Software Detail
Title
CVE
CRITICAL
HIGH
MEDIUM
LOW
CWE
Number of items displayed
FreeBSD Number Of NVD 488 CRITICAL 29 HIGH 219 MEDIUM 185 LOW 55
URL https://www.freebsd.org/
Explanation Starting with FreeBSD 11, we are switching to a model of supporting major versions for at least 5 years.
We plan to release updates to the major versions every two years.
Older versions will be supported until three months after a new minor version is released.
Tag
  • BSD

Add Information URL
No Type Name URL
1 https://www.freebsd.org/security/
2 https://www.freebsd.org/releases/
3 https://www.freebsd.org/security/unsupported.html

List Of Product  [ Click to show release history and vulnerability information ]
No Name Latest Version Release date Initial release Normal Support Security Support
Service Pack Support
Extended
for a fee
Critical High Medium Low
1 FreeBSD 15 15.1 June 16, 2026 June 16, 2026 March 31, 2027 March 31, 2027 0 0 0 0
2 FreeBSD 13 13.2 April 11, 2023 April 13, 2021 April 13, 2021 3 29 6 0
3 FreeBSD 12 12.4 Dec. 5, 2022 Dec. 11, 2018 June 30, 2024 18 39 22 2
4 FreeBSD 11 11.4 June 16, 2020 Oct. 10, 2016 Sept. 30, 2021 21 48 40 2
5 FreeBSD 10 10.4 Jan. 20, 2014 Jan. 20, 2014 Feb. 28, 2015 7 40 46 2
6 FreeBSD 9 9.3 July 16, 2014 Jan. 10, 2012 Dec. 31, 2016 5 38 33 6
7 FreeBSD 8 8.4 June 9, 2013 Nov. 25, 2009 Aug. 1, 2015 5 38 33 6
8 FreeBSD 7 7.4 Feb. 24, 2011 Feb. 27, 2008 Feb. 28, 2013 5 37 31 5
9 FreeBSD 6 6.4 Nov. 28, 2008 Nov. 4, 2005 Nov. 30, 2010 6 43 46 15
10 FreeBSD 5 5.5 May 25, 2006 Nov. 6, 2004 May 31, 2008 7 42 50 18
11 FreeBSD 4 4.0 March 14, 2000 Jan. 31, 2007 8 67 61 23
12 FreeBSD 3 3.0 Oct. 16, 1998 Jan. 1, 1900 6 57 47 16
13 FreeBSD 2 2.0.5 Nov. 22, 1994 Jan. 1, 1900 6 51 41 10
14 FreeBSD 1 1.0 Oct. 1, 1993 Jan. 1, 1900 26 112 90 9
15 FreeBSD 0.4_1 0.4_1 Jan. 1, 1900 6 27 30 4
NVD Vulnerability Information
  • CRITICAL
  • HIGH
  • MEDIUM
  • LOW
No CVSS3
CVSS2
Level
Attach Vector
Title CWE CVE cpe23Uri or higher or less more than less than Update date
Published date
Show Affected Exploit
PoC
Search
1 7.8
-
HIGH
Local
The CONS_HISTORY ioctl handler did not adequately validate the requested history size. A large value caused an integer overflow in the buffer size calculation, resulting in a heap allocation smaller… CWE-190
 Integer Overflow or Wraparound
CVE-2026-49416 cpe:2.3:o:freebsd:freebsd:15.0:p9
cpe:2.3:o:freebsd:freebsd:15.0:p8
cpe:2.3:o:freebsd:freebsd:15.0:p7
cpe:2.3:…
2026-07-1 23:04
2026-06-27
Show GitHub Exploit DB Packet Storm
2 7.8
-
HIGH
Local
The ELF image activator cleared per-process ASLR preference flags for setuid binaries after the code that computes the PIE base address, rather than before. As a result, a user-requested ASLR disabl… CWE-179
 Incorrect Behavior Order: Early Validation
CVE-2026-49414 cpe:2.3:o:freebsd:freebsd:15.0:p9
cpe:2.3:o:freebsd:freebsd:15.0:p8
cpe:2.3:o:freebsd:freebsd:15.0:p7
cpe:2.3:…
2026-07-1 23:04
2026-06-27
Show GitHub Exploit DB Packet Storm
3 7.0
-
HIGH
Local
Second, the audio buffer backing a mapping could be freed when the device was closed even though the mapping remained valid. The freed memory could then be reused elsewhere while still accessible th… CWE-416
 Use After Free
CVE-2026-49417 cpe:2.3:o:freebsd:freebsd:15.0:p9
cpe:2.3:o:freebsd:freebsd:15.0:p8
cpe:2.3:o:freebsd:freebsd:15.0:p7
cpe:2.3:…
2026-07-1 23:04
2026-06-27
Show GitHub Exploit DB Packet Storm
4 7.1
-
HIGH
Local
The Linuxulator determined whether a binary was set-user-ID or set-group-ID by checking the P_SUGID process flag. During execve(2), this flag is not yet set at the point where the auxiliary vector i… CWE-266
 Incorrect Privilege Assignment
CVE-2026-49413 cpe:2.3:o:freebsd:freebsd:15.0:p9
cpe:2.3:o:freebsd:freebsd:15.0:p8
cpe:2.3:o:freebsd:freebsd:15.0:p7
cpe:2.3:…
2026-07-1 23:04
2026-06-27
Show GitHub Exploit DB Packet Storm
5 7.8
-
HIGH
Local
The kernel handler for IPV6_MSFILTER dropped a serializing lock in order to copy the source-filter list from userspace, then reacquired the lock. During this window another thread could free the mul… CWE-416
 Use After Free
CVE-2026-49412 cpe:2.3:o:freebsd:freebsd:15.0:p9
cpe:2.3:o:freebsd:freebsd:15.0:p8
cpe:2.3:o:freebsd:freebsd:15.0:p7
cpe:2.3:…
2026-07-1 23:04
2026-06-27
Show GitHub Exploit DB Packet Storm
6 6.5
-
MEDIUM
Local
sigqueue(2) was marked as permitted in capability mode with the introduction of Capsicum in 2011, but the implementation of kern_sigqueue did not include a capability mode check restricting signal de… CWE-266
 Incorrect Privilege Assignment
CVE-2026-45259 cpe:2.3:o:freebsd:freebsd:15.0:p9
cpe:2.3:o:freebsd:freebsd:15.0:p8
cpe:2.3:o:freebsd:freebsd:15.0:p7
cpe:2.3:…
2026-07-1 23:04
2026-06-27
Show GitHub Exploit DB Packet Storm
7 7.8
-
HIGH
Local
dsp_mmap_single() validated the requested mapping by checking the sum of the user-supplied offset and length against the buffer size. This addition could overflow, so that a large offset and length … CWE-125
CWE-190
CWE-681
CWE-787
Out-of-bounds Read
 Integer Overflow or Wraparound
 Incorrect Conversion between Numeric Types
 Out-of-bounds Write
CVE-2026-45258 cpe:2.3:o:freebsd:freebsd:15.0:p9
cpe:2.3:o:freebsd:freebsd:15.0:p8
cpe:2.3:o:freebsd:freebsd:15.0:p7
cpe:2.3:…
2026-07-1 23:04
2026-06-27
Show GitHub Exploit DB Packet Storm
8 7.8
-
HIGH
Local
The KTLS receive path decrypted each record in place, assuming that the mbufs holding received data were anonymous and safe to modify. This assumption does not hold for data placed on a socket by se… CWE-123
 Write-what-where Condition
CVE-2026-45257 cpe:2.3:o:freebsd:freebsd:15.1:rc2
cpe:2.3:o:freebsd:freebsd:15.0:p9
cpe:2.3:o:freebsd:freebsd:15.0:p8
cpe:2.3…
2026-06-27 14:16
2026-06-27
Show GitHub Exploit DB Packet Storm
9 5.5
-
MEDIUM
Local
When used to deliver a signal to a specific thread, thr_kill2(2) called p_cansignal() to determine whether the operation was permitted but did not check the result before delivering the signal. The … CWE-269
 Improper Privilege Management
CVE-2026-45256 cpe:2.3:o:freebsd:freebsd:15.1:rc2
cpe:2.3:o:freebsd:freebsd:15.0:p9
cpe:2.3:o:freebsd:freebsd:15.0:p8
cpe:2.3…
2026-06-27 03:58
2026-06-27
Show GitHub Exploit DB Packet Storm
10 7.8
-
HIGH
Local
The setcred(2) system call is only available to privileged users. However, before the privilege level of the caller is checked, the user-supplied list of supplementary groups is copied into a fixed-… CWE-121
Stack-based Buffer Overflow
CVE-2026-45250 cpe:2.3:o:freebsd:freebsd:15.0:p8
cpe:2.3:o:freebsd:freebsd:15.0:p7
cpe:2.3:o:freebsd:freebsd:15.0:p6
cpe:2.3:…
2026-05-22 11:16
2026-05-21
Show GitHub Exploit DB Packet Storm