Filtered by vendor Freebsd
Subscriptions
Filtered by product Freebsd
Subscriptions
Total
526 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2024-32668 | 1 Freebsd | 1 Freebsd | 2024-09-05 | 8.2 High |
An insufficient boundary validation in the USB code could lead to an out-of-bounds write on the heap, with data controlled by the caller. A malicious, privileged software running in a guest VM can exploit the vulnerability to achieve code execution on the host in the bhyve userspace process, which typically runs as root. Note that bhyve runs in a Capsicum sandbox, so malicious code is constrained by the capabilities available to the bhyve process. | ||||
CVE-2024-42416 | 1 Freebsd | 1 Freebsd | 2024-09-05 | 8.4 High |
The ctl_report_supported_opcodes function did not sufficiently validate a field provided by userspace, allowing an arbitrary write to a limited amount of kernel help memory. Malicious software running in a guest VM that exposes virtio_scsi can exploit the vulnerabilities to achieve code execution on the host in the bhyve userspace process, which typically runs as root. Note that bhyve runs in a Capsicum sandbox, so malicious code is constrained by the capabilities available to the bhyve process. A malicious iSCSI initiator could achieve remote code execution on the iSCSI target host. | ||||
CVE-2024-43110 | 1 Freebsd | 1 Freebsd | 2024-09-05 | 8.4 High |
The ctl_request_sense function could expose up to three bytes of the kernel heap to userspace. Malicious software running in a guest VM that exposes virtio_scsi can exploit the vulnerabilities to achieve code execution on the host in the bhyve userspace process, which typically runs as root. Note that bhyve runs in a Capsicum sandbox, so malicious code is constrained by the capabilities available to the bhyve process. A malicious iSCSI initiator could achieve remote code execution on the iSCSI target host. | ||||
CVE-2024-45288 | 1 Freebsd | 1 Freebsd | 2024-09-05 | 8.4 High |
A missing null-termination character in the last element of an nvlist array string can lead to writing outside the allocated buffer. | ||||
CVE-2024-7589 | 1 Freebsd | 1 Freebsd | 2024-08-16 | 8.1 High |
A signal handler in sshd(8) may call a logging function that is not async-signal-safe. The signal handler is invoked when a client does not authenticate within the LoginGraceTime seconds (120 by default). This signal handler executes in the context of the sshd(8)'s privileged code, which is not sandboxed and runs with full root privileges. This issue is another instance of the problem in CVE-2024-6387 addressed by FreeBSD-SA-24:04.openssh. The faulty code in this case is from the integration of blacklistd in OpenSSH in FreeBSD. As a result of calling functions that are not async-signal-safe in the privileged sshd(8) context, a race condition exists that a determined attacker may be able to exploit to allow an unauthenticated remote code execution as root. | ||||
CVE-2024-6760 | 1 Freebsd | 1 Freebsd | 2024-08-16 | 7.5 High |
A logic bug in the code which disables kernel tracing for setuid programs meant that tracing was not disabled when it should have, allowing unprivileged users to trace and inspect the behavior of setuid programs. The bug may be used by an unprivileged user to read the contents of files to which they would not otherwise have access, such as the local password database. | ||||
CVE-2024-6759 | 1 Freebsd | 1 Freebsd | 2024-08-16 | 5.3 Medium |
When mounting a remote filesystem using NFS, the kernel did not sanitize remotely provided filenames for the path separator character, "/". This allows readdir(3) and related functions to return filesystem entries with names containing additional path components. The lack of validation described above gives rise to a confused deputy problem. For example, a program copying files from an NFS mount could be tricked into copying from outside the intended source directory, and/or to a location outside the intended destination directory. | ||||
CVE-2000-1167 | 1 Freebsd | 1 Freebsd | 2024-08-08 | N/A |
ppp utility in FreeBSD 4.1.1 and earlier does not properly restrict access as specified by the "nat deny_incoming" command, which allows remote attackers to connect to the target system. | ||||
CVE-2000-1184 | 1 Freebsd | 1 Freebsd | 2024-08-08 | N/A |
telnetd in FreeBSD 4.2 and earlier, and possibly other operating systems, allows remote attackers to cause a denial of service by specifying an arbitrary large file in the TERMCAP environmental variable, which consumes resources as the server processes the file. | ||||
CVE-2000-1066 | 1 Freebsd | 1 Freebsd | 2024-08-08 | N/A |
The getnameinfo function in FreeBSD 4.1.1 and earlier, and possibly other operating systems, allows a remote attacker to cause a denial of service via a long DNS hostname. | ||||
CVE-2000-0993 | 3 Freebsd, Netbsd, Openbsd | 3 Freebsd, Netbsd, Openbsd | 2024-08-08 | N/A |
Format string vulnerability in pw_error function in BSD libutil library allows local users to gain root privileges via a malformed password in commands such as chpass or passwd. | ||||
CVE-2000-1012 | 1 Freebsd | 1 Freebsd | 2024-08-08 | N/A |
The catopen function in FreeBSD 5.0 and earlier, and possibly other OSes, allows local users to read arbitrary files via the LANG environmental variable. | ||||
CVE-2000-1011 | 1 Freebsd | 1 Freebsd | 2024-08-08 | N/A |
Buffer overflow in catopen() function in FreeBSD 5.0 and earlier, and possibly other OSes, allows local users to gain root privileges via a long environmental variable. | ||||
CVE-2000-0998 | 1 Freebsd | 1 Freebsd | 2024-08-08 | N/A |
Format string vulnerability in top program allows local attackers to gain root privileges via the "kill" or "renice" function. | ||||
CVE-2000-1013 | 1 Freebsd | 1 Freebsd | 2024-08-08 | N/A |
The setlocale function in FreeBSD 5.0 and earlier, and possibly other OSes, allows local users to read arbitrary files via the LANG environmental variable. | ||||
CVE-2000-0915 | 1 Freebsd | 1 Freebsd | 2024-08-08 | N/A |
fingerd in FreeBSD 4.1.1 allows remote attackers to read arbitrary files by specifying the target file name instead of a regular user name. | ||||
CVE-2000-0890 | 1 Freebsd | 1 Freebsd | 2024-08-08 | N/A |
periodic in FreeBSD 4.1.1 and earlier, and possibly other operating systems, allows local users to overwrite arbitrary files via a symlink attack. | ||||
CVE-2000-0963 | 4 Freebsd, Gnu, Immunix and 1 more | 4 Freebsd, Ncurses, Immunix and 1 more | 2024-08-08 | N/A |
Buffer overflow in ncurses library allows local users to execute arbitrary commands via long environmental information such as TERM or TERMINFO_DIRS. | ||||
CVE-2000-0916 | 1 Freebsd | 1 Freebsd | 2024-08-08 | N/A |
FreeBSD 4.1.1 and earlier, and possibly other BSD-based OSes, uses an insufficient random number generator to generate initial TCP sequence numbers (ISN), which allows remote attackers to spoof TCP connections. | ||||
CVE-2000-0852 | 1 Freebsd | 1 Freebsd | 2024-08-08 | N/A |
Multiple buffer overflows in eject on FreeBSD and possibly other OSes allows local users to gain root privileges. |