The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

Computer vulnerabilities of FreeBSD

computer vulnerability announce 28067

FreeBSD: denial of service via ZFS Vnode Deadlock

Synthesis of the vulnerability

Impacted products: FreeBSD.
Severity: 1/4.
Consequences: denial of service on server.
Provenance: user shell.
Confidence: confirmed by the editor (5/5).
Creation date: 20/12/2018.
Identifiers: FreeBSD-EN-18:18.zfs, VIGILANCE-VUL-28067.

Description of the vulnerability

An attacker can generate a fatal error via ZFS Vnode Deadlock of FreeBSD, in order to trigger a denial of service.
Complete Vigil@nce bulletin.... (Free trial)

computer vulnerability alert 28066

FreeBSD: denial of service via Intel Skylake

Synthesis of the vulnerability

Impacted products: FreeBSD.
Severity: 1/4.
Consequences: denial of service on server.
Provenance: user shell.
Confidence: confirmed by the editor (5/5).
Creation date: 20/12/2018.
Identifiers: FreeBSD-EN-18:17.vm, VIGILANCE-VUL-28066.

Description of the vulnerability

An attacker can generate a fatal error via Intel Skylake of FreeBSD, in order to trigger a denial of service.
Complete Vigil@nce bulletin.... (Free trial)

computer vulnerability 28065

FreeBSD: denial of service via ptrace Stopped Process

Synthesis of the vulnerability

Impacted products: FreeBSD.
Severity: 1/4.
Consequences: denial of service on server.
Provenance: user shell.
Confidence: confirmed by the editor (5/5).
Creation date: 20/12/2018.
Identifiers: FreeBSD-EN-18:16.ptrace, VIGILANCE-VUL-28065.

Description of the vulnerability

An attacker can generate a fatal error via ptrace Stopped Process of FreeBSD, in order to trigger a denial of service.
Complete Vigil@nce bulletin.... (Free trial)

vulnerability CVE-2018-6925

FreeBSD: denial of service via IPv6 listen

Synthesis of the vulnerability

Impacted products: FreeBSD, pfSense.
Severity: 1/4.
Consequences: denial of service on server.
Provenance: user shell.
Confidence: confirmed by the editor (5/5).
Creation date: 28/09/2018.
Identifiers: CVE-2018-6925, FreeBSD-EN-18:11.listen, pfSense-SA-18_09.webgui, VIGILANCE-VUL-27360.

Description of the vulnerability

An attacker can generate a fatal error via IPv6 listen() of FreeBSD, in order to trigger a denial of service.
Complete Vigil@nce bulletin.... (Free trial)

computer vulnerability note CVE-2018-17154

FreeBSD: NULL pointer dereference via freebsd4_getfsstat

Synthesis of the vulnerability

Impacted products: FreeBSD, pfSense.
Severity: 1/4.
Consequences: denial of service on server.
Provenance: user shell.
Confidence: confirmed by the editor (5/5).
Creation date: 28/09/2018.
Identifiers: CVE-2018-17154, FreeBSD-EN-18:10.syscall, pfSense-SA-18_09.webgui, VIGILANCE-VUL-27359.

Description of the vulnerability

An attacker can force a NULL pointer to be dereferenced via freebsd4_getfsstat() of FreeBSD, in order to trigger a denial of service.
Complete Vigil@nce bulletin.... (Free trial)

computer vulnerability bulletin CVE-2018-17155

FreeBSD: information disclosure via getcontext/swapcontext

Synthesis of the vulnerability

Impacted products: FreeBSD, pfSense.
Severity: 1/4.
Consequences: data reading.
Provenance: user shell.
Confidence: confirmed by the editor (5/5).
Creation date: 28/09/2018.
Identifiers: CVE-2018-17155, FreeBSD-EN-18:12.mem, pfSense-SA-18_09.webgui, VIGILANCE-VUL-27358.

Description of the vulnerability

A local attacker can read a memory fragment via getcontext/swapcontext of FreeBSD, in order to obtain sensitive information.
Complete Vigil@nce bulletin.... (Free trial)

vulnerability CVE-2018-6924

FreeBSD: out-of-bounds memory reading via ELF Header

Synthesis of the vulnerability

Impacted products: FreeBSD, pfSense.
Severity: 2/4.
Consequences: data reading, denial of service on server.
Provenance: document.
Confidence: confirmed by the editor (5/5).
Creation date: 12/09/2018.
Identifiers: CVE-2018-6924, FreeBSD-SA-18:12.elf, VIGILANCE-VUL-27220.

Description of the vulnerability

An attacker can force a read at an invalid address via ELF Header of FreeBSD, in order to trigger a denial of service, or to obtain sensitive information.
Complete Vigil@nce bulletin.... (Free trial)

computer vulnerability note CVE-2018-3646

Intel processors: information disclosure via Foreshadow L1TF Virtualization

Synthesis of the vulnerability

Impacted products: SNS, Mac OS X, Arkoon FAST360, Cisco ASR, Nexus by Cisco, NX-OS, Cisco UCS, XenServer, Debian, NetWorker, Unisphere EMC, BIG-IP Hardware, TMOS, Fedora, FreeBSD, HP ProLiant, QRadar SIEM, Windows 10, Windows 2008 R0, Windows 2008 R2, Windows 2012, Windows 2016, Windows 7, Windows 8, Windows (platform) ~ not comprehensive, Windows RT, OpenBSD, openSUSE Leap, Solaris, pfSense, RHEL, SIMATIC, SUSE Linux Enterprise Desktop, SLES, Synology DSM, Ubuntu, Unix (platform) ~ not comprehensive, ESXi, vCenter Server, VMware vSphere Hypervisor, VMware Workstation, WindRiver Linux, Xen.
Severity: 2/4.
Consequences: data reading.
Provenance: user shell.
Confidence: confirmed by the editor (5/5).
Creation date: 16/08/2018.
Identifiers: 525211, 528031, ADV180018, CERTFR-2018-AVI-385, CERTFR-2018-AVI-386, CERTFR-2018-AVI-387, CERTFR-2018-AVI-388, CERTFR-2018-AVI-390, CERTFR-2018-AVI-391, CERTFR-2018-AVI-392, CERTFR-2018-AVI-416, CERTFR-2018-AVI-419, CERTFR-2018-AVI-426, CERTFR-2018-AVI-557, CERTFR-2018-AVI-584, cisco-sa-20180814-cpusidechannel, cpujan2019, CTX236548, CVE-2018-3646, DLA-1481-1, DLA-1506-1, DSA-2018-170, DSA-2018-217, DSA-4274-1, DSA-4279-1, DSA-4279-2, FEDORA-2018-1c80fea1cd, FEDORA-2018-f8cba144ae, Foreshadow, FreeBSD-SA-18:09.l1tf, HPESBHF03874, HT209139, HT209193, ibm10742755, INTEL-SA-00161, K31300402, openSUSE-SU-2018:2399-1, openSUSE-SU-2018:2404-1, openSUSE-SU-2018:2407-1, openSUSE-SU-2018:2434-1, openSUSE-SU-2018:2436-1, openSUSE-SU-2018:4304-1, RHSA-2018:2384-01, RHSA-2018:2387-01, RHSA-2018:2388-01, RHSA-2018:2389-01, RHSA-2018:2390-01, RHSA-2018:2391-01, RHSA-2018:2392-01, RHSA-2018:2393-01, RHSA-2018:2394-01, RHSA-2018:2395-01, RHSA-2018:2396-01, RHSA-2018:2602-01, RHSA-2018:2603-01, SSA-254686, STORM-2018-005, SUSE-SU-2018:2328-1, SUSE-SU-2018:2331-1, SUSE-SU-2018:2332-1, SUSE-SU-2018:2335-1, SUSE-SU-2018:2338-1, SUSE-SU-2018:2344-1, SUSE-SU-2018:2362-1, SUSE-SU-2018:2366-1, SUSE-SU-2018:2374-1, SUSE-SU-2018:2380-1, SUSE-SU-2018:2381-1, SUSE-SU-2018:2384-1, SUSE-SU-2018:2394-1, SUSE-SU-2018:2401-1, SUSE-SU-2018:2409-1, SUSE-SU-2018:2410-1, SUSE-SU-2018:2480-1, SUSE-SU-2018:2482-1, SUSE-SU-2018:2483-1, SUSE-SU-2018:2528-1, SUSE-SU-2018:2596-1, SUSE-SU-2018:2637-1, SUSE-SU-2018:3490-1, SUSE-SU-2018:4300-1, Synology-SA-18:45, USN-3740-1, USN-3740-2, USN-3741-1, USN-3741-2, USN-3741-3, USN-3742-1, USN-3742-2, USN-3742-3, USN-3756-1, USN-3823-1, VIGILANCE-VUL-26999, VMSA-2018-0020, VU#982149, XSA-273, XSA-289.

Description of the vulnerability

An attacker can bypass access restrictions to data via L1TF Virtualization on Intel processors, in order to obtain sensitive information.
Complete Vigil@nce bulletin.... (Free trial)

computer vulnerability bulletin CVE-2018-3620

Intel processors: information disclosure via Foreshadow L1TF OS/SMM

Synthesis of the vulnerability

Impacted products: SNS, Arkoon FAST360, Cisco ASR, Nexus by Cisco, NX-OS, Cisco UCS, XenServer, Debian, NetWorker, Unisphere EMC, BIG-IP Hardware, TMOS, Fedora, FreeBSD, HP ProLiant, QRadar SIEM, Junos Space, Linux, Windows 10, Windows 2008 R0, Windows 2008 R2, Windows 2012, Windows 2016, Windows 7, Windows 8, Windows (platform) ~ not comprehensive, Windows RT, OpenBSD, openSUSE Leap, pfSense, RHEL, SIMATIC, Slackware, SUSE Linux Enterprise Desktop, SLES, Synology DSM, Ubuntu, Unix (platform) ~ not comprehensive, vCenter Server, WindRiver Linux, Xen.
Severity: 2/4.
Consequences: data reading.
Provenance: user shell.
Confidence: confirmed by the editor (5/5).
Creation date: 16/08/2018.
Identifiers: 525211, 528031, ADV180018, CERTFR-2018-AVI-385, CERTFR-2018-AVI-386, CERTFR-2018-AVI-387, CERTFR-2018-AVI-388, CERTFR-2018-AVI-390, CERTFR-2018-AVI-391, CERTFR-2018-AVI-392, CERTFR-2018-AVI-416, CERTFR-2018-AVI-419, CERTFR-2018-AVI-426, CERTFR-2018-AVI-557, CERTFR-2018-AVI-584, cisco-sa-20180814-cpusidechannel, CTX236548, CVE-2018-3620, DLA-1481-1, DLA-1506-1, DLA-1529-1, DSA-2018-170, DSA-2018-217, DSA-4274-1, DSA-4279-1, DSA-4279-2, FEDORA-2018-1c80fea1cd, FEDORA-2018-f8cba144ae, Foreshadow, FreeBSD-SA-18:09.l1tf, HPESBHF03874, ibm10742755, INTEL-SA-00161, JSA10917, K95275140, openSUSE-SU-2018:2404-1, openSUSE-SU-2018:2407-1, RHSA-2018:2384-01, RHSA-2018:2387-01, RHSA-2018:2388-01, RHSA-2018:2389-01, RHSA-2018:2390-01, RHSA-2018:2391-01, RHSA-2018:2392-01, RHSA-2018:2393-01, RHSA-2018:2394-01, RHSA-2018:2395-01, RHSA-2018:2396-01, RHSA-2018:2602-01, RHSA-2018:2603-01, SSA:2018-240-01, SSA-254686, STORM-2018-005, SUSE-SU-2018:2328-1, SUSE-SU-2018:2332-1, SUSE-SU-2018:2344-1, SUSE-SU-2018:2362-1, SUSE-SU-2018:2366-1, SUSE-SU-2018:2374-1, SUSE-SU-2018:2380-1, SUSE-SU-2018:2381-1, SUSE-SU-2018:2384-1, SUSE-SU-2018:2596-1, SUSE-SU-2018:2637-1, Synology-SA-18:45, USN-3740-1, USN-3740-2, USN-3741-1, USN-3741-2, USN-3741-3, USN-3742-1, USN-3742-2, USN-3742-3, USN-3823-1, VIGILANCE-VUL-26998, VMSA-2018-0021, VU#982149, XSA-273, XSA-289.

Description of the vulnerability

An attacker can bypass access restrictions to data via L1TF OS/SMM on Intel processors, in order to obtain sensitive information.
Complete Vigil@nce bulletin.... (Free trial)

computer vulnerability note CVE-2018-14526

wpa_supplicant: information disclosure via EAPOL-Key Decryption

Synthesis of the vulnerability

Impacted products: Debian, Fedora, FreeBSD, openSUSE Leap, pfSense, RHEL, SLES, Synology DSM, Synology DS***, Synology RS***, Ubuntu, Unix (platform) ~ not comprehensive, WindRiver Linux.
Severity: 2/4.
Consequences: data reading.
Provenance: radio connection.
Confidence: confirmed by the editor (5/5).
Creation date: 10/08/2018.
Identifiers: CVE-2018-14526, DLA-1462-1, FEDORA-2018-41dfadd21a, FreeBSD-SA-18:11.hostapd, openSUSE-SU-2018:3527-1, openSUSE-SU-2018:3539-1, RHSA-2018:3107-01, SUSE-SU-2018:3480-1, USN-3745-1, VIGILANCE-VUL-26949.

Description of the vulnerability

An attacker can bypass access restrictions to data via EAPOL-Key Decryption of wpa_supplicant, in order to obtain sensitive information.
Complete Vigil@nce bulletin.... (Free trial)
Our database contains other pages. You can request a free trial to read them.

Display information about FreeBSD: