Vulnerabilities > Freebsd
|2022-01-18||CVE-2021-29632|| Unspecified vulnerability in Freebsd 12.2/13.0 |
In FreeBSD 13.0-STABLE before n247428-9352de39c3dc, 12.2-STABLE before r370674, 13.0-RELEASE before p6, and 12.2-RELEASE before p12, certain conditions involving use of the highlight buffer while text is scrolling on the console, console data may overwrite data structures associated with the system console or other kernel memory.
| 5.0 |
|2021-10-19||CVE-2011-1075|| Race Condition vulnerability in Freebsd |
FreeBSD's crontab calculates the MD5 sum of the previous and new cronjob to determine if any changes have been made before copying the new version in.
| 4.3 |
|2021-08-30||CVE-2021-29630|| Out-of-bounds Write vulnerability in Freebsd 11.4/12.2/13.0 |
In FreeBSD 13.0-STABLE before n246938-0729ba2f49c9, 12.2-STABLE before r370383, 11.4-STABLE before r370381, 13.0-RELEASE before p4, 12.2-RELEASE before p10, and 11.4-RELEASE before p13, the ggatec daemon does not validate the size of a response before writing it to a fixed-sized buffer allowing a malicious attacker in a privileged network position to overwrite the stack of ggatec and potentially execute arbitrary code.
| 7.6 |
|2021-08-30||CVE-2021-29631|| Use of Uninitialized Resource vulnerability in Freebsd 11.4/12.2/13.0 |
In FreeBSD 13.0-STABLE before n246941-20f96f215562, 12.2-STABLE before r370400, 11.4-STABLE before r370399, 13.0-RELEASE before p4, 12.2-RELEASE before p10, and 11.4-RELEASE before p13, certain VirtIO-based device models in bhyve failed to handle errors when fetching I/O descriptors.
| 7.2 |
|2021-08-03||CVE-2021-36159|| Out-of-bounds Read vulnerability in Freebsd Libfetch |
libfetch before 2021-07-26, as used in apk-tools, xbps, and other products, mishandles numeric strings for the FTP and HTTP protocols.
| 6.4 |
|2021-06-04||CVE-2020-7469|| Use After Free vulnerability in Freebsd 11.4/12.1/12.2 |
In FreeBSD 12.2-STABLE before r367402, 11.4-STABLE before r368202, 12.2-RELEASE before p1, 12.1-RELEASE before p11 and 11.4-RELEASE before p5 the handler for a routing option caches a pointer into the packet buffer holding the ICMPv6 message.
| 5.0 |
|2021-05-28||CVE-2021-29628|| Incorrect Authorization vulnerability in Freebsd 12.2/13.0 |
In FreeBSD 13.0-STABLE before n245764-876ffe28796c, 12.2-STABLE before r369857, 13.0-RELEASE before p1, and 12.2-RELEASE before p7, a system call triggering a fault could cause SMAP protections to be disabled for the duration of the system call.
| 5.0 |
|2021-05-28||CVE-2021-29629|| Improper Input Validation vulnerability in Freebsd 11.4/12.2/13.0 |
In FreeBSD 13.0-STABLE before n245765-bec0d2c9c841, 12.2-STABLE before r369859, 11.4-STABLE before r369866, 13.0-RELEASE before p1, 12.2-RELEASE before p7, and 11.4-RELEASE before p10, missing message validation in libradius(3) could allow malicious clients or servers to trigger denial of service in vulnerable servers or clients respectively.
| 5.0 |
|2021-04-07||CVE-2021-29627|| Use After Free vulnerability in Freebsd |
In FreeBSD 13.0-STABLE before n245050, 12.2-STABLE before r369525, 13.0-RC4 before p0, and 12.2-RELEASE before p6, listening socket accept filters implementing the accf_create callback incorrectly freed a process supplied argument string.
| 7.2 |
|2021-04-07||CVE-2021-29626|| Use After Free vulnerability in Freebsd |
In FreeBSD 13.0-STABLE before n245117, 12.2-STABLE before r369551, 11.4-STABLE before r369559, 13.0-RC5 before p1, 12.2-RELEASE before p6, and 11.4-RELEASE before p9, copy-on-write logic failed to invalidate shared memory page mappings between multiple processes allowing an unprivileged process to maintain a mapping after it is freed, allowing the process to read private data belonging to other processes or the kernel.
| 2.1 |