Vulnerabilities > Freebsd > Medium

DATE CVE VULNERABILITY TITLE RISK
2018-09-28 CVE-2018-6925 NULL Pointer Dereference vulnerability in Freebsd
In FreeBSD before 11.2-STABLE(r338986), 11.2-RELEASE-p4, 11.1-RELEASE-p15, 10.4-STABLE(r338985), and 10.4-RELEASE-p13, due to improper maintenance of IPv6 protocol control block flags through various failure paths, an unprivileged authenticated local user may be able to cause a NULL pointer dereference causing the kernel to crash.
local
low complexity
freebsd CWE-476
4.9
2018-09-28 CVE-2018-17154 NULL Pointer Dereference vulnerability in Freebsd
In FreeBSD before 11.2-STABLE(r338987), 11.2-RELEASE-p4, and 11.1-RELEASE-p15, due to insufficient memory checking in the freebsd4_getfsstat system call, a NULL pointer dereference can occur.
local
low complexity
freebsd CWE-476
4.9
2018-09-12 CVE-2018-6924 Improper Input Validation vulnerability in Freebsd 10.4/11.0/11.2
In FreeBSD before 11.1-STABLE, 11.2-RELEASE-p3, 11.1-RELEASE-p14, 10.4-STABLE, and 10.4-RELEASE-p12, insufficient validation in the ELF header parser could allow a malicious ELF binary to cause a kernel crash or disclose kernel memory.
local
low complexity
freebsd CWE-20
5.6
2018-09-12 CVE-2017-1082 Improper Input Validation vulnerability in Freebsd
In FreeBSD 11.x before 11.1-RELEASE and 10.x before 10.4-RELEASE, the qsort algorithm has a deterministic recursion pattern.
network
low complexity
freebsd CWE-20
5.0
2018-08-09 CVE-2018-6922 Resource Exhaustion vulnerability in Freebsd 10.4/11.1/11.2
One of the data structures that holds TCP segments in all versions of FreeBSD prior to 11.2-RELEASE-p1, 11.1-RELEASE-p12, and 10.4-RELEASE-p10 uses an inefficient algorithm to reassemble the data.
network
low complexity
freebsd CWE-400
5.0
2018-06-21 CVE-2018-3665 Information Exposure vulnerability in multiple products
System software utilizing Lazy FP state restore technique on systems using Intel Core-based microprocessors may potentially allow a local process to infer data from another process through a speculative execution side channel.
4.7
2018-06-04 CVE-2016-9042 Improper Input Validation vulnerability in multiple products
An exploitable denial of service vulnerability exists in the origin timestamp check functionality of ntpd 4.2.8p9.
network
high complexity
ntp freebsd hpe siemens CWE-20
5.9
2018-04-04 CVE-2018-6919 Information Exposure vulnerability in Freebsd
In FreeBSD before 11.1-STABLE, 11.1-RELEASE-p9, 10.4-STABLE, 10.4-RELEASE-p8 and 10.3-RELEASE-p28, due to insufficient initialization of memory copied to userland, small amounts of kernel memory may be disclosed to userland processes.
network
low complexity
freebsd CWE-200
5.0
2018-04-04 CVE-2018-6917 Integer Overflow or Wraparound vulnerability in Freebsd
In FreeBSD before 11.1-STABLE, 11.1-RELEASE-p9, 10.4-STABLE, 10.4-RELEASE-p8 and 10.3-RELEASE-p28, insufficient validation of user-provided font parameters can result in an integer overflow, leading to the use of arbitrary kernel memory as glyph data.
network
low complexity
freebsd CWE-190
5.0
2018-04-02 CVE-2018-6253 Infinite Loop vulnerability in Nvidia GPU Driver
NVIDIA GPU Display Driver contains a vulnerability in the DirectX and OpenGL Usermode drivers where a specially crafted pixel shader can cause infinite recursion leading to denial of service.
local
low complexity
nvidia freebsd linux microsoft oracle CWE-835
4.9