CVSS: 7.5EPSS: 0%CPEs: 20EXPL: 0CVE-2020-7469
https://notcve.org/view.php?id=CVE-2020-7469
04 Jun 2021 — In FreeBSD 12.2-STABLE before r367402, 11.4-STABLE before r368202, 12.2-RELEASE before p1, 12.1-RELEASE before p11 and 11.4-RELEASE before p5 the handler for a routing option caches a pointer into the packet buffer holding the ICMPv6 message. However, when processing subsequent options the packet buffer may be freed, rendering the cached pointer invalid. The network stack may later dereference the pointer, potentially triggering a use-after-free. En FreeBSD versiones 12.2-STABLE anteriores a r367402, versio... • https://security.FreeBSD.org/advisories/FreeBSD-SA-20:31.icmp6.asc • CWE-416: Use After Free •
CVSS: 7.5EPSS: 0%CPEs: 26EXPL: 0CVE-2021-29629
https://notcve.org/view.php?id=CVE-2021-29629
28 May 2021 — In FreeBSD 13.0-STABLE before n245765-bec0d2c9c841, 12.2-STABLE before r369859, 11.4-STABLE before r369866, 13.0-RELEASE before p1, 12.2-RELEASE before p7, and 11.4-RELEASE before p10, missing message validation in libradius(3) could allow malicious clients or servers to trigger denial of service in vulnerable servers or clients respectively. En FreeBSD versiones 13.0-STABLE anteriores a n245765-bec0d2c9c841, versiones 12.2-STABLE anteriores a r369859, versiones 11.4-STABLE anteriores a r369866, versiones 1... • https://security.FreeBSD.org/advisories/FreeBSD-SA-21:12.libradius.asc • CWE-20: Improper Input Validation •
CVSS: 7.5EPSS: 0%CPEs: 13EXPL: 1CVE-2021-29628
https://notcve.org/view.php?id=CVE-2021-29628
28 May 2021 — In FreeBSD 13.0-STABLE before n245764-876ffe28796c, 12.2-STABLE before r369857, 13.0-RELEASE before p1, and 12.2-RELEASE before p7, a system call triggering a fault could cause SMAP protections to be disabled for the duration of the system call. This weakness could be combined with other kernel bugs to craft an exploit. En FreeBSD versiones 13.0-STABLE anteriores a n245764-876ffe28796c, versiones 12.2-STABLE anteriores a r369857, versiones 13.0-RELEASE anteriores a p1 y versiones 12.2-RELEASE anteriores a p... • https://security.FreeBSD.org/advisories/FreeBSD-SA-21:11.smap.asc • CWE-863: Incorrect Authorization •
CVSS: 5.5EPSS: 0%CPEs: 23EXPL: 0CVE-2021-29626
https://notcve.org/view.php?id=CVE-2021-29626
07 Apr 2021 — In FreeBSD 13.0-STABLE before n245117, 12.2-STABLE before r369551, 11.4-STABLE before r369559, 13.0-RC5 before p1, 12.2-RELEASE before p6, and 11.4-RELEASE before p9, copy-on-write logic failed to invalidate shared memory page mappings between multiple processes allowing an unprivileged process to maintain a mapping after it is freed, allowing the process to read private data belonging to other processes or the kernel. En FreeBSD versiones 13.0-STABLE anteriores a n245117, versiones 12.2-STABLE anteriores a... • https://security.FreeBSD.org/advisories/FreeBSD-SA-21:08.vm.asc • CWE-416: Use After Free •
CVSS: 7.8EPSS: 1%CPEs: 11EXPL: 1CVE-2021-29627
https://notcve.org/view.php?id=CVE-2021-29627
07 Apr 2021 — In FreeBSD 13.0-STABLE before n245050, 12.2-STABLE before r369525, 13.0-RC4 before p0, and 12.2-RELEASE before p6, listening socket accept filters implementing the accf_create callback incorrectly freed a process supplied argument string. Additional operations on the socket can lead to a double free or use after free. En FreeBSD versiones 13.0-STABLE anteriores a n245050, versiones 12.2-STABLE anteriores a r369525, versiones 13.0-RC4 anteriores a p0 y versiones 12.2-RELEASE anteriores a p6, los filtros de a... • https://github.com/raymontag/cve-2021-29627 • CWE-415: Double Free CWE-416: Use After Free •
CVSS: 7.5EPSS: 0%CPEs: 23EXPL: 0CVE-2020-25584
https://notcve.org/view.php?id=CVE-2020-25584
07 Apr 2021 — In FreeBSD 13.0-STABLE before n245118, 12.2-STABLE before r369552, 11.4-STABLE before r369560, 13.0-RC5 before p1, 12.2-RELEASE before p6, and 11.4-RELEASE before p9, a superuser inside a FreeBSD jail configured with the non-default allow.mount permission could cause a race condition between the lookup of ".." and remounting a filesystem, allowing access to filesystem hierarchy outside of the jail. En FreeBSD versiones 13.0-STABLE anteriores a n245118, versiones 12.2-STABLE anteriores a r369552, versiones 1... • https://security.FreeBSD.org/advisories/FreeBSD-SA-21:10.jail_mount.asc • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 10.0EPSS: 0%CPEs: 29EXPL: 0CVE-2020-25583
https://notcve.org/view.php?id=CVE-2020-25583
29 Mar 2021 — In FreeBSD 12.2-STABLE before r368250, 11.4-STABLE before r368253, 12.2-RELEASE before p1, 12.1-RELEASE before p11 and 11.4-RELEASE before p5 when processing a DNSSL option, rtsold(8) decodes domain name labels per an encoding specified in RFC 1035 in which the first octet of each label contains the label's length. rtsold(8) did not validate label lengths correctly and could overflow the destination buffer. En FreeBSD versiones 12.2-STABLE anteriores a r368250, versiones 11.4-STABLE anteriores a r368253, ve... • https://security.FreeBSD.org/advisories/FreeBSD-SA-20:32.rtsold.asc • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 10.0EPSS: 0%CPEs: 15EXPL: 0CVE-2020-25577
https://notcve.org/view.php?id=CVE-2020-25577
29 Mar 2021 — In FreeBSD 12.2-STABLE before r368250, 11.4-STABLE before r368253, 12.2-RELEASE before p1, 12.1-RELEASE before p11 and 11.4-RELEASE before p5 rtsold(8) does not verify that the RDNSS option does not extend past the end of the received packet before processing its contents. While the kernel currently ignores such malformed packets, it passes them to userspace programs. Any programs expecting the kernel to do validation may be vulnerable to an overflow. En FreeBSD versiones 12.2-STABLE anteriores a r368250, v... • https://security.FreeBSD.org/advisories/FreeBSD-SA-20:32.rtsold.asc • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 5.3EPSS: 0%CPEs: 29EXPL: 0CVE-2020-7464
https://notcve.org/view.php?id=CVE-2020-7464
26 Mar 2021 — In FreeBSD 12.2-STABLE before r365730, 11.4-STABLE before r365738, 12.1-RELEASE before p10, 11.4-RELEASE before p4, and 11.3-RELEASE before p14, a programming error in the ure(4) device driver caused some Realtek USB Ethernet interfaces to incorrectly report packets with more than 2048 bytes in a single USB transfer as having a length of only 2048 bytes. An adversary can exploit this to cause the driver to misinterpret part of the payload of a large packet as a separate packet, and thereby inject packets ac... • https://security.FreeBSD.org/advisories/FreeBSD-SA-20:27.ure.asc • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') •
CVSS: 7.5EPSS: 48%CPEs: 29EXPL: 2CVE-2020-7461
https://notcve.org/view.php?id=CVE-2020-7461
26 Mar 2021 — In FreeBSD 12.1-STABLE before r365010, 11.4-STABLE before r365011, 12.1-RELEASE before p9, 11.4-RELEASE before p3, and 11.3-RELEASE before p13, dhclient(8) fails to handle certain malformed input related to handling of DHCP option 119 resulting a heap overflow. The heap overflow could in principle be exploited to achieve remote code execution. The affected process runs with reduced privileges in a Capsicum sandbox, limiting the immediate impact of an exploit. En FreeBSD versiones 12.1-STABLE anteriores a r3... • https://github.com/knqyf263/CVE-2020-7461 • CWE-787: Out-of-bounds Write •