Vulnerabilities > Freebsd

DATE CVE VULNERABILITY TITLE RISK
2021-03-26 CVE-2020-7464 Injection vulnerability in Freebsd
In FreeBSD 12.2-STABLE before r365730, 11.4-STABLE before r365738, 12.1-RELEASE before p10, 11.4-RELEASE before p4, and 11.3-RELEASE before p14, a programming error in the ure(4) device driver caused some Realtek USB Ethernet interfaces to incorrectly report packets with more than 2048 bytes in a single USB transfer as having a length of only 2048 bytes.
network
low complexity
freebsd CWE-74
5.0
2021-03-26 CVE-2020-7463 Use After Free vulnerability in multiple products
In FreeBSD 12.1-STABLE before r364644, 11.4-STABLE before r364651, 12.1-RELEASE before p9, 11.4-RELEASE before p3, and 11.3-RELEASE before p13, improper handling in the kernel causes a use-after-free bug by sending large user messages from multiple threads on the same SCTP socket.
local
low complexity
freebsd apple CWE-416
5.5
2021-03-26 CVE-2020-7462 Use After Free vulnerability in Freebsd 11.3/11.4
In 11.4-PRERELEASE before r360733 and 11.3-RELEASE before p13, improper mbuf handling in the kernel causes a use-after-free bug by sending IPv6 Hop-by-Hop options over the loopback interface.
local
low complexity
freebsd CWE-416
4.9
2021-03-26 CVE-2020-7461 Out-of-bounds Write vulnerability in multiple products
In FreeBSD 12.1-STABLE before r365010, 11.4-STABLE before r365011, 12.1-RELEASE before p9, 11.4-RELEASE before p3, and 11.3-RELEASE before p13, dhclient(8) fails to handle certain malformed input related to handling of DHCP option 119 resulting a heap overflow.
network
low complexity
freebsd siemens CWE-787
7.5
2021-03-26 CVE-2020-25582 Race Condition vulnerability in Freebsd 11.4/12.2
In FreeBSD 12.2-STABLE before r369334, 11.4-STABLE before r369335, 12.2-RELEASE before p4 and 11.4-RELEASE before p8 when a process, such as jexec(8) or killall(1), calls jail_attach(2) to enter a jail, the jailed root can attach to it using ptrace(2) before the current working directory is changed.
network
low complexity
freebsd CWE-362
8.5
2021-03-26 CVE-2020-25581 Race Condition vulnerability in Freebsd 11.4/12.2
In FreeBSD 12.2-STABLE before r369312, 11.4-STABLE before r369313, 12.2-RELEASE before p4 and 11.4-RELEASE before p8 due to a race condition in the jail_remove(2) implementation, it may fail to kill some of the processes.
network
freebsd CWE-362
8.5
2021-03-26 CVE-2020-25580 Incorrect Comparison vulnerability in Freebsd 11.4/12.2
In FreeBSD 12.2-STABLE before r369346, 11.4-STABLE before r369345, 12.2-RELEASE before p4 and 11.4-RELEASE before p8 a regression in the login.access(5) rule processor has the effect of causing rules to fail to match even when they should not.
network
low complexity
freebsd CWE-697
5.0
2021-03-26 CVE-2020-25579 Missing Initialization of Resource vulnerability in Freebsd 11.4/12.1/12.2
In FreeBSD 12.2-STABLE before r368969, 11.4-STABLE before r369047, 12.2-RELEASE before p3, 12.1-RELEASE before p13 and 11.4-RELEASE before p7 msdosfs(5) was failing to zero-fill a pair of padding fields in the dirent structure, resulting in a leak of three uninitialized bytes.
network
low complexity
freebsd CWE-909
5.0
2021-03-26 CVE-2020-25578 Information Exposure vulnerability in Freebsd 11.4/12.1/12.2
In FreeBSD 12.2-STABLE before r368969, 11.4-STABLE before r369047, 12.2-RELEASE before p3, 12.1-RELEASE before p13 and 11.4-RELEASE before p7 several file systems were not properly initializing the d_off field of the dirent structures returned by VOP_READDIR.
network
low complexity
freebsd CWE-200
5.0
2021-03-25 CVE-2021-3450 Improper Certificate Validation vulnerability in multiple products
The X509_V_FLAG_X509_STRICT flag enables additional security checks of the certificates present in a certificate chain.
7.4