Freebsd

Freebsd

503 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
8.1

CVE-2017-15037

  • EPSS 0.36%
  • Veröffentlicht 05.10.2017 07:29:00
  • Zuletzt bearbeitet 20.04.2025 01:37:25

In FreeBSD through 11.1, the smb_strdupin function in sys/netsmb/smb_subr.c has a race condition with a resultant out-of-bounds read, because it can cause t2p->t_name strings to lack a final '\0' character.

7.5

CVE-2015-1417

  • EPSS 1.4%
  • Veröffentlicht 25.07.2017 18:29:00
  • Zuletzt bearbeitet 20.04.2025 01:37:25

The inet module in FreeBSD 10.2x before 10.2-PRERELEASE, 10.2-BETA2-p2, 10.2-RC1-p1, 10.1x before 10.1-RELEASE-p16, 9.x before 9.3-STABLE, 9.3-RELEASE-p21, and 8.x before 8.4-STABLE, 8.4-RELEASE-p35 on systems with VNET enabled and at least 16 VNET i...

8.1

CVE-2017-11103

  • EPSS 5.77%
  • Veröffentlicht 13.07.2017 13:29:00
  • Zuletzt bearbeitet 20.04.2025 01:37:25

Heimdal before 7.4 allows remote attackers to impersonate services with Orpheus' Lyre attacks because it obtains service-principal names in a way that violates the Kerberos 5 protocol specification. In _krb5_extract_ticket() the KDC-REP service name ...

7.8

CVE-2016-1880

  • EPSS 0.04%
  • Veröffentlicht 15.02.2017 15:59:00
  • Zuletzt bearbeitet 20.04.2025 01:37:25

The Linux compatibility layer in the kernel in FreeBSD 9.3, 10.1, and 10.2 allows local users to read portions of kernel memory and potentially gain privilege via unspecified vectors, related to "handling of Linux futex robust lists."

7.8

CVE-2016-1881

  • EPSS 0.04%
  • Veröffentlicht 15.02.2017 15:59:00
  • Zuletzt bearbeitet 20.04.2025 01:37:25

The kernel in FreeBSD 9.3, 10.1, and 10.2 allows local users to cause a denial of service (crash) or potentially gain privilege via a crafted Linux compatibility layer setgroups system call.

7.8

CVE-2016-1883

  • EPSS 0.04%
  • Veröffentlicht 15.02.2017 15:59:00
  • Zuletzt bearbeitet 20.04.2025 01:37:25

The issetugid system call in the Linux compatibility layer in FreeBSD 9.3, 10.1, and 10.2 allows local users to gain privilege via unspecified vectors.

7.5

CVE-2016-1888

  • EPSS 1.76%
  • Veröffentlicht 15.02.2017 15:59:00
  • Zuletzt bearbeitet 20.04.2025 01:37:25

The telnetd service in FreeBSD 9.3, 10.1, 10.2, 10.3, and 11.0 allows remote attackers to inject arguments to login and bypass authentication via vectors involving a "sequence of memory allocation failures."

7.8

CVE-2016-1889

  • EPSS 0.04%
  • Veröffentlicht 15.02.2017 15:59:00
  • Zuletzt bearbeitet 20.04.2025 01:37:25

Integer overflow in the bhyve hypervisor in FreeBSD 10.1, 10.2, 10.3, and 11.0 when configured with a large amount of guest memory, allows local users to gain privilege via a crafted device descriptor.

5.5

CVE-2015-5677

Exploit
  • EPSS 0.09%
  • Veröffentlicht 07.02.2017 15:59:00
  • Zuletzt bearbeitet 20.04.2025 01:37:25

bsnmpd, as used in FreeBSD 9.3, 10.1, and 10.2, uses world-readable permissions on the snmpd.config file, which allows local users to obtain the secret key for USM authentication by reading the file.

5.3

CVE-2016-2518

  • EPSS 1.47%
  • Veröffentlicht 30.01.2017 21:59:01
  • Zuletzt bearbeitet 20.04.2025 01:37:25

The MATCH_ASSOC function in NTP before version 4.2.8p9 and 4.3.x before 4.3.92 allows remote attackers to cause an out-of-bounds reference via an addpeer request with a large hmode value.