Freebsd

Freebsd

543 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
  • EPSS 0.18%
  • Veröffentlicht 30.04.2026 07:16:41
  • Zuletzt bearbeitet 10.05.2026 08:16:08

An operator precedence bug in the kernel results in a scenario where a buffer overflow causes attacker-controlled data to overwrite adjacent execve(2) argument buffers. The bug may be exploitable by an unprivileged user to obtain superuser privilege...

Medienbericht
  • EPSS 0.43%
  • Veröffentlicht 30.04.2026 07:16:37
  • Zuletzt bearbeitet 01.05.2026 16:16:32

The BOOTP file field is written to the lease file without escaping embedded double-quotes, allowing injection of arbitrary dhclient.conf directives. When the lease file is subsequently re-parsed by dhclient, e.g., after a system restart, an attacker...

  • EPSS 0.16%
  • Veröffentlicht 22.04.2026 02:33:24
  • Zuletzt bearbeitet 01.05.2026 12:49:08

In order to apply a particular protection key to an address range, the kernel must update the corresponding page table entries. The subroutine which handled this failed to take into account the presence of 1GB largepage mappings created using the sh...

  • EPSS 0.17%
  • Veröffentlicht 22.04.2026 02:23:56
  • Zuletzt bearbeitet 01.05.2026 12:49:44

The implementation of TIOCNOTTY failed to clear a back-pointer from the structure representing the controlling terminal to the calling process' session. If the invoking process then exits, the terminal structure may end up containing a pointer to fr...

  • EPSS 0.25%
  • Veröffentlicht 01.04.2026 06:18:52
  • Zuletzt bearbeitet 02.04.2026 20:47:20

A regression in the way hashes were calculated caused rules containing the address range syntax (x.x.x.x - y.y.y.y) that only differ in the address range(s) involved to be silently dropped as duplicates. Only the first of such rules is actually load...

Medienbericht Exploit
  • EPSS 1.92%
  • Veröffentlicht 26.03.2026 06:21:12
  • Zuletzt bearbeitet 20.04.2026 13:47:31

Each RPCSEC_GSS data packet is validated by a routine which checks a signature in the packet. This routine copies a portion of the packet into a stack buffer, but fails to ensure that the buffer is sufficiently large, and a malicious client can trig...

  • EPSS 0.37%
  • Veröffentlicht 26.03.2026 06:15:00
  • Zuletzt bearbeitet 30.04.2026 18:57:58

On a system exposing an NVMe/TCP target, a remote client can trigger a kernel panic by sending a CONNECT command for an I/O queue with a bogus or stale CNTLID. An attacker with network access to the NVMe/TCP target can trigger an unauthenticated Den...

  • EPSS 1.12%
  • Veröffentlicht 26.03.2026 06:09:08
  • Zuletzt bearbeitet 30.04.2026 18:55:51

When a challenge ACK is to be sent tcp_respond() constructs and sends the challenge ACK and consumes the mbuf that is passed in. When no challenge ACK should be sent the function returns and leaks the mbuf. If an attacker is either on path with an ...

  • EPSS 0.47%
  • Veröffentlicht 09.03.2026 12:25:39
  • Zuletzt bearbeitet 17.03.2026 15:55:14

The rtsock_msg_buffer() function serializes routing information into a buffer. As a part of this, it copies sockaddr structures into a sockaddr_storage structure on the stack. It assumes that the source sockaddr length field had already been valida...

  • EPSS 0.36%
  • Veröffentlicht 09.03.2026 12:10:08
  • Zuletzt bearbeitet 17.03.2026 15:54:31

Due to a programming error, blocklistd leaks a socket descriptor for each adverse event report it receives. Once a certain number of leaked sockets is reached, blocklistd becomes unable to run the helper script: a child process is forked, but this c...