Vulnerabilities > Freebsd > Freebsd > 11.4
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2020-06-09 | CVE-2020-7456 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products In FreeBSD 12.1-STABLE before r361918, 12.1-RELEASE before p6, 11.4-STABLE before r361919, 11.3-RELEASE before p10, and 11.4-RC2 before p1, an invalid memory location may be used for HID items if the push/pop level is not restored within the processing of that HID item allowing an attacker with physical access to a USB port to be able to use a specially crafted USB device to gain kernel or user-space code execution. | 7.2 |
2020-05-24 | CVE-2020-13434 | Integer Overflow or Wraparound vulnerability in multiple products SQLite through 3.32.0 has an integer overflow in sqlite3_str_vappendf in printf.c. | 5.5 |
2020-05-13 | CVE-2020-7455 | Missing Release of Resource after Effective Lifetime vulnerability in Freebsd 11.3/11.4/12.1 In FreeBSD 12.1-STABLE before r360973, 12.1-RELEASE before p5, 11.4-STABLE before r360973, 11.4-BETA1 before p1 and 11.3-RELEASE before p9, the FTP packet handler in libalias incorrectly calculates some packet length allowing disclosure of small amounts of kernel (for kernel NAT) or natd process space (for userspace natd). | 2.1 |
2020-05-13 | CVE-2020-7454 | Out-of-bounds Write vulnerability in Freebsd 11.3/11.4/12.1 In FreeBSD 12.1-STABLE before r360971, 12.1-RELEASE before p5, 11.4-STABLE before r360971, 11.4-BETA1 before p1 and 11.3-RELEASE before p9, libalias does not properly validate packet length resulting in modules causing an out of bounds read/write condition if no checking was built into the module. | 7.5 |
2020-03-14 | CVE-2020-10566 | Classic Buffer Overflow vulnerability in Freebsd grub2-bhyve, as used in FreeBSD bhyve before revision 525916 2020-02-12, mishandles font loading by a guest through a grub2.cfg file, leading to a buffer overflow. | 4.6 |
2020-03-14 | CVE-2020-10565 | Improper Privilege Management vulnerability in Freebsd grub2-bhyve, as used in FreeBSD bhyve before revision 525916 2020-02-12, does not validate the address provided as part of a memrw command (read_* or write_*) by a guest through a grub2.cfg file. | 7.2 |
2019-01-31 | CVE-2019-6111 | Path Traversal vulnerability in multiple products An issue was discovered in OpenSSH 7.9. | 5.9 |