Vulnerabilities > Freebsd > Medium

DATE CVE VULNERABILITY TITLE RISK
2024-08-12 CVE-2024-6759 Path Traversal vulnerability in Freebsd
When mounting a remote filesystem using NFS, the kernel did not sanitize remotely provided filenames for the path separator character, "/".
network
low complexity
freebsd CWE-22
5.3
2023-12-24 CVE-2023-51765 Insufficient Verification of Data Authenticity vulnerability in multiple products
sendmail through 8.17.2 allows SMTP smuggling in certain configurations.
network
low complexity
sendmail freebsd redhat CWE-345
5.3
2023-12-18 CVE-2023-48795 Improper Validation of Integrity Check Value vulnerability in multiple products
The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass integrity checks such that some packets are omitted (from the extension negotiation message), and a client and server may consequently end up with a connection for which some security features have been downgraded or disabled, aka a Terrapin attack.
5.9
2023-12-13 CVE-2023-6660 Unspecified vulnerability in Freebsd 13.2/14.0
When a program running on an affected system appends data to a file via an NFS client mount, the bug can cause the NFS client to fail to copy in the data to be written but proceed as though the copy operation had succeeded.
network
low complexity
freebsd
6.5
2023-10-04 CVE-2023-5368 Insecure Default Initialization of Resource vulnerability in Freebsd
On an msdosfs filesystem, the 'truncate' or 'ftruncate' system calls under certain circumstances populate the additional space in the file with unallocated data from the underlying disk device, rather than zero bytes. This may permit a user with write access to files on a msdosfs filesystem to read unintended data (e.g.
network
low complexity
freebsd CWE-1188
6.5
2023-10-04 CVE-2023-5370 Improper Initialization vulnerability in Freebsd 13.2
On CPU 0 the check for the SMCCC workaround is called before SMCCC support has been initialized.
local
low complexity
freebsd CWE-665
5.5
2023-02-08 CVE-2023-0751 Unspecified vulnerability in Freebsd 12.3/12.4/13.1
When GELI reads a key file from standard input, it does not reuse the key file to initialize multiple providers at once resulting in the second and subsequent devices silently using a NULL key as the user key file.
network
low complexity
freebsd
6.5
2022-01-18 CVE-2021-29632 Unspecified vulnerability in Freebsd 12.2/13.0
In FreeBSD 13.0-STABLE before n247428-9352de39c3dc, 12.2-STABLE before r370674, 13.0-RELEASE before p6, and 12.2-RELEASE before p12, certain conditions involving use of the highlight buffer while text is scrolling on the console, console data may overwrite data structures associated with the system console or other kernel memory.
network
low complexity
freebsd
5.0
2021-10-19 CVE-2011-1075 Race Condition vulnerability in Freebsd
FreeBSD's crontab calculates the MD5 sum of the previous and new cronjob to determine if any changes have been made before copying the new version in.
network
freebsd CWE-362
4.3
2021-06-04 CVE-2020-7469 Use After Free vulnerability in multiple products
In FreeBSD 12.2-STABLE before r367402, 11.4-STABLE before r368202, 12.2-RELEASE before p1, 12.1-RELEASE before p11 and 11.4-RELEASE before p5 the handler for a routing option caches a pointer into the packet buffer holding the ICMPv6 message.
network
low complexity
freebsd netapp CWE-416
5.0