Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by vendor Freebsd Subscribe
Total 514 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2019-5595 1 Freebsd 1 Freebsd 2021-07-21 2.1 LOW 5.5 MEDIUM
In FreeBSD before 11.2-STABLE(r343782), 11.2-RELEASE-p9, 12.0-STABLE(r343781), and 12.0-RELEASE-p3, kernel callee-save registers are not properly sanitized before return from system calls, potentially allowing some kernel data used in the system call to be exposed.
CVE-2020-7451 1 Freebsd 1 Freebsd 2021-07-21 5.0 MEDIUM 5.3 MEDIUM
In FreeBSD 12.1-STABLE before r358739, 12.1-RELEASE before 12.1-RELEASE-p3, 11.3-STABLE before r358740, and 11.3-RELEASE before 11.3-RELEASE-p7, a TCP SYN-ACK or challenge TCP-ACK segment over IPv6 that is transmitted or retransmitted does not properly initialize the Traffic Class field disclosing one byte of kernel memory over the network.
CVE-2020-24716 2 Freebsd, Openzfs 2 Freebsd, Openzfs 2021-07-21 4.6 MEDIUM 7.8 HIGH
OpenZFS before 2.0.0-rc1, when used on FreeBSD, allows execute permissions for all directories.
CVE-2018-7183 4 Canonical, Freebsd, Netapp and 1 more 4 Ubuntu Linux, Freebsd, Element Software and 1 more 2021-07-20 7.5 HIGH 9.8 CRITICAL
Buffer overflow in the decodearr function in ntpq in ntp 4.2.8p6 through 4.2.8p10 allows remote attackers to execute arbitrary code by leveraging an ntpq query and sending a response with a crafted array.
CVE-2016-2518 7 Debian, Freebsd, Netapp and 4 more 18 Debian Linux, Freebsd, Clustered Data Ontap and 15 more 2021-06-10 5.0 MEDIUM 5.3 MEDIUM
The MATCH_ASSOC function in NTP before version 4.2.8p9 and 4.3.x before 4.3.92 allows remote attackers to cause an out-of-bounds reference via an addpeer request with a large hmode value.
CVE-2018-3665 6 Canonical, Citrix, Debian and 3 more 14 Ubuntu Linux, Xenserver, Debian Linux and 11 more 2021-06-09 4.7 MEDIUM 5.6 MEDIUM
System software utilizing Lazy FP state restore technique on systems using Intel Core-based microprocessors may potentially allow a local process to infer data from another process through a speculative execution side channel.
CVE-2020-25578 1 Freebsd 1 Freebsd 2021-06-03 5.0 MEDIUM 5.3 MEDIUM
In FreeBSD 12.2-STABLE before r368969, 11.4-STABLE before r369047, 12.2-RELEASE before p3, 12.1-RELEASE before p13 and 11.4-RELEASE before p7 several file systems were not properly initializing the d_off field of the dirent structures returned by VOP_READDIR. In particular, tmpfs(5), smbfs(5), autofs(5) and mqueuefs(5) were failing to do so. As a result, eight uninitialized kernel stack bytes may be leaked to userspace by these file systems.
CVE-2020-25577 1 Freebsd 1 Freebsd 2021-06-03 10.0 HIGH 9.8 CRITICAL
In FreeBSD 12.2-STABLE before r368250, 11.4-STABLE before r368253, 12.2-RELEASE before p1, 12.1-RELEASE before p11 and 11.4-RELEASE before p5 rtsold(8) does not verify that the RDNSS option does not extend past the end of the received packet before processing its contents. While the kernel currently ignores such malformed packets, it passes them to userspace programs. Any programs expecting the kernel to do validation may be vulnerable to an overflow.
CVE-2020-25581 1 Freebsd 1 Freebsd 2021-06-03 8.5 HIGH 7.5 HIGH
In FreeBSD 12.2-STABLE before r369312, 11.4-STABLE before r369313, 12.2-RELEASE before p4 and 11.4-RELEASE before p8 due to a race condition in the jail_remove(2) implementation, it may fail to kill some of the processes.
CVE-2020-25583 1 Freebsd 1 Freebsd 2021-06-03 10.0 HIGH 9.8 CRITICAL
In FreeBSD 12.2-STABLE before r368250, 11.4-STABLE before r368253, 12.2-RELEASE before p1, 12.1-RELEASE before p11 and 11.4-RELEASE before p5 when processing a DNSSL option, rtsold(8) decodes domain name labels per an encoding specified in RFC 1035 in which the first octet of each label contains the label's length. rtsold(8) did not validate label lengths correctly and could overflow the destination buffer.
CVE-2020-25584 1 Freebsd 1 Freebsd 2021-06-03 6.2 MEDIUM 7.5 HIGH
In FreeBSD 13.0-STABLE before n245118, 12.2-STABLE before r369552, 11.4-STABLE before r369560, 13.0-RC5 before p1, 12.2-RELEASE before p6, and 11.4-RELEASE before p9, a superuser inside a FreeBSD jail configured with the non-default allow.mount permission could cause a race condition between the lookup of ".." and remounting a filesystem, allowing access to filesystem hierarchy outside of the jail.
CVE-2015-7973 5 Canonical, Freebsd, Netapp and 2 more 9 Ubuntu Linux, Freebsd, Clustered Data Ontap and 6 more 2021-04-26 5.8 MEDIUM 6.5 MEDIUM
NTP before 4.2.8p6 and 4.3.x before 4.3.90, when configured in broadcast mode, allows man-in-the-middle attackers to conduct replay attacks by sniffing the network.
CVE-2020-7462 1 Freebsd 1 Freebsd 2021-04-02 4.9 MEDIUM 5.5 MEDIUM
In 11.4-PRERELEASE before r360733 and 11.3-RELEASE before p13, improper mbuf handling in the kernel causes a use-after-free bug by sending IPv6 Hop-by-Hop options over the loopback interface. The use-after-free situation may result in unintended kernel behaviour including a kernel panic.
CVE-2020-7467 1 Freebsd 1 Freebsd 2021-04-01 7.2 HIGH 7.6 HIGH
In FreeBSD 12.2-STABLE before r365767, 11.4-STABLE before r365769, 12.1-RELEASE before p10, 11.4-RELEASE before p4 and 11.3-RELEASE before p14 a number of AMD virtualization instructions operate on host physical addresses, are not subject to nested page table translation, and guest use of these instructions was not trapped.
CVE-2020-7464 1 Freebsd 1 Freebsd 2021-04-01 5.0 MEDIUM 5.3 MEDIUM
In FreeBSD 12.2-STABLE before r365730, 11.4-STABLE before r365738, 12.1-RELEASE before p10, 11.4-RELEASE before p4, and 11.3-RELEASE before p14, a programming error in the ure(4) device driver caused some Realtek USB Ethernet interfaces to incorrectly report packets with more than 2048 bytes in a single USB transfer as having a length of only 2048 bytes. An adversary can exploit this to cause the driver to misinterpret part of the payload of a large packet as a separate packet, and thereby inject packets across security boundaries such as VLANs.
CVE-2020-13160 3 Anydesk, Freebsd, Linux 3 Anydesk, Freebsd, Linux Kernel 2021-03-15 7.5 HIGH 9.8 CRITICAL
AnyDesk before 5.5.3 on Linux and FreeBSD has a format string vulnerability that can be exploited for remote code execution.
CVE-2002-0824 1 Freebsd 1 Point-to-point Protocol Daemon 2021-03-11 6.9 MEDIUM N/A
BSD pppd allows local users to change the permissions of arbitrary files via a symlink attack on a file that is specified as a tty device.
CVE-2011-4862 8 Debian, Fedoraproject, Freebsd and 5 more 10 Debian Linux, Fedora, Freebsd and 7 more 2021-02-09 10.0 HIGH N/A
Buffer overflow in libtelnet/encrypt.c in telnetd in FreeBSD 7.3 through 9.0, MIT Kerberos Version 5 Applications (aka krb5-appl) 1.0.2 and earlier, Heimdal 1.5.1 and earlier, GNU inetutils, and possibly other products allows remote attackers to execute arbitrary code via a long encryption key, as exploited in the wild in December 2011.
CVE-2017-13080 7 Canonical, Debian, Freebsd and 4 more 12 Ubuntu Linux, Debian Linux, Freebsd and 9 more 2020-11-10 2.9 LOW 5.3 MEDIUM
Wi-Fi Protected Access (WPA and WPA2) allows reinstallation of the Group Temporal Key (GTK) during the group key handshake, allowing an attacker within radio range to replay frames from access points to clients.
CVE-2019-9499 6 Debian, Fedoraproject, Freebsd and 3 more 9 Debian Linux, Fedora, Freebsd and 6 more 2020-10-22 6.8 MEDIUM 8.1 HIGH
The implementations of EAP-PWD in wpa_supplicant EAP Peer, when built against a crypto library missing explicit validation on imported elements, do not validate the scalar and element values in EAP-pwd-Commit. An attacker may complete authentication, session key and control of the data connection with a client. Both hostapd with SAE support and wpa_supplicant with SAE support prior to and including version 2.4 are affected. Both hostapd with EAP-pwd support and wpa_supplicant with EAP-pwd support prior to and including version 2.7 are affected.