Filtered by vendor Freebsd
Subscriptions
Filtered by product Freebsd
Subscriptions
Total
528 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2024-45289 | 1 Freebsd | 1 Freebsd | 2024-11-13 | 7.5 High |
The fetch(3) library uses environment variables for passing certain information, including the revocation file pathname. The environment variable name used by fetch(1) to pass the filename to the library was incorrect, in effect ignoring the option. Fetch would still connect to a host presenting a certificate included in the revocation file passed to the --crl option. | ||||
CVE-2024-6760 | 1 Freebsd | 1 Freebsd | 2024-10-29 | 7.5 High |
A logic bug in the code which disables kernel tracing for setuid programs meant that tracing was not disabled when it should have, allowing unprivileged users to trace and inspect the behavior of setuid programs. The bug may be used by an unprivileged user to read the contents of files to which they would not otherwise have access, such as the local password database. | ||||
CVE-1999-0022 | 6 Bsdi, Freebsd, Hp and 3 more | 7 Bsd Os, Freebsd, Hp-ux and 4 more | 2024-10-29 | 7.8 High |
Local user gains root privileges via buffer overflow in rdist, via expstr() function. | ||||
CVE-2023-3107 | 2 Freebsd, Netapp | 2 Freebsd, Clustered Data Ontap | 2024-10-22 | 7.5 High |
A set of carefully crafted ipv6 packets can trigger an integer overflow in the calculation of a fragment reassembled packet's payload length field. This allows an attacker to trigger a kernel panic, resulting in a denial of service. | ||||
CVE-2023-3494 | 1 Freebsd | 1 Freebsd | 2024-10-21 | 8.8 High |
The fwctl driver implements a state machine which is executed when a bhyve guest accesses certain x86 I/O ports. The interface lets the guest copy a string into a buffer resident in the bhyve process' memory. A bug in the state machine implementation can result in a buffer overflowing when copying this string. Malicious, privileged software running in a guest VM can exploit the buffer overflow to achieve code execution on the host in the bhyve userspace process, which typically runs as root, mitigated by the capabilities assigned through the Capsicum sandbox available to the bhyve process. | ||||
CVE-2007-3798 | 7 Apple, Canonical, Debian and 4 more | 8 Mac Os X, Mac Os X Server, Ubuntu Linux and 5 more | 2024-10-15 | 9.8 Critical |
Integer overflow in print-bgp.c in the BGP dissector in tcpdump 3.9.6 and earlier allows remote attackers to execute arbitrary code via crafted TLVs in a BGP packet, related to an unchecked return value. | ||||
CVE-2023-49298 | 2 Freebsd, Openzfs | 2 Freebsd, Openzfs | 2024-10-11 | 7.5 High |
OpenZFS through 2.1.13 and 2.2.x through 2.2.1, in certain scenarios involving applications that try to rely on efficient copying of file data, can replace file contents with zero-valued bytes and thus potentially disable security mechanisms. NOTE: this issue is not always security related, but can be security related in realistic situations. A possible example is cp, from a recent GNU Core Utilities (coreutils) version, when attempting to preserve a rule set for denying unauthorized access. (One might use cp when configuring access control, such as with the /etc/hosts.deny file specified in the IBM Support reference.) NOTE: this issue occurs less often in version 2.2.1, and in versions before 2.1.4, because of the default configuration in those versions. | ||||
CVE-2024-45287 | 1 Freebsd | 1 Freebsd | 2024-09-26 | 9.1 Critical |
A malicious value of size in a structure of packed libnv can cause an integer overflow, leading to the allocation of a smaller buffer than required for the parsed data. | ||||
CVE-2024-41721 | 1 Freebsd | 1 Freebsd | 2024-09-26 | 8.1 High |
An insufficient boundary validation in the USB code could lead to an out-of-bounds read on the heap, which could potentially lead to an arbitrary write and remote code execution. | ||||
CVE-2024-45288 | 1 Freebsd | 1 Freebsd | 2024-09-20 | 8.4 High |
A missing null-termination character in the last element of an nvlist array string can lead to writing outside the allocated buffer. | ||||
CVE-2024-41928 | 1 Freebsd | 1 Freebsd | 2024-09-20 | 8.4 High |
Malicious software running in a guest VM can exploit the buffer overflow to achieve code execution on the host in the bhyve userspace process, which typically runs as root. Note that bhyve runs in a Capsicum sandbox, so malicious code is constrained by the capabilities available to the bhyve process. | ||||
CVE-2024-32668 | 1 Freebsd | 1 Freebsd | 2024-09-20 | 8.2 High |
An insufficient boundary validation in the USB code could lead to an out-of-bounds write on the heap, with data controlled by the caller. A malicious, privileged software running in a guest VM can exploit the vulnerability to achieve code execution on the host in the bhyve userspace process, which typically runs as root. Note that bhyve runs in a Capsicum sandbox, so malicious code is constrained by the capabilities available to the bhyve process. | ||||
CVE-2023-5369 | 1 Freebsd | 1 Freebsd | 2024-09-20 | 7.1 High |
Before correction, the copy_file_range system call checked only for the CAP_READ and CAP_WRITE capabilities on the input and output file descriptors, respectively. Using an offset is logically equivalent to seeking, and the system call must additionally require the CAP_SEEK capability. This incorrect privilege check enabled sandboxed processes with only read or write but no seek capability on a file descriptor to read data from or write data to an arbitrary location within the file corresponding to that file descriptor. | ||||
CVE-2023-5370 | 1 Freebsd | 1 Freebsd | 2024-09-19 | 5.5 Medium |
On CPU 0 the check for the SMCCC workaround is called before SMCCC support has been initialized. This resulted in no speculative execution workarounds being installed on CPU 0. | ||||
CVE-2009-3527 | 1 Freebsd | 1 Freebsd | 2024-09-17 | N/A |
Race condition in the Pipe (IPC) close function in FreeBSD 6.3 and 6.4 allows local users to cause a denial of service (crash) or gain privileges via vectors related to kqueues, which triggers a use after free, leading to a NULL pointer dereference or memory corruption. | ||||
CVE-2016-9042 | 4 Freebsd, Hpe, Ntp and 1 more | 5 Freebsd, Hpux-ntp, Ntp and 2 more | 2024-09-17 | 5.9 Medium |
An exploitable denial of service vulnerability exists in the origin timestamp check functionality of ntpd 4.2.8p9. A specially crafted unauthenticated network packet can be used to reset the expected origin timestamp for target peers. Legitimate replies from targeted peers will fail the origin timestamp check (TEST2) causing the reply to be dropped and creating a denial of service condition. | ||||
CVE-2021-3449 | 13 Checkpoint, Debian, Fedoraproject and 10 more | 172 Multi-domain Management, Multi-domain Management Firmware, Quantum Security Gateway and 169 more | 2024-09-17 | 5.9 Medium |
An OpenSSL TLS server may crash if sent a maliciously crafted renegotiation ClientHello message from a client. If a TLSv1.2 renegotiation ClientHello omits the signature_algorithms extension (where it was present in the initial ClientHello), but includes a signature_algorithms_cert extension then a NULL pointer dereference will result, leading to a crash and a denial of service attack. A server is only vulnerable if it has TLSv1.2 and renegotiation enabled (which is the default configuration). OpenSSL TLS clients are not impacted by this issue. All OpenSSL 1.1.1 versions are affected by this issue. Users of these versions should upgrade to OpenSSL 1.1.1k. OpenSSL 1.0.2 is not impacted by this issue. Fixed in OpenSSL 1.1.1k (Affected 1.1.1-1.1.1j). | ||||
CVE-2018-6253 | 5 Freebsd, Linux, Microsoft and 2 more | 5 Freebsd, Linux Kernel, Windows and 2 more | 2024-09-17 | N/A |
NVIDIA GPU Display Driver contains a vulnerability in the DirectX and OpenGL Usermode drivers where a specially crafted pixel shader can cause infinite recursion leading to denial of service. | ||||
CVE-2020-1967 | 10 Broadcom, Debian, Fedoraproject and 7 more | 26 Fabric Operating System, Debian Linux, Fedora and 23 more | 2024-09-17 | 7.5 High |
Server or client applications that call the SSL_check_chain() function during or after a TLS 1.3 handshake may crash due to a NULL pointer dereference as a result of incorrect handling of the "signature_algorithms_cert" TLS extension. The crash occurs if an invalid or unrecognised signature algorithm is received from the peer. This could be exploited by a malicious peer in a Denial of Service attack. OpenSSL version 1.1.1d, 1.1.1e, and 1.1.1f are affected by this issue. This issue did not affect OpenSSL versions prior to 1.1.1d. Fixed in OpenSSL 1.1.1g (Affected 1.1.1d-1.1.1f). | ||||
CVE-2002-1915 | 3 Freebsd, Netbsd, Openbsd | 3 Freebsd, Netbsd, Openbsd | 2024-09-17 | 5.5 Medium |
tip on multiple BSD-based operating systems allows local users to cause a denial of service (execution prevention) by using flock() to lock the /var/log/acculog file. |