Vulnerabilities > Freebsd
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-02-20 | CVE-2012-5365 | Resource Exhaustion vulnerability in multiple products The IPv6 implementation in FreeBSD and NetBSD (unknown versions, year 2012 and earlier) allows remote attackers to cause a denial of service via a flood of ICMPv6 Router Advertisement packets containing multiple Routing entries. | 7.5 |
| 2020-02-20 | CVE-2012-5363 | Resource Exhaustion vulnerability in multiple products The IPv6 implementation in FreeBSD and NetBSD (unknown versions, year 2012 and earlier) allows remote attackers to cause a denial of service via a flood of ICMPv6 Neighbor Solicitation messages, a different vulnerability than CVE-2011-2393. | 7.5 |
| 2020-02-20 | CVE-2015-2923 | Improper Input Validation vulnerability in Freebsd The Neighbor Discovery (ND) protocol implementation in the IPv6 stack in FreeBSD through 10.1 allows remote attackers to reconfigure a hop-limit setting via a small hop_limit value in a Router Advertisement (RA) message. | 6.5 |
| 2020-02-18 | CVE-2014-3879 | Improper Authentication vulnerability in Freebsd OpenPAM Nummularia 9.2 through 10.0 does not properly handle the error reported when an include directive refers to a policy that does not exist, which causes the loaded policy chain to no be discarded and allows context-dependent attackers to bypass authentication via a login (1) without a password or (2) with an incorrect password. | 9.8 |
| 2020-02-18 | CVE-2020-7450 | Out-of-bounds Write vulnerability in Freebsd 11.3/12.0/12.1 In FreeBSD 12.1-STABLE before r357213, 12.1-RELEASE before 12.1-RELEASE-p2, 12.0-RELEASE before 12.0-RELEASE-p13, 11.3-STABLE before r357214, and 11.3-RELEASE before 11.3-RELEASE-p6, URL handling in libfetch with URLs containing username and/or password components is vulnerable to a heap buffer overflow allowing program misbehavior or malicious code execution. | 9.8 |
| 2020-02-18 | CVE-2019-5613 | Insufficient Verification of Data Authenticity vulnerability in Freebsd 12.0 In FreeBSD 12.0-RELEASE before 12.0-RELEASE-p13, a missing check in the ipsec packet processor allows reinjection of an old packet to be accepted by the ipsec endpoint. | 9.8 |
| 2020-02-18 | CVE-2019-15875 | Improper Initialization vulnerability in Freebsd 11.3/12.0/12.1 In FreeBSD 12.1-STABLE before r354734, 12.1-RELEASE before 12.1-RELEASE-p2, 12.0-RELEASE before 12.0-RELEASE-p13, 11.3-STABLE before r354735, and 11.3-RELEASE before 11.3-RELEASE-p6, due to incorrect initialization of a stack data structure, core dump files may contain up to 20 bytes of kernel data previously stored on the stack. | 3.3 |
| 2020-02-12 | CVE-2011-3336 | Resource Exhaustion vulnerability in multiple products regcomp in the BSD implementation of libc is vulnerable to denial of service due to stack exhaustion. | 7.5 |
| 2019-12-11 | CVE-2019-14899 | A vulnerability was discovered in Linux, FreeBSD, OpenBSD, MacOS, iOS, and Android that allows a malicious access point, or an adjacent user, to determine if a connected user is using a VPN, make positive inferences about the websites they are visiting, and determine the correct sequence and acknowledgement numbers in use, allowing the bad actor to inject data into the TCP stream. | 7.4 |
| 2019-12-02 | CVE-2012-4576 | Improper Input Validation vulnerability in multiple products FreeBSD: Input Validation Flaw allows local users to gain elevated privileges | 7.8 |