "events": [ { "fixed": "60.4.0" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "thunderbird" }, "ranges": [ { "events": [ { "fixed": "60.4.0" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "linux-thunderbird" }, "ranges": [ { "events": [ { "fixed": "60.4.0" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://www.mozilla.org/en-US/security/advisories/mfsa2018-29/" ], "discovery": "2018-12-11T00:00:00Z", "references": { "cvename": [ "CVE-2018-12405", "CVE-2018-12406", "CVE-2018-12407", "CVE-2018-17466", "CVE-2018-18492", "CVE-2018-18493", "CVE-2018-18494", "CVE-2018-18495", "CVE-2018-18496", "CVE-2018-18497", "CVE-2018-18498" ] }, "vid": "d10b49b2-8d02-49e8-afde-0844626317af" }, "details": "Mozilla Foundation reports:\n\n> CVE-2018-12407: Buffer overflow with ANGLE library when using\n> VertexBuffer11 module\n>\n> CVE-2018-17466: Buffer overflow and out-of-bounds read in ANGLE\n> library with TextureStorage11\n>\n> CVE-2018-18492: Use-after-free with select element\n>\n> CVE-2018-18493: Buffer overflow in accelerated 2D canvas with Skia\n>\n> CVE-2018-18494: Same-origin policy violation using location attribute\n> and performance.getEntries to steal cross-origin URLs\n>\n> CVE-2018-18495: WebExtension content scripts can be loaded in about:\n> pages\n>\n> CVE-2018-18496: Embedded feed preview page can be abused for\n> clickjacking\n>\n> CVE-2018-18497: WebExtensions can load arbitrary URLs through pipe\n> separators\n>\n> CVE-2018-18498: Integer overflow when calculating buffer sizes for\n> images\n>\n> CVE-2018-12406: Memory safety bugs fixed in Firefox 64\n>\n> CVE-2018-12405: Memory safety bugs fixed in Firefox 64 and Firefox ESR\n> 60.4\n", "id": "FreeBSD-2018-0297", "modified": "2019-07-23T00:00:00Z", "published": "2018-12-11T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2018-29/" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-12405" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-12406" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-12407" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-17466" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-18492" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-18493" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-18494" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-18495" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-18496" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-18497" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-18498" }, { "type": "WEB", "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2018-29/" }, { "type": "WEB", "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2018-30/" } ], "schema_version": "1.7.0", "summary": "mozilla -- multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "FreeBSD" }, "ranges": [ { "events": [ { "introduced": "11.2" }, { "fixed": "11.2_6" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "discovery": "2018-12-04T00:00:00Z", "references": { "cvename": [ "CVE-2018-1716" ], "freebsdsa": [ "SA-18:14.bhyve" ] }, "vid": "32498c8f-fc84-11e8-be12-a4badb2f4699" }, "details": "# Problem Description:\n\nInsufficient bounds checking in one of the device models provided by\nbhyve(8) can permit a guest operating system to overwrite memory in the\nbhyve(8) processing possibly permitting arbitary code execution.\n\n# Impact:\n\nA guest OS using a firmware image can cause the bhyve process to crash,\nor possibly execute arbitrary code on the host as root.\n", "id": "FreeBSD-2018-0296", "modified": "2018-12-10T00:00:00Z", "published": "2018-12-10T00:00:00Z", "references": [ { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-1716" }, { "type": "ADVISORY", "url": "https://www.freebsd.org/security/advisories/FreeBSD-SA-18:14.bhyve.asc" } ], "schema_version": "1.7.0", "summary": "FreeBSD -- Insufficient bounds checking in bhyve(8) device model" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "FreeBSD" }, "ranges": [ { "events": [ { "introduced": "11.2" }, { "fixed": "11.2_5" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "discovery": "2018-11-27T00:00:00Z", "references": { "cvename": [ "CVE-2018-1715" ], "freebsdsa": [ "SA-18:13.nfs" ] }, "vid": "268a4289-fc84-11e8-be12-a4badb2f4699" }, "details": "# Problem Description:\n\nInsufficient and improper checking in the NFS server code could cause a\ndenial of service or possibly remote code execution via a specially\ncrafted network packet.\n\n# Impact:\n\nA remote attacker could cause the NFS server to crash, resulting in a\ndenial of service, or possibly execute arbitrary code on the server.\n", "id": "FreeBSD-2018-0295", "modified": "2018-12-10T00:00:00Z", "published": "2018-12-10T00:00:00Z", "references": [ { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-1715" }, { "type": "ADVISORY", "url": "https://www.freebsd.org/security/advisories/FreeBSD-SA-18:13.nfs.asc" } ], "schema_version": "1.7.0", "summary": "FreeBSD -- Multiple vulnerabilities in NFS server code" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "node6" }, "ranges": [ { "events": [ { "fixed": "6.15.0" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "node8" }, "ranges": [ { "events": [ { "fixed": "8.14.0" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "node10" }, "ranges": [ { "events": [ { "fixed": "10.14.0" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "node" }, "ranges": [ { "events": [ { "fixed": "11.3.0" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://nodejs.org/en/blog/vulnerability/november-2018-security-releases/" ], "discovery": "2018-11-27T00:00:00Z", "references": { "cvename": [ "CVE-2018-12120", "CVE-2018-12121", "CVE-2018-12122", "CVE-2018-12123", "CVE-2018-12116", "CVE-2018-0735", "CVE-2018-0734", "CVE-2018-5407" ] }, "vid": "2a86f45a-fc3c-11e8-a414-00155d006b02" }, "details": "Node.js reports:\n\n> Updates are now available for all active Node.js release lines. These\n> include fixes for the vulnerabilities identified in the initial\n> announcement. They also include upgrades of Node.js 6 and 8 to OpenSSL\n> 1.0.2q, and upgrades of Node.js 10 and 11 to OpenSSL 1.1.0j.\n>\n> We recommend that all Node.js users upgrade to a version listed below\n> as soon as possible.\n>\n> # Debugger port 5858 listens on any interface by default (CVE-2018-12120)\n>\n> All versions of Node.js 6 are vulnerable and the severity is HIGH.\n> When the debugger is enabled with `node --debug` or `node debug`, it\n> listens to port 5858 on all interfaces by default. This may allow\n> remote computers to attach to the debug port and evaluate arbitrary\n> JavaScript. The default interface is now localhost. It has always been\n> possible to start the debugger on a specific interface, such as\n> `node --debug=localhost`. The debugger was removed in Node.js 8 and\n> replaced with the inspector, so no versions from 8 and later are\n> vulnerable.\n>\n> # Denial of Service with large HTTP headers (CVE-2018-12121)\n>\n> All versions of 6 and later are vulnerable and the severity is HIGH.\n> By using a combination of many requests with maximum sized headers\n> (almost 80 KB per connection), and carefully timed completion of the\n> headers, it is possible to cause the HTTP server to abort from heap\n> allocation failure. Attack potential is mitigated by the use of a load\n> balancer or other proxy layer.\n>\n> The total size of HTTP headers received by Node.js now must not exceed\n> 8192 bytes.\n>\n> # \\\"Slowloris\\\" HTTP Denial of Service (CVE-2018-12122)\n>\n> All versions of Node.js 6 and later are vulnerable and the severity is\n> LOW. An attacker can cause a Denial of Service (DoS) by sending\n> headers very slowly keeping HTTP or HTTPS connections and associated\n> resources alive for a long period of time. Attack potential is\n> mitigated by the use of a load balancer or other proxy layer.\n>\n> A timeout of 40 seconds now applies to servers receiving HTTP headers.\n> This value can be adjusted with `server.headersTimeout`. Where headers\n> are not completely received within this period, the socket is\n> destroyed on the next received chunk. In conjunction with\n> `server.setTimeout()`, this aids in protecting against excessive\n> resource retention and possible Denial of Service.\n>\n> # Hostname spoofing in URL parser for javascript protocol (CVE-2018-12123)\n>\n> All versions of Node.js 6 and later are vulnerable and the severity is\n> LOW. If a Node.js application is using `url.parse()` to determine the\n> URL hostname, that hostname can be spoofed by using a mixed case\n> \\\"javascript:\\\" (e.g. \\\"javAscript:\\\") protocol (other protocols are\n> not affected). If security decisions are made about the URL based on\n> the hostname, they may be incorrect.\n>\n> # HTTP request splitting (CVE-2018-12116)\n>\n> Node.js 6 and 8 are vulnerable and the severity is MEDIUM. If Node.js\n> can be convinced to use unsanitized user-provided Unicode data for the\n> `path` option of an HTTP request, then data can be provided which will\n> trigger a second, unexpected, and user-defined HTTP request to made to\n> the same server.\n>\n> # OpenSSL Timing vulnerability in ECDSA signature generation (CVE-2018-0735)\n>\n> The OpenSSL ECDSA signature algorithm has been shown to be vulnerable\n> to a timing side-channel attack. An attacker could use variations in\n> the signing algorithm to recover the private key.\n>\n> # OpenSSL Timing vulnerability in DSA signature generation (CVE-2018-0734)\n>\n> The OpenSSL DSA signature algorithm has been shown to be vulnerable to\n> a timing side-channel attack. An attacker could use variations in the\n> signing algorithm to recover the private key.\n>\n> # OpenSSL Microarchitecture timing vulnerability in ECC scalar multiplication (CVE-2018-5407)\n>\n> OpenSSL ECC scalar multiplication, used in e.g. ECDSA and ECDH, has\n> been shown to be vulnerable to a microarchitecture timing side-channel\n> attack. An attacker with sufficient access to mount local timing\n> attacks during ECDSA signature generation could recover the private\n> key.\n", "id": "FreeBSD-2018-0294", "modified": "2018-12-10T00:00:00Z", "published": "2018-12-10T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://nodejs.org/en/blog/vulnerability/november-2018-security-releases/" }, { "type": "WEB", "url": "https://nodejs.org/en/blog/vulnerability/november-2018-security-releases/" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-12120" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-12121" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-12122" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-12123" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-12116" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-0735" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-0734" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-5407" } ], "schema_version": "1.7.0", "summary": "node.js -- multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "powerdns-recursor" }, "ranges": [ { "events": [ { "fixed": "4.1.8" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://doc.powerdns.com/recursor/changelog/4.1.html" ], "discovery": "2018-11-26T00:00:00Z", "references": { "cvename": [ "CVE-2018-16855" ] }, "vid": "f6d6308a-f2ec-11e8-b005-6805ca2fa271" }, "details": "powerdns Team reports:\n\n> CVE-2018-16855: An issue has been found in PowerDNS Recursor where a\n> remote attacker sending a DNS query can trigger an out-of-bounds\n> memory read while computing the hash of the query for a packet cache\n> lookup, possibly leading to a crash. When the PowerDNS Recursor is run\n> inside a supervisor like supervisord or systemd, a crash will lead to\n> an automatic restart, limiting the impact to a somewhat degraded\n> service.\n", "id": "FreeBSD-2018-0293", "modified": "2018-12-09T00:00:00Z", "published": "2018-12-09T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://doc.powerdns.com/recursor/changelog/4.1.html" }, { "type": "WEB", "url": "https://doc.powerdns.com/recursor/changelog/4.1.html" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-16855" } ], "schema_version": "1.7.0", "summary": "powerdns-recursor -- Crafted query can cause a denial of service" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "py-asyncssh" }, "ranges": [ { "events": [ { "fixed": "1.12.1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7749" ], "discovery": "2018-03-07T00:00:00Z", "vid": "0e8f496a-b498-11e8-bdcf-74d435e60b7c" }, "details": "mitre.org Reports:\n\n> The SSH server implementation of AsyncSSH before 1.12.1 does not\n> properly check whether authentication is completed before processing\n> other requests A customized SSH client can simply skip the\n> authentication step.\n", "id": "FreeBSD-2018-0292", "modified": "2018-12-08T00:00:00Z", "published": "2018-12-08T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7749" }, { "type": "ADVISORY", "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7749" } ], "schema_version": "1.7.0", "summary": "py-asyncssh -- Allows bypass of authentication" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "gitlab-ce" }, "ranges": [ { "events": [ { "introduced": "11.5.0" }, { "fixed": "11.5.3" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "11.4.0" }, { "fixed": "11.4.10" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "8.11.0" }, { "fixed": "11.3.12" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://about.gitlab.com/2018/12/06/critical-security-release-gitlab-11-dot-5-dot-3-released" ], "discovery": "2018-12-06T00:00:00Z", "references": { "cvename": [ "CVE-2018-19856" ] }, "vid": "9d3428d4-f98c-11e8-a148-001b217b3468" }, "details": "Gitlab reports:\n\n> Directory Traversal in Templates API\n", "id": "FreeBSD-2018-0291", "modified": "2018-12-06T00:00:00Z", "published": "2018-12-06T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://about.gitlab.com/2018/12/06/critical-security-release-gitlab-11-dot-5-dot-3-released" }, { "type": "WEB", "url": "https://about.gitlab.com/2018/12/06/critical-security-release-gitlab-11-dot-5-dot-3-released/" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-19856" } ], "schema_version": "1.7.0", "summary": "Gitlab -- Multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "linux-flashplayer" }, "ranges": [ { "events": [ { "fixed": "32.0.0.101" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://helpx.adobe.com/security/products/flash-player/apsb18-42.html" ], "discovery": "2018-12-05T00:00:00Z", "references": { "cvename": [ "CVE-2018-15982", "CVE-2018-15983" ] }, "vid": "49cbe200-f92a-11e8-a89d-d43d7ef03aa6" }, "details": "Adobe reports:\n\n> - This update resolves a use-after-free vulnerability that could lead\n> to arbitrary code execution (CVE-2018-15982).\n> - This update resolves an insecure library loading vulnerability that\n> could lead to privilege escalation (CVE-2018-15983).\n", "id": "FreeBSD-2018-0290", "modified": "2018-12-06T00:00:00Z", "published": "2018-12-06T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://helpx.adobe.com/security/products/flash-player/apsb18-42.html" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-15982" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-15983" }, { "type": "WEB", "url": "https://helpx.adobe.com/security/products/flash-player/apsb18-42.html" } ], "schema_version": "1.7.0", "summary": "Flash Player -- multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "jenkins" }, "ranges": [ { "events": [ { "fixed": "2.154" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "jenkins-lts" }, "ranges": [ { "events": [ { "fixed": "2.138.3" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://jenkins.io/security/advisory/2018-12-05/" ], "discovery": "2018-12-05T00:00:00Z", "vid": "3aa27226-f86f-11e8-a085-3497f683cb16" }, "details": "Jenkins Security Advisory:\n\n> # Description\n>\n> ##### (Critical) SECURITY-595\n>\n> Code execution through crafted URLs\n>\n> ##### (Medium) SECURITY-904\n>\n> Forced migration of user records\n>\n> ##### (Medium) SECURITY-1072\n>\n> Workspace browser allowed accessing files outside the workspace\n>\n> ##### (Medium) SECURITY-1193\n>\n> Potential denial of service through cron expression form validation\n", "id": "FreeBSD-2018-0289", "modified": "2018-12-05T00:00:00Z", "published": "2018-12-05T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://jenkins.io/security/advisory/2018-12-05/" }, { "type": "WEB", "url": "https://jenkins.io/security/advisory/2018-12-05/" } ], "schema_version": "1.7.0", "summary": "jenkins -- multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "moodle31" }, "ranges": [ { "events": [ { "fixed": "3.1.15" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "moodle33" }, "ranges": [ { "events": [ { "fixed": "3.3.9" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "moodle34" }, "ranges": [ { "events": [ { "fixed": "3.4.6" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "moodle35" }, "ranges": [ { "events": [ { "fixed": "3.5.3" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://moodle.org/mod/forum/discuss.php?d=378731" ], "discovery": "2018-11-06T00:00:00Z", "references": { "cvename": [ "CVE-2018-16854" ] }, "vid": "889e35f4-f6a0-11e8-82dc-fcaa147e860e" }, "details": "moodle reports:\n\n> The login form is not protected by a token to prevent login cross-site\n> request forgery.\n", "id": "FreeBSD-2018-0288", "modified": "2018-12-03T00:00:00Z", "published": "2018-12-03T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://moodle.org/mod/forum/discuss.php?d=378731" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-16854" }, { "type": "WEB", "url": "https://moodle.org/mod/forum/discuss.php?d=378731" } ], "schema_version": "1.7.0", "summary": "moodle -- Login CSRF vulnerability" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "rubygem-activejob4" }, "ranges": [ { "events": [ { "fixed": "4.2.11" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "rubygem-activejob5" }, "ranges": [ { "events": [ { "fixed": "5.1.6.1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "rubygem-activejob50" }, "ranges": [ { "events": [ { "fixed": "5.0.7.1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://weblog.rubyonrails.org/2018/11/27/Rails-4-2-5-0-5-1-5-2-have-been-released/" ], "discovery": "2018-11-27T00:00:00Z", "references": { "cvename": [ "CVE-2018-16476" ] }, "vid": "f96044a2-7df9-414b-9f6b-6e5b85d06c86" }, "details": "Ruby on Rails blog:\n\n> Rails 4.2.11, 5.0.7.1, 5.1.6.1 and 5.2.1.1 have been released! These\n> contain the following important security fixes, and it is recommended\n> that users upgrade as soon as possible\n>\n> CVE-2018-16476 Broken Access Control vulnerability in Active Job:\n> Carefully crafted user input can cause Active Job to deserialize it\n> using GlobalId and allow an attacker to have access to information\n> that they should not have.\n", "id": "FreeBSD-2018-0287", "modified": "2018-12-02T00:00:00Z", "published": "2018-12-02T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://weblog.rubyonrails.org/2018/11/27/Rails-4-2-5-0-5-1-5-2-have-been-released/" }, { "type": "WEB", "url": "https://weblog.rubyonrails.org/2018/11/27/Rails-4-2-5-0-5-1-5-2-have-been-released/" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-16476" } ], "schema_version": "1.7.0", "summary": "Rails -- Active Job vulnerability" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "uriparser" }, "ranges": [ { "events": [ { "fixed": "0.9.0" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://github.com/uriparser/uriparser/blob/uriparser-0.9.0/ChangeLog" ], "discovery": "2018-10-27T00:00:00Z", "references": { "cvename": [ "CVE-2018-19198", "CVE-2018-19199", "CVE-2018-19200" ] }, "vid": "3563fae5-f60c-11e8-b513-5404a68ad561" }, "details": "The upstream project reports:\n\n> \\* Fixed: Out-of-bounds write in uriComposeQuery\\* and\n> uriComposeQueryEx\\* Commit 864f5d4c127def386dd5cc926ad96934b297f04e\n> Thanks to Google Autofuzz team for the report!\n>\n> \\* Fixed: Detect integer overflow in uriComposeQuery\\* and\n> uriComposeQueryEx\\* Commit f76275d4a91b28d687250525d3a0c5509bbd666f\n> Thanks to Google Autofuzz team for the report!\n>\n> \\* Fixed: Protect uriResetUri\\* against acting on NULL input Commit\n> f58c25069cf4a986fe17a80c5b38687e31feb539\n", "id": "FreeBSD-2018-0286", "modified": "2018-12-02T00:00:00Z", "published": "2018-12-02T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://github.com/uriparser/uriparser/blob/uriparser-0.9.0/ChangeLog" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-19198" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-19199" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-19200" }, { "type": "WEB", "url": "https://github.com/uriparser/uriparser/blob/uriparser-0.9.0/ChangeLog" } ], "schema_version": "1.7.0", "summary": "uriparser -- Multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "messagelib" }, "ranges": [ { "events": [ { "fixed": "18.08.3_2" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://www.kde.org/info/security/advisory-20181128-1.txt" ], "discovery": "2018-11-28T00:00:00Z", "references": { "cvename": [ "CVE-2018-19516" ] }, "vid": "c7b1af20-f34f-11e8-9cde-e0d55e2a8bf9" }, "details": "Albert Astals Cid reports:\n\n> messagelib is the library used by KMail to display emails.\n>\n> messagelib by default displays emails as plain text, but gives the\n> user an option to \\\"Prefer HTML to plain text\\\" in the settings and if\n> that option is not enabled there is way to enable HTML display when an\n> email contains HTML.\n>\n> Some HTML emails can trick messagelib into opening a new browser\n> window when displaying said email as HTML.\n>\n> This happens even if the option to allow the HTML emails to access\n> remote servers is disabled in KMail settings.\n>\n> This means that the owners of the servers referred in the email can\n> see in their access logs your IP address.\n", "id": "FreeBSD-2018-0285", "modified": "2018-11-28T00:00:00Z", "published": "2018-11-28T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://www.kde.org/info/security/advisory-20181128-1.txt" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-19516" }, { "type": "WEB", "url": "https://www.kde.org/info/security/advisory-20181128-1.txt" } ], "schema_version": "1.7.0", "summary": "messagelib -- HTML email can open browser window automatically" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "payara" }, "ranges": [ { "events": [ { "introduced": "4.1.2.181.3" }, { "last_affected": "4.1.2.181.3" }, { "fixed": "4.1.2.181.3" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "4.1.2.182" }, { "last_affected": "4.1.2.182" }, { "fixed": "4.1.2.182" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "5.181.3" }, { "last_affected": "5.181.3" }, { "fixed": "5.181.3" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "5.182" }, { "last_affected": "5.182" }, { "fixed": "5.182" } ], "type": "ECOSYSTEM" } ], "versions": [ "4.1.2.181.3", "4.1.2.182", "5.181.3", "5.182" ] } ], "database_specific": { "cite": [ "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7489" ], "discovery": "2018-02-26T00:00:00Z", "references": { "cvename": [ "CVE-2018-7489" ] }, "vid": "93f8e0ff-f33d-11e8-be46-0019dbb15b3f" }, "details": "> FasterXML jackson-databind before 2.8.11.1 and 2.9.x before 2.9.5\n> allows unauthenticated remote code execution because of an incomplete\n> fix for the CVE-2017-7525 deserialization flaw. This is exploitable by\n> sending maliciously crafted JSON input to the readValue method of the\n> ObjectMapper, bypassing a blacklist that is ineffective if the c3p0\n> libraries are available in the classpath.\n", "id": "FreeBSD-2018-0284", "modified": "2018-11-28T00:00:00Z", "published": "2018-11-28T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7489" }, { "type": "ADVISORY", "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7489" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-7489" } ], "schema_version": "1.7.0", "summary": "payara -- Default typing issue in Jackson Databind" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "payara" }, "ranges": [ { "events": [ { "introduced": "4.1.2.174" }, { "last_affected": "4.1.2.174" }, { "fixed": "4.1.2.174" } ], "type": "ECOSYSTEM" } ], "versions": [ "4.1.2.174" ] } ], "database_specific": { "cite": [ "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12615" ], "discovery": "2017-08-07T00:00:00Z", "references": { "cvename": [ "CVE-2017-12615" ] }, "vid": "22bc5327-f33f-11e8-be46-0019dbb15b3f" }, "details": "> When running Apache Tomcat 7.0.0 to 7.0.79 on Windows with HTTP PUTs\n> enabled (e.g. via setting the readonly initialisation parameter of the\n> Default to false) it was possible to upload a JSP file to the server\n> via a specially crafted request. This JSP could then be requested and\n> any code it contained would be executed by the server.\n", "id": "FreeBSD-2018-0283", "modified": "2018-11-28T00:00:00Z", "published": "2018-11-28T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12615" }, { "type": "ADVISORY", "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12615" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-12615" } ], "schema_version": "1.7.0", "summary": "payara -- Code execution via crafted PUT requests to JSPs" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "payara" }, "ranges": [ { "events": [ { "introduced": "4.1.2.173" }, { "last_affected": "4.1.2.173" }, { "fixed": "4.1.2.173" } ], "type": "ECOSYSTEM" } ], "versions": [ "4.1.2.173" ] } ], "database_specific": { "cite": [ "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1000031", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3239", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3247", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3249", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3250", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5528" ], "discovery": "2016-06-16T00:00:00Z", "references": { "cvename": [ "CVE-2016-1000031", "CVE-2017-3239", "CVE-2017-3247", "CVE-2017-3249", "CVE-2017-3250", "CVE-2016-5528" ] }, "vid": "d70c9e18-f340-11e8-be46-0019dbb15b3f" }, "details": "> Apache Commons FileUpload before 1.3.3 DiskFileItem File Manipulation\n> Remote Code Execution.\n\n> Vulnerability in the Oracle GlassFish Server component of Oracle\n> Fusion Middleware (subcomponent: Administration). Supported versions\n> that are affected are 3.0.1 and 3.1.2. Easily exploitable\n> vulnerability allows low privileged attacker with logon to the\n> infrastructure where Oracle GlassFish Server executes to compromise\n> Oracle GlassFish Server. Successful attacks of this vulnerability can\n> result in unauthorized read access to a subset of Oracle GlassFish\n> Server accessible data. CVSS v3.0 Base Score 3.3 (Confidentiality\n> impacts).\n\n> Vulnerability in the Oracle GlassFish Server component of Oracle\n> Fusion Middleware (subcomponent: Core). Supported versions that are\n> affected are 2.1.1, 3.0.1 and 3.1.2. Easily exploitable vulnerability\n> allows unauthenticated attacker with network access via SMTP to\n> compromise Oracle GlassFish Server. Successful attacks require human\n> interaction from a person other than the attacker. Successful attacks\n> of this vulnerability can result in unauthorized update, insert or\n> delete access to some of Oracle GlassFish Server accessible data. CVSS\n> v3.0 Base Score 4.3 (Integrity impacts).\n\n> Vulnerability in the Oracle GlassFish Server component of Oracle\n> Fusion Middleware (subcomponent: Security). Supported versions that\n> are affected are 2.1.1, 3.0.1 and 3.1.2. Easily exploitable\n> vulnerability allows unauthenticated attacker with network access via\n> LDAP to compromise Oracle GlassFish Server. Successful attacks of this\n> vulnerability can result in unauthorized update, insert or delete\n> access to some of Oracle GlassFish Server accessible data as well as\n> unauthorized read access to a subset of Oracle GlassFish Server\n> accessible data and unauthorized ability to cause a partial denial of\n> service (partial DOS) of Oracle GlassFish Server. CVSS v3.0 Base Score\n> 7.3 (Confidentiality, Integrity and Availability impacts).\n\n> Vulnerability in the Oracle GlassFish Server component of Oracle\n> Fusion Middleware (subcomponent: Security). Supported versions that\n> are affected are 2.1.1, 3.0.1 and 3.1.2. Easily exploitable\n> vulnerability allows unauthenticated attacker with network access via\n> HTTP to compromise Oracle GlassFish Server. Successful attacks of this\n> vulnerability can result in unauthorized update, insert or delete\n> access to some of Oracle GlassFish Server accessible data as well as\n> unauthorized read access to a subset of Oracle GlassFish Server\n> accessible data and unauthorized ability to cause a partial denial of\n> service (partial DOS) of Oracle GlassFish Server. CVSS v3.0 Base Score\n> 7.3 (Confidentiality, Integrity and Availability impacts).\n\n> Vulnerability in the Oracle GlassFish Server component of Oracle\n> Fusion Middleware (subcomponent: Security). Supported versions that\n> are affected are 2.1.1, 3.0.1 and 3.1.2. Difficult to exploit\n> vulnerability allows unauthenticated attacker with network access via\n> multiple protocols to compromise Oracle GlassFish Server. While the\n> vulnerability is in Oracle GlassFish Server, attacks may significantly\n> impact additional products. Successful attacks of this vulnerability\n> can result in takeover of Oracle GlassFish Server. CVSS v3.0 Base\n> Score 9.0 (Confidentiality, Integrity and Availability impacts).\n", "id": "FreeBSD-2018-0282", "modified": "2018-11-28T00:00:00Z", "published": "2018-11-28T00:00:00Z", "references": [ { "type": "REPORT", "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1000031" }, { "type": "REPORT", "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3239" }, { "type": "REPORT", "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3247" }, { "type": "REPORT", "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3249" }, { "type": "REPORT", "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3250" }, { "type": "REPORT", "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5528" }, { "type": "WEB", "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1000031" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2016-1000031" }, { "type": "ADVISORY", "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3239" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-3239" }, { "type": "ADVISORY", "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3247" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-3247" }, { "type": "ADVISORY", "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3249" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-3249" }, { "type": "ADVISORY", "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3250" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-3250" }, { "type": "ADVISORY", "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5528" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2016-5528" } ], "schema_version": "1.7.0", "summary": "payara -- Multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "gitlab-ce" }, "ranges": [ { "events": [ { "introduced": "11.5.0" }, { "fixed": "11.5.1" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "11.4.0" }, { "fixed": "11.4.8" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "0" }, { "fixed": "11.3.11" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://about.gitlab.com/2018/11/28/security-release-gitlab-11-dot-5-dot-1-released" ], "discovery": "2018-11-28T00:00:00Z", "references": { "cvename": [ "CVE-2018-19494", "CVE-2018-19493", "CVE-2018-19495", "CVE-2018-19496", "CVE-2018-19577", "CVE-2018-19573", "CVE-2018-19570", "CVE-2018-19572", "CVE-2018-19576", "CVE-2018-19575", "CVE-2018-19569", "CVE-2018-19585", "CVE-2018-19574", "CVE-2018-19571", "CVE-2018-19580", "CVE-2018-19583", "CVE-2018-19582", "CVE-2018-19581", "CVE-2018-19584", "CVE-2018-19579", "CVE-2018-19578" ] }, "vid": "8a4aba2d-f33e-11e8-9416-001b217b3468" }, "details": "Gitlab reports:\n\n> View Names of Private Groups\n>\n> Persistent XSS in Environments\n>\n> SSRF in Prometheus integration\n>\n> Unauthorized Promotion of Milestones\n>\n> Exposure of Confidential Issue Title\n>\n> Persisent XSS in Markdown Fields via Mermaid Script\n>\n> Persistent XSS in Markdown Fields via Unrecognized HTML Tags\n>\n> Symlink Race Condition in Pages\n>\n> Unauthorized Changes by Guest User in Issues\n>\n> Unauthorized Comments on Locked Issues\n>\n> Improper Enforcement of Token Scope\n>\n> CRLF Injection in Project Mirroring\n>\n> XSS in OAuth Authorization\n>\n> SSRF in Webhooks\n>\n> Send Email on Email Address Change\n>\n> Workhorse Logs Contained Tokens\n>\n> Unauthorized Publishing of Draft Comments\n>\n> Guest Can Set Weight of a New Issue\n>\n> Disclosure of Private Group\\'s Members and Milestones\n>\n> Persisent XSS in Operations\n>\n> Reporter Can View Operations Page\n", "id": "FreeBSD-2018-0281", "modified": "2018-11-28T00:00:00Z", "published": "2018-11-28T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://about.gitlab.com/2018/11/28/security-release-gitlab-11-dot-5-dot-1-released" }, { "type": "WEB", "url": "https://about.gitlab.com/2018/11/28/security-release-gitlab-11-dot-5-dot-1-released/" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-19494" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-19493" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-19495" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-19496" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-19577" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-19573" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-19570" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-19572" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-19576" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-19575" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-19569" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-19585" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-19574" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-19571" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-19580" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-19583" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-19582" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-19581" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-19584" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-19579" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-19578" } ], "schema_version": "1.7.0", "summary": "Gitlab -- Multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "samba46" }, "ranges": [ { "events": [ { "last_affected": "4.6.16" }, { "fixed": "4.6.16" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "samba47" }, "ranges": [ { "events": [ { "fixed": "4.7.12" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "samba48" }, "ranges": [ { "events": [ { "fixed": "4.8.7" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "samba49" }, "ranges": [ { "events": [ { "fixed": "4.9.3" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://www.samba.org/samba/security/CVE-2018-14629.html", "https://www.samba.org/samba/security/CVE-2018-16841.html", "https://www.samba.org/samba/security/CVE-2018-16851.html", "https://www.samba.org/samba/security/CVE-2018-16852.html", "https://www.samba.org/samba/security/CVE-2018-16853.html", "https://www.samba.org/samba/security/CVE-2018-16857.html" ], "discovery": "2018-08-14T00:00:00Z", "references": { "cvename": [ "CVE-2018-14629", "CVE-2018-16841", "CVE-2018-16851", "CVE-2018-16852", "CVE-2018-16853", "CVE-2018-16857" ] }, "vid": "54976998-f248-11e8-81e2-005056a311d1" }, "details": "The samba project reports:\n\n> All versions of Samba from 4.0.0 onwards are vulnerable to infinite\n> query recursion caused by CNAME loops. Any dns record can be added via\n> ldap by an unprivileged user using the ldbadd tool, so this is a\n> security issue.\n\n> When configured to accept smart-card authentication, Samba\\'s KDC will\n> call talloc_free() twice on the same memory if the principal in a\n> validly signed certificate does not match the principal in the AS-REQ.\n\n> During the processing of an LDAP search before Samba\\'s AD DC returns\n> the LDAP entries to the client, the entries are cached in a single\n> memory object with a maximum size of 256MB. When this size is reached,\n> the Samba process providing the LDAP service will follow the NULL\n> pointer, terminating the process.\n\n> During the processing of an DNS zone in the DNS management DCE/RPC\n> server, the internal DNS server or the Samba DLZ plugin for BIND9, if\n> the DSPROPERTY_ZONE_MASTER_SERVERS property or\n> DSPROPERTY_ZONE_SCAVENGING_SERVERS property is set, the server will\n> follow a NULL pointer and terminate\n\n> A user in a Samba AD domain can crash the KDC when Samba is built in\n> the non-default MIT Kerberos configuration.\n\n> AD DC Configurations watching for bad passwords (to restrict brute\n> forcing of passwords) in a window of more than 3 minutes may not watch\n> for bad passwords at all.\n", "id": "FreeBSD-2018-0280", "modified": "2018-08-14T00:00:00Z", "published": "2018-08-14T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://www.samba.org/samba/security/CVE-2018-14629.html" }, { "type": "REPORT", "url": "https://www.samba.org/samba/security/CVE-2018-16841.html" }, { "type": "REPORT", "url": "https://www.samba.org/samba/security/CVE-2018-16851.html" }, { "type": "REPORT", "url": "https://www.samba.org/samba/security/CVE-2018-16852.html" }, { "type": "REPORT", "url": "https://www.samba.org/samba/security/CVE-2018-16853.html" }, { "type": "REPORT", "url": "https://www.samba.org/samba/security/CVE-2018-16857.html" }, { "type": "WEB", "url": "https://www.samba.org/samba/security/CVE-2018-14629.html" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-14629" }, { "type": "WEB", "url": "https://www.samba.org/samba/security/CVE-2018-16841.html" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-16841" }, { "type": "WEB", "url": "https://www.samba.org/samba/security/CVE-2018-16851.html" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-16851" }, { "type": "WEB", "url": "https://www.samba.org/samba/security/CVE-2018-16852.html" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-16852" }, { "type": "WEB", "url": "https://www.samba.org/samba/security/CVE-2018-16853.html" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-16853" }, { "type": "WEB", "url": "https://www.samba.org/samba/security/CVE-2018-16857.html" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-16857" } ], "schema_version": "1.7.0", "summary": "samba -- multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "php56-imap" }, "ranges": [ { "events": [ { "fixed": "5.6.38_1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "php70-imap" }, "ranges": [ { "events": [ { "fixed": "0" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "php71-imap" }, "ranges": [ { "events": [ { "fixed": "0" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "php72-imap" }, "ranges": [ { "events": [ { "fixed": "0" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "php73-imap" }, "ranges": [ { "events": [ { "fixed": "0" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://bugs.php.net/bug.php?id=77153" ], "discovery": "2018-10-23T00:00:00Z", "vid": "ec49f6b5-ee39-11e8-b2f4-74d435b63d51" }, "details": "The PHP team reports:\n\n> imap_open allows to run arbitrary shell commands via mailbox\n> parameter.\n", "id": "FreeBSD-2018-0279", "modified": "2018-11-22T00:00:00Z", "published": "2018-11-22T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://bugs.php.net/bug.php?id=77153" }, { "type": "WEB", "url": "https://bugs.php.net/bug.php?id=77153" } ], "schema_version": "1.7.0", "summary": "php-imap -- imap_open allows to run arbitrary shell commands via mailbox parameter" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "phpmailer" }, "ranges": [ { "events": [ { "fixed": "5.2.27" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "phpmailer6" }, "ranges": [ { "events": [ { "fixed": "6.0.6" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://github.com/PHPMailer/PHPMailer/releases/tag/v6.0.6" ], "discovery": "2018-11-16T00:00:00Z", "references": { "cvename": [ "CVE-2018-19296" ] }, "vid": "b036faba-edd8-11e8-b3b7-00e04c1ea73d" }, "details": "The PHPMailer Team reports:\n\n> CVE-2018-19296:Fix potential object injection vulnerability.\n", "id": "FreeBSD-2018-0278", "modified": "2018-11-23T00:00:00Z", "published": "2018-11-21T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://github.com/PHPMailer/PHPMailer/releases/tag/v6.0.6" }, { "type": "WEB", "url": "https://github.com/PHPMailer/PHPMailer/releases/tag/v5.2.27" }, { "type": "WEB", "url": "https://github.com/PHPMailer/PHPMailer/releases/tag/v6.0.6" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-19296" } ], "schema_version": "1.7.0", "summary": "phpmailer -- Multiple vulnerability" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "linux-flashplayer" }, "ranges": [ { "events": [ { "fixed": "31.0.0.153" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://helpx.adobe.com/security/products/flash-player/apsb18-44.html" ], "discovery": "2018-11-20T00:00:00Z", "references": { "cvename": [ "CVE-2018-15981" ] }, "vid": "8f128c72-ecf9-11e8-aa00-6451062f0f7a" }, "details": "Adobe reports:\n\n> - This update resolves a type confusion vulnerability that could lead\n> to arbitrary code execution (CVE-2018-15981).\n", "id": "FreeBSD-2018-0277", "modified": "2018-11-20T00:00:00Z", "published": "2018-11-20T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://helpx.adobe.com/security/products/flash-player/apsb18-44.html" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-15981" }, { "type": "WEB", "url": "https://helpx.adobe.com/security/products/flash-player/apsb18-44.html" } ], "schema_version": "1.7.0", "summary": "Flash Player -- arbitrary code execution" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "gitlab-ce" }, "ranges": [ { "events": [ { "introduced": "11.4.0" }, { "fixed": "11.4.6" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "8.9.0" }, { "fixed": "11.3.10" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://about.gitlab.com/2018/11/19/critical-security-release-gitlab-11-dot-4-dot-6-released/" ], "discovery": "2018-11-19T00:00:00Z", "references": { "cvename": [ "CVE-2018-18643", "CVE-2018-19359" ] }, "vid": "d889d32c-ecd9-11e8-9416-001b217b3468" }, "details": "Gitlab reports:\n\n> Persistent XSS Autocompletion\n>\n> Unauthorized service template creation\n", "id": "FreeBSD-2018-0276", "modified": "2018-11-20T00:00:00Z", "published": "2018-11-20T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://about.gitlab.com/2018/11/19/critical-security-release-gitlab-11-dot-4-dot-6-released/" }, { "type": "WEB", "url": "https://about.gitlab.com/2018/11/19/critical-security-release-gitlab-11-dot-4-dot-6-released/" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-18643" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-19359" } ], "schema_version": "1.7.0", "summary": "Gitlab -- Multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "powerdns" }, "ranges": [ { "events": [ { "fixed": "4.1.5" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://doc.powerdns.com/authoritative/changelog/4.1.html" ], "discovery": "2018-11-06T00:00:00Z", "references": { "cvename": [ "CVE-2018-10851", "CVE-2018-14626" ] }, "vid": "0aee2f13-ec1d-11e8-8c92-6805ca2fa271" }, "details": "PowerDNS Team reports:\n\n> CVE-2018-10851: An issue has been found in PowerDNS Authoritative\n> Server allowing an authorized user to cause a memory leak by inserting\n> a specially crafted record in a zone under their control, then sending\n> a DNS query for that record. The issue is due to the fact that some\n> memory is allocated before the parsing and is not always properly\n> released if the record is malformed. When the PowerDNS Authoritative\n> Server is run inside the guardian (\\--guardian), or inside a\n> supervisor like supervisord or systemd, an out-of-memory crash will\n> lead to an automatic restart, limiting the impact to a somewhat\n> degraded service.\n>\n> CVE-2018-14626: An issue has been found in PowerDNS Authoritative\n> Server allowing a remote user to craft a DNS query that will cause an\n> answer without DNSSEC records to be inserted into the packet cache and\n> be returned to clients asking for DNSSEC records, thus hiding the\n> presence of DNSSEC signatures for a specific qname and qtype. For a\n> DNSSEC-signed domain, this means that DNSSEC validating clients will\n> consider the answer to be bogus until it expires from the packet\n> cache, leading to a denial of service.\n", "id": "FreeBSD-2018-0275", "modified": "2018-11-19T00:00:00Z", "published": "2018-11-19T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://doc.powerdns.com/authoritative/changelog/4.1.html" }, { "type": "WEB", "url": "https://doc.powerdns.com/authoritative/changelog/4.1.html" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-10851" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-14626" } ], "schema_version": "1.7.0", "summary": "powerdns -- Multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "powerdns-recursor" }, "ranges": [ { "events": [ { "fixed": "4.1.7" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "powerdns-recursor40" }, "ranges": [ { "events": [ { "fixed": "4.0.9" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://doc.powerdns.com/recursor/changelog/4.1.html" ], "discovery": "2018-11-06T00:00:00Z", "references": { "cvename": [ "CVE-2018-10851", "CVE-2018-14626", "CVE-2018-14644" ] }, "vid": "e9aa0e4c-ea8b-11e8-a5b7-00e04c1ea73d" }, "details": "powerdns Team reports:\n\n> CVE-2018-10851: An issue has been found in PowerDNS Recursor allowing\n> a malicious authoritative server to cause a memory leak by sending\n> specially crafted records. The issue is due to the fact that some\n> memory is allocated before the parsing and is not always properly\n> released if the record is malformed. When the PowerDNS Recursor is run\n> inside a supervisor like supervisord or systemd, an out-of-memory\n> crash will lead to an automatic restart, limiting the impact to a\n> somewhat degraded service.\n>\n> CVE-2018-14626: An issue has been found in PowerDNS Recursor allowing\n> a remote user to craft a DNS query that will cause an answer without\n> DNSSEC records to be inserted into the packet cache and be returned to\n> clients asking for DNSSEC records, thus hiding the presence of DNSSEC\n> signatures for a specific qname and qtype. For a DNSSEC-signed domain,\n> this means that clients performing DNSSEC validation by themselves\n> might consider the answer to be bogus until it expires from the packet\n> cache, leading to a denial of service.\n>\n> CVE-2018-14644: An issue has been found in PowerDNS Recursor where a\n> remote attacker sending a DNS query for a meta-type like OPT can lead\n> to a zone being wrongly cached as failing DNSSEC validation. It only\n> arises if the parent zone is signed, and all the authoritative servers\n> for that parent zone answer with FORMERR to a query for at least one\n> of the meta-types. As a result, subsequent queries from clients\n> requesting DNSSEC validation will be answered with a ServFail.\n", "id": "FreeBSD-2018-0274", "modified": "2018-11-19T00:00:00Z", "published": "2018-11-17T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://doc.powerdns.com/recursor/changelog/4.1.html" }, { "type": "WEB", "url": "https://doc.powerdns.com/recursor/changelog/4.1.html" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-10851" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-14626" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-14644" } ], "schema_version": "1.7.0", "summary": "powerdns-recursor -- Multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "asterisk15" }, "ranges": [ { "events": [ { "fixed": "15.6.1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "asterisk16" }, "ranges": [ { "events": [ { "fixed": "16.0.1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "http://www.asterisk.org/downloads/security-advisories" ], "discovery": "2018-10-23T00:00:00Z", "vid": "c6fb2734-e835-11e8-b14b-001999f8d30b" }, "details": "The Asterisk project reports:\n\n> There is a buffer overflow vulnerability in dns_srv and dns_naptr\n> functions of Asterisk that allows an attacker to crash Asterisk via a\n> specially crafted DNS SRV or NAPTR response. The attackers request\n> causes Asterisk to segfault and crash.\n", "id": "FreeBSD-2018-0273", "modified": "2018-11-14T00:00:00Z", "published": "2018-11-14T00:00:00Z", "references": [ { "type": "REPORT", "url": "http://www.asterisk.org/downloads/security-advisories" }, { "type": "WEB", "url": "https://downloads.asterisk.org/pub/security/AST-2018-010.html" } ], "schema_version": "1.7.0", "summary": "asterisk -- Remote crash vulnerability DNS SRV and NAPTR lookups" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "linux-flashplayer" }, "ranges": [ { "events": [ { "fixed": "31.0.0.148" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://helpx.adobe.com/security/products/flash-player/apsb18-39.html" ], "discovery": "2018-11-13T00:00:00Z", "references": { "cvename": [ "CVE-2018-15978" ] }, "vid": "b69292e8-e798-11e8-ae07-6451062f0f7a" }, "details": "Adobe reports:\n\n> - This update resolves a out-of-bounds vulnerability that could lead\n> to information disclosure (CVE-2018-15978).\n", "id": "FreeBSD-2018-0272", "modified": "2018-11-13T00:00:00Z", "published": "2018-11-13T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://helpx.adobe.com/security/products/flash-player/apsb18-39.html" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-15978" }, { "type": "WEB", "url": "https://helpx.adobe.com/security/products/flash-player/apsb18-39.html" } ], "schema_version": "1.7.0", "summary": "Flash Player -- information disclosure" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "openssl" }, "ranges": [ { "events": [ { "fixed": "1.0.2p_2" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://www.openssl.org/news/secadv/20181112.txt" ], "discovery": "2018-11-12T00:00:00Z", "references": { "cvename": [ "CVE-2018-5407" ] }, "vid": "6f170cf2-e6b7-11e8-a9a8-b499baebfeaf" }, "details": "The OpenSSL project reports:\n\n> Microarchitecture timing vulnerability in ECC scalar multiplication.\n> Severity: Low\\\n> OpenSSL ECC scalar multiplication, used in e.g. ECDSA and ECDH, has\n> been shown to be vulnerable to a microarchitecture timing side channel\n> attack. An attacker with sufficient access to mount local timing\n> attacks during ECDSA signature generation could recover the private\n> key.\n", "id": "FreeBSD-2018-0271", "modified": "2018-11-12T00:00:00Z", "published": "2018-11-12T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://www.openssl.org/news/secadv/20181112.txt" }, { "type": "WEB", "url": "https://www.openssl.org/news/secadv/20181112.txt" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-5407" } ], "schema_version": "1.7.0", "summary": "OpenSSL -- timing vulnerability" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "kio-extras" }, "ranges": [ { "events": [ { "fixed": "18.08.3_2" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://www.kde.org/info/security/advisory-20181012-1.txt" ], "discovery": "2018-11-12T00:00:00Z", "references": { "cvename": [ "CVE-2018-19120" ] }, "vid": "1460aa25-e6ab-11e8-a733-e0d55e2a8bf9" }, "details": "Albert Astals Cid reports:\n\n> Various KDE applications share a plugin system to create thumbnails of\n> various file types for displaying in file managers, file dialogs, etc.\n> kio-extras contains a thumbnailer plugin for HTML files.\n>\n> The HTML thumbnailer was incorrectly accessing some content of remote\n> URLs listed in HTML files. This meant that the owners of the servers\n> referred in HTML files in your system could have seen in their access\n> logs your IP address every time the thumbnailer tried to create the\n> thumbnail.\n>\n> The HTML thumbnailer has been removed in upcoming KDE Applications\n> 18.12.0 because it was actually not creating thumbnails for files at\n> all.\n", "id": "FreeBSD-2018-0270", "modified": "2018-11-12T00:00:00Z", "published": "2018-11-12T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://www.kde.org/info/security/advisory-20181012-1.txt" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-19120" }, { "type": "WEB", "url": "https://www.kde.org/info/security/advisory-20181012-1.txt" } ], "schema_version": "1.7.0", "summary": "kio-extras -- HTML Thumbnailer automatic remote file access" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "patch" }, "ranges": [ { "events": [ { "fixed": "2.7.6_1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://nvd.nist.gov/vuln/detail/CVE-2018-6951", "https://nvd.nist.gov/vuln/detail/CVE-2018-6952", "https://nvd.nist.gov/vuln/detail/CVE-2018-1000156" ], "discovery": "2018-04-16T00:00:00Z", "references": { "cvename": [ "CVE-2018-6951", "CVE-2018-6952", "CVE-2018-1000156" ] }, "vid": "791841a3-d484-4878-8909-92ef9ce424f4" }, "details": "NVD reports:\n\n> An issue was discovered in GNU patch through 2.7.6. There is a\n> segmentation fault, associated with a NULL pointer dereference,\n> leading to a denial of service in the intuit_diff_type function in\n> pch.c, aka a \\\"mangled rename\\\" issue.\n\n> A double free exists in the another_hunk function in pch.c in GNU\n> patch through 2.7.6.\n\n> GNU Patch version 2.7.6 contains an input validation vulnerability\n> when processing patch files, specifically the EDITOR_PROGRAM\n> invocation (using ed) can result in code execution. This attack appear\n> to be exploitable via a patch file processed via the patch utility.\n> This is similar to FreeBSD\\'s CVE-2015-1418 however although they\n> share a common ancestry the code bases have diverged over time.\n", "id": "FreeBSD-2018-0269", "modified": "2018-11-11T00:00:00Z", "published": "2018-11-11T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-6951" }, { "type": "REPORT", "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-6952" }, { "type": "REPORT", "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-1000156" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-6951" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-6952" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-1000156" }, { "type": "WEB", "url": "https://savannah.gnu.org/bugs/?53132" }, { "type": "WEB", "url": "https://savannah.gnu.org/bugs/?53133" }, { "type": "WEB", "url": "https://savannah.gnu.org/bugs/?53566" } ], "schema_version": "1.7.0", "summary": "patch -- multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "lighttpd" }, "ranges": [ { "events": [ { "fixed": "1.4.51" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://www.lighttpd.net/2018/10/14/1.4.51/" ], "discovery": "2018-08-26T00:00:00Z", "references": { "freebsdpr": [ "ports/232278" ] }, "vid": "92a6efd0-e40d-11e8-ada4-408d5cf35399" }, "details": "Lighttpd Project reports:\n\n> Security fixes for Lighttpd:\n>\n> - security: process headers after combining folded headers\n", "id": "FreeBSD-2018-0268", "modified": "2018-11-09T00:00:00Z", "published": "2018-11-09T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://www.lighttpd.net/2018/10/14/1.4.51/" }, { "type": "WEB", "url": "https://www.lighttpd.net/2018/10/14/1.4.51/" }, { "type": "REPORT", "url": "https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=232278" } ], "schema_version": "1.7.0", "summary": "lighttpd - use-after-free vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "postgresql10-server" }, "ranges": [ { "events": [ { "fixed": "10.6" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "postgresql96-server" }, "ranges": [ { "events": [ { "fixed": "9.6.11" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "postgresql95-server" }, "ranges": [ { "events": [ { "fixed": "9.5.15" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "postgresql94-server" }, "ranges": [ { "events": [ { "fixed": "9.4.20" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "postgresql93-server" }, "ranges": [ { "events": [ { "fixed": "9.3.25" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://www.postgresql.org/about/news/1878/" ], "discovery": "2018-11-08T00:00:00Z", "references": { "cvename": [ "CVE-2018-16850" ] }, "vid": "1c27a706-e3aa-11e8-b77a-6cc21735f730" }, "details": "The PostgreSQL project reports:\n\n> CVE-2018-16850: SQL injection in pg_upgrade and pg_dump, via CREATE\n> TRIGGER \\... REFERENCING.\n>\n> Using a purpose-crafted trigger definition, an attacker can run\n> arbitrary SQL statements with superuser privileges when a superuser\n> runs pg_upgrade on the database or during a pg_dump dump/restore\n> cycle. This attack requires a CREATE privilege on some non-temporary\n> schema or a TRIGGER privilege on a table. This is exploitable in the\n> default PostgreSQL configuration, where all users have CREATE\n> privilege on public schema.\n", "id": "FreeBSD-2018-0267", "modified": "2018-11-08T00:00:00Z", "published": "2018-11-08T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://www.postgresql.org/about/news/1878/" }, { "type": "WEB", "url": "https://www.postgresql.org/about/news/1905/" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-16850" } ], "schema_version": "1.7.0", "summary": "PostgreSQL -- SQL injection in pg_upgrade and pg_dump" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "nginx" }, "ranges": [ { "events": [ { "fixed": "1.14.1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "nginx-devel" }, "ranges": [ { "events": [ { "fixed": "1.15.6" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "http://nginx.org/en/security_advisories.html" ], "discovery": "2018-11-06T00:00:00Z", "references": { "cvename": [ "CVE-2018-16843", "CVE-2018-16844", "CVE-2018-16845" ] }, "vid": "84ca56be-e1de-11e8-bcfd-00e04c1ea73d" }, "details": "NGINX Team reports:\n\n> Two security issues were identified in nginx HTTP/2 implementation,\n> which might cause excessive memory consumption (CVE-2018-16843) and\n> CPU usage (CVE-2018-16844).\n>\n> The issues affect nginx compiled with the ngx_http_v2_module (not\n> compiled by default) if the \\\"http2\\\" option of the \\\"listen\\\"\n> directive is used in a configuration file.\n>\n> A security issue was identified in the ngx_http_mp4_module, which\n> might allow an attacker to cause infinite loop in a worker process,\n> cause a worker process crash, or might result in worker process memory\n> isclosure by using a specially crafted mp4 file (CVE-2018-16845).\n>\n> The issue only affects nginx if it is built with the\n> ngx_http_mp4_module (the module is not built by default) and the\n> \\\"mp4\\\" directive is used in the configuration file. Further, the\n> attack is only possible if an attacker is able to trigger processing\n> of a specially crafted mp4 file with the ngx_http_mp4_module.\n", "id": "FreeBSD-2018-0266", "modified": "2018-11-06T00:00:00Z", "published": "2018-11-06T00:00:00Z", "references": [ { "type": "REPORT", "url": "http://nginx.org/en/security_advisories.html" }, { "type": "WEB", "url": "http://nginx.org/en/security_advisories.html" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-16843" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-16844" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-16845" } ], "schema_version": "1.7.0", "summary": "NGINX -- Multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "gitea" }, "ranges": [ { "events": [ { "fixed": "1.5.3" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://blog.gitea.io/2018/10/gitea-1.5.3-is-released/" ], "discovery": "2018-10-25T00:00:00Z", "vid": "deb4f633-de1d-11e8-a9fb-080027f43a02" }, "details": "The Gitea project reports:\n\n> \\[This release\\] contains crit\\[i\\]cal security fix for vulnerability\n> that could potentially allow for authorized users to do remote code\n> ex\\[e\\]cution.\n", "id": "FreeBSD-2018-0265", "modified": "2018-11-01T00:00:00Z", "published": "2018-11-01T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://blog.gitea.io/2018/10/gitea-1.5.3-is-released/" }, { "type": "WEB", "url": "https://github.com/go-gitea/gitea/pull/5177" }, { "type": "WEB", "url": "https://github.com/go-gitea/gitea/pull/5196" }, { "type": "WEB", "url": "https://github.com/go-macaron/session/commit/084f1e5c1071f585902a7552b483cee04bc00a14" } ], "schema_version": "1.7.0", "summary": "gitea -- remote code exeution" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "curl" }, "ranges": [ { "events": [ { "introduced": "7.14.1" }, { "fixed": "7.60.0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://curl.haxx.se/docs/security.html" ], "discovery": "2018-10-31T00:00:00Z", "references": { "cvename": [ "CVE-2018-16839", "CVE-2018-16840", "CVE-2018-16842" ] }, "vid": "e0ab1773-07c1-46c6-9170-4c5e81c00927" }, "details": "curl security problems:\n\n> CVE-2018-16839: SASL password overflow via integer overflow\n>\n> libcurl contains a buffer overrun in the SASL authentication code.\n>\n> The internal function Curl_auth_create_plain_message fails to\n> correctly verify that the passed in lengths for name and password\n> aren\\'t too long, then calculates a buffer size to allocate.\n>\n> On systems with a 32 bit size_t, the math to calculate the buffer size\n> triggers an integer overflow when the user name length exceeds 2GB\n> (2\\^31 bytes). This integer overflow usually causes a very small\n> buffer to actually get allocated instead of the intended very huge\n> one, making the use of that buffer end up in a heap buffer overflow.\n>\n> This bug is very similar to CVE-2017-14618.\n>\n> It affects curl 7.33.0 to 7.61.1.\n>\n> CVE-2018-16840: use-after-free in handle close\n>\n> libcurl contains a heap use-after-free flaw in code related to closing\n> an easy handle.\n>\n> When closing and cleaning up an \\\"easy\\\" handle in the Curl_close()\n> function, the library code first frees a struct (without nulling the\n> pointer) and might then subsequently erroneously write to a struct\n> field within that already freed struct.\n>\n> It affects curl 7.59.0 to 7.61.1.\n>\n> CVE-2018-16842: warning message out-of-buffer read\n>\n> curl contains a heap out of buffer read vulnerability.\n>\n> The command line tool has a generic function for displaying warning\n> and informational messages to stderr for various situations. For\n> example if an unknown command line argument is used, or passed to it\n> in a \\\"config\\\" file.\n>\n> This display function formats the output to wrap at 80 columns. The\n> wrap logic is however flawed, so if a single word in the message is\n> itself longer than 80 bytes the buffer arithmetic calculates the\n> remainder wrong and will end up reading behind the end of the buffer.\n> This could lead to information disclosure or crash.\n>\n> This vulnerability could lead to a security issue if used in this or\n> similar situations:\n>\n> 1\\. a server somewhere uses the curl command line to run something\n>\n> 2\\. if it fails, it shows stderr to the user\n>\n> 3\\. the server takes user input for parts of its command line input\n>\n> 4\\. user provides something overly long that triggers this crash\n>\n> 5\\. the stderr output may now contain user memory contents that\n> wasn\\'t meant to be available\n>\n> It affects curl 7.14.1 to 7.61.1.\n", "id": "FreeBSD-2018-0264", "modified": "2018-11-01T00:00:00Z", "published": "2018-11-01T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://curl.haxx.se/docs/security.html" }, { "type": "WEB", "url": "https://curl.haxx.se/docs/security.html" }, { "type": "WEB", "url": "https://curl.haxx.se/docs/CVE-2018-16839.html" }, { "type": "WEB", "url": "https://curl.haxx.se/docs/CVE-2018-16840.html" }, { "type": "WEB", "url": "https://curl.haxx.se/docs/CVE-2018-16842.html" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-16839" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-16840" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-16842" } ], "schema_version": "1.7.0", "summary": "curl -- multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "gitlab-ce" }, "ranges": [ { "events": [ { "introduced": "11.4.0" }, { "fixed": "11.4.4" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "11.3.0" }, { "fixed": "11.3.9" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "11.0.0" }, { "fixed": "11.2.8" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://about.gitlab.com/2018/11/01/critical-security-release-gitlab-11-dot-4-dot-4-released/" ], "discovery": "2018-11-01T00:00:00Z", "references": { "cvename": [ "CVE-2018-18843" ] }, "vid": "b51d9e83-de08-11e8-9416-001b217b3468" }, "details": "The GitLab Team reports:\n\n> SSRF in Kubernetes integration\n", "id": "FreeBSD-2018-0263", "modified": "2018-11-01T00:00:00Z", "published": "2018-11-01T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://about.gitlab.com/2018/11/01/critical-security-release-gitlab-11-dot-4-dot-4-released/" }, { "type": "WEB", "url": "https://about.gitlab.com/2018/11/01/critical-security-release-gitlab-11-dot-4-dot-4-released/" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-18843" } ], "schema_version": "1.7.0", "summary": "Gitlab -- SSRF in Kubernetes integration" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "rubygem-loofah" }, "ranges": [ { "events": [ { "fixed": "2.2.3" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://github.com/flavorjones/loofah/issues/154" ], "discovery": "2018-10-30T00:00:00Z", "references": { "cvename": [ "CVE-2018-16468" ] }, "vid": "36a2a89e-7ee1-4ea4-ae22-7ca38019c8d0" }, "details": "GitHub issue:\n\n> This issue has been created for public disclosure of an XSS\n> vulnerability that was responsibly reported (independently) by Shubham\n> Pathak and \\@yasinS (Yasin Soliman).\n>\n> In the Loofah gem, through v2.2.2, unsanitized JavaScript may occur in\n> sanitized output when a crafted SVG element is republished.\n", "id": "FreeBSD-2018-0262", "modified": "2018-11-01T00:00:00Z", "published": "2018-11-01T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://github.com/flavorjones/loofah/issues/154" }, { "type": "WEB", "url": "https://github.com/flavorjones/loofah/releases" }, { "type": "WEB", "url": "https://github.com/flavorjones/loofah/issues/154" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-16468" } ], "schema_version": "1.7.0", "summary": "Loofah -- XSS vulnerability" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "gitlab-ce" }, "ranges": [ { "events": [ { "introduced": "11.4.0" }, { "fixed": "11.4.3" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "11.3.0" }, { "fixed": "11.3.8" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "5.3.0" }, { "fixed": "11.2.7" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://about.gitlab.com/2018/10/29/security-release-gitlab-11-dot-4-dot-3-released/" ], "discovery": "2018-10-29T00:00:00Z", "references": { "cvename": [ "CVE-2018-18649", "CVE-2018-18646", "CVE-2018-18641", "CVE-2018-18648", "CVE-2018-18643", "CVE-2018-18640", "CVE-2018-18645", "CVE-2018-18642", "CVE-2018-18644", "CVE-2018-18647" ] }, "vid": "b9591212-dba7-11e8-9416-001b217b3468" }, "details": "Gitlab reports:\n\n> RCE in Gitlab Wiki API\n>\n> SSRF in Hipchat integration\n>\n> Cleartext storage of personal access tokens\n>\n> Information exposure through stack trace error message\n>\n> Persistent XSS autocomplete\n>\n> Information exposure in stored browser history\n>\n> Information exposure when replying to issues through email\n>\n> Persistent XSS in License Management and Security Reports\n>\n> Metrics information disclosure in Prometheus integration\n>\n> Unauthorized changes to a protected branch\\'s access levels\n", "id": "FreeBSD-2018-0261", "modified": "2018-10-29T00:00:00Z", "published": "2018-10-29T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://about.gitlab.com/2018/10/29/security-release-gitlab-11-dot-4-dot-3-released/" }, { "type": "WEB", "url": "https://about.gitlab.com/2018/10/29/security-release-gitlab-11-dot-4-dot-3-released/" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-18649" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-18646" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-18641" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-18648" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-18643" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-18640" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-18645" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-18642" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-18644" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-18647" } ], "schema_version": "1.7.0", "summary": "Gitlab -- multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "openssl-devel" }, "ranges": [ { "events": [ { "fixed": "1.1.0i_1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "openssl111" }, "ranges": [ { "events": [ { "fixed": "1.1.1_2" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "libressl" }, "ranges": [ { "events": [ { "introduced": "2.8.0" }, { "fixed": "2.8.3" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "libressl-devel" }, "ranges": [ { "events": [ { "introduced": "2.8.0" }, { "fixed": "2.8.3" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://www.openssl.org/news/secadv/20181029.txt" ], "discovery": "2018-10-29T00:00:00Z", "references": { "cvename": [ "CVE-2018-0735", "CVE-2018-0734" ] }, "vid": "238ae7de-dba2-11e8-b713-b499baebfeaf" }, "details": "The OpenSSL project reports:\n\n> Timing vulnerability in ECDSA signature generation (CVE-2018-0735):\n> The OpenSSL ECDSA signature algorithm has been shown to be vulnerable\n> to a timing side channel attack. An attacker could use variations in\n> the signing algorithm to recover the private key (Low).\n>\n> Timing vulnerability in DSA signature generation (CVE-2018-0734):\n> Avoid a timing attack that leaks information via a side channel that\n> triggers when a BN is resized. Increasing the size of the BNs prior to\n> doing anything with them suppresses the attack (Low).\n", "id": "FreeBSD-2018-0260", "modified": "2018-11-10T00:00:00Z", "published": "2018-10-29T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://www.openssl.org/news/secadv/20181029.txt" }, { "type": "WEB", "url": "https://www.openssl.org/news/secadv/20181029.txt" }, { "type": "WEB", "url": "https://github.com/openssl/openssl/commit/8abfe72e" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-0735" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-0734" } ], "schema_version": "1.7.0", "summary": "OpenSSL -- Multiple vulnerabilities in 1.1 branch" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "liveMedia" }, "ranges": [ { "events": [ { "fixed": "2018.10.17,2" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://talosintelligence.com/vulnerability_reports/TALOS-2018-0684" ], "discovery": "2018-10-18T00:00:00Z", "references": { "cvename": [ "CVE-2018-4013" ] }, "vid": "fa194483-dabd-11e8-bf39-5404a68ad561" }, "details": "Talos reports:\n\n> An exploitable code execution vulnerability exists in the HTTP\n> packet-parsing functionality of the LIVE555 RTSP server library. A\n> specially crafted packet can cause a stack-based buffer overflow,\n> resulting in code execution. An attacker can send a packet to trigger\n> this vulnerability.\n", "id": "FreeBSD-2018-0259", "modified": "2018-10-28T00:00:00Z", "published": "2018-10-28T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2018-0684" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-4013" }, { "type": "WEB", "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2018-0684" }, { "type": "WEB", "url": "http://lists.live555.com/pipermail/live-devel/2018-October/021071.html" } ], "schema_version": "1.7.0", "summary": "liveMedia -- potential remote code execution" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "mini_httpd" }, "ranges": [ { "events": [ { "fixed": "1.30" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "http://acme.com/updates/archive/211.html" ], "discovery": "2018-10-26T00:00:00Z", "vid": "33c384f3-5af6-4662-9741-0acb21c7e499" }, "details": "Jef Poskanzer reports:\n\n> Prior versions allowed remote users to read arbitrary files in some\n> circumstances.\n", "id": "FreeBSD-2018-0258", "modified": "2018-10-26T00:00:00Z", "published": "2018-10-26T00:00:00Z", "references": [ { "type": "REPORT", "url": "http://acme.com/updates/archive/211.html" }, { "type": "WEB", "url": "http://acme.com/updates/archive/211.html" } ], "schema_version": "1.7.0", "summary": "mini_httpd -- disclose arbitrary files is some circumstances" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "py27-salt" }, "ranges": [ { "events": [ { "fixed": "2017.7.8" }, { "introduced": "0" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "2018.3.0" }, { "fixed": "2018.3.3" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "py32-salt" }, "ranges": [ { "events": [ { "fixed": "2017.7.8" }, { "introduced": "0" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "2018.3.0" }, { "fixed": "2018.3.3" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "py33-salt" }, "ranges": [ { "events": [ { "fixed": "2017.7.8" }, { "introduced": "0" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "2018.3.0" }, { "fixed": "2018.3.3" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "py34-salt" }, "ranges": [ { "events": [ { "fixed": "2017.7.8" }, { "introduced": "0" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "2018.3.0" }, { "fixed": "2018.3.3" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "py35-salt" }, "ranges": [ { "events": [ { "fixed": "2017.7.8" }, { "introduced": "0" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "2018.3.0" }, { "fixed": "2018.3.3" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "py36-salt" }, "ranges": [ { "events": [ { "fixed": "2017.7.8" }, { "introduced": "0" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "2018.3.0" }, { "fixed": "2018.3.3" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "py37-salt" }, "ranges": [ { "events": [ { "fixed": "2017.7.8" }, { "introduced": "0" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "2018.3.0" }, { "fixed": "2018.3.3" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://docs.saltstack.com/en/latest/topics/releases/2018.3.3.html" ], "discovery": "2018-10-24T00:00:00Z", "references": { "cvename": [ "CVE-2018-15751", "CVE-2018-15750" ] }, "vid": "4f7c6af3-6a2c-4ead-8453-04e509688d45" }, "details": "SaltStack reports:\n\n> Remote command execution and incorrect access control when using\n> salt-api.\n>\n> Directory traversal vulnerability when using salt-api. Allows an\n> attacker to determine what files exist on a server when querying /run\n> or /events.\n", "id": "FreeBSD-2018-0257", "modified": "2018-10-27T00:00:00Z", "published": "2018-10-27T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://docs.saltstack.com/en/latest/topics/releases/2018.3.3.html" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-15751" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-15750" }, { "type": "WEB", "url": "https://docs.saltstack.com/en/latest/topics/releases/2018.3.3.html" }, { "type": "WEB", "url": "https://docs.saltstack.com/en/2017.7/topics/releases/2017.7.8.html" } ], "schema_version": "1.7.0", "summary": "salt -- multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "firefox" }, "ranges": [ { "events": [ { "fixed": "63.0_1,1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "waterfox" }, "ranges": [ { "events": [ { "fixed": "56.2.5" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "seamonkey" }, "ranges": [ { "events": [ { "fixed": "2.53.0" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "linux-seamonkey" }, "ranges": [ { "events": [ { "fixed": "2.53.0" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "firefox-esr" }, "ranges": [ { "events": [ { "fixed": "60.3.0,1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "linux-firefox" }, "ranges": [ { "events": [ { "fixed": "60.3.0,2" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "libxul" }, "ranges": [ { "events": [ { "fixed": "60.3.0" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "thunderbird" }, "ranges": [ { "events": [ { "fixed": "60.3.0" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "linux-thunderbird" }, "ranges": [ { "events": [ { "fixed": "60.3.0" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://www.mozilla.org/en-US/security/advisories/mfsa2018-26/" ], "discovery": "2018-10-23T00:00:00Z", "references": { "cvename": [ "CVE-2018-12388", "CVE-2018-12390", "CVE-2018-12391", "CVE-2018-12392", "CVE-2018-12393", "CVE-2018-12395", "CVE-2018-12396", "CVE-2018-12397", "CVE-2018-12398", "CVE-2018-12399", "CVE-2018-12400", "CVE-2018-12401", "CVE-2018-12402", "CVE-2018-12403" ] }, "vid": "7c3a02b9-3273-4426-a0ba-f90fad2ff72e" }, "details": "Mozilla Foundation reports:\n\n> CVE-2018-12391: HTTP Live Stream audio data is accessible cross-origin\n>\n> CVE-2018-12392: Crash with nested event loops\n>\n> CVE-2018-12393: Integer overflow during Unicode conversion while\n> loading JavaScript\n>\n> CVE-2018-12395: WebExtension bypass of domain restrictions through\n> header rewriting\n>\n> CVE-2018-12396: WebExtension content scripts can execute in disallowed\n> contexts\n>\n> CVE-2018-12397:\n>\n> CVE-2018-12398: CSP bypass through stylesheet injection in resource\n> URIs\n>\n> CVE-2018-12399: Spoofing of protocol registration notification bar\n>\n> CVE-2018-12400: Favicons are cached in private browsing mode on\n> Firefox for Android\n>\n> CVE-2018-12401: DOS attack through special resource URI parsing\n>\n> CVE-2018-12402: SameSite cookies leak when pages are explicitly saved\n>\n> CVE-2018-12403: Mixed content warning is not displayed when HTTPS page\n> loads a favicon over HTTP\n>\n> CVE-2018-12388: Memory safety bugs fixed in Firefox 63\n>\n> CVE-2018-12390: Memory safety bugs fixed in Firefox 63 and Firefox ESR\n> 60.3\n", "id": "FreeBSD-2018-0256", "modified": "2019-07-23T00:00:00Z", "published": "2018-10-23T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2018-26/" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-12388" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-12390" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-12391" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-12392" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-12393" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-12395" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-12396" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-12397" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-12398" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-12399" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-12400" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-12401" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-12402" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-12403" }, { "type": "WEB", "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2018-26/" }, { "type": "WEB", "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2018-27/" } ], "schema_version": "1.7.0", "summary": "mozilla -- multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "drupal7" }, "ranges": [ { "events": [ { "fixed": "7.60" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "drupal8" }, "ranges": [ { "events": [ { "fixed": "8.6.2" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://www.drupal.org/SA-CORE-2018-006" ], "discovery": "2018-10-17T00:00:00Z", "vid": "140a14b5-d615-11e8-b3cb-00e04c1ea73d" }, "details": "Drupal Security Team reports:\n\n> he path module allows users with the \\'administer paths\\' to create\n> pretty URLs for content. In certain circumstances the user can enter a\n> particular path that triggers an open redirect to a malicious url.The\n> issue is mitigated by the fact that the user needs the administer\n> paths permission to exploit.\n>\n> When sending email some variables were not being sanitized for shell\n> arguments, which could lead to remote code execution.\n", "id": "FreeBSD-2018-0255", "modified": "2018-11-04T00:00:00Z", "published": "2018-10-22T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://www.drupal.org/SA-CORE-2018-006" }, { "type": "WEB", "url": "https://www.drupal.org/SA-CORE-2018-006" } ], "schema_version": "1.7.0", "summary": "drupal -- Drupal Core - Multiple Vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "ruby" }, "ranges": [ { "events": [ { "introduced": "2.3.0,1" }, { "fixed": "2.3.8,1" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "2.4.0,1" }, { "fixed": "2.4.5,1" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "2.5.0,1" }, { "fixed": "2.5.2,1" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://www.ruby-lang.org/en/news/2018/10/17/ruby-2-5-2-released/" ], "discovery": "2018-10-17T00:00:00Z", "references": { "cvename": [ "CVE-2018-16395", "CVE-2018-16396" ] }, "vid": "afc60484-0652-440e-b01a-5ef814747f06" }, "details": "Ruby news:\n\n> CVE-2018-16395: OpenSSL::X509::Name equality check does not work\n> correctly\n>\n> An instance of OpenSSL::X509::Name contains entities such as CN, C and\n> so on. Some two instances of OpenSSL::X509::Name are equal only when\n> all entities are exactly equal. However, there is a bug that the\n> equality check is not correct if the value of an entity of the\n> argument (right-hand side) starts with the value of the receiver\n> (left-hand side). So, if a malicious X.509 certificate is passed to\n> compare with an existing certificate, there is a possibility to be\n> judged incorrectly that they are equal.\n>\n> CVE-2018-16396: Tainted flags are not propagated in Array#pack and\n> String#unpack with some directives\n>\n> Array#pack method converts the receiver\\'s contents into a string with\n> specified format. If the receiver contains some tainted objects, the\n> returned string also should be tainted. String#unpack method which\n> converts the receiver into an array also should propagate its tainted\n> flag to the objects contained in the returned array. But, with B, b, H\n> and h directives, the tainted flags are not propagated. So, if a\n> script processes unreliable inputs by Array#pack and/or String#unpack\n> with these directives and checks the reliability with tainted flags,\n> the check might be wrong.\n", "id": "FreeBSD-2018-0254", "modified": "2018-10-20T00:00:00Z", "published": "2018-10-20T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://www.ruby-lang.org/en/news/2018/10/17/ruby-2-5-2-released/" }, { "type": "WEB", "url": "https://www.ruby-lang.org/en/news/2018/10/17/ruby-2-5-2-released/" }, { "type": "WEB", "url": "https://www.ruby-lang.org/en/news/2018/10/17/openssl-x509-name-equality-check-does-not-work-correctly-cve-2018-16395/" }, { "type": "WEB", "url": "https://www.ruby-lang.org/en/news/2018/10/17/not-propagated-taint-flag-in-some-formats-of-pack-cve-2018-16396/" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-16395" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-16396" } ], "schema_version": "1.7.0", "summary": "ruby -- multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "mariadb55-server" }, "ranges": [ { "events": [ { "fixed": "5.5.62" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "mariadb100-server" }, "ranges": [ { "events": [ { "fixed": "10.0.37" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "mariadb101-server" }, "ranges": [ { "events": [ { "fixed": "10.1.37" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "mariadb102-server" }, "ranges": [ { "events": [ { "fixed": "10.2.19" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "mariadb103-server" }, "ranges": [ { "events": [ { "fixed": "10.3.11" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "mysql55-server" }, "ranges": [ { "events": [ { "fixed": "5.5.62" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "mysql56-server" }, "ranges": [ { "events": [ { "fixed": "5.6.42" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "mysql57-server" }, "ranges": [ { "events": [ { "fixed": "5.7.24" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "mysql80-server" }, "ranges": [ { "events": [ { "fixed": "8.0.13" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "percona55-server" }, "ranges": [ { "events": [ { "fixed": "5.5.62" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "percona56-server" }, "ranges": [ { "events": [ { "fixed": "5.6.42" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "percona57-server" }, "ranges": [ { "events": [ { "fixed": "5.7.24" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html#AppendixMSQL" ], "discovery": "2018-10-16T00:00:00Z", "references": { "cvename": [ "CVE-2016-9843", "CVE-2018-3155", "CVE-2018-3143", "CVE-2018-3156", "CVE-2018-3251", "CVE-2018-3182", "CVE-2018-3137", "CVE-2018-3203", "CVE-2018-3133", "CVE-2018-3145", "CVE-2018-3144", "CVE-2018-3185", "CVE-2018-3195", "CVE-2018-3247", "CVE-2018-3187", "CVE-2018-3174", "CVE-2018-3171", "CVE-2018-3277", "CVE-2018-3162", "CVE-2018-3173", "CVE-2018-3200", "CVE-2018-3170", "CVE-2018-3212", "CVE-2018-3280", "CVE-2018-3186", "CVE-2018-3161", "CVE-2018-3278", "CVE-2018-3279", "CVE-2018-3282", "CVE-2018-3284", "CVE-2018-3283", "CVE-2018-3286" ] }, "vid": "ec5072b0-d43a-11e8-a6d2-b499baebfeaf" }, "details": "Oracle reports:\n\n> Please reference CVE/URL list for details\n", "id": "FreeBSD-2018-0253", "modified": "2018-11-08T00:00:00Z", "published": "2018-10-20T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html#AppendixMSQL" }, { "type": "WEB", "url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html#AppendixMSQL" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2016-9843" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-3155" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-3143" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-3156" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-3251" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-3182" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-3137" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-3203" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-3133" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-3145" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-3144" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-3185" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-3195" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-3247" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-3187" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-3174" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-3171" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-3277" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-3162" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-3173" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-3200" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-3170" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-3212" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-3280" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-3186" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-3161" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-3278" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-3279" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-3282" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-3284" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-3283" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-3286" } ], "schema_version": "1.7.0", "summary": "MySQL -- multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "matomo" }, "ranges": [ { "events": [ { "fixed": "3.6.1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://matomo.org/changelog/matomo-3-6-1/" ], "discovery": "2018-10-18T00:00:00Z", "vid": "44864c84-d3b8-11e8-b3cb-00e04c1ea73d" }, "details": "Matomo reports:\n\n> Several XSS issues have been fixed thanks to the great work of\n> security researchers who responsible disclosed issues to us.\n", "id": "FreeBSD-2018-0252", "modified": "2018-10-19T00:00:00Z", "published": "2018-10-19T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://matomo.org/changelog/matomo-3-6-1/" }, { "type": "WEB", "url": "https://matomo.org/changelog/matomo-3-6-1/" } ], "schema_version": "1.7.0", "summary": "matomo -- XSS vulnerability" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "libssh" }, "ranges": [ { "events": [ { "introduced": "0.6" }, { "fixed": "0.7.6" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "0.8" }, { "fixed": "0.8.4" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://www.libssh.org/2018/10/16/libssh-0-8-4-and-0-7-6-security-and-bugfix-release/" ], "discovery": "2018-10-16T00:00:00Z", "references": { "cvename": [ "CVE-2018-10933" ] }, "vid": "2383767c-d224-11e8-9623-a4badb2f4699" }, "details": "gladiac reports:\n\n> libssh versions 0.6 and above have an authentication bypass\n> vulnerability in the server code. By presenting the server an\n> SSH2_MSG_USERAUTH_SUCCESS message in place of the\n> SSH2_MSG_USERAUTH_REQUEST message which the server would expect to\n> initiate authentication, the attacker could successfully authentciate\n> without any credentials.\n", "id": "FreeBSD-2018-0251", "modified": "2018-10-17T00:00:00Z", "published": "2018-10-17T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://www.libssh.org/2018/10/16/libssh-0-8-4-and-0-7-6-security-and-bugfix-release/" }, { "type": "WEB", "url": "https://www.libssh.org/2018/10/16/libssh-0-8-4-and-0-7-6-security-and-bugfix-release/" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-10933" } ], "schema_version": "1.7.0", "summary": "libssh -- authentication bypass vulnerability" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "libgit2" }, "ranges": [ { "events": [ { "fixed": "0.27.5" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://github.com/libgit2/libgit2/releases/tag/v0.27.5" ], "discovery": "2018-10-05T00:00:00Z", "references": { "cvename": [ "CVE-2018-17456" ] }, "vid": "8c08ab4c-d06c-11e8-b35c-001b217b3468" }, "details": "The Git community reports:\n\n> Multiple vulnerabilities.\n", "id": "FreeBSD-2018-0250", "modified": "2018-10-15T00:00:00Z", "published": "2018-10-15T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://github.com/libgit2/libgit2/releases/tag/v0.27.5" }, { "type": "WEB", "url": "https://github.com/libgit2/libgit2/releases/tag/v0.27.5" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-17456" } ], "schema_version": "1.7.0", "summary": "Libgit2 -- multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "toxcore" }, "ranges": [ { "events": [ { "fixed": "0.2.8,1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://blog.tox.chat/2018/10/memory-leak-bug-and-new-toxcore-release-fixing-it/" ], "discovery": "2018-09-29T00:00:00Z", "vid": "4c11b51e-cd8d-11e8-b0cb-a0f3c100ae18" }, "details": "The Tox project blog reports:\n\n> A memory leak bug was discovered in Toxcore that can be triggered\n> remotely to exhaust one's system memory, resulting in a denial of\n> service attack. The bug is present in the TCP Server module of Toxcore\n> and therefore it affects mostly bootstrap nodes. Regular Tox clients\n> generally have the TCP Server functionality disabled by default,\n> leaving them unaffected.\n", "id": "FreeBSD-2018-0249", "modified": "2018-10-11T00:00:00Z", "published": "2018-10-11T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://blog.tox.chat/2018/10/memory-leak-bug-and-new-toxcore-release-fixing-it/" }, { "type": "WEB", "url": "https://blog.tox.chat/2018/10/memory-leak-bug-and-new-toxcore-release-fixing-it/" } ], "schema_version": "1.7.0", "summary": "Memory leak bug in Toxcore" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "gitea" }, "ranges": [ { "events": [ { "fixed": "1.5.2" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://github.com/go-gitea/gitea/issues/4357" ], "discovery": "2018-10-01T00:00:00Z", "vid": "cb539d4e-cd68-11e8-8819-00e04c1ea73d" }, "details": "Gitea project reports:\n\n> CSRF Vulnerability on API.\n>\n> Enforce token on api routes.\n", "id": "FreeBSD-2018-0248", "modified": "2018-10-11T00:00:00Z", "published": "2018-10-11T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://github.com/go-gitea/gitea/issues/4357" }, { "type": "WEB", "url": "https://github.com/go-gitea/gitea/issues/4357" }, { "type": "WEB", "url": "ttps://github.com/go-gitea/gitea/pull/4840" } ], "schema_version": "1.7.0", "summary": "gitea -- multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "jenkins" }, "ranges": [ { "events": [ { "fixed": "2.146" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "jenkins-lts" }, "ranges": [ { "events": [ { "fixed": "2.138.2" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://jenkins.io/security/advisory/2018-10-10/" ], "discovery": "2018-10-10T00:00:00Z", "vid": "3350275d-cd5a-11e8-a7be-3497f683cb16" }, "details": "Jenkins Security Advisory:\n\n> # Description\n>\n> ##### (Low) SECURITY-867\n>\n> Path traversal vulnerability in Stapler allowed accessing internal\n> data\n>\n> ##### (Medium) SECURITY-1074\n>\n> Arbitrary file write vulnerability using file parameter definitions\n>\n> ##### (Medium) SECURITY-1129\n>\n> Reflected XSS vulnerability\n>\n> ##### (Medium) SECURITY-1162\n>\n> Ephemeral user record was created on some invalid authentication\n> attempts\n>\n> ##### (Medium) SECURITY-1128\n>\n> Ephemeral user record creation\n>\n> ##### (Medium) SECURITY-1158\n>\n> Session fixation vulnerability on user signup\n>\n> ##### (Medium) SECURITY-765\n>\n> Failures to process form submission data could result in secrets being\n> displayed or written to logs\n", "id": "FreeBSD-2018-0247", "modified": "2018-10-11T00:00:00Z", "published": "2018-10-11T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://jenkins.io/security/advisory/2018-10-10/" }, { "type": "WEB", "url": "https://jenkins.io/security/advisory/2018-10-10/" } ], "schema_version": "1.7.0", "summary": "jenkins -- multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "tinc" }, "ranges": [ { "events": [ { "fixed": "1.0.35" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "tinc-devel" }, "ranges": [ { "events": [ { "fixed": "1.1pre17" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "http://www.tinc-vpn.org/news/" ], "discovery": "2018-10-08T00:00:00Z", "references": { "cvename": [ "CVE-2018-16737", "CVE-2018-16738", "CVE-2018-16758" ] }, "vid": "a4eb38ea-cc06-11e8-ada4-408d5cf35399" }, "details": "tinc-vpn.org reports:\n\n> The authentication protocol allows an oracle attack that could\n> potentially be exploited.\n>\n> If a man-in-the-middle has intercepted the TCP connection it might be\n> able to force plaintext UDP packets between two nodes for up to a\n> PingInterval period.\n", "id": "FreeBSD-2018-0246", "modified": "2018-10-09T00:00:00Z", "published": "2018-10-09T00:00:00Z", "references": [ { "type": "REPORT", "url": "http://www.tinc-vpn.org/news/" }, { "type": "WEB", "url": "https://www.tinc-vpn.org/git/browse?p=tinc;a=commit;h=d3297fbd3b8c8c8a4661f5bbf89aca5cacba8b5a" }, { "type": "WEB", "url": "https://www.tinc-vpn.org/git/browse?p=tinc;a=commit;h=e97943b7cc9c851ae36f5a41e2b6102faa74193f" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-16737" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-16738" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-16758" } ], "schema_version": "1.7.0", "summary": "tinc -- Buffer overflow" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "gitlab-ce" }, "ranges": [ { "events": [ { "introduced": "11.3.0" }, { "fixed": "11.3.4" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "11.2.0" }, { "fixed": "11.2.5" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "10.2.0" }, { "fixed": "11.1.8" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://about.gitlab.com/2018/10/05/critical-security-release-11-3-4/" ], "discovery": "2018-10-05T00:00:00Z", "references": { "cvename": [ "CVE-2018-17939", "CVE-2018-17976", "CVE-2018-17975" ] }, "vid": "23413442-c8ea-11e8-b35c-001b217b3468" }, "details": "Gitlab reports:\n\n> Merge request information disclosure\n>\n> Private project namespace information disclosure\n>\n> Gitlab Flavored Markdown API information disclosure\n", "id": "FreeBSD-2018-0245", "modified": "2018-10-05T00:00:00Z", "published": "2018-10-05T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://about.gitlab.com/2018/10/05/critical-security-release-11-3-4/" }, { "type": "WEB", "url": "https://about.gitlab.com/2018/10/05/critical-security-release-11-3-4/" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-17939" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-17976" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-17975" } ], "schema_version": "1.7.0", "summary": "Gitlab -- multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "clamav" }, "ranges": [ { "events": [ { "fixed": "0.100.2" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://blog.clamav.net/2018/10/clamav-01002-has-been-released.html" ], "discovery": "2018-10-03T00:00:00Z", "references": { "cvename": [ "CVE-2018-15378", "CVE-2018-14680", "CVE-2018-14681", "CVE-2018-14682" ] }, "vid": "8b812395-c739-11e8-ab5b-9c5c8e75236a" }, "details": "Joel Esler reports:\n\n> - CVE-2018-15378:\n> - Vulnerability in ClamAV\\'s MEW unpacking feature that could allow\n> an unauthenticated, remote attacker to cause a denial of service\n> (DoS) condition on an affected device.\n> - Reported by Secunia Research at Flexera.\n> - Fix for a 2-byte buffer over-read bug in ClamAV&s PDF parsing code.\n> - Reported by Alex Gaynor.\n> - CVE-2018-14680:\n> - An issue was discovered in mspack/chmd.c in libmspack before\n> 0.7alpha. It does not reject blank CHM filenames.\n> - CVE-2018-14681:\n> - An issue was discovered in kwajd_read_headers in mspack/kwajd.c in\n> libmspack before 0.7alpha. Bad KWAJ file header extensions could\n> cause a one or two byte overwrite.\n> - CVE-2018-14682:\n> - An issue was discovered in mspack/chmd.c in libmspack before\n> 0.7alpha. There is an off-by-one error in the TOLOWER() macro for\n> CHM decompression. Additionally, 0.100.2 reverted 0.100.1\\'s patch\n> for CVE-2018-14679, and applied libmspack\\'s version of the fix in\n> its place.\n", "id": "FreeBSD-2018-0244", "modified": "2020-06-24T00:00:00Z", "published": "2018-10-03T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://blog.clamav.net/2018/10/clamav-01002-has-been-released.html" }, { "type": "WEB", "url": "https://blog.clamav.net/2018/10/clamav-01002-has-been-released.html" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-15378" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-14680" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-14681" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-14682" } ], "schema_version": "1.7.0", "summary": "clamav -- multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "py34-django21" }, "ranges": [ { "events": [ { "fixed": "2.1.2" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "py35-django21" }, "ranges": [ { "events": [ { "fixed": "2.1.2" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "py36-django21" }, "ranges": [ { "events": [ { "fixed": "2.1.2" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "py37-django21" }, "ranges": [ { "events": [ { "fixed": "2.1.2" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://docs.djangoproject.com/en/2.1/releases/2.1.2/" ], "discovery": "2018-10-02T00:00:00Z", "references": { "cvename": [ "CVE-2018-16984" ] }, "vid": "004d8c23-c710-11e8-98c7-000c29434208" }, "details": "Django release notes:\n\n> CVE-2018-16984: Password hash disclosure to \\\"view only\\\" admin users\n>\n> If an admin user has the change permission to the user model, only\n> part of the password hash is displayed in the change form. Admin users\n> with the view (but not change) permission to the user model were\n> displayed the entire hash. While it\\'s typically infeasible to reverse\n> a strong password hash, if your site uses weaker password hashing\n> algorithms such as MD5 or SHA1, it could be a problem.\n", "id": "FreeBSD-2018-0243", "modified": "2018-10-03T00:00:00Z", "published": "2018-10-03T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://docs.djangoproject.com/en/2.1/releases/2.1.2/" }, { "type": "WEB", "url": "https://docs.djangoproject.com/en/2.1/releases/2.1.2/" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-16984" } ], "schema_version": "1.7.0", "summary": "Django -- password hash disclosure" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "firefox" }, "ranges": [ { "events": [ { "fixed": "62.0.3,1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "waterfox" }, "ranges": [ { "events": [ { "fixed": "56.2.4" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "seamonkey" }, "ranges": [ { "events": [ { "fixed": "2.53.0" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "linux-seamonkey" }, "ranges": [ { "events": [ { "fixed": "2.53.0" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "firefox-esr" }, "ranges": [ { "events": [ { "fixed": "60.2.2,1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "linux-firefox" }, "ranges": [ { "events": [ { "fixed": "60.2.2,2" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "libxul" }, "ranges": [ { "events": [ { "fixed": "60.2.2" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "thunderbird" }, "ranges": [ { "events": [ { "fixed": "60.2.2" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "linux-thunderbird" }, "ranges": [ { "events": [ { "fixed": "60.2.2" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://www.mozilla.org/en-US/security/advisories/mfsa2018-24/" ], "discovery": "2018-10-02T00:00:00Z", "references": { "cvename": [ "CVE-2018-12386", "CVE-2018-12387" ] }, "vid": "c4f39920-781f-4aeb-b6af-17ed566c4272" }, "details": "Mozilla Foundation reports:\n\n> # CVE-2018-12386: Type confusion in JavaScript\n>\n> A vulnerability in register allocation in JavaScript can lead to type\n> confusion, allowing for an arbitrary read and write. This leads to\n> remote code execution inside the sandboxed content process when\n> triggered.\n>\n> # CVE-2018-12387:\n>\n> A vulnerability where the JavaScript JIT compiler inlines\n> Array.prototype.push with multiple arguments that results in the stack\n> pointer being off by 8 bytes after a bailout. This leaks a memory\n> address to the calling function which can be used as part of an\n> exploit inside the sandboxed content process.\n", "id": "FreeBSD-2018-0242", "modified": "2019-07-23T00:00:00Z", "published": "2018-10-02T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2018-24/" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-12386" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-12387" }, { "type": "WEB", "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2018-24/" } ], "schema_version": "1.7.0", "summary": "mozilla -- multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "gitlab-ce" }, "ranges": [ { "events": [ { "introduced": "11.3.0" }, { "fixed": "11.3.1" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "11.2.0" }, { "fixed": "11.2.4" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "7.6.0" }, { "fixed": "11.1.7" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://about.gitlab.com/2018/10/01/security-release-gitlab-11-dot-3-dot-1-released/" ], "discovery": "2018-10-01T00:00:00Z", "references": { "cvename": [ "CVE-2018-17450", "CVE-2018-17454", "CVE-2018-15472", "CVE-2018-17449", "CVE-2018-17452", "CVE-2018-17451", "CVE-2018-17453", "CVE-2018-17455", "CVE-2018-17537", "CVE-2018-17536" ] }, "vid": "065b3b72-c5ab-11e8-9ae2-001b217b3468" }, "details": "Gitlab reports:\n\n> SSRF GCP access token disclosure\n>\n> Persistent XSS on issue details\n>\n> Diff formatter DoS in Sidekiq jobs\n>\n> Confidential information disclosure in events API endpoint\n>\n> validate_localhost function in url_blocker.rb could be bypassed\n>\n> Slack integration CSRF Oauth2\n>\n> GRPC::Unknown logging token disclosure\n>\n> IDOR merge request approvals\n>\n> Persistent XSS package.json\n>\n> Persistent XSS merge request project import\n", "id": "FreeBSD-2018-0241", "modified": "2018-10-01T00:00:00Z", "published": "2018-10-01T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://about.gitlab.com/2018/10/01/security-release-gitlab-11-dot-3-dot-1-released/" }, { "type": "WEB", "url": "https://about.gitlab.com/2018/10/01/security-release-gitlab-11-dot-3-dot-1-released/" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-17450" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-17454" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-15472" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-17449" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-17452" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-17451" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-17453" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-17455" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-17537" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-17536" } ], "schema_version": "1.7.0", "summary": "Gitlab -- multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "pango" }, "ranges": [ { "events": [ { "fixed": "1.42.4" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-15120" ], "discovery": "2018-08-06T00:00:00Z", "references": { "cvename": [ "CVE-2018-15120" ] }, "vid": "5a757a31-f98e-4bd4-8a85-f1c0f3409769" }, "details": "> libpango in Pango 1.40.8 through 1.42.3, as used in hexchat and other\n> products, allows remote attackers to cause a denial of service\n> (application crash) or possibly have unspecified other impact via\n> crafted text with invalid Unicode sequences.\n", "id": "FreeBSD-2018-0240", "modified": "2018-10-01T00:00:00Z", "published": "2018-10-01T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-15120" }, { "type": "ADVISORY", "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-15120" }, { "type": "WEB", "url": "https://www.exploit-db.com/exploits/45263/" }, { "type": "WEB", "url": "https://mail.gnome.org/archives/distributor-list/2018-August/msg00001.html" }, { "type": "WEB", "url": "https://github.com/GNOME/pango/commit/71aaeaf020340412b8d012fe23a556c0420eda5f" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-15120" } ], "schema_version": "1.7.0", "summary": "pango -- remote DoS vulnerability" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "serendipity" }, "ranges": [ { "events": [ { "fixed": "2.1.4" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://blog.s9y.org/archives/280-Serendipity-2.1.4-and-2.2.1-alpha1-released.html" ], "discovery": "2018-09-20T00:00:00Z", "vid": "01018916-c47c-11e8-8b07-00e04c1ea73d" }, "details": "Serendipity reports:\n\n> Security: Fix XSS for pagination, when multi-category selection is\n> used.\n", "id": "FreeBSD-2018-0239", "modified": "2018-09-30T00:00:00Z", "published": "2018-09-30T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://blog.s9y.org/archives/280-Serendipity-2.1.4-and-2.2.1-alpha1-released.html" }, { "type": "WEB", "url": "https://blog.s9y.org/archives/280-Serendipity-2.1.4-and-2.2.1-alpha1-released.html" } ], "schema_version": "1.7.0", "summary": "Serendipity -- multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "bitcoin" }, "ranges": [ { "events": [ { "fixed": "0.16.3" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "bitcoin-daemon" }, "ranges": [ { "events": [ { "fixed": "0.16.3" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://bitcoincore.org/en/2018/09/20/notice/" ], "discovery": "2018-09-17T00:00:00Z", "references": { "cvename": [ "CVE-2018-17144" ] }, "vid": "40a844bf-c430-11e8-96dc-000743165db0" }, "details": "Bitcoin Core reports:\n\n> CVE-2018-17144, a fix for which was released on September 18th in\n> Bitcoin Core versions 0.16.3 and 0.17.0rc4, includes both a Denial of\n> Service component and a critical inflation vulnerability. It was\n> originally reported to several developers working on Bitcoin Core, as\n> well as projects supporting other cryptocurrencies, including ABC and\n> Unlimited on September 17th as a Denial of Service bug only, however\n> we quickly determined that the issue was also an inflation\n> vulnerability with the same root cause and fix.\n", "id": "FreeBSD-2018-0238", "modified": "2018-09-29T00:00:00Z", "published": "2018-09-29T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://bitcoincore.org/en/2018/09/20/notice/" }, { "type": "WEB", "url": "https://bitcoincore.org/en/2018/09/20/notice/" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-17144" } ], "schema_version": "1.7.0", "summary": "bitcoin -- Denial of Service and Possible Mining Inflation" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "spamassassin" }, "ranges": [ { "events": [ { "fixed": "3.4.2" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://seclists.org/oss-sec/2018/q3/242" ], "discovery": "2018-09-16T00:00:00Z", "references": { "cvename": [ "CVE-2017-15705", "CVE-2016-1238", "CVE-2018-11780", "CVE-2018-11781" ] }, "vid": "613193a0-c1b4-11e8-ae2d-54e1ad3d6335" }, "details": "the Apache Spamassassin project reports:\n\n> In Apache SpamAssassin, using HTML::Parser, we setup an object and\n> hook into the begin and end tag event handlers In both cases, the\n> \\\"open\\\" event is immediately followed by a \\\"close\\\" event - even if\n> the tag \\*does not\\* close in the HTML being parsed.\n>\n> Because of this, we are missing the \\\"text\\\" event to deal with the\n> object normally. This can cause carefully crafted emails that might\n> take more scan time than expected leading to a Denial of Service.\n>\n> Fix a reliance on \\\".\\\" in \\@INC in one configuration script. Whether\n> this can be exploited in any way is uncertain.\n>\n> Fix a potential Remote Code Execution bug with the PDFInfo plugin.\n> Thanks to cPanel Security Team for their report of this issue.\n>\n> Fourth, this release fixes a local user code injection in the meta\n> rule syntax. Thanks again to cPanel Security Team for their report of\n> this issue.\n", "id": "FreeBSD-2018-0237", "modified": "2018-09-26T00:00:00Z", "published": "2018-09-26T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://seclists.org/oss-sec/2018/q3/242" }, { "type": "WEB", "url": "https://seclists.org/oss-sec/2018/q3/242" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-15705" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2016-1238" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-11780" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-11781" } ], "schema_version": "1.7.0", "summary": "spamassassin -- multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "wesnoth" }, "ranges": [ { "events": [ { "introduced": "1.7.0" }, { "fixed": "1.14.4,1" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://forums.wesnoth.org/viewtopic.php?t=48528" ], "discovery": "2018-07-14T00:00:00Z", "references": { "cvename": [ "CVE-2018-1999023" ] }, "vid": "bad59128-c188-11e8-9d40-f0def10dca57" }, "details": "shadowm reports:\n\n> A severe bug was found in the game client which could allow a\n> malicious user to execute arbitrary code through the Lua engine by\n> using specially-crafted code in add-ons, saves, replays, or networked\n> games. This issue affects all platforms and all existing releases\n> since Wesnoth version 1.7.0. Users of all previous version should\n> upgrade immediately.\n", "id": "FreeBSD-2018-0236", "modified": "2018-09-26T00:00:00Z", "published": "2018-09-26T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://forums.wesnoth.org/viewtopic.php?t=48528" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-1999023" }, { "type": "WEB", "url": "https://gist.github.com/shikadiqueen/45951ddc981cf8e0d9a74e4b30400380" } ], "schema_version": "1.7.0", "summary": "wesnoth -- Code Injection vulnerability" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "apache24" }, "ranges": [ { "events": [ { "fixed": "2.4.35" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "http://httpd.apache.org/security/vulnerabilities_24.html" ], "discovery": "2018-09-25T00:00:00Z", "references": { "cvename": [ "CVE-2018-11763" ] }, "vid": "e182c076-c189-11e8-a6d2-b499baebfeaf" }, "details": "The Apache httpd project reports:\n\n> low: DoS for HTTP/2 connections by continuous SETTINGS\n>\n> By sending continous SETTINGS frames of maximum size an ongoing HTTP/2\n> connection could be kept busy and would never time out. This can be\n> abused for a DoS on the server. This only affect a server that has\n> enabled the h2 protocol.\n", "id": "FreeBSD-2018-0235", "modified": "2018-09-26T00:00:00Z", "published": "2018-09-26T00:00:00Z", "references": [ { "type": "REPORT", "url": "http://httpd.apache.org/security/vulnerabilities_24.html" }, { "type": "WEB", "url": "http://httpd.apache.org/security/vulnerabilities_24.html" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-11763" } ], "schema_version": "1.7.0", "summary": "Apache -- Denial of service vulnerability in HTTP/2" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "mantis-php56" }, "ranges": [ { "events": [ { "fixed": "2.17.1,1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "mantis-php70" }, "ranges": [ { "events": [ { "fixed": "2.17.1,1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "mantis-php71" }, "ranges": [ { "events": [ { "fixed": "2.17.1,1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "mantis-php72" }, "ranges": [ { "events": [ { "fixed": "2.17.1,1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://mantisbt.org/bugs/view.php?id=24731" ], "discovery": "2018-09-03T00:00:00Z", "references": { "cvename": [ "CVE-2018-16514" ] }, "vid": "6bf71117-c0c9-11e8-b760-6023b685b1ee" }, "details": "Brian Carpenter reports:\n\n> Reflected XSS in view_filters_page.php via core/filter_form_api.php\n", "id": "FreeBSD-2018-0234", "modified": "2018-09-25T00:00:00Z", "published": "2018-09-25T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://mantisbt.org/bugs/view.php?id=24731" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-16514" } ], "schema_version": "1.7.0", "summary": "mantis -- XSS vulnerability" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "rubygem-smart_proxy_dynflow" }, "ranges": [ { "events": [ { "fixed": "0.2.1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://cve.mitre.org/cgi-bin/cvename.cgi?name=2018-14643" ], "discovery": "2018-09-20T00:00:00Z", "references": { "cvename": [ "CVE-2018-14643" ] }, "vid": "2d6de6a8-fb78-4149-aeda-77fc8f140f06" }, "details": "MITRE reports:\n\n> An authentication bypass flaw was found in the smart_proxy_dynflow\n> component used by Foreman. A malicious attacker can use this flaw to\n> remotely execute arbitrary commands on machines managed by vulnerable\n> Foreman instances, in a highly privileged context.\n", "id": "FreeBSD-2018-0233", "modified": "2018-09-22T00:00:00Z", "published": "2018-09-22T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=2018-14643" }, { "type": "ADVISORY", "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=2018-14643" }, { "type": "REPORT", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14643" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-14643" } ], "schema_version": "1.7.0", "summary": "smart_proxy_dynflow -- authentication bypass vulnerability" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "mediawiki127" }, "ranges": [ { "events": [ { "fixed": "1.27.5" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "mediawiki129" }, "ranges": [ { "events": [ { "last_affected": "1.29.3" }, { "fixed": "1.29.3" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "mediawiki130" }, "ranges": [ { "events": [ { "fixed": "1.30.1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "mediawiki131" }, "ranges": [ { "events": [ { "fixed": "1.31.1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://lists.wikimedia.org/pipermail/mediawiki-announce/2018-September/000223.html" ], "discovery": "2018-08-29T00:00:00Z", "references": { "cvename": [ "CVE-2018-0503", "CVE-2018-0505", "CVE-2018-0504" ] }, "vid": "be1aada2-be6c-11e8-8fc6-000c29434208" }, "details": "Mediawiki reports:\n\n> Security fixes:\n>\n> T169545: \\$wgRateLimits entry for \\'user\\' overrides \\'newbie\\'.\n>\n> T194605: BotPasswords can bypass CentralAuth\\'s account lock.\n>\n> T187638: When a log event is (partially) hidden Special:Redirect/logid\n> can link to the incorrect log and reveal hidden\n>\n> T193237: Special:BotPasswords should require reauthenticate.\n", "id": "FreeBSD-2018-0232", "modified": "2018-09-22T00:00:00Z", "published": "2018-09-22T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://lists.wikimedia.org/pipermail/mediawiki-announce/2018-September/000223.html" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-0503" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-0505" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-0504" }, { "type": "WEB", "url": "https://lists.wikimedia.org/pipermail/mediawiki-announce/2018-September/000223.html" } ], "schema_version": "1.7.0", "summary": "mediawiki -- multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "firefox" }, "ranges": [ { "events": [ { "fixed": "62.0.2,1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "firefox-esr" }, "ranges": [ { "events": [ { "fixed": "60.2.1,1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://www.mozilla.org/en-US/security/advisories/mfsa2018-22/" ], "discovery": "2018-09-21T00:00:00Z", "references": { "cvename": [ "CVE-2018-12385" ] }, "vid": "3284d948-140c-4a3e-aa76-3b440e2006a8" }, "details": "The Mozilla Foundation reports:\n\n> A potentially exploitable crash in TransportSecurityInfo used for SSL\n> can be triggered by data stored in the local cache in the user profile\n> directory. This issue is only exploitable in combination with another\n> vulnerability allowing an attacker to write data into the local cache\n> or from locally installed malware. This issue also triggers a\n> non-exploitable startup crash for users switching between the Nightly\n> and Release versions of Firefox if the same profile is used.\n", "id": "FreeBSD-2018-0231", "modified": "2018-09-21T00:00:00Z", "published": "2018-09-21T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2018-22/" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-12385" }, { "type": "WEB", "url": "https://www.mozilla.org/security/advisories/mfsa2018-22/" } ], "schema_version": "1.7.0", "summary": "firefox -- Crash in TransportSecurityInfo due to cached data" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "asterisk13" }, "ranges": [ { "events": [ { "fixed": "13.23.1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "asterisk15" }, "ranges": [ { "events": [ { "fixed": "15.6.1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "http://www.asterisk.org/downloads/security-advisories" ], "discovery": "2018-08-16T00:00:00Z", "references": { "cvename": [ "CVE-2018-17281" ] }, "vid": "77f67b46-bd75-11e8-81b6-001999f8d30b" }, "details": "The Asterisk project reports:\n\n> There is a stack overflow vulnerability in the res_http_websocket.so\n> module of Asterisk that allows an attacker to crash Asterisk via a\n> specially crafted HTTP request to upgrade the connection to a\n> websocket. The attackers request causes Asterisk to run out of stack\n> space and crash.\n>\n> As a workaround disable HTTP websocket access by not loading the\n> res_http_websocket.so module.\n", "id": "FreeBSD-2018-0230", "modified": "2018-09-21T00:00:00Z", "published": "2018-09-21T00:00:00Z", "references": [ { "type": "REPORT", "url": "http://www.asterisk.org/downloads/security-advisories" }, { "type": "WEB", "url": "https://downloads.asterisk.org/pub/security/AST-2018-009.html" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-17281" } ], "schema_version": "1.7.0", "summary": "asterisk -- Remote crash vulnerability in HTTP websocket upgrade" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "moodle31" }, "ranges": [ { "events": [ { "fixed": "3.1.14" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "moodle33" }, "ranges": [ { "events": [ { "fixed": "3.3.8" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "moodle34" }, "ranges": [ { "events": [ { "fixed": "3.4.5" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "moodle35" }, "ranges": [ { "events": [ { "fixed": "3.5.2" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://moodle.org/mod/forum/discuss.php?d=376023" ], "discovery": "2018-09-05T00:00:00Z", "references": { "cvename": [ "CVE-2018-14630", "CVE-2018-1999022", "CVE-2018-14631" ] }, "vid": "074cb225-bb2d-11e8-90e1-fcaa147e860e" }, "details": "moodle reports:\n\n> Moodle XML import of ddwtos could lead to intentional remote code\n> execution\n>\n> QuickForm library remote code vulnerability (upstream)\n>\n> Boost theme - blog search GET parameter insufficiently filtered\n", "id": "FreeBSD-2018-0229", "modified": "2018-09-18T00:00:00Z", "published": "2018-09-18T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://moodle.org/mod/forum/discuss.php?d=376023" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-14630" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-1999022" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-14631" }, { "type": "WEB", "url": "https://moodle.org/mod/forum/discuss.php?d=376023" } ], "schema_version": "1.7.0", "summary": "moodle -- multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "joomla3" }, "ranges": [ { "events": [ { "fixed": "3.8.12" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://developer.joomla.org/security-centre/743-20180801-core-hardening-the-inputfilter-for-phar-stubs.html", "https://developer.joomla.org/security-centre/744-20180802-core-stored-xss-vulnerability-in-the-frontend-profile.html", "https://developer.joomla.org/security-centre/745-20180803-core-acl-violation-in-custom-fields.html" ], "discovery": "2018-08-23T00:00:00Z", "references": { "cvename": [ "CVE-2018-15860", "CVE-2018-15881", "CVE-2018-15882" ] }, "vid": "bf2b9c56-b93e-11e8-b2a8-a4badb296695" }, "details": "JSST reports: Multiple low-priority Vulnerabilities\n\n> Inadequate checks in the InputFilter class could allow specifically\n> prepared PHAR files to pass the upload filter.\n\n> Inadequate output filtering on the user profile page could lead to a\n> stored XSS attack.\n\n> Inadequate checks regarding disabled fields can lead to an ACL\n> violation.\n", "id": "FreeBSD-2018-0228", "modified": "2018-09-15T00:00:00Z", "published": "2018-09-15T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://developer.joomla.org/security-centre/743-20180801-core-hardening-the-inputfilter-for-phar-stubs.html" }, { "type": "REPORT", "url": "https://developer.joomla.org/security-centre/744-20180802-core-stored-xss-vulnerability-in-the-frontend-profile.html" }, { "type": "REPORT", "url": "https://developer.joomla.org/security-centre/745-20180803-core-acl-violation-in-custom-fields.html" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-15860" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-15881" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-15882" }, { "type": "ADVISORY", "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-15880" }, { "type": "ADVISORY", "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-15881" }, { "type": "ADVISORY", "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-15882" }, { "type": "WEB", "url": "https://developer.joomla.org/security-centre/743-20180801-core-hardening-the-inputfilter-for-phar-stubs.html" }, { "type": "WEB", "url": "https://developer.joomla.org/security-centre/744-20180802-core-stored-xss-vulnerability-in-the-frontend-profile.html" }, { "type": "WEB", "url": "https://developer.joomla.org/security-centre/745-20180803-core-acl-violation-in-custom-fields.html" } ], "schema_version": "1.7.0", "summary": "joomla3 -- vulnerabilitiesw" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "mybb" }, "ranges": [ { "events": [ { "fixed": "1.8.19" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://blog.mybb.com/2018/09/11/mybb-1-8-19-released-security-maintenance-release/" ], "discovery": "2018-09-11T00:00:00Z", "vid": "ab38d9f8-b787-11e8-8e7a-00e04c1ea73d" }, "details": "mybb Team reports:\n\n> High risk: Email field SQL Injection.\n>\n> Medium risk: Video MyCode Persistent XSS in Visual Editor.\n>\n> Low risk: Insufficient permission check in User CP's attachment\n> management.\n>\n> Low risk: Insufficient email address verification.\n", "id": "FreeBSD-2018-0227", "modified": "2018-09-13T00:00:00Z", "published": "2018-09-13T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://blog.mybb.com/2018/09/11/mybb-1-8-19-released-security-maintenance-release/" }, { "type": "WEB", "url": "https://blog.mybb.com/2018/09/11/mybb-1-8-19-released-security-maintenance-release/" } ], "schema_version": "1.7.0", "summary": "mybb -- vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:kernel", "name": "FreeBSD-kernel" }, "ranges": [ { "events": [ { "introduced": "11.2" }, { "fixed": "11.2_3" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "11.1" }, { "fixed": "11.1_14" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "10.4" }, { "fixed": "10.4_12" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "discovery": "2018-09-12T00:00:00Z", "references": { "cvename": [ "CVE-2018-6924" ], "freebsdsa": [ "SA-18:12.elf" ] }, "vid": "a67c122a-b693-11e8-ac58-a4badb2f4699" }, "details": "# Problem Description:\n\nInsufficient validation was performed in the ELF header parser, and\nmalformed or otherwise invalid ELF binaries were not rejected as they\nshould be.\n\n# Impact:\n\nExecution of a malicious ELF binary may result in a kernel crash or may\ndisclose kernel memory.\n", "id": "FreeBSD-2018-0226", "modified": "2018-09-12T00:00:00Z", "published": "2018-09-12T00:00:00Z", "references": [ { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-6924" }, { "type": "ADVISORY", "url": "https://www.freebsd.org/security/advisories/FreeBSD-SA-18:12.elf.asc" } ], "schema_version": "1.7.0", "summary": "FreeBSD -- Improper ELF header parsing" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "traefik" }, "ranges": [ { "events": [ { "fixed": "1.6.6" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-15598" ], "discovery": "2018-08-20T00:00:00Z", "references": { "cvename": [ "CVE-2018-15598" ] }, "vid": "fe818607-b5ff-11e8-856b-485b3931c969" }, "details": "MITRE reports:\n\n> Containous Traefik 1.6.x before 1.6.6, when \\--api is used, exposes\n> the configuration and secret if authentication is missing and the\n> API\\'s port is publicly reachable.\n", "id": "FreeBSD-2018-0225", "modified": "2018-09-11T00:00:00Z", "published": "2018-09-11T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-15598" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-15598" }, { "type": "WEB", "url": "https://github.com/containous/traefik/pull/3790" }, { "type": "WEB", "url": "https://github.com/containous/traefik/releases/tag/v1.6.6" } ], "schema_version": "1.7.0", "summary": "Containous Traefik -- exposes the configuration and secret" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "linux-flashplayer" }, "ranges": [ { "events": [ { "fixed": "31.0.0.108" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://helpx.adobe.com/security/products/flash-player/apsb18-31.html" ], "discovery": "2018-09-11T00:00:00Z", "references": { "cvename": [ "CVE-2018-15967" ] }, "vid": "f9d73a20-b5f0-11e8-b1da-6451062f0f7a" }, "details": "Adobe reports:\n\n> - This update resolves a privilege escalation vulnerability that could\n> lead to information disclosure (CVE-2018-15967).\n", "id": "FreeBSD-2018-0224", "modified": "2018-09-11T00:00:00Z", "published": "2018-09-11T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://helpx.adobe.com/security/products/flash-player/apsb18-31.html" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-15967" }, { "type": "WEB", "url": "https://helpx.adobe.com/security/products/flash-player/apsb18-31.html" } ], "schema_version": "1.7.0", "summary": "Flash Player -- information disclosure" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "plexmediaserver" }, "ranges": [ { "events": [ { "fixed": "1.13.5.5332" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "plexmediaserver-plexpass" }, "ranges": [ { "events": [ { "fixed": "1.13.5.5332" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://seclists.org/fulldisclosure/2018/Aug/1" ], "discovery": "2018-08-01T00:00:00Z", "references": { "cvename": [ "CVE-2018-13415" ] }, "vid": "337960ec-b5dc-11e8-ac58-a4badb2f4699" }, "details": "Chris reports:\n\n> The XML parsing engine for Plex Media Server\\'s SSDP/UPNP\n> functionality is vulnerable to an XML External Entity Processing (XXE)\n> attack. Unauthenticated attackers on the same LAN can use this\n> vulnerability to:\n>\n> - Access arbitrary files from the filesystem with the same permission\n> as the user account running Plex.\n> - Initiate SMB connections to capture NetNTLM challenge/response and\n> crack to clear-text password.\n> - Initiate SMB connections to relay NetNTLM challenge/response and\n> achieve Remote Command Execution in Windows domains.\n", "id": "FreeBSD-2018-0223", "modified": "2018-09-11T00:00:00Z", "published": "2018-09-11T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://seclists.org/fulldisclosure/2018/Aug/1" }, { "type": "WEB", "url": "https://seclists.org/fulldisclosure/2018/Aug/1" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-13415" } ], "schema_version": "1.7.0", "summary": "Plex Media Server -- Information Disclosure Vulnerability" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "sddm" }, "ranges": [ { "events": [ { "fixed": "0.17.0_1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://nvd.nist.gov/vuln/detail/CVE-2018-14345" ], "discovery": "2018-08-13T00:00:00Z", "references": { "cvename": [ "CVE-2018-14345" ] }, "vid": "f00acdec-b59f-11e8-805d-001e2a3f778d" }, "details": "MITRE reports:\n\n> An issue was discovered in SDDM through 0.17.0. If configured with\n> ReuseSession=true, the password is not checked for users with an\n> already existing session. Any user with access to the system D-Bus can\n> therefore unlock any graphical session.\n\nThe default configuration of SDDM on FreeBSD is not affected, since it\nhas ReuseSession=false.\n", "id": "FreeBSD-2018-0222", "modified": "2018-09-11T00:00:00Z", "published": "2018-09-11T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-14345" }, { "type": "WEB", "url": "https://www.suse.com/security/cve/CVE-2018-14345/" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-14345" } ], "schema_version": "1.7.0", "summary": "X11 Session -- SDDM allows unauthorised unlocking" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "mybb" }, "ranges": [ { "events": [ { "fixed": "1.8.18" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://blog.mybb.com/2018/08/22/mybb-1-8-18-released-security-maintenance-release/" ], "discovery": "2018-08-22T00:00:00Z", "vid": "db2acdac-b5a7-11e8-8f6f-00e04c1ea73d" }, "details": "mybb Team reports:\n\n> High risk: Image MyCode \"alt\" attribute persistent XSS.\n>\n> Medium risk: RSS Atom 1.0 item title persistent XSS.\n", "id": "FreeBSD-2018-0221", "modified": "2018-09-11T00:00:00Z", "published": "2018-09-11T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://blog.mybb.com/2018/08/22/mybb-1-8-18-released-security-maintenance-release/" }, { "type": "WEB", "url": "https://blog.mybb.com/2018/08/22/mybb-1-8-18-released-security-maintenance-release/" } ], "schema_version": "1.7.0", "summary": "mybb -- vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "gitea" }, "ranges": [ { "events": [ { "fixed": "1.5.1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://github.com/go-gitea/gitea/issues/4417" ], "discovery": "2018-07-10T00:00:00Z", "vid": "7c750960-b129-11e8-9fcd-080027f43a02" }, "details": "The Gitea project reports:\n\n> \\[Privacy\\] Gitea leaks hidden email addresses #4417\n>\n> A fix has been implemented in Gitea 1.5.1.\n", "id": "FreeBSD-2018-0220", "modified": "2018-09-05T00:00:00Z", "published": "2018-09-05T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://github.com/go-gitea/gitea/issues/4417" }, { "type": "WEB", "url": "https://github.com/go-gitea/gitea/issues/4417" }, { "type": "WEB", "url": "https://github.com/go-gitea/gitea/pull/4784" } ], "schema_version": "1.7.0", "summary": "Information disclosure - Gitea leaks email addresses" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "links" }, "ranges": [ { "events": [ { "fixed": "2.16,1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://nvd.nist.gov/vuln/detail/CVE-2017-11114" ], "discovery": "2017-07-31T00:00:00Z", "references": { "cvename": [ "CVE-2017-11114" ] }, "vid": "2a92555f-a6f8-11e8-8acd-10c37b4ac2ea" }, "details": "NIST reports:\n\n> The put_chars function in html_r.c in Twibright Links 2.14 allows\n> remote attackers to cause a denial of service (buffer over-read) via a\n> crafted HTML file.\n", "id": "FreeBSD-2018-0219", "modified": "2018-08-23T00:00:00Z", "published": "2018-08-23T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-11114" }, { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-11114" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-11114" } ], "schema_version": "1.7.0", "summary": "links -- denial of service" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "curl" }, "ranges": [ { "events": [ { "introduced": "7.15.4" }, { "fixed": "7.61.1" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "linux-c7-curl" }, "ranges": [ { "events": [ { "fixed": "7.29.0_6" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://curl.haxx.se/docs/security.html" ], "discovery": "2018-09-05T00:00:00Z", "references": { "cvename": [ "CVE-2018-14618" ] }, "vid": "f4d638b9-e6e5-4dbe-8c70-571dbc116174" }, "details": "curl security problems:\n\n> CVE-2018-14618: NTLM password overflow via integer overflow\n>\n> The internal function Curl_ntlm_core_mk_nt_hash multiplies the length\n> of the password by two (SUM) to figure out how large temporary storage\n> area to allocate from the heap.\n>\n> The length value is then subsequently used to iterate over the\n> password and generate output into the allocated storage buffer. On\n> systems with a 32 bit size_t, the math to calculate SUM triggers an\n> integer overflow when the password length exceeds 2GB (2\\^31 bytes).\n> This integer overflow usually causes a very small buffer to actually\n> get allocated instead of the intended very huge one, making the use of\n> that buffer end up in a heap buffer overflow.\n>\n> This bug is almost identical to CVE-2017-8816.\n", "id": "FreeBSD-2018-0218", "modified": "2019-08-03T00:00:00Z", "published": "2018-09-05T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://curl.haxx.se/docs/security.html" }, { "type": "WEB", "url": "https://curl.haxx.se/docs/security.html" }, { "type": "WEB", "url": "https://curl.haxx.se/docs/CVE-2018-14618.html" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-14618" } ], "schema_version": "1.7.0", "summary": "curl -- password overflow vulnerability" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "firefox" }, "ranges": [ { "events": [ { "fixed": "62.0_1,1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "waterfox" }, "ranges": [ { "events": [ { "fixed": "56.2.3" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "seamonkey" }, "ranges": [ { "events": [ { "fixed": "2.49.5" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "linux-seamonkey" }, "ranges": [ { "events": [ { "fixed": "2.49.5" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "firefox-esr" }, "ranges": [ { "events": [ { "fixed": "60.2.0_1,1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "linux-firefox" }, "ranges": [ { "events": [ { "fixed": "60.2.0,2" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "libxul" }, "ranges": [ { "events": [ { "fixed": "60.2" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "thunderbird" }, "ranges": [ { "events": [ { "fixed": "60.2" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "linux-thunderbird" }, "ranges": [ { "events": [ { "fixed": "60.2" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://www.mozilla.org/en-US/security/advisories/mfsa2018-20/" ], "discovery": "2018-09-05T00:00:00Z", "references": { "cvename": [ "CVE-2017-16541", "CVE-2018-12375", "CVE-2018-12376", "CVE-2018-12377", "CVE-2018-12378", "CVE-2018-12379", "CVE-2018-12381", "CVE-2018-12382", "CVE-2018-12383" ] }, "vid": "c96d416a-eae7-4d5d-bc84-40deca9329fb" }, "details": "Mozilla Foundation reports:\n\n> CVE-2018-12377: Use-after-free in refresh driver timers\n>\n> CVE-2018-12378: Use-after-free in IndexedDB\n>\n> CVE-2018-12379: Out-of-bounds write with malicious MAR file\n>\n> CVE-2017-16541: Proxy bypass using automount and autofs\n>\n> CVE-2018-12381: Dragging and dropping Outlook email message results in\n> page navigation\n>\n> CVE-2018-12382: Addressbar spoofing with javascript URI on Firefox for\n> Android\n>\n> CVE-2018-12383: Setting a master password post-Firefox 58 does not\n> delete unencrypted previously stored passwords\n>\n> CVE-2018-12375: Memory safety bugs fixed in Firefox 62\n>\n> CVE-2018-12376: Memory safety bugs fixed in Firefox 62 and Firefox ESR\n> 60.2\n", "id": "FreeBSD-2018-0217", "modified": "2018-09-15T00:00:00Z", "published": "2018-09-05T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2018-20/" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-16541" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-12375" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-12376" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-12377" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-12378" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-12379" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-12381" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-12382" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-12383" }, { "type": "WEB", "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2018-20/" }, { "type": "WEB", "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2018-21/" } ], "schema_version": "1.7.0", "summary": "mozilla -- multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "ghostscript9-agpl-base" }, "ranges": [ { "events": [ { "fixed": "9.24" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "ghostscript9-agpl-x11" }, "ranges": [ { "events": [ { "fixed": "9.24" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://www.kb.cert.org/vuls/id/332928" ], "discovery": "2018-08-21T00:00:00Z", "references": { "cvename": [ "CVE-2018-15908", "CVE-2018-15909", "CVE-2018-15910", "CVE-2018-15911" ] }, "vid": "30c0f878-b03e-11e8-be8a-0011d823eebd" }, "details": "CERT reports:\n\n> Ghostscript contains an optional -dSAFER option, which is supposed to\n> prevent unsafe PostScript operations. Multiple PostScript operations\n> bypass the protections provided by -dSAFER, which can allow an\n> attacker to execute arbitrary commands with arbitrary arguments. This\n> vulnerability can also be exploited in applications that leverage\n> Ghostscript, such as ImageMagick, GraphicsMagick, evince, Okular,\n> Nautilus, and others.\n>\n> Exploit code for this vulnerability is publicly available.\n", "id": "FreeBSD-2018-0216", "modified": "2018-09-04T00:00:00Z", "published": "2018-09-04T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://www.kb.cert.org/vuls/id/332928" }, { "type": "WEB", "url": "https://www.kb.cert.org/vuls/id/332928" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-15908" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-15909" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-15910" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-15911" } ], "schema_version": "1.7.0", "summary": "Ghostscript -- arbitrary code execution" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "grafana5" }, "ranges": [ { "events": [ { "introduced": "5.0.0" }, { "fixed": "5.2.3" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "grafana4" }, "ranges": [ { "events": [ { "introduced": "4.0.0" }, { "fixed": "4.6.4" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "grafana3" }, "ranges": [ { "events": [ { "introduced": "3.0.0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "grafana2" }, "ranges": [ { "events": [ { "introduced": "2.0.0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://community.grafana.com/t/grafana-5-2-3-and-4-6-4-security-update/10050" ], "discovery": "2018-08-20T00:00:00Z", "references": { "cvename": [ "CVE-2018-558213" ] }, "vid": "1f8d5806-ac51-11e8-9cb6-10c37b4ac2ea" }, "details": "Grafana Labs reports:\n\n> On the 20th of August at 1800 CEST we were contacted about a potential\n> security issue with the \"remember me\" cookie Grafana sets upon login.\n> The issue targeted users without a local Grafana password (LDAP &\n> OAuth users) and enabled a potential attacker to generate a valid\n> cookie knowing only a username.\n>\n> All installations which use the Grafana LDAP or OAuth authentication\n> features must be upgraded as soon as possible. If you cannot upgrade,\n> you should switch authentication mechanisms or put additional\n> protections in front of Grafana such as a reverse proxy.\n", "id": "FreeBSD-2018-0215", "modified": "2018-08-31T00:00:00Z", "published": "2018-08-31T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://community.grafana.com/t/grafana-5-2-3-and-4-6-4-security-update/10050" }, { "type": "WEB", "url": "https://community.grafana.com/t/grafana-5-2-3-and-4-6-4-security-update/10050" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-558213" } ], "schema_version": "1.7.0", "summary": "grafana -- LDAP and OAuth login vulnerability" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "gitlab-ce" }, "ranges": [ { "events": [ { "introduced": "11.2.0" }, { "fixed": "11.2.3" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "11.1.0" }, { "fixed": "11.1.6" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "2.7.0" }, { "fixed": "11.0.6" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://about.gitlab.com/2018/08/28/security-release-gitlab-11-dot-2-dot-2-released/" ], "discovery": "2018-08-28T00:00:00Z", "vid": "ffeb25d0-ac94-11e8-ab15-d8cb8abf62dd" }, "details": "Gitlab reports:\n\n> Persistent XSS in Pipeline Tooltip\n>\n> GitLab.com GCP Endpoints Exposure\n>\n> Persistent XSS in Merge Request Changes View\n>\n> Sensitive Data Disclosure in Sidekiq Logs\n>\n> Missing CSRF in System Hooks\n>\n> Orphaned Upload Files Exposure\n>\n> Missing Authorization Control API Repository Storage\n", "id": "FreeBSD-2018-0214", "modified": "2018-08-30T00:00:00Z", "published": "2018-08-30T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://about.gitlab.com/2018/08/28/security-release-gitlab-11-dot-2-dot-2-released/" }, { "type": "WEB", "url": "https://about.gitlab.com/2018/08/28/security-release-gitlab-11-dot-2-dot-2-released/" } ], "schema_version": "1.7.0", "summary": "Gitlab -- multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "bro" }, "ranges": [ { "events": [ { "fixed": "2.5.5" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://www.bro.org/download/NEWS.bro.html" ], "discovery": "2018-08-28T00:00:00Z", "vid": "d0be41fe-2a20-4633-b057-4e8b25c41780" }, "details": "Corelight reports:\n\n> Bro 2.5.5 primarily addresses security issues:\n>\n> - Fix array bounds checking in BinPAC: for arrays that are fields\n> within a record, the bounds check was based on a pointer to the\n> start of the record rather than the start of the array field,\n> potentially resulting in a buffer over-read.\n> - Fix SMTP command string comparisons: the number of bytes compared\n> was based on the user-supplied string length and can lead to\n> incorrect matches. e.g. giving a command of \\\"X\\\" incorrectly\n> matched \\\"X-ANONYMOUSTLS\\\" (and an empty commands match anything).\n>\n> Address potential vectors for Denial of Service:\n>\n> - \\\"Weird\\\" events are now generally suppressed/sampled by default\n> according to some tunable parameters.\n> - Improved handling of empty lines in several text protocol analyzers\n> that can cause performance issues when seen in long sequences.\n> - Add \\`smtp_excessive_pending_cmds\\' weird which serves as a\n> notification for when the \\\"pending command\\\" queue has reached an\n> upper limit and been cleared to prevent one from attempting to\n> slowly exhaust memory.\n", "id": "FreeBSD-2018-0213", "modified": "2018-08-29T00:00:00Z", "published": "2018-08-29T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://www.bro.org/download/NEWS.bro.html" }, { "type": "WEB", "url": "https://www.bro.org/download/NEWS.bro.html" } ], "schema_version": "1.7.0", "summary": "bro -- array bounds and potential DOS issues" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "node" }, "ranges": [ { "events": [ { "fixed": "10.9.0" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "node8" }, "ranges": [ { "events": [ { "fixed": "8.11.4" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "node6" }, "ranges": [ { "events": [ { "fixed": "6.14.4" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://nodejs.org/en/blog/vulnerability/august-2018-security-releases/" ], "discovery": "2018-08-16T00:00:00Z", "references": { "cvename": [ "CVE-2018-0732", "CVE-2018-7166", "CVE-2018-12115" ] }, "vid": "0904e81f-a89d-11e8-afbb-bc5ff4f77b71" }, "details": "Node.js reports:\n\n> # OpenSSL: Client DoS due to large DH parameter\n>\n> This fixes a potential denial of service (DoS) attack against client\n> connections by a malicious server. During a TLS communication\n> handshake, where both client and server agree to use a cipher-suite\n> using DH or DHE (Diffie-Hellman, in both ephemeral and non-ephemeral\n> modes), a malicious server can send a very large prime value to the\n> client. Because this has been unbounded in OpenSSL, the client can be\n> forced to spend an unreasonably long period of time to generate a key,\n> potentially causing a denial of service.\n>\n> # OpenSSL: ECDSA key extraction via local side-channel\n>\n> Attackers with access to observe cache-timing may be able to extract\n> DSA or ECDSA private keys by causing the victim to create several\n> signatures and watching responses. This flaw does not have a CVE due\n> to OpenSSL policy to not assign itself CVEs for local-only\n> vulnerabilities that are more academic than practical. This\n> vulnerability was discovered by Keegan Ryan at NCC Group and impacts\n> many cryptographic libraries including OpenSSL.\n>\n> # Unintentional exposure of uninitialized memory\n>\n> Only Node.js 10 is impacted by this flaw.\n>\n> Node.js TSC member Nikita Skovoroda discovered an argument processing\n> flaw that causes Buffer.alloc() to return uninitialized memory. This\n> method is intended to be safe and only return initialized, or cleared,\n> memory. The third argument specifying encoding can be passed as a\n> number, this is misinterpreted by Buffer\\'s internal \\\"fill\\\" method\n> as the start to a fill operation. This flaw may be abused where\n> Buffer.alloc() arguments are derived from user input to return\n> uncleared memory blocks that may contain sensitive information.\n>\n> # Out of bounds (OOB) write\n>\n> Node.js TSC member Nikita Skovoroda discovered an OOB write in Buffer\n> that can be used to write to memory outside of a Buffer\\'s memory\n> space. This can corrupt unrelated Buffer objects or cause the Node.js\n> process to crash.\n>\n> When used with UCS-2 encoding (recognized by Node.js under the names\n> \\'ucs2\\', \\'ucs-2\\', \\'utf16le\\' and \\'utf-16le\\'), Buffer#write() can\n> be abused to write outside of the bounds of a single Buffer. Writes\n> that start from the second-to-last position of a buffer cause a\n> miscalculation of the maximum length of the input bytes to be written.\n", "id": "FreeBSD-2018-0212", "modified": "2018-08-25T00:00:00Z", "published": "2018-08-25T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://nodejs.org/en/blog/vulnerability/august-2018-security-releases/" }, { "type": "WEB", "url": "https://nodejs.org/en/blog/vulnerability/august-2018-security-releases/" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-0732" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-7166" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-12115" } ], "schema_version": "1.7.0", "summary": "node.js -- multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "FreeBSD" }, "ranges": [ { "events": [ { "introduced": "11.2" }, { "fixed": "11.2_2" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "11.1" }, { "fixed": "11.1_13" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "10.4" }, { "fixed": "10.4_11" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "discovery": "2018-08-14T00:00:00Z", "references": { "cvename": [ "CVE-2018-1452" ], "freebsdsa": [ "SA-18:11.hostapd" ] }, "vid": "45671c0e-a652-11e8-805b-a4badb2f4699" }, "details": "# Problem Description:\n\nWhen using WPA2, EAPOL-Key frames with the Encrypted flag and without\nthe MIC flag set, the data field was decrypted first without verifying\nthe MIC. When the dta field was encrypted using RC4, for example, when\nnegotiating TKIP as a pairwise cipher, the unauthenticated but decrypted\ndata was subsequently processed. This opened wpa_supplicant(8) to abuse\nby decryption and recovery of sensitive information contained in\nEAPOL-Key messages.\n\nSee\nhttps://w1.fi/security/2018-1/unauthenticated-eapol-key-decryption.txt\nfor a detailed description of the bug.\n\n# Impact:\n\nAll users of the WPA2 TKIP pairwise cipher are vulnerable to\ninformation, for example, the group key.\n", "id": "FreeBSD-2018-0211", "modified": "2018-08-22T00:00:00Z", "published": "2018-08-22T00:00:00Z", "references": [ { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-1452" }, { "type": "ADVISORY", "url": "https://www.freebsd.org/security/advisories/FreeBSD-SA-18:11.hostapd.asc" } ], "schema_version": "1.7.0", "summary": "FreeBSD -- Unauthenticated EAPOL-Key Decryption Vulnerability" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:kernel", "name": "FreeBSD-kernel" }, "ranges": [ { "events": [ { "introduced": "11.2" }, { "fixed": "11.2_2" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "11.1" }, { "fixed": "11.1_13" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "discovery": "2018-08-14T00:00:00Z", "references": { "cvename": [ "CVE-2018-6923" ], "freebsdsa": [ "SA-18:10.ip" ] }, "vid": "359e1548-a652-11e8-805b-a4badb2f4699" }, "details": "# Problem Description:\n\nA researcher has notified us of a DoS attack applicable to another\noperating system. While FreeBSD may not be vulnerable to that exact\nattack, we have identified several places where inadequate DoS\nprotection could allow an attacker to consume system resources.\n\nIt is not necessary that the attacker be able to establish two-way\ncommunication to carry out these attacks. These attacks impact both IPv4\nand IPv6 fragment reassembly.\n\n# Impact:\n\nIn the worst case, an attacker could send a stream of crafted fragments\nwith a low packet rate which would consume a substantial amount of CPU.\n\nOther attack vectors allow an attacker to send a stream of crafted\nfragments which could consume a large amount of CPU or all available\nmbuf clusters on the system.\n\nThese attacks could temporarily render a system unreachable through\nnetwork interfaces or temporarily render a system unresponsive. The\neffects of the attack should clear within 60 seconds after the attack\nstops.\n", "id": "FreeBSD-2018-0210", "modified": "2018-08-22T00:00:00Z", "published": "2018-08-22T00:00:00Z", "references": [ { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-6923" }, { "type": "ADVISORY", "url": "https://www.freebsd.org/security/advisories/FreeBSD-SA-18:10.ip.asc" } ], "schema_version": "1.7.0", "summary": "FreeBSD -- Resource exhaustion in IP fragment reassembly" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:kernel", "name": "FreeBSD-kernel" }, "ranges": [ { "events": [ { "introduced": "11.2" }, { "fixed": "11.2_2" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "11.1" }, { "fixed": "11.1_13" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "discovery": "2018-08-14T00:00:00Z", "references": { "cvename": [ "CVE-2018-3620", "CVE-2018-3646" ], "freebsdsa": [ "SA-18:09.l1tf" ] }, "vid": "2310b814-a652-11e8-805b-a4badb2f4699" }, "details": "# Problem Description:\n\nOn certain Intel 64-bit x86 systems there is a period of time during\nterminal fault handling where the CPU may use speculative execution to\ntry to load data. The CPU may speculatively access the level 1 data\ncache (L1D). Data which would otherwise be protected may then be\ndetermined by using side channel methods.\n\nThis issue affects bhyve on FreeBSD/amd64 systems.\n\n# Impact:\n\nAn attacker executing user code, or kernel code inside of a virtual\nmachine, may be able to read secret data from the kernel or from another\nvirtual machine.\n", "id": "FreeBSD-2018-0209", "modified": "2018-08-22T00:00:00Z", "published": "2018-08-22T00:00:00Z", "references": [ { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-3620" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-3646" }, { "type": "ADVISORY", "url": "https://www.freebsd.org/security/advisories/FreeBSD-SA-18:09.l1tf.asc" } ], "schema_version": "1.7.0", "summary": "FreeBSD -- L1 Terminal Fault (L1TF) Kernel Information Disclosure" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "gogs" }, "ranges": [ { "events": [ { "fixed": "0.11.53_1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://github.com/gogs/gogs/issues/5364" ], "discovery": "2018-08-06T00:00:00Z", "vid": "e53a908d-a645-11e8-8acd-10c37b4ac2ea" }, "details": "bluecatli (Tencent\\'s Xuanwu Lab) reports:\n\n> The function isValidRedirect in gogs/routes/user/auth.go is used in\n> login action to validate if url is on the same site.\n>\n> If the Location header startswith /\\\\, it will be transformed to // by\n> browsers.\n", "id": "FreeBSD-2018-0208", "modified": "2018-08-22T00:00:00Z", "published": "2018-08-22T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://github.com/gogs/gogs/issues/5364" }, { "type": "WEB", "url": "https://github.com/gogs/gogs/issues/5364" }, { "type": "WEB", "url": "https://github.com/gogs/gogs/pull/5365" }, { "type": "WEB", "url": "https://github.com/gogs/gogs/commit/1f247cf8139cb483276cd8dd06385a800ce9d4b2" } ], "schema_version": "1.7.0", "summary": "gogs -- open redirect vulnerability" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "phpMyAdmin" }, "ranges": [ { "events": [ { "fixed": "4.8.3" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "phpMyAdmin-php56" }, "ranges": [ { "events": [ { "fixed": "4.8.3" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "phpMyAdmin-php70" }, "ranges": [ { "events": [ { "fixed": "4.8.3" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "phpMyAdmin-php71" }, "ranges": [ { "events": [ { "fixed": "4.8.3" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "phpMyAdmin-php72" }, "ranges": [ { "events": [ { "fixed": "4.8.3" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://www.phpmyadmin.net/security/PMASA-2018-5/" ], "discovery": "2018-08-21T00:00:00Z", "references": { "cvename": [ "CVE-2018-15605" ] }, "vid": "9e205ef5-a649-11e8-b1f6-6805ca0b3d42" }, "details": "The phpMyAdmin development team reports:\n\n> ### Description\n>\n> A Cross-Site Scripting vulnerability was found in the file import\n> feature, where an attacker can deliver a payload to a user through\n> importing a specially-crafted file.\n>\n> ### Severity\n>\n> We consider this attack to be of moderate severity.\n", "id": "FreeBSD-2018-0207", "modified": "2018-08-22T00:00:00Z", "published": "2018-08-22T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://www.phpmyadmin.net/security/PMASA-2018-5/" }, { "type": "WEB", "url": "https://www.phpmyadmin.net/security/PMASA-2018-5/" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-15605" } ], "schema_version": "1.7.0", "summary": "phpmyadmin -- XSS in the import dialog" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "libX11" }, "ranges": [ { "events": [ { "fixed": "1.6.6,1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://lists.x.org/archives/xorg-announce/2018-August/002915.html" ], "discovery": "2018-08-21T00:00:00Z", "references": { "cvename": [ "CVE-2018-14598", "CVE-2018-14599", "CVE-2018-14600" ] }, "vid": "fe99d3ca-a63a-11e8-a7c6-54e1ad3d6335" }, "details": "The freedesktop.org project reports:\n\n> The functions XGetFontPath, XListExtensions, and XListFonts are\n> vulnerable to an off-by-one override on malicious server responses.\n> The server replies consist of chunks consisting of a length byte\n> followed by actual string, which is not NUL-terminated. While parsing\n> the response, the length byte is overridden with \\'\\\\0\\', thus the\n> memory area can be used as storage of C strings later on. To be able\n> to NUL-terminate the last string, the buffer is reserved with an\n> additional byte of space. For a boundary check, the variable chend\n> (end of ch) was introduced, pointing at the end of the buffer which ch\n> initially points to. Unfortunately there is a difference in handling\n> \\\"the end of ch\\\". While chend points at the first byte that must not\n> be written to, the for-loop uses chend as the last byte that can be\n> written to. Therefore, an off-by-one can occur.\n>\n> The length value is interpreted as signed char on many systems\n> (depending on default signedness of char), which can lead to an out of\n> boundary write up to 128 bytes in front of the allocated storage, but\n> limited to NUL byte(s).\n>\n> If the server sends a reply in which even the first string would\n> overflow the transmitted bytes, list\\[0\\] (or flist\\[0\\]) will be set\n> to NULL and a count of 0 is returned. If the resulting list is freed\n> with XFreeExtensionList or XFreeFontPath later on, the first Xfree\n> call is turned into Xfree (NULL-1) which will most likely trigger a\n> segmentation fault. Casting the length value to unsigned char fixes\n> the problem and allows string values with up to 255 characters.\n", "id": "FreeBSD-2018-0206", "modified": "2018-08-22T00:00:00Z", "published": "2018-08-22T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://lists.x.org/archives/xorg-announce/2018-August/002915.html" }, { "type": "WEB", "url": "https://lists.x.org/archives/xorg-announce/2018-August/002915.html" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-14598" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-14599" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-14600" } ], "schema_version": "1.7.0", "summary": "libX11 -- Multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "couchdb" }, "ranges": [ { "events": [ { "fixed": "2.2.0,2" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://lists.apache.org/thread.html/1052ad7a1b32b9756df4f7860f5cb5a96b739f444117325a19a4bf75@%3Cdev.couchdb.apache.org%3E" ], "discovery": "2018-06-05T00:00:00Z", "references": { "cvename": [ "CVE-2018-11769" ] }, "vid": "9b19b6df-a4be-11e8-9366-0028f8d09152" }, "details": "Apache CouchDB PMC reports:\n\n> Database Administrator could achieve privilege escalation to the\n> account that CouchDB runs under, by abusing insufficient validation in\n> the HTTP API, escaping security controls implemented in previous\n> releases.\n", "id": "FreeBSD-2018-0205", "modified": "2018-08-08T00:00:00Z", "published": "2018-08-08T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://lists.apache.org/thread.html/1052ad7a1b32b9756df4f7860f5cb5a96b739f444117325a19a4bf75@%3Cdev.couchdb.apache.org%3E" }, { "type": "WEB", "url": "http://docs.couchdb.org/en/stable/cve/2018-11769.html" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-11769" } ], "schema_version": "1.7.0", "summary": "couchdb -- administrator privilege escalation" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "botan2" }, "ranges": [ { "events": [ { "introduced": "2.5.0" }, { "fixed": "2.7.0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://botan.randombit.net/security.html#id1" ], "discovery": "2018-06-13T00:00:00Z", "references": { "cvename": [ "CVE-2018-12435" ] }, "vid": "7762d7ad-2e38-41d2-9785-c51f653ba8bd" }, "details": "botan2 developers report:\n\n> A side channel in the ECDSA signature operation could allow a local\n> attacker to recover the secret key. Found by Keegan Ryan of NCC Group.\n>\n> Bug introduced in 2.5.0, fixed in 2.7.0. The 1.10 branch is not\n> affected.\n", "id": "FreeBSD-2018-0204", "modified": "2018-08-17T00:00:00Z", "published": "2018-08-17T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://botan.randombit.net/security.html#id1" }, { "type": "WEB", "url": "https://botan.randombit.net/security.html#id1" }, { "type": "WEB", "url": "https://github.com/randombit/botan/pull/1604" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-12435" } ], "schema_version": "1.7.0", "summary": "botan2 -- ECDSA side channel" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "jenkins" }, "ranges": [ { "events": [ { "fixed": "2.138" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "jenkins-lts" }, "ranges": [ { "events": [ { "fixed": "2.121.3" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://jenkins.io/security/advisory/2018-08-15/" ], "discovery": "2018-08-15T00:00:00Z", "vid": "6905f05f-a0c9-11e8-8335-8c164535ad80" }, "details": "Jenkins Security Advisory:\n\n> # Description\n>\n> ##### (Low) SECURITY-637\n>\n> Jenkins allowed deserialization of URL objects with host components\n>\n> ##### (Medium) SECURITY-672\n>\n> Ephemeral user record was created on some invalid authentication\n> attempts\n>\n> ##### (Medium) SECURITY-790\n>\n> Cron expression form validation could enter infinite loop, potentially\n> resulting in denial of service\n>\n> ##### (Low) SECURITY-996\n>\n> \\\"Remember me\\\" cookie was evaluated even if that feature is disabled\n>\n> ##### (Medium) SECURITY-1071\n>\n> Unauthorized users could access agent logs\n>\n> ##### (Low) SECURITY-1076\n>\n> Unauthorized users could cancel scheduled restarts initiated from the\n> update center\n", "id": "FreeBSD-2018-0203", "modified": "2018-08-15T00:00:00Z", "published": "2018-08-15T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://jenkins.io/security/advisory/2018-08-15/" }, { "type": "WEB", "url": "https://jenkins.io/security/advisory/2018-08-15/" } ], "schema_version": "1.7.0", "summary": "jenkins -- multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "linux-flashplayer" }, "ranges": [ { "events": [ { "fixed": "30.0.0.154" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://helpx.adobe.com/security/products/flash-player/apsb18-25.html" ], "discovery": "2018-08-14T00:00:00Z", "references": { "cvename": [ "CVE-2018-12824", "CVE-2018-12825", "CVE-2018-12826", "CVE-2018-12827", "CVE-2018-12828" ] }, "vid": "98b603c8-9ff3-11e8-ad63-6451062f0f7a" }, "details": "Adobe reports:\n\n> - This update resolves out-of-bounds read vulnerabilities that could\n> lead to information disclosure (CVE-2018-12824, CVE-2018-12826,\n> CVE-2018-12827).\n> - This update resolves a security bypass vulnerability that could lead\n> to security mitigation bypass (CVE-2018-12825).\n> - This update resolves a component vulnerability that could lead to\n> privilege escalation (CVE-2018-12828).\n", "id": "FreeBSD-2018-0202", "modified": "2018-08-14T00:00:00Z", "published": "2018-08-14T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://helpx.adobe.com/security/products/flash-player/apsb18-25.html" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-12824" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-12825" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-12826" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-12827" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-12828" }, { "type": "WEB", "url": "https://helpx.adobe.com/security/products/flash-player/apsb18-25.html" } ], "schema_version": "1.7.0", "summary": "Flash Player -- multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "samba46" }, "ranges": [ { "events": [ { "fixed": "4.6.16" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "samba47" }, "ranges": [ { "events": [ { "fixed": "4.7.9" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "samba48" }, "ranges": [ { "events": [ { "fixed": "4.8.4" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://www.samba.org/samba/security/CVE-2018-1139.html", "https://www.samba.org/samba/security/CVE-2018-1140.html", "https://www.samba.org/samba/security/CVE-2018-10858.html", "https://www.samba.org/samba/security/CVE-2018-10918.html", "https://www.samba.org/samba/security/CVE-2018-10919.html" ], "discovery": "2018-08-14T00:00:00Z", "references": { "cvename": [ "CVE-2018-1139", "CVE-2018-1140", "CVE-2018-10858", "CVE-2018-10918", "CVE-2018-10919" ] }, "vid": "c4e9a427-9fc2-11e8-802a-000c29a1e3ec" }, "details": "The samba project reports:\n\n> Samba releases 4.7.0 to 4.8.3 (inclusive) contain an error which\n> allows authentication using NTLMv1 over an SMB1 transport (either\n> directory or via NETLOGON SamLogon calls from a member server), even\n> when NTLMv1 is explicitly disabled on the server.\n\n> Missing input sanitization checks on some of the input parameters to\n> LDB database layer cause the LDAP server and DNS server to crash when\n> following a NULL pointer.\n\n> Samba releases 3.2.0 to 4.8.3 (inclusive) contain an error in\n> libsmbclient that could allow a malicious server to overwrite client\n> heap memory by returning an extra long filename in a directory\n> listing.\n\n> Missing database output checks on the returned directory attributes\n> from the LDB database layer cause the DsCrackNames call in the DRSUAPI\n> server to crash when following a NULL pointer.\n\n> All versions of the Samba Active Directory LDAP server from 4.0.0\n> onwards are vulnerable to the disclosure of confidential attribute\n> values, both of attributes where the schema SEARCH_FLAG_CONFIDENTIAL\n> (0x80) searchFlags bit and where an explicit Access Control Entry has\n> been specified on the ntSecurityDescriptor.\n", "id": "FreeBSD-2018-0201", "modified": "2018-08-14T00:00:00Z", "published": "2018-08-14T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://www.samba.org/samba/security/CVE-2018-1139.html" }, { "type": "REPORT", "url": "https://www.samba.org/samba/security/CVE-2018-1140.html" }, { "type": "REPORT", "url": "https://www.samba.org/samba/security/CVE-2018-10858.html" }, { "type": "REPORT", "url": "https://www.samba.org/samba/security/CVE-2018-10918.html" }, { "type": "REPORT", "url": "https://www.samba.org/samba/security/CVE-2018-10919.html" }, { "type": "WEB", "url": "https://www.samba.org/samba/security/CVE-2018-1139.html" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-1139" }, { "type": "WEB", "url": "https://www.samba.org/samba/security/CVE-2018-1140.html" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-1140" }, { "type": "WEB", "url": "https://www.samba.org/samba/security/CVE-2018-10858.html" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-10858" }, { "type": "WEB", "url": "https://www.samba.org/samba/security/CVE-2018-10918.html" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-10918" }, { "type": "WEB", "url": "https://www.samba.org/samba/security/CVE-2018-10919.html" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-10919" } ], "schema_version": "1.7.0", "summary": "samba -- multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "GraphicsMagick" }, "ranges": [ { "events": [ { "fixed": "1.3.30,1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "http://www.graphicsmagick.org/NEWS.html" ], "discovery": "2018-06-23T00:00:00Z", "references": { "cvename": [ "CVE-2016-2317" ] }, "vid": "e714b7d2-39f6-4992-9f48-e6b2f5f949df" }, "details": "GraphicsMagick News:\n\n> Fix heap write overflow of PrimitiveInfo and PointInfo arrays. This is\n> another manefestation of CVE-2016-2317, which should finally be fixed\n> correctly due to active detection/correction of pending overflow\n> rather than using estimation.\n", "id": "FreeBSD-2018-0200", "modified": "2018-08-11T00:00:00Z", "published": "2018-08-11T00:00:00Z", "references": [ { "type": "REPORT", "url": "http://www.graphicsmagick.org/NEWS.html" }, { "type": "WEB", "url": "http://www.graphicsmagick.org/NEWS.html" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2016-2317" } ], "schema_version": "1.7.0", "summary": "GraphicsMagick -- SVG/Rendering vulnerability" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "chicken" }, "ranges": [ { "events": [ { "fixed": "4.13.0,1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://code.call-cc.org/releases/4.13.0/NEWS" ], "discovery": "2017-03-16T00:00:00Z", "references": { "cvename": [ "CVE-2017-6949", "CVE-2017-9334", "CVE-2017-11343" ] }, "vid": "5a771686-9e33-11e8-8b2d-9cf7a8059466" }, "details": "CHICKEN reports:\n\n> - CVE-2017-6949: Unchecked malloc() call in SRFI-4 constructors when\n> allocating in non-GC memory, resulting in potential 1-word buffer\n> overrun and/or segfault\n> - CVE-2017-9334: \\\"length\\\" crashes on improper lists\n> - CVE-2017-11343: The randomization factor of the symbol table was set\n> before the random seed was set, causing it to have a fixed value on\n> many platforms\n", "id": "FreeBSD-2018-0199", "modified": "2018-08-12T00:00:00Z", "published": "2018-08-12T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://code.call-cc.org/releases/4.13.0/NEWS" }, { "type": "WEB", "url": "https://code.call-cc.org/releases/4.13.0/NEWS" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-6949" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-9334" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-11343" } ], "schema_version": "1.7.0", "summary": "chicken -- multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "gitea" }, "ranges": [ { "events": [ { "fixed": "1.5.0" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://blog.gitea.io/2018/08/gitea-1.5.0-is-released/" ], "discovery": "2018-05-01T00:00:00Z", "vid": "bcf56a42-9df8-11e8-afb0-589cfc0f81b0" }, "details": "The Gitea project reports:\n\n> TOTP passcodes can be reused.\n", "id": "FreeBSD-2018-0198", "modified": "2018-08-12T00:00:00Z", "published": "2018-08-12T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://blog.gitea.io/2018/08/gitea-1.5.0-is-released/" }, { "type": "WEB", "url": "https://github.com/go-gitea/gitea/pull/3878" } ], "schema_version": "1.7.0", "summary": "gitea -- TOTP passcode reuse" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "mbedtls" }, "ranges": [ { "events": [ { "fixed": "2.12" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://tls.mbed.org/tech-updates/security-advisories/mbedtls-security-advisory-2018-02" ], "discovery": "2018-07-24T00:00:00Z", "references": { "cvename": [ "CVE-2018-0497", "CVE-2018-0498" ] }, "vid": "f4876dd4-9ca8-11e8-aa17-0011d823eebd" }, "details": "Simon Butcher reports:\n\n> - When using a CBC based ciphersuite, a remote attacker can partially\n> recover the plaintext.\n> - When using a CBC based ciphersuite, an attacker with the ability to\n> execute arbitrary code on the machine under attack can partially\n> recover the plaintext by use of cache based side-channels.\n", "id": "FreeBSD-2018-0197", "modified": "2018-08-10T00:00:00Z", "published": "2018-08-10T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://tls.mbed.org/tech-updates/security-advisories/mbedtls-security-advisory-2018-02" }, { "type": "WEB", "url": "https://tls.mbed.org/tech-updates/security-advisories/mbedtls-security-advisory-2018-02" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-0497" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-0498" } ], "schema_version": "1.7.0", "summary": "mbed TLS -- plaintext recovery vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "postgresql10-server" }, "ranges": [ { "events": [ { "fixed": "10.5" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "postgresql96-server" }, "ranges": [ { "events": [ { "fixed": "9.6.10" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "postgresql95-server" }, "ranges": [ { "events": [ { "fixed": "9.5.14" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "postgresql94-server" }, "ranges": [ { "events": [ { "fixed": "9.4.19" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "postgresql93-server" }, "ranges": [ { "events": [ { "fixed": "9.3.24" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://www.postgresql.org/about/news/1878/" ], "discovery": "2018-08-09T00:00:00Z", "references": { "cvename": [ "CVE-2018-10915", "CVE-2018-10925" ] }, "vid": "96eab874-9c79-11e8-b34b-6cc21735f730" }, "details": "The PostgreSQL project reports:\n\n> CVE-2018-10915: Certain host connection parameters defeat client-side\n> security defenses\n>\n> libpq, the client connection API for PostgreSQL that is also used by\n> other connection libraries, had an internal issue where it did not\n> reset all of its connection state variables when attempting to\n> reconnect. In particular, the state variable that determined whether\n> or not a password is needed for a connection would not be reset, which\n> could allow users of features requiring libpq, such as the \\\"dblink\\\"\n> or \\\"postgres_fdw\\\" extensions, to login to servers they should not be\n> able to access.\n>\n> CVE-2018-10925: Memory disclosure and missing authorization in\n> \\`INSERT \\... ON CONFLICT DO UPDATE\\`\n>\n> An attacker able to issue CREATE TABLE can read arbitrary bytes of\n> server memory using an upsert (\\`INSERT \\... ON CONFLICT DO UPDATE\\`)\n> query. By default, any user can exploit that. A user that has specific\n> INSERT privileges and an UPDATE privilege on at least one column in a\n> given table can also update other columns using a view and an upsert\n> query.\n", "id": "FreeBSD-2018-0196", "modified": "2018-08-10T00:00:00Z", "published": "2018-08-10T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://www.postgresql.org/about/news/1878/" }, { "type": "WEB", "url": "https://www.postgresql.org/about/news/1878/" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-10915" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-10925" } ], "schema_version": "1.7.0", "summary": "PostgreSQL -- two vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "mariadb55-server" }, "ranges": [ { "events": [ { "fixed": "5.5.61" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "mariadb100-server" }, "ranges": [ { "events": [ { "fixed": "10.0.36" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "mariadb101-server" }, "ranges": [ { "events": [ { "fixed": "10.1.35" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "mariadb102-server" }, "ranges": [ { "events": [ { "fixed": "10.2.17" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "mariadb103-server" }, "ranges": [ { "events": [ { "fixed": "10.3.9" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "mysql55-server" }, "ranges": [ { "events": [ { "fixed": "5.5.61" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "mysql56-server" }, "ranges": [ { "events": [ { "fixed": "5.6.41" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "mysql57-server" }, "ranges": [ { "events": [ { "fixed": "5.7.23" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "mysql80-server" }, "ranges": [ { "events": [ { "fixed": "8.0.12" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "percona55-server" }, "ranges": [ { "events": [ { "fixed": "5.5.61" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "percona56-server" }, "ranges": [ { "events": [ { "fixed": "5.6.41" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "percona57-server" }, "ranges": [ { "events": [ { "fixed": "5.7.23" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html" ], "discovery": "2018-07-17T00:00:00Z", "references": { "cvename": [ "CVE-2018-3064", "CVE-2018-0739", "CVE-2018-3070", "CVE-2018-3060", "CVE-2018-3065", "CVE-2018-3073", "CVE-2018-3074", "CVE-2018-3081", "CVE-2018-3071", "CVE-2018-3079", "CVE-2018-3054", "CVE-2018-3077", "CVE-2018-3078", "CVE-2018-3080", "CVE-2018-3061", "CVE-2018-3067", "CVE-2018-3063", "CVE-2018-3075", "CVE-2018-3058", "CVE-2018-3056", "CVE-2018-3066", "CVE-2018-2767", "CVE-2018-3084", "CVE-2018-3082" ] }, "vid": "909be51b-9b3b-11e8-add2-b499baebfeaf" }, "details": "Oracle reports:\n\n> Multiple vulnerabilities have been disclosed by Oracle without further\n> detail. CVSS scores 7.1 - 2.7\n", "id": "FreeBSD-2018-0195", "modified": "2018-08-08T00:00:00Z", "published": "2018-08-08T00:00:00Z", "references": [ { "type": "REPORT", "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html" }, { "type": "WEB", "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-3064" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-0739" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-3070" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-3060" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-3065" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-3073" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-3074" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-3081" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-3071" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-3079" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-3054" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-3077" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-3078" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-3080" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-3061" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-3067" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-3063" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-3075" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-3058" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-3056" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-3066" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-2767" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-3084" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-3082" } ], "schema_version": "1.7.0", "summary": "MySQL -- multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "apache-xml-security-c" }, "ranges": [ { "events": [ { "fixed": "2.0.1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://shibboleth.net/community/advisories/secadv_20180803.txt" ], "discovery": "2018-08-03T00:00:00Z", "vid": "5786185a-9a43-11e8-b34b-6cc21735f730" }, "details": "The shibboleth project reports:\n\n> SAML messages, assertions, and metadata all commonly make use of the\n> XML Signature KeyInfo construct, which expresses information about\n> keys and certificates used in signing or encrypting XML.\n>\n> The Apache Santuario XML Security for C++ library contained code paths\n> at risk of dereferencing null pointers when processing various kinds\n> of malformed KeyInfo hints typically found in signed or encrypted XML.\n> The usual effect is a crash, and in the case of the Shibboleth SP\n> software, a crash in the shibd daemon, which prevents access to\n> protected resources until the daemon is restarted.\n", "id": "FreeBSD-2018-0194", "modified": "2018-08-07T00:00:00Z", "published": "2018-08-07T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://shibboleth.net/community/advisories/secadv_20180803.txt" }, { "type": "WEB", "url": "https://shibboleth.net/community/advisories/secadv_20180803.txt" } ], "schema_version": "1.7.0", "summary": "xml-security-c -- crashes on malformed KeyInfo content" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:kernel", "name": "FreeBSD-kernel" }, "ranges": [ { "events": [ { "introduced": "11.2" }, { "fixed": "11.2_1" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "11.1" }, { "fixed": "11.1_12" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "10.4" }, { "fixed": "10.4_10" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "discovery": "2018-08-06T00:00:00Z", "references": { "cvename": [ "CVE-2018-6922" ], "freebsdsa": [ "SA-18:08.tcp" ] }, "vid": "3c2eea8c-99bf-11e8-8bee-a4badb2f4699" }, "details": "# Problem Description:\n\nOne of the data structures that holds TCP segments uses an inefficient\nalgorithm to reassemble the data. This causes the CPU time spent on\nsegment processing to grow linearly with the number of segments in the\nreassembly queue.\n\n# Impact:\n\nAn attacker who has the ability to send TCP traffic to a victim system\ncan degrade the victim system\\'s network performance and/or consume\nexcessive CPU by exploiting the inefficiency of TCP reassembly handling,\nwith relatively small bandwidth cost.\n", "id": "FreeBSD-2018-0193", "modified": "2018-08-06T00:00:00Z", "published": "2018-08-06T00:00:00Z", "references": [ { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-6922" }, { "type": "ADVISORY", "url": "https://www.freebsd.org/security/advisories/FreeBSD-SA-18:08.tcp.asc" } ], "schema_version": "1.7.0", "summary": "FreeBSD -- Resource exhaustion in TCP reassembly" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "py27-cryptography" }, "ranges": [ { "events": [ { "fixed": "2.3" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "py34-cryptography" }, "ranges": [ { "events": [ { "fixed": "2.3" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "py35-cryptography" }, "ranges": [ { "events": [ { "fixed": "2.3" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "py36-cryptography" }, "ranges": [ { "events": [ { "fixed": "2.3" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "py37-cryptography" }, "ranges": [ { "events": [ { "fixed": "2.3" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://cryptography.io/en/latest/changelog/#v2-3" ], "discovery": "2018-07-17T00:00:00Z", "references": { "cvename": [ "CVE-2018-10903" ] }, "vid": "9e2d0dcf-9926-11e8-a92d-0050562a4d7b" }, "details": "The Python Cryptographic Authority (PyCA) project reports:\n\n> finalize_with_tag() allowed tag truncation by default which can allow\n> tag forgery in some cases. The method now enforces the min_tag_length\n> provided to the GCM constructor\n", "id": "FreeBSD-2018-0192", "modified": "2018-08-06T00:00:00Z", "published": "2018-08-06T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://cryptography.io/en/latest/changelog/#v2-3" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-10903" } ], "schema_version": "1.7.0", "summary": "py-cryptography -- tag forgery vulnerability" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "cgit" }, "ranges": [ { "events": [ { "fixed": "1.2.1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://lists.zx2c4.com/pipermail/cgit/2018-August/004176.html" ], "discovery": "2018-08-03T00:00:00Z", "references": { "cvename": [ "CVE-2018-14912" ] }, "vid": "06c4a79b-981d-11e8-b460-9c5c8e75236a" }, "details": "Jann Horn reports:\n\n> cgit_clone_objects in CGit before 1.2.1 has a directory traversal\n> vulnerability when \\`enable-http-clone=1\\` is not turned off, as\n> demonstrated by a cgit/cgit.cgi/git/objects/?path=../ request.\n", "id": "FreeBSD-2018-0191", "modified": "2018-08-04T00:00:00Z", "published": "2018-08-04T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://lists.zx2c4.com/pipermail/cgit/2018-August/004176.html" }, { "type": "WEB", "url": "https://lists.zx2c4.com/pipermail/cgit/2018-August/004176.html" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-14912" } ], "schema_version": "1.7.0", "summary": "cgit -- directory traversal vulnerability" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "rubygem-doorkeeper" }, "ranges": [ { "events": [ { "fixed": "4.4.0" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "rubygem-doorkeeper43" }, "ranges": [ { "events": [ { "fixed": "4.4.0" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "rubygem-doorkeeper-rails5" }, "ranges": [ { "events": [ { "fixed": "4.4.0" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "rubygem-doorkeeper-rails50" }, "ranges": [ { "events": [ { "fixed": "4.4.0" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://nvd.nist.gov/vuln/detail/CVE-2018-1000211" ], "discovery": "2018-07-13T00:00:00Z", "references": { "cvename": [ "CVE-2018-1000211" ] }, "vid": "e309a2c7-598b-4fa6-a398-bc72fbd1d167" }, "details": "NVD reports:\n\n> Doorkeeper version 4.2.0 and later contains a Incorrect Access Control\n> vulnerability in Token revocation API\\'s authorized method that can\n> result in Access tokens are not revoked for public OAuth apps, leaking\n> access until expiry.\n", "id": "FreeBSD-2018-0190", "modified": "2018-08-03T00:00:00Z", "published": "2018-07-31T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-1000211" }, { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-1000211" }, { "type": "WEB", "url": "https://github.com/doorkeeper-gem/doorkeeper/pull/1120" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-1000211" } ], "schema_version": "1.7.0", "summary": "rubygem-doorkeeper -- token revocation vulnerability" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "rubygem-sinatra" }, "ranges": [ { "events": [ { "introduced": "2.0.0" }, { "fixed": "2.0.2" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "http://sinatrarb.com/2018/06/09/sinatra-2.0.2-and-2.0.3.html" ], "discovery": "2018-06-09T00:00:00Z", "references": { "cvename": [ "CVE-2018-11627" ] }, "vid": "ca05d9da-ac1d-4113-8a05-ffe9cd0d6160" }, "details": "Sinatra blog:\n\n> Sinatra had a critical vulnerability since v2.0.0. The purpose of this\n> release is to fix CVE-2018-11627.\n>\n> The vulnerability is that XSS can be executed by using illegal\n> parameters.\n", "id": "FreeBSD-2018-0189", "modified": "2018-07-31T00:00:00Z", "published": "2018-07-31T00:00:00Z", "references": [ { "type": "REPORT", "url": "http://sinatrarb.com/2018/06/09/sinatra-2.0.2-and-2.0.3.html" }, { "type": "WEB", "url": "http://sinatrarb.com/2018/06/09/sinatra-2.0.2-and-2.0.3.html" }, { "type": "WEB", "url": "https://github.com/sinatra/sinatra/blob/master/CHANGELOG.md" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-11627" } ], "schema_version": "1.7.0", "summary": "sinatra -- XSS vulnerability" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "mailman" }, "ranges": [ { "events": [ { "fixed": "2.1.28" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "mailman-with-htdig" }, "ranges": [ { "events": [ { "fixed": "2.1.28" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "ja-mailman" }, "ranges": [ { "events": [ { "fixed": "2.1.14.j7_6,1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://bugs.launchpad.net/mailman/+bug/1780874" ], "discovery": "2018-07-09T00:00:00Z", "references": { "cvename": [ "CVE-2018-13796" ] }, "vid": "b4f0ad36-94a5-11e8-9007-080027ac955c" }, "details": "Mark Sapiro reports:\n\n> A URL with a very long text listname such as\n>\n> http://www.example.com/mailman/listinfo/This_is_a_long_string_with_some_phishing_text\n>\n> will echo the text in the \\\"No such list\\\" error response. This can be\n> used to make a potential victim think the phishing text comes from a\n> trusted site.\n>\n> This issue was discovered by Hammad Qureshi.\n", "id": "FreeBSD-2018-0188", "modified": "2018-07-31T00:00:00Z", "published": "2018-07-31T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://bugs.launchpad.net/mailman/+bug/1780874" }, { "type": "WEB", "url": "https://bugs.launchpad.net/mailman/+bug/1780874" }, { "type": "WEB", "url": "https://mail.python.org/pipermail/mailman-announce/2018-July/000241.html" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-13796" } ], "schema_version": "1.7.0", "summary": "mailman -- content spoofing with invalid list names in web UI" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "mantis" }, "ranges": [ { "events": [ { "fixed": "2.15.0,1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://github.com/mantisbt/mantisbt/commit/8b5fa243dbf04344a55fe880135ec149fc1f439f" ], "discovery": "2018-07-13T00:00:00Z", "references": { "cvename": [ "CVE-2018-14504", "CVE-2018-13066" ] }, "vid": "0822a4cf-9318-11e8-8d88-00e04c1ea73d" }, "details": "mantis reports:\n\n> Teun Beijers reported a cross-site scripting (XSS) vulnerability in\n> the Edit Filter page which allows execution of arbitrary code (if CSP\n> settings permit it) when displaying a filter with a crafted name.\n> Prevent the attack by sanitizing the filter name before display.\n>\n> \u00d6mer C\u0131tak, Security Researcher at Netsparker, reported this\n> vulnerability, allowing remote attackers to inject arbitrary code (if\n> CSP settings permit it) through a crafted PATH_INFO on\n> view_filters_page.php. Prevent the attack by sanitizing the output of\n> \\$\\_SERVER\\[\\'PHP_SELF\\'\\] before display.\n", "id": "FreeBSD-2018-0187", "modified": "2018-08-24T00:00:00Z", "published": "2018-07-29T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://github.com/mantisbt/mantisbt/commit/8b5fa243dbf04344a55fe880135ec149fc1f439f" }, { "type": "WEB", "url": "https://github.com/mantisbt/mantisbt/commit/8b5fa243dbf04344a55fe880135ec149fc1f439f" }, { "type": "WEB", "url": "https://github.com/mantisbt/mantisbt/commit/4efac90ed89a5c009108b641e2e95683791a165a" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-14504" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-13066" } ], "schema_version": "1.7.0", "summary": "mantis -- multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "py27-bleach" }, "ranges": [ { "events": [ { "introduced": "2.1.0" }, { "fixed": "2.1.3" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "py36-bleach" }, "ranges": [ { "events": [ { "introduced": "2.1.0" }, { "fixed": "2.1.3" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://github.com/mozilla/bleach/blob/v2.1.3/CHANGES" ], "discovery": "2018-03-05T00:00:00Z", "vid": "e97a8852-32dd-4291-ba4d-92711daff056" }, "details": "bleach developer reports:\n\n> Attributes that have URI values weren\\'t properly sanitized if the\n> values contained character entities. Using character entities, it was\n> possible to construct a URI value with a scheme that was not allowed\n> that would slide through unsanitized.\n>\n> This security issue was introduced in Bleach 2.1. Anyone using Bleach\n> 2.1 is highly encouraged to upgrade.\n", "id": "FreeBSD-2018-0186", "modified": "2018-07-27T00:00:00Z", "published": "2018-07-27T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://github.com/mozilla/bleach/blob/v2.1.3/CHANGES" }, { "type": "WEB", "url": "https://github.com/mozilla/bleach/blob/v2.1.3/CHANGES" } ], "schema_version": "1.7.0", "summary": "py-bleach -- unsanitized character entities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "lshell" }, "ranges": [ { "events": [ { "fixed": "0.9.18" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://github.com/ghantoos/lshell/issues/151" ], "discovery": "2015-07-25T00:00:00Z", "vid": "07d04eef-d8e2-11e6-a071-001e67f15f5a" }, "details": "lshell reports:\n\n> The autocomplete feature allows users to list directories, while they\n> do not have access to those paths (issue #109).\n", "id": "FreeBSD-2018-0185", "modified": "2018-07-27T00:00:00Z", "published": "2018-07-27T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://github.com/ghantoos/lshell/issues/151" }, { "type": "WEB", "url": "https://github.com/ghantoos/lshell/issues/109" } ], "schema_version": "1.7.0", "summary": "lshell -- Shell autocomplete reveals forbidden directories" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "lshell" }, "ranges": [ { "events": [ { "last_affected": "0.9.18" }, { "fixed": "0.9.18" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://github.com/ghantoos/lshell/issues/151" ], "discovery": "2016-02-04T00:00:00Z", "vid": "f353525a-d8b8-11e6-a071-001e67f15f5a" }, "details": "lshell reports:\n\n> It is possible to escape lshell if an allowed command can execute an\n> arbitrary non allowed one (issue #122).\n>\n> Inappropriate parsing of commands can lead to arbitrary command\n> execution (issue #147, #149, #151).\n", "id": "FreeBSD-2018-0184", "modified": "2018-07-27T00:00:00Z", "published": "2018-07-27T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://github.com/ghantoos/lshell/issues/151" }, { "type": "WEB", "url": "https://github.com/ghantoos/lshell/issues/122" }, { "type": "WEB", "url": "https://github.com/ghantoos/lshell/issues/147" }, { "type": "WEB", "url": "https://github.com/ghantoos/lshell/issues/149" }, { "type": "WEB", "url": "https://github.com/ghantoos/lshell/issues/151" } ], "schema_version": "1.7.0", "summary": "lshell -- Multiple security issues" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "openjpeg" }, "ranges": [ { "events": [ { "fixed": "2.3.0_3" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://github.com/uclouvain/openjpeg/issues?q=is%3Aissue+CVE-2017-17479+OR+CVE-2017-17480+OR+CVE-2018-5785+OR+CVE-2018-6616" ], "discovery": "2017-12-08T00:00:00Z", "references": { "cvename": [ "CVE-2017-17479", "CVE-2017-17480", "CVE-2018-5785", "CVE-2018-6616" ] }, "vid": "11dc3890-0e64-11e8-99b0-d017c2987f9a" }, "details": "OpenJPEG reports:\n\n> Multiple vulnerabilities have been found in OpenJPEG, the opensource\n> JPEG 2000 codec. Please consult the CVE list for further details.\n>\n> CVE-2017-17479 and CVE-2017-17480 were fixed in r477112.\n>\n> CVE-2018-5785 was fixed in r480624.\n>\n> CVE-2018-6616 was fixed in r489415.\n", "id": "FreeBSD-2018-0183", "modified": "2019-02-11T00:00:00Z", "published": "2018-07-27T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://github.com/uclouvain/openjpeg/issues?q=is%3Aissue+CVE-2017-17479+OR+CVE-2017-17480+OR+CVE-2018-5785+OR+CVE-2018-6616" }, { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-17479" }, { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-17480" }, { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-5785" }, { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-6616" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-17479" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-17480" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-5785" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-6616" } ], "schema_version": "1.7.0", "summary": "OpenJPEG -- multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "ffmpeg" }, "ranges": [ { "events": [ { "fixed": "3.3.5_1,1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "3.4,1" }, { "last_affected": "3.4.1_4,1" }, { "fixed": "3.4.1_4,1" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "http://ffmpeg.org/security.html" ], "discovery": "2017-10-09T00:00:00Z", "references": { "cvename": [ "CVE-2017-15186", "CVE-2017-15672", "CVE-2017-16840", "CVE-2017-17081", "CVE-2018-6392" ] }, "vid": "5ccbb2f8-c798-11e7-a633-009c02a2ab30" }, "details": "MITRE reports:\n\n> Multiple vulnerabilities have been found in FFmpeg. Please refer to\n> CVE list for details.\n>\n> Note: CVE-2017-15186 and CVE-2017-15672 affect only the 3.3 branch\n> before 3.3.5, CVE-2017-16840 and CVE-2017-17081 have been fixed in\n> 3.4.1. They\\'re listed here for completeness of the record.\n", "id": "FreeBSD-2018-0182", "modified": "2018-07-27T00:00:00Z", "published": "2018-07-27T00:00:00Z", "references": [ { "type": "REPORT", "url": "http://ffmpeg.org/security.html" }, { "type": "ADVISORY", "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15186" }, { "type": "ADVISORY", "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15672" }, { "type": "ADVISORY", "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16840" }, { "type": "ADVISORY", "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17081" }, { "type": "ADVISORY", "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6392" }, { "type": "WEB", "url": "http://ffmpeg.org/security.html" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-15186" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-15672" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-16840" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-17081" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-6392" } ], "schema_version": "1.7.0", "summary": "ffmpeg -- multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "gimp" }, "ranges": [ { "events": [ { "fixed": "2.8.22,2" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://www.securityfocus.com/bid/102765/references" ], "discovery": "2017-12-21T00:00:00Z", "references": { "cvename": [ "CVE-2017-17786" ] }, "vid": "bfda2d80-0858-11e8-ad5c-0021ccb9e74d" }, "details": "GNOME reports:\n\n> CVE-2017-17786 Out of bounds read / heap overflow in tga importer /\n> function bgr2rgb.part.1\n", "id": "FreeBSD-2018-0181", "modified": "2018-07-27T00:00:00Z", "published": "2018-07-27T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://www.securityfocus.com/bid/102765/references" }, { "type": "WEB", "url": "https://bugzilla.gnome.org/show_bug.cgi?id=739134" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-17786" } ], "schema_version": "1.7.0", "summary": "GIMP - Heap Buffer Overflow Vulnerability" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "chromium" }, "ranges": [ { "events": [ { "fixed": "68.0.3440.75" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://chromereleases.googleblog.com/2018/07/stable-channel-update-for-desktop.html" ], "discovery": "2018-07-24T00:00:00Z", "references": { "cvename": [ "CVE-2018-4117", "CVE-2018-6044", "CVE-2018-6150", "CVE-2018-6151", "CVE-2018-6152", "CVE-2018-6153", "CVE-2018-6154", "CVE-2018-6155", "CVE-2018-6156", "CVE-2018-6157", "CVE-2018-6158", "CVE-2018-6159", "CVE-2018-6160", "CVE-2018-6161", "CVE-2018-6162", "CVE-2018-6163", "CVE-2018-6164", "CVE-2018-6165", "CVE-2018-6166", "CVE-2018-6167", "CVE-2018-6168", "CVE-2018-6169", "CVE-2018-6170", "CVE-2018-6171", "CVE-2018-6172", "CVE-2018-6173", "CVE-2018-6174", "CVE-2018-6175", "CVE-2018-6176", "CVE-2018-6177", "CVE-2018-6178", "CVE-2018-6179" ] }, "vid": "b9c525d9-9198-11e8-beba-080027ef1a23" }, "details": "Google Chrome Releases reports:\n\n> 42 security fixes in this release, including:\n>\n> - \\[850350\\] High CVE-2018-6153: Stack buffer overflow in Skia.\n> Reported by Zhen Zhou of NSFOCUS Security Team on 2018-06-07\n> - \\[848914\\] High CVE-2018-6154: Heap buffer overflow in WebGL.\n> Reported by Omair on 2018-06-01\n> - \\[842265\\] High CVE-2018-6155: Use after free in WebRTC. Reported by\n> Natalie Silvanovich of Google Project Zero on 2018-05-11\n> - \\[841962\\] High CVE-2018-6156: Heap buffer overflow in WebRTC.\n> Reported by Natalie Silvanovich of Google Project Zero on 2018-05-10\n> - \\[840536\\] High CVE-2018-6157: Type confusion in WebRTC. Reported by\n> Natalie Silvanovich of Google Project Zero on 2018-05-07\n> - \\[812667\\] Medium CVE-2018-6150: Cross origin information disclosure\n> in Service Workers. Reported by Rob Wu on 2018-02-15\n> - \\[805905\\] Medium CVE-2018-6151: Bad cast in DevTools. Reported by\n> Rob Wu on 2018-01-25\n> - \\[805445\\] Medium CVE-2018-6152: Local file write in DevTools.\n> Reported by Rob Wu on 2018-01-24\n> - \\[841280\\] Medium CVE-2018-6158: Use after free in Blink. Reported\n> by Zhe Jin, Luyao Liu from Chengdu Security Response Center of Qihoo\n> 360 Technology Co. Ltd on 2018-05-09\n> - \\[837275\\] Medium CVE-2018-6159: Same origin policy bypass in\n> ServiceWorker. Reported by Jun Kokatsu (@shhnjk) on 2018-04-26\n> - \\[839822\\] Medium CVE-2018-6160: URL spoof in Chrome on iOS.\n> Reported by evi1m0 of Bilibili Security Team on 2018-05-04\n> - \\[826552\\] Medium CVE-2018-6161: Same origin policy bypass in\n> WebAudio. Reported by Jun Kokatsu (@shhnjk) on 2018-03-27\n> - \\[804123\\] Medium CVE-2018-6162: Heap buffer overflow in WebGL.\n> Reported by Omair on 2018-01-21\n> - \\[849398\\] Medium CVE-2018-6163: URL spoof in Omnibox. Reported by\n> Khalil Zhani on 2018-06-04\n> - \\[848786\\] Medium CVE-2018-6164: Same origin policy bypass in\n> ServiceWorker. Reported by Jun Kokatsu (@shhnjk) on 2018-06-01\n> - \\[847718\\] Medium CVE-2018-6165: URL spoof in Omnibox. Reported by\n> evi1m0 of Bilibili Security Team on 2018-05-30\n> - \\[835554\\] Medium CVE-2018-6166: URL spoof in Omnibox. Reported by\n> Lnyas Zhang on 2018-04-21\n> - \\[833143\\] Medium CVE-2018-6167: URL spoof in Omnibox. Reported by\n> Lnyas Zhang on 2018-04-15\n> - \\[828265\\] Medium CVE-2018-6168: CORS bypass in Blink. Reported by\n> Gunes Acar and Danny Y. Huang of Princeton University, Frank Li of\n> UC Berkeley on 2018-04-03\n> - \\[394518\\] Medium CVE-2018-6169: Permissions bypass in extension\n> installation. Reported by Sam P on 2014-07-16\n> - \\[862059\\] Medium CVE-2018-6170: Type confusion in PDFium. Reported\n> by Anonymous on 2018-07-10\n> - \\[851799\\] Medium CVE-2018-6171: Use after free in WebBluetooth.\n> Reported by amazon@mimetics.ca on 2018-06-12\n> - \\[847242\\] Medium CVE-2018-6172: URL spoof in Omnibox. Reported by\n> Khalil Zhani on 2018-05-28\n> - \\[836885\\] Medium CVE-2018-6173: URL spoof in Omnibox. Reported by\n> Khalil Zhani on 2018-04-25\n> - \\[835299\\] Medium CVE-2018-6174: Integer overflow in SwiftShader.\n> Reported by Mark Brand of Google Project Zero on 2018-04-20\n> - \\[826019\\] Medium CVE-2018-6175: URL spoof in Omnibox. Reported by\n> Khalil Zhani on 2018-03-26\n> - \\[666824\\] Medium CVE-2018-6176: Local user privilege escalation in\n> Extensions. Reported by Jann Horn of Google Project Zero on\n> 2016-11-18\n> - \\[826187\\] Low CVE-2018-6177: Cross origin information leak in\n> Blink. Reported by Ron Masas (Imperva) on 2018-03-27\n> - \\[823194\\] Low CVE-2018-6178: UI spoof in Extensions. Reported by\n> Khalil Zhani on 2018-03-19\n> - \\[816685\\] Low CVE-2018-6179: Local file information leak in\n> Extensions. Reported by Anonymous on 2018-02-26\n> - \\[797461\\] Low CVE-2018-6044: Request privilege escalation in\n> Extensions. Reported by Wob Wu on 2017-12-23\n> - \\[791324\\] Low CVE-2018-4117: Cross origin information leak in\n> Blink. Reported by AhsanEjaz - \\@AhsanEjazA on 2017-12-03\n> - \\[866821\\] Various fixes from internal audits, fuzzing and other\n> initiatives\n", "id": "FreeBSD-2018-0180", "modified": "2018-07-27T00:00:00Z", "published": "2018-07-27T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://chromereleases.googleblog.com/2018/07/stable-channel-update-for-desktop.html" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-4117" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-6044" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-6150" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-6151" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-6152" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-6153" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-6154" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-6155" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-6156" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-6157" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-6158" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-6159" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-6160" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-6161" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-6162" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-6163" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-6164" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-6165" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-6166" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-6167" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-6168" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-6169" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-6170" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-6171" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-6172" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-6173" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-6174" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-6175" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-6176" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-6177" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-6178" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-6179" }, { "type": "WEB", "url": "https://chromereleases.googleblog.com/2018/07/stable-channel-update-for-desktop.html" } ], "schema_version": "1.7.0", "summary": "chromium -- multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "curl" }, "ranges": [ { "events": [ { "introduced": "7.54.1" }, { "fixed": "7.61.0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://curl.haxx.se/docs/adv_2018-70a2.html" ], "discovery": "2018-07-11T00:00:00Z", "references": { "cvename": [ "CVE-2018-0500" ] }, "vid": "3849e28f-8693-11e8-9610-9c5c8e75236a" }, "details": "Peter Wu reports:\n\n> curl might overflow a heap based memory buffer when sending data over\n> SMTP and using a reduced read buffer.\n", "id": "FreeBSD-2018-0179", "modified": "2018-07-28T00:00:00Z", "published": "2018-07-27T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://curl.haxx.se/docs/adv_2018-70a2.html" }, { "type": "WEB", "url": "https://curl.haxx.se/docs/adv_2018-70a2.html" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-0500" } ], "schema_version": "1.7.0", "summary": "curl -- SMTP send heap buffer overflow" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "gitlab-ce" }, "ranges": [ { "events": [ { "introduced": "11.1.0" }, { "fixed": "11.1.2" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "11.0.0" }, { "fixed": "11.0.5" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "2.7.0" }, { "fixed": "10.8.7" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://about.gitlab.com/2018/07/26/security-release-gitlab-11-dot-1-dot-2-released/" ], "discovery": "2018-07-26T00:00:00Z", "references": { "cvename": [ "CVE-2018-14601", "CVE-2018-14602", "CVE-2018-14603", "CVE-2018-14604", "CVE-2018-14605", "CVE-2018-14606" ] }, "vid": "2da838f9-9168-11e8-8c75-d8cb8abf62dd" }, "details": "Gitlab reports:\n\n> Markdown DoS\n>\n> Information Disclosure Prometheus Metrics\n>\n> CSRF in System Hooks\n>\n> Persistent XSS Pipeline Tooltip\n>\n> Persistent XSS in Branch Name via Web IDE\n>\n> Persistent XSS in Branch Name via Web IDE\n", "id": "FreeBSD-2018-0178", "modified": "2018-07-27T00:00:00Z", "published": "2018-07-27T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://about.gitlab.com/2018/07/26/security-release-gitlab-11-dot-1-dot-2-released/" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-14601" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-14602" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-14603" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-14604" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-14605" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-14606" }, { "type": "WEB", "url": "https://about.gitlab.com/2018/07/26/security-release-gitlab-11-dot-1-dot-2-released/" } ], "schema_version": "1.7.0", "summary": "Gitlab -- multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "vips" }, "ranges": [ { "events": [ { "fixed": "8.6.5" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://github.com/jcupitt/libvips/releases/tag/v8.6.5" ], "discovery": "2018-07-22T00:00:00Z", "vid": "38fec4bd-90f7-11e8-aafb-1c39475b9f84" }, "details": "libvips reports:\n\n> A buffer overflow was found and fixed in the libvips code\n", "id": "FreeBSD-2018-0177", "modified": "2018-07-26T00:00:00Z", "published": "2018-07-26T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://github.com/jcupitt/libvips/releases/tag/v8.6.5" }, { "type": "WEB", "url": "https://github.com/jcupitt/libvips/releases/tag/v8.6.5" } ], "schema_version": "1.7.0", "summary": "Fix a buffer overflow in the tiff reader" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "libsixel" }, "ranges": [ { "events": [ { "fixed": "1.8.2,1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://nvd.nist.gov/vuln/detail/CVE-2018-14072" ], "discovery": "2018-07-15T00:00:00Z", "references": { "cvename": [ "CVE-2018-14072", "CVE-2018-14073" ] }, "vid": "efe43d2b-8f35-11e8-b9e8-dcfe074bd614" }, "details": "MITRE reports:\n\n> bsixel 1.8.1 has a memory leak in sixel_decoder_decode in decoder.c,\n> image_buffer_resize in fromsixel.c, sixel_decode_raw in fromsixel.c\n> and sixel_allocator_new in allocator.c\n", "id": "FreeBSD-2018-0176", "modified": "2018-07-24T00:00:00Z", "published": "2018-07-24T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-14072" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-14072" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-14073" }, { "type": "ADVISORY", "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14072" }, { "type": "ADVISORY", "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14073" } ], "schema_version": "1.7.0", "summary": "Memory leak in different components" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "vlc" }, "ranges": [ { "events": [ { "last_affected": "2.2.8_6,4" }, { "fixed": "2.2.8_6,4" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "vlc-qt4" }, "ranges": [ { "events": [ { "last_affected": "2.2.8_6,4" }, { "fixed": "2.2.8_6,4" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11529" ], "discovery": "2018-06-06T00:00:00Z", "references": { "cvename": [ "CVE-2018-11529" ] }, "vid": "dc57ad48-ecbb-439b-a4d0-5869be47684e" }, "details": "Mitre reports:\n\n> VideoLAN VLC media player 2.2.x is prone to a use after free\n> vulnerability which an attacker can leverage to execute arbitrary code\n> via crafted MKV files. Failed exploit attempts will likely result in\n> denial of service conditions.\n", "id": "FreeBSD-2018-0175", "modified": "2018-07-21T00:00:00Z", "published": "2018-07-21T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11529" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-11529" }, { "type": "ADVISORY", "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11529" }, { "type": "WEB", "url": "http://seclists.org/fulldisclosure/2018/Jul/28" }, { "type": "WEB", "url": "https://github.com/rapid7/metasploit-framework/pull/10335" }, { "type": "WEB", "url": "https://github.com/videolan/vlc-3.0/commit/c472668ff873cfe29281822b4548715fb7bb0368" }, { "type": "WEB", "url": "https://github.com/videolan/vlc-3.0/commit/d2dadb37e7acc25ae08df71e563855d6e17b5b42" } ], "schema_version": "1.7.0", "summary": "vlc -- Use after free vulnerability" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "mutt" }, "ranges": [ { "events": [ { "fixed": "1.10.1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "http://lists.mutt.org/pipermail/mutt-announce/Week-of-Mon-20180716/000004.html" ], "discovery": "2018-07-15T00:00:00Z", "references": { "cvename": [ "CVE-2018-14349", "CVE-2018-14350", "CVE-2018-14351", "CVE-2018-14352", "CVE-2018-14353", "CVE-2018-14354", "CVE-2018-14355", "CVE-2018-14356", "CVE-2018-14357", "CVE-2018-14358", "CVE-2018-14359", "CVE-2018-14362" ] }, "vid": "a2f35081-8a02-11e8-8fa5-4437e6ad11c4" }, "details": "Kevin J. McCarthy reports:\n\n> Fixes a remote code injection vulnerability when \\\"subscribing\\\" to an\n> IMAP mailbox, either via \\$imap_check_subscribed, or via the\n> \\ function in the browser menu. Mutt was generating a\n> \\\"mailboxes\\\" command and sending that along to the muttrc parser.\n> However, it was not escaping \\\"\\`\\\", which executes code and inserts\n> the result. This would allow a malicious IMAP server to execute\n> arbitrary code (for \\$imap_check_subscribed).\n>\n> Fixes POP body caching path traversal vulnerability.\n>\n> Fixes IMAP header caching path traversal vulnerability.\n>\n> CVE-2018-14349 - NO Response Heap Overflow\n>\n> CVE-2018-14350 - INTERNALDATE Stack Overflow\n>\n> CVE-2018-14351 - STATUS Literal Length relative write\n>\n> CVE-2018-14352 - imap_quote_string off-by-one stack overflow\n>\n> CVE-2018-14353 - imap_quote_string int underflow\n>\n> CVE-2018-14354 - imap_subscribe Remote Code Execution\n>\n> CVE-2018-14355 - STATUS mailbox header cache directory traversal\n>\n> CVE-2018-14356 - POP empty UID NULL deref\n>\n> CVE-2018-14357 - LSUB Remote Code Execution\n>\n> CVE-2018-14358 - RFC822.SIZE Stack Overflow\n>\n> CVE-2018-14359 - base64 decode Stack Overflow\n>\n> CVE-2018-14362 - POP Message Cache Directory Traversal\n", "id": "FreeBSD-2018-0174", "modified": "2018-07-17T00:00:00Z", "published": "2018-07-17T00:00:00Z", "references": [ { "type": "REPORT", "url": "http://lists.mutt.org/pipermail/mutt-announce/Week-of-Mon-20180716/000004.html" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-14349" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-14350" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-14351" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-14352" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-14353" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-14354" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-14355" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-14356" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-14357" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-14358" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-14359" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-14362" }, { "type": "WEB", "url": "http://lists.mutt.org/pipermail/mutt-announce/Week-of-Mon-20180716/000004.html" } ], "schema_version": "1.7.0", "summary": "mutt -- remote code injection and path traversal vulnerability" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "neomutt" }, "ranges": [ { "events": [ { "fixed": "20180716" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "mutt" }, "ranges": [ { "events": [ { "fixed": "1.10.1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "mutt14" }, "ranges": [ { "events": [ { "fixed": "0" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://github.com/neomutt/neomutt/releases/tag/neomutt-20180716" ], "discovery": "2018-07-10T00:00:00Z", "references": { "cvename": [ "CVE-2018-14349", "CVE-2018-14350", "CVE-2018-14351", "CVE-2018-14352", "CVE-2018-14353", "CVE-2018-14354", "CVE-2018-14355", "CVE-2018-14356", "CVE-2018-14357", "CVE-2018-14358", "CVE-2018-14359", "CVE-2018-14360", "CVE-2018-14361", "CVE-2018-14362", "CVE-2018-14363" ] }, "vid": "fe12ef83-8b47-11e8-96cc-001a4a7ec6be" }, "details": "NeoMutt report:\n\n> # Description\n>\n> ##### CVE-2018-14349\n>\n> NO Response Heap Overflow\n>\n> ##### CVE-2018-14350\n>\n> INTERNALDATE Stack Overflow\n>\n> ##### CVE-2018-14351\n>\n> STATUS Literal Length relative write\n>\n> ##### CVE-2018-14352\n>\n> imap_quote_string off-by-one stack overflow\n>\n> ##### CVE-2018-14353\n>\n> imap_quote_string int underflow\n>\n> ##### CVE-2018-14354\n>\n> imap_subscribe Remote Code Execution\n>\n> ##### CVE-2018-14355\n>\n> STATUS mailbox header cache directory traversal\n>\n> ##### CVE-2018-14356\n>\n> POP empty UID NULL deref\n>\n> ##### CVE-2018-14357\n>\n> LSUB Remote Code Execution\n>\n> ##### CVE-2018-14358\n>\n> RFC822.SIZE Stack Overflow\n>\n> ##### CVE-2018-14359\n>\n> base64 decode Stack Overflow\n>\n> ##### CVE-2018-14360\n>\n> NNTP Group Stack Overflow\n>\n> ##### CVE-2018-14361\n>\n> NNTP Write 1 where via GROUP response\n>\n> ##### CVE-2018-14362\n>\n> POP Message Cache Directory Traversal\n>\n> ##### CVE-2018-14363\n>\n> NNTP Header Cache Directory Traversal\n", "id": "FreeBSD-2018-0173", "modified": "2018-07-19T00:00:00Z", "published": "2018-07-19T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://github.com/neomutt/neomutt/releases/tag/neomutt-20180716" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-14349" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-14350" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-14351" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-14352" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-14353" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-14354" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-14355" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-14356" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-14357" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-14358" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-14359" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-14360" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-14361" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-14362" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-14363" }, { "type": "WEB", "url": "https://github.com/neomutt/neomutt/releases/tag/neomutt-20180716" } ], "schema_version": "1.7.0", "summary": "mutt/neomutt -- multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "jenkins" }, "ranges": [ { "events": [ { "fixed": "2.133" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "jenkins-lts" }, "ranges": [ { "events": [ { "fixed": "2.121.2" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://jenkins.io/security/advisory/2018-07-18/" ], "discovery": "2018-07-18T00:00:00Z", "references": { "cvename": [ "CVE-2018-1999001", "CVE-2018-1999002", "CVE-2018-1999003", "CVE-2018-1999004", "CVE-2018-1999005", "CVE-2018-1999006", "CVE-2018-1999007" ] }, "vid": "20a1881e-8a9e-11e8-bddf-d017c2ca229d" }, "details": "Jenkins Security Advisory:\n\n> # Description\n>\n> ##### (High) SECURITY-897 / CVE-2018-1999001\n>\n> Users without Overall/Read permission can have Jenkins reset parts of\n> global configuration on the next restart\n>\n> ##### (High) SECURITY-914 / CVE-2018-1999002\n>\n> Arbitrary file read vulnerability\n>\n> ##### (Medium) SECURITY-891 / CVE-2018-1999003\n>\n> Unauthorized users could cancel queued builds\n>\n> ##### (Medium) SECURITY-892 / CVE-2018-1999004\n>\n> Unauthorized users could initiate and abort agent launches\n>\n> ##### (Medium) SECURITY-944 / CVE-2018-1999005\n>\n> Stored XSS vulnerability\n>\n> ##### (Medium) SECURITY-925 / CVE-2018-1999006\n>\n> Unauthorized users are able to determine when a plugin was extracted\n> from its JPI package\n>\n> ##### (Medium) SECURITY-390 / CVE-2018-1999007\n>\n> XSS vulnerability in Stapler debug mode\n", "id": "FreeBSD-2018-0172", "modified": "2018-07-18T00:00:00Z", "published": "2018-07-18T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://jenkins.io/security/advisory/2018-07-18/" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-1999001" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-1999002" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-1999003" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-1999004" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-1999005" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-1999006" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-1999007" }, { "type": "WEB", "url": "https://jenkins.io/security/advisory/2018-07-18/" } ], "schema_version": "1.7.0", "summary": "jenkins -- multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "znc" }, "ranges": [ { "events": [ { "fixed": "1.7.1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14055", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14056" ], "discovery": "2018-07-14T00:00:00Z", "references": { "cvename": [ "CVE-2018-14055", "CVE-2018-14056" ] }, "vid": "c6d1a8a6-8a91-11e8-be4d-005056925db4" }, "details": "Mitre reports:\n\n> ZNC before 1.7.1-rc1 does not properly validate untrusted lines coming\n> from the network, allowing a non-admin user to escalate his privilege\n> and inject rogue values into znc.conf.\n\n> ZNC before 1.7.1-rc1 is prone to a path traversal flaw via ../ in a\n> web skin name to access files outside of the intended skins\n> directories.\n", "id": "FreeBSD-2018-0171", "modified": "2018-07-18T00:00:00Z", "published": "2018-07-18T00:00:00Z", "references": [ { "type": "REPORT", "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14055" }, { "type": "REPORT", "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14056" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-14055" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-14056" }, { "type": "WEB", "url": "https://wiki.znc.in/ChangeLog/1.7.1" } ], "schema_version": "1.7.0", "summary": "znc -- multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "apache24" }, "ranges": [ { "events": [ { "fixed": "2.4.34" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "http://httpd.apache.org/security/vulnerabilities_24.html" ], "discovery": "2018-07-18T00:00:00Z", "references": { "cvename": [ "CVE-2018-1333", "CVE-2018-8011" ] }, "vid": "8b1a50ab-8a8e-11e8-add2-b499baebfeaf" }, "details": "The Apache project reports:\n\n> - DoS for HTTP/2 connections by crafted requests (CVE-2018-1333). By\n> specially crafting HTTP/2 requests, workers would be allocated 60\n> seconds longer than necessary, leading to worker exhaustion and a\n> denial of service. (low)\n> - mod_md, DoS via Coredumps on specially crafted requests\n> (CVE-2018-8011). By specially crafting HTTP requests, the mod_md\n> challenge handler would dereference a NULL pointer and cause the\n> child process to segfault. This could be used to DoS the server.\n> (moderate)\n", "id": "FreeBSD-2018-0170", "modified": "2018-07-18T00:00:00Z", "published": "2018-07-18T00:00:00Z", "references": [ { "type": "REPORT", "url": "http://httpd.apache.org/security/vulnerabilities_24.html" }, { "type": "WEB", "url": "http://httpd.apache.org/security/vulnerabilities_24.html" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-1333" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-8011" } ], "schema_version": "1.7.0", "summary": "Apache httpd -- multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "gitlab-ce" }, "ranges": [ { "events": [ { "introduced": "11.0.0" }, { "fixed": "11.0.4" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "10.8.0" }, { "fixed": "10.8.6" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "8.9.0" }, { "fixed": "10.7.7" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "gitlab" }, "ranges": [ { "events": [ { "introduced": "11.0.0" }, { "fixed": "11.0.4" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "10.8.0" }, { "fixed": "10.8.6" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "8.9.0" }, { "fixed": "10.7.7" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://about.gitlab.com/2018/07/17/critical-security-release-gitlab-11-dot-0-dot-4-released/" ], "discovery": "2018-07-17T00:00:00Z", "references": { "cvename": [ "CVE-2018-14364" ] }, "vid": "8fc615cc-8a66-11e8-8c75-d8cb8abf62dd" }, "details": "Gitlab reports:\n\n> Remote Code Execution Vulnerability in GitLab Projects Import\n", "id": "FreeBSD-2018-0169", "modified": "2018-07-18T00:00:00Z", "published": "2018-07-18T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://about.gitlab.com/2018/07/17/critical-security-release-gitlab-11-dot-0-dot-4-released/" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-14364" }, { "type": "WEB", "url": "https://about.gitlab.com/2018/07/17/critical-security-release-gitlab-11-dot-0-dot-4-released/" } ], "schema_version": "1.7.0", "summary": "Gitlab -- Remote Code Execution Vulnerability in GitLab Projects Import" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "typo3-7" }, "ranges": [ { "events": [ { "fixed": "7.6.30" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "typo3-8" }, "ranges": [ { "events": [ { "fixed": "8.7.17" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://typo3.org/article/typo3-931-8717-and-7630-security-releases-published/" ], "discovery": "2018-07-12T00:00:00Z", "vid": "ef013039-89cd-11e8-84e9-00e04c1ea73d" }, "details": "Typo3 core team reports:\n\n> It has been discovered that TYPO3's Salted Password system extension\n> (which is a mandatory system component) is vulnerable to\n> Authentication Bypass when using hashing methods which are related by\n> PHP class inheritance. In standard TYPO3 core distributions stored\n> passwords using the blowfish hashing algorithm can be overridden when\n> using MD5 as the default hashing algorithm by just knowing a valid\n> username. Per default the Portable PHP hashing algorithm (PHPass) is\n> used which is not vulnerable.\n>\n> Phar files (formerly known as \\\"PHP archives\\\") can act als self\n> extracting archives which leads to the fact that source code is\n> executed when Phar files are invoked. The Phar file format is not\n> limited to be stored with a dedicated file extension - \\\"bundle.phar\\\"\n> would be valid as well as \\\"bundle.txt\\\" would be. This way, Phar\n> files can be obfuscated as image or text file which would not be\n> denied from being uploaded and persisted to a TYPO3 installation. Due\n> to a missing sanitization of user input, those Phar files can be\n> invoked by manipulated URLs in TYPO3 backend forms. A valid backend\n> user account is needed to exploit this vulnerability. In theory the\n> attack vector would be possible in the TYPO3 frontend as well, however\n> no functional exploit has been identified so far.\n>\n> Failing to properly dissociate system related configuration from user\n> generated configuration, the Form Framework (system extension\n> \\\"form\\\") is vulnerable to SQL injection and Privilege Escalation.\n> Basically instructions can be persisted to a form definition file that\n> were not configured to be modified - this applies to definitions\n> managed using the form editor module as well as direct file upload\n> using the regular file list module. A valid backend user account as\n> well as having system extension form activated are needed in order to\n> exploit this vulnerability.\n>\n> It has been discovered that the Form Framework (system extension\n> \\\"form\\\") is vulnerable to Insecure Deserialization when being used\n> with the additional PHP PECL package \"yaml\", which is capable of\n> unserializing YAML contents to PHP objects. A valid backend user\n> account as well as having PHP setting \\\"yaml.decode_php\\\" enabled is\n> needed to exploit this vulnerability.\n", "id": "FreeBSD-2018-0168", "modified": "2018-07-17T00:00:00Z", "published": "2018-07-17T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://typo3.org/article/typo3-931-8717-and-7630-security-releases-published/" }, { "type": "WEB", "url": "https://typo3.org/security/advisory/typo3-core-sa-2018-001/" }, { "type": "WEB", "url": "https://typo3.org/security/advisory/typo3-core-sa-2018-002/" }, { "type": "WEB", "url": "https://typo3.org/security/advisory/typo3-core-sa-2018-003/" }, { "type": "WEB", "url": "https://typo3.org/security/advisory/typo3-core-sa-2018-004/" } ], "schema_version": "1.7.0", "summary": "typo3 -- multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "bouncycastle" }, "ranges": [ { "events": [ { "fixed": "1.60" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "bouncycastle15" }, "ranges": [ { "events": [ { "fixed": "1.60" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "puppetserver" }, "ranges": [ { "events": [ { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "puppetserver5" }, "ranges": [ { "events": [ { "fixed": "5.3.8" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "puppetserver6" }, "ranges": [ { "events": [ { "fixed": "6.2.1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://www.bouncycastle.org/latest_releases.html" ], "discovery": "2018-06-30T00:00:00Z", "references": { "cvename": [ "CVE-2018-1000180", "CVE-2018-1000613" ] }, "vid": "fe93803c-883f-11e8-9f0c-001b216d295b" }, "details": "The Legion of the Bouncy Castle reports:\n\n> Release 1.60 is now available for download.\n>\n> CVE-2018-1000180: issue around primality tests for RSA key pair\n> generation if done using only the low-level API.\n>\n> CVE-2018-1000613: lack of class checking in deserialization of\n> XMSS/XMSS\\^MT private keys with BDS state information.\n", "id": "FreeBSD-2018-0167", "modified": "2018-07-15T00:00:00Z", "published": "2018-07-15T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://www.bouncycastle.org/latest_releases.html" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-1000180" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-1000613" }, { "type": "WEB", "url": "https://www.bouncycastle.org/latest_releases.html" } ], "schema_version": "1.7.0", "summary": "Several Security Defects in the Bouncy Castle Crypto APIs" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "qutebrowser" }, "ranges": [ { "events": [ { "introduced": "1.4.0" }, { "fixed": "1.4.1" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "1.0.0" }, { "fixed": "1.3.3_1" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://blog.qutebrowser.org/cve-2018-10895-remote-code-execution-due-to-csrf-in-qutebrowser.html" ], "discovery": "2018-07-11T00:00:00Z", "references": { "cvename": [ "CVE-2018-10895" ] }, "vid": "bd6cf187-8710-11e8-833d-18a6f7016652" }, "details": "qutebrowser team reports:\n\n> Due to a CSRF vulnerability affecting the qute://settings page, it was\n> possible for websites to modify qutebrowser settings. Via settings\n> like editor.command, this possibly allowed websites to execute\n> arbitrary code.\n", "id": "FreeBSD-2018-0166", "modified": "2018-07-14T00:00:00Z", "published": "2018-07-14T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://blog.qutebrowser.org/cve-2018-10895-remote-code-execution-due-to-csrf-in-qutebrowser.html" }, { "type": "WEB", "url": "http://seclists.org/oss-sec/2018/q3/29" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-10895" } ], "schema_version": "1.7.0", "summary": "qutebrowser -- Remote code execution due to CSRF" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "linux-flashplayer" }, "ranges": [ { "events": [ { "fixed": "30.0.0.134" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://helpx.adobe.com/security/products/flash-player/apsb18-24.html" ], "discovery": "2018-07-10T00:00:00Z", "references": { "cvename": [ "CVE-2018-5007", "CVE-2018-5008" ] }, "vid": "e78732b2-8528-11e8-9c42-6451062f0f7a" }, "details": "Adobe reports:\n\n> - This update resolves an out-of-bounds read vulnerability that could\n> lead to information disclosure (CVE-2018-5008).\n> - This update resolves a type confusion vulnerability that could lead\n> to arbitrary code execution (CVE-2018-5007).\n", "id": "FreeBSD-2018-0165", "modified": "2018-07-11T00:00:00Z", "published": "2018-07-11T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://helpx.adobe.com/security/products/flash-player/apsb18-24.html" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-5007" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-5008" }, { "type": "WEB", "url": "https://helpx.adobe.com/security/products/flash-player/apsb18-24.html" } ], "schema_version": "1.7.0", "summary": "Flash Player -- multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "couchdb" }, "ranges": [ { "events": [ { "fixed": "1.7.2,2" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://blog.couchdb.org/2018/07/10/cve-2018-8007/" ], "discovery": "2017-11-14T00:00:00Z", "references": { "cvename": [ "CVE-2018-8007", "CVE-2017-12636", "CVE-2017-12635" ] }, "vid": "1e54d140-8493-11e8-a795-0028f8d09152" }, "details": "Apache CouchDB PMC reports:\n\n> Database Administrator could achieve privilege escalation to the\n> account that CouchDB runs under, by abusing insufficient validation in\n> the HTTP API, escaping security controls implemented in previous\n> releases.\n", "id": "FreeBSD-2018-0164", "modified": "2018-07-10T00:00:00Z", "published": "2018-07-10T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://blog.couchdb.org/2018/07/10/cve-2018-8007/" }, { "type": "WEB", "url": "https://blog.couchdb.org/2018/07/10/cve-2018-8007/" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-8007" }, { "type": "WEB", "url": "https://blog.couchdb.org/2017/11/14/apache-couchdb-cve-2017-12635-and-cve-2017-12636/" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-12636" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-12635" }, { "type": "WEB", "url": "https://lists.apache.org/thread.html/6fa798e96686b7b0013ec2088140d00aeb7d34487d3f5ad032af6934@%3Cdev.couchdb.apache.org%3E" } ], "schema_version": "1.7.0", "summary": "couchdb -- multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "libgit2" }, "ranges": [ { "events": [ { "fixed": "0.27.3" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://github.com/libgit2/libgit2/releases/tag/v0.27.3" ], "discovery": "2018-07-09T00:00:00Z", "references": { "cvename": [ "CVE-2018-10887", "CVE-2018-10888" ] }, "vid": "3c9b7698-84da-11e8-8c75-d8cb8abf62dd" }, "details": "The Git community reports:\n\n> Out-of-bounds reads when reading objects from a packfile\n", "id": "FreeBSD-2018-0163", "modified": "2018-07-11T00:00:00Z", "published": "2018-07-11T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://github.com/libgit2/libgit2/releases/tag/v0.27.3" }, { "type": "WEB", "url": "https://github.com/libgit2/libgit2/releases/tag/v0.27.3" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-10887" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-10888" } ], "schema_version": "1.7.0", "summary": "Libgit2 -- multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "clamav" }, "ranges": [ { "events": [ { "fixed": "0.100.1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://blog.clamav.net/2018/07/clamav-01001-has-been-released.html" ], "discovery": "2018-07-09T00:00:00Z", "references": { "cvename": [ "CVE-2017-16932", "CVE-2018-0360", "CVE-2018-0361" ] }, "vid": "d1e9d8c5-839b-11e8-9610-9c5c8e75236a" }, "details": "Joel Esler reports:\n\n> 3 security fixes in this release:\n>\n> - CVE-2017-16932: Vulnerability in libxml2 dependency (affects ClamAV\n> on Windows only).\n> - CVE-2018-0360: HWP integer overflow, infinite loop vulnerability.\n> Reported by Secunia Research at Flexera.\n> - CVE-2018-0361: ClamAV PDF object length check, unreasonably long\n> time to parse relatively small file. Report ed by aCaB.\n", "id": "FreeBSD-2018-0162", "modified": "2018-07-09T00:00:00Z", "published": "2018-07-09T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://blog.clamav.net/2018/07/clamav-01001-has-been-released.html" }, { "type": "WEB", "url": "https://blog.clamav.net/2018/07/clamav-01001-has-been-released.html" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-16932" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-0360" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-0361" } ], "schema_version": "1.7.0", "summary": "clamav -- multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "zziplib" }, "ranges": [ { "events": [ { "fixed": "0.13.68" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://nvd.nist.gov/vuln/search/results?form_type=Advanced&results_type=overview&query=zziplib&search_type=all&pub_start_date=01%2F01%2F2017&pub_end_date=07%2F06%2F2018" ], "discovery": "2017-03-01T00:00:00Z", "references": { "cvename": [ "CVE-2017-5974", "CVE-2017-5975", "CVE-2017-5976", "CVE-2017-5977", "CVE-2017-5978", "CVE-2017-5979", "CVE-2017-5980", "CVE-2017-5981", "CVE-2018-6381", "CVE-2018-6484", "CVE-2018-6540", "CVE-2018-6541", "CVE-2018-6542", "CVE-2018-6869", "CVE-2018-7725", "CVE-2018-7726", "CVE-2018-7727" ] }, "vid": "7764b219-8148-11e8-aa4d-000e0cd7b374" }, "details": "NIST reports (by search in the range 2017/01/01 - 2018/07/06):\n\n> 17 security fixes in this release:\n>\n> - Heap-based buffer overflow in the \\_\\_zzip_get32 function in\n> fetch.c.\n> - Heap-based buffer overflow in the \\_\\_zzip_get64 function in\n> fetch.c.\n> - Heap-based buffer overflow in the zzip_mem_entry_extra_block\n> function in memdisk.c.\n> - The zzip_mem_entry_new function in memdisk.c allows remote attackers\n> to cause a denial of service (out-of-bounds read and crash) via a\n> crafted ZIP file.\n> - The prescan_entry function in fseeko.c allows remote attackers to\n> cause a denial of service (NULL pointer dereference and crash) via\n> crafted ZIP file.\n> - The zzip_mem_entry_new function in memdisk.c cause a NULL pointer\n> dereference and crash via a crafted ZIP file.\n> - seeko.c cause a denial of service (assertion failure and crash) via\n> a crafted ZIP file.\n> - A segmentation fault caused by invalid memory access in the\n> zzip_disk_fread function because the size variable is not validated\n> against the amount of file-\\>stored data.\n> - A memory alignment error and bus error in the\n> \\_\\_zzip_fetch_disk_trailer function of zzip/zip.c.\n> - A bus error caused by loading of a misaligned address in the\n> zzip_disk_findfirst function.\n> - An uncontrolled memory allocation and a crash in the\n> \\_\\_zzip_parse_root_directory function.\n> - An invalid memory address dereference was discovered in\n> zzip_disk_fread in mmapped.c.\n> - A memory leak triggered in the function zzip_mem_disk_new in\n> memdisk.c.\n", "id": "FreeBSD-2018-0161", "modified": "2018-07-06T00:00:00Z", "published": "2018-07-06T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://nvd.nist.gov/vuln/search/results?form_type=Advanced&results_type=overview&query=zziplib&search_type=all&pub_start_date=01%2F01%2F2017&pub_end_date=07%2F06%2F2018" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-5974" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-5975" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-5976" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-5977" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-5978" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-5979" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-5980" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-5981" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-6381" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-6484" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-6540" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-6541" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-6542" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-6869" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-7725" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-7726" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-7727" }, { "type": "WEB", "url": "https://nvd.nist.gov/vuln/search/results?form_type=Advanced&results_type=overview&query=zziplib&search_type=all&pub_start_date=01%2F01%2F2017&pub_end_date=07%2F06%2F2018\"" } ], "schema_version": "1.7.0", "summary": "zziplib - multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "wordpress" }, "ranges": [ { "events": [ { "fixed": "4.9.7,1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "fr-wordpress" }, "ranges": [ { "events": [ { "fixed": "4.9.7,1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "de-wordpress" }, "ranges": [ { "events": [ { "fixed": "4.9.7" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "zh_CN-wordpress" }, "ranges": [ { "events": [ { "fixed": "4.9.7" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "zh_TW-wordpress" }, "ranges": [ { "events": [ { "fixed": "4.9.7" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "ja-wordpress" }, "ranges": [ { "events": [ { "fixed": "4.9.7" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "ru-wordpress" }, "ranges": [ { "events": [ { "fixed": "4.9.7" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://wordpress.org/news/2018/07/wordpress-4-9-7-security-and-maintenance-release/" ], "discovery": "2018-07-05T00:00:00Z", "vid": "4740174c-82bb-11e8-a29a-00e04c1ea73d" }, "details": "wordpressdevelopers reports:\n\n> Taxonomy: Improve cache handling for term queries.\n>\n> Posts, Post Types: Clear post password cookie when logging out.\n>\n> Widgets: Allow basic HTML tags in sidebar descriptions on Widgets\n> admin screen.\n>\n> Community Events Dashboard: Always show the nearest WordCamp if one is\n> coming up, even if there are multiple Meetups happening first.\n>\n> Privacy: Make sure default privacy policy content does not cause a\n> fatal error when flushing rewrite rules outside of the admin context.\n", "id": "FreeBSD-2018-0160", "modified": "2018-07-08T00:00:00Z", "published": "2018-07-08T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://wordpress.org/news/2018/07/wordpress-4-9-7-security-and-maintenance-release/" }, { "type": "WEB", "url": "https://wordpress.org/news/2018/07/wordpress-4-9-7-security-and-maintenance-release/" } ], "schema_version": "1.7.0", "summary": "wordpress -- multiple issues" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "mybb" }, "ranges": [ { "events": [ { "fixed": "1.8.16" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://blog.mybb.com/2018/07/04/mybb-1-8-16-released-security-maintenance-release/" ], "discovery": "2018-07-04T00:00:00Z", "vid": "bfd5d004-81d4-11e8-a29a-00e04c1ea73d" }, "details": "mybb Team reports:\n\n> High risk: Image and URL MyCode Persistent XSS\n>\n> Medium risk: Multipage Reflected XSS\n>\n> Low risk: ACP logs XSS\n>\n> Low risk: Arbitrary file deletion via ACP's Settings\n>\n> Low risk: Login CSRF\n>\n> Low risk: Non-video content embedding via Video MyCode\n", "id": "FreeBSD-2018-0159", "modified": "2018-07-07T00:00:00Z", "published": "2018-07-07T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://blog.mybb.com/2018/07/04/mybb-1-8-16-released-security-maintenance-release/" }, { "type": "WEB", "url": "https://blog.mybb.com/2018/07/04/mybb-1-8-16-released-security-maintenance-release/" } ], "schema_version": "1.7.0", "summary": "mybb -- vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "expat" }, "ranges": [ { "events": [ { "fixed": "2.2.1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "libwww" }, "ranges": [ { "events": [ { "fixed": "5.4.2" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9063", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9233" ], "discovery": "2016-10-27T00:00:00Z", "references": { "cvename": [ "CVE-2016-9063", "CVE-2017-9233" ] }, "vid": "e375ff3f-7fec-11e8-8088-28d244aee256" }, "details": "Mitre reports:\n\n> An integer overflow during the parsing of XML using the Expat library.\n\n> XML External Entity vulnerability in libexpat 2.2.0 and earlier (Expat\n> XML Parser Library) allows attackers to put the parser in an infinite\n> loop using a malformed external entity definition from an external\n> DTD.\n", "id": "FreeBSD-2018-0158", "modified": "2018-07-05T00:00:00Z", "published": "2018-07-05T00:00:00Z", "references": [ { "type": "REPORT", "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9063" }, { "type": "REPORT", "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9233" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2016-9063" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-9233" }, { "type": "WEB", "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9063" }, { "type": "WEB", "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9233" }, { "type": "WEB", "url": "https://libexpat.github.io/doc/cve-2017-9233/" } ], "schema_version": "1.7.0", "summary": "expat -- multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "h2o" }, "ranges": [ { "events": [ { "fixed": "2.2.5" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://github.com/h2o/h2o/releases/tag/v2.2.5" ], "discovery": "2018-06-01T00:00:00Z", "references": { "cvename": [ "CVE-2018-0608" ] }, "vid": "ce39379f-7eb7-11e8-ab03-00bd7f19ff09" }, "details": "Marlies Ruck reports:\n\n> Fix heap buffer overflow while trying to emit access log - see\n> references for full details.\n>\n> CVE-2018-0608: Buffer overflow in H2O version 2.2.4 and earlier allows\n> remote attackers to execute arbitrary code or cause a denial of\n> service (DoS) via unspecified vectors.\n", "id": "FreeBSD-2018-0157", "modified": "2018-07-03T00:00:00Z", "published": "2018-07-03T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://github.com/h2o/h2o/releases/tag/v2.2.5" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-0608" }, { "type": "WEB", "url": "https://github.com/h2o/h2o/issues/1775" }, { "type": "WEB", "url": "https://github.com/h2o/h2o/releases/tag/v2.2.5" } ], "schema_version": "1.7.0", "summary": "h2o -- heap buffer overflow during logging" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "upp" }, "ranges": [ { "events": [ { "last_affected": "11540" }, { "fixed": "11540" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://nvd.nist.gov/vuln/detail/CVE-2018-8740" ], "discovery": "2018-03-16T00:00:00Z", "references": { "cvename": [ "CVE-2018-8740" ] }, "vid": "c1630aa3-7970-11e8-8634-dcfe074bd614" }, "details": "MITRE reports:\n\n> SQLite databases whose schema is corrupted using a CREATE TABLE AS\n> statement could cause a NULL pointer dereference, related to build.c\n> and prepare.c.\n", "id": "FreeBSD-2018-0156", "modified": "2018-07-01T00:00:00Z", "published": "2018-07-01T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-8740" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-8740" }, { "type": "WEB", "url": "http://openwall.com/lists/oss-security/2018/03/17/1" } ], "schema_version": "1.7.0", "summary": "SQLite -- Corrupt DB can cause a NULL pointer dereference" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "firefox" }, "ranges": [ { "events": [ { "fixed": "61.0_1,1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "waterfox" }, "ranges": [ { "events": [ { "fixed": "56.2.1.19_2" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "seamonkey" }, "ranges": [ { "events": [ { "fixed": "2.49.4" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "linux-seamonkey" }, "ranges": [ { "events": [ { "fixed": "2.49.4" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "firefox-esr" }, "ranges": [ { "events": [ { "introduced": "60.0,1" }, { "fixed": "60.1.0_1,1" } ], "type": "ECOSYSTEM" }, { "events": [ { "fixed": "52.9.0_1,1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "linux-firefox" }, "ranges": [ { "events": [ { "fixed": "52.9.0,2" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "libxul" }, "ranges": [ { "events": [ { "fixed": "52.9.0" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "thunderbird" }, "ranges": [ { "events": [ { "fixed": "52.9.0" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "linux-thunderbird" }, "ranges": [ { "events": [ { "fixed": "52.9.0" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://www.mozilla.org/en-US/security/advisories/mfsa2018-15/" ], "discovery": "2018-06-26T00:00:00Z", "references": { "cvename": [ "CVE-2018-5156", "CVE-2018-5186", "CVE-2018-5187", "CVE-2018-5188", "CVE-2018-12358", "CVE-2018-12359", "CVE-2018-12360", "CVE-2018-12361", "CVE-2018-12362", "CVE-2018-12363", "CVE-2018-12364", "CVE-2018-12365", "CVE-2018-12366", "CVE-2018-12367", "CVE-2018-12368", "CVE-2018-12369", "CVE-2018-12370", "CVE-2018-12371" ] }, "vid": "cd81806c-26e7-4d4a-8425-02724a2f48af" }, "details": "Mozilla Foundation reports:\n\n> CVE-2018-12359: Buffer overflow using computed size of canvas element\n>\n> CVE-2018-12360: Use-after-free when using focus()\n>\n> CVE-2018-12361: Integer overflow in SwizzleData\n>\n> CVE-2018-12358: Same-origin bypass using service worker and\n> redirection\n>\n> CVE-2018-12362: Integer overflow in SSSE3 scaler\n>\n> CVE-2018-5156: Media recorder segmentation fault when track type is\n> changed during capture\n>\n> CVE-2018-12363: Use-after-free when appending DOM nodes\n>\n> CVE-2018-12364: CSRF attacks through 307 redirects and NPAPI plugins\n>\n> CVE-2018-12365: Compromised IPC child process can list local filenames\n>\n> CVE-2018-12371: Integer overflow in Skia library during edge builder\n> allocation\n>\n> CVE-2018-12366: Invalid data handling during QCMS transformations\n>\n> CVE-2018-12367: Timing attack mitigation of\n> PerformanceNavigationTiming\n>\n> CVE-2018-12368: No warning when opening executable SettingContent-ms\n> files\n>\n> CVE-2018-12369: WebExtension security permission checks bypassed by\n> embedded experiments\n>\n> CVE-2018-12370: SameSite cookie protections bypassed when exiting\n> Reader View\n>\n> CVE-2018-5186: Memory safety bugs fixed in Firefox 61\n>\n> CVE-2018-5187: Memory safety bugs fixed in Firefox 60 and Firefox ESR\n> 60.1\n>\n> CVE-2018-5188: Memory safety bugs fixed in Firefox 60, Firefox ESR\n> 60.1, and Firefox ESR 52.9\n", "id": "FreeBSD-2018-0155", "modified": "2018-07-07T00:00:00Z", "published": "2018-06-26T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2018-15/" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-5156" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-5186" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-5187" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-5188" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-12358" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-12359" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-12360" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-12361" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-12362" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-12363" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-12364" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-12365" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-12366" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-12367" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-12368" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-12369" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-12370" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-12371" }, { "type": "WEB", "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2018-15/" }, { "type": "WEB", "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2018-16/" }, { "type": "WEB", "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2018-17/" } ], "schema_version": "1.7.0", "summary": "mozilla -- multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "mailman" }, "ranges": [ { "events": [ { "fixed": "2.1.27" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "mailman-with-htdig" }, "ranges": [ { "events": [ { "fixed": "2.1.27" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "ja-mailman" }, "ranges": [ { "events": [ { "fixed": "2.1.14.j7_5,1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://bazaar.launchpad.net/~mailman-coders/mailman/2.1/view/head:/NEWS#L8" ], "discovery": "2018-03-09T00:00:00Z", "references": { "cvename": [ "CVE-2018-0618" ] }, "vid": "739948e3-78bf-11e8-b23c-080027ac955c" }, "details": "Mark Sapiro reports:\n\n> Existing protections against malicious listowners injecting evil\n> scripts into listinfo pages have had a few more checks added.\n>\n> A few more error messages have had their values HTML escaped.\n>\n> The hash generated when SUBSCRIBE_FORM_SECRET is set could have been\n> the same as one generated at the same time for a different list and IP\n> address.\n", "id": "FreeBSD-2018-0154", "modified": "2018-06-25T00:00:00Z", "published": "2018-06-25T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://bazaar.launchpad.net/~mailman-coders/mailman/2.1/view/head:/NEWS#L8" }, { "type": "WEB", "url": "https://bazaar.launchpad.net/~mailman-coders/mailman/2.1/view/head:/NEWS#L8" }, { "type": "WEB", "url": "https://www.mail-archive.com/mailman-users@python.org/" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-0618" } ], "schema_version": "1.7.0", "summary": "mailman -- hardening against malicious listowners injecting evil HTML scripts" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "gitlab" }, "ranges": [ { "events": [ { "introduced": "11.0.0" }, { "fixed": "11.0.1" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "10.8.0" }, { "fixed": "10.8.5" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "4.1" }, { "fixed": "10.7.6" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://about.gitlab.com/2018/06/25/security-release-gitlab-11-dot-0-dot-1-released/" ], "discovery": "2018-06-25T00:00:00Z", "references": { "cvename": [ "CVE-2018-12606", "CVE-2018-3740", "CVE-2018-12605", "CVE-2018-12607" ] }, "vid": "b950a83b-789e-11e8-8545-d8cb8abf62dd" }, "details": "Gitlab reports:\n\n> Wiki XSS\n>\n> Sanitize gem updates\n>\n> XSS in url_for(params)\n>\n> Content injection via username\n>\n> Activity feed publicly displaying internal project names\n>\n> Persistent XSS in charts\n", "id": "FreeBSD-2018-0153", "modified": "2018-06-25T00:00:00Z", "published": "2018-06-25T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://about.gitlab.com/2018/06/25/security-release-gitlab-11-dot-0-dot-1-released/" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-12606" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-3740" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-12605" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-12607" }, { "type": "WEB", "url": "https://about.gitlab.com/2018/06/25/security-release-gitlab-11-dot-0-dot-1-released/" } ], "schema_version": "1.7.0", "summary": "Gitlab -- multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "phpmyadmin" }, "ranges": [ { "events": [ { "fixed": "4.8.2" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://www.phpmyadmin.net/security/PMASA-2018-3/", "https://www.phpmyadmin.net/security/PMASA-2018-4/" ], "discovery": "2018-06-21T00:00:00Z", "references": { "cvename": [ "CVE-2018-12581", "CVE-2018-12613" ] }, "vid": "17cb6ff3-7670-11e8-8854-6805ca0b3d42" }, "details": "The phpMyAdmin development team reports:\n\n> ### Summary\n>\n> XSS in Designer feature\n>\n> ### Description\n>\n> A Cross-Site Scripting vulnerability was found in the Designer\n> feature, where an attacker can deliver a payload to a user through a\n> specially-crafted database name.\n>\n> ### Severity\n>\n> We consider this attack to be of moderate severity.\n\n> ### Summary\n>\n> File inclusion and remote code execution attack\n>\n> ### Description\n>\n> A flaw has been discovered where an attacker can include (view and\n> potentially execute) files on the server.\n>\n> The vulnerability comes from a portion of code where pages are\n> redirected and loaded within phpMyAdmin, and an improper test for\n> whitelisted pages.\n>\n> An attacker must be authenticated, except in these situations:\n>\n> - \\$cfg\\[\\'AllowArbitraryServer\\'\\] = true: attacker can specify any\n> host he/she is already in control of, and execute arbitrary code on\n> phpMyAdmin\n> - \\$cfg\\[\\'ServerDefault\\'\\] = 0: this bypasses the login and runs the\n> vulnerable code without any authentication\n>\n> ### Severity\n>\n> We consider this to be severe.\n>\n> ### Mitigation factor\n>\n> Configuring PHP with a restrictive \\`open_basedir\\` can greatly\n> restrict an attacker\\'s ability to view files on the server.\n> Vulnerable systems should not be run with the phpMyAdmin directives\n> \\$cfg\\[\\'AllowArbitraryServer\\'\\] = true or \\$cfg\\[\\'ServerDefault\\'\\]\n> = 0\n", "id": "FreeBSD-2018-0152", "modified": "2018-06-22T00:00:00Z", "published": "2018-06-22T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://www.phpmyadmin.net/security/PMASA-2018-3/" }, { "type": "REPORT", "url": "https://www.phpmyadmin.net/security/PMASA-2018-4/" }, { "type": "WEB", "url": "https://www.phpmyadmin.net/security/PMASA-2018-3/" }, { "type": "WEB", "url": "https://www.phpmyadmin.net/security/PMASA-2018-4/" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-12581" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-12613" } ], "schema_version": "1.7.0", "summary": "phpmyadmin -- remote code inclusion and XSS scripting" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:kernel", "name": "FreeBSD-kernel" }, "ranges": [ { "events": [ { "introduced": "11.1" }, { "fixed": "11.1_11" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "discovery": "2018-06-21T00:00:00Z", "references": { "cvename": [ "CVE-2018-3665" ], "freebsdsa": [ "SA-18:07.lazyfpu" ] }, "vid": "4e07d94f-75a5-11e8-85d1-a4badb2f4699" }, "details": "# Problem Description:\n\nA subset of Intel processors can allow a local thread to infer data from\nanother thread through a speculative execution side channel when Lazy\nFPU state restore is used.\n\n# Impact:\n\nAny local thread can potentially read FPU state information from other\nthreads running on the host. This could include cryptographic keys when\nthe AES-NI CPU feature is present.\n", "id": "FreeBSD-2018-0151", "modified": "2018-06-21T00:00:00Z", "published": "2018-06-21T00:00:00Z", "references": [ { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-3665" }, { "type": "ADVISORY", "url": "https://www.freebsd.org/security/advisories/FreeBSD-SA-18:07.lazyfpu.asc" } ], "schema_version": "1.7.0", "summary": "FreeBSD -- Lazy FPU State Restore Information Disclosure" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "GraphicsMagick" }, "ranges": [ { "events": [ { "fixed": "1.3.26,1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "http://www.graphicsmagick.org/NEWS.html" ], "discovery": "2017-07-04T00:00:00Z", "references": { "cvename": [ "CVE-2016-7800", "CVE-2016-7996", "CVE-2016-7997", "CVE-2016-9830", "CVE-2017-6335", "CVE-2017-8350", "CVE-2017-10794", "CVE-2017-10799", "CVE-2017-10800" ] }, "vid": "25f73c47-68a8-4a30-9cbc-1ca5eea4d6ba" }, "details": "GraphicsMagick reports:\n\n> Multiple vulnerabilities have been found in GraphicsMagick 1.3.26 or\n> earlier. Please refer to the CVE list for details.\n", "id": "FreeBSD-2018-0150", "modified": "2018-06-18T00:00:00Z", "published": "2018-06-18T00:00:00Z", "references": [ { "type": "REPORT", "url": "http://www.graphicsmagick.org/NEWS.html" }, { "type": "WEB", "url": "http://www.graphicsmagick.org/NEWS.html" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2016-7800" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2016-7996" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2016-7997" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2016-9830" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-6335" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-8350" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-10794" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-10799" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-10800" } ], "schema_version": "1.7.0", "summary": "GraphicsMagick -- multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "slurm-wlm" }, "ranges": [ { "events": [ { "fixed": "17.02.11" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://lists.schedmd.com/pipermail/slurm-announce/2018/000008.html" ], "discovery": "2018-05-30T00:00:00Z", "vid": "3a66cb69-716f-11e8-be54-3085a9a47796" }, "details": "SchedMD reports:\n\n> # Insecure handling of user_name and gid fields (CVE-2018-10995)\n>\n> While fixes are only available for the supported 17.02 and 17.11\n> releases, it is believed that similar vulnerabilities do affect past\n> versions as well. The only resolution is to upgrade Slurm to a fixed\n> release.\n", "id": "FreeBSD-2018-0149", "modified": "2018-06-16T00:00:00Z", "published": "2018-06-16T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://lists.schedmd.com/pipermail/slurm-announce/2018/000008.html" }, { "type": "WEB", "url": "https://lists.schedmd.com/pipermail/slurm-announce/2018/000008.html" } ], "schema_version": "1.7.0", "summary": "slurm -- insecure handling of user_name and gid fields" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "node6" }, "ranges": [ { "events": [ { "fixed": "6.14.3" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "node8" }, "ranges": [ { "events": [ { "fixed": "8.11.3" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "node" }, "ranges": [ { "events": [ { "fixed": "10.4.1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://nodejs.org/en/blog/vulnerability/june-2018-security-releases/" ], "discovery": "2018-06-12T00:00:00Z", "references": { "cvename": [ "CVE-2018-7161", "CVE-2018-7162", "CVE-2018-7164", "CVE-2018-7167", "CVE-2018-1000168" ] }, "vid": "45b8e2eb-7056-11e8-8fab-63ca6e0e13a2" }, "details": "Node.js reports:\n\n> # Denial of Service Vulnerability in HTTP/2 (CVE-2018-7161)\n>\n> All versions of 8.x and later are vulnerable and the severity is HIGH.\n> An attacker can cause a denial of service (DoS) by causing a node\n> server providing an http2 server to crash. This can be accomplished by\n> interacting with the http2 server in a manner that triggers a cleanup\n> bug where objects are used in native code after they are no longer\n> available. This has been addressed by updating the http2\n> implementation. Thanks to Jordan Zebor at F5 Networks for reporting\n> this issue.\n>\n> # Denial of Service, nghttp2 dependency (CVE-2018-1000168)\n>\n> All versions of 9.x and later are vulnerable and the severity is HIGH.\n> Under certain conditions, a malicious client can trigger an\n> uninitialized read (and a subsequent segfault) by sending a malformed\n> ALTSVC frame. This has been addressed through an by updating nghttp2.\n>\n> # Denial of Service Vulnerability in TLS (CVE-2018-7162)\n>\n> All versions of 9.x and later are vulnerable and the severity is HIGH.\n> An attacker can cause a denial of service (DoS) by causing a node\n> process which provides an http server supporting TLS server to crash.\n> This can be accomplished by sending duplicate/unexpected messages\n> during the handshake. This vulnerability has been addressed by\n> updating the TLS implementation. Thanks to Jordan Zebor at F5 Networks\n> all of his help investigating this issue with the Node.js team.\n>\n> # Memory exhaustion DoS on v9.x (CVE-2018-7164)\n>\n> Versions 9.7.0 and later are vulnerable and the severity is MEDIUM. A\n> bug introduced in 9.7.0 increases the memory consumed when reading\n> from the network into JavaScript using the net.Socket object directly\n> as a stream. An attacker could use this cause a denial of service by\n> sending tiny chunks of data in short succession. This vulnerability\n> was restored by reverting to the prior behaviour.\n>\n> # Calls to Buffer.fill() and/or Buffer.alloc() may hang (CVE-2018-7167)\n>\n> Calling Buffer.fill() or Buffer.alloc() with some parameters can lead\n> to a hang which could result in a Denial of Service. In order to\n> address this vulnerability, the implementations of Buffer.alloc() and\n> Buffer.fill() were updated so that they zero fill instead of hanging\n> in these cases.\n", "id": "FreeBSD-2018-0148", "modified": "2018-06-15T00:00:00Z", "published": "2018-06-15T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://nodejs.org/en/blog/vulnerability/june-2018-security-releases/" }, { "type": "WEB", "url": "https://nodejs.org/en/blog/vulnerability/june-2018-security-releases/" }, { "type": "WEB", "url": "https://nghttp2.org/blog/2018/04/12/nghttp2-v1-31-1/" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-7161" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-7162" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-7164" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-7167" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-1000168" } ], "schema_version": "1.7.0", "summary": "node.js -- multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "password-store" }, "ranges": [ { "events": [ { "fixed": "1.7.2" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://lists.zx2c4.com/pipermail/password-store/2018-June/003308.html" ], "discovery": "2018-06-14T00:00:00Z", "references": { "cvename": [ "CVE-2018-12356" ] }, "vid": "53eb9e1e-7014-11e8-8b1f-3065ec8fd3ec" }, "details": "Jason A. Donenfeld reports:\n\n> Markus Brinkmann discovered that \\[the\\] parsing of gpg command line\n> output with regexes isn\\'t anchored to the beginning of the line,\n> which means an attacker can generate a malicious key that simply has\n> the verification string as part of its username.\n>\n> This has a number of nasty consequences:\n>\n> - an attacker who manages to write into your \\~/.password-store and\n> also inject a malicious key into your keyring can replace your\n> .gpg-id key and have your passwords encrypted under additional keys;\n> - if you have extensions enabled (disabled by default), an attacker\n> who manages to write into your \\~/.password-store and also inject a\n> malicious key into your keyring can replace your extensions and\n> hence execute code.\n", "id": "FreeBSD-2018-0147", "modified": "2018-06-14T00:00:00Z", "published": "2018-06-14T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://lists.zx2c4.com/pipermail/password-store/2018-June/003308.html" }, { "type": "WEB", "url": "https://lists.zx2c4.com/pipermail/password-store/2018-June/003308.html" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-12356" } ], "schema_version": "1.7.0", "summary": "password-store -- GPG parsing vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "libgcrypt" }, "ranges": [ { "events": [ { "fixed": "1.8.3" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0495" ], "discovery": "2018-06-13T00:00:00Z", "references": { "cvename": [ "CVE-2018-0495" ] }, "vid": "9b5162de-6f39-11e8-818e-e8e0b747a45a" }, "details": "GnuPG reports:\n\n> Mitigate a local side-channel attack on ECDSA signature as described\n> in the white paper \\\"Return on the Hidden Number Problem\\\".\n", "id": "FreeBSD-2018-0146", "modified": "2018-06-14T00:00:00Z", "published": "2018-06-13T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0495" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-0495" }, { "type": "WEB", "url": "https://www.nccgroup.trust/us/our-research/technical-advisory-return-of-the-hidden-number-problem/" }, { "type": "ADVISORY", "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0495" }, { "type": "WEB", "url": "https://ftp.openbsd.org/pub/OpenBSD/LibreSSL/libressl-2.7.4-relnotes.txt" } ], "schema_version": "1.7.0", "summary": "libgcrypt -- side-channel attack vulnerability" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "libressl" }, "ranges": [ { "events": [ { "fixed": "2.6.5" }, { "introduced": "0" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "2.7.0" }, { "fixed": "2.7.4" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "libressl-devel" }, "ranges": [ { "events": [ { "fixed": "2.6.5" }, { "introduced": "0" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "2.7.0" }, { "fixed": "2.7.4" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "openssl" }, "ranges": [ { "events": [ { "fixed": "1.0.2o_4,1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "openssl-devel" }, "ranges": [ { "events": [ { "fixed": "1.1.0h_2" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://www.openssl.org/news/secadv/20180612.txt" ], "discovery": "2018-06-12T00:00:00Z", "references": { "cvename": [ "CVE-2018-0732" ] }, "vid": "c82ecac5-6e3f-11e8-8777-b499baebfeaf" }, "details": "The OpenSSL project reports:\n\n> During key agreement in a TLS handshake using a DH(E) based\n> ciphersuite a malicious server can send a very large prime value to\n> the client. This will cause the client to spend an unreasonably long\n> period of time generating a key for this prime resulting in a hang\n> until the client has finished. This could be exploited in a Denial Of\n> Service attack.\n", "id": "FreeBSD-2018-0145", "modified": "2018-07-24T00:00:00Z", "published": "2018-06-12T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://www.openssl.org/news/secadv/20180612.txt" }, { "type": "WEB", "url": "https://www.openssl.org/news/secadv/20180612.txt" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-0732" } ], "schema_version": "1.7.0", "summary": "OpenSSL -- Client DoS due to large DH parameter" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "asterisk13" }, "ranges": [ { "events": [ { "fixed": "13.21.1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "asterisk15" }, "ranges": [ { "events": [ { "fixed": "15.4.1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "http://www.asterisk.org/downloads/security-advisories" ], "discovery": "2018-06-11T00:00:00Z", "vid": "0137167b-6dca-11e8-a671-001999f8d30b" }, "details": "The Asterisk project reports:\n\n> When endpoint specific ACL rules block a SIP request they respond with\n> a 403 forbidden. However, if an endpoint is not identified then a 401\n> unauthorized response is sent. This vulnerability just discloses which\n> requests hit a defined endpoint. The ACL rules cannot be bypassed to\n> gain access to the disclosed endpoints.\n", "id": "FreeBSD-2018-0144", "modified": "2018-06-11T00:00:00Z", "published": "2018-06-11T00:00:00Z", "references": [ { "type": "REPORT", "url": "http://www.asterisk.org/downloads/security-advisories" }, { "type": "WEB", "url": "https://downloads.asterisk.org/pub/security/AST-2018-008.html" } ], "schema_version": "1.7.0", "summary": "asterisk -- PJSIP endpoint presence disclosure when using ACL" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "asterisk15" }, "ranges": [ { "events": [ { "fixed": "15.4.1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "http://www.asterisk.org/downloads/security-advisories" ], "discovery": "2018-06-11T00:00:00Z", "vid": "f14ce57f-6dc8-11e8-a671-001999f8d30b" }, "details": "The Asterisk project reports:\n\n> When connected to Asterisk via TCP/TLS if the client abruptly\n> disconnects, or sends a specially crafted message then Asterisk gets\n> caught in an infinite loop while trying to read the data stream. Thus\n> rendering the system as unusable.\n", "id": "FreeBSD-2018-0143", "modified": "2018-06-11T00:00:00Z", "published": "2018-06-11T00:00:00Z", "references": [ { "type": "REPORT", "url": "http://www.asterisk.org/downloads/security-advisories" }, { "type": "WEB", "url": "https://downloads.asterisk.org/pub/security/AST-2018-007.html" } ], "schema_version": "1.7.0", "summary": "asterisk -- Infinite loop when reading iostreams" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "chromium" }, "ranges": [ { "events": [ { "fixed": "67.0.3396.79" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://chromereleases.googleblog.com/2018/06/stable-channel-update-for-desktop.html" ], "discovery": "2018-06-06T00:00:00Z", "references": { "cvename": [ "CVE-2018-6148" ] }, "vid": "4cb49a23-6c89-11e8-8b33-e8e0b747a45a" }, "details": "Google Chrome Releases reports:\n\n> 1 security fix contributed by external researchers:\n>\n> - \\[845961\\] High CVE-2018-6148: Incorrect handling of CSP header.\n> Reported by Michal Bentkowski on 2018-05-23\n", "id": "FreeBSD-2018-0142", "modified": "2018-06-10T00:00:00Z", "published": "2018-06-10T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://chromereleases.googleblog.com/2018/06/stable-channel-update-for-desktop.html" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-6148" }, { "type": "WEB", "url": "https://chromereleases.googleblog.com/2018/06/stable-channel-update-for-desktop.html" } ], "schema_version": "1.7.0", "summary": "chromium -- Incorrect handling of CSP header" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "gnupg" }, "ranges": [ { "events": [ { "fixed": "2.2.8" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "gnupg1" }, "ranges": [ { "events": [ { "fixed": "1.4.23" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://lists.gnupg.org/pipermail/gnupg-announce/2018q2/000425.html" ], "discovery": "2018-06-07T00:00:00Z", "references": { "cvename": [ "CVE-2018-12020", "CVE-2017-7526" ] }, "vid": "7da0417f-6b24-11e8-84cc-002590acae31" }, "details": "GnuPG reports:\n\n> GnuPG did not sanitize input file names, which may then be output to\n> the terminal. This could allow terminal control sequences or fake\n> status messages to be injected into the output.\n", "id": "FreeBSD-2018-0141", "modified": "2018-06-08T00:00:00Z", "published": "2018-06-08T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://lists.gnupg.org/pipermail/gnupg-announce/2018q2/000425.html" }, { "type": "ADVISORY", "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12020" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-12020" }, { "type": "ADVISORY", "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7526" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-7526" } ], "schema_version": "1.7.0", "summary": "gnupg -- unsanitized output (CVE-2018-12020)" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "firefox" }, "ranges": [ { "events": [ { "fixed": "60.0.2,1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "waterfox" }, "ranges": [ { "events": [ { "fixed": "56.2.0.13_5" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "firefox-esr" }, "ranges": [ { "events": [ { "fixed": "52.8.1,1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "seamonkey" }, "ranges": [ { "events": [ { "fixed": "2.49.4" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "linux-seamonkey" }, "ranges": [ { "events": [ { "fixed": "2.49.4" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://www.mozilla.org/en-US/security/advisories/mfsa2018-14/" ], "discovery": "2018-06-06T00:00:00Z", "vid": "e3e68fe8-d9cb-4ba8-b09c-9e3a28588eb7" }, "details": "The Mozilla Foundation reports:\n\n> A heap buffer overflow can occur in the Skia library when rasterizing\n> paths using a maliciously crafted SVG file with anti-aliasing turned\n> off. This results in a potentially exploitable crash.\n", "id": "FreeBSD-2018-0140", "modified": "2018-06-08T00:00:00Z", "published": "2018-06-08T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2018-14/" }, { "type": "WEB", "url": "https://www.mozilla.org/security/advisories/mfsa2018-14/" } ], "schema_version": "1.7.0", "summary": "firefox -- Heap buffer overflow rasterizing paths in SVG with Skia" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "linux-flashplayer" }, "ranges": [ { "events": [ { "fixed": "30.0.0.113" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://helpx.adobe.com/security/products/flash-player/apsb18-19.html" ], "discovery": "2018-06-07T00:00:00Z", "references": { "cvename": [ "CVE-2018-4945", "CVE-2018-5000", "CVE-2018-5001", "CVE-2018-5002" ] }, "vid": "2dde5a56-6ab1-11e8-b639-6451062f0f7a" }, "details": "Adobe reports:\n\n> - This update resolves a type confusion vulnerability that could lead\n> to arbitrary code execution (CVE-2018-4945).\n> - This update resolves an integer overflow vulnerability that could\n> lead to information disclosure (CVE-2018-5000).\n> - This update resolves an out-of-bounds read vulnerability that could\n> lead to information disclosure (CVE-2018-5001).\n> - This update resolves a stack-based buffer overflow vulnerability\n> that could lead to arbitrary code execution (CVE-2018-5002).\n", "id": "FreeBSD-2018-0139", "modified": "2018-07-11T00:00:00Z", "published": "2018-06-07T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://helpx.adobe.com/security/products/flash-player/apsb18-19.html" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-4945" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-5000" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-5001" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-5002" }, { "type": "WEB", "url": "https://helpx.adobe.com/security/products/flash-player/apsb18-19.html" } ], "schema_version": "1.7.0", "summary": "Flash Player -- multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "bro" }, "ranges": [ { "events": [ { "fixed": "2.5.4" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://www.bro.org/download/NEWS.bro.html" ], "discovery": "2018-05-29T00:00:00Z", "vid": "2f4fd3aa-32f8-4116-92f2-68f05398348e" }, "details": "Corelight reports:\n\n> Bro 2.5.4 primarily fixes security issues\n>\n> Multiple fixes and improvements to BinPAC generated code related to\n> array parsing, with potential impact to all Bro\\'s BinPAC-generated\n> analyzers in the form of buffer over-reads or other invalid memory\n> accesses depending on whether a particular analyzer incorrectly\n> assumed that the evaulated-array-length expression is actually the\n> number of elements that were parsed out from the input.\n>\n> The NCP analyzer (not enabled by default and also updated to actually\n> work with newer Bro APIs in the release) performed a memory allocation\n> based directly on a field in the input packet and using signed integer\n> storage. This could result in a signed integer overflow and memory\n> allocations of negative or very large size, leading to a crash or\n> memory exhaustion. The new NCP::max_frame_size tuning option now\n> limits the maximum amount of memory that can be allocated.\n", "id": "FreeBSD-2018-0138", "modified": "2018-06-06T00:00:00Z", "published": "2018-06-06T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://www.bro.org/download/NEWS.bro.html" }, { "type": "WEB", "url": "https://www.bro.org/download/NEWS.bro.html" } ], "schema_version": "1.7.0", "summary": "bro -- multiple memory allocation issues" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "libgit2" }, "ranges": [ { "events": [ { "fixed": "0.27.1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "py-pygit2" }, "ranges": [ { "events": [ { "fixed": "0.27.1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://github.com/libgit2/libgit2/releases/tag/v0.27.1" ], "discovery": "2018-05-29T00:00:00Z", "references": { "cvename": [ "CVE-2018-11235" ] }, "vid": "5a1589ad-68f9-11e8-83f5-d8cb8abf62dd" }, "details": "The Git community reports:\n\n> Insufficient validation of submodule names\n", "id": "FreeBSD-2018-0137", "modified": "2018-06-05T00:00:00Z", "published": "2018-06-05T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://github.com/libgit2/libgit2/releases/tag/v0.27.1" }, { "type": "WEB", "url": "https://github.com/libgit2/libgit2/releases/tag/v0.27.1" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-11235" } ], "schema_version": "1.7.0", "summary": "Libgit2 -- Fixing insufficient validation of submodule names" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "git" }, "ranges": [ { "events": [ { "fixed": "2.13.7" }, { "introduced": "0" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "2.14" }, { "fixed": "2.14.4" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "2.15" }, { "fixed": "2.15.2" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "2.16" }, { "fixed": "2.16.4" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "2.17" }, { "fixed": "2.17.1" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "git-lite" }, "ranges": [ { "events": [ { "fixed": "2.13.7" }, { "introduced": "0" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "2.14" }, { "fixed": "2.14.4" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "2.15" }, { "fixed": "2.15.2" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "2.16" }, { "fixed": "2.16.4" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "2.17" }, { "fixed": "2.17.1" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://marc.info/?l=git&m=152761328506724&=2" ], "discovery": "2018-05-29T00:00:00Z", "references": { "cvename": [ "CVE-2018-11233", "CVE-2018-11235" ] }, "vid": "c7a135f4-66a4-11e8-9e63-3085a9a47796" }, "details": "The Git community reports:\n\n> - In affected versions of Git, code to sanity-check pathnames on NTFS\n> can result in reading out-of-bounds memory.\n> - In affected versions of Git, remote code execution can occur. With a\n> crafted .gitmodules file, a malicious project can execute an\n> arbitrary script on a machine that runs \\\"git clone\n> \\--recurse-submodules\\\" because submodule \\\"names\\\" are obtained\n> from this file, and then appended to \\$GIT_DIR/modules, leading to\n> directory traversal with \\\"../\\\" in a name. Finally, post-checkout\n> hooks from a submodule are executed, bypassing the intended design\n> in which hooks are not obtained from a remote server.\n", "id": "FreeBSD-2018-0136", "modified": "2018-06-02T00:00:00Z", "published": "2018-06-02T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://marc.info/?l=git&m=152761328506724&=2" }, { "type": "ADVISORY", "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11233" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-11233" }, { "type": "ADVISORY", "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11235" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-11235" } ], "schema_version": "1.7.0", "summary": "Git -- Fix memory out-of-bounds and remote code execution vulnerabilities (CVE-2018-11233 and CVE-2018-11235)" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "gitlab" }, "ranges": [ { "events": [ { "introduced": "10.8.0" }, { "fixed": "10.8.2" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "10.7.0" }, { "fixed": "10.7.5" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "1.0" }, { "fixed": "10.6.6" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://about.gitlab.com/2018/05/29/security-release-gitlab-10-dot-8-dot-2-released/" ], "discovery": "2018-05-29T00:00:00Z", "vid": "9557dc72-64da-11e8-bc32-d8cb8abf62dd" }, "details": "GitLab reports:\n\n> Removing public deploy keys regression\n>\n> Users can update their password without entering current password\n>\n> Persistent XSS - Selecting users as allowed merge request approvers\n>\n> Persistent XSS - Multiple locations of user selection drop downs\n>\n> include directive in .gitlab-ci.yml allows SSRF requests\n>\n> Permissions issue in Merge Requests Create Service\n>\n> Arbitrary assignment of project fields using \\\"Import project\\\"\n", "id": "FreeBSD-2018-0135", "modified": "2018-05-31T00:00:00Z", "published": "2018-05-31T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://about.gitlab.com/2018/05/29/security-release-gitlab-10-dot-8-dot-2-released/" }, { "type": "WEB", "url": "https://about.gitlab.com/2018/05/29/security-release-gitlab-10-dot-8-dot-2-released/" } ], "schema_version": "1.7.0", "summary": "Gitlab -- multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "strongswan" }, "ranges": [ { "events": [ { "fixed": "5.6.3" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://www.strongswan.org/blog/2018/05/28/strongswan-5.6.3-released.html" ], "discovery": "2018-05-16T00:00:00Z", "references": { "cvename": [ "CVE-2018-10811", "CVE-2018-5388" ] }, "vid": "7fc3e827-64a5-11e8-aedb-00224d821998" }, "details": "strongSwan security team reports:\n\n> - A denial-of-service vulnerability in the IKEv2 key derivation was\n> fixed if the openssl plugin is used in FIPS mode and HMAC-MD5 is\n> negotiated as PRF (which is not FIPS-compliant). So this should only\n> affect very specific setups, but in such configurations all\n> strongSwan versions since 5.0.1 may be affected.\n> - A denial-of-service vulnerability in the stroke plugin was fixed.\n> When reading a message from the socket the plugin did not check the\n> received length. Unless a group is configured, root privileges are\n> required to access that socket, so in the default configuration this\n> shouldn\\'t be an issue, but all strongSwan versions may be affected.\n", "id": "FreeBSD-2018-0134", "modified": "2018-05-31T00:00:00Z", "published": "2018-05-31T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://www.strongswan.org/blog/2018/05/28/strongswan-5.6.3-released.html" }, { "type": "WEB", "url": "https://www.strongswan.org/blog/2018/05/28/strongswan-vulnerability-(cve-2018-10811).html" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-10811" }, { "type": "WEB", "url": "https://www.strongswan.org/blog/2018/05/28/strongswan-vulnerability-(cve-2018-5388).html" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-5388" } ], "schema_version": "1.7.0", "summary": "strongswan -- Fix Denial-of-Service Vulnerability strongSwan (CVE-2018-10811, CVE-2018-5388)" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "chromium" }, "ranges": [ { "events": [ { "fixed": "67.0.3396.62" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://chromereleases.googleblog.com/2018/05/stable-channel-update-for-desktop_58.html" ], "discovery": "2018-05-29T00:00:00Z", "references": { "cvename": [ "CVE-2018-6123", "CVE-2018-6124", "CVE-2018-6125", "CVE-2018-6126", "CVE-2018-6127", "CVE-2018-6128", "CVE-2018-6129", "CVE-2018-6130", "CVE-2018-6131", "CVE-2018-6132", "CVE-2018-6133", "CVE-2018-6134", "CVE-2018-6135", "CVE-2018-6136", "CVE-2018-6137", "CVE-2018-6138", "CVE-2018-6139", "CVE-2018-6140", "CVE-2018-6141", "CVE-2018-6142", "CVE-2018-6143", "CVE-2018-6144", "CVE-2018-6145", "CVE-2018-6147" ] }, "vid": "427b0f58-644c-11e8-9e1b-e8e0b747a45a" }, "details": "Google Chrome Releases reports:\n\n> 34 security fixes in this release, including:\n>\n> - \\[835639\\] High CVE-2018-6123: Use after free in Blink. Reported by\n> Looben Yang on 2018-04-22\n> - \\[840320\\] High CVE-2018-6124: Type confusion in Blink. Reported by\n> Guang Gong of Alpha Team, Qihoo 360 on 2018-05-07\n> - \\[818592\\] High CVE-2018-6125: Overly permissive policy in WebUSB.\n> Reported by Yubico, Inc on 2018-03-05\n> - \\[844457\\] High CVE-2018-6126: Heap buffer overflow in Skia.\n> Reported by Ivan Fratric of Google Project Zero on 2018-05-18\n> - \\[842990\\] High CVE-2018-6127: Use after free in indexedDB. Reported\n> by Looben Yang on 2018-05-15\n> - \\[841105\\] High CVE-2018-6128: uXSS in Chrome on iOS. Reported by\n> Tomasz Bojarski on 2018-05-09\n> - \\[838672\\] High CVE-2018-6129: Out of bounds memory access in\n> WebRTC. Reported by Natalie Silvanovich of Google Project Zero on\n> 2018-05-01\n> - \\[838402\\] High CVE-2018-6130: Out of bounds memory access in\n> WebRTC. Reported by Natalie Silvanovich of Google Project Zero on\n> 2018-04-30\n> - \\[826434\\] High CVE-2018-6131: Incorrect mutability protection in\n> WebAssembly. Reported by Natalie Silvanovich of Google Project Zero\n> on 2018-03-27\n> - \\[839960\\] Medium CVE-2018-6132: Use of uninitialized memory in\n> WebRTC. Reported by Ronald E. Crane on 2018-05-04\n> - \\[817247\\] Medium CVE-2018-6133: URL spoof in Omnibox. Reported by\n> Khalil Zhani on 2018-02-28\n> - \\[797465\\] Medium CVE-2018-6134: Referrer Policy bypass in Blink.\n> Reported by Jun Kokatsu (@shhnjk) on 2017-12-23\n> - \\[823353\\] Medium CVE-2018-6135: UI spoofing in Blink. Reported by\n> Jasper Rebane on 2018-03-19\n> - \\[831943\\] Medium CVE-2018-6136: Out of bounds memory access in V8.\n> Reported by Peter Wong on 2018-04-12\n> - \\[835589\\] Medium CVE-2018-6137: Leak of visited status of page in\n> Blink. Reported by Michael Smith (spinda.net) on 2018-04-21\n> - \\[810220\\] Medium CVE-2018-6138: Overly permissive policy in\n> Extensions. Reported by Francois Lajeunesse-Robert on 2018-02-08\n> - \\[805224\\] Medium CVE-2018-6139: Restrictions bypass in the debugger\n> extension API. Reported by Rob Wu on 2018-01-24\n> - \\[798222\\] Medium CVE-2018-6140: Restrictions bypass in the debugger\n> extension API. Reported by Rob Wu on 2018-01-01\n> - \\[796107\\] Medium CVE-2018-6141: Heap buffer overflow in Skia.\n> Reported by Yangkang (@dnpushme) and Wanglu of Qihoo360 Qex Team on\n> 2017-12-19\n> - \\[837939\\] Medium CVE-2018-6142: Out of bounds memory access in V8.\n> Reported by Choongwoo Han of Naver Corporation on 2018-04-28\n> - \\[843022\\] Medium CVE-2018-6143: Out of bounds memory access in V8.\n> Reported by Guang Gong of Alpha Team, Qihoo 360 on 2018-05-15\n> - \\[828049\\] Low CVE-2018-6144: Out of bounds memory access in PDFium.\n> Reported by pdknsk on 2018-04-02\n> - \\[805924\\] Low CVE-2018-6145: Incorrect escaping of MathML in Blink.\n> Reported by Masato Kinugawa on 2018-01-25\n> - \\[818133\\] Low CVE-2018-6147: Password fields not taking advantage\n> of OS protections in Views. Reported by Michail Pishchagin (Yandex)\n> on 2018-03-02\n> - \\[847542\\] Various fixes from internal audits, fuzzing and other\n> initiatives\n", "id": "FreeBSD-2018-0133", "modified": "2018-05-30T00:00:00Z", "published": "2018-05-30T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://chromereleases.googleblog.com/2018/05/stable-channel-update-for-desktop_58.html" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-6123" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-6124" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-6125" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-6126" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-6127" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-6128" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-6129" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-6130" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-6131" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-6132" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-6133" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-6134" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-6135" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-6136" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-6137" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-6138" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-6139" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-6140" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-6141" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-6142" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-6143" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-6144" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-6145" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-6147" }, { "type": "WEB", "url": "https://chromereleases.googleblog.com/2018/05/stable-channel-update-for-desktop_58.html" } ], "schema_version": "1.7.0", "summary": "chromium -- multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "bind912" }, "ranges": [ { "events": [ { "fixed": "9.12.1P2" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://kb.isc.org/article/AA-01602", "https://kb.isc.org/article/AA-01606" ], "discovery": "2018-05-18T00:00:00Z", "references": { "cvename": [ "CVE-2018-5736", "CVE-2018-5737" ] }, "vid": "94599fe0-5ca3-11e8-8be1-d05099c0ae8c" }, "details": "ISC reports:\n\n> An error in zone database reference counting can lead to an assertion\n> failure if a server which is running an affected version of BIND\n> attempts several transfers of a slave zone in quick succession.\n\n> A problem with the implementation of the new serve-stale feature in\n> BIND 9.12 can lead to an assertion failure in rbtdb.c, even when\n> stale-answer-enable is off. Additionally, problematic interaction\n> between the serve-stale feature and NSEC aggressive negative caching\n> can in some cases cause undesirable behavior from named, such as a\n> recursion loop or excessive logging.\n", "id": "FreeBSD-2018-0132", "modified": "2018-05-21T00:00:00Z", "published": "2018-05-21T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://kb.isc.org/article/AA-01602" }, { "type": "REPORT", "url": "https://kb.isc.org/article/AA-01606" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-5736" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-5737" }, { "type": "WEB", "url": "https://kb.isc.org/article/AA-01602" }, { "type": "WEB", "url": "https://kb.isc.org/article/AA-01606" } ], "schema_version": "1.7.0", "summary": "BIND -- multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "curl" }, "ranges": [ { "events": [ { "fixed": "7.60.0" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://curl.haxx.se/docs/security.html" ], "discovery": "2018-05-16T00:00:00Z", "references": { "cvename": [ "CVE-2018-1000300", "CVE-2018-1000301" ] }, "vid": "04fe6c8d-2a34-4009-a81e-e7a7e759b5d2" }, "details": "cURL security problems:\n\n> CVE-2018-1000300: FTP shutdown response buffer overflow\n>\n> curl might overflow a heap based memory buffer when closing down an\n> FTP connection with very long server command replies.\n>\n> When doing FTP transfers, curl keeps a spare \\\"closure handle\\\" around\n> internally that will be used when an FTP connection gets shut down\n> since the original curl easy handle is then already removed.\n>\n> FTP server response data that gets cached from the original transfer\n> might then be larger than the default buffer size (16 KB) allocated in\n> the \\\"closure handle\\\", which can lead to a buffer overwrite. The\n> contents and size of that overwrite is controllable by the server.\n>\n> This situation was detected by an assert() in the code, but that was\n> of course only preventing bad stuff in debug builds. This bug is very\n> unlikely to trigger with non-malicious servers.\n>\n> We are not aware of any exploit of this flaw.\n>\n> CVE-2018-1000301: RTSP bad headers buffer over-read\n>\n> curl can be tricked into reading data beyond the end of a heap based\n> buffer used to store downloaded content.\n>\n> When servers send RTSP responses back to curl, the data starts out\n> with a set of headers. curl parses that data to separate it into a\n> number of headers to deal with those appropriately and to find the end\n> of the headers that signal the start of the \\\"body\\\" part.\n>\n> The function that splits up the response into headers is called\n> Curl_http_readwrite_headers() and in situations where it can\\'t find a\n> single header in the buffer, it might end up leaving a pointer\n> pointing into the buffer instead of to the start of the buffer which\n> then later on may lead to an out of buffer read when code assumes that\n> pointer points to a full buffer size worth of memory to use.\n>\n> This could potentially lead to information leakage but most likely a\n> crash/denial of service for applications if a server triggers this\n> flaw.\n>\n> We are not aware of any exploit of this flaw.\n", "id": "FreeBSD-2018-0131", "modified": "2018-05-16T00:00:00Z", "published": "2018-05-16T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://curl.haxx.se/docs/security.html" }, { "type": "WEB", "url": "https://curl.haxx.se/docs/security.html" }, { "type": "WEB", "url": "https://curl.haxx.se/docs/adv_2018-82c2.html" }, { "type": "WEB", "url": "https://curl.haxx.se/docs/adv_2018-b138.html" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-1000300" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-1000301" } ], "schema_version": "1.7.0", "summary": "cURL -- multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "wavpack" }, "ranges": [ { "events": [ { "fixed": "5.1.0_1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6767", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7253", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7254", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10536", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10537", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10538", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10539", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10540" ], "discovery": "2018-05-09T00:00:00Z", "references": { "cvename": [ "CVE-2018-6767", "CVE-2018-7253", "CVE-2018-7254", "CVE-2018-10536", "CVE-2018-10537", "CVE-2018-10538", "CVE-2018-10539", "CVE-2018-10540" ] }, "vid": "50210bc1-54ef-11e8-95d9-9c5c8e75236a" }, "details": "Sebastian Ramacher reports:\n\n> A stack-based buffer over-read in the ParseRiffHeaderConfig function\n> of cli/riff.c file of WavPack 5.1.0 allows a remote attacker to cause\n> a denial-of-service attack or possibly have unspecified other impact\n> via a maliciously crafted RF64 file.\n\n> The ParseDsdiffHeaderConfig function of the cli/dsdiff.c file of\n> WavPack 5.1.0 allows a remote attacker to cause a denial-of-service\n> (heap-based buffer over-read) or possibly overwrite the heap via a\n> maliciously crafted DSDIFF file.\n\n> The ParseCaffHeaderConfig function of the cli/caff.c file of WavPack\n> 5.1.0 allows a remote attacker to cause a denial-of-service (global\n> buffer over-read), or possibly trigger a buffer overflow or incorrect\n> memory allocation, via a maliciously crafted CAF file.\n\nThuan Pham reports:\n\n> An issue was discovered in WavPack 5.1.0 and earlier. The WAV parser\n> component contains a vulnerability that allows writing to memory\n> because ParseRiffHeaderConfig in riff.c does not reject multiple\n> format chunks.\n\n> An issue was discovered in WavPack 5.1.0 and earlier. The W64 parser\n> component contains a vulnerability that allows writing to memory\n> because ParseWave64HeaderConfig in wave64.c does not reject multiple\n> format chunks.\n\n> An issue was discovered in WavPack 5.1.0 and earlier for WAV input.\n> Out-of-bounds writes can occur because ParseRiffHeaderConfig in riff.c\n> does not validate the sizes of unknown chunks before attempting memory\n> allocation, related to a lack of integer-overflow protection within a\n> bytes_to_copy calculation and subsequent malloc call, leading to\n> insufficient memory allocation.\n\n> An issue was discovered in WavPack 5.1.0 and earlier for DSDiff input.\n> Out-of-bounds writes can occur because ParseDsdiffHeaderConfig in\n> dsdiff.c does not validate the sizes of unknown chunks before\n> attempting memory allocation, related to a lack of integer-overflow\n> protection within a bytes_to_copy calculation and subsequent malloc\n> call, leading to insufficient memory allocation.\n\n> An issue was discovered in WavPack 5.1.0 and earlier for W64 input.\n> Out-of-bounds writes can occur because ParseWave64HeaderConfig in\n> wave64.c does not validate the sizes of unknown chunks before\n> attempting memory allocation, related to a lack of integer-overflow\n> protection within a bytes_to_copy calculation and subsequent malloc\n> call, leading to insufficient memory allocation.\n", "id": "FreeBSD-2018-0130", "modified": "2018-05-11T00:00:00Z", "published": "2018-05-11T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6767" }, { "type": "REPORT", "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7253" }, { "type": "REPORT", "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7254" }, { "type": "REPORT", "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10536" }, { "type": "REPORT", "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10537" }, { "type": "REPORT", "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10538" }, { "type": "REPORT", "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10539" }, { "type": "REPORT", "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10540" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-6767" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-7253" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-7254" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-10536" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-10537" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-10538" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-10539" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-10540" }, { "type": "ADVISORY", "url": "https://www.debian.org/security/2018/dsa-4125" }, { "type": "ADVISORY", "url": "https://www.debian.org/security/2018/dsa-4197" } ], "schema_version": "1.7.0", "summary": "wavpack -- multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "chromium" }, "ranges": [ { "events": [ { "fixed": "66.0.3359.170" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://chromereleases.googleblog.com/2018/05/stable-channel-update-for-desktop.html" ], "discovery": "2018-04-14T00:00:00Z", "references": { "cvename": [ "CVE-2018-6120", "CVE-2018-6121", "CVE-2018-6122" ] }, "vid": "e457978b-5484-11e8-9b85-54ee754af08e" }, "details": "Google Chrome Releases reports:\n\n> 4 security fixes in this release:\n>\n> - \\[835887\\] Critical: Chain leading to sandbox escape. Reported by\n> Anonymous on 2018-04-23\n> - \\[836858\\] High CVE-2018-6121: Privilege Escalation in extensions\n> - \\[836141\\] High CVE-2018-6122: Type confusion in V8\n> - \\[833721\\] High CVE-2018-6120: Heap buffer overflow in PDFium.\n> Reported by Zhou Aiting(@zhouat1) of Qihoo 360 Vulcan Team on\n> 2018-04-17\n> - \\[841841\\] Various fixes from internal audits, fuzzing and other\n> initiatives\n", "id": "FreeBSD-2018-0129", "modified": "2018-05-11T00:00:00Z", "published": "2018-05-11T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://chromereleases.googleblog.com/2018/05/stable-channel-update-for-desktop.html" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-6120" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-6121" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-6122" }, { "type": "WEB", "url": "https://chromereleases.googleblog.com/2018/05/stable-channel-update-for-desktop.html" } ], "schema_version": "1.7.0", "summary": "chromium -- multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "jenkins" }, "ranges": [ { "events": [ { "last_affected": "2.120" }, { "fixed": "2.120" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "jenkins-lts" }, "ranges": [ { "events": [ { "last_affected": "2.107.2" }, { "fixed": "2.107.2" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://jenkins.io/security/advisory/2018-05-09/" ], "discovery": "2018-05-09T00:00:00Z", "vid": "06ab7724-0fd7-427e-a5ce-fe436302b10c" }, "details": "Jenkins developers report:\n\n> The agent to master security subsystem ensures that the Jenkins master\n> is protected from maliciously configured agents. A path traversal\n> vulnerability allowed agents to escape whitelisted directories to read\n> and write to files they should not be able to access.\n>\n> Black Duck Hub Plugin\\'s API endpoint was affected by an XML External\n> Entity (XXE) processing vulnerability. This allowed an attacker with\n> Overall/Read access to have Jenkins parse a maliciously crafted file\n> that uses external entities for extraction of secrets from the Jenkins\n> master, server-side request forgery, or denial-of-service attacks.\n>\n> Several other lower severity issues were reported, see reference url\n> for details.\n", "id": "FreeBSD-2018-0128", "modified": "2018-05-10T00:00:00Z", "published": "2018-05-10T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://jenkins.io/security/advisory/2018-05-09/" }, { "type": "WEB", "url": "https://jenkins.io/security/advisory/2018-05-09/" } ], "schema_version": "1.7.0", "summary": "jenkins -- multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "firefox" }, "ranges": [ { "events": [ { "fixed": "60.0,1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "waterfox" }, "ranges": [ { "events": [ { "fixed": "56.1.0_18" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "seamonkey" }, "ranges": [ { "events": [ { "fixed": "2.49.4" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "linux-seamonkey" }, "ranges": [ { "events": [ { "fixed": "2.49.4" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "firefox-esr" }, "ranges": [ { "events": [ { "fixed": "52.8.0,1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "linux-firefox" }, "ranges": [ { "events": [ { "fixed": "52.8.0,2" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "libxul" }, "ranges": [ { "events": [ { "fixed": "52.8.0" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "thunderbird" }, "ranges": [ { "events": [ { "fixed": "52.8.0" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "linux-thunderbird" }, "ranges": [ { "events": [ { "fixed": "52.8.0" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://www.mozilla.org/en-US/security/advisories/mfsa2018-11/" ], "discovery": "2018-05-09T00:00:00Z", "references": { "cvename": [ "CVE-2018-5150", "CVE-2018-5151", "CVE-2018-5152", "CVE-2018-5153", "CVE-2018-5154", "CVE-2018-5155", "CVE-2018-5157", "CVE-2018-5158", "CVE-2018-5159", "CVE-2018-5160", "CVE-2018-5163", "CVE-2018-5164", "CVE-2018-5165", "CVE-2018-5166", "CVE-2018-5167", "CVE-2018-5168", "CVE-2018-5169", "CVE-2018-5172", "CVE-2018-5173", "CVE-2018-5174", "CVE-2018-5175", "CVE-2018-5176", "CVE-2018-5177", "CVE-2018-5178", "CVE-2018-5180", "CVE-2018-5181", "CVE-2018-5182", "CVE-2018-5183" ] }, "vid": "5aefc41e-d304-4ec8-8c82-824f84f08244" }, "details": "Mozilla Foundation reports:\n\n> CVE-2018-5183: Backport critical security fixes in Skia\n>\n> CVE-2018-5154: Use-after-free with SVG animations and clip paths\n>\n> CVE-2018-5155: Use-after-free with SVG animations and text paths\n>\n> CVE-2018-5157: Same-origin bypass of PDF Viewer to view protected PDF\n> files\n>\n> CVE-2018-5158: Malicious PDF can inject JavaScript into PDF Viewer\n>\n> CVE-2018-5159: Integer overflow and out-of-bounds write in Skia\n>\n> CVE-2018-5160: Uninitialized memory use by WebRTC encoder\n>\n> CVE-2018-5152: WebExtensions information leak through webRequest API\n>\n> CVE-2018-5153: Out-of-bounds read in mixed content websocket messages\n>\n> CVE-2018-5163: Replacing cached data in JavaScript Start-up Bytecode\n> Cache\n>\n> CVE-2018-5164: CSP not applied to all multipart content sent with\n> multipart/x-mixed-replace\n>\n> CVE-2018-5166: WebExtension host permission bypass through\n> filterReponseData\n>\n> CVE-2018-5167: Improper linkification of chrome: and javascript:\n> content in web console and JavaScript debugger\n>\n> CVE-2018-5168: Lightweight themes can be installed without user\n> interaction\n>\n> CVE-2018-5169: Dragging and dropping link text onto home button can\n> set home page to include chrome pages\n>\n> CVE-2018-5172: Pasted script from clipboard can run in the Live\n> Bookmarks page or PDF viewer\n>\n> CVE-2018-5173: File name spoofing of Downloads panel with Unicode\n> characters\n>\n> CVE-2018-5174: Windows Defender SmartScreen UI runs with less secure\n> behavior for downloaded files in Windows 10 April 2018 Update\n>\n> CVE-2018-5175: Universal CSP bypass on sites using strict-dynamic in\n> their policies\n>\n> CVE-2018-5176: JSON Viewer script injection\n>\n> CVE-2018-5177: Buffer overflow in XSLT during number formatting\n>\n> CVE-2018-5165: Checkbox for enabling Flash protected mode is inverted\n> in 32-bit Firefox\n>\n> CVE-2018-5178: Buffer overflow during UTF-8 to Unicode string\n> conversion through legacy extension\n>\n> CVE-2018-5180: heap-use-after-free in\n> mozilla::WebGLContext::DrawElementsInstanced\n>\n> CVE-2018-5181: Local file can be displayed in noopener tab through\n> drag and drop of hyperlink\n>\n> CVE-2018-5182: Local file can be displayed from hyperlink dragged and\n> dropped on addressbar\n>\n> CVE-2018-5151: Memory safety bugs fixed in Firefox 60\n>\n> CVE-2018-5150: Memory safety bugs fixed in Firefox 60 and Firefox ESR\n> 52.8\n", "id": "FreeBSD-2018-0127", "modified": "2018-05-09T00:00:00Z", "published": "2018-05-09T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2018-11/" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-5150" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-5151" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-5152" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-5153" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-5154" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-5155" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-5157" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-5158" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-5159" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-5160" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-5163" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-5164" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-5165" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-5166" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-5167" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-5168" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-5169" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-5172" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-5173" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-5174" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-5175" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-5176" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-5177" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-5178" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-5180" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-5181" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-5182" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-5183" }, { "type": "WEB", "url": "https://www.mozilla.org/security/advisories/mfsa2018-11/" }, { "type": "WEB", "url": "https://www.mozilla.org/security/advisories/mfsa2018-12/" } ], "schema_version": "1.7.0", "summary": "mozilla -- multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "kamailio" }, "ranges": [ { "events": [ { "fixed": "5.1.2" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "discovery": "2018-02-10T00:00:00Z", "references": { "cvename": [ "CVE-2018-8828" ] }, "vid": "5af6378b-bd88-4997-bccc-b9ba2daecdd2" }, "details": "A specially crafted REGISTER message with a malformed branch or From tag\ntriggers an off-by-one heap-based buffer overflow in the\ntmx_check_pretran function in modules/tmx/tmx_pretran.c\n", "id": "FreeBSD-2018-0126", "modified": "2018-05-06T00:00:00Z", "published": "2018-05-06T00:00:00Z", "references": [ { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-8828" }, { "type": "WEB", "url": "https://www.kamailio.org/w/2018/03/kamailio-security-announcement-tmx-lcr/" }, { "type": "WEB", "url": "https://github.com/EnableSecurity/advisories/tree/master/ES2018-05-kamailio-heap-overflow" } ], "schema_version": "1.7.0", "summary": "kamailio - buffer overflow" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "wget" }, "ranges": [ { "events": [ { "fixed": "1.19.5" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://sintonen.fi/advisories/gnu-wget-cookie-injection.txt" ], "discovery": "2018-04-26T00:00:00Z", "references": { "cvename": [ "CVE-2018-0494" ], "freebsdpr": [ "ports/228071" ] }, "vid": "7b5a8e3b-52cc-11e8-8c7a-9c5c8e75236a" }, "details": "Harry Sintonen of F-Secure Corporation reports:\n\n> GNU Wget is susceptible to a malicious web server injecting arbitrary\n> cookies to the cookie jar file.\n", "id": "FreeBSD-2018-0125", "modified": "2018-05-08T00:00:00Z", "published": "2018-05-08T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://sintonen.fi/advisories/gnu-wget-cookie-injection.txt" }, { "type": "WEB", "url": "https://sintonen.fi/advisories/gnu-wget-cookie-injection.txt" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-0494" }, { "type": "REPORT", "url": "https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=228071" } ], "schema_version": "1.7.0", "summary": "wget -- cookie injection vulnerability" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "linux-flashplayer" }, "ranges": [ { "events": [ { "fixed": "29.0.0.171" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://helpx.adobe.com/security/products/flash-player/apsb18-16.html" ], "discovery": "2018-05-08T00:00:00Z", "references": { "cvename": [ "CVE-2018-4944" ] }, "vid": "9558d49c-534c-11e8-8177-d43d7ef03aa6" }, "details": "Adobe reports:\n\n> - This update resolves a type confusion vulnerability that could lead\n> to arbitrary code execution (CVE-2018-4944).\n", "id": "FreeBSD-2018-0124", "modified": "2018-05-09T00:00:00Z", "published": "2018-05-09T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://helpx.adobe.com/security/products/flash-player/apsb18-16.html" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-4944" }, { "type": "WEB", "url": "https://helpx.adobe.com/security/products/flash-player/apsb18-16.html" } ], "schema_version": "1.7.0", "summary": "Flash Player -- arbitrary code execution" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:kernel", "name": "FreeBSD-kernel" }, "ranges": [ { "events": [ { "introduced": "11.1" }, { "fixed": "11.1_10" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "10.4" }, { "fixed": "10.4_9" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "discovery": "2018-05-08T00:00:00Z", "references": { "cvename": [ "CVE-2018-8897" ], "freebsdsa": [ "SA-18:06.debugreg" ] }, "vid": "521ce804-52fd-11e8-9123-a4badb2f4699" }, "details": "# Problem Description:\n\nThe MOV SS and POP SS instructions inhibit debug exceptions until the\ninstruction boundary following the next instruction. If that instruction\nis a system call or similar instruction that transfers control to the\noperating system, the debug exception will be handled in the kernel\ncontext instead of the user context.\n\n# Impact:\n\nAn authenticated local attacker may be able to read sensitive data in\nkernel memory, control low-level operating system functions, or may\npanic the system.\n", "id": "FreeBSD-2018-0123", "modified": "2018-05-08T00:00:00Z", "published": "2018-05-08T00:00:00Z", "references": [ { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-8897" }, { "type": "ADVISORY", "url": "https://www.freebsd.org/security/advisories/FreeBSD-SA-18:06.debugreg.asc" } ], "schema_version": "1.7.0", "summary": "FreeBSD -- Mishandling of x86 debug exceptions" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "python27" }, "ranges": [ { "events": [ { "fixed": "2.7.15" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://github.com/python/cpython/blob/2.7/Misc/NEWS.d/2.7.15rc1.rst" ], "discovery": "2018-05-01T00:00:00Z", "references": { "cvename": [ "CVE-2012-0876", "CVE-2016-0718", "CVE-2016-4472", "CVE-2016-9063", "CVE-2017-9233", "CVE-2018-1060", "CVE-2018-1061" ] }, "vid": "8719b935-8bae-41ad-92ba-3c826f651219" }, "details": "python release notes:\n\n> Multiple vulnerabilities has been fixed in this release. Please refer\n> to the CVE list for details.\n", "id": "FreeBSD-2018-0122", "modified": "2018-05-05T00:00:00Z", "published": "2018-05-05T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://github.com/python/cpython/blob/2.7/Misc/NEWS.d/2.7.15rc1.rst" }, { "type": "WEB", "url": "https://github.com/python/cpython/blob/2.7/Misc/NEWS.d/2.7.15rc1.rst" }, { "type": "WEB", "url": "https://github.com/python/cpython/blob/2.7/Misc/NEWS.d/2.7.15.rst" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2012-0876" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2016-0718" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2016-4472" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2016-9063" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-9233" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-1060" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-1061" } ], "schema_version": "1.7.0", "summary": "python 2.7 -- multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "plasma5-kwallet-pam" }, "ranges": [ { "events": [ { "fixed": "5.12.5_1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://www.kde.org/info/security/advisory-20180503-1.txt" ], "discovery": "2018-05-04T00:00:00Z", "vid": "83a548b5-4fa5-11e8-9a8e-001e2a3f778d" }, "details": "The KDE Community reports:\n\n> kwallet-pam was doing file writing and permission changing as root\n> that with correct timing and use of carefully crafted symbolic links\n> could allow a non privileged user to become the owner of any file on\n> the system.\n", "id": "FreeBSD-2018-0121", "modified": "2018-05-04T00:00:00Z", "published": "2018-05-04T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://www.kde.org/info/security/advisory-20180503-1.txt" }, { "type": "WEB", "url": "https://www.kde.org/info/security/advisory-20180503-1.txt" } ], "schema_version": "1.7.0", "summary": "KWallet-PAM -- Access to privileged files" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "drupal7" }, "ranges": [ { "events": [ { "fixed": "7.58" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "drupal8" }, "ranges": [ { "events": [ { "fixed": "8.5.2" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://www.drupal.org/SA-CORE-2018-004" ], "discovery": "2018-04-25T00:00:00Z", "vid": "89ca6f7d-4f00-11e8-9b1d-00e04c1ea73d" }, "details": "Drupal Security Team reports:\n\n> A remote code execution vulnerability exists within multiple\n> subsystems of Drupal 7.x and 8.x. This potentially allows attackers to\n> exploit multiple attack vectors on a Drupal site, which could result\n> in the site being compromised. This vulnerability is related to Drupal\n> core - Highly critical - Remote Code Execution - SA-CORE-2018-002.\n> Both SA-CORE-2018-002 and this vulnerability are being exploited in\n> the wild.\n", "id": "FreeBSD-2018-0120", "modified": "2018-05-03T00:00:00Z", "published": "2018-05-03T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://www.drupal.org/SA-CORE-2018-004" }, { "type": "WEB", "url": "https://www.drupal.org/SA-CORE-2018-004" } ], "schema_version": "1.7.0", "summary": "drupal -- Drupal Core - Multiple Vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "gitlab" }, "ranges": [ { "events": [ { "introduced": "10.7.0" }, { "fixed": "10.7.2" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "10.6.0" }, { "fixed": "10.6.5" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "9.5.0" }, { "fixed": "10.5.8" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://about.gitlab.com/2018/04/30/security-release-gitlab-10-dot-7-dot-2-released" ], "discovery": "2018-04-30T00:00:00Z", "references": { "cvename": [ "CVE-2018-10379" ] }, "vid": "9dfe61c8-4d15-11e8-8f2f-d8cb8abf62dd" }, "details": "GitLab reports:\n\n> Persistent XSS in Move Issue using project namespace\n>\n> Download Archive allowing unauthorized private repo access\n>\n> Mattermost Updates\n", "id": "FreeBSD-2018-0119", "modified": "2018-05-01T00:00:00Z", "published": "2018-05-01T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://about.gitlab.com/2018/04/30/security-release-gitlab-10-dot-7-dot-2-released" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-10379" }, { "type": "WEB", "url": "https://about.gitlab.com/2018/04/30/security-release-gitlab-10-dot-7-dot-2-released" } ], "schema_version": "1.7.0", "summary": "Gitlab -- multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "chromium" }, "ranges": [ { "events": [ { "fixed": "66.0.3359.139" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://chromereleases.googleblog.com/2018/04/stable-channel-update-for-desktop_26.html" ], "discovery": "2018-04-12T00:00:00Z", "references": { "cvename": [ "CVE-2018-6118" ] }, "vid": "006bee4e-4c49-11e8-9c32-54ee754af08e" }, "details": "Google Chrome Releases reports:\n\n> 3 security fixes in this release:\n>\n> - \\[831963\\] Critical CVE-2018-6118: Use after free in Media Cache.\n> Reported by Ned Williamson on 2018-04-12\n> - \\[837635\\] Various fixes from internal audits, fuzzing and other\n> initiatives\n", "id": "FreeBSD-2018-0118", "modified": "2018-04-30T00:00:00Z", "published": "2018-04-30T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://chromereleases.googleblog.com/2018/04/stable-channel-update-for-desktop_26.html" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-6118" }, { "type": "WEB", "url": "https://chromereleases.googleblog.com/2018/04/stable-channel-update-for-desktop_26.html" } ], "schema_version": "1.7.0", "summary": "chromium -- vulnerability" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "quassel" }, "ranges": [ { "events": [ { "fixed": "0.12.5" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "quassel-core" }, "ranges": [ { "events": [ { "fixed": "0.12.5" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://bugs.gentoo.org/653834" ], "discovery": "2018-04-24T00:00:00Z", "vid": "499f6b41-58db-4f98-b8e7-da8c18985eda" }, "details": "Gentoo reports:\n\n> quasselcore: corruption of heap metadata caused by qdatastream leading\n> to preauth remote code execution.\n>\n> - Severity: high, by default the server port is publicly open and the\n> address can be requested using the /WHOIS command of IRC protocol.\n> - Description: In Qdatastream protocol each object is prepended with 4\n> bytes for the object size, this can be used to trigger allocation\n> errors.\n>\n> quasselcore DDOS\n>\n> - Severity: low, only impacts unconfigured quasselcore instances.\n> - Description: A login attempt causes a NULL pointer dereference when\n> the database is not initialized.\n", "id": "FreeBSD-2018-0117", "modified": "2018-04-26T00:00:00Z", "published": "2018-04-26T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://bugs.gentoo.org/653834" }, { "type": "WEB", "url": "https://bugs.gentoo.org/653834" }, { "type": "WEB", "url": "https://github.com/quassel/quassel/commit/08bace4e9ecf08273f094c0c6aa8b3363d38ac3e" }, { "type": "WEB", "url": "https://github.com/quassel/quassel/commit/18389a713a6810f57ab237b945e8ee03df857b8b" } ], "schema_version": "1.7.0", "summary": "quassel -- multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "chromium" }, "ranges": [ { "events": [ { "fixed": "66.0.3359.117" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://chromereleases.googleblog.com/2018/04/stable-channel-update-for-desktop.html" ], "discovery": "2017-04-10T00:00:00Z", "references": { "cvename": [ "CVE-2018-6085", "CVE-2018-6086", "CVE-2018-6087", "CVE-2018-6088", "CVE-2018-6089", "CVE-2018-6090", "CVE-2018-6091", "CVE-2018-6092", "CVE-2018-6093", "CVE-2018-6094", "CVE-2018-6095", "CVE-2018-6096", "CVE-2018-6097", "CVE-2018-6098", "CVE-2018-6099", "CVE-2018-6100", "CVE-2018-6101", "CVE-2018-6102", "CVE-2018-6103", "CVE-2018-6104", "CVE-2018-6105", "CVE-2018-6106", "CVE-2018-6107", "CVE-2018-6108", "CVE-2018-6109", "CVE-2018-6110", "CVE-2018-6111", "CVE-2018-6112", "CVE-2018-6113", "CVE-2018-6114", "CVE-2018-6115", "CVE-2018-6116", "CVE-2018-6117", "CVE-2018-6084" ] }, "vid": "36ff7a74-47b1-11e8-a7d6-54e1ad544088" }, "details": "Google Chrome Releases reports:\n\n> 62 security fixes in this release:\n>\n> - \\[826626\\] Critical CVE-2018-6085: Use after free in Disk Cache.\n> Reported by Ned Williamson on 2018-03-28\n> - \\[827492\\] Critical CVE-2018-6086: Use after free in Disk Cache.\n> Reported by Ned Williamson on 2018-03-30\n> - \\[813876\\] High CVE-2018-6087: Use after free in WebAssembly.\n> Reported by Anonymous on 2018-02-20\n> - \\[822091\\] High CVE-2018-6088: Use after free in PDFium. Reported by\n> Anonymous on 2018-03-15\n> - \\[808838\\] High CVE-2018-6089: Same origin policy bypass in Service\n> Worker. Reported by Rob Wu on 2018-02-04\n> - \\[820913\\] High CVE-2018-6090: Heap buffer overflow in Skia.\n> Reported by ZhanJia Song on 2018-03-12\n> - \\[771933\\] High CVE-2018-6091: Incorrect handling of plug-ins by\n> Service Worker. Reported by Jun Kokatsu (@shhnjk) on 2017-10-05\n> - \\[819869\\] High CVE-2018-6092: Integer overflow in WebAssembly.\n> Reported by Natalie Silvanovich of Google Project Zero on 2018-03-08\n> - \\[780435\\] Medium CVE-2018-6093: Same origin bypass in Service\n> Worker. Reported by Jun Kokatsu (@shhnjk) on 2017-11-01\n> - \\[633030\\] Medium CVE-2018-6094: Exploit hardening regression in\n> Oilpan. Reported by Chris Rohlf on 2016-08-01\n> - \\[637098\\] Medium CVE-2018-6095: Lack of meaningful user interaction\n> requirement before file upload. Reported by Abdulrahman\n> Alqabandi (@qab) on 2016-08-11\n> - \\[776418\\] Medium CVE-2018-6096: Fullscreen UI spoof. Reported by\n> WenXu Wu of Tencent\\'s Xuanwu Lab on 2017-10-19\n> - \\[806162\\] Medium CVE-2018-6097: Fullscreen UI spoof. Reported by\n> xisigr of Tencent\\'s Xuanwu Lab on 2018-01-26\n> - \\[798892\\] Medium CVE-2018-6098: URL spoof in Omnibox. Reported by\n> Khalil Zhani on 2018-01-03\n> - \\[808825\\] Medium CVE-2018-6099: CORS bypass in ServiceWorker.\n> Reported by Jun Kokatsu (@shhnjk) on 2018-02-03\n> - \\[811117\\] Medium CVE-2018-6100: URL spoof in Omnibox. Reported by\n> Lnyas Zhang on 2018-02-11\n> - \\[813540\\] Medium CVE-2018-6101: Insufficient protection of remote\n> debugging prototol in DevTools . Reported by Rob Wu on 2018-02-19\n> - \\[813814\\] Medium CVE-2018-6102: URL spoof in Omnibox. Reported by\n> Khalil Zhani on 2018-02-20\n> - \\[816033\\] Medium CVE-2018-6103: UI spoof in Permissions. Reported\n> by Khalil Zhani on 2018-02-24\n> - \\[820068\\] Medium CVE-2018-6104: URL spoof in Omnibox. Reported by\n> Khalil Zhani on 2018-03-08\n> - \\[803571\\] Medium CVE-2018-6105: URL spoof in Omnibox. Reported by\n> Khalil Zhani on 2018-01-18\n> - \\[805729\\] Medium CVE-2018-6106: Incorrect handling of promises in\n> V8. Reported by lokihardt of Google Project Zero on 2018-01-25\n> - \\[808316\\] Medium CVE-2018-6107: URL spoof in Omnibox. Reported by\n> Khalil Zhani on 2018-02-02\n> - \\[816769\\] Medium CVE-2018-6108: URL spoof in Omnibox. Reported by\n> Khalil Zhani on 2018-02-27\n> - \\[710190\\] Low CVE-2018-6109: Incorrect handling of files by\n> FileAPI. Reported by Dominik Weber (@DoWeb\\_) on 2017-04-10\n> - \\[777737\\] Low CVE-2018-6110: Incorrect handling of plaintext files\n> via file:// . Reported by Wenxiang Qian (aka blastxiang) on\n> 2017-10-24\n> - \\[780694\\] Low CVE-2018-6111: Heap-use-after-free in DevTools.\n> Reported by Khalil Zhani on 2017-11-02\n> - \\[798096\\] Low CVE-2018-6112: Incorrect URL handling in DevTools.\n> Reported by Rob Wu on 2017-12-29\n> - \\[805900\\] Low CVE-2018-6113: URL spoof in Navigation. Reported by\n> Khalil Zhani on 2018-01-25\n> - \\[811691\\] Low CVE-2018-6114: CSP bypass. Reported by Lnyas Zhang on\n> 2018-02-13\n> - \\[819809\\] Low CVE-2018-6115: SmartScreen bypass in downloads.\n> Reported by James Feher on 2018-03-07\n> - \\[822266\\] Low CVE-2018-6116: Incorrect low memory handling in\n> WebAssembly. Reported by Jin from Chengdu Security Response Center\n> of Qihoo 360 Technology Co. Ltd. on 2018-03-15\n> - \\[822465\\] Low CVE-2018-6117: Confusing autofill settings. Reported\n> by Spencer Dailey on 2018-03-15\n> - \\[822424\\] Low CVE-2018-6084: Incorrect use of Distributed Objects\n> in Google Software Updater on MacOS. Reported by Ian Beer of Google\n> Project Zero on 2018-03-15\n", "id": "FreeBSD-2018-0116", "modified": "2018-04-24T00:00:00Z", "published": "2018-04-24T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://chromereleases.googleblog.com/2018/04/stable-channel-update-for-desktop.html" }, { "type": "WEB", "url": "https://chromereleases.googleblog.com/2018/04/stable-channel-update-for-desktop.html" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-6085" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-6086" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-6087" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-6088" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-6089" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-6090" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-6091" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-6092" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-6093" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-6094" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-6095" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-6096" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-6097" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-6098" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-6099" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-6100" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-6101" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-6102" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-6103" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-6104" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-6105" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-6106" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-6107" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-6108" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-6109" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-6110" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-6111" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-6112" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-6113" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-6114" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-6115" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-6116" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-6117" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-6084" } ], "schema_version": "1.7.0", "summary": "chromium -- vulnerability" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "mbedtls" }, "ranges": [ { "events": [ { "fixed": "2.7.2" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "polarssl13" }, "ranges": [ { "events": [ { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://tls.mbed.org/tech-updates/releases/mbedtls-2.8.0-2.7.2-and-2.1.11-released" ], "discovery": "2018-03-21T00:00:00Z", "vid": "d8382a69-4728-11e8-ba83-0011d823eebd" }, "details": "Simon Butcher reports:\n\n> - Defend against Bellcore glitch attacks by verifying the results of\n> RSA private key operations.\n> - Fix implementation of the truncated HMAC extension. The previous\n> implementation allowed an offline 2\\^80 brute force attack on the\n> HMAC key of a single, uninterrupted connection (with no resumption\n> of the session).\n> - Reject CRLs containing unsupported critical extensions. Found by\n> Falko Strenzke and Evangelos Karatsiolis.\n> - Fix a buffer overread in ssl_parse_server_key_exchange() that could\n> cause a crash on invalid input.\n> - Fix a buffer overread in ssl_parse_server_psk_hint() that could\n> cause a crash on invalid input.\n", "id": "FreeBSD-2018-0115", "modified": "2018-04-23T00:00:00Z", "published": "2018-04-23T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://tls.mbed.org/tech-updates/releases/mbedtls-2.8.0-2.7.2-and-2.1.11-released" }, { "type": "WEB", "url": "https://tls.mbed.org/tech-updates/releases/mbedtls-2.8.0-2.7.2-and-2.1.11-released" } ], "schema_version": "1.7.0", "summary": "mbed TLS (PolarSSL) -- multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "mariadb55-server" }, "ranges": [ { "events": [ { "fixed": "5.5.60" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "mariadb100-server" }, "ranges": [ { "events": [ { "fixed": "10.0.35" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "mariadb101-server" }, "ranges": [ { "events": [ { "fixed": "10.1.33" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "mariadb102-server" }, "ranges": [ { "events": [ { "fixed": "10.2.15" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "mysql55-server" }, "ranges": [ { "events": [ { "fixed": "5.5.60" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "mysql56-server" }, "ranges": [ { "events": [ { "fixed": "5.6.40" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "mysql57-server" }, "ranges": [ { "events": [ { "fixed": "5.7.22" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "percona55-server" }, "ranges": [ { "events": [ { "fixed": "5.5.60" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "percona56-server" }, "ranges": [ { "events": [ { "fixed": "5.6.40" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "percona57-server" }, "ranges": [ { "events": [ { "fixed": "5.7.22" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html" ], "discovery": "2018-04-17T00:00:00Z", "references": { "cvename": [ "CVE-2018-2755", "CVE-2018-2805", "CVE-2018-2782", "CVE-2018-2784", "CVE-2018-2819", "CVE-2018-2758", "CVE-2018-2817", "CVE-2018-2775", "CVE-2018-2780", "CVE-2018-2761", "CVE-2018-2786", "CVE-2018-2787", "CVE-2018-2812", "CVE-2018-2877", "CVE-2018-2759", "CVE-2018-2766", "CVE-2018-2777", "CVE-2018-2810", "CVE-2018-2818", "CVE-2018-2839", "CVE-2018-2778", "CVE-2018-2779", "CVE-2018-2781", "CVE-2018-2816", "CVE-2018-2846", "CVE-2018-2769", "CVE-2018-2776", "CVE-2018-2762", "CVE-2018-2771", "CVE-2018-2813", "CVE-2018-2773" ] }, "vid": "57aec168-453e-11e8-8777-b499baebfeaf" }, "details": "Oracle reports:\n\n> MySQL Multiple Flaws Let Remote Authenticated Users Access and Modify\n> Data, Remote and Local Users Deny Service, and Local Users Access Data\n> and Gain Elevated Privileges\n>\n> - A local user can exploit a flaw in the Replication component to gain\n> elevated privileges \\[CVE-2018-2755\\].\n> - A remote authenticated user can exploit a flaw in the GIS Extension\n> component to cause denial of service conditions \\[CVE-2018-2805\\].\n> - A remote authenticated user can exploit a flaw in the InnoDB\n> component to cause denial of service conditions \\[CVE-2018-2782,\n> CVE-2018-2784, CVE-2018-2819\\].\n> - A remote authenticated user can exploit a flaw in the Security\n> Privileges component to cause denial of service conditions\n> \\[CVE-2018-2758, CVE-2018-2818\\].\n> - A remote authenticated user can exploit a flaw in the DDL component\n> to cause denial of service conditions \\[CVE-2018-2817\\].\n> - A remote authenticated user can exploit a flaw in the Optimizer\n> component to cause denial of service conditions \\[CVE-2018-2775,\n> CVE-2018-2778, CVE-2018-2779, CVE-2018-2780, CVE-2018-2781,\n> CVE-2018-2816\\].\n> - A remote user can exploit a flaw in the Client programs component to\n> cause denial of service conditions \\[CVE-2018-2761, CVE-2018-2773\\].\n> - A remote authenticated user can exploit a flaw in the InnoDB\n> component to partially modify data and cause denial of service\n> conditions \\[CVE-2018-2786, CVE-2018-2787\\].\n> - A remote authenticated user can exploit a flaw in the Optimizer\n> component to partially modify data and cause denial of service\n> conditions \\[CVE-2018-2812\\].\n> - A local user can exploit a flaw in the Cluster ndbcluster/plugin\n> component to cause denial of service conditions \\[CVE-2018-2877\\].\n> - A remote authenticated user can exploit a flaw in the InnoDB\n> component to cause denial of service conditions \\[CVE-2018-2759,\n> CVE-2018-2766, CVE-2018-2777, CVE-2018-2810\\].\n> - A remote authenticated user can exploit a flaw in the DML component\n> to cause denial of service conditions \\[CVE-2018-2839\\].\n> - A remote authenticated user can exploit a flaw in the Performance\n> Schema component to cause denial of service conditions\n> \\[CVE-2018-2846\\].\n> - A remote authenticated user can exploit a flaw in the Pluggable Auth\n> component to cause denial of service conditions \\[CVE-2018-2769\\].\n> - A remote authenticated user can exploit a flaw in the Group\n> Replication GCS component to cause denial of service conditions\n> \\[CVE-2018-2776\\].\n> - A local user can exploit a flaw in the Connection component to cause\n> denial of service conditions \\[CVE-2018-2762\\].\n> - A remote authenticated user can exploit a flaw in the Locking\n> component to cause denial of service conditions \\[CVE-2018-2771\\].\n> - A remote authenticated user can exploit a flaw in the DDL component\n> to partially access data \\[CVE-2018-2813\\].\n", "id": "FreeBSD-2018-0114", "modified": "2018-04-21T00:00:00Z", "published": "2018-04-21T00:00:00Z", "references": [ { "type": "REPORT", "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html" }, { "type": "WEB", "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-2755" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-2805" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-2782" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-2784" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-2819" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-2758" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-2817" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-2775" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-2780" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-2761" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-2786" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-2787" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-2812" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-2877" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-2759" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-2766" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-2777" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-2810" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-2818" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-2839" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-2778" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-2779" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-2781" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-2816" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-2846" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-2769" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-2776" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-2762" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-2771" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-2813" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-2773" } ], "schema_version": "1.7.0", "summary": "MySQL -- multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "wordpress" }, "ranges": [ { "events": [ { "fixed": "4.9.5,1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "fr-wordpress" }, "ranges": [ { "events": [ { "fixed": "4.9.5,1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "de-wordpress" }, "ranges": [ { "events": [ { "fixed": "4.9.5" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "zh_CN-wordpress" }, "ranges": [ { "events": [ { "fixed": "4.9.5" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "zh_TW-wordpress" }, "ranges": [ { "events": [ { "fixed": "4.9.5" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "ja-wordpress" }, "ranges": [ { "events": [ { "fixed": "4.9.5" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://wordpress.org/news/2018/04/wordpress-4-9-5-security-and-maintenance-release/" ], "discovery": "2018-04-03T00:00:00Z", "vid": "be38245e-44d9-11e8-a292-00e04c1ea73d" }, "details": "wordpress developers reports:\n\n> Don\\'t treat localhost as same host by default.\n>\n> Use safe redirects when redirecting the login page if SSL is forced.\n>\n> Make sure the version string is correctly escaped for use in generator\n> tags.\n", "id": "FreeBSD-2018-0113", "modified": "2018-04-20T00:00:00Z", "published": "2018-04-20T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://wordpress.org/news/2018/04/wordpress-4-9-5-security-and-maintenance-release/" }, { "type": "WEB", "url": "https://wordpress.org/news/2018/04/wordpress-4-9-5-security-and-maintenance-release/" } ], "schema_version": "1.7.0", "summary": "wordpress -- multiple issues" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "phpmyadmin" }, "ranges": [ { "events": [ { "introduced": "4.8.0" }, { "fixed": "4.8.0.1" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://www.phpmyadmin.net/security/PMASA-2018-2/" ], "discovery": "2018-04-17T00:00:00Z", "vid": "ac7da39b-4405-11e8-afbe-6805ca0b3d42" }, "details": "The phpMyAdmin development team reports:\n\n> ### Summary\n>\n> CSRF vulnerability allowing arbitrary SQL execution\n>\n> ### Description\n>\n> By deceiving a user to click on a crafted URL, it is possible for an\n> attacker to execute arbitrary SQL commands.\n>\n> ### Severity\n>\n> We consider this vulnerability to be critical.\n", "id": "FreeBSD-2018-0112", "modified": "2018-04-19T00:00:00Z", "published": "2018-04-19T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://www.phpmyadmin.net/security/PMASA-2018-2/" }, { "type": "WEB", "url": "https://www.phpmyadmin.net/security/PMASA-2018-2/" } ], "schema_version": "1.7.0", "summary": "phpmyadmin -- CSRF vulnerability allowing arbitrary SQL execution" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "drupal8" }, "ranges": [ { "events": [ { "fixed": "8.5.2" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://www.drupal.org/sa-core-2018-003" ], "discovery": "2018-04-18T00:00:00Z", "vid": "33174280-43fa-11e8-aad5-6cf0497db129" }, "details": "The Drupal security team reports:\n\n> CKEditor, a third-party JavaScript library included in Drupal core,\n> has fixed a cross-site scripting (XSS) vulnerability. The\n> vulnerability stemmed from the fact that it was possible to execute\n> XSS inside CKEditor when using the image2 plugin (which Drupal 8 core\n> also uses).\n", "id": "FreeBSD-2018-0111", "modified": "2018-04-19T00:00:00Z", "published": "2018-04-19T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://www.drupal.org/sa-core-2018-003" }, { "type": "WEB", "url": "https://www.drupal.org/sa-core-2018-003" } ], "schema_version": "1.7.0", "summary": "drupal -- Drupal core - Moderately critical" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "openssl" }, "ranges": [ { "events": [ { "fixed": "1.0.2o_2,1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "openssl-devel" }, "ranges": [ { "events": [ { "fixed": "1.1.0h_1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://www.openssl.org/news/secadv/20180416.txt" ], "discovery": "2018-04-16T00:00:00Z", "references": { "cvename": [ "CVE-2018-0737" ] }, "vid": "8f353420-4197-11e8-8777-b499baebfeaf" }, "details": "The OpenSSL project reports:\n\n> The OpenSSL RSA Key generation algorithm has been shown to be\n> vulnerable to a cache timing side channel attack. An attacker with\n> sufficient access to mount cache timing attacks during the RSA key\n> generation process could recover the private key.\n", "id": "FreeBSD-2018-0110", "modified": "2018-04-16T00:00:00Z", "published": "2018-04-16T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://www.openssl.org/news/secadv/20180416.txt" }, { "type": "WEB", "url": "https://www.openssl.org/news/secadv/20180416.txt" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-0737" } ], "schema_version": "1.7.0", "summary": "OpenSSL -- Cache timing vulnerability" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "drupal7" }, "ranges": [ { "events": [ { "fixed": "7.57" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://www.drupal.org/psa-2018-001" ], "discovery": "2018-03-13T00:00:00Z", "references": { "cvename": [ "CVE-2018-7600" ] }, "vid": "a9e466e8-4144-11e8-a292-00e04c1ea73d" }, "details": "Drupal Security Team reports:\n\n> CVE-2018-7600: Drupal before 7.58, 8.x before 8.3.9, 8.4.x before\n> 8.4.6, and 8.5.x before 8.5.1 allows remote attackers to execute\n> arbitrary code because of an issue affecting multiple subsystems with\n> default or common module configurations.\n", "id": "FreeBSD-2018-0109", "modified": "2018-04-16T00:00:00Z", "published": "2018-04-16T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://www.drupal.org/psa-2018-001" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-7600" } ], "schema_version": "1.7.0", "summary": "drupal -- Drupal Core - Multiple Vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "perl5" }, "ranges": [ { "events": [ { "introduced": "5.24.0" }, { "fixed": "5.24.4" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "5.26.0" }, { "fixed": "5.26.2" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://metacpan.org/changes/release/SHAY/perl-5.26.2" ], "discovery": "2018-04-14T00:00:00Z", "references": { "cvename": [ "CVE-2018-6797", "CVE-2018-6798", "CVE-2018-6913" ] }, "vid": "41c96ffd-29a6-4dcc-9a88-65f5038fa6eb" }, "details": "perldelta:\n\n> CVE-2018-6797: heap-buffer-overflow (WRITE of size 1) in S_regatom\n> (regcomp.c)\n>\n> A crafted regular expression could cause a heap buffer write overflow,\n> with control over the bytes written. \\[perl #132227\\]\n>\n> CVE-2018-6798: Heap-buffer-overflow in Perl\\_\\_byte_dump_string\n> (utf8.c)\n>\n> Matching a crafted locale dependent regular expression could cause a\n> heap buffer read overflow and potentially information disclosure.\n> \\[perl #132063\\]\n>\n> CVE-2018-6913: heap-buffer-overflow in S_pack_rec\n>\n> pack() could cause a heap buffer write overflow with a large item\n> count. \\[perl #131844\\]\n", "id": "FreeBSD-2018-0108", "modified": "2018-04-15T00:00:00Z", "published": "2018-04-15T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://metacpan.org/changes/release/SHAY/perl-5.26.2" }, { "type": "WEB", "url": "https://metacpan.org/changes/release/SHAY/perl-5.26.2" }, { "type": "WEB", "url": "https://metacpan.org/changes/release/SHAY/perl-5.24.4" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-6797" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-6798" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-6913" } ], "schema_version": "1.7.0", "summary": "perl -- multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "ipsec-tools" }, "ranges": [ { "events": [ { "fixed": "0.8.2_3" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://gnats.netbsd.org/cgi-bin/query-pr-single.pl?number=51682" ], "discovery": "2016-12-02T00:00:00Z", "references": { "cvename": [ "CVE-2016-10396" ] }, "vid": "974a6d32-3fda-11e8-aea4-001b216d295b" }, "details": "Robert Foggia via NetBSD GNATS reports:\n\n> The ipsec-tools racoon daemon contains a remotely exploitable\n> computational complexity attack when parsing and storing isakmp\n> fragments. The implementation permits a remote attacker to exhaust\n> computational resources on the remote endpoint by repeatedly sending\n> isakmp fragment packets in a particular order such that the worst-case\n> computational complexity is realized in the algorithm utilized to\n> determine if reassembly of the fragments can take place.\n", "id": "FreeBSD-2018-0107", "modified": "2018-04-14T00:00:00Z", "published": "2018-04-14T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://gnats.netbsd.org/cgi-bin/query-pr-single.pl?number=51682" }, { "type": "WEB", "url": "https://gnats.netbsd.org/cgi-bin/query-pr-single.pl?number=51682" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2016-10396" } ], "schema_version": "1.7.0", "summary": "ipsec-tools -- remotely exploitable computational-complexity attack" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "libnghttp2" }, "ranges": [ { "events": [ { "introduced": "1.10.0" }, { "fixed": "1.31.1" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "nghttp2" }, "ranges": [ { "events": [ { "introduced": "1.10.0" }, { "fixed": "1.31.1" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://nghttp2.org/blog/2018/04/12/nghttp2-v1-31-1/" ], "discovery": "2018-04-04T00:00:00Z", "references": { "cvename": [ "CVE-2018-1000168" ] }, "vid": "1fccb25e-8451-438c-a2b9-6a021e4d7a31" }, "details": "nghttp2 blog:\n\n> If ALTSVC frame is received by libnghttp2 and it is larger than it can\n> accept, the pointer field which points to ALTSVC frame payload is left\n> NULL. Later libnghttp2 attempts to access another field through the\n> pointer, and gets segmentation fault.\n>\n> ALTSVC frame is defined by RFC 7838.\n>\n> The largest frame size libnghttp2 accept is by default 16384 bytes.\n>\n> Receiving ALTSVC frame is disabled by default. Application has to\n> enable it explicitly by calling\n> nghttp2_option_set_builtin_recv_extension_type(opt, NGHTTP2_ALTSVC).\n>\n> Transmission of ALTSVC is always enabled, and it does not cause this\n> vulnerability.\n>\n> ALTSVC frame is expected to be sent by server, and received by client\n> as defined in RFC 7838.\n>\n> Client and server are both affected by this vulnerability if the\n> reception of ALTSVC frame is enabled. As written earlier, it is\n> useless to enable reception of ALTSVC frame on server side. So, server\n> is generally safe unless application accidentally enabled the\n> reception of ALTSVC frame.\n", "id": "FreeBSD-2018-0106", "modified": "2018-04-13T00:00:00Z", "published": "2018-04-13T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://nghttp2.org/blog/2018/04/12/nghttp2-v1-31-1/" }, { "type": "WEB", "url": "https://nghttp2.org/blog/2018/04/12/nghttp2-v1-31-1/" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-1000168" } ], "schema_version": "1.7.0", "summary": "nghttp2 -- Denial of service due to NULL pointer dereference" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "roundcube" }, "ranges": [ { "events": [ { "last_affected": "1.3.5,1" }, { "fixed": "1.3.5,1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://roundcube.net/news/2018/04/11/security-update-1.3.6" ], "discovery": "2018-04-11T00:00:00Z", "references": { "cvename": [ "CVE-2018-9846" ] }, "vid": "48894ca9-3e6f-11e8-92f0-f0def167eeea" }, "details": "Upstream reports:\n\n> This update primarily fixes a recently discovered IMAP-cmd-injection\n> vulnerability caused by insufficient input validation within the\n> archive plugin. Details about the vulnerability are published under\n> CVE-2018-9846.\n", "id": "FreeBSD-2018-0105", "modified": "2018-04-13T00:00:00Z", "published": "2018-04-13T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://roundcube.net/news/2018/04/11/security-update-1.3.6" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-9846" }, { "type": "WEB", "url": "https://roundcube.net/news/2018/04/11/security-update-1.3.6" } ], "schema_version": "1.7.0", "summary": "roundcube -- IMAP command injection vulnerability" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "jenkins" }, "ranges": [ { "events": [ { "last_affected": "2.115" }, { "fixed": "2.115" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "jenkins-lts" }, "ranges": [ { "events": [ { "last_affected": "2.107.1" }, { "fixed": "2.107.1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://jenkins.io/security/advisory/2018-04-11/" ], "discovery": "2018-04-11T00:00:00Z", "vid": "aaba17aa-782e-4843-8a79-7756cfa2bf89" }, "details": "Jenkins developers report:\n\n> The Jenkins CLI sent different error responses for commands with view\n> and agent arguments depending on the existence of the specified views\n> or agents to unauthorized users. This allowed attackers to determine\n> whether views or agents with specified names exist.\n>\n> The Jenkins CLI now returns the same error messages to unauthorized\n> users independent of the existence of specified view or agent names\n>\n> Some JavaScript confirmation dialogs included the item name in an\n> unsafe manner, resulting in a possible cross-site scripting\n> vulnerability exploitable by users with permission to create or\n> configure items.\n>\n> JavaScript confirmation dialogs that include the item name now\n> properly escape it, so it can be safely displayed.\n", "id": "FreeBSD-2018-0104", "modified": "2018-04-12T00:00:00Z", "published": "2018-04-12T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://jenkins.io/security/advisory/2018-04-11/" }, { "type": "WEB", "url": "https://jenkins.io/security/advisory/2018-04-11/" } ], "schema_version": "1.7.0", "summary": "jenkins -- multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "linux-flashplayer" }, "ranges": [ { "events": [ { "fixed": "29.0.0.140" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://helpx.adobe.com/security/products/flash-player/apsb18-08.html" ], "discovery": "2018-04-10T00:00:00Z", "references": { "cvename": [ "CVE-2018-4932", "CVE-2018-4933", "CVE-2018-4934", "CVE-2018-4935", "CVE-2018-4936", "CVE-2018-4937" ] }, "vid": "5c6f7482-3ced-11e8-b157-6451062f0f7a" }, "details": "Adobe reports:\n\n> - This update resolves a use-after-free vulnerability that could lead\n> to remote code execution (CVE-2018-4932).\n> - This update resolves out-of-bounds read vulnerabilities that could\n> lead to information disclosure (CVE-2018-4933, CVE-2018-4934).\n> - This update resolves out-of-bounds write vulnerabilities that could\n> lead to remote code execution (CVE-2018-4935, CVE-2018-4937).\n> - This update resolves a heap overflow vulnerability that could lead\n> to information disclosure (CVE-2018-4936).\n", "id": "FreeBSD-2018-0103", "modified": "2018-07-11T00:00:00Z", "published": "2018-04-10T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://helpx.adobe.com/security/products/flash-player/apsb18-08.html" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-4932" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-4933" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-4934" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-4935" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-4936" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-4937" }, { "type": "WEB", "url": "https://helpx.adobe.com/security/products/flash-player/apsb18-08.html" } ], "schema_version": "1.7.0", "summary": "Flash Player -- multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "gitlab" }, "ranges": [ { "events": [ { "introduced": "10.6.0" }, { "fixed": "10.6.3" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "10.5.0" }, { "fixed": "10.5.7" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "8.6" }, { "fixed": "10.4.7" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://about.gitlab.com/2018/04/04/security-release-gitlab-10-dot-6-dot-3-released/" ], "discovery": "2018-04-04T00:00:00Z", "vid": "085a087b-3897-11e8-ac53-d8cb8abf62dd" }, "details": "GitLab reports:\n\n> Confidential issue comments in Slack, Mattermost, and webhook\n> integrations.\n>\n> Persistent XSS in milestones data-milestone-id.\n>\n> Persistent XSS in filename of merge request.\n", "id": "FreeBSD-2018-0102", "modified": "2018-04-05T00:00:00Z", "published": "2018-04-05T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://about.gitlab.com/2018/04/04/security-release-gitlab-10-dot-6-dot-3-released/" }, { "type": "WEB", "url": "https://about.gitlab.com/2018/04/04/security-release-gitlab-10-dot-6-dot-3-released/" } ], "schema_version": "1.7.0", "summary": "Gitlab -- multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:kernel", "name": "FreeBSD-kernel" }, "ranges": [ { "events": [ { "introduced": "11.1" }, { "fixed": "11.1_9" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "10.4" }, { "fixed": "10.4_8" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "10.3" }, { "fixed": "10.3_29" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "discovery": "2018-04-04T00:00:00Z", "references": { "cvename": [ "CVE-2018-6918" ], "freebsdsa": [ "SA-18:05.ipsec" ] }, "vid": "c0c5afef-38db-11e8-8b7f-a4badb2f469b" }, "details": "# Problem Description:\n\nThe length field of the option header does not count the size of the\noption header itself. This causes a problem when the length is zero, the\ncount is then incremented by zero, which causes an infinite loop.\n\nIn addition there are pointer/offset mistakes in the handling of IPv4\noptions.\n\n# Impact:\n\nA remote attacker who is able to send an arbitrary packet, could cause\nthe remote target machine to crash.\n", "id": "FreeBSD-2018-0101", "modified": "2018-04-05T00:00:00Z", "published": "2018-04-05T00:00:00Z", "references": [ { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-6918" }, { "type": "ADVISORY", "url": "https://www.freebsd.org/security/advisories/FreeBSD-SA-18:05.ipsec.asc" } ], "schema_version": "1.7.0", "summary": "FreeBSD -- ipsec crash or denial of service" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:kernel", "name": "FreeBSD-kernel" }, "ranges": [ { "events": [ { "introduced": "11.1" }, { "fixed": "11.1_9" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "10.4" }, { "fixed": "10.4_8" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "10.3" }, { "fixed": "10.3_29" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "discovery": "2018-04-04T00:00:00Z", "references": { "cvename": [ "CVE-2018-6917" ], "freebsdsa": [ "SA-18:04.vt" ] }, "vid": "a5cf3ecd-38db-11e8-8b7f-a4badb2f469b" }, "details": "# Problem Description:\n\nInsufficient validation of user-provided font parameters can result in\nan integer overflow, leading to the use of arbitrary kernel memory as\nglyph data. Characters that reference this data can be displayed on the\nscreen, effectively disclosing kernel memory.\n\n# Impact:\n\nUnprivileged users may be able to access privileged kernel data.\n\nSuch memory might contain sensitive information, such as portions of the\nfile cache or terminal buffers. This information might be directly\nuseful, or it might be leveraged to obtain elevated privileges in some\nway; for example, a terminal buffer might include a user-entered\npassword.\n", "id": "FreeBSD-2018-0100", "modified": "2018-04-05T00:00:00Z", "published": "2018-04-05T00:00:00Z", "references": [ { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-6917" }, { "type": "ADVISORY", "url": "https://www.freebsd.org/security/advisories/FreeBSD-SA-18:04.vt.asc" } ], "schema_version": "1.7.0", "summary": "FreeBSD -- vt console memory disclosure" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "moodle31" }, "ranges": [ { "events": [ { "fixed": "3.1.11" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "moodle32" }, "ranges": [ { "events": [ { "fixed": "3.2.8" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "moodle33" }, "ranges": [ { "events": [ { "fixed": "3.3.5" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "moodle34" }, "ranges": [ { "events": [ { "fixed": "3.4.2" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://moodle.org/mod/forum/discuss.php?d=367938" ], "discovery": "2018-03-14T00:00:00Z", "references": { "cvename": [ "CVE-2018-1081", "CVE-2018-1082" ] }, "vid": "cdb4d962-34f9-11e8-92db-080027907385" }, "details": "moodle reports:\n\n> Unauthenticated users can trigger custom messages to admin via paypal\n> enrol script.\n>\n> Suspended users with OAuth 2 authentication method can still log in to\n> the site.\n", "id": "FreeBSD-2018-0099", "modified": "2018-03-31T00:00:00Z", "published": "2018-03-31T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://moodle.org/mod/forum/discuss.php?d=367938" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-1081" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-1082" }, { "type": "WEB", "url": "https://moodle.org/mod/forum/discuss.php?d=367938" } ], "schema_version": "1.7.0", "summary": "moodle -- multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "ruby" }, "ranges": [ { "events": [ { "introduced": "2.3.0,1" }, { "fixed": "2.3.7,1" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "2.4.0,1" }, { "fixed": "2.4.4,1" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "2.5.0,1" }, { "fixed": "2.5.1,1" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://www.ruby-lang.org/en/news/2018/03/28/ruby-2-5-1-released/" ], "discovery": "2018-03-28T00:00:00Z", "references": { "cvename": [ "CVE-2017-17742", "CVE-2018-6914", "CVE-2018-8777", "CVE-2018-8778", "CVE-2018-8779", "CVE-2018-8780" ] }, "vid": "eb69bcf2-18ef-4aa2-bb0c-83b263364089" }, "details": "Ruby news:\n\n> CVE-2017-17742: HTTP response splitting in WEBrick\n>\n> If a script accepts an external input and outputs it without\n> modification as a part of HTTP responses, an attacker can use newline\n> characters to deceive the clients that the HTTP response header is\n> stopped at there, and can inject fake HTTP responses after the newline\n> characters to show malicious contents to the clients.\n>\n> CVE-2018-6914: Unintentional file and directory creation with\n> directory traversal in tempfile and tmpdir\n>\n> Dir.mktmpdir method introduced by tmpdir library accepts the prefix\n> and the suffix of the directory which is created as the first\n> parameter. The prefix can contain relative directory specifiers\n> \\\"../\\\", so this method can be used to target any directory. So, if a\n> script accepts an external input as the prefix, and the targeted\n> directory has inappropriate permissions or the ruby process has\n> inappropriate privileges, the attacker can create a directory or a\n> file at any directory.\n>\n> CVE-2018-8777: DoS by large request in WEBrick\n>\n> If an attacker sends a large request which contains huge HTTP headers,\n> WEBrick try to process it on memory, so the request causes the\n> out-of-memory DoS attack.\n>\n> CVE-2018-8778: Buffer under-read in String#unpack\n>\n> String#unpack receives format specifiers as its parameter, and can be\n> specified the position of parsing the data by the specifier @. If a\n> big number is passed with @, the number is treated as the negative\n> value, and out-of-buffer read is occurred. So, if a script accepts an\n> external input as the argument of String#unpack, the attacker can read\n> data on heaps.\n>\n> CVE-2018-8779: Unintentional socket creation by poisoned NUL byte in\n> UNIXServer and UNIXSocket\n>\n> UNIXServer.open accepts the path of the socket to be created at the\n> first parameter. If the path contains NUL (\\\\0) bytes, this method\n> recognize that the path is completed before the NUL bytes. So, if a\n> script accepts an external input as the argument of this method, the\n> attacker can make the socket file in the unintentional path. And,\n> UNIXSocket.open also accepts the path of the socket to be created at\n> the first parameter without checking NUL bytes like UNIXServer.open.\n> So, if a script accepts an external input as the argument of this\n> method, the attacker can accepts the socket file in the unintentional\n> path.\n>\n> CVE-2018-8780: Unintentional directory traversal by poisoned NUL byte\n> in Dir\n>\n> Dir.open, Dir.new, Dir.entries and Dir.empty? accept the path of the\n> target directory as their parameter. If the parameter contains NUL\n> (\\\\0) bytes, these methods recognize that the path is completed before\n> the NUL bytes. So, if a script accepts an external input as the\n> argument of these methods, the attacker can make the unintentional\n> directory traversal.\n", "id": "FreeBSD-2018-0098", "modified": "2018-03-29T00:00:00Z", "published": "2018-03-29T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://www.ruby-lang.org/en/news/2018/03/28/ruby-2-5-1-released/" }, { "type": "WEB", "url": "https://www.ruby-lang.org/en/news/2018/03/28/ruby-2-5-1-released/" }, { "type": "WEB", "url": "https://www.ruby-lang.org/en/news/2018/03/28/ruby-2-4-4-released/" }, { "type": "WEB", "url": "https://www.ruby-lang.org/en/news/2018/03/28/ruby-2-3-7-released/" }, { "type": "WEB", "url": "https://www.ruby-lang.org/en/news/2018/03/28/http-response-splitting-in-webrick-cve-2017-17742/" }, { "type": "WEB", "url": "https://www.ruby-lang.org/en/news/2018/03/28/unintentional-file-and-directory-creation-with-directory-traversal-cve-2018-6914/" }, { "type": "WEB", "url": "https://www.ruby-lang.org/en/news/2018/03/28/large-request-dos-in-webrick-cve-2018-8777/" }, { "type": "WEB", "url": "https://www.ruby-lang.org/en/news/2018/03/28/buffer-under-read-unpack-cve-2018-8778/" }, { "type": "WEB", "url": "https://www.ruby-lang.org/en/news/2018/03/28/poisoned-nul-byte-unixsocket-cve-2018-8779/" }, { "type": "WEB", "url": "https://www.ruby-lang.org/en/news/2018/03/28/poisoned-nul-byte-dir-cve-2018-8780/" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-17742" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-6914" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-8777" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-8778" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-8779" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-8780" } ], "schema_version": "1.7.0", "summary": "ruby -- multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "node4" }, "ranges": [ { "events": [ { "fixed": "4.9.0" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "node6" }, "ranges": [ { "events": [ { "fixed": "6.14.0" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "node8" }, "ranges": [ { "events": [ { "fixed": "8.11.0" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "node" }, "ranges": [ { "events": [ { "fixed": "9.10.0" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://nodejs.org/en/blog/vulnerability/march-2018-security-releases/" ], "discovery": "2018-03-21T00:00:00Z", "references": { "cvename": [ "CVE-2018-7158", "CVE-2018-7159", "CVE-2018-7160" ] }, "vid": "5a9bbb6e-32d3-11e8-a769-6daaba161086" }, "details": "Node.js reports:\n\n> # Node.js Inspector DNS rebinding vulnerability (CVE-2018-7160)\n>\n> Node.js 6.x and later include a debugger protocol (also known as\n> \\\"inspector\\\") that can be activated by the \\--inspect and related\n> command line flags. This debugger service was vulnerable to a DNS\n> rebinding attack which could be exploited to perform remote code\n> execution.\n>\n> # \\'path\\' module regular expression denial of service (CVE-2018-7158)\n>\n> The \\'path\\' module in the Node.js 4.x release line contains a\n> potential regular expression denial of service (ReDoS) vector. The\n> code in question was replaced in Node.js 6.x and later so this\n> vulnerability only impacts all versions of Node.js 4.x.\n>\n> # Spaces in HTTP Content-Length header values are ignored (CVE-2018-7159)\n>\n> The HTTP parser in all current versions of Node.js ignores spaces in\n> the Content-Length header, allowing input such as Content-Length: 1 2\n> to be interpreted as having a value of 12. The HTTP specification does\n> not allow for spaces in the Content-Length value and the Node.js HTTP\n> parser has been brought into line on this particular difference.\n", "id": "FreeBSD-2018-0097", "modified": "2018-03-28T00:00:00Z", "published": "2018-03-28T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://nodejs.org/en/blog/vulnerability/march-2018-security-releases/" }, { "type": "WEB", "url": "https://nodejs.org/en/blog/vulnerability/march-2018-security-releases/" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-7158" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-7159" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-7160" } ], "schema_version": "1.7.0", "summary": "node.js -- multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "webkit2-gtk3" }, "ranges": [ { "events": [ { "introduced": "2.16.6" }, { "fixed": "2.20.0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "discovery": "2017-10-18T00:00:00Z", "references": { "cvename": [ "CVE-2017-7087", "CVE-2017-7089", "CVE-2017-7090", "CVE-2017-7091", "CVE-2017-7092", "CVE-2017-7092", "CVE-2017-7093", "CVE-2017-7095", "CVE-2017-7096", "CVE-2017-7098", "CVE-2017-7100", "CVE-2017-7102", "CVE-2017-7104", "CVE-2017-7107", "CVE-2017-7109", "CVE-2017-7111", "CVE-2017-7117", "CVE-2017-7120", "CVE-2017-13783", "CVE-2017-13784", "CVE-2017-13785", "CVE-2017-13788", "CVE-2017-13791", "CVE-2017-13792", "CVE-2017-13794", "CVE-2017-13795", "CVE-2017-13796", "CVE-2017-13798", "CVE-2017-13802", "CVE-2017-13803", "CVE-2017-7156", "CVE-2017-7157", "CVE-2017-13856", "CVE-2017-13866", "CVE-2017-13870", "CVE-2017-5753", "CVE-2017-5715", "CVE-2018-4088", "CVE-2018-4089", "CVE-2018-4096", "CVE-2017-7153", "CVE-2017-7160", "CVE-2017-7161", "CVE-2017-7165", "CVE-2017-13884", "CVE-2017-13885" ] }, "vid": "1ce95bc7-3278-11e8-b527-00012e582166" }, "details": "The WebKit team reports many vulnerabilities.\n\nPlease reference the CVE/URL list for details.\n", "id": "FreeBSD-2018-0096", "modified": "2018-03-28T00:00:00Z", "published": "2018-03-28T00:00:00Z", "references": [ { "type": "WEB", "url": "https://webkitgtk.org/security/WSA-2017-0008.html" }, { "type": "WEB", "url": "https://webkitgtk.org/security/WSA-2017-0009.html" }, { "type": "WEB", "url": "https://webkitgtk.org/security/WSA-2017-0010.html" }, { "type": "WEB", "url": "https://webkitgtk.org/security/WSA-2018-0001.html" }, { "type": "WEB", "url": "https://webkitgtk.org/security/WSA-2018-0002.html" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-7087" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-7089" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-7090" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-7091" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-7092" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-7092" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-7093" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-7095" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-7096" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-7098" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-7100" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-7102" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-7104" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-7107" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-7109" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-7111" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-7117" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-7120" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-13783" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-13784" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-13785" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-13788" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-13791" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-13792" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-13794" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-13795" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-13796" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-13798" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-13802" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-13803" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-7156" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-7157" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-13856" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-13866" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-13870" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-5753" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-5715" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-4088" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-4089" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-4096" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-7153" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-7160" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-7161" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-7165" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-13884" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-13885" } ], "schema_version": "1.7.0", "summary": "webkit2-gtk3 -- multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "chromium" }, "ranges": [ { "events": [ { "fixed": "65.0.3325.181" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://chromereleases.googleblog.com/2018/03/stable-channel-update-for-desktop_20.html" ], "discovery": "2018-03-20T00:00:00Z", "vid": "3ae21918-31e3-11e8-927b-e8e0b747a45a" }, "details": "Google Chrome Releases reports:\n\n> 1 security fix in this release, including:\n>\n> - \\[823553\\] Various fixes from internal audits, fuzzing and other\n> initiatives\n", "id": "FreeBSD-2018-0095", "modified": "2018-03-27T00:00:00Z", "published": "2018-03-27T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://chromereleases.googleblog.com/2018/03/stable-channel-update-for-desktop_20.html" }, { "type": "WEB", "url": "https://chromereleases.googleblog.com/2018/03/stable-channel-update-for-desktop_20.html" } ], "schema_version": "1.7.0", "summary": "chromium -- vulnerability" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "openssl" }, "ranges": [ { "events": [ { "fixed": "1.0.2o,1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "openssl-devel" }, "ranges": [ { "events": [ { "fixed": "1.1.0h" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://www.openssl.org/news/secadv/20180327.txt" ], "discovery": "2018-03-27T00:00:00Z", "references": { "cvename": [ "CVE-2018-0739", "CVE-2017-3738" ] }, "vid": "b7cff5a9-31cc-11e8-8f07-b499baebfeaf" }, "details": "The OpenSSL project reports:\n\n> - Constructed ASN.1 types with a recursive definition could exceed the\n> stack (CVE-2018-0739)\\\n> Constructed ASN.1 types with a recursive definition (such as can be\n> found in PKCS7) could eventually exceed the stack given malicious\n> input with excessive recursion. This could result in a Denial Of\n> Service attack. There are no such structures used within SSL/TLS\n> that come from untrusted sources so this is considered safe.\n> - rsaz_1024_mul_avx2 overflow bug on x86_64 (CVE-2017-3738)\\\n> There is an overflow bug in the AVX2 Montgomery multiplication\n> procedure used in exponentiation with 1024-bit moduli. This only\n> affects processors that support the AVX2 but not ADX extensions like\n> Intel Haswell (4th generation).\n", "id": "FreeBSD-2018-0094", "modified": "2018-03-27T00:00:00Z", "published": "2018-03-27T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://www.openssl.org/news/secadv/20180327.txt" }, { "type": "WEB", "url": "https://www.openssl.org/news/secadv/20180327.txt" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-0739" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-3738" } ], "schema_version": "1.7.0", "summary": "OpenSSL -- multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "gitlab" }, "ranges": [ { "events": [ { "introduced": "10.5.0" }, { "fixed": "10.5.6" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "10.4.0" }, { "fixed": "10.4.6" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "8.3" }, { "fixed": "10.3.9" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://about.gitlab.com/2018/03/20/critical-security-release-gitlab-10-dot-5-dot-6-released/" ], "discovery": "2018-03-20T00:00:00Z", "references": { "cvename": [ "CVE-2018-8801" ] }, "vid": "dc0c201c-31da-11e8-ac53-d8cb8abf62dd" }, "details": "GitLab reports:\n\n> # SSRF in services and web hooks\n>\n> There were multiple server-side request forgery issues in the Services\n> feature. An attacker could make requests to servers within the same\n> network of the GitLab instance. This could lead to information\n> disclosure, authentication bypass, or potentially code execution. This\n> issue has been assigned\n> [CVE-2018-8801](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8801).\n>\n> # Gitlab Auth0 integration issue\n>\n> There was an issue with the GitLab `omniauth-auth0` configuration\n> which resulted in the Auth0 integration signing in the wrong users.\n", "id": "FreeBSD-2018-0093", "modified": "2018-04-07T00:00:00Z", "published": "2018-03-27T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://about.gitlab.com/2018/03/20/critical-security-release-gitlab-10-dot-5-dot-6-released/" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-8801" }, { "type": "WEB", "url": "https://about.gitlab.com/2018/03/20/critical-security-release-gitlab-10-dot-5-dot-6-released/" } ], "schema_version": "1.7.0", "summary": "Gitlab -- multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "firefox" }, "ranges": [ { "events": [ { "fixed": "59.0.2,1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "waterfox" }, "ranges": [ { "events": [ { "fixed": "56.0.4.36_3" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "seamonkey" }, "ranges": [ { "events": [ { "fixed": "2.49.3" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "linux-seamonkey" }, "ranges": [ { "events": [ { "fixed": "2.49.3" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "firefox-esr" }, "ranges": [ { "events": [ { "fixed": "52.7.3,1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "linux-firefox" }, "ranges": [ { "events": [ { "fixed": "52.7.3,2" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "libxul" }, "ranges": [ { "events": [ { "fixed": "52.7.3" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "linux-thunderbird" }, "ranges": [ { "events": [ { "fixed": "52.7.1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "thunderbird" }, "ranges": [ { "events": [ { "fixed": "52.7.0_1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://www.mozilla.org/en-US/security/advisories/mfsa2018-10/" ], "discovery": "2018-03-26T00:00:00Z", "references": { "cvename": [ "CVE-2018-5148" ] }, "vid": "23f59689-0152-42d3-9ade-1658d6380567" }, "details": "The Mozilla Foundation reports:\n\n> # CVE-2018-5148: Use-after-free in compositor\n>\n> A use-after-free vulnerability can occur in the compositor during\n> certain graphics operations when a raw pointer is used instead of a\n> reference counted one. This results in a potentially exploitable\n> crash.\n", "id": "FreeBSD-2018-0092", "modified": "2018-03-31T00:00:00Z", "published": "2018-03-27T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2018-10/" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-5148" }, { "type": "WEB", "url": "https://www.mozilla.org/security/advisories/mfsa2018-10/" } ], "schema_version": "1.7.0", "summary": "mozilla -- use-after-free in compositor" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "rubygem-rails-html-sanitizer" }, "ranges": [ { "events": [ { "fixed": "1.0.4" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "http://www.openwall.com/lists/oss-security/2018/03/22/4" ], "discovery": "2018-03-22T00:00:00Z", "references": { "cvename": [ "CVE-2018-3741" ] }, "vid": "81946ace-6961-4488-a164-22d58ebc8d66" }, "details": "OSS-Security list:\n\n> There is a possible XSS vulnerability in rails-html-sanitizer. The gem\n> allows non-whitelisted attributes to be present in sanitized output\n> when input with specially-crafted HTML fragments, and these attributes\n> can lead to an XSS attack on target applications.\n>\n> This issue is similar to CVE-2018-8048 in Loofah.\n", "id": "FreeBSD-2018-0091", "modified": "2018-03-24T00:00:00Z", "published": "2018-03-24T00:00:00Z", "references": [ { "type": "REPORT", "url": "http://www.openwall.com/lists/oss-security/2018/03/22/4" }, { "type": "WEB", "url": "http://www.openwall.com/lists/oss-security/2018/03/22/4" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-3741" } ], "schema_version": "1.7.0", "summary": "rails-html-sanitizer -- possible XSS vulnerability" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "apache24" }, "ranges": [ { "events": [ { "fixed": "2.4.30" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "apache22" }, "ranges": [ { "events": [ { "fixed": "2.2.34_5" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://www.apache.org/dist/httpd/CHANGES_2.4.33" ], "discovery": "2018-03-23T00:00:00Z", "references": { "cvename": [ "CVE-2017-15710", "CVE-2018-1283", "CVE-2018-1303", "CVE-2018-1301", "CVE-2017-15715", "CVE-2018-1312", "CVE-2018-1302" ] }, "vid": "f38187e7-2f6e-11e8-8f07-b499baebfeaf" }, "details": "The Apache httpd reports:\n\n> Out of bound write in mod_authnz_ldap with AuthLDAPCharsetConfig\n> enabled (CVE-2017-15710)\n>\n> mod_session: CGI-like applications that intend to read from\n> mod_session\\'s \\'SessionEnv ON\\' could be fooled into reading\n> user-supplied data instead. (CVE-2018-1283)\n>\n> mod_cache_socache: Fix request headers parsing to avoid a possible\n> crash with specially crafted input data. (CVE-2018-1303)\n>\n> core: Possible crash with excessively long HTTP request headers.\n> Impractical to exploit with a production build and production\n> LogLevel. (CVE-2018-1301)\n>\n> core: Configure the regular expression engine to match \\'\\$\\' to the\n> end of the input string only, excluding matching the end of any\n> embedded newline characters. Behavior can be changed with new\n> directive \\'RegexDefaultOptions\\'. (CVE-2017-15715)\n>\n> mod_auth_digest: Fix generation of nonce values to prevent replay\n> attacks across servers using a common Digest domain. This change may\n> cause problems if used with round robin load balancers.\n> (CVE-2018-1312)\n>\n> mod_http2: Potential crash w/ mod_http2. (CVE-2018-1302)\n", "id": "FreeBSD-2018-0090", "modified": "2018-03-27T00:00:00Z", "published": "2018-03-24T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://www.apache.org/dist/httpd/CHANGES_2.4.33" }, { "type": "WEB", "url": "https://www.apache.org/dist/httpd/CHANGES_2.4.33" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-15710" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-1283" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-1303" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-1301" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-15715" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-1312" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-1302" } ], "schema_version": "1.7.0", "summary": "apache -- multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "mybb" }, "ranges": [ { "events": [ { "fixed": "1.8.15" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://blog.mybb.com/2018/03/15/mybb-1-8-15-released-security-maintenance-release/" ], "discovery": "2018-03-15T00:00:00Z", "vid": "d50a50a2-2f3e-11e8-86f8-00e04c1ea73d" }, "details": "mybb Team reports:\n\n> Medium risk: Tasks Local File Inclusion\n>\n> Medium risk: Forum Password Check Bypass\n>\n> Low risk: Admin Permissions Group Title XSS\n>\n> Low risk: Attachment types file extension XSS\n>\n> Low risk: Moderator Tools XSS\n>\n> Low risk: Security Questions XSS\n>\n> Low risk: Settings Management XSS\n>\n> Low risk: Templates Set Name XSS\n>\n> Low risk: Usergroup Promotions XSS\n>\n> Low risk: Warning Types XSS\n", "id": "FreeBSD-2018-0089", "modified": "2018-03-24T00:00:00Z", "published": "2018-03-24T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://blog.mybb.com/2018/03/15/mybb-1-8-15-released-security-maintenance-release/" }, { "type": "WEB", "url": "https://blog.mybb.com/2018/03/15/mybb-1-8-15-released-security-maintenance-release/" } ], "schema_version": "1.7.0", "summary": "mybb -- multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "sqlite3" }, "ranges": [ { "events": [ { "fixed": "3.22.0_1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://nvd.nist.gov/vuln/detail/CVE-2018-8740" ], "discovery": "2018-03-16T00:00:00Z", "references": { "cvename": [ "CVE-2018-8740" ] }, "vid": "6d52bda1-2e54-11e8-a68f-485b3931c969" }, "details": "MITRE reports:\n\n> SQLite databases whose schema is corrupted using a CREATE TABLE AS\n> statement could cause a NULL pointer dereference, related to build.c\n> and prepare.c.\n", "id": "FreeBSD-2018-0088", "modified": "2018-03-22T00:00:00Z", "published": "2018-03-22T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-8740" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-8740" }, { "type": "WEB", "url": "http://openwall.com/lists/oss-security/2018/03/17/1" } ], "schema_version": "1.7.0", "summary": "SQLite -- Corrupt DB can cause a NULL pointer dereference" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "rubygem-sanitize" }, "ranges": [ { "events": [ { "fixed": "2.6.3" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://github.com/rgrove/sanitize/releases" ], "discovery": "2018-03-19T00:00:00Z", "references": { "cvename": [ "CVE-2018-3740" ] }, "vid": "39a30e0a-0c34-431b-9dce-b87cab02412a" }, "details": "Sanitize release:\n\n> Fixed an HTML injection vulnerability that could allow XSS.\n>\n> When Sanitize \\<= 4.6.2 is used in combination with libxml2 \\>= 2.9.2,\n> a specially crafted HTML fragment can cause libxml2 to generate\n> improperly escaped output, allowing non-whitelisted attributes to be\n> used on whitelisted elements.\n>\n> Sanitize now performs additional escaping on affected attributes to\n> prevent this.\n", "id": "FreeBSD-2018-0087", "modified": "2018-03-21T00:00:00Z", "published": "2018-03-21T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://github.com/rgrove/sanitize/releases" }, { "type": "WEB", "url": "https://github.com/rgrove/sanitize/releases" }, { "type": "WEB", "url": "https://github.com/rgrove/sanitize/issues/176" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-3740" } ], "schema_version": "1.7.0", "summary": "Sanitize -- XSS vulnerability" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "rubygem-loofah" }, "ranges": [ { "events": [ { "fixed": "2.2.1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://github.com/flavorjones/loofah/issues/144" ], "discovery": "2018-03-15T00:00:00Z", "references": { "cvename": [ "CVE-2018-8048" ] }, "vid": "ba6d0c9b-f5f6-4b9b-a6de-3cce93c83220" }, "details": "GitHub issue:\n\n> This issue has been created for public disclosure of an XSS / code\n> injection vulnerability that was responsibly reported by the Shopify\n> Application Security Team.\n>\n> Loofah allows non-whitelisted attributes to be present in sanitized\n> output when input with specially-crafted HTML fragments.\n", "id": "FreeBSD-2018-0086", "modified": "2018-03-20T00:00:00Z", "published": "2018-03-20T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://github.com/flavorjones/loofah/issues/144" }, { "type": "WEB", "url": "https://github.com/flavorjones/loofah/releases" }, { "type": "WEB", "url": "https://github.com/flavorjones/loofah/issues/144" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-8048" } ], "schema_version": "1.7.0", "summary": "Loofah -- XSS vulnerability" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "py27-notebook" }, "ranges": [ { "events": [ { "fixed": "5.4.1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "py34-notebook" }, "ranges": [ { "events": [ { "fixed": "5.4.1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "py35-notebook" }, "ranges": [ { "events": [ { "fixed": "5.4.1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "py36-notebook" }, "ranges": [ { "events": [ { "fixed": "5.4.1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8768" ], "discovery": "2018-03-18T00:00:00Z", "references": { "cvename": [ "CVE-2018-8768" ] }, "vid": "b3edc7d9-9af5-4daf-88f1-61f68f4308c2" }, "details": "MITRE reports:\n\n> In Jupyter Notebook before 5.4.1, a maliciously forged notebook file\n> can bypass sanitization to execute JavaScript in the notebook context.\n> Specifically, invalid HTML is \\'fixed\\' by jQuery after sanitization,\n> making it dangerous.\n", "id": "FreeBSD-2018-0085", "modified": "2018-03-19T00:00:00Z", "published": "2018-03-19T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8768" }, { "type": "ADVISORY", "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8768" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-8768" } ], "schema_version": "1.7.0", "summary": "Jupyter Notebook -- vulnerability" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "squirrelmail" }, "ranges": [ { "events": [ { "last_affected": "20170705" }, { "fixed": "20170705" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://insinuator.net/2018/03/squirrelmail-full-disclosure-troopers18/" ], "discovery": "2017-05-21T00:00:00Z", "references": { "cvename": [ "CVE-2018-8741" ] }, "vid": "928d5c59-2a5a-11e8-a712-0025908740c2" }, "details": "Florian Grunow reports:\n\n> An attacker able to exploit this vulnerability can extract files of\n> the server the application is running on. This may include\n> configuration files, log files and additionally all files that are\n> readable for all users on the system. This issue is\n> post-authentication. That means an attacker would need valid\n> credentials for the application to log in or needs to exploit an\n> additional vulnerability of which we are not aware of at this point of\n> time.\n>\n> An attacker would also be able to delete files on the system, if the\n> user running the application has the rights to do so.\n>\n> Does this issue affect me?\n>\n> Likely yes, if you are using Squirrelmail. We checked the latest\n> development version, which is 1.5.2-svn and the latest version\n> available for download at this point of time, 1.4.22. Both contain the\n> vulnerable code.\n", "id": "FreeBSD-2018-0084", "modified": "2018-03-17T00:00:00Z", "published": "2018-03-17T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://insinuator.net/2018/03/squirrelmail-full-disclosure-troopers18/" }, { "type": "WEB", "url": "http://www.openwall.com/lists/oss-security/2018/03/17/2" }, { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-8741" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-8741" } ], "schema_version": "1.7.0", "summary": "SquirrelMail -- post-authentication access privileges" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "slurm-wlm" }, "ranges": [ { "events": [ { "fixed": "17.02.10" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://lists.schedmd.com/pipermail/slurm-announce/2018/000006.html" ], "discovery": "2018-03-15T00:00:00Z", "references": { "cvename": [ "CVE-2018-7033" ] }, "vid": "b3e04661-2a0a-11e8-9e63-3085a9a47796" }, "details": "SchedMD reports:\n\n> Several issues were discovered with incomplete sanitization of\n> user-provided text strings, which could potentially lead to SQL\n> injection attacks against SlurmDBD itself. Such exploits could lead to\n> a loss of accounting data, or escalation of user privileges on the\n> cluster.\n", "id": "FreeBSD-2018-0083", "modified": "2018-03-17T00:00:00Z", "published": "2018-03-17T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://lists.schedmd.com/pipermail/slurm-announce/2018/000006.html" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-7033" }, { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-7033" } ], "schema_version": "1.7.0", "summary": "slurm-wlm -- SQL Injection attacks against SlurmDBD" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "libvorbis" }, "ranges": [ { "events": [ { "fixed": "1.3.6,3" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://nvd.nist.gov/vuln/detail/CVE-2017-14632", "https://nvd.nist.gov/vuln/detail/CVE-2017-14633" ], "discovery": "2018-03-16T00:00:00Z", "references": { "cvename": [ "CVE-2017-14632", "CVE-2017-14633" ] }, "vid": "64ee858e-e035-4bb4-9c77-2468963dddb8" }, "details": "NVD reports:\n\n> Xiph.Org libvorbis 1.3.5 allows Remote Code Execution upon freeing\n> uninitialized memory in the function vorbis_analysis_headerout() in\n> info.c when vi-\\>channels\\<=0, a similar issue to Mozilla bug 550184.\n\n> In Xiph.Org libvorbis 1.3.5, an out-of-bounds array read vulnerability\n> exists in the function mapping0_forward() in mapping0.c, which may\n> lead to DoS when operating on a crafted audio file with\n> vorbis_analysis().\n", "id": "FreeBSD-2018-0082", "modified": "2018-03-16T00:00:00Z", "published": "2018-03-16T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-14632" }, { "type": "REPORT", "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-14633" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-14632" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-14633" } ], "schema_version": "1.7.0", "summary": "libvorbis -- multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "libvorbis" }, "ranges": [ { "events": [ { "fixed": "1.3.6,3" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "libtremor" }, "ranges": [ { "events": [ { "fixed": "1.2.1.s20180316" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "firefox" }, "ranges": [ { "events": [ { "fixed": "59.0.1,1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "waterfox" }, "ranges": [ { "events": [ { "fixed": "56.0.4.36_3" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "seamonkey" }, "ranges": [ { "events": [ { "fixed": "2.49.3" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "linux-seamonkey" }, "ranges": [ { "events": [ { "fixed": "2.49.3" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "firefox-esr" }, "ranges": [ { "events": [ { "fixed": "52.7.2,1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "linux-firefox" }, "ranges": [ { "events": [ { "fixed": "52.7.2,2" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "libxul" }, "ranges": [ { "events": [ { "fixed": "52.7.3" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "thunderbird" }, "ranges": [ { "events": [ { "fixed": "52.7.0" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "linux-thunderbird" }, "ranges": [ { "events": [ { "fixed": "52.7.0" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://www.mozilla.org/en-US/security/advisories/mfsa2018-08/" ], "discovery": "2018-03-16T00:00:00Z", "references": { "cvename": [ "CVE-2018-5146", "CVE-2018-5147" ] }, "vid": "7943794f-707f-4e31-9fea-3bbf1ddcedc1" }, "details": "The Mozilla Foundation reports:\n\n> # CVE-2018-5146: Out of bounds memory write in libvorbis\n>\n> An out of bounds memory write while processing Vorbis audio data was\n> reported through the Pwn2Own contest.\n>\n> # CVE-2018-5147: Out of bounds memory write in libtremor\n>\n> The libtremor library has the same flaw as CVE-2018-5146. This library\n> is used by Firefox in place of libvorbis on Android and ARM platforms.\n", "id": "FreeBSD-2018-0081", "modified": "2018-03-31T00:00:00Z", "published": "2018-03-16T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2018-08/" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-5146" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-5147" }, { "type": "WEB", "url": "https://www.mozilla.org/security/advisories/mfsa2018-08/" }, { "type": "WEB", "url": "https://www.mozilla.org/security/advisories/mfsa2018-09/" } ], "schema_version": "1.7.0", "summary": "mozilla -- multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "e2fsprogs" }, "ranges": [ { "events": [ { "fixed": "1.44.0" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "e2fsprogs-libblkid" }, "ranges": [ { "events": [ { "fixed": "1.44.0" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "http://e2fsprogs.sourceforge.net/e2fsprogs-release.html#1.44.0" ], "discovery": "2018-03-07T00:00:00Z", "vid": "2aa9967c-27e0-11e8-9ae1-080027ac955c" }, "details": "Theodore Y. Ts\\'o reports:\n\n> Fixed some potential buffer overrun bugs in the blkid library and in\n> the fsck program.\n", "id": "FreeBSD-2018-0080", "modified": "2018-03-14T00:00:00Z", "published": "2018-03-14T00:00:00Z", "references": [ { "type": "REPORT", "url": "http://e2fsprogs.sourceforge.net/e2fsprogs-release.html#1.44.0" }, { "type": "WEB", "url": "http://e2fsprogs.sourceforge.net/e2fsprogs-release.html#1.44.0" } ], "schema_version": "1.7.0", "summary": "e2fsprogs -- potential buffer overrun bugs in the blkid library and in the fsck program" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:kernel", "name": "FreeBSD-kernel" }, "ranges": [ { "events": [ { "introduced": "11.1" }, { "fixed": "11.1_8" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "discovery": "2018-03-14T00:00:00Z", "references": { "cvename": [ "CVE-2017-5715", "CVE-2017-5754" ], "freebsdsa": [ "SA-18:03.speculative_execution" ] }, "vid": "74daa370-2797-11e8-95ec-a4badb2f4699" }, "details": "# Problem Description:\n\nA number of issues relating to speculative execution were found last\nyear and publicly announced January 3rd. Two of these, known as Meltdown\nand Spectre V2, are addressed here.\n\nCVE-2017-5754 (Meltdown) -\n\\-\\-\\-\\-\\-\\-\\-\\-\\-\\-\\-\\-\\-\\-\\-\\-\\-\\-\\-\\-\\-\\-\\--\n\nThis issue relies on an affected CPU speculatively executing\ninstructions beyond a faulting instruction. When this happens, changes\nto architectural state are not committed, but observable changes may be\nleft in micro- architectural state (for example, cache). This may be\nused to infer privileged data.\n\nCVE-2017-5715 (Spectre V2) -\n\\-\\-\\-\\-\\-\\-\\-\\-\\-\\-\\-\\-\\-\\-\\-\\-\\-\\-\\-\\-\\-\\-\\-\\-\\--\n\nSpectre V2 uses branch target injection to speculatively execute kernel\ncode at an address under the control of an attacker.\n\n# Impact:\n\nAn attacker may be able to read secret data from the kernel or from a\nprocess when executing untrusted code (for example, in a web browser).\n", "id": "FreeBSD-2018-0079", "modified": "2018-03-14T00:00:00Z", "published": "2018-03-14T00:00:00Z", "references": [ { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-5715" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-5754" }, { "type": "ADVISORY", "url": "https://www.freebsd.org/security/advisories/FreeBSD-SA-18:03.speculative_execution.asc" } ], "schema_version": "1.7.0", "summary": "FreeBSD -- Speculative Execution Vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:kernel", "name": "FreeBSD-kernel" }, "ranges": [ { "events": [ { "introduced": "11.1" }, { "fixed": "11.1_7" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "10.4" }, { "fixed": "10.4_7" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "10.3" }, { "fixed": "10.3_28" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "discovery": "2018-03-07T00:00:00Z", "references": { "cvename": [ "CVE-2018-6916" ], "freebsdsa": [ "SA-18:01.ipsec" ] }, "vid": "dca7ced0-2796-11e8-95ec-a4badb2f4699" }, "details": "# Problem Description:\n\nDue to a lack of strict checking, an attacker from a trusted host can\nsend a specially constructed IP packet that may lead to a system crash.\n\nAdditionally, a use-after-free vulnerability in the AH handling code\ncould cause unpredictable results.\n\n# Impact:\n\nAccess to out of bounds or freed mbuf data can lead to a kernel panic or\nother unpredictable results.\n", "id": "FreeBSD-2018-0078", "modified": "2018-03-14T00:00:00Z", "published": "2018-03-14T00:00:00Z", "references": [ { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-6916" }, { "type": "ADVISORY", "url": "https://www.freebsd.org/security/advisories/FreeBSD-SA-18:01.ipsec.asc" } ], "schema_version": "1.7.0", "summary": "FreeBSD -- ipsec validation and use-after-free" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "linux-flashplayer" }, "ranges": [ { "events": [ { "fixed": "29.0.0.113" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://helpx.adobe.com/security/products/flash-player/apsb18-05.html" ], "discovery": "2018-03-13T00:00:00Z", "references": { "cvename": [ "CVE-2018-4919", "CVE-2018-4920" ] }, "vid": "313078e3-26e2-11e8-9920-6451062f0f7a" }, "details": "Adobe reports:\n\n> - This update resolves a use-after-free vulnerability that could lead\n> to remote code execution (CVE-2018-4919).\n> - This update resolves a type confusion vulnerability that could lead\n> to remote code execution (CVE-2018-4920).\n", "id": "FreeBSD-2018-0077", "modified": "2018-03-13T00:00:00Z", "published": "2018-03-13T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://helpx.adobe.com/security/products/flash-player/apsb18-05.html" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-4919" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-4920" }, { "type": "WEB", "url": "https://helpx.adobe.com/security/products/flash-player/apsb18-05.html" } ], "schema_version": "1.7.0", "summary": "Flash Player -- multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "firefox" }, "ranges": [ { "events": [ { "fixed": "59.0_1,1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "waterfox" }, "ranges": [ { "events": [ { "fixed": "56.0.4.36_3" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "seamonkey" }, "ranges": [ { "events": [ { "fixed": "2.49.3" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "linux-seamonkey" }, "ranges": [ { "events": [ { "fixed": "2.49.3" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "firefox-esr" }, "ranges": [ { "events": [ { "fixed": "52.7.0,1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "linux-firefox" }, "ranges": [ { "events": [ { "fixed": "52.7.0,2" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "libxul" }, "ranges": [ { "events": [ { "fixed": "52.7.0" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "thunderbird" }, "ranges": [ { "events": [ { "fixed": "52.7.0" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "linux-thunderbird" }, "ranges": [ { "events": [ { "fixed": "52.7.0" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://www.mozilla.org/en-US/security/advisories/mfsa2018-06/" ], "discovery": "2018-03-13T00:00:00Z", "references": { "cvename": [ "CVE-2018-5125", "CVE-2018-5126", "CVE-2018-5127", "CVE-2018-5128", "CVE-2018-5129", "CVE-2018-5130", "CVE-2018-5131", "CVE-2018-5132", "CVE-2018-5133", "CVE-2018-5134", "CVE-2018-5135", "CVE-2018-5136", "CVE-2018-5137", "CVE-2018-5138", "CVE-2018-5140", "CVE-2018-5141", "CVE-2018-5142", "CVE-2018-5143" ] }, "vid": "c71cdc95-3c18-45b7-866a-af28b59aabb5" }, "details": "Mozilla Foundation reports:\n\n> CVE-2018-5127: Buffer overflow manipulating SVG animatedPathSegList\n>\n> CVE-2018-5128: Use-after-free manipulating editor selection ranges\n>\n> CVE-2018-5129: Out-of-bounds write with malformed IPC messages\n>\n> CVE-2018-5130: Mismatched RTP payload type can trigger memory\n> corruption\n>\n> CVE-2018-5131: Fetch API improperly returns cached copies of\n> no-store/no-cache resources\n>\n> CVE-2018-5132: WebExtension Find API can search privileged pages\n>\n> CVE-2018-5133: Value of the app.support.baseURL preference is not\n> properly sanitized\n>\n> CVE-2018-5134: WebExtensions may use view-source: URLs to bypass\n> content restrictions\n>\n> CVE-2018-5135: WebExtension browserAction can inject scripts into\n> unintended contexts\n>\n> CVE-2018-5136: Same-origin policy violation with data: URL shared\n> workers\n>\n> CVE-2018-5137: Script content can access legacy extension\n> non-contentaccessible resources\n>\n> CVE-2018-5138: Android Custom Tab address spoofing through long domain\n> names\n>\n> CVE-2018-5140: Moz-icon images accessible to web content through\n> moz-icon: protocol\n>\n> CVE-2018-5141: DOS attack through notifications Push API\n>\n> CVE-2018-5142: Media Capture and Streams API permissions display\n> incorrect origin with data: and blob: URLs\n>\n> CVE-2018-5143: Self-XSS pasting javascript: URL with embedded tab into\n> addressbar\n>\n> CVE-2018-5126: Memory safety bugs fixed in Firefox 59\n>\n> CVE-2018-5125: Memory safety bugs fixed in Firefox 59 and Firefox ESR\n> 52.7\n", "id": "FreeBSD-2018-0076", "modified": "2018-03-16T00:00:00Z", "published": "2018-03-13T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2018-06/" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-5125" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-5126" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-5127" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-5128" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-5129" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-5130" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-5131" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-5132" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-5133" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-5134" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-5135" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-5136" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-5137" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-5138" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-5140" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-5141" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-5142" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-5143" }, { "type": "WEB", "url": "https://www.mozilla.org/security/advisories/mfsa2018-06/" }, { "type": "WEB", "url": "https://www.mozilla.org/security/advisories/mfsa2018-07/" } ], "schema_version": "1.7.0", "summary": "mozilla -- multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "samba44" }, "ranges": [ { "events": [ { "fixed": "4.4.17" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "samba45" }, "ranges": [ { "events": [ { "fixed": "4.5.16" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "samba46" }, "ranges": [ { "events": [ { "fixed": "4.6.14" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "samba47" }, "ranges": [ { "events": [ { "fixed": "4.7.6" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://www.samba.org/samba/security/CVE-2018-1050.html", "https://www.samba.org/samba/security/CVE-2018-1057.html" ], "discovery": "2018-01-03T00:00:00Z", "references": { "cvename": [ "CVE-2018-1050", "CVE-2018-1057" ] }, "vid": "fb26f78a-26a9-11e8-a1c2-00505689d4ae" }, "details": "The samba project reports:\n\n> Missing null pointer checks may crash the external print server\n> process.\n\n> On a Samba 4 AD DC any authenticated user can change other user\\'s\n> passwords over LDAP, including the passwords of administrative users\n> and service accounts.\n", "id": "FreeBSD-2018-0075", "modified": "2018-03-13T00:00:00Z", "published": "2018-03-13T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://www.samba.org/samba/security/CVE-2018-1050.html" }, { "type": "REPORT", "url": "https://www.samba.org/samba/security/CVE-2018-1057.html" }, { "type": "WEB", "url": "https://www.samba.org/samba/security/CVE-2018-1050.html" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-1050" }, { "type": "WEB", "url": "https://www.samba.org/samba/security/CVE-2018-1057.html" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-1057" } ], "schema_version": "1.7.0", "summary": "samba -- multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "mbedtls" }, "ranges": [ { "events": [ { "fixed": "2.7.0" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "polarssl13" }, "ranges": [ { "events": [ { "fixed": "1.3.22" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://tls.mbed.org/tech-updates/security-advisories/mbedtls-security-advisory-2018-01" ], "discovery": "2018-02-05T00:00:00Z", "references": { "cvename": [ "CVE-2018-0487", "CVE-2018-0488" ] }, "vid": "c2f107e1-2493-11e8-b3e8-001cc0382b2f" }, "details": "Simon Butcher reports:\n\n> - When the truncated HMAC extension is enabled and CBC is used,\n> sending a malicious application packet can be used to selectively\n> corrupt 6 bytes on the peer\\'s heap, potentially leading to a crash\n> or remote code execution. This can be triggered remotely from either\n> side in both TLS and DTLS.\n> - When RSASSA-PSS signature verification is enabled, sending a\n> maliciously constructed certificate chain can be used to cause a\n> buffer overflow on the peer\\'s stack, potentially leading to crash\n> or remote code execution. This can be triggered remotely from either\n> side in both TLS and DTLS.\n", "id": "FreeBSD-2018-0074", "modified": "2018-03-10T00:00:00Z", "published": "2018-03-10T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://tls.mbed.org/tech-updates/security-advisories/mbedtls-security-advisory-2018-01" }, { "type": "WEB", "url": "https://tls.mbed.org/tech-updates/security-advisories/mbedtls-security-advisory-2018-01" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-0487" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-0488" } ], "schema_version": "1.7.0", "summary": "mbed TLS (PolarSSL) -- remote code execution" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "chromium" }, "ranges": [ { "events": [ { "fixed": "65.0.3325.146" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://chromereleases.googleblog.com/2018/03/stable-channel-update-for-desktop.html" ], "discovery": "2016-05-03T00:00:00Z", "references": { "cvename": [ "CVE-2017-11215", "CVE-2017-11225", "CVE-2018-6060", "CVE-2018-6061", "CVE-2018-6060", "CVE-2018-6061", "CVE-2018-6062", "CVE-2018-6057", "CVE-2018-6063", "CVE-2018-6064", "CVE-2018-6065", "CVE-2018-6066", "CVE-2018-6067", "CVE-2018-6069", "CVE-2018-6070", "CVE-2018-6071", "CVE-2018-6072", "CVE-2018-6073", "CVE-2018-6074", "CVE-2018-6075", "CVE-2018-6076", "CVE-2018-6077", "CVE-2018-6078", "CVE-2018-6079", "CVE-2018-6080", "CVE-2018-6081", "CVE-2018-6082", "CVE-2018-6083" ] }, "vid": "555af074-22b9-11e8-9799-54ee754af08e" }, "details": "Google Chrome Releases reports:\n\n> 45 security fixes in this release:\n>\n> - \\[758848\\] High CVE-2017-11215: Use after free in Flash. Reported by\n> JieZeng of Tencent Zhanlu Lab on 2017-08-25\n> - \\[758863\\] High CVE-2017-11225: Use after free in Flash. Reported by\n> JieZeng of Tencent Zhanlu Lab on 2017-08-25\n> - \\[780919\\] High CVE-2018-6060: Use after free in Blink. Reported by\n> Omair on 2017-11-02\n> - \\[794091\\] High CVE-2018-6061: Race condition in V8. Reported by\n> Guang Gong of Alpha Team, Qihoo 360 on 2017-12-12\n> - \\[780104\\] High CVE-2018-6062: Heap buffer overflow in Skia.\n> Reported by Anonymous on 2017-10-31\n> - \\[789959\\] High CVE-2018-6057: Incorrect permissions on shared\n> memory. Reported by Gal Beniamini of Google Project Zero on\n> 2017-11-30\n> - \\[792900\\] High CVE-2018-6063: Incorrect permissions on shared\n> memory. Reported by Gal Beniamini of Google Project Zero on\n> 2017-12-07\n> - \\[798644\\] High CVE-2018-6064: Type confusion in V8. Reported by\n> lokihardt of Google Project Zero on 2018-01-03\n> - \\[808192\\] High CVE-2018-6065: Integer overflow in V8. Reported by\n> Mark Brand of Google Project Zero on 2018-02-01\n> - \\[799477\\] Medium CVE-2018-6066: Same Origin Bypass via canvas.\n> Reported by Masato Kinugawa on 2018-01-05\n> - \\[779428\\] Medium CVE-2018-6067: Buffer overflow in Skia. Reported\n> by Ned Williamson on 2017-10-30\n> - \\[779428\\] Medium CVE-2018-6067: Buffer overflow in Skia. Reported\n> by Ned Williamson on 2017-10-30\n> - \\[799918\\] Medium CVE-2018-6069: Stack buffer overflow in Skia.\n> Reported by Wanglu and Yangkang(@dnpushme) of Qihoo360 Qex Team on\n> 2018-01-08\n> - \\[668645\\] Medium CVE-2018-6070: CSP bypass through extensions.\n> Reported by Rob Wu on 2016-11-25\n> - \\[777318\\] Medium CVE-2018-6071: Heap bufffer overflow in Skia.\n> Reported by Anonymous on 2017-10-23\n> - \\[791048\\] Medium CVE-2018-6072: Integer overflow in PDFium.\n> Reported by Atte Kettunen of OUSPG on 2017-12-01\n> - \\[804118\\] Medium CVE-2018-6073: Heap bufffer overflow in WebGL.\n> Reported by Omair on 2018-01-20\n> - \\[809759\\] Medium CVE-2018-6074: Mark-of-the-Web bypass. Reported by\n> Abdulrahman Alqabandi (@qab) on 2018-02-06\n> - \\[608669\\] Medium CVE-2018-6075: Overly permissive cross origin\n> downloads. Reported by Inti De Ceukelaire (intigriti.com) on\n> 2016-05-03\n> - \\[758523\\] Medium CVE-2018-6076: Incorrect handling of URL fragment\n> identifiers in Blink. Reported by Mateusz Krzeszowiec on 2017-08-24\n> - \\[778506\\] Medium CVE-2018-6077: Timing attack using SVG filters.\n> Reported by Khalil Zhani on 2017-10-26\n> - \\[793628\\] Medium CVE-2018-6078: URL Spoof in OmniBox. Reported by\n> Khalil Zhani on 2017-12-10\n> - \\[788448\\] Medium CVE-2018-6079: Information disclosure via texture\n> data in WebGL. Reported by Ivars Atteka on 2017-11-24\n> - \\[792028\\] Medium CVE-2018-6080: Information disclosure in IPC call.\n> Reported by Gal Beniamini of Google Project Zero on 2017-12-05\n> - \\[797525\\] Low CVE-2018-6081: XSS in interstitials. Reported by Rob\n> Wu on 2017-12-24\n> - \\[767354\\] Low CVE-2018-6082: Circumvention of port blocking.\n> Reported by WenXu Wu of Tencent\\'s Xuanwu Lab on 2017-09-21\n> - \\[771709\\] Low CVE-2018-6083: Incorrect processing of AppManifests.\n> Reported by Jun Kokatsu (@shhnjk) on 2017-10-04\n", "id": "FreeBSD-2018-0073", "modified": "2018-03-08T00:00:00Z", "published": "2018-03-08T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://chromereleases.googleblog.com/2018/03/stable-channel-update-for-desktop.html" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-11215" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-11225" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-6060" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-6061" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-6060" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-6061" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-6062" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-6057" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-6063" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-6064" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-6065" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-6066" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-6067" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-6069" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-6070" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-6071" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-6072" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-6073" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-6074" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-6075" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-6076" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-6077" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-6078" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-6079" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-6080" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-6081" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-6082" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-6083" }, { "type": "WEB", "url": "https://chromereleases.googleblog.com/2018/03/stable-channel-update-for-desktop.html" } ], "schema_version": "1.7.0", "summary": "chromium -- vulnerability" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "wireshark" }, "ranges": [ { "events": [ { "introduced": "2.2.0" }, { "fixed": "2.2.13" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "2.4.0" }, { "fixed": "2.4.5" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "wireshark-lite" }, "ranges": [ { "events": [ { "introduced": "2.2.0" }, { "fixed": "2.2.13" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "2.4.0" }, { "fixed": "2.4.5" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "wireshark-qt5" }, "ranges": [ { "events": [ { "introduced": "2.2.0" }, { "fixed": "2.2.13" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "2.4.0" }, { "fixed": "2.4.5" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "tshark" }, "ranges": [ { "events": [ { "introduced": "2.2.0" }, { "fixed": "2.2.13" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "2.4.0" }, { "fixed": "2.4.5" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "tshark-lite" }, "ranges": [ { "events": [ { "introduced": "2.2.0" }, { "fixed": "2.2.13" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "2.4.0" }, { "fixed": "2.4.5" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://www.wireshark.org/security/" ], "discovery": "2018-02-23T00:00:00Z", "references": { "cvename": [ "CVE-2018-7320", "CVE-2018-7321", "CVE-2018-7322", "CVE-2018-7323", "CVE-2018-7324", "CVE-2018-7325", "CVE-2018-7326", "CVE-2018-7327", "CVE-2018-7328", "CVE-2018-7329", "CVE-2018-7330", "CVE-2018-7331", "CVE-2018-7332", "CVE-2018-7333", "CVE-2018-7334", "CVE-2018-7335", "CVE-2018-7336", "CVE-2018-7337", "CVE-2018-7417" ] }, "vid": "c5ab620f-4576-4ad5-b51f-93e4fec9cd0e" }, "details": "wireshark developers reports:\n\n> wnpa-sec-2018-05. IEEE 802.11 dissector crash. (CVE-2018-7335)\n>\n> wnpa-sec-2018-06. Large or infinite loops in multiple dissectors.\n> (CVE-2018-7321 through CVE-2018-7333)\n>\n> wnpa-sec-2018-07. UMTS MAC dissector crash. (CVE-2018-7334)\n>\n> wnpa-sec-2018-08. DOCSIS dissector crash. (CVE-2018-7337)\n>\n> wnpa-sec-2018-09. FCP dissector crash. (CVE-2018-7336)\n>\n> wnpa-sec-2018-10. SIGCOMP dissector crash. (CVE-2018-7320)\n>\n> wnpa-sec-2018-11. Pcapng file parser crash.\n>\n> wnpa-sec-2018-12. IPMI dissector crash.\n>\n> wnpa-sec-2018-13. SIGCOMP dissector crash.\n>\n> wnpa-sec-2018-14. NBAP dissector crash.\n", "id": "FreeBSD-2018-0072", "modified": "2018-03-04T00:00:00Z", "published": "2018-03-04T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://www.wireshark.org/security/" }, { "type": "WEB", "url": "https://www.wireshark.org/security/" }, { "type": "WEB", "url": "https://www.wireshark.org/security/wnpa-sec-2018-05.html" }, { "type": "WEB", "url": "https://www.wireshark.org/security/wnpa-sec-2018-06.html" }, { "type": "WEB", "url": "https://www.wireshark.org/security/wnpa-sec-2018-07.html" }, { "type": "WEB", "url": "https://www.wireshark.org/security/wnpa-sec-2018-08.html" }, { "type": "WEB", "url": "https://www.wireshark.org/security/wnpa-sec-2018-09.html" }, { "type": "WEB", "url": "https://www.wireshark.org/security/wnpa-sec-2018-10.html" }, { "type": "WEB", "url": "https://www.wireshark.org/security/wnpa-sec-2018-11.html" }, { "type": "WEB", "url": "https://www.wireshark.org/security/wnpa-sec-2018-12.html" }, { "type": "WEB", "url": "https://www.wireshark.org/security/wnpa-sec-2018-13.html" }, { "type": "WEB", "url": "https://www.wireshark.org/security/wnpa-sec-2018-14.html" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-7320" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-7321" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-7322" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-7323" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-7324" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-7325" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-7326" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-7327" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-7328" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-7329" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-7330" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-7331" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-7332" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-7333" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-7334" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-7335" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-7336" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-7337" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-7417" } ], "schema_version": "1.7.0", "summary": "wireshark -- multiple security issues" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "isc-dhcp44-server" }, "ranges": [ { "events": [ { "fixed": "4.4.1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "isc-dhcp44-client" }, "ranges": [ { "events": [ { "fixed": "4.4.1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "isc-dhcp43-server" }, "ranges": [ { "events": [ { "last_affected": "4.3.6" }, { "fixed": "4.3.6" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "isc-dhcp43-client" }, "ranges": [ { "events": [ { "last_affected": "4.3.6" }, { "fixed": "4.3.6" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://kb.isc.org/article/AA-01565", "https://kb.isc.org/article/AA-01567" ], "discovery": "2018-02-21T00:00:00Z", "references": { "cvename": [ "CVE-2018-5732", "CVE-2018-5733" ] }, "vid": "2040c7f5-1e3a-11e8-8ae9-0050569f0b83" }, "details": "ISC reports:\n\n> Failure to properly bounds check a buffer used for processing DHCP\n> options allows a malicious server (or an entity masquerading as a\n> server) to cause a buffer overflow (and resulting crash) in dhclient\n> by sending a response containing a specially constructed options\n> section.\n\n> A malicious client which is allowed to send very large amounts of\n> traffic (billions of packets) to a DHCP server can eventually overflow\n> a 32-bit reference counter, potentially causing dhcpd to crash.\n", "id": "FreeBSD-2018-0071", "modified": "2018-03-02T00:00:00Z", "published": "2018-03-02T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://kb.isc.org/article/AA-01565" }, { "type": "REPORT", "url": "https://kb.isc.org/article/AA-01567" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-5732" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-5733" }, { "type": "WEB", "url": "https://kb.isc.org/article/AA-01565" }, { "type": "WEB", "url": "https://kb.isc.org/article/AA-01567" } ], "schema_version": "1.7.0", "summary": "isc-dhcp -- Multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "libsndfile" }, "ranges": [ { "events": [ { "fixed": "1.0.28_2" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "linux-c6-libsndfile" }, "ranges": [ { "events": [ { "fixed": "1.0.28_2" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "linux-c7-libsndfile" }, "ranges": [ { "events": [ { "fixed": "1.0.28_2" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://github.com/erikd/libsndfile/issues/317", "https://github.com/erikd/libsndfile/issues/344" ], "discovery": "2017-09-11T00:00:00Z", "references": { "cvename": [ "CVE-2017-14245", "CVE-2017-14246", "CVE-2017-17456", "CVE-2017-17457" ] }, "vid": "30704aba-1da4-11e8-b6aa-4ccc6adda413" }, "details": "Xin-Jiang on Github reports:\n\n> CVE-2017-14245 (Medium): An out of bounds read in the function\n> d2alaw_array() in alaw.c of libsndfile 1.0.28 may lead to a remote DoS\n> attack or information disclosure, related to mishandling of the NAN\n> and INFINITY floating-point values.\n>\n> CVE-2017-14246 (Medium): An out of bounds read in the function\n> d2ulaw_array() in ulaw.c of libsndfile 1.0.28 may lead to a remote DoS\n> attack or information disclosure, related to mishandling of the NAN\n> and INFINITY floating-point values.\n\nmy123px on Github reports:\n\n> CVE-2017-17456 (Medium): The function d2alaw_array() in alaw.c of\n> libsndfile 1.0.29pre1 may lead to a remote DoS attack (SEGV on unknown\n> address 0x000000000000), a different vulnerability than\n> CVE-2017-14245.\n>\n> CVE-2017-17457 (Medium): The function d2ulaw_array() in ulaw.c of\n> libsndfile 1.0.29pre1 may lead to a remote DoS attack (SEGV on unknown\n> address 0x000000000000), a different vulnerability than\n> CVE-2017-14246.\n", "id": "FreeBSD-2018-0070", "modified": "2018-03-01T00:00:00Z", "published": "2018-03-01T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://github.com/erikd/libsndfile/issues/317" }, { "type": "REPORT", "url": "https://github.com/erikd/libsndfile/issues/344" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-14245" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-14246" }, { "type": "WEB", "url": "https://github.com/erikd/libsndfile/issues/317" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-17456" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-17457" }, { "type": "WEB", "url": "https://github.com/erikd/libsndfile/issues/344" } ], "schema_version": "1.7.0", "summary": "libsndfile -- out-of-bounds reads" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "libsndfile" }, "ranges": [ { "events": [ { "fixed": "1.0.28_2" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "linux-c6-libsndfile" }, "ranges": [ { "events": [ { "fixed": "1.0.28_2" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "linux-c7-libsndfile" }, "ranges": [ { "events": [ { "fixed": "1.0.28_2" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://blogs.gentoo.org/ago/2017/04/29/libsndfile-global-buffer-overflow-in-flac_buffer_copy-flac-c/", "https://blogs.gentoo.org/ago/2017/04/29/libsndfile-invalid-memory-read-in-flac_buffer_copy-flac-c/", "https://blogs.gentoo.org/ago/2017/04/29/libsndfile-heap-based-buffer-overflow-in-flac_buffer_copy-flac-c/", "https://blogs.gentoo.org/ago/2017/04/29/libsndfile-global-buffer-overflow-in-i2les_array-pcm-c/", "https://github.com/erikd/libsndfile/issues/292", "https://github.com/erikd/libsndfile/issues/318" ], "discovery": "2017-04-12T00:00:00Z", "references": { "cvename": [ "CVE-2017-8361", "CVE-2017-8362", "CVE-2017-8363", "CVE-2017-8365", "CVE-2017-12562", "CVE-2017-14634" ] }, "vid": "2b386075-1d9c-11e8-b6aa-4ccc6adda413" }, "details": "Agostino Sarubbo, Gentoo reports:\n\n> CVE-2017-8361 (Medium): The flac_buffer_copy function in flac.c in\n> libsndfile 1.0.28 allows remote attackers to cause a denial of service\n> (buffer overflow and application crash) or possibly have unspecified\n> other impact via a crafted audio file.\n\n> CVE-2017-8362 (Medium): The flac_buffer_copy function in flac.c in\n> libsndfile 1.0.28 allows remote attackers to cause a denial of service\n> (invalid read and application crash) via a crafted audio file.\n\n> CVE-2017-8363 (Medium): The flac_buffer_copy function in flac.c in\n> libsndfile 1.0.28 allows remote attackers to cause a denial of service\n> (heap-based buffer over-read and application crash) via a crafted\n> audio file.\n\n> CVE-2017-8365 (Medium): The i2les_array function in pcm.c in\n> libsndfile 1.0.28 allows remote attackers to cause a denial of service\n> (buffer over-read and application crash) via a crafted audio file.\n\nmanxorist on Github reports:\n\n> CVE-2017-12562 (High): Heap-based Buffer Overflow in the\n> psf_binheader_writef function in common.c in libsndfile through 1.0.28\n> allows remote attackers to cause a denial of service (application\n> crash) or possibly have unspecified other impact.\n\nXin-Jiang on Github reports:\n\n> CVE-2017-14634 (Medium): In libsndfile 1.0.28, a divide-by-zero error\n> exists in the function double64_init() in double64.c, which may lead\n> to DoS when playing a crafted audio file.\n", "id": "FreeBSD-2018-0069", "modified": "2018-03-01T00:00:00Z", "published": "2018-03-01T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://blogs.gentoo.org/ago/2017/04/29/libsndfile-global-buffer-overflow-in-flac_buffer_copy-flac-c/" }, { "type": "REPORT", "url": "https://blogs.gentoo.org/ago/2017/04/29/libsndfile-invalid-memory-read-in-flac_buffer_copy-flac-c/" }, { "type": "REPORT", "url": "https://blogs.gentoo.org/ago/2017/04/29/libsndfile-heap-based-buffer-overflow-in-flac_buffer_copy-flac-c/" }, { "type": "REPORT", "url": "https://blogs.gentoo.org/ago/2017/04/29/libsndfile-global-buffer-overflow-in-i2les_array-pcm-c/" }, { "type": "REPORT", "url": "https://github.com/erikd/libsndfile/issues/292" }, { "type": "REPORT", "url": "https://github.com/erikd/libsndfile/issues/318" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-8361" }, { "type": "WEB", "url": "https://blogs.gentoo.org/ago/2017/04/29/libsndfile-global-buffer-overflow-in-flac_buffer_copy-flac-c/" }, { "type": "WEB", "url": "https://github.com/erikd/libsndfile/issues/232" }, { "type": "WEB", "url": "https://github.com/erikd/libsndfile/commit/fd0484aba8e51d16af1e3a880f9b8b857b385eb3" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-8362" }, { "type": "WEB", "url": "https://blogs.gentoo.org/ago/2017/04/29/libsndfile-invalid-memory-read-in-flac_buffer_copy-flac-c/" }, { "type": "WEB", "url": "https://github.com/erikd/libsndfile/issues/231" }, { "type": "WEB", "url": "https://github.com/erikd/libsndfile/commit/ef1dbb2df1c0e741486646de40bd638a9c4cd808" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-8363" }, { "type": "WEB", "url": "https://blogs.gentoo.org/ago/2017/04/29/libsndfile-heap-based-buffer-overflow-in-flac_buffer_copy-flac-c/" }, { "type": "WEB", "url": "https://github.com/erikd/libsndfile/issues/233" }, { "type": "WEB", "url": "https://github.com/erikd/libsndfile/commit/fd0484aba8e51d16af1e3a880f9b8b857b385eb3" }, { "type": "WEB", "url": "https://github.com/erikd/libsndfile/commit/cd7da8dbf6ee4310d21d9e44b385d6797160d9e8" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-8365" }, { "type": "WEB", "url": "https://blogs.gentoo.org/ago/2017/04/29/libsndfile-global-buffer-overflow-in-i2les_array-pcm-c/" }, { "type": "WEB", "url": "https://github.com/erikd/libsndfile/issues/230" }, { "type": "WEB", "url": "https://github.com/erikd/libsndfile/commit/fd0484aba8e51d16af1e3a880f9b8b857b385eb3" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-12562" }, { "type": "WEB", "url": "https://github.com/erikd/libsndfile/issues/292/" }, { "type": "WEB", "url": "https://github.com/erikd/libsndfile/commit/cf7a8182c2642c50f1cf90dddea9ce96a8bad2e8" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-14634" }, { "type": "WEB", "url": "https://github.com/erikd/libsndfile/issues/318" }, { "type": "WEB", "url": "https://github.com/erikd/libsndfile/commit/85c877d5072866aadbe8ed0c3e0590fbb5e16788" } ], "schema_version": "1.7.0", "summary": "libsndfile -- multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "postgresql93-server" }, "ranges": [ { "events": [ { "introduced": "9.3.0" }, { "fixed": "9.3.22" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "postgresql94-server" }, "ranges": [ { "events": [ { "introduced": "9.4.0" }, { "fixed": "9.4.17" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "postgresql95-server" }, "ranges": [ { "events": [ { "introduced": "9.5.0" }, { "fixed": "9.5.12" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "postgresql96-server" }, "ranges": [ { "events": [ { "introduced": "9.6.0" }, { "fixed": "9.6.8" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "postgresql10-server" }, "ranges": [ { "events": [ { "introduced": "10.0" }, { "fixed": "10.3" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://www.postgresql.org/about/news/1834/" ], "discovery": "2018-03-01T00:00:00Z", "references": { "cvename": [ "CVE-2018-1058" ] }, "vid": "e3eeda2e-1d67-11e8-a2ec-6cc21735f730" }, "details": "The PostgreSQL project reports:\n\n> - CVE-2018-1058: Uncontrolled search path element in pg_dump and other\n> client applications\n", "id": "FreeBSD-2018-0068", "modified": "2018-03-01T00:00:00Z", "published": "2018-03-01T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://www.postgresql.org/about/news/1834/" }, { "type": "WEB", "url": "https://wiki.postgresql.org/wiki/A_Guide_to_CVE-2018-1058:_Protect_Your_Search_Path" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-1058" } ], "schema_version": "1.7.0", "summary": "PostgreSQL vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "strongswan" }, "ranges": [ { "events": [ { "introduced": "5.6.1" }, { "last_affected": "5.6.1" }, { "fixed": "5.6.1" } ], "type": "ECOSYSTEM" } ], "versions": [ "5.6.1" ] } ], "database_specific": { "cite": [ "https://github.com/strongswan/strongswan/blob/master/NEWS" ], "discovery": "2018-01-31T00:00:00Z", "references": { "cvename": [ "CVE-2018-6459" ] }, "vid": "6a449a37-1570-11e8-8e00-000c294a5758" }, "details": "Strongswan Release Notes reports:\n\n> Fixed a DoS vulnerability in the parser for PKCS#1 RSASSA-PSS\n> signatures that was caused by insufficient input validation. One of\n> the configurable parameters in algorithm identifier structures for\n> RSASSA-PSS signatures is the mask generation function (MGF). Only MGF1\n> is currently specified for this purpose. However, this in turn takes\n> itself a parameter that specifies the underlying hash function.\n> strongSwan\\'s parser did not correctly handle the case of this\n> parameter being absent, causing an undefined data read. his\n> vulnerability has been registered as CVE-2018-6459.\n", "id": "FreeBSD-2018-0067", "modified": "2018-02-19T00:00:00Z", "published": "2018-02-19T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://github.com/strongswan/strongswan/blob/master/NEWS" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-6459" }, { "type": "WEB", "url": "https://github.com/strongswan/strongswan/commit/40da179f28b768ffcf6ff7e2f68675eb44806668" } ], "schema_version": "1.7.0", "summary": "strongswan - Insufficient input validation in RSASSA-PSS signature parser" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "libsndfile" }, "ranges": [ { "events": [ { "fixed": "1.0.28_2" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "linux-c6-libsndfile" }, "ranges": [ { "events": [ { "fixed": "1.0.28_2" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "linux-c7-libsndfile" }, "ranges": [ { "events": [ { "fixed": "1.0.28_2" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://secuniaresearch.flexerasoftware.com/secunia_research/2017-13/" ], "discovery": "2017-05-23T00:00:00Z", "references": { "cvename": [ "CVE-2017-6892" ] }, "vid": "004debf9-1d16-11e8-b6aa-4ccc6adda413" }, "details": "Laurent Delosieres, Secunia Research at Flexera Software reports:\n\n> Secunia Research has discovered a vulnerability in libsndfile, which\n> can be exploited by malicious people to disclose potentially sensitive\n> information. The vulnerability is caused due to an error in the\n> \\\"aiff_read_chanmap()\\\" function (src/aiff.c), which can be exploited\n> to cause an out-of-bounds read memory access via a specially crafted\n> AIFF file. The vulnerability is confirmed in version 1.0.28. Other\n> versions may also be affected.\n", "id": "FreeBSD-2018-0066", "modified": "2018-03-01T00:00:00Z", "published": "2018-03-01T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://secuniaresearch.flexerasoftware.com/secunia_research/2017-13/" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-6892" }, { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-6892" }, { "type": "WEB", "url": "https://secuniaresearch.flexerasoftware.com/secunia_research/2017-13/" }, { "type": "WEB", "url": "https://github.com/erikd/libsndfile/commit/f833c53cb596e9e1792949f762e0b33661822748" } ], "schema_version": "1.7.0", "summary": "libsndfile -- out-of-bounds read memory access" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "FreeBSD" }, "ranges": [ { "events": [ { "introduced": "11.1" }, { "fixed": "11.1_7" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "10.4" }, { "fixed": "10.4_6" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "10.3" }, { "fixed": "10.3_27" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "ntp" }, "ranges": [ { "events": [ { "fixed": "4.2.8p11" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "ntp-devel" }, "ranges": [ { "events": [ { "introduced": "0,1" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "http://support.ntp.org/bin/view/Main/SecurityNotice#February_2018_ntp_4_2_8p11_NTP_S" ], "discovery": "2018-02-27T00:00:00Z", "references": { "cvename": [ "CVE-2016-1549", "CVE-2018-7182", "CVE-2018-7170", "CVE-2018-7184", "CVE-2018-7185", "CVE-2018-7183" ], "freebsdsa": [ "SA-18:02.ntp" ] }, "vid": "af485ef4-1c58-11e8-8477-d05099c0ae8c" }, "details": "Network Time Foundation reports:\n\n> The NTP Project at Network Time Foundation is releasing ntp-4.2.8p11.\n>\n> This release addresses five security issues in ntpd:\n>\n> - LOW/MEDIUM: Sec 3012 / CVE-2016-1549 / VU#961909: Sybil\n> vulnerability: ephemeral association attack\n> - INFO/MEDIUM: Sec 3412 / CVE-2018-7182 / VU#961909: ctl_getitem():\n> buffer read overrun leads to undefined behavior and information leak\n> - LOW: Sec 3415 / CVE-2018-7170 / VU#961909: Multiple authenticated\n> ephemeral associations\n> - LOW: Sec 3453 / CVE-2018-7184 / VU#961909: Interleaved symmetric\n> mode cannot recover from bad state\n> - LOW/MEDIUM: Sec 3454 / CVE-2018-7185 / VU#961909: Unauthenticated\n> packet can reset authenticated interleaved association\n>\n> one security issue in ntpq:\n>\n> - MEDIUM: Sec 3414 / CVE-2018-7183 / VU#961909: ntpq:decodearr() can\n> write beyond its buffer limit\n>\n> and provides over 33 bugfixes and 32 other improvements.\n", "id": "FreeBSD-2018-0065", "modified": "2018-03-14T00:00:00Z", "published": "2018-02-28T00:00:00Z", "references": [ { "type": "REPORT", "url": "http://support.ntp.org/bin/view/Main/SecurityNotice#February_2018_ntp_4_2_8p11_NTP_S" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2016-1549" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-7182" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-7170" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-7184" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-7185" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-7183" }, { "type": "ADVISORY", "url": "https://www.freebsd.org/security/advisories/FreeBSD-SA-18:02.ntp.asc" }, { "type": "WEB", "url": "http://support.ntp.org/bin/view/Main/SecurityNotice#February_2018_ntp_4_2_8p11_NTP_S" } ], "schema_version": "1.7.0", "summary": "ntp -- multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "chromium" }, "ranges": [ { "events": [ { "fixed": "64.0.3282.167" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://chromereleases.googleblog.com/2018/02/stable-channel-update-for-desktop_13.html" ], "discovery": "2018-01-26T00:00:00Z", "references": { "cvename": [ "CVE-2018-6056" ] }, "vid": "abfc932e-1ba8-11e8-a944-54ee754af08e" }, "details": "Google Chrome Releases reports:\n\n> 1 security fix in this release:\n>\n> - \\[806388\\] High CVE-2018-6056: Incorrect derived class instantiation\n> in V8. Reported by lokihardt of Google Project Zero on 2018-01-26\n", "id": "FreeBSD-2018-0064", "modified": "2018-02-27T00:00:00Z", "published": "2018-02-27T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://chromereleases.googleblog.com/2018/02/stable-channel-update-for-desktop_13.html" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-6056" }, { "type": "WEB", "url": "https://chromereleases.googleblog.com/2018/02/stable-channel-update-for-desktop_13.html" } ], "schema_version": "1.7.0", "summary": "chromium -- vulnerability" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "chromium" }, "ranges": [ { "events": [ { "fixed": "64.0.3282.119" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://chromereleases.googleblog.com/2018/01/stable-channel-update-for-desktop_24.html" ], "discovery": "2017-08-09T00:00:00Z", "references": { "cvename": [ "CVE-2018-6031", "CVE-2018-6032", "CVE-2018-6033", "CVE-2018-6034", "CVE-2018-6035", "CVE-2018-6036", "CVE-2018-6037", "CVE-2018-6038", "CVE-2018-6039", "CVE-2018-6040", "CVE-2018-6041", "CVE-2018-6042", "CVE-2018-6043", "CVE-2018-6045", "CVE-2018-6046", "CVE-2018-6047", "CVE-2018-6048", "CVE-2017-15420", "CVE-2018-6049", "CVE-2018-6050", "CVE-2018-6051", "CVE-2018-6052", "CVE-2018-6053", "CVE-2018-6054" ] }, "vid": "8e986b2b-1baa-11e8-a944-54ee754af08e" }, "details": "Google Chrome Releases reports:\n\n> Several security fixes in this release, including:\n>\n> - \\[780450\\] High CVE-2018-6031: Use after free in PDFium. Reported by\n> Anonymous on 2017-11-01\n> - \\[787103\\] High CVE-2018-6032: Same origin bypass in Shared Worker.\n> Reported by Jun Kokatsu (@shhnjk) on 2017-11-20\n> - \\[793620\\] High CVE-2018-6033: Race when opening downloaded files.\n> Reported by Juho Nurminen on 2017-12-09\n> - \\[784183\\] Medium CVE-2018-6034: Integer overflow in Blink. Reported\n> by Tobias Klein (www.trapkit.de) on 2017-11-12\n> - \\[797500\\] Medium CVE-2018-6035: Insufficient isolation of devtools\n> from extensions. Reported by Rob Wu on 2017-12-23\n> - \\[797500\\] Medium CVE-2018-6035: Insufficient isolation of devtools\n> from extensions. Reported by Rob Wu on 2017-12-23\n> - \\[753645\\] Medium CVE-2018-6037: Insufficient user gesture\n> requirements in autofill. Reported by Paul Stone of Context\n> Information Security on 2017-08-09\n> - \\[774174\\] Medium CVE-2018-6038: Heap buffer overflow in WebGL.\n> Reported by cloudfuzzer on 2017-10-12\n> - \\[775527\\] Medium CVE-2018-6039: XSS in DevTools. Reported by Juho\n> Nurminen on 2017-10-17\n> - \\[778658\\] Medium CVE-2018-6040: Content security policy bypass.\n> Reported by WenXu Wu of Tencent\\'s Xuanwu Lab on 2017-10-26\n> - \\[760342\\] Medium CVE-2018-6041: URL spoof in Navigation. Reported\n> by Luan Herrera on 2017-08-29\n> - \\[773930\\] Medium CVE-2018-6042: URL spoof in OmniBox. Reported by\n> Khalil Zhani on 2017-10-12\n> - \\[785809\\] Medium CVE-2018-6043: Insufficient escaping with external\n> URL handlers. Reported by 0x09AL on 2017-11-16\n> - \\[797497\\] Medium CVE-2018-6045: Insufficient isolation of devtools\n> from extensions. Reported by Rob Wu on 2017-12-23\n> - \\[798163\\] Medium CVE-2018-6046: Insufficient isolation of devtools\n> from extensions. Reported by Rob Wu on 2017-12-31\n> - \\[799847\\] Medium CVE-2018-6047: Cross origin URL leak in WebGL.\n> Reported by Masato Kinugawa on 2018-01-08\n> - \\[763194\\] Low CVE-2018-6048: Referrer policy bypass in Blink.\n> Reported by Jun Kokatsu (@shhnjk) on 2017-09-08\n> - \\[771848\\] Low CVE-2017-15420: URL spoofing in Omnibox. Reported by\n> Drew Springall (@\\_aaspring\\_) on 2017-10-05\n> - \\[774438\\] Low CVE-2018-6049: UI spoof in Permissions. Reported by\n> WenXu Wu of Tencent\\'s Xuanwu Lab on 2017-10-13\n> - \\[774842\\] Low CVE-2018-6050: URL spoof in OmniBox. Reported by\n> Jonathan Kew on 2017-10-15\n> - \\[441275\\] Low CVE-2018-6051: Referrer leak in XSS Auditor. Reported\n> by Antonio Sanso (@asanso) on 2014-12-11\n> - \\[615608\\] Low CVE-2018-6052: Incomplete no-referrer policy\n> implementation. Reported by Tanner Emek on 2016-05-28\n> - \\[758169\\] Low CVE-2018-6053: Leak of page thumbnails in New Tab\n> Page. Reported by Asset Kabdenov on 2017-08-23\n> - \\[797511\\] Low CVE-2018-6054: Use after free in WebUI. Reported by\n> Rob Wu on 2017-12-24\n", "id": "FreeBSD-2018-0063", "modified": "2018-02-27T00:00:00Z", "published": "2018-02-27T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://chromereleases.googleblog.com/2018/01/stable-channel-update-for-desktop_24.html" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-6031" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-6032" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-6033" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-6034" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-6035" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-6036" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-6037" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-6038" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-6039" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-6040" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-6041" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-6042" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-6043" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-6045" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-6046" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-6047" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-6048" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-15420" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-6049" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-6050" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-6051" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-6052" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-6053" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-6054" }, { "type": "WEB", "url": "https://chromereleases.googleblog.com/2018/01/stable-channel-update-for-desktop_24.html" } ], "schema_version": "1.7.0", "summary": "chromium -- multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "tomcat" }, "ranges": [ { "events": [ { "introduced": "7.0.0" }, { "last_affected": "7.0.84" }, { "fixed": "7.0.84" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "8.0.0" }, { "last_affected": "8.0.49" }, { "fixed": "8.0.49" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "8.5.0" }, { "last_affected": "8.5.27" }, { "fixed": "8.5.27" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "9.0.0" }, { "last_affected": "9.0.4" }, { "fixed": "9.0.4" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://lists.apache.org/thread.html/d3354bb0a4eda4acc0a66f3eb24a213fdb75d12c7d16060b23e65781@%3Cannounce.tomcat.apache.org%3E", "https://lists.apache.org/thread.html/b1d7e2425d6fd2cebed40d318f9365b44546077e10949b01b1f8a0fb@%3Cannounce.tomcat.apache.org%3E" ], "discovery": "2018-02-23T00:00:00Z", "references": { "cvename": [ "CVE-2018-1304", "CVE-2018-1305" ] }, "vid": "55c4233e-1844-11e8-a712-0025908740c2" }, "details": "The Apache Software Foundation reports:\n\n> Security constraints defined by annotations of Servlets were only\n> applied once a Servlet had been loaded. Because security constraints\n> defined in this way apply to the URL pattern and any URLs below that\n> point, it was possible - depending on the order Servlets were loaded -\n> for some security constraints not to be applied. This could have\n> exposed resources to users who were not authorised to access them.\n\n> The URL pattern of \\\"\\\" (the empty string) which exactly maps to the\n> context root was not correctly handled when used as part of a security\n> constraint definition. This caused the constraint to be ignored. It\n> was, therefore, possible for unauthorised users to gain access to web\n> application resources that should have been protected. Only security\n> constraints with a URL pattern of the empty string were affected.\n", "id": "FreeBSD-2018-0062", "modified": "2018-02-23T00:00:00Z", "published": "2018-02-23T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://lists.apache.org/thread.html/d3354bb0a4eda4acc0a66f3eb24a213fdb75d12c7d16060b23e65781@%3Cannounce.tomcat.apache.org%3E" }, { "type": "REPORT", "url": "https://lists.apache.org/thread.html/b1d7e2425d6fd2cebed40d318f9365b44546077e10949b01b1f8a0fb@%3Cannounce.tomcat.apache.org%3E" }, { "type": "WEB", "url": "http://tomcat.apache.org/security-9.html" }, { "type": "WEB", "url": "http://tomcat.apache.org/security-8.html" }, { "type": "WEB", "url": "http://tomcat.apache.org/security-7.html" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-1304" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-1305" } ], "schema_version": "1.7.0", "summary": "tomcat -- Security constraints ignored or applied too late" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "xmltooling" }, "ranges": [ { "events": [ { "fixed": "1.6.4" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "xerces-c3" }, "ranges": [ { "events": [ { "fixed": "3.1.4" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://shibboleth.net/community/advisories/secadv_20180227.txt" ], "discovery": "2018-02-27T00:00:00Z", "references": { "cvename": [ "CVE-2018-0489" ] }, "vid": "22438240-1bd0-11e8-a2ec-6cc21735f730" }, "details": "Shibboleth consortium reports:\n\n> Shibboleth SP software vulnerable to additional data forgery flaws\n>\n> The XML processing performed by the Service Provider software has been\n> found to be vulnerable to new flaws similar in nature to the one\n> addressed in an advisory last month.\n>\n> These bugs involve the use of other XML constructs rather than entity\n> references, and therefore required additional mitigation once\n> discovered. As with the previous issue, this flaw allows for changes\n> to an XML document that do not break a digital signature but can alter\n> the user data passed through to applications behind the SP and result\n> in impersonation attacks and exposure of protected information.\n>\n> As before, the use of XML Encryption is a significant mitigation, but\n> we have not dismissed the possibility that attacks on the Response\n> \\\"envelope\\\" may be possible, in both the original and this new case.\n> No actual attacks of this nature are known, so deployers should\n> prioritize patching systems that expect to handle unencrypted SAML\n> assertions.\n>\n> An updated version of XMLTooling-C (V1.6.4) is available that protects\n> against these new attacks, and should help prevent similar\n> vulnerabilities in the future.\n>\n> Unlike the previous case, these bugs are NOT prevented by any existing\n> Xerces-C parser version on any platform and cannot be addressed by any\n> means other than the updated XMLTooling-C library.\n>\n> The Service Provider software relies on a generic XML parser to\n> process SAML responses and there are limitations in older versions of\n> the parser that make it impossible to fully disable Document Type\n> Definition (DTD) processing.\n>\n> Through addition/manipulation of a DTD, it\\'s possible to make changes\n> to an XML document that do not break a digital signature but are\n> mishandled by the SP and its libraries. These manipulations can alter\n> the user data passed through to applications behind the SP and result\n> in impersonation attacks and exposure of protected information.\n>\n> While newer versions of the xerces-c3 parser are configured by the SP\n> into disallowing the use of a DTD via an environment variable, this\n> feature is not present in the xerces-c3 parser before version 3.1.4,\n> so an additional fix is being provided now that an actual DTD exploit\n> has been identified. Xerces-c3-3.1.4 was committed to the ports tree\n> already on 2016-07-26.\n", "id": "FreeBSD-2018-0061", "modified": "2018-02-27T00:00:00Z", "published": "2018-02-27T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://shibboleth.net/community/advisories/secadv_20180227.txt" }, { "type": "WEB", "url": "https://shibboleth.net/community/advisories/secadv_20180227.txt" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-0489" } ], "schema_version": "1.7.0", "summary": "shibboleth-sp -- vulnerable to forged user attribute data" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "drupal7" }, "ranges": [ { "events": [ { "fixed": "7.56" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "drupal8" }, "ranges": [ { "events": [ { "fixed": "8.4.4" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://www.drupal.org/SA-CORE-2018-001" ], "discovery": "2018-02-21T00:00:00Z", "references": { "cvename": [ "CVE-2017-6926", "CVE-2017-6927", "CVE-2017-6928", "CVE-2017-6929", "CVE-2017-6930", "CVE-2017-6931", "CVE-2017-6932" ] }, "vid": "57580fcc-1a61-11e8-97e0-00e04c1ea73d" }, "details": "Drupal Security Team reports:\n\n> CVE-2017-6926: Comment reply form allows access to restricted content\n>\n> CVE-2017-6927: JavaScript cross-site scripting prevention is\n> incomplete\n>\n> CVE-2017-6928: Private file access bypass - Moderately Critical\n>\n> CVE-2017-6929: jQuery vulnerability with untrusted domains -\n> Moderately Critical\n>\n> CVE-2017-6930: Language fallback can be incorrect on multilingual\n> sites with node access restrictions\n>\n> CVE-2017-6931: Settings Tray access bypass\n>\n> CVE-2017-6932: External link injection on 404 pages when linking to\n> the current page\n", "id": "FreeBSD-2018-0060", "modified": "2018-02-25T00:00:00Z", "published": "2018-02-25T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://www.drupal.org/SA-CORE-2018-001" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-6926" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-6927" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-6928" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-6929" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-6930" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-6931" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-6932" } ], "schema_version": "1.7.0", "summary": "drupal -- Drupal Core - Multiple Vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "cvs" }, "ranges": [ { "events": [ { "fixed": "1.20120905_5" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "http://lists.nongnu.org/archive/html/bug-cvs/2017-08/msg00000.html" ], "discovery": "2017-08-10T00:00:00Z", "references": { "cvename": [ "CVE-2017-12836" ], "freebsdpr": [ "ports/226088" ] }, "vid": "d9fe59ea-1940-11e8-9eb8-5404a68ad561" }, "details": "Hank Leininger reports:\n\n> Bugs in Git, Subversion, and Mercurial were just announced and patched\n> which allowed arbitrary local command execution if a malicious name\n> was used for the remote server, such as starting with - to pass\n> options to the ssh client: git clone\n> ssh://-oProxyCommand=some-command\\... CVS has a similar problem with\n> the -d option:\n>\n> Tested vanilla CVS 1.12.13, and Gentoo CVS 1.12.12-r11.\n", "id": "FreeBSD-2018-0059", "modified": "2018-02-24T00:00:00Z", "published": "2018-02-24T00:00:00Z", "references": [ { "type": "REPORT", "url": "http://lists.nongnu.org/archive/html/bug-cvs/2017-08/msg00000.html" }, { "type": "WEB", "url": "http://lists.nongnu.org/archive/html/bug-cvs/2017-08/msg00000.html" }, { "type": "WEB", "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=871810#10" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-12836" }, { "type": "REPORT", "url": "https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=226088" } ], "schema_version": "1.7.0", "summary": "cvs -- Remote code execution via ssh command injection" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "libreoffice" }, "ranges": [ { "events": [ { "fixed": "5.4.5" }, { "introduced": "0" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "6.0.0" }, { "fixed": "6.0.1" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://www.libreoffice.org/about-us/security/advisories/cve-2018-1055/" ], "discovery": "2018-02-09T00:00:00Z", "references": { "cvename": [ "CVE-2018-6871" ], "freebsdpr": [ "ports/225797" ] }, "vid": "289269f1-0def-11e8-99b0-d017c2987f9a" }, "details": "LibreOffice reports:\n\n> LibreOffice Calc supports a WEBSERVICE function to obtain data by URL.\n> Vulnerable versions of LibreOffice allow WEBSERVICE to take a local\n> file URL (e.g file://) which can be used to inject local files into\n> the spreadsheet without warning the user. Subsequent formulas can\n> operate on that inserted data and construct a remote URL whose path\n> leaks the local data to a remote attacker.\n>\n> In later versions of LibreOffice without this flaw, WEBSERVICE has now\n> been limited to accessing http and https URLs along with bringing\n> WEBSERVICE URLs under LibreOffice Calc\\'s link management\n> infrastructure.\n>\n> **Note:** This vulnerability has been identified upstream as\n> CVE-2018-1055, but NVD/Mitre are advising it\\'s a reservation\n> duplicate of CVE-2018-6871 which should be used instead.\n", "id": "FreeBSD-2018-0058", "modified": "2018-02-23T00:00:00Z", "published": "2018-02-23T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://www.libreoffice.org/about-us/security/advisories/cve-2018-1055/" }, { "type": "WEB", "url": "https://www.libreoffice.org/about-us/security/advisories/cve-2018-1055/" }, { "type": "WEB", "url": "https://github.com/jollheef/libreoffice-remote-arbitrary-file-disclosure" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-6871" }, { "type": "REPORT", "url": "https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=225797" } ], "schema_version": "1.7.0", "summary": "LibreOffice -- Remote arbitrary file disclosure vulnerability via WEBSERVICE formula" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "squid" }, "ranges": [ { "events": [ { "fixed": "3.5.27_3" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "squid-devel" }, "ranges": [ { "events": [ { "fixed": "4.0.23" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "http://www.squid-cache.org/Advisories/SQUID-2018_1.txt", "http://www.squid-cache.org/Advisories/SQUID-2018_2.txt" ], "discovery": "2017-12-13T00:00:00Z", "references": { "cvename": [ "CVE-2018-1000024", "CVE-2018-1000027" ], "freebsdpr": [ "ports/226138" ] }, "vid": "d5b6d151-1887-11e8-94f7-9c5c8e75236a" }, "details": "Louis Dion-Marcil reports:\n\n> Due to incorrect pointer handling Squid is vulnerable to denial of\n> service attack when processing ESI responses.\n>\n> This problem allows a remote server delivering certain ESI response\n> syntax to trigger a denial of service for all clients accessing the\n> Squid service.\n>\n> Due to unrelated changes Squid-3.5 has become vulnerable to some\n> regular ESI server responses also triggering this issue.\n>\n> This problem is limited to the Squid custom ESI parser. Squid built to\n> use libxml2 or libexpat XML parsers do not have this problem.\n\n> Due to incorrect pointer handling Squid is vulnerable to denial of\n> service attack when processing ESI responses or downloading\n> intermediate CA certificates.\n>\n> This problem allows a remote client delivering certain HTTP requests\n> in conjunction with certain trusted server responses to trigger a\n> denial of service for all clients accessing the Squid service.\n", "id": "FreeBSD-2018-0057", "modified": "2018-02-23T00:00:00Z", "published": "2018-02-23T00:00:00Z", "references": [ { "type": "REPORT", "url": "http://www.squid-cache.org/Advisories/SQUID-2018_1.txt" }, { "type": "REPORT", "url": "http://www.squid-cache.org/Advisories/SQUID-2018_2.txt" }, { "type": "WEB", "url": "http://www.squid-cache.org/Advisories/SQUID-2018_1.txt" }, { "type": "WEB", "url": "http://www.squid-cache.org/Advisories/SQUID-2018_2.txt" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-1000024" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-1000027" }, { "type": "ADVISORY", "url": "https://www.debian.org/security/2018/dsa-4122" }, { "type": "REPORT", "url": "https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=226138" } ], "schema_version": "1.7.0", "summary": "squid -- Vulnerable to Denial of Service attack" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "asterisk13" }, "ranges": [ { "events": [ { "fixed": "13.19.2" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "http://www.asterisk.org/downloads/security-advisories" ], "discovery": "2018-02-21T00:00:00Z", "references": { "cvename": [ "CVE-2018-7284", "CVE-2018-7286" ] }, "vid": "933654ce-17b8-11e8-90b8-001999f8d30b" }, "details": "The Asterisk project reports:\n\n> AST-2018-004 - When processing a SUBSCRIBE request the\n> res_pjsip_pubsub module stores the accepted formats present in the\n> Accept headers of the request. This code did not limit the number of\n> headers it processed despite having a fixed limit of 32. If more than\n> 32 Accept headers were present the code would write outside of its\n> memory and cause a crash.\n>\n> AST-2018-005 - A crash occurs when a number of authenticated INVITE\n> messages are sent over TCP or TLS and then the connection is suddenly\n> closed. This issue leads to a segmentation fault.\n", "id": "FreeBSD-2018-0056", "modified": "2018-06-12T00:00:00Z", "published": "2018-02-22T00:00:00Z", "references": [ { "type": "REPORT", "url": "http://www.asterisk.org/downloads/security-advisories" }, { "type": "WEB", "url": "https://downloads.asterisk.org/pub/security/AST-2018-004.html" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-7284" }, { "type": "WEB", "url": "https://downloads.asterisk.org/pub/security/AST-2018-005.html" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-7286" } ], "schema_version": "1.7.0", "summary": "asterisk -- multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "asterisk13" }, "ranges": [ { "events": [ { "fixed": "13.19.2" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "pjsip" }, "ranges": [ { "events": [ { "fixed": "2.7.2" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "pjsip-extsrtp" }, "ranges": [ { "events": [ { "fixed": "2.7.2" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://www.asterisk.org/downloads/security-advisories" ], "discovery": "2018-02-21T00:00:00Z", "vid": "f9f5c5a2-17b5-11e8-90b8-001999f8d30b" }, "details": "The Asterisk project reports:\n\n> AST-2018-002 - By crafting an SDP message with an invalid media format\n> description Asterisk crashes when using the pjsip channel driver\n> because pjproject\\'s sdp parsing algorithm fails to catch the invalid\n> media format description.\n>\n> AST-2018-003 - By crafting an SDP message body with an invalid fmtp\n> attribute Asterisk crashes when using the pjsip channel driver because\n> pjproject\\'s fmtp retrieval function fails to check if fmtp value is\n> empty (set empty if previously parsed as invalid).\n", "id": "FreeBSD-2018-0055", "modified": "2018-02-22T00:00:00Z", "published": "2018-02-22T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://www.asterisk.org/downloads/security-advisories" }, { "type": "WEB", "url": "https://downloads.asterisk.org/pub/security/AST-2018-002.html" }, { "type": "WEB", "url": "https://downloads.asterisk.org/pub/security/AST-2018-003.html" } ], "schema_version": "1.7.0", "summary": "asterisk and pjsip -- multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "phpMyAdmin" }, "ranges": [ { "events": [ { "introduced": "4.7.0" }, { "fixed": "4.7.8" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://www.phpmyadmin.net/security/PMASA-2018-1/" ], "discovery": "2018-02-21T00:00:00Z", "references": { "cvename": [ "CVE-2018-7260" ] }, "vid": "261ca31c-179f-11e8-b8b9-6805ca0b3d42" }, "details": "The phpMyAdmin team reports:\n\n> ### Summary\n>\n> Self XSS in central columns feature\n>\n> ### Description\n>\n> A self-cross site scripting (XSS) vulnerability has been reported\n> relating to the central columns feature.\n>\n> ### Severity\n>\n> We consider this vulnerability to be of moderate severity.\n>\n> ### Mitigation factor\n>\n> A valid token must be used in the attack\n", "id": "FreeBSD-2018-0054", "modified": "2018-02-22T00:00:00Z", "published": "2018-02-22T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://www.phpmyadmin.net/security/PMASA-2018-1/" }, { "type": "WEB", "url": "https://www.phpmyadmin.net/security/PMASA-2018-1/" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-7260" } ], "schema_version": "1.7.0", "summary": "phpMyAdmin -- self XSS in central columns feature" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "gitlab" }, "ranges": [ { "events": [ { "introduced": "6.1.0" }, { "last_affected": "10.2.7" }, { "fixed": "10.2.7" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "10.3.0" }, { "last_affected": "10.3.6" }, { "fixed": "10.3.6" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "10.4.0" }, { "last_affected": "10.4.2" }, { "fixed": "10.4.2" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://about.gitlab.com/2018/02/07/gitlab-security-10-4-3-plus-10-3-7-plus-10-2-8-blog/" ], "discovery": "2018-02-07T00:00:00Z", "vid": "86291013-16e6-11e8-ae9f-d43d7e971a1b" }, "details": "GitLab reports:\n\n> # SnippetFinder information disclosure\n>\n> The GitLab SnippetFinder component contained an information disclosure\n> which allowed access to snippets restricted to Only team members or\n> configured as disabled. The issue is now resolved in the latest\n> version.\n>\n> # LDAP API authorization issue\n>\n> An LDAP API endpoint contained an authorization vulnerability which\n> unintentionally disclosed bulk LDAP groups data. This issue is now\n> fixed in the latest release.\n>\n> # Persistent XSS mermaid markdown\n>\n> The mermaid markdown feature contained a persistent XSS issue that is\n> now resolved in the latest release.\n>\n> # Insecure direct object reference Todo API\n>\n> The Todo API was vulnerable to an insecure direct object reference\n> issue which resulted in an information disclosure of confidential\n> data.\n>\n> # GitHub import access control issue\n>\n> An improper access control weakness issue was discovered in the GitHub\n> import feature. The issue allowed an attacker to create projects under\n> other accounts which they shouldn\\'t have access to. The issue is now\n> resolved in the latest version.\n>\n> # Protected variables information disclosure\n>\n> The CI jobs protected tag feature contained a vulnerability which\n> resulted in an information disclosure of protected variables. The\n> issue is now resolved in the latest release.\n", "id": "FreeBSD-2018-0053", "modified": "2018-02-21T00:00:00Z", "published": "2018-02-21T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://about.gitlab.com/2018/02/07/gitlab-security-10-4-3-plus-10-3-7-plus-10-2-8-blog/" }, { "type": "WEB", "url": "https://about.gitlab.com/2018/02/07/gitlab-security-10-4-3-plus-10-3-7-plus-10-2-8-blog/" } ], "schema_version": "1.7.0", "summary": "GitLab -- multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "irssi" }, "ranges": [ { "events": [ { "fixed": "1.1.1,1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://irssi.org/security/irssi_sa_2018_02.txt" ], "discovery": "2018-02-15T00:00:00Z", "references": { "cvename": [ "CVE-2018-7054", "CVE-2018-7053", "CVE-2018-7052", "CVE-2018-7051", "CVE-2018-7050" ], "freebsdpr": [ "ports/226001" ] }, "vid": "7afc5e56-156d-11e8-95f2-005056925db4" }, "details": "Irssi reports:\n\n> Use after free when server is disconnected during netsplits. Found by\n> Joseph Bisch.\n>\n> Use after free when SASL messages are received in unexpected order.\n> Found by Joseph Bisch.\n>\n> Null pointer dereference when an \"empty\" nick has been observed by\n> Irssi. Found by Joseph Bisch.\n>\n> When the number of windows exceed the available space, Irssi would\n> crash due to Null pointer dereference. Found by Joseph Bisch.\n>\n> Certain nick names could result in out of bounds access when printing\n> theme strings. Found by Oss-Fuzz.\n", "id": "FreeBSD-2018-0052", "modified": "2018-02-22T00:00:00Z", "published": "2018-02-19T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://irssi.org/security/irssi_sa_2018_02.txt" }, { "type": "WEB", "url": "https://irssi.org/security/irssi_sa_2018_02.txt" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-7054" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-7053" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-7052" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-7051" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-7050" }, { "type": "REPORT", "url": "https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=226001" } ], "schema_version": "1.7.0", "summary": "irssi -- multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "p5-Mojolicious" }, "ranges": [ { "events": [ { "fixed": "7.66" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://github.com/kraih/mojo/commit/c16a56a9d6575ddc53d15e76d58f0ebcb0eeb149" ], "discovery": "2018-01-31T00:00:00Z", "vid": "a183acb5-1414-11e8-9542-002590acae31" }, "details": "Upstream commit:\n\n> Vulnerabilities existed in cookie handling.\n", "id": "FreeBSD-2018-0051", "modified": "2018-02-17T00:00:00Z", "published": "2018-02-17T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://github.com/kraih/mojo/commit/c16a56a9d6575ddc53d15e76d58f0ebcb0eeb149" }, { "type": "WEB", "url": "https://github.com/kraih/mojo/issues/1185" } ], "schema_version": "1.7.0", "summary": "p5-Mojolicious -- cookie-handling vulnerability" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "bugzilla44" }, "ranges": [ { "events": [ { "fixed": "4.4.13" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "bugzilla50" }, "ranges": [ { "events": [ { "fixed": "5.0.4" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://www.bugzilla.org/security/4.4.12/" ], "discovery": "2018-02-16T00:00:00Z", "references": { "cvename": [ "CVE-2018-5123" ] }, "vid": "22283b8c-13c5-11e8-a861-20cf30e32f6d" }, "details": "Bugzilla Security Advisory\n\n> A CSRF vulnerability in report.cgi would allow a third-party site to\n> extract confidential information from a bug the victim had access to.\n", "id": "FreeBSD-2018-0050", "modified": "2018-02-16T00:00:00Z", "published": "2018-02-16T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://www.bugzilla.org/security/4.4.12/" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-5123" }, { "type": "REPORT", "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1433400" } ], "schema_version": "1.7.0", "summary": "Bugzilla security issues" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "bro" }, "ranges": [ { "events": [ { "fixed": "2.5.3" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "http://blog.bro.org/2018/02/bro-253-released-security-update.html" ], "discovery": "2018-02-14T00:00:00Z", "vid": "044cff62-ed8b-4e72-b102-18a7d58a669f" }, "details": "Philippe Antoine of Catena cyber:\n\n> This is a security release that fixes an integer overflow in code\n> generated by binpac. This issue can be used by remote attackers to\n> crash Bro (i.e. a DoS attack). There also is a possibility this can be\n> exploited in other ways. (CVE pending.)\n", "id": "FreeBSD-2018-0049", "modified": "2018-02-16T00:00:00Z", "published": "2018-02-16T00:00:00Z", "references": [ { "type": "REPORT", "url": "http://blog.bro.org/2018/02/bro-253-released-security-update.html" }, { "type": "WEB", "url": "http://blog.bro.org/2018/02/bro-253-released-security-update.html" } ], "schema_version": "1.7.0", "summary": "bro -- integer overflow allows remote DOS" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "consul" }, "ranges": [ { "events": [ { "fixed": "1.0.5" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://github.com/hashicorp/consul/issues/3859" ], "discovery": "2018-01-17T00:00:00Z", "references": { "cvename": [ "CVE-2017-15133" ] }, "vid": "ad2eeab6-ca68-4f06-9325-1937b237df60" }, "details": "Consul developers report:\n\n> A flaw was found in the embedded DNS library used in consul which may\n> allow a denial of service attack. Consul was updated to include the\n> fixed version.\n", "id": "FreeBSD-2018-0048", "modified": "2018-02-16T00:00:00Z", "published": "2018-02-16T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://github.com/hashicorp/consul/issues/3859" }, { "type": "WEB", "url": "https://github.com/hashicorp/consul/issues/3859" }, { "type": "WEB", "url": "https://github.com/hashicorp/consul/blob/master/CHANGELOG.md#105-february-7-2018" }, { "type": "WEB", "url": "https://github.com/miekg/dns/pull/631" }, { "type": "WEB", "url": "https://github.com/miekg/dns/issues/627" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-15133" } ], "schema_version": "1.7.0", "summary": "consul -- vulnerability in embedded DNS library" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "bro" }, "ranges": [ { "events": [ { "fixed": "2.5.2" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-1000458" ], "discovery": "2017-10-16T00:00:00Z", "vid": "746d04dc-507e-4450-911f-4c41e48bb07a" }, "details": "Frank Meier:\n\n> Bro before Bro v2.5.2 is vulnerable to an out of bounds write in the\n> ContentLine analyzer allowing remote attackers to cause a denial of\n> service (crash) and possibly other exploitation.\n", "id": "FreeBSD-2018-0047", "modified": "2018-02-16T00:00:00Z", "published": "2018-02-16T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-1000458" }, { "type": "WEB", "url": "http://blog.bro.org/2017/10/bro-252-242-release-security-update.html" } ], "schema_version": "1.7.0", "summary": "bro -- out of bounds write allows remote DOS" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "quagga" }, "ranges": [ { "events": [ { "fixed": "1.2.3" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://www.quagga.net/security/Quagga-2018-0543.txt", "https://www.quagga.net/security/Quagga-2018-1114.txt", "https://www.quagga.net/security/Quagga-2018-1550.txt", "https://www.quagga.net/security/Quagga-2018-1975.txt" ], "discovery": "2018-01-31T00:00:00Z", "references": { "cvename": [ "CVE-2018-5378", "CVE-2018-5379", "CVE-2018-5380", "CVE-2018-5381" ] }, "vid": "e15a22ce-f16f-446b-9ca7-6859350c2e75" }, "details": "Quagga reports:\n\n> The Quagga BGP daemon, bgpd, does not properly bounds check the data\n> sent with a NOTIFY to a peer, if an attribute length is invalid.\n> Arbitrary data from the bgpd process may be sent over the network to a\n> peer and/or it may crash.\n\n> The Quagga BGP daemon, bgpd, can double-free memory when processing\n> certain forms of UPDATE message, containing cluster-list and/or\n> unknown attributes.\n\n> The Quagga BGP daemon, bgpd, can overrun internal BGP code-to-string\n> conversion tables used for debug by 1 pointer value, based on input.\n\n> The Quagga BGP daemon, bgpd, can enter an infinite loop if sent an\n> invalid OPEN message by a configured peer.\n", "id": "FreeBSD-2018-0046", "modified": "2018-02-15T00:00:00Z", "published": "2018-02-15T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://www.quagga.net/security/Quagga-2018-0543.txt" }, { "type": "REPORT", "url": "https://www.quagga.net/security/Quagga-2018-1114.txt" }, { "type": "REPORT", "url": "https://www.quagga.net/security/Quagga-2018-1550.txt" }, { "type": "REPORT", "url": "https://www.quagga.net/security/Quagga-2018-1975.txt" }, { "type": "WEB", "url": "https://www.quagga.net/security/Quagga-2018-0543.txt" }, { "type": "WEB", "url": "https://www.quagga.net/security/Quagga-2018-1114.txt" }, { "type": "WEB", "url": "https://www.quagga.net/security/Quagga-2018-1550.txt" }, { "type": "WEB", "url": "https://www.quagga.net/security/Quagga-2018-1975.txt" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-5378" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-5379" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-5380" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-5381" } ], "schema_version": "1.7.0", "summary": "quagga -- several security issues" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "libraw" }, "ranges": [ { "events": [ { "fixed": "0.18.7" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://www.securityfocus.com/archive/1/541732" ], "discovery": "2018-01-16T00:00:00Z", "references": { "cvename": [ "CVE-2018-5800", "CVE-2018-5801", "CVE-2018-5802" ] }, "vid": "6f0b0cbf-1274-11e8-8b5b-4ccc6adda413" }, "details": "Secunia Research reports:\n\n> CVE-2018-5800: An off-by-one error within the\n> \\\"LibRaw::kodak_ycbcr_load_raw()\\\" function\n> (internal/dcraw_common.cpp) can be exploited to cause a heap-based\n> buffer overflow and subsequently cause a crash.\n>\n> CVE-2017-5801: An error within the \\\"LibRaw::unpack()\\\" function\n> (src/libraw_cxx.cpp) can be exploited to trigger a NULL pointer\n> dereference.\n>\n> CVE-2017-5802: An error within the \\\"kodak_radc_load_raw()\\\" function\n> (internal/dcraw_common.cpp) related to the \\\"buf\\\" variable can be\n> exploited to cause an out-of-bounds read memory access and\n> subsequently cause a crash.\n", "id": "FreeBSD-2018-0045", "modified": "2018-02-15T00:00:00Z", "published": "2018-02-15T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://www.securityfocus.com/archive/1/541732" }, { "type": "WEB", "url": "https://www.securityfocus.com/archive/1/541732" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-5800" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-5801" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-5802" } ], "schema_version": "1.7.0", "summary": "libraw -- multiple DoS vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "libraw" }, "ranges": [ { "events": [ { "fixed": "0.18.6" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://www.securityfocus.com/archive/1/541583" ], "discovery": "2017-12-04T00:00:00Z", "references": { "cvename": [ "CVE-2017-16909", "CVE-2017-16910" ] }, "vid": "c60804f1-126f-11e8-8b5b-4ccc6adda413" }, "details": "Secunia Research reports:\n\n> CVE-2017-16909: An error related to the\n> \\\"LibRaw::panasonic_load_raw()\\\" function (dcraw_common.cpp) can be\n> exploited to cause a heap-based buffer overflow and subsequently cause\n> a crash via a specially crafted TIFF image.\n>\n> CVE-2017-16910: An error within the \\\"LibRaw::xtrans_interpolate()\\\"\n> function (internal/dcraw_common.cpp) can be exploited to cause an\n> invalid read memory access.\n", "id": "FreeBSD-2018-0044", "modified": "2018-02-15T00:00:00Z", "published": "2018-02-15T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://www.securityfocus.com/archive/1/541583" }, { "type": "WEB", "url": "https://www.securityfocus.com/archive/1/541583" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-16909" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-16910" } ], "schema_version": "1.7.0", "summary": "libraw -- multiple DoS vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "bitmessage" }, "ranges": [ { "events": [ { "last_affected": "0.6.2" }, { "fixed": "0.6.2" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://github.com/Bitmessage/PyBitmessage/releases/tag/v0.6.3" ], "discovery": "2018-02-13T00:00:00Z", "vid": "1a75c84a-11c8-11e8-83e7-485b3931c969" }, "details": "Bitmessage developers report:\n\n> A remote code execution vulnerability has been spotted in use against\n> some users running PyBitmessage v0.6.2. The cause was identified and a\n> fix has been added and released as 0.6.3.2. (Will be updated if/when\n> CVE will be available.)\n", "id": "FreeBSD-2018-0043", "modified": "2018-02-14T00:00:00Z", "published": "2018-02-14T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://github.com/Bitmessage/PyBitmessage/releases/tag/v0.6.3" }, { "type": "WEB", "url": "https://github.com/Bitmessage/PyBitmessage/releases/tag/v0.6.3" }, { "type": "WEB", "url": "https://bitmessage.org/wiki/Main_Page" } ], "schema_version": "1.7.0", "summary": "bitmessage -- remote code execution vulnerability" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "jenkins" }, "ranges": [ { "events": [ { "last_affected": "2.106" }, { "fixed": "2.106" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "jenkins-lts" }, "ranges": [ { "events": [ { "last_affected": "2.89.3" }, { "fixed": "2.89.3" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://jenkins.io/security/advisory/2018-02-14/" ], "discovery": "2018-02-14T00:00:00Z", "references": { "cvename": [ "CVE-2018-6356" ] }, "vid": "5d374fbb-bae3-45db-afc0-795684ac7353" }, "details": "Jenkins developers report:\n\n> Jenkins did not properly prevent specifying relative paths that escape\n> a base directory for URLs accessing plugin resource files. This\n> allowed users with Overall/Read permission to download files from the\n> Jenkins master they should not have access to.\n", "id": "FreeBSD-2018-0042", "modified": "2018-02-14T00:00:00Z", "published": "2018-02-14T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://jenkins.io/security/advisory/2018-02-14/" }, { "type": "WEB", "url": "https://jenkins.io/security/advisory/2018-02-14/" }, { "type": "WEB", "url": "https://jenkins.io/blog/2018/02/14/security-updates/" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-6356" } ], "schema_version": "1.7.0", "summary": "jenkins -- Path traversal vulnerability allows access to files outside plugin resources" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "bchunk" }, "ranges": [ { "events": [ { "introduced": "1.2.0" }, { "last_affected": "1.2.1" }, { "fixed": "1.2.1" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15955" ], "discovery": "2017-10-28T00:00:00Z", "references": { "cvename": [ "CVE-2017-15955" ] }, "vid": "279f682c-0e9e-11e8-83e7-485b3931c969" }, "details": "Mitre reports:\n\n> bchunk 1.2.0 and 1.2.1 is vulnerable to an \\\"Access violation near\n> NULL on destination operand\\\" and crash when processing a malformed\n> CUE (.cue) file.\n", "id": "FreeBSD-2018-0041", "modified": "2018-02-13T00:00:00Z", "published": "2018-02-13T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15955" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-15955" }, { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-15955" } ], "schema_version": "1.7.0", "summary": "bchunk -- access violation near NULL on destination operand and crash" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "bchunk" }, "ranges": [ { "events": [ { "introduced": "1.2.0" }, { "last_affected": "1.2.1" }, { "fixed": "1.2.1" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15954" ], "discovery": "2017-10-28T00:00:00Z", "references": { "cvename": [ "CVE-2017-15954" ] }, "vid": "8ba2819c-0e9d-11e8-83e7-485b3931c969" }, "details": "Mitre reports:\n\n> bchunk 1.2.0 and 1.2.1 is vulnerable to a heap-based buffer overflow\n> (with a resultant invalid free) and crash when processing a malformed\n> CUE (.cue) file.\n", "id": "FreeBSD-2018-0040", "modified": "2018-02-13T00:00:00Z", "published": "2018-02-13T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15954" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-15954" }, { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-15954" } ], "schema_version": "1.7.0", "summary": "bchunk -- heap-based buffer overflow (with invalid free) and crash" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "bchunk" }, "ranges": [ { "events": [ { "introduced": "1.2.0" }, { "last_affected": "1.2.1" }, { "fixed": "1.2.1" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15953" ], "discovery": "2017-10-28T00:00:00Z", "references": { "cvename": [ "CVE-2017-15953" ] }, "vid": "1ec1c59b-0e98-11e8-83e7-485b3931c969" }, "details": "Mitre reports:\n\n> bchunk 1.2.0 and 1.2.1 vulnerable to a heap-based buffer overflow and\n> crash when processing a malformed CUE (.cue) file.\n", "id": "FreeBSD-2018-0039", "modified": "2018-02-13T00:00:00Z", "published": "2018-02-13T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15953" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-15953" }, { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-15953" } ], "schema_version": "1.7.0", "summary": "bchunk -- heap-based buffer overflow and crash" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "uwsgi" }, "ranges": [ { "events": [ { "fixed": "2.0.16" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "http://lists.unbit.it/pipermail/uwsgi/2018-February/008835.html" ], "discovery": "2018-02-06T00:00:00Z", "references": { "cvename": [ "CVE-2018-6758" ] }, "vid": "a8f25565-109e-11e8-8d41-97657151f8c2" }, "details": "Uwsgi developers report:\n\n> It was discovered that the uwsgi_expand_path function in utils.c in\n> Unbit uWSGI, an application container server, has a stack-based buffer\n> overflow via a large directory length that can cause a\n> denial-of-service (application crash) or stack corruption.\n", "id": "FreeBSD-2018-0038", "modified": "2018-02-13T00:00:00Z", "published": "2018-02-13T00:00:00Z", "references": [ { "type": "REPORT", "url": "http://lists.unbit.it/pipermail/uwsgi/2018-February/008835.html" }, { "type": "WEB", "url": "http://lists.unbit.it/pipermail/uwsgi/2018-February/008835.html" }, { "type": "WEB", "url": "https://lists.debian.org/debian-lts-announce/2018/02/msg00010.html" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-6758" } ], "schema_version": "1.7.0", "summary": "uwsgi -- a stack-based buffer overflow" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "python34" }, "ranges": [ { "events": [ { "fixed": "3.4.8" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "python35" }, "ranges": [ { "events": [ { "fixed": "3.5.5" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://bugs.python.org/issue30657" ], "discovery": "2017-06-03T00:00:00Z", "references": { "cvename": [ "CVE-2017-1000158" ] }, "vid": "0fe70bcd-2ce3-46c9-a64b-4a7da097db07" }, "details": "Python issue:\n\n> There is a possible integer overflow in PyString_DecodeEscape function\n> of the file stringobject.c, which can be abused to gain a heap\n> overflow, possibly leading to arbitrary code execution.\n", "id": "FreeBSD-2018-0037", "modified": "2018-02-11T00:00:00Z", "published": "2018-02-11T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://bugs.python.org/issue30657" }, { "type": "WEB", "url": "https://bugs.python.org/issue30657" }, { "type": "WEB", "url": "https://docs.python.org/3.4/whatsnew/changelog.html" }, { "type": "WEB", "url": "https://docs.python.org/3.5/whatsnew/changelog.html" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-1000158" } ], "schema_version": "1.7.0", "summary": "python -- possible integer overflow vulnerability" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "electrum-py36" }, "ranges": [ { "events": [ { "introduced": "2.6" }, { "fixed": "3.0.5" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "electrum2" }, "ranges": [ { "events": [ { "introduced": "2.6" }, { "fixed": "3.0.5" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6353" ], "discovery": "2018-01-27T00:00:00Z", "references": { "cvename": [ "CVE-2018-6353" ] }, "vid": "aa743ee4-0f16-11e8-8fd2-10bf48e1088e" }, "details": "MITRE reports:\n\n> JSONRPC vulnerability\n", "id": "FreeBSD-2018-0036", "modified": "2018-02-11T00:00:00Z", "published": "2018-02-11T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6353" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-6353" }, { "type": "WEB", "url": "https://github.com/spesmilo/electrum-docs/blob/master/cve.rst" }, { "type": "WEB", "url": "https://bitcointalk.org/index.php?topic=2702103.0" } ], "schema_version": "1.7.0", "summary": "electrum -- JSONRPC vulnerability" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "libtorrent" }, "ranges": [ { "events": [ { "fixed": "0.13.6_5" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://github.com/rakshasa/libtorrent/pull/99" ], "discovery": "2015-12-01T00:00:00Z", "references": { "freebsdpr": [ "ports/224664" ] }, "vid": "e4dd787e-0ea9-11e8-95f2-005056925db4" }, "details": "X-cela reports:\n\n> Calls into build_benocde that use %zu could crash on 64 bit machines\n> due to the size change of size_t. Someone can force READ_ENC_IA to\n> fail allowing an internal_error to be thrown and bring down the\n> client.\n", "id": "FreeBSD-2018-0035", "modified": "2018-02-10T00:00:00Z", "published": "2018-02-10T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://github.com/rakshasa/libtorrent/pull/99" }, { "type": "WEB", "url": "https://github.com/rakshasa/libtorrent/pull/99" }, { "type": "REPORT", "url": "https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=224664" } ], "schema_version": "1.7.0", "summary": "libtorrent -- remote DoS" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "exim" }, "ranges": [ { "events": [ { "fixed": "4.90.1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://exim.org/static/doc/security/CVE-2018-6789.txt" ], "discovery": "2018-02-05T00:00:00Z", "vid": "316b3c3e-0e98-11e8-8d41-97657151f8c2" }, "details": "Exim developers report:\n\n> There is a buffer overflow in base64d(), if some pre-conditions are\n> met. Using a handcrafted message, remote code execution seems to be\n> possible.\n", "id": "FreeBSD-2018-0034", "modified": "2018-02-10T00:00:00Z", "published": "2018-02-10T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://exim.org/static/doc/security/CVE-2018-6789.txt" }, { "type": "WEB", "url": "https://exim.org/static/doc/security/CVE-2018-6789.txt" } ], "schema_version": "1.7.0", "summary": "exim -- a buffer overflow vulnerability, remote code execution" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "p7zip-codec-rar" }, "ranges": [ { "events": [ { "fixed": "16.02_1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5996" ], "discovery": "2018-01-23T00:00:00Z", "references": { "cvename": [ "CVE-2018-5996" ] }, "vid": "7a2e0063-0e4e-11e8-94c0-5453ed2e2b49" }, "details": "MITRE reports:\n\n> Insufficient exception handling in the method\n> NCompress::NRar3::CDecoder::Code of 7-Zip before 18.00 and p7zip can\n> lead to multiple memory corruptions within the PPMd code, alows remote\n> attackers to cause a denial of service (segmentation fault) or execute\n> arbitrary code via a crafted RAR archive.\n", "id": "FreeBSD-2018-0033", "modified": "2018-02-10T00:00:00Z", "published": "2018-02-10T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5996" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-5996" }, { "type": "WEB", "url": "https://landave.io/2018/01/7-zip-multiple-memory-corruptions-via-rar-and-zip/" }, { "type": "ADVISORY", "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5996" }, { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-5996" } ], "schema_version": "1.7.0", "summary": "p7zip-codec-rar -- insufficient error handling" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "p7zip" }, "ranges": [ { "events": [ { "fixed": "16.02_1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17969" ], "discovery": "2018-01-23T00:00:00Z", "references": { "cvename": [ "CVE-2017-17969" ] }, "vid": "6d337396-0e4a-11e8-94c0-5453ed2e2b49" }, "details": "MITRE reports:\n\n> Heap-based buffer overflow in the\n> NCompress::NShrink::CDecoder::CodeReal method in 7-Zip before 18.00\n> and p7zip allows remote attackers to cause a denial of service\n> (out-of-bounds write) or potentially execute arbitrary code via a\n> crafted ZIP archive.\n", "id": "FreeBSD-2018-0032", "modified": "2018-02-10T00:00:00Z", "published": "2018-02-10T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17969" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-17969" }, { "type": "WEB", "url": "https://landave.io/2018/01/7-zip-multiple-memory-corruptions-via-rar-and-zip/" }, { "type": "ADVISORY", "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17969" }, { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-17969" }, { "type": "WEB", "url": "https://marc.info/?l=bugtraq&=151782582216805&=2" } ], "schema_version": "1.7.0", "summary": "p7zip -- heap-based buffer overflow" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "mpv" }, "ranges": [ { "events": [ { "fixed": "0.27.1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://nvd.nist.gov/vuln/detail/CVE-2018-6360" ], "discovery": "2018-01-28T00:00:00Z", "references": { "cvename": [ "CVE-2018-6360" ] }, "vid": "3ee6e521-0d32-11e8-99b0-d017c2987f9a" }, "details": "mpv developers report:\n\n> mpv through 0.28.0 allows remote attackers to execute arbitrary code\n> via a crafted web site, because it reads HTML documents containing\n> VIDEO elements, and accepts arbitrary URLs in a src attribute without\n> a protocol whitelist in player/lua/ytdl_hook.lua. For example, an\n> av://lavfi:ladspa=file= URL signifies that the product should call\n> dlopen on a shared object file located at an arbitrary local pathname.\n> The issue exists because the product does not consider that youtube-dl\n> can provide a potentially unsafe URL.\n", "id": "FreeBSD-2018-0031", "modified": "2018-02-11T00:00:00Z", "published": "2018-02-09T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-6360" }, { "type": "WEB", "url": "https://github.com/mpv-player/mpv/issues/5456" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-6360" } ], "schema_version": "1.7.0", "summary": "mpv -- arbitrary code execution via crafted website" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "mailman" }, "ranges": [ { "events": [ { "fixed": "2.1.26" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "mailman-with-htdig" }, "ranges": [ { "events": [ { "fixed": "2.1.26" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "ja-mailman" }, "ranges": [ { "events": [ { "last_affected": "2.1.14.j7_3,1" }, { "fixed": "2.1.14.j7_3,1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://www.mail-archive.com/mailman-users@python.org/msg70478.html" ], "discovery": "2018-01-20T00:00:00Z", "references": { "cvename": [ "CVE-2018-5950" ] }, "vid": "3d0eeef8-0cf9-11e8-99b0-d017c2987f9a" }, "details": "Mark Sapiro reports:\n\n> An XSS vulnerability in the user options CGI could allow a crafted URL\n> to execute arbitrary javascript in a user\\'s browser. A related issue\n> could expose information on a user\\'s options page without requiring\n> login.\n", "id": "FreeBSD-2018-0030", "modified": "2018-02-08T00:00:00Z", "published": "2018-02-08T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://www.mail-archive.com/mailman-users@python.org/msg70478.html" }, { "type": "WEB", "url": "https://www.mail-archive.com/mailman-users@python.org/msg70478.html" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-5950" } ], "schema_version": "1.7.0", "summary": "Mailman -- Cross-site scripting (XSS) vulnerability in the web UI" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "postgresql93-server" }, "ranges": [ { "events": [ { "introduced": "9.3.0" }, { "fixed": "9.3.21" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "postgresql94-server" }, "ranges": [ { "events": [ { "introduced": "9.4.0" }, { "fixed": "9.4.16" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "postgresql95-server" }, "ranges": [ { "events": [ { "introduced": "9.5.0" }, { "fixed": "9.5.11" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "postgresql96-server" }, "ranges": [ { "events": [ { "introduced": "9.6.0" }, { "fixed": "9.6.7" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "postgresql10-server" }, "ranges": [ { "events": [ { "introduced": "10.0" }, { "fixed": "10.2" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://www.postgresql.org/about/news/1829/" ], "discovery": "2018-02-05T00:00:00Z", "references": { "cvename": [ "CVE-2018-1052", "CVE-2018-1053" ] }, "vid": "c602c791-0cf4-11e8-a2ec-6cc21735f730" }, "details": "The PostgreSQL project reports:\n\n> - CVE-2018-1052: Fix the processing of partition keys containing\n> multiple expressions (only for PostgreSQL-10.x)\n> - CVE-2018-1053: Ensure that all temporary files made with\n> \\\"pg_upgrade\\\" are non-world-readable\n", "id": "FreeBSD-2018-0029", "modified": "2018-02-08T00:00:00Z", "published": "2018-02-08T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://www.postgresql.org/about/news/1829/" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-1052" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-1053" } ], "schema_version": "1.7.0", "summary": "PostgreSQL vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "tiff" }, "ranges": [ { "events": [ { "last_affected": "4.0.9" }, { "fixed": "4.0.9" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://www.debian.org/security/2018/dsa-4100" ], "discovery": "2017-06-22T00:00:00Z", "references": { "bid": [ "225544" ], "cvename": [ "CVE-2017-9935", "CVE-2017-18013" ] }, "vid": "b38e8150-0535-11e8-96ab-0800271d4b9c" }, "details": "Debian Security Advisory reports:\n\n> Multiple vulnerabilities have been discovered in the libtiff library\n> and the included tools, which may result in denial of service or the\n> execution of arbitrary code.\n", "id": "FreeBSD-2018-0028", "modified": "2018-01-29T00:00:00Z", "published": "2018-01-29T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://www.debian.org/security/2018/dsa-4100" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-9935" }, { "type": "WEB", "url": "http://bugzilla.maptools.org/show_bug.cgi?id=2704" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-18013" }, { "type": "WEB", "url": "http://bugzilla.maptools.org/show_bug.cgi?id=2770" }, { "type": "ADVISORY", "url": "https://www.securityfocus.com/bid/225544/info" } ], "schema_version": "1.7.0", "summary": "tiff -- multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "linux-flashplayer" }, "ranges": [ { "events": [ { "fixed": "28.0.0.161" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://helpx.adobe.com/security/products/flash-player/apsb18-03.html" ], "discovery": "2018-01-31T00:00:00Z", "references": { "cvename": [ "CVE-2018-4877", "CVE-2018-4878" ] }, "vid": "756a8631-0b84-11e8-a986-6451062f0f7a" }, "details": "Adobe reports:\n\n> - This update resolves use-after-free vulnerabilities that could lead\n> to remote code execution (CVE-2018-4877, CVE-2018-4878).\n", "id": "FreeBSD-2018-0027", "modified": "2018-02-06T00:00:00Z", "published": "2018-02-06T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://helpx.adobe.com/security/products/flash-player/apsb18-03.html" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-4877" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-4878" }, { "type": "WEB", "url": "https://helpx.adobe.com/security/products/flash-player/apsa18-01.html" }, { "type": "WEB", "url": "https://helpx.adobe.com/security/products/flash-player/apsb18-03.html" } ], "schema_version": "1.7.0", "summary": "Flash Player -- multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "mini_httpd" }, "ranges": [ { "events": [ { "fixed": "1.28" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "thttpd" }, "ranges": [ { "events": [ { "fixed": "2.28" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17663" ], "discovery": "2017-12-13T00:00:00Z", "vid": "f5524753-67b1-4c88-8114-29c2d258b383" }, "details": "Alessio Santoru reports:\n\n> Buffer overflow in htpasswd.\n", "id": "FreeBSD-2018-0026", "modified": "2018-02-06T00:00:00Z", "published": "2018-02-06T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17663" }, { "type": "WEB", "url": "http://acme.com/updates/archive/199.html" } ], "schema_version": "1.7.0", "summary": "mini_httpd,thttpd -- Buffer overflow in htpasswd" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "shadowsocks-libev" }, "ranges": [ { "events": [ { "introduced": "3.1.0" }, { "fixed": "3.1.1" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15924" ], "discovery": "2017-10-27T00:00:00Z", "vid": "3746de31-0a1a-11e8-83e7-485b3931c969" }, "details": "MITRE reports:\n\n> Improper parsing allows command injection via shell metacharacters in\n> a JSON configuration request received via 127.0.0.1 UDP traffic.\n", "id": "FreeBSD-2018-0025", "modified": "2018-02-05T00:00:00Z", "published": "2018-02-05T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15924" }, { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-15924" } ], "schema_version": "1.7.0", "summary": "shadowsocks-libev -- command injection via shell metacharacters" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "palemoon" }, "ranges": [ { "events": [ { "fixed": "27.7.2" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "http://www.palemoon.org/releasenotes.shtml" ], "discovery": "2018-01-23T00:00:00Z", "references": { "cvename": [ "CVE-2018-5102", "CVE-2018-5122" ] }, "vid": "5044bd23-08cb-11e8-b08f-00012e582166" }, "details": "Pale Moon reports:\n\n> CVE-2018-5102: Use-after-free in HTML media elements\n>\n> CVE-2018-5122: Potential integer overflow in DoCrypt\n", "id": "FreeBSD-2018-0024", "modified": "2018-02-03T00:00:00Z", "published": "2018-02-03T00:00:00Z", "references": [ { "type": "REPORT", "url": "http://www.palemoon.org/releasenotes.shtml" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-5102" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-5122" } ], "schema_version": "1.7.0", "summary": "palemoon -- multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "py27-django111" }, "ranges": [ { "events": [ { "fixed": "1.11.10" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "py34-django111" }, "ranges": [ { "events": [ { "fixed": "1.11.10" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "py35-django111" }, "ranges": [ { "events": [ { "fixed": "1.11.10" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "py36-django111" }, "ranges": [ { "events": [ { "fixed": "1.11.10" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "py27-django20" }, "ranges": [ { "events": [ { "fixed": "2.0.2" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "py34-django20" }, "ranges": [ { "events": [ { "fixed": "2.0.2" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "py35-django20" }, "ranges": [ { "events": [ { "fixed": "2.0.2" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "py36-django20" }, "ranges": [ { "events": [ { "fixed": "2.0.2" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://docs.djangoproject.com/en/1.11/releases/1.11.10/" ], "discovery": "2018-02-01T00:00:00Z", "references": { "cvename": [ "CVE-2018-6188" ] }, "vid": "d696473f-9f32-42c5-a106-bf4536fb1f74" }, "details": "Django release notes:\n\n> CVE-2018-6188: Information leakage in AuthenticationForm\n>\n> A regression in Django 1.11.8 made AuthenticationForm run its\n> confirm_login_allowed() method even if an incorrect password is\n> entered. This can leak information about a user, depending on what\n> messages confirm_login_allowed() raises. If confirm_login_allowed()\n> isn\\'t overridden, an attacker enter an arbitrary username and see if\n> that user has been set to is_active=False. If confirm_login_allowed()\n> is overridden, more sensitive details could be leaked.\n>\n> This issue is fixed with the caveat that AuthenticationForm can no\n> longer raise the \\\"This account is inactive.\\\" error if the\n> authentication backend rejects inactive users (the default\n> authentication backend, ModelBackend, has done that since Django\n> 1.10). This issue will be revisited for Django 2.1 as a fix to address\n> the caveat will likely be too invasive for inclusion in older\n> versions.\n", "id": "FreeBSD-2018-0023", "modified": "2018-02-02T00:00:00Z", "published": "2018-02-02T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://docs.djangoproject.com/en/1.11/releases/1.11.10/" }, { "type": "WEB", "url": "https://docs.djangoproject.com/en/1.11/releases/1.11.10/" }, { "type": "WEB", "url": "https://docs.djangoproject.com/en/2.0/releases/2.0.2/" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-6188" } ], "schema_version": "1.7.0", "summary": "Django -- information leakage" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "w3m" }, "ranges": [ { "events": [ { "fixed": "0.5.3.20180125" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "w3m-img" }, "ranges": [ { "events": [ { "fixed": "0.5.3.20180125" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "ja-w3m" }, "ranges": [ { "events": [ { "fixed": "0.5.3.20180125" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "ja-w3m-img" }, "ranges": [ { "events": [ { "fixed": "0.5.3.20180125" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://github.com/tats/w3m/commit/01d41d49b273a8cc75b27c6ab42291b46004fc0c" ], "discovery": "2018-01-25T00:00:00Z", "references": { "cvename": [ "CVE-2018-6196", "CVE-2018-6197", "CVE-2018-6198" ] }, "vid": "e72d5bf5-07a0-11e8-8248-0021ccb9e74d" }, "details": "Tatsuya Kinoshita reports:\n\n> CVE-2018-6196 \\* table.c: Prevent negative indent value in\n> feed_table_block_tag().\n>\n> CVE-2018-6197 \\* form.c: Prevent invalid columnPos() call in\n> formUpdateBuffer().\n>\n> CVE-2018-6198 \\* config.h.dist, config.h.in, configure, configure.ac,\n> main.c, rc.c: Make temporary directory safely when \\~/.w3m is\n> unwritable.\n", "id": "FreeBSD-2018-0022", "modified": "2018-02-03T00:00:00Z", "published": "2018-02-01T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://github.com/tats/w3m/commit/01d41d49b273a8cc75b27c6ab42291b46004fc0c" }, { "type": "WEB", "url": "https://github.com/tats/w3m/commit/e773a0e089276f82c546447c0fd1e6c0f9156628" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-6196" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-6197" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-6198" } ], "schema_version": "1.7.0", "summary": "w3m - multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "firefox" }, "ranges": [ { "events": [ { "fixed": "58.0.1,1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "waterfox" }, "ranges": [ { "events": [ { "fixed": "56.0.3.65" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://www.mozilla.org/en-US/security/advisories/mfsa2018-05/" ], "discovery": "2018-01-29T00:00:00Z", "vid": "103bf96a-6211-45ab-b567-1555ebb3a86a" }, "details": "The Mozilla Foundation reports:\n\n> Mozilla developer **Johann Hofmann** reported that unsanitized output\n> in the browser UI can lead to arbitrary code execution.\n", "id": "FreeBSD-2018-0021", "modified": "2018-01-31T00:00:00Z", "published": "2018-01-29T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2018-05/" }, { "type": "REPORT", "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1432966" } ], "schema_version": "1.7.0", "summary": "firefox -- Arbitrary code execution through unsanitized browser UI" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "gcab" }, "ranges": [ { "events": [ { "fixed": "0.8" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://nvd.nist.gov/vuln/detail/CVE-2018-5345" ], "discovery": "2018-01-23T00:00:00Z", "references": { "cvename": [ "CVE-2018-5345" ] }, "vid": "2cceb80e-c482-4cfd-81b3-2088d2c0ad53" }, "details": "Upstream reports:\n\n> A stack-based buffer overflow within GNOME gcab through 0.7.4 can be\n> exploited by malicious attackers to cause a crash or, potentially,\n> execute arbitrary code via a crafted .cab file.\n", "id": "FreeBSD-2018-0020", "modified": "2018-01-27T00:00:00Z", "published": "2018-01-27T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-5345" }, { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-5345" }, { "type": "WEB", "url": "https://mail.gnome.org/archives/ftp-release-list/2018-January/msg00066.html" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-5345" } ], "schema_version": "1.7.0", "summary": "gcab -- stack overflow" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "dovecot" }, "ranges": [ { "events": [ { "introduced": "2.0,1" }, { "last_affected": "2.2.33.2_3" }, { "fixed": "2.2.33.2_3" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "2.3" }, { "last_affected": "2.3.0" }, { "fixed": "2.3.0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://bugzilla.redhat.com/show_bug.cgi?id=1532768" ], "discovery": "2018-01-09T00:00:00Z", "references": { "cvename": [ "CVE-2017-15132" ] }, "vid": "92b8b284-a3a2-41b1-956c-f9cf8b74f500" }, "details": "Pedro Sampaio reports:\n\n> A flaw was found in dovecot 2.0 up to 2.2.33 and 2.3.0. A abort of\n> SASL authentication results in a memory leak in Dovecot auth client\n> used by login processes. The leak has impact in high performance\n> configuration where same login processes are reused and can cause the\n> process to crash due to memory exhaustion.\n", "id": "FreeBSD-2018-0019", "modified": "2018-02-01T00:00:00Z", "published": "2018-01-26T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1532768" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-15132" }, { "type": "REPORT", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1532768" }, { "type": "WEB", "url": "https://github.com/dovecot/core/commit/1a29ed2f96da1be22fa5a4d96c7583aa81b8b060.patch" } ], "schema_version": "1.7.0", "summary": "dovecot -- abort of SASL authentication results in a memory leak" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "curl" }, "ranges": [ { "events": [ { "fixed": "7.58.0" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-1000007" ], "discovery": "2018-01-24T00:00:00Z", "references": { "cvename": [ "CVE-2018-1000007" ] }, "vid": "0cbf0fa6-dcb7-469c-b87a-f94cffd94583" }, "details": "The cURL project reports:\n\n> libcurl 7.1 through 7.57.0 might accidentally leak authentication data\n> to third parties. When asked to send custom headers in its HTTP\n> requests, libcurl will send that set of headers first to the host in\n> the initial URL but also, if asked to follow redirects and a 30X HTTP\n> response code is returned, to the host mentioned in URL in the\n> \\`Location:\\` response header value. Sending the same set of headers\n> to subsequest hosts is in particular a problem for applications that\n> pass on custom \\`Authorization:\\` headers, as this header often\n> contains privacy sensitive information or data that could allow others\n> to impersonate the libcurl-using client\\'s request.\n", "id": "FreeBSD-2018-0018", "modified": "2018-01-26T00:00:00Z", "published": "2018-01-26T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-1000007" }, { "type": "WEB", "url": "https://curl.haxx.se/docs/adv_2018-b3bf.html" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-1000007" } ], "schema_version": "1.7.0", "summary": "cURL -- Multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "clamav" }, "ranges": [ { "events": [ { "fixed": "0.99.3" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "http://blog.clamav.net/2018/01/clamav-0993-has-been-released.html" ], "discovery": "2018-01-25T00:00:00Z", "references": { "cvename": [ "CVE-2017-12374", "CVE-2017-12375", "CVE-2017-12376", "CVE-2017-12377", "CVE-2017-12378", "CVE-2017-12379", "CVE-2017-12380" ] }, "vid": "b464f61b-84c7-4e1c-8ad4-6cf9efffd025" }, "details": "ClamAV project reports:\n\n> Join us as we welcome ClamAV 0.99.3 to the family!.\n>\n> This release is a security release and is recommended for all ClamAV\n> users.\n>\n> CVE-2017-12374 ClamAV UAF (use-after-free) Vulnerabilities\n>\n> CVE-2017-12375 ClamAV Buffer Overflow Vulnerability\n>\n> CVE-2017-12376 ClamAV Buffer Overflow in handle_pdfname Vulnerability\n>\n> CVE-2017-12377 ClamAV Mew Packet Heap Overflow Vulnerability\n>\n> CVE-2017-12378 ClamAV Buffer Over Read Vulnerability\n>\n> CVE-2017-12379 ClamAV Buffer Overflow in messageAddArgument\n> Vulnerability\n>\n> CVE-2017-12380 ClamAV Null Dereference Vulnerability\n", "id": "FreeBSD-2018-0017", "modified": "2018-01-26T00:00:00Z", "published": "2018-01-26T00:00:00Z", "references": [ { "type": "REPORT", "url": "http://blog.clamav.net/2018/01/clamav-0993-has-been-released.html" }, { "type": "WEB", "url": "http://blog.clamav.net/2018/01/clamav-0993-has-been-released.html" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-12374" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-12375" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-12376" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-12377" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-12378" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-12379" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-12380" } ], "schema_version": "1.7.0", "summary": "clamav -- multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "firefox" }, "ranges": [ { "events": [ { "fixed": "58.0_1,1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "waterfox" }, "ranges": [ { "events": [ { "fixed": "56.0.3.63" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "seamonkey" }, "ranges": [ { "events": [ { "fixed": "2.49.2" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "linux-seamonkey" }, "ranges": [ { "events": [ { "fixed": "2.49.2" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "firefox-esr" }, "ranges": [ { "events": [ { "fixed": "52.6.0_1,1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "linux-firefox" }, "ranges": [ { "events": [ { "fixed": "52.6.0,2" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "libxul" }, "ranges": [ { "events": [ { "fixed": "52.6.0" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "thunderbird" }, "ranges": [ { "events": [ { "fixed": "52.6.0" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "linux-thunderbird" }, "ranges": [ { "events": [ { "fixed": "52.6.0" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://www.mozilla.org/en-US/security/advisories/mfsa2018-02/" ], "discovery": "2018-01-23T00:00:00Z", "references": { "cvename": [ "CVE-2018-5089", "CVE-2018-5090", "CVE-2018-5091", "CVE-2018-5092", "CVE-2018-5093", "CVE-2018-5094", "CVE-2018-5095", "CVE-2018-5097", "CVE-2018-5098", "CVE-2018-5099", "CVE-2018-5100", "CVE-2018-5101", "CVE-2018-5102", "CVE-2018-5103", "CVE-2018-5104", "CVE-2018-5105", "CVE-2018-5106", "CVE-2018-5107", "CVE-2018-5108", "CVE-2018-5109", "CVE-2018-5110", "CVE-2018-5111", "CVE-2018-5112", "CVE-2018-5113", "CVE-2018-5114", "CVE-2018-5115", "CVE-2018-5116", "CVE-2018-5117", "CVE-2018-5118", "CVE-2018-5119", "CVE-2018-5121", "CVE-2018-5122" ] }, "vid": "a891c5b4-3d7a-4de9-9c71-eef3fd698c77" }, "details": "Mozilla Foundation reports:\n\n> CVE-2018-5091: Use-after-free with DTMF timers\n>\n> CVE-2018-5092: Use-after-free in Web Workers\n>\n> CVE-2018-5093: Buffer overflow in WebAssembly during Memory/Table\n> resizing\n>\n> CVE-2018-5094: Buffer overflow in WebAssembly with garbage collection\n> on uninitialized memory\n>\n> CVE-2018-5095: Integer overflow in Skia library during edge builder\n> allocation\n>\n> CVE-2018-5097: Use-after-free when source document is manipulated\n> during XSLT\n>\n> CVE-2018-5098: Use-after-free while manipulating form input elements\n>\n> CVE-2018-5099: Use-after-free with widget listener\n>\n> CVE-2018-5100: Use-after-free when IsPotentiallyScrollable arguments\n> are freed from memory\n>\n> CVE-2018-5101: Use-after-free with floating first-letter style\n> elements\n>\n> CVE-2018-5102: Use-after-free in HTML media elements\n>\n> CVE-2018-5103: Use-after-free during mouse event handling\n>\n> CVE-2018-5104: Use-after-free during font face manipulation\n>\n> CVE-2018-5105: WebExtensions can save and execute files on local file\n> system without user prompts\n>\n> CVE-2018-5106: Developer Tools can expose style editor information\n> cross-origin through service worker\n>\n> CVE-2018-5107: Printing process will follow symlinks for local file\n> access\n>\n> CVE-2018-5108: Manually entered blob URL can be accessed by subsequent\n> private browsing tabs\n>\n> CVE-2018-5109: Audio capture prompts and starts with incorrect origin\n> attribution\n>\n> CVE-2018-5110: Cursor can be made invisible on OS X\n>\n> CVE-2018-5111: URL spoofing in addressbar through drag and drop\n>\n> CVE-2018-5112: Extension development tools panel can open a\n> non-relative URL in the panel\n>\n> CVE-2018-5113: WebExtensions can load non-HTTPS pages with\n> browser.identity.launchWebAuthFlow\n>\n> CVE-2018-5114: The old value of a cookie changed to HttpOnly remains\n> accessible to scripts\n>\n> CVE-2018-5115: Background network requests can open HTTP\n> authentication in unrelated foreground tabs\n>\n> CVE-2018-5116: WebExtension ActiveTab permission allows cross-origin\n> frame content access\n>\n> CVE-2018-5117: URL spoofing with right-to-left text aligned\n> left-to-right\n>\n> CVE-2018-5118: Activity Stream images can attempt to load local\n> content through file:\n>\n> CVE-2018-5119: Reader view will load cross-origin content in violation\n> of CORS headers\n>\n> CVE-2018-5121: OS X Tibetan characters render incompletely in the\n> addressbar\n>\n> CVE-2018-5122: Potential integer overflow in DoCrypt\n>\n> CVE-2018-5090: Memory safety bugs fixed in Firefox 58\n>\n> CVE-2018-5089: Memory safety bugs fixed in Firefox 58 and Firefox ESR\n> 52.6\n", "id": "FreeBSD-2018-0016", "modified": "2018-01-29T00:00:00Z", "published": "2018-01-23T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2018-02/" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-5089" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-5090" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-5091" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-5092" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-5093" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-5094" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-5095" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-5097" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-5098" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-5099" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-5100" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-5101" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-5102" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-5103" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-5104" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-5105" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-5106" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-5107" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-5108" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-5109" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-5110" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-5111" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-5112" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-5113" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-5114" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-5115" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-5116" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-5117" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-5118" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-5119" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-5121" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-5122" }, { "type": "WEB", "url": "https://www.mozilla.org/security/advisories/mfsa2018-02/" }, { "type": "WEB", "url": "https://www.mozilla.org/security/advisories/mfsa2018-03/" } ], "schema_version": "1.7.0", "summary": "mozilla -- multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "powerdns-recursor" }, "ranges": [ { "events": [ { "fixed": "4.1.1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://doc.powerdns.com/recursor/security-advisories/powerdns-advisory-2018-01.html" ], "discovery": "2018-01-22T00:00:00Z", "references": { "cvename": [ "CVE-2018-1000003" ] }, "vid": "24a82876-002e-11e8-9a95-0cc47a02c232" }, "details": "PowerDNS Security Advisory reports:\n\n> An issue has been found in the DNSSEC validation component of PowerDNS\n> Recursor, allowing an ancestor delegation NSEC or NSEC3 record to be\n> used to wrongfully prove the non-existence of a RR below the owner\n> name of that record. This would allow an attacker in position of\n> man-in-the-middle to send a NXDOMAIN answer for a name that does\n> exist.\n", "id": "FreeBSD-2018-0015", "modified": "2018-01-23T00:00:00Z", "published": "2018-01-23T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://doc.powerdns.com/recursor/security-advisories/powerdns-advisory-2018-01.html" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-1000003" }, { "type": "WEB", "url": "https://doc.powerdns.com/recursor/security-advisories/powerdns-advisory-2018-01.html" } ], "schema_version": "1.7.0", "summary": "powerdns-recursor -- insufficient validation of DNSSEC signatures" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "chromium" }, "ranges": [ { "events": [ { "fixed": "63.0.3239.108" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://chromereleases.googleblog.com/2017/12/stable-channel-update-for-desktop_14.html" ], "discovery": "2017-12-14T00:00:00Z", "references": { "cvename": [ "CVE-2017-15429" ] }, "vid": "e264e74e-ffe0-11e7-8b91-e8e0b747a45a" }, "details": "Google Chrome Releases reports:\n\n> 2 security fixes in this release, including:\n>\n> - \\[788453\\] High CVE-2017-15429: UXSS in V8. Reported by Anonymous on\n> 2017-11-24\n> - \\[794792\\] Various fixes from internal audits, fuzzing and other\n> initiatives\n", "id": "FreeBSD-2018-0014", "modified": "2018-01-23T00:00:00Z", "published": "2018-01-23T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://chromereleases.googleblog.com/2017/12/stable-channel-update-for-desktop_14.html" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-15429" }, { "type": "WEB", "url": "https://chromereleases.googleblog.com/2017/12/stable-channel-update-for-desktop_14.html" } ], "schema_version": "1.7.0", "summary": "chromium -- multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "chromium" }, "ranges": [ { "events": [ { "fixed": "63.0.3239.84" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://chromereleases.googleblog.com/2017/12/stable-channel-update-for-desktop.html" ], "discovery": "2017-12-06T00:00:00Z", "references": { "cvename": [ "CVE-2017-15407", "CVE-2017-15408", "CVE-2017-15409", "CVE-2017-15410", "CVE-2017-15411", "CVE-2017-15412", "CVE-2017-15413", "CVE-2017-15415", "CVE-2017-15416", "CVE-2017-15417", "CVE-2017-15418", "CVE-2017-15419", "CVE-2017-15420", "CVE-2017-15422", "CVE-2017-15430", "CVE-2017-15423", "CVE-2017-15424", "CVE-2017-15425", "CVE-2017-15426", "CVE-2017-15427" ] }, "vid": "1d951e85-ffdb-11e7-8b91-e8e0b747a45a" }, "details": "Google Chrome Releases reports:\n\n> 37 security fixes in this release, including:\n>\n> - \\[778505\\] Critical CVE-2017-15407: Out of bounds write in QUIC.\n> Reported by Ned Williamson on 2017-10-26\n> - \\[762374\\] High CVE-2017-15408: Heap buffer overflow in PDFium.\n> Reported by Ke Liu of Tencent\\'s Xuanwu LAB on 2017-09-06\n> - \\[763972\\] High CVE-2017-15409: Out of bounds write in Skia.\n> Reported by Anonymous on 2017-09-11\n> - \\[765921\\] High CVE-2017-15410: Use after free in PDFium. Reported\n> by Luat Nguyen of KeenLab, Tencent on 2017-09-16\n> - \\[770148\\] High CVE-2017-15411: Use after free in PDFium. Reported\n> by Luat Nguyen of KeenLab, Tencent on 2017-09-29\n> - \\[727039\\] High CVE-2017-15412: Use after free in libXML. Reported\n> by Nick Wellnhofer on 2017-05-27\n> - \\[766666\\] High CVE-2017-15413: Type confusion in WebAssembly.\n> Reported by Gaurav Dewan of Adobe Systems India Pvt. Ltd. on\n> 2017-09-19\n> - \\[765512\\] Medium CVE-2017-15415: Pointer information disclosure in\n> IPC call. Reported by Viktor Brange of Microsoft Offensive Security\n> Research Team on 2017-09-15\n> - \\[779314\\] Medium CVE-2017-15416: Out of bounds read in Blink.\n> Reported by Ned Williamson on 2017-10-28\n> - \\[699028\\] Medium CVE-2017-15417: Cross origin information\n> disclosure in Skia. Reported by Max May on 2017-03-07\n> - \\[765858\\] Medium CVE-2017-15418: Use of uninitialized value in\n> Skia. Reported by Kushal Arvind Shah of Fortinet\\'s FortiGuard Labs\n> on 2017-09-15\n> - \\[780312\\] Medium CVE-2017-15419: Cross origin leak of redirect URL\n> in Blink. Reported by Jun Kokatsu on 2017-10-31\n> - \\[777419\\] Medium CVE-2017-15420: URL spoofing in Omnibox. Reported\n> by WenXu Wu of Tencent\\'s Xuanwu Lab on 2017-10-23\n> - \\[774382\\] Medium CVE-2017-15422: Integer overflow in ICU. Reported\n> by Yuan Deng of Ant-financial Light-Year Security Lab on 2017-10-13\n> - \\[780484\\] Medium CVE-2017-15430: Unsafe navigation in Chromecast\n> Plugin. Reported by jinmo123 on 2017-01-11\n> - \\[778101\\] Low CVE-2017-15423: Issue with SPAKE implementation in\n> BoringSSL. Reported by Greg Hudson on 2017-10-25\n> - \\[756226\\] Low CVE-2017-15424: URL Spoof in Omnibox. Reported by\n> Khalil Zhani on 2017-08-16\n> - \\[756456\\] Low CVE-2017-15425: URL Spoof in Omnibox. Reported by\n> xisigr of Tencent\\'s Xuanwu Lab on 2017-08-17\n> - \\[757735\\] Low CVE-2017-15426: URL Spoof in Omnibox. Reported by\n> WenXu Wu of Tencent\\'s Xuanwu Lab on 2017-08-18\n> - \\[768910\\] Low CVE-2017-15427: Insufficient blocking of Javascript\n> in Omnibox. Reported by Junaid Farhan on 2017-09-26\n> - \\[792099\\] Various fixes from internal audits, fuzzing and other\n> initiatives\n", "id": "FreeBSD-2018-0013", "modified": "2018-01-23T00:00:00Z", "published": "2018-01-23T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://chromereleases.googleblog.com/2017/12/stable-channel-update-for-desktop.html" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-15407" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-15408" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-15409" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-15410" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-15411" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-15412" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-15413" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-15415" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-15416" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-15417" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-15418" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-15419" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-15420" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-15422" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-15430" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-15423" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-15424" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-15425" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-15426" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-15427" }, { "type": "WEB", "url": "https://chromereleases.googleblog.com/2017/12/stable-channel-update-for-desktop.html" } ], "schema_version": "1.7.0", "summary": "chromium -- multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "chromium" }, "ranges": [ { "events": [ { "fixed": "62.0.3202.94" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://chromereleases.googleblog.com/2017/11/stable-channel-update-for-desktop_13.html" ], "discovery": "2017-11-13T00:00:00Z", "references": { "cvename": [ "CVE-2017-15428" ] }, "vid": "82894193-ffd4-11e7-8b91-e8e0b747a45a" }, "details": "Google Chrome Releases reports:\n\n> 1 security fix in this release, including:\n>\n> - \\[782145\\] High CVE-2017-15428: Out of bounds read in V8. Reported\n> by Zhao Qixun of Qihoo 360 Vulcan Team on 2017-11-07\n", "id": "FreeBSD-2018-0012", "modified": "2018-01-23T00:00:00Z", "published": "2018-01-23T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://chromereleases.googleblog.com/2017/11/stable-channel-update-for-desktop_13.html" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-15428" }, { "type": "WEB", "url": "https://chromereleases.googleblog.com/2017/11/stable-channel-update-for-desktop_13.html" } ], "schema_version": "1.7.0", "summary": "chromium -- out of bounds read" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "unbound" }, "ranges": [ { "events": [ { "fixed": "1.6.8" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://unbound.net/downloads/CVE-2017-15105.txt" ], "discovery": "2017-10-08T00:00:00Z", "references": { "cvename": [ "CVE-2017-15105" ], "freebsdpr": [ "ports/225313" ] }, "vid": "8d3bae09-fd28-11e7-95f2-005056925db4" }, "details": "Unbound reports:\n\n> We discovered a vulnerability in the processing of wildcard\n> synthesized NSEC records. While synthesis of NSEC records is allowed\n> by RFC4592, these synthesized owner names should not be used in the\n> NSEC processing. This does, however, happen in Unbound 1.6.7 and\n> earlier versions.\n", "id": "FreeBSD-2018-0011", "modified": "2018-01-19T00:00:00Z", "published": "2018-01-19T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://unbound.net/downloads/CVE-2017-15105.txt" }, { "type": "WEB", "url": "https://unbound.net/downloads/CVE-2017-15105.txt" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-15105" }, { "type": "REPORT", "url": "https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=225313" } ], "schema_version": "1.7.0", "summary": "unbound -- vulnerability in the processing of wildcard synthesized NSEC records" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "phpbb3" }, "ranges": [ { "events": [ { "fixed": "3.2.2" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://wiki.phpbb.com/Release_Highlights/3.2.2" ], "discovery": "2018-01-07T00:00:00Z", "vid": "8e89a89a-fd15-11e7-bdf6-00e04c1ea73d" }, "details": "phpbb developers reports:\n\n> Password updater working with PostgreSQL - The cron for updating\n> legacy password hashes was running invalid queries on PostgreSQL.\n>\n> Deleting orphaned attachments w/ large number of orphaned\n> attachments - Orphaned attachment deletion was improved to be able to\n> delete them when a large number of orphaned attachments exist.\n>\n> Multiple bugfixes for retrieving image size - Multiple issues with\n> retrieving the image size of JPEGs and temporary files were resolved.\n>\n> Issues with updating from phpBB 3.0.6 - Inconsistencies in the way\n> parent modules were treated caused issues with updating from older\n> phpBB 3.0 versions.\n>\n> Forum / topic icon blurriness - Fixed issues with forum and topic\n> icons looking blurry on some browsers.\n", "id": "FreeBSD-2018-0010", "modified": "2018-01-19T00:00:00Z", "published": "2018-01-19T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://wiki.phpbb.com/Release_Highlights/3.2.2" }, { "type": "WEB", "url": "https://wiki.phpbb.com/Release_Highlights/3.2.2" } ], "schema_version": "1.7.0", "summary": "phpbb3 -- multiple issues" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "mariadb55-server" }, "ranges": [ { "events": [ { "fixed": "5.5.59" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "mariadb100-server" }, "ranges": [ { "events": [ { "fixed": "10.0.34" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "mariadb101-server" }, "ranges": [ { "events": [ { "fixed": "10.1.31" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "mariadb102-server" }, "ranges": [ { "events": [ { "fixed": "10.2.13" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "mysql55-server" }, "ranges": [ { "events": [ { "fixed": "5.5.59" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "mysql56-server" }, "ranges": [ { "events": [ { "fixed": "5.6.39" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "mysql57-server" }, "ranges": [ { "events": [ { "fixed": "5.7.21" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "percona55-server" }, "ranges": [ { "events": [ { "fixed": "5.5.59" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "percona56-server" }, "ranges": [ { "events": [ { "fixed": "5.6.39" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "percona57-server" }, "ranges": [ { "events": [ { "fixed": "5.7.21" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html#AppendixMSQL" ], "discovery": "2017-01-18T00:00:00Z", "references": { "cvename": [ "CVE-2018-2562", "CVE-2018-2565", "CVE-2018-2573", "CVE-2018-2576", "CVE-2018-2583", "CVE-2018-2586", "CVE-2018-2590", "CVE-2018-2591", "CVE-2018-2600", "CVE-2018-2612", "CVE-2018-2622", "CVE-2018-2640", "CVE-2018-2645", "CVE-2018-2646", "CVE-2018-2647", "CVE-2018-2665", "CVE-2018-2667", "CVE-2018-2668", "CVE-2018-2696", "CVE-2018-2703" ] }, "vid": "e3445736-fd01-11e7-ac58-b499baebfeaf" }, "details": "Oracle reports:\n\n> Not all vulnerabilities are relevant for all flavors/versions of the\n> servers and clients\n>\n> - Vulnerability allows low privileged attacker with network access via\n> multiple protocols to compromise MySQL Server. Successful attacks of\n> this vulnerability can result in unauthorized ability to cause a\n> hang or frequently repeatable crash (complete DOS) of MySQL Server.\n> GIS: CVE-2018-2573, DDL CVE-2018-2622, Optimizer: CVE-2018-2640,\n> CVE-2018-2665, CVE-2018-2668, Security:Privileges: CVE-2018-2703,\n> Partition: CVE-2018-2562.\n> - Vulnerability allows high privileged attacker with network access\n> via multiple protocols to compromise MySQL Server. Successful\n> attacks of this vulnerability can result in unauthorized ability to\n> cause a hang or frequently repeatable crash (complete DOS) of MySQL\n> Server. InnoDB: CVE-2018-2565, CVE-2018-2612 DML: CVE-2018-2576,\n> CVE-2018-2646, Stored Procedure: CVE-2018-2583, Performance Schema:\n> CVE-2018-2590, Partition: CVE-2018-2591, Optimizer: CVE-2018-2600,\n> CVE-2018-2667, Security:Privileges: CVE-2018-2696, Replication:\n> CVE-2018-2647.\n> - Vulnerability allows a low or high privileged attacker with network\n> access via multiple protocols to compromise MySQL Server with\n> unauthorized creation, deletion, modification or access to data/\n> critical data. InnoDB: CVE-2018-2612, Performance Schema:\n> CVE-2018-2645, Replication: CVE-2018-2647, Partition: CVE-2018-2562.\n", "id": "FreeBSD-2018-0009", "modified": "2018-01-19T00:00:00Z", "published": "2018-01-19T00:00:00Z", "references": [ { "type": "REPORT", "url": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html#AppendixMSQL" }, { "type": "WEB", "url": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html#AppendixMSQL" }, { "type": "WEB", "url": "https://mariadb.com/kb/en/library/mariadb-5559-release-notes/" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-2562" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-2565" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-2573" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-2576" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-2583" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-2586" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-2590" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-2591" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-2600" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-2612" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-2622" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-2640" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-2645" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-2646" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-2647" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-2665" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-2667" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-2668" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-2696" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-2703" } ], "schema_version": "1.7.0", "summary": "MySQL -- multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "wordpress" }, "ranges": [ { "events": [ { "fixed": "4.9.2,1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "fr-wordpress" }, "ranges": [ { "events": [ { "fixed": "4.9.2,1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "de-wordpress" }, "ranges": [ { "events": [ { "fixed": "4.9.2" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "ja-wordpress" }, "ranges": [ { "events": [ { "fixed": "4.9.2" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "ru-wordpress" }, "ranges": [ { "events": [ { "fixed": "4.9.2" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "zh-wordpress-zh_CN" }, "ranges": [ { "events": [ { "fixed": "4.9.2" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "zh-wordpress-zh_TW" }, "ranges": [ { "events": [ { "fixed": "4.9.2" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://wordpress.org/news/2018/01/wordpress-4-9-2-security-and-maintenance-release/" ], "discovery": "2018-01-16T00:00:00Z", "vid": "c04dc18f-fcde-11e7-bdf6-00e04c1ea73d" }, "details": "wordpress developers reports:\n\n> JavaScript errors that prevented saving posts in Firefox have been\n> fixed.\n>\n> The previous taxonomy-agnostic behavior of get_category_link() and\n> category_description() was restored.\n>\n> Switching themes will now attempt to restore previous widget\n> assignments, even when there are no sidebars to map.\n", "id": "FreeBSD-2018-0008", "modified": "2018-01-19T00:00:00Z", "published": "2018-01-19T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://wordpress.org/news/2018/01/wordpress-4-9-2-security-and-maintenance-release/" }, { "type": "WEB", "url": "https://wordpress.org/news/2018/01/wordpress-4-9-2-security-and-maintenance-release/" } ], "schema_version": "1.7.0", "summary": "wordpress -- multiple issues" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "gitlab" }, "ranges": [ { "events": [ { "fixed": "10.1.6" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://about.gitlab.com/2018/01/16/gitlab-10-dot-3-dot-4-released/" ], "discovery": "2018-01-16T00:00:00Z", "references": { "cvename": [ "CVE-2017-0915", "CVE-2018-3710" ] }, "vid": "65fab89f-2231-46db-8541-978f4e87f32a" }, "details": "GitLab developers report:\n\n> Today we are releasing versions 10.3.4, 10.2.6, and 10.1.6 for GitLab\n> Community Edition (CE) and Enterprise Edition (EE).\n>\n> These versions contain a number of important security fixes, including\n> two that prevent remote code execution, and we strongly recommend that\n> all GitLab installations be upgraded to one of these versions\n> immediately.\n", "id": "FreeBSD-2018-0007", "modified": "2018-01-17T00:00:00Z", "published": "2018-01-17T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://about.gitlab.com/2018/01/16/gitlab-10-dot-3-dot-4-released/" }, { "type": "WEB", "url": "https://about.gitlab.com/2018/01/16/gitlab-10-dot-3-dot-4-released/" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-0915" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-3710" } ], "schema_version": "1.7.0", "summary": "gitlab -- Remote code execution on project import" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "transmission-daemon" }, "ranges": [ { "events": [ { "last_affected": "2.92_3" }, { "fixed": "2.92_3" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://bugs.chromium.org/p/project-zero/issues/detail?id=1447" ], "discovery": "2017-11-30T00:00:00Z", "vid": "3e5b8bd3-0c32-452f-a60e-beab7b762351" }, "details": "Google Project Zero reports:\n\n> The transmission bittorrent client uses a client/server architecture,\n> the user interface is the client which communicates to the worker\n> daemon using JSON RPC requests.\n>\n> As with all HTTP RPC schemes like this, any website can send requests\n> to the daemon listening on localhost with XMLHttpRequest(), but the\n> theory is they will be ignored because clients must prove they can\n> read and set a specific header, X-Transmission-Session-Id.\n> Unfortunately, this design doesn\\'t work because of an attack called\n> \\\"DNS rebinding\\\". Any website can simply create a dns name that they\n> are authorized to communicate with, and then make it resolve to\n> localhost.\n>\n> Exploitation is simple, you could set script-torrent-done-enabled and\n> run any command, or set download-dir to /home/user/ and then upload a\n> torrent for .bashrc.\n", "id": "FreeBSD-2018-0006", "modified": "2018-01-14T00:00:00Z", "published": "2018-01-14T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://bugs.chromium.org/p/project-zero/issues/detail?id=1447" }, { "type": "WEB", "url": "https://bugs.chromium.org/p/project-zero/issues/detail?id=1447" }, { "type": "WEB", "url": "https://github.com/transmission/transmission/pull/468" } ], "schema_version": "1.7.0", "summary": "transmission-daemon -- vulnerable to dns rebinding attacks" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "xmltooling" }, "ranges": [ { "events": [ { "fixed": "1.6.3" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "xerces-c3" }, "ranges": [ { "events": [ { "fixed": "3.1.4" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://shibboleth.net/community/advisories/secadv_20180112.txt" ], "discovery": "2018-01-12T00:00:00Z", "references": { "cvename": [ "CVE-2018-0486" ] }, "vid": "3dbe9492-f7b8-11e7-a12d-6cc21735f730" }, "details": "Shibboleth consortium reports:\n\n> Shibboleth SP software vulnerable to forged user attribute data\n>\n> The Service Provider software relies on a generic XML parser to\n> process SAML responses and there are limitations in older versions of\n> the parser that make it impossible to fully disable Document Type\n> Definition (DTD) processing.\n>\n> Through addition/manipulation of a DTD, it\\'s possible to make changes\n> to an XML document that do not break a digital signature but are\n> mishandled by the SP and its libraries. These manipulations can alter\n> the user data passed through to applications behind the SP and result\n> in impersonation attacks and exposure of protected information.\n>\n> While newer versions of the xerces-c3 parser are configured by the SP\n> into disallowing the use of a DTD via an environment variable, this\n> feature is not present in the xerces-c3 parser before version 3.1.4,\n> so an additional fix is being provided now that an actual DTD exploit\n> has been identified. Xerces-c3-3.1.4 was committed to the ports tree\n> already on 2016-07-26.\n", "id": "FreeBSD-2018-0005", "modified": "2018-01-12T00:00:00Z", "published": "2018-01-12T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://shibboleth.net/community/advisories/secadv_20180112.txt" }, { "type": "WEB", "url": "https://shibboleth.net/community/advisories/secadv_20180112.txt" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-0486" } ], "schema_version": "1.7.0", "summary": "shibboleth-sp -- vulnerable to forged user attribute data" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "linux-flashplayer" }, "ranges": [ { "events": [ { "fixed": "28.0.0.137" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://helpx.adobe.com/security/products/flash-player/apsb18-01.html" ], "discovery": "2018-01-09T00:00:00Z", "references": { "cvename": [ "CVE-2018-4871" ] }, "vid": "9c016563-f582-11e7-b33c-6451062f0f7a" }, "details": "Adobe reports:\n\n> - This update resolves an out-of-bounds read vulnerability that could\n> lead to information disclosure (CVE-2018-4871).\n", "id": "FreeBSD-2018-0004", "modified": "2018-01-09T00:00:00Z", "published": "2018-01-09T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://helpx.adobe.com/security/products/flash-player/apsb18-01.html" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-4871" }, { "type": "WEB", "url": "https://helpx.adobe.com/security/products/flash-player/apsb18-01.html" } ], "schema_version": "1.7.0", "summary": "Flash Player -- information disclosure" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "awstats" }, "ranges": [ { "events": [ { "fixed": "7.7,1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-1000501" ], "discovery": "2018-01-03T00:00:00Z", "references": { "cvename": [ "CVE-2017-1000501" ], "freebsdpr": [ "ports/225007" ] }, "vid": "4055aee5-f4c6-11e7-95f2-005056925db4" }, "details": "Mitre reports:\n\n> Awstats version 7.6 and earlier is vulnerable to a path traversal flaw\n> in the handling of the \\\"config\\\" and \\\"migrate\\\" parameters resulting\n> in unauthenticated remote code execution.\n", "id": "FreeBSD-2018-0003", "modified": "2018-01-08T00:00:00Z", "published": "2018-01-08T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-1000501" }, { "type": "ADVISORY", "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-1000501" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-1000501" }, { "type": "REPORT", "url": "https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=225007" } ], "schema_version": "1.7.0", "summary": "awstats -- remote code execution" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "irssi" }, "ranges": [ { "events": [ { "fixed": "1.0.6,1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://irssi.org/security/irssi_sa_2018_01.txt" ], "discovery": "2018-01-03T00:00:00Z", "references": { "cvename": [ "CVE-2018-5205", "CVE-2018-5206", "CVE-2018-5207", "CVE-2018-5208" ], "freebsdpr": [ "ports/224954" ] }, "vid": "a3764767-f31e-11e7-95f2-005056925db4" }, "details": "Irssi reports:\n\n> When the channel topic is set without specifying a sender, Irssi may\n> dereference NULL pointer. Found by Joseph Bisch.\n>\n> When using incomplete escape codes, Irssi may access data beyond the\n> end of the string. Found by Joseph Bisch.\n>\n> A calculation error in the completion code could cause a heap buffer\n> overflow when completing certain strings. Found by Joseph Bisch.\n>\n> When using an incomplete variable argument, Irssi may access data\n> beyond the end of the string. Found by Joseph Bisch.\n", "id": "FreeBSD-2018-0002", "modified": "2018-01-06T00:00:00Z", "published": "2018-01-06T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://irssi.org/security/irssi_sa_2018_01.txt" }, { "type": "WEB", "url": "https://irssi.org/security/irssi_sa_2018_01.txt" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-5205" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-5206" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-5207" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2018-5208" }, { "type": "REPORT", "url": "https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=224954" } ], "schema_version": "1.7.0", "summary": "irssi -- multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "firefox" }, "ranges": [ { "events": [ { "fixed": "57.0.4,1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "waterfox" }, "ranges": [ { "events": [ { "fixed": "56.0.2" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://www.mozilla.org/en-US/security/advisories/mfsa2018-01/" ], "discovery": "2018-01-04T00:00:00Z", "vid": "8429711b-76ca-474e-94a0-6b980f1e2d47" }, "details": "Mozilla Foundation reports:\n\n> **Jann Horn** of Google Project Zero Security reported that\n> speculative execution performed by modern CPUs could leak information\n> through a timing side-channel attack. Microsoft Vulnerability Research\n> extended this attack to browser JavaScript engines and demonstrated\n> that code on a malicious web page could read data from other web sites\n> (violating the same-origin policy) or private data from the browser\n> itself.\n>\n> Since this new class of attacks involves measuring precise time\n> intervals, as a parti al, short-term, mitigation we are disabling or\n> reducing the precision of several time sources in Firefox. The\n> precision of `performance.now()` has been reduced from 5\u03bcs to 20\u03bcs,\n> and the `SharedArrayBuffer` feature has been disabled because it can\n> be used to construct a high-resolution timer.\n", "id": "FreeBSD-2018-0001", "modified": "2018-01-05T00:00:00Z", "published": "2018-01-05T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2018-01/" }, { "type": "WEB", "url": "https://www.mozilla.org/security/advisories/mfsa2018-01/" } ], "schema_version": "1.7.0", "summary": "mozilla -- Speculative execution side-channel attack" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "otrs" }, "ranges": [ { "events": [ { "fixed": "5.0.26" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://www.otrs.com/security-advisory-2017-07-security-update-otrs-framework/", "https://www.otrs.com/security-advisory-2017-08-security-update-otrs-framework/", "https://www.otrs.com/security-advisory-2017-09-security-update-otrs-framework/", "https://www.otrs.com/security-advisory-2017-10-security-update-otrs-framework/" ], "discovery": "2017-11-21T00:00:00Z", "references": { "cvename": [ "CVE-2017-16664", "CVE-2017-16854", "CVE-2017-16921" ], "freebsdpr": [ "ports/224729" ] }, "vid": "cebd05d6-ed7b-11e7-95f2-005056925db4" }, "details": "OTRS reports:\n\n> An attacker who is logged into OTRS as an agent can request special\n> URLs from OTRS which can lead to the execution of shell commands with\n> the permissions of the web server user.\n\n> An attacker who is logged into OTRS as a customer can use the ticket\n> search form to disclose internal article information of their customer\n> tickets.\n\n> An attacker who is logged into OTRS as an agent can manipulate form\n> parameters and execute arbitrary shell commands with the permissions\n> of the OTRS or web server user.\n\n> An attacker can send a specially prepared email to an OTRS system. If\n> this system has cookie support disabled, and a logged in agent clicks\n> a link in this email, the session information could be leaked to\n> external systems, allowing the attacker to take over the agent's\n> session.\n", "id": "FreeBSD-2017-0327", "modified": "2017-12-30T00:00:00Z", "published": "2017-12-30T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://www.otrs.com/security-advisory-2017-07-security-update-otrs-framework/" }, { "type": "REPORT", "url": "https://www.otrs.com/security-advisory-2017-08-security-update-otrs-framework/" }, { "type": "REPORT", "url": "https://www.otrs.com/security-advisory-2017-09-security-update-otrs-framework/" }, { "type": "REPORT", "url": "https://www.otrs.com/security-advisory-2017-10-security-update-otrs-framework/" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-16664" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-16854" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-16921" }, { "type": "REPORT", "url": "https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=224729" }, { "type": "WEB", "url": "https://www.otrs.com/security-advisory-2017-07-security-update-otrs-framework/" }, { "type": "WEB", "url": "https://www.otrs.com/security-advisory-2017-08-security-update-otrs-framework/" }, { "type": "WEB", "url": "https://www.otrs.com/security-advisory-2017-09-security-update-otrs-framework/" }, { "type": "WEB", "url": "https://www.otrs.com/security-advisory-2017-10-security-update-otrs-framework/" } ], "schema_version": "1.7.0", "summary": "OTRS -- Multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "bouncycastle" }, "ranges": [ { "events": [ { "fixed": "1.59" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "bouncycastle15" }, "ranges": [ { "events": [ { "fixed": "1.59" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://www.bouncycastle.org/releasenotes.html" ], "discovery": "2017-12-12T00:00:00Z", "references": { "cvename": [ "CVE-2017-13098" ] }, "vid": "6a131fbf-ec76-11e7-aa65-001b216d295b" }, "details": "The Legion of the Bouncy Castle reports:\n\n> Release: 1.59\n>\n> CVE-2017-13098 (\\\"ROBOT\\\"), a Bleichenbacher oracle in TLS when RSA\n> key exchange is negotiated. This potentially affected BCJSSE servers\n> and any other TLS servers configured to use JCE for the underlying\n> crypto - note the two TLS implementations using the BC lightweight\n> APIs are not affected by this.\n", "id": "FreeBSD-2017-0326", "modified": "2017-12-29T00:00:00Z", "published": "2017-12-29T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://www.bouncycastle.org/releasenotes.html" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-13098" }, { "type": "WEB", "url": "https://www.bouncycastle.org/releasenotes.html" } ], "schema_version": "1.7.0", "summary": "The Bouncy Castle Crypto APIs: CVE-2017-13098 (\"ROBOT\")" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "thunderbird" }, "ranges": [ { "events": [ { "fixed": "52.5.2" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "linux-thunderbird" }, "ranges": [ { "events": [ { "fixed": "52.5.2" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://www.mozilla.org/en-US/security/advisories/mfsa2017-30/" ], "discovery": "2017-12-22T00:00:00Z", "references": { "cvename": [ "CVE-2017-7829", "CVE-2017-7845", "CVE-2017-7846", "CVE-2017-7847", "CVE-2017-7848" ] }, "vid": "6a09c80e-6ec7-442a-bc65-d72ce69fd887" }, "details": "Mozilla Foundation reports:\n\n> CVE-2017-7845: Buffer overflow when drawing and validating elements\n> with ANGLE library using Direct 3D 9\n>\n> CVE-2017-7846: JavaScript Execution via RSS in mailbox:// origin\n>\n> CVE-2017-7847: Local path string can be leaked from RSS feed\n>\n> CVE-2017-7848: RSS Feed vulnerable to new line Injection\n>\n> CVE-2017-7829: Mailsploit part 1: From address with encoded null\n> character is cut off in message header display\n", "id": "FreeBSD-2017-0325", "modified": "2017-12-25T00:00:00Z", "published": "2017-12-25T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-30/" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-7829" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-7845" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-7846" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-7847" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-7848" }, { "type": "WEB", "url": "https://www.mozilla.org/security/advisories/mfsa2017-30/" } ], "schema_version": "1.7.0", "summary": "mozilla -- multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "phpMyAdmin" }, "ranges": [ { "events": [ { "introduced": "4.7.0" }, { "fixed": "4.7.7" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://www.phpmyadmin.net/security/PMASA-2017-9/" ], "discovery": "2017-12-23T00:00:00Z", "vid": "63eb2b11-e802-11e7-a58c-6805ca0b3d42" }, "details": "The phpMyAdmin team reports:\n\n> ### Description\n>\n> By deceiving a user to click on a crafted URL, it is possible to\n> perform harmful database operations such as deleting records,\n> dropping/truncating tables etc.\n>\n> ### Severity\n>\n> We consider this vulnerability to be critical.\n", "id": "FreeBSD-2017-0324", "modified": "2017-12-23T00:00:00Z", "published": "2017-12-23T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://www.phpmyadmin.net/security/PMASA-2017-9/" }, { "type": "WEB", "url": "https://www.phpmyadmin.net/security/PMASA-2017-9/" } ], "schema_version": "1.7.0", "summary": "phpMyAdmin -- XSRF/CSRF vulnerability" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "asterisk13" }, "ranges": [ { "events": [ { "fixed": "13.18.5" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://www.asterisk.org/downloads/security-advisories" ], "discovery": "2017-12-12T00:00:00Z", "references": { "cvename": [ "CVE-2017-17850" ] }, "vid": "2a3bc6ac-e7c6-11e7-a90b-001999f8d30b" }, "details": "The Asterisk project reports:\n\n> A select set of SIP messages create a dialog in Asterisk. Those SIP\n> messages must contain a contact header. For those messages, if the\n> header was not present and using the PJSIP channel driver, it would\n> cause Asterisk to crash. The severity of this vulnerability is\n> somewhat mitigated if authentication is enabled. If authentication is\n> enabled a user would have to first be authorized before reaching the\n> crash point.\n", "id": "FreeBSD-2017-0323", "modified": "2017-12-23T00:00:00Z", "published": "2017-12-23T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://www.asterisk.org/downloads/security-advisories" }, { "type": "WEB", "url": "https://downloads.asterisk.org/pub/security/AST-2017-014.html" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-17850" } ], "schema_version": "1.7.0", "summary": "asterisk -- Crash in PJSIP resource when missing a contact header" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "mariadb101-client" }, "ranges": [ { "events": [ { "fixed": "10.1.30" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "mariadb102-client" }, "ranges": [ { "events": [ { "fixed": "10.2.10" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://mariadb.com/kb/en/library/mariadb-10130-release-notes/" ], "discovery": "2017-12-23T00:00:00Z", "references": { "cvename": [ "CVE-2017-15365" ] }, "vid": "b7d89082-e7c0-11e7-ac58-b499baebfeaf" }, "details": "The MariaDB project reports:\n\n> Fixes for the following security vulnerabilities: CVE-2017-15365\n", "id": "FreeBSD-2017-0322", "modified": "2017-12-23T00:00:00Z", "published": "2017-12-23T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://mariadb.com/kb/en/library/mariadb-10130-release-notes/" }, { "type": "WEB", "url": "https://mariadb.com/kb/en/library/mariadb-10130-release-notes/" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-15365" } ], "schema_version": "1.7.0", "summary": "MariaDB -- unspecified vulnerability" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "rsync" }, "ranges": [ { "events": [ { "introduced": "3.1.2" }, { "last_affected": "3.1.2_7" }, { "fixed": "3.1.2_7" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16548", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17433", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17434" ], "discovery": "2017-12-17T00:00:00Z", "references": { "cvename": [ "CVE-2017-16548", "CVE-2017-17433", "CVE-2017-17434" ], "freebsdpr": [ "ports/224477" ] }, "vid": "72fff788-e561-11e7-8097-0800271d4b9c" }, "details": "Jeriko One reports:\n\n> The receive_xattr function in xattrs.c in rsync 3.1.2 and\n> 3.1.3-development does not check for a trailing \\'\\\\0\\' character in\n> an xattr name, which allows remote attackers to cause a denial of\n> service (heap-based buffer over-read and application crash) or\n> possibly have unspecified other impact by sending crafted data to the\n> daemon.\n\n> The recv_files function in receiver.c in the daemon in rsync 3.1.2,\n> and 3.1.3-development before 2017-12-03, proceeds with certain file\n> metadata updates before checking for a filename in the\n> daemon_filter_list data structure, which allows remote attackers to\n> bypass intended access restrictions.\n\n> The daemon in rsync 3.1.2, and 3.1.3-development before 2017-12-03,\n> does not check for fnamecmp filenames in the daemon_filter_list data\n> structure (in the recv_files function in receiver.c) and also does not\n> apply the sanitize_paths protection mechanism to pathnames found in\n> \\\"xname follows\\\" strings (in the read_ndx_and_attrs function in\n> rsync.c), which allows remote attackers to bypass intended access\n> restrictions.\n", "id": "FreeBSD-2017-0321", "modified": "2017-12-31T00:00:00Z", "published": "2017-12-20T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16548" }, { "type": "REPORT", "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17433" }, { "type": "REPORT", "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17434" }, { "type": "ADVISORY", "url": "https://www.debian.org/security/2017/dsa-4068" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-16548" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-17433" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-17434" }, { "type": "REPORT", "url": "https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=224477" } ], "schema_version": "1.7.0", "summary": "rsync -- multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "ruby" }, "ranges": [ { "events": [ { "introduced": "2.2.0,1" }, { "fixed": "2.2.9,1" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "2.3.0,1" }, { "fixed": "2.3.6,1" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "2.4.0,1" }, { "fixed": "2.4.3,1" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://www.ruby-lang.org/en/news/2017/12/14/net-ftp-command-injection-cve-2017-17405/" ], "discovery": "2017-12-14T00:00:00Z", "references": { "cvename": [ "CVE-2017-17405" ] }, "vid": "dd644964-e10e-11e7-8097-0800271d4b9c" }, "details": "Etienne Stalmans from the Heroku product security team reports:\n\n> There is a command injection vulnerability in Net::FTP bundled with\n> Ruby.\n>\n> `Net::FTP#get`, `getbinaryfile`, `gettextfile`, `put`,\n> `putbinaryfile`, and `puttextfile` use `Kernel#open` to open a local\n> file. If the `localfile` argument starts with the pipe character\n> `\"|\"`, the command following the pipe character is executed. The\n> default value of `localfile` is `File.basename(remotefile)`, so\n> malicious FTP servers could cause arbitrary command execution.\n", "id": "FreeBSD-2017-0320", "modified": "2017-12-14T00:00:00Z", "published": "2017-12-14T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://www.ruby-lang.org/en/news/2017/12/14/net-ftp-command-injection-cve-2017-17405/" }, { "type": "WEB", "url": "https://www.ruby-lang.org/en/news/2017/12/14/net-ftp-command-injection-cve-2017-17405/" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-17405" } ], "schema_version": "1.7.0", "summary": "ruby -- Command injection vulnerability in Net::FTP" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "rubygem-passenger" }, "ranges": [ { "events": [ { "introduced": "5.0.10" }, { "fixed": "5.1.11" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://blog.phusion.nl/2017/10/13/passenger-security-advisory-5-1-11/" ], "discovery": "2017-10-13T00:00:00Z", "references": { "cvename": [ "CVE-2017-16355" ] }, "vid": "8cf25a29-e063-11e7-9b2c-001e672571bc" }, "details": "Phusion reports:\n\n> The cPanel Security Team discovered a vulnerability in Passenger that\n> allows users to list the contents of arbitrary files on the system.\n> CVE-2017-16355 has been assigned to this issue.\n", "id": "FreeBSD-2017-0319", "modified": "2017-12-18T00:00:00Z", "published": "2017-12-18T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://blog.phusion.nl/2017/10/13/passenger-security-advisory-5-1-11/" }, { "type": "WEB", "url": "https://blog.phusion.nl/2017/10/13/passenger-security-advisory-5-1-11/" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-16355" } ], "schema_version": "1.7.0", "summary": "rubygem-passenger -- arbitrary file read vulnerability" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "libXfont" }, "ranges": [ { "events": [ { "fixed": "1.5.4" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "libXfont2" }, "ranges": [ { "events": [ { "fixed": "2.0.3" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://cgit.freedesktop.org/xorg/lib/libXfont/commit/?id=7b377456f95d2ec3ead40f4fb74ea620191f88c8" ], "discovery": "2017-11-25T00:00:00Z", "references": { "cvename": [ "CVE-2017-16611" ] }, "vid": "08a125f3-e35a-11e7-a293-54e1ad3d6335" }, "details": "the freedesktop.org project reports:\n\n> A non-privileged X client can instruct X server running under root to\n> open any file by creating own directory with \\\"fonts.dir\\\",\n> \\\"fonts.alias\\\" or any font file being a symbolic link to any other\n> file in the system. X server will then open it. This can be issue with\n> special files such as /dev/watchdog.\n", "id": "FreeBSD-2017-0318", "modified": "2017-12-17T00:00:00Z", "published": "2017-12-17T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://cgit.freedesktop.org/xorg/lib/libXfont/commit/?id=7b377456f95d2ec3ead40f4fb74ea620191f88c8" }, { "type": "WEB", "url": "https://cgit.freedesktop.org/xorg/lib/libXfont/commit/?id=7b377456f95d2ec3ead40f4fb74ea620191f88c8" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-16611" } ], "schema_version": "1.7.0", "summary": "libXfont -- permission bypass when opening files through symlinks" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "libXfont" }, "ranges": [ { "events": [ { "fixed": "1.5.3" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "libXfont2" }, "ranges": [ { "events": [ { "fixed": "2.0.2" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://cgit.freedesktop.org/xorg/lib/libXfont/commit/?id=d1e670a4a8704b8708e493ab6155589bcd570608", "https://cgit.freedesktop.org/xorg/lib/libXfont/commit/?id=672bb944311392e2415b39c0d63b1e1902906bcd" ], "discovery": "2017-10-04T00:00:00Z", "references": { "cvename": [ "CVE-2017-13720", "CVE-2017-13722" ] }, "vid": "3b9590a1-e358-11e7-a293-54e1ad3d6335" }, "details": "The freedesktop.org project reports:\n\n> If a pattern contains \\'?\\' character, any character in the string is\n> skipped, even if it is \\'\\\\0\\'. The rest of the matching then reads\n> invalid memory.\n\n> Without the checks a malformed PCF file can cause the library to make\n> atom from random heap memory that was behind the \\`strings\\` buffer.\n> This may crash the process or leak information.\n", "id": "FreeBSD-2017-0317", "modified": "2017-12-17T00:00:00Z", "published": "2017-12-17T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://cgit.freedesktop.org/xorg/lib/libXfont/commit/?id=d1e670a4a8704b8708e493ab6155589bcd570608" }, { "type": "REPORT", "url": "https://cgit.freedesktop.org/xorg/lib/libXfont/commit/?id=672bb944311392e2415b39c0d63b1e1902906bcd" }, { "type": "WEB", "url": "https://cgit.freedesktop.org/xorg/lib/libXfont/commit/?id=d1e670a4a8704b8708e493ab6155589bcd570608" }, { "type": "WEB", "url": "https://cgit.freedesktop.org/xorg/lib/libXfont/commit/?id=672bb944311392e2415b39c0d63b1e1902905bcd" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-13720" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-13722" } ], "schema_version": "1.7.0", "summary": "libXfont -- multiple memory leaks" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "libXcursor" }, "ranges": [ { "events": [ { "fixed": "1.1.15" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "http://seclists.org/oss-sec/2017/q4/339" ], "discovery": "2017-11-28T00:00:00Z", "references": { "cvename": [ "CVE-2017-16612" ] }, "vid": "ddecde18-e33b-11e7-a293-54e1ad3d6335" }, "details": "The freedesktop.org project reports:\n\n> It is possible to trigger heap overflows due to an integer overflow\n> while parsing images and a signedness issue while parsing comments.\n>\n> The integer overflow occurs because the chosen limit 0x10000 for\n> dimensions is too large for 32 bit systems, because each pixel takes 4\n> bytes. Properly chosen values allow an overflow which in turn will\n> lead to less allocated memory than needed for subsequent reads.\n>\n> The signedness bug is triggered by reading the length of a comment as\n> unsigned int, but casting it to int when calling the function\n> XcursorCommentCreate. Turning length into a negative value allows the\n> check against XCURSOR_COMMENT_MAX_LEN to pass, and the following\n> addition of sizeof (XcursorComment) + 1 makes it possible to allocate\n> less memory than needed for subsequent reads.\n", "id": "FreeBSD-2017-0316", "modified": "2017-12-17T00:00:00Z", "published": "2017-12-17T00:00:00Z", "references": [ { "type": "REPORT", "url": "http://seclists.org/oss-sec/2017/q4/339" }, { "type": "WEB", "url": "http://seclists.org/oss-sec/2017/q4/339" }, { "type": "WEB", "url": "https://cgit.freedesktop.org/xorg/lib/libXcursor/commit/?id=4794b5dd34688158fb51a2943032569d3780c4b8" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-16612" } ], "schema_version": "1.7.0", "summary": "libXcursor -- integer overflow that can lead to heap buffer overflow" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "global" }, "ranges": [ { "events": [ { "introduced": "4.8.6" }, { "fixed": "6.6.1" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17531" ], "discovery": "2017-12-11T00:00:00Z", "references": { "cvename": [ "CVE-2017-17531" ] }, "vid": "48cca164-e269-11e7-be51-6599c735afc8" }, "details": "MITRE reports:\n\n> gozilla.c in GNU GLOBAL 4.8.6 does not validate strings before\n> launching the program specified by the BROWSER environment variable,\n> which might allow remote attackers to conduct argument-injection\n> attacks via a crafted URL.\n", "id": "FreeBSD-2017-0315", "modified": "2017-12-16T00:00:00Z", "published": "2017-12-16T00:00:00Z", "references": [ { "type": "REPORT", "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17531" }, { "type": "WEB", "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17531" }, { "type": "WEB", "url": "http://lists.gnu.org/archive/html/info-global/2017-12/msg00001.html" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-17531" } ], "schema_version": "1.7.0", "summary": "global -- gozilla vulnerability" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "jenkins" }, "ranges": [ { "events": [ { "fixed": "2.95" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "jenkins-lts" }, "ranges": [ { "events": [ { "fixed": "2.89.2" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://jenkins.io/security/advisory/2017-12-14/" ], "discovery": "2017-12-14T00:00:00Z", "vid": "7136e6b7-e1b3-11e7-a4d3-000c292ee6b8" }, "details": "The Jenkins project reports:\n\n> A race condition during Jenkins startup could result in the wrong\n> order of execution of commands during initialization.\n>\n> On Jenkins 2.81 and newer, including LTS 2.89.1, this could in rare\n> cases (we estimate less than 20% of new instances) result in failure\n> to initialize the setup wizard on the first startup.\n>\n> There is a very short window of time after startup during which\n> Jenkins may no longer show the \\\"Please wait while Jenkins is getting\n> ready to work\\\" message, but Cross-Site Request Forgery (CSRF)\n> protection may not yet be effective.\n", "id": "FreeBSD-2017-0314", "modified": "2017-12-15T00:00:00Z", "published": "2017-12-15T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://jenkins.io/security/advisory/2017-12-14/" }, { "type": "WEB", "url": "https://jenkins.io/security/advisory/2017-12-14/" } ], "schema_version": "1.7.0", "summary": "jenkins -- Two startup race conditions" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "node4" }, "ranges": [ { "events": [ { "fixed": "4.8.7" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "node6" }, "ranges": [ { "events": [ { "fixed": "6.12.2" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "node8" }, "ranges": [ { "events": [ { "fixed": "8.9.3" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "node" }, "ranges": [ { "events": [ { "fixed": "9.2.1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://nodejs.org/en/blog/vulnerability/december-2017-security-releases/" ], "discovery": "2017-12-08T00:00:00Z", "references": { "cvename": [ "CVE-2017-15896", "CVE-2017-15897", "CVE-2017-3738" ] }, "vid": "bea84a7a-e0c9-11e7-b4f3-11baa0c2df21" }, "details": "Node.js reports:\n\n> # Data Confidentiality/Integrity Vulnerability - CVE-2017-15896\n>\n> Node.js was affected by OpenSSL vulnerability CVE-2017-3737 in regards\n> to the use of SSL_read() due to TLS handshake failure. The result was\n> that an active network attacker could send application data to Node.js\n> using the TLS or HTTP2 modules in a way that bypassed TLS\n> authentication and encryption.\n>\n> # Uninitialized buffer vulnerability - CVE-2017-15897\n>\n> Node.js had a bug in versions 8.X and 9.X which caused buffers to not\n> be initialized when the encoding for the fill value did not match the\n> encoding specified. For example, \\'Buffer.alloc(0x100, \\\"This is not\n> correctly encoded\\\", \\\"hex\\\");\\' The buffer implementation was updated\n> such that the buffer will be initialized to all zeros in these cases.\n>\n> # Also included in OpenSSL update - CVE 2017-3738\n>\n> Note that CVE 2017-3738 of OpenSSL-1.0.2 affected Node but it was low\n> severity.\n", "id": "FreeBSD-2017-0313", "modified": "2017-12-14T00:00:00Z", "published": "2017-12-14T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://nodejs.org/en/blog/vulnerability/december-2017-security-releases/" }, { "type": "WEB", "url": "https://nodejs.org/en/blog/vulnerability/december-2017-security-releases/" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-15896" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-15897" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-3738" } ], "schema_version": "1.7.0", "summary": "node.js -- Data Confidentiality/Integrity Vulnerability, December 2017" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "gitlab" }, "ranges": [ { "events": [ { "introduced": "4.2.0" }, { "last_affected": "10.0.6" }, { "fixed": "10.0.6" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "10.1.0" }, { "last_affected": "10.1.4" }, { "fixed": "10.1.4" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "10.2.0" }, { "last_affected": "10.2.3" }, { "fixed": "10.2.3" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://about.gitlab.com/2017/12/08/gitlab-10-dot-2-dot-4-security-release/" ], "discovery": "2017-12-08T00:00:00Z", "vid": "e72a8864-e0bc-11e7-b627-d43d7e971a1b" }, "details": "GitLab reports:\n\n> # User without access to private Wiki can see it on the project page\n>\n> Matthias Burtscher reported that it was possible for a user to see a\n> private Wiki on the project page without having the corresponding\n> permission.\n>\n> # E-mail address disclosure through member search fields\n>\n> Hugo Geoffroy reported via HackerOne that it was possible to find out\n> the full e-mail address of any user by brute-forcing the member search\n> field.\n>\n> # Groups API leaks private projects\n>\n> An internal code review discovered that users were able to list\n> private projects they had no access to by using the Groups API.\n>\n> # Cross-Site Scripting (XSS) possible by editing a comment\n>\n> Sylvain Heiniger reported via HackerOne that it was possible for\n> arbitrary JavaScript code to be executed when editing a comment.\n>\n> # Issue API allows any user to create a new issue even when issues are restricted or disabled\n>\n> Mohammad Hasbini reported that any user could create a new issues in a\n> project even when issues were disabled or restricted to team members\n> in the project settings.\n", "id": "FreeBSD-2017-0312", "modified": "2017-12-14T00:00:00Z", "published": "2017-12-14T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://about.gitlab.com/2017/12/08/gitlab-10-dot-2-dot-4-security-release/" }, { "type": "WEB", "url": "https://about.gitlab.com/2017/12/08/gitlab-10-dot-2-dot-4-security-release/" } ], "schema_version": "1.7.0", "summary": "GitLab -- multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "tor" }, "ranges": [ { "events": [ { "fixed": "0.3.1.9" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://blog.torproject.org/new-stable-tor-releases-security-fixes-0319-03013-02914-02817-02516" ], "discovery": "2017-12-01T00:00:00Z", "references": { "cvename": [ "CVE-2017-8819" ] }, "vid": "36ef8753-d86f-11e7-ad28-0025908740c2" }, "details": "The Torproject.org reports:\n\n> - TROVE-2017-009: Replay-cache ineffective for v2 onion services\n> - TROVE-2017-010: Remote DoS attack against directory authorities\n> - TROVE-2017-011: An attacker can make Tor ask for a password\n> - TROVE-2017-012: Relays can pick themselves in a circuit path\n> - TROVE-2017-013: Use-after-free in onion service v2\n", "id": "FreeBSD-2017-0311", "modified": "2017-12-14T00:00:00Z", "published": "2017-12-14T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://blog.torproject.org/new-stable-tor-releases-security-fixes-0319-03013-02914-02817-02516" }, { "type": "WEB", "url": "https://blog.torproject.org/new-stable-tor-releases-security-fixes-0319-03013-02914-02817-02516" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-8819" } ], "schema_version": "1.7.0", "summary": "tor -- Use-after-free in onion service v2" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "asterisk13" }, "ranges": [ { "events": [ { "fixed": "13.18.4" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://www.asterisk.org/downloads/security-advisories" ], "discovery": "2017-12-12T00:00:00Z", "vid": "4a67450a-e044-11e7-accc-001999f8d30b" }, "details": "The Asterisk project reports:\n\n> If a compound RTCP packet is received containing more than one report\n> (for example a Receiver Report and a Sender Report) the RTCP stack\n> will incorrectly store report information outside of allocated memory\n> potentially causing a crash.\n", "id": "FreeBSD-2017-0310", "modified": "2017-12-13T00:00:00Z", "published": "2017-12-13T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://www.asterisk.org/downloads/security-advisories" }, { "type": "WEB", "url": "https://downloads.asterisk.org/pub/security/AST-2017-012.html" } ], "schema_version": "1.7.0", "summary": "asterisk -- Remote Crash Vulnerability in RTCP Stack" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "libxml2" }, "ranges": [ { "events": [ { "last_affected": "2.9.4" }, { "fixed": "2.9.4" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "discovery": "2017-05-10T00:00:00Z", "references": { "cvename": [ "CVE-2017-8872", "CVE-2017-9047", "CVE-2017-9048", "CVE-2017-9049", "CVE-2017-9050" ] }, "vid": "76e59f55-4f7a-4887-bcb0-11604004163a" }, "details": "libxml2 developers report:\n\nThe htmlParseTryOrFinish function in HTMLparser.c in libxml2 2.9.4\nallows attackers to cause a denial of service (buffer over-read) or\ninformation disclosure.\n\nA buffer overflow was discovered in libxml2 20904-GITv2.9.4-16-g0741801.\nThe function xmlSnprintfElementContent in valid.c is supposed to\nrecursively dump the element content definition into a char buffer\n\\'buf\\' of size \\'size\\'. The variable len is assigned strlen(buf). If\nthe content-\\>type is XML_ELEMENT_CONTENT_ELEMENT, then (i) the\ncontent-\\>prefix is appended to buf (if it actually fits) whereupon (ii)\ncontent-\\>name is written to the buffer. However, the check for whether\nthe content-\\>name actually fits also uses \\'len\\' rather than the\nupdated buffer length strlen(buf). This allows us to write about\n\\\"size\\\" many bytes beyond the allocated memory. This vulnerability\ncauses programs that use libxml2, such as PHP, to crash.\n\nlibxml2 20904-GITv2.9.4-16-g0741801 is vulnerable to a stack-based\nbuffer overflow. The function xmlSnprintfElementContent in valid.c is\nsupposed to recursively dump the element content definition into a char\nbuffer \\'buf\\' of size \\'size\\'. At the end of the routine, the function\nmay strcat two more characters without checking whether the current\nstrlen(buf) + 2 \\< size. This vulnerability causes programs that use\nlibxml2, such as PHP, to crash.\n\nlibxml2 20904-GITv2.9.4-16-g0741801 is vulnerable to a heap-based buffer\nover-read in the xmlDictComputeFastKey function in dict.c. This\nvulnerability causes programs that use libxml2, such as PHP, to crash.\nThis vulnerability exists because of an incomplete fix for libxml2 Bug\n759398.\n\nlibxml2 20904-GITv2.9.4-16-g0741801 is vulnerable to a heap-based buffer\nover-read in the xmlDictAddString function in dict.c. This vulnerability\ncauses programs that use libxml2, such as PHP, to crash. This\nvulnerability exists because of an incomplete fix for CVE-2016-1839.\n", "id": "FreeBSD-2017-0309", "modified": "2017-12-13T00:00:00Z", "published": "2017-12-13T00:00:00Z", "references": [ { "type": "WEB", "url": "https://bugzilla.gnome.org/show_bug.cgi?id=775200" }, { "type": "WEB", "url": "http://www.openwall.com/lists/oss-security/2017/05/15/1" }, { "type": "WEB", "url": "http://www.securityfocus.com/bid/98599" }, { "type": "WEB", "url": "http://www.openwall.com/lists/oss-security/2017/05/15/1" }, { "type": "WEB", "url": "http://www.securityfocus.com/bid/98556" }, { "type": "WEB", "url": "http://www.openwall.com/lists/oss-security/2017/05/15/1" }, { "type": "WEB", "url": "http://www.securityfocus.com/bid/98601" }, { "type": "WEB", "url": "http://www.openwall.com/lists/oss-security/2017/05/15/1" }, { "type": "WEB", "url": "http://www.securityfocus.com/bid/98568" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-8872" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-9047" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-9048" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-9049" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-9050" } ], "schema_version": "1.7.0", "summary": "libxml2 -- Multiple Issues" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "FreeBSD" }, "ranges": [ { "events": [ { "introduced": "11.1" }, { "fixed": "11.1_6" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "10.4" }, { "fixed": "10.4_5" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "10.3" }, { "fixed": "10.3_26" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "discovery": "2017-12-09T00:00:00Z", "references": { "cvename": [ "CVE-2016-0701", "CVE-2017-3737", "CVE-2017-3738" ], "freebsdsa": [ "SA-17:12.openssl" ] }, "vid": "9f7a0f39-ddc0-11e7-b5af-a4badb2f4699" }, "details": "# Problem Description:\n\nInvoking SSL_read()/SSL_write() while in an error state causes data to\nbe passed without being decrypted/encrypted directly from the SSL/TLS\nrecord layer.\n\nIn order to exploit this issue an application bug would have to be\npresent that resulted in a call to SSL_read()/SSL_write() being issued\nafter having already received a fatal error. \\[CVE-2017-3737\\]\n\nThere is an overflow bug in the x86_64 Montgomery multiplication\nprocedure used in exponentiation with 1024-bit moduli. This only affects\nprocessors that support the AVX2 but not ADX extensions like Intel\nHaswell (4th generation). \\[CVE-2017-3738\\] This bug only affects\nFreeBSD 11.x.\n\n# Impact:\n\nApplications with incorrect error handling may inappropriately pass\nunencrypted data. \\[CVE-2017-3737\\]\n\nMishandling of carry propagation will produce incorrect output, and make\nit easier for a remote attacker to obtain sensitive private-key\ninformation. No EC algorithms are affected and analysis suggests that\nattacks against RSA and DSA as a result of this defect would be very\ndifficult to perform and are not believed likely.\n\nAttacks against DH1024 are considered just feasible (although very\ndifficult) because most of the work necessary to deduce information\nabout a private key may be performed offline. The amount of resources\nrequired for such an attack would be very significant and likely only\naccessible to a limited number of attackers. However, for an attack on\nTLS to be meaningful, the server would have to share the DH1024 private\nkey among multiple clients, which is no longer an option since\nCVE-2016-0701. \\[CVE-2017-3738\\]\n", "id": "FreeBSD-2017-0308", "modified": "2017-12-10T00:00:00Z", "published": "2017-12-10T00:00:00Z", "references": [ { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2016-0701" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-3737" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-3738" }, { "type": "ADVISORY", "url": "https://www.freebsd.org/security/advisories/FreeBSD-SA-17:12.openssl.asc" } ], "schema_version": "1.7.0", "summary": "FreeBSD -- OpenSSL multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "wireshark" }, "ranges": [ { "events": [ { "introduced": "2.2.0" }, { "last_affected": "2.2.10" }, { "fixed": "2.2.10" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "2.4.0" }, { "last_affected": "2.4.2" }, { "fixed": "2.4.2" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "wireshark-lite" }, "ranges": [ { "events": [ { "introduced": "2.2.0" }, { "last_affected": "2.2.10" }, { "fixed": "2.2.10" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "2.4.0" }, { "last_affected": "2.4.2" }, { "fixed": "2.4.2" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "wireshark-qt5" }, "ranges": [ { "events": [ { "introduced": "2.2.0" }, { "last_affected": "2.2.10" }, { "fixed": "2.2.10" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "2.4.0" }, { "last_affected": "2.4.2" }, { "fixed": "2.4.2" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "tshark" }, "ranges": [ { "events": [ { "introduced": "2.2.0" }, { "last_affected": "2.2.10" }, { "fixed": "2.2.10" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "2.4.0" }, { "last_affected": "2.4.2" }, { "fixed": "2.4.2" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "tshark-lite" }, "ranges": [ { "events": [ { "introduced": "2.2.0" }, { "last_affected": "2.2.10" }, { "fixed": "2.2.10" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "2.4.0" }, { "last_affected": "2.4.2" }, { "fixed": "2.4.2" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://www.wireshark.org/security/" ], "discovery": "2017-11-30T00:00:00Z", "references": { "cvename": [ "CVE-2017-17083", "CVE-2017-17084", "CVE-2017-17085" ] }, "vid": "4b228e69-22e1-4019-afd0-8aa716d0ec0b" }, "details": "wireshark developers reports:\n\n> wnpa-sec-2017-47: The IWARP_MPA dissector could crash.\n> (CVE-2017-17084)\n>\n> wnpa-sec-2017-48: The NetBIOS dissector could crash. Discovered by\n> Kamil Frankowicz. (CVE-2017-17083)\n>\n> wnpa-sec-2017-49: The CIP Safety dissector could crash.\n> (CVE-2017-17085)\n", "id": "FreeBSD-2017-0307", "modified": "2017-12-10T00:00:00Z", "published": "2017-12-10T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://www.wireshark.org/security/" }, { "type": "WEB", "url": "https://www.wireshark.org/security/" }, { "type": "WEB", "url": "https://www.wireshark.org/security/wnpa-sec-2017-47.html" }, { "type": "WEB", "url": "https://www.wireshark.org/security/wnpa-sec-2017-48.html" }, { "type": "WEB", "url": "https://www.wireshark.org/security/wnpa-sec-2017-49.html" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-17083" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-17084" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-17085" } ], "schema_version": "1.7.0", "summary": "wireshark -- multiple security issues" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "openssl" }, "ranges": [ { "events": [ { "introduced": "1.0.2,1" }, { "fixed": "1.0.2n" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://www.openssl.org/news/secadv/20171207.txt" ], "discovery": "2017-12-07T00:00:00Z", "references": { "cvename": [ "CVE-2017-3737", "CVE-2017-3738" ] }, "vid": "3bb451fc-db64-11e7-ac58-b499baebfeaf" }, "details": "The OpenSSL project reports:\n\n> - Read/write after SSL object in error state (CVE-2017-3737)\\\n> OpenSSL 1.0.2 (starting from version 1.0.2b) introduced an \\\"error\n> state\\\" mechanism. The intent was that if a fatal error occurred\n> during a handshake then OpenSSL would move into the error state and\n> would immediately fail if you attempted to continue the handshake.\n> This works as designed for the explicit handshake functions\n> (SSL_do_handshake(), SSL_accept() and SSL_connect()), however due to\n> a bug it does not work correctly if SSL_read() or SSL_write() is\n> called directly. In that scenario, if the handshake fails then a\n> fatal error will be returned in the initial function call. If\n> SSL_read()/SSL_write() is subsequently called by the application for\n> the same SSL object then it will succeed and the data is passed\n> without being decrypted/encrypted directly from the SSL/TLS record\n> layer.\n> - rsaz_1024_mul_avx2 overflow bug on x86_64 (CVE-2017-3738)\\\n> There is an overflow bug in the AVX2 Montgomery multiplication\n> procedure used in exponentiation with 1024-bit moduli. No EC\n> algorithms are affected. Analysis suggests that attacks against RSA\n> and DSA as a result of this defect would be very difficult to\n> perform and are not believed likely. Attacks against DH1024 are\n> considered just feasible, because most of the work necessary to\n> deduce information about a private key may be performed offline. The\n> amount of resources required for such an attack would be\n> significant. However, for an attack on TLS to be meaningful, the\n> server would have to share the DH1024 private key among multiple\n> clients, which is no longer an option since CVE-2016-0701.\n", "id": "FreeBSD-2017-0306", "modified": "2017-12-07T00:00:00Z", "published": "2017-12-07T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://www.openssl.org/news/secadv/20171207.txt" }, { "type": "WEB", "url": "https://www.openssl.org/news/secadv/20171207.txt" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-3737" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-3738" } ], "schema_version": "1.7.0", "summary": "OpenSSL -- multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "FreeBSD" }, "ranges": [ { "events": [ { "introduced": "11.1" }, { "fixed": "11.1_5" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "11.0" }, { "fixed": "11.0_16" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "10.4" }, { "fixed": "10.4_4" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "10.3" }, { "fixed": "10.3_25" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "discovery": "2017-11-29T00:00:00Z", "references": { "cvename": [ "CVE-2017-3735", "CVE-2017-3736" ], "freebsdsa": [ "SA-17:11.openssl" ] }, "vid": "9442a811-dab3-11e7-b5af-a4badb2f4699" }, "details": "# Problem Description:\n\nIf an X.509 certificate has a malformed IPAddressFamily extension,\nOpenSSL could do a one-byte buffer overread. \\[CVE-2017-3735\\]\n\nThere is a carry propagating bug in the x86_64 Montgomery squaring\nprocedure. This only affects processors that support the BMI1, BMI2 and\nADX extensions like Intel Broadwell (5th generation) and later or AMD\nRyzen. \\[CVE-2017-3736\\] This bug only affects FreeBSD 11.x.\n\n# Impact:\n\nApplication using OpenSSL may display erroneous certificate in text\nformat. \\[CVE-2017-3735\\]\n\nMishandling of carry propagation will produce incorrect output, and make\nit easier for a remote attacker to obtain sensitive private-key\ninformation. No EC algorithms are affected, analysis suggests that\nattacks against RSA and DSA as a result of this defect would be very\ndifficult to perform and are not believed likely.\n\nAttacks against DH are considered just feasible (although very\ndifficult) because most of the work necessary to deduce information\nabout a private key may be performed offline. The amount of resources\nrequired for such an attack would be very significant and likely only\naccessible to a limited number of attackers. An attacker would\nadditionally need online access to an unpatched system using the target\nprivate key in a scenario with persistent DH parameters and a private\nkey that is shared between multiple clients. \\[CVE-2017-3736\\]\n", "id": "FreeBSD-2017-0305", "modified": "2017-12-06T00:00:00Z", "published": "2017-12-06T00:00:00Z", "references": [ { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-3735" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-3736" }, { "type": "ADVISORY", "url": "https://www.freebsd.org/security/advisories/FreeBSD-SA-17:11.openssl.asc" } ], "schema_version": "1.7.0", "summary": "FreeBSD -- OpenSSL multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:kernel", "name": "FreeBSD-kernel" }, "ranges": [ { "events": [ { "introduced": "11.1" }, { "fixed": "11.1_4" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "11.0" }, { "fixed": "11.0_15" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "10.4" }, { "fixed": "10.4_3" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "10.3" }, { "fixed": "10.3_24" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "discovery": "2017-11-15T00:00:00Z", "references": { "cvename": [ "CVE-2017-1088" ], "freebsdsa": [ "SA-17:10.kldstat" ] }, "vid": "759059ac-dab3-11e7-b5af-a4badb2f4699" }, "details": "# Problem Description:\n\nThe kernel does not properly clear the memory of the kld_file_stat\nstructure before filling the data. Since the structure filled by the\nkernel is allocated on the kernel stack and copied to userspace, a leak\nof information from the kernel stack is possible.\n\n# Impact:\n\nSome bytes from the kernel stack can be observed in userspace.\n", "id": "FreeBSD-2017-0304", "modified": "2017-12-06T00:00:00Z", "published": "2017-12-06T00:00:00Z", "references": [ { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-1088" }, { "type": "ADVISORY", "url": "https://www.freebsd.org/security/advisories/FreeBSD-SA-17:10.kldstat.asc" } ], "schema_version": "1.7.0", "summary": "FreeBSD -- Information leak in kldstat(2)" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:kernel", "name": "FreeBSD-kernel" }, "ranges": [ { "events": [ { "introduced": "10.4" }, { "fixed": "10.4_3" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "10.3" }, { "fixed": "10.3_24" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "discovery": "2017-11-15T00:00:00Z", "references": { "cvename": [ "CVE-2017-1087" ], "freebsdsa": [ "SA-17:09.shm" ] }, "vid": "5b1463dd-dab3-11e7-b5af-a4badb2f4699" }, "details": "# Problem Description:\n\nNamed paths are globally scoped, meaning a process located in one jail\ncan read and modify the content of POSIX shared memory objects created\nby a process in another jail or the host system.\n\n# Impact:\n\nA malicious user that has access to a jailed system is able to abuse\nshared memory by injecting malicious content in the shared memory\nregion. This memory region might be executed by applications trusting\nthe shared memory, like Squid.\n\nThis issue could lead to a Denial of Service or local privilege\nescalation.\n", "id": "FreeBSD-2017-0303", "modified": "2017-12-06T00:00:00Z", "published": "2017-12-06T00:00:00Z", "references": [ { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-1087" }, { "type": "ADVISORY", "url": "https://www.freebsd.org/security/advisories/FreeBSD-SA-17:09.shm.asc" } ], "schema_version": "1.7.0", "summary": "FreeBSD -- POSIX shm allows jails to access global namespace" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:kernel", "name": "FreeBSD-kernel" }, "ranges": [ { "events": [ { "introduced": "11.1" }, { "fixed": "11.1_4" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "11.0" }, { "fixed": "11.0_15" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "10.4" }, { "fixed": "10.4_3" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "10.3" }, { "fixed": "10.3_24" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "discovery": "2017-11-15T00:00:00Z", "references": { "cvename": [ "CVE-2017-1086" ], "freebsdsa": [ "SA-17:08.ptrace" ] }, "vid": "34a3f9b5-dab3-11e7-b5af-a4badb2f4699" }, "details": "# Problem Description:\n\nNot all information in the struct ptrace_lwpinfo is relevant for the\nstate of any thread, and the kernel does not fill the irrelevant bytes\nor short strings. Since the structure filled by the kernel is allocated\non the kernel stack and copied to userspace, a leak of information of\nthe kernel stack of the thread is possible from the debugger.\n\n# Impact:\n\nSome bytes from the kernel stack of the thread using ptrace(PT_LWPINFO)\ncall can be observed in userspace.\n", "id": "FreeBSD-2017-0302", "modified": "2017-12-06T00:00:00Z", "published": "2017-12-06T00:00:00Z", "references": [ { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-1086" }, { "type": "ADVISORY", "url": "https://www.freebsd.org/security/advisories/FreeBSD-SA-17:08.ptrace.asc" } ], "schema_version": "1.7.0", "summary": "FreeBSD -- Kernel data leak via ptrace(PT_LWPINFO)" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "FreeBSD" }, "ranges": [ { "events": [ { "introduced": "11.1" }, { "fixed": "11.1_2" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "11.0" }, { "fixed": "11.0_13" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "10.4" }, { "fixed": "10.4_1" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "10.3" }, { "fixed": "10.3_22" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "discovery": "2017-10-16T00:00:00Z", "references": { "cvename": [ "CVE-2017-1307", "CVE-2017-1308" ], "freebsdsa": [ "SA-17:07.wpa" ] }, "vid": "1f8de723-dab3-11e7-b5af-a4badb2f4699" }, "details": "# Problem Description:\n\nA vulnerability was found in how a number of implementations can be\ntriggered to reconfigure WPA/WPA2/RSN keys (TK, GTK, or IGTK) by\nreplaying a specific frame that is used to manage the keys.\n\n# Impact:\n\nSuch reinstallation of the encryption key can result in two different\ntypes of vulnerabilities: disabling replay protection and significantly\nreducing the security of encryption to the point of allowing frames to\nbe decrypted or some parts of the keys to be determined by an attacker\ndepending on which cipher is used.\n", "id": "FreeBSD-2017-0301", "modified": "2017-12-06T00:00:00Z", "published": "2017-12-06T00:00:00Z", "references": [ { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-1307" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-1308" }, { "type": "ADVISORY", "url": "https://www.freebsd.org/security/advisories/FreeBSD-SA-17:07.wpa.asc" } ], "schema_version": "1.7.0", "summary": "FreeBSD -- WPA2 protocol vulnerability" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "firefox" }, "ranges": [ { "events": [ { "introduced": "57.0,1" }, { "fixed": "57.0.1,1" } ], "type": "ECOSYSTEM" }, { "events": [ { "fixed": "56.0.2_11,1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "waterfox" }, "ranges": [ { "events": [ { "fixed": "56.0.s20171130" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "seamonkey" }, "ranges": [ { "events": [ { "fixed": "2.49.2" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "linux-seamonkey" }, "ranges": [ { "events": [ { "fixed": "2.49.2" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "firefox-esr" }, "ranges": [ { "events": [ { "fixed": "52.5.1,1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "linux-firefox" }, "ranges": [ { "events": [ { "fixed": "52.5.1,2" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://www.mozilla.org/en-US/security/advisories/mfsa2017-27/" ], "discovery": "2017-11-29T00:00:00Z", "references": { "cvename": [ "CVE-2017-7843", "CVE-2017-7844" ] }, "vid": "b7e23050-2d5d-4e61-9b48-62e89db222ca" }, "details": "Mozilla Foundation reports:\n\n> CVE-2017-7843: Web worker in Private Browsing mode can write IndexedDB\n> data\n>\n> CVE-2017-7844: Visited history information leak through SVG image\n", "id": "FreeBSD-2017-0300", "modified": "2017-12-05T00:00:00Z", "published": "2017-12-05T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-27/" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-7843" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-7844" }, { "type": "WEB", "url": "https://www.mozilla.org/security/advisories/mfsa2017-27/" } ], "schema_version": "1.7.0", "summary": "mozilla -- multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "varnish4" }, "ranges": [ { "events": [ { "fixed": "4.1.9" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "varnish5" }, "ranges": [ { "events": [ { "fixed": "5.2.1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://varnish-cache.org/security/VSV00002.html" ], "discovery": "2017-11-15T00:00:00Z", "references": { "cvename": [ "CVE-2017-8807" ] }, "vid": "17133e7e-d764-11e7-b5af-a4badb2f4699" }, "details": "Varnish reports:\n\n> A wrong if statement in the varnishd source code means that synthetic\n> objects in stevedores which over-allocate, may leak up to page size of\n> data from a malloc(3) memory allocation.\n", "id": "FreeBSD-2017-0299", "modified": "2017-12-02T00:00:00Z", "published": "2017-12-02T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://varnish-cache.org/security/VSV00002.html" }, { "type": "WEB", "url": "https://varnish-cache.org/security/VSV00002.html" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-8807" } ], "schema_version": "1.7.0", "summary": "varnish -- information disclosure vulnerability" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "mybb" }, "ranges": [ { "events": [ { "fixed": "1.8.14" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://blog.mybb.com/2017/11/28/mybb-1-8-14-released-security-maintenance-release/" ], "discovery": "2017-11-27T00:00:00Z", "vid": "addad6de-d752-11e7-99bf-00e04c1ea73d" }, "details": "mybb Team reports:\n\n> High risk: Language file headers RCE\n>\n> Low risk: Language Pack Properties XSS\n", "id": "FreeBSD-2017-0298", "modified": "2017-12-02T00:00:00Z", "published": "2017-12-02T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://blog.mybb.com/2017/11/28/mybb-1-8-14-released-security-maintenance-release/" }, { "type": "WEB", "url": "https://blog.mybb.com/2017/11/28/mybb-1-8-14-released-security-maintenance-release/" } ], "schema_version": "1.7.0", "summary": "mybb -- multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "wordpress" }, "ranges": [ { "events": [ { "fixed": "4.9.1,1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "fr-wordpress" }, "ranges": [ { "events": [ { "fixed": "4.9.1,1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "de-wordpress" }, "ranges": [ { "events": [ { "fixed": "4.9.1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "ja-wordpress" }, "ranges": [ { "events": [ { "fixed": "4.9.1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "ru-wordpress" }, "ranges": [ { "events": [ { "fixed": "4.9.1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "zh-wordpress-zh_CN" }, "ranges": [ { "events": [ { "fixed": "4.9.1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "zh-wordpress-zh_TW" }, "ranges": [ { "events": [ { "fixed": "4.9.1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://wordpress.org/news/2017/11/wordpress-4-9-1-security-and-maintenance-release/" ], "discovery": "2017-11-29T00:00:00Z", "vid": "a2589511-d6ba-11e7-88dd-00e04c1ea73d" }, "details": "wordpress developers reports:\n\n> Use a properly generated hash for the newbloguser key instead of a\n> determinate substring.\n>\n> Add escaping to the language attributes used on html elements.\n>\n> Ensure the attributes of enclosures are correctly escaped in RSS and\n> Atom feeds.\n>\n> Remove the ability to upload JavaScript files for users who do not\n> have the unfiltered_html capability.\n", "id": "FreeBSD-2017-0297", "modified": "2017-12-01T00:00:00Z", "published": "2017-12-01T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://wordpress.org/news/2017/11/wordpress-4-9-1-security-and-maintenance-release/" }, { "type": "WEB", "url": "https://wordpress.org/news/2017/11/wordpress-4-9-1-security-and-maintenance-release/" } ], "schema_version": "1.7.0", "summary": "wordpress -- multiple issues" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "asterisk13" }, "ranges": [ { "events": [ { "fixed": "13.18.3" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://www.asterisk.org/downloads/security-advisories" ], "discovery": "2017-11-30T00:00:00Z", "references": { "cvename": [ "CVE-2017-17090" ] }, "vid": "e91cf90c-d6dd-11e7-9d10-001999f8d30b" }, "details": "The Asterisk project reports:\n\n> If the chan_skinny (AKA SCCP protocol) channel driver is flooded with\n> certain requests it can cause the asterisk process to use excessive\n> amounts of virtual memory eventually causing asterisk to stop\n> processing requests of any kind.\n", "id": "FreeBSD-2017-0296", "modified": "2017-12-13T00:00:00Z", "published": "2017-12-01T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://www.asterisk.org/downloads/security-advisories" }, { "type": "WEB", "url": "https://downloads.asterisk.org/pub/security/AST-2017-013.html" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-17090" } ], "schema_version": "1.7.0", "summary": "asterisk -- DOS Vulnerability in Asterisk chan_skinny" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "exim" }, "ranges": [ { "events": [ { "introduced": "4.88" }, { "fixed": "4.89.1" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://bugs.exim.org/show_bug.cgi?id=2199" ], "discovery": "2017-11-23T00:00:00Z", "references": { "cvename": [ "CVE-2017-16944" ] }, "vid": "75dd622c-d5fd-11e7-b9fe-c13eb7bcbf4f" }, "details": "Exim developers team reports:\n\n> The receive_msg function in receive.c in the SMTP daemon in Exim 4.88\n> and 4.89 allows remote attackers to cause a denial of service\n> (infinite loop and stack exhaustion) via vectors involving BDAT\n> commands and an improper check for a \\'.\\' character signifying the\n> end of the content, related to the bdat_getc function.\n", "id": "FreeBSD-2017-0295", "modified": "2017-11-30T00:00:00Z", "published": "2017-11-30T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://bugs.exim.org/show_bug.cgi?id=2199" }, { "type": "WEB", "url": "https://bugs.exim.org/show_bug.cgi?id=2199" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-16944" } ], "schema_version": "1.7.0", "summary": "exim -- remote DoS attack in BDAT processing" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "xrdp-devel" }, "ranges": [ { "events": [ { "last_affected": "0.9.3,1" }, { "fixed": "0.9.3,1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "0.9.3_1,1,1" }, { "last_affected": "0.9.4,1" }, { "fixed": "0.9.4,1" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://github.com/neutrinolabs/xrdp/pull/958" ], "discovery": "2017-11-23T00:00:00Z", "references": { "cvename": [ "CVE-2017-16927" ] }, "vid": "a66f9be2-d519-11e7-9866-c85b763a2f96" }, "details": "xrdp reports:\n\n> The scp_v0s_accept function in the session manager uses an untrusted\n> integer as a write length, which allows local users to cause a denial\n> of service (buffer overflow and application crash) or possibly have\n> unspecified other impact via a crafted input stream.\n", "id": "FreeBSD-2017-0294", "modified": "2017-11-29T00:00:00Z", "published": "2017-11-29T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://github.com/neutrinolabs/xrdp/pull/958" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-16927" } ], "schema_version": "1.7.0", "summary": "xrdp -- local user can cause a denial of service" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "curl" }, "ranges": [ { "events": [ { "introduced": "7.21.0" }, { "fixed": "7.57.0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "linux-c7-curl" }, "ranges": [ { "events": [ { "introduced": "7.21.0" }, { "fixed": "7.29.0_4" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://curl.haxx.se/changes.html" ], "discovery": "2017-11-29T00:00:00Z", "references": { "cvename": [ "CVE-2017-8816", "CVE-2017-8817", "CVE-2017-8818" ] }, "vid": "301a01b7-d50e-11e7-ac58-b499baebfeaf" }, "details": "The cURL project reports:\n\n> - NTLM buffer overflow via integer overflow (CVE-2017-8816)\\\n> libcurl contains a buffer overrun flaw in the NTLM authentication\n> code. The internal function Curl_ntlm_core_mk_ntlmv2_hash sums up\n> the lengths of the user name + password (= SUM) and multiplies the\n> sum by two (= SIZE) to figure out how large storage to allocate from\n> the heap.\n> - FTP wildcard out of bounds read (CVE-2017-8817)\\\n> libcurl contains a read out of bounds flaw in the FTP wildcard\n> function. libcurl\\'s FTP wildcard matching feature, which is enabled\n> with the CURLOPT_WILDCARDMATCH option can use a built-in wildcard\n> function or a user provided one. The built-in wildcard function has\n> a flaw that makes it not detect the end of the pattern string if it\n> ends with an open bracket (\\[) but instead it will continue reading\n> the heap beyond the end of the URL buffer that holds the wildcard.\n> - SSL out of buffer access (CVE-2017-8818)\\\n> libcurl contains an out boundary access flaw in SSL related code.\n> When allocating memory for a connection (the internal struct called\n> connectdata), a certain amount of memory is allocated at the end of\n> the struct to be used for SSL related structs. Those structs are\n> used by the particular SSL library libcurl is built to use. The\n> application can also tell libcurl which specific SSL library to use\n> if it was built to support more than one.\n", "id": "FreeBSD-2017-0293", "modified": "2017-12-11T00:00:00Z", "published": "2017-11-29T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://curl.haxx.se/changes.html" }, { "type": "WEB", "url": "https://curl.haxx.se/changes.html" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-8816" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-8817" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-8818" } ], "schema_version": "1.7.0", "summary": "cURL -- Multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "py34-borgbackup" }, "ranges": [ { "events": [ { "introduced": "1.1.0" }, { "fixed": "1.1.3" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "py35-borgbackup" }, "ranges": [ { "events": [ { "introduced": "1.1.0" }, { "fixed": "1.1.3" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "py36-borgbackup" }, "ranges": [ { "events": [ { "introduced": "1.1.0" }, { "fixed": "1.1.3" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://github.com/borgbackup/borg/blob/1.1.3/docs/changes.rst#version-113-2017-11-27" ], "discovery": "2017-11-27T00:00:00Z", "references": { "cvename": [ "CVE-2017-15914" ] }, "vid": "0d369972-d4ba-11e7-bfca-005056925db4" }, "details": "BorgBackup reports:\n\n> Incorrect implementation of access controls allows remote users to\n> override repository restrictions in Borg servers. A user able to\n> access a remote Borg SSH server is able to circumvent access controls\n> post-authentication. Affected releases: 1.1.0, 1.1.1, 1.1.2. Releases\n> 1.0.x are NOT affected.\n", "id": "FreeBSD-2017-0292", "modified": "2017-11-29T00:00:00Z", "published": "2017-11-29T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://github.com/borgbackup/borg/blob/1.1.3/docs/changes.rst#version-113-2017-11-27" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-15914" }, { "type": "WEB", "url": "https://github.com/borgbackup/borg/blob/1.1.3/docs/changes.rst#version-113-2017-11-27" } ], "schema_version": "1.7.0", "summary": "borgbackup -- remote users can override repository restrictions" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "palemoon" }, "ranges": [ { "events": [ { "fixed": "27.6.2" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "http://www.palemoon.org/releasenotes.shtml" ], "discovery": "2017-11-14T00:00:00Z", "references": { "cvename": [ "CVE-2017-7832", "CVE-2017-7835", "CVE-2017-7840" ] }, "vid": "6056bf68-f570-4e70-b740-b9f606971283" }, "details": "Pale Moon reports:\n\n> CVE-2017-7832: Domain spoofing through use of dotless \\'i\\' character\n> followed by accent markers\n>\n> CVE-2017-7835: Mixed content blocking incorrectly applies with\n> redirects\n>\n> CVE-2017-7840: Exported bookmarks do not strip script elements from\n> user-supplied tags\n", "id": "FreeBSD-2017-0291", "modified": "2017-11-28T00:00:00Z", "published": "2017-11-28T00:00:00Z", "references": [ { "type": "REPORT", "url": "http://www.palemoon.org/releasenotes.shtml" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-7832" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-7835" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-7840" } ], "schema_version": "1.7.0", "summary": "palemoon -- multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "exim" }, "ranges": [ { "events": [ { "introduced": "4.88" }, { "fixed": "4.89_2" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://bugs.exim.org/show_bug.cgi?id=2199" ], "discovery": "2017-11-23T00:00:00Z", "vid": "68b29058-d348-11e7-b9fe-c13eb7bcbf4f" }, "details": "Exim team reports:\n\n> The receive_msg function in receive.c in the SMTP daemon in Exim 4.88\n> and 4.89 allows remote attackers to execute arbitrary code or cause a\n> denial of service (use-after-free) via vectors involving BDAT\n> commands.\n", "id": "FreeBSD-2017-0290", "modified": "2017-11-27T00:00:00Z", "published": "2017-11-27T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://bugs.exim.org/show_bug.cgi?id=2199" }, { "type": "WEB", "url": "https://bugs.exim.org/show_bug.cgi?id=2199" } ], "schema_version": "1.7.0", "summary": "exim -- remote code execution, deny of service in BDAT" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "mybb" }, "ranges": [ { "events": [ { "fixed": "1.8.13" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://blog.mybb.com/2017/11/07/mybb-1-8-13-released-security-maintenance-release/" ], "discovery": "2017-11-07T00:00:00Z", "vid": "7761288c-d148-11e7-87e5-00e04c1ea73d" }, "details": "myBB Team reports:\n\n> High risk: Installer RCE on configuration file write\n>\n> High risk: Language file headers RCE\n>\n> Medium risk: Installer XSS\n>\n> Medium risk: Mod CP Edit Profile XSS\n>\n> Low risk: Insufficient moderator permission check in delayed\n> moderation tools\n>\n> Low risk: Announcements HTML filter bypass\n>\n> Low risk: Language Pack Properties XSS.\n", "id": "FreeBSD-2017-0289", "modified": "2017-11-24T00:00:00Z", "published": "2017-11-24T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://blog.mybb.com/2017/11/07/mybb-1-8-13-released-security-maintenance-release/" }, { "type": "WEB", "url": "https://blog.mybb.com/2017/11/07/mybb-1-8-13-released-security-maintenance-release/" } ], "schema_version": "1.7.0", "summary": "mybb -- multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "py27-salt" }, "ranges": [ { "events": [ { "fixed": "2016.11.8" }, { "introduced": "0" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "2017.7.0" }, { "fixed": "2017.7.2" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "py32-salt" }, "ranges": [ { "events": [ { "fixed": "2016.11.8" }, { "introduced": "0" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "2017.7.0" }, { "fixed": "2017.7.2" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "py33-salt" }, "ranges": [ { "events": [ { "fixed": "2016.11.8" }, { "introduced": "0" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "2017.7.0" }, { "fixed": "2017.7.2" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "py34-salt" }, "ranges": [ { "events": [ { "fixed": "2016.11.8" }, { "introduced": "0" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "2017.7.0" }, { "fixed": "2017.7.2" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "py35-salt" }, "ranges": [ { "events": [ { "fixed": "2016.11.8" }, { "introduced": "0" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "2017.7.0" }, { "fixed": "2017.7.2" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "py36-salt" }, "ranges": [ { "events": [ { "fixed": "2016.11.8" }, { "introduced": "0" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "2017.7.0" }, { "fixed": "2017.7.2" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://docs.saltstack.com/en/latest/topics/releases/2017.7.2.html" ], "discovery": "2017-10-09T00:00:00Z", "references": { "cvename": [ "CVE-2017-14695", "CVE-2017-14696" ] }, "vid": "50127e44-7b88-4ade-8e12-5d57320823f1" }, "details": "SaltStack reports:\n\n> Directory traversal vulnerability in minion id validation in\n> SaltStack. Allows remote minions with incorrect credentials to\n> authenticate to a master via a crafted minion ID. Credit for\n> discovering the security flaw goes to: Julian Brost\n> (julian@0x4a42.net). NOTE: this vulnerability exists because of an\n> incomplete fix for CVE-2017-12791.\n>\n> Remote Denial of Service with a specially crafted authentication\n> request. Credit for discovering the security flaw goes to: Julian\n> Brost (julian@0x4a42.net)\n", "id": "FreeBSD-2017-0288", "modified": "2017-11-23T00:00:00Z", "published": "2017-11-23T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://docs.saltstack.com/en/latest/topics/releases/2017.7.2.html" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-14695" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-14696" }, { "type": "WEB", "url": "https://docs.saltstack.com/en/latest/topics/releases/2017.7.2.html" }, { "type": "WEB", "url": "https://docs.saltstack.com/en/2016.11/topics/releases/2016.11.8.html" }, { "type": "WEB", "url": "https://github.com/saltstack/salt/commit/80d90307b07b3703428ecbb7c8bb468e28a9ae6d" }, { "type": "WEB", "url": "https://github.com/saltstack/salt/commit/5f8b5e1a0f23fe0f2be5b3c3e04199b57a53db5b" } ], "schema_version": "1.7.0", "summary": "salt -- multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "codeigniter" }, "ranges": [ { "events": [ { "fixed": "3.1.6" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://www.codeigniter.com/user_guide/changelog.html" ], "discovery": "2017-09-25T00:00:00Z", "vid": "ef3423e4-d056-11e7-a52c-002590263bf5" }, "details": "The CodeIgniter changelog reports:\n\n> Security: Fixed a potential object injection in Cache Library \\'apc\\'\n> driver when save() is used with \\$raw = TRUE.\n", "id": "FreeBSD-2017-0287", "modified": "2017-11-23T00:00:00Z", "published": "2017-11-23T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://www.codeigniter.com/user_guide/changelog.html" }, { "type": "WEB", "url": "https://www.codeigniter.com/user_guide/changelog.html" } ], "schema_version": "1.7.0", "summary": "codeigniter -- input validation bypass" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "procmail" }, "ranges": [ { "events": [ { "fixed": "3.22_10" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://www.debian.org/security/2017/dsa-4041" ], "discovery": "2017-11-16T00:00:00Z", "references": { "cvename": [ "CVE-2017-16844" ] }, "vid": "288f7cee-ced6-11e7-8ae9-0050569f0b83" }, "details": "MITRE reports:\n\n> A remote attacker could use a flaw to cause formail to crash,\n> resulting in a denial of service or data loss.\n", "id": "FreeBSD-2017-0286", "modified": "2017-12-08T00:00:00Z", "published": "2017-11-21T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://www.debian.org/security/2017/dsa-4041" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-16844" }, { "type": "ADVISORY", "url": "https://www.debian.org/security/2017/dsa-4041" }, { "type": "WEB", "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=876511" } ], "schema_version": "1.7.0", "summary": "procmail -- Heap-based buffer overflow" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "frr" }, "ranges": [ { "events": [ { "fixed": "3.0.2" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://frrouting.org/community/security/cve-2017-15865.html" ], "discovery": "2017-11-08T00:00:00Z", "references": { "cvename": [ "CVE-2017-15865" ] }, "vid": "bf266183-cec7-11e7-af2d-2047478f2f70" }, "details": "FRR reports:\n\n> BGP Mishandled attribute length on Error\n>\n> A vulnerability exists in the BGP daemon of FRR where a malformed BGP\n> UPDATE packet can leak information from the BGP daemon and cause a\n> denial of service by crashing the daemon.\n", "id": "FreeBSD-2017-0285", "modified": "2017-11-21T00:00:00Z", "published": "2017-11-21T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://frrouting.org/community/security/cve-2017-15865.html" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-15865" }, { "type": "WEB", "url": "https://frrouting.org/community/security/cve-2017-15865.html" } ], "schema_version": "1.7.0", "summary": "frr -- BGP Mishandled attribute length on Error" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "cacti" }, "ranges": [ { "events": [ { "fixed": "1.1.28" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://www.cacti.net/release_notes.php?version=1.1.28" ], "discovery": "2017-11-01T00:00:00Z", "references": { "cvename": [ "CVE-2017-16641", "CVE-2017-16660", "CVE-2017-16661", "CVE-2017-16785" ] }, "vid": "db570002-ce06-11e7-804e-c85b763a2f96" }, "details": "cacti reports:\n\n> Changelog\n>\n> issue#1057: CVE-2017-16641 - Potential vulnerability in RRDtool\n> functions\n>\n> issue#1066: CVE-2017-16660 in remote_agent.php logging function\n>\n> issue#1066: CVE-2017-16661 in view log file\n>\n> issue#1071: CVE-2017-16785 in global_session.php Reflection XSS\n", "id": "FreeBSD-2017-0284", "modified": "2017-11-20T00:00:00Z", "published": "2017-11-20T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://www.cacti.net/release_notes.php?version=1.1.28" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-16641" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-16660" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-16661" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-16785" }, { "type": "WEB", "url": "https://sourceforge.net/p/cacti/mailman/message/36122745/" } ], "schema_version": "1.7.0", "summary": "cacti -- multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "mediawiki127" }, "ranges": [ { "events": [ { "fixed": "1.27.3" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "mediawiki128" }, "ranges": [ { "events": [ { "fixed": "1.28.2" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "mediawiki129" }, "ranges": [ { "events": [ { "fixed": "1.29.1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://lists.wikimedia.org/pipermail/mediawiki-announce/2017-November/000216.html" ], "discovery": "2017-11-14T00:00:00Z", "references": { "cvename": [ "CVE-2017-8808", "CVE-2017-8809", "CVE-2017-8810", "CVE-2017-8811", "CVE-2017-8812", "CVE-2017-8814", "CVE-2017-8815", "CVE-2017-0361", "CVE-2017-9841" ] }, "vid": "298829e2-ccce-11e7-92e4-000c29649f92" }, "details": "mediawiki reports:\n\n> security fixes:\n>\n> T128209: Reflected File Download from api.php. Reported by Abdullah\n> Hussam.\n>\n> T165846: BotPasswords doesn\\'t throttle login attempts.\n>\n> T134100: On private wikis, login form shouldn\\'t distinguish between\n> login failure due to bad username and bad password.\n>\n> T178451: XSS when \\$wgShowExceptionDetails = false and browser sends\n> non-standard url escaping.\n>\n> T176247: It\\'s possible to mangle HTML via raw message parameter\n> expansion.\n>\n> T125163: id attribute on headlines allow raw.\n>\n> T124404: language converter can be tricked into replacing text inside\n> tags by adding a lot of junk after the rule definition.\n>\n> T119158: Language converter: unsafe attribute injection via glossary\n> rules.\n>\n> T180488: api.log contains passwords in plaintext wasn\\'t correctly\n> fixed.\n>\n> T180231: composer.json has require-dev versions of PHPUnit with known\n> security issues. Reported by Tom Hutchison.\n", "id": "FreeBSD-2017-0283", "modified": "2017-11-19T00:00:00Z", "published": "2017-11-19T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://lists.wikimedia.org/pipermail/mediawiki-announce/2017-November/000216.html" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-8808" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-8809" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-8810" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-8811" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-8812" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-8814" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-8815" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-0361" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-9841" }, { "type": "WEB", "url": "https://lists.wikimedia.org/pipermail/mediawiki-announce/2017-November/000216.html" } ], "schema_version": "1.7.0", "summary": "mediawiki -- multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "linux-flashplayer" }, "ranges": [ { "events": [ { "fixed": "27.0.0.187" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://helpx.adobe.com/security/products/flash-player/apsb17-33.html" ], "discovery": "2017-11-14T00:00:00Z", "references": { "cvename": [ "CVE-2017-3112", "CVE-2017-3114", "CVE-2017-11213", "CVE-2017-11215", "CVE-2017-11225" ] }, "vid": "52f10525-caff-11e7-b590-6451062f0f7a" }, "details": "Adobe reports:\n\n> - These updates resolve out-of-bounds read vulnerabilities that could\n> lead to remote code execution (CVE-2017-3112, CVE-2017-3114,\n> CVE-2017-11213).\n> - These updates resolve use after free vulnerabilities that could lead\n> to remote code execution (CVE-2017-11215, CVE-2017-11225).\n", "id": "FreeBSD-2017-0282", "modified": "2017-11-16T00:00:00Z", "published": "2017-11-16T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://helpx.adobe.com/security/products/flash-player/apsb17-33.html" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-3112" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-3114" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-11213" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-11215" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-11225" }, { "type": "WEB", "url": "https://helpx.adobe.com/security/products/flash-player/apsb17-33.html" } ], "schema_version": "1.7.0", "summary": "Flash Player -- multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "shibboleth2-sp" }, "ranges": [ { "events": [ { "fixed": "2.6.1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "http://shibboleth.internet2.edu/secadv/secadv_20171115.txt" ], "discovery": "2017-11-15T00:00:00Z", "vid": "b4b7ec7d-ca27-11e7-a12d-6cc21735f730" }, "details": "The Internet2 community reports:\n\n> The Shibboleth Service Provider software includes a MetadataProvider\n> plugin with the plugin type \\\"Dynamic\\\" to obtain metadata on demand\n> from a query server, in place of the more typical mode of downloading\n> aggregates separately containing all of the metadata to load.\n>\n> All the plugin types rely on MetadataFilter plugins to perform\n> critical security checks such as signature verification, enforcement\n> of validity periods, and other checks specific to deployments.\n>\n> Due to a coding error, the \\\"Dynamic\\\" plugin fails to configure\n> itself with the filters provided to it and thus omits whatever checks\n> they are intended to perform, which will typically leave deployments\n> vulnerable to active attacks involving the substitution of metadata if\n> the network path to the query service is compromised.\n", "id": "FreeBSD-2017-0281", "modified": "2017-11-15T00:00:00Z", "published": "2017-11-15T00:00:00Z", "references": [ { "type": "REPORT", "url": "http://shibboleth.internet2.edu/secadv/secadv_20171115.txt" }, { "type": "WEB", "url": "http://shibboleth.internet2.edu/secadv/secadv_20171115.txt" } ], "schema_version": "1.7.0", "summary": "shibboleth2-sp -- \"Dynamic\" metadata provider plugin issue" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "firefox" }, "ranges": [ { "events": [ { "fixed": "56.0.2_10,1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "seamonkey" }, "ranges": [ { "events": [ { "fixed": "2.49.2" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "linux-seamonkey" }, "ranges": [ { "events": [ { "fixed": "2.49.2" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "firefox-esr" }, "ranges": [ { "events": [ { "fixed": "52.5.0,1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "linux-firefox" }, "ranges": [ { "events": [ { "fixed": "52.5.0,2" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "libxul" }, "ranges": [ { "events": [ { "fixed": "52.5.0" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "thunderbird" }, "ranges": [ { "events": [ { "fixed": "52.5.0" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "linux-thunderbird" }, "ranges": [ { "events": [ { "fixed": "52.5.0" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://www.mozilla.org/en-US/security/advisories/mfsa2017-24/" ], "discovery": "2017-11-14T00:00:00Z", "references": { "cvename": [ "CVE-2017-7826", "CVE-2017-7827", "CVE-2017-7828", "CVE-2017-7830", "CVE-2017-7831", "CVE-2017-7832", "CVE-2017-7833", "CVE-2017-7834", "CVE-2017-7835", "CVE-2017-7836", "CVE-2017-7837", "CVE-2017-7838", "CVE-2017-7839", "CVE-2017-7840", "CVE-2017-7842" ] }, "vid": "f78eac48-c3d1-4666-8de5-63ceea25a578" }, "details": "Mozilla Foundation reports:\n\n> CVE-2017-7828: Use-after-free of PressShell while restyling layout\n>\n> CVE-2017-7830: Cross-origin URL information leak through Resource\n> Timing API\n>\n> CVE-2017-7831: Information disclosure of exposed properties on\n> JavaScript proxy objects\n>\n> CVE-2017-7832: Domain spoofing through use of dotless \\'i\\' character\n> followed by accent markers\n>\n> CVE-2017-7833: Domain spoofing with Arabic and Indic vowel marker\n> characters\n>\n> CVE-2017-7834: data: URLs opened in new tabs bypass CSP protections\n>\n> CVE-2017-7835: Mixed content blocking incorrectly applies with\n> redirects\n>\n> CVE-2017-7836: Pingsender dynamically loads libcurl on Linux and OS X\n>\n> CVE-2017-7837: SVG loaded as \\ can use meta tags to set cookies\n>\n> CVE-2017-7838: Failure of individual decoding of labels in\n> international domain names triggers punycode display of entire IDN\n>\n> CVE-2017-7839: Control characters before javascript: URLs defeats\n> self-XSS prevention mechanism\n>\n> CVE-2017-7840: Exported bookmarks do not strip script elements from\n> user-supplied tags\n>\n> CVE-2017-7842: Referrer Policy is not always respected for \\\n> elements\n>\n> CVE-2017-7827: Memory safety bugs fixed in Firefox 57\n>\n> CVE-2017-7826: Memory safety bugs fixed in Firefox 57 and Firefox ESR\n> 52.5\n", "id": "FreeBSD-2017-0280", "modified": "2017-11-14T00:00:00Z", "published": "2017-11-14T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-24/" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-7826" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-7827" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-7828" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-7830" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-7831" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-7832" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-7833" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-7834" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-7835" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-7836" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-7837" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-7838" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-7839" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-7840" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-7842" }, { "type": "WEB", "url": "https://www.mozilla.org/security/advisories/mfsa2017-24/" }, { "type": "WEB", "url": "https://www.mozilla.org/security/advisories/mfsa2017-25/" } ], "schema_version": "1.7.0", "summary": "mozilla -- multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "rubygem-geminabox" }, "ranges": [ { "events": [ { "fixed": "0.13.10" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://nvd.nist.gov/vuln/detail/CVE-2017-16792" ], "discovery": "2017-11-13T00:00:00Z", "references": { "cvename": [ "CVE-2017-16792" ] }, "vid": "27b38d85-c891-11e7-a7bd-cd1209e563f2" }, "details": "NVD reports:\n\n> Stored cross-site scripting (XSS) vulnerability in \\\"geminabox\\\" (Gem\n> in a Box) before 0.13.10 allows attackers to inject arbitrary web\n> script via the \\\"homepage\\\" value of a \\\".gemspec\\\" file, related to\n> views/gem.erb and views/index.erb.\n", "id": "FreeBSD-2017-0279", "modified": "2017-11-13T00:00:00Z", "published": "2017-11-13T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-16792" }, { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-16792" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-16792" } ], "schema_version": "1.7.0", "summary": "rubygem-geminabox -- XSS vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "konversation" }, "ranges": [ { "events": [ { "fixed": "1.7.3" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://www.kde.org/info/security/advisory-20171112-1.txt" ], "discovery": "2017-10-27T00:00:00Z", "references": { "cvename": [ "CVE-2017-15923" ] }, "vid": "795ccee1-c7ed-11e7-ad7d-001e2a3f778d" }, "details": "KDE reports:\n\n> Konversation has support for colors in IRC messages. Any malicious\n> user connected to the same IRC network can send a carefully crafted\n> message that will crash the Konversation user client.\n", "id": "FreeBSD-2017-0278", "modified": "2017-11-12T00:00:00Z", "published": "2017-11-12T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://www.kde.org/info/security/advisory-20171112-1.txt" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-15923" }, { "type": "ADVISORY", "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15923" }, { "type": "WEB", "url": "https://www.kde.org/info/security/advisory-20171112-1.txt" } ], "schema_version": "1.7.0", "summary": "konversation -- crash in IRC message parsing" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "roundcube" }, "ranges": [ { "events": [ { "fixed": "1.3.3,1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16651" ], "discovery": "2017-11-06T00:00:00Z", "references": { "cvename": [ "CVE-2017-16651" ], "freebsdpr": [ "ports/223557" ] }, "vid": "f622608c-c53c-11e7-a633-009c02a2ab30" }, "details": "MITRE reports:\n\n> Roundcube Webmail before 1.1.10, 1.2.x before 1.2.7, and 1.3.x before\n> 1.3.3 allows unauthorized access to arbitrary files on the host\\'s\n> filesystem, including configuration files, as exploited in the wild in\n> November 2017. The attacker must be able to authenticate at the target\n> system with a valid username/password as the attack requires an active\n> session.\n", "id": "FreeBSD-2017-0277", "modified": "2017-12-31T00:00:00Z", "published": "2017-11-11T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16651" }, { "type": "WEB", "url": "https://github.com/roundcube/roundcubemail/issues/6026" }, { "type": "WEB", "url": "https://roundcube.net/news/2017/11/08/security-updates-1.3.3-1.2.7-and-1.1.10" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-16651" }, { "type": "REPORT", "url": "https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=223557" } ], "schema_version": "1.7.0", "summary": "roundcube -- file disclosure vulnerability" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "chromium" }, "ranges": [ { "events": [ { "fixed": "62.0.3202.89" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://chromereleases.googleblog.com/2017/11/stable-channel-update-for-desktop.html" ], "discovery": "2017-11-06T00:00:00Z", "references": { "cvename": [ "CVE-2017-15398", "CVE-2017-15399" ] }, "vid": "f8e72cd4-c66a-11e7-bb17-e8e0b747a45a" }, "details": "Google Chrome Releases reports:\n\n> 2 security fixes in this release, including:\n>\n> - \\[777728\\] Critical CVE-2017-15398: Stack buffer overflow in QUIC.\n> Reported by Ned Williamson on 2017-10-24\n> - \\[776677\\] High CVE-2017-15399: Use after free in V8. Reported by\n> Zhao Qixun of Qihoo 360 Vulcan Team on 2017-10-20\n", "id": "FreeBSD-2017-0276", "modified": "2017-11-10T00:00:00Z", "published": "2017-11-10T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://chromereleases.googleblog.com/2017/11/stable-channel-update-for-desktop.html" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-15398" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-15399" }, { "type": "WEB", "url": "https://chromereleases.googleblog.com/2017/11/stable-channel-update-for-desktop.html" } ], "schema_version": "1.7.0", "summary": "chromium -- multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "postgresql92-server" }, "ranges": [ { "events": [ { "introduced": "9.2.0" }, { "fixed": "9.2.24" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "postgresql93-server" }, "ranges": [ { "events": [ { "introduced": "9.3.0" }, { "fixed": "9.3.20" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "postgresql94-server" }, "ranges": [ { "events": [ { "introduced": "9.4.0" }, { "fixed": "9.4.15" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "postgresql95-server" }, "ranges": [ { "events": [ { "introduced": "9.5.0" }, { "fixed": "9.5.10" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "postgresql96-server" }, "ranges": [ { "events": [ { "introduced": "9.6.0" }, { "fixed": "9.6.6" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "postgresql10-server" }, "ranges": [ { "events": [ { "introduced": "10.0" }, { "fixed": "10.1" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://www.postgresql.org/about/news/1801/" ], "discovery": "2017-10-10T00:00:00Z", "references": { "cvename": [ "CVE-2017-15099", "CVE-2017-15098" ] }, "vid": "1f02af5d-c566-11e7-a12d-6cc21735f730" }, "details": "The PostgreSQL project reports:\n\n> - CVE-2017-15098: Memory disclosure in JSON functions\n> - CVE-2017-15099: INSERT \\... ON CONFLICT DO UPDATE fails to enforce\n> SELECT privileges\n", "id": "FreeBSD-2017-0275", "modified": "2017-11-09T00:00:00Z", "published": "2017-11-09T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://www.postgresql.org/about/news/1801/" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-15099" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-15098" } ], "schema_version": "1.7.0", "summary": "PostgreSQL vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "jenkins" }, "ranges": [ { "events": [ { "fixed": "2.89" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "jenkins-lts" }, "ranges": [ { "events": [ { "fixed": "2.73.3" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "http://www.securityfocus.com/bid/99574" ], "discovery": "2017-11-08T00:00:00Z", "vid": "1c2a9d76-9d98-43c3-8f5d-8c059b104d99" }, "details": "Jenkins developers report:\n\n> Jenkins stores metadata related to people, which encompasses actual\n> user accounts, as well as users appearing in SCM, in directories\n> corresponding to the user ID on disk. These directories used the user\n> ID for their name without additional escaping. This potentially\n> resulted in a number of problems.\n>\n> Autocompletion suggestions for text fields were not escaped, resulting\n> in a persisted cross-site scripting vulnerability if the source for\n> the suggestions allowed specifying text that includes HTML\n> metacharacters like less-than and greater-than characters.\n", "id": "FreeBSD-2017-0274", "modified": "2017-11-09T00:00:00Z", "published": "2017-11-09T00:00:00Z", "references": [ { "type": "REPORT", "url": "http://www.securityfocus.com/bid/99574" }, { "type": "WEB", "url": "https://jenkins.io/security/advisory/2017-11-08/" } ], "schema_version": "1.7.0", "summary": "jenkins -- multiple issues" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "asterisk13" }, "ranges": [ { "events": [ { "introduced": "13.5.0" }, { "fixed": "13.18.1" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "http://www.asterisk.org/downloads/security-advisories" ], "discovery": "2017-10-15T00:00:00Z", "references": { "cvename": [ "CVE-2017-16672" ] }, "vid": "be261737-c535-11e7-8da5-001999f8d30b" }, "details": "The Asterisk project reports:\n\n> A memory leak occurs when an Asterisk pjsip session object is created\n> and that call gets rejected before the session itself is fully\n> established. When this happens the session object never gets\n> destroyed. This then leads to file descriptors and RTP ports being\n> leaked as well.\n", "id": "FreeBSD-2017-0273", "modified": "2017-12-13T00:00:00Z", "published": "2017-11-09T00:00:00Z", "references": [ { "type": "REPORT", "url": "http://www.asterisk.org/downloads/security-advisories" }, { "type": "WEB", "url": "https://downloads.asterisk.org/pub/security/AST-2017-011.html" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-16672" } ], "schema_version": "1.7.0", "summary": "asterisk -- Memory/File Descriptor/RTP leak in pjsip session resource" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "asterisk13" }, "ranges": [ { "events": [ { "fixed": "13.18.1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "http://www.asterisk.org/downloads/security-advisories" ], "discovery": "2017-10-09T00:00:00Z", "references": { "cvename": [ "CVE-2017-16671" ] }, "vid": "ab04cb0b-c533-11e7-8da5-001999f8d30b" }, "details": "The Asterisk project reports:\n\n> No size checking is done when setting the user field for Party B on a\n> CDR. Thus, it is possible for someone to use an arbitrarily large\n> string and write past the end of the user field storage buffer. The\n> earlier AST-2017-001 advisory for the CDR user field overflow was for\n> the Party A buffer.\n", "id": "FreeBSD-2017-0272", "modified": "2017-12-13T00:00:00Z", "published": "2017-11-09T00:00:00Z", "references": [ { "type": "REPORT", "url": "http://www.asterisk.org/downloads/security-advisories" }, { "type": "WEB", "url": "https://downloads.asterisk.org/pub/security/AST-2017-010.html" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-16671" } ], "schema_version": "1.7.0", "summary": "asterisk -- Buffer overflow in CDR's set user" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "asterisk13" }, "ranges": [ { "events": [ { "fixed": "13.18.1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "pjsip" }, "ranges": [ { "events": [ { "fixed": "2.7.1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "pjsip-extsrtp" }, "ranges": [ { "events": [ { "fixed": "2.7.1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "http://www.asterisk.org/downloads/security-advisories" ], "discovery": "2017-10-05T00:00:00Z", "vid": "19b052c9-c533-11e7-8da5-001999f8d30b" }, "details": "The Asterisk project reports:\n\n> By carefully crafting invalid values in the Cseq and the Via header\n> port, pjprojects packet parsing code can create strings larger than\n> the buffer allocated to hold them. This will usually cause Asterisk to\n> crash immediately. The packets do not have to be authenticated.\n", "id": "FreeBSD-2017-0271", "modified": "2017-11-15T00:00:00Z", "published": "2017-11-09T00:00:00Z", "references": [ { "type": "REPORT", "url": "http://www.asterisk.org/downloads/security-advisories" }, { "type": "WEB", "url": "https://downloads.asterisk.org/pub/security/AST-2017-009.html" } ], "schema_version": "1.7.0", "summary": "asterisk -- Buffer overflow in pjproject header parsing can cause crash in Asterisk" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "openssl" }, "ranges": [ { "events": [ { "fixed": "1.0.2m,1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "openssl-devel" }, "ranges": [ { "events": [ { "fixed": "1.1.0g" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://www.openssl.org/news/secadv/20171102.txt" ], "discovery": "2017-11-02T00:00:00Z", "references": { "cvename": [ "CVE-2017-3735", "CVE-2017-3736" ] }, "vid": "f40f07aa-c00f-11e7-ac58-b499baebfeaf" }, "details": "The OpenSSL project reports:\n\n> bn_sqrx8x_internal carry bug on x86_64 (CVE-2017-3736)\\\n> Severity: Moderate\\\n> There is a carry propagating bug in the x86_64 Montgomery squaring\n> procedure. No EC algorithms are affected. Analysis suggests that\n> attacks against RSA and DSA as a result of this defect would be very\n> difficult to perform and are not believed likely. Attacks against DH\n> are considered just feasible (although very difficult) because most of\n> the work necessary to deduce information about a private key may be\n> performed offline.\n>\n> Malformed X.509 IPAddressFamily could cause OOB read (CVE-2017-3735)\\\n> Severity: Low\\\n> This issue was previously announced in security advisory\n> https://www.openssl.org/news/secadv/20170828.txt, but the fix has not\n> previously been included in a release due to its low severity.\n", "id": "FreeBSD-2017-0270", "modified": "2017-11-02T00:00:00Z", "published": "2017-11-02T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://www.openssl.org/news/secadv/20171102.txt" }, { "type": "WEB", "url": "https://www.openssl.org/news/secadv/20171102.txt" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-3735" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-3736" } ], "schema_version": "1.7.0", "summary": "OpenSSL -- Multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "wordpress" }, "ranges": [ { "events": [ { "fixed": "4.8.3,1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://wordpress.org/news/2017/10/wordpress-4-8-3-security-release/" ], "discovery": "2017-10-31T00:00:00Z", "vid": "cee3d12f-bf41-11e7-bced-00e04c1ea73d" }, "details": "wordpress developers reports:\n\n> WordPress versions 4.8.2 and earlier are affected by an issue where\n> \\$wpdb-\\>prepare() can create unexpected and unsafe queries leading to\n> potential SQL injection (SQLi). WordPress core is not directly\n> vulnerable to this issue, but we\\'ve added hardening to prevent\n> plugins and themes from accidentally causing a vulnerability.\n", "id": "FreeBSD-2017-0269", "modified": "2017-11-01T00:00:00Z", "published": "2017-11-01T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://wordpress.org/news/2017/10/wordpress-4-8-3-security-release/" }, { "type": "WEB", "url": "https://wordpress.org/news/2017/10/wordpress-4-8-3-security-release/" } ], "schema_version": "1.7.0", "summary": "wordpress -- multiple issues" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "wireshark" }, "ranges": [ { "events": [ { "introduced": "2.2.0" }, { "last_affected": "2.2.9" }, { "fixed": "2.2.9" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "2.4.0" }, { "last_affected": "2.4.1" }, { "fixed": "2.4.1" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "http://www.securityfocus.com/bid/101228" ], "discovery": "2017-10-10T00:00:00Z", "references": { "cvename": [ "CVE-2017-15189", "CVE-2017-15190", "CVE-2017-15191", "CVE-2017-15192", "CVE-2017-15193" ] }, "vid": "4684a426-774d-4390-aa19-b8dd481c4c94" }, "details": "wireshark developers reports:\n\n> In Wireshark 2.4.0 to 2.4.1, the DOCSIS dissector could go into an\n> infinite loop. This was addressed in plugins/docsis/packet-docsis.c by\n> adding decrements.\n>\n> In Wireshark 2.4.0 to 2.4.1, the RTSP dissector could crash. This was\n> addressed in epan/dissectors/packet-rtsp.c by correcting the scope of\n> a variable.\n>\n> In Wireshark 2.4.0 to 2.4.1, 2.2.0 to 2.2.9, and 2.0.0 to 2.0.15, the\n> DMP dissector could crash. This was addressed in\n> epan/dissectors/packet-dmp.c by validating a string length.\n>\n> In Wireshark 2.4.0 to 2.4.1 and 2.2.0 to 2.2.9, the BT ATT dissector\n> could crash. This was addressed in epan/dissectors/packet-btatt.c by\n> considering a case where not all of the BTATT packets have the same\n> encapsulation level.\n>\n> In Wireshark 2.4.0 to 2.4.1 and 2.2.0 to 2.2.9, the MBIM dissector\n> could crash or exhaust system memory. This was addressed in\n> epan/dissectors/packet-mbim.c by changing the memory-allocation\n> approach.\n", "id": "FreeBSD-2017-0268", "modified": "2017-10-30T00:00:00Z", "published": "2017-10-30T00:00:00Z", "references": [ { "type": "REPORT", "url": "http://www.securityfocus.com/bid/101228" }, { "type": "WEB", "url": "http://www.securityfocus.com/bid/101227" }, { "type": "WEB", "url": "http://www.securityfocus.com/bid/101228" }, { "type": "WEB", "url": "http://www.securityfocus.com/bid/101229" }, { "type": "WEB", "url": "http://www.securityfocus.com/bid/101235" }, { "type": "WEB", "url": "http://www.securityfocus.com/bid/101240" }, { "type": "WEB", "url": "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14049" }, { "type": "WEB", "url": "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14056" }, { "type": "WEB", "url": "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14068" }, { "type": "WEB", "url": "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14077" }, { "type": "WEB", "url": "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14080" }, { "type": "WEB", "url": "https://code.wireshark.org/review/23470" }, { "type": "WEB", "url": "https://code.wireshark.org/review/23537" }, { "type": "WEB", "url": "https://code.wireshark.org/review/23591" }, { "type": "WEB", "url": "https://code.wireshark.org/review/23635" }, { "type": "WEB", "url": "https://code.wireshark.org/review/23663" }, { "type": "WEB", "url": "https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=3689dc1db36037436b1616715f9a3f888fc9a0f6" }, { "type": "WEB", "url": "https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=625bab309d9dd21db2d8ae2aa3511810d32842a8" }, { "type": "WEB", "url": "https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=8dbb21dfde14221dab09b6b9c7719b9067c1f06e" }, { "type": "WEB", "url": "https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=afb9ff7982971aba6e42472de0db4c1bedfc641b" }, { "type": "WEB", "url": "https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=e27870eaa6efa1c2dac08aa41a67fe9f0839e6e0" }, { "type": "WEB", "url": "https://www.wireshark.org/security/wnpa-sec-2017-42.html" }, { "type": "WEB", "url": "https://www.wireshark.org/security/wnpa-sec-2017-43.html" }, { "type": "WEB", "url": "https://www.wireshark.org/security/wnpa-sec-2017-44.html" }, { "type": "WEB", "url": "https://www.wireshark.org/security/wnpa-sec-2017-45.html" }, { "type": "WEB", "url": "https://www.wireshark.org/security/wnpa-sec-2017-46.html" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-15189" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-15190" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-15191" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-15192" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-15193" } ], "schema_version": "1.7.0", "summary": "wireshark -- multiple security issues" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "php56" }, "ranges": [ { "events": [ { "fixed": "5.6.32" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "php70" }, "ranges": [ { "events": [ { "fixed": "7.0.25" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "php71" }, "ranges": [ { "events": [ { "fixed": "7.1.11" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "http://php.net/archive/2017.php#id2017-10-26-3", "http://php.net/archive/2017.php#id2017-10-26-1", "http://php.net/archive/2017.php#id2017-10-27-1" ], "discovery": "2017-10-26T00:00:00Z", "references": { "cvename": [ "CVE-2016-1283" ] }, "vid": "de7a2b32-bd7d-11e7-b627-d43d7e971a1b" }, "details": "The PHP project reports:\n\n> The PHP development team announces the immediate availability of PHP\n> 5.6.32. This is a security release. Several security bugs were fixed\n> in this release. All PHP 5.6 users are encouraged to upgrade to this\n> version.\n\n> The PHP development team announces the immediate availability of PHP\n> 7.0.25. This is a security release. Several security bugs were fixed\n> in this release. All PHP 7.0 users are encouraged to upgrade to this\n> version.\n\n> The PHP development team announces the immediate availability of PHP\n> 7.1.11. This is a bugfix release, with several bug fixes included. All\n> PHP 7.1 users are encouraged to upgrade to this version.\n", "id": "FreeBSD-2017-0267", "modified": "2017-11-14T00:00:00Z", "published": "2017-10-30T00:00:00Z", "references": [ { "type": "REPORT", "url": "http://php.net/archive/2017.php#id2017-10-26-3" }, { "type": "REPORT", "url": "http://php.net/archive/2017.php#id2017-10-26-1" }, { "type": "REPORT", "url": "http://php.net/archive/2017.php#id2017-10-27-1" }, { "type": "WEB", "url": "http://php.net/archive/2017.php#id2017-10-26-3" }, { "type": "WEB", "url": "http://php.net/archive/2017.php#id2017-10-26-1" }, { "type": "WEB", "url": "http://php.net/archive/2017.php#id2017-10-27-1" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2016-1283" } ], "schema_version": "1.7.0", "summary": "PHP -- denial of service attack" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "chromium" }, "ranges": [ { "events": [ { "fixed": "62.0.3202.75" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://chromereleases.googleblog.com/2017/10/stable-channel-update-for-desktop_26.html" ], "discovery": "2017-10-26T00:00:00Z", "references": { "cvename": [ "CVE-2017-15396", "CVE-2017-15406" ] }, "vid": "3cd46257-bbc5-11e7-a3bc-e8e0b747a45a" }, "details": "Google Chrome Releases reports:\n\n> 2 security fixes in this release, including:\n>\n> - \\[770452\\] High CVE-2017-15396: Stack overflow in V8. Reported by\n> Yuan Deng of Ant-financial Light-Year Security Lab on 2017-09-30\n> - \\[770450\\] Medium CVE-2017-15406: Stack overflow in V8. Reported by\n> Yuan Deng of Ant-financial Light-Year Security Lab on 2017-09-30\n", "id": "FreeBSD-2017-0266", "modified": "2018-01-23T00:00:00Z", "published": "2017-10-28T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://chromereleases.googleblog.com/2017/10/stable-channel-update-for-desktop_26.html" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-15396" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-15406" }, { "type": "WEB", "url": "https://chromereleases.googleblog.com/2017/10/stable-channel-update-for-desktop_26.html" } ], "schema_version": "1.7.0", "summary": "chromium -- Stack overflow in V8" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "wget" }, "ranges": [ { "events": [ { "fixed": "1.19.2" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://www.viestintavirasto.fi/en/cybersecurity/vulnerabilities/2017/haavoittuvuus-2017-037.html" ], "discovery": "2017-10-20T00:00:00Z", "references": { "cvename": [ "CVE-2017-13090" ] }, "vid": "d77ceb8c-bb13-11e7-8357-3065ec6f3643" }, "details": "Antti Levom\u00e4ki, Christian Jalio, Joonas Pihlaja:\n\n> Wget contains two vulnerabilities, a stack overflow and a heap\n> overflow, in the handling of HTTP chunked encoding. By convincing a\n> user to download a specific link over HTTP, an attacker may be able to\n> execute arbitrary code with the privileges of the user.\n", "id": "FreeBSD-2017-0265", "modified": "2017-10-27T00:00:00Z", "published": "2017-10-27T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://www.viestintavirasto.fi/en/cybersecurity/vulnerabilities/2017/haavoittuvuus-2017-037.html" }, { "type": "WEB", "url": "http://git.savannah.gnu.org/cgit/wget.git/commit/?id=ba6b44f6745b14dce414761a8e4b35d31b176bba" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-13090" } ], "schema_version": "1.7.0", "summary": "wget -- Heap overflow in HTTP protocol handling" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "wget" }, "ranges": [ { "events": [ { "fixed": "1.19.2" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://www.viestintavirasto.fi/en/cybersecurity/vulnerabilities/2017/haavoittuvuus-2017-037.html" ], "discovery": "2017-10-20T00:00:00Z", "references": { "cvename": [ "CVE-2017-13089" ] }, "vid": "09849e71-bb12-11e7-8357-3065ec6f3643" }, "details": "Antti Levom\u00e4ki, Christian Jalio, Joonas Pihlaja:\n\n> Wget contains two vulnerabilities, a stack overflow and a heap\n> overflow, in the handling of HTTP chunked encoding. By convincing a\n> user to download a specific link over HTTP, an attacker may be able to\n> execute arbitrary code with the privileges of the user.\n", "id": "FreeBSD-2017-0264", "modified": "2017-10-27T00:00:00Z", "published": "2017-10-27T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://www.viestintavirasto.fi/en/cybersecurity/vulnerabilities/2017/haavoittuvuus-2017-037.html" }, { "type": "WEB", "url": "http://git.savannah.gnu.org/cgit/wget.git/commit/?id=d892291fb8ace4c3b734ea5125770989c215df3f" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-13089" } ], "schema_version": "1.7.0", "summary": "wget -- Stack overflow in HTTP protocol handling" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "node" }, "ranges": [ { "events": [ { "fixed": "8.8.0" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "node6" }, "ranges": [ { "events": [ { "introduced": "6.10.2" }, { "fixed": "6.11.5" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "node4" }, "ranges": [ { "events": [ { "introduced": "4.8.2" }, { "fixed": "4.8.5" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://nodejs.org/en/blog/vulnerability/oct-2017-dos/" ], "discovery": "2017-10-17T00:00:00Z", "references": { "cvename": [ "CVE-2017-14919" ] }, "vid": "d7d1cc94-b971-11e7-af3a-f1035dd0da62" }, "details": "Node.js reports:\n\n> Node.js was susceptible to a remote DoS attack due to a change that\n> came in as part of zlib v1.2.9. In zlib v1.2.9 8 became an invalid\n> value for the windowBits parameter and Node\\'s zlib module will crash\n> or throw an exception (depending on the version)\n", "id": "FreeBSD-2017-0263", "modified": "2017-10-25T00:00:00Z", "published": "2017-10-25T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://nodejs.org/en/blog/vulnerability/oct-2017-dos/" }, { "type": "WEB", "url": "https://nodejs.org/en/blog/vulnerability/oct-2017-dos/" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-14919" } ], "schema_version": "1.7.0", "summary": "Node.js -- remote DOS security vulnerability" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "gitlab" }, "ranges": [ { "events": [ { "introduced": "2.8.0" }, { "last_affected": "9.4.6" }, { "fixed": "9.4.6" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "9.5.0" }, { "last_affected": "9.5.8" }, { "fixed": "9.5.8" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "10.0.0" }, { "last_affected": "10.0.3" }, { "fixed": "10.0.3" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://about.gitlab.com/2017/10/17/gitlab-10-dot-0-dot-4-security-release/" ], "discovery": "2017-10-17T00:00:00Z", "vid": "418c172b-b96f-11e7-b627-d43d7e971a1b" }, "details": "GitLab reports:\n\n> # Cross-Site Scripting (XSS) vulnerability in the Markdown sanitization filter\n>\n> Yasin Soliman via HackerOne reported a Cross-Site Scripting (XSS)\n> vulnerability in the GitLab markdown sanitization filter. The\n> sanitization filter was not properly stripping invalid characters from\n> URL schemes and was therefore vulnerable to persistent XSS attacks\n> anywhere Markdown was supported.\n>\n> # Cross-Site Scripting (XSS) vulnerability in search bar\n>\n> Josh Unger reported a Cross-Site Scripting (XSS) vulnerability in the\n> issue search bar. Usernames were not being properly HTML escaped\n> inside the author filter would could allow arbitrary script execution.\n>\n> # Open redirect in repository git redirects\n>\n> Eric Rafaloff via HackerOne reported that GitLab was vulnerable to an\n> open redirect vulnerability when redirecting requests for repository\n> names that include the git extension. GitLab was not properly removing\n> dangerous parameters from the params field before redirecting which\n> could allow an attacker to redirect users to arbitrary hosts.\n>\n> # Username changes could leave repositories behind\n>\n> An internal code review discovered that a bug in the code that moves\n> repositories during a username change could potentially leave behind\n> projects, allowing an attacker who knows the previous username to\n> potentially steal the contents of repositories on instances that are\n> not configured with hashed namespaces.\n", "id": "FreeBSD-2017-0262", "modified": "2017-10-25T00:00:00Z", "published": "2017-10-25T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://about.gitlab.com/2017/10/17/gitlab-10-dot-0-dot-4-security-release/" }, { "type": "WEB", "url": "https://about.gitlab.com/2017/10/17/gitlab-10-dot-0-dot-4-security-release/" } ], "schema_version": "1.7.0", "summary": "GitLab -- multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "apache-openoffice" }, "ranges": [ { "events": [ { "fixed": "4.1.4" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "apache-openoffice-devel" }, "ranges": [ { "events": [ { "fixed": "4.2.1810071_1,4" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://www.openoffice.org/security/cves/CVE-2017-3157.html", "https://www.openoffice.org/security/cves/CVE-2017-9806.html", "https://www.openoffice.org/security/cves/CVE-2017-12607.html", "https://www.openoffice.org/security/cves/CVE-2017-12608.html" ], "discovery": "2016-09-11T00:00:00Z", "references": { "cvename": [ "CVE-2017-3157", "CVE-2017-9806", "CVE-2017-12607", "CVE-2017-12608" ] }, "vid": "27229c67-b8ff-11e7-9f79-ac9e174be3af" }, "details": "The Apache Openofffice project reports:\n\n> # CVE-2017-3157: Arbitrary file disclosure in Calc and Writer\n>\n> By exploiting the way OpenOffice renders embedded objects, an attacker\n> could craft a document that allows reading in a file from the user\\'s\n> filesystem. Information could be retrieved by the attacker by, e.g.,\n> using hidden sections to store the information, tricking the user into\n> saving the document and convincing the user to sent the document back\n> to the attacker.\n>\n> The vulnerability is mitigated by the need for the attacker to know\n> the precise file path in the target system, and the need to trick the\n> user into saving the document and sending it back.\n\n> # CVE-2017-9806: Out-of-Bounds Write in Writer\\'s WW8Fonts Constructor\n>\n> A vulnerability in the OpenOffice Writer DOC file parser, and\n> specifically in the WW8Fonts Constructor, allows attackers to craft\n> malicious documents that cause denial of service (memory corruption\n> and application crash) potentially resulting in arbitrary code\n> execution.\n\n> # CVE-2017-12607: Out-of-Bounds Write in Impress\\' PPT Filter\n>\n> A vulnerability in OpenOffice\\'s PPT file parser, and specifically in\n> PPTStyleSheet, allows attackers to craft malicious documents that\n> cause denial of service (memory corruption and application crash)\n> potentially resulting in arbitrary code execution.\n\n> # CVE-2017-12608: Out-of-Bounds Write in Writer\\'s ImportOldFormatStyles\n>\n> A vulnerability in OpenOffice Writer DOC file parser, and specifically\n> in ImportOldFormatStyles, allows attackers to craft malicious\n> documents that cause denial of service (memory corruption and\n> application crash) potentially resulting in arbitrary code execution.\n", "id": "FreeBSD-2017-0261", "modified": "2017-10-26T00:00:00Z", "published": "2017-10-24T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://www.openoffice.org/security/cves/CVE-2017-3157.html" }, { "type": "REPORT", "url": "https://www.openoffice.org/security/cves/CVE-2017-9806.html" }, { "type": "REPORT", "url": "https://www.openoffice.org/security/cves/CVE-2017-12607.html" }, { "type": "REPORT", "url": "https://www.openoffice.org/security/cves/CVE-2017-12608.html" }, { "type": "WEB", "url": "https://www.openoffice.org/security/cves/CVE-2017-3157.html" }, { "type": "WEB", "url": "https://www.openoffice.org/security/cves/CVE-2017-9806.html" }, { "type": "WEB", "url": "https://www.openoffice.org/security/cves/CVE-2017-12607.html" }, { "type": "WEB", "url": "https://www.openoffice.org/security/cves/CVE-2017-12608.html" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-3157" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-9806" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-12607" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-12608" } ], "schema_version": "1.7.0", "summary": "Apache OpenOffice -- multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "curl" }, "ranges": [ { "events": [ { "introduced": "7.20" }, { "fixed": "7.56.1" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://curl.haxx.se/docs/adv_20171023.html" ], "discovery": "2017-10-23T00:00:00Z", "references": { "cvename": [ "CVE-2017-1000257" ] }, "vid": "143ec3d6-b7cf-11e7-ac58-b499baebfeaf" }, "details": "The cURL project reports:\n\n> libcurl contains a buffer overrun flaw in the IMAP handler.\\\n> An IMAP FETCH response line indicates the size of the returned data,\n> in number of bytes. When that response says the data is zero bytes,\n> libcurl would pass on that (non-existing) data with a pointer and the\n> size (zero) to the deliver-data function.\\\n> libcurl\\'s deliver-data function treats zero as a magic number and\n> invokes strlen() on the data to figure out the length. The strlen() is\n> called on a heap based buffer that might not be zero terminated so\n> libcurl might read beyond the end of it into whatever memory lies\n> after (or just crash) and then deliver that to the application as if\n> it was actually downloaded.\n", "id": "FreeBSD-2017-0260", "modified": "2017-10-23T00:00:00Z", "published": "2017-10-23T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://curl.haxx.se/docs/adv_20171023.html" }, { "type": "WEB", "url": "https://curl.haxx.se/docs/adv_20171023.html" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-1000257" } ], "schema_version": "1.7.0", "summary": "cURL -- out of bounds read" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "h2o" }, "ranges": [ { "events": [ { "fixed": "2.2.3" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://github.com/h2o/h2o/releases/tag/v2.2.3" ], "discovery": "2017-07-19T00:00:00Z", "references": { "cvename": [ "CVE-2017-10868", "CVE-2017-10869" ] }, "vid": "10c0fabc-b5da-11e7-816e-00bd5d1fff09" }, "details": "Frederik Deweerdt reports:\n\n> Multiple Denial-of-Service vulnerabilities exist in h2o workers - see\n> references for full details.\n>\n> CVE-2017-10868: Worker processes may crash when receiving a request\n> with invalid framing.\n>\n> CVE-2017-10869: The stack may overflow when proxying huge requests.\n", "id": "FreeBSD-2017-0259", "modified": "2017-10-17T00:00:00Z", "published": "2017-10-17T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://github.com/h2o/h2o/releases/tag/v2.2.3" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-10868" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-10869" }, { "type": "WEB", "url": "https://github.com/h2o/h2o/issues/1459" }, { "type": "WEB", "url": "https://github.com/h2o/h2o/issues/1460" }, { "type": "WEB", "url": "https://github.com/h2o/h2o/releases/tag/v2.2.3" } ], "schema_version": "1.7.0", "summary": "h2o -- DoS in workers" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "irssi" }, "ranges": [ { "events": [ { "fixed": "1.0.5,1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://irssi.org/security/irssi_sa_2017_10.txt" ], "discovery": "2017-10-10T00:00:00Z", "references": { "cvename": [ "CVE-2017-15721", "CVE-2017-15722", "CVE-2017-15723", "CVE-2017-15227", "CVE-2017-15228" ], "freebsdpr": [ "ports/223169" ] }, "vid": "85e2c7eb-b74b-11e7-8546-5cf3fcfdd1f1" }, "details": "Irssi reports:\n\n> When installing themes with unterminated colour formatting sequences,\n> Irssi may access data beyond the end of the string.\n>\n> While waiting for the channel synchronisation, Irssi may incorrectly\n> fail to remove destroyed channels from the query list, resulting in\n> use after free conditions when updating the state later on.\n>\n> Certain incorrectly formatted DCC CTCP messages could cause NULL\n> pointer dereference.\n>\n> Overlong nicks or targets may result in a NULL pointer dereference\n> while splitting the message.\n>\n> In certain cases Irssi may fail to verify that a Safe channel ID is\n> long enough, causing reads beyond the end of the string.\n", "id": "FreeBSD-2017-0258", "modified": "2017-12-31T00:00:00Z", "published": "2017-10-22T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://irssi.org/security/irssi_sa_2017_10.txt" }, { "type": "WEB", "url": "https://irssi.org/security/irssi_sa_2017_10.txt" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-15721" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-15722" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-15723" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-15227" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-15228" }, { "type": "REPORT", "url": "https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=223169" } ], "schema_version": "1.7.0", "summary": "irssi -- multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "chromium" }, "ranges": [ { "events": [ { "fixed": "62.0.3202.62" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://chromereleases.googleblog.com/2017/10/stable-channel-update-for-desktop.html" ], "discovery": "2017-10-17T00:00:00Z", "references": { "cvename": [ "CVE-2017-5124", "CVE-2017-5125", "CVE-2017-5126", "CVE-2017-5127", "CVE-2017-5128", "CVE-2017-5129", "CVE-2017-5132", "CVE-2017-5130", "CVE-2017-5131", "CVE-2017-5133", "CVE-2017-15386", "CVE-2017-15387", "CVE-2017-15388", "CVE-2017-15389", "CVE-2017-15390", "CVE-2017-15391", "CVE-2017-15392", "CVE-2017-15393", "CVE-2017-15394", "CVE-2017-15395" ] }, "vid": "a692bffe-b6ad-11e7-a1c2-e8e0b747a45a" }, "details": "Google Chrome Releases reports:\n\n> 35 security fixes in this release, including:\n>\n> - \\[762930\\] High CVE-2017-5124: UXSS with MHTML. Reported by\n> Anonymous on 2017-09-07\n> - \\[749147\\] High CVE-2017-5125: Heap overflow in Skia. Reported by\n> Anonymous on 2017-07-26\n> - \\[760455\\] High CVE-2017-5126: Use after free in PDFium. Reported by\n> Luat Nguyen on KeenLab, Tencent on 2017-08-30\n> - \\[765384\\] High CVE-2017-5127: Use after free in PDFium. Reported by\n> Luat Nguyen on KeenLab, Tencent on 2017-09-14\n> - \\[765469\\] High CVE-2017-5128: Heap overflow in WebGL. Reported by\n> Omair on 2017-09-14\n> - \\[765495\\] High CVE-2017-5129: Use after free in WebAudio. Reported\n> by Omair on 2017-09-15\n> - \\[718858\\] High CVE-2017-5132: Incorrect stack manipulation in\n> WebAssembly. Reported by Gaurav Dewan of Adobe Systems India Pvt.\n> Ltd. on 2017-05-05\n> - \\[722079\\] High CVE-2017-5130: Heap overflow in libxml2. Reported by\n> Pranjal Jumde on 2017-05-14\n> - \\[744109\\] Medium CVE-2017-5131: Out of bounds write in Skia.\n> Reported by Anonymous on 2017-07-16\n> - \\[762106\\] Medium CVE-2017-5133: Out of bounds write in Skia.\n> Reported by Aleksandar Nikolic of Cisco Talos on 2017-09-05\n> - \\[752003\\] Medium CVE-2017-15386: UI spoofing in Blink. Reported by\n> WenXu Wu of Tencent\\'s Xuanwu Lab on 2017-08-03\n> - \\[756040\\] Medium CVE-2017-15387: Content security bypass. Reported\n> by Jun Kokatsu on 2017-08-16\n> - \\[756563\\] Medium CVE-2017-15388: Out of bounds read in Skia.\n> Reported by Kushal Arvind Shah of Fortinet\\'s FortiGuard Labs on\n> 2017-08-17\n> - \\[739621\\] Medium CVE-2017-15389: URL spoofing in Omnibox. Reported\n> by xisigr of Tencent\\'s Xuanwu Lab on 2017-07-06\n> - \\[750239\\] Medium CVE-2017-15390: URL spoofing in Omnibox. Reported\n> by Haosheng Wang on 2017-07-28\n> - \\[598265\\] Low CVE-2017-15391: Extension limitation bypass in\n> Extensions. Reported by Joao Lucas Melo Brasio on 2016-03-28\n> - \\[714401\\] Low CVE-2017-15392: Incorrect registry key handling in\n> PlatformIntegration. Reported by Xiaoyin Liu on 2017-04-22\n> - \\[732751\\] Low CVE-2017-15393: Referrer leak in Devtools. Reported\n> by Svyat Mitin on 2017-06-13\n> - \\[745580\\] Low CVE-2017-15394: URL spoofing in extensions UI.\n> Reported by Sam on 2017-07-18\n> - \\[759457\\] Low CVE-2017-15395: Null pointer dereference in\n> ImageCapture. Reported by Johannes Bergman on 2017-08-28\n> - \\[775550\\] Various fixes from internal audits, fuzzing and other\n> initiatives\n", "id": "FreeBSD-2017-0257", "modified": "2017-10-21T00:00:00Z", "published": "2017-10-21T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://chromereleases.googleblog.com/2017/10/stable-channel-update-for-desktop.html" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-5124" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-5125" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-5126" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-5127" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-5128" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-5129" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-5132" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-5130" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-5131" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-5133" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-15386" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-15387" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-15388" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-15389" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-15390" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-15391" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-15392" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-15393" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-15394" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-15395" }, { "type": "WEB", "url": "https://chromereleases.googleblog.com/2017/10/stable-channel-update-for-desktop.html" } ], "schema_version": "1.7.0", "summary": "chromium -- multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "cacti" }, "ranges": [ { "events": [ { "fixed": "1.1.26" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ " https://github.com/Cacti/cacti/commit/93f661d8adcfa6618b11522cdab30e97bada33fd" ], "discovery": "2017-10-10T00:00:00Z", "references": { "cvename": [ "CVE-2017-15194" ] }, "vid": "e1cb9dc9-daa9-44db-adde-e94d900e2f7f" }, "details": "cacti developers report:\n\n> The file include/global_session.php in Cacti 1.1.25 has XSS related to\n> (1) the URI or (2) the refresh page.\n", "id": "FreeBSD-2017-0256", "modified": "2017-10-19T00:00:00Z", "published": "2017-10-19T00:00:00Z", "references": [ { "type": "REPORT", "url": " https://github.com/Cacti/cacti/commit/93f661d8adcfa6618b11522cdab30e97bada33fd" }, { "type": "WEB", "url": "http://www.securitytracker.com/id/1039569" }, { "type": "WEB", "url": "https://github.com/Cacti/cacti/commit/93f661d8adcfa6618b11522cdab30e97bada33fd" }, { "type": "WEB", "url": "https://github.com/Cacti/cacti/issues/1010" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-15194" } ], "schema_version": "1.7.0", "summary": "cacti -- Cross Site Scripting issue" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "arj" }, "ranges": [ { "events": [ { "fixed": "3.10.22_5" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "discovery": "2015-04-08T00:00:00Z", "references": { "cvename": [ "CVE-2015-0556", "CVE-2015-0557", "CVE-2015-2782" ] }, "vid": "b95e5674-b4d6-11e7-b895-0cc47a494882" }, "details": "Several vulnerabilities: symlink directory traversal, absolute path\ndirectory traversal and buffer overflow were discovered in the arj\narchiver.\n", "id": "FreeBSD-2017-0255", "modified": "2017-10-19T00:00:00Z", "published": "2017-10-19T00:00:00Z", "references": [ { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2015-0556" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2015-0557" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2015-2782" } ], "schema_version": "1.7.0", "summary": "arj -- multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "krb5" }, "ranges": [ { "events": [ { "fixed": "1.14.6" }, { "introduced": "0" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "1.15" }, { "fixed": "1.15.2" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "krb5-devel" }, "ranges": [ { "events": [ { "fixed": "1.14.6" }, { "introduced": "0" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "1.15" }, { "fixed": "1.15.2" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "krb5-115" }, "ranges": [ { "events": [ { "fixed": "1.15.2" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "krb5-114" }, "ranges": [ { "events": [ { "fixed": "1.14.6" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "krb5-113" }, "ranges": [ { "events": [ { "fixed": "1.14.6" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "http://krbdev.mit.edu/rt/Ticket/Display.html?id=8599", "http://krbdev.mit.edu/rt/Ticket/Display.html?id=8598" ], "discovery": "2017-07-14T00:00:00Z", "references": { "cvename": [ "CVE-2017-11368", "CVE-2017-11462" ] }, "vid": "3f3837cc-48fb-4414-aa46-5b1c23c9feae" }, "details": "MIT reports:\n\n> CVE-2017-11368:\n>\n> In MIT krb5 1.7 and later, an authenticated attacker can cause an\n> assertion failure in krb5kdc by sending an invalid S4U2Self or\n> S4U2Proxy request.\n\n> CVE-2017-11462:\n>\n> RFC 2744 permits a GSS-API implementation to delete an existing\n> security context on a second or subsequent call to\n> gss_init_sec_context() or gss_accept_sec_context() if the call results\n> in an error. This API behavior has been found to be dangerous, leading\n> to the possibility of memory errors in some callers. For safety,\n> GSS-API implementations should instead preserve existing security\n> contexts on error until the caller deletes them.\n>\n> All versions of MIT krb5 prior to this change may delete acceptor\n> contexts on error. Versions 1.13.4 through 1.13.7, 1.14.1 through\n> 1.14.5, and 1.15 through 1.15.1 may also delete initiator contexts on\n> error.\n", "id": "FreeBSD-2017-0254", "modified": "2017-10-18T00:00:00Z", "published": "2017-10-18T00:00:00Z", "references": [ { "type": "REPORT", "url": "http://krbdev.mit.edu/rt/Ticket/Display.html?id=8599" }, { "type": "REPORT", "url": "http://krbdev.mit.edu/rt/Ticket/Display.html?id=8598" }, { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-11368" }, { "type": "WEB", "url": "https://krbdev.mit.edu/rt/Ticket/Display.html?id=8599" }, { "type": "WEB", "url": "https://github.com/krb5/krb5/commit/ffb35baac6981f9e8914f8f3bffd37f284b85970" }, { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-11462" }, { "type": "WEB", "url": "https://krbdev.mit.edu/rt/Ticket/Display.html?id=8598" }, { "type": "WEB", "url": "https://github.com/krb5/krb5/commit/56f7b1bc95a2a3eeb420e069e7655fb181ade5cf" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-11368" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-11462" } ], "schema_version": "1.7.0", "summary": "krb5 -- Multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "mariadb55-server" }, "ranges": [ { "events": [ { "fixed": "5.5.58" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "mariadb100-server" }, "ranges": [ { "events": [ { "fixed": "10.0.33" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "mariadb101-server" }, "ranges": [ { "events": [ { "fixed": "10.1.29" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "mariadb102-server" }, "ranges": [ { "events": [ { "fixed": "10.2.10" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "mysql55-server" }, "ranges": [ { "events": [ { "fixed": "5.5.58" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "mysql56-server" }, "ranges": [ { "events": [ { "fixed": "5.6.38" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "mysql57-server" }, "ranges": [ { "events": [ { "fixed": "5.7.20" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "percona55-server" }, "ranges": [ { "events": [ { "fixed": "5.5.58" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "percona56-server" }, "ranges": [ { "events": [ { "fixed": "5.6.38" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "percona57-server" }, "ranges": [ { "events": [ { "fixed": "5.7.20" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html#AppendixMSQL" ], "discovery": "2017-10-18T00:00:00Z", "references": { "cvename": [ "CVE-2017-10155", "CVE-2017-10379", "CVE-2017-10384", "CVE-2017-10276", "CVE-2017-10167", "CVE-2017-10378", "CVE-2017-10277", "CVE-2017-10203", "CVE-2017-10283", "CVE-2017-10313", "CVE-2017-10296", "CVE-2017-10311", "CVE-2017-10320", "CVE-2017-10314", "CVE-2017-10227", "CVE-2017-10279", "CVE-2017-10294", "CVE-2017-10165", "CVE-2017-10284", "CVE-2017-10286", "CVE-2017-10268", "CVE-2017-10365" ] }, "vid": "c41bedfd-b3f9-11e7-ac58-b499baebfeaf" }, "details": "Oracle reports:\n\n> Please reference CVE/URL list for details\n", "id": "FreeBSD-2017-0253", "modified": "2017-12-23T00:00:00Z", "published": "2017-10-18T00:00:00Z", "references": [ { "type": "REPORT", "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html#AppendixMSQL" }, { "type": "WEB", "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html#AppendixMSQL" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-10155" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-10379" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-10384" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-10276" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-10167" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-10378" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-10277" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-10203" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-10283" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-10313" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-10296" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-10311" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-10320" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-10314" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-10227" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-10279" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-10294" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-10165" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-10284" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-10286" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-10268" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-10365" } ], "schema_version": "1.7.0", "summary": "MySQL -- multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "xorg-server" }, "ranges": [ { "events": [ { "last_affected": "1.18.4_6,1" }, { "fixed": "1.18.4_6,1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "1.19.0,1" }, { "last_affected": "1.19.3,1" }, { "fixed": "1.19.3,1" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "http://www.securityfocus.com/bid/99546" ], "discovery": "2017-07-06T00:00:00Z", "references": { "cvename": [ "CVE-2017-10971", "CVE-2017-10972" ] }, "vid": "ab881a74-c016-4e6d-9f7d-68c8e7cedafb" }, "details": "xorg-server developers reports:\n\n> In the X.Org X server before 2017-06-19, a user authenticated to an X\n> Session could crash or execute code in the context of the X Server by\n> exploiting a stack overflow in the endianness conversion of X Events.\n>\n> Uninitialized data in endianness conversion in the XEvent handling of\n> the X.Org X Server before 2017-06-19 allowed authenticated malicious\n> users to access potentially privileged data from the X server.\n", "id": "FreeBSD-2017-0252", "modified": "2018-05-20T00:00:00Z", "published": "2017-10-17T00:00:00Z", "references": [ { "type": "REPORT", "url": "http://www.securityfocus.com/bid/99546" }, { "type": "WEB", "url": "http://www.securityfocus.com/bid/99546" }, { "type": "REPORT", "url": "https://bugzilla.suse.com/show_bug.cgi?id=1035283" }, { "type": "WEB", "url": "https://cgit.freedesktop.org/xorg/xserver/commit/?id=215f894965df5fb0bb45b107d84524e700d2073c" }, { "type": "WEB", "url": "https://cgit.freedesktop.org/xorg/xserver/commit/?id=8caed4df36b1f802b4992edcfd282cbeeec35d9d" }, { "type": "WEB", "url": "https://cgit.freedesktop.org/xorg/xserver/commit/?id=ba336b24052122b136486961c82deac76bbde455" }, { "type": "WEB", "url": "http://www.securityfocus.com/bid/99543" }, { "type": "REPORT", "url": "https://bugzilla.suse.com/show_bug.cgi?id=1035283" }, { "type": "WEB", "url": "https://cgit.freedesktop.org/xorg/xserver/commit/?id=05442de962d3dc624f79fc1a00eca3ffc5489ced" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-10971" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-10972" } ], "schema_version": "1.7.0", "summary": "xorg-server -- Multiple Issues" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "linux-flashplayer" }, "ranges": [ { "events": [ { "fixed": "27.0.0.170" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://helpx.adobe.com/security/products/flash-player/apsb17-32.html" ], "discovery": "2017-10-16T00:00:00Z", "references": { "cvename": [ "CVE-2017-11292" ] }, "vid": "a73518da-b2fa-11e7-98ef-d43d7ef03aa6" }, "details": "Adobe reports:\n\n> - This update resolves a type confusion vulnerability that could lead\n> to remote code execution (CVE-2017-11292).\n", "id": "FreeBSD-2017-0251", "modified": "2017-10-17T00:00:00Z", "published": "2017-10-17T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://helpx.adobe.com/security/products/flash-player/apsb17-32.html" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-11292" }, { "type": "WEB", "url": "https://helpx.adobe.com/security/products/flash-player/apsb17-32.html" } ], "schema_version": "1.7.0", "summary": "Flash Player -- Remote code execution" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "wpa_supplicant" }, "ranges": [ { "events": [ { "last_affected": "2.6_1" }, { "fixed": "2.6_1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "hostapd" }, "ranges": [ { "events": [ { "last_affected": "2.6" }, { "fixed": "2.6" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "http://w1.fi/security/2017-1/wpa-packet-number-reuse-with-replayed-messages.txt" ], "discovery": "2017-10-16T00:00:00Z", "references": { "cvename": [ "CVE-2017-13077", "CVE-2017-13078", "CVE-2017-13079", "CVE-2017-13080", "CVE-2017-13081", "CVE-2017-13082", "CVE-2017-13084", "CVE-2017-13086", "CVE-2017-13087", "CVE-2017-13088" ] }, "vid": "d670a953-b2a1-11e7-a633-009c02a2ab30" }, "details": "wpa_supplicant developers report:\n\n> A vulnerability was found in how a number of implementations can be\n> triggered to reconfigure WPA/WPA2/RSN keys (TK, GTK, or IGTK) by\n> replaying a specific frame that is used to manage the keys.\n", "id": "FreeBSD-2017-0250", "modified": "2017-10-16T00:00:00Z", "published": "2017-10-16T00:00:00Z", "references": [ { "type": "REPORT", "url": "http://w1.fi/security/2017-1/wpa-packet-number-reuse-with-replayed-messages.txt" }, { "type": "WEB", "url": "http://w1.fi/security/2017-1/wpa-packet-number-reuse-with-replayed-messages.txt" }, { "type": "WEB", "url": "https://www.kb.cert.org/vuls/id/228519" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-13077" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-13078" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-13079" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-13080" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-13081" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-13082" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-13084" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-13086" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-13087" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-13088" } ], "schema_version": "1.7.0", "summary": "WPA packet number reuse with replayed messages and key reinstallation" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "mercurial" }, "ranges": [ { "events": [ { "fixed": "4.3" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "http://www.securityfocus.com/bid/100290" ], "discovery": "2017-10-05T00:00:00Z", "references": { "cvename": [ "CVE-2017-1000115", "CVE-2017-1000116" ] }, "vid": "b0628e53-092a-4037-938b-29805a7cd31b" }, "details": "mercurial developers reports:\n\n> Mercurial prior to version 4.3 is vulnerable to a missing symlink\n> check that can malicious repositories to modify files outside the\n> repository\n>\n> Mercurial prior to 4.3 did not adequately sanitize hostnames passed to\n> ssh, leading to possible shell-injection attacks.\n", "id": "FreeBSD-2017-0249", "modified": "2017-10-16T00:00:00Z", "published": "2017-10-16T00:00:00Z", "references": [ { "type": "REPORT", "url": "http://www.securityfocus.com/bid/100290" }, { "type": "WEB", "url": "http://www.securityfocus.com/bid/100290" }, { "type": "WEB", "url": "https://security.gentoo.org/glsa/201709-18" }, { "type": "WEB", "url": "https://www.mercurial-scm.org/wiki/WhatsNew#Mercurial_4.3_.2F_4.3.1_.282017-08-10.29" }, { "type": "WEB", "url": "http://www.securityfocus.com/bid/100290" }, { "type": "WEB", "url": "https://security.gentoo.org/glsa/201709-18" }, { "type": "WEB", "url": "https://www.mercurial-scm.org/wiki/WhatsNew#Mercurial_4.3_.2F_4.3.1_.282017-08-10.29" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-1000115" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-1000116" } ], "schema_version": "1.7.0", "summary": "mercurial -- multiple issues" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "freexl" }, "ranges": [ { "events": [ { "fixed": "1.0.4" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "http://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0430", "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0431" ], "discovery": "2017-09-11T00:00:00Z", "references": { "cvename": [ "CVE-2017-2923", "CVE-2017-2924" ] }, "vid": "555cd806-b031-11e7-a369-14dae9d59f67" }, "details": "Cisco TALOS reports:\n\n> An exploitable heap based buffer overflow vulnerability exists in the\n> read_biff_next_record function of FreeXL 1.0.3. A specially crafted\n> XLS file can cause a memory corruption resulting in remote code\n> execution. An attacker can send malicious XLS file to trigger this\n> vulnerability.\n\n> An exploitable heap-based buffer overflow vulnerability exists in the\n> read_legacy_biff function of FreeXL 1.0.3. A specially crafted XLS\n> file can cause a memory corruption resulting in remote code execution.\n> An attacker can send malicious XLS file to trigger this vulnerability.\n", "id": "FreeBSD-2017-0248", "modified": "2017-10-13T00:00:00Z", "published": "2017-10-13T00:00:00Z", "references": [ { "type": "REPORT", "url": "http://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0430" }, { "type": "REPORT", "url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0431" }, { "type": "WEB", "url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0430" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-2923" }, { "type": "WEB", "url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0431" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-2924" } ], "schema_version": "1.7.0", "summary": "Multiple exploitable heap-based buffer overflow vulnerabilities exists in FreeXL 1.0.3" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "ffmpeg" }, "ranges": [ { "events": [ { "fixed": "3.3.4" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "mythtv" }, "ranges": [ { "events": [ { "fixed": "29.1,1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "mythtv-frontend" }, "ranges": [ { "events": [ { "fixed": "29.1,1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://www.ffmpeg.org/security.html" ], "discovery": "2017-09-11T00:00:00Z", "references": { "cvename": [ "CVE-2017-14054", "CVE-2017-14055", "CVE-2017-14056", "CVE-2017-14057", "CVE-2017-14058", "CVE-2017-14059", "CVE-2017-14169", "CVE-2017-14170", "CVE-2017-14171", "CVE-2017-14222", "CVE-2017-14223", "CVE-2017-14225", "CVE-2017-14767" ] }, "vid": "ed73829d-af6d-11e7-a633-009c02a2ab30" }, "details": "FFmpeg security reports:\n\n> Multiple vulnerabilities have been fixed in FFmpeg 3.3.4. Please refer\n> to the CVE list for details.\n", "id": "FreeBSD-2017-0247", "modified": "2018-03-25T00:00:00Z", "published": "2017-10-12T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://www.ffmpeg.org/security.html" }, { "type": "WEB", "url": "https://www.ffmpeg.org/security.html" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-14054" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-14055" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-14056" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-14057" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-14058" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-14059" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-14169" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-14170" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-14171" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-14222" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-14223" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-14225" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-14767" } ], "schema_version": "1.7.0", "summary": "FFmpeg -- multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "xephyr" }, "ranges": [ { "events": [ { "fixed": "1.18.4_5,1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "xorg-dmx" }, "ranges": [ { "events": [ { "fixed": "1.18.4_5,1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "xorg-nestserver" }, "ranges": [ { "events": [ { "fixed": "1.19.1_2,2" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "xorg-server" }, "ranges": [ { "events": [ { "fixed": "1.18.4_5,1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "xorg-vfbserver" }, "ranges": [ { "events": [ { "fixed": "1.19.1_2,1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "xwayland" }, "ranges": [ { "events": [ { "fixed": "1.19.1_2" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://lists.x.org/archives/xorg-announce/2017-October/002814.html" ], "discovery": "2017-10-12T00:00:00Z", "references": { "cvename": [ "CVE-2017-12176", "CVE-2017-12177", "CVE-2017-12178", "CVE-2017-12179", "CVE-2017-12180", "CVE-2017-12181", "CVE-2017-12182", "CVE-2017-12183", "CVE-2017-12184", "CVE-2017-12185", "CVE-2017-12186", "CVE-2017-12187" ] }, "vid": "7274e0cc-575f-41bc-8619-14a41b3c2ad0" }, "details": "Adam Jackson reports:\n\n> One regression fix since 1.19.4 (mea culpa), and fixes for CVEs\n> 2017-12176 through 2017-12187.\n", "id": "FreeBSD-2017-0246", "modified": "2017-10-13T00:00:00Z", "published": "2017-10-13T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://lists.x.org/archives/xorg-announce/2017-October/002814.html" }, { "type": "WEB", "url": "https://lists.x.org/archives/xorg-announce/2017-October/002814.html" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-12176" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-12177" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-12178" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-12179" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-12180" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-12181" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-12182" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-12183" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-12184" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-12185" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-12186" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-12187" } ], "schema_version": "1.7.0", "summary": "xorg-server -- multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "apache-solr" }, "ranges": [ { "events": [ { "introduced": "5.1" }, { "last_affected": "6.6.1" }, { "fixed": "6.6.1" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "7.0.0" }, { "fixed": "7.1" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "http://lucene.472066.n3.nabble.com/Re-Several-critical-vulnerabilities-discovered-in-Apache-Solr-XXE-amp-RCE-td4358308.html" ], "discovery": "2017-10-13T00:00:00Z", "references": { "cvename": [ "CVE-2017-12629" ] }, "vid": "e837390d-0ceb-46b8-9b32-29c1195f5dc7" }, "details": "Solr developers report:\n\n> Lucene XML parser does not explicitly prohibit doctype declaration and\n> expansion of external entities which leads to arbitrary HTTP requests\n> to the local SOLR instance and to bypass all firewall restrictions.\n>\n> Solr \\\"RunExecutableListener\\\" class can be used to execute arbitrary\n> commands on specific events, for example after each update query. The\n> problem is that such listener can be enabled with any parameters just\n> by using Config API with add-listener command.\n", "id": "FreeBSD-2017-0245", "modified": "2017-10-16T00:00:00Z", "published": "2017-10-13T00:00:00Z", "references": [ { "type": "REPORT", "url": "http://lucene.472066.n3.nabble.com/Re-Several-critical-vulnerabilities-discovered-in-Apache-Solr-XXE-amp-RCE-td4358308.html" }, { "type": "WEB", "url": "http://lucene.472066.n3.nabble.com/Re-Several-critical-vulnerabilities-discovered-in-Apache-Solr-XXE-amp-RCE-td4358308.html" }, { "type": "WEB", "url": "https://marc.info/?l=apache-announce&m=150786685013286" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-12629" } ], "schema_version": "1.7.0", "summary": "solr -- Code execution via entity expansion" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "jenkins" }, "ranges": [ { "events": [ { "last_affected": "2.83" }, { "fixed": "2.83" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "jenkins-lts" }, "ranges": [ { "events": [ { "last_affected": "2.73.1" }, { "fixed": "2.73.1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://jenkins.io/security/advisory/2017-10-11/" ], "discovery": "2017-10-11T00:00:00Z", "vid": "6dc3c61c-e866-4c27-93f7-ae50908594fd" }, "details": "jenkins developers report:\n\n> A total of 11 issues are reported, please see reference URL for\n> details.\n", "id": "FreeBSD-2017-0244", "modified": "2017-10-13T00:00:00Z", "published": "2017-10-13T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://jenkins.io/security/advisory/2017-10-11/" }, { "type": "WEB", "url": "https://jenkins.io/security/advisory/2017-10-11/" } ], "schema_version": "1.7.0", "summary": "jenkins -- multiple issues" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "xen-kernel" }, "ranges": [ { "events": [ { "fixed": "4.7.2_6" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "discovery": "2017-10-12T00:00:00Z", "vid": "da70d472-af59-11e7-ace2-f8b156b439c5" }, "details": "The Xen project reports multiple vulnerabilities.\n", "id": "FreeBSD-2017-0243", "modified": "2017-10-12T00:00:00Z", "published": "2017-10-12T00:00:00Z", "references": [ { "type": "WEB", "url": "http://xenbits.xen.org/xsa/advisory-237.html" }, { "type": "WEB", "url": "http://xenbits.xen.org/xsa/advisory-238.html" }, { "type": "WEB", "url": "http://xenbits.xen.org/xsa/advisory-239.html" }, { "type": "WEB", "url": "http://xenbits.xen.org/xsa/advisory-240.html" }, { "type": "WEB", "url": "http://xenbits.xen.org/xsa/advisory-241.html" }, { "type": "WEB", "url": "http://xenbits.xen.org/xsa/advisory-242.html" }, { "type": "WEB", "url": "http://xenbits.xen.org/xsa/advisory-243.html" }, { "type": "WEB", "url": "http://xenbits.xen.org/xsa/advisory-244.html" } ], "schema_version": "1.7.0", "summary": "xen-kernel -- multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "nss" }, "ranges": [ { "events": [ { "introduced": "3.32" }, { "fixed": "3.32.1" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "3.28" }, { "fixed": "3.28.6" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "linux-c6-nss" }, "ranges": [ { "events": [ { "introduced": "3.28" }, { "fixed": "3.28.4_2" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "linux-c7-nss" }, "ranges": [ { "events": [ { "introduced": "3.28" }, { "fixed": "3.28.4_2" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://www.mozilla.org/en-US/security/advisories/mfsa2017-21/#CVE-2017-7805" ], "discovery": "2017-08-04T00:00:00Z", "references": { "cvename": [ "CVE-2017-7805" ] }, "vid": "e71fd9d3-af47-11e7-a633-009c02a2ab30" }, "details": "Mozilla reports:\n\n> During TLS 1.2 exchanges, handshake hashes are generated which point\n> to a message buffer. This saved data is used for later messages but in\n> some cases, the handshake transcript can exceed the space available in\n> the current buffer, causing the allocation of a new buffer. This\n> leaves a pointer pointing to the old, freed buffer, resulting in a\n> use-after-free when handshake hashes are then calculated afterwards.\n> This can result in a potentially exploitable crash.\n", "id": "FreeBSD-2017-0242", "modified": "2018-01-29T00:00:00Z", "published": "2017-10-12T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-21/#CVE-2017-7805" }, { "type": "WEB", "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-21/#CVE-2017-7805" }, { "type": "WEB", "url": "https://hg.mozilla.org/projects/nss/rev/2d7b65b72290" }, { "type": "WEB", "url": "https://hg.mozilla.org/projects/nss/rev/d3865e2957d0" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-7805" } ], "schema_version": "1.7.0", "summary": "nss -- Use-after-free in TLS 1.2 generating handshake hashes" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "libosip2" }, "ranges": [ { "events": [ { "last_affected": "5.0.0" }, { "fixed": "5.0.0" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "http://www.securityfocus.com/bid/97644" ], "discovery": "2017-04-13T00:00:00Z", "references": { "cvename": [ "CVE-2017-7853" ] }, "vid": "15a62f22-098a-443b-94e2-2d26c375b993" }, "details": "osip developers reports:\n\n> In libosip2 in GNU oSIP 4.1.0 and 5.0.0, a malformed SIP message can\n> lead to a heap buffer overflow in the msg_osip_body_parse() function\n> defined in osipparser2/osip_message_parse.c, resulting in a remote\n> DoS.\n", "id": "FreeBSD-2017-0241", "modified": "2017-10-11T00:00:00Z", "published": "2017-10-11T00:00:00Z", "references": [ { "type": "REPORT", "url": "http://www.securityfocus.com/bid/97644" }, { "type": "WEB", "url": "http://www.securityfocus.com/bid/97644" }, { "type": "WEB", "url": "https://savannah.gnu.org/support/index.php?109265" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-7853" } ], "schema_version": "1.7.0", "summary": "osip -- Improper Restriction of Operations within the Bounds of a Memory Buffer" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "ncurses" }, "ranges": [ { "events": [ { "last_affected": "6.0" }, { "fixed": "6.0" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://bugzilla.redhat.com/show_bug.cgi?id=1484285" ], "discovery": "2017-08-29T00:00:00Z", "references": { "cvename": [ "CVE-2017-13728", "CVE-2017-13729", "CVE-2017-13730", "CVE-2017-13731", "CVE-2017-13732", "CVE-2017-13733", "CVE-2017-13734" ] }, "vid": "b84dbd94-e894-4c91-b8cd-d328537b1b2b" }, "details": "ncurses developers reports:\n\n> There are multiple illegal address access issues and an infinite loop\n> issue. Please refer to the CVE list for details.\n", "id": "FreeBSD-2017-0240", "modified": "2017-10-11T00:00:00Z", "published": "2017-10-11T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1484285" }, { "type": "REPORT", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1484274" }, { "type": "REPORT", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1484276" }, { "type": "REPORT", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1484284" }, { "type": "REPORT", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1484285" }, { "type": "REPORT", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1484287" }, { "type": "REPORT", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1484290" }, { "type": "REPORT", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1484291" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-13728" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-13729" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-13730" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-13731" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-13732" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-13733" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-13734" } ], "schema_version": "1.7.0", "summary": "ncurses -- multiple issues" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "python27" }, "ranges": [ { "events": [ { "fixed": "2.7.14" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://raw.githubusercontent.com/python/cpython/84471935ed2f62b8c5758fd544c7d37076fe0fa5/Misc/NEWS" ], "discovery": "2017-08-26T00:00:00Z", "references": { "cvename": [ "CVE-2012-0876", "CVE-2016-0718", "CVE-2016-4472", "CVE-2016-5300", "CVE-2016-9063", "CVE-2017-9233" ] }, "vid": "9164f51e-ae20-11e7-a633-009c02a2ab30" }, "details": "Python reports:\n\n> Multiple vulnerabilities have been fixed in Python 2.7.14. Please\n> refer to the CVE list for details.\n", "id": "FreeBSD-2017-0239", "modified": "2017-10-11T00:00:00Z", "published": "2017-10-11T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://raw.githubusercontent.com/python/cpython/84471935ed2f62b8c5758fd544c7d37076fe0fa5/Misc/NEWS" }, { "type": "WEB", "url": "https://raw.githubusercontent.com/python/cpython/84471935ed2f62b8c5758fd544c7d37076fe0fa5/Misc/NEWS" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2012-0876" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2016-0718" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2016-4472" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2016-5300" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2016-9063" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-9233" } ], "schema_version": "1.7.0", "summary": "Python 2.7 -- multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "node" }, "ranges": [ { "events": [ { "introduced": "8.5.0" }, { "fixed": "8.6.0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "http://www.securityfocus.com/bid/101056" ], "discovery": "2017-09-27T00:00:00Z", "references": { "cvename": [ "CVE-2017-14849" ] }, "vid": "1257718e-be97-458a-9744-d938b592db42" }, "details": "node developers report:\n\n> Node.js 8.5.0 before 8.6.0 allows remote attackers to access\n> unintended files, because a change to \\\"..\\\" handling was incompatible\n> with the pathname validation used by unspecified community modules.\n", "id": "FreeBSD-2017-0238", "modified": "2017-10-10T00:00:00Z", "published": "2017-10-10T00:00:00Z", "references": [ { "type": "REPORT", "url": "http://www.securityfocus.com/bid/101056" }, { "type": "WEB", "url": "http://www.securityfocus.com/bid/101056" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-14849" } ], "schema_version": "1.7.0", "summary": "node -- access to unintended files" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "zookeeper" }, "ranges": [ { "events": [ { "fixed": "3.4.10" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://lists.apache.org/thread.html/58170aeb7a681d462b7fa31cae81110cbb749d2dc83c5736a0bb8370@%3Cdev.zookeeper.apache.org%3E" ], "discovery": "2017-10-09T00:00:00Z", "references": { "cvename": [ "CVE-2017-5637" ] }, "vid": "af61b271-9e47-4db0-a0f6-29fb032236a3" }, "details": "zookeeper developers report:\n\n> Two four letter word commands \\\"wchp/wchc\\\" are CPU intensive and\n> could cause spike of CPU utilization on Apache ZooKeeper server if\n> abused, which leads to the server unable to serve legitimate client\n> requests. Apache ZooKeeper thru version 3.4.9 and 3.5.2 suffer from\n> this issue, fixed in 3.4.10, 3.5.3, and later.\n", "id": "FreeBSD-2017-0237", "modified": "2017-10-10T00:00:00Z", "published": "2017-10-10T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://lists.apache.org/thread.html/58170aeb7a681d462b7fa31cae81110cbb749d2dc83c5736a0bb8370@%3Cdev.zookeeper.apache.org%3E" }, { "type": "WEB", "url": "https://lists.apache.org/thread.html/58170aeb7a681d462b7fa31cae81110cbb749d2dc83c5736a0bb8370@%3Cdev.zookeeper.apache.org%3E" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-5637" } ], "schema_version": "1.7.0", "summary": "zookeeper -- Denial Of Service" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "libtiff" }, "ranges": [ { "events": [ { "last_affected": "4.0.8" }, { "fixed": "4.0.8" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "http://www.securityfocus.com/bid/100524" ], "discovery": "2017-08-29T00:00:00Z", "references": { "cvename": [ "CVE-2017-13726", "CVE-2017-13727" ] }, "vid": "9b5a905f-e556-452f-a00c-8f070a086181" }, "details": "libtiff developers report:\n\n> There is a reachable assertion abort in the function\n> TIFFWriteDirectoryTagSubifd() in LibTIFF 4.0.8, related to\n> tif_dirwrite.c and a SubIFD tag. A crafted input will lead to a remote\n> denial of service attack.\n>\n> There is a reachable assertion abort in the function\n> TIFFWriteDirectorySec() in LibTIFF 4.0.8, related to tif_dirwrite.c\n> and a SubIFD tag. A crafted input will lead to a remote denial of\n> service attack.\n", "id": "FreeBSD-2017-0236", "modified": "2017-10-10T00:00:00Z", "published": "2017-10-10T00:00:00Z", "references": [ { "type": "REPORT", "url": "http://www.securityfocus.com/bid/100524" }, { "type": "WEB", "url": "http://bugzilla.maptools.org/show_bug.cgi?id=2727" }, { "type": "WEB", "url": "http://bugzilla.maptools.org/show_bug.cgi?id=2728" }, { "type": "WEB", "url": "http://www.securityfocus.com/bid/100524" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-13726" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-13727" } ], "schema_version": "1.7.0", "summary": "libtiff -- Improper Input Validation" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "ruby22-gems" }, "ranges": [ { "events": [ { "fixed": "2.6.14" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "ruby23-gems" }, "ranges": [ { "events": [ { "fixed": "2.6.14" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "ruby24-gems" }, "ranges": [ { "events": [ { "fixed": "2.6.14" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "http://www.openwall.com/lists/oss-security/2017/10/10/2" ], "discovery": "2017-10-09T00:00:00Z", "references": { "cvename": [ "CVE-2017-0903" ] }, "vid": "2c8bd00d-ada2-11e7-82af-8dbff7d75206" }, "details": "oss-security mailing list:\n\n> There is a possible unsafe object desrialization vulnerability in\n> RubyGems. It is possible for YAML deserialization of gem\n> specifications to bypass class white lists. Specially crafted\n> serialized objects can possibly be used to escalate to remote code\n> execution.\n", "id": "FreeBSD-2017-0235", "modified": "2017-10-10T00:00:00Z", "published": "2017-10-10T00:00:00Z", "references": [ { "type": "REPORT", "url": "http://www.openwall.com/lists/oss-security/2017/10/10/2" }, { "type": "WEB", "url": "http://www.openwall.com/lists/oss-security/2017/10/10/2" }, { "type": "WEB", "url": "http://blog.rubygems.org/2017/10/09/2.6.14-released.html" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-0903" } ], "schema_version": "1.7.0", "summary": "rubygems -- deserialization vulnerability" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "xephyr" }, "ranges": [ { "events": [ { "fixed": "1.18.4_4,1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "xorg-dmx" }, "ranges": [ { "events": [ { "fixed": "1.18.4_4,1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "xorg-nestserver" }, "ranges": [ { "events": [ { "fixed": "1.19.1_1,2" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "xorg-server" }, "ranges": [ { "events": [ { "fixed": "1.18.4_4,1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "xorg-vfbserver" }, "ranges": [ { "events": [ { "fixed": "1.19.1_1,1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "xwayland" }, "ranges": [ { "events": [ { "fixed": "1.19.1_1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://lists.x.org/archives/xorg-announce/2017-October/002809.html" ], "discovery": "2017-10-04T00:00:00Z", "references": { "cvename": [ "CVE-2017-13721", "CVE-2017-13723" ] }, "vid": "4f8ffb9c-f388-4fbd-b90f-b3131559d888" }, "details": "Alan Coopersmith reports:\n\n> X.Org thanks Michal Srb of SuSE for finding these issues and bringing\n> them to our attention, Julien Cristau of Debian for getting the fixes\n> integrated, and Adam Jackson of Red Hat for publishing the release.\n", "id": "FreeBSD-2017-0234", "modified": "2017-10-09T00:00:00Z", "published": "2017-10-09T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://lists.x.org/archives/xorg-announce/2017-October/002809.html" }, { "type": "WEB", "url": "https://lists.x.org/archives/xorg-announce/2017-October/002809.html" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-13721" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-13723" } ], "schema_version": "1.7.0", "summary": "xorg-server -- multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "tomcat" }, "ranges": [ { "events": [ { "introduced": "7.0.0" }, { "last_affected": "7.0.81" }, { "fixed": "7.0.81" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "8.0.0" }, { "last_affected": "8.0.46" }, { "fixed": "8.0.46" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "8.5.0" }, { "last_affected": "8.5.22" }, { "fixed": "8.5.22" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "9.0.0" }, { "fixed": "9.0.1" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "http://www.securityfocus.com/bid/100954" ], "discovery": "2017-10-04T00:00:00Z", "references": { "cvename": [ "CVE-2017-12617" ] }, "vid": "c0dae634-4820-4505-850d-b1c975d0f67d" }, "details": "tomcat developers reports:\n\n> When running Apache Tomcat versions 9.0.0.M1 to 9.0.0, 8.5.0 to\n> 8.5.22, 8.0.0.RC1 to 8.0.46 and 7.0.0 to 7.0.81 with HTTP PUTs enabled\n> (e.g. via setting the readonly initialisation parameter of the Default\n> servlet to false) it was possible to upload a JSP file to the server\n> via a specially crafted request. This JSP could then be requested and\n> any code it contained would be executed by the server.\n", "id": "FreeBSD-2017-0233", "modified": "2017-10-06T00:00:00Z", "published": "2017-10-06T00:00:00Z", "references": [ { "type": "REPORT", "url": "http://www.securityfocus.com/bid/100954" }, { "type": "WEB", "url": "http://www.securityfocus.com/bid/100954" }, { "type": "WEB", "url": "https://lists.apache.org/thread.html/3fd341a604c4e9eab39e7eaabbbac39c30101a022acc11dd09d7ebcb@%3Cannounce.tomcat.apache.org%3E" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-12617" } ], "schema_version": "1.7.0", "summary": "tomcat -- Remote Code Execution" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "curl" }, "ranges": [ { "events": [ { "fixed": "7.56.0" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://curl.haxx.se/docs/adv_20171004.html" ], "discovery": "2017-10-04T00:00:00Z", "references": { "cvename": [ "CVE-2017-1000254" ] }, "vid": "ccace707-a8d8-11e7-ac58-b499baebfeaf" }, "details": "The cURL project reports:\n\n> FTP PWD response parser out of bounds read\n>\n> libcurl may read outside of a heap allocated buffer when doing FTP.\n>\n> When libcurl connects to an FTP server and successfully logs in\n> (anonymous or not), it asks the server for the current directory with\n> the PWD command. The server then responds with a 257 response\n> containing the path, inside double quotes. The returned path name is\n> then kept by libcurl for subsequent uses.\n>\n> Due to a flaw in the string parser for this directory name, a\n> directory name passed like this but without a closing double quote\n> would lead to libcurl not adding a trailing NUL byte to the buffer\n> holding the name. When libcurl would then later access the string, it\n> could read beyond the allocated heap buffer and crash or wrongly\n> access data beyond the buffer, thinking it was part of the path.\n>\n> A malicious server could abuse this fact and effectively prevent\n> libcurl-based clients to work with it - the PWD command is always\n> issued on new FTP connections and the mistake has a high chance of\n> causing a segfault.\n", "id": "FreeBSD-2017-0232", "modified": "2017-10-04T00:00:00Z", "published": "2017-10-04T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://curl.haxx.se/docs/adv_20171004.html" }, { "type": "WEB", "url": "https://curl.haxx.se/docs/adv_20171004.html" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-1000254" } ], "schema_version": "1.7.0", "summary": "cURL -- out of bounds read" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "FreeBSD" }, "ranges": [ { "events": [ { "introduced": "11.1" }, { "fixed": "11.1_1" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "11.0" }, { "fixed": "11.0_12" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "10.3" }, { "fixed": "10.3_21" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "discovery": "2017-08-10T00:00:00Z", "references": { "cvename": [ "CVE-2016-6515" ], "freebsdsa": [ "SA-17:06.openssh" ] }, "vid": "6ed5c5e3-a840-11e7-b5af-a4badb2f4699" }, "details": "# Problem Description:\n\nThere is no limit on the password length.\n\n# Impact:\n\nA remote attacker may be able to cause an affected SSH server to use\nexcessive amount of CPU by sending very long passwords, when\nPasswordAuthentication is enabled by the system administrator.\n", "id": "FreeBSD-2017-0231", "modified": "2017-10-03T00:00:00Z", "published": "2017-10-03T00:00:00Z", "references": [ { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2016-6515" }, { "type": "ADVISORY", "url": "https://www.freebsd.org/security/advisories/FreeBSD-SA-17:06.openssh.asc" } ], "schema_version": "1.7.0", "summary": "FreeBSD -- OpenSSH Denial of Service vulnerability" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "FreeBSD" }, "ranges": [ { "events": [ { "introduced": "11.0" }, { "fixed": "11.0_11" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "10.3" }, { "fixed": "10.3_20" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "discovery": "2017-07-12T00:00:00Z", "references": { "cvename": [ "CVE-2017-1110" ], "freebsdsa": [ "SA-17:05.heimdal" ] }, "vid": "420243e9-a840-11e7-b5af-a4badb2f4699" }, "details": "# Problem Description:\n\nThere is a programming error in the Heimdal implementation that used an\nunauthenticated, plain-text version of the KDC-REP service name found in\na ticket.\n\n# Impact:\n\nAn attacker who has control of the network between a client and the\nservice it talks to will be able to impersonate the service, allowing a\nsuccessful man-in-the-middle (MITM) attack that circumvents the mutual\nauthentication.\n", "id": "FreeBSD-2017-0230", "modified": "2017-10-03T00:00:00Z", "published": "2017-10-03T00:00:00Z", "references": [ { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-1110" }, { "type": "ADVISORY", "url": "https://www.freebsd.org/security/advisories/FreeBSD-SA-17:05.heimdal.asc" } ], "schema_version": "1.7.0", "summary": "FreeBSD -- heimdal KDC-REP service name validation vulnerability" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "dnsmasq" }, "ranges": [ { "events": [ { "fixed": "2.78,1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "dnsmasq-devel" }, "ranges": [ { "events": [ { "fixed": "2.78" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://security.googleblog.com/2017/10/behind-masq-yet-more-dns-and-dhcp.html" ], "discovery": "2017-10-02T00:00:00Z", "references": { "cvename": [ "CVE-2017-14491", "CVE-2017-14492", "CVE-2017-14493", "CVE-2017-14494", "CVE-2017-14495", "CVE-2017-14496", "CVE-2017-13704" ] }, "vid": "b77b5646-a778-11e7-ac58-b499baebfeaf" }, "details": "Google Project Zero reports:\n\n> - CVE-2017-14491: Heap based overflow (2 bytes). Before 2.76 and this\n> commit overflow was unrestricted.\n> - CVE-2017-14492: Heap based overflow.\n> - CVE-2017-14493: Stack Based overflow.\n> - CVE-2017-14494: Information Leak\n> - CVE-2017-14495: Lack of free()\n> - CVE-2017-14496: Invalid boundary checks. Integer underflow leading\n> to a huge memcpy.\n> - CVE-2017-13704: Crash on large DNS query\n", "id": "FreeBSD-2017-0229", "modified": "2017-10-02T00:00:00Z", "published": "2017-10-02T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://security.googleblog.com/2017/10/behind-masq-yet-more-dns-and-dhcp.html" }, { "type": "WEB", "url": "https://security.googleblog.com/2017/10/behind-masq-yet-more-dns-and-dhcp.html" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-14491" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-14492" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-14493" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-14494" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-14495" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-14496" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-13704" } ], "schema_version": "1.7.0", "summary": "dnsmasq -- multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "phpmyfaq" }, "ranges": [ { "events": [ { "last_affected": "2.9.8" }, { "fixed": "2.9.8" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://www.exploit-db.com/exploits/42761/" ], "discovery": "2017-09-20T00:00:00Z", "references": { "cvename": [ "CVE-2017-14618", "CVE-2017-14619" ] }, "vid": "33888815-631e-4bba-b776-a9b46fe177b5" }, "details": "phpmyfaq developers report:\n\n> Cross-site scripting (XSS) vulnerability in inc/PMF/Faq.php in\n> phpMyFAQ through 2.9.8 allows remote attackers to inject arbitrary web\n> script or HTML via the Questions field in an \\\"Add New FAQ\\\" action.\n>\n> Cross-site scripting (XSS) vulnerability in phpMyFAQ through 2.9.8\n> allows remote attackers to inject arbitrary web script or HTML via the\n> \\\"Title of your FAQ\\\" field in the Configuration Module.\n", "id": "FreeBSD-2017-0228", "modified": "2017-09-29T00:00:00Z", "published": "2017-09-29T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://www.exploit-db.com/exploits/42761/" }, { "type": "WEB", "url": "https://www.exploit-db.com/exploits/42761/" }, { "type": "WEB", "url": "https://github.com/thorsten/phpMyFAQ/commit/30b0025e19bd95ba28f4eff4d259671e7bb6bb86" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-14618" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-14619" } ], "schema_version": "1.7.0", "summary": "phpmyfaq -- multiple issues" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "wordpress" }, "ranges": [ { "events": [ { "fixed": "4.8.2" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "http://www.securityfocus.com/bid/100912" ], "discovery": "2017-09-23T00:00:00Z", "references": { "cvename": [ "CVE-2017-14718", "CVE-2017-14719", "CVE-2017-14720", "CVE-2017-14721", "CVE-2017-14722", "CVE-2017-14724", "CVE-2017-14726" ] }, "vid": "a48d4478-e23f-4085-8ae4-6b3a7b6f016b" }, "details": "wordpress developers report:\n\n> Before version 4.8.2, WordPress was susceptible to a Cross-Site\n> Scripting attack in the link modal via a javascript: or data: URL.\n>\n> Before version 4.8.2, WordPress allowed a Cross-Site scripting attack\n> in the template list view via a crafted template name.\n>\n> Before version 4.8.2, WordPress was vulnerable to a directory\n> traversal attack during unzip operations in the ZipArchive and PclZip\n> components.\n>\n> Before version 4.8.2, WordPress allowed Cross-Site scripting in the\n> plugin editor via a crafted plugin name.\n>\n> Before version 4.8.2, WordPress allowed a Directory Traversal attack\n> in the Customizer component via a crafted theme filename.\n>\n> Before version 4.8.2, WordPress was vulnerable to cross-site scripting\n> in oEmbed discovery.\n>\n> Before version 4.8.2, WordPress was vulnerable to a cross-site\n> scripting attack via shortcodes in the TinyMCE visual editor.\n", "id": "FreeBSD-2017-0227", "modified": "2017-09-29T00:00:00Z", "published": "2017-09-29T00:00:00Z", "references": [ { "type": "REPORT", "url": "http://www.securityfocus.com/bid/100912" }, { "type": "WEB", "url": "http://www.securityfocus.com/bid/100912" }, { "type": "WEB", "url": "https://wordpress.org/news/2017/09/wordpress-4-8-2-security-and-maintenance-release/" }, { "type": "WEB", "url": "https://core.trac.wordpress.org/changeset/41393" }, { "type": "WEB", "url": "https://core.trac.wordpress.org/changeset/41395" }, { "type": "WEB", "url": "https://core.trac.wordpress.org/changeset/41397" }, { "type": "WEB", "url": "https://core.trac.wordpress.org/changeset/41412" }, { "type": "WEB", "url": "https://core.trac.wordpress.org/changeset/41448" }, { "type": "WEB", "url": "https://core.trac.wordpress.org/changeset/41457" }, { "type": "WEB", "url": "https://wpvulndb.com/vulnerabilities/8911" }, { "type": "WEB", "url": "https://wpvulndb.com/vulnerabilities/8912" }, { "type": "WEB", "url": "https://wpvulndb.com/vulnerabilities/8913" }, { "type": "WEB", "url": "https://wpvulndb.com/vulnerabilities/8914" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-14718" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-14719" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-14720" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-14721" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-14722" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-14724" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-14726" } ], "schema_version": "1.7.0", "summary": "wordpress -- multiple issues" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "firefox" }, "ranges": [ { "events": [ { "fixed": "56.0,1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "seamonkey" }, "ranges": [ { "events": [ { "fixed": "2.49.1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "linux-seamonkey" }, "ranges": [ { "events": [ { "fixed": "2.49.1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "firefox-esr" }, "ranges": [ { "events": [ { "fixed": "52.4.0,1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "linux-firefox" }, "ranges": [ { "events": [ { "fixed": "52.4.0,2" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "libxul" }, "ranges": [ { "events": [ { "fixed": "52.4.0" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "thunderbird" }, "ranges": [ { "events": [ { "fixed": "52.4.0" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "linux-thunderbird" }, "ranges": [ { "events": [ { "fixed": "52.4.0" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://www.mozilla.org/en-US/security/advisories/mfsa2017-18/" ], "discovery": "2017-09-28T00:00:00Z", "references": { "cvename": [ "CVE-2017-7793", "CVE-2017-7805", "CVE-2017-7810", "CVE-2017-7811", "CVE-2017-7812", "CVE-2017-7813", "CVE-2017-7814", "CVE-2017-7815", "CVE-2017-7816", "CVE-2017-7817", "CVE-2017-7818", "CVE-2017-7819", "CVE-2017-7820", "CVE-2017-7821", "CVE-2017-7822", "CVE-2017-7823", "CVE-2017-7824", "CVE-2017-7825" ] }, "vid": "1098a15b-b0f6-42b7-b5c7-8a8646e8be07" }, "details": "Mozilla Foundation reports:\n\n> CVE-2017-7793: Use-after-free with Fetch API\n>\n> CVE-2017-7817: Firefox for Android address bar spoofing through\n> fullscreen mode\n>\n> CVE-2017-7818: Use-after-free during ARIA array manipulation\n>\n> CVE-2017-7819: Use-after-free while resizing images in design mode\n>\n> CVE-2017-7824: Buffer overflow when drawing and validating elements\n> with ANGLE\n>\n> CVE-2017-7805: Use-after-free in TLS 1.2 generating handshake hashes\n>\n> CVE-2017-7812: Drag and drop of malicious page content to the tab bar\n> can open locally stored files\n>\n> CVE-2017-7814: Blob and data URLs bypass phishing and malware\n> protection warnings\n>\n> CVE-2017-7813: Integer truncation in the JavaScript parser\n>\n> CVE-2017-7825: OS X fonts render some Tibetan and Arabic unicode\n> characters as spaces\n>\n> CVE-2017-7815: Spoofing attack with modal dialogs on non-e10s\n> installations\n>\n> CVE-2017-7816: WebExtensions can load about: URLs in extension UI\n>\n> CVE-2017-7821: WebExtensions can download and open non-executable\n> files without user interaction\n>\n> CVE-2017-7823: CSP sandbox directive did not create a unique origin\n>\n> CVE-2017-7822: WebCrypto allows AES-GCM with 0-length IV\n>\n> CVE-2017-7820: Xray wrapper bypass with new tab and web console\n>\n> CVE-2017-7811: Memory safety bugs fixed in Firefox 56\n>\n> CVE-2017-7810: Memory safety bugs fixed in Firefox 56 and Firefox ESR\n> 52.4\n", "id": "FreeBSD-2017-0226", "modified": "2017-10-03T00:00:00Z", "published": "2017-09-29T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-18/" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-7793" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-7805" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-7810" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-7811" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-7812" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-7813" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-7814" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-7815" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-7816" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-7817" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-7818" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-7819" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-7820" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-7821" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-7822" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-7823" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-7824" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-7825" }, { "type": "WEB", "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-21/" }, { "type": "WEB", "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-22/" } ], "schema_version": "1.7.0", "summary": "mozilla -- multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "sam2p" }, "ranges": [ { "events": [ { "fixed": "0.49.3,1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://github.com/pts/sam2p/issues/14" ], "discovery": "2017-09-21T00:00:00Z", "references": { "cvename": [ "CVE-2017-14628", "CVE-2017-14629", "CVE-2017-14630", "CVE-2017-14631", "CVE-2017-14636", "CVE-2017-14637" ] }, "vid": "43a1b8f9-3451-4f3c-b4fc-730c0f5876c1" }, "details": "sam2p developers report:\n\n> In sam2p 0.49.3, a heap-based buffer overflow exists in the\n> pcxLoadImage24 function of the file in_pcx.cpp.\n>\n> In sam2p 0.49.3, the in_xpm_reader function in in_xpm.cpp has an\n> integer signedness error, leading to a crash when writing to an\n> out-of-bounds array element.\n>\n> In sam2p 0.49.3, an integer overflow exists in the pcxLoadImage24\n> function of the file in_pcx.cpp, leading to an invalid write\n> operation.\n>\n> In sam2p 0.49.3, the pcxLoadRaster function in in_pcx.cpp has an\n> integer signedness error leading to a heap-based buffer overflow.\n>\n> Because of an integer overflow in sam2p 0.49.3, a loop executes\n> 0xffffffff times, ending with an invalid read of size 1 in the\n> Image::Indexed::sortPal function in image.cpp. However, this also\n> causes memory corruption because of an attempted write to the invalid\n> d\\[0xfffffffe\\] array element.\n>\n> In sam2p 0.49.3, there is an invalid read of size 2 in the parse_rgb\n> function in in_xpm.cpp. However, this can also cause a write to an\n> illegal address.\n", "id": "FreeBSD-2017-0225", "modified": "2017-09-28T00:00:00Z", "published": "2017-09-28T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://github.com/pts/sam2p/issues/14" }, { "type": "WEB", "url": "https://github.com/pts/sam2p/issues/14" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-14628" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-14629" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-14630" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-14631" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-14636" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-14637" } ], "schema_version": "1.7.0", "summary": "sam2p -- multiple issues" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "libraw" }, "ranges": [ { "events": [ { "last_affected": "0.18.4" }, { "fixed": "0.18.4" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://github.com/LibRaw/LibRaw/commit/d13e8f6d1e987b7491182040a188c16a395f1d21" ], "discovery": "2017-09-20T00:00:00Z", "references": { "cvename": [ "CVE-2017-14608" ] }, "vid": "02bee9ae-c5d1-409b-8a79-983a88861509" }, "details": "libraw developers report:\n\n> In LibRaw through 0.18.4, an out of bounds read flaw related to\n> kodak_65000_load_raw has been reported in dcraw/dcraw.c and\n> internal/dcraw_common.cpp. An attacker could possibly exploit this\n> flaw to disclose potentially sensitive memory or cause an application\n> crash.\n", "id": "FreeBSD-2017-0224", "modified": "2017-09-28T00:00:00Z", "published": "2017-09-28T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://github.com/LibRaw/LibRaw/commit/d13e8f6d1e987b7491182040a188c16a395f1d21" }, { "type": "WEB", "url": "https://github.com/LibRaw/LibRaw/commit/d13e8f6d1e987b7491182040a188c16a395f1d21" }, { "type": "WEB", "url": "https://github.com/LibRaw/LibRaw/issues/101" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-14608" } ], "schema_version": "1.7.0", "summary": "libraw -- Out-of-bounds Read" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "openvpn-polarssl" }, "ranges": [ { "events": [ { "fixed": "2.3.18" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "openvpn-mbedtls" }, "ranges": [ { "events": [ { "introduced": "2.4.0" }, { "fixed": "2.4.4" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "openvpn" }, "ranges": [ { "events": [ { "introduced": "2.4.0" }, { "fixed": "2.4.4" } ], "type": "ECOSYSTEM" }, { "events": [ { "fixed": "2.3.18" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://community.openvpn.net/openvpn/wiki/CVE-2017-12166" ], "discovery": "2017-09-21T00:00:00Z", "references": { "cvename": [ "CVE-2017-12166" ] }, "vid": "3dd6ccf4-a3c6-11e7-a52e-0800279f2ff8" }, "details": "Steffan Karger reports:\n\n> The bounds check in read_key() was performed after using the value,\n> instead of before. If \\'key-method 1\\' is used, this allowed an\n> attacker to send a malformed packet to trigger a stack buffer\n> overflow. \\[\\...\\]\n>\n> Note that \\'key-method 1\\' has been replaced by \\'key method 2\\' as\n> the default in OpenVPN 2.0 (released on 2005-04-17), and explicitly\n> deprecated in 2.4 and marked for removal in 2.5. This should limit the\n> amount of users impacted by this issue.\n", "id": "FreeBSD-2017-0223", "modified": "2017-09-27T00:00:00Z", "published": "2017-09-27T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://community.openvpn.net/openvpn/wiki/CVE-2017-12166" }, { "type": "WEB", "url": "https://community.openvpn.net/openvpn/wiki/CVE-2017-12166" }, { "type": "WEB", "url": "https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg15492.html" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-12166" } ], "schema_version": "1.7.0", "summary": "OpenVPN -- out-of-bounds write in legacy key-method 1" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "ImageMagick7" }, "ranges": [ { "events": [ { "fixed": "7.0.7.4" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "ImageMagick7-nox11" }, "ranges": [ { "events": [ { "fixed": "7.0.7.4" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "ImageMagick" }, "ranges": [ { "events": [ { "last_affected": "6.9.8.9_1" }, { "fixed": "6.9.8.9_1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "ImageMagick-nox11" }, "ranges": [ { "events": [ { "last_affected": "6.9.8.9_1" }, { "fixed": "6.9.8.9_1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14741" ], "discovery": "2017-09-21T00:00:00Z", "references": { "cvename": [ "CVE-2017-14741" ] }, "vid": "16fb4f83-a2ab-11e7-9c14-009c02a2ab30" }, "details": "MITRE reports:\n\n> The ReadCAPTIONImage function in coders/caption.c in ImageMagick\n> allows remote attackers to cause a denial of service (infinite loop)\n> via a crafted font file.\n", "id": "FreeBSD-2017-0222", "modified": "2017-09-26T00:00:00Z", "published": "2017-09-26T00:00:00Z", "references": [ { "type": "REPORT", "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14741" }, { "type": "ADVISORY", "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14741" }, { "type": "WEB", "url": "https://github.com/ImageMagick/ImageMagick/issues/771" }, { "type": "WEB", "url": "https://github.com/ImageMagick/ImageMagick/commit/7d8e14899c562157c7760a77fc91625a27cb596f" }, { "type": "WEB", "url": "https://github.com/ImageMagick/ImageMagick/commit/bb11d07139efe0f5e4ce0e4afda32abdbe82fa9d" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-14741" } ], "schema_version": "1.7.0", "summary": "ImageMagick -- denial of service via a crafted font file" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "libofx" }, "ranges": [ { "events": [ { "last_affected": "0.9.11_1" }, { "fixed": "0.9.11_1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "http://www.securityfocus.com/bid/100828" ], "discovery": "2017-09-13T00:00:00Z", "references": { "cvename": [ "CVE-2017-2816" ] }, "vid": "58fafead-cd13-472f-a9bd-d0173ba1b04c" }, "details": "Talos developers report:\n\n> An exploitable buffer overflow vulnerability exists in the tag parsing\n> functionality of LibOFX 0.9.11. A specially crafted OFX file can cause\n> a write out of bounds resulting in a buffer overflow on the stack. An\n> attacker can construct a malicious OFX file to trigger this\n> vulnerability.\n", "id": "FreeBSD-2017-0221", "modified": "2017-09-27T00:00:00Z", "published": "2017-09-27T00:00:00Z", "references": [ { "type": "REPORT", "url": "http://www.securityfocus.com/bid/100828" }, { "type": "WEB", "url": "http://www.securityfocus.com/bid/100828" }, { "type": "WEB", "url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0317" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-2816" } ], "schema_version": "1.7.0", "summary": "libofx -- exploitable buffer overflow" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "sugarcrm" }, "ranges": [ { "events": [ { "last_affected": "6.5.26" }, { "fixed": "6.5.26" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://blog.ripstech.com/2017/sugarcrm-security-diet-multiple-vulnerabilities/" ], "discovery": "2017-09-17T00:00:00Z", "references": { "cvename": [ "CVE-2017-14508", "CVE-2017-14509", "CVE-2017-14510" ] }, "vid": "3b776502-f601-44e0-87cd-b63f1b9ae42a" }, "details": "sugarcrm developers report:\n\n> An issue was discovered in SugarCRM before 7.7.2.3, 7.8.x before\n> 7.8.2.2, and 7.9.x before 7.9.2.0 (and Sugar Community Edition\n> 6.5.26). Several areas have been identified in the Documents and\n> Emails module that could allow an authenticated user to perform SQL\n> injection, as demonstrated by a backslash character at the end of a\n> bean_id to modules/Emails/DetailView.php. An attacker could exploit\n> these vulnerabilities by sending a crafted SQL request to the affected\n> areas. An exploit could allow the attacker to modify the SQL database.\n> Proper SQL escaping has been added to prevent such exploits.\n>\n> An issue was discovered in SugarCRM before 7.7.2.3, 7.8.x before\n> 7.8.2.2, and 7.9.x before 7.9.2.0 (and Sugar Community Edition\n> 6.5.26). A remote file inclusion has been identified in the Connectors\n> module allowing authenticated users to include remotely accessible\n> system files via a query string. Proper input validation has been\n> added to mitigate this issue.\n>\n> An issue was discovered in SugarCRM before 7.7.2.3, 7.8.x before\n> 7.8.2.2, and 7.9.x before 7.9.2.0 (and Sugar Community Edition\n> 6.5.26). The WebToLeadCapture functionality is found vulnerable to\n> unauthenticated cross-site scripting (XSS) attacks. This attack vector\n> is mitigated by proper validating the redirect URL values being passed\n> along.\n", "id": "FreeBSD-2017-0220", "modified": "2017-09-26T00:00:00Z", "published": "2017-09-26T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://blog.ripstech.com/2017/sugarcrm-security-diet-multiple-vulnerabilities/" }, { "type": "WEB", "url": "https://blog.ripstech.com/2017/sugarcrm-security-diet-multiple-vulnerabilities/" }, { "type": "WEB", "url": "https://support.sugarcrm.com/Resources/Security/sugarcrm-sa-2017-006/" }, { "type": "WEB", "url": "https://blog.ripstech.com/2017/sugarcrm-security-diet-multiple-vulnerabilities/" }, { "type": "WEB", "url": "https://support.sugarcrm.com/Resources/Security/sugarcrm-sa-2017-007/" }, { "type": "WEB", "url": "https://blog.ripstech.com/2017/sugarcrm-security-diet-multiple-vulnerabilities/" }, { "type": "WEB", "url": "https://support.sugarcrm.com/Resources/Security/sugarcrm-sa-2017-008/" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-14508" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-14509" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-14510" } ], "schema_version": "1.7.0", "summary": "sugarcrm -- multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "libzip" }, "ranges": [ { "events": [ { "fixed": "1.1.13_1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://blogs.gentoo.org/ago/2017/09/01/libzip-memory-allocation-failure-in-_zip_cdir_grow-zip_dirent-c/" ], "discovery": "2017-09-01T00:00:00Z", "references": { "cvename": [ "CVE-2017-14107" ] }, "vid": "b2952517-07e5-4d19-8850-21c5b7e0623f" }, "details": "libzip developers report:\n\n> The \\_zip_read_eocd64 function in zip_open.c in libzip before 1.3.0\n> mishandles EOCD records, which allows remote attackers to cause a\n> denial of service (memory allocation failure in \\_zip_cdir_grow in\n> zip_dirent.c) via a crafted ZIP archive.\n", "id": "FreeBSD-2017-0219", "modified": "2017-09-27T00:00:00Z", "published": "2017-09-27T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://blogs.gentoo.org/ago/2017/09/01/libzip-memory-allocation-failure-in-_zip_cdir_grow-zip_dirent-c/" }, { "type": "WEB", "url": "https://blogs.gentoo.org/ago/2017/09/01/libzip-memory-allocation-failure-in-_zip_cdir_grow-zip_dirent-c/" }, { "type": "WEB", "url": "https://github.com/nih-at/libzip/commit/9b46957ec98d85a572e9ef98301247f39338a3b5" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-14107" } ], "schema_version": "1.7.0", "summary": "libzip -- denial of service" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "libbson" }, "ranges": [ { "events": [ { "fixed": "1.8.0" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "http://www.securityfocus.com/bid/100825" ], "discovery": "2017-09-09T00:00:00Z", "references": { "cvename": [ "CVE-2017-14227" ] }, "vid": "10214bda-0902-4e3b-a2f9-9a68ef206a73" }, "details": "mongodb developers report:\n\n> In MongoDB libbson 1.7.0, the bson_iter_codewscope function in\n> bson-iter.c miscalculates a bson_utf8_validate length argument, which\n> allows remote attackers to cause a denial of service (heap-based\n> buffer over-read in the bson_utf8_validate function in bson-utf8.c),\n> as demonstrated by bson-to-json.c.\n", "id": "FreeBSD-2017-0218", "modified": "2017-09-26T00:00:00Z", "published": "2017-09-26T00:00:00Z", "references": [ { "type": "REPORT", "url": "http://www.securityfocus.com/bid/100825" }, { "type": "WEB", "url": "http://www.securityfocus.com/bid/100825" }, { "type": "REPORT", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1489355" }, { "type": "REPORT", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1489356" }, { "type": "REPORT", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1489362" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-14227" } ], "schema_version": "1.7.0", "summary": "libbson -- Denial of Service" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "tcpdump" }, "ranges": [ { "events": [ { "fixed": "4.9.2" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "http://www.tcpdump.org/tcpdump-changes.txt" ], "discovery": "2017-07-22T00:00:00Z", "references": { "cvename": [ "CVE-2017-11541", "CVE-2017-11542", "CVE-2017-11543", "CVE-2017-12893", "CVE-2017-12894", "CVE-2017-12895", "CVE-2017-12896", "CVE-2017-12897", "CVE-2017-12898", "CVE-2017-12899", "CVE-2017-12900", "CVE-2017-12901", "CVE-2017-12902", "CVE-2017-12985", "CVE-2017-12986", "CVE-2017-12987", "CVE-2017-12988", "CVE-2017-12989", "CVE-2017-12990", "CVE-2017-12991", "CVE-2017-12992", "CVE-2017-12993", "CVE-2017-12994", "CVE-2017-12995", "CVE-2017-12996", "CVE-2017-12997", "CVE-2017-12998", "CVE-2017-12999", "CVE-2017-13000", "CVE-2017-13001", "CVE-2017-13002", "CVE-2017-13003", "CVE-2017-13004", "CVE-2017-13005", "CVE-2017-13006", "CVE-2017-13007", "CVE-2017-13008", "CVE-2017-13009", "CVE-2017-13010", "CVE-2017-13011", "CVE-2017-13012", "CVE-2017-13013", "CVE-2017-13014", "CVE-2017-13015", "CVE-2017-13016", "CVE-2017-13017", "CVE-2017-13018", "CVE-2017-13019", "CVE-2017-13020", "CVE-2017-13021", "CVE-2017-13022", "CVE-2017-13023", "CVE-2017-13024", "CVE-2017-13025", "CVE-2017-13026", "CVE-2017-13027", "CVE-2017-13028", "CVE-2017-13029", "CVE-2017-13030", "CVE-2017-13031", "CVE-2017-13032", "CVE-2017-13033", "CVE-2017-13034", "CVE-2017-13035", "CVE-2017-13036", "CVE-2017-13037", "CVE-2017-13038", "CVE-2017-13039", "CVE-2017-13040", "CVE-2017-13041", "CVE-2017-13042", "CVE-2017-13043", "CVE-2017-13044", "CVE-2017-13045", "CVE-2017-13046", "CVE-2017-13047", "CVE-2017-13048", "CVE-2017-13049", "CVE-2017-13050", "CVE-2017-13051", "CVE-2017-13052", "CVE-2017-13053", "CVE-2017-13054", "CVE-2017-13055", "CVE-2017-13687", "CVE-2017-13688", "CVE-2017-13689", "CVE-2017-13690", "CVE-2017-13725" ] }, "vid": "eb03d642-6724-472d-b038-f2bf074e1fc8" }, "details": "tcpdump developers report:\n\n> Too many issues to detail, see CVE references for details.\n", "id": "FreeBSD-2017-0217", "modified": "2017-09-26T00:00:00Z", "published": "2017-09-26T00:00:00Z", "references": [ { "type": "REPORT", "url": "http://www.tcpdump.org/tcpdump-changes.txt" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-11541" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-11542" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-11543" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-12893" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-12894" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-12895" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-12896" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-12897" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-12898" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-12899" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-12900" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-12901" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-12902" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-12985" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-12986" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-12987" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-12988" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-12989" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-12990" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-12991" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-12992" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-12993" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-12994" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-12995" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-12996" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-12997" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-12998" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-12999" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-13000" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-13001" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-13002" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-13003" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-13004" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-13005" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-13006" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-13007" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-13008" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-13009" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-13010" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-13011" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-13012" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-13013" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-13014" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-13015" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-13016" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-13017" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-13018" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-13019" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-13020" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-13021" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-13022" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-13023" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-13024" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-13025" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-13026" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-13027" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-13028" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-13029" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-13030" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-13031" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-13032" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-13033" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-13034" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-13035" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-13036" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-13037" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-13038" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-13039" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-13040" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-13041" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-13042" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-13043" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-13044" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-13045" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-13046" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-13047" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-13048" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-13049" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-13050" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-13051" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-13052" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-13053" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-13054" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-13055" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-13687" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-13688" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-13689" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-13690" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-13725" } ], "schema_version": "1.7.0", "summary": "tcpdump -- multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "libraw" }, "ranges": [ { "events": [ { "fixed": "0.18.4" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "http://www.securityfocus.com/bid/100866" ], "discovery": "2017-09-12T00:00:00Z", "references": { "cvename": [ "CVE-2017-14348" ] }, "vid": "d9f96741-47bd-4426-9aba-8736c0971b24" }, "details": "libraw developers report:\n\n> LibRaw before 0.18.4 has a heap-based Buffer Overflow in the\n> processCanonCameraInfo function via a crafted file.\n", "id": "FreeBSD-2017-0216", "modified": "2017-09-26T00:00:00Z", "published": "2017-09-26T00:00:00Z", "references": [ { "type": "REPORT", "url": "http://www.securityfocus.com/bid/100866" }, { "type": "WEB", "url": "http://www.securityfocus.com/bid/100866" }, { "type": "WEB", "url": "https://github.com/LibRaw/LibRaw/issues/100" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-14348" } ], "schema_version": "1.7.0", "summary": "libraw -- buffer overflow" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "libraw" }, "ranges": [ { "events": [ { "fixed": "0.18.3" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://github.com/LibRaw/LibRaw/issues/99" ], "discovery": "2017-09-11T00:00:00Z", "references": { "cvename": [ "CVE-2017-14265" ] }, "vid": "4cd857d9-26d2-4417-b765-69701938f9e0" }, "details": "libraw developers report:\n\n> A Stack-based Buffer Overflow was discovered in xtrans_interpolate in\n> internal/dcraw_common.cpp in LibRaw before 0.18.3. It could allow a\n> remote denial of service or code execution attack.\n", "id": "FreeBSD-2017-0215", "modified": "2017-09-26T00:00:00Z", "published": "2017-09-26T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://github.com/LibRaw/LibRaw/issues/99" }, { "type": "WEB", "url": "https://github.com/LibRaw/LibRaw/issues/99" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-14265" } ], "schema_version": "1.7.0", "summary": "libraw -- denial of service and remote code execution" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "libgd" }, "ranges": [ { "events": [ { "fixed": "2.2.5" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "http://www.debian.org/security/2017/dsa-3961" ], "discovery": "2017-09-07T00:00:00Z", "references": { "cvename": [ "CVE-2017-6362" ] }, "vid": "a60a2e95-acba-4b11-bc32-ffb47364e07d" }, "details": "libgd developers report:\n\n> Double free vulnerability in the gdImagePngPtr function in libgd2\n> before 2.2.5 allows remote attackers to cause a denial of service via\n> vectors related to a palette with no colors.\n", "id": "FreeBSD-2017-0214", "modified": "2017-09-26T00:00:00Z", "published": "2017-09-26T00:00:00Z", "references": [ { "type": "REPORT", "url": "http://www.debian.org/security/2017/dsa-3961" }, { "type": "WEB", "url": "http://www.debian.org/security/2017/dsa-3961" }, { "type": "WEB", "url": "https://github.com/libgd/libgd/issues/381" }, { "type": "WEB", "url": "https://github.com/libgd/libgd/releases/tag/gd-2.2.5" }, { "type": "WEB", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/N2BLXX7KNRE7ZVQAKGTHHWS33CUCXVUP/" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-6362" } ], "schema_version": "1.7.0", "summary": "libgd -- Denial of servica via double free" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "libgd" }, "ranges": [ { "events": [ { "fixed": "2.2.5" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "php70-gd" }, "ranges": [ { "events": [ { "fixed": "7.0.21" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "php71-gd" }, "ranges": [ { "events": [ { "fixed": "7.1.7" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://bugs.php.net/bug.php?id=74435" ], "discovery": "2017-08-02T00:00:00Z", "references": { "cvename": [ "CVE-2017-7890" ] }, "vid": "5033e2fc-98ec-4ef5-8e0b-87cfbbc73081" }, "details": "PHP developers report:\n\n> The GIF decoding function gdImageCreateFromGifCtx in gd_gif_in.c in\n> the GD Graphics Library (aka libgd), as used in PHP before 5.6.31 and\n> 7.x before 7.1.7, does not zero colorMap arrays before use. A\n> specially crafted GIF image could use the uninitialized tables to read\n> \\~700 bytes from the top of the stack, potentially disclosing\n> sensitive information.\n", "id": "FreeBSD-2017-0213", "modified": "2017-09-26T00:00:00Z", "published": "2017-09-26T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://bugs.php.net/bug.php?id=74435" }, { "type": "WEB", "url": "https://bugs.php.net/bug.php?id=74435" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-7890" } ], "schema_version": "1.7.0", "summary": "php-gd and gd -- Buffer over-read into uninitialized memory" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "ledger" }, "ranges": [ { "events": [ { "last_affected": "3.1.1" }, { "fixed": "3.1.1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "http://www.securityfocus.com/bid/100543" ], "discovery": "2017-09-05T00:00:00Z", "references": { "cvename": [ "CVE-2017-2808", "CVE-2017-2807" ] }, "vid": "d843a984-7f22-484f-ba81-483ddbe30dc3" }, "details": "Talos reports:\n\n> An exploitable buffer overflow vulnerability exists in the tag parsing\n> functionality of Ledger-CLI 3.1.1. A specially crafted journal file\n> can cause an integer underflow resulting in code execution. An\n> attacker can construct a malicious journal file to trigger this\n> vulnerability.\n>\n> An exploitable use-after-free vulnerability exists in the account\n> parsing component of the Ledger-CLI 3.1.1. A specially crafted ledger\n> file can cause a use-after-free vulnerability resulting in arbitrary\n> code execution. An attacker can convince a user to load a journal file\n> to trigger this vulnerability.\n", "id": "FreeBSD-2017-0212", "modified": "2017-09-26T00:00:00Z", "published": "2017-09-26T00:00:00Z", "references": [ { "type": "REPORT", "url": "http://www.securityfocus.com/bid/100543" }, { "type": "WEB", "url": "http://www.securityfocus.com/bid/100543" }, { "type": "WEB", "url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0303" }, { "type": "WEB", "url": "http://www.securityfocus.com/bid/100546" }, { "type": "WEB", "url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0304" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-2808" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-2807" } ], "schema_version": "1.7.0", "summary": "ledger -- multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "aacplusenc" }, "ranges": [ { "events": [ { "last_affected": "0.17.5_2" }, { "fixed": "0.17.5_2" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://blogs.gentoo.org/ago/2017/09/07/aacplusenc-null-pointer-dereference-in-deletebitbuffer-bitbuffer-c/" ], "discovery": "2017-09-07T00:00:00Z", "references": { "cvename": [ "CVE-2017-14181" ] }, "vid": "7801b1e1-99b4-42ac-ab22-7646235e7c16" }, "details": "Gentoo developers report:\n\n> DeleteBitBuffer in libbitbuf/bitbuffer.c in mp4tools aacplusenc 0.17.5\n> allows remote attackers to cause a denial of service (invalid memory\n> write, SEGV on unknown address 0x000000000030, and application crash)\n> or possibly have unspecified other impact via a crafted .wav file, aka\n> a NULL pointer dereference.\n", "id": "FreeBSD-2017-0211", "modified": "2017-09-25T00:00:00Z", "published": "2017-09-25T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://blogs.gentoo.org/ago/2017/09/07/aacplusenc-null-pointer-dereference-in-deletebitbuffer-bitbuffer-c/" }, { "type": "WEB", "url": "https://blogs.gentoo.org/ago/2017/09/07/aacplusenc-null-pointer-dereference-in-deletebitbuffer-bitbuffer-c/" }, { "type": "WEB", "url": "https://github.com/teknoraver/aacplusenc/issues/1" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-14181" } ], "schema_version": "1.7.0", "summary": "aacplusenc -- denial of service" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "ansible" }, "ranges": [ { "events": [ { "last_affected": "2.2.3" }, { "fixed": "2.2.3" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://github.com/ansible/ansible/issues/22505" ], "discovery": "2017-07-21T00:00:00Z", "references": { "cvename": [ "CVE-2017-7473" ] }, "vid": "478d4102-2319-4026-b3b2-a57c48f159ac" }, "details": "ansible developers report:\n\n> Ansible versions 2.2.3 and earlier are vulnerable to an information\n> disclosure flaw due to the interaction of call back plugins and the\n> no_log directive where the information may not be sanitized properly.\n", "id": "FreeBSD-2017-0210", "modified": "2017-09-25T00:00:00Z", "published": "2017-09-25T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://github.com/ansible/ansible/issues/22505" }, { "type": "WEB", "url": "https://github.com/ansible/ansible/issues/22505" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-7473" } ], "schema_version": "1.7.0", "summary": "ansible -- information disclosure flaw" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "weechat" }, "ranges": [ { "events": [ { "fixed": "1.9.1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://weechat.org/news/98/20170923-Version-1.9.1-security-release/" ], "discovery": "2017-09-23T00:00:00Z", "references": { "cvename": [ "CVE-2017-14727" ] }, "vid": "b63421b6-a1e0-11e7-ac58-b499baebfeaf" }, "details": "WeeChat reports:\n\n> security problem: a crash can happen in logger plugin when converting\n> date/time specifiers in file mask.\n", "id": "FreeBSD-2017-0209", "modified": "2017-09-25T00:00:00Z", "published": "2017-09-25T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://weechat.org/news/98/20170923-Version-1.9.1-security-release/" }, { "type": "WEB", "url": "https://weechat.org/news/98/20170923-Version-1.9.1-security-release/" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-14727" } ], "schema_version": "1.7.0", "summary": "weechat -- crash in logger plugin" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "perl5" }, "ranges": [ { "events": [ { "introduced": "5.24.0" }, { "fixed": "5.24.3" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "5.26.0" }, { "fixed": "5.26.1" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://metacpan.org/changes/release/SHAY/perl-5.26.1#Security" ], "discovery": "2017-09-19T00:00:00Z", "references": { "cvename": [ "CVE-2017-12814", "CVE-2017-12837", "CVE-2017-12883" ] }, "vid": "d9e82328-a129-11e7-987e-4f174049b30a" }, "details": "Meta CPAN reports:\n\n> CVE-2017-12814: \\$ENV{\\$key} stack buffer overflow on Windows\n>\n> A possible stack buffer overflow in the %ENV code on Windows has been\n> fixed by removing the buffer completely since it was superfluous\n> anyway.\n>\n> CVE-2017-12837: Heap buffer overflow in regular expression compiler\n>\n> Compiling certain regular expression patterns with the\n> case-insensitive modifier could cause a heap buffer overflow and crash\n> perl. This has now been fixed.\n>\n> CVE-2017-12883: Buffer over-read in regular expression parser\n>\n> For certain types of syntax error in a regular expression pattern, the\n> error message could either contain the contents of a random, possibly\n> large, chunk of memory, or could crash perl. This has now been fixed.\n", "id": "FreeBSD-2017-0208", "modified": "2017-09-24T00:00:00Z", "published": "2017-09-24T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://metacpan.org/changes/release/SHAY/perl-5.26.1#Security" }, { "type": "WEB", "url": "https://metacpan.org/changes/release/SHAY/perl-5.24.3" }, { "type": "WEB", "url": "https://metacpan.org/changes/release/SHAY/perl-5.26.1" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-12814" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-12837" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-12883" } ], "schema_version": "1.7.0", "summary": "perl -- multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "chromium" }, "ranges": [ { "events": [ { "fixed": "61.0.3163.100" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://chromereleases.googleblog.com/2017/09/stable-channel-update-for-desktop_21.html" ], "discovery": "2017-09-21T00:00:00Z", "references": { "cvename": [ "CVE-2017-5121", "CVE-2017-5122" ] }, "vid": "917e5519-9fdd-11e7-8b58-e8e0b747a45a" }, "details": "Google Chrome releases reports:\n\n> 3 security fixes in this release, including:\n>\n> - \\[765433\\] High CVE-2017-5121: Out-of-bounds access in V8. Reported\n> by Jordan Rabet, Microsoft Offensive Security Research and Microsoft\n> ChakraCore team on 2017-09-14\n> - \\[752423\\] High CVE-2017-5122: Out-of-bounds access in V8. Reported\n> by Choongwoo Han of Naver Corporation on 2017-08-04\n> - \\[767508\\] Various fixes from internal audits, fuzzing and other\n> initiatives\n", "id": "FreeBSD-2017-0207", "modified": "2017-09-22T00:00:00Z", "published": "2017-09-22T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://chromereleases.googleblog.com/2017/09/stable-channel-update-for-desktop_21.html" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-5121" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-5122" }, { "type": "WEB", "url": "https://chromereleases.googleblog.com/2017/09/stable-channel-update-for-desktop_21.html" } ], "schema_version": "1.7.0", "summary": "chromium -- multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "asterisk11" }, "ranges": [ { "events": [ { "fixed": "11.25.3" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "asterisk13" }, "ranges": [ { "events": [ { "fixed": "13.17.2" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "http://www.asterisk.org/downloads/security-advisories" ], "discovery": "2017-09-01T00:00:00Z", "references": { "cvename": [ "CVE-2017-14099" ] }, "vid": "c2ea3b31-9d75-11e7-bb13-001999f8d30b" }, "details": "The Asterisk project reports:\n\n> This is a follow up advisory to AST-2017-005.\n>\n> Insufficient RTCP packet validation could allow reading stale buffer\n> contents and when combined with the \\\"nat\\\" and \\\"symmetric_rtp\\\"\n> options allow redirecting where Asterisk sends the next RTCP report.\n>\n> The RTP stream qualification to learn the source address of media\n> always accepted the first RTP packet as the new source and allowed\n> what AST-2017-005 was mitigating. The intent was to qualify a series\n> of packets before accepting the new source address.\n>\n> The RTP/RTCP stack will now validate RTCP packets before processing\n> them.\n", "id": "FreeBSD-2017-0206", "modified": "2017-09-19T00:00:00Z", "published": "2017-09-19T00:00:00Z", "references": [ { "type": "REPORT", "url": "http://www.asterisk.org/downloads/security-advisories" }, { "type": "WEB", "url": "https://downloads.asterisk.org/pub/security/AST-2017-008.html" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-14099" } ], "schema_version": "1.7.0", "summary": "asterisk -- RTP/RTCP information leak" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "ruby" }, "ranges": [ { "events": [ { "introduced": "2.2.0" }, { "fixed": "2.2.8" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "2.3.0" }, { "fixed": "2.3.5" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "2.4.0" }, { "fixed": "2.4.2" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://www.ruby-lang.org/en/security/" ], "discovery": "2017-09-14T00:00:00Z", "references": { "cvename": [ "CVE-2017-0898", "CVE-2017-10784", "CVE-2017-14033", "CVE-2017-14064" ] }, "vid": "95b01379-9d52-11e7-a25c-471bafc3262f" }, "details": "Ruby blog:\n\n> CVE-2017-0898: Buffer underrun vulnerability in Kernel.sprintf\n>\n> If a malicious format string which contains a precious specifier (\\*)\n> is passed and a huge minus value is also passed to the specifier,\n> buffer underrun may be caused. In such situation, the result may\n> contains heap, or the Ruby interpreter may crash.\n>\n> CVE-2017-10784: Escape sequence injection vulnerability in the Basic\n> authentication of WEBrick\n>\n> When using the Basic authentication of WEBrick, clients can pass an\n> arbitrary string as the user name. WEBrick outputs the passed user\n> name intact to its log, then an attacker can inject malicious escape\n> sequences to the log and dangerous control characters may be executed\n> on a victim's terminal emulator.\n>\n> This vulnerability is similar to a vulnerability already fixed, but it\n> had not been fixed in the Basic authentication.\n>\n> CVE-2017-14033: Buffer underrun vulnerability in OpenSSL ASN1 decode\n>\n> If a malicious string is passed to the decode method of OpenSSL::ASN1,\n> buffer underrun may be caused and the Ruby interpreter may crash.\n>\n> CVE-2017-14064: Heap exposure vulnerability in generating JSON\n>\n> The generate method of JSON module optionally accepts an instance of\n> JSON::Ext::Generator::State class. If a malicious instance is passed,\n> the result may include contents of heap.\n", "id": "FreeBSD-2017-0205", "modified": "2017-09-19T00:00:00Z", "published": "2017-09-19T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://www.ruby-lang.org/en/security/" }, { "type": "WEB", "url": "https://www.ruby-lang.org/en/security/" }, { "type": "WEB", "url": "https://www.ruby-lang.org/en/news/2017/09/14/sprintf-buffer-underrun-cve-2017-0898/" }, { "type": "WEB", "url": "https://www.ruby-lang.org/en/news/2017/09/14/webrick-basic-auth-escape-sequence-injection-cve-2017-10784/" }, { "type": "WEB", "url": "https://www.ruby-lang.org/en/news/2017/09/14/openssl-asn1-buffer-underrun-cve-2017-14033/" }, { "type": "WEB", "url": "https://www.ruby-lang.org/en/news/2017/09/14/json-heap-exposure-cve-2017-14064/" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-0898" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-10784" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-14033" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-14064" } ], "schema_version": "1.7.0", "summary": "ruby -- multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "rubygem-geminabox" }, "ranges": [ { "events": [ { "fixed": "0.13.8" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://baraktawily.blogspot.com/2017/09/gem-in-box-xss-vulenrability-cve-2017.html" ], "discovery": "2017-09-18T00:00:00Z", "references": { "cvename": [ "CVE-2017-14506", "CVE-2017-14683" ] }, "vid": "2bffdf2f-9d45-11e7-a25c-471bafc3262f" }, "details": "Gem in a box XSS vulenrability - CVE-2017-14506:\n\n> Malicious attacker create GEM file with crafted homepage value\n> (gem.homepage in .gemspec file) includes XSS payload.\n>\n> The attacker access geminabox system and uploads the gem file (or uses\n> CSRF/SSRF attack to do so).\n>\n> From now on, any user access Geminabox web server, executes the\n> malicious XSS payload, that will delete any gems on the server, and\n> won\\'t let users use the geminabox anymore. (make victim\\'s browser\n> crash or redirect them to other hosts).\n", "id": "FreeBSD-2017-0204", "modified": "2017-09-27T00:00:00Z", "published": "2017-09-19T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://baraktawily.blogspot.com/2017/09/gem-in-box-xss-vulenrability-cve-2017.html" }, { "type": "WEB", "url": "https://baraktawily.blogspot.com/2017/09/gem-in-box-xss-vulenrability-cve-2017.html" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-14506" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-14683" } ], "schema_version": "1.7.0", "summary": "rubygem-geminabox -- XSS & CSRF vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "apache24" }, "ranges": [ { "events": [ { "fixed": "2.4.27_1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "apache22" }, "ranges": [ { "events": [ { "fixed": "2.2.34_1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://blog.fuzzing-project.org/60-Optionsbleed-HTTP-OPTIONS-method-can-leak-Apaches-server-memory.html" ], "discovery": "2017-09-18T00:00:00Z", "references": { "cvename": [ "CVE-2017-9798" ] }, "vid": "76b085e2-9d33-11e7-9260-000c292ee6b8" }, "details": "The Fuzzing Project reports:\n\n> Apache httpd allows remote attackers to read secret data from process\n> memory if the Limit directive can be set in a user\\'s .htaccess file,\n> or if httpd.conf has certain misconfigurations, aka Optionsbleed. This\n> affects the Apache HTTP Server through 2.2.34 and 2.4.x through\n> 2.4.27. The attacker sends an unauthenticated OPTIONS HTTP request\n> when attempting to read secret data. This is a use-after-free issue\n> and thus secret data is not always sent, and the specific data depends\n> on many factors including configuration. Exploitation with .htaccess\n> can be blocked with a patch to the ap_limit_section function in\n> server/core.c.\n", "id": "FreeBSD-2017-0203", "modified": "2017-09-19T00:00:00Z", "published": "2017-09-19T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://blog.fuzzing-project.org/60-Optionsbleed-HTTP-OPTIONS-method-can-leak-Apaches-server-memory.html" }, { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-9798" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-9798" } ], "schema_version": "1.7.0", "summary": "Apache -- HTTP OPTIONS method can leak server memory" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "gitlab" }, "ranges": [ { "events": [ { "introduced": "1.0.0" }, { "last_affected": "9.3.10" }, { "fixed": "9.3.10" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "9.4.0" }, { "last_affected": "9.4.5" }, { "fixed": "9.4.5" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "9.5.0" }, { "last_affected": "9.5.3" }, { "fixed": "9.5.3" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://about.gitlab.com/2017/09/07/gitlab-9-dot-5-dot-4-security-release/" ], "discovery": "2017-09-07T00:00:00Z", "references": { "cvename": [ "CVE-2017-5029", "CVE-2016-4738" ] }, "vid": "6a177c87-9933-11e7-93f7-d43d7e971a1b" }, "details": "GitLab reports:\n\n> Please reference CVE/URL list for details\n", "id": "FreeBSD-2017-0202", "modified": "2017-09-14T00:00:00Z", "published": "2017-09-14T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://about.gitlab.com/2017/09/07/gitlab-9-dot-5-dot-4-security-release/" }, { "type": "WEB", "url": "https://about.gitlab.com/2017/09/07/gitlab-9-dot-5-dot-4-security-release/" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-5029" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2016-4738" } ], "schema_version": "1.7.0", "summary": "GitLab -- multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "linux-flashplayer" }, "ranges": [ { "events": [ { "fixed": "27.0.0.130" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://helpx.adobe.com/security/products/flash-player/apsb17-28.html" ], "discovery": "2017-09-12T00:00:00Z", "references": { "cvename": [ "CVE-2017-11281", "CVE-2017-11282" ] }, "vid": "531aae08-97f0-11e7-aadd-6451062f0f7a" }, "details": "Adobe reports:\n\n> - These updates resolve memory corruption vulnerabilities that could\n> lead to remote code execution (CVE-2017-11281, CVE-2017-11282).\n", "id": "FreeBSD-2017-0201", "modified": "2017-09-12T00:00:00Z", "published": "2017-09-12T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://helpx.adobe.com/security/products/flash-player/apsb17-28.html" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-11281" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-11282" }, { "type": "WEB", "url": "https://helpx.adobe.com/security/products/flash-player/apsb17-28.html" } ], "schema_version": "1.7.0", "summary": "Flash Player -- multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "emacs25" }, "ranges": [ { "events": [ { "fixed": "25.3,3" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "emacs-nox11" }, "ranges": [ { "events": [ { "fixed": "25.3,3" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "emacs-devel" }, "ranges": [ { "events": [ { "fixed": "26.0.50.20170912,2" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "http://seclists.org/oss-sec/2017/q3/422" ], "discovery": "2017-09-04T00:00:00Z", "vid": "47e2e52c-975c-11e7-942d-5404a68a61a2" }, "details": "Paul Eggert reports:\n\n> Charles A. Roelli has found a security flaw in the enriched mode in\n> GNU Emacs.\n>\n> When Emacs renders MIME text/enriched data (Internet RFC 1896), it is\n> vulnerable to arbitrary code execution. Since Emacs-based mail clients\n> decode \\\"Content-Type: text/enriched\\\", this code is exploitable\n> remotely. This bug affects GNU Emacs versions 19.29 through 25.2.\n", "id": "FreeBSD-2017-0200", "modified": "2017-09-13T00:00:00Z", "published": "2017-09-12T00:00:00Z", "references": [ { "type": "REPORT", "url": "http://seclists.org/oss-sec/2017/q3/422" }, { "type": "WEB", "url": "http://seclists.org/oss-sec/2017/q3/422" }, { "type": "WEB", "url": "https://bugs.gnu.org/28350" } ], "schema_version": "1.7.0", "summary": "emacs -- enriched text remote code execution vulnerability" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "cyrus-imapd30" }, "ranges": [ { "events": [ { "introduced": "3.0.0" }, { "fixed": "3.0.4" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://www.cyrusimap.org/imap/download/release-notes/3.0/x/3.0.4.html" ], "discovery": "2017-09-07T00:00:00Z", "references": { "cvename": [ "CVE-2017-14230" ] }, "vid": "f9f76a50-9642-11e7-ab09-080027b00c2e" }, "details": "Cyrus IMAP 3.0.4 Release Notes states:\n\n> Fixed Issue #2132: Broken \\\"Other Users\\\" behaviour\n", "id": "FreeBSD-2017-0199", "modified": "2017-09-10T00:00:00Z", "published": "2017-09-10T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://www.cyrusimap.org/imap/download/release-notes/3.0/x/3.0.4.html" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-14230" }, { "type": "WEB", "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14230" } ], "schema_version": "1.7.0", "summary": "cyrus-imapd -- broken \"other users\" behaviour" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "py27-django110" }, "ranges": [ { "events": [ { "fixed": "1.10.8" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "py34-django110" }, "ranges": [ { "events": [ { "fixed": "1.10.8" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "py35-django110" }, "ranges": [ { "events": [ { "fixed": "1.10.8" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "py36-django110" }, "ranges": [ { "events": [ { "fixed": "1.10.8" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "py27-django111" }, "ranges": [ { "events": [ { "fixed": "1.11.5" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "py34-django111" }, "ranges": [ { "events": [ { "fixed": "1.11.5" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "py35-django111" }, "ranges": [ { "events": [ { "fixed": "1.11.5" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "py36-django111" }, "ranges": [ { "events": [ { "fixed": "1.11.5" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://www.djangoproject.com/weblog/2017/sep/05/security-releases/" ], "discovery": "2017-09-05T00:00:00Z", "references": { "cvename": [ "CVE-2017-12794" ] }, "vid": "aaab03be-932d-11e7-92d8-4b26fc968492" }, "details": "Django blog:\n\n> In older versions, HTML autoescaping was disabled in a portion of the\n> template for the technical 500 debug page. Given the right\n> circumstances, this allowed a cross-site scripting attack. This\n> vulnerability shouldn\\'t affect most production sites since you\n> shouldn\\'t run with DEBUG = True (which makes this page accessible) in\n> your production settings.\n", "id": "FreeBSD-2017-0198", "modified": "2017-09-06T00:00:00Z", "published": "2017-09-06T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://www.djangoproject.com/weblog/2017/sep/05/security-releases/" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-12794" }, { "type": "WEB", "url": "https://www.djangoproject.com/weblog/2017/sep/05/security-releases/" } ], "schema_version": "1.7.0", "summary": "Django -- possible XSS in traceback section of technical 500 debug page" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "chromium" }, "ranges": [ { "events": [ { "fixed": "61.0.3163.79" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://chromereleases.googleblog.com/2017/09/stable-channel-update-for-desktop.html" ], "discovery": "2017-09-05T00:00:00Z", "references": { "cvename": [ "CVE-2017-5111", "CVE-2017-5112", "CVE-2017-5113", "CVE-2017-5114", "CVE-2017-5115", "CVE-2017-5116", "CVE-2017-5117", "CVE-2017-5118", "CVE-2017-5119", "CVE-2017-5120" ] }, "vid": "e1100e63-92f7-11e7-bd95-e8e0b747a45a" }, "details": "Google Chrome releases reports:\n\n> 22 security fixes in this release, including:\n>\n> - \\[737023\\] High CVE-2017-5111: Use after free in PDFium. Reported by\n> Luat Nguyen on KeenLab, Tencent on 2017-06-27\n> - \\[740603\\] High CVE-2017-5112: Heap buffer overflow in WebGL.\n> Reported by Tobias Klein on 2017-07-10\n> - \\[747043\\] High CVE-2017-5113: Heap buffer overflow in Skia.\n> Reported by Anonymous on 2017-07-20\n> - \\[752829\\] High CVE-2017-5114: Memory lifecycle issue in PDFium.\n> Reported by Ke Liu of Tencent\\'s Xuanwu LAB on 2017-08-07\n> - \\[744584\\] High CVE-2017-5115: Type confusion in V8. Reported by\n> Marco Giovannini on 2017-07-17\n> - \\[759624\\] High CVE-2017-5116: Type confusion in V8. Reported by\n> Anonymous on 2017-08-28\n> - \\[739190\\] Medium CVE-2017-5117: Use of uninitialized value in Skia.\n> Reported by Tobias Klein on 2017-07-04\n> - \\[747847\\] Medium CVE-2017-5118: Bypass of Content Security Policy\n> in Blink. Reported by WenXu Wu of Tencent\\'s Xuanwu Lab on\n> 2017-07-24\n> - \\[725127\\] Medium CVE-2017-5119: Use of uninitialized value in Skia.\n> Reported by Anonymous on 2017-05-22\n> - \\[718676\\] Low CVE-2017-5120: Potential HTTPS downgrade during\n> redirect navigation. Reported by Xiaoyin Liu on 2017-05-05\n> - \\[762099\\] Various fixes from internal audits, fuzzing and other\n> initiatives\n", "id": "FreeBSD-2017-0197", "modified": "2017-09-06T00:00:00Z", "published": "2017-09-06T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://chromereleases.googleblog.com/2017/09/stable-channel-update-for-desktop.html" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-5111" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-5112" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-5113" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-5114" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-5115" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-5116" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-5117" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-5118" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-5119" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-5120" }, { "type": "WEB", "url": "https://chromereleases.googleblog.com/2017/09/stable-channel-update-for-desktop.html" } ], "schema_version": "1.7.0", "summary": "chromium -- multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "gtk-pixbuf2" }, "ranges": [ { "events": [ { "fixed": "2.36.7" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "http://blog.talosintelligence.com/2017/08/vuln-spotlight-multiple-gdk.html" ], "discovery": "2017-08-30T00:00:00Z", "references": { "cvename": [ "CVE-2017-2862", "CVE-2017-2870" ] }, "vid": "5a1f1a86-8f4c-11e7-b5af-a4badb2f4699" }, "details": "TALOS reports:\n\n> - An exploitable integer overflow vulnerability exists in the\n> tiff_image_parse functionality.\n>\n> - An exploitable heap-overflow vulnerability exists in the\n> gdk_pixbuf\\_\\_jpeg_image_load_increment functionality.\n", "id": "FreeBSD-2017-0196", "modified": "2017-09-01T00:00:00Z", "published": "2017-09-01T00:00:00Z", "references": [ { "type": "REPORT", "url": "http://blog.talosintelligence.com/2017/08/vuln-spotlight-multiple-gdk.html" }, { "type": "WEB", "url": "http://blog.talosintelligence.com/2017/08/vuln-spotlight-multiple-gdk.html" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-2862" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-2870" } ], "schema_version": "1.7.0", "summary": "gdk-pixbuf -- multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "asterisk13" }, "ranges": [ { "events": [ { "fixed": "13.17.1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "http://www.asterisk.org/downloads/security-advisories" ], "discovery": "2017-08-31T00:00:00Z", "references": { "cvename": [ "CVE-2017-14098" ] }, "vid": "ec1df2a1-8ee6-11e7-8be8-001999f8d30b" }, "details": "The Asterisk project reports:\n\n> A carefully crafted URI in a From, To or Contact header could cause\n> Asterisk to crash.\n", "id": "FreeBSD-2017-0195", "modified": "2017-09-01T00:00:00Z", "published": "2017-09-01T00:00:00Z", "references": [ { "type": "REPORT", "url": "http://www.asterisk.org/downloads/security-advisories" }, { "type": "WEB", "url": "https://downloads.asterisk.org/pub/security/AST-2017-007.html" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-14098" } ], "schema_version": "1.7.0", "summary": "asterisk -- Remote Crash Vulerability in res_pjsip" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "asterisk11" }, "ranges": [ { "events": [ { "fixed": "11.25.2" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "asterisk13" }, "ranges": [ { "events": [ { "fixed": "13.17.1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "http://www.asterisk.org/downloads/security-advisories" ], "discovery": "2017-08-31T00:00:00Z", "references": { "cvename": [ "CVE-2017-14099", "CVE-2017-14100" ] }, "vid": "c599f95c-8ee5-11e7-8be8-001999f8d30b" }, "details": "The Asterisk project reports:\n\n> AST-2017-005 - A change was made to the strict RTP support in the RTP\n> stack to better tolerate late media when a reinvite occurs. When\n> combined with the symmetric RTP support this introduced an avenue\n> where media could be hijacked. Instead of only learning a new address\n> when expected the new code allowed a new source address to be learned\n> at all times.\n>\n> AST-2017-006 - The app_minivm module has an \\\"externnotify\\\" program\n> configuration option that is executed by the MinivmNotify dialplan\n> application. The application uses the caller-id name and number as\n> part of a built string passed to the OS shell for interpretation and\n> execution. Since the caller-id name and number can come from an\n> untrusted source, a crafted caller-id name or number allows an\n> arbitrary shell command injection.\n", "id": "FreeBSD-2017-0194", "modified": "2017-09-01T00:00:00Z", "published": "2017-09-01T00:00:00Z", "references": [ { "type": "REPORT", "url": "http://www.asterisk.org/downloads/security-advisories" }, { "type": "WEB", "url": "https://downloads.asterisk.org/pub/security/AST-2017-005.html" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-14099" }, { "type": "WEB", "url": "https://downloads.asterisk.org/pub/security/AST-2017-006.html" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-14100" } ], "schema_version": "1.7.0", "summary": "asterisk -- Unauthorized data disclosure and shell access command injection in app_minivm" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "libgcrypt" }, "ranges": [ { "events": [ { "fixed": "1.8.1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0379" ], "discovery": "2017-08-27T00:00:00Z", "references": { "cvename": [ "CVE-2017-0379" ] }, "vid": "22f28bb3-8d98-11e7-8c37-e8e0b747a45a" }, "details": "GnuPG reports:\n\n> Mitigate a local side-channel attack on Curve25519 dubbed \\\"May the\n> Fourth Be With You\\\".\n", "id": "FreeBSD-2017-0193", "modified": "2017-08-30T00:00:00Z", "published": "2017-08-30T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0379" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-0379" }, { "type": "WEB", "url": "https://eprint.iacr.org/2017/806" }, { "type": "ADVISORY", "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0379" } ], "schema_version": "1.7.0", "summary": "libgcrypt -- side-channel attack vulnerability" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "ruby22-gems" }, "ranges": [ { "events": [ { "fixed": "2.6.13" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "ruby23-gems" }, "ranges": [ { "events": [ { "fixed": "2.6.13" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "ruby24-gems" }, "ranges": [ { "events": [ { "fixed": "2.6.13" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://www.ruby-lang.org/en/news/2017/08/29/multiple-vulnerabilities-in-rubygems/" ], "discovery": "2017-08-29T00:00:00Z", "vid": "3f6de636-8cdb-11e7-9c71-f0def1fd7ea2" }, "details": "Official blog of RubyGems reports:\n\n> The following vulnerabilities have been reported: a DNS request\n> hijacking vulnerability, an ANSI escape sequence vulnerability, a DoS\n> vulnerability in the query command, and a vulnerability in the gem\n> installer that allowed a malicious gem to overwrite arbitrary files.\n", "id": "FreeBSD-2017-0192", "modified": "2017-08-29T00:00:00Z", "published": "2017-08-29T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://www.ruby-lang.org/en/news/2017/08/29/multiple-vulnerabilities-in-rubygems/" }, { "type": "WEB", "url": "https://www.ruby-lang.org/en/news/2017/08/29/multiple-vulnerabilities-in-rubygems/" } ], "schema_version": "1.7.0", "summary": "rubygems -- multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "kanboard" }, "ranges": [ { "events": [ { "fixed": "1.0.46" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://kanboard.net/news/version-1.0.46" ], "discovery": "2017-08-15T00:00:00Z", "references": { "cvename": [ "CVE-2017-12850", "CVE-2017-12851" ] }, "vid": "7d7e05fb-64da-435a-84fb-4061493b89b9" }, "details": "chbi reports:\n\n> an authenticated standard user could reset the password of another\n> user (including admin) by altering form data.\n", "id": "FreeBSD-2017-0191", "modified": "2017-08-26T00:00:00Z", "published": "2017-08-26T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://kanboard.net/news/version-1.0.46" }, { "type": "WEB", "url": "https://kanboard.net/news/version-1.0.46" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-12850" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-12851" } ], "schema_version": "1.7.0", "summary": "kanboard -- multiple privilege escalation vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "poppler" }, "ranges": [ { "events": [ { "fixed": "0.56.0" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "http://www.securityfocus.com/bid/99241/discuss" ], "discovery": "2017-06-21T00:00:00Z", "references": { "cvename": [ "CVE-2017-9865", "CVE-2017-9775" ] }, "vid": "eca2d861-76f4-42ed-89d2-23a2cb396c87" }, "details": "Poppler developers report:\n\n> Poppler is prone to a stack-based buffer-overflow vulnerability.\n>\n> Successful exploits may allow attackers to crash the affected\n> application, resulting in denial-of-service condition. Due to the\n> nature of this issue, arbitrary code execution may be possible but\n> this has not been confirmed.\n", "id": "FreeBSD-2017-0190", "modified": "2017-08-24T00:00:00Z", "published": "2017-08-24T00:00:00Z", "references": [ { "type": "REPORT", "url": "http://www.securityfocus.com/bid/99241/discuss" }, { "type": "WEB", "url": "http://www.securityfocus.com/bid/99241/discuss" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-9865" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-9775" } ], "schema_version": "1.7.0", "summary": "poppler -- multiple denial of service issues" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "phpmailer" }, "ranges": [ { "events": [ { "fixed": "5.2.24" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://github.com/PHPMailer/PHPMailer/releases/tag/v5.2.24" ], "discovery": "2017-07-27T00:00:00Z", "references": { "cvename": [ "CVE-2017-11503" ] }, "vid": "c5d79773-8801-11e7-93f7-d43d7e971a1b" }, "details": "PHPMailer reports:\n\n> Fix XSS vulnerability in one of the code examples, CVE-2017-11503. The\n> code_generator.phps example did not filter user input prior to output.\n> This file is distributed with a .phps extension, so it it not normally\n> executable unless it is explicitly renamed, so it is safe by default.\n> There was also an undisclosed potential XSS vulnerability in the\n> default exception handler (unused by default). Patches for both issues\n> kindly provided by Patrick Monnerat of the Fedora Project.\n", "id": "FreeBSD-2017-0189", "modified": "2017-08-23T00:00:00Z", "published": "2017-08-23T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://github.com/PHPMailer/PHPMailer/releases/tag/v5.2.24" }, { "type": "WEB", "url": "https://github.com/PHPMailer/PHPMailer/releases/tag/v5.2.24" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-11503" } ], "schema_version": "1.7.0", "summary": "phpmailer -- XSS in code example and default exeception handler" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "py27-salt" }, "ranges": [ { "events": [ { "fixed": "2016.11.7" }, { "introduced": "0" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "2017.7.0" }, { "fixed": "2017.7.1" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "py32-salt" }, "ranges": [ { "events": [ { "fixed": "2016.11.7" }, { "introduced": "0" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "2017.7.0" }, { "fixed": "2017.7.1" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "py33-salt" }, "ranges": [ { "events": [ { "fixed": "2016.11.7" }, { "introduced": "0" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "2017.7.0" }, { "fixed": "2017.7.1" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "py34-salt" }, "ranges": [ { "events": [ { "fixed": "2016.11.7" }, { "introduced": "0" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "2017.7.0" }, { "fixed": "2017.7.1" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "py35-salt" }, "ranges": [ { "events": [ { "fixed": "2016.11.7" }, { "introduced": "0" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "2017.7.0" }, { "fixed": "2017.7.1" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "py36-salt" }, "ranges": [ { "events": [ { "fixed": "2016.11.7" }, { "introduced": "0" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "2017.7.0" }, { "fixed": "2017.7.1" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://docs.saltstack.com/en/latest/topics/releases/2017.7.1.html" ], "discovery": "2017-08-16T00:00:00Z", "references": { "cvename": [ "CVE-2017-12791" ] }, "vid": "3531141d-a708-477c-954a-2a0549e49ca9" }, "details": "SaltStack reports:\n\n> Correct a flaw in minion id validation which could allow certain\n> minions to authenticate to a master despite not having the correct\n> credentials. To exploit the vulnerability, an attacker must create a\n> salt-minion with an ID containing characters that will cause a\n> directory traversal. Credit for discovering the security flaw goes to:\n> Vernhk@qq.com\n", "id": "FreeBSD-2017-0188", "modified": "2017-08-22T00:00:00Z", "published": "2017-08-22T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://docs.saltstack.com/en/latest/topics/releases/2017.7.1.html" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-12791" }, { "type": "WEB", "url": "https://docs.saltstack.com/en/latest/topics/releases/2017.7.1.html" }, { "type": "WEB", "url": "https://docs.saltstack.com/en/latest/topics/releases/2016.11.7.html" } ], "schema_version": "1.7.0", "summary": "salt -- Maliciously crafted minion IDs can cause unwanted directory traversals on the Salt-master" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "dnsdist" }, "ranges": [ { "events": [ { "fixed": "1.2.0" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://dnsdist.org/security-advisories/index.html" ], "discovery": "2017-08-21T00:00:00Z", "references": { "cvename": [ "CVE-2016-7069", "CVE-2017-7557" ] }, "vid": "198d82f3-8777-11e7-950a-e8e0b747a45a" }, "details": "PowerDNS Security Advisory reports:\n\n> The first issue can lead to a denial of service on 32-bit if a backend\n> sends crafted answers, and the second to an alteration of dnsdist\\'s\n> ACL if the API is enabled, writable and an authenticated user is\n> tricked into visiting a crafted website.\n", "id": "FreeBSD-2017-0187", "modified": "2017-08-22T00:00:00Z", "published": "2017-08-22T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://dnsdist.org/security-advisories/index.html" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2016-7069" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-7557" }, { "type": "WEB", "url": "https://dnsdist.org/security-advisories/index.html" } ], "schema_version": "1.7.0", "summary": "dnsdist -- multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "evince" }, "ranges": [ { "events": [ { "last_affected": "3.24.0" }, { "fixed": "3.24.0" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "evince-lite" }, "ranges": [ { "events": [ { "last_affected": "3.24.0" }, { "fixed": "3.24.0" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "atril" }, "ranges": [ { "events": [ { "fixed": "1.18.1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "1.19.0" }, { "fixed": "1.19.1" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "atril-lite" }, "ranges": [ { "events": [ { "fixed": "1.18.1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "1.19.0" }, { "fixed": "1.19.1" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://bugzilla.gnome.org/show_bug.cgi?id=784630" ], "discovery": "2017-07-06T00:00:00Z", "references": { "cvename": [ "CVE-2017-1000083" ] }, "vid": "01a197ca-67f1-11e7-a266-28924a333806" }, "details": "GNOME reports:\n\n> The comic book backend in evince 3.24.0 (and earlier) is vulnerable to\n> a command injection bug that can be used to execute arbitrary commands\n> when a CBT file is opened.\n>\n> The same vulnerability affects atril, the Evince fork.\n", "id": "FreeBSD-2017-0186", "modified": "2017-07-13T00:00:00Z", "published": "2017-07-13T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://bugzilla.gnome.org/show_bug.cgi?id=784630" }, { "type": "WEB", "url": "https://bugzilla.gnome.org/show_bug.cgi?id=784630" }, { "type": "WEB", "url": "https://github.com/mate-desktop/atril/issues/257" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-1000083" } ], "schema_version": "1.7.0", "summary": "evince and atril -- command injection vulnerability in CBT handler" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "squirrelmail" }, "ranges": [ { "events": [ { "fixed": "20170705" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "http://seclists.org/fulldisclosure/2017/Apr/81" ], "discovery": "2017-04-19T00:00:00Z", "vid": "e1de77e8-c45e-48d7-8866-5a6f943046de" }, "details": "SquirrelMail developers report:\n\n> SquirrelMail 1.4.22 (and other versions before 20170427_0200-SVN)\n> allows post-authentication remote code execution via a sendmail.cf\n> file that is mishandled in a popen call. It\\'s possible to exploit\n> this vulnerability to execute arbitrary shell commands on the remote\n> server.\n", "id": "FreeBSD-2017-0185", "modified": "2017-08-22T00:00:00Z", "published": "2017-08-22T00:00:00Z", "references": [ { "type": "REPORT", "url": "http://seclists.org/fulldisclosure/2017/Apr/81" }, { "type": "ADVISORY", "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7692" } ], "schema_version": "1.7.0", "summary": "SquirrelMail -- post-authentication remote code execution" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "pspp" }, "ranges": [ { "events": [ { "fixed": "1.0.1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://www.cvedetails.com/vulnerability-list/vendor_id-72/product_id-38732/year-2017/GNU-Pspp.html" ], "discovery": "2017-08-18T00:00:00Z", "references": { "cvename": [ "CVE-2017-10791", "CVE-2017-10792", "CVE-2017-12958", "CVE-2017-12959", "CVE-2017-12960", "CVE-2017-12961" ] }, "vid": "6876b163-8708-11e7-8568-e8e0b747a45a" }, "details": "CVE Details reports:\n\n> - There is an Integer overflow in the hash_int function of the libpspp\n> library in GNU PSPP 0.10.5-pre2 (CVE-2017-10791).\n> - There is a NULL Pointer Dereference in the function ll_insert() of\n> the libpspp library in GNU PSPP 0.10.5-pre2 (CVE-2017-10792).\n> - There is an illegal address access in the function output_hex() in\n> data/data-out.c of the libpspp library in GNU PSPP 0.11.0 that will\n> lead to remote denial of service (CVE-2017-12958).\n> - There is a reachable assertion abort in the function\n> dict_add_mrset() in data/dictionary.c of the libpspp library in GNU\n> PSPP 0.11.0 that will lead to a remote denial of service attack\n> (CVE-2017-12959).\n> - There is a reachable assertion abort in the function\n> dict_rename_var() in data/dictionary.c of the libpspp library in GNU\n> PSPP 0.11.0 that will lead to remote denial of service\n> (CVE-2017-12960).\n> - There is an assertion abort in the function parse_attributes() in\n> data/sys-file-reader.c of the libpspp library in GNU PSPP 0.11.0\n> that will lead to remote denial of service (CVE-2017-12961).\n", "id": "FreeBSD-2017-0184", "modified": "2017-08-30T00:00:00Z", "published": "2017-08-22T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://www.cvedetails.com/vulnerability-list/vendor_id-72/product_id-38732/year-2017/GNU-Pspp.html" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-10791" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-10792" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-12958" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-12959" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-12960" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-12961" }, { "type": "WEB", "url": "https://www.cvedetails.com/vulnerability-list/vendor_id-72/product_id-38732/year-2017/GNU-Pspp.html" } ], "schema_version": "1.7.0", "summary": "pspp -- multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "drupal8" }, "ranges": [ { "events": [ { "fixed": "8.3.7" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://www.drupal.org/SA-CORE-2017-004" ], "discovery": "2017-08-16T00:00:00Z", "references": { "cvename": [ "CVE-2017-6923", "CVE-2017-6924", "CVE-2017-6925" ] }, "vid": "473b6a9e-8493-11e7-b24b-6cf0497db129" }, "details": "Drupal Security Team:\n\n> CVE-2017-6923: Views - Access Bypass - Moderately Critical\n>\n> CVE-2017-6924: REST API can bypass comment approval - Access Bypass -\n> Moderately Critica\n>\n> CVE-2017-6925: Entity access bypass for entities that do not have\n> UUIDs or have protected revisions - Access Bypass - Critical\n", "id": "FreeBSD-2017-0183", "modified": "2017-08-19T00:00:00Z", "published": "2017-08-19T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://www.drupal.org/SA-CORE-2017-004" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-6923" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-6924" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-6925" } ], "schema_version": "1.7.0", "summary": "drupal -- Drupal Core - Multiple Vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "libsoup" }, "ranges": [ { "events": [ { "fixed": "2.52.2_1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "http://seclists.org/oss-sec/2017/q3/304" ], "discovery": "2017-08-17T00:00:00Z", "references": { "cvename": [ "CVE-2017-2885" ] }, "vid": "8e7bbddd-8338-11e7-867f-b499baebfeaf" }, "details": "Tobias Mueller reports:\n\n> libsoup is susceptible to a stack based buffer overflow attack when\n> using chunked encoding. Regardless of libsoup being used as a server\n> or client.\n", "id": "FreeBSD-2017-0182", "modified": "2017-08-20T00:00:00Z", "published": "2017-08-17T00:00:00Z", "references": [ { "type": "REPORT", "url": "http://seclists.org/oss-sec/2017/q3/304" }, { "type": "WEB", "url": "http://seclists.org/oss-sec/2017/q3/304" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-2885" } ], "schema_version": "1.7.0", "summary": "libsoup -- stack based buffer overflow" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "zabbix2-server" }, "ranges": [ { "events": [ { "last_affected": "2.0.20" }, { "fixed": "2.0.20" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "zabbix2-proxy" }, "ranges": [ { "events": [ { "last_affected": "2.0.20" }, { "fixed": "2.0.20" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "zabbix22-server" }, "ranges": [ { "events": [ { "fixed": "2.2.19" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "zabbix22-proxy" }, "ranges": [ { "events": [ { "fixed": "2.2.19" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "zabbix3-server" }, "ranges": [ { "events": [ { "fixed": "3.0.10" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "zabbix3-proxy" }, "ranges": [ { "events": [ { "fixed": "3.0.10" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "zabbix32-server" }, "ranges": [ { "events": [ { "fixed": "3.2.7" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "zabbix32-proxy" }, "ranges": [ { "events": [ { "fixed": "3.2.7" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2824" ], "discovery": "2017-07-05T00:00:00Z", "references": { "cvename": [ "CVE-2017-2824" ] }, "vid": "5df8bd95-8290-11e7-93af-005056925db4" }, "details": "mitre reports:\n\n> An exploitable code execution vulnerability exists in the trapper\n> command functionality of Zabbix Server 2.4.X. A specially crafted set\n> of packets can cause a command injection resulting in remote code\n> execution. An attacker can make requests from an active Zabbix Proxy\n> to trigger this vulnerability.\n", "id": "FreeBSD-2017-0181", "modified": "2017-08-16T00:00:00Z", "published": "2017-08-16T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2824" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-2824" }, { "type": "ADVISORY", "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2824" }, { "type": "WEB", "url": "https://support.zabbix.com/browse/ZBX-12349" } ], "schema_version": "1.7.0", "summary": "Zabbix -- Remote code execution" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "py27-supervisor" }, "ranges": [ { "events": [ { "fixed": "3.3.3,1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://github.com/Supervisor/supervisor/issues/964#issuecomment-317551606" ], "discovery": "2017-07-24T00:00:00Z", "references": { "cvename": [ "CVE-2017-11610" ] }, "vid": "c9460380-81e3-11e7-93af-005056925db4" }, "details": "mnaberez reports:\n\n> supervisord can be configured to run an HTTP server on a TCP socket\n> and/or a Unix domain socket. The HTTP server is how supervisorctl\n> communicates with supervisord. If an HTTP server has been enabled, it\n> will always serve both HTML pages and an XML-RPC interface. A\n> vulnerability has been found where an authenticated client can send a\n> malicious XML-RPC request to supervisord that will run arbitrary shell\n> commands on the server. The commands will be run as the same user as\n> supervisord. Depending on how supervisord has been configured, this\n> may be root.\n>\n> This vulnerability can only be exploited by an authenticated client or\n> if supervisord has been configured to run an HTTP server without\n> authentication. If authentication has not been enabled, supervisord\n> will log a message at the critical level every time it starts.\n", "id": "FreeBSD-2017-0180", "modified": "2017-08-15T00:00:00Z", "published": "2017-08-15T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://github.com/Supervisor/supervisor/issues/964#issuecomment-317551606" }, { "type": "WEB", "url": "http://supervisord.org/changes.html" }, { "type": "WEB", "url": "https://github.com/Supervisor/supervisor/issues/964#issuecomment-317551606" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-11610" } ], "schema_version": "1.7.0", "summary": "Supervisord -- An authenticated client can run arbitrary shell commands via malicious XML-RPC requests" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "freeradius3" }, "ranges": [ { "events": [ { "fixed": "3.0.15" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "http://freeradius.org/security/fuzzer-2017.html" ], "discovery": "2017-06-17T00:00:00Z", "vid": "79bbec7e-8141-11e7-b5af-a4badb2f4699" }, "details": "Guido Vranken reports:\n\n> Multiple vulnerabilities found via fuzzing: FR-GV-201 (v2,v3) Read /\n> write overflow in make_secret() FR-GV-202 (v2) Write overflow in\n> rad_coalesce() FR-GV-203 (v2) DHCP - Memory leak in decode_tlv()\n> FR-GV-204 (v2) DHCP - Memory leak in fr_dhcp_decode() FR-GV-205 (v2)\n> DHCP - Buffer over-read in fr_dhcp_decode_options() FR-GV-206 (v2,v3)\n> DHCP - Read overflow when decoding option 63 FR-GV-207 (v2)\n> Zero-length malloc in data2vp() FR-GV-301 (v3) Write overflow in\n> data2vp_wimax() FR-GV-302 (v3) Infinite loop and memory exhaustion\n> with \\'concat\\' attributes FR-GV-303 (v3) DHCP - Infinite read in\n> dhcp_attr2vp() FR-GV-304 (v3) DHCP - Buffer over-read in\n> fr_dhcp_decode_suboptions() FR-GV-305 (v3) Decode \\'signed\\'\n> attributes correctly FR-AD-001 (v2,v3) Use strncmp() instead of\n> memcmp() for string data FR-AD-002 (v3) String lifetime issues in\n> rlm_python FR-AD-003 (v3) Incorrect statement length passed into\n> sqlite3_prepare\n", "id": "FreeBSD-2017-0179", "modified": "2017-08-14T00:00:00Z", "published": "2017-08-14T00:00:00Z", "references": [ { "type": "REPORT", "url": "http://freeradius.org/security/fuzzer-2017.html" }, { "type": "WEB", "url": "http://freeradius.org/security/fuzzer-2017.html" } ], "schema_version": "1.7.0", "summary": "FreeRadius -- Multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "mercurial" }, "ranges": [ { "events": [ { "fixed": "4.3" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://www.mercurial-scm.org/wiki/WhatsNew#Mercurial_4.3_.2F_4.3.1_.282017-08-10.29" ], "discovery": "2017-08-10T00:00:00Z", "references": { "cvename": [ "CVE-2017-1000115", "CVE-2017-1000116" ] }, "vid": "1d33cdee-7f6b-11e7-a9b5-3debb10a6871" }, "details": "Mercurial Release Notes:\n\n> CVE-2017-1000115\n>\n> Mercurial\\'s symlink auditing was incomplete prior to 4.3, and could\n> be abused to write to files outside the repository.\n>\n> CVE-2017-1000116\n>\n> Mercurial was not sanitizing hostnames passed to ssh, allowing shell\n> injection attacks on clients by specifying a hostname starting with\n> -oProxyCommand. This is also present in Git (CVE-2017-1000117) and\n> Subversion (CVE-2017-9800), so please patch those tools as well if you\n> have them installed.\n", "id": "FreeBSD-2017-0178", "modified": "2017-08-12T00:00:00Z", "published": "2017-08-12T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://www.mercurial-scm.org/wiki/WhatsNew#Mercurial_4.3_.2F_4.3.1_.282017-08-10.29" }, { "type": "WEB", "url": "https://www.mercurial-scm.org/wiki/WhatsNew#Mercurial_4.3_.2F_4.3.1_.282017-08-10.29" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-1000115" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-1000116" } ], "schema_version": "1.7.0", "summary": "Mercurial -- multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "subversion" }, "ranges": [ { "events": [ { "introduced": "1.9.0" }, { "last_affected": "1.9.6" }, { "fixed": "1.9.6" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "subversion18" }, "ranges": [ { "events": [ { "introduced": "1.0.0" }, { "last_affected": "1.8.18" }, { "fixed": "1.8.18" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "subversion-static" }, "ranges": [ { "events": [ { "introduced": "1.0.0" }, { "last_affected": "1.8.18" }, { "fixed": "1.8.18" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "1.9.0" }, { "last_affected": "1.9.6" }, { "fixed": "1.9.6" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "http://subversion.apache.org/security/CVE-2017-9800-advisory.txt" ], "discovery": "2017-08-10T00:00:00Z", "vid": "6e80bd9b-7e9b-11e7-abfe-90e2baa3bafc" }, "details": "subversion team reports:\n\n> A Subversion client sometimes connects to URLs provided by the\n> repository. This happens in two primary cases: during \\'checkout\\',\n> \\'export\\', \\'update\\', and \\'switch\\', when the tree being downloaded\n> contains svn:externals properties; and when using \\'svnsync sync\\'\n> with one URL argument.\n>\n> A maliciously constructed svn+ssh:// URL would cause Subversion\n> clients to run an arbitrary shell command. Such a URL could be\n> generated by a malicious server, by a malicious user committing to a\n> honest server (to attack another user of that server\\'s repositories),\n> or by a proxy server.\n>\n> The vulnerability affects all clients, including those that use\n> file://, http://, and plain (untunneled) svn://.\n>\n> An exploit has been tested.\n", "id": "FreeBSD-2017-0177", "modified": "2017-08-11T00:00:00Z", "published": "2017-08-11T00:00:00Z", "references": [ { "type": "REPORT", "url": "http://subversion.apache.org/security/CVE-2017-9800-advisory.txt" }, { "type": "WEB", "url": "http://subversion.apache.org/security/CVE-2017-9800-advisory.txt" } ], "schema_version": "1.7.0", "summary": "subversion -- Arbitrary code execution vulnerability" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "gitlab" }, "ranges": [ { "events": [ { "introduced": "7.9.0" }, { "last_affected": "8.17.8" }, { "fixed": "8.17.8" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "9.0.0" }, { "last_affected": "9.0.12" }, { "fixed": "9.0.12" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "9.1.0" }, { "last_affected": "9.1.9" }, { "fixed": "9.1.9" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "9.2.0" }, { "last_affected": "9.2.9" }, { "fixed": "9.2.9" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "9.3.0" }, { "last_affected": "9.3.9" }, { "fixed": "9.3.9" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "9.4.0" }, { "last_affected": "9.4.3" }, { "fixed": "9.4.3" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://about.gitlab.com/2017/08/10/gitlab-9-dot-4-dot-4-released/" ], "discovery": "2017-08-10T00:00:00Z", "references": { "cvename": [ "CVE-2017-12426" ] }, "vid": "abcc5ad3-7e6a-11e7-93f7-d43d7e971a1b" }, "details": "GitLab reports:\n\n> # Remote Command Execution in git client\n>\n> An external code review performed by Recurity-Labs identified a remote\n> command execution vulnerability in git that could be exploited via the\n> \\\"Repo by URL\\\" import option in GitLab. The command line git client\n> was not properly escaping command line arguments in URLs using the SSH\n> protocol before invoking the SSH client. A specially crafted URL could\n> be used to execute arbitrary shell commands on the GitLab server.\\\n> To fully patch this vulnerability two fixes were needed. The Omnibus\n> versions of GitLab contain a patched git client. For source users who\n> may still be running an older version of git, GitLab now also blocks\n> import URLs containing invalid host and usernames.\\\n> This issue has been assigned CVE-2017-12426.\n>\n> # Improper sanitization of GitLab export files on import\n>\n> GitLab versions 8.13.3, 8.12.8, 8.11.10, 8.10.13, and 8.9.12 contained\n> a patch for a critical directory traversal vulnerability in the GitLab\n> export feature that could be exploited by including symlinks in the\n> export file and then re-importing it to a GitLab instance. This\n> vulnerability was patched by checking for and removing symlinks in\n> these files on import.\\\n> Recurity-Labs also determined that this fix did not properly remove\n> symlinks for hidden files. Though not as dangerous as the original\n> vulnerability hidden file symlinks could still be used to steal copies\n> of git repositories belonging to other users if the path to the git\n> repository was known by the attacker. An updated fix has been included\n> in these releases that properly removes all symlinks.\\\n> This import option was not made available to non-admin users until\n> GitLab 8.13.0.\n", "id": "FreeBSD-2017-0176", "modified": "2017-08-11T00:00:00Z", "published": "2017-08-11T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://about.gitlab.com/2017/08/10/gitlab-9-dot-4-dot-4-released/" }, { "type": "WEB", "url": "https://about.gitlab.com/2017/08/10/gitlab-9-dot-4-dot-4-released/" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-12426" } ], "schema_version": "1.7.0", "summary": "GitLab -- two vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "postgresql92-server" }, "ranges": [ { "events": [ { "introduced": "9.2.0" }, { "fixed": "9.2.22" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "postgresql93-server" }, "ranges": [ { "events": [ { "introduced": "9.3.0" }, { "fixed": "9.3.18" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "postgresql94-server" }, "ranges": [ { "events": [ { "introduced": "9.4.0" }, { "fixed": "9.4.13" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "postgresql95-server" }, "ranges": [ { "events": [ { "introduced": "9.5.0" }, { "fixed": "9.5.8" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "postgresql96-server" }, "ranges": [ { "events": [ { "introduced": "9.6.0" }, { "fixed": "9.6.4" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://www.postgresql.org/about/news/1772/" ], "discovery": "2017-08-10T00:00:00Z", "references": { "cvename": [ "CVE-2017-7546", "CVE-2017-7547", "CVE-2017-7548" ] }, "vid": "982872f1-7dd3-11e7-9736-6cc21735f730" }, "details": "The PostgreSQL project reports:\n\n> - CVE-2017-7546: Empty password accepted in some authentication\n> methods\n> - CVE-2017-7547: The \\\"pg_user_mappings\\\" catalog view discloses\n> passwords to users lacking server privileges\n> - CVE-2017-7548: lo_put() function ignores ACLs\n", "id": "FreeBSD-2017-0175", "modified": "2017-08-10T00:00:00Z", "published": "2017-08-10T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://www.postgresql.org/about/news/1772/" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-7546" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-7547" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-7548" } ], "schema_version": "1.7.0", "summary": "PostgreSQL vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "linux-flashplayer" }, "ranges": [ { "events": [ { "fixed": "26.0.0.151" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://helpx.adobe.com/security/products/flash-player/apsb17-23.html" ], "discovery": "2017-08-08T00:00:00Z", "references": { "cvename": [ "CVE-2017-3085", "CVE-2017-3106" ] }, "vid": "7e3d3e9a-7d8f-11e7-a02b-d43d7ef03aa6" }, "details": "Adobe reports:\n\n> - These updates resolve security bypass vulnerability that could lead\n> to information disclosure (CVE-2017-3085).\n> - These updates resolve type confusion vulnerability that could lead\n> to remote code execution (CVE-2017-3106).\n", "id": "FreeBSD-2017-0174", "modified": "2017-08-10T00:00:00Z", "published": "2017-08-10T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://helpx.adobe.com/security/products/flash-player/apsb17-23.html" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-3085" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-3106" }, { "type": "WEB", "url": "https://helpx.adobe.com/security/products/flash-player/apsb17-23.html" } ], "schema_version": "1.7.0", "summary": "Flash Player -- multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "curl" }, "ranges": [ { "events": [ { "fixed": "7.55.0" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://curl.haxx.se/docs/security.html" ], "discovery": "2017-08-09T00:00:00Z", "references": { "cvename": [ "CVE-2017-1000099", "CVE-2017-1000100", "CVE-2017-1000101" ] }, "vid": "69cfa386-7cd0-11e7-867f-b499baebfeaf" }, "details": "The cURL project reports:\n\n> - FILE buffer read out of bounds\n> - TFTP sends more than buffer size\n> - URL globbing out of bounds read\n", "id": "FreeBSD-2017-0173", "modified": "2017-08-09T00:00:00Z", "published": "2017-08-09T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://curl.haxx.se/docs/security.html" }, { "type": "WEB", "url": "https://curl.haxx.se/docs/security.html" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-1000099" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-1000100" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-1000101" } ], "schema_version": "1.7.0", "summary": "cURL -- multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "axis2" }, "ranges": [ { "events": [ { "fixed": "1.7.6" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "http://axis.apache.org/axis2/java/core/release-notes/1.7.6.html" ], "discovery": "2016-11-14T00:00:00Z", "references": { "cvename": [ "CVE-2016-1000031" ] }, "vid": "c1265e85-7c95-11e7-93af-005056925db4" }, "details": "Apache Axis2 reports:\n\n> The commons-fileupload dependency has been updated to a version that\n> fixes CVE-2016-1000031 (AXIS2-5853).\n", "id": "FreeBSD-2017-0172", "modified": "2017-08-09T00:00:00Z", "published": "2017-08-09T00:00:00Z", "references": [ { "type": "REPORT", "url": "http://axis.apache.org/axis2/java/core/release-notes/1.7.6.html" }, { "type": "WEB", "url": "http://axis.apache.org/axis2/java/core/release-notes/1.7.6.html" }, { "type": "WEB", "url": "https://issues.apache.org/jira/browse/AXIS2-5853" }, { "type": "WEB", "url": "https://issues.apache.org/jira/browse/FILEUPLOAD-279" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2016-1000031" } ], "schema_version": "1.7.0", "summary": "Axis2 -- Security vulnerability on dependency Apache Commons FileUpload" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "firefox" }, "ranges": [ { "events": [ { "fixed": "55.0,1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "seamonkey" }, "ranges": [ { "events": [ { "fixed": "2.49.1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "linux-seamonkey" }, "ranges": [ { "events": [ { "fixed": "2.49.1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "firefox-esr" }, "ranges": [ { "events": [ { "fixed": "52.3.0,1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "linux-firefox" }, "ranges": [ { "events": [ { "fixed": "52.3.0,2" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "libxul" }, "ranges": [ { "events": [ { "fixed": "52.3.0" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "thunderbird" }, "ranges": [ { "events": [ { "fixed": "52.3.0" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "linux-thunderbird" }, "ranges": [ { "events": [ { "fixed": "52.3.0" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://www.mozilla.org/en-US/security/advisories/mfsa2017-18/" ], "discovery": "2017-08-08T00:00:00Z", "references": { "cvename": [ "CVE-2017-7753", "CVE-2017-7779", "CVE-2017-7780", "CVE-2017-7781", "CVE-2017-7782", "CVE-2017-7783", "CVE-2017-7784", "CVE-2017-7785", "CVE-2017-7786", "CVE-2017-7787", "CVE-2017-7788", "CVE-2017-7789", "CVE-2017-7790", "CVE-2017-7791", "CVE-2017-7792", "CVE-2017-7794", "CVE-2017-7796", "CVE-2017-7797", "CVE-2017-7798", "CVE-2017-7799", "CVE-2017-7800", "CVE-2017-7801", "CVE-2017-7802", "CVE-2017-7803", "CVE-2017-7804", "CVE-2017-7806", "CVE-2017-7807", "CVE-2017-7808" ] }, "vid": "555b244e-6b20-4546-851f-d8eb7d6c1ffa" }, "details": "Mozilla Foundation reports:\n\n> Please reference CVE/URL list for details\n", "id": "FreeBSD-2017-0171", "modified": "2017-08-08T00:00:00Z", "published": "2017-08-08T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-18/" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-7753" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-7779" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-7780" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-7781" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-7782" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-7783" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-7784" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-7785" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-7786" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-7787" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-7788" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-7789" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-7790" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-7791" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-7792" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-7794" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-7796" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-7797" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-7798" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-7799" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-7800" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-7801" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-7802" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-7803" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-7804" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-7806" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-7807" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-7808" }, { "type": "WEB", "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-18/" } ], "schema_version": "1.7.0", "summary": "mozilla -- multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "sqlite3" }, "ranges": [ { "events": [ { "fixed": "3.20.0" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://bugs.launchpad.net/ubuntu/+source/sqlite3/+bug/1700937" ], "discovery": "2017-08-08T00:00:00Z", "references": { "cvename": [ "CVE-2017-10989" ] }, "vid": "9245681c-7c3c-11e7-b5af-a4badb2f4699" }, "details": "Google reports:\n\n> A heap-buffer overflow (sometimes a crash) can arise when running a\n> SQL request on malformed sqlite3 databases.\n", "id": "FreeBSD-2017-0170", "modified": "2017-09-19T00:00:00Z", "published": "2017-08-08T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://bugs.launchpad.net/ubuntu/+source/sqlite3/+bug/1700937" }, { "type": "WEB", "url": "https://bugs.launchpad.net/ubuntu/+source/sqlite3/+bug/1700937" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-10989" } ], "schema_version": "1.7.0", "summary": "sqlite3 -- heap-buffer overflow" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "varnish4" }, "ranges": [ { "events": [ { "introduced": "4.0.1" }, { "fixed": "4.0.5" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "4.1.0" }, { "fixed": "4.1.8" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "varnish5" }, "ranges": [ { "events": [ { "fixed": "5.0.1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "5.1.0" }, { "fixed": "5.1.3" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://varnish-cache.org/security/VSV00001.html" ], "discovery": "2017-08-02T00:00:00Z", "vid": "88a77ad8-77b1-11e7-b5af-a4badb2f4699" }, "details": "phk reports:\n\n> A wrong if statement in the varnishd source code means that particular\n> invalid requests from the client can trigger an assert.\n", "id": "FreeBSD-2017-0169", "modified": "2017-08-02T00:00:00Z", "published": "2017-08-02T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://varnish-cache.org/security/VSV00001.html" }, { "type": "WEB", "url": "https://varnish-cache.org/security/VSV00001.html" } ], "schema_version": "1.7.0", "summary": "Varnish -- Denial of service vulnerability" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "chromium" }, "ranges": [ { "events": [ { "fixed": "60.0.3112.78" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "chromium-pulse" }, "ranges": [ { "events": [ { "fixed": "60.0.3112.78" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://chromereleases.googleblog.com/2017/07/stable-channel-update-for-desktop.html" ], "discovery": "2017-07-25T00:00:00Z", "references": { "cvename": [ "CVE-2017-5091", "CVE-2017-5092", "CVE-2017-5093", "CVE-2017-5094", "CVE-2017-5095", "CVE-2017-5096", "CVE-2017-5097", "CVE-2017-5098", "CVE-2017-5099", "CVE-2017-5100", "CVE-2017-5101", "CVE-2017-5102", "CVE-2017-5103", "CVE-2017-5104", "CVE-2017-7000", "CVE-2017-5105", "CVE-2017-5106", "CVE-2017-5107", "CVE-2017-5108", "CVE-2017-5109", "CVE-2017-5110" ] }, "vid": "7d138476-7710-11e7-88a1-e8e0b747a45a" }, "details": "Google Chrome releases reports:\n\n> 40 security fixes in this release\n>\n> Please reference CVE/URL list for details\n", "id": "FreeBSD-2017-0168", "modified": "2017-08-01T00:00:00Z", "published": "2017-08-01T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://chromereleases.googleblog.com/2017/07/stable-channel-update-for-desktop.html" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-5091" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-5092" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-5093" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-5094" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-5095" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-5096" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-5097" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-5098" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-5099" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-5100" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-5101" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-5102" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-5103" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-5104" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-7000" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-5105" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-5106" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-5107" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-5108" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-5109" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-5110" }, { "type": "WEB", "url": "https://chromereleases.googleblog.com/2017/07/stable-channel-update-for-desktop.html" } ], "schema_version": "1.7.0", "summary": "chromium -- multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "cacti" }, "ranges": [ { "events": [ { "introduced": "1.1.13" }, { "last_affected": "1.1.13" }, { "fixed": "1.1.13" } ], "type": "ECOSYSTEM" } ], "versions": [ "1.1.13" ] } ], "database_specific": { "cite": [ "https://github.com/Cacti/cacti/issues/867" ], "discovery": "2017-07-20T00:00:00Z", "references": { "cvename": [ "CVE-2017-11691" ] }, "vid": "f86d0e5d-7467-11e7-93af-005056925db4" }, "details": "kimiizhang reports:\n\n> Cross-site scripting (XSS) vulnerability in auth_profile.php in Cacti\n> 1.1.13 allows remote authenticated users to inject arbitrary web\n> script or HTML via specially crafted HTTP Referer headers.\n", "id": "FreeBSD-2017-0167", "modified": "2017-07-29T00:00:00Z", "published": "2017-07-29T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://github.com/Cacti/cacti/issues/867" }, { "type": "WEB", "url": "https://github.com/Cacti/cacti/issues/867" }, { "type": "WEB", "url": "https://www.cacti.net/release_notes.php?version=1.1.14" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-11691" } ], "schema_version": "1.7.0", "summary": "Cacti -- Cross-site scripting (XSS) vulnerability in auth_profile.php" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "proftpd" }, "ranges": [ { "events": [ { "fixed": "1.3.5e" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://nvd.nist.gov/vuln/detail/CVE-2017-7418" ], "discovery": "2017-03-06T00:00:00Z", "references": { "cvename": [ "CVE-2017-7418" ] }, "vid": "770d7e91-72af-11e7-998a-08606e47f965" }, "details": "NVD reports:\n\n> ProFTPD \\... controls whether the home directory of a user could\n> contain a symbolic link through the AllowChrootSymlinks configuration\n> option, but checks only the last path component when enforcing\n> AllowChrootSymlinks. Attackers with local access could bypass the\n> AllowChrootSymlinks control by replacing a path component (other than\n> the last one) with a symbolic link.\n", "id": "FreeBSD-2017-0166", "modified": "2017-07-27T00:00:00Z", "published": "2017-07-27T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-7418" }, { "type": "WEB", "url": "http://bugs.proftpd.org/show_bug.cgi?id=4295" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-7418" } ], "schema_version": "1.7.0", "summary": "proftpd -- user chroot escape vulnerability" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "jabberd" }, "ranges": [ { "events": [ { "fixed": "2.6.1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "http://www.securityfocus.com/bid/99511/discuss" ], "discovery": "2017-07-03T00:00:00Z", "references": { "cvename": [ "CVE-2017-10807" ] }, "vid": "76d80b33-7211-11e7-998a-08606e47f965" }, "details": "SecurityFocus reports:\n\n> JabberD is prone to an authentication-bypass vulnerability. An\n> attacker can exploit this issue to bypass the authentication mechanism\n> and perform unauthorized actions. This may lead to further attacks.\n", "id": "FreeBSD-2017-0165", "modified": "2017-07-26T00:00:00Z", "published": "2017-07-26T00:00:00Z", "references": [ { "type": "REPORT", "url": "http://www.securityfocus.com/bid/99511/discuss" }, { "type": "WEB", "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=867032" }, { "type": "WEB", "url": "http://www.securityfocus.com/bid/99511" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-10807" } ], "schema_version": "1.7.0", "summary": "jabberd -- authentication bypass vulnerability" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "webkit2-gtk3" }, "ranges": [ { "events": [ { "fixed": "2.16.6" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://webkitgtk.org/security/WSA-2017-0006.html" ], "discovery": "2017-07-24T00:00:00Z", "references": { "cvename": [ "CVE-2017-7006", "CVE-2017-7011", "CVE-2017-7012", "CVE-2017-7018", "CVE-2017-7019", "CVE-2017-7020", "CVE-2017-7030", "CVE-2017-7034", "CVE-2017-7037", "CVE-2017-7038", "CVE-2017-7039", "CVE-2017-7040", "CVE-2017-7041", "CVE-2017-7042", "CVE-2017-7043", "CVE-2017-7046", "CVE-2017-7048", "CVE-2017-7049", "CVE-2017-7052", "CVE-2017-7055", "CVE-2017-7056", "CVE-2017-7059", "CVE-2017-7061", "CVE-2017-7064" ] }, "vid": "0f66b901-715c-11e7-ad1f-bcaec565249c" }, "details": "The Webkit gtk team reports:\n\n> Please reference CVE/URL list for details\n", "id": "FreeBSD-2017-0164", "modified": "2018-03-28T00:00:00Z", "published": "2017-07-25T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://webkitgtk.org/security/WSA-2017-0006.html" }, { "type": "WEB", "url": "https://webkitgtk.org/security/WSA-2017-0006.html" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-7006" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-7011" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-7012" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-7018" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-7019" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-7020" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-7030" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-7034" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-7037" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-7038" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-7039" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-7040" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-7041" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-7042" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-7043" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-7046" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-7048" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-7049" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-7052" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-7055" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-7056" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-7059" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-7061" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-7064" } ], "schema_version": "1.7.0", "summary": "webkit2-gtk3 -- multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "gsoap" }, "ranges": [ { "events": [ { "fixed": "2.8.47" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "http://www.securityfocus.com/bid/99868/discuss" ], "discovery": "2017-07-18T00:00:00Z", "references": { "cvename": [ "CVE-2017-9765" ] }, "vid": "8745c67e-7dd1-4165-96e2-fcf9da2dc5b5" }, "details": "Senrio reports:\n\n> Genivia gSOAP is prone to a stack-based buffer-overflow vulnerability\n> because it fails to properly bounds check user-supplied data before\n> copying it into an insufficiently sized buffer.\n>\n> A remote attacker may exploit this issue to execute arbitrary code in\n> the context of the affected device. Failed attempts will likely cause\n> a denial-of-service condition.\n", "id": "FreeBSD-2017-0163", "modified": "2017-07-25T00:00:00Z", "published": "2017-07-25T00:00:00Z", "references": [ { "type": "REPORT", "url": "http://www.securityfocus.com/bid/99868/discuss" }, { "type": "WEB", "url": "http://www.securityfocus.com/bid/99868/discuss" }, { "type": "WEB", "url": "http://blog.senr.io/blog/devils-ivy-flaw-in-widely-used-third-party-code-impacts-millions" }, { "type": "WEB", "url": "http://blog.senr.io/devilsivy.html" }, { "type": "WEB", "url": "https://www.genivia.com/advisory.html#Security_advisory:_CVE-2017-9765_bug_in_certain_versions_of_gSOAP_2.7_up_to_2.8.47_%28June_21,_2017%29" }, { "type": "WEB", "url": "https://www.genivia.com/changelog.html#Version_2.8.48_upd_%2806/21/2017%29" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-9765" } ], "schema_version": "1.7.0", "summary": "gsoap -- remote code execution via via overflow" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "gitlab" }, "ranges": [ { "events": [ { "introduced": "8.0.0" }, { "last_affected": "8.17.6" }, { "fixed": "8.17.6" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "9.0.0" }, { "last_affected": "9.0.10" }, { "fixed": "9.0.10" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "9.1.0" }, { "last_affected": "9.1.7" }, { "fixed": "9.1.7" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "9.2.0" }, { "last_affected": "9.2.7" }, { "fixed": "9.2.7" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "9.3.0" }, { "last_affected": "9.3.7" }, { "fixed": "9.3.7" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://about.gitlab.com/2017/07/19/gitlab-9-dot-3-dot-8-released/" ], "discovery": "2017-07-20T00:00:00Z", "references": { "cvename": [ "CVE-2017-11438" ] }, "vid": "92f4191a-6d25-11e7-93f7-d43d7e971a1b" }, "details": "GitLab reports:\n\n> Please reference CVE/URL list for details\n", "id": "FreeBSD-2017-0162", "modified": "2017-08-15T00:00:00Z", "published": "2017-07-20T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://about.gitlab.com/2017/07/19/gitlab-9-dot-3-dot-8-released/" }, { "type": "WEB", "url": "https://about.gitlab.com/2017/07/19/gitlab-9-dot-3-dot-8-released/" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-11438" } ], "schema_version": "1.7.0", "summary": "GitLab -- Various security issues" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "mariadb55-server" }, "ranges": [ { "events": [ { "fixed": "5.5.57" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "mariadb100-server" }, "ranges": [ { "events": [ { "fixed": "10.0.32" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "mariadb101-server" }, "ranges": [ { "events": [ { "fixed": "10.1.26" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "mariadb102-server" }, "ranges": [ { "events": [ { "fixed": "10.2.6" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "mysql55-server" }, "ranges": [ { "events": [ { "fixed": "5.5.57" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "mysql56-server" }, "ranges": [ { "events": [ { "fixed": "5.6.37" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "mysql57-server" }, "ranges": [ { "events": [ { "fixed": "5.7.19" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "percona55-server" }, "ranges": [ { "events": [ { "fixed": "5.5.57" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "percona56-server" }, "ranges": [ { "events": [ { "fixed": "5.6.37" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "percona57-server" }, "ranges": [ { "events": [ { "fixed": "5.7.19" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html#AppendixMSQL" ], "discovery": "2017-07-19T00:00:00Z", "references": { "cvename": [ "CVE-2017-3529", "CVE-2017-3633", "CVE-2017-3634", "CVE-2017-3635", "CVE-2017-3636", "CVE-2017-3637", "CVE-2017-3638", "CVE-2017-3639", "CVE-2017-3640", "CVE-2017-3641", "CVE-2017-3642", "CVE-2017-3643", "CVE-2017-3644", "CVE-2017-3645", "CVE-2017-3646", "CVE-2017-3647", "CVE-2017-3648", "CVE-2017-3649", "CVE-2017-3650", "CVE-2017-3651", "CVE-2017-3652", "CVE-2017-3653" ] }, "vid": "cda2f3c2-6c8b-11e7-867f-b499baebfeaf" }, "details": "Oracle reports:\n\n> Please reference CVE/URL list for details\n", "id": "FreeBSD-2017-0161", "modified": "2017-08-12T00:00:00Z", "published": "2017-07-19T00:00:00Z", "references": [ { "type": "REPORT", "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html#AppendixMSQL" }, { "type": "WEB", "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html#AppendixMSQL" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-3529" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-3633" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-3634" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-3635" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-3636" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-3637" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-3638" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-3639" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-3640" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-3641" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-3642" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-3643" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-3644" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-3645" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-3646" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-3647" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-3648" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-3649" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-3650" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-3651" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-3652" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-3653" } ], "schema_version": "1.7.0", "summary": "MySQL -- multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "collectd5" }, "ranges": [ { "events": [ { "fixed": "5.7.2" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://github.com/collectd/collectd/issues/2174" ], "discovery": "2017-02-13T00:00:00Z", "references": { "cvename": [ "CVE-2017-7401" ] }, "vid": "08a2df48-6c6a-11e7-9b01-2047478f2f70" }, "details": "marcinguy reports:\n\n> After sending this payload, collectd seems to be entering endless\n> while() loop in packet_parse consuming high CPU resources, possibly\n> crash/gets killed after a while.\n", "id": "FreeBSD-2017-0160", "modified": "2017-07-19T00:00:00Z", "published": "2017-07-19T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://github.com/collectd/collectd/issues/2174" }, { "type": "WEB", "url": "https://github.com/collectd/collectd/issues/2174" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-7401" } ], "schema_version": "1.7.0", "summary": "collectd5 -- Denial of service by sending a signed network packet to a server which is not set up to check signatures" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "strongswan" }, "ranges": [ { "events": [ { "introduced": "4.4.0" }, { "last_affected": "5.5.2" }, { "fixed": "5.5.2" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://www.strongswan.org/blog/2017/05/30/strongswan-5.5.3-released.html" ], "discovery": "2017-05-30T00:00:00Z", "references": { "cvename": [ "CVE-2017-9022", "CVE-2017-9023" ] }, "vid": "e6ccaf8a-6c63-11e7-9b01-2047478f2f70" }, "details": "strongSwan security team reports:\n\n> - RSA public keys passed to the gmp plugin aren\\'t validated\n> sufficiently before attempting signature verification, so that\n> invalid input might lead to a floating point exception.\n> \\[CVE-2017-9022\\]\n> - ASN.1 CHOICE types are not correctly handled by the ASN.1 parser\n> when parsing X.509 certificates with extensions that use such types.\n> This could lead to infinite looping of the thread parsing a\n> specifically crafted certificate.\n", "id": "FreeBSD-2017-0159", "modified": "2017-07-19T00:00:00Z", "published": "2017-07-19T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://www.strongswan.org/blog/2017/05/30/strongswan-5.5.3-released.html" }, { "type": "WEB", "url": "https://www.strongswan.org/blog/2017/05/30/strongswan-vulnerability-(cve-2017-9022).html" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-9022" }, { "type": "WEB", "url": "https://www.strongswan.org/blog/2017/05/30/strongswan-vulnerability-(cve-2017-9023).html" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-9023" } ], "schema_version": "1.7.0", "summary": "strongswan -- multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "cacti" }, "ranges": [ { "events": [ { "introduced": "1.0.0" }, { "fixed": "1.1.13" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://github.com/Cacti/cacti/issues/838" ], "discovery": "2017-07-05T00:00:00Z", "references": { "cvename": [ "CVE-2017-10970" ] }, "vid": "dc3c66e8-6a18-11e7-93af-005056925db4" }, "details": "kimiizhang reports:\n\n> Cross-site scripting (XSS) vulnerability in link.php in Cacti\\\n> 1.1.12 allows remote anonymous users to inject arbitrary web\\\n> script or HTML via the id parameter.\n", "id": "FreeBSD-2017-0158", "modified": "2017-07-17T00:00:00Z", "published": "2017-07-17T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://github.com/Cacti/cacti/issues/838" }, { "type": "WEB", "url": "https://github.com/Cacti/cacti/issues/838" }, { "type": "WEB", "url": "https://www.cacti.net/release_notes.php?version=1.1.13" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-10970" } ], "schema_version": "1.7.0", "summary": "Cacti -- Cross-site scripting (XSS) vulnerability in link.php" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "apache24" }, "ranges": [ { "events": [ { "fixed": "2.4.27" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://httpd.apache.org/security/vulnerabilities_24.html" ], "discovery": "2017-07-11T00:00:00Z", "references": { "cvename": [ "CVE-2017-9789", "CVE-2017-9788" ] }, "vid": "457ce015-67fa-11e7-867f-b499baebfeaf" }, "details": "The Apache httpd project reports:\n\n> important: Read after free in mod_http2 (CVE-2017-9789)\\\n> When under stress, closing many connections, the HTTP/2 handling code\n> would sometimes access memory after it has been freed, resulting in\n> potentially erratic behaviour.\n>\n> important: Uninitialized memory reflection in mod_auth_digest\n> (CVE-2017-9788)\\\n> The value placeholder in \\[Proxy-\\]Authorization headers of type\n> \\'Digest\\' was not initialized or reset before or between successive\n> key=value assignments. by mod_auth_digest.\\\n> Providing an initial key with no \\'=\\' assignment could reflect the\n> stale value of uninitialized pool memory used by the prior request,\n> leading to leakage of potentially confidential information, and a\n> segfault.\n", "id": "FreeBSD-2017-0157", "modified": "2017-07-13T00:00:00Z", "published": "2017-07-13T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://httpd.apache.org/security/vulnerabilities_24.html" }, { "type": "WEB", "url": "https://httpd.apache.org/security/vulnerabilities_24.html" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-9789" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-9788" } ], "schema_version": "1.7.0", "summary": "Apache httpd -- multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "linux-flashplayer" }, "ranges": [ { "events": [ { "fixed": "26.0.0.137" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://helpx.adobe.com/security/products/flash-player/apsb17-21.html" ], "discovery": "2017-07-11T00:00:00Z", "references": { "cvename": [ "CVE-2017-3080", "CVE-2017-3099", "CVE-2017-3100" ] }, "vid": "a03e043a-67f1-11e7-beff-6451062f0f7a" }, "details": "Adobe reports:\n\n> - These updates resolve security bypass vulnerability that could lead\n> to information disclosure (CVE-2017-3080).\n> - These updates resolve memory corruption vulnerability that could\n> lead to remote code execution (CVE-2017-3099).\n> - These updates resolve memory corruption vulnerability that could\n> lead to memory address disclosure (CVE-2017-3100).\n", "id": "FreeBSD-2017-0156", "modified": "2017-07-13T00:00:00Z", "published": "2017-07-13T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://helpx.adobe.com/security/products/flash-player/apsb17-21.html" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-3080" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-3099" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-3100" }, { "type": "WEB", "url": "https://helpx.adobe.com/security/products/flash-player/apsb17-21.html" } ], "schema_version": "1.7.0", "summary": "Flash Player -- multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "samba42" }, "ranges": [ { "events": [ { "fixed": "4.2.15" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "samba43" }, "ranges": [ { "events": [ { "fixed": "4.3.14" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "samba44" }, "ranges": [ { "events": [ { "fixed": "4.4.15" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "samba45" }, "ranges": [ { "events": [ { "fixed": "4.5.12" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "samba46" }, "ranges": [ { "events": [ { "fixed": "4.6.6" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://www.samba.org/samba/security/CVE-2017-11103.html" ], "discovery": "2017-07-12T00:00:00Z", "references": { "cvename": [ "CVE-2017-11103" ] }, "vid": "85851e4f-67d9-11e7-bc37-00505689d4ae" }, "details": "The samba project reports:\n\n> A MITM attacker may impersonate a trusted server and thus gain\n> elevated access to the domain by returning malicious replication or\n> authorization data.\n", "id": "FreeBSD-2017-0155", "modified": "2017-07-12T00:00:00Z", "published": "2017-07-12T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://www.samba.org/samba/security/CVE-2017-11103.html" }, { "type": "WEB", "url": "https://www.samba.org/samba/security/CVE-2017-11103.html" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-11103" } ], "schema_version": "1.7.0", "summary": "samba -- Orpheus Lyre mutual authentication validation bypass" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "node" }, "ranges": [ { "events": [ { "fixed": "8.1.4" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "node4" }, "ranges": [ { "events": [ { "fixed": "4.8.4" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "node6" }, "ranges": [ { "events": [ { "fixed": "6.11.1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://nodejs.org/en/blog/vulnerability/july-2017-security-releases/" ], "discovery": "2017-06-27T00:00:00Z", "vid": "3eff66c5-66c9-11e7-aa1d-3d2e663cef42" }, "details": "Updates are now available for all active Node.js release lines as well\nas the 7.x line. These include the fix for the high severity\nvulnerability identified in the initial announcement, one additional\nlower priority Node.js vulnerability in the 4.x release line, as well as\nsome lower priority fixes for Node.js dependencies across the current\nrelease lines.\n\n> ## Constant Hashtable Seeds (CVE pending)\n>\n> Node.js was susceptible to hash flooding remote DoS attacks as the\n> HashTable seed was constant across a given released version of\n> Node.js. This was a result of building with V8 snapshots enabled by\n> default which caused the initially randomized seed to be overwritten\n> on startup. Thanks to Jann Horn of Google Project Zero for reporting\n> this vulnerability.\n>\n> This is a high severity vulnerability and applies to all active\n> release lines (4.x, 6.x, 8.x) as well as the 7.x line.\n>\n> ## http.get with numeric authorization options creates uninitialized buffers\n>\n> Application code that allows the auth field of the options object used\n> with http.get() to be set to a number can result in an uninitialized\n> buffer being created/used as the authentication string.\n>\n> This is a low severity defect and only applies to the 4.x release\n> line.\n", "id": "FreeBSD-2017-0154", "modified": "2017-07-12T00:00:00Z", "published": "2017-07-12T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://nodejs.org/en/blog/vulnerability/july-2017-security-releases/" }, { "type": "WEB", "url": "https://nodejs.org/en/blog/vulnerability/july-2017-security-releases/" } ], "schema_version": "1.7.0", "summary": "node.js -- multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "nginx" }, "ranges": [ { "events": [ { "introduced": "0.5.6" }, { "fixed": "1.12.1,2" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "nginx-devel" }, "ranges": [ { "events": [ { "introduced": "0.5.6" }, { "fixed": "1.13.3" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "http://mailman.nginx.org/pipermail/nginx-announce/2017/000200.html" ], "discovery": "2017-07-11T00:00:00Z", "references": { "cvename": [ "CVE-2017-7529" ] }, "vid": "b28adc5b-6693-11e7-ad43-f0def16c5c1b" }, "details": "Maxim Dounin reports:\n\n> A security issue was identified in nginx range filter. A specially\n> crafted request might result in an integer overflow and incorrect\n> processing of ranges, potentially resulting in sensitive information\n> leak (CVE-2017-7529).\n", "id": "FreeBSD-2017-0153", "modified": "2017-07-11T00:00:00Z", "published": "2017-07-11T00:00:00Z", "references": [ { "type": "REPORT", "url": "http://mailman.nginx.org/pipermail/nginx-announce/2017/000200.html" }, { "type": "WEB", "url": "http://mailman.nginx.org/pipermail/nginx-announce/2017/000200.html" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-7529" } ], "schema_version": "1.7.0", "summary": "nginx -- a specially crafted request might result in an integer overflow" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "codeigniter" }, "ranges": [ { "events": [ { "fixed": "3.1.5" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://www.codeigniter.com/user_guide/changelog.html" ], "discovery": "2017-06-19T00:00:00Z", "vid": "aaedf196-6436-11e7-8b49-002590263bf5" }, "details": "The CodeIgniter changelog reports:\n\n> Form Validation Library rule valid_email could be bypassed if\n> idn_to_ascii() is available.\n", "id": "FreeBSD-2017-0152", "modified": "2017-07-08T00:00:00Z", "published": "2017-07-08T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://www.codeigniter.com/user_guide/changelog.html" }, { "type": "WEB", "url": "https://www.codeigniter.com/user_guide/changelog.html" } ], "schema_version": "1.7.0", "summary": "codeigniter -- input validation bypass" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "irssi" }, "ranges": [ { "events": [ { "fixed": "1.0.4,1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://irssi.org/security/irssi_sa_2017_07.txt" ], "discovery": "2017-07-05T00:00:00Z", "references": { "cvename": [ "CVE-2017-10965", "CVE-2017-10966" ], "freebsdpr": [ "ports/220544" ] }, "vid": "31001c6b-63e7-11e7-85aa-a4badb2f4699" }, "details": "irssi reports:\n\n> When receiving messages with invalid time stamps, Irssi would try to\n> dereference a NULL pointer.\n>\n> While updating the internal nick list, Irssi may incorrectly use the\n> GHashTable interface and free the nick while updating it. This will\n> then result in use-after-free conditions on each access of the hash\n> table.\n", "id": "FreeBSD-2017-0151", "modified": "2017-07-08T00:00:00Z", "published": "2017-07-08T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://irssi.org/security/irssi_sa_2017_07.txt" }, { "type": "WEB", "url": "https://irssi.org/security/irssi_sa_2017_07.txt" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-10965" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-10966" }, { "type": "REPORT", "url": "https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=220544" } ], "schema_version": "1.7.0", "summary": "irssi -- multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "libevhtp" }, "ranges": [ { "events": [ { "fixed": "1.2.14" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "oniguruma4" }, "ranges": [ { "events": [ { "fixed": "4.7.2" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "oniguruma5" }, "ranges": [ { "events": [ { "fixed": "5.9.7" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "oniguruma6" }, "ranges": [ { "events": [ { "fixed": "6.4.0" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "php56-mbstring" }, "ranges": [ { "events": [ { "fixed": "5.6.31" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "php70-mbstring" }, "ranges": [ { "events": [ { "fixed": "7.0.21" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "php71-mbstring" }, "ranges": [ { "events": [ { "fixed": "7.1.7" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "http://php.net/ChangeLog-7.php" ], "discovery": "2017-07-06T00:00:00Z", "references": { "cvename": [ "CVE-2017-9224", "CVE-2017-9226", "CVE-2017-9227", "CVE-2017-9228", "CVE-2017-9228" ] }, "vid": "b396cf6c-62e6-11e7-9def-b499baebfeaf" }, "details": "the PHP project reports:\n\n> - A stack out-of-bounds read occurs in match_at() during regular\n> expression searching. A logical error involving order of validation\n> and access in match_at() could result in an out-of-bounds read from\n> a stack buffer (CVE-2017-9224).\n> - A heap out-of-bounds write or read occurs in next_state_val() during\n> regular expression compilation. Octal numbers larger than 0xff are\n> not handled correctly in fetch_token() and fetch_token_in_cc(). A\n> malformed regular expression containing an octal number in the form\n> of \\'\\\\700\\' would produce an invalid code point value larger than\n> 0xff in next_state_val(), resulting in an out-of-bounds write memory\n> corruption (CVE-2017-9226).\n> - A stack out-of-bounds read occurs in mbc_enc_len() during regular\n> expression searching. Invalid handling of reg-\\>dmin in\n> forward_search_range() could result in an invalid pointer\n> dereference, as an out-of-bounds read from a stack buffer\n> (CVE-2017-9227).\n> - A heap out-of-bounds write occurs in bitset_set_range() during\n> regular expression compilation due to an uninitialized variable from\n> an incorrect state transition. An incorrect state transition in\n> parse_char_class() could create an execution path that leaves a\n> critical local variable uninitialized until it\\'s used as an index,\n> resulting in an out-of-bounds write memory corruption\n> (CVE-2017-9228).\n> - A SIGSEGV occurs in left_adjust_char_head() during regular\n> expression compilation. Invalid handling of reg-\\>dmax in\n> forward_search_range() could result in an invalid pointer\n> dereference, normally as an immediate denial-of-service condition\n> (CVE-2017-9228).\n", "id": "FreeBSD-2017-0150", "modified": "2018-01-04T00:00:00Z", "published": "2017-07-07T00:00:00Z", "references": [ { "type": "REPORT", "url": "http://php.net/ChangeLog-7.php" }, { "type": "WEB", "url": "http://php.net/ChangeLog-7.php" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-9224" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-9226" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-9227" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-9228" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-9228" } ], "schema_version": "1.7.0", "summary": "oniguruma -- multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "drupal7" }, "ranges": [ { "events": [ { "fixed": "7.56" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "drupal8" }, "ranges": [ { "events": [ { "fixed": "8.3.4" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://www.drupal.org/SA-CORE-2017-003" ], "discovery": "2017-06-21T00:00:00Z", "references": { "cvename": [ "CVE-2017-6920", "CVE-2017-6921", "CVE-2017-6922" ] }, "vid": "4fc2df49-6279-11e7-be0f-6cf0497db129" }, "details": "Drupal Security Team Reports:\n\n> CVE-2017-6920: PECL YAML parser unsafe object handling.\n>\n> CVE-2017-6921: File REST resource does not properly validate\n>\n> CVE-2017-6922: Files uploaded by anonymous users into a private file\n> system can be accessed by other anonymous users.\n", "id": "FreeBSD-2017-0149", "modified": "2017-07-06T00:00:00Z", "published": "2017-07-06T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://www.drupal.org/SA-CORE-2017-003" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-6920" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-6921" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-6922" } ], "schema_version": "1.7.0", "summary": "drupal -- Drupal Core - Multiple Vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "dropbear" }, "ranges": [ { "events": [ { "fixed": "2017.75" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://matt.ucc.asn.au/dropbear/CHANGES" ], "discovery": "2017-05-18T00:00:00Z", "references": { "cvename": [ "CVE-2017-9078", "CVE-2017-9079" ] }, "vid": "60931f98-55a7-11e7-8514-589cfc0654e1" }, "details": "Matt Johnston reports:\n\n> Fix double-free in server TCP listener cleanup A double-free in the\n> server could be triggered by an authenticated user if dropbear is\n> running with -a (Allow connections to forwarded ports from any host)\n> This could potentially allow arbitrary code execution as root by an\n> authenticated user.\n>\n> Fix information disclosure with \\~/.ssh/authorized_keys symlink.\n> Dropbear parsed authorized_keys as root, even if it were a symlink.\n> The fix is to switch to user permissions when opening authorized_keys.\n", "id": "FreeBSD-2017-0148", "modified": "2017-07-03T00:00:00Z", "published": "2017-07-03T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://matt.ucc.asn.au/dropbear/CHANGES" }, { "type": "WEB", "url": "https://matt.ucc.asn.au/dropbear/CHANGES" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-9078" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-9079" } ], "schema_version": "1.7.0", "summary": "Dropbear -- two vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "smarty3" }, "ranges": [ { "events": [ { "fixed": "3.1.30" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://github.com/smarty-php/smarty/blob/v3.1.30/change_log.txt" ], "discovery": "2016-07-19T00:00:00Z", "vid": "6e4e35c3-5fd1-11e7-9def-b499baebfeaf" }, "details": "The smarty project reports:\n\n> bugfix {math} shell injection vulnerability\n", "id": "FreeBSD-2017-0147", "modified": "2017-07-03T00:00:00Z", "published": "2017-07-03T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://github.com/smarty-php/smarty/blob/v3.1.30/change_log.txt" }, { "type": "WEB", "url": "https://github.com/smarty-php/smarty/blob/v3.1.30/change_log.txt" } ], "schema_version": "1.7.0", "summary": "smarty3 -- shell injection in math" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "libgcrypt" }, "ranges": [ { "events": [ { "fixed": "1.7.8" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://lists.gnupg.org/pipermail/gnupg-announce/2017q2/000408.html" ], "discovery": "2017-06-29T00:00:00Z", "references": { "cvename": [ "CVE-2017-7526" ] }, "vid": "ed3bf433-5d92-11e7-aa14-e8e0b747a45a" }, "details": "GnuPG reports:\n\n> Mitigate a flush+reload side-channel attack on RSA secret keys dubbed\n> \\\"Sliding right into disaster\\\".\n", "id": "FreeBSD-2017-0146", "modified": "2017-06-30T00:00:00Z", "published": "2017-06-30T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://lists.gnupg.org/pipermail/gnupg-announce/2017q2/000408.html" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-7526" }, { "type": "WEB", "url": "https://lists.gnupg.org/pipermail/gnupg-announce/2017q2/000408.html" } ], "schema_version": "1.7.0", "summary": "libgcrypt -- side-channel attack on RSA secret keys" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "gitlab" }, "ranges": [ { "events": [ { "introduced": "4.0.0" }, { "last_affected": "9.0.9" }, { "fixed": "9.0.9" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "9.1.0" }, { "last_affected": "9.1.6" }, { "fixed": "9.1.6" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "9.2.0" }, { "last_affected": "9.2.4" }, { "fixed": "9.2.4" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://about.gitlab.com/2017/06/07/gitlab-9-dot-2-dot-5-security-release/" ], "discovery": "2017-06-07T00:00:00Z", "vid": "85ebfa0c-5d8d-11e7-93f7-d43d7e971a1b" }, "details": "GitLab reports:\n\n> Please reference CVE/URL list for details\n", "id": "FreeBSD-2017-0145", "modified": "2017-06-30T00:00:00Z", "published": "2017-06-30T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://about.gitlab.com/2017/06/07/gitlab-9-dot-2-dot-5-security-release/" }, { "type": "WEB", "url": "https://about.gitlab.com/2017/06/07/gitlab-9-dot-2-dot-5-security-release/" } ], "schema_version": "1.7.0", "summary": "GitLab -- Various security issues" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "tor" }, "ranges": [ { "events": [ { "fixed": "0.3.0.9" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "tor-devel" }, "ranges": [ { "events": [ { "fixed": "0.3.1.4.a" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://lists.torproject.org/pipermail/tor-announce/2017-June/000133.html" ], "discovery": "2017-06-29T00:00:00Z", "references": { "cvename": [ "CVE-2017-0377" ] }, "vid": "0b9f4b5e-5d82-11e7-85df-14dae9d5a9d2" }, "details": "The Tor Project reports:\n\n> Tor 0.3.0.9 fixes a path selection bug that would allow a client to\n> use a guard that was in the same network family as a chosen exit\n> relay. This is a security regression; all clients running earlier\n> versions of 0.3.0.x or 0.3.1.x should upgrade to 0.3.0.9 or\n> 0.3.1.4-alpha.\n", "id": "FreeBSD-2017-0144", "modified": "2017-06-30T00:00:00Z", "published": "2017-06-30T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://lists.torproject.org/pipermail/tor-announce/2017-June/000133.html" }, { "type": "WEB", "url": "https://blog.torproject.org/blog/tor-0309-released-security-update-clients" }, { "type": "WEB", "url": "https://blog.torproject.org/blog/tor-0314-alpha-released-security-update-clients" }, { "type": "WEB", "url": "https://lists.torproject.org/pipermail/tor-announce/2017-June/000133.html" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-0377" } ], "schema_version": "1.7.0", "summary": "tor -- security regression" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "exim" }, "ranges": [ { "events": [ { "fixed": "4.89_1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://www.qualys.com/2017/06/19/stack-clash/stack-clash.txt" ], "discovery": "2017-06-19T00:00:00Z", "vid": "8c1a271d-56cf-11e7-b9fe-c13eb7bcbf4f" }, "details": "Qualsys reports:\n\n> Exim supports the use of multiple \\\"-p\\\" command line arguments which\n> are malloc()\\'ed and never free()\\'ed, used in conjunction with other\n> issues allows attackers to cause arbitrary code execution. This\n> affects exim version 4.89 and earlier. Please note that at this time\n> upstream has released a patch (commit\n> 65e061b76867a9ea7aeeb535341b790b90ae6c21), but it is not known if a\n> new point release is available that addresses this issue at this time.\n", "id": "FreeBSD-2017-0143", "modified": "2017-06-21T00:00:00Z", "published": "2017-06-21T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://www.qualys.com/2017/06/19/stack-clash/stack-clash.txt" }, { "type": "ADVISORY", "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-1000369" } ], "schema_version": "1.7.0", "summary": "exim -- Privilege escalation via multiple memory leaks" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "pear-Horde_Image" }, "ranges": [ { "events": [ { "introduced": "2.3.0,1" }, { "fixed": "2.5.0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://lists.horde.org/archives/announce/2017/001234.html" ], "discovery": "2017-06-21T00:00:00Z", "references": { "cvename": [ "CVE-2017-9773" ] }, "vid": "00e4050b-56c1-11e7-8e66-08606e46faad" }, "details": "Michael J Rubinsky reports:\n\n> The second vulnerability (CVE-2017-9773) is a DOS vulnerability. This\n> only affects Horde installations that do not have a configured image\n> handling backend, and thus use the \\\"Null\\\" image driver. It is\n> exploitable by a logged in user clicking on a maliciously crafted URL.\n", "id": "FreeBSD-2017-0142", "modified": "2017-06-21T00:00:00Z", "published": "2017-06-21T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://lists.horde.org/archives/announce/2017/001234.html" }, { "type": "WEB", "url": "https://lists.horde.org/archives/announce/2017/001234.html" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-9773" } ], "schema_version": "1.7.0", "summary": "pear-Horde_Image -- DoS vulnerability" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "pear-Horde_Image" }, "ranges": [ { "events": [ { "introduced": "2.0.0" }, { "fixed": "2.5.0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://lists.horde.org/archives/announce/2017/001234.html" ], "discovery": "2017-06-21T00:00:00Z", "references": { "cvename": [ "CVE-2017-9774" ] }, "vid": "a7003121-56bf-11e7-8e66-08606e46faad" }, "details": "Michael J Rubinsky reports:\n\n> The fist vulnerability (CVE-2017-9774) is a Remote Code Execution\n> vulnerability and is exploitable by a logged in user sending a\n> maliciously crafted GET request to the Horde server.\n", "id": "FreeBSD-2017-0141", "modified": "2017-06-21T00:00:00Z", "published": "2017-06-21T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://lists.horde.org/archives/announce/2017/001234.html" }, { "type": "WEB", "url": "https://lists.horde.org/archives/announce/2017/001234.html" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-9774" } ], "schema_version": "1.7.0", "summary": "pear-Horde_Image -- remote code execution vulnerability" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "openvpn" }, "ranges": [ { "events": [ { "fixed": "2.3.17" }, { "introduced": "0" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "2.4.0" }, { "fixed": "2.4.3" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "openvpn-mbedtls" }, "ranges": [ { "events": [ { "fixed": "2.4.3" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "openvpn-polarssl" }, "ranges": [ { "events": [ { "fixed": "2.3.17" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://community.openvpn.net/openvpn/wiki/VulnerabilitiesFixedInOpenVPN243" ], "discovery": "2017-05-19T00:00:00Z", "references": { "cvename": [ "CVE-2017-7508", "CVE-2017-7512", "CVE-2017-7520", "CVE-2017-7521", "CVE-2017-7522" ] }, "vid": "9f65d382-56a4-11e7-83e3-080027ef73ec" }, "details": "Samuli Sepp\u00e4nen reports:\n\n> In May/June 2017 Guido Vranken threw a fuzzer at OpenVPN 2.4.2. In the\n> process he found several vulnerabilities and reported them to the\n> OpenVPN project. \\[\\...\\] The first releases to have these fixes are\n> OpenVPN 2.4.3 and 2.3.17.\n>\n> This is a list of fixed important vulnerabilities:\n>\n> - Remotely-triggerable ASSERT() on malformed IPv6 packet\n> - Pre-authentication remote crash/information disclosure for clients\n> - Potential double-free in \\--x509-alt-username\n> - Remote-triggerable memory leaks\n> - Post-authentication remote DoS when using the \\--x509-track option\n> - Null-pointer dereference in establish_http_proxy_passthru()\n", "id": "FreeBSD-2017-0140", "modified": "2017-06-21T00:00:00Z", "published": "2017-06-21T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://community.openvpn.net/openvpn/wiki/VulnerabilitiesFixedInOpenVPN243" }, { "type": "WEB", "url": "https://community.openvpn.net/openvpn/wiki/VulnerabilitiesFixedInOpenVPN243" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-7508" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-7512" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-7520" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-7521" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-7522" } ], "schema_version": "1.7.0", "summary": "OpenVPN -- several vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "apache22" }, "ranges": [ { "events": [ { "fixed": "2.2.33" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "apache24" }, "ranges": [ { "events": [ { "fixed": "2.4.26" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "http://httpd.apache.org/security/vulnerabilities_24.html" ], "discovery": "2017-06-20T00:00:00Z", "references": { "cvename": [ "CVE-2017-3167", "CVE-2017-3169", "CVE-2017-7659", "CVE-2017-7668", "CVE-2017-7679" ] }, "vid": "0c2db2aa-5584-11e7-9a7d-b499baebfeaf" }, "details": "The Apache httpd project reports:\n\n> - ap_get_basic_auth_pw() Authentication Bypass (CVE-2017-3167):\\\n> Use of the ap_get_basic_auth_pw() by third-party modules outside of\n> the authentication phase may lead to authentication requirements\n> being bypassed.\n> - mod_ssl Null Pointer Dereference (CVE-2017-3169):\\\n> mod_ssl may dereference a NULL pointer when third-party modules call\n> ap_hook_process_connection() during an HTTP request to an HTTPS\n> port.\n> - mod_http2 Null Pointer Dereference (CVE-2017-7659):\\\n> A maliciously constructed HTTP/2 request could cause mod_http2 to\n> dereference a NULL pointer and crash the server process.\n> - ap_find_token() Buffer Overread (CVE-2017-7668):\\\n> The HTTP strict parsing changes added in 2.2.32 and 2.4.24\n> introduced a bug in token list parsing, which allows ap_find_token()\n> to search past the end of its input string. By maliciously crafting\n> a sequence of request headers, an attacker may be able to cause a\n> segmentation fault, or to force ap_find_token() to return an\n> incorrect value.\n> - mod_mime Buffer Overread (CVE-2017-7679):\\\n> mod_mime can read one byte past the end of a buffer when sending a\n> malicious Content-Type response header.\n", "id": "FreeBSD-2017-0139", "modified": "2017-06-20T00:00:00Z", "published": "2017-06-20T00:00:00Z", "references": [ { "type": "REPORT", "url": "http://httpd.apache.org/security/vulnerabilities_24.html" }, { "type": "WEB", "url": "https://httpd.apache.org/security/vulnerabilities_24.html" }, { "type": "WEB", "url": "https://httpd.apache.org/security/vulnerabilities_22.html" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-3167" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-3169" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-7659" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-7668" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-7679" } ], "schema_version": "1.7.0", "summary": "Apache httpd -- several vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "chromium" }, "ranges": [ { "events": [ { "fixed": "59.0.3071.104" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "chromium-pulse" }, "ranges": [ { "events": [ { "fixed": "59.0.3071.104" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://chromereleases.googleblog.com/2017/06/stable-channel-update-for-desktop_15.html" ], "discovery": "2017-06-15T00:00:00Z", "references": { "cvename": [ "CVE-2017-5087", "CVE-2017-5088", "CVE-2017-5089" ] }, "vid": "f53dd5cc-527f-11e7-a772-e8e0b747a45a" }, "details": "Google Chrome releases reports:\n\n> 5 security fixes in this release, including:\n>\n> - \\[725032\\] High CVE-2017-5087: Sandbox Escape in IndexedDB. Reported\n> by Ned Williamson on 2017-05-22\n> - \\[729991\\] High CVE-2017-5088: Out of bounds read in V8. Reported by\n> Xiling Gong of Tencent Security Platform Department on 2017-06-06\n> - \\[714196\\] Medium CVE-2017-5089: Domain spoofing in Omnibox.\n> Reported by Michal Bentkowski on 2017-04-21\n> - \\[732498\\] Various fixes from internal audits, fuzzing and other\n> initiatives\n", "id": "FreeBSD-2017-0138", "modified": "2017-06-16T00:00:00Z", "published": "2017-06-16T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://chromereleases.googleblog.com/2017/06/stable-channel-update-for-desktop_15.html" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-5087" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-5088" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-5089" }, { "type": "WEB", "url": "https://chromereleases.googleblog.com/2017/06/stable-channel-update-for-desktop_15.html" } ], "schema_version": "1.7.0", "summary": "chromium -- multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "curl" }, "ranges": [ { "events": [ { "introduced": "7.53.0" }, { "fixed": "7.54.1" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://curl.haxx.se/docs/adv_20170614.html" ], "discovery": "2017-06-14T00:00:00Z", "references": { "cvename": [ "CVE-2017-9502" ] }, "vid": "9314058e-5204-11e7-b712-b1a44a034d72" }, "details": "cURL security advisory:\n\n> When libcurl is given either\n>\n> 1\\. a file: URL that doesn\\'t use two slashes following the colon, or\n>\n> 2\\. is told that file is the default scheme to use for URLs without\n> scheme\n>\n> \\... and the given path starts with a drive letter and libcurl is\n> built for Windows or DOS, then libcurl would copy the path with a\n> wrong offset, so that the end of the given path would write beyond the\n> malloc buffer. Up to seven bytes too much.\n>\n> We are not aware of any exploit of this flaw.\n", "id": "FreeBSD-2017-0137", "modified": "2017-06-15T00:00:00Z", "published": "2017-06-15T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://curl.haxx.se/docs/adv_20170614.html" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-9502" }, { "type": "WEB", "url": "https://curl.haxx.se/docs/adv_20170614.html" } ], "schema_version": "1.7.0", "summary": "cURL -- URL file scheme drive letter buffer overflow" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "rt42" }, "ranges": [ { "events": [ { "introduced": "4.2.0" }, { "fixed": "4.2.13_1" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "rt44" }, "ranges": [ { "events": [ { "introduced": "4.4.0" }, { "fixed": "4.4.1_1" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "p5-RT-Authen-ExternalAuth" }, "ranges": [ { "events": [ { "introduced": "0.9" }, { "fixed": "0.27" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "http://lists.bestpractical.com/pipermail/rt-announce/2017-June/000297.html" ], "discovery": "2017-06-15T00:00:00Z", "references": { "cvename": [ "CVE-2015-7686", "CVE-2016-6127", "CVE-2017-5361", "CVE-2017-5943", "CVE-2017-5944" ] }, "vid": "7a92e958-5207-11e7-8d7c-6805ca0b3d42" }, "details": "BestPractical reports:\n\n> Please reference CVE/URL list for details\n", "id": "FreeBSD-2017-0136", "modified": "2017-06-15T00:00:00Z", "published": "2017-06-15T00:00:00Z", "references": [ { "type": "REPORT", "url": "http://lists.bestpractical.com/pipermail/rt-announce/2017-June/000297.html" }, { "type": "WEB", "url": "http://lists.bestpractical.com/pipermail/rt-announce/2017-June/000297.html" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2015-7686" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2016-6127" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-5361" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-5943" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-5944" } ], "schema_version": "1.7.0", "summary": "rt and dependent modules -- multiple security vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "linux-flashplayer" }, "ranges": [ { "events": [ { "fixed": "26.0.0.126" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://helpx.adobe.com/security/products/flash-player/apsb17-17.html" ], "discovery": "2017-06-13T00:00:00Z", "references": { "cvename": [ "CVE-2017-3075", "CVE-2017-3076", "CVE-2017-3077", "CVE-2017-3078", "CVE-2017-3079", "CVE-2017-3081", "CVE-2017-3082", "CVE-2017-3083", "CVE-2017-3084" ] }, "vid": "cd944b3f-51f6-11e7-b7b2-001c25e46b1d" }, "details": "Adobe reports:\n\n> - These updates resolve use-after-free vulnerabilities that could lead\n> to code execution (CVE-2017-3075, CVE-2017-3081, CVE-2017-3083,\n> CVE-2017-3084).\n> - These updates resolve memory corruption vulnerabilities that could\n> lead to code execution (CVE-2017-3076, CVE-2017-3077, CVE-2017-3078,\n> CVE-2017-3079, CVE-2017-3082).\n", "id": "FreeBSD-2017-0135", "modified": "2017-06-15T00:00:00Z", "published": "2017-06-15T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://helpx.adobe.com/security/products/flash-player/apsb17-17.html" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-3075" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-3076" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-3077" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-3078" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-3079" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-3081" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-3082" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-3083" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-3084" }, { "type": "WEB", "url": "https://helpx.adobe.com/security/products/flash-player/apsb17-17.html" } ], "schema_version": "1.7.0", "summary": "Flash Player -- multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "firefox" }, "ranges": [ { "events": [ { "fixed": "54.0,1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "seamonkey" }, "ranges": [ { "events": [ { "fixed": "2.49.1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "linux-seamonkey" }, "ranges": [ { "events": [ { "fixed": "2.49.1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "firefox-esr" }, "ranges": [ { "events": [ { "fixed": "52.2.0,1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "linux-firefox" }, "ranges": [ { "events": [ { "fixed": "52.2.0,2" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "libxul" }, "ranges": [ { "events": [ { "fixed": "52.2.0" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "thunderbird" }, "ranges": [ { "events": [ { "fixed": "52.2.0" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "linux-thunderbird" }, "ranges": [ { "events": [ { "fixed": "52.2.0" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://www.mozilla.org/en-US/security/advisories/mfsa2017-15/" ], "discovery": "2017-06-13T00:00:00Z", "references": { "cvename": [ "CVE-2017-5470", "CVE-2017-5471", "CVE-2017-5472", "CVE-2017-7749", "CVE-2017-7750", "CVE-2017-7751", "CVE-2017-7752", "CVE-2017-7754", "CVE-2017-7755", "CVE-2017-7756", "CVE-2017-7757", "CVE-2017-7758", "CVE-2017-7759", "CVE-2017-7760", "CVE-2017-7761", "CVE-2017-7762", "CVE-2017-7763", "CVE-2017-7764", "CVE-2017-7765", "CVE-2017-7766", "CVE-2017-7767", "CVE-2017-7768", "CVE-2017-7778" ] }, "vid": "6cec1b0a-da15-467d-8691-1dea392d4c8d" }, "details": "Mozilla Foundation reports:\n\n> Please reference CVE/URL list for details\n", "id": "FreeBSD-2017-0134", "modified": "2017-09-19T00:00:00Z", "published": "2017-06-13T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-15/" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-5470" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-5471" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-5472" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-7749" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-7750" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-7751" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-7752" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-7754" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-7755" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-7756" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-7757" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-7758" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-7759" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-7760" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-7761" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-7762" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-7763" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-7764" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-7765" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-7766" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-7767" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-7768" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-7778" }, { "type": "WEB", "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-15/" }, { "type": "WEB", "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-16/" } ], "schema_version": "1.7.0", "summary": "mozilla -- multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "roundcube" }, "ranges": [ { "events": [ { "fixed": "1.2.5,1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://roundcube.net/news/2017/04/28/security-updates-1.2.5-1.1.9-and-1.0.11" ], "discovery": "2017-04-28T00:00:00Z", "references": { "cvename": [ "CVE-2017-8114" ] }, "vid": "bce47c89-4d3f-11e7-8080-a4badb2f4699" }, "details": "Roundcube reports:\n\n> Roundcube Webmail allows arbitrary password resets by authenticated\n> users. The problem is caused by an improperly restricted exec call in\n> the virtualmin and sasl drivers of the password plugin.\n", "id": "FreeBSD-2017-0133", "modified": "2017-06-09T00:00:00Z", "published": "2017-06-09T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://roundcube.net/news/2017/04/28/security-updates-1.2.5-1.1.9-and-1.0.11" }, { "type": "WEB", "url": "https://roundcube.net/news/2017/04/28/security-updates-1.2.5-1.1.9-and-1.0.11" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-8114" } ], "schema_version": "1.7.0", "summary": "roundcube -- arbitrary password resets" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "gnutls" }, "ranges": [ { "events": [ { "fixed": "3.5.13" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://gnutls.org/security.html#GNUTLS-SA-2017-4" ], "discovery": "2017-06-07T00:00:00Z", "vid": "b33fb1e0-4c37-11e7-afeb-0011d823eebd" }, "details": "The GnuTLS project reports:\n\n> It was found using the TLS fuzzer tools that decoding a status\n> response TLS extension with valid contents could lead to a crash due\n> to a null pointer dereference. The issue affects GnuTLS server\n> applications.\n", "id": "FreeBSD-2017-0132", "modified": "2017-06-08T00:00:00Z", "published": "2017-06-08T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://gnutls.org/security.html#GNUTLS-SA-2017-4" }, { "type": "WEB", "url": "https://gnutls.org/security.html#GNUTLS-SA-2017-4" } ], "schema_version": "1.7.0", "summary": "GnuTLS -- Denial of service vulnerability" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "irssi" }, "ranges": [ { "events": [ { "fixed": "1.0.3" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://irssi.org/security/irssi_sa_2017_06.txt" ], "discovery": "2017-06-06T00:00:00Z", "references": { "cvename": [ "CVE-2017-9468", "CVE-2017-9469" ] }, "vid": "165e8951-4be0-11e7-a539-0050569f7e80" }, "details": "Joseph Bisch reports:\n\n> When receiving a DCC message without source nick/host, Irssi would\n> attempt to dereference a NULL pointer.\n>\n> When receiving certain incorrectly quoted DCC files, Irssi would try\n> to find the terminating quote one byte before the allocated memory.\n", "id": "FreeBSD-2017-0131", "modified": "2017-06-08T00:00:00Z", "published": "2017-06-08T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://irssi.org/security/irssi_sa_2017_06.txt" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-9468" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-9469" }, { "type": "WEB", "url": "https://irssi.org/security/irssi_sa_2017_06.txt" } ], "schema_version": "1.7.0", "summary": "irssi -- remote DoS" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "chromium" }, "ranges": [ { "events": [ { "fixed": "59.0.3071.86" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "chromium-pulse" }, "ranges": [ { "events": [ { "fixed": "59.0.3071.86" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://chromereleases.googleblog.com/2017/06/stable-channel-update-for-desktop.html" ], "discovery": "2017-06-05T00:00:00Z", "references": { "cvename": [ "CVE-2017-5070", "CVE-2017-5071", "CVE-2017-5072", "CVE-2017-5073", "CVE-2017-5074", "CVE-2017-5075", "CVE-2017-5086", "CVE-2017-5076", "CVE-2017-5077", "CVE-2017-5078", "CVE-2017-5079", "CVE-2017-5080", "CVE-2017-5081", "CVE-2017-5082", "CVE-2017-5083", "CVE-2017-5085" ] }, "vid": "52f4b48b-4ac3-11e7-99aa-e8e0b747a45a" }, "details": "Google Chrome releases reports:\n\n> 30 security fixes in this release\n>\n> Please reference CVE/URL list for details\n", "id": "FreeBSD-2017-0130", "modified": "2017-06-06T00:00:00Z", "published": "2017-06-06T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://chromereleases.googleblog.com/2017/06/stable-channel-update-for-desktop.html" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-5070" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-5071" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-5072" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-5073" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-5074" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-5075" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-5086" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-5076" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-5077" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-5078" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-5079" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-5080" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-5081" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-5082" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-5083" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-5085" }, { "type": "WEB", "url": "https://chromereleases.googleblog.com/2017/06/stable-channel-update-for-desktop.html" } ], "schema_version": "1.7.0", "summary": "chromium -- multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "ansible" }, "ranges": [ { "events": [ { "fixed": "2.3.1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://access.redhat.com/security/cve/cve-2017-7481" ], "discovery": "2017-05-09T00:00:00Z", "vid": "15a04b9f-47cb-11e7-a853-001fbc0f280f" }, "details": "RedHat security team reports:\n\n> An input validation flaw was found in Ansible, where it fails to\n> properly mark lookup-plugin results as unsafe. If an attacker could\n> control the results of lookup() calls, they could inject Unicode\n> strings to be parsed by the jinja2 templating system, result in code\n> execution.\n", "id": "FreeBSD-2017-0129", "modified": "2017-06-02T00:00:00Z", "published": "2017-06-02T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://access.redhat.com/security/cve/cve-2017-7481" }, { "type": "WEB", "url": "https://access.redhat.com/security/cve/cve-2017-7481" }, { "type": "WEB", "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7481" } ], "schema_version": "1.7.0", "summary": "ansible -- Input validation flaw in jinja2 templating system" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "duo" }, "ranges": [ { "events": [ { "fixed": "1.9.21" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://duo.com/labs/psa/duo-psa-2017-002" ], "discovery": "2017-05-19T00:00:00Z", "vid": "738e8ae1-46dd-11e7-a539-0050569f7e80" }, "details": "The duo security team reports:\n\n> An untrusted user may be able to set the http_proxy variable to an\n> invalid address. If this happens, this will trigger the configured\n> \\'failmode\\' behavior, which defaults to safe. Safe mode causes the\n> authentication to report a success.\n", "id": "FreeBSD-2017-0128", "modified": "2017-06-01T00:00:00Z", "published": "2017-06-01T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://duo.com/labs/psa/duo-psa-2017-002" }, { "type": "WEB", "url": "https://duo.com/labs/psa/duo-psa-2017-002" } ], "schema_version": "1.7.0", "summary": "duo -- Two-factor authentication bypass" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "freeradius" }, "ranges": [ { "events": [ { "fixed": "3.0.14" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "freeradius2" }, "ranges": [ { "events": [ { "fixed": "3.0.14" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "freeradius3" }, "ranges": [ { "events": [ { "fixed": "3.0.14" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "http://seclists.org/oss-sec/2017/q2/342" ], "discovery": "2017-02-03T00:00:00Z", "references": { "cvename": [ "CVE-2017-9148" ] }, "vid": "673dce46-46d0-11e7-a539-0050569f7e80" }, "details": "Stefan Winter reports:\n\n> The TLS session cache in FreeRADIUS before 3.0.14 fails to reliably\n> prevent resumption of an unauthenticated session, which allows remote\n> attackers (such as malicious 802.1X supplicants) to bypass\n> authentication via PEAP or TTLS.\n", "id": "FreeBSD-2017-0127", "modified": "2017-06-01T00:00:00Z", "published": "2017-06-01T00:00:00Z", "references": [ { "type": "REPORT", "url": "http://seclists.org/oss-sec/2017/q2/342" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-9148" }, { "type": "WEB", "url": "http://freeradius.org/security.html" }, { "type": "WEB", "url": "http://seclists.org/oss-sec/2017/q2/342" }, { "type": "WEB", "url": "http://www.securityfocus.com/bid/98734" } ], "schema_version": "1.7.0", "summary": "FreeRADIUS -- TLS resumption authentication bypass" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "heimdal" }, "ranges": [ { "events": [ { "fixed": "7.1.0_3" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://www.h5l.org/advisories.html?show=2017-04-13" ], "discovery": "2017-04-13T00:00:00Z", "references": { "freebsdpr": [ "ports/219657" ] }, "vid": "40a8d798-4615-11e7-8080-a4badb2f4699" }, "details": "Viktor Dukhovni reports:\n\n> Commit f469fc6 (2010-10-02) inadvertently caused the previous hop\n> realm to not be added to the transit path of issued tickets. This may,\n> in some cases, enable bypass of capath policy in Heimdal versions 1.5\n> through 7.2. Note, this may break sites that rely on the bug. With the\n> bug some incomplete \\[capaths\\] worked, that should not have. These\n> may now break authentication in some cross-realm configurations.\n> (CVE-2017-6594)\n", "id": "FreeBSD-2017-0126", "modified": "2017-05-31T00:00:00Z", "published": "2017-05-31T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://www.h5l.org/advisories.html?show=2017-04-13" }, { "type": "WEB", "url": "CVE-2017-6594" }, { "type": "REPORT", "url": "https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=219657" } ], "schema_version": "1.7.0", "summary": "heimdal -- bypass of capath policy" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:kernel", "name": "FreeBSD-kernel" }, "ranges": [ { "events": [ { "introduced": "11.0" }, { "fixed": "11.0_10" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "10.3" }, { "fixed": "10.3_19" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "discovery": "2017-04-27T00:00:00Z", "references": { "cvename": [ "CVE-2017-1081" ], "freebsdsa": [ "SA-17:04.ipfilter" ] }, "vid": "51d1282d-420e-11e7-82c5-14dae9d210b8" }, "details": "# Problem Description:\n\nipfilter(4), capable of stateful packet inspection, using the \\\"keep\nstate\\\" or \\\"keep frags\\\" rule options, will not only maintain the state\nof connections, such as TCP streams or UDP communication, it also\nmaintains the state of fragmented packets. When a packet fragments are\nreceived they are cached in a hash table (and linked list). When a\nfragment is received it is compared with fragments already cached in the\nhash table for a match. If it does not match the new entry is used to\ncreate a new entry in the hash table. If on the other hand it does\nmatch, unfortunately the wrong entry is freed, the entry in the hash\ntable. This results in use after free panic (and for a brief moment\nprior to the panic a memory leak due to the wrong entry being freed).\n\n# Impact:\n\nCarefully feeding fragments that are allowed to pass by an ipfilter(4)\nfirewall can be used to cause a panic followed by reboot loop denial of\nservice attack.\n", "id": "FreeBSD-2017-0125", "modified": "2017-05-26T00:00:00Z", "published": "2017-05-26T00:00:00Z", "references": [ { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-1081" }, { "type": "ADVISORY", "url": "https://www.freebsd.org/security/advisories/FreeBSD-SA-17:04.ipfilter.asc" } ], "schema_version": "1.7.0", "summary": "FreeBSD -- ipfilter(4) fragment handling panic" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "FreeBSD" }, "ranges": [ { "events": [ { "introduced": "11.0" }, { "fixed": "11.0_9" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "10.3" }, { "fixed": "10.3_18" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "discovery": "2017-04-12T00:00:00Z", "references": { "cvename": [ "CVE-2016-9042", "CVE-2017-6462", "CVE-2017-6463", "CVE-2017-6464" ], "freebsdsa": [ "SA-17:03.ntp" ] }, "vid": "3c0237f5-420e-11e7-82c5-14dae9d210b8" }, "details": "# Problem Description:\n\nA vulnerability was discovered in the NTP server\\'s parsing of\nconfiguration directives. \\[CVE-2017-6464\\]\n\nA vulnerability was found in NTP, in the parsing of packets from the\nDPTS Clock. \\[CVE-2017-6462\\]\n\nA vulnerability was discovered in the NTP server\\'s parsing of\nconfiguration directives. \\[CVE-2017-6463\\]\n\nA vulnerability was found in NTP, affecting the origin timestamp check\nfunction. \\[CVE-2016-9042\\]\n\n# Impact:\n\nA remote, authenticated attacker could cause ntpd to crash by sending a\ncrafted message. \\[CVE-2017-6463, CVE-2017-6464\\]\n\nA malicious device could send crafted messages, causing ntpd to crash.\n\\[CVE-2017-6462\\]\n\nAn attacker able to spoof messages from all of the configured peers\ncould send crafted packets to ntpd, causing later replies from those\npeers to be discarded, resulting in denial of service. \\[CVE-2016-9042\\]\n", "id": "FreeBSD-2017-0124", "modified": "2017-05-26T00:00:00Z", "published": "2017-05-26T00:00:00Z", "references": [ { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2016-9042" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-6462" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-6463" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-6464" }, { "type": "ADVISORY", "url": "https://www.freebsd.org/security/advisories/FreeBSD-SA-17:03.ntp.asc" } ], "schema_version": "1.7.0", "summary": "FreeBSD -- Multiple vulnerabilities of ntp" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "vlc" }, "ranges": [ { "events": [ { "fixed": "2.2.6,4" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "vlc-qt4" }, "ranges": [ { "events": [ { "fixed": "2.2.6,4" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "http://blog.checkpoint.com/2017/05/23/hacked-in-translation/" ], "discovery": "2017-05-23T00:00:00Z", "vid": "ec6aeb8e-41e4-11e7-aa00-5404a68ad561" }, "details": "Check Point research team reports:\n\n> Remote code execution via crafted subtitles\n", "id": "FreeBSD-2017-0123", "modified": "2017-05-26T00:00:00Z", "published": "2017-05-26T00:00:00Z", "references": [ { "type": "REPORT", "url": "http://blog.checkpoint.com/2017/05/23/hacked-in-translation/" }, { "type": "WEB", "url": "http://blog.checkpoint.com/2017/05/23/hacked-in-translation/" } ], "schema_version": "1.7.0", "summary": "vlc -- remote code execution via crafted subtitles" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "OpenEXR" }, "ranges": [ { "events": [ { "fixed": "2.2.1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "http://www.openwall.com/lists/oss-security/2017/05/12/5" ], "discovery": "2017-01-12T00:00:00Z", "references": { "cvename": [ "CVE-2017-9110", "CVE-2017-9111", "CVE-2017-9112", "CVE-2017-9113", "CVE-2017-9114", "CVE-2017-9115", "CVE-2017-9116" ] }, "vid": "803879e9-4195-11e7-9b08-080027ef73ec" }, "details": "Brandon Perry reports:\n\n> \\[There\\] is a zip file of EXR images that cause segmentation faults\n> in the OpenEXR library (tested against 2.2.0).\n>\n> - CVE-2017-9110 In OpenEXR 2.2.0, an invalid read of size 2 in the\n> hufDecode function in ImfHuf.cpp could cause the application to\n> crash.\n> - CVE-2017-9111 In OpenEXR 2.2.0, an invalid write of size 8 in the\n> storeSSE function in ImfOptimizedPixelReading.h could cause the\n> application to crash or execute arbitrary code.\n> - CVE-2017-9112 In OpenEXR 2.2.0, an invalid read of size 1 in the\n> getBits function in ImfHuf.cpp could cause the application to crash.\n> - CVE-2017-9113 In OpenEXR 2.2.0, an invalid write of size 1 in the\n> bufferedReadPixels function in ImfInputFile.cpp could cause the\n> application to crash or execute arbitrary code.\n> - CVE-2017-9114 In OpenEXR 2.2.0, an invalid read of size 1 in the\n> refill function in ImfFastHuf.cpp could cause the application to\n> crash.\n> - CVE-2017-9115 In OpenEXR 2.2.0, an invalid write of size 2 in the =\n> operator function in half.h could cause the application to crash or\n> execute arbitrary code.\n> - CVE-2017-9116 In OpenEXR 2.2.0, an invalid read of size 1 in the\n> uncompress function in ImfZip.cpp could cause the application to\n> crash.\n", "id": "FreeBSD-2017-0122", "modified": "2017-05-25T00:00:00Z", "published": "2017-05-25T00:00:00Z", "references": [ { "type": "REPORT", "url": "http://www.openwall.com/lists/oss-security/2017/05/12/5" }, { "type": "WEB", "url": "http://www.openwall.com/lists/oss-security/2017/05/12/5" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-9110" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-9111" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-9112" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-9113" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-9114" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-9115" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-9116" }, { "type": "WEB", "url": "https://github.com/openexr/openexr/issues/232" } ], "schema_version": "1.7.0", "summary": "OpenEXR -- multiple remote code execution and denial of service vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "ImageMagick" }, "ranges": [ { "events": [ { "fixed": "6.9.6.4_2,1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "6.9.7.0,1" }, { "fixed": "6.9.8.8,1" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "ImageMagick-nox11" }, "ranges": [ { "events": [ { "fixed": "6.9.6.4_2,1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "6.9.7.0,1" }, { "fixed": "6.9.8.8,1" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "ImageMagick7" }, "ranges": [ { "events": [ { "fixed": "7.0.5.9" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "ImageMagick7-nox11" }, "ranges": [ { "events": [ { "fixed": "7.0.5.9" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://nvd.nist.gov/vuln/search/results?query=ImageMagick" ], "discovery": "2017-03-05T00:00:00Z", "references": { "cvename": [ "CVE-2017-5506", "CVE-2017-5507", "CVE-2017-5508", "CVE-2017-5509", "CVE-2017-5510", "CVE-2017-5511", "CVE-2017-6497", "CVE-2017-6498", "CVE-2017-6499", "CVE-2017-6500", "CVE-2017-6501", "CVE-2017-6502", "CVE-2017-7275", "CVE-2017-7606", "CVE-2017-7619", "CVE-2017-7941", "CVE-2017-7942", "CVE-2017-7943", "CVE-2017-8343", "CVE-2017-8344", "CVE-2017-8345", "CVE-2017-8346", "CVE-2017-8347", "CVE-2017-8348", "CVE-2017-8349", "CVE-2017-8350", "CVE-2017-8351", "CVE-2017-8352", "CVE-2017-8353", "CVE-2017-8354", "CVE-2017-8355", "CVE-2017-8356", "CVE-2017-8357", "CVE-2017-8765", "CVE-2017-8830", "CVE-2017-9141", "CVE-2017-9142", "CVE-2017-9143", "CVE-2017-9144" ] }, "vid": "50776801-4183-11e7-b291-b499baebfeaf" }, "details": "> Please reference CVE/URL list for details\n", "id": "FreeBSD-2017-0121", "modified": "2017-05-29T00:00:00Z", "published": "2017-05-25T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://nvd.nist.gov/vuln/search/results?query=ImageMagick" }, { "type": "WEB", "url": "https://nvd.nist.gov/vuln/search/results?query=ImageMagick" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-5506" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-5507" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-5508" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-5509" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-5510" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-5511" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-6497" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-6498" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-6499" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-6500" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-6501" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-6502" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-7275" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-7606" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-7619" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-7941" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-7942" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-7943" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-8343" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-8344" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-8345" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-8346" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-8347" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-8348" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-8349" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-8350" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-8351" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-8352" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-8353" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-8354" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-8355" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-8356" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-8357" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-8765" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-8830" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-9141" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-9142" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-9143" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-9144" } ], "schema_version": "1.7.0", "summary": "ImageMagick -- multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "samba42" }, "ranges": [ { "events": [ { "fixed": "4.2.15" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "samba43" }, "ranges": [ { "events": [ { "fixed": "4.3.14" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "samba44" }, "ranges": [ { "events": [ { "fixed": "4.4.14" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "samba45" }, "ranges": [ { "events": [ { "fixed": "4.5.10" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "samba46" }, "ranges": [ { "events": [ { "fixed": "4.6.4" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://www.samba.org/samba/security/CVE-2017-7494.html" ], "discovery": "2017-05-24T00:00:00Z", "references": { "cvename": [ "CVE-2017-7494" ] }, "vid": "6f4d96c0-4062-11e7-b291-b499baebfeaf" }, "details": "The samba project reports:\n\n> Remote code execution from a writable share.\n>\n> All versions of Samba from 3.5.0 onwards are vulnerable to a remote\n> code execution vulnerability, allowing a malicious client to upload a\n> shared library to a writable share, and then cause the server to load\n> and execute it.\n", "id": "FreeBSD-2017-0120", "modified": "2017-05-24T00:00:00Z", "published": "2017-05-24T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://www.samba.org/samba/security/CVE-2017-7494.html" }, { "type": "WEB", "url": "https://www.samba.org/samba/security/CVE-2017-7494.html" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-7494" } ], "schema_version": "1.7.0", "summary": "samba -- remote code execution vulnerability" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "nvidia-driver" }, "ranges": [ { "events": [ { "fixed": "375.66" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "http://nvidia.custhelp.com/app/answers/detail/a_id/4462" ], "discovery": "2017-05-15T00:00:00Z", "references": { "cvename": [ "CVE-2017-0350", "CVE-2017-0351", "CVE-2017-0352" ] }, "vid": "f52e3a8d-3f7e-11e7-97a9-a0d3c19bfa21" }, "details": "NVIDIA Unix security team reports:\n\n> NVIDIA GPU Display Driver contains vulnerabilities in the kernel mode\n> layer handler where not correctly validated user input, NULL pointer\n> dereference, and incorrect access control may lead to denial of\n> service or potential escalation of privileges.\n", "id": "FreeBSD-2017-0119", "modified": "2017-05-23T00:00:00Z", "published": "2017-05-23T00:00:00Z", "references": [ { "type": "REPORT", "url": "http://nvidia.custhelp.com/app/answers/detail/a_id/4462" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-0350" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-0351" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-0352" }, { "type": "WEB", "url": "http://nvidia.custhelp.com/app/answers/detail/a_id/4462" } ], "schema_version": "1.7.0", "summary": "NVIDIA UNIX driver -- multiple vulnerabilities in the kernel mode layer handler" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "miniupnpc" }, "ranges": [ { "events": [ { "fixed": "2.0.20170509" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://github.com/tintinweb/pub/tree/master/pocs/cve-2017-8798" ], "discovery": "2017-05-09T00:00:00Z", "references": { "cvename": [ "CVE-2017-8798" ] }, "vid": "da1d5d2e-3eca-11e7-8861-0018fe623f2b" }, "details": "Tintinweb reports:\n\n> An integer signedness error was found in miniupnp\\'s miniwget allowing\n> an unauthenticated remote entity typically located on the local\n> network segment to trigger a heap corruption or an access violation in\n> miniupnp\\'s http response parser when processing a specially crafted\n> chunked-encoded response to a request for the xml root description\n> url.\n", "id": "FreeBSD-2017-0118", "modified": "2017-05-22T00:00:00Z", "published": "2017-05-22T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://github.com/tintinweb/pub/tree/master/pocs/cve-2017-8798" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-8798" }, { "type": "WEB", "url": "https://github.com/tintinweb/pub/tree/master/pocs/cve-2017-8798" } ], "schema_version": "1.7.0", "summary": "miniupnpc -- integer signedness error" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "wordpress" }, "ranges": [ { "events": [ { "fixed": "4.7.5,1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "fr-wordpress" }, "ranges": [ { "events": [ { "fixed": "4.7.5,1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "de-wordpress" }, "ranges": [ { "events": [ { "fixed": "4.7.5" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "ja-wordpress" }, "ranges": [ { "events": [ { "fixed": "4.7.5" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "ru-wordpress" }, "ranges": [ { "events": [ { "fixed": "4.7.5" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "zh-wordpress-zh_CN" }, "ranges": [ { "events": [ { "fixed": "4.7.5" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "zh-wordpress-zh_TW" }, "ranges": [ { "events": [ { "fixed": "4.7.5" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://wordpress.org/news/2017/05/wordpress-4-7-5/" ], "discovery": "2017-05-16T00:00:00Z", "vid": "a5bb7ea0-3e58-11e7-94a2-00e04c1ea73d" }, "details": "> WordPress versions 4.7.4 and earlier are affected by six security\n> issues\n>\n> - Insufficient redirect validation in the HTTP class.\n> - Improper handling of post meta data values in the XML-RPC API.\n> - Lack of capability checks for post meta data in the XML-RPC API.\n> - A Cross Site Request Forgery (CRSF) vulnerability was discovered in\n> the filesystem credentials dialog.\n> - A cross-site scripting (XSS) vulnerability was discovered related to\n> the Customizer.\n", "id": "FreeBSD-2017-0117", "modified": "2017-05-21T00:00:00Z", "published": "2017-05-21T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://wordpress.org/news/2017/05/wordpress-4-7-5/" }, { "type": "WEB", "url": "https://wordpress.org/news/2017/05/wordpress-4-7-5/" } ], "schema_version": "1.7.0", "summary": "Wordpress -- multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "asterisk13" }, "ranges": [ { "events": [ { "fixed": "13.15.1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "http://www.asterisk.org/downloads/security-advisories" ], "discovery": "2017-04-13T00:00:00Z", "vid": "fab87bff-3ce5-11e7-bf9d-001999f8d30b" }, "details": "The Asterisk project reports:\n\n> A remote memory exhaustion can be triggered by sending an SCCP packet\n> to Asterisk system with \\\"chan_skinny\\\" enabled that is larger than\n> the length of the SCCP header but smaller than the packet length\n> specified in the header. The loop that reads the rest of the packet\n> doesn\\'t detect that the call to read() returned end-of-file before\n> the expected number of bytes and continues infinitely. The \\\"partial\n> data\\\" message logging in that tight loop causes Asterisk to exhaust\n> all available memory.\n", "id": "FreeBSD-2017-0116", "modified": "2017-05-19T00:00:00Z", "published": "2017-05-19T00:00:00Z", "references": [ { "type": "REPORT", "url": "http://www.asterisk.org/downloads/security-advisories" }, { "type": "WEB", "url": "http://downloads.asterisk.org/pub/security/AST-2017-004.html" } ], "schema_version": "1.7.0", "summary": "asterisk -- Memory exhaustion on short SCCP packets" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "asterisk13" }, "ranges": [ { "events": [ { "fixed": "13.15.1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "pjsip" }, "ranges": [ { "events": [ { "fixed": "2.6_1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "pjsip-extsrtp" }, "ranges": [ { "events": [ { "fixed": "2.6_1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "http://www.asterisk.org/downloads/security-advisories" ], "discovery": "2017-04-12T00:00:00Z", "vid": "0537afa3-3ce0-11e7-bf9d-001999f8d30b" }, "details": "The Asterisk project reports:\n\n> A remote crash can be triggered by sending a SIP packet to Asterisk\n> with a specially crafted CSeq header and a Via header with no branch\n> parameter. The issue is that the PJSIP RFC 2543 transaction key\n> generation algorithm does not allocate a large enough buffer. By\n> overrunning the buffer, the memory allocation table becomes corrupted,\n> leading to an eventual crash.\n>\n> The multi-part body parser in PJSIP contains a logical error that can\n> make certain multi-part body parts attempt to read memory from outside\n> the allowed boundaries. A specially-crafted packet can trigger these\n> invalid reads and potentially induce a crash.\n>\n> This issues is in PJSIP, and so the issue can be fixed without\n> performing an upgrade of Asterisk at all. However, we are releasing a\n> new version of Asterisk with the bundled PJProject updated to include\n> the fix.\n>\n> If you are running Asterisk with chan_sip, this issue does not affect\n> you.\n", "id": "FreeBSD-2017-0115", "modified": "2017-05-19T00:00:00Z", "published": "2017-05-19T00:00:00Z", "references": [ { "type": "REPORT", "url": "http://www.asterisk.org/downloads/security-advisories" }, { "type": "WEB", "url": "http://downloads.asterisk.org/pub/security/AST-2017-002.html" }, { "type": "WEB", "url": "http://downloads.asterisk.org/pub/security/AST-2017-003.html" } ], "schema_version": "1.7.0", "summary": "asterisk -- Buffer Overrun in PJSIP transaction layer" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "joomla3" }, "ranges": [ { "events": [ { "introduced": "3.7.0" }, { "last_affected": "3.7.0" }, { "fixed": "3.7.0" } ], "type": "ECOSYSTEM" } ], "versions": [ "3.7.0" ] } ], "database_specific": { "cite": [ "https://developer.joomla.org/security-centre/692-20170501-core-sql-injection.html" ], "discovery": "2017-05-11T00:00:00Z", "references": { "cvename": [ "CVE-2017-8917" ] }, "vid": "3c2549b3-3bed-11e7-a9f0-a4badb296695" }, "details": "JSST reports:\n\n> Inadequate filtering of request data leads to a SQL Injection\n> vulnerability.\n", "id": "FreeBSD-2017-0114", "modified": "2017-05-18T00:00:00Z", "published": "2017-05-18T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://developer.joomla.org/security-centre/692-20170501-core-sql-injection.html" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-8917" }, { "type": "WEB", "url": "https://developer.joomla.org/security-centre/692-20170501-core-sql-injection.html" } ], "schema_version": "1.7.0", "summary": "Joomla3 -- SQL Injection" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "gitlab" }, "ranges": [ { "events": [ { "introduced": "6.6.0" }, { "last_affected": "8.17.5" }, { "fixed": "8.17.5" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "9.0.0" }, { "last_affected": "9.0.6" }, { "fixed": "9.0.6" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "9.1.0" }, { "last_affected": "9.1.2" }, { "fixed": "9.1.2" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://about.gitlab.com/2017/05/08/gitlab-9-dot-1-dot-3-security-release/" ], "discovery": "2017-05-08T00:00:00Z", "vid": "9704930c-3bb7-11e7-93f7-d43d7e971a1b" }, "details": "GitLab reports:\n\n> Please reference CVE/URL list for details\n", "id": "FreeBSD-2017-0113", "modified": "2017-05-30T00:00:00Z", "published": "2017-05-18T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://about.gitlab.com/2017/05/08/gitlab-9-dot-1-dot-3-security-release/" }, { "type": "WEB", "url": "https://about.gitlab.com/2017/05/08/gitlab-9-dot-1-dot-3-security-release/" } ], "schema_version": "1.7.0", "summary": "gitlab -- Various security issues" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "gitlab" }, "ranges": [ { "events": [ { "introduced": "8.7.0" }, { "last_affected": "8.15.7" }, { "fixed": "8.15.7" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "8.16.0" }, { "last_affected": "8.16.7" }, { "fixed": "8.16.7" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "8.17.0" }, { "last_affected": "8.17.3" }, { "fixed": "8.17.3" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://about.gitlab.com/2017/03/20/gitlab-8-dot-17-dot-4-security-release/" ], "discovery": "2017-03-20T00:00:00Z", "references": { "cvename": [ "CVE-2017-0882" ] }, "vid": "5d62950f-3bb5-11e7-93f7-d43d7e971a1b" }, "details": "GitLab reports:\n\n> # Information Disclosure in Issue and Merge Request Trackers\n>\n> During an internal code review a critical vulnerability in the GitLab\n> Issue and Merge Request trackers was discovered. This vulnerability\n> could allow a user with access to assign ownership of an issue or\n> merge request to another user to disclose that user\\'s private token,\n> email token, email address, and encrypted OTP secret. Reporter-level\n> access to a GitLab project is required to exploit this flaw.\n>\n> # SSRF when importing a project from a Repo by URL\n>\n> GitLab instances that have enabled project imports using \\\"Repo by\n> URL\\\" were vulnerable to Server-Side Request Forgery attacks. By\n> specifying a project import URL of localhost an attacker could target\n> services that are bound to the local interface of the server. These\n> services often do not require authentication. Depending on the service\n> an attacker might be able craft an attack using the project import\n> request URL.\n>\n> # Links in Environments tab vulnerable to tabnabbing\n>\n> edio via HackerOne reported that user-configured Environment links\n> include target=\\_blank but do not also include rel: noopener\n> noreferrer. Anyone clicking on these links may therefore be subjected\n> to tabnabbing attacks where a link back to the requesting page is\n> maintained and can be manipulated by the target server.\n>\n> # Accounts with email set to \\\"Do not show on profile\\\" have addresses exposed in public atom feed\n>\n> Several GitLab users reported that even with \\\"Do not show on\n> profile\\\" configured for their email addresses those addresses were\n> still being leaked in Atom feeds if they commented on a public\n> project.\n", "id": "FreeBSD-2017-0112", "modified": "2017-05-30T00:00:00Z", "published": "2017-05-18T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://about.gitlab.com/2017/03/20/gitlab-8-dot-17-dot-4-security-release/" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-0882" }, { "type": "WEB", "url": "https://about.gitlab.com/2017/03/20/gitlab-8-dot-17-dot-4-security-release/" } ], "schema_version": "1.7.0", "summary": "gitlab -- Various security issues" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "freetype2" }, "ranges": [ { "events": [ { "fixed": "2.8" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "http://lists.nongnu.org/archive/html/freetype-announce/2017-05/msg00000.html" ], "discovery": "2017-05-17T00:00:00Z", "references": { "cvename": [ "CVE-2017-8105", "CVE-2017-8287" ] }, "vid": "4a088d67-3af2-11e7-9d75-c86000169601" }, "details": "Werner Lemberg reports:\n\n> CVE-2017-8105, CVE-2017-8287: Older FreeType versions have\n> out-of-bounds writes caused by heap-based buffer overflows related to\n> Type 1 fonts.\n", "id": "FreeBSD-2017-0111", "modified": "2017-05-17T00:00:00Z", "published": "2017-05-17T00:00:00Z", "references": [ { "type": "REPORT", "url": "http://lists.nongnu.org/archive/html/freetype-announce/2017-05/msg00000.html" }, { "type": "WEB", "url": "http://lists.nongnu.org/archive/html/freetype-announce/2017-05/msg00000.html" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-8105" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-8287" } ], "schema_version": "1.7.0", "summary": "freetype2 -- buffer overflows" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "openvpn" }, "ranges": [ { "events": [ { "fixed": "2.3.15" }, { "introduced": "0" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "2.4.0" }, { "fixed": "2.4.2" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "openvpn23" }, "ranges": [ { "events": [ { "fixed": "2.3.15" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "openvpn-mbedtls" }, "ranges": [ { "events": [ { "introduced": "2.4.0" }, { "fixed": "2.4.2" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "openvpn-polarssl" }, "ranges": [ { "events": [ { "fixed": "2.3.15" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "openvpn23-polarssl" }, "ranges": [ { "events": [ { "fixed": "2.3.15" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://openvpn.net/index.php/open-source/downloads.html" ], "discovery": "2017-05-10T00:00:00Z", "references": { "cvename": [ "CVE-2017-7478", "CVE-2017-7479" ] }, "vid": "04cc7bd2-3686-11e7-aa64-080027ef73ec" }, "details": "Samuli Sepp\u00e4nen reports:\n\n> OpenVPN v2.4.0 was audited for security vulnerabilities independently\n> by Quarkslabs (funded by OSTIF) and Cryptography Engineering (funded\n> by Private Internet Access) between December 2016 and April 2017. The\n> primary findings were two remote denial-of-service vulnerabilities.\n> Fixes to them have been backported to v2.3.15.\n>\n> An authenticated client can do the \\'three way handshake\\'\n> (P_HARD_RESET, P_HARD_RESET, P_CONTROL), where the P_CONTROL packet is\n> the first that is allowed to carry payload. If that payload is too\n> big, the OpenVPN server process will stop running due to an ASSERT()\n> exception. That is also the reason why servers using\n> tls-auth/tls-crypt are protected against this attack - the P_CONTROL\n> packet is only accepted if it contains the session ID we specified,\n> with a valid HMAC (challenge-response). (CVE-2017-7478)\n>\n> An authenticated client can cause the server\\'s the packet-id counter\n> to roll over, which would lead the server process to hit an ASSERT()\n> and stop running. To make the server hit the ASSERT(), the client must\n> first cause the server to send it 2\\^32 packets (at least 196 GB).\n", "id": "FreeBSD-2017-0110", "modified": "2017-05-11T00:00:00Z", "published": "2017-05-11T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://openvpn.net/index.php/open-source/downloads.html" }, { "type": "WEB", "url": "https://openvpn.net/index.php/open-source/downloads.html" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-7478" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-7479" }, { "type": "WEB", "url": "https://community.openvpn.net/openvpn/wiki/QuarkslabAndCryptographyEngineerAudits" }, { "type": "WEB", "url": "https://ostif.org/?p=870&preview=true" }, { "type": "WEB", "url": "https://www.privateinternetaccess.com/blog/2017/05/openvpn-2-4-2-fixes-critical-issues-discovered-openvpn-audit-reports/" } ], "schema_version": "1.7.0", "summary": "OpenVPN -- two remote denial-of-service vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "postgresql92-client" }, "ranges": [ { "events": [ { "introduced": "9.2.0" }, { "fixed": "9.2.20" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "postgresql93-client" }, "ranges": [ { "events": [ { "introduced": "9.3.0" }, { "fixed": "9.3.16" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "postgresql94-client" }, "ranges": [ { "events": [ { "introduced": "9.4.0" }, { "fixed": "9.4.11" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "postgresql95-client" }, "ranges": [ { "events": [ { "introduced": "9.5.0" }, { "fixed": "9.5.6" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "postgresql96-client" }, "ranges": [ { "events": [ { "introduced": "9.6.0" }, { "fixed": "9.6.2" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "postgresql92-server" }, "ranges": [ { "events": [ { "introduced": "9.2.0" }, { "fixed": "9.2.20" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "postgresql93-server" }, "ranges": [ { "events": [ { "introduced": "9.3.0" }, { "fixed": "9.3.16" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "postgresql94-server" }, "ranges": [ { "events": [ { "introduced": "9.4.0" }, { "fixed": "9.4.11" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "postgresql95-server" }, "ranges": [ { "events": [ { "introduced": "9.5.0" }, { "fixed": "9.5.6" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "postgresql96-server" }, "ranges": [ { "events": [ { "introduced": "9.6.0" }, { "fixed": "9.6.2" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "http://www.postgresql.org/about/news/1746/" ], "discovery": "2017-05-11T00:00:00Z", "references": { "cvename": [ "CVE-2016-5423", "CVE-2016-5424" ] }, "vid": "414c18bf-3653-11e7-9550-6cc21735f730" }, "details": "The PostgreSQL project reports:\n\n> Security Fixes nested CASE expressions + database and role names with\n> embedded special characters\n>\n> - CVE-2017-7484: selectivity estimators bypass SELECT privilege\n> checks.\n> - CVE-2017-7485: libpq ignores PGREQUIRESSL environment variable\n> - CVE-2017-7486: pg_user_mappings view discloses foreign server\n> passwords. This applies to new databases, see the release notes for\n> the procedure to apply the fix to an existing database.\n", "id": "FreeBSD-2017-0109", "modified": "2017-05-11T00:00:00Z", "published": "2017-05-11T00:00:00Z", "references": [ { "type": "REPORT", "url": "http://www.postgresql.org/about/news/1746/" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2016-5423" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2016-5424" } ], "schema_version": "1.7.0", "summary": "PostgreSQL vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "kdelibs" }, "ranges": [ { "events": [ { "fixed": "4.14.30_4" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "kf5-kauth" }, "ranges": [ { "events": [ { "fixed": "5.33.0_1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://www.kde.org/info/security/advisory-20170510-1.txt" ], "discovery": "2017-05-10T00:00:00Z", "references": { "cvename": [ "CVE-2017-8422" ] }, "vid": "0baee383-356c-11e7-b9a9-50e549ebab6c" }, "details": "Albert Astals Cid reports:\n\n> KAuth contains a logic flaw in which the service invoking dbus is not\n> properly checked. This allows spoofing the identity of the caller and\n> with some carefully crafted calls can lead to gaining root from an\n> unprivileged account.\n", "id": "FreeBSD-2017-0108", "modified": "2017-05-10T00:00:00Z", "published": "2017-05-10T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://www.kde.org/info/security/advisory-20170510-1.txt" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-8422" }, { "type": "DISCUSSION", "url": "http://www.openwall.com/lists/oss-security/2017/05/10/3" }, { "type": "WEB", "url": "https://www.kde.org/info/security/advisory-20170510-1.txt" } ], "schema_version": "1.7.0", "summary": "kauth: Local privilege escalation" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "libetpan" }, "ranges": [ { "events": [ { "fixed": "1.8" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://github.com/dinhviethoa/libetpan/issues/274" ], "discovery": "2017-04-29T00:00:00Z", "references": { "cvename": [ "CVE-2017-8825" ] }, "vid": "57600032-34fe-11e7-8965-bcaec524bf84" }, "details": "rwhitworth reports:\n\n> I was using American Fuzzy Lop (afl-fuzz) to fuzz input to the\n> mime-parse test program. Is fixing these crashes something you\\'re\n> interested in? The input files can be found here:\n> https://github.com/rwhitworth/libetpan-fuzz/. The files can be\n> executed as ./mime-parse id_filename to cause seg faults.\n", "id": "FreeBSD-2017-0107", "modified": "2017-05-09T00:00:00Z", "published": "2017-05-09T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://github.com/dinhviethoa/libetpan/issues/274" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-8825" }, { "type": "WEB", "url": "http://cve.circl.lu/cve/CVE-2017-8825" } ], "schema_version": "1.7.0", "summary": "libetpan -- null dereference vulnerability in MIME parsing component" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "chromium" }, "ranges": [ { "events": [ { "fixed": "58.0.3029.96" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://chromereleases.googleblog.com/2017/05/stable-channel-update-for-desktop.html" ], "discovery": "2017-05-02T00:00:00Z", "references": { "cvename": [ "CVE-2017-5068" ] }, "vid": "92e345d0-304d-11e7-8359-e8e0b747a45a" }, "details": "Google Chrome Releases reports:\n\n> 1 security fix in this release:\n\n- \\[679306\\] High CVE-2017-5068: Race condition in WebRTC. Credit to\n Philipp Hancke\n", "id": "FreeBSD-2017-0106", "modified": "2017-05-03T00:00:00Z", "published": "2017-05-03T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://chromereleases.googleblog.com/2017/05/stable-channel-update-for-desktop.html" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-5068" }, { "type": "WEB", "url": "https://chromereleases.googleblog.com/2017/05/stable-channel-update-for-desktop.html" } ], "schema_version": "1.7.0", "summary": "chromium -- race condition vulnerability" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "dovecot" }, "ranges": [ { "events": [ { "introduced": "2.2.25_6,1" }, { "fixed": "2.2.29" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "dovecot2" }, "ranges": [ { "events": [ { "introduced": "2.2.25_6,1" }, { "fixed": "2.2.29" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://dovecot.org/list/dovecot-news/2017-April/000341.html" ], "discovery": "2016-12-01T00:00:00Z", "references": { "cvename": [ "CVE-2017-2669" ] }, "vid": "a8c8001b-216c-11e7-80aa-005056925db4" }, "details": "Timo Sirainen reports:\n\n> passdb/userdb dict: Don\\'t double-expand %variables in keys. If dict\n> was used as the authentication passdb, using specially crafted\n> %variables in the username could be used to cause DoS.\n", "id": "FreeBSD-2017-0105", "modified": "2017-04-30T00:00:00Z", "published": "2017-04-30T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://dovecot.org/list/dovecot-news/2017-April/000341.html" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-2669" }, { "type": "DISCUSSION", "url": "https://dovecot.org/list/dovecot-news/2017-April/000341.html" }, { "type": "DISCUSSION", "url": "https://dovecot.org/list/dovecot-news/2017-April/000342.html" } ], "schema_version": "1.7.0", "summary": "dovecot -- Dovecot DoS when passdb dict was used for authentication" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "libressl" }, "ranges": [ { "events": [ { "introduced": "2.5.1" }, { "fixed": "2.5.3_1" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "libressl-devel" }, "ranges": [ { "events": [ { "introduced": "2.5.1" }, { "fixed": "2.5.3_1" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "http://seclists.org/oss-sec/2017/q2/145" ], "discovery": "2017-04-27T00:00:00Z", "references": { "cvename": [ "CVE-2017-8301" ] }, "vid": "24673ed7-2bf3-11e7-b291-b499baebfeaf" }, "details": "Jakub Jirutka reports:\n\n> LibreSSL 2.5.1 to 2.5.3 lacks TLS certificate verification if\n> SSL_get_verify_result is relied upon for a later check of a\n> verification result, in a use case where a user-provided verification\n> callback returns 1, as demonstrated by acceptance of invalid\n> certificates by nginx.\n", "id": "FreeBSD-2017-0104", "modified": "2017-04-28T00:00:00Z", "published": "2017-04-28T00:00:00Z", "references": [ { "type": "REPORT", "url": "http://seclists.org/oss-sec/2017/q2/145" }, { "type": "WEB", "url": "http://seclists.org/oss-sec/2017/q2/145" }, { "type": "WEB", "url": "https://github.com/libressl-portable/portable/issues/307" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-8301" } ], "schema_version": "1.7.0", "summary": "LibreSSL -- TLS verification vulnerability" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "jenkins" }, "ranges": [ { "events": [ { "fixed": "2.57" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "jenkins-lts" }, "ranges": [ { "events": [ { "fixed": "2.46.2" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://jenkins.io/security/advisory/2017-04-26/" ], "discovery": "2017-04-26T00:00:00Z", "references": { "cvename": [ "CVE-2017-1000356", "CVE-2017-1000353", "CVE-2017-1000354", "CVE-2017-1000355" ] }, "vid": "631c4710-9be5-4a80-9310-eb2847fe24dd" }, "details": "Jenkins Security Advisory:\n\n> # Description\n>\n> ##### SECURITY-412 through SECURITY-420 / CVE-2017-1000356\n>\n> CSRF: Multiple vulnerabilities\n>\n> ##### SECURITY-429 / CVE-2017-1000353\n>\n> CLI: Unauthenticated remote code execution\n>\n> ##### SECURITY-466 / CVE-2017-1000354\n>\n> CLI: Login command allowed impersonating any Jenkins user\n>\n> ##### SECURITY-503 / CVE-2017-1000355\n>\n> XStream: Java crash when trying to instantiate void/Void\n", "id": "FreeBSD-2017-0103", "modified": "2017-04-27T00:00:00Z", "published": "2017-04-27T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://jenkins.io/security/advisory/2017-04-26/" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-1000356" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-1000353" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-1000354" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-1000355" }, { "type": "WEB", "url": "https://jenkins.io/security/advisory/2017-04-26/" } ], "schema_version": "1.7.0", "summary": "jenkins -- multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "codeigniter" }, "ranges": [ { "events": [ { "fixed": "3.1.4" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://www.codeigniter.com/user_guide/changelog.html" ], "discovery": "2017-03-23T00:00:00Z", "vid": "df0144fb-295e-11e7-970f-002590263bf5" }, "details": "The CodeIgniter changelog reports:\n\n> Fixed a header injection vulnerability in common function\n> set_status_header() under Apache (thanks to Guillermo Caminer from\n> Flowgate).\n>\n> Fixed byte-safety issues in Encrypt Library (DEPRECATED) when\n> mbstring.func_overload is enabled.\n>\n> Fixed byte-safety issues in Encryption Library when\n> mbstring.func_overload is enabled.\n>\n> Fixed byte-safety issues in compatibility functions password_hash(),\n> hash_pbkdf2() when mbstring.func_overload is enabled.\n>\n> Updated Encrypt Library (DEPRECATED) to call mcrypt_create_iv() with\n> MCRYPT_DEV_URANDOM.\n", "id": "FreeBSD-2017-0102", "modified": "2017-04-25T00:00:00Z", "published": "2017-04-25T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://www.codeigniter.com/user_guide/changelog.html" }, { "type": "WEB", "url": "https://www.codeigniter.com/user_guide/changelog.html" } ], "schema_version": "1.7.0", "summary": "codeigniter -- multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "weechat" }, "ranges": [ { "events": [ { "fixed": "1.7.1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://weechat.org/download/security/" ], "discovery": "2017-04-23T00:00:00Z", "references": { "cvename": [ "CVE-2017-8073" ] }, "vid": "81433129-2916-11e7-ad3e-00e04c1ea73d" }, "details": "Common Vulnerabilities and Exposures:\n\n> WeeChat before 1.7.1 allows a remote crash by sending a filename via\n> DCC to the IRC plugin. This occurs in the\n> irc_ctcp_dcc_filename_without_quotes function during quote removal,\n> with a buffer overflow.\n", "id": "FreeBSD-2017-0101", "modified": "2017-04-24T00:00:00Z", "published": "2017-04-24T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://weechat.org/download/security/" }, { "type": "WEB", "url": "https://weechat.org/download/security/" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-8073" } ], "schema_version": "1.7.0", "summary": "weechat -- multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "drupal8" }, "ranges": [ { "events": [ { "fixed": "8.3.1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://www.drupal.org/SA-CORE-2017-002" ], "discovery": "2017-04-19T00:00:00Z", "references": { "cvename": [ "CVE-2017-6919" ] }, "vid": "1455c86c-26c2-11e7-9daa-6cf0497db129" }, "details": "Drupal Security Team Reports:\n\n> CVE-2017-6919: Access bypass\n", "id": "FreeBSD-2017-0100", "modified": "2017-04-21T00:00:00Z", "published": "2017-04-21T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://www.drupal.org/SA-CORE-2017-002" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-6919" } ], "schema_version": "1.7.0", "summary": "drupal8 -- Drupal Core - Critical - Access Bypass" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "chromium" }, "ranges": [ { "events": [ { "fixed": "58.0.3029.81" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "chromium-pulse" }, "ranges": [ { "events": [ { "fixed": "58.0.3029.81" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://chromereleases.googleblog.com/2017/04/stable-channel-update-for-desktop.html" ], "discovery": "2017-04-19T00:00:00Z", "references": { "cvename": [ "CVE-2017-5057", "CVE-2017-5058", "CVE-2017-5059", "CVE-2017-5060", "CVE-2017-5061", "CVE-2017-5062", "CVE-2017-5063", "CVE-2017-5064", "CVE-2017-5065", "CVE-2017-5066", "CVE-2017-5067", "CVE-2017-5069" ] }, "vid": "95a74a48-2691-11e7-9e2d-e8e0b747a45a" }, "details": "Google Chrome Releases reports:\n\n> 29 security fixes in this release, including:\n>\n> - \\[695826\\] High CVE-2017-5057: Type confusion in PDFium. Credit to\n> Guang Gong of Alpha Team, Qihoo 360\n> - \\[694382\\] High CVE-2017-5058: Heap use after free in Print Preview.\n> Credit to Khalil Zhani\n> - \\[684684\\] High CVE-2017-5059: Type confusion in Blink. Credit to\n> SkyLined working with Trend Micro\\'s Zero Day Initiative\n> - \\[683314\\] Medium CVE-2017-5060: URL spoofing in Omnibox. Credit to\n> Xudong Zheng\n> - \\[672847\\] Medium CVE-2017-5061: URL spoofing in Omnibox. Credit to\n> Haosheng Wang (@gnehsoah)\n> - \\[702896\\] Medium CVE-2017-5062: Use after free in Chrome Apps.\n> Credit to anonymous\n> - \\[700836\\] Medium CVE-2017-5063: Heap overflow in Skia. Credit to\n> Sweetchip\n> - \\[693974\\] Medium CVE-2017-5064: Use after free in Blink. Credit to\n> Wadih Matar\n> - \\[704560\\] Medium CVE-2017-5065: Incorrect UI in Blink. Credit to\n> Khalil Zhani\n> - \\[690821\\] Medium CVE-2017-5066: Incorrect signature handing in\n> Networking. Credit to Prof. Zhenhua Duan, Prof. Cong Tian, and Ph.D\n> candidate Chu Chen (ICTT, Xidian University)\n> - \\[648117\\] Medium CVE-2017-5067: URL spoofing in Omnibox. Credit to\n> Khalil Zhani\n> - \\[691726\\] Low CVE-2017-5069: Cross-origin bypass in Blink. Credit\n> to Michael Reizelman\n> - \\[713205\\] Various fixes from internal audits, fuzzing and other\n> initiatives\n", "id": "FreeBSD-2017-0099", "modified": "2017-04-21T00:00:00Z", "published": "2017-04-21T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://chromereleases.googleblog.com/2017/04/stable-channel-update-for-desktop.html" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-5057" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-5058" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-5059" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-5060" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-5061" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-5062" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-5063" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-5064" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-5065" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-5066" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-5067" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-5069" }, { "type": "WEB", "url": "https://chromereleases.googleblog.com/2017/04/stable-channel-update-for-desktop.html" } ], "schema_version": "1.7.0", "summary": "chromium -- multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "icu" }, "ranges": [ { "events": [ { "fixed": "58.2_2,1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "linux-c6-icu" }, "ranges": [ { "events": [ { "fixed": "59.0" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "linux-c7-icu" }, "ranges": [ { "events": [ { "fixed": "59.0" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://nvd.nist.gov/vuln/detail/CVE-2017-7867", "https://nvd.nist.gov/vuln/detail/CVE-2017-7868" ], "discovery": "2017-01-21T00:00:00Z", "references": { "cvename": [ "CVE-2017-7867", "CVE-2017-7868" ] }, "vid": "607f8b57-7454-42c6-a88a-8706f327076d" }, "details": "NVD reports:\n\n> International Components for Unicode (ICU) for C/C++ before 2017-02-13\n> has an out-of-bounds write caused by a heap-based buffer overflow\n> related to the utf8TextAccess function in common/utext.cpp and the\n> utext_setNativeIndex\\* function.\n\n> International Components for Unicode (ICU) for C/C++ before 2017-02-13\n> has an out-of-bounds write caused by a heap-based buffer overflow\n> related to the utf8TextAccess function in common/utext.cpp and the\n> utext_moveIndex32\\* function.\n", "id": "FreeBSD-2017-0098", "modified": "2017-05-04T00:00:00Z", "published": "2017-04-20T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-7867" }, { "type": "REPORT", "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-7868" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-7867" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-7868" }, { "type": "WEB", "url": "http://bugs.icu-project.org/trac/changeset/39671" }, { "type": "WEB", "url": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=437" } ], "schema_version": "1.7.0", "summary": "icu -- multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "tiff" }, "ranges": [ { "events": [ { "fixed": "4.0.8" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "linux-f8-tiff" }, "ranges": [ { "events": [ { "fixed": "4.0.8" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "linux-f10-tiff" }, "ranges": [ { "events": [ { "fixed": "4.0.8" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "linux-c6-tiff" }, "ranges": [ { "events": [ { "fixed": "4.0.8" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "linux-c7-tiff" }, "ranges": [ { "events": [ { "fixed": "4.0.8" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://nvd.nist.gov/vuln/detail/CVE-2017-5225" ], "discovery": "2017-04-01T00:00:00Z", "references": { "cvename": [ "CVE-2017-5225", "CVE-2017-7592", "CVE-2017-7593", "CVE-2017-7594", "CVE-2017-7595", "CVE-2017-7596", "CVE-2017-7597", "CVE-2017-7598", "CVE-2017-7599", "CVE-2017-7600", "CVE-2017-7601", "CVE-2017-7602" ] }, "vid": "2a96e498-3234-4950-a9ad-419bc84a839d" }, "details": "NVD reports:\n\n> Please reference CVE/URL list for details\n", "id": "FreeBSD-2017-0097", "modified": "2017-04-20T00:00:00Z", "published": "2017-04-20T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-5225" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-5225" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-7592" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-7593" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-7594" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-7595" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-7596" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-7597" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-7598" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-7599" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-7600" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-7601" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-7602" }, { "type": "WEB", "url": "https://github.com/vadz/libtiff/commit/5c080298d59e" }, { "type": "WEB", "url": "https://github.com/vadz/libtiff/commit/48780b4fcc42" }, { "type": "WEB", "url": "https://github.com/vadz/libtiff/commit/d60332057b95" }, { "type": "WEB", "url": "https://github.com/vadz/libtiff/commit/2ea32f7372b6" }, { "type": "WEB", "url": "https://github.com/vadz/libtiff/commit/8283e4d1b7e5" }, { "type": "WEB", "url": "https://github.com/vadz/libtiff/commit/47f2fb61a3a6" }, { "type": "WEB", "url": "https://github.com/vadz/libtiff/commit/3cfd62d77c2a" }, { "type": "WEB", "url": "https://github.com/vadz/libtiff/commit/3144e57770c1" }, { "type": "WEB", "url": "https://github.com/vadz/libtiff/commit/0a76a8c765c7" }, { "type": "WEB", "url": "https://github.com/vadz/libtiff/commit/66e7bd595209" } ], "schema_version": "1.7.0", "summary": "tiff -- multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "libsamplerate" }, "ranges": [ { "events": [ { "fixed": "0.1.9" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "linux-c6-libsamplerate" }, "ranges": [ { "events": [ { "fixed": "0.1.9" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "linux-c7-libsamplerate" }, "ranges": [ { "events": [ { "fixed": "0.1.9" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://nvd.nist.gov/vuln/detail/CVE-2017-7697" ], "discovery": "2017-04-11T00:00:00Z", "references": { "cvename": [ "CVE-2017-7697" ] }, "vid": "d44129d6-b22e-4e9c-b200-6a46e8bd3e60" }, "details": "NVD reports:\n\n> In libsamplerate before 0.1.9, a buffer over-read occurs in the\n> calc_output_single function in src_sinc.c via a crafted audio file.\n", "id": "FreeBSD-2017-0096", "modified": "2017-04-20T00:00:00Z", "published": "2017-04-20T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-7697" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-7697" }, { "type": "WEB", "url": "https://github.com/erikd/libsamplerate/commit/c3b66186656d" } ], "schema_version": "1.7.0", "summary": "libsamplerate -- multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "libsndfile" }, "ranges": [ { "events": [ { "fixed": "1.0.28_2" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "linux-c6-libsndfile" }, "ranges": [ { "events": [ { "fixed": "1.0.28_2" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "linux-c7-libsndfile" }, "ranges": [ { "events": [ { "fixed": "1.0.28_2" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://nvd.nist.gov/vuln/detail/CVE-2017-7585", "https://nvd.nist.gov/vuln/detail/CVE-2017-7586", "https://nvd.nist.gov/vuln/detail/CVE-2017-7741", "https://nvd.nist.gov/vuln/detail/CVE-2017-7742" ], "discovery": "2017-04-07T00:00:00Z", "references": { "cvename": [ "CVE-2017-7585", "CVE-2017-7586", "CVE-2017-7741", "CVE-2017-7742" ] }, "vid": "5a97805e-93ef-4dcb-8d5e-dbcac263bfc2" }, "details": "NVD reports:\n\n> In libsndfile before 1.0.28, an error in the \\\"flac_buffer_copy()\\\"\n> function (flac.c) can be exploited to cause a stack-based buffer\n> overflow via a specially crafted FLAC file.\n\n> In libsndfile before 1.0.28, an error in the \\\"header_read()\\\"\n> function (common.c) when handling ID3 tags can be exploited to cause a\n> stack-based buffer overflow via a specially crafted FLAC file.\n\n> In libsndfile before 1.0.28, an error in the \\\"flac_buffer_copy()\\\"\n> function (flac.c) can be exploited to cause a segmentation violation\n> (with write memory access) via a specially crafted FLAC file during a\n> resample attempt, a similar issue to CVE-2017-7585.\n\n> In libsndfile before 1.0.28, an error in the \\\"flac_buffer_copy()\\\"\n> function (flac.c) can be exploited to cause a segmentation violation\n> (with read memory access) via a specially crafted FLAC file during a\n> resample attempt, a similar issue to CVE-2017-7585.\n", "id": "FreeBSD-2017-0095", "modified": "2017-04-20T00:00:00Z", "published": "2017-04-20T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-7585" }, { "type": "REPORT", "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-7586" }, { "type": "REPORT", "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-7741" }, { "type": "REPORT", "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-7742" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-7585" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-7586" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-7741" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-7742" }, { "type": "WEB", "url": "https://github.com/erikd/libsndfile/commit/60b234301adf" }, { "type": "WEB", "url": "https://github.com/erikd/libsndfile/commit/708e996c87c5" }, { "type": "WEB", "url": "https://github.com/erikd/libsndfile/commit/f457b7b5ecfe" }, { "type": "WEB", "url": "https://github.com/erikd/libsndfile/commit/60b234301adf" } ], "schema_version": "1.7.0", "summary": "libsndfile -- multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "curl" }, "ranges": [ { "events": [ { "introduced": "7.52.0" }, { "fixed": "7.54.0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://curl.haxx.se/docs/adv_20170419.html" ], "discovery": "2017-04-19T00:00:00Z", "references": { "cvename": [ "CVE-2017-7468" ] }, "vid": "3e2e9b44-25ce-11e7-a175-939b30e0836d" }, "details": "cURL security advisory:\n\n> libcurl would attempt to resume a TLS session even if the client\n> certificate had changed. That is unacceptable since a server by\n> specification is allowed to skip the client certificate check on\n> resume, and may instead use the old identity which was established by\n> the previous certificate (or no certificate).\n>\n> libcurl supports by default the use of TLS session id/ticket to resume\n> previous TLS sessions to speed up subsequent TLS handshakes. They are\n> used when for any reason an existing TLS connection couldn\\'t be kept\n> alive to make the next handshake faster.\n>\n> This flaw is a regression and identical to CVE-2016-5419 reported on\n> August 3rd 2016, but affecting a different version range.\n", "id": "FreeBSD-2017-0094", "modified": "2017-04-20T00:00:00Z", "published": "2017-04-20T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://curl.haxx.se/docs/adv_20170419.html" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-7468" }, { "type": "WEB", "url": "https://curl.haxx.se/docs/adv_20170419.html" } ], "schema_version": "1.7.0", "summary": "cURL -- TLS session resumption client cert bypass (again)" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "graphite2" }, "ranges": [ { "events": [ { "fixed": "1.3.9_1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "linux-c7-graphite2" }, "ranges": [ { "events": [ { "fixed": "1.3.10" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://www.mozilla.org/en-US/security/advisories/mfsa2017-10/" ], "discovery": "2017-04-19T00:00:00Z", "references": { "cvename": [ "CVE-2017-5436" ] }, "vid": "cf133acc-82e7-4755-a66a-5ddf90dacbe6" }, "details": "Mozilla Foundation reports:\n\n> An out-of-bounds write in the Graphite 2 library triggered with a\n> maliciously crafted Graphite font. This results in a potentially\n> exploitable crash. This issue was fixed in the Graphite 2 library as\n> well as Mozilla products.\n", "id": "FreeBSD-2017-0093", "modified": "2017-04-20T00:00:00Z", "published": "2017-04-19T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-10/" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-5436" }, { "type": "WEB", "url": "https://github.com/silnrsi/graphite/commit/1ce331d5548b" } ], "schema_version": "1.7.0", "summary": "graphite2 -- out-of-bounds write with malicious font" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "libevent" }, "ranges": [ { "events": [ { "fixed": "2.1.6" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "libevent2" }, "ranges": [ { "events": [ { "fixed": "2.1.6" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "linux-c6-libevent2" }, "ranges": [ { "events": [ { "fixed": "2.1.6" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "linux-c7-libevent" }, "ranges": [ { "events": [ { "fixed": "2.1.6" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://security-tracker.debian.org/tracker/DSA-3789-1" ], "discovery": "2017-01-31T00:00:00Z", "references": { "cvename": [ "CVE-2016-10195", "CVE-2016-10196", "CVE-2016-10197" ] }, "vid": "b8ee7a81-a879-4358-9b30-7dd1bd4c14b1" }, "details": "Debian Security reports:\n\n> CVE-2016-10195: The name_parse function in evdns.c in libevent before\n> 2.1.6-beta allows remote attackers to have unspecified impact via\n> vectors involving the label_len variable, which triggers an\n> out-of-bounds stack read.\n>\n> CVE-2016-10196: Stack-based buffer overflow in the\n> evutil_parse_sockaddr_port function in evutil.c in libevent before\n> 2.1.6-beta allows attackers to cause a denial of service (segmentation\n> fault) via vectors involving a long string in brackets in the\n> ip_as_string argument.\n>\n> CVE-2016-10197: The search_make_new function in evdns.c in libevent\n> before 2.1.6-beta allows attackers to cause a denial of service\n> (out-of-bounds read) via an empty hostname.\n", "id": "FreeBSD-2017-0092", "modified": "2017-04-19T00:00:00Z", "published": "2017-04-19T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://security-tracker.debian.org/tracker/DSA-3789-1" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2016-10195" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2016-10196" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2016-10197" }, { "type": "WEB", "url": "http://www.openwall.com/lists/oss-security/2017/01/31/17" }, { "type": "WEB", "url": "https://github.com/libevent/libevent/issues/317" }, { "type": "WEB", "url": "https://github.com/libevent/libevent/issues/318" }, { "type": "WEB", "url": "https://github.com/libevent/libevent/issues/332" }, { "type": "WEB", "url": "https://github.com/libevent/libevent/issues/335" } ], "schema_version": "1.7.0", "summary": "libevent -- multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "nss" }, "ranges": [ { "events": [ { "introduced": "3.30" }, { "fixed": "3.30.1" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "3.29" }, { "fixed": "3.29.5" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "3.22" }, { "fixed": "3.28.4" } ], "type": "ECOSYSTEM" }, { "events": [ { "fixed": "3.21.4" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "linux-f10-nss" }, "ranges": [ { "events": [ { "introduced": "3.30" }, { "fixed": "3.30.1" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "3.29" }, { "fixed": "3.29.5" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "3.22" }, { "fixed": "3.28.4" } ], "type": "ECOSYSTEM" }, { "events": [ { "fixed": "3.21.4" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "linux-c6-nss" }, "ranges": [ { "events": [ { "introduced": "3.30" }, { "fixed": "3.30.1" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "3.29" }, { "fixed": "3.29.5" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "3.22" }, { "fixed": "3.28.4" } ], "type": "ECOSYSTEM" }, { "events": [ { "fixed": "3.21.4" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "linux-c7-nss" }, "ranges": [ { "events": [ { "introduced": "3.30" }, { "fixed": "3.30.1" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "3.29" }, { "fixed": "3.29.5" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "3.22" }, { "fixed": "3.28.4" } ], "type": "ECOSYSTEM" }, { "events": [ { "fixed": "3.21.4" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://www.mozilla.org/en-US/security/advisories/mfsa2017-10/", "https://www.mozilla.org/en-US/security/advisories/mfsa2017-10/" ], "discovery": "2017-03-17T00:00:00Z", "references": { "cvename": [ "CVE-2017-5461", "CVE-2017-5462" ] }, "vid": "4cb165f0-6e48-423e-8147-92255d35c0f7" }, "details": "Mozilla Foundation reports:\n\n> An out-of-bounds write during Base64 decoding operation in the Network\n> Security Services (NSS) library due to insufficient memory being\n> allocated to the buffer. This results in a potentially exploitable\n> crash. The NSS library has been updated to fix this issue to address\n> this issue and Firefox 53 has been updated with NSS version 3.29.5.\n\n> A flaw in DRBG number generation within the Network Security Services\n> (NSS) library where the internal state V does not correctly carry bits\n> over. The NSS library has been updated to fix this issue to address\n> this issue and Firefox 53 has been updated with NSS version 3.29.5.\n", "id": "FreeBSD-2017-0091", "modified": "2017-04-19T00:00:00Z", "published": "2017-04-19T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-10/" }, { "type": "REPORT", "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-10/" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-5461" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-5462" }, { "type": "WEB", "url": "https://hg.mozilla.org/projects/nss/rev/99a86619eac9" }, { "type": "WEB", "url": "https://hg.mozilla.org/projects/nss/rev/e126381a3c29" } ], "schema_version": "1.7.0", "summary": "NSS -- multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "firefox" }, "ranges": [ { "events": [ { "fixed": "53.0_2,1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "seamonkey" }, "ranges": [ { "events": [ { "fixed": "2.49.1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "linux-seamonkey" }, "ranges": [ { "events": [ { "fixed": "2.49.1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "firefox-esr" }, "ranges": [ { "events": [ { "introduced": "46.0,1" }, { "fixed": "52.1.0_2,1" } ], "type": "ECOSYSTEM" }, { "events": [ { "fixed": "45.9.0,1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "linux-firefox" }, "ranges": [ { "events": [ { "introduced": "46.0,2" }, { "fixed": "52.1.0,2" } ], "type": "ECOSYSTEM" }, { "events": [ { "fixed": "45.9.0,2" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "libxul" }, "ranges": [ { "events": [ { "introduced": "46.0" }, { "fixed": "52.1.0" } ], "type": "ECOSYSTEM" }, { "events": [ { "fixed": "45.9.0" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "thunderbird" }, "ranges": [ { "events": [ { "introduced": "46.0" }, { "fixed": "52.1.0" } ], "type": "ECOSYSTEM" }, { "events": [ { "fixed": "45.9.0" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "linux-thunderbird" }, "ranges": [ { "events": [ { "introduced": "46.0" }, { "fixed": "52.1.0" } ], "type": "ECOSYSTEM" }, { "events": [ { "fixed": "45.9.0" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://www.mozilla.org/en-US/security/advisories/mfsa2017-10/" ], "discovery": "2017-04-19T00:00:00Z", "references": { "cvename": [ "CVE-2017-5433", "CVE-2017-5435", "CVE-2017-5436", "CVE-2017-5461", "CVE-2017-5459", "CVE-2017-5466", "CVE-2017-5434", "CVE-2017-5432", "CVE-2017-5460", "CVE-2017-5438", "CVE-2017-5439", "CVE-2017-5440", "CVE-2017-5441", "CVE-2017-5442", "CVE-2017-5464", "CVE-2017-5443", "CVE-2017-5444", "CVE-2017-5446", "CVE-2017-5447", "CVE-2017-5465", "CVE-2017-5448", "CVE-2017-5437", "CVE-2017-5454", "CVE-2017-5455", "CVE-2017-5456", "CVE-2017-5469", "CVE-2017-5445", "CVE-2017-5449", "CVE-2017-5450", "CVE-2017-5451", "CVE-2017-5462", "CVE-2017-5463", "CVE-2017-5467", "CVE-2017-5452", "CVE-2017-5453", "CVE-2017-5458", "CVE-2017-5468", "CVE-2017-5430", "CVE-2017-5429" ] }, "vid": "5e0a038a-ca30-416d-a2f5-38cbf5e7df33" }, "details": "Mozilla Foundation reports:\n\n> Please reference CVE/URL list for details\n", "id": "FreeBSD-2017-0090", "modified": "2017-09-19T00:00:00Z", "published": "2017-04-19T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-10/" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-5433" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-5435" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-5436" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-5461" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-5459" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-5466" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-5434" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-5432" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-5460" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-5438" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-5439" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-5440" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-5441" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-5442" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-5464" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-5443" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-5444" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-5446" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-5447" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-5465" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-5448" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-5437" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-5454" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-5455" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-5456" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-5469" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-5445" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-5449" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-5450" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-5451" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-5462" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-5463" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-5467" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-5452" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-5453" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-5458" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-5468" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-5430" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-5429" }, { "type": "WEB", "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-10/" }, { "type": "WEB", "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-11/" }, { "type": "WEB", "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-12/" } ], "schema_version": "1.7.0", "summary": "mozilla -- multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "mariadb55-server" }, "ranges": [ { "events": [ { "fixed": "5.5.55" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "mariadb100-server" }, "ranges": [ { "events": [ { "fixed": "10.0.31" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "mariadb101-server" }, "ranges": [ { "events": [ { "fixed": "10.1.23" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "mysql55-server" }, "ranges": [ { "events": [ { "fixed": "5.5.55" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "mysql56-server" }, "ranges": [ { "events": [ { "fixed": "5.6.36" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "mysql57-server" }, "ranges": [ { "events": [ { "fixed": "5.7.18" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html" ], "discovery": "2017-04-19T00:00:00Z", "references": { "cvename": [ "CVE-2017-3308", "CVE-2017-3309", "CVE-2017-3450", "CVE-2017-3599", "CVE-2017-3329", "CVE-2017-3600", "CVE-2017-3331", "CVE-2017-3453", "CVE-2017-3452", "CVE-2017-3454", "CVE-2017-3455", "CVE-2017-3305", "CVE-2017-3460", "CVE-2017-3456", "CVE-2017-3458", "CVE-2017-3457", "CVE-2017-3459", "CVE-2017-3463", "CVE-2017-3462", "CVE-2017-3461", "CVE-2017-3464", "CVE-2017-3465", "CVE-2017-3467", "CVE-2017-3468" ] }, "vid": "d9e01c35-2531-11e7-b291-b499baebfeaf" }, "details": "Oracle reports:\n\n> This Critical Patch Update contains 39 new security fixes for Oracle\n> MySQL. 11 of these vulnerabilities may be remotely exploitable without\n> authentication, i.e., may be exploited over a network without\n> requiring user credentials.\n", "id": "FreeBSD-2017-0089", "modified": "2017-04-19T00:00:00Z", "published": "2017-04-19T00:00:00Z", "references": [ { "type": "REPORT", "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html" }, { "type": "WEB", "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-3308" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-3309" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-3450" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-3599" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-3329" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-3600" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-3331" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-3453" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-3452" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-3454" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-3455" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-3305" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-3460" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-3456" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-3458" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-3457" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-3459" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-3463" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-3462" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-3461" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-3464" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-3465" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-3467" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-3468" } ], "schema_version": "1.7.0", "summary": "MySQL -- multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "bind99" }, "ranges": [ { "events": [ { "fixed": "9.9.9P8" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "bind910" }, "ranges": [ { "events": [ { "fixed": "9.10.4P8" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "bind911" }, "ranges": [ { "events": [ { "fixed": "9.11.0P5" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "bind9-devel" }, "ranges": [ { "events": [ { "last_affected": "9.12.0.a.2017.03.25" }, { "fixed": "9.12.0.a.2017.03.25" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://kb.isc.org/article/AA-01465/0", "https://kb.isc.org/article/AA-01466/0", "https://kb.isc.org/article/AA-01471/0" ], "discovery": "2017-04-12T00:00:00Z", "references": { "cvename": [ "CVE-2017-3136", "CVE-2017-3137", "CVE-2017-3138" ] }, "vid": "c6861494-1ffb-11e7-934d-d05099c0ae8c" }, "details": "ISC reports:\n\n> A query with a specific set of characteristics could cause a server\n> using DNS64 to encounter an assertion failure and terminate.\n>\n> An attacker could deliberately construct a query, enabling\n> denial-of-service against a server if it was configured to use the\n> DNS64 feature and other preconditions were met.\n\n> Mistaken assumptions about the ordering of records in the answer\n> section of a response containing CNAME or DNAME resource records could\n> lead to a situation in which named would exit with an assertion\n> failure when processing a response in which records occurred in an\n> unusual order.\n\n> named contains a feature which allows operators to issue commands to a\n> running server by communicating with the server process over a control\n> channel, using a utility program such as rndc.\n>\n> A regression introduced in a recent feature change has created a\n> situation under which some versions of named can be caused to exit\n> with a REQUIRE assertion failure if they are sent a null command\n> string.\n", "id": "FreeBSD-2017-0088", "modified": "2017-04-13T00:00:00Z", "published": "2017-04-13T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://kb.isc.org/article/AA-01465/0" }, { "type": "REPORT", "url": "https://kb.isc.org/article/AA-01466/0" }, { "type": "REPORT", "url": "https://kb.isc.org/article/AA-01471/0" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-3136" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-3137" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-3138" }, { "type": "WEB", "url": "https://kb.isc.org/article/AA-01465/0" }, { "type": "WEB", "url": "https://kb.isc.org/article/AA-01466/0" }, { "type": "WEB", "url": "https://kb.isc.org/article/AA-01471/0" } ], "schema_version": "1.7.0", "summary": "BIND -- multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "ioquake3" }, "ranges": [ { "events": [ { "fixed": "1.36_16" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "ioquake3-devel" }, "ranges": [ { "events": [ { "fixed": "g2930" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "iourbanterror" }, "ranges": [ { "events": [ { "fixed": "4.3.2,1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "openarena" }, "ranges": [ { "events": [ { "fixed": "0.8.8.s1910_3,1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "discovery": "2017-03-14T00:00:00Z", "references": { "cvename": [ "CVE-2017-6903" ] }, "vid": "e48355d7-1548-11e7-8611-0090f5f2f347" }, "details": "The content auto-download of id Tech 3 can be used to deliver\nmaliciously crafted content, that triggers downloading of further\ncontent and loading and executing it as native code with user\ncredentials. This affects ioquake3, ioUrbanTerror, OpenArena, the\noriginal Quake 3 Arena and other forks.\n", "id": "FreeBSD-2017-0087", "modified": "2017-04-07T00:00:00Z", "published": "2017-04-07T00:00:00Z", "references": [ { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-6903" }, { "type": "WEB", "url": "https://ioquake3.org/2017/03/13/important-security-update-please-update-ioquake3-immediately/" } ], "schema_version": "1.7.0", "summary": "id Tech 3 -- remote code execution vulnerability" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "xen-kernel" }, "ranges": [ { "events": [ { "fixed": "4.7.2_1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "http://xenbits.xen.org/xsa/advisory-206.html" ], "discovery": "2017-04-04T00:00:00Z", "references": { "cvename": [ "CVE-2017-7228" ] }, "vid": "90becf7c-1acf-11e7-970f-002590263bf5" }, "details": "The Xen Project reports:\n\n> The XSA-29 fix introduced an insufficient check on XENMEM_exchange\n> input, allowing the caller to drive hypervisor memory accesses outside\n> of the guest provided input/output arrays.\n>\n> A malicious or buggy 64-bit PV guest may be able to access all of\n> system memory, allowing for all of privilege escalation, host crashes,\n> and information leaks.\n", "id": "FreeBSD-2017-0086", "modified": "2017-04-06T00:00:00Z", "published": "2017-04-06T00:00:00Z", "references": [ { "type": "REPORT", "url": "http://xenbits.xen.org/xsa/advisory-206.html" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-7228" }, { "type": "WEB", "url": "https://xenbits.xen.org/xsa/advisory-212.html" } ], "schema_version": "1.7.0", "summary": "xen-kernel -- broken check in memory_exchange() permits PV guest breakout" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "curl" }, "ranges": [ { "events": [ { "introduced": "6.5" }, { "fixed": "7.53.1_1" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://curl.haxx.se/docs/adv_20170403.html" ], "discovery": "2017-04-03T00:00:00Z", "references": { "cvename": [ "CVE-2017-7407" ] }, "vid": "04f29189-1a05-11e7-bc6e-b499baebfeaf" }, "details": "The cURL project reports:\n\n> There were two bugs in curl\\'s parser for the command line option\n> \\--write-out (or -w for short) that would skip the end of string zero\n> byte if the string ended in a % (percent) or \\\\ (backslash), and it\n> would read beyond that buffer in the heap memory and it could then\n> potentially output pieces of that memory to the terminal or the target\n> file etc..\n>\n> This flaw only exists in the command line tool.\n>\n> We are not aware of any exploit of this flaw.\n", "id": "FreeBSD-2017-0085", "modified": "2017-04-06T00:00:00Z", "published": "2017-04-05T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://curl.haxx.se/docs/adv_20170403.html" }, { "type": "WEB", "url": "https://curl.haxx.se/docs/adv_20170403.html" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-7407" } ], "schema_version": "1.7.0", "summary": "cURL -- potential memory disclosure" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "py27-django" }, "ranges": [ { "events": [ { "fixed": "1.8.18" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "py33-django" }, "ranges": [ { "events": [ { "fixed": "1.8.18" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "py34-django" }, "ranges": [ { "events": [ { "fixed": "1.8.18" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "py35-django" }, "ranges": [ { "events": [ { "fixed": "1.8.18" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "py36-django" }, "ranges": [ { "events": [ { "fixed": "1.8.18" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "py27-django18" }, "ranges": [ { "events": [ { "fixed": "1.8.18" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "py33-django18" }, "ranges": [ { "events": [ { "fixed": "1.8.18" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "py34-django18" }, "ranges": [ { "events": [ { "fixed": "1.8.18" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "py35-django18" }, "ranges": [ { "events": [ { "fixed": "1.8.18" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "py36-django18" }, "ranges": [ { "events": [ { "fixed": "1.8.18" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "py27-django19" }, "ranges": [ { "events": [ { "fixed": "1.9.13" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "py33-django19" }, "ranges": [ { "events": [ { "fixed": "1.9.13" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "py34-django19" }, "ranges": [ { "events": [ { "fixed": "1.9.13" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "py35-django19" }, "ranges": [ { "events": [ { "fixed": "1.9.13" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "py36-django19" }, "ranges": [ { "events": [ { "fixed": "1.9.13" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "py27-django110" }, "ranges": [ { "events": [ { "fixed": "1.10.7" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "py33-django110" }, "ranges": [ { "events": [ { "fixed": "1.10.7" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "py34-django110" }, "ranges": [ { "events": [ { "fixed": "1.10.7" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "py35-django110" }, "ranges": [ { "events": [ { "fixed": "1.10.7" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "py36-django110" }, "ranges": [ { "events": [ { "fixed": "1.10.7" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://www.djangoproject.com/weblog/2017/apr/04/security-releases/" ], "discovery": "2017-04-04T00:00:00Z", "references": { "cvename": [ "CVE-2017-7233", "CVE-2017-7234" ] }, "vid": "dc880d6c-195d-11e7-8c63-0800277dcc69" }, "details": "Django team reports:\n\n> These release addresses two security issues detailed below. We\n> encourage all users of Django to upgrade as soon as possible.\n>\n> - Open redirect and possible XSS attack via user-supplied numeric\n> redirect URLs\n> - Open redirect vulnerability in django.views.static.serve()\n", "id": "FreeBSD-2017-0084", "modified": "2017-04-04T00:00:00Z", "published": "2017-04-04T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://www.djangoproject.com/weblog/2017/apr/04/security-releases/" }, { "type": "WEB", "url": "https://www.djangoproject.com/weblog/2017/apr/04/security-releases/" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-7233" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-7234" } ], "schema_version": "1.7.0", "summary": "django -- multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "asterisk13" }, "ranges": [ { "events": [ { "fixed": "13.14.1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "http://www.asterisk.org/downloads/security-advisories" ], "discovery": "2017-03-27T00:00:00Z", "vid": "356b02e9-1954-11e7-9608-001999f8d30b" }, "details": "The Asterisk project reports:\n\n> No size checking is done when setting the user field on a CDR. Thus,\n> it is possible for someone to use an arbitrarily large string and\n> write past the end of the user field storage buffer. This allows the\n> possibility of remote code injection.\n", "id": "FreeBSD-2017-0083", "modified": "2017-04-04T00:00:00Z", "published": "2017-04-04T00:00:00Z", "references": [ { "type": "REPORT", "url": "http://www.asterisk.org/downloads/security-advisories" }, { "type": "WEB", "url": "http://downloads.asterisk.org/pub/security/AST-2017-001.html" }, { "type": "WEB", "url": "https://issues.asterisk.org/jira/browse/ASTERISK-26897" } ], "schema_version": "1.7.0", "summary": "asterisk -- Buffer overflow in CDR's set user" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "nvidia-driver" }, "ranges": [ { "events": [ { "fixed": "375.39" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "nvidia-driver-340" }, "ranges": [ { "events": [ { "fixed": "340.102" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "nvidia-driver-304" }, "ranges": [ { "events": [ { "fixed": "304.135" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "http://nvidia.custhelp.com/app/answers/detail/a_id/4398" ], "discovery": "2017-02-14T00:00:00Z", "references": { "cvename": [ "CVE-2017-0309", "CVE-2017-0310", "CVE-2017-0311", "CVE-2017-0318", "CVE-2017-0321" ] }, "vid": "057e6616-1885-11e7-bb4d-a0d3c19bfa21" }, "details": "NVIDIA Unix security team reports:\n\n> NVIDIA GPU Display Driver contains vulnerabilities in the kernel mode\n> layer handler where multiple integer overflows, improper access\n> control, and improper validation of a user input may cause a denial of\n> service or potential escalation of privileges.\n", "id": "FreeBSD-2017-0082", "modified": "2017-04-04T00:00:00Z", "published": "2017-04-04T00:00:00Z", "references": [ { "type": "REPORT", "url": "http://nvidia.custhelp.com/app/answers/detail/a_id/4398" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-0309" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-0310" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-0311" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-0318" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-0321" }, { "type": "WEB", "url": "http://nvidia.custhelp.com/app/answers/detail/a_id/4398" } ], "schema_version": "1.7.0", "summary": "NVIDIA UNIX driver -- multiple vulnerabilities in the kernel mode layer handler" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "chromium" }, "ranges": [ { "events": [ { "fixed": "57.0.2987.133" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "chromium-npapi" }, "ranges": [ { "events": [ { "fixed": "57.0.2987.133" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "chromium-pulse" }, "ranges": [ { "events": [ { "fixed": "57.0.2987.133" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://chromereleases.googleblog.com/2017/03/stable-channel-update-for-desktop_29.html" ], "discovery": "2017-03-29T00:00:00Z", "references": { "cvename": [ "CVE-2017-5055", "CVE-2017-5054", "CVE-2017-5052", "CVE-2017-5056", "CVE-2017-5053" ] }, "vid": "7cf058d8-158d-11e7-ba2c-e8e0b747a45a" }, "details": "Google Chrome Releases reports:\n\n> 5 security fixes in this release, including:\n>\n> - \\[698622\\] Critical CVE-2017-5055: Use after free in printing.\n> Credit to Wadih Matar\n> - \\[699166\\] High CVE-2017-5054: Heap buffer overflow in V8. Credit to\n> Nicolas Trippar of Zimperium zLabs\n> - \\[662767\\] High CVE-2017-5052: Bad cast in Blink. Credit to\n> JeongHoon Shin\n> - \\[705445\\] High CVE-2017-5056: Use after free in Blink. Credit to\n> anonymous\n> - \\[702058\\] High CVE-2017-5053: Out of bounds memory access in V8.\n> Credit to Team Sniper (Keen Lab and PC Mgr) reported through ZDI\n> (ZDI-CAN-4587)\n", "id": "FreeBSD-2017-0081", "modified": "2017-03-30T00:00:00Z", "published": "2017-03-30T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://chromereleases.googleblog.com/2017/03/stable-channel-update-for-desktop_29.html" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-5055" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-5054" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-5052" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-5056" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-5053" }, { "type": "WEB", "url": "https://chromereleases.googleblog.com/2017/03/stable-channel-update-for-desktop_29.html" } ], "schema_version": "1.7.0", "summary": "chromium -- multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "xen-tools" }, "ranges": [ { "events": [ { "fixed": "4.7.2_1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "http://xenbits.xen.org/xsa/advisory-206.html" ], "discovery": "2017-03-28T00:00:00Z", "vid": "47873d72-14eb-11e7-970f-002590263bf5" }, "details": "The Xen Project reports:\n\n> Unprivileged guests may be able to stall progress of the control\n> domain or driver domain, possibly leading to a Denial of Service (DoS)\n> of the entire host.\n", "id": "FreeBSD-2017-0080", "modified": "2017-03-30T00:00:00Z", "published": "2017-03-30T00:00:00Z", "references": [ { "type": "REPORT", "url": "http://xenbits.xen.org/xsa/advisory-206.html" }, { "type": "WEB", "url": "http://xenbits.xen.org/xsa/advisory-206.html" } ], "schema_version": "1.7.0", "summary": "xen-tools -- xenstore denial of service via repeated update" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "phpMyAdmin" }, "ranges": [ { "events": [ { "fixed": "4.7.0" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://www.phpmyadmin.net/security/PMASA-2017-8/" ], "discovery": "2017-03-28T00:00:00Z", "vid": "68611303-149e-11e7-b9bb-6805ca0b3d42" }, "details": "The phpMyAdmin team reports:\n\n> ### Summary\n>\n> Bypass \\$cfg\\[\\'Servers\\'\\]\\[\\$i\\]\\[\\'AllowNoPassword\\'\\]\n>\n> ### Description\n>\n> A vulnerability was discovered where the restrictions caused by\n> \\$cfg\\[\\'Servers\\'\\]\\[\\$i\\]\\[\\'AllowNoPassword\\'\\] = false are\n> bypassed under certain PHP versions. This can allow the login of users\n> who have no password set even if the administrator has set\n> \\$cfg\\[\\'Servers\\'\\]\\[\\$i\\]\\[\\'AllowNoPassword\\'\\] to false (which is\n> also the default).\n>\n> This behavior depends on the PHP version used (it seems PHP 5 is\n> affected, while PHP 7.0 is not).\n>\n> ### Severity\n>\n> We consider this vulnerability to be of moderate severity.\n>\n> ### Mitigation factor\n>\n> Set a password for all users.\n", "id": "FreeBSD-2017-0079", "modified": "2017-03-29T00:00:00Z", "published": "2017-03-29T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://www.phpmyadmin.net/security/PMASA-2017-8/" }, { "type": "WEB", "url": "https://www.phpmyadmin.net/security/PMASA-2017-8/" } ], "schema_version": "1.7.0", "summary": "phpMyAdmin -- bypass 'no password' restriction" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "samba36" }, "ranges": [ { "events": [ { "introduced": "3.6.0" }, { "last_affected": "3.6.25_4" }, { "fixed": "3.6.25_4" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "samba4" }, "ranges": [ { "events": [ { "introduced": "4.0.0" }, { "last_affected": "4.0.26" }, { "fixed": "4.0.26" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "samba41" }, "ranges": [ { "events": [ { "introduced": "4.1.0" }, { "last_affected": "4.1.23" }, { "fixed": "4.1.23" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "samba42" }, "ranges": [ { "events": [ { "introduced": "4.2.0" }, { "last_affected": "4.2.14" }, { "fixed": "4.2.14" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "samba43" }, "ranges": [ { "events": [ { "introduced": "4.3.0" }, { "last_affected": "4.3.13" }, { "fixed": "4.3.13" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "samba44" }, "ranges": [ { "events": [ { "introduced": "4.4.0" }, { "fixed": "4.4.12" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "samba45" }, "ranges": [ { "events": [ { "introduced": "4.5.0" }, { "fixed": "4.5.7" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "samba46" }, "ranges": [ { "events": [ { "introduced": "4.6.0" }, { "fixed": "4.6.1" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://www.samba.org/samba/security/CVE-2017-2619.html" ], "discovery": "2017-03-23T00:00:00Z", "references": { "cvename": [ "CVE-2017-2619" ] }, "vid": "2826317b-10ec-11e7-944e-000c292e4fd8" }, "details": "Samba team reports:\n\n> A time-of-check, time-of-use race condition can allow clients to\n> access non-exported parts of the file system via symlinks.\n", "id": "FreeBSD-2017-0078", "modified": "2017-03-24T00:00:00Z", "published": "2017-03-24T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://www.samba.org/samba/security/CVE-2017-2619.html" }, { "type": "WEB", "url": "https://www.samba.org/samba/security/CVE-2017-2619.html" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-2619" } ], "schema_version": "1.7.0", "summary": "samba -- symlink race allows access outside share definition" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "xen-tools" }, "ranges": [ { "events": [ { "fixed": "4.7.2" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "http://xenbits.xen.org/xsa/advisory-211.html" ], "discovery": "2017-03-14T00:00:00Z", "references": { "cvename": [ "CVE-2016-9603" ] }, "vid": "af19ecd0-0f6a-11e7-970f-002590263bf5" }, "details": "The Xen Project reports:\n\n> A privileged user within the guest VM can cause a heap overflow in the\n> device model process, potentially escalating their privileges to that\n> of the device model process.\n", "id": "FreeBSD-2017-0077", "modified": "2017-03-23T00:00:00Z", "published": "2017-03-23T00:00:00Z", "references": [ { "type": "REPORT", "url": "http://xenbits.xen.org/xsa/advisory-211.html" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2016-9603" }, { "type": "WEB", "url": "http://xenbits.xen.org/xsa/advisory-211.html" } ], "schema_version": "1.7.0", "summary": "xen-tools -- Cirrus VGA Heap overflow via display refresh" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "irssi" }, "ranges": [ { "events": [ { "introduced": "0.8.21,1,1" }, { "fixed": "1.0.2,1" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://irssi.org/security/irssi_sa_2017_03.txt" ], "discovery": "2017-03-11T00:00:00Z", "references": { "cvename": [ "CVE-2017-7191" ] }, "vid": "06f931c0-0be0-11e7-b4bf-5404a68ad561" }, "details": "The irssi project reports:\n\n> Use after free while producing list of netjoins (CWE-416). This issue\n> was found and reported to us by APic. This issue usually leads to\n> segmentation faults. Targeted code execution should be difficult.\n", "id": "FreeBSD-2017-0076", "modified": "2017-03-18T00:00:00Z", "published": "2017-03-18T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://irssi.org/security/irssi_sa_2017_03.txt" }, { "type": "WEB", "url": "https://irssi.org/security/irssi_sa_2017_03.txt" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-7191" } ], "schema_version": "1.7.0", "summary": "irssi -- use-after-free potential code execution" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "mariadb55-client" }, "ranges": [ { "events": [ { "last_affected": "5.5.54" }, { "fixed": "5.5.54" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "mariadb100-client" }, "ranges": [ { "events": [ { "fixed": "10.0.30" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "mariadb101-client" }, "ranges": [ { "events": [ { "fixed": "10.1.22" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "mysql55-client" }, "ranges": [ { "events": [ { "last_affected": "5.5.54" }, { "fixed": "5.5.54" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "mysql56-client" }, "ranges": [ { "events": [ { "fixed": "5.6.21" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "mysql57-client" }, "ranges": [ { "events": [ { "fixed": "5.7.5" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "http://www.openwall.com/lists/oss-security/2017/02/11/11" ], "discovery": "2017-01-27T00:00:00Z", "references": { "cvename": [ "CVE-2017-3302" ] }, "vid": "7c27192f-0bc3-11e7-9940-b499baebfeaf" }, "details": "Openwall reports:\n\n> C client library for MySQL (libmysqlclient.so) has use-after-free\n> defect which can cause crash of applications using that MySQL client.\n", "id": "FreeBSD-2017-0075", "modified": "2017-03-18T00:00:00Z", "published": "2017-03-18T00:00:00Z", "references": [ { "type": "REPORT", "url": "http://www.openwall.com/lists/oss-security/2017/02/11/11" }, { "type": "WEB", "url": "http://www.openwall.com/lists/oss-security/2017/02/11/11" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-3302" } ], "schema_version": "1.7.0", "summary": "mysql -- denial of service vulnerability" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "firefox" }, "ranges": [ { "events": [ { "fixed": "52.0.1,1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://www.mozilla.org/en-US/security/advisories/mfsa2017-08/" ], "discovery": "2017-03-17T00:00:00Z", "references": { "cvename": [ "CVE-2017-5428" ] }, "vid": "5f453b69-abab-4e76-b6e5-2ed0bafcaee3" }, "details": "The Mozilla Foundation reports:\n\n> An integer overflow in createImageBitmap() was reported through the\n> Pwn2Own contest. The fix for this vulnerability disables the\n> experimental extensions to the createImageBitmap API. This function\n> runs in the content sandbox, requiring a second vulnerability to\n> compromise a user\\'s computer.\n", "id": "FreeBSD-2017-0074", "modified": "2017-03-18T00:00:00Z", "published": "2017-03-18T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-08/" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-5428" }, { "type": "WEB", "url": "https://www.mozilla.org/security/advisories/mfsa2017-08/" } ], "schema_version": "1.7.0", "summary": "firefox -- integer overflow in createImageBitmap()" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "moodle29" }, "ranges": [ { "events": [ { "last_affected": "2.9.9" }, { "fixed": "2.9.9" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "moodle30" }, "ranges": [ { "events": [ { "fixed": "3.0.9" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "moodle31" }, "ranges": [ { "events": [ { "fixed": "3.1.5" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "moodle32" }, "ranges": [ { "events": [ { "fixed": "3.2.2" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://moodle.org/news/#p1408104" ], "discovery": "2017-03-13T00:00:00Z", "vid": "df45b4bd-0b7f-11e7-970f-002590263bf5" }, "details": "Marina Glancy reports:\n\n> In addition to a number of bug fixes and small improvements, security\n> vulnerabilities have been discovered and fixed. We highly recommend\n> that you upgrade your sites as soon as possible. Upgrading should be\n> very straightforward. As per our usual policy, admins of all\n> registered Moodle sites will be notified of security issue details\n> directly via email and we\\'ll publish details more widely in a week.\n", "id": "FreeBSD-2017-0073", "modified": "2017-03-18T00:00:00Z", "published": "2017-03-18T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://moodle.org/news/#p1408104" }, { "type": "WEB", "url": "https://moodle.org/news/#p1408104" } ], "schema_version": "1.7.0", "summary": "moodle -- multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "moodle29" }, "ranges": [ { "events": [ { "last_affected": "2.9.9" }, { "fixed": "2.9.9" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "moodle30" }, "ranges": [ { "events": [ { "fixed": "3.0.8" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "moodle31" }, "ranges": [ { "events": [ { "fixed": "3.1.4" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "moodle32" }, "ranges": [ { "events": [ { "fixed": "3.2.1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://moodle.org/security/" ], "discovery": "2017-01-17T00:00:00Z", "references": { "cvename": [ "CVE-2017-2576", "CVE-2017-2578", "CVE-2016-10045" ] }, "vid": "f72d98d1-0b7e-11e7-970f-002590263bf5" }, "details": "Marina Glancy reports:\n\n> - MSA-17-0001: System file inclusion when adding own preset file in\n> Boost theme\n>\n> - MSA-17-0002: Incorrect sanitation of attributes in forums\n>\n> - MSA-17-0003: PHPMailer vulnerability in no-reply address\n>\n> - MSA-17-0004: XSS in assignment submission page\n", "id": "FreeBSD-2017-0072", "modified": "2020-06-24T00:00:00Z", "published": "2017-03-18T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://moodle.org/security/" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-2576" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-2578" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2016-10045" }, { "type": "WEB", "url": "https://moodle.org/security/" } ], "schema_version": "1.7.0", "summary": "moodle -- multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "drupal8" }, "ranges": [ { "events": [ { "fixed": "8.2.7" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://www.drupal.org/SA-2017-001" ], "discovery": "2017-03-15T00:00:00Z", "references": { "cvename": [ "CVE-2017-6377", "CVE-2017-6379", "CVE-2017-6381" ] }, "vid": "2730c668-0b1c-11e7-8d52-6cf0497db129" }, "details": "Drupal Security Team reports:\n\n> CVE-2017-6377: Editor module incorrectly checks access to inline\n> private files\n>\n> CVE-2017-6379: Some admin paths were not protected with a CSRF token\n>\n> CVE-2017-6381: Remote code execution\n", "id": "FreeBSD-2017-0071", "modified": "2017-03-17T00:00:00Z", "published": "2017-03-17T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://www.drupal.org/SA-2017-001" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-6377" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-6379" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-6381" }, { "type": "WEB", "url": "https://www.drupal.org/SA-2017-001" } ], "schema_version": "1.7.0", "summary": "drupal8 -- multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "putty" }, "ranges": [ { "events": [ { "fixed": "0.68" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "http://www.chiark.greenend.org.uk/~sgtatham/putty/wishlist/vuln-agent-fwd-overflow.html" ], "discovery": "2017-01-29T00:00:00Z", "references": { "cvename": [ "CVE-2017-6542" ] }, "vid": "9b973e97-0a99-11e7-ace7-080027ef73ec" }, "details": "Simon G. Tatham reports:\n\n> Many versions of PuTTY prior to 0.68 have a heap-corrupting integer\n> overflow bug in the ssh_agent_channel_data function which processes\n> messages sent by remote SSH clients to a forwarded agent connection.\n> \\[\\...\\]\n>\n> This bug is only exploitable at all if you have enabled SSH agent\n> forwarding, which is turned off by default. Moreover, an attacker able\n> to exploit this bug would have to have already be able to connect to\n> the Unix-domain socket representing the forwarded agent connection.\n> Since any attacker with that capability would necessarily already be\n> able to generate signatures with your agent\\'s stored private keys,\n> you should in normal circumstances be defended against this\n> vulnerability by the same precautions you and your operating system\n> were already taking to prevent untrusted people from accessing your\n> SSH agent.\n", "id": "FreeBSD-2017-0070", "modified": "2017-03-16T00:00:00Z", "published": "2017-03-16T00:00:00Z", "references": [ { "type": "REPORT", "url": "http://www.chiark.greenend.org.uk/~sgtatham/putty/wishlist/vuln-agent-fwd-overflow.html" }, { "type": "WEB", "url": "http://www.chiark.greenend.org.uk/~sgtatham/putty/wishlist/vuln-agent-fwd-overflow.html" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-6542" } ], "schema_version": "1.7.0", "summary": "PuTTY -- integer overflow permits memory overwrite by forwarded ssh-agent connections" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "linux-flashplayer" }, "ranges": [ { "events": [ { "fixed": "25.0.0.127" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://helpx.adobe.com/security/products/flash-player/apsb17-07.html" ], "discovery": "2017-03-14T00:00:00Z", "references": { "cvename": [ "CVE-2017-2997", "CVE-2017-2998", "CVE-2017-2999", "CVE-2017-3000", "CVE-2017-3001", "CVE-2017-3002", "CVE-2017-3003" ] }, "vid": "4ffb633c-0a3b-11e7-a9f2-0011d823eebd" }, "details": "Adobe reports:\n\n> - These updates resolve a buffer overflow vulnerability that could\n> lead to code execution (CVE-2017-2997).\n> - These updates resolve memory corruption vulnerabilities that could\n> lead to code execution (CVE-2017-2998, CVE-2017-2999).\n> - These updates resolve a random number generator vulnerability used\n> for constant blinding that could lead to information disclosure\n> (CVE-2017-3000).\n> - These updates resolve use-after-free vulnerabilities that could lead\n> to code execution (CVE-2017-3001, CVE-2017-3002, CVE-2017-3003).\n", "id": "FreeBSD-2017-0069", "modified": "2017-03-16T00:00:00Z", "published": "2017-03-16T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://helpx.adobe.com/security/products/flash-player/apsb17-07.html" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-2997" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-2998" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-2999" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-3000" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-3001" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-3002" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-3003" }, { "type": "WEB", "url": "https://helpx.adobe.com/security/products/flash-player/apsb17-07.html" } ], "schema_version": "1.7.0", "summary": "Flash Player -- multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "mbedtls" }, "ranges": [ { "events": [ { "fixed": "2.4.2" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "polarssl13" }, "ranges": [ { "events": [ { "fixed": "1.3.19" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://tls.mbed.org/tech-updates/security-advisories/mbedtls-security-advisory-2017-01" ], "discovery": "2017-03-11T00:00:00Z", "vid": "f41e3e54-076b-11e7-a9f2-0011d823eebd" }, "details": "Janos Follath reports:\n\n> - If a malicious peer supplies a certificate with a specially crafted\n> secp224k1 public key, then an attacker can cause the server or\n> client to attempt to free block of memory held on stack. Depending\n> on the platform, this could result in a Denial of Service (client\n> crash) or potentially could be exploited to allow remote code\n> execution with the same privileges as the host application.\n> - If the client and the server both support MD5 and the client can be\n> tricked to authenticate to a malicious server, then the malicious\n> server can impersonate the client. To launch this man in the middle\n> attack, the adversary has to compute a chosen-prefix MD5 collision\n> in real time. This is very expensive computationally, but can be\n> practical. Depending on the platform, this could result in a Denial\n> of Service (client crash) or potentially could be exploited to allow\n> remote code execution with the same privileges as the host\n> application.\n> - A bug in the logic of the parsing of a PEM encoded Certificate\n> Revocation List in mbedtls_x509_crl_parse() can result in an\n> infinite loop. In versions before 1.3.10 the same bug results in an\n> infinite recursion stack overflow that usually crashes the\n> application. Methods and means of acquiring the CRLs is not part of\n> the TLS handshake and in the strict TLS setting this vulnerability\n> cannot be triggered remotely. The vulnerability cannot be triggered\n> unless the application explicitly calls mbedtls_x509_crl_parse() or\n> mbedtls_x509_crl_parse_file()on a PEM formatted CRL of untrusted\n> origin. In which case the vulnerability can be exploited to launch a\n> denial of service attack against the application.\n", "id": "FreeBSD-2017-0068", "modified": "2017-03-12T00:00:00Z", "published": "2017-03-12T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://tls.mbed.org/tech-updates/security-advisories/mbedtls-security-advisory-2017-01" }, { "type": "WEB", "url": "https://tls.mbed.org/tech-updates/security-advisories/mbedtls-security-advisory-2017-01" } ], "schema_version": "1.7.0", "summary": "mbed TLS (PolarSSL) -- multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "chromium" }, "ranges": [ { "events": [ { "fixed": "57.0.2987.98" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "chromium-npapi" }, "ranges": [ { "events": [ { "fixed": "57.0.2987.98" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "chromium-pulse" }, "ranges": [ { "events": [ { "fixed": "57.0.2987.98" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://chromereleases.googleblog.com/2017/03/stable-channel-update-for-desktop.html" ], "discovery": "2017-03-09T00:00:00Z", "references": { "cvename": [ "CVE-2017-5030", "CVE-2017-5031", "CVE-2017-5032", "CVE-2017-5029", "CVE-2017-5034", "CVE-2017-5035", "CVE-2017-5036", "CVE-2017-5037", "CVE-2017-5039", "CVE-2017-5040", "CVE-2017-5041", "CVE-2017-5033", "CVE-2017-5042", "CVE-2017-5038", "CVE-2017-5043", "CVE-2017-5044", "CVE-2017-5045", "CVE-2017-5046" ] }, "vid": "a505d397-0758-11e7-8d8b-e8e0b747a45a" }, "details": "Google Chrome Releases reports:\n\n> 36 security fixes in this release\n>\n> Please reference CVE/URL list for details\n", "id": "FreeBSD-2017-0067", "modified": "2017-03-12T00:00:00Z", "published": "2017-03-12T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://chromereleases.googleblog.com/2017/03/stable-channel-update-for-desktop.html" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-5030" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-5031" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-5032" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-5029" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-5034" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-5035" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-5036" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-5037" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-5039" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-5040" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-5041" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-5033" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-5042" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-5038" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-5043" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-5044" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-5045" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-5046" }, { "type": "WEB", "url": "https://chromereleases.googleblog.com/2017/03/stable-channel-update-for-desktop.html" } ], "schema_version": "1.7.0", "summary": "chromium -- multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "bouncycastle15" }, "ranges": [ { "events": [ { "introduced": "1.51" }, { "fixed": "1.56" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://www.bouncycastle.org/releasenotes.html" ], "discovery": "2016-12-23T00:00:00Z", "references": { "freebsdpr": [ "ports/215507" ] }, "vid": "89cf8cd2-0698-11e7-aa3f-001b216d295b" }, "details": "The Legion of the Bouncy Castle reports:\n\n> Release: 1.56\n>\n> 2.1.4 Security Related Changes and CVE\\'s Addressed by this Release:\n> (multiple)\n", "id": "FreeBSD-2017-0066", "modified": "2017-03-12T00:00:00Z", "published": "2017-03-12T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://www.bouncycastle.org/releasenotes.html" }, { "type": "REPORT", "url": "https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=215507" }, { "type": "WEB", "url": "https://www.bouncycastle.org/releasenotes.html" } ], "schema_version": "1.7.0", "summary": "Several Security Defects in the Bouncy Castle Crypto APIs" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "kde-runtime" }, "ranges": [ { "events": [ { "fixed": "4.14.3_5" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://www.kde.org/info/security/advisory-20160930-1.txt" ], "discovery": "2016-09-30T00:00:00Z", "references": { "cvename": [ "CVE-2016-7787" ] }, "vid": "41fe4724-06a2-11e7-8e3e-5453ed2e2b49" }, "details": "Albert Aastals Cid reports:\n\n> A maliciously crafted command line for kdesu can result in the user\n> only seeing part of the commands that will actually get executed as\n> super user.\n", "id": "FreeBSD-2017-0065", "modified": "2017-03-11T00:00:00Z", "published": "2017-03-11T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://www.kde.org/info/security/advisory-20160930-1.txt" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2016-7787" }, { "type": "DISCUSSION", "url": "http://www.openwall.com/lists/oss-security/2016/09/29/7" }, { "type": "WEB", "url": "https://www.kde.org/info/security/advisory-20160930-1.txt" } ], "schema_version": "1.7.0", "summary": "kde-runtime -- kdesu: displayed command truncated by unicode string terminator" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "kdepimlibs" }, "ranges": [ { "events": [ { "fixed": "4.14.10_7" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://www.kde.org/info/security/advisory-20170227-1.txt" ], "discovery": "2017-02-27T00:00:00Z", "vid": "e550fc62-069a-11e7-8e3e-5453ed2e2b49" }, "details": "Albert Aastals Cid reports:\n\n> A directory traversal issue was found in KTNEF which can be exploited\n> by tricking a user into opening a malicious winmail.dat file. The\n> issue allows to write files with the permission of the user opening\n> the winmail.dat file during extraction.\n", "id": "FreeBSD-2017-0064", "modified": "2017-03-11T00:00:00Z", "published": "2017-03-11T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://www.kde.org/info/security/advisory-20170227-1.txt" }, { "type": "WEB", "url": "https://www.kde.org/info/security/advisory-20170227-1.txt" } ], "schema_version": "1.7.0", "summary": "kdepimlibs -- directory traversal on KTNEF" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "kdelibs" }, "ranges": [ { "events": [ { "fixed": "4.14.29_10" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "kf5-kio" }, "ranges": [ { "events": [ { "fixed": "5.31.0_1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://www.kde.org/info/security/advisory-20170228-1.txt" ], "discovery": "2017-02-28T00:00:00Z", "vid": "f714d8ab-028e-11e7-8042-50e549ebab6c" }, "details": "Albert Astals Cid reports:\n\n> Using a malicious PAC file, and then using exfiltration methods in the\n> PAC function FindProxyForURL() enables the attacker to expose full\n> https URLs.\n>\n> This is a security issue since https URLs may contain sensitive\n> information in the URL authentication part (user:password@host), and\n> in the path and the query (e.g. access tokens).\n>\n> This attack can be carried out remotely (over the LAN) since proxy\n> settings allow \\\"Detect Proxy Configuration Automatically\\\". This\n> setting uses WPAD to retrieve the PAC file, and an attacker who has\n> access to the victim\\'s LAN can interfere with the WPAD protocols\n> (DHCP/DNS+HTTP) and inject his/her own malicious PAC instead of the\n> legitimate one.\n", "id": "FreeBSD-2017-0063", "modified": "2017-03-11T00:00:00Z", "published": "2017-03-11T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://www.kde.org/info/security/advisory-20170228-1.txt" }, { "type": "WEB", "url": "https://www.kde.org/info/security/advisory-20170228-1.txt" } ], "schema_version": "1.7.0", "summary": "kio: Information Leak when accessing https when using a malicious PAC file" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "wordpress" }, "ranges": [ { "events": [ { "fixed": "4.7.3,1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "de-wordpress" }, "ranges": [ { "events": [ { "fixed": "4.7.3" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "ja-wordpress" }, "ranges": [ { "events": [ { "fixed": "4.7.3" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "ru-wordpress" }, "ranges": [ { "events": [ { "fixed": "4.7.3" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "zh-wordpress-zh_CN" }, "ranges": [ { "events": [ { "fixed": "4.7.3" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "zh-wordpress-zh_TW" }, "ranges": [ { "events": [ { "fixed": "4.7.3" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://wordpress.org/news/2017/03/wordpress-4-7-3-security-and-maintenance-release/" ], "discovery": "2017-03-07T00:00:00Z", "vid": "82752070-0349-11e7-b48d-00e04c1ea73d" }, "details": "> WordPress versions 4.7.2 and earlier are affected by six security\n> issues.\n>\n> - Cross-site scripting (XSS) via media file metadata.\n> - Control characters can trick redirect URL validation.\n> - Unintended files can be deleted by administrators using the plugin\n> deletion functionality.\n> - Cross-site scripting (XSS) via video URL in YouTube embeds.\n> - Cross-site scripting (XSS) via taxonomy term names.\n> - Cross-site request forgery (CSRF) in Press This leading to excessive\n> use of server resources.\n", "id": "FreeBSD-2017-0062", "modified": "2017-03-07T00:00:00Z", "published": "2017-03-07T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://wordpress.org/news/2017/03/wordpress-4-7-3-security-and-maintenance-release/" }, { "type": "WEB", "url": "http://www.openwall.com/lists/oss-security/2017/03/07/3" }, { "type": "WEB", "url": "https://wordpress.org/news/2017/03/wordpress-4-7-3-security-and-maintenance-release/" } ], "schema_version": "1.7.0", "summary": "wordpress -- multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "firefox" }, "ranges": [ { "events": [ { "fixed": "52.0_1,1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "seamonkey" }, "ranges": [ { "events": [ { "fixed": "2.49" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "linux-seamonkey" }, "ranges": [ { "events": [ { "fixed": "2.49" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "firefox-esr" }, "ranges": [ { "events": [ { "introduced": "46.0,1" }, { "fixed": "52.0,1" } ], "type": "ECOSYSTEM" }, { "events": [ { "fixed": "45.8.0_1,1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "linux-firefox" }, "ranges": [ { "events": [ { "introduced": "46.0,2" }, { "fixed": "52.0,2" } ], "type": "ECOSYSTEM" }, { "events": [ { "fixed": "45.8.0_1,2" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "libxul" }, "ranges": [ { "events": [ { "introduced": "46.0" }, { "fixed": "52.0" } ], "type": "ECOSYSTEM" }, { "events": [ { "fixed": "45.8.0_1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "thunderbird" }, "ranges": [ { "events": [ { "introduced": "46.0" }, { "fixed": "52.0" } ], "type": "ECOSYSTEM" }, { "events": [ { "fixed": "45.8.0" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "linux-thunderbird" }, "ranges": [ { "events": [ { "introduced": "46.0" }, { "fixed": "52.0" } ], "type": "ECOSYSTEM" }, { "events": [ { "fixed": "45.8.0" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://www.mozilla.org/en-US/security/advisories/mfsa2017-05/" ], "discovery": "2017-03-07T00:00:00Z", "references": { "cvename": [ "CVE-2017-5400", "CVE-2017-5401", "CVE-2017-5402", "CVE-2017-5403", "CVE-2017-5404", "CVE-2017-5406", "CVE-2017-5407", "CVE-2017-5410", "CVE-2017-5411", "CVE-2017-5409", "CVE-2017-5408", "CVE-2017-5412", "CVE-2017-5413", "CVE-2017-5414", "CVE-2017-5415", "CVE-2017-5416", "CVE-2017-5417", "CVE-2017-5425", "CVE-2017-5426", "CVE-2017-5427", "CVE-2017-5418", "CVE-2017-5419", "CVE-2017-5420", "CVE-2017-5405", "CVE-2017-5421", "CVE-2017-5422", "CVE-2017-5399", "CVE-2017-5398" ] }, "vid": "96eca031-1313-4daf-9be2-9d6e1c4f1eb5" }, "details": "Mozilla Foundation reports:\n\n> Please reference CVE/URL list for details\n", "id": "FreeBSD-2017-0061", "modified": "2017-03-07T00:00:00Z", "published": "2017-03-07T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-05/" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-5400" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-5401" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-5402" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-5403" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-5404" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-5406" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-5407" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-5410" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-5411" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-5409" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-5408" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-5412" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-5413" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-5414" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-5415" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-5416" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-5417" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-5425" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-5426" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-5427" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-5418" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-5419" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-5420" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-5405" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-5421" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-5422" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-5399" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-5398" }, { "type": "WEB", "url": "https://www.mozilla.org/security/advisories/mfsa2017-05/" }, { "type": "WEB", "url": "https://www.mozilla.org/security/advisories/mfsa2017-06/" } ], "schema_version": "1.7.0", "summary": "mozilla -- multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "codeigniter" }, "ranges": [ { "events": [ { "fixed": "3.1.3" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://www.codeigniter.com/user_guide/changelog.html" ], "discovery": "2017-01-09T00:00:00Z", "vid": "71ebbc50-01c1-11e7-ae1b-002590263bf5" }, "details": "The CodeIgniter changelog reports:\n\n> Fixed an XSS vulnerability in Security Library method xss_clean().\n>\n> Fixed a possible file inclusion vulnerability in Loader Library method\n> vars().\n>\n> Fixed a possible remote code execution vulnerability in the Email\n> Library when 'mail' or 'sendmail' are used (thanks to Paul Buonopane\n> from NamePros).\n>\n> Added protection against timing side-channel attacks in Security\n> Library method csrf_verify().\n>\n> Added protection against BREACH attacks targeting the CSRF token field\n> generated by Form Helper function form_open().\n", "id": "FreeBSD-2017-0060", "modified": "2017-03-05T00:00:00Z", "published": "2017-03-05T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://www.codeigniter.com/user_guide/changelog.html" }, { "type": "WEB", "url": "https://www.codeigniter.com/user_guide/changelog.html" } ], "schema_version": "1.7.0", "summary": "codeigniter -- multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "ikiwiki" }, "ranges": [ { "events": [ { "fixed": "3.20170111" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://ikiwiki.info/security/#index48h2" ], "discovery": "2017-01-11T00:00:00Z", "references": { "cvename": [ "CVE-2017-0356" ] }, "vid": "7b35a77a-0151-11e7-ae1b-002590263bf5" }, "details": "ikiwiki reports:\n\n> The ikiwiki maintainers discovered further flaws similar to\n> CVE-2016-9646 in the passwordauth plugin\\'s use of CGI::FormBuilder,\n> with a more serious impact:\n>\n> An attacker who can log in to a site with a password can log in as a\n> different and potentially more privileged user.\n>\n> An attacker who can create a new account can set arbitrary fields in\n> the user database for that account\n", "id": "FreeBSD-2017-0059", "modified": "2017-03-05T00:00:00Z", "published": "2017-03-05T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://ikiwiki.info/security/#index48h2" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-0356" }, { "type": "WEB", "url": "https://ikiwiki.info/security/#index48h2" } ], "schema_version": "1.7.0", "summary": "ikiwiki -- authentication bypass vulnerability" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "ikiwiki" }, "ranges": [ { "events": [ { "fixed": "3.20161229" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10026", "https://ikiwiki.info/security/#index47h2" ], "discovery": "2016-12-19T00:00:00Z", "references": { "cvename": [ "CVE-2016-10026", "CVE-2016-9645", "CVE-2016-9646" ] }, "vid": "5ed094a0-0150-11e7-ae1b-002590263bf5" }, "details": "Mitre reports:\n\n> ikiwiki 3.20161219 does not properly check if a revision changes the\n> access permissions for a page on sites with the git and recentchanges\n> plugins and the CGI interface enabled, which allows remote attackers\n> to revert certain changes by leveraging permissions to change the page\n> before the revision was made.\n\n> When CGI::FormBuilder-\\>field(\\\"foo\\\") is called in list context (and\n> in particular in the arguments to a subroutine that takes named\n> arguments), it can return zero or more values for foo from the CGI\n> request, rather than the expected single value. This breaks the usual\n> Perl parsing convention for named arguments, similar to CVE-2014-1572\n> in Bugzilla (which was caused by a similar API design issue in\n> CGI.pm).\n", "id": "FreeBSD-2017-0058", "modified": "2017-03-05T00:00:00Z", "published": "2017-03-05T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10026" }, { "type": "REPORT", "url": "https://ikiwiki.info/security/#index47h2" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2016-10026" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2016-9645" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2016-9646" }, { "type": "WEB", "url": "https://ikiwiki.info/security/#index46h2" }, { "type": "WEB", "url": "https://ikiwiki.info/security/#index47h2" } ], "schema_version": "1.7.0", "summary": "ikiwiki -- multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "potrace" }, "ranges": [ { "events": [ { "fixed": "1.13" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://sourceforge.net/p/potrace/news/2017/02/potrace-114-released/" ], "discovery": "2016-10-15T00:00:00Z", "references": { "cvename": [ "CVE-2016-8685", "CVE-2016-8686" ] }, "vid": "f4eb9a25-fde0-11e6-9ad0-b8aeed92ecc4" }, "details": "potrace reports:\n\n> CVE-2016-8685: invalid memory access in findnext\n>\n> CVE-2016-8686: memory allocation failure\n", "id": "FreeBSD-2017-0057", "modified": "2017-02-28T00:00:00Z", "published": "2017-02-28T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://sourceforge.net/p/potrace/news/2017/02/potrace-114-released/" }, { "type": "WEB", "url": "https://sourceforge.net/p/potrace/news/2017/02/potrace-114-released/" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2016-8685" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2016-8686" } ], "schema_version": "1.7.0", "summary": "potrace -- multiple memory failure" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "musicpd" }, "ranges": [ { "events": [ { "fixed": "0.20.5" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "http://git.musicpd.org/cgit/master/mpd.git/plain/NEWS?h=v0.20.5" ], "discovery": "2017-02-18T00:00:00Z", "vid": "765d165b-fbfe-11e6-aae7-5404a68ad561" }, "details": "The MPD project reports:\n\n> httpd: fix two buffer overflows in IcyMetaData length calculation\n", "id": "FreeBSD-2017-0056", "modified": "2017-02-26T00:00:00Z", "published": "2017-02-26T00:00:00Z", "references": [ { "type": "REPORT", "url": "http://git.musicpd.org/cgit/master/mpd.git/plain/NEWS?h=v0.20.5" }, { "type": "WEB", "url": "http://git.musicpd.org/cgit/master/mpd.git/plain/NEWS?h=v0.20.5" } ], "schema_version": "1.7.0", "summary": "MPD -- buffer overflows in http output" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "curl" }, "ranges": [ { "events": [ { "introduced": "7.52.0" }, { "fixed": "7.53.0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://curl.haxx.se/docs/adv_20170222.html" ], "discovery": "2017-02-22T00:00:00Z", "references": { "cvename": [ "CVE-2017-2629" ] }, "vid": "311e4b1c-f8ee-11e6-9940-b499baebfeaf" }, "details": "The cURL project reports:\n\n> SSL_VERIFYSTATUS ignored\\\n> curl and libcurl support \\\"OCSP stapling\\\", also known as the TLS\n> Certificate Status Request extension (using the\n> CURLOPT_SSL_VERIFYSTATUS option). When telling curl to use this\n> feature, it uses that TLS extension to ask for a fresh proof of the\n> server\\'s certificate\\'s validity. If the server doesn\\'t support the\n> extension, or fails to provide said proof, curl is expected to return\n> an error.\\\n> Due to a coding mistake, the code that checks for a test success or\n> failure, ends up always thinking there\\'s valid proof, even when there\n> is none or if the server doesn\\'t support the TLS extension in\n> question. Contrary to how it used to function and contrary to how this\n> feature is documented to work.\\\n> This could lead to users not detecting when a server\\'s certificate\n> goes invalid or otherwise be mislead that the server is in a better\n> shape than it is in reality.\n", "id": "FreeBSD-2017-0055", "modified": "2017-02-22T00:00:00Z", "published": "2017-02-22T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://curl.haxx.se/docs/adv_20170222.html" }, { "type": "WEB", "url": "https://curl.haxx.se/docs/adv_20170222.html" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-2629" } ], "schema_version": "1.7.0", "summary": "cURL -- ocsp status validation error" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "xen-tools" }, "ranges": [ { "events": [ { "fixed": "4.7.1_4" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "http://xenbits.xen.org/xsa/advisory-209.html" ], "discovery": "2017-02-21T00:00:00Z", "references": { "cvename": [ "CVE-2017-2620" ] }, "vid": "8cbd9c08-f8b9-11e6-ae1b-002590263bf5" }, "details": "The Xen Project reports:\n\n> In CIRRUS_BLTMODE_MEMSYSSRC mode the bitblit copy routine\n> cirrus_bitblt_cputovideo fails to check whether the specified memory\n> region is safe. A malicious guest administrator can cause an out of\n> bounds memory write, very likely exploitable as a privilege\n> escalation.\n", "id": "FreeBSD-2017-0054", "modified": "2017-02-22T00:00:00Z", "published": "2017-02-22T00:00:00Z", "references": [ { "type": "REPORT", "url": "http://xenbits.xen.org/xsa/advisory-209.html" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-2620" }, { "type": "WEB", "url": "http://xenbits.xen.org/xsa/advisory-209.html" } ], "schema_version": "1.7.0", "summary": "xen-tools -- cirrus_bitblt_cputovideo does not check if memory region is safe" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "fbsdmon" }, "ranges": [ { "events": [ { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=217099" ], "discovery": "2017-02-14T00:00:00Z", "vid": "786a7d87-f826-11e6-9436-14dae9d5a9d2" }, "details": "Alan Somers reports:\n\n> The web site used by this port, http://fbsdmon.org, has been taken\n> over by cybersquatters. That means that users are sending their system\n> info to an unknown party.\n", "id": "FreeBSD-2017-0053", "modified": "2017-02-21T00:00:00Z", "published": "2017-02-21T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=217099" }, { "type": "REPORT", "url": "https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=217099" } ], "schema_version": "1.7.0", "summary": "fbsdmon -- information disclosure vulnerability" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "wavpack" }, "ranges": [ { "events": [ { "fixed": "5.1.0" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "http://www.openwall.com/lists/oss-security/2017/01/23/4" ], "discovery": "2017-01-21T00:00:00Z", "references": { "cvename": [ "CVE-2016-10169", "CVE-2016-10170", "CVE-2016-10171", "CVE-2016-10172" ] }, "vid": "f1075415-f5e9-11e6-a4e2-5404a68ad561" }, "details": "David Bryant reports:\n\n> global buffer overread in read_code / read_words.c\n>\n> heap out of bounds read in WriteCaffHeader / caff.c\n>\n> heap out of bounds read in unreorder_channels / wvunpack.c\n>\n> heap oob read in read_new_config_info / open_utils.c\n", "id": "FreeBSD-2017-0052", "modified": "2017-02-18T00:00:00Z", "published": "2017-02-18T00:00:00Z", "references": [ { "type": "REPORT", "url": "http://www.openwall.com/lists/oss-security/2017/01/23/4" }, { "type": "WEB", "url": "http://www.openwall.com/lists/oss-security/2017/01/23/4" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2016-10169" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2016-10170" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2016-10171" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2016-10172" }, { "type": "WEB", "url": "https://github.com/dbry/WavPack/commit/4bc05fc490b66ef2d45b1de26abf1455b486b0dc" } ], "schema_version": "1.7.0", "summary": "wavpack -- multiple invalid memory reads" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "optipng" }, "ranges": [ { "events": [ { "fixed": "0.7.6" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-7802", "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-2191", "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-3981", "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-3982" ], "discovery": "2015-10-09T00:00:00Z", "references": { "cvename": [ "CVE-2015-7802", "CVE-2016-2191", "CVE-2016-3981", "CVE-2016-3982" ] }, "vid": "8fedf75c-ef2f-11e6-900e-003048f78448" }, "details": "> ifread.c in gif2png, as used in OptiPNG before 0.7.6, allows remote\n> attackers to cause a denial of service (uninitialized memory read) via\n> a crafted GIF file.\n\n> The bmp_read_rows function in pngxtern/pngxrbmp.c in OptiPNG before\n> 0.7.6 allows remote attackers to cause a denial of service (invalid\n> memory write and crash) via a series of delta escapes in a crafted BMP\n> image.\n\n> Heap-based buffer overflow in the bmp_read_rows function in pngxrbmp.c\n> in OptiPNG before 0.7.6 allows remote attackers to cause a denial of\n> service (out-of-bounds read or write access and crash) or possibly\n> execute arbitrary code via a crafted image file.\n\n> Off-by-one error in the bmp_rle4_fread function in pngxrbmp.c in\n> OptiPNG before 0.7.6 allows remote attackers to cause a denial of\n> service (out-of-bounds read or write access and crash) or possibly\n> execute arbitrary code via a crafted image file, which triggers a\n> heap-based buffer overflow.\n", "id": "FreeBSD-2017-0051", "modified": "2017-02-16T00:00:00Z", "published": "2017-02-16T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-7802" }, { "type": "REPORT", "url": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-2191" }, { "type": "REPORT", "url": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-3981" }, { "type": "REPORT", "url": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-3982" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2015-7802" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2016-2191" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2016-3981" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2016-3982" } ], "schema_version": "1.7.0", "summary": "optipng -- multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "openssl-devel" }, "ranges": [ { "events": [ { "fixed": "1.1.0e" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://www.openssl.org/news/secadv/20170216.txt" ], "discovery": "2017-02-16T00:00:00Z", "references": { "cvename": [ "CVE-2017-3733" ] }, "vid": "1a802ba9-f444-11e6-9940-b499baebfeaf" }, "details": "The OpenSSL project reports:\n\n> Severity: High\\\n> During a renegotiation handshake if the Encrypt-Then-Mac extension is\n> negotiated where it was not in the original handshake (or vice-versa)\n> then this can cause OpenSSL to crash (dependent on ciphersuite). Both\n> clients and servers are affected.\\\n> This issue does not affect OpenSSL version 1.0.2.\n", "id": "FreeBSD-2017-0050", "modified": "2017-02-16T00:00:00Z", "published": "2017-02-16T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://www.openssl.org/news/secadv/20170216.txt" }, { "type": "WEB", "url": "https://www.openssl.org/news/secadv/20170216.txt" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-3733" } ], "schema_version": "1.7.0", "summary": "openssl -- crash on handshake" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "py34-diffoscope" }, "ranges": [ { "events": [ { "introduced": "67" }, { "fixed": "76" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "py35-diffoscope" }, "ranges": [ { "events": [ { "introduced": "67" }, { "fixed": "76" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "py36-diffoscope" }, "ranges": [ { "events": [ { "introduced": "67" }, { "fixed": "76" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=854723" ], "discovery": "2017-02-09T00:00:00Z", "references": { "cvename": [ "CVE-2017-0359" ] }, "vid": "077bbadf-f2f4-11e6-92a7-902b34361349" }, "details": "Ximin Luo reports:\n\n> \\[v67\\] introduced a security hole where diffoscope may write to\n> arbitrary locations on disk depending on the contents of an untrusted\n> archive.\n", "id": "FreeBSD-2017-0049", "modified": "2017-02-16T00:00:00Z", "published": "2017-02-14T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=854723" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-0359" }, { "type": "WEB", "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=854723" } ], "schema_version": "1.7.0", "summary": "diffoscope -- arbitrary file write" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "ffmpeg" }, "ranges": [ { "events": [ { "fixed": "3.2.4,1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "mythtv" }, "ranges": [ { "events": [ { "fixed": "29.1,1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "mythtv-frontend" }, "ranges": [ { "events": [ { "fixed": "29.1,1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://www.ffmpeg.org/security.html" ], "discovery": "2017-01-25T00:00:00Z", "references": { "cvename": [ "CVE-2017-5024", "CVE-2017-5025" ] }, "vid": "7f9b696f-f11b-11e6-b50e-5404a68ad561" }, "details": "FFmpeg security reports:\n\n> FFmpeg 3.2.4 fixes the following vulnerabilities: CVE-2017-5024,\n> CVE-2017-5025\n", "id": "FreeBSD-2017-0048", "modified": "2018-03-25T00:00:00Z", "published": "2017-02-12T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://www.ffmpeg.org/security.html" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-5024" }, { "type": "WEB", "url": "https://www.ffmpeg.org/security.html" }, { "type": "WEB", "url": "https://chromereleases.googleblog.com/2017/01/stable-channel-update-for-desktop.html" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-5025" }, { "type": "WEB", "url": "https://www.ffmpeg.org/security.html" }, { "type": "WEB", "url": "https://chromereleases.googleblog.com/2017/01/stable-channel-update-for-desktop.html" } ], "schema_version": "1.7.0", "summary": "ffmpeg -- heap overflow in lavf/mov.c" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "gtk-vnc" }, "ranges": [ { "events": [ { "fixed": "0.7.0" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://mail.gnome.org/archives/ftp-release-list/2017-February/msg00015.html" ], "discovery": "2017-02-09T00:00:00Z", "references": { "cvename": [ "CVE-2017-5884", "CVE-2017-5885" ] }, "vid": "79bbb8f8-f049-11e6-8a6a-bcaec565249c" }, "details": "Daniel P. Berrange reports:\n\n> CVE-2017-5884 - fix bounds checking for RRE, hextile and copyrect\n> encodings\n>\n> CVE-2017-5885 - fix color map index bounds checking.\n", "id": "FreeBSD-2017-0047", "modified": "2017-02-11T00:00:00Z", "published": "2017-02-11T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://mail.gnome.org/archives/ftp-release-list/2017-February/msg00015.html" }, { "type": "WEB", "url": "https://mail.gnome.org/archives/ftp-release-list/2017-February/msg00015.html" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-5884" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-5885" } ], "schema_version": "1.7.0", "summary": "gtk-vnc -- bounds checking vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "xen-tools" }, "ranges": [ { "events": [ { "fixed": "4.7.1_2" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "http://xenbits.xen.org/xsa/advisory-208.html" ], "discovery": "2017-02-10T00:00:00Z", "references": { "cvename": [ "CVE-2017-2615" ] }, "vid": "a73aba9a-effe-11e6-ae1b-002590263bf5" }, "details": "The Xen Project reports:\n\n> When doing bitblt copy backwards, qemu should negate the blit width.\n> This avoids an oob access before the start of video memory.\n>\n> A malicious guest administrator can cause an out of bounds memory\n> access, possibly leading to information disclosure or privilege\n> escalation.\n", "id": "FreeBSD-2017-0046", "modified": "2017-02-11T00:00:00Z", "published": "2017-02-11T00:00:00Z", "references": [ { "type": "REPORT", "url": "http://xenbits.xen.org/xsa/advisory-208.html" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-2615" }, { "type": "WEB", "url": "http://xenbits.xen.org/xsa/advisory-208.html" } ], "schema_version": "1.7.0", "summary": "xen-tools -- oob access in cirrus bitblt copy" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "tiff" }, "ranges": [ { "events": [ { "fixed": "4.0.7" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "linux-c6-libtiff" }, "ranges": [ { "events": [ { "fixed": "3.9.4_5" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "linux-c6-tiff" }, "ranges": [ { "events": [ { "fixed": "3.9.4_5" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "linux-c7-libtiff" }, "ranges": [ { "events": [ { "fixed": "4.0.3_3" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "linux-c7-tiff" }, "ranges": [ { "events": [ { "fixed": "4.0.3_3" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "http://simplesystems.org/libtiff/v4.0.7.html" ], "discovery": "2016-11-19T00:00:00Z", "references": { "cvename": [ "CVE-2016-9533", "CVE-2016-9534", "CVE-2016-9535", "CVE-2015-8870", "CVE-2016-5652", "CVE-2016-9540", "CVE-2016-9537", "CVE-2016-9536" ] }, "vid": "fb74eacc-ec8a-11e6-bc8a-0011d823eebd" }, "details": "libtiff project reports:\n\n> Multiple flaws have been discovered in libtiff library and utilities.\n", "id": "FreeBSD-2017-0045", "modified": "2017-02-06T00:00:00Z", "published": "2017-02-06T00:00:00Z", "references": [ { "type": "REPORT", "url": "http://simplesystems.org/libtiff/v4.0.7.html" }, { "type": "WEB", "url": "http://simplesystems.org/libtiff/v4.0.7.html" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2016-9533" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2016-9534" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2016-9535" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2015-8870" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2016-5652" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2016-9540" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2016-9537" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2016-9536" } ], "schema_version": "1.7.0", "summary": "tiff -- multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "mantis" }, "ranges": [ { "events": [ { "fixed": "1.2.19" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://mantisbt.org/bugs/view.php?id=21611" ], "discovery": "2016-08-15T00:00:00Z", "references": { "cvename": [ "CVE-2016-6837" ], "freebsdpr": [ "ports/216662" ] }, "vid": "2b63e964-eb04-11e6-9ac1-a4badb2f4699" }, "details": "wdollman reports:\n\n> The value of the view_type parameter on the view_all_bug_page.php page\n> is not encoded before being displayed on the page.\n", "id": "FreeBSD-2017-0044", "modified": "2017-02-04T00:00:00Z", "published": "2017-02-04T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://mantisbt.org/bugs/view.php?id=21611" }, { "type": "WEB", "url": "https://mantisbt.org/bugs/view.php?id=21611" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2016-6837" }, { "type": "REPORT", "url": "https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=216662" } ], "schema_version": "1.7.0", "summary": "mantis -- XSS vulnerability" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "guile2" }, "ranges": [ { "events": [ { "fixed": "2.0.13" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "http://www.openwall.com/lists/oss-security/2016/10/11/1" ], "discovery": "2016-10-12T00:00:00Z", "references": { "cvename": [ "CVE-2016-8605", "CVE-2016-8606" ], "freebsdpr": [ "ports/216663" ] }, "vid": "b4ecf774-eb01-11e6-9ac1-a4badb2f4699" }, "details": "Ludovic Court\u00e8s reports:\n\n> The REPL server is vulnerable to the HTTP inter-protocol attack\n>\n> The 'mkdir' procedure of GNU Guile, an implementation of the Scheme\n> programming language, temporarily changed the process' umask to zero.\n> During that time window, in a multithreaded application, other threads\n> could end up creating files with insecure permissions.\n", "id": "FreeBSD-2017-0043", "modified": "2017-02-04T00:00:00Z", "published": "2017-02-04T00:00:00Z", "references": [ { "type": "REPORT", "url": "http://www.openwall.com/lists/oss-security/2016/10/11/1" }, { "type": "WEB", "url": "http://www.openwall.com/lists/oss-security/2016/10/11/1" }, { "type": "WEB", "url": "http://www.openwall.com/lists/oss-security/2016/10/12/2" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2016-8605" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2016-8606" }, { "type": "REPORT", "url": "https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=216663" } ], "schema_version": "1.7.0", "summary": "guile2 -- multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "chicken" }, "ranges": [ { "events": [ { "fixed": "4.12,1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "http://lists.nongnu.org/archive/html/chicken-announce/2016-08/msg00001.html", "http://lists.nongnu.org/archive/html/chicken-announce/2016-12/msg00000.html" ], "discovery": "2016-08-12T00:00:00Z", "references": { "cvename": [ "CVE-2016-6830", "CVE-2016-6831", "CVE-2016-9954" ], "freebsdpr": [ "ports/216661" ] }, "vid": "c6932dd4-eaff-11e6-9ac1-a4badb2f4699" }, "details": "Peter Bex reports:\n\n> A buffer overflow error was found in the POSIX unit\\'s procedures\n> process-execute and process-spawn.\n>\n> Additionally, a memory leak existed in this code, which would be\n> triggered when an error is raised during argument and environment\n> processing.\n\n> Irregex versions before 0.9.6 contain a resource exhaustion\n> vulnerability: when compiling deeply nested regexes containing the\n> \\\"+\\\" operator due to exponential expansion behaviour.\n", "id": "FreeBSD-2017-0042", "modified": "2017-03-05T00:00:00Z", "published": "2017-02-04T00:00:00Z", "references": [ { "type": "REPORT", "url": "http://lists.nongnu.org/archive/html/chicken-announce/2016-08/msg00001.html" }, { "type": "REPORT", "url": "http://lists.nongnu.org/archive/html/chicken-announce/2016-12/msg00000.html" }, { "type": "WEB", "url": "http://lists.nongnu.org/archive/html/chicken-announce/2016-08/msg00001.html" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2016-6830" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2016-6831" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2016-9954" }, { "type": "REPORT", "url": "https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=216661" } ], "schema_version": "1.7.0", "summary": "chicken -- multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "libebml" }, "ranges": [ { "events": [ { "fixed": "1.3.3" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://lists.matroska.org/pipermail/matroska-users/2015-October/006985.html" ], "discovery": "2015-10-20T00:00:00Z", "references": { "cvename": [ "CVE-2015-8789", "CVE-2015-8790", "CVE-2015-8791" ], "freebsdpr": [ "ports/216659" ] }, "vid": "a130bd8c-eafe-11e6-9ac1-a4badb2f4699" }, "details": "Mortiz Bunkus reports:\n\n> Multiple invalid memory accesses vulnerabilities.\n", "id": "FreeBSD-2017-0041", "modified": "2017-02-04T00:00:00Z", "published": "2017-02-04T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://lists.matroska.org/pipermail/matroska-users/2015-October/006985.html" }, { "type": "WEB", "url": "https://lists.matroska.org/pipermail/matroska-users/2015-October/006985.html" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2015-8789" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2015-8790" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2015-8791" }, { "type": "REPORT", "url": "https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=216659" } ], "schema_version": "1.7.0", "summary": "libebml -- multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "freeimage" }, "ranges": [ { "events": [ { "fixed": "3.16.0_4" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "http://www.talosintelligence.com/reports/TALOS-2016-0189/" ], "discovery": "2016-10-03T00:00:00Z", "references": { "cvename": [ "CVE-2016-5684" ], "freebsdpr": [ "ports/216657" ] }, "vid": "5b1631dc-eafd-11e6-9ac1-a4badb2f4699" }, "details": "TALOS reports:\n\n> An exploitable out-of-bounds write vulnerability exists in the XMP\n> image handling functionality of the FreeImage library.\n", "id": "FreeBSD-2017-0040", "modified": "2018-04-14T00:00:00Z", "published": "2017-02-04T00:00:00Z", "references": [ { "type": "REPORT", "url": "http://www.talosintelligence.com/reports/TALOS-2016-0189/" }, { "type": "WEB", "url": "http://www.talosintelligence.com/reports/TALOS-2016-0189/" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2016-5684" }, { "type": "REPORT", "url": "https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=216657" } ], "schema_version": "1.7.0", "summary": "freeimage -- code execution vulnerability" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "shotwell" }, "ranges": [ { "events": [ { "fixed": "0.24.5" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://mail.gnome.org/archives/shotwell-list/2017-January/msg00048.html" ], "discovery": "2017-01-31T00:00:00Z", "vid": "5a9b3d70-48e2-4267-b196-83064cb14fe0" }, "details": "Jens Georg reports:\n\n> I have just released Shotwell 0.24.5 and 0.25.4 which turn on HTTPS\n> encryption all over the publishing plugins.\n>\n> Users using Tumblr and Yandex.Fotki publishing are strongly advised to\n> change their passwords and reauthenticate Shotwell to those services\n> after upgrade.\n>\n> Users of Picasa and Youtube publishing are strongly advised to\n> reauthenticate (Log out and back in) Shotwell to those services after\n> upgrade.\n", "id": "FreeBSD-2017-0039", "modified": "2017-02-01T00:00:00Z", "published": "2017-02-01T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://mail.gnome.org/archives/shotwell-list/2017-January/msg00048.html" }, { "type": "WEB", "url": "https://mail.gnome.org/archives/shotwell-list/2017-January/msg00048.html" } ], "schema_version": "1.7.0", "summary": "shotwell -- failure to encrypt authentication" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "jenkins" }, "ranges": [ { "events": [ { "fixed": "2.44" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "jenkins-lts" }, "ranges": [ { "events": [ { "fixed": "2.32.2" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2017-02-01" ], "discovery": "2017-02-01T00:00:00Z", "references": { "cvename": [ "CVE-2017-2598", "CVE-2017-2599", "CVE-2017-2600", "CVE-2011-4969", "CVE-2017-2601", "CVE-2015-0886", "CVE-2017-2602", "CVE-2017-2603", "CVE-2017-2604", "CVE-2017-2605", "CVE-2017-2606", "CVE-2017-2607", "CVE-2017-2608", "CVE-2017-2609", "CVE-2017-2610", "CVE-2017-2611", "CVE-2017-2612", "CVE-2017-2613" ] }, "vid": "5cfa9d0c-73d7-4642-af4f-28fbed9e9404" }, "details": "Jenkins Security Advisory:\n\n> Please reference CVE/URL list for details\n", "id": "FreeBSD-2017-0038", "modified": "2017-02-01T00:00:00Z", "published": "2017-02-01T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2017-02-01" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-2598" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-2599" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-2600" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2011-4969" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-2601" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2015-0886" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-2602" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-2603" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-2604" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-2605" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-2606" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-2607" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-2608" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-2609" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-2610" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-2611" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-2612" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-2613" }, { "type": "WEB", "url": "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2017-02-01" } ], "schema_version": "1.7.0", "summary": "jenkins -- multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "wordpress" }, "ranges": [ { "events": [ { "fixed": "4.7.2,1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "de-wordpress" }, "ranges": [ { "events": [ { "fixed": "4.7.2" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "ja-wordpress" }, "ranges": [ { "events": [ { "fixed": "4.7.2" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "ru-wordpress" }, "ranges": [ { "events": [ { "fixed": "4.7.2" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "zh-wordpress-zh_CN" }, "ranges": [ { "events": [ { "fixed": "4.7.2" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "zh-wordpress-zh_TW" }, "ranges": [ { "events": [ { "fixed": "4.7.2" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://wordpress.org/news/2017/01/wordpress-4-7-2-security-release/" ], "discovery": "2017-01-26T00:00:00Z", "references": { "cvename": [ "CVE-2017-5610", "CVE-2017-5611", "CVE-2017-5612" ] }, "vid": "14ea4458-e5cd-11e6-b56d-38d547003487" }, "details": "Aaron D. Campbell reports:\n\n> WordPress versions 4.7.1 and earlier are affected by three security\n> issues:\n>\n> - The user interface for assigning taxonomy terms in Press This is\n> shown to users who do not have permissions to use it.\n> - WP_Query is vulnerable to a SQL injection (SQLi) when passing unsafe\n> data. WordPress core is not directly vulnerable to this issue, but\n> we've added hardening to prevent plugins and themes from\n> accidentally causing a vulnerability.\n> - A cross-site scripting (XSS) vulnerability was discovered in the\n> posts list table.\n> - An unauthenticated privilege escalation vulnerability was discovered\n> in a REST API endpoint.\n", "id": "FreeBSD-2017-0037", "modified": "2017-01-29T00:00:00Z", "published": "2017-01-29T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://wordpress.org/news/2017/01/wordpress-4-7-2-security-release/" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-5610" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-5611" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-5612" }, { "type": "WEB", "url": "http://www.openwall.com/lists/oss-security/2017/01/28/5" }, { "type": "WEB", "url": "https://wordpress.org/news/2017/01/wordpress-4-7-2-security-release/" }, { "type": "WEB", "url": "https://make.wordpress.org/core/2017/02/01/disclosure-of-additional-security-fix-in-wordpress-4-7-2/" } ], "schema_version": "1.7.0", "summary": "wordpress -- multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "nfsen" }, "ranges": [ { "events": [ { "fixed": "1.3.7" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://sourceforge.net/p/nfsen/mailman/message/35623845/" ], "discovery": "2017-01-24T00:00:00Z", "vid": "6e83b2f3-e4e3-11e6-9ac1-a4badb2f4699" }, "details": "Peter Haag reports:\n\n> A remote attacker with access to the web interface to execute\n> arbitrary commands on the host operating system.\n", "id": "FreeBSD-2017-0036", "modified": "2017-01-27T00:00:00Z", "published": "2017-01-27T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://sourceforge.net/p/nfsen/mailman/message/35623845/" }, { "type": "WEB", "url": "https://sourceforge.net/p/nfsen/mailman/message/35623845/" } ], "schema_version": "1.7.0", "summary": "nfsen -- remote command execution" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "chromium" }, "ranges": [ { "events": [ { "fixed": "56.0.2924.76" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "chromium-npapi" }, "ranges": [ { "events": [ { "fixed": "56.0.2924.76" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "chromium-pulse" }, "ranges": [ { "events": [ { "fixed": "56.0.2924.76" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://chromereleases.googleblog.com/2017/01/stable-channel-update-for-desktop.html" ], "discovery": "2017-01-25T00:00:00Z", "references": { "cvename": [ "CVE-2017-5007", "CVE-2017-5006", "CVE-2017-5008", "CVE-2017-5010", "CVE-2017-5011", "CVE-2017-5009", "CVE-2017-5012", "CVE-2017-5013", "CVE-2017-5014", "CVE-2017-5015", "CVE-2017-5019", "CVE-2017-5016", "CVE-2017-5017", "CVE-2017-5018", "CVE-2017-2020", "CVE-2017-2021", "CVE-2017-2022", "CVE-2017-2023", "CVE-2017-2024", "CVE-2017-2025", "CVE-2017-2026" ] }, "vid": "4b9ca994-e3d9-11e6-813d-e8e0b747a45a" }, "details": "Google Chrome Releases reports:\n\n> 51 security fixes in this release\n>\n> Please reference CVE/URL list for details\n", "id": "FreeBSD-2017-0035", "modified": "2017-01-26T00:00:00Z", "published": "2017-01-26T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://chromereleases.googleblog.com/2017/01/stable-channel-update-for-desktop.html" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-5007" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-5006" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-5008" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-5010" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-5011" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-5009" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-5012" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-5013" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-5014" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-5015" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-5019" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-5016" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-5017" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-5018" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-2020" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-2021" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-2022" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-2023" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-2024" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-2025" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-2026" }, { "type": "WEB", "url": "https://chromereleases.googleblog.com/2017/01/stable-channel-update-for-desktop.html" } ], "schema_version": "1.7.0", "summary": "chromium -- multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "openssl" }, "ranges": [ { "events": [ { "fixed": "1.0.2k,1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "openssl-devel" }, "ranges": [ { "events": [ { "fixed": "1.1.0d" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "linux-c6-openssl" }, "ranges": [ { "events": [ { "fixed": "1.0.1e_13" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "linux-c7-openssl-libs" }, "ranges": [ { "events": [ { "fixed": "1.0.1e_3" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "FreeBSD" }, "ranges": [ { "events": [ { "introduced": "11.0" }, { "fixed": "11.0_8" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "10.3" }, { "fixed": "10.3_17" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://www.openssl.org/news/secadv/20170126.txt" ], "discovery": "2017-01-26T00:00:00Z", "references": { "cvename": [ "CVE-2016-7055", "CVE-2017-3730", "CVE-2017-3731", "CVE-2017-3732" ], "freebsdsa": [ "SA-17:02.openssl" ] }, "vid": "d455708a-e3d3-11e6-9940-b499baebfeaf" }, "details": "The OpenSSL project reports:\n\n> - Truncated packet could crash via OOB read (CVE-2017-3731)\n> - Bad (EC)DHE parameters cause a client crash (CVE-2017-3730)\n> - BN_mod_exp may produce incorrect results on x86_64 (CVE-2017-3732)\n> - Montgomery multiplication may produce incorrect results\n> (CVE-2016-7055)\n", "id": "FreeBSD-2017-0034", "modified": "2017-05-26T00:00:00Z", "published": "2017-01-26T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://www.openssl.org/news/secadv/20170126.txt" }, { "type": "WEB", "url": "https://www.openssl.org/news/secadv/20170126.txt" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2016-7055" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-3730" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-3731" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-3732" }, { "type": "ADVISORY", "url": "https://www.freebsd.org/security/advisories/FreeBSD-SA-17:02.openssl.asc" } ], "schema_version": "1.7.0", "summary": "OpenSSL -- multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "firefox" }, "ranges": [ { "events": [ { "fixed": "51.0_1,1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "seamonkey" }, "ranges": [ { "events": [ { "fixed": "2.48" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "linux-seamonkey" }, "ranges": [ { "events": [ { "fixed": "2.48" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "firefox-esr" }, "ranges": [ { "events": [ { "fixed": "45.7.0,1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "linux-firefox" }, "ranges": [ { "events": [ { "fixed": "45.7.0,2" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "libxul" }, "ranges": [ { "events": [ { "fixed": "45.7.0" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "thunderbird" }, "ranges": [ { "events": [ { "fixed": "45.7.0" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "linux-thunderbird" }, "ranges": [ { "events": [ { "fixed": "45.7.0" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://www.mozilla.org/en-US/security/advisories/mfsa2017-01/" ], "discovery": "2017-01-24T00:00:00Z", "references": { "cvename": [ "CVE-2017-5373", "CVE-2017-5374", "CVE-2017-5375", "CVE-2017-5376", "CVE-2017-5377", "CVE-2017-5378", "CVE-2017-5379", "CVE-2017-5380", "CVE-2017-5381", "CVE-2017-5382", "CVE-2017-5383", "CVE-2017-5384", "CVE-2017-5385", "CVE-2017-5386", "CVE-2017-5387", "CVE-2017-5388", "CVE-2017-5389", "CVE-2017-5390", "CVE-2017-5391", "CVE-2017-5392", "CVE-2017-5393", "CVE-2017-5394", "CVE-2017-5395", "CVE-2017-5396" ] }, "vid": "e60169c4-aa86-46b0-8ae2-0d81f683df09" }, "details": "Mozilla Foundation reports:\n\n> Please reference CVE/URL list for details\n", "id": "FreeBSD-2017-0033", "modified": "2017-01-24T00:00:00Z", "published": "2017-01-24T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-01/" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-5373" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-5374" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-5375" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-5376" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-5377" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-5378" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-5379" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-5380" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-5381" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-5382" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-5383" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-5384" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-5385" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-5386" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-5387" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-5388" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-5389" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-5390" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-5391" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-5392" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-5393" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-5394" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-5395" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-5396" }, { "type": "WEB", "url": "https://www.mozilla.org/security/advisories/mfsa2017-01/" }, { "type": "WEB", "url": "https://www.mozilla.org/security/advisories/mfsa2017-02/" } ], "schema_version": "1.7.0", "summary": "mozilla -- multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "phpMyAdmin" }, "ranges": [ { "events": [ { "introduced": "4.6.0" }, { "fixed": "4.6.6" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://www.phpmyadmin.net/security/PMASA-2017-1/", "https://www.phpmyadmin.net/security/PMASA-2017-2/", "https://www.phpmyadmin.net/security/PMASA-2017-3/", "https://www.phpmyadmin.net/security/PMASA-2017-4/", "https://www.phpmyadmin.net/security/PMASA-2017-5/", "https://www.phpmyadmin.net/security/PMASA-2017-6/", "https://www.phpmyadmin.net/security/PMASA-2017-7/" ], "discovery": "2017-01-24T00:00:00Z", "references": { "cvename": [ "CVE-2015-8980" ] }, "vid": "7721562b-e20a-11e6-b2e2-6805ca0b3d42" }, "details": "The phpMyAdmin development team reports:\n\n> Open redirect\n\n> php-gettext code execution\n\n> DOS vulnerability in table editing\n\n> CSS injection in themes\n\n> Cookie attribute injection attack\n\n> SSRF in replication\n\n> DOS in replication status\n", "id": "FreeBSD-2017-0032", "modified": "2017-01-24T00:00:00Z", "published": "2017-01-24T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://www.phpmyadmin.net/security/PMASA-2017-1/" }, { "type": "REPORT", "url": "https://www.phpmyadmin.net/security/PMASA-2017-2/" }, { "type": "REPORT", "url": "https://www.phpmyadmin.net/security/PMASA-2017-3/" }, { "type": "REPORT", "url": "https://www.phpmyadmin.net/security/PMASA-2017-4/" }, { "type": "REPORT", "url": "https://www.phpmyadmin.net/security/PMASA-2017-5/" }, { "type": "REPORT", "url": "https://www.phpmyadmin.net/security/PMASA-2017-6/" }, { "type": "REPORT", "url": "https://www.phpmyadmin.net/security/PMASA-2017-7/" }, { "type": "WEB", "url": "https://www.phpmyadmin.net/security/PMASA-2017-1" }, { "type": "WEB", "url": "https://www.phpmyadmin.net/security/PMASA-2017-2" }, { "type": "WEB", "url": "https://www.phpmyadmin.net/security/PMASA-2017-3" }, { "type": "WEB", "url": "https://www.phpmyadmin.net/security/PMASA-2017-4" }, { "type": "WEB", "url": "https://www.phpmyadmin.net/security/PMASA-2017-5" }, { "type": "WEB", "url": "https://www.phpmyadmin.net/security/PMASA-2017-6" }, { "type": "WEB", "url": "https://www.phpmyadmin.net/security/PMASA-2017-7" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2015-8980" } ], "schema_version": "1.7.0", "summary": "phpMyAdmin -- Multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "intel-nvmupdate" }, "ranges": [ { "events": [ { "fixed": "5.05" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00063&languageid=en-fr" ], "discovery": "2017-01-09T00:00:00Z", "references": { "cvename": [ "CVE-2016-8106" ] }, "vid": "a4b7def1-e165-11e6-9d84-90e2ba9881c8" }, "details": "Intel Corporation reports:\n\n> A security vulnerability in the Intel(R) Ethernet Controller X710 and\n> Intel(R) Ethernet Controller XL710 family of products (Fortville) has\n> been found in the Non-Volatile Flash Memory (NVM) image.\n", "id": "FreeBSD-2017-0031", "modified": "2017-01-23T00:00:00Z", "published": "2017-01-23T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00063&languageid=en-fr" }, { "type": "WEB", "url": "https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00063&languageid=en-fr" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2016-8106" } ], "schema_version": "1.7.0", "summary": "Intel(R) NVMUpdate -- Intel(R) Ethernet Controller X710/XL710 NVM Security Vulnerability" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "php56" }, "ranges": [ { "events": [ { "fixed": "5.6.30" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "php70" }, "ranges": [ { "events": [ { "fixed": "7.0.15" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "http://php.net/archive/2017.php#id2017-01-19-2", "http://php.net/archive/2017.php#id2017-01-19-3" ], "discovery": "2017-01-19T00:00:00Z", "vid": "709e025a-de8b-11e6-a9a5-b499baebfeaf" }, "details": "The PHP project reports:\n\n> The PHP development team announces the immediate availability of PHP\n> 7.0.15. This is a security release. Several security bugs were fixed\n> in this release.\n\n> The PHP development team announces the immediate availability of PHP\n> 5.6.30. This is a security release. Several security bugs were fixed\n> in this release.\n", "id": "FreeBSD-2017-0030", "modified": "2017-01-20T00:00:00Z", "published": "2017-01-19T00:00:00Z", "references": [ { "type": "REPORT", "url": "http://php.net/archive/2017.php#id2017-01-19-2" }, { "type": "REPORT", "url": "http://php.net/archive/2017.php#id2017-01-19-3" }, { "type": "WEB", "url": "http://php.net/archive/2017.php#id2017-01-19-2" }, { "type": "WEB", "url": "http://php.net/archive/2017.php#id2017-01-19-3" } ], "schema_version": "1.7.0", "summary": "PHP -- undisclosed vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "icoutils" }, "ranges": [ { "events": [ { "fixed": "0.31.1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "http://seclists.org/oss-sec/2017/q1/38" ], "discovery": "2017-01-03T00:00:00Z", "references": { "cvename": [ "CVE-2017-5208", "CVE-2017-5331", "CVE-2017-5332", "CVE-2017-5333" ] }, "vid": "57facd35-ddf6-11e6-915d-001b3856973b" }, "details": "Choongwoo Han reports:\n\n> An exploitable crash exists in the wrestool utility on 64-bit systems\n> where the result of subtracting two pointers exceeds the size of int.\n", "id": "FreeBSD-2017-0029", "modified": "2017-01-19T00:00:00Z", "published": "2017-01-19T00:00:00Z", "references": [ { "type": "REPORT", "url": "http://seclists.org/oss-sec/2017/q1/38" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-5208" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-5331" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-5332" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-5333" }, { "type": "WEB", "url": "http://seclists.org/oss-sec/2017/q1/38" } ], "schema_version": "1.7.0", "summary": "icoutils -- check_offset overflow on 64-bit systems" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "mariadb55-server" }, "ranges": [ { "events": [ { "fixed": "5.5.54" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "mariadb100-server" }, "ranges": [ { "events": [ { "fixed": "10.0.30" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "mariadb101-server" }, "ranges": [ { "events": [ { "fixed": "10.1.22" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "mysql55-server" }, "ranges": [ { "events": [ { "fixed": "5.5.54" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "mysql56-server" }, "ranges": [ { "events": [ { "fixed": "5.6.35" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "mysql57-server" }, "ranges": [ { "events": [ { "fixed": "5.7.17" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html#AppendixMSQL" ], "discovery": "2017-01-18T00:00:00Z", "references": { "cvename": [ "CVE-2016-8318", "CVE-2017-3312", "CVE-2017-3258", "CVE-2017-3273", "CVE-2017-3244", "CVE-2017-3257", "CVE-2017-3238", "CVE-2017-3256", "CVE-2017-3291", "CVE-2017-3265", "CVE-2017-3251", "CVE-2017-3313", "CVE-2017-3243", "CVE-2016-8327", "CVE-2017-3317", "CVE-2017-3318", "CVE-2017-3319", "CVE-2017-3320" ] }, "vid": "4d2f9d09-ddb7-11e6-a9a5-b499baebfeaf" }, "details": "Oracle reports:\n\n> No further details have been provided in the Critical Patch Update\n", "id": "FreeBSD-2017-0028", "modified": "2017-03-14T00:00:00Z", "published": "2017-01-18T00:00:00Z", "references": [ { "type": "REPORT", "url": "http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html#AppendixMSQL" }, { "type": "WEB", "url": "http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html#AppendixMSQL" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2016-8318" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-3312" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-3258" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-3273" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-3244" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-3257" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-3238" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-3256" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-3291" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-3265" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-3251" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-3313" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-3243" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2016-8327" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-3317" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-3318" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-3319" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-3320" } ], "schema_version": "1.7.0", "summary": "mysql -- multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "powerdns" }, "ranges": [ { "events": [ { "fixed": "3.4.11" }, { "introduced": "0" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "4.0.0" }, { "fixed": "4.0.2" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "powerdns-recursor" }, "ranges": [ { "events": [ { "fixed": "3.7.4" }, { "introduced": "0" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "4.0.0" }, { "fixed": "4.0.4" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://doc.powerdns.com/md/security/powerdns-advisory-2016-02/", "https://doc.powerdns.com/md/security/powerdns-advisory-2016-03/", "https://doc.powerdns.com/md/security/powerdns-advisory-2016-04/", "https://doc.powerdns.com/md/security/powerdns-advisory-2016-05/" ], "discovery": "2016-12-15T00:00:00Z", "references": { "cvename": [ "CVE-2016-7068", "CVE-2016-7072", "CVE-2016-7073", "CVE-2016-7074", "CVE-2016-2120" ], "freebsdpr": [ "ports/216135", "ports/216136" ] }, "vid": "e3200958-dd6c-11e6-ae1b-002590263bf5" }, "details": "PowerDNS reports:\n\n> 2016-02: Crafted queries can cause abnormal CPU usage\n\n> 2016-03: Denial of service via the web server\n\n> 2016-04: Insufficient validation of TSIG signatures\n\n> 2016-05: Crafted zone record can cause a denial of service\n", "id": "FreeBSD-2017-0027", "modified": "2017-01-18T00:00:00Z", "published": "2017-01-18T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://doc.powerdns.com/md/security/powerdns-advisory-2016-02/" }, { "type": "REPORT", "url": "https://doc.powerdns.com/md/security/powerdns-advisory-2016-03/" }, { "type": "REPORT", "url": "https://doc.powerdns.com/md/security/powerdns-advisory-2016-04/" }, { "type": "REPORT", "url": "https://doc.powerdns.com/md/security/powerdns-advisory-2016-05/" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2016-7068" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2016-7072" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2016-7073" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2016-7074" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2016-2120" }, { "type": "REPORT", "url": "https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=216135" }, { "type": "REPORT", "url": "https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=216136" }, { "type": "WEB", "url": "https://doc.powerdns.com/md/security/powerdns-advisory-2016-02/" }, { "type": "WEB", "url": "https://doc.powerdns.com/md/security/powerdns-advisory-2016-03/" }, { "type": "WEB", "url": "https://doc.powerdns.com/md/security/powerdns-advisory-2016-04/" }, { "type": "WEB", "url": "https://doc.powerdns.com/md/security/powerdns-advisory-2016-05/" }, { "type": "WEB", "url": "https://blog.powerdns.com/2017/01/13/powerdns-authoritative-server-4-0-2-released/" }, { "type": "WEB", "url": "https://blog.powerdns.com/2017/01/13/powerdns-recursor-4-0-4-released/" } ], "schema_version": "1.7.0", "summary": "powerdns -- multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "groovy" }, "ranges": [ { "events": [ { "introduced": "1.7.0" }, { "fixed": "2.4.8" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "http://groovy-lang.org/security.html" ], "discovery": "2016-09-20T00:00:00Z", "references": { "cvename": [ "CVE-2016-6814" ] }, "vid": "4af92a40-db33-11e6-ae1b-002590263bf5" }, "details": "The Apache Groovy project reports:\n\n> When an application with Groovy on classpath uses standard Java\n> serialization mechanisms, e.g. to communicate between servers or to\n> store local data, it is possible for an attacker to bake a special\n> serialized object that will execute code directly when deserialized.\n> All applications which rely on serialization and do not isolate the\n> code which deserializes objects are subject to this vulnerability.\n> This is similar to CVE-2015-3253 but this exploit involves extra\n> wrapping of objects and catching of exceptions which are now safe\n> guarded against.\n", "id": "FreeBSD-2017-0026", "modified": "2017-01-15T00:00:00Z", "published": "2017-01-15T00:00:00Z", "references": [ { "type": "REPORT", "url": "http://groovy-lang.org/security.html" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2016-6814" }, { "type": "WEB", "url": "http://groovy-lang.org/security.html" } ], "schema_version": "1.7.0", "summary": "groovy -- remote execution of untrusted code/DoS vulnerability" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "rabbitmq" }, "ranges": [ { "events": [ { "introduced": "3.0.0" }, { "fixed": "3.5.8" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "3.6.0" }, { "fixed": "3.6.6" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://pivotal.io/security/cve-2016-9877" ], "discovery": "2016-12-06T00:00:00Z", "references": { "cvename": [ "CVE-2016-9877" ] }, "vid": "6aa956fb-d97f-11e6-a071-001e67f15f5a" }, "details": "Pivotal.io reports:\n\n> MQTT (MQ Telemetry Transport) connection authentication with a\n> username/password pair succeeds if an existing username is provided\n> but the password is omitted from the connection request. Connections\n> that use TLS with a client-provided certificate are not affected.\n", "id": "FreeBSD-2017-0025", "modified": "2017-01-15T00:00:00Z", "published": "2017-01-15T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://pivotal.io/security/cve-2016-9877" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2016-9877" }, { "type": "WEB", "url": "https://pivotal.io/security/cve-2016-9877" }, { "type": "WEB", "url": "https://github.com/rabbitmq/rabbitmq-server/releases/tag/rabbitmq_v3_6_6" } ], "schema_version": "1.7.0", "summary": "RabbitMQ -- Authentication vulnerability" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "wordpress" }, "ranges": [ { "events": [ { "fixed": "4.7.1,1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "de-wordpress" }, "ranges": [ { "events": [ { "fixed": "4.7.1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "ja-wordpress" }, "ranges": [ { "events": [ { "fixed": "4.7.1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "ru-wordpress" }, "ranges": [ { "events": [ { "fixed": "4.7.1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "zh-wordpress-zh_CN" }, "ranges": [ { "events": [ { "fixed": "4.7.1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "zh-wordpress-zh_TW" }, "ranges": [ { "events": [ { "fixed": "4.7.1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://wordpress.org/news/2017/01/wordpress-4-7-1-security-and-maintenance-release/" ], "discovery": "2017-01-11T00:00:00Z", "references": { "cvename": [ "CVE-2017-5487", "CVE-2017-5488", "CVE-2017-5489", "CVE-2017-5490", "CVE-2017-5491", "CVE-2017-5492", "CVE-2017-5493" ] }, "vid": "b180d1fb-dac6-11e6-ae1b-002590263bf5" }, "details": "Aaron D. Campbell reports:\n\n> WordPress versions 4.7 and earlier are affected by eight security\n> issues\\...\n", "id": "FreeBSD-2017-0024", "modified": "2017-01-15T00:00:00Z", "published": "2017-01-15T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://wordpress.org/news/2017/01/wordpress-4-7-1-security-and-maintenance-release/" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-5487" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-5488" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-5489" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-5490" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-5491" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-5492" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-5493" }, { "type": "WEB", "url": "http://www.openwall.com/lists/oss-security/2017/01/14/6" }, { "type": "WEB", "url": "https://wordpress.org/news/2017/01/wordpress-4-7-1-security-and-maintenance-release/" } ], "schema_version": "1.7.0", "summary": "wordpress -- multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "mysql57-client" }, "ranges": [ { "events": [ { "fixed": "5.7.15" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "mysql57-server" }, "ranges": [ { "events": [ { "fixed": "5.7.15" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html" ], "discovery": "2016-10-18T00:00:00Z", "references": { "bid": [ "93617" ], "cvename": [ "CVE-2016-5625" ] }, "vid": "e5186c65-d729-11e6-a9a5-b499baebfeaf" }, "details": "Oracle reports:\n\n> Local security vulnerability in \\'Server: Packaging\\' sub component.\n", "id": "FreeBSD-2017-0023", "modified": "2017-01-15T00:00:00Z", "published": "2017-01-14T00:00:00Z", "references": [ { "type": "REPORT", "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html" }, { "type": "ADVISORY", "url": "https://www.securityfocus.com/bid/93617/info" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2016-5625" }, { "type": "WEB", "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html" } ], "schema_version": "1.7.0", "summary": "mysql -- multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "mariadb55-client" }, "ranges": [ { "events": [ { "fixed": "5.5.52" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "mariadb55-server" }, "ranges": [ { "events": [ { "fixed": "5.5.52" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "mariadb100-client" }, "ranges": [ { "events": [ { "fixed": "10.0.28" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "mariadb100-server" }, "ranges": [ { "events": [ { "fixed": "10.0.28" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "mariadb101-client" }, "ranges": [ { "events": [ { "fixed": "10.1.18" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "mariadb101-server" }, "ranges": [ { "events": [ { "fixed": "10.1.18" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "mysql55-client" }, "ranges": [ { "events": [ { "fixed": "5.5.52" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "mysql55-server" }, "ranges": [ { "events": [ { "fixed": "5.5.52" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "mysql56-client" }, "ranges": [ { "events": [ { "fixed": "5.6.33" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "mysql56-server" }, "ranges": [ { "events": [ { "fixed": "5.6.33" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "mysql57-client" }, "ranges": [ { "events": [ { "fixed": "5.7.15" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "mysql57-server" }, "ranges": [ { "events": [ { "fixed": "5.7.15" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "percona55-client" }, "ranges": [ { "events": [ { "fixed": "5.5.51.38.2" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "percona55-server" }, "ranges": [ { "events": [ { "fixed": "5.5.51.38.2" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "percona56-client" }, "ranges": [ { "events": [ { "fixed": "5.6.32.78.1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "percona56-server" }, "ranges": [ { "events": [ { "fixed": "5.6.32.78.1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html#AppendixMSQL" ], "discovery": "2016-09-13T00:00:00Z", "references": { "cvename": [ "CVE-2016-3492", "CVE-2016-5616", "CVE-2016-5617", "CVE-2016-5624", "CVE-2016-5626", "CVE-2016-5629", "CVE-2016-6663", "CVE-2016-6664", "CVE-2016-8283" ] }, "vid": "22373c43-d728-11e6-a9a5-b499baebfeaf" }, "details": "The MySQL project reports:\n\n> - CVE-2016-3492: Remote security vulnerability in \\'Server:\n> Optimizer\\' sub component.\n> - CVE-2016-5616, CVE-2016-6663: Race condition allows local users with\n> certain permissions to gain privileges by leveraging use of\n> my_copystat by REPAIR TABLE to repair a MyISAM table.\n> - CVE-2016-5617, CVE-2016-6664: mysqld_safe, when using file-based\n> logging, allows local users with access to the mysql account to gain\n> root privileges via a symlink attack on error logs and possibly\n> other files.\n> - CVE-2016-5624: Remote security vulnerability in \\'Server: DML\\' sub\n> component.\n> - CVE-2016-5626: Remote security vulnerability in \\'Server: GIS\\' sub\n> component.\n> - CVE-2016-5629: Remote security vulnerability in \\'Server:\n> Federated\\' sub component.\n> - CVE-2016-8283: Remote security vulnerability in \\'Server: Types\\'\n> sub component.\n", "id": "FreeBSD-2017-0022", "modified": "2017-01-14T00:00:00Z", "published": "2017-01-14T00:00:00Z", "references": [ { "type": "REPORT", "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html#AppendixMSQL" }, { "type": "WEB", "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html#AppendixMSQL" }, { "type": "WEB", "url": "https://mariadb.com/kb/en/mariadb/mariadb-10028-release-notes/" }, { "type": "WEB", "url": "https://mariadb.com/kb/en/mariadb/mariadb-5552-release-notes/" }, { "type": "WEB", "url": "https://mariadb.com/kb/en/mariadb/mariadb-10118-release-notes/" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2016-3492" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2016-5616" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2016-5617" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2016-5624" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2016-5626" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2016-5629" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2016-6663" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2016-6664" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2016-8283" } ], "schema_version": "1.7.0", "summary": "MySQL -- multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "ansible" }, "ranges": [ { "events": [ { "introduced": "1.9.6_1,1" }, { "fixed": "2.2.0.0_2" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://www.computest.nl/advisories/CT-2017-0109_Ansible.txt" ], "discovery": "2017-01-09T00:00:00Z", "references": { "cvename": [ "CVE-2016-9587" ] }, "vid": "a93c3287-d8fd-11e6-be5c-001fbc0f280f" }, "details": "Computest reports:\n\n> Computest found and exploited several issues that allow a compromised\n> host to execute commands on the Ansible controller and thus gain\n> access to other hosts controlled by that controller.\n", "id": "FreeBSD-2017-0021", "modified": "2017-01-12T00:00:00Z", "published": "2017-01-12T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://www.computest.nl/advisories/CT-2017-0109_Ansible.txt" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2016-9587" }, { "type": "WEB", "url": "https://www.computest.nl/advisories/CT-2017-0109_Ansible.txt" }, { "type": "WEB", "url": "https://lwn.net/Articles/711357/" } ], "schema_version": "1.7.0", "summary": "Ansible -- Command execution on Ansible controller from host" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "phpmailer" }, "ranges": [ { "events": [ { "fixed": "5.2.22" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "tt-rss" }, "ranges": [ { "events": [ { "fixed": "2017.01.16" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "http://www.securityfocus.com/bid/95328/discuss" ], "discovery": "2017-01-10T00:00:00Z", "references": { "cvename": [ "CVE-2017-5223" ] }, "vid": "7ae0be99-d8bb-11e6-9b7f-d43d7e971a1b" }, "details": "SecurityFocus reports:\n\n> PHPMailer is prone to an local information-disclosure vulnerability.\n> Attackers can exploit this issue to obtain sensitive information that\n> may aid in launching further attacks.\n", "id": "FreeBSD-2017-0020", "modified": "2017-01-12T00:00:00Z", "published": "2017-01-12T00:00:00Z", "references": [ { "type": "REPORT", "url": "http://www.securityfocus.com/bid/95328/discuss" }, { "type": "WEB", "url": "http://www.securityfocus.com/bid/95328/discuss" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-5223" } ], "schema_version": "1.7.0", "summary": "phpmailer -- Remote Code Execution" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "bind99" }, "ranges": [ { "events": [ { "fixed": "9.9.9P5" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "bind910" }, "ranges": [ { "events": [ { "fixed": "9.10.4P5" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "bind911" }, "ranges": [ { "events": [ { "fixed": "9.11.0P2" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "bind9-devel" }, "ranges": [ { "events": [ { "last_affected": "9.12.0.a.2016.12.28" }, { "fixed": "9.12.0.a.2016.12.28" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "FreeBSD" }, "ranges": [ { "events": [ { "introduced": "9.3" }, { "fixed": "10.0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://kb.isc.org/article/AA-01439/0", "https://kb.isc.org/article/AA-01440/0", "https://kb.isc.org/article/AA-01441/0", "https://kb.isc.org/article/AA-01442/0" ], "discovery": "2017-01-11T00:00:00Z", "references": { "cvename": [ "CVE-2016-9131", "CVE-2016-9147", "CVE-2016-9444", "CVE-2016-9778" ] }, "vid": "d4c7e9a9-d893-11e6-9b4d-d050996490d0" }, "details": "ISC reports:\n\n> A malformed query response received by a recursive server in response\n> to a query of RTYPE ANY could trigger an assertion failure while named\n> is attempting to add the RRs in the query response to the cache.\n\n> Depending on the type of query and the EDNS options in the query they\n> receive, DNSSEC-enabled authoritative servers are expected to include\n> RRSIG and other RRsets in their responses to recursive servers.\n> DNSSEC-validating servers will also make specific queries for DS and\n> other RRsets. Whether DNSSEC-validating or not, an error in processing\n> malformed query responses that contain DNSSEC-related RRsets that are\n> inconsistent with other RRsets in the same query response can trigger\n> an assertion failure. Although the combination of properties which\n> triggers the assertion should not occur in normal traffic, it is\n> potentially possible for the assertion to be triggered deliberately by\n> an attacker sending a specially-constructed answer.\n\n> An unusually-formed answer containing a DS resource record could\n> trigger an assertion failure. While the combination of properties\n> which triggers the assertion should not occur in normal traffic, it is\n> potentially possible for the assertion to be triggered deliberately by\n> an attacker sending a specially-constructed answer having the required\n> properties.\n\n> An error in handling certain queries can cause an assertion failure\n> when a server is using the nxdomain-redirect feature to cover a zone\n> for which it is also providing authoritative service. A vulnerable\n> server could be intentionally stopped by an attacker if it was using a\n> configuration that met the criteria for the vulnerability and if the\n> attacker could cause it to accept a query that possessed the required\n> attributes.\n", "id": "FreeBSD-2017-0019", "modified": "2017-01-12T00:00:00Z", "published": "2017-01-12T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://kb.isc.org/article/AA-01439/0" }, { "type": "REPORT", "url": "https://kb.isc.org/article/AA-01440/0" }, { "type": "REPORT", "url": "https://kb.isc.org/article/AA-01441/0" }, { "type": "REPORT", "url": "https://kb.isc.org/article/AA-01442/0" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2016-9131" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2016-9147" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2016-9444" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2016-9778" }, { "type": "WEB", "url": "https://kb.isc.org/article/AA-01439/0" }, { "type": "WEB", "url": "https://kb.isc.org/article/AA-01440/0" }, { "type": "WEB", "url": "https://kb.isc.org/article/AA-01441/0" }, { "type": "WEB", "url": "https://kb.isc.org/article/AA-01442/0" } ], "schema_version": "1.7.0", "summary": "BIND -- multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "openssh-portable" }, "ranges": [ { "events": [ { "fixed": "7.3.p1_5,1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "FreeBSD" }, "ranges": [ { "events": [ { "introduced": "11.0" }, { "fixed": "11.0_7" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "10.3" }, { "fixed": "10.3_16" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "discovery": "2017-01-11T00:00:00Z", "references": { "cvename": [ "CVE-2016-10009", "CVE-2016-10010" ], "freebsdsa": [ "SA-17:01.openssh" ] }, "vid": "2c948527-d823-11e6-9171-14dae9d210b8" }, "details": "# Problem Description:\n\nThe ssh-agent(1) agent supports loading a PKCS#11 module from outside a\ntrusted whitelist. An attacker can request loading of a PKCS#11 module\nacross forwarded agent-socket. \\[CVE-2016-10009\\]\n\nWhen privilege separation is disabled, forwarded Unix domain sockets\nwould be created by sshd(8) with the privileges of \\'root\\' instead of\nthe authenticated user. \\[CVE-2016-10010\\]\n\n# Impact:\n\nA remote attacker who have control of a forwarded agent-socket on a\nremote system and have the ability to write files on the system running\nssh-agent(1) agent can run arbitrary code under the same user\ncredential. Because the attacker must already have some control on both\nsystems, it is relatively hard to exploit this vulnerability in a\npractical attack. \\[CVE-2016-10009\\]\n\nWhen privilege separation is disabled (on FreeBSD, privilege separation\nis enabled by default and has to be explicitly disabled), an\nauthenticated attacker can potentially gain root privileges on systems\nrunning OpenSSH server. \\[CVE-2016-10010\\]\n", "id": "FreeBSD-2017-0018", "modified": "2017-01-13T00:00:00Z", "published": "2017-01-11T00:00:00Z", "references": [ { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2016-10009" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2016-10010" }, { "type": "ADVISORY", "url": "https://www.freebsd.org/security/advisories/FreeBSD-SA-17:01.openssh.asc" } ], "schema_version": "1.7.0", "summary": "FreeBSD -- OpenSSH multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "openssl" }, "ranges": [ { "events": [ { "fixed": "1.0.2" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "libressl" }, "ranges": [ { "events": [ { "fixed": "2.4.4_1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "libressl-devel" }, "ranges": [ { "events": [ { "fixed": "2.5.0_1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "http://seclists.org/oss-sec/2017/q1/52" ], "discovery": "2017-01-10T00:00:00Z", "references": { "cvename": [ "CVE-2016-7056" ] }, "vid": "7caebe30-d7f1-11e6-a9a5-b499baebfeaf" }, "details": "Cesar Pereida Garcia reports:\n\n> The signing function in crypto/ecdsa/ecdsa_ossl.c in certain OpenSSL\n> versions and forks is vulnerable to timing attacks when signing with\n> the standardized elliptic curve P-256 despite featuring constant-time\n> curve operations and modular inversion. A software defect omits\n> setting the BN_FLG_CONSTTIME flag for nonces, failing to take a secure\n> code path in the BN_mod_inverse method and therefore resulting in a\n> cache-timing attack vulnerability.\\\n> A malicious user with local access can recover ECDSA P-256 private\n> keys.\n", "id": "FreeBSD-2017-0017", "modified": "2017-01-11T00:00:00Z", "published": "2017-01-11T00:00:00Z", "references": [ { "type": "REPORT", "url": "http://seclists.org/oss-sec/2017/q1/52" }, { "type": "WEB", "url": "http://seclists.org/oss-sec/2017/q1/52" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2016-7056" } ], "schema_version": "1.7.0", "summary": "openssl -- timing attack vulnerability" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "linux-flashplayer" }, "ranges": [ { "events": [ { "fixed": "24.0.0.194" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://helpx.adobe.com/security/products/flash-player/apsb17-02.html" ], "discovery": "2017-01-10T00:00:00Z", "references": { "cvename": [ "CVE-2017-2925", "CVE-2017-2926", "CVE-2017-2927", "CVE-2017-2928", "CVE-2017-2930", "CVE-2017-2931", "CVE-2017-2932", "CVE-2017-2933", "CVE-2017-2934", "CVE-2017-2935", "CVE-2017-2936", "CVE-2017-2937", "CVE-2017-2938" ] }, "vid": "2a7bdc56-d7a3-11e6-ae1b-002590263bf5" }, "details": "Adobe reports:\n\n> These updates resolve a security bypass vulnerability that could lead\n> to information disclosure (CVE-2017-2938).\n>\n> These updates resolve use-after-free vulnerabilities that could lead\n> to code execution (CVE-2017-2932, CVE-2017-2936, CVE-2017-2937).\n>\n> These updates resolve heap buffer overflow vulnerabilities that could\n> lead to code execution (CVE-2017-2927, CVE-2017-2933, CVE-2017-2934,\n> CVE-2017-2935).\n>\n> These updates resolve memory corruption vulnerabilities that could\n> lead to code execution (CVE-2017-2925, CVE-2017-2926, CVE-2017-2928,\n> CVE-2017-2930, CVE-2017-2931).\n", "id": "FreeBSD-2017-0016", "modified": "2017-01-11T00:00:00Z", "published": "2017-01-11T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://helpx.adobe.com/security/products/flash-player/apsb17-02.html" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-2925" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-2926" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-2927" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-2928" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-2930" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-2931" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-2932" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-2933" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-2934" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-2935" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-2936" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-2937" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-2938" }, { "type": "WEB", "url": "https://helpx.adobe.com/security/products/flash-player/apsb17-02.html" } ], "schema_version": "1.7.0", "summary": "flash -- multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "moinmoin" }, "ranges": [ { "events": [ { "fixed": "1.9.9" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "http://hg.moinmo.in/moin/1.9/file/1.9.9/docs/CHANGES" ], "discovery": "2016-10-31T00:00:00Z", "references": { "cvename": [ "CVE-2016-7148", "CVE-2016-7146", "CVE-2016-9119" ], "freebsdpr": [ "ports/214937" ] }, "vid": "ab804e60-d693-11e6-9171-14dae9d210b8" }, "details": "Thomas Waldmann reports:\n\n> - fix XSS in AttachFile view (multifile related) CVE-2016-7148\n>\n> - fix XSS in GUI editor\\'s attachment dialogue CVE-2016-7146\n>\n> - fix XSS in GUI editor\\'s link dialogue CVE-2016-9119\n", "id": "FreeBSD-2017-0015", "modified": "2017-01-09T00:00:00Z", "published": "2017-01-09T00:00:00Z", "references": [ { "type": "REPORT", "url": "http://hg.moinmo.in/moin/1.9/file/1.9.9/docs/CHANGES" }, { "type": "WEB", "url": "http://hg.moinmo.in/moin/1.9/file/1.9.9/docs/CHANGES" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2016-7148" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2016-7146" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2016-9119" }, { "type": "REPORT", "url": "https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=214937" } ], "schema_version": "1.7.0", "summary": "moinmoin -- XSS vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "libvncserver" }, "ranges": [ { "events": [ { "fixed": "0.9.11" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://github.com/LibVNC/libvncserver/pull/137" ], "discovery": "2016-11-24T00:00:00Z", "references": { "cvename": [ "CVE-2016-9941", "CVE-2016-9942" ], "freebsdpr": [ "ports/215805" ] }, "vid": "64be967a-d379-11e6-a071-001e67f15f5a" }, "details": "libvnc server reports:\n\n> Two unrelated buffer overflows can be used by a malicious server to\n> overwrite parts of the heap and crash the client (or possibly execute\n> arbitrary code).\n", "id": "FreeBSD-2017-0014", "modified": "2017-01-09T00:00:00Z", "published": "2017-01-09T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://github.com/LibVNC/libvncserver/pull/137" }, { "type": "WEB", "url": "https://github.com/LibVNC/libvncserver/pull/137" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2016-9941" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2016-9942" }, { "type": "REPORT", "url": "https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=215805" } ], "schema_version": "1.7.0", "summary": "libvncserver -- multiple buffer overflows" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "libdwarf" }, "ranges": [ { "events": [ { "fixed": "20161124" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://lwn.net/Articles/708092/" ], "discovery": "2016-12-04T00:00:00Z", "references": { "cvename": [ "CVE-2016-5027", "CVE-2016-5028", "CVE-2016-5029", "CVE-2016-5030", "CVE-2016-5031", "CVE-2016-5032", "CVE-2016-5033", "CVE-2016-5035", "CVE-2016-5037", "CVE-2016-5040", "CVE-2016-5041", "CVE-2016-5043", "CVE-2016-5044", "CVE-2016-7510", "CVE-2016-7511", "CVE-2016-8679", "CVE-2016-8680", "CVE-2016-8681", "CVE-2016-9275", "CVE-2016-9276", "CVE-2016-9480", "CVE-2016-9558" ] }, "vid": "83041ca7-d690-11e6-9171-14dae9d210b8" }, "details": "Christian Rebischke reports:\n\n> libdwarf is vulnerable to multiple issues including arbitrary code\n> execution, information disclosure and denial of service.\n", "id": "FreeBSD-2017-0013", "modified": "2017-01-09T00:00:00Z", "published": "2017-01-09T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://lwn.net/Articles/708092/" }, { "type": "WEB", "url": "https://lwn.net/Articles/708092/" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2016-5027" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2016-5028" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2016-5029" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2016-5030" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2016-5031" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2016-5032" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2016-5033" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2016-5035" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2016-5037" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2016-5040" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2016-5041" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2016-5043" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2016-5044" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2016-7510" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2016-7511" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2016-8679" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2016-8680" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2016-8681" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2016-9275" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2016-9276" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2016-9480" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2016-9558" } ], "schema_version": "1.7.0", "summary": "libdwarf -- multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "lynx" }, "ranges": [ { "events": [ { "fixed": "2.8.8.2_5,1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "discovery": "2016-10-26T00:00:00Z", "references": { "cvename": [ "CVE-2014-3566", "CVE-2016-9179" ], "freebsdpr": [ "ports/215464" ] }, "vid": "03532a19-d68e-11e6-9171-14dae9d210b8" }, "details": "Oracle reports:\n\n> Lynx is vulnerable to POODLE by still supporting vulnerable version of\n> SSL. Lynx is also vulnerable to URL attacks by incorrectly parsing\n> hostnames ending with an \\'?\\'.\n", "id": "FreeBSD-2017-0012", "modified": "2017-01-09T00:00:00Z", "published": "2017-01-09T00:00:00Z", "references": [ { "type": "WEB", "url": "https://hg.java.net/hg/solaris-userland~gate/file/bc5351dcb9ac/components/lynx/patches/02-init-openssl.patch" }, { "type": "WEB", "url": "https://hg.java.net/hg/solaris-userland~gate/file/0a979060f73b/components/lynx/patches/05-fix-CVE-2016-9179.patch" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2014-3566" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2016-9179" }, { "type": "REPORT", "url": "https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=215464" } ], "schema_version": "1.7.0", "summary": "lynx -- multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "hdf5" }, "ranges": [ { "events": [ { "fixed": "1.10.0" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "hdf5-18" }, "ranges": [ { "events": [ { "fixed": "1.8.18" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "http://blog.talosintel.com/2016/11/hdf5-vulns.html" ], "discovery": "2016-11-17T00:00:00Z", "references": { "cvename": [ "CVE-2016-4330", "CVE-2016-4331", "CVE-2016-4332", "CVE-2016-4333" ] }, "vid": "91e039ed-d689-11e6-9171-14dae9d210b8" }, "details": "Talos Security reports:\n\n> - CVE-2016-4330 (TALOS-2016-0176) - HDF5 Group libhdf5 H5T_ARRAY Code\n> Execution Vulnerability\n>\n> - CVE-2016-4331 (TALOS-2016-0177) - HDF5 Group libhdf5 H5Z_NBIT Code\n> Execution Vulnerability\n>\n> - CVE-2016-4332 (TALOS-2016-0178) - HDF5 Group libhdf5 Shareable\n> Message Type Code Execution Vulnerability\n>\n> - CVE-2016-4333 (TALOS-2016-0179) - HDF5 Group libhdf5 H5T_COMPOUND\n> Code Execution Vulnerability\n", "id": "FreeBSD-2017-0011", "modified": "2017-01-09T00:00:00Z", "published": "2017-01-09T00:00:00Z", "references": [ { "type": "REPORT", "url": "http://blog.talosintel.com/2016/11/hdf5-vulns.html" }, { "type": "WEB", "url": "http://blog.talosintel.com/2016/11/hdf5-vulns.html" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2016-4330" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2016-4331" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2016-4332" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2016-4333" } ], "schema_version": "1.7.0", "summary": "hdf5 -- multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "py27-django16" }, "ranges": [ { "events": [ { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "py33-django16" }, "ranges": [ { "events": [ { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "py34-django16" }, "ranges": [ { "events": [ { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "py35-django16" }, "ranges": [ { "events": [ { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "drupal6" }, "ranges": [ { "events": [ { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "discovery": "2017-01-06T00:00:00Z", "references": { "freebsdpr": [ "ports/211975" ] }, "vid": "e1ff4c5e-d687-11e6-9171-14dae9d210b8" }, "details": "These packages have reached End of Life status and/or have been removed\nfrom the Ports Tree. They may contain undocumented security issues.\nPlease take caution and find alternative software as soon as possible.\n", "id": "FreeBSD-2017-0010", "modified": "2017-01-06T00:00:00Z", "published": "2017-01-06T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=211975" } ], "schema_version": "1.7.0", "summary": "End of Life Ports" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "pcsc-lite" }, "ranges": [ { "events": [ { "introduced": "1.6.0" }, { "fixed": "1.8.20" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "http://www.openwall.com/lists/oss-security/2017/01/03/2" ], "discovery": "2017-01-03T00:00:00Z", "references": { "cvename": [ "CVE-2016-10109" ] }, "vid": "c218873d-d444-11e6-84ef-f0def167eeea" }, "details": "Peter Wu on Openwall mailing-list reports:\n\n> The issue allows a local attacker to cause a Denial of Service, but\n> can potentially result in Privilege Escalation since the daemon is\n> running as root. while any local user can connect to the Unix socket.\n> Fixed by patch which is released with hpcsc-lite 1.8.20.\n", "id": "FreeBSD-2017-0009", "modified": "2017-01-10T00:00:00Z", "published": "2017-01-06T00:00:00Z", "references": [ { "type": "REPORT", "url": "http://www.openwall.com/lists/oss-security/2017/01/03/2" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2016-10109" }, { "type": "WEB", "url": "http://www.openwall.com/lists/oss-security/2017/01/03/2" } ], "schema_version": "1.7.0", "summary": "Use-After-Free Vulnerability in pcsc-lite" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "gnutls" }, "ranges": [ { "events": [ { "fixed": "3.5.8" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "http://www.gnutls.org/news.html#2017-01-09" ], "discovery": "2017-01-09T00:00:00Z", "vid": "0c5369fc-d671-11e6-a9a5-b499baebfeaf" }, "details": "The GnuTLS project reports:\n\n> - It was found using the OSS-FUZZ fuzzer infrastructure that decoding\n> a specially crafted OpenPGP certificate could lead to heap and stack\n> overflows. (GNUTLS-SA-2017-2)\n> - It was found using the OSS-FUZZ fuzzer infrastructure that decoding\n> a specially crafted X.509 certificate with Proxy Certificate\n> Information extension present could lead to a double free.\n> (GNUTLS-SA-2017-1)\n", "id": "FreeBSD-2017-0008", "modified": "2017-01-09T00:00:00Z", "published": "2017-01-09T00:00:00Z", "references": [ { "type": "REPORT", "url": "http://www.gnutls.org/news.html#2017-01-09" }, { "type": "WEB", "url": "http://www.gnutls.org/news.html#2017-01-09" }, { "type": "WEB", "url": "http://www.gnutls.org/security.html#GNUTLS-SA-2017-2" }, { "type": "WEB", "url": "http://www.gnutls.org/security.html#GNUTLS-SA-2017-1" } ], "schema_version": "1.7.0", "summary": "GnuTLS -- Memory corruption vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "tomcat" }, "ranges": [ { "events": [ { "fixed": "6.0.49" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "tomcat7" }, "ranges": [ { "events": [ { "fixed": "7.0.74" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "tomcat8" }, "ranges": [ { "events": [ { "fixed": "8.0.40" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "http://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.0.40" ], "discovery": "2017-01-05T00:00:00Z", "references": { "cvename": [ "CVE-2016-8745" ], "freebsdpr": [ "ports/215865" ] }, "vid": "e5ec2767-d529-11e6-ae1b-002590263bf5" }, "details": "The Apache Software Foundation reports:\n\n> Important: Information Disclosure CVE-2016-8745\n", "id": "FreeBSD-2017-0007", "modified": "2017-03-18T00:00:00Z", "published": "2017-01-07T00:00:00Z", "references": [ { "type": "REPORT", "url": "http://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.0.40" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2016-8745" }, { "type": "REPORT", "url": "https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=215865" }, { "type": "WEB", "url": "http://tomcat.apache.org/security-6.html#Fixed_in_Apache_Tomcat_6.0.49" }, { "type": "WEB", "url": "http://tomcat.apache.org/security-7.html#Fixed_in_Apache_Tomcat_7.0.74" }, { "type": "WEB", "url": "http://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.0.40" } ], "schema_version": "1.7.0", "summary": "tomcat -- information disclosure vulnerability" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "tomcat" }, "ranges": [ { "events": [ { "fixed": "6.0.48" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "tomcat7" }, "ranges": [ { "events": [ { "fixed": "7.0.73" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "tomcat8" }, "ranges": [ { "events": [ { "fixed": "8.0.39" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "http://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.0.39" ], "discovery": "2016-11-22T00:00:00Z", "references": { "cvename": [ "CVE-2016-8735", "CVE-2016-6816" ], "freebsdpr": [ "ports/214599" ] }, "vid": "0b9af110-d529-11e6-ae1b-002590263bf5" }, "details": "The Apache Software Foundation reports:\n\n> Important: Remote Code Execution CVE-2016-8735\n>\n> Important: Information Disclosure CVE-2016-6816\n", "id": "FreeBSD-2017-0006", "modified": "2017-03-18T00:00:00Z", "published": "2017-01-07T00:00:00Z", "references": [ { "type": "REPORT", "url": "http://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.0.39" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2016-8735" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2016-6816" }, { "type": "REPORT", "url": "https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=214599" }, { "type": "WEB", "url": "http://tomcat.apache.org/security-6.html#Fixed_in_Apache_Tomcat_6.0.48" }, { "type": "WEB", "url": "http://tomcat.apache.org/security-7.html#Fixed_in_Apache_Tomcat_7.0.73" }, { "type": "WEB", "url": "http://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.0.39" } ], "schema_version": "1.7.0", "summary": "tomcat -- multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "tomcat" }, "ranges": [ { "events": [ { "fixed": "6.0.47" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "tomcat7" }, "ranges": [ { "events": [ { "fixed": "7.0.72" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "tomcat8" }, "ranges": [ { "events": [ { "fixed": "8.0.37" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "http://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.5.5_and_8.0.37" ], "discovery": "2016-10-27T00:00:00Z", "references": { "cvename": [ "CVE-2016-6797", "CVE-2016-6796", "CVE-2016-6794", "CVE-2016-5018", "CVE-2016-0762" ] }, "vid": "3ae106e2-d521-11e6-ae1b-002590263bf5" }, "details": "The Apache Software Foundation reports:\n\n> Low: Unrestricted Access to Global Resources CVE-2016-6797\n>\n> Low: Security Manager Bypass CVE-2016-6796\n>\n> Low: System Property Disclosure CVE-2016-6794\n>\n> Low: Security Manager Bypass CVE-2016-5018\n>\n> Low: Timing Attack CVE-2016-0762\n", "id": "FreeBSD-2017-0005", "modified": "2017-03-18T00:00:00Z", "published": "2017-01-07T00:00:00Z", "references": [ { "type": "REPORT", "url": "http://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.5.5_and_8.0.37" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2016-6797" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2016-6796" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2016-6794" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2016-5018" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2016-0762" }, { "type": "WEB", "url": "http://tomcat.apache.org/security-6.html#Fixed_in_Apache_Tomcat_6.0.47" }, { "type": "WEB", "url": "http://tomcat.apache.org/security-7.html#Fixed_in_Apache_Tomcat_7.0.72" }, { "type": "WEB", "url": "http://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.5.5_and_8.0.37" } ], "schema_version": "1.7.0", "summary": "tomcat -- multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "irssi" }, "ranges": [ { "events": [ { "fixed": "0.8.21" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://irssi.org/security/irssi_sa_2017_01.txt" ], "discovery": "2017-01-03T00:00:00Z", "references": { "cvename": [ "CVE-2017-5193", "CVE-2017-5194", "CVE-2017-5195", "CVE-2017-5196", "CVE-2017-5356" ], "freebsdpr": [ "ports/215800" ] }, "vid": "3d6be69b-d365-11e6-a071-001e67f15f5a" }, "details": "Irssi reports:\n\n> Five vulnerabilities have been located in Irssi\n>\n> - A NULL pointer dereference in the nickcmp function found by Joseph\n> Bisch. (CWE-690)\n> - Use after free when receiving invalid nick message (Issue #466,\n> CWE-146)\n> - Out of bounds read in certain incomplete control codes found by\n> Joseph Bisch. (CWE-126)\n> - Out of bounds read in certain incomplete character sequences found\n> by Hanno B\u00f6ck and independently by J. Bisch. (CWE-126)\n> - Out of bounds read when Printing the value \\'%\\[\\'. Found by Hanno\n> B\u00f6ck. (CWE-126)\n>\n> These issues may result in denial of service (remote crash).\n", "id": "FreeBSD-2017-0004", "modified": "2017-01-15T00:00:00Z", "published": "2017-01-05T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://irssi.org/security/irssi_sa_2017_01.txt" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-5193" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-5194" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-5195" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-5196" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2017-5356" }, { "type": "REPORT", "url": "https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=215800" }, { "type": "WEB", "url": "https://irssi.org/security/irssi_sa_2017_01.txt" } ], "schema_version": "1.7.0", "summary": "Irssi -- multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "codeigniter" }, "ranges": [ { "events": [ { "fixed": "3.1.2" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://www.codeigniter.com/user_guide/changelog.html" ], "discovery": "2016-10-28T00:00:00Z", "vid": "496160d3-d3be-11e6-ae1b-002590263bf5" }, "details": "The CodeIgniter changelog reports:\n\n> Fixed a number of new vulnerabilities in Security Library method\n> xss_clean().\n", "id": "FreeBSD-2017-0003", "modified": "2017-01-06T00:00:00Z", "published": "2017-01-06T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://www.codeigniter.com/user_guide/changelog.html" }, { "type": "WEB", "url": "https://www.codeigniter.com/user_guide/changelog.html" } ], "schema_version": "1.7.0", "summary": "codeigniter -- multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "codeigniter" }, "ranges": [ { "events": [ { "fixed": "3.1.0" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://www.codeigniter.com/user_guide/changelog.html" ], "discovery": "2016-07-26T00:00:00Z", "vid": "5e439ee7-d3bd-11e6-ae1b-002590263bf5" }, "details": "The CodeIgniter changelog reports:\n\n> Fixed an SQL injection in the 'odbc' database driver.\n>\n> Updated set_realpath() Path Helper function to filter-out php://\n> wrapper inputs.\n", "id": "FreeBSD-2017-0002", "modified": "2017-01-06T00:00:00Z", "published": "2017-01-06T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://www.codeigniter.com/user_guide/changelog.html" }, { "type": "WEB", "url": "https://www.codeigniter.com/user_guide/changelog.html" } ], "schema_version": "1.7.0", "summary": "codeigniter -- multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "w3m" }, "ranges": [ { "events": [ { "fixed": "0.5.3.20170102" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "w3m-img" }, "ranges": [ { "events": [ { "fixed": "0.5.3.20170102" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "ja-w3m" }, "ranges": [ { "events": [ { "fixed": "0.5.3.20170102" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "ja-w3m-img" }, "ranges": [ { "events": [ { "fixed": "0.5.3.20170102" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "discovery": "2016-11-03T00:00:00Z", "references": { "cvename": [ "CVE-2016-9422", "CVE-2016-9423", "CVE-2016-9424", "CVE-2016-9425", "CVE-2016-9426", "CVE-2016-9428", "CVE-2016-9429", "CVE-2016-9430", "CVE-2016-9431", "CVE-2016-9432", "CVE-2016-9433", "CVE-2016-9434", "CVE-2016-9435", "CVE-2016-9436", "CVE-2016-9437", "CVE-2016-9438", "CVE-2016-9439", "CVE-2016-9440", "CVE-2016-9441", "CVE-2016-9442", "CVE-2016-9443", "CVE-2016-9622", "CVE-2016-9623", "CVE-2016-9624", "CVE-2016-9625", "CVE-2016-9626", "CVE-2016-9627", "CVE-2016-9628", "CVE-2016-9629", "CVE-2016-9630", "CVE-2016-9631", "CVE-2016-9632", "CVE-2016-9633" ] }, "vid": "eafa3aec-211b-4dd4-9b8a-a664a3f0917a" }, "details": "Multiple remote code execution and denial of service conditions present.\n", "id": "FreeBSD-2017-0001", "modified": "2017-01-09T00:00:00Z", "published": "2017-01-01T00:00:00Z", "references": [ { "type": "WEB", "url": "http://seclists.org/oss-sec/2016/q4/452" }, { "type": "WEB", "url": "http://seclists.org/oss-sec/2016/q4/516" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2016-9422" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2016-9423" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2016-9424" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2016-9425" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2016-9426" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2016-9428" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2016-9429" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2016-9430" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2016-9431" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2016-9432" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2016-9433" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2016-9434" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2016-9435" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2016-9436" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2016-9437" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2016-9438" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2016-9439" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2016-9440" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2016-9441" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2016-9442" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2016-9443" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2016-9622" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2016-9623" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2016-9624" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2016-9625" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2016-9626" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2016-9627" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2016-9628" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2016-9629" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2016-9630" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2016-9631" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2016-9632" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2016-9633" } ], "schema_version": "1.7.0", "summary": "w3m -- multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "h2o" }, "ranges": [ { "events": [ { "fixed": "2.0.4_2" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://github.com/h2o/h2o/issues?q=label%3Avulnerability" ], "discovery": "2016-09-09T00:00:00Z", "vid": "d0b12952-cb86-11e6-906f-0cc47a065786" }, "details": "Kazuho Oku reports:\n\n> A use-after-free vulnerability exists in H2O up to and including\n> version 2.0.4 / 2.1.0-beta3 that can be used by a remote attacker to\n> mount DoS attacks and / or information theft.\n", "id": "FreeBSD-2016-0497", "modified": "2016-12-29T00:00:00Z", "published": "2016-12-29T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://github.com/h2o/h2o/issues?q=label%3Avulnerability" }, { "type": "WEB", "url": "https://github.com/h2o/h2o/releases/tag/v2.0.5" }, { "type": "WEB", "url": "https://github.com/h2o/h2o/issues/1144" } ], "schema_version": "1.7.0", "summary": "h2o -- Use-after-free vulnerability" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "php70" }, "ranges": [ { "events": [ { "fixed": "7.0.14" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "http://blog.checkpoint.com/2016/12/27/check-point-discovers-three-zero-day-vulnerabilities-web-programming-language-php-7/" ], "discovery": "2016-12-27T00:00:00Z", "references": { "cvename": [ "CVE-2016-7478", "CVE-2016-7479", "CVE-2016-7480" ] }, "vid": "1b61ecef-cdb9-11e6-a9a5-b499baebfeaf" }, "details": "Check Point reports:\n\n> \\... discovered 3 fresh and previously unknown vulnerabilities\n> (CVE-2016-7479, CVE-2016-7480, CVE-2016-7478) in the PHP 7 unserialize\n> mechanism.\n>\n> The first two vulnerabilities allow attackers to take full control\n> over servers, allowing them to do anything they want with the website,\n> from spreading malware to defacing it or stealing customer data.\n>\n> The last vulnerability generates a Denial of Service attack which\n> basically hangs the website, exhausts its memory consumption, and\n> shuts it down.\n>\n> The PHP security team issued fixes for two of the vulnerabilities on\n> the 13th of October and 1st of December.\n", "id": "FreeBSD-2016-0496", "modified": "2017-01-04T00:00:00Z", "published": "2016-12-29T00:00:00Z", "references": [ { "type": "REPORT", "url": "http://blog.checkpoint.com/2016/12/27/check-point-discovers-three-zero-day-vulnerabilities-web-programming-language-php-7/" }, { "type": "WEB", "url": "http://blog.checkpoint.com/2016/12/27/check-point-discovers-three-zero-day-vulnerabilities-web-programming-language-php-7/" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2016-7478" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2016-7479" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2016-7480" } ], "schema_version": "1.7.0", "summary": "PHP -- multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "php70" }, "ranges": [ { "events": [ { "fixed": "7.0.14" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "http://php.net/ChangeLog-7.php#7.0.14" ], "discovery": "2016-12-08T00:00:00Z", "references": { "cvename": [ "CVE-2016-9935", "CVE-2016-9936" ] }, "vid": "6972668d-cdb7-11e6-a9a5-b499baebfeaf" }, "details": "The PHP project reports:\n\n> - Use After Free Vulnerability in unserialize() (CVE-2016-9936)\n> - Invalid read when wddx decodes empty boolean element (CVE-2016-9935)\n", "id": "FreeBSD-2016-0495", "modified": "2016-12-29T00:00:00Z", "published": "2016-12-29T00:00:00Z", "references": [ { "type": "REPORT", "url": "http://php.net/ChangeLog-7.php#7.0.14" }, { "type": "WEB", "url": "http://php.net/ChangeLog-7.php#7.0.14" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2016-9935" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2016-9936" } ], "schema_version": "1.7.0", "summary": "PHP -- multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "phpmailer" }, "ranges": [ { "events": [ { "fixed": "5.2.20" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "tt-rss" }, "ranges": [ { "events": [ { "fixed": "29.12.2016.04.37" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://legalhackers.com/advisories/PHPMailer-Exploit-Remote-Code-Exec-CVE-2016-10045-Vuln-Patch-Bypass.html" ], "discovery": "2016-12-28T00:00:00Z", "references": { "cvename": [ "CVE-2016-10045" ] }, "vid": "3c4693de-ccf7-11e6-a9a5-b499baebfeaf" }, "details": "Legal Hackers reports:\n\n> An independent research uncovered a critical vulnerability in\n> PHPMailer that could potentially be used by (unauthenticated) remote\n> attackers to achieve remote arbitrary code execution in the context of\n> the web server user and remotely compromise the target web\n> application.\n>\n> To exploit the vulnerability an attacker could target common website\n> components such as contact/feedback forms, registration forms,\n> password email resets and others that send out emails with the help of\n> a vulnerable version of the PHPMailer class.\n>\n> The first patch of the vulnerability CVE-2016-10033 was incomplete.\n> This advisory demonstrates the bypass of the patch. The bypass allows\n> to carry out Remote Code Execution on all current versions (including\n> 5.2.19).\n", "id": "FreeBSD-2016-0494", "modified": "2016-12-28T00:00:00Z", "published": "2016-12-28T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://legalhackers.com/advisories/PHPMailer-Exploit-Remote-Code-Exec-CVE-2016-10045-Vuln-Patch-Bypass.html" }, { "type": "WEB", "url": "https://legalhackers.com/advisories/PHPMailer-Exploit-Remote-Code-Exec-CVE-2016-10045-Vuln-Patch-Bypass.html" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2016-10045" } ], "schema_version": "1.7.0", "summary": "phpmailer -- Remote Code Execution" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "samba36" }, "ranges": [ { "events": [ { "introduced": "3.6.0" }, { "last_affected": "3.6.25_4" }, { "fixed": "3.6.25_4" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "samba4" }, "ranges": [ { "events": [ { "introduced": "4.0.0" }, { "last_affected": "4.0.26" }, { "fixed": "4.0.26" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "samba41" }, "ranges": [ { "events": [ { "introduced": "4.1.0" }, { "last_affected": "4.1.23" }, { "fixed": "4.1.23" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "samba42" }, "ranges": [ { "events": [ { "introduced": "4.2.0" }, { "last_affected": "4.2.14" }, { "fixed": "4.2.14" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "samba43" }, "ranges": [ { "events": [ { "introduced": "4.3.0" }, { "fixed": "4.3.13" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "samba44" }, "ranges": [ { "events": [ { "introduced": "4.4.0" }, { "fixed": "4.4.8" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "samba45" }, "ranges": [ { "events": [ { "introduced": "4.5.0" }, { "fixed": "4.5.3" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://www.samba.org/samba/latest_news.html#4.5.3" ], "discovery": "2016-12-19T00:00:00Z", "references": { "cvename": [ "CVE-2016-2123", "CVE-2016-2125", "CVE-2016-2126" ] }, "vid": "e4bc323f-cc73-11e6-b704-000c292e4fd8" }, "details": "Samba team reports:\n\n> \\[CVE-2016-2123\\] Authenticated users can supply malicious dnsRecord\n> attributes on DNS objects and trigger a controlled memory corruption.\n>\n> \\[CVE-2016-2125\\] Samba client code always requests a forwardable\n> ticket when using Kerberos authentication. This means the target\n> server, which must be in the current or trusted domain/realm, is given\n> a valid general purpose Kerberos \\\"Ticket Granting Ticket\\\" (TGT),\n> which can be used to fully impersonate the authenticated user or\n> service.\n>\n> \\[CVE-2016-2126\\] A remote, authenticated, attacker can cause the\n> winbindd process to crash using a legitimate Kerberos ticket due to\n> incorrect handling of the PAC checksum. A local service with access to\n> the winbindd privileged pipe can cause winbindd to cache elevated\n> access permissions.\n", "id": "FreeBSD-2016-0493", "modified": "2016-12-26T00:00:00Z", "published": "2016-12-26T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://www.samba.org/samba/latest_news.html#4.5.3" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2016-2123" }, { "type": "WEB", "url": "https://www.samba.org/samba/security/CVE-2016-2123.html" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2016-2125" }, { "type": "WEB", "url": "https://www.samba.org/samba/security/CVE-2016-2125.html" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2016-2126" }, { "type": "WEB", "url": "https://www.samba.org/samba/security/CVE-2016-2126.html" } ], "schema_version": "1.7.0", "summary": "samba -- multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "upnp" }, "ranges": [ { "events": [ { "fixed": "1.6.21" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://twitter.com/mjg59/status/755062278513319936", "https://sourceforge.net/p/pupnp/bugs/133/" ], "discovery": "2016-02-23T00:00:00Z", "references": { "cvename": [ "CVE-2016-6255", "CVE-2016-8863" ] }, "vid": "244c8288-cc4a-11e6-a475-bcaec524bf84" }, "details": "Matthew Garett reports:\n\n> Reported this to upstream 8 months ago without response, so:\n> libupnp\\'s default behaviour allows anyone to write to your\n> filesystem. Seriously. Find a device running a libupnp based server\n> (Shodan says there\\'s rather a lot), and POST a file to /testfile.\n> Then GET /testfile \\... and yeah if the server is running as root (it\n> is) and is using / as the web root (probably not, but maybe) this\n> gives full host fs access.\n\nScott Tenaglia reports:\n\n> There is a heap buffer overflow vulnerability in the create_url_list\n> function in upnp/src/gena/gena_device.c.\n", "id": "FreeBSD-2016-0492", "modified": "2016-12-27T00:00:00Z", "published": "2016-12-27T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://twitter.com/mjg59/status/755062278513319936" }, { "type": "REPORT", "url": "https://sourceforge.net/p/pupnp/bugs/133/" }, { "type": "WEB", "url": "https://twitter.com/mjg59/status/755062278513319936" }, { "type": "WEB", "url": "https://sourceforge.net/p/pupnp/bugs/133/" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2016-6255" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2016-8863" } ], "schema_version": "1.7.0", "summary": "upnp -- multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "phpmailer" }, "ranges": [ { "events": [ { "fixed": "5.2.18" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "tt-rss" }, "ranges": [ { "events": [ { "fixed": "26.12.2016.07.29" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "http://legalhackers.com/advisories/PHPMailer-Exploit-Remote-Code-Exec-CVE-2016-10033-Vuln.html" ], "discovery": "2016-12-26T00:00:00Z", "references": { "cvename": [ "CVE-2016-10033" ] }, "vid": "c7656d4c-cb60-11e6-a9a5-b499baebfeaf" }, "details": "Legal Hackers reports:\n\n> An independent research uncovered a critical vulnerability in\n> PHPMailer that could potentially be used by (unauthenticated) remote\n> attackers to achieve remote arbitrary code execution in the context of\n> the web server user and remotely compromise the target web\n> application.\n>\n> To exploit the vulnerability an attacker could target common website\n> components such as contact/feedback forms, registration forms,\n> password email resets and others that send out emails with the help of\n> a vulnerable version of the PHPMailer class.\n", "id": "FreeBSD-2016-0491", "modified": "2016-12-26T00:00:00Z", "published": "2016-12-26T00:00:00Z", "references": [ { "type": "REPORT", "url": "http://legalhackers.com/advisories/PHPMailer-Exploit-Remote-Code-Exec-CVE-2016-10033-Vuln.html" }, { "type": "WEB", "url": "http://legalhackers.com/advisories/PHPMailer-Exploit-Remote-Code-Exec-CVE-2016-10033-Vuln.html" }, { "type": "WEB", "url": "https://github.com/PHPMailer/PHPMailer/blob/master/SECURITY.md" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2016-10033" } ], "schema_version": "1.7.0", "summary": "phpmailer -- Remote Code Execution" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "exim" }, "ranges": [ { "events": [ { "introduced": "4.69,1" }, { "fixed": "4.87.1" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://exim.org/static/doc/CVE-2016-9963.txt" ], "discovery": "2016-12-15T00:00:00Z", "references": { "cvename": [ "CVE-2016-9963" ] }, "vid": "e7002b26-caaa-11e6-a76a-9f7324e5534e" }, "details": "The Exim project reports:\n\n> Exim leaks the private DKIM signing key to the log files.\n> Additionally, if the build option EXPERIMENTAL_DSN_INFO=yes is used,\n> the key material is included in the bounce message.\n", "id": "FreeBSD-2016-0490", "modified": "2016-12-25T00:00:00Z", "published": "2016-12-25T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://exim.org/static/doc/CVE-2016-9963.txt" }, { "type": "WEB", "url": "https://exim.org/static/doc/CVE-2016-9963.txt" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2016-9963" } ], "schema_version": "1.7.0", "summary": "exim -- DKIM private key leak" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "curl" }, "ranges": [ { "events": [ { "introduced": "7.52.0" }, { "fixed": "7.52.1" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://curl.haxx.se/docs/adv_20161223.html" ], "discovery": "2016-12-23T00:00:00Z", "references": { "cvename": [ "CVE-2016-9594" ] }, "vid": "c40ca16c-4d9f-4d70-8b6c-4d53aeb8ead4" }, "details": "Project curl Security Advisory:\n\n> libcurl\\'s (new) internal function that returns a good 32bit random\n> value was implemented poorly and overwrote the pointer instead of\n> writing the value into the buffer the pointer pointed to.\n>\n> This random value is used to generate nonces for Digest and NTLM\n> authentication, for generating boundary strings in HTTP formposts and\n> more. Having a weak or virtually non-existent random there makes these\n> operations vulnerable.\n>\n> This function is brand new in 7.52.0 and is the result of an overhaul\n> to make sure libcurl uses strong random as much as possible - provided\n> by the backend TLS crypto libraries when present. The faulty function\n> was introduced in this commit.\n>\n> We are not aware of any exploit of this flaw.\n", "id": "FreeBSD-2016-0489", "modified": "2016-12-24T00:00:00Z", "published": "2016-12-24T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://curl.haxx.se/docs/adv_20161223.html" }, { "type": "WEB", "url": "https://curl.haxx.se/docs/adv_20161223.html" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2016-9594" } ], "schema_version": "1.7.0", "summary": "cURL -- uninitialized random vulnerability" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "squid" }, "ranges": [ { "events": [ { "introduced": "3.1" }, { "fixed": "3.5.23" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "squid-devel" }, "ranges": [ { "events": [ { "introduced": "4.0" }, { "fixed": "4.0.17" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "http://www.squid-cache.org/Advisories/SQUID-2016_10.txt", "http://www.squid-cache.org/Advisories/SQUID-2016_11.txt" ], "discovery": "2016-12-16T00:00:00Z", "references": { "cvename": [ "CVE-2016-10002", "CVE-2016-10003" ], "freebsdpr": [ "ports/215416", "ports/215418" ] }, "vid": "41f8af15-c8b9-11e6-ae1b-002590263bf5" }, "details": "Squid security advisory 2016:10 reports:\n\n> Due to incorrect comparison of request headers Squid can deliver\n> responses containing private data to clients it should not have\n> reached.\n>\n> This problem allows a remote attacker to discover private and\n> sensitive information about another clients browsing session.\n> Potentially including credentials which allow access to further\n> sensitive resources. This problem only affects Squid configured to use\n> the Collapsed Forwarding feature. It is of particular importance for\n> HTTPS reverse-proxy sites with Collapsed Forwarding.\n\nSquid security advisory 2016:11 reports:\n\n> Due to incorrect HTTP conditional request handling Squid can deliver\n> responses containing private data to clients it should not have\n> reached.\n>\n> This problem allows a remote attacker to discover private and\n> sensitive information about another clients browsing session.\n> Potentially including credentials which allow access to further\n> sensitive resources..\n", "id": "FreeBSD-2016-0488", "modified": "2016-12-23T00:00:00Z", "published": "2016-12-23T00:00:00Z", "references": [ { "type": "REPORT", "url": "http://www.squid-cache.org/Advisories/SQUID-2016_10.txt" }, { "type": "REPORT", "url": "http://www.squid-cache.org/Advisories/SQUID-2016_11.txt" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2016-10002" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2016-10003" }, { "type": "REPORT", "url": "https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=215416" }, { "type": "REPORT", "url": "https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=215418" }, { "type": "WEB", "url": "http://www.squid-cache.org/Advisories/SQUID-2016_10.txt" }, { "type": "WEB", "url": "http://www.squid-cache.org/Advisories/SQUID-2016_11.txt" } ], "schema_version": "1.7.0", "summary": "squid -- multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "vim" }, "ranges": [ { "events": [ { "fixed": "8.0.0056" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "vim-console" }, "ranges": [ { "events": [ { "fixed": "8.0.0056" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "vim-lite" }, "ranges": [ { "events": [ { "fixed": "8.0.0056" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "neovim" }, "ranges": [ { "events": [ { "fixed": "0.1.7" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1248" ], "discovery": "2016-11-22T00:00:00Z", "references": { "bid": [ "94478" ], "cvename": [ "CVE-2016-1248" ] }, "vid": "c11629d3-c8ad-11e6-ae1b-002590263bf5" }, "details": "Mitre reports:\n\n> vim before patch 8.0.0056 does not properly validate values for the\n> \\'filetype\\', \\'syntax\\' and \\'keymap\\' options, which may result in\n> the execution of arbitrary code if a file with a specially crafted\n> modeline is opened.\n", "id": "FreeBSD-2016-0487", "modified": "2016-12-23T00:00:00Z", "published": "2016-12-23T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1248" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2016-1248" }, { "type": "ADVISORY", "url": "https://www.securityfocus.com/bid/94478/info" }, { "type": "WEB", "url": "https://github.com/vim/vim/commit/d0b5138ba4bccff8a744c99836041ef6322ed39a" }, { "type": "WEB", "url": "https://github.com/neovim/neovim/commit/4fad66fbe637818b6b3d6bc5d21923ba72795040" } ], "schema_version": "1.7.0", "summary": "vim -- arbitrary command execution" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "pligg" }, "ranges": [ { "events": [ { "last_affected": "2.0.2,1" }, { "fixed": "2.0.2,1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://www.netsparker.com/web-applications-advisories/ns-15-011-xss-vulnerability-identified-in-pligg-cms/" ], "discovery": "2015-05-13T00:00:00Z", "vid": "c290f093-c89e-11e6-821e-68f7288bdf41" }, "details": "Netsparker reports:\n\n> Proof of Concept URL for XSS in Pligg CMS:\n>\n> Page: groups.php\n>\n> Parameter Name: keyword\n>\n> Parameter Type: GET\n>\n> Attack Pattern:\n> http://example.com/pligg-cms-2.0.2/groups.php?view=search&keyword=\\'+alert(0x000D82)+\\'\n>\n> For more information on cross-site scripting vulnerabilities read the\n> article Cross-site Scripting (XSS).\n", "id": "FreeBSD-2016-0486", "modified": "2016-12-22T00:00:00Z", "published": "2016-12-22T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://www.netsparker.com/web-applications-advisories/ns-15-011-xss-vulnerability-identified-in-pligg-cms/" }, { "type": "WEB", "url": "https://www.netsparker.com/web-applications-advisories/ns-15-011-xss-vulnerability-identified-in-pligg-cms/" } ], "schema_version": "1.7.0", "summary": "Pligg CMS -- XSS Vulnerability" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "FreeBSD" }, "ranges": [ { "events": [ { "introduced": "11.0" }, { "fixed": "11.0_6" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "10.3" }, { "fixed": "10.3_15" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "10.2" }, { "fixed": "10.2_28" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "10.1" }, { "fixed": "10.1_45" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "9.3" }, { "fixed": "9.3_53" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "discovery": "2016-12-22T00:00:00Z", "references": { "cvename": [ "CVE-2016-7426", "CVE-2016-7427", "CVE-2016-7428", "CVE-2016-7431", "CVE-2016-7433", "CVE-2016-7434", "CVE-2016-9310", "CVE-2016-9311" ], "freebsdsa": [ "SA-16:39.ntp" ] }, "vid": "fcedcdbb-c86e-11e6-b1cf-14dae9d210b8" }, "details": "# Problem Description:\n\nMultiple vulnerabilities have been discovered in the NTP suite:\n\nCVE-2016-9311: Trap crash, Reported by Matthew Van Gundy of Cisco ASIG.\n\nCVE-2016-9310: Mode 6 unauthenticated trap information disclosure and\nDDoS vector. Reported by Matthew Van Gundy of Cisco ASIG.\n\nCVE-2016-7427: Broadcast Mode Replay Prevention DoS. Reported by Matthew\nVan Gundy of Cisco ASIG.\n\nCVE-2016-7428: Broadcast Mode Poll Interval Enforcement DoS. Reported by\nMatthew Van Gundy of Cisco ASIG.\n\nCVE-2016-7431: Regression: 010-origin: Zero Origin Timestamp Bypass.\nReported by Sharon Goldberg and Aanchal Malhotra of Boston University.\n\nCVE-2016-7434: Null pointer dereference in\n\\_IO_str_init_static_internal(). Reported by Magnus Stubman.\n\nCVE-2016-7426: Client rate limiting and server responses. Reported by\nMiroslav Lichvar of Red Hat.\n\nCVE-2016-7433: Reboot sync calculation problem. Reported independently\nby Brian Utterback of Oracle, and by Sharon Goldberg and Aanchal\nMalhotra of Boston University.\n\n# Impact:\n\nA remote attacker who can send a specially crafted packet to cause a\nNULL pointer dereference that will crash ntpd, resulting in a Denial of\nService. \\[CVE-2016-9311\\]\n\nAn exploitable configuration modification vulnerability exists in the\ncontrol mode (mode 6) functionality of ntpd. If, against long-standing\nBCP recommendations, \\\"restrict default noquery \\...\\\" is not specified,\na specially crafted control mode packet can set ntpd traps, providing\ninformation disclosure and DDoS amplification, and unset ntpd traps,\ndisabling legitimate monitoring by an attacker from remote.\n\\[CVE-2016-9310\\]\n\nAn attacker with access to the NTP broadcast domain can periodically\ninject specially crafted broadcast mode NTP packets into the broadcast\ndomain which, while being logged by ntpd, can cause ntpd to reject\nbroadcast mode packets from legitimate NTP broadcast servers.\n\\[CVE-2016-7427\\]\n\nAn attacker with access to the NTP broadcast domain can send specially\ncrafted broadcast mode NTP packets to the broadcast domain which, while\nbeing logged by ntpd, will cause ntpd to reject broadcast mode packets\nfrom legitimate NTP broadcast servers. \\[CVE-2016-7428\\]\n\nOrigin timestamp problems were fixed in ntp 4.2.8p6. However, subsequent\ntimestamp validation checks introduced a regression in the handling of\nsome Zero origin timestamp checks. \\[CVE-2016-7431\\]\n\nIf ntpd is configured to allow mrulist query requests from a server that\nsends a crafted malicious packet, ntpd will crash on receipt of that\ncrafted malicious mrulist query packet. \\[CVE-2016-7434\\]\n\nAn attacker who knows the sources (e.g., from an IPv4 refid in server\nresponse) and knows the system is (mis)configured in this way can\nperiodically send packets with spoofed source address to keep the rate\nlimiting activated and prevent ntpd from accepting valid responses from\nits sources. \\[CVE-2016-7426\\]\n\nNtp Bug 2085 described a condition where the root delay was included\ntwice, causing the jitter value to be higher than expected. Due to a\nmisinterpretation of a small-print variable in The Book, the fix for\nthis problem was incorrect, resulting in a root distance that did not\ninclude the peer dispersion. The calculations and formulas have been\nreviewed and reconciled, and the code has been updated accordingly.\n\\[CVE-2016-7433\\]\n", "id": "FreeBSD-2016-0485", "modified": "2016-12-22T00:00:00Z", "published": "2016-12-22T00:00:00Z", "references": [ { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2016-7426" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2016-7427" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2016-7428" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2016-7431" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2016-7433" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2016-7434" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2016-9310" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2016-9311" }, { "type": "ADVISORY", "url": "https://www.freebsd.org/security/advisories/FreeBSD-SA-16:39.ntp.asc" } ], "schema_version": "1.7.0", "summary": "FreeBSD -- Multiple vulnerabilities of ntp" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "curl" }, "ranges": [ { "events": [ { "introduced": "7.1" }, { "fixed": "7.52" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://curl.haxx.se/docs/vuln-7.51.0.html" ], "discovery": "2016-12-21T00:00:00Z", "references": { "cvename": [ "CVE-2016-9586" ] }, "vid": "42880202-c81c-11e6-a9a5-b499baebfeaf" }, "details": "The cURL project reports:\n\n> ## printf floating point buffer overflow\n>\n> libcurl\\'s implementation of the printf() functions triggers a buffer\n> overflow when doing a large floating point output. The bug occurs when\n> the conversion outputs more than 255 bytes.\n", "id": "FreeBSD-2016-0484", "modified": "2016-12-22T00:00:00Z", "published": "2016-12-22T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://curl.haxx.se/docs/vuln-7.51.0.html" }, { "type": "WEB", "url": "https://curl.haxx.se/docs/vuln-7.51.0.html" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2016-9586" } ], "schema_version": "1.7.0", "summary": "cURL -- buffer overflow" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "joomla3" }, "ranges": [ { "events": [ { "introduced": "1.6.0" }, { "fixed": "3.6.5" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://developer.joomla.org/security-centre/664-20161201-core-elevated-privileges.html", "https://developer.joomla.org/security-centre/665-20161202-core-shell-upload.html", "https://developer.joomla.org/security-centre/666-20161203-core-information-disclosure.html" ], "discovery": "2016-12-06T00:00:00Z", "references": { "cvename": [ "CVE-2016-9836", "CVE-2016-9837", "CVE-2016-9838" ] }, "vid": "624b45c0-c7f3-11e6-ae1b-002590263bf5" }, "details": "The JSST and the Joomla! Security Center report:\n\n> ## \\[20161201\\] - Core - Elevated Privileges\n>\n> Incorrect use of unfiltered data stored to the session on a form\n> validation failure allows for existing user accounts to be modified;\n> to include resetting their username, password, and user group\n> assignments.\n\n> ## \\[20161202\\] - Core - Shell Upload\n>\n> Inadequate filesystem checks allowed files with alternative PHP file\n> extensions to be uploaded.\n\n> ## \\[20161203\\] - Core - Information Disclosure\n>\n> Inadequate ACL checks in the Beez3 com_content article layout override\n> enables a user to view restricted content.\n", "id": "FreeBSD-2016-0483", "modified": "2016-12-22T00:00:00Z", "published": "2016-12-22T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://developer.joomla.org/security-centre/664-20161201-core-elevated-privileges.html" }, { "type": "REPORT", "url": "https://developer.joomla.org/security-centre/665-20161202-core-shell-upload.html" }, { "type": "REPORT", "url": "https://developer.joomla.org/security-centre/666-20161203-core-information-disclosure.html" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2016-9836" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2016-9837" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2016-9838" }, { "type": "WEB", "url": "https://developer.joomla.org/security-centre/664-20161201-core-elevated-privileges.html" }, { "type": "WEB", "url": "https://developer.joomla.org/security-centre/665-20161202-core-shell-upload.html" }, { "type": "WEB", "url": "https://developer.joomla.org/security-centre/666-20161203-core-information-disclosure.html" }, { "type": "WEB", "url": "https://www.joomla.org/announcements/release-news/5693-joomla-3-6-5-released.html" } ], "schema_version": "1.7.0", "summary": "Joomla! -- multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "joomla3" }, "ranges": [ { "events": [ { "introduced": "3.4.4" }, { "fixed": "3.6.4" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://developer.joomla.org/security-centre/659-20161001-core-account-creation.html", "https://developer.joomla.org/security-centre/660-20161002-core-elevated-privileges.html", "https://developer.joomla.org/security-centre/661-20161003-core-account-modifications.html" ], "discovery": "2016-10-25T00:00:00Z", "references": { "cvename": [ "CVE-2016-8869", "CVE-2016-8870", "CVE-2016-9081" ] }, "vid": "a27d234a-c7f2-11e6-ae1b-002590263bf5" }, "details": "The JSST and the Joomla! Security Center report:\n\n> ## \\[20161001\\] - Core - Account Creation\n>\n> Inadequate checks allows for users to register on a site when\n> registration has been disabled.\n\n> ## \\[20161002\\] - Core - Elevated Privilege\n>\n> Incorrect use of unfiltered data allows for users to register on a\n> site with elevated privileges.\n\n> ## \\[20161003\\] - Core - Account Modifications\n>\n> Incorrect use of unfiltered data allows for existing user accounts to\n> be modified; to include resetting their username, password, and user\n> group assignments.\n", "id": "FreeBSD-2016-0482", "modified": "2016-12-22T00:00:00Z", "published": "2016-12-22T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://developer.joomla.org/security-centre/659-20161001-core-account-creation.html" }, { "type": "REPORT", "url": "https://developer.joomla.org/security-centre/660-20161002-core-elevated-privileges.html" }, { "type": "REPORT", "url": "https://developer.joomla.org/security-centre/661-20161003-core-account-modifications.html" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2016-8869" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2016-8870" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2016-9081" }, { "type": "WEB", "url": "https://developer.joomla.org/security-centre/659-20161001-core-account-creation.html" }, { "type": "WEB", "url": "https://developer.joomla.org/security-centre/660-20161002-core-elevated-privileges.html" }, { "type": "WEB", "url": "https://developer.joomla.org/security-centre/661-20161003-core-account-modifications.html" }, { "type": "WEB", "url": "https://www.joomla.org/announcements/release-news/5678-joomla-3-6-4-released.html" } ], "schema_version": "1.7.0", "summary": "Joomla! -- multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "joomla3" }, "ranges": [ { "events": [ { "introduced": "1.6.0" }, { "fixed": "3.6.1" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://developer.joomla.org/security-centre/652-20160801-core-core-acl-violations.html", "https://developer.joomla.org/security-centre/653-20160802-core-xss-vulnerability.html", "https://developer.joomla.org/security-centre/654-20160803-core-csrf.html" ], "discovery": "2016-08-03T00:00:00Z", "vid": "f0806cad-c7f1-11e6-ae1b-002590263bf5" }, "details": "The JSST and the Joomla! Security Center report:\n\n> ## \\[20160801\\] - Core - ACL Violation\n>\n> Inadequate ACL checks in com_content provide potential read access to\n> data which should be access restricted to users with edit_own level.\n\n> ## \\[20160802\\] - Core - XSS Vulnerability\n>\n> Inadequate escaping leads to XSS vulnerability in mail component.\n\n> ## \\[20160803\\] - Core - CSRF\n>\n> Add additional CSRF hardening in com_joomlaupdate.\n", "id": "FreeBSD-2016-0481", "modified": "2016-12-22T00:00:00Z", "published": "2016-12-22T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://developer.joomla.org/security-centre/652-20160801-core-core-acl-violations.html" }, { "type": "REPORT", "url": "https://developer.joomla.org/security-centre/653-20160802-core-xss-vulnerability.html" }, { "type": "REPORT", "url": "https://developer.joomla.org/security-centre/654-20160803-core-csrf.html" }, { "type": "WEB", "url": "https://developer.joomla.org/security-centre/652-20160801-core-core-acl-violations.html" }, { "type": "WEB", "url": "https://developer.joomla.org/security-centre/653-20160802-core-xss-vulnerability.html" }, { "type": "WEB", "url": "https://developer.joomla.org/security-centre/654-20160803-core-csrf.html" }, { "type": "WEB", "url": "https://www.joomla.org/announcements/release-news/5665-joomla-3-6-1-released.html" } ], "schema_version": "1.7.0", "summary": "Joomla! -- multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "joomla3" }, "ranges": [ { "events": [ { "introduced": "1.5.0" }, { "fixed": "3.4.7" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://developer.joomla.org/security-centre/639-20151206-core-session-hardening.html", "https://developer.joomla.org/security-centre/640-20151207-core-sql-injection.html" ], "discovery": "2015-12-21T00:00:00Z", "vid": "c0ef061a-c7f0-11e6-ae1b-002590263bf5" }, "details": "The JSST and the Joomla! Security Center report:\n\n> ## \\[20151206\\] - Core - Session Hardening\n>\n> The Joomla Security Strike team has been following up on the critical\n> security vulnerability patched last week. Since the recent update it\n> has become clear that the root cause is a bug in PHP itself. This was\n> fixed by PHP in September of 2015 with the releases of PHP 5.4.45,\n> 5.5.29, 5.6.13 (Note that this is fixed in all versions of PHP 7 and\n> has been back-ported in some specific Linux LTS versions of PHP 5.3).\n> This fixes the bug across all supported PHP versions.\n\n> ## \\[20151207\\] - Core - SQL Injection\n>\n> Inadequate filtering of request data leads to a SQL Injection\n> vulnerability.\n", "id": "FreeBSD-2016-0480", "modified": "2016-12-22T00:00:00Z", "published": "2016-12-22T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://developer.joomla.org/security-centre/639-20151206-core-session-hardening.html" }, { "type": "REPORT", "url": "https://developer.joomla.org/security-centre/640-20151207-core-sql-injection.html" }, { "type": "WEB", "url": "https://developer.joomla.org/security-centre/639-20151206-core-session-hardening.html" }, { "type": "WEB", "url": "https://developer.joomla.org/security-centre/640-20151207-core-sql-injection.html" }, { "type": "WEB", "url": "https://www.joomla.org/announcements/release-news/5643-joomla-3-4-7.html" } ], "schema_version": "1.7.0", "summary": "Joomla! -- multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "xen-kernel" }, "ranges": [ { "events": [ { "fixed": "4.7.1_3" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://xenbits.xen.org/xsa/advisory-202.html" ], "discovery": "2016-12-21T00:00:00Z", "references": { "cvename": [ "CVE-2016-10024" ] }, "vid": "3ae078ca-c7eb-11e6-ae1b-002590263bf5" }, "details": "The Xen Project reports:\n\n> Certain PV guest kernel operations (page table writes in particular)\n> need emulation, and use Xen\\'s general x86 instruction emulator. This\n> allows a malicious guest kernel which asynchronously modifies its\n> instruction stream to effect the clearing of EFLAGS.IF from the state\n> used to return to guest context.\n>\n> A malicious guest kernel administrator can cause a host hang or crash,\n> resulting in a Denial of Service.\n", "id": "FreeBSD-2016-0479", "modified": "2016-12-22T00:00:00Z", "published": "2016-12-22T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://xenbits.xen.org/xsa/advisory-202.html" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2016-10024" }, { "type": "WEB", "url": "https://xenbits.xen.org/xsa/advisory-202.html" } ], "schema_version": "1.7.0", "summary": "xen-kernel -- x86 PV guests may be able to mask interrupts" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "apache24" }, "ranges": [ { "events": [ { "fixed": "2.4.25" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "http://httpd.apache.org/security/vulnerabilities_24.html" ], "discovery": "2016-12-20T00:00:00Z", "references": { "cvename": [ "CVE-2016-8743", "CVE-2016-2161", "CVE-2016-0736", "CVE-2016-8740", "CVE-2016-5387" ] }, "vid": "862d6ab3-c75e-11e6-9f98-20cf30e32f6d" }, "details": "Apache Software Foundation reports:\n\n> Please reference CVE/URL list for details\n", "id": "FreeBSD-2016-0478", "modified": "2016-12-22T00:00:00Z", "published": "2016-12-21T00:00:00Z", "references": [ { "type": "REPORT", "url": "http://httpd.apache.org/security/vulnerabilities_24.html" }, { "type": "WEB", "url": "http://httpd.apache.org/security/vulnerabilities_24.html" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2016-8743" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2016-2161" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2016-0736" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2016-8740" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2016-5387" } ], "schema_version": "1.7.0", "summary": "Apache httpd -- several vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "xen-kernel" }, "ranges": [ { "events": [ { "fixed": "4.7.1_2" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "http://xenbits.xen.org/xsa/advisory-204.html" ], "discovery": "2016-12-19T00:00:00Z", "references": { "cvename": [ "CVE-2016-10013" ] }, "vid": "942433db-c661-11e6-ae1b-002590263bf5" }, "details": "The Xen Project reports:\n\n> The typical behaviour of singlestepping exceptions is determined at\n> the start of the instruction, with a #DB trap being raised at the end\n> of the instruction. SYSCALL (and SYSRET, although we don\\'t implement\n> it) behave differently because the typical behaviour allows userspace\n> to escalate its privilege. (This difference in behaviour seems to be\n> undocumented.) Xen wrongly raised the exception based on the flags at\n> the start of the instruction.\n>\n> Guest userspace which can invoke the instruction emulator can use this\n> flaw to escalate its privilege to that of the guest kernel.\n", "id": "FreeBSD-2016-0477", "modified": "2016-12-20T00:00:00Z", "published": "2016-12-20T00:00:00Z", "references": [ { "type": "REPORT", "url": "http://xenbits.xen.org/xsa/advisory-204.html" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2016-10013" }, { "type": "WEB", "url": "http://xenbits.xen.org/xsa/advisory-204.html" } ], "schema_version": "1.7.0", "summary": "xen-kernel -- x86: Mishandling of SYSCALL singlestep during emulation" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "atheme-services" }, "ranges": [ { "events": [ { "fixed": "7.2.7" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9773", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4478" ], "discovery": "2016-01-09T00:00:00Z", "references": { "cvename": [ "CVE-2014-9773", "CVE-2016-4478" ], "freebsdpr": [ "ports/209217" ] }, "vid": "e47ab5db-c333-11e6-ae1b-002590263bf5" }, "details": "Mitre reports:\n\n> modules/chanserv/flags.c in Atheme before 7.2.7 allows remote\n> attackers to modify the Anope FLAGS behavior by registering and\n> dropping the (1) LIST, (2) CLEAR, or (3) MODIFY keyword nicks.\n\n> Buffer overflow in the xmlrpc_char_encode function in\n> modules/transport/xmlrpc/xmlrpclib.c in Atheme before 7.2.7 allows\n> remote attackers to cause a denial of service via vectors related to\n> XMLRPC response encoding.\n", "id": "FreeBSD-2016-0476", "modified": "2016-12-16T00:00:00Z", "published": "2016-12-16T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9773" }, { "type": "REPORT", "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4478" }, { "type": "REPORT", "url": "https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=209217" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2014-9773" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2016-4478" }, { "type": "WEB", "url": "https://github.com/atheme/atheme/commit/87580d767868360d2fed503980129504da84b63e" }, { "type": "WEB", "url": "https://github.com/atheme/atheme/commit/c597156adc60a45b5f827793cd420945f47bc03b" } ], "schema_version": "1.7.0", "summary": "atheme-services -- multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "firefox" }, "ranges": [ { "events": [ { "fixed": "50.1.0_1,1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "seamonkey" }, "ranges": [ { "events": [ { "fixed": "2.47" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "linux-seamonkey" }, "ranges": [ { "events": [ { "fixed": "2.47" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "firefox-esr" }, "ranges": [ { "events": [ { "fixed": "45.6.0,1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "linux-firefox" }, "ranges": [ { "events": [ { "fixed": "45.6.0,2" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "libxul" }, "ranges": [ { "events": [ { "fixed": "45.6.0" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "thunderbird" }, "ranges": [ { "events": [ { "fixed": "45.6.0" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "linux-thunderbird" }, "ranges": [ { "events": [ { "fixed": "45.6.0" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://www.mozilla.org/en-US/security/advisories/mfsa2016-94/" ], "discovery": "2016-12-13T00:00:00Z", "references": { "cvename": [ "CVE-2016-9894", "CVE-2016-9899", "CVE-2016-9895", "CVE-2016-9896", "CVE-2016-9897", "CVE-2016-9898", "CVE-2016-9900", "CVE-2016-9904", "CVE-2016-9901", "CVE-2016-9902", "CVE-2016-9903", "CVE-2016-9080", "CVE-2016-9893" ] }, "vid": "512c0ffd-cd39-4da4-b2dc-81ff4ba8e238" }, "details": "Mozilla Foundation reports:\n\n> CVE-2016-9894: Buffer overflow in SkiaGL\n>\n> CVE-2016-9899: Use-after-free while manipulating DOM events and audio\n> elements\n>\n> CVE-2016-9895: CSP bypass using marquee tag\n>\n> CVE-2016-9896: Use-after-free with WebVR\n>\n> CVE-2016-9897: Memory corruption in libGLES\n>\n> CVE-2016-9898: Use-after-free in Editor while manipulating DOM\n> subtrees\n>\n> CVE-2016-9900: Restricted external resources can be loaded by SVG\n> images through data URLs\n>\n> CVE-2016-9904: Cross-origin information leak in shared atoms\n>\n> CVE-2016-9901: Data from Pocket server improperly sanitized before\n> execution\n>\n> CVE-2016-9902: Pocket extension does not validate the origin of events\n>\n> CVE-2016-9903: XSS injection vulnerability in add-ons SDK\n>\n> CVE-2016-9080: Memory safety bugs fixed in Firefox 50.1\n>\n> CVE-2016-9893: Memory safety bugs fixed in Firefox 50.1 and Firefox\n> ESR 45.6\n", "id": "FreeBSD-2016-0475", "modified": "2016-12-14T00:00:00Z", "published": "2016-12-14T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2016-94/" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2016-9894" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2016-9899" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2016-9895" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2016-9896" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2016-9897" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2016-9898" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2016-9900" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2016-9904" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2016-9901" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2016-9902" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2016-9903" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2016-9080" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2016-9893" }, { "type": "WEB", "url": "https://www.mozilla.org/security/advisories/mfsa2016-94/" }, { "type": "WEB", "url": "https://www.mozilla.org/security/advisories/mfsa2016-95/" } ], "schema_version": "1.7.0", "summary": "mozilla -- multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "wordpress" }, "ranges": [ { "events": [ { "fixed": "4.6.1,1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "de-wordpress" }, "ranges": [ { "events": [ { "fixed": "4.6.1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "ja-wordpress" }, "ranges": [ { "events": [ { "fixed": "4.6.1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "ru-wordpress" }, "ranges": [ { "events": [ { "fixed": "4.6.1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "zh-wordpress-zh_CN" }, "ranges": [ { "events": [ { "fixed": "4.6.1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "zh-wordpress-zh_TW" }, "ranges": [ { "events": [ { "fixed": "4.6.1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://wordpress.org/news/2016/09/wordpress-4-6-1-security-and-maintenance-release/" ], "discovery": "2016-09-07T00:00:00Z", "vid": "54e50cd9-c1a8-11e6-ae1b-002590263bf5" }, "details": "Jeremy Felt reports:\n\n> WordPress versions 4.6 and earlier are affected by two security\n> issues: a cross-site scripting vulnerability via image filename,\n> reported by SumOfPwn researcher Cengiz Han Sahin; and a path traversal\n> vulnerability in the upgrade package uploader, reported by Dominik\n> Schilling from the WordPress security team.\n", "id": "FreeBSD-2016-0474", "modified": "2016-12-14T00:00:00Z", "published": "2016-12-14T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://wordpress.org/news/2016/09/wordpress-4-6-1-security-and-maintenance-release/" }, { "type": "WEB", "url": "https://wordpress.org/news/2016/09/wordpress-4-6-1-security-and-maintenance-release/" } ], "schema_version": "1.7.0", "summary": "wordpress -- multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "xen-kernel" }, "ranges": [ { "events": [ { "fixed": "4.7.1_1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "http://xenbits.xen.org/xsa/advisory-200.html" ], "discovery": "2016-12-13T00:00:00Z", "references": { "cvename": [ "CVE-2016-9932" ] }, "vid": "80a897a2-c1a6-11e6-ae1b-002590263bf5" }, "details": "The Xen Project reports:\n\n> The x86 instruction CMPXCHG8B is supposed to ignore legacy operand\n> size overrides; it only honors the REX.W override (making it\n> CMPXCHG16B). So, the operand size is always 8 or 16. When support for\n> CMPXCHG16B emulation was added to the instruction emulator, this\n> restriction on the set of possible operand sizes was relied on in some\n> parts of the emulation; but a wrong, fully general, operand size value\n> was used for other parts of the emulation. As a result, if a guest\n> uses a supposedly-ignored operand size prefix, a small amount of\n> hypervisor stack data is leaked to the guests: a 96 bit leak to guests\n> running in 64-bit mode; or, a 32 bit leak to other guests.\n>\n> A malicious unprivileged guest may be able to obtain sensitive\n> information from the host.\n", "id": "FreeBSD-2016-0473", "modified": "2016-12-14T00:00:00Z", "published": "2016-12-14T00:00:00Z", "references": [ { "type": "REPORT", "url": "http://xenbits.xen.org/xsa/advisory-200.html" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2016-9932" }, { "type": "WEB", "url": "http://xenbits.xen.org/xsa/advisory-200.html" } ], "schema_version": "1.7.0", "summary": "xen-kernel -- x86 CMPXCHG8B emulation fails to ignore operand size override" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "php56" }, "ranges": [ { "events": [ { "fixed": "5.6.29" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "php70" }, "ranges": [ { "events": [ { "fixed": "7.0.14" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "http://php.net/archive/2016.php#id2016-12-08-1" ], "discovery": "2016-12-12T00:00:00Z", "vid": "2d56308b-c0a8-11e6-a9a5-b499baebfeaf" }, "details": "The PHP project reports:\n\n> This is a security release. Several security bugs were fixed in this\n> release.\n", "id": "FreeBSD-2016-0472", "modified": "2016-12-12T00:00:00Z", "published": "2016-12-12T00:00:00Z", "references": [ { "type": "REPORT", "url": "http://php.net/archive/2016.php#id2016-12-08-1" }, { "type": "WEB", "url": "http://php.net/archive/2016.php#id2016-12-08-1" }, { "type": "WEB", "url": "http://php.net/archive/2016.php#id2016-12-08-2" } ], "schema_version": "1.7.0", "summary": "PHP -- Multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "asterisk11" }, "ranges": [ { "events": [ { "fixed": "11.25.1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "asterisk13" }, "ranges": [ { "events": [ { "fixed": "13.13.1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "http://www.asterisk.org/downloads/security-advisories" ], "discovery": "2016-11-28T00:00:00Z", "vid": "c0b13887-be44-11e6-b04f-001999f8d30b" }, "details": "The Asterisk project reports:\n\n> The chan_sip channel driver has a liberal definition for whitespace\n> when attempting to strip the content between a SIP header name and a\n> colon character. Rather than following RFC 3261 and stripping only\n> spaces and horizontal tabs, Asterisk treats any non-printable ASCII\n> character as if it were whitespace.\n>\n> This mostly does not pose a problem until Asterisk is placed in tandem\n> with an authenticating SIP proxy. In such a case, a crafty combination\n> of valid and invalid To headers can cause a proxy to allow an INVITE\n> request into Asterisk without authentication since it believes the\n> request is an in-dialog request. However, because of the bug described\n> above, the request will look like an out-of-dialog request to\n> Asterisk. Asterisk will then process the request as a new call. The\n> result is that Asterisk can process calls from unvetted sources\n> without any authentication.\n>\n> If you do not use a proxy for authentication, then this issue does not\n> affect you.\n>\n> If your proxy is dialog-aware (meaning that the proxy keeps track of\n> what dialogs are currently valid), then this issue does not affect\n> you.\n>\n> If you use chan_pjsip instead of chan_sip, then this issue does not\n> affect you.\n", "id": "FreeBSD-2016-0471", "modified": "2016-12-09T00:00:00Z", "published": "2016-12-09T00:00:00Z", "references": [ { "type": "REPORT", "url": "http://www.asterisk.org/downloads/security-advisories" }, { "type": "WEB", "url": "http://downloads.digium.com/pub/security/ASTERISK-2016-009.html" } ], "schema_version": "1.7.0", "summary": "asterisk -- Authentication Bypass" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "asterisk13" }, "ranges": [ { "events": [ { "introduced": "13.12.0" }, { "fixed": "13.13.1" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "http://www.asterisk.org/downloads/security-advisories" ], "discovery": "2016-11-11T00:00:00Z", "vid": "9e6640fe-be3a-11e6-b04f-001999f8d30b" }, "details": "The Asterisk project reports:\n\n> If an SDP offer or answer is received with the Opus codec and with the\n> format parameters separated using a space the code responsible for\n> parsing will recursively call itself until it crashes. This occurs as\n> the code does not properly handle spaces separating the parameters.\n> This does NOT require the endpoint to have Opus configured in\n> Asterisk. This also does not require the endpoint to be authenticated.\n> If guest is enabled for chan_sip or anonymous in chan_pjsip an SDP\n> offer or answer is still processed and the crash occurs.\n", "id": "FreeBSD-2016-0470", "modified": "2016-12-09T00:00:00Z", "published": "2016-12-09T00:00:00Z", "references": [ { "type": "REPORT", "url": "http://www.asterisk.org/downloads/security-advisories" }, { "type": "WEB", "url": "http://downloads.asterisk.org/pub/security/AST-2016-008.html" } ], "schema_version": "1.7.0", "summary": "asterisk -- Crash on SDP offer or answer from endpoint using Opus" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "cryptopp" }, "ranges": [ { "events": [ { "fixed": "5.6.5" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://eprint.iacr.org/2015/368", "https://github.com/weidai11/cryptopp/issues/146", "https://github.com/weidai11/cryptopp/issues/277" ], "discovery": "2015-02-27T00:00:00Z", "references": { "cvename": [ "CVE-2015-2141", "CVE-2016-3995", "CVE-2016-7420" ] }, "vid": "eab68cff-bc0c-11e6-b2ca-001b3856973b" }, "details": "Multiple sources report:\n\n> CVE-2015-2141: The InvertibleRWFunction::CalculateInverse function in\n> rw.cpp in libcrypt++ 5.6.2 does not properly blind private key\n> operations for the Rabin-Williams digital signature algorithm, which\n> allows remote attackers to obtain private keys via a timing attack.\n> Fixed in 5.6.3.\n\n> CVE-2016-3995: Incorrect implementation of Rijndael timing attack\n> countermeasure. Fixed in 5.6.4.\n\n> CVE-2016-7420: Library built without -DNDEBUG could egress sensitive\n> information to the filesystem via a core dump if an assert was\n> triggered. Fixed in 5.6.5.\n", "id": "FreeBSD-2016-0469", "modified": "2016-12-06T00:00:00Z", "published": "2016-12-06T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://eprint.iacr.org/2015/368" }, { "type": "REPORT", "url": "https://github.com/weidai11/cryptopp/issues/146" }, { "type": "REPORT", "url": "https://github.com/weidai11/cryptopp/issues/277" }, { "type": "WEB", "url": "https://eprint.iacr.org/2015/368" }, { "type": "WEB", "url": "https://github.com/weidai11/cryptopp/issues/146" }, { "type": "WEB", "url": "https://github.com/weidai11/cryptopp/issues/277" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2015-2141" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2016-3995" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2016-7420" } ], "schema_version": "1.7.0", "summary": "cryptopp -- multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "FreeBSD" }, "ranges": [ { "events": [ { "introduced": "11.0" }, { "fixed": "11.0_4" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "10.3" }, { "fixed": "10.3_13" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "10.2" }, { "fixed": "10.2_26" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "10.1" }, { "fixed": "10.1_43" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "discovery": "2016-12-06T00:00:00Z", "references": { "cvename": [ "CVE-2016-1889" ], "freebsdsa": [ "SA-16:38.bhyve" ] }, "vid": "e722e3c6-bbee-11e6-b1cf-14dae9d210b8" }, "details": "# Problem Description:\n\nThe bounds checking of accesses to guest memory greater than 4GB by\ndevice emulations is subject to integer overflow.\n\n# Impact:\n\nFor a bhyve virtual machine with more than 3GB of guest memory\nconfigured, a malicious guest could craft device descriptors that could\ngive it access to the heap of the bhyve process. Since the bhyve process\nis running as root, this may allow guests to obtain full control of the\nhosts they\\'re running on.\n", "id": "FreeBSD-2016-0468", "modified": "2016-12-06T00:00:00Z", "published": "2016-12-06T00:00:00Z", "references": [ { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2016-1889" }, { "type": "ADVISORY", "url": "https://www.freebsd.org/security/advisories/FreeBSD-SA-16:38.bhyve.asc" } ], "schema_version": "1.7.0", "summary": "FreeBSD -- bhyve(8) virtual machine escape" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "FreeBSD" }, "ranges": [ { "events": [ { "introduced": "11.0" }, { "fixed": "11.0_5" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "10.3" }, { "fixed": "10.3_14" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "10.2" }, { "fixed": "10.2_27" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "10.1" }, { "fixed": "10.1_44" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "9.3" }, { "fixed": "9.3_52" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "discovery": "2016-12-06T00:00:00Z", "references": { "cvename": [ "CVE-2016-6559" ], "freebsdsa": [ "SA-16:37.libc" ] }, "vid": "0282269d-bbee-11e6-b1cf-14dae9d210b8" }, "details": "# Problem Description:\n\nA specially crafted argument can trigger a static buffer overflow in the\nlibrary, with possibility to rewrite following static buffers that\nbelong to other library functions.\n\n# Impact:\n\nDue to very limited use of the function in the existing applications,\nand limited length of the overflow, exploitation of the vulnerability\ndoes not seem feasible. None of the utilities and daemons in the base\nsystem are known to be vulnerable. However, careful review of third\nparty software that may use the function was not performed.\n", "id": "FreeBSD-2016-0467", "modified": "2016-12-08T00:00:00Z", "published": "2016-12-06T00:00:00Z", "references": [ { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2016-6559" }, { "type": "ADVISORY", "url": "https://www.freebsd.org/security/advisories/FreeBSD-SA-16:37.libc.asc" } ], "schema_version": "1.7.0", "summary": "FreeBSD -- link_ntoa(3) buffer overflow" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "FreeBSD" }, "ranges": [ { "events": [ { "introduced": "11.0" }, { "fixed": "11.0_4" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "10.3" }, { "fixed": "10.3_13" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "10.2" }, { "fixed": "10.2_26" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "10.1" }, { "fixed": "10.1_43" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "9.3" }, { "fixed": "9.3_51" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "discovery": "2016-12-06T00:00:00Z", "references": { "cvename": [ "CVE-2016-1888" ], "freebsdsa": [ "SA-16:36.telnetd" ] }, "vid": "e00304d2-bbed-11e6-b1cf-14dae9d210b8" }, "details": "# Problem Description:\n\nAn unexpected sequence of memory allocation failures combined with\ninsufficient error checking could result in the construction and\nexecution of an argument sequence that was not intended.\n\n# Impact:\n\nAn attacker who controls the sequence of memory allocation failures and\nsuccess may cause login(1) to run without authentication and may be able\nto cause misbehavior of login(1) replacements.\n\nNo practical way of controlling these memory allocation failures is\nknown at this time.\n", "id": "FreeBSD-2016-0466", "modified": "2016-12-06T00:00:00Z", "published": "2016-12-06T00:00:00Z", "references": [ { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2016-1888" }, { "type": "ADVISORY", "url": "https://www.freebsd.org/security/advisories/FreeBSD-SA-16:36.telnetd.asc" } ], "schema_version": "1.7.0", "summary": "FreeBSD -- Possible login(1) argument injection in telnetd(8)" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "apache24" }, "ranges": [ { "events": [ { "introduced": "2.4.17" }, { "last_affected": "2.4.23_1" }, { "fixed": "2.4.23_1" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "mod_http2-devel" }, "ranges": [ { "events": [ { "fixed": "1.8.3" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "http://mail-archives.apache.org/mod_mbox/httpd-announce/201612.mbox/%3C1A097A43-7CCB-4BA1-861F-E0C7EEE83A4B%40apache.org%3E" ], "discovery": "2016-12-06T00:00:00Z", "references": { "cvename": [ "CVE-2016-8740" ] }, "vid": "cb0bf1ec-bb92-11e6-a9a5-b499baebfeaf" }, "details": "mod_http2 reports:\n\n> The Apache HTTPD web server (from 2.4.17-2.4.23) did not apply\n> limitations on request headers correctly when experimental module for\n> the HTTP/2 protocol is used to access a resource.\n>\n> The net result is that a the server allocates too much memory instead\n> of denying the request. This can lead to memory exhaustion of the\n> server by a properly crafted request.\n", "id": "FreeBSD-2016-0465", "modified": "2016-12-06T00:00:00Z", "published": "2016-12-06T00:00:00Z", "references": [ { "type": "REPORT", "url": "http://mail-archives.apache.org/mod_mbox/httpd-announce/201612.mbox/%3C1A097A43-7CCB-4BA1-861F-E0C7EEE83A4B%40apache.org%3E" }, { "type": "WEB", "url": "http://mail-archives.apache.org/mod_mbox/httpd-announce/201612.mbox/%3C1A097A43-7CCB-4BA1-861F-E0C7EEE83A4B%40apache.org%3E" }, { "type": "WEB", "url": "https://github.com/icing/mod_h2/releases/tag/v1.8.3" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2016-8740" } ], "schema_version": "1.7.0", "summary": "Apache httpd -- denial of service in HTTP/2" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "chromium" }, "ranges": [ { "events": [ { "fixed": "55.0.2883.75" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "chromium-npapi" }, "ranges": [ { "events": [ { "fixed": "55.0.2883.75" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "chromium-pulse" }, "ranges": [ { "events": [ { "fixed": "55.0.2883.75" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://googlechromereleases.blogspot.nl/2016/12/stable-channel-update-for-desktop.html" ], "discovery": "2016-12-01T00:00:00Z", "references": { "cvename": [ "CVE-2016-9651", "CVE-2016-5208", "CVE-2016-5207", "CVE-2016-5206", "CVE-2016-5205", "CVE-2016-5204", "CVE-2016-5209", "CVE-2016-5203", "CVE-2016-5210", "CVE-2016-5212", "CVE-2016-5211", "CVE-2016-5213", "CVE-2016-5214", "CVE-2016-5216", "CVE-2016-5215", "CVE-2016-5217", "CVE-2016-5218", "CVE-2016-5219", "CVE-2016-5221", "CVE-2016-5220", "CVE-2016-5222", "CVE-2016-9650", "CVE-2016-5223", "CVE-2016-5226", "CVE-2016-5225", "CVE-2016-5224", "CVE-2016-9652" ] }, "vid": "603fe0a1-bb26-11e6-8e5a-3065ec8fd3ec" }, "details": "Google Chrome Releases reports:\n\n> 36 security fixes in this release\n>\n> Please reference CVE/URL list for details\n", "id": "FreeBSD-2016-0464", "modified": "2016-12-05T00:00:00Z", "published": "2016-12-05T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://googlechromereleases.blogspot.nl/2016/12/stable-channel-update-for-desktop.html" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2016-9651" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2016-5208" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2016-5207" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2016-5206" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2016-5205" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2016-5204" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2016-5209" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2016-5203" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2016-5210" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2016-5212" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2016-5211" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2016-5213" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2016-5214" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2016-5216" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2016-5215" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2016-5217" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2016-5218" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2016-5219" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2016-5221" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2016-5220" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2016-5222" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2016-9650" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2016-5223" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2016-5226" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2016-5225" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2016-5224" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2016-9652" }, { "type": "WEB", "url": "https://googlechromereleases.blogspot.nl/2016/12/stable-channel-update-for-desktop.html" } ], "schema_version": "1.7.0", "summary": "chromium -- multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "ImageMagick7" }, "ranges": [ { "events": [ { "fixed": "7.0.3.6" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "ImageMagick7-nox11" }, "ranges": [ { "events": [ { "fixed": "7.0.3.6" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://github.com/ImageMagick/ImageMagick/issues/296", "https://blogs.gentoo.org/ago/2016/10/20/imagemagick-memory-allocation-failure-in-acquiremagickmemory-memory-c-incomplete-fix-for-cve-2016-8862/", "https://blogs.gentoo.org/ago/2016/10/17/imagemagick-memory-allocation-failure-in-acquiremagickmemory-memory-c/" ], "discovery": "2016-09-14T00:00:00Z", "references": { "cvename": [ "CVE-2016-9298", "CVE-2016-8866", "CVE-2016-8862" ], "freebsdpr": [ "ports/214514" ] }, "vid": "e1f67063-aab4-11e6-b2d3-60a44ce6887b" }, "details": "Multiple sources report:\n\n> CVE-2016-9298: heap overflow in WaveletDenoiseImage(), fixed in\n> ImageMagick7-7.0.3.6, discovered 2016-10-31\n\n> CVE-2016-8866: memory allocation failure in AcquireMagickMemory\n> (incomplete previous fix for CVE-2016-8862), not fixed yet with the\n> release of this announcement, re-discovered 2016-10-13.\n\n> CVE-2016-8862: memory allocation failure in AcquireMagickMemory,\n> initially partially fixed in ImageMagick7-7.0.3.3, discovered\n> 2016-09-14.\n", "id": "FreeBSD-2016-0463", "modified": "2016-12-04T00:00:00Z", "published": "2016-12-04T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://github.com/ImageMagick/ImageMagick/issues/296" }, { "type": "REPORT", "url": "https://blogs.gentoo.org/ago/2016/10/20/imagemagick-memory-allocation-failure-in-acquiremagickmemory-memory-c-incomplete-fix-for-cve-2016-8862/" }, { "type": "REPORT", "url": "https://blogs.gentoo.org/ago/2016/10/17/imagemagick-memory-allocation-failure-in-acquiremagickmemory-memory-c/" }, { "type": "WEB", "url": "https://github.com/ImageMagick/ImageMagick/issues/296" }, { "type": "WEB", "url": "https://blogs.gentoo.org/ago/2016/10/20/imagemagick-memory-allocation-failure-in-acquiremagickmemory-memory-c-incomplete-fix-for-cve-2016-8862/" }, { "type": "WEB", "url": "https://blogs.gentoo.org/ago/2016/10/17/imagemagick-memory-allocation-failure-in-acquiremagickmemory-memory-c/" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2016-9298" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2016-8866" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2016-8862" }, { "type": "REPORT", "url": "https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=214514" } ], "schema_version": "1.7.0", "summary": "ImageMagick7 -- multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "py27-pillow" }, "ranges": [ { "events": [ { "fixed": "3.3.2" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "py33-pillow" }, "ranges": [ { "events": [ { "fixed": "3.3.2" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "py34-pillow" }, "ranges": [ { "events": [ { "fixed": "3.3.2" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "py35-pillow" }, "ranges": [ { "events": [ { "fixed": "3.3.2" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "http://pillow.readthedocs.io/en/3.4.x/releasenotes/3.3.2.html" ], "discovery": "2016-09-06T00:00:00Z", "references": { "cvename": [ "CVE-2016-9189", "CVE-2016-9190" ], "freebsdpr": [ "ports/214410" ] }, "vid": "bc4898d5-a794-11e6-b2d3-60a44ce6887b" }, "details": "Pillow reports:\n\n> Pillow prior to 3.3.2 may experience integer overflow errors in map.c\n> when reading specially crafted image files. This may lead to memory\n> disclosure or corruption.\n>\n> Pillow prior to 3.3.2 and PIL 1.1.7 (at least) do not check for\n> negative image sizes in ImagingNew in Storage.c. A negative image size\n> can lead to a smaller allocation than expected, leading to arbi trary\n> writes.\n", "id": "FreeBSD-2016-0462", "modified": "2016-12-04T00:00:00Z", "published": "2016-12-04T00:00:00Z", "references": [ { "type": "REPORT", "url": "http://pillow.readthedocs.io/en/3.4.x/releasenotes/3.3.2.html" }, { "type": "WEB", "url": "http://pillow.readthedocs.io/en/3.4.x/releasenotes/3.3.2.html" }, { "type": "WEB", "url": "https://github.com/python-pillow/Pillow/issues/2105" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2016-9189" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2016-9190" }, { "type": "REPORT", "url": "https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=214410" } ], "schema_version": "1.7.0", "summary": "Pillow -- multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "ImageMagick" }, "ranges": [ { "events": [ { "fixed": "6.9.6.4,1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "ImageMagick-nox11" }, "ranges": [ { "events": [ { "fixed": "6.9.6.4,1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "ImageMagick7" }, "ranges": [ { "events": [ { "fixed": "7.0.3.7" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "ImageMagick7-nox11" }, "ranges": [ { "events": [ { "fixed": "7.0.3.7" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "http://seclists.org/oss-sec/2016/q4/413" ], "discovery": "2016-11-13T00:00:00Z", "references": { "cvename": [ "CVE-2016-9298" ], "freebsdpr": [ "ports/214517", "ports/214511", "ports/214520" ] }, "vid": "19d35b0f-ba73-11e6-b1cf-14dae9d210b8" }, "details": "Bastien Roucaries reports:\n\n> Imagemagick before 3cbfb163cff9e5b8cdeace8312e9bfee810ed02b suffer\n> from a heap overflow in WaveletDenoiseImage(). This problem is easily\n> trigerrable from a Perl script.\n", "id": "FreeBSD-2016-0461", "modified": "2016-12-04T00:00:00Z", "published": "2016-12-04T00:00:00Z", "references": [ { "type": "REPORT", "url": "http://seclists.org/oss-sec/2016/q4/413" }, { "type": "WEB", "url": "http://seclists.org/oss-sec/2016/q4/413" }, { "type": "WEB", "url": "https://github.com/ImageMagick/ImageMagick/issues/296" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2016-9298" }, { "type": "REPORT", "url": "https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=214517" }, { "type": "REPORT", "url": "https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=214511" }, { "type": "REPORT", "url": "https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=214520" } ], "schema_version": "1.7.0", "summary": "ImageMagick -- heap overflow vulnerability" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "py27-cryptography" }, "ranges": [ { "events": [ { "fixed": "1.5.3" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "py33-cryptography" }, "ranges": [ { "events": [ { "fixed": "1.5.3" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "py34-cryptography" }, "ranges": [ { "events": [ { "fixed": "1.5.3" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "py35-cryptography" }, "ranges": [ { "events": [ { "fixed": "1.5.3" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://github.com/pyca/cryptography/commit/b94cacf2ae6e75e4007a79709bbf5360435b512d" ], "discovery": "2016-11-05T00:00:00Z", "references": { "cvename": [ "CVE-2016-9243" ], "freebsdpr": [ "ports/214915" ] }, "vid": "e5dcb942-ba6f-11e6-b1cf-14dae9d210b8" }, "details": "Alex Gaynor reports:\n\n> Fixed a bug where \\`\\`HKDF\\`\\` would return an empty byte-string if\n> used with a \\`\\`length\\`\\` less than \\`\\`algorithm.digest_size\\`\\`.\n", "id": "FreeBSD-2016-0460", "modified": "2016-12-06T00:00:00Z", "published": "2016-12-04T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://github.com/pyca/cryptography/commit/b94cacf2ae6e75e4007a79709bbf5360435b512d" }, { "type": "WEB", "url": "https://github.com/pyca/cryptography/commit/b94cacf2ae6e75e4007a79709bbf5360435b512d" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2016-9243" }, { "type": "REPORT", "url": "https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=214915" } ], "schema_version": "1.7.0", "summary": "py-cryptography -- vulnerable HKDF key generation" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "qemu" }, "ranges": [ { "events": [ { "fixed": "2.3.0" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "qemu-devel" }, "ranges": [ { "events": [ { "fixed": "2.3.0" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "qemu-sbruno" }, "ranges": [ { "events": [ { "fixed": "2.3.0" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://lists.gnu.org/archive/html/qemu-devel/2015-03/msg04895.html" ], "discovery": "2015-03-23T00:00:00Z", "references": { "cvename": [ "CVE-2015-1779" ], "freebsdpr": [ "ports/206725" ] }, "vid": "a228c7a0-ba66-11e6-b1cf-14dae9d210b8" }, "details": "Daniel P. Berrange reports:\n\n> The VNC server websockets decoder will read and buffer data from\n> websockets clients until it sees the end of the HTTP headers, as\n> indicated by \\\\r\\\\n\\\\r\\\\n. In theory this allows a malicious to trick\n> QEMU into consuming an arbitrary amount of RAM.\n", "id": "FreeBSD-2016-0459", "modified": "2016-12-06T00:00:00Z", "published": "2016-12-04T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://lists.gnu.org/archive/html/qemu-devel/2015-03/msg04895.html" }, { "type": "WEB", "url": "https://lists.gnu.org/archive/html/qemu-devel/2015-03/msg04895.html" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2015-1779" }, { "type": "REPORT", "url": "https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=206725" } ], "schema_version": "1.7.0", "summary": "qemu -- denial of service vulnerability" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "xen-tools" }, "ranges": [ { "events": [ { "fixed": "4.7.1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://xenbits.xen.org/xsa/advisory-198.html" ], "discovery": "2016-11-22T00:00:00Z", "references": { "cvename": [ "CVE-2016-9379", "CVE-2016-9380" ], "freebsdpr": [ "ports/214936" ] }, "vid": "59f79c99-ba4d-11e6-ae1b-002590263bf5" }, "details": "The Xen Project reports:\n\n> pygrub, the boot loader emulator, fails to quote (or sanity check) its\n> results when reporting them to its caller.\n>\n> A malicious guest administrator can obtain the contents of sensitive\n> host files (an information leak). Additionally, a malicious guest\n> administrator can cause files on the host to be removed, causing a\n> denial of service. In some unusual host configurations, ability to\n> remove certain files may be usable for privilege escalation.\n", "id": "FreeBSD-2016-0458", "modified": "2016-12-04T00:00:00Z", "published": "2016-12-04T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://xenbits.xen.org/xsa/advisory-198.html" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2016-9379" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2016-9380" }, { "type": "REPORT", "url": "https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=214936" }, { "type": "WEB", "url": "https://xenbits.xen.org/xsa/advisory-198.html" } ], "schema_version": "1.7.0", "summary": "xen-tools -- delimiter injection vulnerabilities in pygrub" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "xen-tools" }, "ranges": [ { "events": [ { "fixed": "4.7.1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://xenbits.xen.org/xsa/advisory-197.html" ], "discovery": "2016-11-22T00:00:00Z", "references": { "cvename": [ "CVE-2016-9381" ], "freebsdpr": [ "ports/214936" ] }, "vid": "58685e23-ba4d-11e6-ae1b-002590263bf5" }, "details": "The Xen Project reports:\n\n> The compiler can emit optimizations in qemu which can lead to double\n> fetch vulnerabilities. Specifically data on the rings shared between\n> qemu and the hypervisor (which the guest under control can obtain\n> mappings of) can be fetched twice (during which time the guest can\n> alter the contents) possibly leading to arbitrary code execution in\n> qemu.\n>\n> Malicious administrators can exploit this vulnerability to take over\n> the qemu process, elevating its privilege to that of the qemu process.\n>\n> In a system not using a device model stub domain (or other techniques\n> for deprivileging qemu), malicious guest administrators can thus\n> elevate their privilege to that of the host.\n", "id": "FreeBSD-2016-0457", "modified": "2016-12-04T00:00:00Z", "published": "2016-12-04T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://xenbits.xen.org/xsa/advisory-197.html" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2016-9381" }, { "type": "REPORT", "url": "https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=214936" }, { "type": "WEB", "url": "https://xenbits.xen.org/xsa/advisory-197.html" } ], "schema_version": "1.7.0", "summary": "xen-tools -- qemu incautious about shared ring processing" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "xen-kernel" }, "ranges": [ { "events": [ { "fixed": "4.7.1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://xenbits.xen.org/xsa/advisory-195.html" ], "discovery": "2016-11-22T00:00:00Z", "references": { "cvename": [ "CVE-2016-9383" ], "freebsdpr": [ "ports/214936" ] }, "vid": "56f0f11e-ba4d-11e6-ae1b-002590263bf5" }, "details": "The Xen Project reports:\n\n> The x86 instructions BT, BTC, BTR, and BTS, when used with a\n> destination memory operand and a source register rather than an\n> immediate operand, access a memory location offset from that specified\n> by the memory operand as specified by the high bits of the register\n> source.\n>\n> A malicious guest can modify arbitrary memory, allowing for arbitrary\n> code execution (and therefore privilege escalation affecting the whole\n> host), a crash of the host (leading to a DoS), or information leaks.\n> The vulnerability is sometimes exploitable by unprivileged guest user\n> processes.\n", "id": "FreeBSD-2016-0456", "modified": "2016-12-04T00:00:00Z", "published": "2016-12-04T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://xenbits.xen.org/xsa/advisory-195.html" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2016-9383" }, { "type": "REPORT", "url": "https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=214936" }, { "type": "WEB", "url": "https://xenbits.xen.org/xsa/advisory-195.html" } ], "schema_version": "1.7.0", "summary": "xen-kernel -- x86 64-bit bit test instruction emulation broken" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "xen-kernel" }, "ranges": [ { "events": [ { "introduced": "4.7" }, { "fixed": "4.7.1" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://xenbits.xen.org/xsa/advisory-194.html" ], "discovery": "2016-11-22T00:00:00Z", "references": { "cvename": [ "CVE-2016-9384" ], "freebsdpr": [ "ports/214936" ] }, "vid": "5555120d-ba4d-11e6-ae1b-002590263bf5" }, "details": "The Xen Project reports:\n\n> Along with their main kernel binary, unprivileged guests may arrange\n> to have their Xen environment load (kernel) symbol tables for their\n> use. The ELF image metadata created for this purpose has a few unused\n> bytes when the symbol table binary is in 32-bit ELF format. These\n> unused bytes were not properly cleared during symbol table loading.\n>\n> A malicious unprivileged guest may be able to obtain sensitive\n> information from the host.\n>\n> The information leak is small and not under the control of the guest,\n> so effectively exploiting this vulnerability is probably difficult.\n", "id": "FreeBSD-2016-0455", "modified": "2016-12-04T00:00:00Z", "published": "2016-12-04T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://xenbits.xen.org/xsa/advisory-194.html" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2016-9384" }, { "type": "REPORT", "url": "https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=214936" }, { "type": "WEB", "url": "https://xenbits.xen.org/xsa/advisory-194.html" } ], "schema_version": "1.7.0", "summary": "xen-kernel -- guest 32-bit ELF symbol table load leaking host data" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "xen-kernel" }, "ranges": [ { "events": [ { "introduced": "4.4" }, { "fixed": "4.7.1" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://xenbits.xen.org/xsa/advisory-193.html" ], "discovery": "2016-11-22T00:00:00Z", "references": { "cvename": [ "CVE-2016-9385" ], "freebsdpr": [ "ports/214936" ] }, "vid": "53dbd096-ba4d-11e6-ae1b-002590263bf5" }, "details": "The Xen Project reports:\n\n> Both writes to the FS and GS register base MSRs as well as the\n> WRFSBASE and WRGSBASE instructions require their input values to be\n> canonical, or a #GP fault will be raised. When the use of those\n> instructions by the hypervisor was enabled, the previous guard against\n> #GP faults (having recovery code attached) was accidentally removed.\n>\n> A malicious guest administrator can crash the host, leading to a DoS.\n", "id": "FreeBSD-2016-0454", "modified": "2016-12-04T00:00:00Z", "published": "2016-12-04T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://xenbits.xen.org/xsa/advisory-193.html" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2016-9385" }, { "type": "REPORT", "url": "https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=214936" }, { "type": "WEB", "url": "https://xenbits.xen.org/xsa/advisory-193.html" } ], "schema_version": "1.7.0", "summary": "xen-kernel -- x86 segment base write emulation lacking canonical address checks" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "xen-kernel" }, "ranges": [ { "events": [ { "fixed": "4.7.1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://xenbits.xen.org/xsa/advisory-192.html" ], "discovery": "2016-11-22T00:00:00Z", "references": { "cvename": [ "CVE-2016-9382" ], "freebsdpr": [ "ports/214936" ] }, "vid": "523bb0b7-ba4d-11e6-ae1b-002590263bf5" }, "details": "The Xen Project reports:\n\n> LDTR, just like TR, is purely a protected mode facility. Hence even\n> when switching to a VM86 mode task, LDTR loading needs to follow\n> protected mode semantics. This was violated by the code.\n>\n> On SVM (AMD hardware): a malicious unprivileged guest process can\n> escalate its privilege to that of the guest operating system.\n>\n> On both SVM and VMX (Intel hardware): a malicious unprivileged guest\n> process can crash the guest.\n", "id": "FreeBSD-2016-0453", "modified": "2016-12-04T00:00:00Z", "published": "2016-12-04T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://xenbits.xen.org/xsa/advisory-192.html" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2016-9382" }, { "type": "REPORT", "url": "https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=214936" }, { "type": "WEB", "url": "https://xenbits.xen.org/xsa/advisory-192.html" } ], "schema_version": "1.7.0", "summary": "xen-kernel -- x86 task switch to VM86 mode mis-handled" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "xen-kernel" }, "ranges": [ { "events": [ { "fixed": "4.7.1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://xenbits.xen.org/xsa/advisory-191.html" ], "discovery": "2016-11-22T00:00:00Z", "references": { "cvename": [ "CVE-2016-9386" ], "freebsdpr": [ "ports/214936" ] }, "vid": "50ac2e96-ba4d-11e6-ae1b-002590263bf5" }, "details": "The Xen Project reports:\n\n> The Xen x86 emulator erroneously failed to consider the unusability of\n> segments when performing memory accesses.\n>\n> The intended behaviour is as follows: The user data segment (%ds, %es,\n> %fs and %gs) selectors may be NULL in 32-bit to prevent access. In\n> 64-bit, NULL has a special meaning for user segments, and there is no\n> way of preventing access. However, in both 32-bit and 64-bit, a NULL\n> LDT system segment is intended to prevent access.\n>\n> On Intel hardware, loading a NULL selector zeros the base as well as\n> most attributes, but sets the limit field to its largest possible\n> value. On AMD hardware, loading a NULL selector zeros the attributes,\n> leaving the stale base and limit intact.\n>\n> Xen may erroneously permit the access using unexpected base/limit\n> values.\n>\n> Ability to exploit this vulnerability on Intel is easy, but on AMD\n> depends in a complicated way on how the guest kernel manages LDTs.\n>\n> An unprivileged guest user program may be able to elevate its\n> privilege to that of the guest operating system.\n", "id": "FreeBSD-2016-0452", "modified": "2016-12-04T00:00:00Z", "published": "2016-12-04T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://xenbits.xen.org/xsa/advisory-191.html" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2016-9386" }, { "type": "REPORT", "url": "https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=214936" }, { "type": "WEB", "url": "https://xenbits.xen.org/xsa/advisory-191.html" } ], "schema_version": "1.7.0", "summary": "xen-kernel -- x86 null segments not always treated as unusable" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "xen-kernel" }, "ranges": [ { "events": [ { "fixed": "4.7.1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://xenbits.xen.org/xsa/advisory-190.html" ], "discovery": "2016-10-04T00:00:00Z", "references": { "cvename": [ "CVE-2016-7777" ], "freebsdpr": [ "ports/214936" ] }, "vid": "4d7cf654-ba4d-11e6-ae1b-002590263bf5" }, "details": "The Xen Project reports:\n\n> Instructions touching FPU, MMX, or XMM registers are required to raise\n> a Device Not Available Exception (#NM) when either CR0.EM or CR0.TS\n> are set. (Their AVX or AVX-512 extensions would consider only CR0.TS.)\n> While during normal operation this is ensured by the hardware, if a\n> guest modifies instructions while the hypervisor is preparing to\n> emulate them, the #NM delivery could be missed.\n>\n> Guest code in one task may thus (unintentionally or maliciously) read\n> or modify register state belonging to another task in the same VM.\n>\n> A malicious unprivileged guest user may be able to obtain or corrupt\n> sensitive information (including cryptographic material) in other\n> programs in the same guest.\n", "id": "FreeBSD-2016-0451", "modified": "2016-12-04T00:00:00Z", "published": "2016-12-04T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://xenbits.xen.org/xsa/advisory-190.html" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2016-7777" }, { "type": "REPORT", "url": "https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=214936" }, { "type": "WEB", "url": "https://xenbits.xen.org/xsa/advisory-190.html" } ], "schema_version": "1.7.0", "summary": "xen-kernel -- CR0.TS and CR0.EM not always honored for x86 HVM guests" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "xen-kernel" }, "ranges": [ { "events": [ { "introduced": "4.4" }, { "fixed": "4.5" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://xenbits.xen.org/xsa/advisory-188.html" ], "discovery": "2016-09-08T00:00:00Z", "references": { "cvename": [ "CVE-2016-7154" ], "freebsdpr": [ "ports/214936" ] }, "vid": "4bf57137-ba4d-11e6-ae1b-002590263bf5" }, "details": "The Xen Project reports:\n\n> When the EVTCHNOP_init_control operation is called with a bad guest\n> frame number, it takes an error path which frees a control structure\n> without also clearing the corresponding pointer. Certain subsequent\n> operations (EVTCHNOP_expand_array or another EVTCHNOP_init_control),\n> upon finding the non-NULL pointer, continue operation assuming it\n> points to allocated memory.\n>\n> A malicious guest administrator can crash the host, leading to a DoS.\n> Arbitrary code execution (and therefore privilege escalation), and\n> information leaks, cannot be excluded.\n", "id": "FreeBSD-2016-0450", "modified": "2016-12-04T00:00:00Z", "published": "2016-12-04T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://xenbits.xen.org/xsa/advisory-188.html" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2016-7154" }, { "type": "REPORT", "url": "https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=214936" }, { "type": "WEB", "url": "https://xenbits.xen.org/xsa/advisory-188.html" } ], "schema_version": "1.7.0", "summary": "xen-kernel -- use after free in FIFO event channel code" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "xen-kernel" }, "ranges": [ { "events": [ { "fixed": "4.7.1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://xenbits.xen.org/xsa/advisory-187.html" ], "discovery": "2016-09-08T00:00:00Z", "references": { "cvename": [ "CVE-2016-7094" ], "freebsdpr": [ "ports/214936" ] }, "vid": "4aae54be-ba4d-11e6-ae1b-002590263bf5" }, "details": "The Xen Project reports:\n\n> x86 HVM guests running with shadow paging use a subset of the x86\n> emulator to handle the guest writing to its own pagetables. There are\n> situations a guest can provoke which result in exceeding the space\n> allocated for internal state.\n>\n> A malicious HVM guest administrator can cause Xen to fail a bug check,\n> causing a denial of service to the host.\n", "id": "FreeBSD-2016-0449", "modified": "2016-12-04T00:00:00Z", "published": "2016-12-04T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://xenbits.xen.org/xsa/advisory-187.html" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2016-7094" }, { "type": "REPORT", "url": "https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=214936" }, { "type": "WEB", "url": "https://xenbits.xen.org/xsa/advisory-187.html" } ], "schema_version": "1.7.0", "summary": "xen-kernel -- x86 HVM: Overflow of sh_ctxt->seg_reg[]" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "xen-kernel" }, "ranges": [ { "events": [ { "introduced": "4.5.3" }, { "last_affected": "4.5.3" }, { "fixed": "4.5.3" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "4.6.3" }, { "last_affected": "4.6.3" }, { "fixed": "4.6.3" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "4.7.0" }, { "fixed": "4.7.1" } ], "type": "ECOSYSTEM" } ], "versions": [ "4.5.3", "4.6.3" ] } ], "database_specific": { "cite": [ "https://xenbits.xen.org/xsa/advisory-186.html" ], "discovery": "2016-09-08T00:00:00Z", "references": { "cvename": [ "CVE-2016-7093" ], "freebsdpr": [ "ports/214936" ] }, "vid": "49211361-ba4d-11e6-ae1b-002590263bf5" }, "details": "The Xen Project reports:\n\n> When emulating HVM instructions, Xen uses a small i-cache for fetches\n> from guest memory. The code that handles cache misses does not check\n> if the address from which it fetched lies within the cache before\n> blindly writing to it. As such it is possible for the guest to\n> overwrite hypervisor memory.\n>\n> It is currently believed that the only way to trigger this bug is to\n> use the way that Xen currently incorrectly wraps CS:IP in 16 bit\n> modes. The included patch prevents such wrapping.\n>\n> A malicious HVM guest administrator can escalate their privilege to\n> that of the host.\n", "id": "FreeBSD-2016-0448", "modified": "2016-12-04T00:00:00Z", "published": "2016-12-04T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://xenbits.xen.org/xsa/advisory-186.html" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2016-7093" }, { "type": "REPORT", "url": "https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=214936" }, { "type": "WEB", "url": "https://xenbits.xen.org/xsa/advisory-186.html" } ], "schema_version": "1.7.0", "summary": "xen-kernel -- x86: Mishandling of instruction pointer truncation during emulation" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "xen-kernel" }, "ranges": [ { "events": [ { "fixed": "4.7.1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://xenbits.xen.org/xsa/advisory-185.html" ], "discovery": "2016-09-08T00:00:00Z", "references": { "cvename": [ "CVE-2016-7092" ], "freebsdpr": [ "ports/214936" ] }, "vid": "45ca25b5-ba4d-11e6-ae1b-002590263bf5" }, "details": "The Xen Project reports:\n\n> On real hardware, a 32-bit PAE guest must leave the USER and RW bit\n> clear in L3 pagetable entries, but the pagetable walk behaves as if\n> they were set. (The L3 entries are cached in processor registers, and\n> don\\'t actually form part of the pagewalk.)\n>\n> When running a 32-bit PV guest on a 64-bit Xen, Xen must always OR in\n> the USER and RW bits for L3 updates for the guest to observe\n> architectural behaviour. This is unsafe in combination with recursive\n> pagetables.\n>\n> As there is no way to construct an L3 recursive pagetable in native\n> 32-bit PAE mode, disallow this option in 32-bit PV guests.\n>\n> A malicious 32-bit PV guest administrator can escalate their privilege\n> to that of the host.\n", "id": "FreeBSD-2016-0447", "modified": "2016-12-04T00:00:00Z", "published": "2016-12-04T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://xenbits.xen.org/xsa/advisory-185.html" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2016-7092" }, { "type": "REPORT", "url": "https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=214936" }, { "type": "WEB", "url": "https://xenbits.xen.org/xsa/advisory-185.html" } ], "schema_version": "1.7.0", "summary": "xen-kernel -- x86: Disallow L3 recursive pagetable for 32-bit PV guests" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "tshark" }, "ranges": [ { "events": [ { "fixed": "2.2.2" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "tshark-lite" }, "ranges": [ { "events": [ { "fixed": "2.2.2" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "wireshark" }, "ranges": [ { "events": [ { "fixed": "2.2.2" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "wireshark-lite" }, "ranges": [ { "events": [ { "fixed": "2.2.2" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "wireshark-qt5" }, "ranges": [ { "events": [ { "fixed": "2.2.2" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "://www.wireshark.org/docs/relnotes/wireshark-2.2.2.html" ], "discovery": "2016-11-16T00:00:00Z", "references": { "cvename": [ "CVE-2016-9372", "CVE-2016-9373", "CVE-2016-9374", "CVE-2016-9375", "CVE-2016-9376" ] }, "vid": "7fff2b16-b0ee-11e6-86b8-589cfc054129" }, "details": "Wireshark project reports:\n\n> Wireshark project is releasing Wireshark 2.2.2, which addresses:\n>\n> - wnpa-sec-2016-58: Profinet I/O long loop - CVE-2016-9372\n> - wnpa-sec-2016-59: AllJoyn crash - CVE-2016-9374\n> - wnpa-sec-2016-60: OpenFlow crash - CVE-2016-9376\n> - wnpa-sec-2016-61: DCERPC crash - CVE-2016-9373\n> - wnpa-sec-2016-62: DTN infinite loop - CVE-2016-9375\n", "id": "FreeBSD-2016-0446", "modified": "2016-12-01T00:00:00Z", "published": "2016-12-01T00:00:00Z", "references": [ { "type": "REPORT", "url": "://www.wireshark.org/docs/relnotes/wireshark-2.2.2.html" }, { "type": "WEB", "url": "https://www.wireshark.org/docs/relnotes/wireshark-2.2.2.html" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2016-9372" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2016-9373" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2016-9374" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2016-9375" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2016-9376" } ], "schema_version": "1.7.0", "summary": "wireshark -- multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "firefox" }, "ranges": [ { "events": [ { "fixed": "50.0.2,1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "firefox-esr" }, "ranges": [ { "events": [ { "fixed": "45.5.1,1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "linux-firefox" }, "ranges": [ { "events": [ { "fixed": "45.5.1,2" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "seamonkey" }, "ranges": [ { "events": [ { "fixed": "2.46" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "linux-seamonkey" }, "ranges": [ { "events": [ { "fixed": "2.46" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "libxul" }, "ranges": [ { "events": [ { "fixed": "45.5.1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "thunderbird" }, "ranges": [ { "events": [ { "fixed": "45.5.1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "linux-thunderbird" }, "ranges": [ { "events": [ { "fixed": "45.5.1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://www.mozilla.org/en-US/security/advisories/mfsa2016-92/" ], "discovery": "2016-11-30T00:00:00Z", "references": { "cvename": [ "CVE-2016-9079" ] }, "vid": "18f39fb6-7400-4063-acaf-0806e92c094f" }, "details": "The Mozilla Foundation reports:\n\n> A use-after-free vulnerability in SVG Animation has been discovered.\n> An exploit built on this vulnerability has been discovered in the wild\n> targeting Firefox and Tor Browser users on Windows.\n", "id": "FreeBSD-2016-0445", "modified": "2016-12-16T00:00:00Z", "published": "2016-12-01T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2016-92/" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2016-9079" }, { "type": "WEB", "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2016-92/" } ], "schema_version": "1.7.0", "summary": "Mozilla -- SVG Animation Remote Code Execution" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "wget" }, "ranges": [ { "events": [ { "last_affected": "1.17" }, { "fixed": "1.17" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://legalhackers.com/advisories/Wget-Exploit-ACL-bypass-RaceCond-CVE-2016-7098.html" ], "discovery": "2016-11-24T00:00:00Z", "references": { "cvename": [ "CVE-2016-7098" ] }, "vid": "479c5b91-b6cc-11e6-a04e-3417eb99b9a0" }, "details": "Dawid Golunski reports:\n\n> GNU wget in version 1.17 and earlier, when used in mirroring/recursive\n> mode, is affected by a Race Condition vulnerability that might allow\n> remote attackers to bypass intended wget access list restrictions\n> specified with -A parameter.\n", "id": "FreeBSD-2016-0444", "modified": "2016-11-30T00:00:00Z", "published": "2016-11-30T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://legalhackers.com/advisories/Wget-Exploit-ACL-bypass-RaceCond-CVE-2016-7098.html" }, { "type": "ADVISORY", "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7098" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2016-7098" } ], "schema_version": "1.7.0", "summary": "wget -- Access List Bypass / Race Condition" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "p7zip" }, "ranges": [ { "events": [ { "fixed": "15.14_2" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9296" ], "discovery": "2016-07-17T00:00:00Z", "references": { "cvename": [ "CVE-2016-9296" ] }, "vid": "48e83187-b6e9-11e6-b6cf-5453ed2e2b49" }, "details": "MITRE reports:\n\n> A null pointer dereference bug affects the 16.02 and many old versions\n> of p7zip. A lack of null pointer check for the variable\n> `folders.PackPositions` in function\n> `CInArchive::ReadAndDecodePackedStreams`, as used in the 7z.so library\n> and in 7z applications, will cause a crash and a denial of service\n> when decoding malformed 7z files.\n", "id": "FreeBSD-2016-0443", "modified": "2016-11-30T00:00:00Z", "published": "2016-11-30T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9296" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2016-9296" }, { "type": "WEB", "url": "https://sourceforge.net/p/p7zip/discussion/383043/thread/648d34db/" }, { "type": "WEB", "url": "https://sourceforge.net/p/p7zip/bugs/185/" }, { "type": "WEB", "url": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-9296" } ], "schema_version": "1.7.0", "summary": "p7zip -- Null pointer dereference" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "subversion18" }, "ranges": [ { "events": [ { "fixed": "1.8.17" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "subversion" }, "ranges": [ { "events": [ { "fixed": "1.9.5" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "http://subversion.apache.org/security/CVE-2016-8734-advisory.txt" ], "discovery": "2016-11-29T00:00:00Z", "references": { "cvename": [ "CVE-2016-8734" ] }, "vid": "ac256985-b6a9-11e6-a3bf-206a8a720317" }, "details": "The Apache Software Foundation reports:\n\n> The mod_dontdothat module of subversion and subversion clients using\n> http(s):// are vulnerable to a denial-of-service attack, caused by\n> exponential XML entity expansion. The attack targets XML parsers\n> causing targeted process to consume excessive amounts of resources.\n> The attack is also known as the \\\"billions of laughs attack.\\\"\n", "id": "FreeBSD-2016-0442", "modified": "2016-11-29T00:00:00Z", "published": "2016-11-29T00:00:00Z", "references": [ { "type": "REPORT", "url": "http://subversion.apache.org/security/CVE-2016-8734-advisory.txt" }, { "type": "WEB", "url": "http://subversion.apache.org/security/CVE-2016-8734-advisory.txt" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2016-8734" } ], "schema_version": "1.7.0", "summary": "subversion -- Unrestricted XML entity expansion in mod_dontdothat and Subversionclients using http(s)" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "libwww" }, "ranges": [ { "events": [ { "fixed": "5.4.0_6" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3183", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3560", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3720" ], "discovery": "2005-10-12T00:00:00Z", "references": { "bid": [ "15035" ], "cvename": [ "CVE-2005-3183", "CVE-2009-3560", "CVE-2009-3720" ], "freebsdpr": [ "ports/214546" ] }, "vid": "18449f92-ab39-11e6-8011-005056925db4" }, "details": "Mitre reports:\n\n> The HTBoundary_put_block function in HTBound.c for W3C libwww\n> (w3c-libwww) allows remote servers to cause a denial of service\n> (segmentation fault) via a crafted multipart/byteranges MIME message\n> that triggers an out-of-bounds read.\n\n> The big2_toUtf8 function in lib/xmltok.c in libexpat in Expat 2.0.1,\n> as used in the XML-Twig module for Perl, allows context-dependent\n> attackers to cause a denial of service (application crash) via an XML\n> document with malformed UTF-8 sequences that trigger a buffer\n> over-read, related to the doProlog function in lib/xmlparse.c, a\n> different vulnerability than CVE-2009-2625 and CVE-2009-3720.\n\n> The updatePosition function in lib/xmltok_impl.c in libexpat in Expat\n> 2.0.1, as used in Python, PyXML, w3c-libwww, and other software,\n> allows context-dependent attackers to cause a denial of service\n> (application crash) via an XML document with crafted UTF-8 sequences\n> that trigger a buffer over-read, a different vulnerability than\n> CVE-2009-2625.\n", "id": "FreeBSD-2016-0441", "modified": "2016-11-29T00:00:00Z", "published": "2016-11-29T00:00:00Z", "references": [ { "type": "REPORT", "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3183" }, { "type": "REPORT", "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3560" }, { "type": "REPORT", "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3720" }, { "type": "ADVISORY", "url": "https://www.securityfocus.com/bid/15035/info" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2005-3183" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2009-3560" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2009-3720" }, { "type": "REPORT", "url": "https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=214546" }, { "type": "REPORT", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=170518" } ], "schema_version": "1.7.0", "summary": "libwww -- multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "firefox" }, "ranges": [ { "events": [ { "fixed": "50.0.1,1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://www.mozilla.org/en-US/security/advisories/mfsa2016-91/" ], "discovery": "2016-11-28T00:00:00Z", "references": { "cvename": [ "CVE-2016-9078" ] }, "vid": "f90fce70-ecfa-4f4d-9ee8-c476dbf4bf0e" }, "details": "The Mozilla Foundation reports:\n\n> Redirection from an HTTP connection to a data: URL assigns the\n> referring site\\'s origin to the data: URL in some circumstances. This\n> can result in same-origin violations against a domain if it loads\n> resources from malicious sites. Cross-origin setting of cookies has\n> been demonstrated without the ability to read them.\n", "id": "FreeBSD-2016-0440", "modified": "2016-11-29T00:00:00Z", "published": "2016-11-29T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2016-91/" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2016-9078" }, { "type": "WEB", "url": "https://www.mozilla.org/security/advisories/mfsa2016-91/" } ], "schema_version": "1.7.0", "summary": "mozilla -- data: URL can inherit wrong origin after an HTTP redirect" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "roundcube" }, "ranges": [ { "events": [ { "fixed": "1.2.3,1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=2016-9920" ], "discovery": "2016-11-29T00:00:00Z", "references": { "bid": [ "94858" ], "cvename": [ "CVE-2016-9920" ] }, "vid": "125f5958-b611-11e6-a9a5-b499baebfeaf" }, "details": "The Roundcube project reports\n\n> steps/mail/sendmail.inc in Roundcube before 1.1.7 and 1.2.x before\n> 1.2.3, when no SMTP server is configured and the sendmail program is\n> enabled, does not properly restrict the use of custom envelope-from\n> addresses on the sendmail command line, which allows remote\n> authenticated users to execute arbitrary code via a modified HTTP\n> request that sends a crafted e-mail message.\n", "id": "FreeBSD-2016-0439", "modified": "2016-12-14T00:00:00Z", "published": "2016-11-29T00:00:00Z", "references": [ { "type": "REPORT", "url": "http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=2016-9920" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2016-9920" }, { "type": "ADVISORY", "url": "https://www.securityfocus.com/bid/94858/info" }, { "type": "WEB", "url": "http://www.openwall.com/lists/oss-security/2016/12/08/17" }, { "type": "WEB", "url": "https://github.com/roundcube/roundcubemail/wiki/Changelog#release-123" } ], "schema_version": "1.7.0", "summary": "Roundcube -- arbitrary command execution" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "drupal7" }, "ranges": [ { "events": [ { "introduced": "7.0" }, { "fixed": "7.52" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "drupal8" }, "ranges": [ { "events": [ { "introduced": "8.0.0" }, { "fixed": "8.2.3" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://www.drupal.org/SA-CORE-2016-005" ], "discovery": "2016-11-16T00:00:00Z", "references": { "cvename": [ "CVE-2016-9449", "CVE-2016-9450", "CVE-2016-9451", "CVE-2016-9452" ] }, "vid": "8db24888-b2f5-11e6-8153-00248c0c745d" }, "details": "The Drupal development team reports:\n\n> ### Inconsistent name for term access query (Less critical - Drupal 7 and Drupal 8)\n>\n> Drupal provides a mechanism to alter database SELECT queries before\n> they are executed. Contributed and custom modules may use this\n> mechanism to restrict access to certain entities by implementing\n> hook_query_alter() or hook_query_TAG_alter() in order to add\n> additional conditions. Queries can be distinguished by means of query\n> tags. As the documentation on EntityFieldQuery::addTag() suggests,\n> access-tags on entity queries normally follow the form\n> ENTITY_TYPE_access (e.g. node_access). However, the taxonomy module\\'s\n> access query tag predated this system and used term_access as the\n> query tag instead of taxonomy_term_access.\n>\n> As a result, before this security release modules wishing to restrict\n> access to taxonomy terms may have implemented an unsupported tag, or\n> needed to look for both tags (term_access and taxonomy_term_access) in\n> order to be compatible with queries generated both by Drupal core as\n> well as those generated by contributed modules like Entity Reference.\n> Otherwise information on taxonomy terms might have been disclosed to\n> unprivileged users.\n>\n> ### Incorrect cache context on password reset page (Less critical - Drupal 8)\n>\n> The user password reset form does not specify a proper cache context,\n> which can lead to cache poisoning and unwanted content on the page.\n>\n> ### Confirmation forms allow external URLs to be injected (Moderately critical - Drupal 7)\n>\n> Under certain circumstances, malicious users could construct a URL to\n> a confirmation form that would trick users into being redirected to a\n> 3rd party website after interacting with the form, thereby exposing\n> the users to potential social engineering attacks.\n>\n> ### Denial of service via transliterate mechanism (Moderately critical - Drupal 8)\n>\n> A specially crafted URL can cause a denial of service via the\n> transliterate mechanism.\n", "id": "FreeBSD-2016-0438", "modified": "2016-11-27T00:00:00Z", "published": "2016-11-25T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://www.drupal.org/SA-CORE-2016-005" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2016-9449" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2016-9450" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2016-9451" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2016-9452" } ], "schema_version": "1.7.0", "summary": "Drupal Code -- Multiple Vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "phpMyAdmin" }, "ranges": [ { "events": [ { "introduced": "4.6.0" }, { "fixed": "4.6.5" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "discovery": "2016-11-25T00:00:00Z", "references": { "cvename": [ "CVE-2016-6632", "CVE-2016-6633", "CVE-2016-4412" ] }, "vid": "6fe72178-b2e3-11e6-8b2a-6805ca0b3d42" }, "details": "Please reference CVE/URL list for details\n", "id": "FreeBSD-2016-0437", "modified": "2016-11-25T00:00:00Z", "published": "2016-11-25T00:00:00Z", "references": [ { "type": "WEB", "url": "https://www.phpmyadmin.net/security/PMASA-2016-57/" }, { "type": "WEB", "url": "https://www.phpmyadmin.net/security/PMASA-2016-58/" }, { "type": "WEB", "url": "https://www.phpmyadmin.net/security/PMASA-2016-59/" }, { "type": "WEB", "url": "https://www.phpmyadmin.net/security/PMASA-2016-60/" }, { "type": "WEB", "url": "https://www.phpmyadmin.net/security/PMASA-2016-61/" }, { "type": "WEB", "url": "https://www.phpmyadmin.net/security/PMASA-2016-62/" }, { "type": "WEB", "url": "https://www.phpmyadmin.net/security/PMASA-2016-63/" }, { "type": "WEB", "url": "https://www.phpmyadmin.net/security/PMASA-2016-64/" }, { "type": "WEB", "url": "https://www.phpmyadmin.net/security/PMASA-2016-65/" }, { "type": "WEB", "url": "https://www.phpmyadmin.net/security/PMASA-2016-66/" }, { "type": "WEB", "url": "https://www.phpmyadmin.net/security/PMASA-2016-67/" }, { "type": "WEB", "url": "https://www.phpmyadmin.net/security/PMASA-2016-68/" }, { "type": "WEB", "url": "https://www.phpmyadmin.net/security/PMASA-2016-69/" }, { "type": "WEB", "url": "https://www.phpmyadmin.net/security/PMASA-2016-70/" }, { "type": "WEB", "url": "https://www.phpmyadmin.net/security/PMASA-2016-71/" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2016-6632" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2016-6633" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2016-4412" } ], "schema_version": "1.7.0", "summary": "phpMyAdmin -- multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "mysql57-client" }, "ranges": [ { "events": [ { "fixed": "5.7.15" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "mysql57-server" }, "ranges": [ { "events": [ { "fixed": "5.7.15" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "mysql56-client" }, "ranges": [ { "events": [ { "fixed": "5.6.33" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "mysql56-server" }, "ranges": [ { "events": [ { "fixed": "5.6.33" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "mysql55-client" }, "ranges": [ { "events": [ { "fixed": "5.5.52" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "mysql55-server" }, "ranges": [ { "events": [ { "fixed": "5.5.52" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "http://legalhackers.com/advisories/MySQL-Exploit-Remote-Root-Code-Execution-Privesc-CVE-2016-6662.html" ], "discovery": "2016-09-12T00:00:00Z", "vid": "dc596a17-7a9e-11e6-b034-f0def167eeea" }, "details": "LegalHackers\\' reports:\n\n> RCE Bugs discovered in MySQL and its variants like MariaDB. It works\n> by manipulating my.cnf files and using \\--malloc-lib. The bug seems\n> fixed in MySQL 5.7.15 by Oracle\n", "id": "FreeBSD-2016-0436", "modified": "2016-11-24T00:00:00Z", "published": "2016-11-24T00:00:00Z", "references": [ { "type": "REPORT", "url": "http://legalhackers.com/advisories/MySQL-Exploit-Remote-Root-Code-Execution-Privesc-CVE-2016-6662.html" }, { "type": "WEB", "url": "http://legalhackers.com/advisories/MySQL-Exploit-Remote-Root-Code-Execution-Privesc-CVE-2016-6662.html" }, { "type": "WEB", "url": "https://dev.mysql.com/doc/relnotes/mysql/5.7/en/news-5-7-15.html" } ], "schema_version": "1.7.0", "summary": "Remote-Code-Execution vulnerability in mysql and its variants CVE 2016-6662" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "ntp" }, "ranges": [ { "events": [ { "fixed": "4.2.8p9" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "ntp-devel" }, "ranges": [ { "events": [ { "introduced": "0,1" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "http://support.ntp.org/bin/view/Main/SecurityNotice#November_2016_ntp_4_2_8p9_NTP_Se" ], "discovery": "2016-11-21T00:00:00Z", "references": { "cvename": [ "CVE-2016-7426", "CVE-2016-7427", "CVE-2016-7428", "CVE-2016-7429", "CVE-2016-7431", "CVE-2016-7433", "CVE-2016-7434", "CVE-2016-9310", "CVE-2016-9311", "CVE-2016-9312" ] }, "vid": "8db8d62a-b08b-11e6-8eba-d050996490d0" }, "details": "Network Time Foundation reports:\n\n> NTF\\'s NTP Project is releasing ntp-4.2.8p9, which addresses:\n>\n> - 1 HIGH severity vulnerability that only affects Windows\n> - 2 MEDIUM severity vulnerabilities\n> - 2 MEDIUM/LOW severity vulnerabilities\n> - 5 LOW severity vulnerabilities\n> - 28 other non-security fixes and improvements\n>\n> All of the security issues in this release are listed in\n> [VU#633847](http://www.kb.cert.org/vuls/id/633847).\n", "id": "FreeBSD-2016-0435", "modified": "2016-11-22T00:00:00Z", "published": "2016-11-22T00:00:00Z", "references": [ { "type": "REPORT", "url": "http://support.ntp.org/bin/view/Main/SecurityNotice#November_2016_ntp_4_2_8p9_NTP_Se" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2016-7426" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2016-7427" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2016-7428" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2016-7429" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2016-7431" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2016-7433" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2016-7434" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2016-9310" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2016-9311" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2016-9312" }, { "type": "WEB", "url": "http://support.ntp.org/bin/view/Main/SecurityNotice#November_2016_ntp_4_2_8p9_NTP_Se" }, { "type": "WEB", "url": "http://www.kb.cert.org/vuls/id/633847" } ], "schema_version": "1.7.0", "summary": "ntp -- multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "teeworlds" }, "ranges": [ { "events": [ { "fixed": "0.6.4" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://www.teeworlds.com/?page=news&id=12086" ], "discovery": "2016-11-13T00:00:00Z", "vid": "81fc7705-b002-11e6-b20a-14dae9d5a9d2" }, "details": "Teeworlds project reports:\n\n> Attacker controlled memory-writes and possibly arbitrary code\n> execution on the client, abusable by any server the client joins\n", "id": "FreeBSD-2016-0434", "modified": "2016-11-21T00:00:00Z", "published": "2016-11-21T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://www.teeworlds.com/?page=news&id=12086" }, { "type": "WEB", "url": "https://www.teeworlds.com/?page=news&id=12086" } ], "schema_version": "1.7.0", "summary": "teeworlds -- Remote code execution" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "jenkins" }, "ranges": [ { "events": [ { "last_affected": "2.31" }, { "fixed": "2.31" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "jenkins-lts" }, "ranges": [ { "events": [ { "last_affected": "2.19.2" }, { "fixed": "2.19.2" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2016-11-16" ], "discovery": "2016-11-11T00:00:00Z", "references": { "cvename": [ "CVE-2016-9299" ] }, "vid": "27eee66d-9474-44a5-b830-21ec12a1c307" }, "details": "Jenkins Security Advisory:\n\n> An unauthenticated remote code execution vulnerability allowed\n> attackers to transfer a serialized Java object to the Jenkins CLI,\n> making Jenkins connect to an attacker-controlled LDAP server, which in\n> turn can send a serialized payload leading to code execution,\n> bypassing existing protection mechanisms.\n", "id": "FreeBSD-2016-0433", "modified": "2016-11-16T00:00:00Z", "published": "2016-11-16T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2016-11-16" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2016-9299" }, { "type": "WEB", "url": "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2016-11-16" } ], "schema_version": "1.7.0", "summary": "jenkins -- Remote code execution vulnerability in remoting module" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "moodle29" }, "ranges": [ { "events": [ { "fixed": "2.9.9" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "moodle30" }, "ranges": [ { "events": [ { "fixed": "3.0.7" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "moodle31" }, "ranges": [ { "events": [ { "fixed": "3.1.3" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://moodle.org/security/" ], "discovery": "2016-11-14T00:00:00Z", "references": { "cvename": [ "CVE-2016-8642", "CVE-2016-8643", "CVE-2016-8644" ] }, "vid": "f6565fbf-ab9e-11e6-ae1b-002590263bf5" }, "details": "Marina Glancy reports:\n\n> - MSA-16-0023: Question engine allows access to files that should not\n> be available\n>\n> - MSA-16-0024: Non-admin site managers may accidentally edit admins\n> via web services\n>\n> - MSA-16-0025: Capability to view course notes is checked in the wrong\n> context\n>\n> - MSA-16-0026: When debugging is enabled, error exceptions returned\n> from webservices could contain private data\n", "id": "FreeBSD-2016-0432", "modified": "2016-11-27T00:00:00Z", "published": "2016-11-16T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://moodle.org/security/" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2016-8642" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2016-8643" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2016-8644" }, { "type": "WEB", "url": "https://moodle.org/security/" } ], "schema_version": "1.7.0", "summary": "moodle -- multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "moodle29" }, "ranges": [ { "events": [ { "fixed": "2.9.8" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "moodle30" }, "ranges": [ { "events": [ { "fixed": "3.0.6" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "moodle31" }, "ranges": [ { "events": [ { "fixed": "3.1.2" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://moodle.org/security/" ], "discovery": "2016-09-12T00:00:00Z", "references": { "cvename": [ "CVE-2016-7038" ] }, "vid": "ab02f981-ab9e-11e6-ae1b-002590263bf5" }, "details": "Marina Glancy reports:\n\n> - MSA-16-0022: Web service tokens should be invalidated when the user\n> password is changed or forced to be changed.\n", "id": "FreeBSD-2016-0431", "modified": "2016-11-16T00:00:00Z", "published": "2016-11-16T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://moodle.org/security/" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2016-7038" }, { "type": "WEB", "url": "https://moodle.org/security/" } ], "schema_version": "1.7.0", "summary": "moodle -- multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "firefox" }, "ranges": [ { "events": [ { "fixed": "50.0_1,1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "seamonkey" }, "ranges": [ { "events": [ { "fixed": "2.47" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "linux-seamonkey" }, "ranges": [ { "events": [ { "fixed": "2.47" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "firefox-esr" }, "ranges": [ { "events": [ { "fixed": "45.5.0,1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "linux-firefox" }, "ranges": [ { "events": [ { "fixed": "45.5.0,2" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "libxul" }, "ranges": [ { "events": [ { "fixed": "45.5.0" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "thunderbird" }, "ranges": [ { "events": [ { "fixed": "45.5.0" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "linux-thunderbird" }, "ranges": [ { "events": [ { "fixed": "45.5.0" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://www.mozilla.org/en-US/security/advisories/mfsa2016-89/" ], "discovery": "2016-11-15T00:00:00Z", "references": { "cvename": [ "CVE-2016-5289", "CVE-2016-5290", "CVE-2016-5291", "CVE-2016-5292", "CVE-2016-5293", "CVE-2016-5294", "CVE-2016-5295", "CVE-2016-5296", "CVE-2016-5297", "CVE-2016-5298", "CVE-2016-5299", "CVE-2016-9061", "CVE-2016-9062", "CVE-2016-9063", "CVE-2016-9064", "CVE-2016-9065", "CVE-2016-9066", "CVE-2016-9067", "CVE-2016-9068", "CVE-2016-9070", "CVE-2016-9071", "CVE-2016-9072", "CVE-2016-9073", "CVE-2016-9074", "CVE-2016-9075", "CVE-2016-9076", "CVE-2016-9077" ] }, "vid": "d1853110-07f4-4645-895b-6fd462ad0589" }, "details": "Mozilla Foundation reports:\n\n> Please reference CVE/URL list for details\n", "id": "FreeBSD-2016-0430", "modified": "2016-11-16T00:00:00Z", "published": "2016-11-16T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2016-89/" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2016-5289" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2016-5290" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2016-5291" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2016-5292" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2016-5293" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2016-5294" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2016-5295" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2016-5296" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2016-5297" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2016-5298" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2016-5299" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2016-9061" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2016-9062" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2016-9063" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2016-9064" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2016-9065" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2016-9066" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2016-9067" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2016-9068" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2016-9070" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2016-9071" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2016-9072" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2016-9073" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2016-9074" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2016-9075" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2016-9076" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2016-9077" }, { "type": "WEB", "url": "https://www.mozilla.org/security/advisories/mfsa2016-89/" }, { "type": "WEB", "url": "https://www.mozilla.org/security/advisories/mfsa2016-90/" } ], "schema_version": "1.7.0", "summary": "mozilla -- multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "lives" }, "ranges": [ { "events": [ { "fixed": "2.8.1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=756565", "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=798043" ], "discovery": "2016-07-30T00:00:00Z", "vid": "a8e9d834-a916-11e6-b9b4-bcaec524bf84" }, "details": "Debian reports:\n\n> smogrify script creates insecure temporary files.\n\n> lives creates and uses world-writable directory.\n", "id": "FreeBSD-2016-0429", "modified": "2016-11-12T00:00:00Z", "published": "2016-11-12T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=756565" }, { "type": "REPORT", "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=798043" }, { "type": "WEB", "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=756565" }, { "type": "WEB", "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=798043" } ], "schema_version": "1.7.0", "summary": "lives -- insecure files permissions" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "openssl-devel" }, "ranges": [ { "events": [ { "fixed": "1.1.0c" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://www.openssl.org/news/secadv/20161110.txt" ], "discovery": "2016-11-10T00:00:00Z", "references": { "cvename": [ "CVE-2016-7054", "CVE-2016-7053", "CVE-2016-7055" ] }, "vid": "50751310-a763-11e6-a881-b499baebfeaf" }, "details": "OpenSSL reports:\n\n> - ChaCha20/Poly1305 heap-buffer-overflow (CVE-2016-7054)\\\n> Severity: High\\\n> TLS connections using \\*-CHACHA20-POLY1305 ciphersuites are\n> susceptible to a DoS attack by corrupting larger payloads. This can\n> result in an OpenSSL crash. This issue is not considered to be\n> exploitable beyond a DoS.\n> - CMS Null dereference (CVE-2016-7053)\\\n> Severity: Medium\\\n> Applications parsing invalid CMS structures can crash with a NULL\n> pointer dereference. This is caused by a bug in the handling of the\n> ASN.1 CHOICE type in OpenSSL 1.1.0 which can result in a NULL value\n> being passed to the structure callback if an attempt is made to free\n> certain invalid encodings. Only CHOICE structures using a callback\n> which do not handle NULL value are affected.\n> - Montgomery multiplication may produce incorrect results\n> (CVE-2016-7055)i\\\n> Severity: Low\\\n> There is a carry propagating bug in the Broadwell-specific\n> Montgomery multiplication procedure that handles input lengths\n> divisible by, but longer than 256 bits.\n", "id": "FreeBSD-2016-0428", "modified": "2016-11-11T00:00:00Z", "published": "2016-11-10T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://www.openssl.org/news/secadv/20161110.txt" }, { "type": "WEB", "url": "https://www.openssl.org/news/secadv/20161110.txt" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2016-7054" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2016-7053" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2016-7055" } ], "schema_version": "1.7.0", "summary": "openssl -- multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "chromium" }, "ranges": [ { "events": [ { "fixed": "54.0.2840.100" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "chromium-npapi" }, "ranges": [ { "events": [ { "fixed": "54.0.2840.100" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "chromium-pulse" }, "ranges": [ { "events": [ { "fixed": "54.0.2840.100" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://googlechromereleases.blogspot.nl/2016/11/stable-channel-update-for-desktop_9.html" ], "discovery": "2016-11-09T00:00:00Z", "references": { "cvename": [ "CVE-2016-5199", "CVE-2016-5200", "CVE-2016-5201", "CVE-2016-5202" ] }, "vid": "a3473f5a-a739-11e6-afaa-e8e0b747a45a" }, "details": "Google Chrome Releases reports:\n\n> 4 security fixes in this release, including:\n>\n> - \\[643948\\] High CVE-2016-5199: Heap corruption in FFmpeg. Credit to\n> Paul Mehta\n> - \\[658114\\] High CVE-2016-5200: Out of bounds memory access in V8.\n> Credit to Choongwoo Han\n> - \\[660678\\] Medium CVE-2016-5201: Info leak in extensions. Credit to\n> Rob Wu\n> - \\[662843\\] CVE-2016-5202: Various fixes from internal audits,\n> fuzzing and other initiatives\n", "id": "FreeBSD-2016-0427", "modified": "2016-11-10T00:00:00Z", "published": "2016-11-10T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://googlechromereleases.blogspot.nl/2016/11/stable-channel-update-for-desktop_9.html" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2016-5199" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2016-5200" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2016-5201" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2016-5202" }, { "type": "WEB", "url": "https://googlechromereleases.blogspot.nl/2016/11/stable-channel-update-for-desktop_9.html" } ], "schema_version": "1.7.0", "summary": "chromium -- multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "linux-c6-flashplugin" }, "ranges": [ { "events": [ { "fixed": "11.2r202.644" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "linux-c7-flashplugin" }, "ranges": [ { "events": [ { "fixed": "11.2r202.644" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "linux-f10-flashplugin" }, "ranges": [ { "events": [ { "fixed": "11.2r202.644" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://helpx.adobe.com/security/products/flash-player/apsb16-37.html" ], "discovery": "2016-11-08T00:00:00Z", "references": { "cvename": [ "CVE-2016-7857", "CVE-2016-7858", "CVE-2016-7859", "CVE-2016-7860", "CVE-2016-7861", "CVE-2016-7862", "CVE-2016-7863", "CVE-2016-7864", "CVE-2016-7865" ] }, "vid": "96f6bf10-a731-11e6-95ca-0011d823eebd" }, "details": "Adobe reports:\n\n> - These updates resolve type confusion vulnerabilities that could lead\n> to code execution (CVE-2016-7860, CVE-2016-7861, CVE-2016-7865).\n> - These updates resolve use-after-free vulnerabilities that could lead\n> to code execution (CVE-2016-7857, CVE-2016-7858, CVE-2016-7859,\n> CVE-2016-7862, CVE-2016-7863, CVE-2016-7864).\n", "id": "FreeBSD-2016-0426", "modified": "2016-11-10T00:00:00Z", "published": "2016-11-10T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://helpx.adobe.com/security/products/flash-player/apsb16-37.html" }, { "type": "WEB", "url": "https://helpx.adobe.com/security/products/flash-player/apsb16-37.html" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2016-7857" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2016-7858" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2016-7859" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2016-7860" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2016-7861" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2016-7862" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2016-7863" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2016-7864" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2016-7865" } ], "schema_version": "1.7.0", "summary": "flash -- multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "gitlab" }, "ranges": [ { "events": [ { "introduced": "8.10.0" }, { "last_affected": "8.10.12" }, { "fixed": "8.10.12" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "8.11.0" }, { "last_affected": "8.11.9" }, { "fixed": "8.11.9" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "8.12.0" }, { "last_affected": "8.12.7" }, { "fixed": "8.12.7" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "8.13.0" }, { "last_affected": "8.13.2" }, { "fixed": "8.13.2" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://about.gitlab.com/2016/11/02/cve-2016-9086-patches/" ], "discovery": "2016-11-02T00:00:00Z", "references": { "cvename": [ "CVE-2016-9086" ], "freebsdpr": [ "ports/214360" ] }, "vid": "10968dfd-a687-11e6-b2d3-60a44ce6887b" }, "details": "GitLab reports:\n\n> The import/export feature did not properly check for symbolic links in\n> user-provided archives and therefore it was possible for an\n> authenticated user to retrieve the contents of any file accessible to\n> the GitLab service account. This included sensitive files such as\n> those that contain secret tokens used by the GitLab service to\n> authenticate users.\n", "id": "FreeBSD-2016-0425", "modified": "2017-05-18T00:00:00Z", "published": "2016-11-09T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://about.gitlab.com/2016/11/02/cve-2016-9086-patches/" }, { "type": "WEB", "url": "https://about.gitlab.com/2016/11/02/cve-2016-9086-patches/" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2016-9086" }, { "type": "REPORT", "url": "https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=214360" } ], "schema_version": "1.7.0", "summary": "gitlab -- Directory traversal via \"import/export\" feature" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "chromium" }, "ranges": [ { "events": [ { "fixed": "54.0.2840.90" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "chromium-npapi" }, "ranges": [ { "events": [ { "fixed": "54.0.2840.90" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "chromium-pulse" }, "ranges": [ { "events": [ { "fixed": "54.0.2840.90" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://googlechromereleases.blogspot.nl/2016/11/stable-channel-update-for-desktop.html" ], "discovery": "2016-11-01T00:00:00Z", "references": { "cvename": [ "CVE-2016-5198" ] }, "vid": "ae9cb9b8-a203-11e6-a265-3065ec8fd3ec" }, "details": "Google Chrome Releases reports:\n\n> \\[659475\\] High CVE-2016-5198: Out of bounds memory access in V8.\n> Credit to Tencent Keen Security Lab, working with Trend Micro\\'s Zero\n> Day Initiative.\n", "id": "FreeBSD-2016-0424", "modified": "2016-11-03T00:00:00Z", "published": "2016-11-03T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://googlechromereleases.blogspot.nl/2016/11/stable-channel-update-for-desktop.html" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2016-5198" }, { "type": "WEB", "url": "https://googlechromereleases.blogspot.nl/2016/11/stable-channel-update-for-desktop.html" } ], "schema_version": "1.7.0", "summary": "chromium -- out-of-bounds memory access" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "FreeBSD" }, "ranges": [ { "events": [ { "introduced": "10.3" }, { "fixed": "10.3_12" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "10.2" }, { "fixed": "10.2_25" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "10.1" }, { "fixed": "10.1_42" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "9.3" }, { "fixed": "9.3_50" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "openssl" }, "ranges": [ { "events": [ { "fixed": "1.0.2i,1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "openssl-devel" }, "ranges": [ { "events": [ { "fixed": "1.1.0a" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "linux-c6-openssl" }, "ranges": [ { "events": [ { "fixed": "1.0.1e_13" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "linux-c7-openssl-libs" }, "ranges": [ { "events": [ { "fixed": "1.0.1e_3" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "discovery": "2016-11-02T00:00:00Z", "references": { "cvename": [ "CVE-2016-8610" ], "freebsdsa": [ "SA-16:35.openssl" ] }, "vid": "0fcd3af0-a0fe-11e6-b1cf-14dae9d210b8" }, "details": "# Problem Description:\n\nDue to improper handling of alert packets, OpenSSL would consume an\nexcessive amount of CPU time processing undefined alert messages.\n\n# Impact:\n\nA remote attacker who can initiate handshakes with an OpenSSL based\nserver can cause the server to consume a lot of computation power with\nvery little bandwidth usage, and may be able to use this technique in a\nleveraged Denial of Service attack.\n", "id": "FreeBSD-2016-0423", "modified": "2017-02-22T00:00:00Z", "published": "2016-11-02T00:00:00Z", "references": [ { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2016-8610" }, { "type": "ADVISORY", "url": "https://www.freebsd.org/security/advisories/FreeBSD-SA-16:35.openssl.asc" }, { "type": "WEB", "url": "http://seclists.org/oss-sec/2016/q4/224" } ], "schema_version": "1.7.0", "summary": "FreeBSD -- OpenSSL Remote DoS vulnerability" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "py27-django" }, "ranges": [ { "events": [ { "fixed": "1.8.16" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "py33-django" }, "ranges": [ { "events": [ { "fixed": "1.8.16" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "py34-django" }, "ranges": [ { "events": [ { "fixed": "1.8.16" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "py35-django" }, "ranges": [ { "events": [ { "fixed": "1.8.16" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "py27-django18" }, "ranges": [ { "events": [ { "fixed": "1.8.16" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "py33-django18" }, "ranges": [ { "events": [ { "fixed": "1.8.16" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "py34-django18" }, "ranges": [ { "events": [ { "fixed": "1.8.16" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "py35-django18" }, "ranges": [ { "events": [ { "fixed": "1.8.16" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "py27-django19" }, "ranges": [ { "events": [ { "fixed": "1.9.11" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "py33-django19" }, "ranges": [ { "events": [ { "fixed": "1.9.11" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "py34-django19" }, "ranges": [ { "events": [ { "fixed": "1.9.11" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "py35-django19" }, "ranges": [ { "events": [ { "fixed": "1.9.11" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "py27-django110" }, "ranges": [ { "events": [ { "fixed": "1.10.3" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "py33-django110" }, "ranges": [ { "events": [ { "fixed": "1.10.3" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "py34-django110" }, "ranges": [ { "events": [ { "fixed": "1.10.3" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "py35-django110" }, "ranges": [ { "events": [ { "fixed": "1.10.3" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://www.djangoproject.com/weblog/2016/nov/01/security-releases/" ], "discovery": "2016-11-01T00:00:00Z", "references": { "cvename": [ "CVE-2016-9013", "CVE-2016-9014" ] }, "vid": "cb116651-79db-4c09-93a2-c38f9df46724" }, "details": "The Django project reports:\n\n> Today the Django team released Django 1.10.3, Django 1.9.11, and\n> 1.8.16. These releases addresses two security issues detailed below.\n> We encourage all users of Django to upgrade as soon as possible.\n>\n> - User with hardcoded password created when running tests on Oracle\n> - DNS rebinding vulnerability when DEBUG=True\n", "id": "FreeBSD-2016-0422", "modified": "2016-11-02T00:00:00Z", "published": "2016-11-02T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://www.djangoproject.com/weblog/2016/nov/01/security-releases/" }, { "type": "WEB", "url": "https://www.djangoproject.com/weblog/2016/nov/01/security-releases/" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2016-9013" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2016-9014" } ], "schema_version": "1.7.0", "summary": "django -- multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "curl" }, "ranges": [ { "events": [ { "introduced": "7.1" }, { "fixed": "7.51.0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://curl.haxx.se/docs/security.html" ], "discovery": "2016-11-02T00:00:00Z", "references": { "cvename": [ "CVE-2016-8615", "CVE-2016-8616", "CVE-2016-8617", "CVE-2016-8618", "CVE-2016-8619", "CVE-2016-8620", "CVE-2016-8621", "CVE-2016-8622", "CVE-2016-8623", "CVE-2016-8624", "CVE-2016-8625" ] }, "vid": "765feb7d-a0d1-11e6-a881-b499baebfeaf" }, "details": "The cURL project reports\n\n> - cookie injection for other servers\n> - case insensitive password comparison\n> - OOB write via unchecked multiplication\n> - double-free in curl_maprintf\n> - double-free in krb5 code\n> - glob parser write/read out of bounds\n> - curl_getdate read out of bounds\n> - URL unescape heap overflow via integer truncation\n> - Use-after-free via shared cookies\n> - invalid URL parsing with \\'#\\'\n> - IDNA 2003 makes curl use wrong host\n", "id": "FreeBSD-2016-0421", "modified": "2016-11-02T00:00:00Z", "published": "2016-11-02T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://curl.haxx.se/docs/security.html" }, { "type": "WEB", "url": "https://curl.haxx.se/docs/security.html" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2016-8615" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2016-8616" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2016-8617" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2016-8618" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2016-8619" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2016-8620" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2016-8621" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2016-8622" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2016-8623" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2016-8624" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2016-8625" } ], "schema_version": "1.7.0", "summary": "cURL -- multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "bind99" }, "ranges": [ { "events": [ { "fixed": "9.9.9P4" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "bind910" }, "ranges": [ { "events": [ { "fixed": "9.10.4P4" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "bind911" }, "ranges": [ { "events": [ { "fixed": "9.11.0P1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "bind9-devel" }, "ranges": [ { "events": [ { "last_affected": "9.12.0.a.2016.10.21" }, { "fixed": "9.12.0.a.2016.10.21" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "FreeBSD" }, "ranges": [ { "events": [ { "introduced": "9.3" }, { "fixed": "9.3_50" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://kb.isc.org/article/AA-01434/" ], "discovery": "2016-11-01T00:00:00Z", "references": { "cvename": [ "CVE-2016-8864" ], "freebsdsa": [ "SA-16:34.bind" ] }, "vid": "0b8d01a4-a0d2-11e6-9ca2-d050996490d0" }, "details": "ISC reports:\n\n> A defect in BIND\\'s handling of responses containing a DNAME answer\n> can cause a resolver to exit after encountering an assertion failure\n> in db.c or resolver.c\n", "id": "FreeBSD-2016-0420", "modified": "2016-11-02T00:00:00Z", "published": "2016-11-02T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://kb.isc.org/article/AA-01434/" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2016-8864" }, { "type": "ADVISORY", "url": "https://www.freebsd.org/security/advisories/FreeBSD-SA-16:34.bind.asc" }, { "type": "WEB", "url": "https://kb.isc.org/article/AA-01434/" } ], "schema_version": "1.7.0", "summary": "BIND -- Remote Denial of Service vulnerability" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "memcached" }, "ranges": [ { "events": [ { "fixed": "1.4.33" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "http://blog.talosintel.com/2016/10/memcached-vulnerabilities.html" ], "discovery": "2016-10-31T00:00:00Z", "references": { "cvename": [ "CVE-2016-8704", "CVE-2016-8705", "CVE-2016-8706" ] }, "vid": "f4bf713f-6ac7-4b76-8980-47bf90c5419f" }, "details": "Cisco Talos reports:\n\n> Multiple integer overflow vulnerabilities exist within Memcached that\n> could be exploited to achieve remote code execution on the targeted\n> system. These vulnerabilities manifest in various Memcached functions\n> that are used in inserting, appending, prepending, or modifying\n> key-value data pairs. Systems which also have Memcached compiled with\n> support for SASL authentication are also vulnerable to a third flaw\n> due to how Memcached handles SASL authentication commands.\n>\n> An attacker could exploit these vulnerabilities by sending a\n> specifically crafted Memcached command to the targeted server.\n> Additionally, these vulnerabilities could also be exploited to leak\n> sensitive process information which an attacker could use to bypass\n> common exploitation mitigations, such as ASLR, and can be triggered\n> multiple times. This enables reliable exploitation which makes these\n> vulnerabilities severe.\n", "id": "FreeBSD-2016-0419", "modified": "2016-11-02T00:00:00Z", "published": "2016-11-02T00:00:00Z", "references": [ { "type": "REPORT", "url": "http://blog.talosintel.com/2016/10/memcached-vulnerabilities.html" }, { "type": "WEB", "url": "http://blog.talosintel.com/2016/10/memcached-vulnerabilities.html" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2016-8704" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2016-8705" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2016-8706" } ], "schema_version": "1.7.0", "summary": "memcached -- multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "mariadb55-server" }, "ranges": [ { "events": [ { "fixed": "5.5.53" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "mysql55-server" }, "ranges": [ { "events": [ { "fixed": "5.5.53" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "mysql56-server" }, "ranges": [ { "events": [ { "fixed": "5.6.34" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "mysql57-server" }, "ranges": [ { "events": [ { "fixed": "5.7.15" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://mariadb.com/kb/en/mariadb/mariadb-5553-release-notes/" ], "discovery": "2016-10-17T00:00:00Z", "references": { "cvename": [ "CVE-2016-7440", "CVE-2016-5584" ] }, "vid": "9bc14850-a070-11e6-a881-b499baebfeaf" }, "details": "The MariaDB project reports:\n\n> Fixes for the following security vulnerabilities:\n>\n> - CVE-2016-7440\n> - CVE-2016-5584\n", "id": "FreeBSD-2016-0418", "modified": "2016-11-01T00:00:00Z", "published": "2016-11-01T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://mariadb.com/kb/en/mariadb/mariadb-5553-release-notes/" }, { "type": "WEB", "url": "https://mariadb.com/kb/en/mariadb/mariadb-5553-release-notes/" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2016-7440" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2016-5584" } ], "schema_version": "1.7.0", "summary": "MySQL -- multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "chromium" }, "ranges": [ { "events": [ { "fixed": "54.0.2840.59" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "chromium-npapi" }, "ranges": [ { "events": [ { "fixed": "54.0.2840.59" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "chromium-pulse" }, "ranges": [ { "events": [ { "fixed": "54.0.2840.59" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://googlechromereleases.blogspot.nl/2016/10/stable-channel-update-for-desktop.html" ], "discovery": "2016-10-12T00:00:00Z", "references": { "cvename": [ "CVE-2016-5181", "CVE-2016-5182", "CVE-2016-5183", "CVE-2016-5184", "CVE-2016-5185", "CVE-2016-5186", "CVE-2016-5187", "CVE-2016-5188", "CVE-2016-5189", "CVE-2016-5190", "CVE-2016-5191", "CVE-2016-5192", "CVE-2016-5193", "CVE-2016-5194" ] }, "vid": "9118961b-9fa5-11e6-a265-3065ec8fd3ec" }, "details": "Google Chrome Releases reports:\n\n> 21 security fixes in this release, including:\n>\n> - \\[645211\\] High CVE-2016-5181: Universal XSS in Blink. Credit to\n> Anonymous\n> - \\[638615\\] High CVE-2016-5182: Heap overflow in Blink. Credit to\n> Giwan Go of STEALIEN\n> - \\[645122\\] High CVE-2016-5183: Use after free in PDFium. Credit to\n> Anonymous\n> - \\[630654\\] High CVE-2016-5184: Use after free in PDFium. Credit to\n> Anonymous\n> - \\[621360\\] High CVE-2016-5185: Use after free in Blink. Credit to\n> cloudfuzzer\n> - \\[639702\\] High CVE-2016-5187: URL spoofing. Credit to Luan Herrera\n> - \\[565760\\] Medium CVE-2016-5188: UI spoofing. Credit to Luan Herrera\n> - \\[633885\\] Medium CVE-2016-5192: Cross-origin bypass in Blink.\n> Credit to haojunhou@gmail.com\n> - \\[646278\\] Medium CVE-2016-5189: URL spoofing. Credit to xisigr of\n> Tencent\\'s Xuanwu Lab\n> - \\[644963\\] Medium CVE-2016-5186: Out of bounds read in DevTools.\n> Credit to Abdulrahman Alqabandi (@qab)\n> - \\[639126\\] Medium CVE-2016-5191: Universal XSS in Bookmarks. Credit\n> to Gareth Hughes\n> - \\[642067\\] Medium CVE-2016-5190: Use after free in Internals. Credit\n> to Atte Kettunen of OUSPG\n> - \\[639658\\] Low CVE-2016-5193: Scheme bypass. Credit to Yuyang ZHOU\n> (martinzhou96)\n> - \\[654782\\] CVE-2016-5194: Various fixes from internal audits,\n> fuzzing and other initiatives\n", "id": "FreeBSD-2016-0417", "modified": "2016-10-31T00:00:00Z", "published": "2016-10-31T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://googlechromereleases.blogspot.nl/2016/10/stable-channel-update-for-desktop.html" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2016-5181" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2016-5182" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2016-5183" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2016-5184" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2016-5185" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2016-5186" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2016-5187" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2016-5188" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2016-5189" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2016-5190" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2016-5191" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2016-5192" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2016-5193" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2016-5194" }, { "type": "WEB", "url": "https://googlechromereleases.blogspot.nl/2016/10/stable-channel-update-for-desktop.html" } ], "schema_version": "1.7.0", "summary": "chromium -- multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "chromium" }, "ranges": [ { "events": [ { "fixed": "53.0.2785.143" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "chromium-npapi" }, "ranges": [ { "events": [ { "fixed": "53.0.2785.143" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "chromium-pulse" }, "ranges": [ { "events": [ { "fixed": "53.0.2785.143" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://googlechromereleases.blogspot.nl/2016/09/stable-channel-update-for-desktop_29.html" ], "discovery": "2016-09-29T00:00:00Z", "references": { "cvename": [ "CVE-2016-5177", "CVE-2016-5178" ] }, "vid": "9c135c7e-9fa4-11e6-a265-3065ec8fd3ec" }, "details": "Google Chrome Releases reports:\n\n> 3 security fixes in this release, including:\n>\n> - \\[642496\\] High CVE-2016-5177: Use after free in V8. Credit to\n> Anonymous\n> - \\[651092\\] CVE-2016-5178: Various fixes from internal audits,\n> fuzzing and other initiatives.\n", "id": "FreeBSD-2016-0416", "modified": "2016-10-31T00:00:00Z", "published": "2016-10-31T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://googlechromereleases.blogspot.nl/2016/09/stable-channel-update-for-desktop_29.html" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2016-5177" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2016-5178" }, { "type": "WEB", "url": "https://googlechromereleases.blogspot.nl/2016/09/stable-channel-update-for-desktop_29.html" } ], "schema_version": "1.7.0", "summary": "chromium -- multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "openssh-portable" }, "ranges": [ { "events": [ { "fixed": "7.3p1_1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "FreeBSD" }, "ranges": [ { "events": [ { "introduced": "11.0" }, { "fixed": "11.0_3" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "10.3" }, { "fixed": "10.3_12" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "discovery": "2016-10-19T00:00:00Z", "references": { "cvename": [ "CVE-2016-8858" ], "freebsdsa": [ "SA-16:33.openssh" ] }, "vid": "6a2cfcdc-9dea-11e6-a298-14dae9d210b8" }, "details": "# Problem Description:\n\nWhen processing the SSH_MSG_KEXINIT message, the server could allocate\nup to a few hundreds of megabytes of memory per each connection, before\nany authentication take place.\n\n# Impact:\n\nA remote attacker may be able to cause a SSH server to allocate an\nexcessive amount of memory. Note that the default MaxStartups setting on\nFreeBSD will limit the effectiveness of this attack.\n", "id": "FreeBSD-2016-0415", "modified": "2016-11-02T00:00:00Z", "published": "2016-10-29T00:00:00Z", "references": [ { "type": "WEB", "url": "http://seclists.org/oss-sec/2016/q4/191" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2016-8858" }, { "type": "ADVISORY", "url": "https://www.freebsd.org/security/advisories/FreeBSD-SA-16:33.openssh.asc" } ], "schema_version": "1.7.0", "summary": "FreeBSD -- OpenSSH Remote Denial of Service vulnerability" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "sudo" }, "ranges": [ { "events": [ { "introduced": "1.6.8" }, { "fixed": "1.8.18p1" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://www.sudo.ws/alerts/noexec_wordexp.html" ], "discovery": "2016-10-28T00:00:00Z", "references": { "cvename": [ "CVE-2016-7076" ] }, "vid": "2e4fbc9a-9d23-11e6-a298-14dae9d210b8" }, "details": "Todd C. Miller reports:\n\n> A flaw exists in sudo\\'s noexec functionality that may allow a user\n> with sudo privileges to run additional commands even when the NOEXEC\n> tag has been applied to a command that uses the wordexp() function.\n", "id": "FreeBSD-2016-0414", "modified": "2016-10-28T00:00:00Z", "published": "2016-10-28T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://www.sudo.ws/alerts/noexec_wordexp.html" }, { "type": "WEB", "url": "https://www.sudo.ws/alerts/noexec_wordexp.html" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2016-7076" } ], "schema_version": "1.7.0", "summary": "sudo -- Potential bypass of sudo_noexec.so via wordexp()" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "axis2" }, "ranges": [ { "events": [ { "fixed": "1.7.4" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "http://axis.apache.org/axis2/java/core/release-notes/1.7.4.html" ], "discovery": "2012-12-06T00:00:00Z", "references": { "cvename": [ "CVE-2012-6153", "CVE-2014-3577" ] }, "vid": "ac18046c-9b08-11e6-8011-005056925db4" }, "details": "Apache Axis2 reports:\n\n> Apache Axis2 1.7.4 is a maintenance release that includes fixes for\n> several issues, including the following security issues: Session\n> fixation (AXIS2-4739) and XSS (AXIS2-5683) vulnerabilities affecting\n> the admin console. A dependency on an Apache HttpClient version\n> affected by known security vulnerabilities (CVE-2012-6153 and\n> CVE-2014-3577); see AXIS2-5757.\n", "id": "FreeBSD-2016-0413", "modified": "2016-10-28T00:00:00Z", "published": "2016-10-28T00:00:00Z", "references": [ { "type": "REPORT", "url": "http://axis.apache.org/axis2/java/core/release-notes/1.7.4.html" }, { "type": "WEB", "url": "http://axis.apache.org/axis2/java/core/release-notes/1.7.4.html" }, { "type": "WEB", "url": "https://issues.apache.org/jira/browse/AXIS2-4739" }, { "type": "WEB", "url": "https://issues.apache.org/jira/browse/AXIS2-5683" }, { "type": "WEB", "url": "https://issues.apache.org/jira/browse/AXIS2-5757" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2012-6153" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2014-3577" } ], "schema_version": "1.7.0", "summary": "Axis2 -- Security vulnerabilities on dependency Apache HttpClient" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "node010" }, "ranges": [ { "events": [ { "fixed": "0.10.48" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "node012" }, "ranges": [ { "events": [ { "fixed": "0.12.17" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "node4" }, "ranges": [ { "events": [ { "fixed": "4.6.1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://nodejs.org/en/blog/vulnerability/october-2016-security-releases/" ], "discovery": "2016-10-18T00:00:00Z", "references": { "cvename": [ "CVE-2016-5180" ], "freebsdpr": [ "ports/213800" ] }, "vid": "28bb6ee5-9b5c-11e6-b799-19bef72f4b7c" }, "details": "Node.js has released new versions containing the following security fix:\n\n> The following releases all contain fixes for CVE-2016-5180\n> \\\"ares_create_query single byte out of buffer write\\\": Node.js\n> v0.10.48 (Maintenance), Node.js v0.12.17 (Maintenance), Node.js v4.6.1\n> (LTS \\\"Argon\\\")\n>\n> While this is not a critical update, all users of these release lines\n> should upgrade at their earliest convenience.\n", "id": "FreeBSD-2016-0412", "modified": "2016-10-26T00:00:00Z", "published": "2016-10-26T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://nodejs.org/en/blog/vulnerability/october-2016-security-releases/" }, { "type": "WEB", "url": "https://nodejs.org/en/blog/vulnerability/october-2016-security-releases/" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2016-5180" }, { "type": "REPORT", "url": "https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=213800" } ], "schema_version": "1.7.0", "summary": "node.js -- ares_create_query single byte out of buffer write" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "node" }, "ranges": [ { "events": [ { "introduced": "6.0.0" }, { "fixed": "6.9.0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://nodejs.org/en/blog/vulnerability/october-2016-security-releases/" ], "discovery": "2016-10-18T00:00:00Z", "references": { "cvename": [ "CVE-2016-5172" ] }, "vid": "27180c99-9b5c-11e6-b799-19bef72f4b7c" }, "details": "Node.js v6.9.0 LTS contains the following security fixes, specific to\nv6.x:\n\n> Disable auto-loading of openssl.cnf: Don\\'t automatically attempt to\n> load an OpenSSL configuration file, from the OPENSSL_CONF environment\n> variable or from the default location for the current platform. Always\n> triggering a configuration file load attempt may allow an attacker to\n> load compromised OpenSSL configuration into a Node.js process if they\n> are able to place a file in a default location.\n>\n> Patched V8 arbitrary memory read (CVE-2016-5172): The V8 parser\n> mishandled scopes, potentially allowing an attacker to obtain\n> sensitive information from arbitrary memory locations via crafted\n> JavaScript code. This vulnerability would require an attacker to be\n> able to execute arbitrary JavaScript code in a Node.js process.\n>\n> Create a unique v8_inspector WebSocket address: Generate a UUID for\n> each execution of the inspector. This provides additional security to\n> prevent unauthorized clients from connecting to the Node.js process\n> via the v8_inspector port when running with \\--inspect. Since the\n> debugging protocol allows extensive access to the internals of a\n> running process, and the execution of arbitrary code, it is important\n> to limit connections to authorized tools only. Note that the\n> v8_inspector protocol in Node.js is still considered an experimental\n> feature. Vulnerability originally reported by Jann Horn.\n>\n> All of these vulnerabilities are considered low-severity for Node.js\n> users, however, users of Node.js v6.x should upgrade at their earliest\n> convenience.\n", "id": "FreeBSD-2016-0411", "modified": "2016-10-28T00:00:00Z", "published": "2016-10-28T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://nodejs.org/en/blog/vulnerability/october-2016-security-releases/" }, { "type": "WEB", "url": "https://nodejs.org/en/blog/vulnerability/october-2016-security-releases/" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2016-5172" } ], "schema_version": "1.7.0", "summary": "node.js -- multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "py-urllib3" }, "ranges": [ { "events": [ { "fixed": "1.18" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://github.com/shazow/urllib3/blob/1.18.1/CHANGES.rst" ], "discovery": "2016-10-27T00:00:00Z", "references": { "cvename": [ "CVE-2016-9015" ] }, "vid": "c5c6e293-9cc7-11e6-823f-b8aeed92ecc4" }, "details": "urllib3 reports:\n\n> CVE-2016-9015: Certification verification failure\n", "id": "FreeBSD-2016-0410", "modified": "2016-10-28T00:00:00Z", "published": "2016-10-28T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://github.com/shazow/urllib3/blob/1.18.1/CHANGES.rst" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2016-9015" }, { "type": "WEB", "url": "https://github.com/shazow/urllib3/blob/1.18.1/CHANGES.rst" } ], "schema_version": "1.7.0", "summary": "urllib3 -- certificate verification failure" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "linux-f10-flashplugin" }, "ranges": [ { "events": [ { "fixed": "11.2r202.643" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "linux-c6-flashplugin" }, "ranges": [ { "events": [ { "fixed": "11.2r202.643" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "linux-c7-flashplugin" }, "ranges": [ { "events": [ { "fixed": "11.2r202.643" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://helpx.adobe.com/security/products/flash-player/apsb16-36.html" ], "discovery": "2016-10-26T00:00:00Z", "references": { "cvename": [ "CVE-2016-7855" ] }, "vid": "de6d01d5-9c44-11e6-ba67-0011d823eebd" }, "details": "Adobe reports:\n\n> Adobe has released security updates for Adobe Flash Player for\n> Windows, Macintosh, Linux and Chrome OS. These updates address a\n> critical vulnerability that could potentially allow an attacker to\n> take control of the affected system.\n>\n> Adobe is aware of a report that an exploit for CVE-2016-7855 exists in\n> the wild, and is being used in limited, targeted attacks against users\n> running Windows versions 7, 8.1 and 10.\n", "id": "FreeBSD-2016-0409", "modified": "2016-10-27T00:00:00Z", "published": "2016-10-27T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://helpx.adobe.com/security/products/flash-player/apsb16-36.html" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2016-7855" }, { "type": "WEB", "url": "https://helpx.adobe.com/security/products/flash-player/apsb16-36.html" } ], "schema_version": "1.7.0", "summary": "flash -- remote code execution" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:kernel", "name": "FreeBSD-kernel" }, "ranges": [ { "events": [ { "introduced": "11.0" }, { "fixed": "11.0_2" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "discovery": "2016-10-25T00:00:00Z", "references": { "freebsdsa": [ "SA-16:32.bhyve" ] }, "vid": "a479a725-9adb-11e6-a298-14dae9d210b8" }, "details": "# Problem Description:\n\nAn unchecked array reference in the VGA device emulation code could\npotentially allow guests access to the heap of the bhyve process. Since\nthe bhyve process is running as root, this may allow guests to obtain\nfull control of the hosts they are running on.\n\n# Impact:\n\nFor bhyve virtual machines with the \\\"fbuf\\\" framebuffer device\nconfigured, if exploited, a malicious guest could obtain full access to\nnot just the host system, but to other virtual machines running on the\nsystem.\n", "id": "FreeBSD-2016-0408", "modified": "2016-10-25T00:00:00Z", "published": "2016-10-25T00:00:00Z", "references": [ { "type": "ADVISORY", "url": "https://www.freebsd.org/security/advisories/FreeBSD-SA-16:32.bhyve.asc" } ], "schema_version": "1.7.0", "summary": "FreeBSD -- bhyve - privilege escalation vulnerability" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "linux-c6-flashplugin" }, "ranges": [ { "events": [ { "fixed": "11.2r202.637" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "linux-c6_64-flashplugin" }, "ranges": [ { "events": [ { "fixed": "11.2r202.637" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "linux-c7-flashplugin" }, "ranges": [ { "events": [ { "fixed": "11.2r202.637" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "linux-f10-flashplugin" }, "ranges": [ { "events": [ { "fixed": "11.2r202.637" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://helpx.adobe.com/security/products/flash-player/apsb16-32.html" ], "discovery": "2016-10-11T00:00:00Z", "references": { "cvename": [ "CVE-2016-4273", "CVE-2016-4286", "CVE-2016-6981", "CVE-2016-6982", "CVE-2016-6983", "CVE-2016-6984", "CVE-2016-6985", "CVE-2016-6986", "CVE-2016-6987", "CVE-2016-6989", "CVE-2016-6990", "CVE-2016-6992" ] }, "vid": "2482c798-93c6-11e6-846f-bc5ff4fb5ea1" }, "details": "Adobe reports:\n\n> Adobe has released security updates for Adobe Flash Player for\n> Windows, Macintosh, Linux and ChromeOS. These updates address critical\n> vulnerabilities that could potentially allow an attacker to take\n> control of the affected system.\n>\n> These updates resolve a type confusion vulnerability that could lead\n> to code execution (CVE-2016-6992).\n>\n> These updates resolve use-after-free vulnerabilities that could lead\n> to code execution (CVE-2016-6981, CVE-2016-6987).\n>\n> These updates resolve a security bypass vulnerability (CVE-2016-4286).\n>\n> These updates resolve memory corruption vulnerabilities that could\n> lead to code execution (CVE-2016-4273, CVE-2016-6982, CVE-2016-6983,\n> CVE-2016-6984, CVE-2016-6985, CVE-2016-6986, CVE-2016-6989,\n> CVE-2016-6990).\n", "id": "FreeBSD-2016-0407", "modified": "2016-10-24T00:00:00Z", "published": "2016-10-24T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://helpx.adobe.com/security/products/flash-player/apsb16-32.html" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2016-4273" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2016-4286" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2016-6981" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2016-6982" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2016-6983" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2016-6984" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2016-6985" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2016-6986" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2016-6987" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2016-6989" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2016-6990" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2016-6992" }, { "type": "WEB", "url": "https://helpx.adobe.com/security/products/flash-player/apsb16-32.html" } ], "schema_version": "1.7.0", "summary": "flash -- multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "firefox" }, "ranges": [ { "events": [ { "fixed": "49.0.2,1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://www.mozilla.org/en-US/security/advisories/mfsa2016-87/" ], "discovery": "2016-10-20T00:00:00Z", "references": { "cvename": [ "CVE-2016-5287", "CVE-2016-5288" ] }, "vid": "aaa9f3db-13b5-4a0e-9ed7-e5ab287098fa" }, "details": "Mozilla Foundation reports:\n\n> CVE-2016-5287: Crash in nsTArray_base\\::SwapArrayElements\n>\n> CVE-2016-5288: Web content can read cache entries\n", "id": "FreeBSD-2016-0406", "modified": "2016-10-21T00:00:00Z", "published": "2016-10-21T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2016-87/" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2016-5287" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2016-5288" }, { "type": "WEB", "url": "https://www.mozilla.org/security/advisories/mfsa2016-87/" } ], "schema_version": "1.7.0", "summary": "mozilla -- multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "axis2" }, "ranges": [ { "events": [ { "fixed": "1.7.3" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "http://axis.apache.org/axis2/java/core/release-notes/1.7.3.html" ], "discovery": "2010-10-18T00:00:00Z", "references": { "cvename": [ "CVE-2010-3981" ], "freebsdpr": [ "ports/213546" ] }, "vid": "0baadc45-92d0-11e6-8011-005056925db4" }, "details": "Apache Axis2 reports:\n\n> Apache Axis2 1.7.3 is a security release that contains a fix for\n> CVE-2010-3981. That security vulnerability affects the admin console\n> that is part of the Axis2 Web application and was originally reported\n> for SAP BusinessObjects (which includes a version of Axis2). That\n> report didn't mention Axis2 at all and the Axis2 project only recently\n> became aware (thanks to Devesh Bhatt and Nishant Agarwala) that the\n> issue affects Apache Axis2 as well.\n", "id": "FreeBSD-2016-0405", "modified": "2016-10-18T00:00:00Z", "published": "2016-10-18T00:00:00Z", "references": [ { "type": "REPORT", "url": "http://axis.apache.org/axis2/java/core/release-notes/1.7.3.html" }, { "type": "WEB", "url": "http://axis.apache.org/axis2/java/core/release-notes/1.7.3.html" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2010-3981" }, { "type": "REPORT", "url": "https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=213546" } ], "schema_version": "1.7.0", "summary": "Axis2 -- Cross-site scripting (XSS) vulnerability" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "tor" }, "ranges": [ { "events": [ { "fixed": "0.2.8.9" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "tor-devel" }, "ranges": [ { "events": [ { "fixed": "0.2.9.4-alpha" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://blog.torproject.org/blog/tor-0289-released-important-fixes" ], "discovery": "2016-10-17T00:00:00Z", "vid": "c1dc55dc-9556-11e6-b154-3065ec8fd3ec" }, "details": "The Tor Blog reports:\n\n> Prevent a class of security bugs caused by treating the contents of a\n> buffer chunk as if they were a NUL-terminated string. At least one\n> such bug seems to be present in all currently used versions of Tor,\n> and would allow an attacker to remotely crash most Tor instances,\n> especially those compiled with extra compiler hardening. With this\n> defense in place, such bugs can\\'t crash Tor, though we should still\n> fix them as they occur. Closes ticket 20384 (TROVE-2016-10-001).\n", "id": "FreeBSD-2016-0404", "modified": "2016-10-18T00:00:00Z", "published": "2016-10-18T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://blog.torproject.org/blog/tor-0289-released-important-fixes" }, { "type": "WEB", "url": "https://blog.torproject.org/blog/tor-0289-released-important-fixes" } ], "schema_version": "1.7.0", "summary": "Tor -- remote denial of service" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "rubygem-actionview" }, "ranges": [ { "events": [ { "introduced": "3.0.0,1" }, { "fixed": "4.2.7.1" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://groups.google.com/forum/#!topic/ruby-security-ann/8B2iV2tPRSE" ], "discovery": "2016-08-11T00:00:00Z", "references": { "cvename": [ "CVE-2016-6316" ] }, "vid": "43f1c867-654a-11e6-8286-00248c0c745d" }, "details": "Ruby Security team reports:\n\n> There is a possible XSS vulnerability in Action View. Text declared as\n> \\\"HTML safe\\\" will not have quotes escaped when used as attribute\n> values in tag helpers. This vulnerability has been assigned the CVE\n> identifier CVE-2016-6316.\n", "id": "FreeBSD-2016-0403", "modified": "2016-08-18T00:00:00Z", "published": "2016-08-18T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://groups.google.com/forum/#!topic/ruby-security-ann/8B2iV2tPRSE" }, { "type": "WEB", "url": "https://groups.google.com/forum/#!topic/ruby-security-ann/8B2iV2tPRSE" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2016-6316" } ], "schema_version": "1.7.0", "summary": "Rails 4 -- Possible XSS Vulnerability in Action View" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "rubygem-activerecord4" }, "ranges": [ { "events": [ { "introduced": "4.2.0,1" }, { "fixed": "4.2.7.1" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://groups.google.com/forum/#!topic/ruby-security-ann/WccgKSKiPZA" ], "discovery": "2016-08-11T00:00:00Z", "references": { "cvename": [ "CVE-2016-6317" ] }, "vid": "7e61cf44-6549-11e6-8286-00248c0c745d" }, "details": "Ruby Security team reports:\n\n> There is a vulnerability when Active Record is used in conjunction\n> with JSON parameter parsing. This vulnerability has been assigned the\n> CVE identifier CVE-2016-6317. This vulnerability is similar to\n> CVE-2012-2660, CVE-2012-2694 and CVE-2013-0155.\n", "id": "FreeBSD-2016-0402", "modified": "2016-08-18T00:00:00Z", "published": "2016-08-18T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://groups.google.com/forum/#!topic/ruby-security-ann/WccgKSKiPZA" }, { "type": "WEB", "url": "https://groups.google.com/forum/#!topic/ruby-security-ann/WccgKSKiPZA" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2016-6317" } ], "schema_version": "1.7.0", "summary": "Rails 4 -- Unsafe Query Generation Risk in Active Record" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "php70" }, "ranges": [ { "events": [ { "fixed": "7.0.11" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "http://php.net/ChangeLog-7.php#7.0.11" ], "discovery": "2016-09-15T00:00:00Z", "references": { "cvename": [ "CVE-2016-7416", "CVE-2016-7412", "CVE-2016-7414", "CVE-2016-7417", "CVE-2016-7413", "CVE-2016-7418" ] }, "vid": "f471032a-8700-11e6-8d93-00248c0c745d" }, "details": "PHP reports:\n\n> - Fixed bug #73007 (add locale length check)\n>\n> - Fixed bug #72293 (Heap overflow in mysqlnd related to BIT fields)\n>\n> - Fixed bug #72928 (Out of bound when verify signature of zip phar in\n> phar_parse_zipfile)\n>\n> - Fixed bug #73029 (Missing type check when unserializing SplArray)\n>\n> - Fixed bug #73052 (Memory Corruption in During Deserialized-object\n> Destruction)\n>\n> - Fixed bug #72860 (wddx_deserialize use-after-free)\n>\n> - Fixed bug #73065 (Out-Of-Bounds Read in php_wddx_push_element)\n", "id": "FreeBSD-2016-0401", "modified": "2016-09-30T00:00:00Z", "published": "2016-09-30T00:00:00Z", "references": [ { "type": "REPORT", "url": "http://php.net/ChangeLog-7.php#7.0.11" }, { "type": "WEB", "url": "http://php.net/ChangeLog-7.php#7.0.11" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2016-7416" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2016-7412" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2016-7414" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2016-7417" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2016-7413" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2016-7418" } ], "schema_version": "1.7.0", "summary": "PHP -- multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "php56" }, "ranges": [ { "events": [ { "fixed": "5.6.26" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "http://php.net/ChangeLog-5.php#5.6.26" ], "discovery": "2016-09-16T00:00:00Z", "references": { "cvename": [ "CVE-2016-7416", "CVE-2016-7412", "CVE-2016-7414", "CVE-2016-7417", "CVE-2016-7411", "CVE-2016-7413", "CVE-2016-7418" ] }, "vid": "8d5180a6-86fe-11e6-8d93-00248c0c745d" }, "details": "PHP reports:\n\n> - Fixed bug #73007 (add locale length check)\n>\n> - Fixed bug #72293 (Heap overflow in mysqlnd related to BIT fields)\n>\n> - Fixed bug #72928 (Out of bound when verify signature of zip phar in\n> phar_parse_zipfile)\n>\n> - Fixed bug #73029 (Missing type check when unserializing SplArray)\n>\n> - Fixed bug #73052 (Memory Corruption in During Deserialized-object\n> Destruction)\n>\n> - Fixed bug #72860 (wddx_deserialize use-after-free)\n>\n> - Fixed bug #73065 (Out-Of-Bounds Read in php_wddx_push_element)\n", "id": "FreeBSD-2016-0400", "modified": "2016-09-30T00:00:00Z", "published": "2016-09-30T00:00:00Z", "references": [ { "type": "REPORT", "url": "http://php.net/ChangeLog-5.php#5.6.26" }, { "type": "WEB", "url": "http://php.net/ChangeLog-5.php#5.6.26" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2016-7416" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2016-7412" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2016-7414" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2016-7417" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2016-7411" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2016-7413" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2016-7418" } ], "schema_version": "1.7.0", "summary": "PHP -- multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "file-roller" }, "ranges": [ { "events": [ { "introduced": "3.5.4,1" }, { "fixed": "3.20.2,1" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "http://www.openwall.com/lists/oss-security/2016/09/08/4" ], "discovery": "2016-09-08T00:00:00Z", "references": { "cvename": [ "CVE-2016-7162" ], "freebsdpr": [ "ports/213199" ] }, "vid": "ad479f89-9020-11e6-a590-14dae9d210b8" }, "details": "reports:\n\n> File Roller 3.5.4 through 3.20.2 was affected by a path traversal bug\n> that could result in deleted files if a user were tricked into opening\n> a malicious archive.\n", "id": "FreeBSD-2016-0399", "modified": "2016-10-18T00:00:00Z", "published": "2016-10-12T00:00:00Z", "references": [ { "type": "REPORT", "url": "http://www.openwall.com/lists/oss-security/2016/09/08/4" }, { "type": "WEB", "url": "http://www.openwall.com/lists/oss-security/2016/09/08/4" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2016-7162" }, { "type": "REPORT", "url": "https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=213199" } ], "schema_version": "1.7.0", "summary": "file-roller -- path traversal vulnerability" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "virtualbox-ose" }, "ranges": [ { "events": [ { "introduced": "5.0" }, { "fixed": "5.0.8" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "4.3" }, { "fixed": "4.3.32" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "4.2" }, { "fixed": "4.2.34" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "4.1" }, { "fixed": "4.1.42" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "4.0" }, { "fixed": "4.0.34" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html" ], "discovery": "2015-10-01T00:00:00Z", "references": { "cvename": [ "CVE-2015-4813", "CVE-2015-4896" ], "freebsdpr": [ "ports/204406" ] }, "vid": "7d40edd1-901e-11e6-a590-14dae9d210b8" }, "details": "Oracle reports reports:\n\n> Unspecified vulnerability in the Oracle VM VirtualBox component in\n> Oracle Virtualization VirtualBox prior to 4.0.34, 4.1.42, 4.2.34,\n> 4.3.32, and 5.0.8, when using a Windows guest, allows local users to\n> affect availability via unknown vectors related to Core.\n>\n> Unspecified vulnerability in the Oracle VM VirtualBox component in\n> Oracle Virtualization VirtualBox before 4.0.34, 4.1.42, 4.2.34,\n> 4.3.32, and 5.0.8, when a VM has the Remote Display feature (RDP)\n> enabled, allows remote attackers to affect availability via unknown\n> vectors related to Core.\n", "id": "FreeBSD-2016-0398", "modified": "2016-10-18T00:00:00Z", "published": "2016-10-12T00:00:00Z", "references": [ { "type": "REPORT", "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html" }, { "type": "WEB", "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2015-4813" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2015-4896" }, { "type": "REPORT", "url": "https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=204406" } ], "schema_version": "1.7.0", "summary": "VirtualBox -- undisclosed vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "ImageMagick" }, "ranges": [ { "events": [ { "fixed": "6.9.5.10,1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "ImageMagick-nox11" }, "ranges": [ { "events": [ { "fixed": "6.9.5.10,1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://www.debian.org/security/2016/dsa-3675" ], "discovery": "2016-09-23T00:00:00Z", "references": { "freebsdpr": [ "ports/213032" ] }, "vid": "10f7f782-901c-11e6-a590-14dae9d210b8" }, "details": "Debian reports:\n\n> Various memory handling problems and cases of missing or incomplete\n> input sanitizing may result in denial of service or the execution of\n> arbitrary code if malformed SIXEL, PDB, MAP, SGI, TIFF and CALS files\n> are processed.\n", "id": "FreeBSD-2016-0397", "modified": "2016-10-18T00:00:00Z", "published": "2016-10-12T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://www.debian.org/security/2016/dsa-3675" }, { "type": "ADVISORY", "url": "https://www.debian.org/security/2016/dsa-3675" }, { "type": "REPORT", "url": "https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=213032" } ], "schema_version": "1.7.0", "summary": "ImageMagick -- multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "gd" }, "ranges": [ { "events": [ { "last_affected": "2.2.3" }, { "fixed": "2.2.3" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "php70-gd" }, "ranges": [ { "events": [ { "last_affected": "7.0.11" }, { "fixed": "7.0.11" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "php56-gd" }, "ranges": [ { "events": [ { "last_affected": "5.6.26" }, { "fixed": "5.6.26" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://github.com/libgd/libgd/issues/308" ], "discovery": "2016-09-02T00:00:00Z", "references": { "freebsdpr": [ "ports/213023" ] }, "vid": "2a526c78-84ab-11e6-a4a1-60a44ce6887b" }, "details": "LibGD reports:\n\n> An integer overflow issue was found in function gdImageWebpCtx of file\n> gd_webp.c which could lead to heap buffer overflow.\n", "id": "FreeBSD-2016-0396", "modified": "2016-10-18T00:00:00Z", "published": "2016-10-11T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://github.com/libgd/libgd/issues/308" }, { "type": "WEB", "url": "https://github.com/libgd/libgd/issues/308" }, { "type": "WEB", "url": "https://bugs.php.net/bug.php?id=73003" }, { "type": "REPORT", "url": "https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=213023" } ], "schema_version": "1.7.0", "summary": "libgd -- integer overflow which could lead to heap buffer overflow" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "libvncserver" }, "ranges": [ { "events": [ { "fixed": "0.9.10" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "http://seclists.org/oss-sec/2014/q3/639" ], "discovery": "2014-09-23T00:00:00Z", "references": { "cvename": [ "CVE-2014-6051", "CVE-2014-6052", "CVE-2014-6053", "CVE-2014-6054", "CVE-2014-6055" ], "freebsdpr": [ "ports/212380" ] }, "vid": "cb3f036d-8c7f-11e6-924a-60a44ce6887b" }, "details": "Nicolas Ruff reports:\n\n> Integer overflow in MallocFrameBuffer() on client side.\n>\n> Lack of malloc() return value checking on client side.\n>\n> Server crash on a very large ClientCutText message.\n>\n> Server crash when scaling factor is set to zero.\n>\n> Multiple stack overflows in File Transfer feature.\n", "id": "FreeBSD-2016-0395", "modified": "2016-10-18T00:00:00Z", "published": "2016-10-11T00:00:00Z", "references": [ { "type": "REPORT", "url": "http://seclists.org/oss-sec/2014/q3/639" }, { "type": "WEB", "url": "http://seclists.org/oss-sec/2014/q3/639" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2014-6051" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2014-6052" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2014-6053" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2014-6054" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2014-6055" }, { "type": "REPORT", "url": "https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=212380" } ], "schema_version": "1.7.0", "summary": "libvncserver -- multiple security vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "apache-openoffice" }, "ranges": [ { "events": [ { "fixed": "4.1.1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "apache-openoffice-devel" }, "ranges": [ { "events": [ { "fixed": "4.1.1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "http://www.openoffice.org/security/cves/CVE-2014-3575.html" ], "discovery": "2014-08-21T00:00:00Z", "references": { "cvename": [ "CVE-2014-3575" ], "freebsdpr": [ "ports/212379" ] }, "vid": "ab947396-9018-11e6-a590-14dae9d210b8" }, "details": "Apache reports:\n\n> The exposure exploits the way OLE previews are generated to embed\n> arbitrary file data into a specially crafted document when it is\n> opened. Data exposure is possible if the updated document is\n> distributed to other parties.\n", "id": "FreeBSD-2016-0394", "modified": "2016-10-18T00:00:00Z", "published": "2016-10-12T00:00:00Z", "references": [ { "type": "REPORT", "url": "http://www.openoffice.org/security/cves/CVE-2014-3575.html" }, { "type": "WEB", "url": "http://www.openoffice.org/security/cves/CVE-2014-3575.html" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2014-3575" }, { "type": "REPORT", "url": "https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=212379" } ], "schema_version": "1.7.0", "summary": "openoffice -- information disclosure vulnerability" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "mupdf" }, "ranges": [ { "events": [ { "fixed": "1.9a_1,1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "llpp" }, "ranges": [ { "events": [ { "fixed": "22_2" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "zathura-pdf-mupdf" }, "ranges": [ { "events": [ { "fixed": "0.3.0_2" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "http://openbsd-archive.7691.n7.nabble.com/mupdf-CVE-2016-6525-amp-CVE-2016-6265-td302904.html" ], "discovery": "2016-08-27T00:00:00Z", "references": { "cvename": [ "CVE-2016-6525", "CVE-2016-6265" ], "freebsdpr": [ "ports/212207" ] }, "vid": "47157c14-9013-11e6-a590-14dae9d210b8" }, "details": "Tobias Kortkamp reports:\n\n> Heap-based buffer overflow in the pdf_load_mesh_params function in\n> pdf/pdf-shade.c in MuPDF allows remote attackers to cause a denial of\n> service (crash) or execute arbitrary code via a large decode array.\n>\n> Use-after-free vulnerability in the pdf_load_xref function in\n> pdf/pdf-xref.c in MuPDF allows remote attackers to cause a denial of\n> service (crash) via a crafted PDF file.\n", "id": "FreeBSD-2016-0393", "modified": "2016-10-18T00:00:00Z", "published": "2016-10-12T00:00:00Z", "references": [ { "type": "REPORT", "url": "http://openbsd-archive.7691.n7.nabble.com/mupdf-CVE-2016-6525-amp-CVE-2016-6265-td302904.html" }, { "type": "WEB", "url": "http://openbsd-archive.7691.n7.nabble.com/mupdf-CVE-2016-6525-amp-CVE-2016-6265-td302904.html" }, { "type": "WEB", "url": "http://bugs.ghostscript.com/show_bug.cgi?id=696941" }, { "type": "WEB", "url": "http://bugs.ghostscript.com/show_bug.cgi?id=696954" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2016-6525" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2016-6265" }, { "type": "REPORT", "url": "https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=212207" } ], "schema_version": "1.7.0", "summary": "mupdf -- multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "openjpeg" }, "ranges": [ { "events": [ { "fixed": "2.1.1_1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "http://www.openwall.com/lists/oss-security/2016/09/08/2" ], "discovery": "2016-09-08T00:00:00Z", "references": { "cvename": [ "CVE-2016-5157", "CVE-2016-7163" ] }, "vid": "b7d56d0b-7a11-11e6-af78-589cfc0654e1" }, "details": "Tencent\\'s Xuanwu LAB reports:\n\n> A Heap Buffer Overflow (Out-of-Bounds Write) issue was found in\n> function opj_dwt_interleave_v of dwt.c. This vulnerability allows\n> remote attackers to execute arbitrary code on vulnerable installations\n> of OpenJPEG.\n>\n> An integer overflow issue exists in function opj_pi_create_decode of\n> pi.c. It can lead to Out-Of-Bounds Read and Out-Of-Bounds Write in\n> function opj_pi_next_cprl of pi.c (function opj_pi_next_lrcp,\n> opj_pi_next_rlcp, opj_pi_next_rpcl, opj_pi_next_pcrl may also be\n> vulnerable). This vulnerability allows remote attackers to execute\n> arbitrary code on vulnerable installations of OpenJPEG.\n", "id": "FreeBSD-2016-0392", "modified": "2016-10-11T00:00:00Z", "published": "2016-10-11T00:00:00Z", "references": [ { "type": "REPORT", "url": "http://www.openwall.com/lists/oss-security/2016/09/08/2" }, { "type": "WEB", "url": "\"http://www.openwall.com/lists/oss-security/2016/09/08/2\"" }, { "type": "WEB", "url": "\"http://www.openwall.com/lists/oss-security/2016/09/08/3\"" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2016-5157" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2016-7163" } ], "schema_version": "1.7.0", "summary": "openjpeg -- multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "redis" }, "ranges": [ { "events": [ { "fixed": "3.2.3" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "redis-devel" }, "ranges": [ { "events": [ { "fixed": "3.2.3" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://github.com/antirez/redis/pull/1418" ], "discovery": "2013-11-30T00:00:00Z", "references": { "cvename": [ "CVE-2013-7458" ] }, "vid": "fa175f30-8c75-11e6-924a-60a44ce6887b" }, "details": "Redis team reports:\n\n> The redis-cli history file (in linenoise) is created with the default\n> OS umask value which makes it world readable in most systems and could\n> potentially expose authentication credentials to other users.\n", "id": "FreeBSD-2016-0391", "modified": "2016-10-11T00:00:00Z", "published": "2016-10-11T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://github.com/antirez/redis/pull/1418" }, { "type": "WEB", "url": "https://github.com/antirez/redis/pull/1418" }, { "type": "WEB", "url": "https://github.com/antirez/redis/issues/3284" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2013-7458" } ], "schema_version": "1.7.0", "summary": "redis -- sensitive information leak through command history file" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "FreeBSD" }, "ranges": [ { "events": [ { "introduced": "11.0" }, { "fixed": "11.0_1" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "10.3" }, { "fixed": "10.3_10" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "10.2" }, { "fixed": "10.2_23" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "10.1" }, { "fixed": "10.1_40" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "discovery": "2016-10-05T00:00:00Z", "references": { "freebsdsa": [ "SA-16:31.libarchive" ] }, "vid": "1a71a972-8ee7-11e6-a590-14dae9d210b8" }, "details": "# Problem Description:\n\nFlaws in libarchive\\'s handling of symlinks and hard links allow\noverwriting files outside the extraction directory, or permission\nchanges to a directory outside the extraction directory.\n\n# Impact:\n\nAn attacker who can control freebsd-update\\'s or portsnap\\'s input to\ntar(1) can change file content or permissions on files outside of the\nupdate tool\\'s working sandbox.\n", "id": "FreeBSD-2016-0390", "modified": "2016-10-10T00:00:00Z", "published": "2016-10-10T00:00:00Z", "references": [ { "type": "ADVISORY", "url": "https://www.freebsd.org/security/advisories/FreeBSD-SA-16:31.libarchive.asc" } ], "schema_version": "1.7.0", "summary": "FreeBSD -- Multiple libarchive vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "FreeBSD" }, "ranges": [ { "events": [ { "introduced": "11.0" }, { "fixed": "11.0_1" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "10.3" }, { "fixed": "10.3_10" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "10.2" }, { "fixed": "10.2_23" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "10.1" }, { "fixed": "10.1_40" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "9.3" }, { "fixed": "9.3_48" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "discovery": "2016-10-10T00:00:00Z", "references": { "freebsdsa": [ "SA-16:30.portsnap" ] }, "vid": "e7dcd69d-8ee6-11e6-a590-14dae9d210b8" }, "details": "# Problem Description:\n\nFlaws in portsnap\\'s verification of downloaded tar files allows\nadditional files to be included without causing the verification to\nfail. Portsnap may then use or execute these files.\n\n# Impact:\n\nAn attacker who can conduct man in the middle attack on the network at\nthe time when portsnap is run can cause portsnap to execute arbitrary\ncommands under the credentials of the user who runs portsnap, typically\nroot.\n", "id": "FreeBSD-2016-0389", "modified": "2016-10-10T00:00:00Z", "published": "2016-10-10T00:00:00Z", "references": [ { "type": "ADVISORY", "url": "https://www.freebsd.org/security/advisories/FreeBSD-SA-16:30.portsnap.asc" } ], "schema_version": "1.7.0", "summary": "FreeBSD -- Multiple portsnap vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "FreeBSD" }, "ranges": [ { "events": [ { "introduced": "11.0" }, { "fixed": "11.0_1" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "10.3" }, { "fixed": "10.3_10" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "10.2" }, { "fixed": "10.2_23" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "10.1" }, { "fixed": "10.1_40" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "9.3" }, { "fixed": "9.3_48" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "discovery": "2016-10-10T00:00:00Z", "references": { "freebsdsa": [ "SA-16:29.bspatch" ] }, "vid": "ce808022-8ee6-11e6-a590-14dae9d210b8" }, "details": "# Problem Description:\n\nThe implementation of bspatch is susceptible to integer overflows with\ncarefully crafted input, potentially allowing an attacker who can\ncontrol the patch file to write at arbitrary locations in the heap. This\nissue was partially addressed in FreeBSD-SA-16:25.bspatch, but some\npossible integer overflows remained.\n\n# Impact:\n\nAn attacker who can control the patch file can cause a crash or run\narbitrary code under the credentials of the user who runs bspatch, in\nmany cases, root.\n", "id": "FreeBSD-2016-0388", "modified": "2016-10-10T00:00:00Z", "published": "2016-10-10T00:00:00Z", "references": [ { "type": "ADVISORY", "url": "https://www.freebsd.org/security/advisories/FreeBSD-SA-16:29.bspatch.asc" } ], "schema_version": "1.7.0", "summary": "FreeBSD -- Heap overflow vulnerability in bspatch" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "mkvtoolnix" }, "ranges": [ { "events": [ { "fixed": "9.4.1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://mkvtoolnix.download/doc/ChangeLog" ], "discovery": "2016-09-07T00:00:00Z", "vid": "aeb7874e-8df1-11e6-a082-5404a68ad561" }, "details": "Moritz Bunkus reports:\n\n> most of the bugs fixed on 2016-09-06 and 2016-09-07 for issue #1780\n> are potentially exploitable. The scenario is arbitrary code execution\n> with specially-crafted files.\n", "id": "FreeBSD-2016-0387", "modified": "2016-10-09T00:00:00Z", "published": "2016-10-09T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://mkvtoolnix.download/doc/ChangeLog" }, { "type": "WEB", "url": "https://mkvtoolnix.download/doc/ChangeLog" } ], "schema_version": "1.7.0", "summary": "mkvtoolnix -- code execution via specially crafted files" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "libX11" }, "ranges": [ { "events": [ { "fixed": "1.6.4,1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "libXfixes" }, "ranges": [ { "events": [ { "fixed": "5.0.3" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "libXi" }, "ranges": [ { "events": [ { "fixed": "1.7.7,1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "libXrandr" }, "ranges": [ { "events": [ { "fixed": "1.5.1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "libXrender" }, "ranges": [ { "events": [ { "fixed": "0.9.10" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "libXtst" }, "ranges": [ { "events": [ { "fixed": "1.2.3" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "libXv" }, "ranges": [ { "events": [ { "fixed": "1.0.11,1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "libXvMC" }, "ranges": [ { "events": [ { "fixed": "1.0.10" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://lists.x.org/archives/xorg-announce/2016-October/002720.html" ], "discovery": "2016-10-04T00:00:00Z", "references": { "cvename": [ "CVE-2016-5407" ] }, "vid": "1cf65085-a760-41d2-9251-943e1af62eb8" }, "details": "Matthieu Herrb reports:\n\n> Tobias Stoeckmann from the OpenBSD project has discovered a number of\n> issues in the way various X client libraries handle the responses they\n> receive from servers, and has worked with X.Org\\'s security team to\n> analyze, confirm, and fix these issues. These issue come in addition\n> to the ones discovered by Ilja van Sprundel in 2013.\n>\n> Most of these issues stem from the client libraries trusting the\n> server to send correct protocol data, and not verifying that the\n> values will not overflow or cause other damage. Most of the time X\n> clients and servers are run by the same user, with the server more\n> privileged than the clients, so this is not a problem, but there are\n> scenarios in which a privileged client can be connected to an\n> unprivileged server, for instance, connecting a setuid X client (such\n> as a screen lock program) to a virtual X server (such as Xvfb or\n> Xephyr) which the user has modified to return invalid data,\n> potentially allowing the user to escalate their privileges.\n", "id": "FreeBSD-2016-0386", "modified": "2016-10-10T00:00:00Z", "published": "2016-10-07T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://lists.x.org/archives/xorg-announce/2016-October/002720.html" }, { "type": "WEB", "url": "https://lists.x.org/archives/xorg-announce/2016-October/002720.html" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2016-5407" } ], "schema_version": "1.7.0", "summary": "X.org libraries -- multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "bind99" }, "ranges": [ { "events": [ { "fixed": "9.9.9P3" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "bind910" }, "ranges": [ { "events": [ { "fixed": "9.10.4P3" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "bind911" }, "ranges": [ { "events": [ { "fixed": "9.11.0.rc3" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "bind9-devel" }, "ranges": [ { "events": [ { "fixed": "9.12.0.a.2016.09.10" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "FreeBSD" }, "ranges": [ { "events": [ { "introduced": "9.3" }, { "fixed": "9.3_48" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://kb.isc.org/article/AA-01419" ], "discovery": "2016-09-27T00:00:00Z", "references": { "cvename": [ "CVE-2016-2776" ], "freebsdsa": [ "SA-16:28.bind" ] }, "vid": "c8d902b1-8550-11e6-81e7-d050996490d0" }, "details": "ISC reports:\n\n> Testing by ISC has uncovered a critical error condition which can\n> occur when a nameserver is constructing a response. A defect in the\n> rendering of messages into packets can cause named to exit with an\n> assertion failure in buffer.c while constructing a response to a query\n> that meets certain criteria.\n", "id": "FreeBSD-2016-0385", "modified": "2016-10-10T00:00:00Z", "published": "2016-09-28T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://kb.isc.org/article/AA-01419" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2016-2776" }, { "type": "ADVISORY", "url": "https://www.freebsd.org/security/advisories/FreeBSD-SA-16:28.bind.asc" }, { "type": "WEB", "url": "https://kb.isc.org/article/AA-01419" } ], "schema_version": "1.7.0", "summary": "BIND -- Remote Denial of Service vulnerability" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "py-django19" }, "ranges": [ { "events": [ { "fixed": "1.9.10" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "py-django18" }, "ranges": [ { "events": [ { "fixed": "1.8.15" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "py-django" }, "ranges": [ { "events": [ { "fixed": "1.8.15" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://www.djangoproject.com/weblog/2016/sep/26/security-releases/" ], "discovery": "2016-09-26T00:00:00Z", "references": { "cvename": [ "CVE-2016-7401" ] }, "vid": "bb022643-84fb-11e6-a4a1-60a44ce6887b" }, "details": "Django Software Foundation reports:\n\n> An interaction between Google Analytics and Django\\'s cookie parsing\n> could allow an attacker to set arbitrary cookies leading to a bypass\n> of CSRF protection.\n", "id": "FreeBSD-2016-0384", "modified": "2016-09-27T00:00:00Z", "published": "2016-09-27T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://www.djangoproject.com/weblog/2016/sep/26/security-releases/" }, { "type": "WEB", "url": "https://www.djangoproject.com/weblog/2016/sep/26/security-releases/" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2016-7401" } ], "schema_version": "1.7.0", "summary": "django -- CSRF protection bypass on a site with Google Analytics" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "openssl" }, "ranges": [ { "events": [ { "fixed": "1.0.2j,1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "openssl-devel" }, "ranges": [ { "events": [ { "fixed": "1.1.0b" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "libressl" }, "ranges": [ { "events": [ { "fixed": "2.4.3" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "libressl-devel" }, "ranges": [ { "events": [ { "fixed": "2.4.3" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "FreeBSD" }, "ranges": [ { "events": [ { "introduced": "11.0" }, { "fixed": "11.0_1" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://www.openssl.org/news/secadv/20160926.txt" ], "discovery": "2016-09-26T00:00:00Z", "references": { "cvename": [ "CVE-2016-6309", "CVE-2016-7052" ], "freebsdsa": [ "SA-16:27.openssl" ] }, "vid": "91a337d8-83ed-11e6-bf52-b499baebfeaf" }, "details": "OpenSSL reports:\n\n> Critical vulnerability in OpenSSL 1.1.0a\\\n> Fix Use After Free for large message sizes (CVE-2016-6309)\n>\n> Moderate vulnerability in OpenSSL 1.0.2i\\\n> Missing CRL sanity check (CVE-2016-7052)\n", "id": "FreeBSD-2016-0383", "modified": "2016-10-10T00:00:00Z", "published": "2016-09-26T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://www.openssl.org/news/secadv/20160926.txt" }, { "type": "WEB", "url": "https://www.openssl.org/news/secadv/20160926.txt" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2016-6309" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2016-7052" }, { "type": "ADVISORY", "url": "https://www.freebsd.org/security/advisories/FreeBSD-SA-16:27.openssl.asc" } ], "schema_version": "1.7.0", "summary": "OpenSSL -- multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "openssl-devel" }, "ranges": [ { "events": [ { "introduced": "1.1.0" }, { "fixed": "1.1.0_1" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "openssl" }, "ranges": [ { "events": [ { "fixed": "1.0.2i,1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "linux-c6-openssl" }, "ranges": [ { "events": [ { "fixed": "1.0.1e_11" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "FreeBSD" }, "ranges": [ { "events": [ { "introduced": "10.3" }, { "fixed": "10.3_8" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "10.2" }, { "fixed": "10.2_21" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "10.1" }, { "fixed": "10.1_38" } ], "type": "ECOSYSTEM" }, { "events": [ { "introduced": "9.3" }, { "fixed": "9.3_46" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://www.openssl.org/news/secadv/20160922.txt" ], "discovery": "2016-09-22T00:00:00Z", "references": { "cvename": [ "CVE-2016-6304", "CVE-2016-6305", "CVE-2016-2183", "CVE-2016-6303", "CVE-2016-6302", "CVE-2016-2182", "CVE-2016-2180", "CVE-2016-2177", "CVE-2016-2178", "CVE-2016-2179", "CVE-2016-2181", "CVE-2016-6306", "CVE-2016-6307", "CVE-2016-6308" ], "freebsdsa": [ "SA-16:26.openssl" ] }, "vid": "43eaa656-80bc-11e6-bf52-b499baebfeaf" }, "details": "OpenSSL reports:\n\n> High: OCSP Status Request extension unbounded memory growth\n>\n> SSL_peek() hang on empty record\n>\n> SWEET32 Mitigation\n>\n> OOB write in MDC2_Update()\n>\n> Malformed SHA512 ticket DoS\n>\n> OOB write in BN_bn2dec()\n>\n> OOB read in TS_OBJ_print_bio()\n>\n> Pointer arithmetic undefined behaviour\n>\n> Constant time flag not preserved in DSA signing\n>\n> DTLS buffered message DoS\n>\n> DTLS replay protection DoS\n>\n> Certificate message OOB reads\n>\n> Excessive allocation of memory in tls_get_message_header()\n>\n> Excessive allocation of memory in dtls1_preprocess_fragment()\n>\n> NB: LibreSSL is only affected by CVE-2016-6304\n", "id": "FreeBSD-2016-0382", "modified": "2016-10-11T00:00:00Z", "published": "2016-09-22T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://www.openssl.org/news/secadv/20160922.txt" }, { "type": "WEB", "url": "https://www.openssl.org/news/secadv/20160922.txt" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2016-6304" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2016-6305" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2016-2183" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2016-6303" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2016-6302" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2016-2182" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2016-2180" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2016-2177" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2016-2178" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2016-2179" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2016-2181" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2016-6306" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2016-6307" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2016-6308" }, { "type": "ADVISORY", "url": "https://www.freebsd.org/security/advisories/FreeBSD-SA-16:26.openssl.asc" } ], "schema_version": "1.7.0", "summary": "OpenSSL -- multiple vulnerabilities" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "irssi" }, "ranges": [ { "events": [ { "introduced": "0.8.17" }, { "fixed": "0.8.20" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "zh-irssi" }, "ranges": [ { "events": [ { "introduced": "0.8.17" }, { "fixed": "0.8.20" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://irssi.org/security/irssi_sa_2016.txt" ], "discovery": "2016-09-21T00:00:00Z", "references": { "cvename": [ "CVE-2016-7044", "CVE-2016-7045" ] }, "vid": "e78261e4-803d-11e6-a590-14dae9d210b8" }, "details": "Irssi reports:\n\n> Remote crash and heap corruption. Remote code execution seems\n> difficult since only Nuls are written.\n", "id": "FreeBSD-2016-0381", "modified": "2016-09-22T00:00:00Z", "published": "2016-09-21T00:00:00Z", "references": [ { "type": "REPORT", "url": "https://irssi.org/security/irssi_sa_2016.txt" }, { "type": "WEB", "url": "https://irssi.org/security/irssi_sa_2016.txt" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2016-7044" }, { "type": "ADVISORY", "url": "https://api.osv.dev/v1/vulns/CVE-2016-7045" } ], "schema_version": "1.7.0", "summary": "irssi -- heap corruption and missing boundary checks" }, { "affected": [ { "package": { "ecosystem": "FreeBSD:ports", "name": "firefox" }, "ranges": [ { "events": [ { "fixed": "49.0,1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "seamonkey" }, "ranges": [ { "events": [ { "fixed": "2.46" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "linux-seamonkey" }, "ranges": [ { "events": [ { "fixed": "2.46" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "firefox-esr" }, "ranges": [ { "events": [ { "fixed": "45.4.0,1" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "linux-firefox" }, "ranges": [ { "events": [ { "fixed": "45.4.0,2" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "libxul" }, "ranges": [ { "events": [ { "fixed": "45.4.0" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "thunderbird" }, "ranges": [ { "events": [ { "fixed": "45.4.0" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "FreeBSD:ports", "name": "linux-thunderbird" }, "ranges": [ { "events": [ { "fixed": "45.4.0" }, { "introduced": "0" } ], "type": "ECOSYSTEM" } ] } ], "database_specific": { "cite": [ "https://www.mozilla.org/en-US/security/advisories/mfsa2016-85/" ], "discovery": "2016-09-13T00:00:00Z", "references": { "cvename": [ "CVE-2016-2827", "CVE-2016-5256", "CVE-2016-5257", "CVE-2016-5270", "CVE-2016-5271", "CVE-2016-5272", "CVE-2016-5273", "CVE-2016-5274", "CVE-2016-5275", "CVE-2016-5276", "CVE-2016-5277", "CVE-2016-5278", "CVE-2016-5279", "CVE-2016-5280", "CVE-2016-5281", "CVE-2016-5282", "CVE-2016-5283", "CVE-2016-5284" ] }, "vid": "2c57c47e-8bb3-4694-83c8-9fc3abad3964" }, "details": "Mozilla Foundation reports:\n\n> CVE-2016-2827 - Out-of-bounds read in\n> mozilla::net::IsValidReferrerPolicy \\[low\\]\n>\n> CVE-2016-5256 - Memory safety bugs fixed in Firefox 49 \\[critical\\]\n>\n> CVE-2016-5257 - Memory safety bugs fixed in Firefox 49 and Firefox ESR\n> 45.4 \\[critical\\]\n>\n> CVE-2016-5270 - Heap-buffer-overflow in\n> nsCaseTransformTextRunFactory::TransformString \\[high\\]\n>\n> CVE-2016-5271 - Out-of-bounds read in\n> PropertyProvider::GetSpacingInternal \\[low\\]\n>\n> CVE-2016-5272 - Bad cast in nsImageGeometryMixin \\[high\\]\n>\n> CVE-2016-5273 - crash in\n> mozilla::a11y::HyperTextAccessible::GetChildOffset \\[high\\]\n>\n> CVE-2016-5274 - use-after-free in nsFrameManager::CaptureFrameState\n> \\[high\\]\n>\n> CVE-2016-5275 - global-buffer-overflow in\n> mozilla::gfx::FilterSupport::ComputeSourceNeededRegions \\[critical\\]\n>\n> CVE-2016-5276 - Heap-use-after-free in\n> mozilla::a11y::DocAccessible::ProcessInvalidationList \\[high\\]\n>\n> CVE-2016-5277 - Heap-use-after-free in nsRefreshDriver::Tick \\[high\\]\n>\n> CVE-2016-5278 - Heap-buffer-overflow in nsBMPEncoder::AddImageFrame\n> \\[critical\\]\n>\n> CVE-2016-5279 - Full local path of files is available to web pages\n> after drag and drop \\[moderate\\]\n>\n> CVE-2016-5280 - Use-after-free in\n> mozilla::nsTextNodeDirectionalityMap::RemoveElementFromMap \\[high\\]\n>\n> CVE-2016-5281 - use-after-free in DOMSVGLength \\[high\\]\n>\n> CVE-2016-5282 - Don\\'t allow content to request favicons from\n> non-whitelisted schemes \\[moderate\\]\n>\n> CVE-2016-5283 - \\