Vulnerabilities > Freebsd

DATE CVE VULNERABILITY TITLE RISK
2018-09-28 CVE-2018-17155 Information Exposure vulnerability in Freebsd
In FreeBSD before 11.2-STABLE(r338983), 11.2-RELEASE-p4, 11.1-RELEASE-p15, 10.4-STABLE(r338984), and 10.4-RELEASE-p13, due to insufficient initialization of memory copied to userland in the getcontext and swapcontext system calls, small amounts of kernel memory may be disclosed to userland processes.
local
low complexity
freebsd CWE-200
5.5
2018-09-28 CVE-2018-17154 NULL Pointer Dereference vulnerability in Freebsd
In FreeBSD before 11.2-STABLE(r338987), 11.2-RELEASE-p4, and 11.1-RELEASE-p15, due to insufficient memory checking in the freebsd4_getfsstat system call, a NULL pointer dereference can occur.
local
low complexity
freebsd CWE-476
5.5
2018-09-12 CVE-2018-6924 Improper Input Validation vulnerability in Freebsd
In FreeBSD before 11.1-STABLE, 11.2-RELEASE-p3, 11.1-RELEASE-p14, 10.4-STABLE, and 10.4-RELEASE-p12, insufficient validation in the ELF header parser could allow a malicious ELF binary to cause a kernel crash or disclose kernel memory.
local
low complexity
freebsd CWE-20
7.1
2018-09-12 CVE-2017-1085 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Freebsd
In FreeBSD before 11.2-RELEASE, an application which calls setrlimit() to increase RLIMIT_STACK may turn a read-only memory region below the stack into a read-write region.
local
low complexity
freebsd CWE-119
7.8
2018-09-12 CVE-2017-1084 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Freebsd
In FreeBSD before 11.2-RELEASE, multiple issues with the implementation of the stack guard-page reduce the protections afforded by the guard-page.
network
low complexity
freebsd CWE-119
7.5
2018-09-12 CVE-2017-1083 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Freebsd
In FreeBSD before 11.2-RELEASE, a stack guard-page is available but is disabled by default.
network
low complexity
freebsd CWE-119
7.5
2018-09-12 CVE-2017-1082 Improper Input Validation vulnerability in Freebsd
In FreeBSD 11.x before 11.1-RELEASE and 10.x before 10.4-RELEASE, the qsort algorithm has a deterministic recursion pattern.
network
low complexity
freebsd CWE-20
7.5
2018-09-04 CVE-2018-6923 Resource Exhaustion vulnerability in Freebsd
In FreeBSD before 11.1-STABLE, 11.2-RELEASE-p2, 11.1-RELEASE-p13, ip fragment reassembly code is vulnerable to a denial of service due to excessive system resource consumption.
network
low complexity
freebsd CWE-400
7.5
2018-08-09 CVE-2018-6922 Resource Exhaustion vulnerability in Freebsd 10.4/11.1/11.2
One of the data structures that holds TCP segments in all versions of FreeBSD prior to 11.2-RELEASE-p1, 11.1-RELEASE-p12, and 10.4-RELEASE-p10 uses an inefficient algorithm to reassemble the data.
network
low complexity
freebsd CWE-400
5.3
2018-07-13 CVE-2016-6559 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Freebsd
Improper bounds checking of the obuf variable in the link_ntoa() function in linkaddr.c of the BSD libc library may allow an attacker to read or write from memory.
network
low complexity
freebsd CWE-119
critical
9.8