Vulnerabilities > Freebsd
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-02-18 | CVE-2020-7450 | Out-of-bounds Write vulnerability in Freebsd 11.3/12.0/12.1 In FreeBSD 12.1-STABLE before r357213, 12.1-RELEASE before 12.1-RELEASE-p2, 12.0-RELEASE before 12.0-RELEASE-p13, 11.3-STABLE before r357214, and 11.3-RELEASE before 11.3-RELEASE-p6, URL handling in libfetch with URLs containing username and/or password components is vulnerable to a heap buffer overflow allowing program misbehavior or malicious code execution. | 9.8 |
| 2020-02-18 | CVE-2019-5613 | Insufficient Verification of Data Authenticity vulnerability in Freebsd 12.0 In FreeBSD 12.0-RELEASE before 12.0-RELEASE-p13, a missing check in the ipsec packet processor allows reinjection of an old packet to be accepted by the ipsec endpoint. | 9.8 |
| 2020-02-18 | CVE-2019-15875 | Improper Initialization vulnerability in Freebsd 11.3/12.0/12.1 In FreeBSD 12.1-STABLE before r354734, 12.1-RELEASE before 12.1-RELEASE-p2, 12.0-RELEASE before 12.0-RELEASE-p13, 11.3-STABLE before r354735, and 11.3-RELEASE before 11.3-RELEASE-p6, due to incorrect initialization of a stack data structure, core dump files may contain up to 20 bytes of kernel data previously stored on the stack. | 3.3 |
| 2020-02-12 | CVE-2011-3336 | Resource Exhaustion vulnerability in multiple products regcomp in the BSD implementation of libc is vulnerable to denial of service due to stack exhaustion. | 7.5 |
| 2019-12-11 | CVE-2019-14899 | Man-in-the-Middle vulnerability in multiple products A vulnerability was discovered in Linux, FreeBSD, OpenBSD, MacOS, iOS, and Android that allows a malicious access point, or an adjacent user, to determine if a connected user is using a VPN, make positive inferences about the websites they are visiting, and determine the correct sequence and acknowledgement numbers in use, allowing the bad actor to inject data into the TCP stream. | 7.4 |
| 2019-12-02 | CVE-2012-4576 | Improper Input Validation vulnerability in multiple products FreeBSD: Input Validation Flaw allows local users to gain elevated privileges | 7.8 |
| 2019-11-27 | CVE-2011-2480 | Information Exposure vulnerability in multiple products Information Disclosure vulnerability in the 802.11 stack, as used in FreeBSD before 8.2 and NetBSD when using certain non-x86 architectures. | 7.5 |
| 2019-11-01 | CVE-2012-2979 | Incorrect Resource Transfer Between Spheres vulnerability in Freebsd Name Server Daemon FreeBSD NSD before 3.2.13 allows remote attackers to crash a NSD child server process (SIGSEGV) and cause a denial of service in the NSD server. | 7.5 |
| 2019-08-30 | CVE-2019-5612 | Race Condition vulnerability in multiple products In FreeBSD 12.0-STABLE before r351264, 12.0-RELEASE before 12.0-RELEASE-p10, 11.3-STABLE before r351265, 11.3-RELEASE before 11.3-RELEASE-p3, and 11.2-RELEASE before 11.2-RELEASE-p14, the kernel driver for /dev/midistat implements a read handler that is not thread-safe. | 7.5 |
| 2019-08-30 | CVE-2019-5611 | Improper Input Validation vulnerability in multiple products In FreeBSD 12.0-STABLE before r350828, 12.0-RELEASE before 12.0-RELEASE-p10, 11.3-STABLE before r350829, 11.3-RELEASE before 11.3-RELEASE-p3, and 11.2-RELEASE before 11.2-RELEASE-p14, a missing check in the function to arrange data in a chain of mbufs could cause data returned not to be contiguous. | 7.5 |