Lucene search

K

Freebsd Security Vulnerabilities

cve
cve

CVE-2020-7459

In FreeBSD 12.1-STABLE before r362166, 12.1-RELEASE before p8, 11.4-STABLE before r362167, 11.4-RELEASE before p2, and 11.3-RELEASE before p12, missing length validation code common to mulitple USB network drivers allows a malicious USB device to write beyond the end of an allocated network packet ...

6.8CVSS

6.6AI Score

0.001EPSS

2020-08-06 05:15 PM
21
4
cve
cve

CVE-2020-7460

In FreeBSD 12.1-STABLE before r363918, 12.1-RELEASE before p8, 11.4-STABLE before r363919, 11.4-RELEASE before p2, and 11.3-RELEASE before p12, the sendmsg system call in the compat32 subsystem on 64-bit platforms has a time-of-check to time-of-use vulnerability allowing a mailcious userspace progr...

7CVSS

6.7AI Score

0.0004EPSS

2020-08-06 05:15 PM
36
1
cve
cve

CVE-2020-7461

In FreeBSD 12.1-STABLE before r365010, 11.4-STABLE before r365011, 12.1-RELEASE before p9, 11.4-RELEASE before p3, and 11.3-RELEASE before p13, dhclient(8) fails to handle certain malformed input related to handling of DHCP option 119 resulting a heap overflow. The heap overflow could in principle ...

7.3CVSS

7.7AI Score

0.005EPSS

2021-03-26 09:15 PM
72
4
cve
cve

CVE-2020-7462

In 11.4-PRERELEASE before r360733 and 11.3-RELEASE before p13, improper mbuf handling in the kernel causes a use-after-free bug by sending IPv6 Hop-by-Hop options over the loopback interface. The use-after-free situation may result in unintended kernel behaviour including a kernel panic.

5.5CVSS

5.3AI Score

0.0004EPSS

2021-03-26 09:15 PM
54
cve
cve

CVE-2020-7463

In FreeBSD 12.1-STABLE before r364644, 11.4-STABLE before r364651, 12.1-RELEASE before p9, 11.4-RELEASE before p3, and 11.3-RELEASE before p13, improper handling in the kernel causes a use-after-free bug by sending large user messages from multiple threads on the same SCTP socket. The use-after-fre...

5.5CVSS

5.8AI Score

0.0005EPSS

2021-03-26 09:15 PM
1286
4
cve
cve

CVE-2020-7464

In FreeBSD 12.2-STABLE before r365730, 11.4-STABLE before r365738, 12.1-RELEASE before p10, 11.4-RELEASE before p4, and 11.3-RELEASE before p14, a programming error in the ure(4) device driver caused some Realtek USB Ethernet interfaces to incorrectly report packets with more than 2048 bytes in a s...

5.3CVSS

5.2AI Score

0.001EPSS

2021-03-26 09:15 PM
60
cve
cve

CVE-2020-7467

In FreeBSD 12.2-STABLE before r365767, 11.4-STABLE before r365769, 12.1-RELEASE before p10, 11.4-RELEASE before p4 and 11.3-RELEASE before p14 a number of AMD virtualization instructions operate on host physical addresses, are not subject to nested page table translation, and guest use of these ins...

7.6CVSS

7.3AI Score

0.001EPSS

2021-03-26 09:15 PM
53
cve
cve

CVE-2020-7468

In FreeBSD 12.2-STABLE before r365772, 11.4-STABLE before r365773, 12.1-RELEASE before p10, 11.4-RELEASE before p4 and 11.3-RELEASE before p14 a ftpd(8) bug in the implementation of the file system sandbox, combined with capabilities available to an authenticated FTP user, can be used to escape the...

8.8CVSS

8.7AI Score

0.001EPSS

2021-03-26 09:15 PM
51
cve
cve

CVE-2020-7469

In FreeBSD 12.2-STABLE before r367402, 11.4-STABLE before r368202, 12.2-RELEASE before p1, 12.1-RELEASE before p11 and 11.4-RELEASE before p5 the handler for a routing option caches a pointer into the packet buffer holding the ICMPv6 message. However, when processing subsequent options the packet b...

7.5CVSS

7.6AI Score

0.001EPSS

2021-06-04 12:15 PM
38
8
cve
cve

CVE-2021-29626

In FreeBSD 13.0-STABLE before n245117, 12.2-STABLE before r369551, 11.4-STABLE before r369559, 13.0-RC5 before p1, 12.2-RELEASE before p6, and 11.4-RELEASE before p9, copy-on-write logic failed to invalidate shared memory page mappings between multiple processes allowing an unprivileged process to ...

5.5CVSS

5.3AI Score

0.0004EPSS

2021-04-07 03:15 PM
32
2
cve
cve

CVE-2021-29627

In FreeBSD 13.0-STABLE before n245050, 12.2-STABLE before r369525, 13.0-RC4 before p0, and 12.2-RELEASE before p6, listening socket accept filters implementing the accf_create callback incorrectly freed a process supplied argument string. Additional operations on the socket can lead to a double fre...

7.8CVSS

7.5AI Score

0.0004EPSS

2021-04-07 03:15 PM
35
13
cve
cve

CVE-2021-29628

In FreeBSD 13.0-STABLE before n245764-876ffe28796c, 12.2-STABLE before r369857, 13.0-RELEASE before p1, and 12.2-RELEASE before p7, a system call triggering a fault could cause SMAP protections to be disabled for the duration of the system call. This weakness could be combined with other kernel bug...

7.5CVSS

7.4AI Score

0.001EPSS

2021-05-28 03:15 PM
34
6
cve
cve

CVE-2021-29629

In FreeBSD 13.0-STABLE before n245765-bec0d2c9c841, 12.2-STABLE before r369859, 11.4-STABLE before r369866, 13.0-RELEASE before p1, 12.2-RELEASE before p7, and 11.4-RELEASE before p10, missing message validation in libradius(3) could allow malicious clients or servers to trigger denial of service i...

7.5CVSS

7.3AI Score

0.001EPSS

2021-05-28 03:15 PM
43
4
cve
cve

CVE-2021-29630

In FreeBSD 13.0-STABLE before n246938-0729ba2f49c9, 12.2-STABLE before r370383, 11.4-STABLE before r370381, 13.0-RELEASE before p4, 12.2-RELEASE before p10, and 11.4-RELEASE before p13, the ggatec daemon does not validate the size of a response before writing it to a fixed-sized buffer allowing a m...

8.1CVSS

8.2AI Score

0.006EPSS

2021-08-30 07:15 PM
37
cve
cve

CVE-2021-29631

In FreeBSD 13.0-STABLE before n246941-20f96f215562, 12.2-STABLE before r370400, 11.4-STABLE before r370399, 13.0-RELEASE before p4, 12.2-RELEASE before p10, and 11.4-RELEASE before p13, certain VirtIO-based device models in bhyve failed to handle errors when fetching I/O descriptors. A malicious gu...

7.8CVSS

7.8AI Score

0.0004EPSS

2021-08-30 06:15 PM
40
cve
cve

CVE-2021-29632

In FreeBSD 13.0-STABLE before n247428-9352de39c3dc, 12.2-STABLE before r370674, 13.0-RELEASE before p6, and 12.2-RELEASE before p12, certain conditions involving use of the highlight buffer while text is scrolling on the console, console data may overwrite data structures associated with the system...

7.5CVSS

7.5AI Score

0.001EPSS

2022-01-18 05:15 PM
38
cve
cve

CVE-2021-3449

An OpenSSL TLS server may crash if sent a maliciously crafted renegotiation ClientHello message from a client. If a TLSv1.2 renegotiation ClientHello omits the signature_algorithms extension (where it was present in the initial ClientHello), but includes a signature_algorithms_cert extension then a...

5.9CVSS

6.5AI Score

0.005EPSS

2021-03-25 03:15 PM
626
82
cve
cve

CVE-2021-3450

The X509_V_FLAG_X509_STRICT flag enables additional security checks of the certificates present in a certificate chain. It is not set by default. Starting from OpenSSL version 1.1.1h a check to disallow certificates in the chain that have explicitly encoded elliptic curve parameters was added as an...

7.4CVSS

7.4AI Score

0.002EPSS

2021-03-25 03:15 PM
445
73
cve
cve

CVE-2022-32264

sys/netinet/tcp_timer.h in FreeBSD before 7.0 contains a denial-of-service (DoS) vulnerability due to improper handling of TSopt on TCP connections. NOTE: This vulnerability only affects products that are no longer supported by the maintainer

7.5CVSS

7.4AI Score

0.001EPSS

2022-09-06 06:15 PM
30
4
cve
cve

CVE-2023-0751

When GELI reads a key file from standard input, it does not reuse the key file to initialize multiple providers at once resulting in the second and subsequent devices silently using a NULL key as the user key file. If a user only uses a key file without a user passphrase, the master key is encrypte...

6.5CVSS

6.4AI Score

0.001EPSS

2023-02-08 08:15 PM
34
cve
cve

CVE-2023-3107

A set of carefully crafted ipv6 packets can trigger an integer overflow in the calculation of a fragment reassembled packet's payload length field. This allows an attacker to trigger a kernel panic, resulting in a denial of service.

7.5CVSS

7.3AI Score

0.001EPSS

2023-08-01 11:15 PM
18
cve
cve

CVE-2023-3326

pam_krb5 authenticates a user by essentially running kinit with the password, getting a ticket-granting ticket (tgt) from the Kerberos KDC (Key Distribution Center) over the network, as a way to verify the password. However, if a keytab is not provisioned on the system, pam_krb5 has no way to valid...

9.8CVSS

9.5AI Score

0.002EPSS

2023-06-22 05:15 PM
47
cve
cve

CVE-2023-3494

The fwctl driver implements a state machine which is executed when a bhyve guest accesses certain x86 I/O ports. The interface lets the guest copy a string into a buffer resident in the bhyve process' memory. A bug in the state machine implementation can result in a buffer overflowing when copying ...

8.8CVSS

8.9AI Score

0.0004EPSS

2023-08-01 11:15 PM
31
cve
cve

CVE-2023-4809

In pf packet processing with a 'scrub fragment reassemble' rule, a packet containing multiple IPv6 fragment headers would be reassembled, and then immediately processed. That is, a packet with multiple fragment extension headers would not be recognized as the correct ultimate payload. Instead a pac...

7.5CVSS

7.6AI Score

0.001EPSS

2023-09-06 08:15 PM
22
cve
cve

CVE-2023-48795

The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass integrity checks such that some packets are omitted (from the extension negotiation message), and a client and server may consequently end up with a connecti...

5.9CVSS

6.7AI Score

0.963EPSS

2023-12-18 04:15 PM
483
cve
cve

CVE-2023-51765

sendmail through 8.17.2 allows SMTP smuggling in certain configurations. Remote attackers can use a published exploitation technique to inject e-mail messages with a spoofed MAIL FROM address, allowing bypass of an SPF protection mechanism. This occurs because sendmail supports <LF>.<CR&gt...

5.3CVSS

5.4AI Score

0.002EPSS

2023-12-24 06:15 AM
52
cve
cve

CVE-2023-5368

On an msdosfs filesystem, the 'truncate' or 'ftruncate' system calls under certain circumstances populate the additional space in the file with unallocated data from the underlying disk device, rather than zero bytes. This may permit a user with write access to files on a msdosfs filesystem to read...

6.5CVSS

6.3AI Score

0.001EPSS

2023-10-04 04:15 AM
35
cve
cve

CVE-2023-5369

Before correction, the copy_file_range system call checked only for the CAP_READ and CAP_WRITE capabilities on the input and output file descriptors, respectively. Using an offset is logically equivalent to seeking, and the system call must additionally require the CAP_SEEK capability. This incorre...

7.1CVSS

6.8AI Score

0.0004EPSS

2023-10-04 04:15 AM
40
cve
cve

CVE-2023-5370

On CPU 0 the check for the SMCCC workaround is called before SMCCC support has been initialized. This resulted in no speculative execution workarounds being installed on CPU 0.

5.5CVSS

5.6AI Score

0.0004EPSS

2023-10-04 04:15 AM
35
cve
cve

CVE-2023-5941

In versions of FreeBSD 12.4-RELEASE prior to 12.4-RELEASE-p7 and FreeBSD 13.2-RELEASE prior to 13.2-RELEASE-p5 the __sflush() stdio function in libc does not correctly update FILE objects' write space members for write-buffered streams when the write(2) system call returns an error. Depending on th...

9.8CVSS

9.9AI Score

0.001EPSS

2023-11-08 09:15 AM
34
cve
cve

CVE-2023-5978

In versions of FreeBSD 13-RELEASE before 13-RELEASE-p5, under certain circumstances the cap_net libcasper(3) service incorrectly validates that updated constraints are strictly subsets of the active constraints. When only a list of resolvable domain names was specified without setting any other lim...

7.5CVSS

7.4AI Score

0.0005EPSS

2023-11-08 09:15 AM
28
cve
cve

CVE-2023-6534

In versions of FreeBSD 14.0-RELEASE before 14-RELEASE-p2, FreeBSD 13.2-RELEASE before 13.2-RELEASE-p7 and FreeBSD 12.4-RELEASE before 12.4-RELEASE-p9, the pf(4) packet filter incorrectly validates TCP sequence numbers. This could allow a malicious actor to execute a denial-of-service attack against...

7.5CVSS

7.6AI Score

0.0005EPSS

2023-12-13 09:15 AM
26
cve
cve

CVE-2023-6660

When a program running on an affected system appends data to a file via an NFS client mount, the bug can cause the NFS client to fail to copy in the data to be written but proceed as though the copy operation had succeeded. This means that the data to be written is instead replaced with whatever da...

6.5CVSS

6.4AI Score

0.0005EPSS

2023-12-13 09:15 AM
12
Total number of security vulnerabilities433