CVE-2025-15576
- EPSS 0.11%
- Veröffentlicht 09.03.2026 11:54:20
- Zuletzt bearbeitet 17.03.2026 15:54:59
If two sibling jails are restricted to separate filesystem trees, which is to say that neither of the two jail root directories is an ancestor of the other, jailed processes may nonetheless be able to access a shared directory via a nullfs mount, if ...
CVE-2025-15547
- EPSS 0.11%
- Veröffentlicht 09.03.2026 11:46:51
- Zuletzt bearbeitet 17.03.2026 15:55:08
By default, jailed processes cannot mount filesystems, including nullfs(4). However, the allow.mount.nullfs option enables mounting nullfs filesystems, subject to privilege checks. If a privileged user within a jail is able to nullfs-mount director...
CVE-2025-14769
- EPSS 1.1%
- Veröffentlicht 09.03.2026 11:34:52
- Zuletzt bearbeitet 17.03.2026 15:55:19
In some cases, the `tcp-setmss` handler may free the packet data and throw an error without halting the rule processing engine. A subsequent rule can then allow the traffic after the packet data is gone, resulting in a NULL pointer dereference. Mal...
CVE-2025-14558
- EPSS 6.27%
- Veröffentlicht 09.03.2026 11:27:27
- Zuletzt bearbeitet 17.03.2026 15:55:24
The rtsol(8) and rtsold(8) programs do not validate the domain search list options provided in router advertisement messages; the option body is passed to resolvconf(8) unmodified. resolvconf(8) is a shell script which does not validate its input. ...
CVE-2025-24934
- EPSS 0.2%
- Veröffentlicht 22.10.2025 17:43:12
- Zuletzt bearbeitet 24.04.2026 00:16:26
Software which sets SO_REUSEPORT_LB on a socket and then connects it to a host will not directly observe any problems. However, due to its membership in a load-balancing group, that socket will receive packets originating from any host. This breaks...
CVE-2025-0374
- EPSS 0.29%
- Veröffentlicht 30.01.2025 05:15:10
- Zuletzt bearbeitet 15.04.2026 00:35:42
When etcupdate encounters conflicts while merging files, it saves a version containing conflict markers in /var/db/etcupdate/conflicts. This version does not preserve the mode of the input file, and is world-readable. This applies to files that wou...
CVE-2025-0662
- EPSS 0.35%
- Veröffentlicht 30.01.2025 05:15:10
- Zuletzt bearbeitet 15.04.2026 00:35:42
In some cases, the ktrace facility will log the contents of kernel structures to userspace. In one such case, ktrace dumps a variable-sized sockaddr to userspace. There, the full sockaddr is copied, even when it is shorter than the full size. This...
- EPSS 0.42%
- Veröffentlicht 30.01.2025 05:15:09
- Zuletzt bearbeitet 15.04.2026 00:35:42
On 64-bit systems, the implementation of VOP_VPTOFH() in the cd9660, tarfs and ext2fs filesystems overflows the destination FID buffer by 4 bytes, a stack buffer overflow. A NFS server that exports a cd9660, tarfs, or ext2fs file system can be made ...
CVE-2024-51565
- EPSS 0.39%
- Veröffentlicht 12.11.2024 15:15:11
- Zuletzt bearbeitet 15.04.2026 00:35:42
The hda driver is vulnerable to a buffer over-read from a guest-controlled value.
CVE-2024-51566
- EPSS 0.38%
- Veröffentlicht 12.11.2024 15:15:11
- Zuletzt bearbeitet 15.04.2026 00:35:42
The NVMe driver queue processing is vulernable to guest-induced infinite loops.