Vulnerabilities > Freebsd
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-07-01 | CVE-2024-6387 | Race Condition vulnerability in multiple products A security regression (CVE-2006-5051) was discovered in OpenSSH's server (sshd). | 8.1 |
| 2024-02-15 | CVE-2022-23084 | Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in Freebsd The total size of the user-provided nmreq to nmreq_copyin() was first computed and then trusted during the copyin. | 7.5 |
| 2024-02-15 | CVE-2022-23085 | Out-of-bounds Write vulnerability in Freebsd A user-provided integer option was passed to nmreq_copyin() without checking if it would overflow. | 8.2 |
| 2024-02-15 | CVE-2022-23086 | Out-of-bounds Write vulnerability in Freebsd Handlers for *_CFG_PAGE read / write ioctls in the mpr, mps, and mpt drivers allocated a buffer of a caller-specified size, but copied to it a fixed size header. | 7.8 |
| 2024-02-15 | CVE-2022-23087 | Out-of-bounds Write vulnerability in Freebsd The e1000 network adapters permit a variety of modifications to an Ethernet packet when it is being transmitted. | 8.8 |
| 2023-12-24 | CVE-2023-51765 | Insufficient Verification of Data Authenticity vulnerability in multiple products sendmail through 8.17.2 allows SMTP smuggling in certain configurations. | 5.3 |
| 2023-12-18 | CVE-2023-48795 | Improper Validation of Integrity Check Value vulnerability in multiple products The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass integrity checks such that some packets are omitted (from the extension negotiation message), and a client and server may consequently end up with a connection for which some security features have been downgraded or disabled, aka a Terrapin attack. network high complexity openbsd putty filezilla-project microsoft panic roumenpetrov winscp bitvise lancom-systems vandyke libssh net-ssh ssh2-project proftpd freebsd crates tera-term-project oryx-embedded crushftp netsarang paramiko redhat golang russh-project sftpgo-project erlang matez libssh2 asyncssh-project dropbear-ssh-project jadaptive ssh thorntech netgate connectbot apache tinyssh trilead 9bis gentoo fedoraproject debian apple CWE-354 | 5.9 |
| 2023-12-13 | CVE-2023-6534 | Unspecified vulnerability in Freebsd 12.4/13.2/14.0 In versions of FreeBSD 14.0-RELEASE before 14-RELEASE-p2, FreeBSD 13.2-RELEASE before 13.2-RELEASE-p7 and FreeBSD 12.4-RELEASE before 12.4-RELEASE-p9, the pf(4) packet filter incorrectly validates TCP sequence numbers. | 7.5 |
| 2023-12-13 | CVE-2023-6660 | Unspecified vulnerability in Freebsd 13.2/14.0 When a program running on an affected system appends data to a file via an NFS client mount, the bug can cause the NFS client to fail to copy in the data to be written but proceed as though the copy operation had succeeded. | 6.5 |
| 2023-11-08 | CVE-2023-5941 | Incorrect Calculation of Buffer Size vulnerability in Freebsd In versions of FreeBSD 12.4-RELEASE prior to 12.4-RELEASE-p7 and FreeBSD 13.2-RELEASE prior to 13.2-RELEASE-p5 the __sflush() stdio function in libc does not correctly update FILE objects' write space members for write-buffered streams when the write(2) system call returns an error. | 9.8 |