Freebsd

Freebsd

503 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
7.8

CVE-2020-10565

  • EPSS 0.14%
  • Veröffentlicht 14.03.2020 01:15:12
  • Zuletzt bearbeitet 21.11.2024 04:55:35

grub2-bhyve, as used in FreeBSD bhyve before revision 525916 2020-02-12, does not validate the address provided as part of a memrw command (read_* or write_*) by a guest through a grub2.cfg file. This allows an untrusted guest to perform arbitrary re...

7.8

CVE-2020-10566

  • EPSS 0.23%
  • Veröffentlicht 14.03.2020 01:15:12
  • Zuletzt bearbeitet 21.11.2024 04:55:35

grub2-bhyve, as used in FreeBSD bhyve before revision 525916 2020-02-12, mishandles font loading by a guest through a grub2.cfg file, leading to a buffer overflow.

7.8

CVE-2012-5363

  • EPSS 0.94%
  • Veröffentlicht 20.02.2020 15:15:11
  • Zuletzt bearbeitet 21.11.2024 01:44:35

The IPv6 implementation in FreeBSD and NetBSD (unknown versions, year 2012 and earlier) allows remote attackers to cause a denial of service via a flood of ICMPv6 Neighbor Solicitation messages, a different vulnerability than CVE-2011-2393.

7.8

CVE-2012-5365

  • EPSS 0.94%
  • Veröffentlicht 20.02.2020 15:15:11
  • Zuletzt bearbeitet 21.11.2024 01:44:36

The IPv6 implementation in FreeBSD and NetBSD (unknown versions, year 2012 and earlier) allows remote attackers to cause a denial of service via a flood of ICMPv6 Router Advertisement packets containing multiple Routing entries.

6.5

CVE-2015-2923

  • EPSS 1.37%
  • Veröffentlicht 20.02.2020 04:15:10
  • Zuletzt bearbeitet 21.11.2024 02:28:19

The Neighbor Discovery (ND) protocol implementation in the IPv6 stack in FreeBSD through 10.1 allows remote attackers to reconfigure a hop-limit setting via a small hop_limit value in a Router Advertisement (RA) message.

9.8

CVE-2014-3879

  • EPSS 1.49%
  • Veröffentlicht 18.02.2020 17:15:12
  • Zuletzt bearbeitet 21.11.2024 02:09:02

OpenPAM Nummularia 9.2 through 10.0 does not properly handle the error reported when an include directive refers to a policy that does not exist, which causes the loaded policy chain to no be discarded and allows context-dependent attackers to bypass...

9.8

CVE-2019-5613

  • EPSS 0.22%
  • Veröffentlicht 18.02.2020 16:15:11
  • Zuletzt bearbeitet 21.11.2024 04:45:14

In FreeBSD 12.0-RELEASE before 12.0-RELEASE-p13, a missing check in the ipsec packet processor allows reinjection of an old packet to be accepted by the ipsec endpoint. Depending on the higher-level protocol in use over ipsec, this could allow an act...

9.8

CVE-2020-7450

  • EPSS 1.02%
  • Veröffentlicht 18.02.2020 16:15:11
  • Zuletzt bearbeitet 21.11.2024 05:37:10

In FreeBSD 12.1-STABLE before r357213, 12.1-RELEASE before 12.1-RELEASE-p2, 12.0-RELEASE before 12.0-RELEASE-p13, 11.3-STABLE before r357214, and 11.3-RELEASE before 11.3-RELEASE-p6, URL handling in libfetch with URLs containing username and/or passw...

3.3

CVE-2019-15875

  • EPSS 0.12%
  • Veröffentlicht 18.02.2020 16:15:10
  • Zuletzt bearbeitet 21.11.2024 04:29:39

In FreeBSD 12.1-STABLE before r354734, 12.1-RELEASE before 12.1-RELEASE-p2, 12.0-RELEASE before 12.0-RELEASE-p13, 11.3-STABLE before r354735, and 11.3-RELEASE before 11.3-RELEASE-p6, due to incorrect initialization of a stack data structure, core dum...

7.8

CVE-2011-3336

Exploit
  • EPSS 24.64%
  • Veröffentlicht 12.02.2020 20:15:13
  • Zuletzt bearbeitet 21.11.2024 01:30:17

regcomp in the BSD implementation of libc is vulnerable to denial of service due to stack exhaustion.