Total
524 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2020-7463 | 2 Apple, Freebsd | 9 Icloud, Ipados, Iphone Os and 6 more | 2024-02-28 | 4.9 MEDIUM | 5.5 MEDIUM |
In FreeBSD 12.1-STABLE before r364644, 11.4-STABLE before r364651, 12.1-RELEASE before p9, 11.4-RELEASE before p3, and 11.3-RELEASE before p13, improper handling in the kernel causes a use-after-free bug by sending large user messages from multiple threads on the same SCTP socket. The use-after-free situation may result in unintended kernel behaviour including a kernel panic. | |||||
CVE-2020-24718 | 4 Freebsd, Netapp, Omniosce and 1 more | 4 Freebsd, Clustered Data Ontap, Omnios and 1 more | 2024-02-28 | 7.2 HIGH | 8.2 HIGH |
bhyve, as used in FreeBSD through 12.1 and illumos (e.g., OmniOS CE through r151034 and OpenIndiana through Hipster 2020.04), does not properly restrict VMCS and VMCB read/write operations, as demonstrated by a root user in a container on an Intel system, who can gain privileges by modifying VMCS_HOST_RIP. | |||||
CVE-2021-3450 | 10 Fedoraproject, Freebsd, Mcafee and 7 more | 35 Fedora, Freebsd, Web Gateway and 32 more | 2024-02-28 | 5.8 MEDIUM | 7.4 HIGH |
The X509_V_FLAG_X509_STRICT flag enables additional security checks of the certificates present in a certificate chain. It is not set by default. Starting from OpenSSL version 1.1.1h a check to disallow certificates in the chain that have explicitly encoded elliptic curve parameters was added as an additional strict check. An error in the implementation of this check meant that the result of a previous check to confirm that certificates in the chain are valid CA certificates was overwritten. This effectively bypasses the check that non-CA certificates must not be able to issue other certificates. If a "purpose" has been configured then there is a subsequent opportunity for checks that the certificate is a valid CA. All of the named "purpose" values implemented in libcrypto perform this check. Therefore, where a purpose is set the certificate chain will still be rejected even when the strict flag has been used. A purpose is set by default in libssl client and server certificate verification routines, but it can be overridden or removed by an application. In order to be affected, an application must explicitly set the X509_V_FLAG_X509_STRICT verification flag and either not set a purpose for the certificate verification or, in the case of TLS client or server applications, override the default purpose. OpenSSL versions 1.1.1h and newer are affected by this issue. Users of these versions should upgrade to OpenSSL 1.1.1k. OpenSSL 1.0.2 is not impacted by this issue. Fixed in OpenSSL 1.1.1k (Affected 1.1.1h-1.1.1j). | |||||
CVE-2020-10566 | 1 Freebsd | 1 Freebsd | 2024-02-28 | 4.6 MEDIUM | 7.8 HIGH |
grub2-bhyve, as used in FreeBSD bhyve before revision 525916 2020-02-12, mishandles font loading by a guest through a grub2.cfg file, leading to a buffer overflow. | |||||
CVE-2020-7455 | 1 Freebsd | 1 Freebsd | 2024-02-28 | 2.1 LOW | 5.5 MEDIUM |
In FreeBSD 12.1-STABLE before r360973, 12.1-RELEASE before p5, 11.4-STABLE before r360973, 11.4-BETA1 before p1 and 11.3-RELEASE before p9, the FTP packet handler in libalias incorrectly calculates some packet length allowing disclosure of small amounts of kernel (for kernel NAT) or natd process space (for userspace natd). | |||||
CVE-2019-15876 | 1 Freebsd | 1 Freebsd | 2024-02-28 | 2.1 LOW | 5.5 MEDIUM |
In FreeBSD 12.1-STABLE before r356089, 12.1-RELEASE before 12.1-RELEASE-p3, 11.3-STABLE before r356090, and 11.3-RELEASE before 11.3-RELEASE-p7, driver specific ioctl command handlers in the oce network driver failed to check whether the caller has sufficient privileges allowing unprivileged users to send passthrough commands to the device firmware. | |||||
CVE-2020-13434 | 7 Apple, Canonical, Debian and 4 more | 15 Icloud, Ipados, Iphone Os and 12 more | 2024-02-28 | 2.1 LOW | 5.5 MEDIUM |
SQLite through 3.32.0 has an integer overflow in sqlite3_str_vappendf in printf.c. | |||||
CVE-2020-7457 | 1 Freebsd | 1 Freebsd | 2024-02-28 | 6.8 MEDIUM | 8.1 HIGH |
In FreeBSD 12.1-STABLE before r359565, 12.1-RELEASE before p7, 11.4-STABLE before r362975, 11.4-RELEASE before p1, and 11.3-RELEASE before p11, missing synchronization in the IPV6_2292PKTOPTIONS socket option set handler contained a race condition allowing a malicious application to modify memory after being freed, possibly resulting in code execution. | |||||
CVE-2020-10565 | 1 Freebsd | 1 Freebsd | 2024-02-28 | 7.2 HIGH | 7.8 HIGH |
grub2-bhyve, as used in FreeBSD bhyve before revision 525916 2020-02-12, does not validate the address provided as part of a memrw command (read_* or write_*) by a guest through a grub2.cfg file. This allows an untrusted guest to perform arbitrary read or write operations in the context of the grub-bhyve process, resulting in code execution as root on the host OS. | |||||
CVE-2020-24716 | 2 Freebsd, Openzfs | 2 Freebsd, Openzfs | 2024-02-28 | 4.6 MEDIUM | 7.8 HIGH |
OpenZFS before 2.0.0-rc1, when used on FreeBSD, allows execute permissions for all directories. | |||||
CVE-2019-15877 | 1 Freebsd | 1 Freebsd | 2024-02-28 | 2.1 LOW | 5.5 MEDIUM |
In FreeBSD 12.1-STABLE before r356606 and 12.1-RELEASE before 12.1-RELEASE-p3, driver specific ioctl command handlers in the ixl network driver failed to check whether the caller has sufficient privileges allowing unprivileged users to trigger updates to the device's non-volatile memory. | |||||
CVE-2020-7452 | 1 Freebsd | 1 Freebsd | 2024-02-28 | 9.0 HIGH | 9.1 CRITICAL |
In FreeBSD 12.1-STABLE before r357490, 12.1-RELEASE before 12.1-RELEASE-p3, 11.3-STABLE before r357489, and 11.3-RELEASE before 11.3-RELEASE-p7, incorrect use of a user-controlled pointer in the epair virtual network module allowed vnet jailed privileged users to panic the host system and potentially execute arbitrary code in the kernel. | |||||
CVE-2020-7458 | 1 Freebsd | 1 Freebsd | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
In FreeBSD 12.1-STABLE before r362281, 11.4-STABLE before r362281, and 11.4-RELEASE before p1, long values in the user-controlled PATH environment variable cause posix_spawnp to write beyond the end of the heap allocated stack possibly leading to arbitrary code execution. | |||||
CVE-2020-13160 | 3 Anydesk, Freebsd, Linux | 3 Anydesk, Freebsd, Linux Kernel | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
AnyDesk before 5.5.3 on Linux and FreeBSD has a format string vulnerability that can be exploited for remote code execution. | |||||
CVE-2020-24385 | 2 Freebsd, Midnightbsd | 2 Freebsd, Midnightbsd | 2024-02-28 | 4.9 MEDIUM | 5.5 MEDIUM |
In MidnightBSD before 1.2.6 and 1.3 before August 2020, and FreeBSD before 7, a NULL pointer dereference was found in the Linux emulation layer that allows attackers to crash the running kernel. During binary interaction, td->td_emuldata in sys/compat/linux/linux_emul.h is not getting initialized and returns NULL from em_find(). | |||||
CVE-2019-15874 | 2 Freebsd, Netapp | 2 Freebsd, Clustered Data Ontap | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
In FreeBSD 12.1-STABLE before r356035, 12.1-RELEASE before 12.1-RELEASE-p4, 11.3-STABLE before r356036, and 11.3-RELEASE before 11.3-RELEASE-p8, incomplete packet data validation may result in memory access after it has been freed leading to a kernel panic or other unpredictable results. | |||||
CVE-2019-15880 | 1 Freebsd | 1 Freebsd | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
In FreeBSD 12.1-STABLE before r356911, and 12.1-RELEASE before p5, insufficient checking in the cryptodev module allocated the size of a kernel buffer based on a user-supplied length allowing an unprivileged process to trigger a kernel panic. | |||||
CVE-2020-7453 | 1 Freebsd | 1 Freebsd | 2024-02-28 | 3.3 LOW | 6.0 MEDIUM |
In FreeBSD 12.1-STABLE before r359021, 12.1-RELEASE before 12.1-RELEASE-p3, 11.3-STABLE before r359020, and 11.3-RELEASE before 11.3-RELEASE-p7, a missing null termination check in the jail_set configuration option "osrelease" may return more bytes with a subsequent jail_get system call allowing a malicious jail superuser with permission to create nested jails to read kernel memory. | |||||
CVE-2020-7451 | 1 Freebsd | 1 Freebsd | 2024-02-28 | 5.0 MEDIUM | 5.3 MEDIUM |
In FreeBSD 12.1-STABLE before r358739, 12.1-RELEASE before 12.1-RELEASE-p3, 11.3-STABLE before r358740, and 11.3-RELEASE before 11.3-RELEASE-p7, a TCP SYN-ACK or challenge TCP-ACK segment over IPv6 that is transmitted or retransmitted does not properly initialize the Traffic Class field disclosing one byte of kernel memory over the network. | |||||
CVE-2020-24717 | 2 Freebsd, Openzfs | 2 Freebsd, Openzfs | 2024-02-28 | 7.2 HIGH | 7.8 HIGH |
OpenZFS before 2.0.0-rc1, when used on FreeBSD, misinterprets group permissions as user permissions, as demonstrated by mode 0770 being equivalent to mode 0777. |