Vulnerabilities > Freebsd > Freebsd > 12.2
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-03-26 | CVE-2020-25582 | Race Condition vulnerability in Freebsd 11.4/12.2 In FreeBSD 12.2-STABLE before r369334, 11.4-STABLE before r369335, 12.2-RELEASE before p4 and 11.4-RELEASE before p8 when a process, such as jexec(8) or killall(1), calls jail_attach(2) to enter a jail, the jailed root can attach to it using ptrace(2) before the current working directory is changed. | 8.5 |
| 2021-03-26 | CVE-2020-25581 | Race Condition vulnerability in Freebsd 11.4/12.2 In FreeBSD 12.2-STABLE before r369312, 11.4-STABLE before r369313, 12.2-RELEASE before p4 and 11.4-RELEASE before p8 due to a race condition in the jail_remove(2) implementation, it may fail to kill some of the processes. | 8.5 |
| 2021-03-26 | CVE-2020-25580 | Incorrect Comparison vulnerability in Freebsd 11.4/12.2 In FreeBSD 12.2-STABLE before r369346, 11.4-STABLE before r369345, 12.2-RELEASE before p4 and 11.4-RELEASE before p8 a regression in the login.access(5) rule processor has the effect of causing rules to fail to match even when they should not. | 5.0 |
| 2021-03-26 | CVE-2020-25579 | Missing Initialization of Resource vulnerability in Freebsd 11.4/12.1/12.2 In FreeBSD 12.2-STABLE before r368969, 11.4-STABLE before r369047, 12.2-RELEASE before p3, 12.1-RELEASE before p13 and 11.4-RELEASE before p7 msdosfs(5) was failing to zero-fill a pair of padding fields in the dirent structure, resulting in a leak of three uninitialized bytes. | 5.0 |
| 2021-03-26 | CVE-2020-25578 | Information Exposure vulnerability in Freebsd 11.4/12.1/12.2 In FreeBSD 12.2-STABLE before r368969, 11.4-STABLE before r369047, 12.2-RELEASE before p3, 12.1-RELEASE before p13 and 11.4-RELEASE before p7 several file systems were not properly initializing the d_off field of the dirent structures returned by VOP_READDIR. | 5.0 |
| 2021-03-25 | CVE-2021-3450 | Improper Certificate Validation vulnerability in multiple products The X509_V_FLAG_X509_STRICT flag enables additional security checks of the certificates present in a certificate chain. | 7.4 |
| 2021-03-25 | CVE-2021-3449 | NULL Pointer Dereference vulnerability in multiple products An OpenSSL TLS server may crash if sent a maliciously crafted renegotiation ClientHello message from a client. | 5.9 |
| 2020-03-14 | CVE-2020-10565 | Improper Privilege Management vulnerability in Freebsd grub2-bhyve, as used in FreeBSD bhyve before revision 525916 2020-02-12, does not validate the address provided as part of a memrw command (read_* or write_*) by a guest through a grub2.cfg file. | 7.2 |