FreeBSD
by FreeBSD
Source repositories
CVEs (510)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2022-23084 | 0.00 | — | 0.00 | Feb 15, 2024 | The total size of the user-provided nmreq to nmreq_copyin() was first computed and then trusted during the copyin. This time-of-check to time-of-use bug could lead to kernel memory corruption. On systems configured to include netmap in their devfs_ruleset, a privileged process… | |||
| CVE-2024-25941 | 0.00 | — | 0.00 | Feb 15, 2024 | The jail(2) system call has not limited a visiblity of allocated TTYs (the kern.ttys sysctl). This gives rise to an information leak about processes outside the current jail. Attacker can get information about TTYs allocated on the host or in other jails. Effectively, the… | |||
| CVE-2024-25940 | 0.00 | — | 0.01 | Feb 15, 2024 | `bhyveload -h ` may be used to grant loader access to the directory tree on the host. Affected versions of bhyveload(8) do not make any attempt to restrict loader's access to , allowing the loader to read any file the host user has access… | |||
| CVE-2023-6660 | 0.00 | — | 0.01 | Dec 13, 2023 | When a program running on an affected system appends data to a file via an NFS client mount, the bug can cause the NFS client to fail to copy in the data to be written but proceed as though the copy operation had succeeded. This means that the data to be written is instead… | |||
| CVE-2023-6534 | 0.00 | — | 0.01 | Dec 13, 2023 | In versions of FreeBSD 14.0-RELEASE before 14-RELEASE-p2, FreeBSD 13.2-RELEASE before 13.2-RELEASE-p7 and FreeBSD 12.4-RELEASE before 12.4-RELEASE-p9, the pf(4) packet filter incorrectly validates TCP sequence numbers. This could allow a malicious actor to execute a… | |||
| CVE-2023-5978 | 0.00 | — | 0.01 | Nov 8, 2023 | In versions of FreeBSD 13-RELEASE before 13-RELEASE-p5, under certain circumstances the cap_net libcasper(3) service incorrectly validates that updated constraints are strictly subsets of the active constraints. When only a list of resolvable domain names was specified… | |||
| CVE-2023-5941 | 0.00 | — | 0.01 | Nov 8, 2023 | In versions of FreeBSD 12.4-RELEASE prior to 12.4-RELEASE-p7 and FreeBSD 13.2-RELEASE prior to 13.2-RELEASE-p5 the __sflush() stdio function in libc does not correctly update FILE objects' write space members for write-buffered streams when the write(2) system call returns an… | |||
| CVE-2023-5370 | 0.00 | — | 0.00 | Oct 4, 2023 | On CPU 0 the check for the SMCCC workaround is called before SMCCC support has been initialized. This resulted in no speculative execution workarounds being installed on CPU 0. | |||
| CVE-2023-5369 | 0.00 | — | 0.00 | Oct 4, 2023 | Before correction, the copy_file_range system call checked only for the CAP_READ and CAP_WRITE capabilities on the input and output file descriptors, respectively. Using an offset is logically equivalent to seeking, and the system call must additionally require the CAP_SEEK… | |||
| CVE-2023-5368 | 0.00 | — | 0.01 | Oct 4, 2023 | On an msdosfs filesystem, the 'truncate' or 'ftruncate' system calls under certain circumstances populate the additional space in the file with unallocated data from the underlying disk device, rather than zero bytes. This may permit a user with write access to files on a… | |||
| CVE-2023-4809 | 0.00 | — | 0.01 | Sep 6, 2023 | In pf packet processing with a 'scrub fragment reassemble' rule, a packet containing multiple IPv6 fragment headers would be reassembled, and then immediately processed. That is, a packet with multiple fragment extension headers would not be recognized as the correct ultimate… | |||
| CVE-2023-3494 | 0.00 | — | 0.00 | Aug 1, 2023 | The fwctl driver implements a state machine which is executed when a bhyve guest accesses certain x86 I/O ports. The interface lets the guest copy a string into a buffer resident in the bhyve process' memory. A bug in the state machine implementation can result in a buffer… | |||
| CVE-2023-3107 | 0.00 | — | 0.01 | Aug 1, 2023 | A set of carefully crafted ipv6 packets can trigger an integer overflow in the calculation of a fragment reassembled packet's payload length field. This allows an attacker to trigger a kernel panic, resulting in a denial of service. | |||
| CVE-2023-3326 | 0.00 | — | 0.01 | Jun 22, 2023 | pam_krb5 authenticates a user by essentially running kinit with the password, getting a ticket-granting ticket (tgt) from the Kerberos KDC (Key Distribution Center) over the network, as a way to verify the password. However, if a keytab is not provisioned on the system, pam_krb5… | |||
| CVE-2023-0751 | 0.00 | — | 0.01 | Feb 8, 2023 | When GELI reads a key file from standard input, it does not reuse the key file to initialize multiple providers at once resulting in the second and subsequent devices silently using a NULL key as the user key file. If a user only uses a key file without a user passphrase, the… | |||
| CVE-2022-32264 | 0.00 | — | 0.01 | Sep 6, 2022 | sys/netinet/tcp_timer.h in FreeBSD before 7.0 contains a denial-of-service (DoS) vulnerability due to improper handling of TSopt on TCP connections. NOTE: This vulnerability only affects products that are no longer supported by the maintainer | |||
| CVE-2021-29632 | 0.00 | — | 0.01 | Jan 18, 2022 | In FreeBSD 13.0-STABLE before n247428-9352de39c3dc, 12.2-STABLE before r370674, 13.0-RELEASE before p6, and 12.2-RELEASE before p12, certain conditions involving use of the highlight buffer while text is scrolling on the console, console data may overwrite data structures… | |||
| CVE-2010-4816 | 0.00 | — | 0.02 | Jun 22, 2021 | It was found in FreeBSD 8.0, 6.3 and 4.9, and OpenBSD 4.6 that a null pointer dereference in ftpd/popen.c may lead to remote denial of service of the ftpd service. | |||
| CVE-2020-7469 | 0.00 | — | 0.01 | Jun 4, 2021 | In FreeBSD 12.2-STABLE before r367402, 11.4-STABLE before r368202, 12.2-RELEASE before p1, 12.1-RELEASE before p11 and 11.4-RELEASE before p5 the handler for a routing option caches a pointer into the packet buffer holding the ICMPv6 message. However, when processing subsequent… | |||
| CVE-2021-29629 | 0.00 | — | 0.01 | May 28, 2021 | In FreeBSD 13.0-STABLE before n245765-bec0d2c9c841, 12.2-STABLE before r369859, 11.4-STABLE before r369866, 13.0-RELEASE before p1, 12.2-RELEASE before p7, and 11.4-RELEASE before p10, missing message validation in libradius(3) could allow malicious clients or servers to trigger… |
- CVE-2022-23084Feb 15, 2024risk 0.00cvss —epss 0.00
The total size of the user-provided nmreq to nmreq_copyin() was first computed and then trusted during the copyin. This time-of-check to time-of-use bug could lead to kernel memory corruption. On systems configured to include netmap in their devfs_ruleset, a privileged process…
- CVE-2024-25941Feb 15, 2024risk 0.00cvss —epss 0.00
The jail(2) system call has not limited a visiblity of allocated TTYs (the kern.ttys sysctl). This gives rise to an information leak about processes outside the current jail. Attacker can get information about TTYs allocated on the host or in other jails. Effectively, the…
- CVE-2024-25940Feb 15, 2024risk 0.00cvss —epss 0.01
`bhyveload -h ` may be used to grant loader access to the directory tree on the host. Affected versions of bhyveload(8) do not make any attempt to restrict loader's access to , allowing the loader to read any file the host user has access…
- CVE-2023-6660Dec 13, 2023risk 0.00cvss —epss 0.01
When a program running on an affected system appends data to a file via an NFS client mount, the bug can cause the NFS client to fail to copy in the data to be written but proceed as though the copy operation had succeeded. This means that the data to be written is instead…
- CVE-2023-6534Dec 13, 2023risk 0.00cvss —epss 0.01
In versions of FreeBSD 14.0-RELEASE before 14-RELEASE-p2, FreeBSD 13.2-RELEASE before 13.2-RELEASE-p7 and FreeBSD 12.4-RELEASE before 12.4-RELEASE-p9, the pf(4) packet filter incorrectly validates TCP sequence numbers. This could allow a malicious actor to execute a…
- CVE-2023-5978Nov 8, 2023risk 0.00cvss —epss 0.01
In versions of FreeBSD 13-RELEASE before 13-RELEASE-p5, under certain circumstances the cap_net libcasper(3) service incorrectly validates that updated constraints are strictly subsets of the active constraints. When only a list of resolvable domain names was specified…
- CVE-2023-5941Nov 8, 2023risk 0.00cvss —epss 0.01
In versions of FreeBSD 12.4-RELEASE prior to 12.4-RELEASE-p7 and FreeBSD 13.2-RELEASE prior to 13.2-RELEASE-p5 the __sflush() stdio function in libc does not correctly update FILE objects' write space members for write-buffered streams when the write(2) system call returns an…
- CVE-2023-5370Oct 4, 2023risk 0.00cvss —epss 0.00
On CPU 0 the check for the SMCCC workaround is called before SMCCC support has been initialized. This resulted in no speculative execution workarounds being installed on CPU 0.
- CVE-2023-5369Oct 4, 2023risk 0.00cvss —epss 0.00
Before correction, the copy_file_range system call checked only for the CAP_READ and CAP_WRITE capabilities on the input and output file descriptors, respectively. Using an offset is logically equivalent to seeking, and the system call must additionally require the CAP_SEEK…
- CVE-2023-5368Oct 4, 2023risk 0.00cvss —epss 0.01
On an msdosfs filesystem, the 'truncate' or 'ftruncate' system calls under certain circumstances populate the additional space in the file with unallocated data from the underlying disk device, rather than zero bytes. This may permit a user with write access to files on a…
- CVE-2023-4809Sep 6, 2023risk 0.00cvss —epss 0.01
In pf packet processing with a 'scrub fragment reassemble' rule, a packet containing multiple IPv6 fragment headers would be reassembled, and then immediately processed. That is, a packet with multiple fragment extension headers would not be recognized as the correct ultimate…
- CVE-2023-3494Aug 1, 2023risk 0.00cvss —epss 0.00
The fwctl driver implements a state machine which is executed when a bhyve guest accesses certain x86 I/O ports. The interface lets the guest copy a string into a buffer resident in the bhyve process' memory. A bug in the state machine implementation can result in a buffer…
- CVE-2023-3107Aug 1, 2023risk 0.00cvss —epss 0.01
A set of carefully crafted ipv6 packets can trigger an integer overflow in the calculation of a fragment reassembled packet's payload length field. This allows an attacker to trigger a kernel panic, resulting in a denial of service.
- CVE-2023-3326Jun 22, 2023risk 0.00cvss —epss 0.01
pam_krb5 authenticates a user by essentially running kinit with the password, getting a ticket-granting ticket (tgt) from the Kerberos KDC (Key Distribution Center) over the network, as a way to verify the password. However, if a keytab is not provisioned on the system, pam_krb5…
- CVE-2023-0751Feb 8, 2023risk 0.00cvss —epss 0.01
When GELI reads a key file from standard input, it does not reuse the key file to initialize multiple providers at once resulting in the second and subsequent devices silently using a NULL key as the user key file. If a user only uses a key file without a user passphrase, the…
- CVE-2022-32264Sep 6, 2022risk 0.00cvss —epss 0.01
sys/netinet/tcp_timer.h in FreeBSD before 7.0 contains a denial-of-service (DoS) vulnerability due to improper handling of TSopt on TCP connections. NOTE: This vulnerability only affects products that are no longer supported by the maintainer
- CVE-2021-29632Jan 18, 2022risk 0.00cvss —epss 0.01
In FreeBSD 13.0-STABLE before n247428-9352de39c3dc, 12.2-STABLE before r370674, 13.0-RELEASE before p6, and 12.2-RELEASE before p12, certain conditions involving use of the highlight buffer while text is scrolling on the console, console data may overwrite data structures…
- CVE-2010-4816Jun 22, 2021risk 0.00cvss —epss 0.02
It was found in FreeBSD 8.0, 6.3 and 4.9, and OpenBSD 4.6 that a null pointer dereference in ftpd/popen.c may lead to remote denial of service of the ftpd service.
- CVE-2020-7469Jun 4, 2021risk 0.00cvss —epss 0.01
In FreeBSD 12.2-STABLE before r367402, 11.4-STABLE before r368202, 12.2-RELEASE before p1, 12.1-RELEASE before p11 and 11.4-RELEASE before p5 the handler for a routing option caches a pointer into the packet buffer holding the ICMPv6 message. However, when processing subsequent…
- CVE-2021-29629May 28, 2021risk 0.00cvss —epss 0.01
In FreeBSD 13.0-STABLE before n245765-bec0d2c9c841, 12.2-STABLE before r369859, 11.4-STABLE before r369866, 13.0-RELEASE before p1, 12.2-RELEASE before p7, and 11.4-RELEASE before p10, missing message validation in libradius(3) could allow malicious clients or servers to trigger…
Page 12 of 26