Vulnerabilities > Freebsd > Medium
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2019-02-04 | CVE-2018-1000998 | Cross-site Scripting vulnerability in Freebsd Cvsweb 2.0.4/2.0.5/2.0.6 FreeBSD CVSweb version 2.x contains a Cross Site Scripting (XSS) vulnerability in all pages that can result in limited impact--CVSweb is anonymous & read-only. | 6.1 |
2019-01-31 | CVE-2019-6111 | Path Traversal vulnerability in multiple products An issue was discovered in OpenSSH 7.9. | 5.9 |
2018-11-28 | CVE-2018-17156 | Out-of-bounds Write vulnerability in Freebsd In FreeBSD before 11.2-STABLE(r340268) and 11.2-RELEASE-p5, due to incorrectly accounting for padding on 64-bit platforms, a buffer underwrite could occur when constructing an ICMP reply packet when using a non-standard value for the net.inet.icmp.quotelen sysctl. | 5.9 |
2018-09-28 | CVE-2018-6925 | NULL Pointer Dereference vulnerability in Freebsd In FreeBSD before 11.2-STABLE(r338986), 11.2-RELEASE-p4, 11.1-RELEASE-p15, 10.4-STABLE(r338985), and 10.4-RELEASE-p13, due to improper maintenance of IPv6 protocol control block flags through various failure paths, an unprivileged authenticated local user may be able to cause a NULL pointer dereference causing the kernel to crash. | 5.5 |
2018-09-28 | CVE-2018-17155 | Information Exposure vulnerability in Freebsd In FreeBSD before 11.2-STABLE(r338983), 11.2-RELEASE-p4, 11.1-RELEASE-p15, 10.4-STABLE(r338984), and 10.4-RELEASE-p13, due to insufficient initialization of memory copied to userland in the getcontext and swapcontext system calls, small amounts of kernel memory may be disclosed to userland processes. | 5.5 |
2018-09-28 | CVE-2018-17154 | NULL Pointer Dereference vulnerability in Freebsd In FreeBSD before 11.2-STABLE(r338987), 11.2-RELEASE-p4, and 11.1-RELEASE-p15, due to insufficient memory checking in the freebsd4_getfsstat system call, a NULL pointer dereference can occur. | 5.5 |
2018-08-09 | CVE-2018-6922 | Resource Exhaustion vulnerability in Freebsd 10.4/11.1/11.2 One of the data structures that holds TCP segments in all versions of FreeBSD prior to 11.2-RELEASE-p1, 11.1-RELEASE-p12, and 10.4-RELEASE-p10 uses an inefficient algorithm to reassemble the data. | 5.3 |
2018-06-21 | CVE-2018-3665 | Information Exposure vulnerability in multiple products System software utilizing Lazy FP state restore technique on systems using Intel Core-based microprocessors may potentially allow a local process to infer data from another process through a speculative execution side channel. | 5.6 |
2018-06-04 | CVE-2016-9042 | Improper Input Validation vulnerability in multiple products An exploitable denial of service vulnerability exists in the origin timestamp check functionality of ntpd 4.2.8p9. | 5.9 |
2018-05-08 | CVE-2018-6921 | Information Exposure vulnerability in Freebsd 11.0/11.1 In FreeBSD before 11.1-STABLE(r332066) and 11.1-RELEASE-p10, due to insufficient initialization of memory copied to userland in the network subsystem, small amounts of kernel memory may be disclosed to userland processes. | 5.5 |