Vulnerabilities (CVE)

Filtered by vendor Freebsd Subscribe
Total 553 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2018-3665 6 Canonical, Citrix, Debian and 3 more 14 Ubuntu Linux, Xenserver, Debian Linux and 11 more 2024-11-21 4.7 MEDIUM 5.6 MEDIUM
System software utilizing Lazy FP state restore technique on systems using Intel Core-based microprocessors may potentially allow a local process to infer data from another process through a speculative execution side channel.
CVE-2018-17161 1 Freebsd 1 Freebsd 2024-11-21 7.5 HIGH 9.8 CRITICAL
In FreeBSD before 11.2-STABLE(r348229), 11.2-RELEASE-p7, 12.0-STABLE(r342228), and 12.0-RELEASE-p1, insufficient validation of network-provided data in bootpd may make it possible for a malicious attacker to craft a bootp packet which could cause a stack buffer overflow. It is possible that the buffer overflow could lead to a Denial of Service or remote code execution.
CVE-2018-17160 1 Freebsd 1 Freebsd 2024-11-21 10.0 HIGH 10.0 CRITICAL
In FreeBSD before 11.2-STABLE(r341486) and 11.2-RELEASE-p6, insufficient bounds checking in one of the device models provided by bhyve can permit a guest operating system to overwrite memory in the bhyve host possibly permitting arbitrary code execution. A guest OS using a firmware image can cause the bhyve process to crash, or possibly execute arbitrary code on the host as root.
CVE-2018-17159 1 Freebsd 1 Freebsd 2024-11-21 7.8 HIGH 7.5 HIGH
In FreeBSD before 11.2-STABLE(r340854) and 11.2-RELEASE-p5, the NFS server lacks a bounds check in the READDIRPLUS NFS request. Unprivileged remote users with access to the NFS server can cause a resource exhaustion by forcing the server to allocate an arbitrarily large memory allocation.
CVE-2018-17158 1 Freebsd 1 Freebsd 2024-11-21 7.8 HIGH 7.5 HIGH
In FreeBSD before 11.2-STABLE(r340854) and 11.2-RELEASE-p5, an integer overflow error can occur when handling the client address length field in an NFSv4 request. Unprivileged remote users with access to the NFS server can crash the system by sending a specially crafted NFSv4 request.
CVE-2018-17157 1 Freebsd 1 Freebsd 2024-11-21 10.0 HIGH 9.8 CRITICAL
In FreeBSD before 11.2-STABLE(r340854) and 11.2-RELEASE-p5, an integer overflow error when handling opcodes can cause memory corruption by sending a specially crafted NFSv4 request. Unprivileged remote users with access to the NFS server may be able to execute arbitrary code.
CVE-2018-17156 1 Freebsd 1 Freebsd 2024-11-21 4.3 MEDIUM 5.9 MEDIUM
In FreeBSD before 11.2-STABLE(r340268) and 11.2-RELEASE-p5, due to incorrectly accounting for padding on 64-bit platforms, a buffer underwrite could occur when constructing an ICMP reply packet when using a non-standard value for the net.inet.icmp.quotelen sysctl.
CVE-2018-17155 1 Freebsd 1 Freebsd 2024-11-21 2.1 LOW 5.5 MEDIUM
In FreeBSD before 11.2-STABLE(r338983), 11.2-RELEASE-p4, 11.1-RELEASE-p15, 10.4-STABLE(r338984), and 10.4-RELEASE-p13, due to insufficient initialization of memory copied to userland in the getcontext and swapcontext system calls, small amounts of kernel memory may be disclosed to userland processes. Unprivileged authenticated local users may be able to access small amounts privileged kernel data.
CVE-2018-17154 1 Freebsd 1 Freebsd 2024-11-21 4.9 MEDIUM 5.5 MEDIUM
In FreeBSD before 11.2-STABLE(r338987), 11.2-RELEASE-p4, and 11.1-RELEASE-p15, due to insufficient memory checking in the freebsd4_getfsstat system call, a NULL pointer dereference can occur. Unprivileged authenticated local users may be able to cause a denial of service.
CVE-2018-1000998 1 Freebsd 1 Cvsweb 2024-11-21 4.3 MEDIUM 6.1 MEDIUM
FreeBSD CVSweb version 2.x contains a Cross Site Scripting (XSS) vulnerability in all pages that can result in limited impact--CVSweb is anonymous & read-only. It might impact other sites on same domain. This attack appears to be exploitable via victim must load specially crafted url. This vulnerability appears to have been fixed in 3.x.
CVE-2017-1085 1 Freebsd 1 Freebsd 2024-11-21 7.2 HIGH 7.8 HIGH
In FreeBSD before 11.2-RELEASE, an application which calls setrlimit() to increase RLIMIT_STACK may turn a read-only memory region below the stack into a read-write region. A specially crafted executable could be exploited to execute arbitrary code in the user context.
CVE-2017-1084 1 Freebsd 1 Freebsd 2024-11-21 7.8 HIGH 7.5 HIGH
In FreeBSD before 11.2-RELEASE, multiple issues with the implementation of the stack guard-page reduce the protections afforded by the guard-page. This results in the possibility a poorly written process could be cause a stack overflow.
CVE-2017-1083 1 Freebsd 1 Freebsd 2024-11-21 7.8 HIGH 7.5 HIGH
In FreeBSD before 11.2-RELEASE, a stack guard-page is available but is disabled by default. This results in the possibility a poorly written process could be cause a stack overflow.
CVE-2017-1082 1 Freebsd 1 Freebsd 2024-11-21 5.0 MEDIUM 7.5 HIGH
In FreeBSD 11.x before 11.1-RELEASE and 10.x before 10.4-RELEASE, the qsort algorithm has a deterministic recursion pattern. Feeding a pathological input to the algorithm can lead to excessive stack usage and potential overflow. Applications that use qsort to handle large data set may crash if the input follows the pathological pattern.
CVE-2017-1081 1 Freebsd 1 Freebsd 2024-11-21 7.8 HIGH 7.5 HIGH
In FreeBSD before 11.0-STABLE, 11.0-RELEASE-p10, 10.3-STABLE, and 10.3-RELEASE-p19, ipfilter using "keep state" or "keep frags" options can cause a kernel panic when fed specially crafted packet fragments due to incorrect memory handling.
CVE-2016-9042 4 Freebsd, Hpe, Ntp and 1 more 5 Freebsd, Hpux-ntp, Ntp and 2 more 2024-11-21 4.3 MEDIUM 5.9 MEDIUM
An exploitable denial of service vulnerability exists in the origin timestamp check functionality of ntpd 4.2.8p9. A specially crafted unauthenticated network packet can be used to reset the expected origin timestamp for target peers. Legitimate replies from targeted peers will fail the origin timestamp check (TEST2) causing the reply to be dropped and creating a denial of service condition.
CVE-2016-6559 1 Freebsd 1 Freebsd 2024-11-21 7.5 HIGH 9.8 CRITICAL
Improper bounds checking of the obuf variable in the link_ntoa() function in linkaddr.c of the BSD libc library may allow an attacker to read or write from memory. The full impact and severity depends on the method of exploit and how the library is used by applications. According to analysis by FreeBSD developers, it is very unlikely that applications exist that utilize link_ntoa() in an exploitable manner, and the CERT/CC is not aware of any proof of concept. A blog post describes the functionality of link_ntoa() and points out that none of the base utilities use this function in an exploitable manner. For more information, please see FreeBSD Security Advisory SA-16:37.
CVE-2015-5674 1 Freebsd 1 Freebsd 2024-11-21 4.0 MEDIUM 6.5 MEDIUM
The routed daemon in FreeBSD 9.3 before 9.3-RELEASE-p22, 10.2-RC2 before 10.2-RC2-p1, 10.2-RC1 before 10.2-RC1-p2, 10.2 before 10.2-BETA2-p3, and 10.1 before 10.1-RELEASE-p17 allows remote authenticated users to cause a denial of service (assertion failure and daemon exit) via a query from a network that is not directly connected.
CVE-2015-2923 1 Freebsd 1 Freebsd 2024-11-21 3.3 LOW 6.5 MEDIUM
The Neighbor Discovery (ND) protocol implementation in the IPv6 stack in FreeBSD through 10.1 allows remote attackers to reconfigure a hop-limit setting via a small hop_limit value in a Router Advertisement (RA) message.
CVE-2015-1418 1 Freebsd 1 Freebsd 2024-11-21 9.3 HIGH 7.8 HIGH
The do_ed_script function in pch.c in GNU patch through 2.7.6, and patch in FreeBSD 10.1 before 10.1-RELEASE-p17, 10.2 before 10.2-BETA2-p3, 10.2-RC1 before 10.2-RC1-p2, and 0.2-RC2 before 10.2-RC2-p1, allows remote attackers to execute arbitrary commands via a crafted patch file, because a '!' character can be passed to the ed program.