Vulnerabilities > Freebsd > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-12-13 | CVE-2023-6534 | Unspecified vulnerability in Freebsd 12.4/13.2/14.0 In versions of FreeBSD 14.0-RELEASE before 14-RELEASE-p2, FreeBSD 13.2-RELEASE before 13.2-RELEASE-p7 and FreeBSD 12.4-RELEASE before 12.4-RELEASE-p9, the pf(4) packet filter incorrectly validates TCP sequence numbers. | 7.5 |
| 2023-11-08 | CVE-2023-5978 | Unspecified vulnerability in Freebsd 13.0/13.1/13.2 In versions of FreeBSD 13-RELEASE before 13-RELEASE-p5, under certain circumstances the cap_net libcasper(3) service incorrectly validates that updated constraints are strictly subsets of the active constraints. | 7.5 |
| 2023-10-04 | CVE-2023-5369 | Improper Check for Dropped Privileges vulnerability in Freebsd 13.2 Before correction, the copy_file_range system call checked only for the CAP_READ and CAP_WRITE capabilities on the input and output file descriptors, respectively. | 7.1 |
| 2023-09-06 | CVE-2023-4809 | Unspecified vulnerability in Freebsd In pf packet processing with a 'scrub fragment reassemble' rule, a packet containing multiple IPv6 fragment headers would be reassembled, and then immediately processed. | 7.5 |
| 2023-08-01 | CVE-2023-3107 | Integer Overflow or Wraparound vulnerability in multiple products A set of carefully crafted ipv6 packets can trigger an integer overflow in the calculation of a fragment reassembled packet's payload length field. | 7.5 |
| 2023-08-01 | CVE-2023-3494 | Classic Buffer Overflow vulnerability in Freebsd 13.1/13.2 The fwctl driver implements a state machine which is executed when a bhyve guest accesses certain x86 I/O ports. | 8.8 |
| 2022-09-06 | CVE-2022-32264 | Improper Handling of Exceptional Conditions vulnerability in Freebsd sys/netinet/tcp_timer.h in FreeBSD before 7.0 contains a denial-of-service (DoS) vulnerability due to improper handling of TSopt on TCP connections. | 7.5 |
| 2021-08-30 | CVE-2021-29630 | Out-of-bounds Write vulnerability in Freebsd 11.4/12.2/13.0 In FreeBSD 13.0-STABLE before n246938-0729ba2f49c9, 12.2-STABLE before r370383, 11.4-STABLE before r370381, 13.0-RELEASE before p4, 12.2-RELEASE before p10, and 11.4-RELEASE before p13, the ggatec daemon does not validate the size of a response before writing it to a fixed-sized buffer allowing a malicious attacker in a privileged network position to overwrite the stack of ggatec and potentially execute arbitrary code. | 7.6 |
| 2021-08-30 | CVE-2021-29631 | Use of Uninitialized Resource vulnerability in Freebsd 11.4/12.2/13.0 In FreeBSD 13.0-STABLE before n246941-20f96f215562, 12.2-STABLE before r370400, 11.4-STABLE before r370399, 13.0-RELEASE before p4, 12.2-RELEASE before p10, and 11.4-RELEASE before p13, certain VirtIO-based device models in bhyve failed to handle errors when fetching I/O descriptors. | 7.2 |
| 2021-04-07 | CVE-2021-29627 | Use After Free vulnerability in Freebsd In FreeBSD 13.0-STABLE before n245050, 12.2-STABLE before r369525, 13.0-RC4 before p0, and 12.2-RELEASE before p6, listening socket accept filters implementing the accf_create callback incorrectly freed a process supplied argument string. | 7.2 |