Vulnerabilities > Freebsd > Freebsd > 11.4

DATE CVE VULNERABILITY TITLE RISK
2023-12-18 CVE-2023-48795 Improper Validation of Integrity Check Value vulnerability in multiple products
The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass integrity checks such that some packets are omitted (from the extension negotiation message), and a client and server may consequently end up with a connection for which some security features have been downgraded or disabled, aka a Terrapin attack.
5.9
2023-11-08 CVE-2023-5941 Incorrect Calculation of Buffer Size vulnerability in Freebsd
In versions of FreeBSD 12.4-RELEASE prior to 12.4-RELEASE-p7 and FreeBSD 13.2-RELEASE prior to 13.2-RELEASE-p5 the __sflush() stdio function in libc does not correctly update FILE objects' write space members for write-buffered streams when the write(2) system call returns an error.
network
low complexity
freebsd CWE-131
critical
9.8
2023-10-04 CVE-2023-5368 Insecure Default Initialization of Resource vulnerability in Freebsd
On an msdosfs filesystem, the 'truncate' or 'ftruncate' system calls under certain circumstances populate the additional space in the file with unallocated data from the underlying disk device, rather than zero bytes. This may permit a user with write access to files on a msdosfs filesystem to read unintended data (e.g.
network
low complexity
freebsd CWE-1188
6.5
2023-09-06 CVE-2023-4809 Unspecified vulnerability in Freebsd
In pf packet processing with a 'scrub fragment reassemble' rule, a packet containing multiple IPv6 fragment headers would be reassembled, and then immediately processed.
network
low complexity
freebsd
7.5
2023-06-22 CVE-2023-3326 Improper Authentication vulnerability in Freebsd
pam_krb5 authenticates a user by essentially running kinit with the password, getting a ticket-granting ticket (tgt) from the Kerberos KDC (Key Distribution Center) over the network, as a way to verify the password.
network
low complexity
freebsd CWE-287
critical
9.8
2021-08-30 CVE-2021-29630 Out-of-bounds Write vulnerability in Freebsd 11.4/12.2/13.0
In FreeBSD 13.0-STABLE before n246938-0729ba2f49c9, 12.2-STABLE before r370383, 11.4-STABLE before r370381, 13.0-RELEASE before p4, 12.2-RELEASE before p10, and 11.4-RELEASE before p13, the ggatec daemon does not validate the size of a response before writing it to a fixed-sized buffer allowing a malicious attacker in a privileged network position to overwrite the stack of ggatec and potentially execute arbitrary code.
network
high complexity
freebsd CWE-787
7.6
2021-08-30 CVE-2021-29631 Use of Uninitialized Resource vulnerability in Freebsd 11.4/12.2/13.0
In FreeBSD 13.0-STABLE before n246941-20f96f215562, 12.2-STABLE before r370400, 11.4-STABLE before r370399, 13.0-RELEASE before p4, 12.2-RELEASE before p10, and 11.4-RELEASE before p13, certain VirtIO-based device models in bhyve failed to handle errors when fetching I/O descriptors.
local
low complexity
freebsd CWE-908
7.2
2021-06-04 CVE-2020-7469 Use After Free vulnerability in multiple products
In FreeBSD 12.2-STABLE before r367402, 11.4-STABLE before r368202, 12.2-RELEASE before p1, 12.1-RELEASE before p11 and 11.4-RELEASE before p5 the handler for a routing option caches a pointer into the packet buffer holding the ICMPv6 message.
network
low complexity
freebsd netapp CWE-416
5.0
2021-05-28 CVE-2021-29629 Improper Input Validation vulnerability in Freebsd 11.4/12.2/13.0
In FreeBSD 13.0-STABLE before n245765-bec0d2c9c841, 12.2-STABLE before r369859, 11.4-STABLE before r369866, 13.0-RELEASE before p1, 12.2-RELEASE before p7, and 11.4-RELEASE before p10, missing message validation in libradius(3) could allow malicious clients or servers to trigger denial of service in vulnerable servers or clients respectively.
network
low complexity
freebsd CWE-20
5.0
2021-04-07 CVE-2021-29626 Use After Free vulnerability in Freebsd
In FreeBSD 13.0-STABLE before n245117, 12.2-STABLE before r369551, 11.4-STABLE before r369559, 13.0-RC5 before p1, 12.2-RELEASE before p6, and 11.4-RELEASE before p9, copy-on-write logic failed to invalidate shared memory page mappings between multiple processes allowing an unprivileged process to maintain a mapping after it is freed, allowing the process to read private data belonging to other processes or the kernel.
local
low complexity
freebsd CWE-416
2.1