CVE-2020-24863
- EPSS 0.53%
- Veröffentlicht 03.09.2020 15:15:11
- Zuletzt bearbeitet 21.11.2024 05:16:08
A memory corruption vulnerability was found in the kernel function kern_getfsstat in MidnightBSD before 1.2.7 and 1.3 through 2020-08-19, and FreeBSD through 11.4, that allows an attacker to trigger an invalid free and crash the system via a crafted ...
CVE-2020-7459
- EPSS 0.41%
- Veröffentlicht 06.08.2020 17:15:11
- Zuletzt bearbeitet 21.11.2024 05:37:11
In FreeBSD 12.1-STABLE before r362166, 12.1-RELEASE before p8, 11.4-STABLE before r362167, 11.4-RELEASE before p2, and 11.3-RELEASE before p12, missing length validation code common to mulitple USB network drivers allows a malicious USB device to wri...
- EPSS 0.72%
- Veröffentlicht 06.08.2020 17:15:11
- Zuletzt bearbeitet 21.11.2024 05:37:11
In FreeBSD 12.1-STABLE before r363918, 12.1-RELEASE before p8, 11.4-STABLE before r363919, 11.4-RELEASE before p2, and 11.3-RELEASE before p12, the sendmsg system call in the compat32 subsystem on 64-bit platforms has a time-of-check to time-of-use v...
CVE-2020-7457
- EPSS 32.98%
- Veröffentlicht 09.07.2020 14:15:10
- Zuletzt bearbeitet 21.11.2024 05:37:10
In FreeBSD 12.1-STABLE before r359565, 12.1-RELEASE before p7, 11.4-STABLE before r362975, 11.4-RELEASE before p1, and 11.3-RELEASE before p11, missing synchronization in the IPV6_2292PKTOPTIONS socket option set handler contained a race condition al...
CVE-2020-7458
- EPSS 1.92%
- Veröffentlicht 09.07.2020 14:15:10
- Zuletzt bearbeitet 21.11.2024 05:37:11
In FreeBSD 12.1-STABLE before r362281, 11.4-STABLE before r362281, and 11.4-RELEASE before p1, long values in the user-controlled PATH environment variable cause posix_spawnp to write beyond the end of the heap allocated stack possibly leading to arb...
CVE-2020-7456
- EPSS 0.56%
- Veröffentlicht 09.06.2020 19:15:10
- Zuletzt bearbeitet 21.11.2024 05:37:10
In FreeBSD 12.1-STABLE before r361918, 12.1-RELEASE before p6, 11.4-STABLE before r361919, 11.3-RELEASE before p10, and 11.4-RC2 before p1, an invalid memory location may be used for HID items if the push/pop level is not restored within the processi...
CVE-2020-13434
- EPSS 1.01%
- Veröffentlicht 24.05.2020 22:15:10
- Zuletzt bearbeitet 21.11.2024 05:01:15
SQLite through 3.32.0 has an integer overflow in sqlite3_str_vappendf in printf.c.
CVE-2020-7454
- EPSS 2.71%
- Veröffentlicht 13.05.2020 16:15:13
- Zuletzt bearbeitet 21.11.2024 05:37:10
In FreeBSD 12.1-STABLE before r360971, 12.1-RELEASE before p5, 11.4-STABLE before r360971, 11.4-BETA1 before p1 and 11.3-RELEASE before p9, libalias does not properly validate packet length resulting in modules causing an out of bounds read/write con...
CVE-2020-7455
- EPSS 0.52%
- Veröffentlicht 13.05.2020 16:15:13
- Zuletzt bearbeitet 21.11.2024 05:37:10
In FreeBSD 12.1-STABLE before r360973, 12.1-RELEASE before p5, 11.4-STABLE before r360973, 11.4-BETA1 before p1 and 11.3-RELEASE before p9, the FTP packet handler in libalias incorrectly calculates some packet length allowing disclosure of small amou...
CVE-2019-15878
- EPSS 0.32%
- Veröffentlicht 13.05.2020 16:15:12
- Zuletzt bearbeitet 21.11.2024 04:29:39
In FreeBSD 12.1-STABLE before r352509, 11.3-STABLE before r352509, and 11.3-RELEASE before p9, an unprivileged local user can trigger a use-after-free situation due to improper checking in SCTP when an application tries to update an SCTP-AUTH shared ...