Vulnerabilities > Freebsd > High

DATE CVE VULNERABILITY TITLE RISK
2020-03-14 CVE-2020-10566 Classic Buffer Overflow vulnerability in Freebsd
grub2-bhyve, as used in FreeBSD bhyve before revision 525916 2020-02-12, mishandles font loading by a guest through a grub2.cfg file, leading to a buffer overflow.
local
low complexity
freebsd CWE-120
7.8
2020-03-14 CVE-2020-10565 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Freebsd
grub2-bhyve, as used in FreeBSD bhyve before revision 525916 2020-02-12, does not validate the address provided as part of a memrw command (read_* or write_*) by a guest through a grub2.cfg file.
local
low complexity
freebsd CWE-119
7.8
2020-02-20 CVE-2012-5365 Resource Exhaustion vulnerability in multiple products
The IPv6 implementation in FreeBSD and NetBSD (unknown versions, year 2012 and earlier) allows remote attackers to cause a denial of service via a flood of ICMPv6 Router Advertisement packets containing multiple Routing entries.
network
low complexity
freebsd netbsd CWE-400
7.5
2020-02-20 CVE-2012-5363 Resource Exhaustion vulnerability in multiple products
The IPv6 implementation in FreeBSD and NetBSD (unknown versions, year 2012 and earlier) allows remote attackers to cause a denial of service via a flood of ICMPv6 Neighbor Solicitation messages, a different vulnerability than CVE-2011-2393.
network
low complexity
freebsd netbsd CWE-400
7.5
2020-02-12 CVE-2011-3336 Resource Exhaustion vulnerability in multiple products
regcomp in the BSD implementation of libc is vulnerable to denial of service due to stack exhaustion.
network
low complexity
freebsd apple openbsd php CWE-400
7.5
2019-12-11 CVE-2019-14899 A vulnerability was discovered in Linux, FreeBSD, OpenBSD, MacOS, iOS, and Android that allows a malicious access point, or an adjacent user, to determine if a connected user is using a VPN, make positive inferences about the websites they are visiting, and determine the correct sequence and acknowledgement numbers in use, allowing the bad actor to inject data into the TCP stream.
low complexity
freebsd linux openbsd apple
7.4
2019-12-02 CVE-2012-4576 Improper Input Validation vulnerability in multiple products
FreeBSD: Input Validation Flaw allows local users to gain elevated privileges
local
low complexity
freebsd debian CWE-20
7.8
2019-11-27 CVE-2011-2480 Information Exposure vulnerability in multiple products
Information Disclosure vulnerability in the 802.11 stack, as used in FreeBSD before 8.2 and NetBSD when using certain non-x86 architectures.
network
low complexity
freebsd netbsd CWE-200
7.5
2019-11-01 CVE-2012-2979 Incorrect Resource Transfer Between Spheres vulnerability in Freebsd Name Server Daemon
FreeBSD NSD before 3.2.13 allows remote attackers to crash a NSD child server process (SIGSEGV) and cause a denial of service in the NSD server.
network
low complexity
freebsd CWE-669
7.5
2019-08-30 CVE-2019-5612 Race Condition vulnerability in multiple products
In FreeBSD 12.0-STABLE before r351264, 12.0-RELEASE before 12.0-RELEASE-p10, 11.3-STABLE before r351265, 11.3-RELEASE before 11.3-RELEASE-p3, and 11.2-RELEASE before 11.2-RELEASE-p14, the kernel driver for /dev/midistat implements a read handler that is not thread-safe.
network
low complexity
freebsd netapp CWE-362
7.5