Vulnerabilities > Freebsd > Medium

DATE CVE VULNERABILITY TITLE RISK
2020-09-03 CVE-2020-24863 Out-of-bounds Write vulnerability in multiple products
A memory corruption vulnerability was found in the kernel function kern_getfsstat in MidnightBSD before 1.2.7 and 1.3 through 2020-08-19, and FreeBSD through 11.4, that allows an attacker to trigger an invalid free and crash the system via a crafted size value in conjunction with an invalid mode.
local
low complexity
midnightbsd freebsd CWE-787
4.9
2020-09-03 CVE-2020-24385 NULL Pointer Dereference vulnerability in multiple products
In MidnightBSD before 1.2.6 and 1.3 before August 2020, and FreeBSD before 7, a NULL pointer dereference was found in the Linux emulation layer that allows attackers to crash the running kernel.
local
low complexity
midnightbsd freebsd CWE-476
4.9
2020-08-06 CVE-2020-7460 Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in Freebsd 11.3/11.4/12.1
In FreeBSD 12.1-STABLE before r363918, 12.1-RELEASE before p8, 11.4-STABLE before r363919, 11.4-RELEASE before p2, and 11.3-RELEASE before p12, the sendmsg system call in the compat32 subsystem on 64-bit platforms has a time-of-check to time-of-use vulnerability allowing a mailcious userspace program to modify control message headers after they were validation.
4.4
2020-08-06 CVE-2020-7459 Improper Input Validation vulnerability in Freebsd 11.3/11.4/12.1
In FreeBSD 12.1-STABLE before r362166, 12.1-RELEASE before p8, 11.4-STABLE before r362167, 11.4-RELEASE before p2, and 11.3-RELEASE before p12, missing length validation code common to mulitple USB network drivers allows a malicious USB device to write beyond the end of an allocated network packet buffer.
local
low complexity
freebsd CWE-20
4.6
2020-07-09 CVE-2020-7457 Improper Synchronization vulnerability in Freebsd 11.3/11.4/12.1
In FreeBSD 12.1-STABLE before r359565, 12.1-RELEASE before p7, 11.4-STABLE before r362975, 11.4-RELEASE before p1, and 11.3-RELEASE before p11, missing synchronization in the IPV6_2292PKTOPTIONS socket option set handler contained a race condition allowing a malicious application to modify memory after being freed, possibly resulting in code execution.
network
freebsd CWE-662
6.8
2020-05-24 CVE-2020-13434 Integer Overflow or Wraparound vulnerability in multiple products
SQLite through 3.32.0 has an integer overflow in sqlite3_str_vappendf in printf.c.
5.5
2020-05-13 CVE-2019-15879 Race Condition vulnerability in Freebsd 11.3/12.1
In FreeBSD 12.1-STABLE before r356908, 12.1-RELEASE before p5, 11.3-STABLE before r356908, and 11.3-RELEASE before p9, a race condition in the cryptodev module permitted a data structure in the kernel to be used after it was freed, allowing an unprivileged process can overwrite arbitrary kernel memory.
network
freebsd CWE-362
5.8
2020-05-13 CVE-2019-15878 Use After Free vulnerability in Freebsd 11.3/12.1
In FreeBSD 12.1-STABLE before r352509, 11.3-STABLE before r352509, and 11.3-RELEASE before p9, an unprivileged local user can trigger a use-after-free situation due to improper checking in SCTP when an application tries to update an SCTP-AUTH shared key.
local
low complexity
freebsd CWE-416
4.6
2020-04-28 CVE-2020-7451 Information Exposure vulnerability in Freebsd 11.3/12.1
In FreeBSD 12.1-STABLE before r358739, 12.1-RELEASE before 12.1-RELEASE-p3, 11.3-STABLE before r358740, and 11.3-RELEASE before 11.3-RELEASE-p7, a TCP SYN-ACK or challenge TCP-ACK segment over IPv6 that is transmitted or retransmitted does not properly initialize the Traffic Class field disclosing one byte of kernel memory over the network.
network
low complexity
freebsd CWE-200
5.0
2020-03-14 CVE-2020-10566 Classic Buffer Overflow vulnerability in Freebsd
grub2-bhyve, as used in FreeBSD bhyve before revision 525916 2020-02-12, mishandles font loading by a guest through a grub2.cfg file, leading to a buffer overflow.
local
low complexity
freebsd CWE-120
4.6