Software Detail
Title
CVE
CRITICAL
HIGH
MEDIUM
LOW
CWE
Number of items displayed
FreeBSD Number Of NVD 488 CRITICAL 29 HIGH 219 MEDIUM 185 LOW 55
URL https://www.freebsd.org/
Explanation Starting with FreeBSD 11, we are switching to a model of supporting major versions for at least 5 years.
We plan to release updates to the major versions every two years.
Older versions will be supported until three months after a new minor version is released.
Tag
  • BSD

Add Information URL
No Type Name URL
1 https://www.freebsd.org/security/
2 https://www.freebsd.org/releases/
3 https://www.freebsd.org/security/unsupported.html

List Of Product  [ Click to show release history and vulnerability information ]
No Name Latest Version Release date Initial release Normal Support Security Support
Service Pack Support
Extended
for a fee
Critical High Medium Low
31 FreeBSD 15 15.1 June 16, 2026 June 16, 2026 March 31, 2027 March 31, 2027 0 0 0 0
32 FreeBSD 13 13.2 April 11, 2023 April 13, 2021 April 13, 2021 3 29 6 0
33 FreeBSD 12 12.4 Dec. 5, 2022 Dec. 11, 2018 June 30, 2024 18 39 22 2
34 FreeBSD 11 11.4 June 16, 2020 Oct. 10, 2016 Sept. 30, 2021 21 48 40 2
35 FreeBSD 10 10.4 Jan. 20, 2014 Jan. 20, 2014 Feb. 28, 2015 7 40 46 2
36 FreeBSD 9 9.3 July 16, 2014 Jan. 10, 2012 Dec. 31, 2016 5 38 33 6
37 FreeBSD 8 8.4 June 9, 2013 Nov. 25, 2009 Aug. 1, 2015 5 38 33 6
38 FreeBSD 7 7.4 Feb. 24, 2011 Feb. 27, 2008 Feb. 28, 2013 5 37 31 5
39 FreeBSD 6 6.4 Nov. 28, 2008 Nov. 4, 2005 Nov. 30, 2010 6 43 46 15
40 FreeBSD 5 5.5 May 25, 2006 Nov. 6, 2004 May 31, 2008 7 42 50 18
41 FreeBSD 4 4.0 March 14, 2000 Jan. 31, 2007 8 67 61 23
42 FreeBSD 3 3.0 Oct. 16, 1998 Jan. 1, 1900 6 57 47 16
43 FreeBSD 2 2.0.5 Nov. 22, 1994 Jan. 1, 1900 6 51 41 10
44 FreeBSD 1 1.0 Oct. 1, 1993 Jan. 1, 1900 26 112 90 9
45 FreeBSD 0.4_1 0.4_1 Jan. 1, 1900 6 27 30 4
NVD Vulnerability Information
  • CRITICAL
  • HIGH
  • MEDIUM
  • LOW
No CVSS3
CVSS2
Level
Attach Vector
Title CWE CVE cpe23Uri or higher or less more than less than Update date
Published date
Show Affected Exploit
PoC
Search
31 9.8
-
CRITICAL
Network
In versions of FreeBSD 12.4-RELEASE prior to 12.4-RELEASE-p7 and FreeBSD 13.2-RELEASE prior to 13.2-RELEASE-p5 the __sflush() stdio function in libc does not correctly update FILE objects' write spac… CWE-787
CWE-131
 Out-of-bounds Write
Incorrect Calculation of Buffer Size
CVE-2023-5941 cpe:2.3:o:freebsd:freebsd:13.2:p4
cpe:2.3:o:freebsd:freebsd:13.2:p3
cpe:2.3:o:freebsd:freebsd:13.2:p2
cpe:2.3:…

13.0


12.4
13.2
2024-11-21 17:42
2023-11-8
Show GitHub Exploit DB Packet Storm
32 7.5
-
HIGH
Network
In versions of FreeBSD 13-RELEASE before 13-RELEASE-p5, under certain circumstances the cap_net libcasper(3) service incorrectly validates that updated constraints are strictly subsets of the active … NVD-CWE-noinfo
CVE-2023-5978 cpe:2.3:o:freebsd:freebsd:13.2:p4
cpe:2.3:o:freebsd:freebsd:13.2:p3
cpe:2.3:o:freebsd:freebsd:13.2:p2
cpe:2.3:…
13.0 13.2 2024-11-21 17:42
2023-11-8
Show GitHub Exploit DB Packet Storm
33 5.5
-
MEDIUM
Local
On CPU 0 the check for the SMCCC workaround is called before SMCCC support has been initialized. This resulted in no speculative execution workarounds being installed on CPU 0. CWE-665
 Improper Initialization
CVE-2023-5370 cpe:2.3:o:freebsd:freebsd:13.2:- 2024-11-21 17:41
2023-10-4
Show GitHub Exploit DB Packet Storm
34 7.1
-
HIGH
Local
Before correction, the copy_file_range system call checked only for the CAP_READ and CAP_WRITE capabilities on the input and output file descriptors, respectively. Using an offset is logically equiv… CWE-273
 Improper Check for Dropped Privileges
CVE-2023-5369 cpe:2.3:o:freebsd:freebsd:13.2:- 2024-11-21 17:41
2023-10-4
Show GitHub Exploit DB Packet Storm
35 6.5
-
MEDIUM
Network
On an msdosfs filesystem, the 'truncate' or 'ftruncate' system calls under certain circumstances populate the additional space in the file with unallocated data from the underlying disk device, rathe… CWE-1188
 Insecure Default Initialization of Resource
CVE-2023-5368 cpe:2.3:o:freebsd:freebsd:13.2:p3
cpe:2.3:o:freebsd:freebsd:13.2:p2
cpe:2.3:o:freebsd:freebsd:13.2:p1
cpe:2.3:…

13.0


12.4
13.2
2024-11-21 17:41
2023-10-4
Show GitHub Exploit DB Packet Storm
36 7.5
-
HIGH
Network
In pf packet processing with a 'scrub fragment reassemble' rule, a packet containing multiple IPv6 fragment headers would be reassembled, and then immediately processed. That is, a packet with multi… NVD-CWE-Other
CVE-2023-4809 cpe:2.3:o:freebsd:freebsd:13.2:p2
cpe:2.3:o:freebsd:freebsd:13.2:p1
cpe:2.3:o:freebsd:freebsd:13.2:-
cpe:2.3:o…

13.0


12.4
13.2
2024-11-21 17:36
2023-09-7
Show GitHub Exploit DB Packet Storm
37 8.8
-
HIGH
Local
The fwctl driver implements a state machine which is executed when a bhyve guest accesses certain x86 I/O ports. The interface lets the guest copy a string into a buffer resident in the bhyve proces… CWE-120
Classic Buffer Overflow
CVE-2023-3494 cpe:2.3:o:freebsd:freebsd:13.2:p1
cpe:2.3:o:freebsd:freebsd:13.2:-
cpe:2.3:o:freebsd:freebsd:13.1:rc1-p1
cpe:2…
2024-11-21 17:17
2023-08-2
Show GitHub Exploit DB Packet Storm
38 7.5
-
HIGH
Network
A set of carefully crafted ipv6 packets can trigger an integer overflow in the calculation of a fragment reassembled packet's payload length field. This allows an attacker to trigger a kernel panic, … CWE-190
 Integer Overflow or Wraparound
CVE-2023-3107 cpe:2.3:o:freebsd:freebsd:13.2:p1
cpe:2.3:o:freebsd:freebsd:13.2:-
cpe:2.3:o:freebsd:freebsd:13.1:rc1-p1
cpe:2…
2024-11-21 17:16
2023-08-2
Show GitHub Exploit DB Packet Storm
39 9.8
-
CRITICAL
Network
pam_krb5 authenticates a user by essentially running kinit with the password, getting a ticket-granting ticket (tgt) from the Kerberos KDC (Key Distribution Center) over the network, as a way to veri… CWE-287
Improper Authentication
CVE-2023-3326 cpe:2.3:o:freebsd:freebsd:13.2:-
cpe:2.3:o:freebsd:freebsd:13.1:rc1-p1
cpe:2.3:o:freebsd:freebsd:13.1:p7
cpe:2…

13.0


12.4
13.1
2024-11-21 17:17
2023-06-23
Show GitHub Exploit DB Packet Storm
40 6.5
-
MEDIUM
Network
When GELI reads a key file from standard input, it does not reuse the key file to initialize multiple providers at once resulting in the second and subsequent devices silently using a NULL key as the… NVD-CWE-noinfo
CVE-2023-0751 cpe:2.3:o:freebsd:freebsd:13.1:rc1-p1
cpe:2.3:o:freebsd:freebsd:13.1:p5
cpe:2.3:o:freebsd:freebsd:13.1:p4
cpe:…
2024-11-21 16:37
2023-02-9
Show GitHub Exploit DB Packet Storm