FreeBSD
by FreeBSD
Source repositories
CVEs (510)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2020-7461 | 0.01 | — | 0.04 | Mar 26, 2021 | In FreeBSD 12.1-STABLE before r365010, 11.4-STABLE before r365011, 12.1-RELEASE before p9, 11.4-RELEASE before p3, and 11.3-RELEASE before p13, dhclient(8) fails to handle certain malformed input related to handling of DHCP option 119 resulting a heap overflow. The heap overflow… | |||
| CVE-2020-25578 | 0.01 | — | 0.02 | Mar 26, 2021 | In FreeBSD 12.2-STABLE before r368969, 11.4-STABLE before r369047, 12.2-RELEASE before p3, 12.1-RELEASE before p13 and 11.4-RELEASE before p7 several file systems were not properly initializing the d_off field of the dirent structures returned by VOP_READDIR. In particular,… | |||
| CVE-2019-5599 | 0.01 | — | 0.05 | Jul 2, 2019 | In FreeBSD 12.0-STABLE before r349197 and 12.0-RELEASE before 12.0-RELEASE-p6, a bug in the non-default RACK TCP stack can allow an attacker to cause several linked lists to grow unbounded and cause an expensive list traversal on every packet being processed, leading to resource… | |||
| CVE-2018-17157 | 0.01 | — | 0.24 | Dec 4, 2018 | In FreeBSD before 11.2-STABLE(r340854) and 11.2-RELEASE-p5, an integer overflow error when handling opcodes can cause memory corruption by sending a specially crafted NFSv4 request. Unprivileged remote users with access to the NFS server may be able to execute arbitrary code. | |||
| CVE-2014-3000 | 0.01 | — | 0.13 | May 2, 2014 | The TCP reassembly function in the inet module in FreeBSD 8.3 before p16, 8.4 before p9, 9.1 before p12, 9.2 before p5, and 10.0 before p2 allows remote attackers to cause a denial of service (undefined memory access and system crash) or possibly read system memory via multiple… | |||
| CVE-2011-2895 | 0.01 | — | 0.08 | Aug 19, 2011 | The LZW decompressor in (1) the BufCompressedFill function in fontfile/decompress.c in X.Org libXfont before 1.4.4 and (2) compress/compress.c in 4.3BSD, as used in zopen.c in OpenBSD before 3.8, FreeBSD, NetBSD 4.0.x and 5.0.x before 5.0.3 and 5.1.x before 5.1.1, FreeType… | |||
| CVE-2010-4755 | 0.01 | — | 0.08 | Mar 2, 2011 | The (1) remote_glob function in sftp-glob.c and the (2) process_put function in sftp.c in OpenSSH 5.8 and earlier, as used in FreeBSD 7.3 and 8.1, NetBSD 5.0.2, OpenBSD 4.7, and other products, allow remote authenticated users to cause a denial of service (CPU and memory… | |||
| CVE-2006-4304 | 0.01 | — | 0.11 | Aug 24, 2006 | Buffer overflow in the sppp driver in FreeBSD 4.11 through 6.1, NetBSD 2.0 through 4.0 beta before 20060823, and OpenBSD 3.8 and 3.9 before 20060902 allows remote attackers to cause a denial of service (panic), obtain sensitive information, and possibly execute arbitrary code… | |||
| CVE-2006-0381 | 0.01 | — | 0.06 | Jan 25, 2006 | A logic error in the IP fragment cache functionality in pf in FreeBSD 5.3, 5.4, and 6.0, and OpenBSD, when a 'scrub fragment crop' or 'scrub fragment drop-ovl' rule is being used, allows remote attackers to cause a denial of service (crash) via crafted packets that cause a… | |||
| CVE-2004-0081 | 0.01 | — | 0.07 | Nov 23, 2004 | OpenSSL 0.9.6 before 0.9.6d does not properly handle unknown message types, which allows remote attackers to cause a denial of service (infinite loop), as demonstrated using the Codenomicon TLS Test Tool. | |||
| CVE-2004-0112 | 0.01 | — | 0.10 | Nov 23, 2004 | The SSL/TLS handshaking code in OpenSSL 0.9.7a, 0.9.7b, and 0.9.7c, when using Kerberos ciphersuites, does not properly check the length of Kerberos tickets during a handshake, which allows remote attackers to cause a denial of service (crash) via a crafted SSL/TLS handshake… | |||
| CVE-2003-0028 | 0.01 | — | 0.15 | Mar 25, 2003 | Integer overflow in the xdrmem_getbytes() function, and possibly other functions, of XDR (external data representation) libraries derived from SunRPC, including libnsl, libc, glibc, and dietlibc, allows remote attackers to execute arbitrary code via certain integer values in… | |||
| CVE-2002-1221 | 0.01 | — | 0.08 | Nov 29, 2002 | BIND 8.x through 8.3.3 allows remote attackers to cause a denial of service (crash) via SIG RR elements with invalid expiry times, which are removed from the internal BIND database and later cause a null dereference. | |||
| CVE-2002-1219 | 0.01 | — | 0.12 | Nov 29, 2002 | Buffer overflow in named in BIND 4 versions 4.9.10 and earlier, and 8 versions 8.3.3 and earlier, allows remote attackers to execute arbitrary code via a certain DNS server response containing SIG resource records (RR). | |||
| CVE-2001-0670 | 0.01 | — | 0.07 | Oct 3, 2001 | Buffer overflow in BSD line printer daemon (in.lpd or lpd) in various BSD-based operating systems allows remote attackers to execute arbitrary code via an incomplete print job followed by a request to display the printer queue. | |||
| CVE-1999-0057 | 0.01 | — | 0.08 | Nov 16, 1998 | Vacation program allows command execution by remote users through a sendmail command. | |||
| CVE-1999-0074 | 0.01 | — | 0.08 | Jul 1, 1997 | Listening TCP ports are sequentially allocated, allowing spoofing attacks. | |||
| CVE-2026-3038 | 0.00 | — | 0.00 | Mar 9, 2026 | The rtsock_msg_buffer() function serializes routing information into a buffer. As a part of this, it copies sockaddr structures into a sockaddr_storage structure on the stack. It assumes that the source sockaddr length field had already been validated, but this is not… | |||
| CVE-2026-2261 | 0.00 | — | 0.00 | Mar 9, 2026 | Due to a programming error, blocklistd leaks a socket descriptor for each adverse event report it receives. Once a certain number of leaked sockets is reached, blocklistd becomes unable to run the helper script: a child process is forked, but this child dereferences a null… | |||
| CVE-2025-15576 | 0.00 | — | 0.00 | Mar 9, 2026 | If two sibling jails are restricted to separate filesystem trees, which is to say that neither of the two jail root directories is an ancestor of the other, jailed processes may nonetheless be able to access a shared directory via a nullfs mount, if the administrator has… |
- CVE-2020-7461Mar 26, 2021risk 0.01cvss —epss 0.04
In FreeBSD 12.1-STABLE before r365010, 11.4-STABLE before r365011, 12.1-RELEASE before p9, 11.4-RELEASE before p3, and 11.3-RELEASE before p13, dhclient(8) fails to handle certain malformed input related to handling of DHCP option 119 resulting a heap overflow. The heap overflow…
- CVE-2020-25578Mar 26, 2021risk 0.01cvss —epss 0.02
In FreeBSD 12.2-STABLE before r368969, 11.4-STABLE before r369047, 12.2-RELEASE before p3, 12.1-RELEASE before p13 and 11.4-RELEASE before p7 several file systems were not properly initializing the d_off field of the dirent structures returned by VOP_READDIR. In particular,…
- CVE-2019-5599Jul 2, 2019risk 0.01cvss —epss 0.05
In FreeBSD 12.0-STABLE before r349197 and 12.0-RELEASE before 12.0-RELEASE-p6, a bug in the non-default RACK TCP stack can allow an attacker to cause several linked lists to grow unbounded and cause an expensive list traversal on every packet being processed, leading to resource…
- CVE-2018-17157Dec 4, 2018risk 0.01cvss —epss 0.24
In FreeBSD before 11.2-STABLE(r340854) and 11.2-RELEASE-p5, an integer overflow error when handling opcodes can cause memory corruption by sending a specially crafted NFSv4 request. Unprivileged remote users with access to the NFS server may be able to execute arbitrary code.
- CVE-2014-3000May 2, 2014risk 0.01cvss —epss 0.13
The TCP reassembly function in the inet module in FreeBSD 8.3 before p16, 8.4 before p9, 9.1 before p12, 9.2 before p5, and 10.0 before p2 allows remote attackers to cause a denial of service (undefined memory access and system crash) or possibly read system memory via multiple…
- CVE-2011-2895Aug 19, 2011risk 0.01cvss —epss 0.08
The LZW decompressor in (1) the BufCompressedFill function in fontfile/decompress.c in X.Org libXfont before 1.4.4 and (2) compress/compress.c in 4.3BSD, as used in zopen.c in OpenBSD before 3.8, FreeBSD, NetBSD 4.0.x and 5.0.x before 5.0.3 and 5.1.x before 5.1.1, FreeType…
- CVE-2010-4755Mar 2, 2011risk 0.01cvss —epss 0.08
The (1) remote_glob function in sftp-glob.c and the (2) process_put function in sftp.c in OpenSSH 5.8 and earlier, as used in FreeBSD 7.3 and 8.1, NetBSD 5.0.2, OpenBSD 4.7, and other products, allow remote authenticated users to cause a denial of service (CPU and memory…
- CVE-2006-4304Aug 24, 2006risk 0.01cvss —epss 0.11
Buffer overflow in the sppp driver in FreeBSD 4.11 through 6.1, NetBSD 2.0 through 4.0 beta before 20060823, and OpenBSD 3.8 and 3.9 before 20060902 allows remote attackers to cause a denial of service (panic), obtain sensitive information, and possibly execute arbitrary code…
- CVE-2006-0381Jan 25, 2006risk 0.01cvss —epss 0.06
A logic error in the IP fragment cache functionality in pf in FreeBSD 5.3, 5.4, and 6.0, and OpenBSD, when a 'scrub fragment crop' or 'scrub fragment drop-ovl' rule is being used, allows remote attackers to cause a denial of service (crash) via crafted packets that cause a…
- CVE-2004-0081Nov 23, 2004risk 0.01cvss —epss 0.07
OpenSSL 0.9.6 before 0.9.6d does not properly handle unknown message types, which allows remote attackers to cause a denial of service (infinite loop), as demonstrated using the Codenomicon TLS Test Tool.
- CVE-2004-0112Nov 23, 2004risk 0.01cvss —epss 0.10
The SSL/TLS handshaking code in OpenSSL 0.9.7a, 0.9.7b, and 0.9.7c, when using Kerberos ciphersuites, does not properly check the length of Kerberos tickets during a handshake, which allows remote attackers to cause a denial of service (crash) via a crafted SSL/TLS handshake…
- CVE-2003-0028Mar 25, 2003risk 0.01cvss —epss 0.15
Integer overflow in the xdrmem_getbytes() function, and possibly other functions, of XDR (external data representation) libraries derived from SunRPC, including libnsl, libc, glibc, and dietlibc, allows remote attackers to execute arbitrary code via certain integer values in…
- CVE-2002-1221Nov 29, 2002risk 0.01cvss —epss 0.08
BIND 8.x through 8.3.3 allows remote attackers to cause a denial of service (crash) via SIG RR elements with invalid expiry times, which are removed from the internal BIND database and later cause a null dereference.
- CVE-2002-1219Nov 29, 2002risk 0.01cvss —epss 0.12
Buffer overflow in named in BIND 4 versions 4.9.10 and earlier, and 8 versions 8.3.3 and earlier, allows remote attackers to execute arbitrary code via a certain DNS server response containing SIG resource records (RR).
- CVE-2001-0670Oct 3, 2001risk 0.01cvss —epss 0.07
Buffer overflow in BSD line printer daemon (in.lpd or lpd) in various BSD-based operating systems allows remote attackers to execute arbitrary code via an incomplete print job followed by a request to display the printer queue.
- CVE-1999-0057Nov 16, 1998risk 0.01cvss —epss 0.08
Vacation program allows command execution by remote users through a sendmail command.
- CVE-1999-0074Jul 1, 1997risk 0.01cvss —epss 0.08
Listening TCP ports are sequentially allocated, allowing spoofing attacks.
- CVE-2026-3038Mar 9, 2026risk 0.00cvss —epss 0.00
The rtsock_msg_buffer() function serializes routing information into a buffer. As a part of this, it copies sockaddr structures into a sockaddr_storage structure on the stack. It assumes that the source sockaddr length field had already been validated, but this is not…
- CVE-2026-2261Mar 9, 2026risk 0.00cvss —epss 0.00
Due to a programming error, blocklistd leaks a socket descriptor for each adverse event report it receives. Once a certain number of leaked sockets is reached, blocklistd becomes unable to run the helper script: a child process is forked, but this child dereferences a null…
- CVE-2025-15576Mar 9, 2026risk 0.00cvss —epss 0.00
If two sibling jails are restricted to separate filesystem trees, which is to say that neither of the two jail root directories is an ancestor of the other, jailed processes may nonetheless be able to access a shared directory via a nullfs mount, if the administrator has…
Page 10 of 26