Filtered by vendor Freebsd
Subscriptions
Total
543 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2019-5597 | 1 Freebsd | 1 Freebsd | 2024-08-04 | N/A |
| In FreeBSD 11.3-PRERELEASE and 12.0-STABLE before r347591, 11.2-RELEASE before 11.2-RELEASE-p10, and 12.0-RELEASE before 12.0-RELEASE-p4, a bug in the pf IPv6 fragment reassembly logic incorrectly uses the last extension header offset from the last received packet instead of the first packet allowing maliciously crafted IPv6 packets to cause a crash or potentially bypass the packet filter. | ||||
| CVE-2019-5598 | 1 Freebsd | 1 Freebsd | 2024-08-04 | N/A |
| In FreeBSD 11.3-PRERELEASE before r345378, 12.0-STABLE before r345377, 11.2-RELEASE before 11.2-RELEASE-p10, and 12.0-RELEASE before 12.0-RELEASE-p4, a bug in pf does not check if the outer ICMP or ICMP6 packet has the same destination IP as the source IP of the inner protocol packet allowing a maliciously crafted ICMP/ICMP6 packet could bypass the packet filter rules and be passed to a host that would otherwise be unavailable. | ||||
| CVE-2020-25581 | 1 Freebsd | 1 Freebsd | 2024-08-04 | 7.5 High |
| In FreeBSD 12.2-STABLE before r369312, 11.4-STABLE before r369313, 12.2-RELEASE before p4 and 11.4-RELEASE before p8 due to a race condition in the jail_remove(2) implementation, it may fail to kill some of the processes. | ||||
| CVE-2020-25582 | 1 Freebsd | 1 Freebsd | 2024-08-04 | 8.7 High |
| In FreeBSD 12.2-STABLE before r369334, 11.4-STABLE before r369335, 12.2-RELEASE before p4 and 11.4-RELEASE before p8 when a process, such as jexec(8) or killall(1), calls jail_attach(2) to enter a jail, the jailed root can attach to it using ptrace(2) before the current working directory is changed. | ||||
| CVE-2020-25583 | 1 Freebsd | 1 Freebsd | 2024-08-04 | 9.8 Critical |
| In FreeBSD 12.2-STABLE before r368250, 11.4-STABLE before r368253, 12.2-RELEASE before p1, 12.1-RELEASE before p11 and 11.4-RELEASE before p5 when processing a DNSSL option, rtsold(8) decodes domain name labels per an encoding specified in RFC 1035 in which the first octet of each label contains the label's length. rtsold(8) did not validate label lengths correctly and could overflow the destination buffer. | ||||
| CVE-2020-25577 | 1 Freebsd | 1 Freebsd | 2024-08-04 | 9.8 Critical |
| In FreeBSD 12.2-STABLE before r368250, 11.4-STABLE before r368253, 12.2-RELEASE before p1, 12.1-RELEASE before p11 and 11.4-RELEASE before p5 rtsold(8) does not verify that the RDNSS option does not extend past the end of the received packet before processing its contents. While the kernel currently ignores such malformed packets, it passes them to userspace programs. Any programs expecting the kernel to do validation may be vulnerable to an overflow. | ||||
| CVE-2020-25584 | 1 Freebsd | 1 Freebsd | 2024-08-04 | 7.5 High |
| In FreeBSD 13.0-STABLE before n245118, 12.2-STABLE before r369552, 11.4-STABLE before r369560, 13.0-RC5 before p1, 12.2-RELEASE before p6, and 11.4-RELEASE before p9, a superuser inside a FreeBSD jail configured with the non-default allow.mount permission could cause a race condition between the lookup of ".." and remounting a filesystem, allowing access to filesystem hierarchy outside of the jail. | ||||
| CVE-2020-25578 | 1 Freebsd | 1 Freebsd | 2024-08-04 | 5.3 Medium |
| In FreeBSD 12.2-STABLE before r368969, 11.4-STABLE before r369047, 12.2-RELEASE before p3, 12.1-RELEASE before p13 and 11.4-RELEASE before p7 several file systems were not properly initializing the d_off field of the dirent structures returned by VOP_READDIR. In particular, tmpfs(5), smbfs(5), autofs(5) and mqueuefs(5) were failing to do so. As a result, eight uninitialized kernel stack bytes may be leaked to userspace by these file systems. | ||||
| CVE-2020-25580 | 1 Freebsd | 1 Freebsd | 2024-08-04 | 5.3 Medium |
| In FreeBSD 12.2-STABLE before r369346, 11.4-STABLE before r369345, 12.2-RELEASE before p4 and 11.4-RELEASE before p8 a regression in the login.access(5) rule processor has the effect of causing rules to fail to match even when they should not. This means that rules denying access may be ignored. | ||||
| CVE-2020-25579 | 1 Freebsd | 1 Freebsd | 2024-08-04 | 5.3 Medium |
| In FreeBSD 12.2-STABLE before r368969, 11.4-STABLE before r369047, 12.2-RELEASE before p3, 12.1-RELEASE before p13 and 11.4-RELEASE before p7 msdosfs(5) was failing to zero-fill a pair of padding fields in the dirent structure, resulting in a leak of three uninitialized bytes. | ||||
| CVE-2020-24863 | 2 Freebsd, Midnightbsd | 2 Freebsd, Midnightbsd | 2024-08-04 | 5.5 Medium |
| A memory corruption vulnerability was found in the kernel function kern_getfsstat in MidnightBSD before 1.2.7 and 1.3 through 2020-08-19, and FreeBSD through 11.4, that allows an attacker to trigger an invalid free and crash the system via a crafted size value in conjunction with an invalid mode. | ||||
| CVE-2020-24716 | 2 Freebsd, Openzfs | 2 Freebsd, Openzfs | 2024-08-04 | 7.8 High |
| OpenZFS before 2.0.0-rc1, when used on FreeBSD, allows execute permissions for all directories. | ||||
| CVE-2020-24718 | 4 Freebsd, Netapp, Omniosce and 1 more | 4 Freebsd, Clustered Data Ontap, Omnios and 1 more | 2024-08-04 | 8.2 High |
| bhyve, as used in FreeBSD through 12.1 and illumos (e.g., OmniOS CE through r151034 and OpenIndiana through Hipster 2020.04), does not properly restrict VMCS and VMCB read/write operations, as demonstrated by a root user in a container on an Intel system, who can gain privileges by modifying VMCS_HOST_RIP. | ||||
| CVE-2020-24717 | 2 Freebsd, Openzfs | 2 Freebsd, Openzfs | 2024-08-04 | 7.8 High |
| OpenZFS before 2.0.0-rc1, when used on FreeBSD, misinterprets group permissions as user permissions, as demonstrated by mode 0770 being equivalent to mode 0777. | ||||
| CVE-2020-24385 | 2 Freebsd, Midnightbsd | 2 Freebsd, Midnightbsd | 2024-08-04 | 5.5 Medium |
| In MidnightBSD before 1.2.6 and 1.3 before August 2020, and FreeBSD before 7, a NULL pointer dereference was found in the Linux emulation layer that allows attackers to crash the running kernel. During binary interaction, td->td_emuldata in sys/compat/linux/linux_emul.h is not getting initialized and returns NULL from em_find(). | ||||
| CVE-2020-13434 | 8 Apple, Canonical, Debian and 5 more | 16 Icloud, Ipados, Iphone Os and 13 more | 2024-08-04 | 5.5 Medium |
| SQLite through 3.32.0 has an integer overflow in sqlite3_str_vappendf in printf.c. | ||||
| CVE-2020-13160 | 3 Anydesk, Freebsd, Linux | 3 Anydesk, Freebsd, Linux Kernel | 2024-08-04 | 9.8 Critical |
| AnyDesk before 5.5.3 on Linux and FreeBSD has a format string vulnerability that can be exploited for remote code execution. | ||||
| CVE-2020-10566 | 1 Freebsd | 1 Freebsd | 2024-08-04 | 7.8 High |
| grub2-bhyve, as used in FreeBSD bhyve before revision 525916 2020-02-12, mishandles font loading by a guest through a grub2.cfg file, leading to a buffer overflow. | ||||
| CVE-2020-10565 | 1 Freebsd | 1 Freebsd | 2024-08-04 | 7.8 High |
| grub2-bhyve, as used in FreeBSD bhyve before revision 525916 2020-02-12, does not validate the address provided as part of a memrw command (read_* or write_*) by a guest through a grub2.cfg file. This allows an untrusted guest to perform arbitrary read or write operations in the context of the grub-bhyve process, resulting in code execution as root on the host OS. | ||||
| CVE-2020-7467 | 1 Freebsd | 1 Freebsd | 2024-08-04 | 7.6 High |
| In FreeBSD 12.2-STABLE before r365767, 11.4-STABLE before r365769, 12.1-RELEASE before p10, 11.4-RELEASE before p4 and 11.3-RELEASE before p14 a number of AMD virtualization instructions operate on host physical addresses, are not subject to nested page table translation, and guest use of these instructions was not trapped. | ||||