Vulnerabilities > Freebsd > High

DATE CVE VULNERABILITY TITLE RISK
2018-05-08 CVE-2018-8897 Race Condition vulnerability in multiple products
A statement in the System Programming Guide of the Intel 64 and IA-32 Architectures Software Developer's Manual (SDM) was mishandled in the development of some or all operating-system kernels, resulting in unexpected behavior for #DB exceptions that are deferred by MOV SS or POP SS, as demonstrated by (for example) privilege escalation in Windows, macOS, some Xen configurations, or FreeBSD, or a Linux kernel crash.
7.8
2018-04-10 CVE-2017-1081 Improper Input Validation vulnerability in Freebsd
In FreeBSD before 11.0-STABLE, 11.0-RELEASE-p10, 10.3-STABLE, and 10.3-RELEASE-p19, ipfilter using "keep state" or "keep frags" options can cause a kernel panic when fed specially crafted packet fragments due to incorrect memory handling.
network
low complexity
freebsd CWE-20
7.5
2018-04-04 CVE-2018-6919 Information Exposure vulnerability in Freebsd
In FreeBSD before 11.1-STABLE, 11.1-RELEASE-p9, 10.4-STABLE, 10.4-RELEASE-p8 and 10.3-RELEASE-p28, due to insufficient initialization of memory copied to userland, small amounts of kernel memory may be disclosed to userland processes.
network
low complexity
freebsd CWE-200
7.5
2018-04-04 CVE-2018-6918 Infinite Loop vulnerability in Freebsd
In FreeBSD before 11.1-STABLE, 11.1-RELEASE-p9, 10.4-STABLE, 10.4-RELEASE-p8 and 10.3-RELEASE-p28, the length field of the ipsec option header does not count the size of the option header itself, causing an infinite loop when the length is zero.
network
low complexity
freebsd CWE-835
7.5
2018-04-04 CVE-2018-6917 Integer Overflow or Wraparound vulnerability in Freebsd
In FreeBSD before 11.1-STABLE, 11.1-RELEASE-p9, 10.4-STABLE, 10.4-RELEASE-p8 and 10.3-RELEASE-p28, insufficient validation of user-provided font parameters can result in an integer overflow, leading to the use of arbitrary kernel memory as glyph data.
network
low complexity
freebsd CWE-190
7.5
2018-02-05 CVE-2015-1418 Information Exposure vulnerability in Freebsd 10.1/10.2
The do_ed_script function in pch.c in GNU patch through 2.7.6, and patch in FreeBSD 10.1 before 10.1-RELEASE-p17, 10.2 before 10.2-BETA2-p3, 10.2-RC1 before 10.2-RC1-p2, and 0.2-RC2 before 10.2-RC2-p1, allows remote attackers to execute arbitrary commands via a crafted patch file, because a '!' character can be passed to the ed program.
local
low complexity
freebsd CWE-200
7.8
2018-02-05 CVE-2015-1416 Permissions, Privileges, and Access Controls vulnerability in Freebsd 10.0/10.1/10.2
Larry Wall's patch; patch in FreeBSD 10.2-RC1 before 10.2-RC1-p1, 10.2 before 10.2-BETA2-p2, and 10.1 before 10.1-RELEASE-p16; Bitrig; GNU patch before 2.2.5; and possibly other patch variants allow remote attackers to execute arbitrary shell commands via a crafted patch file.
local
low complexity
freebsd CWE-264
7.8
2017-11-16 CVE-2017-1087 Path Traversal vulnerability in Freebsd
In FreeBSD 10.x before 10.4-STABLE, 10.4-RELEASE-p3, and 10.3-RELEASE-p24 named paths are globally scoped, meaning a process located in one jail can read and modify the content of POSIX shared memory objects created by a process in another jail or the host system.
local
low complexity
freebsd CWE-22
7.8
2017-10-17 CVE-2017-13082 Use of Insufficiently Random Values vulnerability in multiple products
Wi-Fi Protected Access (WPA and WPA2) that supports IEEE 802.11r allows reinstallation of the Pairwise Transient Key (PTK) Temporal Key (TK) during the fast BSS transmission (FT) handshake, allowing an attacker within radio range to replay, decrypt, or spoof frames.
8.1
2017-10-10 CVE-2015-5675 Permissions, Privileges, and Access Controls vulnerability in Freebsd 10.1/9.3
The sys_amd64 IRET Handler in the kernel in FreeBSD 9.3 and 10.1 allows local users to gain privileges or cause a denial of service (kernel panic).
local
low complexity
freebsd CWE-264
7.8