National Vulnerability Database

National Vulnerability Database

National Vulnerability
Database

Search Results (Refine Search)

Search Parameters:
  • Contains Software Flaws (CVE)
  • CPE Product Version: cpe:/o:freebsd:freebsd:6.1:p16
There are 74 matching records.
Displaying matches 1 through 20.
Vuln ID Summary CVSS Severity
CVE-2020-10566

grub2-bhyve, as used in FreeBSD bhyve before revision 525916 2020-02-12, mishandles font loading by a guest through a grub2.cfg file, leading to a buffer overflow.

Published: March 13, 2020; 09:15:12 PM -04:00
V3.1: 7.8 HIGH
    V2: 4.6 MEDIUM
CVE-2020-10565

grub2-bhyve, as used in FreeBSD bhyve before revision 525916 2020-02-12, does not validate the address provided as part of a memrw command (read_* or write_*) by a guest through a grub2.cfg file. This allows an untrusted guest to perform arbitrary read or write operations in the context of the grub-bhyve process, resulting in code execution as root on the host OS.

Published: March 13, 2020; 09:15:12 PM -04:00
V3.1: 7.8 HIGH
    V2: 7.2 HIGH
CVE-2012-5365

The IPv6 implementation in FreeBSD and NetBSD (unknown versions, year 2012 and earlier) allows remote attackers to cause a denial of service via a flood of ICMPv6 Router Advertisement packets containing multiple Routing entries.

Published: February 20, 2020; 10:15:11 AM -05:00
V3.1: 7.5 HIGH
    V2: 7.8 HIGH
CVE-2012-5363

The IPv6 implementation in FreeBSD and NetBSD (unknown versions, year 2012 and earlier) allows remote attackers to cause a denial of service via a flood of ICMPv6 Neighbor Solicitation messages, a different vulnerability than CVE-2011-2393.

Published: February 20, 2020; 10:15:11 AM -05:00
V3.1: 7.5 HIGH
    V2: 7.8 HIGH
CVE-2015-2923

The Neighbor Discovery (ND) protocol implementation in the IPv6 stack in FreeBSD through 10.1 allows remote attackers to reconfigure a hop-limit setting via a small hop_limit value in a Router Advertisement (RA) message.

Published: February 19, 2020; 11:15:10 PM -05:00
V3.1: 6.5 MEDIUM
    V2: 3.3 LOW
CVE-2014-3879

OpenPAM Nummularia 9.2 through 10.0 does not properly handle the error reported when an include directive refers to a policy that does not exist, which causes the loaded policy chain to no be discarded and allows context-dependent attackers to bypass authentication via a login (1) without a password or (2) with an incorrect password.

Published: February 18, 2020; 12:15:12 PM -05:00
V3.1: 9.8 CRITICAL
    V2: 7.5 HIGH
CVE-2011-2480

Information Disclosure vulnerability in the 802.11 stack, as used in FreeBSD before 8.2 and NetBSD when using certain non-x86 architectures. A signedness error in the IEEE80211_IOC_CHANINFO ioctl allows a local unprivileged user to cause the kernel to copy large amounts of kernel memory back to the user, disclosing potentially sensitive information.

Published: November 27, 2019; 02:15:11 PM -05:00
V3.1: 7.5 HIGH
    V2: 5.0 MEDIUM
CVE-2018-17160

In FreeBSD before 11.2-STABLE(r341486) and 11.2-RELEASE-p6, insufficient bounds checking in one of the device models provided by bhyve can permit a guest operating system to overwrite memory in the bhyve host possibly permitting arbitrary code execution. A guest OS using a firmware image can cause the bhyve process to crash, or possibly execute arbitrary code on the host as root.

Published: December 04, 2018; 04:29:00 PM -05:00
V3.0: 10.0 CRITICAL
    V2: 10.0 HIGH
CVE-2018-17159

In FreeBSD before 11.2-STABLE(r340854) and 11.2-RELEASE-p5, the NFS server lacks a bounds check in the READDIRPLUS NFS request. Unprivileged remote users with access to the NFS server can cause a resource exhaustion by forcing the server to allocate an arbitrarily large memory allocation.

Published: December 04, 2018; 10:29:00 AM -05:00
V3.0: 7.5 HIGH
    V2: 7.8 HIGH
CVE-2018-17158

In FreeBSD before 11.2-STABLE(r340854) and 11.2-RELEASE-p5, an integer overflow error can occur when handling the client address length field in an NFSv4 request. Unprivileged remote users with access to the NFS server can crash the system by sending a specially crafted NFSv4 request.

Published: December 04, 2018; 10:29:00 AM -05:00
V3.0: 7.5 HIGH
    V2: 7.8 HIGH
CVE-2018-17157

In FreeBSD before 11.2-STABLE(r340854) and 11.2-RELEASE-p5, an integer overflow error when handling opcodes can cause memory corruption by sending a specially crafted NFSv4 request. Unprivileged remote users with access to the NFS server may be able to execute arbitrary code.

Published: December 04, 2018; 10:29:00 AM -05:00
V3.0: 9.8 CRITICAL
    V2: 10.0 HIGH
CVE-2018-17156

In FreeBSD before 11.2-STABLE(r340268) and 11.2-RELEASE-p5, due to incorrectly accounting for padding on 64-bit platforms, a buffer underwrite could occur when constructing an ICMP reply packet when using a non-standard value for the net.inet.icmp.quotelen sysctl.

Published: November 28, 2018; 11:29:00 AM -05:00
V3.0: 5.9 MEDIUM
    V2: 4.3 MEDIUM
CVE-2018-6925

In FreeBSD before 11.2-STABLE(r338986), 11.2-RELEASE-p4, 11.1-RELEASE-p15, 10.4-STABLE(r338985), and 10.4-RELEASE-p13, due to improper maintenance of IPv6 protocol control block flags through various failure paths, an unprivileged authenticated local user may be able to cause a NULL pointer dereference causing the kernel to crash.

Published: September 28, 2018; 09:29:01 AM -04:00
V3.0: 5.5 MEDIUM
    V2: 4.9 MEDIUM
CVE-2018-17155

In FreeBSD before 11.2-STABLE(r338983), 11.2-RELEASE-p4, 11.1-RELEASE-p15, 10.4-STABLE(r338984), and 10.4-RELEASE-p13, due to insufficient initialization of memory copied to userland in the getcontext and swapcontext system calls, small amounts of kernel memory may be disclosed to userland processes. Unprivileged authenticated local users may be able to access small amounts privileged kernel data.

Published: September 28, 2018; 09:29:00 AM -04:00
V3.0: 5.5 MEDIUM
    V2: 2.1 LOW
CVE-2018-17154

In FreeBSD before 11.2-STABLE(r338987), 11.2-RELEASE-p4, and 11.1-RELEASE-p15, due to insufficient memory checking in the freebsd4_getfsstat system call, a NULL pointer dereference can occur. Unprivileged authenticated local users may be able to cause a denial of service.

Published: September 28, 2018; 09:29:00 AM -04:00
V3.0: 5.5 MEDIUM
    V2: 4.9 MEDIUM
CVE-2017-1085

In FreeBSD before 11.2-RELEASE, an application which calls setrlimit() to increase RLIMIT_STACK may turn a read-only memory region below the stack into a read-write region. A specially crafted executable could be exploited to execute arbitrary code in the user context.

Published: September 12, 2018; 10:29:00 AM -04:00
V3.0: 7.8 HIGH
    V2: 7.2 HIGH
CVE-2017-1084

In FreeBSD before 11.2-RELEASE, multiple issues with the implementation of the stack guard-page reduce the protections afforded by the guard-page. This results in the possibility a poorly written process could be cause a stack overflow.

Published: September 12, 2018; 10:29:00 AM -04:00
V3.0: 7.5 HIGH
    V2: 7.8 HIGH
CVE-2017-1083

In FreeBSD before 11.2-RELEASE, a stack guard-page is available but is disabled by default. This results in the possibility a poorly written process could be cause a stack overflow.

Published: September 12, 2018; 10:29:00 AM -04:00
V3.0: 7.5 HIGH
    V2: 7.8 HIGH
CVE-2018-6923

In FreeBSD before 11.1-STABLE, 11.2-RELEASE-p2, 11.1-RELEASE-p13, ip fragment reassembly code is vulnerable to a denial of service due to excessive system resource consumption. This issue can allow a remote attacker who is able to send an arbitrary ip fragments to cause the machine to consume excessive resources.

Published: September 04, 2018; 02:29:00 PM -04:00
V3.0: 7.5 HIGH
    V2: 7.8 HIGH
CVE-2017-1081

In FreeBSD before 11.0-STABLE, 11.0-RELEASE-p10, 10.3-STABLE, and 10.3-RELEASE-p19, ipfilter using "keep state" or "keep frags" options can cause a kernel panic when fed specially crafted packet fragments due to incorrect memory handling.

Published: April 10, 2018; 09:29:00 AM -04:00
V3.0: 7.5 HIGH
    V2: 7.8 HIGH