The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

Computer vulnerabilities of FreeBSD

computer vulnerability announce CVE-2019-5603

FreeBSD: privilege escalation via Mqueue Reference Count

Synthesis of the vulnerability

An attacker can bypass restrictions via Mqueue Reference Count of FreeBSD, in order to escalate his privileges.
Impacted products: FreeBSD.
Severity: 2/4.
Consequences: administrator access/rights, privileged access/rights, data reading.
Provenance: user shell.
Creation date: 21/08/2019.
Identifiers: CVE-2019-5603, FreeBSD-SA-19:24.mqueuefs, VIGILANCE-VUL-30097.

Description of the vulnerability

An attacker can bypass restrictions via Mqueue Reference Count of FreeBSD, in order to escalate his privileges.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability alert CVE-2019-5612

FreeBSD: information disclosure via /dev/midistat

Synthesis of the vulnerability

A local attacker can read a memory fragment via /dev/midistat of FreeBSD, in order to obtain sensitive information.
Impacted products: FreeBSD.
Severity: 1/4.
Consequences: data reading.
Provenance: user shell.
Creation date: 21/08/2019.
Identifiers: CVE-2019-5612, FreeBSD-SA-19:23.midi, VIGILANCE-VUL-30096.

Description of the vulnerability

A local attacker can read a memory fragment via /dev/midistat of FreeBSD, in order to obtain sensitive information.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability alert CVE-2019-5609

FreeBSD: memory corruption via bhyve e1000

Synthesis of the vulnerability

An attacker, inside a guest system, can trigger a memory corruption via bhyve e1000 of FreeBSD, in order to trigger a denial of service, and possibly to run code on the host system.
Impacted products: FreeBSD.
Severity: 2/4.
Consequences: administrator access/rights, privileged access/rights, denial of service on server, denial of service on service.
Provenance: user shell.
Creation date: 07/08/2019.
Identifiers: CVE-2019-5609, FreeBSD-SA-19:21.bhyve, VIGILANCE-VUL-29966.

Description of the vulnerability

An attacker, inside a guest system, can trigger a memory corruption via bhyve e1000 of FreeBSD, in order to trigger a denial of service, and possibly to run code on the host system.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability CVE-2019-5610

FreeBSD: out-of-bounds memory reading via bsnmp

Synthesis of the vulnerability

An attacker can force a read at an invalid address via bsnmp of FreeBSD, in order to trigger a denial of service, or to obtain sensitive information.
Impacted products: FreeBSD.
Severity: 2/4.
Consequences: data reading, denial of service on service.
Provenance: intranet client.
Creation date: 07/08/2019.
Identifiers: CVE-2019-5610, FreeBSD-SA-19:20.bsnmp, VIGILANCE-VUL-29965.

Description of the vulnerability

An attacker can force a read at an invalid address via bsnmp of FreeBSD, in order to trigger a denial of service, or to obtain sensitive information.
Full Vigil@nce bulletin... (Free trial)

vulnerability bulletin 29963

FreeBSD: denial of service via epoch

Synthesis of the vulnerability

An attacker can trigger a fatal error via epoch of FreeBSD, in order to trigger a denial of service.
Impacted products: FreeBSD.
Severity: 1/4.
Consequences: denial of service on server, denial of service on service.
Provenance: user shell.
Creation date: 07/08/2019.
Identifiers: FreeBSD-EN-19:14.epoch, VIGILANCE-VUL-29963.

Description of the vulnerability

An attacker can trigger a fatal error via epoch of FreeBSD, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability note CVE-2019-5607

FreeBSD: use after free via UNIX-Domain Socket Rights Transmission

Synthesis of the vulnerability

An attacker can force the usage of a freed memory area via UNIX-Domain Socket Rights Transmission of FreeBSD, in order to trigger a denial of service, and possibly to run code.
Impacted products: FreeBSD.
Severity: 2/4.
Consequences: administrator access/rights, denial of service on server.
Provenance: user shell.
Creation date: 25/07/2019.
Identifiers: CVE-2019-5607, FreeBSD-SA-19:17.fd, VIGILANCE-VUL-29879.

Description of the vulnerability

An attacker can force the usage of a freed memory area via UNIX-Domain Socket Rights Transmission of FreeBSD, in order to trigger a denial of service, and possibly to run code.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability bulletin CVE-2019-5604

FreeBSD: out-of-bounds memory reading via bhyve pci_xhci_device_doorbell

Synthesis of the vulnerability

An attacker can force a read at an invalid address via bhyve pci_xhci_device_doorbell() of FreeBSD, in order to trigger a denial of service, or to obtain sensitive information.
Impacted products: FreeBSD.
Severity: 2/4.
Consequences: data reading, denial of service on server, denial of service on service.
Provenance: user shell.
Creation date: 25/07/2019.
Identifiers: CVE-2019-5604, FreeBSD-SA-19:16.bhyve, VIGILANCE-VUL-29878.

Description of the vulnerability

An attacker can force a read at an invalid address via bhyve pci_xhci_device_doorbell() of FreeBSD, in order to trigger a denial of service, or to obtain sensitive information.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability announce CVE-2019-5603

FreeBSD: read-write access via mqueuefs

Synthesis of the vulnerability

An attacker can bypass access restrictions via mqueuefs of FreeBSD, in order to read or alter data.
Impacted products: FreeBSD.
Severity: 2/4.
Consequences: data reading, data creation/edition, data deletion.
Provenance: user shell.
Creation date: 25/07/2019.
Identifiers: CVE-2019-5603, FreeBSD-SA-19:15.mqueuefs, VIGILANCE-VUL-29877.

Description of the vulnerability

An attacker can bypass access restrictions via mqueuefs of FreeBSD, in order to read or alter data.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability alert CVE-2019-5605

FreeBSD: information disclosure via freebsd32_ioctl

Synthesis of the vulnerability

A local attacker can read a memory fragment via freebsd32_ioctl of FreeBSD, in order to obtain sensitive information.
Impacted products: FreeBSD.
Severity: 1/4.
Consequences: data reading.
Provenance: user shell.
Creation date: 25/07/2019.
Identifiers: CVE-2019-5605, FreeBSD-SA-19:14.freebsd32, VIGILANCE-VUL-29876.

Description of the vulnerability

A local attacker can read a memory fragment via freebsd32_ioctl of FreeBSD, in order to obtain sensitive information.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability CVE-2019-5606

FreeBSD: use after free via posix_openpt

Synthesis of the vulnerability

An attacker can force the usage of a freed memory area via posix_openpt() of FreeBSD, in order to trigger a denial of service, and possibly to run code.
Impacted products: FreeBSD.
Severity: 2/4.
Consequences: administrator access/rights, denial of service on server.
Provenance: user shell.
Creation date: 25/07/2019.
Identifiers: CVE-2019-5606, FreeBSD-SA-19:13.pts, VIGILANCE-VUL-29875.

Description of the vulnerability

An attacker can force the usage of a freed memory area via posix_openpt() of FreeBSD, in order to trigger a denial of service, and possibly to run code.
Full Vigil@nce bulletin... (Free trial)
Our database contains other pages. You can request a free trial to read them.

Display information about FreeBSD: