|
21
|
8.2
-
|
HIGH
Local
|
An insufficient boundary validation in the USB code could lead to an out-of-bounds write on the heap, with data controlled by the caller.
A malicious, privileged software running in a guest VM can e…
|
CWE-787
Out-of-bounds Write
|
CVE-2024-32668
|
cpe:2.3:o:freebsd:freebsd:14.1:p3 cpe:2.3:o:freebsd:freebsd:14.1:p2 cpe:2.3:o:freebsd:freebsd:14.1:p1 cpe:2.3:…
|
13.0
|
|
|
13.3
|
2024-11-21 18:15
2024-09-5
|
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
22
|
7.5
-
|
HIGH
Network
|
A malicious value of size in a structure of packed libnv can cause an integer overflow, leading to the allocation of a smaller buffer than required for the parsed data.
|
CWE-190
Integer Overflow or Wraparound
|
CVE-2024-45287
|
cpe:2.3:o:freebsd:freebsd:14.1:p3 cpe:2.3:o:freebsd:freebsd:14.1:p2 cpe:2.3:o:freebsd:freebsd:14.1:p1 cpe:2.3:…
|
13.0
|
|
|
13.3
|
2024-11-21 18:37
2024-09-5
|
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
23
|
8.1
-
|
HIGH
Network
|
A signal handler in sshd(8) may call a logging function that is not async-signal-safe. The signal handler is invoked when a client does not authenticate within the LoginGraceTime seconds (120 by def…
|
CWE-362
Race Condition
|
CVE-2024-7589
|
cpe:2.3:o:freebsd:freebsd:14.1:p2 cpe:2.3:o:freebsd:freebsd:14.1:p1 cpe:2.3:o:freebsd:freebsd:14.0:rc4-p1 cpe:…
|
13.1
|
|
|
13.0 13.3
|
2024-11-21 18:51
2024-08-12
|
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
24
|
7.5
-
|
HIGH
Network
|
A logic bug in the code which disables kernel tracing for setuid programs meant that tracing was not disabled when it should have, allowing unprivileged users to trace and inspect the behavior of set…
|
NVD-CWE-noinfo
|
CVE-2024-6760
|
cpe:2.3:o:freebsd:freebsd:14.1:p2 cpe:2.3:o:freebsd:freebsd:14.1:p1 cpe:2.3:o:freebsd:freebsd:14.0:rc4-p1 cpe:…
|
13.1
|
|
|
13.0 13.3
|
2024-11-21 18:50
2024-08-12
|
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
25
|
5.3
-
|
MEDIUM
Network
|
When mounting a remote filesystem using NFS, the kernel did not sanitize remotely provided filenames for the path separator character, "/". This allows readdir(3) and related functions to return fil…
|
CWE-22
Path Traversal
|
CVE-2024-6759
|
cpe:2.3:o:freebsd:freebsd:14.1:p2 cpe:2.3:o:freebsd:freebsd:14.1:p1 cpe:2.3:o:freebsd:freebsd:14.0:rc4-p1 cpe:…
|
13.1
|
|
|
13.0 13.3
|
2024-11-21 18:50
2024-08-12
|
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
26
|
8.1
-
|
HIGH
Network
|
A security regression (CVE-2006-5051) was discovered in OpenSSH's server (sshd). There is a race condition which can lead sshd to handle some signals in an unsafe manner. An unauthenticated, remote a…
|
CWE-362
Race Condition
|
CVE-2024-6387
|
cpe:2.3:o:freebsd:freebsd:14.1:p1 cpe:2.3:o:freebsd:freebsd:14.1:- cpe:2.3:o:freebsd:freebsd:14.0:rc4-p1 cpe:2…
|
|
|
|
|
2024-11-21 18:49
2024-07-1
|
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
27
|
5.3
-
|
MEDIUM
Network
|
sendmail through 8.17.2 allows SMTP smuggling in certain configurations. Remote attackers can use a published exploitation technique to inject e-mail messages with a spoofed MAIL FROM address, allowi…
|
CWE-345
Insufficient Verification of Data Authenticity
|
CVE-2023-51765
|
cpe:2.3:o:freebsd:freebsd:*:*
|
|
|
|
11.0
|
2024-11-21 17:38
2023-12-24
|
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
28
|
5.9
-
|
MEDIUM
Network
|
The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass integrity checks such that some packets are omitted (from…
|
CWE-354
Improper Validation of Integrity Check Value
|
CVE-2023-48795
|
cpe:2.3:o:freebsd:freebsd:*:*
|
|
12.4
|
|
|
2024-11-21 17:32
2023-12-19
|
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
29
|
7.5
-
|
HIGH
Network
|
In versions of FreeBSD 14.0-RELEASE before 14-RELEASE-p2, FreeBSD 13.2-RELEASE before 13.2-RELEASE-p7 and FreeBSD 12.4-RELEASE before 12.4-RELEASE-p9, the pf(4) packet filter incorrectly validates TC…
|
NVD-CWE-noinfo
|
CVE-2023-6534
|
cpe:2.3:o:freebsd:freebsd:14.0:rc4-p1 cpe:2.3:o:freebsd:freebsd:14.0:rc3 cpe:2.3:o:freebsd:freebsd:14.0:p1 cpe…
|
|
|
|
|
2024-11-21 17:44
2023-12-13
|
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
30
|
6.5
-
|
MEDIUM
Network
|
When a program running on an affected system appends data to a file via an NFS client mount, the bug can cause the NFS client to fail to copy in the data to be written but proceed as though the copy …
|
NVD-CWE-noinfo
|
CVE-2023-6660
|
cpe:2.3:o:freebsd:freebsd:14.0:rc4-p1 cpe:2.3:o:freebsd:freebsd:14.0:rc3 cpe:2.3:o:freebsd:freebsd:14.0:p2 cpe…
|
|
|
|
|
2024-11-21 17:44
2023-12-13
|
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|