Vulnerabilities > Freebsd
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-04-28 | CVE-2020-7451 | Use of Uninitialized Resource vulnerability in Freebsd 11.3/12.1 In FreeBSD 12.1-STABLE before r358739, 12.1-RELEASE before 12.1-RELEASE-p3, 11.3-STABLE before r358740, and 11.3-RELEASE before 11.3-RELEASE-p7, a TCP SYN-ACK or challenge TCP-ACK segment over IPv6 that is transmitted or retransmitted does not properly initialize the Traffic Class field disclosing one byte of kernel memory over the network. | 5.3 |
| 2020-04-28 | CVE-2019-15877 | Missing Authorization vulnerability in Freebsd 12.1 In FreeBSD 12.1-STABLE before r356606 and 12.1-RELEASE before 12.1-RELEASE-p3, driver specific ioctl command handlers in the ixl network driver failed to check whether the caller has sufficient privileges allowing unprivileged users to trigger updates to the device's non-volatile memory. | 5.5 |
| 2020-04-28 | CVE-2019-15876 | Missing Authorization vulnerability in Freebsd 11.3/12.1 In FreeBSD 12.1-STABLE before r356089, 12.1-RELEASE before 12.1-RELEASE-p3, 11.3-STABLE before r356090, and 11.3-RELEASE before 11.3-RELEASE-p7, driver specific ioctl command handlers in the oce network driver failed to check whether the caller has sufficient privileges allowing unprivileged users to send passthrough commands to the device firmware. | 5.5 |
| 2020-04-21 | CVE-2020-1967 | NULL Pointer Dereference vulnerability in multiple products Server or client applications that call the SSL_check_chain() function during or after a TLS 1.3 handshake may crash due to a NULL pointer dereference as a result of incorrect handling of the "signature_algorithms_cert" TLS extension. | 7.5 |
| 2020-03-14 | CVE-2020-10566 | Classic Buffer Overflow vulnerability in Freebsd grub2-bhyve, as used in FreeBSD bhyve before revision 525916 2020-02-12, mishandles font loading by a guest through a grub2.cfg file, leading to a buffer overflow. | 7.8 |
| 2020-03-14 | CVE-2020-10565 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Freebsd grub2-bhyve, as used in FreeBSD bhyve before revision 525916 2020-02-12, does not validate the address provided as part of a memrw command (read_* or write_*) by a guest through a grub2.cfg file. | 7.8 |
| 2020-02-20 | CVE-2012-5365 | Resource Exhaustion vulnerability in multiple products The IPv6 implementation in FreeBSD and NetBSD (unknown versions, year 2012 and earlier) allows remote attackers to cause a denial of service via a flood of ICMPv6 Router Advertisement packets containing multiple Routing entries. | 7.5 |
| 2020-02-20 | CVE-2012-5363 | Resource Exhaustion vulnerability in multiple products The IPv6 implementation in FreeBSD and NetBSD (unknown versions, year 2012 and earlier) allows remote attackers to cause a denial of service via a flood of ICMPv6 Neighbor Solicitation messages, a different vulnerability than CVE-2011-2393. | 7.5 |
| 2020-02-20 | CVE-2015-2923 | Improper Input Validation vulnerability in Freebsd The Neighbor Discovery (ND) protocol implementation in the IPv6 stack in FreeBSD through 10.1 allows remote attackers to reconfigure a hop-limit setting via a small hop_limit value in a Router Advertisement (RA) message. | 6.5 |
| 2020-02-18 | CVE-2014-3879 | Improper Authentication vulnerability in Freebsd OpenPAM Nummularia 9.2 through 10.0 does not properly handle the error reported when an include directive refers to a policy that does not exist, which causes the loaded policy chain to no be discarded and allows context-dependent attackers to bypass authentication via a login (1) without a password or (2) with an incorrect password. | 9.8 |