| The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them. |
|
 |
|
|
Computer vulnerabilities of FreeBSD
FreeBSD: privilege escalation via Mqueue Reference Count
Synthesis of the vulnerability
An attacker can bypass restrictions via Mqueue Reference Count of FreeBSD, in order to escalate his privileges.
Impacted products: FreeBSD.
Severity: 2/4.
Consequences: administrator access/rights, privileged access/rights, data reading.
Provenance: user shell.
Creation date: 21/08/2019.
Identifiers: CVE-2019-5603, FreeBSD-SA-19:24.mqueuefs, VIGILANCE-VUL-30097.
Description of the vulnerability
An attacker can bypass restrictions via Mqueue Reference Count of FreeBSD, in order to escalate his privileges.
Full Vigil@nce bulletin... (Free trial) |
FreeBSD: information disclosure via /dev/midistat
Synthesis of the vulnerability
A local attacker can read a memory fragment via /dev/midistat of FreeBSD, in order to obtain sensitive information.
Impacted products: FreeBSD.
Severity: 1/4.
Consequences: data reading.
Provenance: user shell.
Creation date: 21/08/2019.
Identifiers: CVE-2019-5612, FreeBSD-SA-19:23.midi, VIGILANCE-VUL-30096.
Description of the vulnerability
A local attacker can read a memory fragment via /dev/midistat of FreeBSD, in order to obtain sensitive information.
Full Vigil@nce bulletin... (Free trial) |
FreeBSD: memory corruption via bhyve e1000
Synthesis of the vulnerability
An attacker, inside a guest system, can trigger a memory corruption via bhyve e1000 of FreeBSD, in order to trigger a denial of service, and possibly to run code on the host system.
Impacted products: FreeBSD.
Severity: 2/4.
Consequences: administrator access/rights, privileged access/rights, denial of service on server, denial of service on service.
Provenance: user shell.
Creation date: 07/08/2019.
Identifiers: CVE-2019-5609, FreeBSD-SA-19:21.bhyve, VIGILANCE-VUL-29966.
Description of the vulnerability
An attacker, inside a guest system, can trigger a memory corruption via bhyve e1000 of FreeBSD, in order to trigger a denial of service, and possibly to run code on the host system.
Full Vigil@nce bulletin... (Free trial) |
FreeBSD: out-of-bounds memory reading via bsnmp
Synthesis of the vulnerability
An attacker can force a read at an invalid address via bsnmp of FreeBSD, in order to trigger a denial of service, or to obtain sensitive information.
Impacted products: FreeBSD.
Severity: 2/4.
Consequences: data reading, denial of service on service.
Provenance: intranet client.
Creation date: 07/08/2019.
Identifiers: CVE-2019-5610, FreeBSD-SA-19:20.bsnmp, VIGILANCE-VUL-29965.
Description of the vulnerability
An attacker can force a read at an invalid address via bsnmp of FreeBSD, in order to trigger a denial of service, or to obtain sensitive information.
Full Vigil@nce bulletin... (Free trial) |
FreeBSD: denial of service via epoch
Synthesis of the vulnerability
An attacker can trigger a fatal error via epoch of FreeBSD, in order to trigger a denial of service.
Impacted products: FreeBSD.
Severity: 1/4.
Consequences: denial of service on server, denial of service on service.
Provenance: user shell.
Creation date: 07/08/2019.
Identifiers: FreeBSD-EN-19:14.epoch, VIGILANCE-VUL-29963.
Description of the vulnerability
An attacker can trigger a fatal error via epoch of FreeBSD, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial) |
FreeBSD: use after free via UNIX-Domain Socket Rights Transmission
Synthesis of the vulnerability
An attacker can force the usage of a freed memory area via UNIX-Domain Socket Rights Transmission of FreeBSD, in order to trigger a denial of service, and possibly to run code.
Impacted products: FreeBSD.
Severity: 2/4.
Consequences: administrator access/rights, denial of service on server.
Provenance: user shell.
Creation date: 25/07/2019.
Identifiers: CVE-2019-5607, FreeBSD-SA-19:17.fd, VIGILANCE-VUL-29879.
Description of the vulnerability
An attacker can force the usage of a freed memory area via UNIX-Domain Socket Rights Transmission of FreeBSD, in order to trigger a denial of service, and possibly to run code.
Full Vigil@nce bulletin... (Free trial) |
FreeBSD: out-of-bounds memory reading via bhyve pci_xhci_device_doorbell
Synthesis of the vulnerability
An attacker can force a read at an invalid address via bhyve pci_xhci_device_doorbell() of FreeBSD, in order to trigger a denial of service, or to obtain sensitive information.
Impacted products: FreeBSD.
Severity: 2/4.
Consequences: data reading, denial of service on server, denial of service on service.
Provenance: user shell.
Creation date: 25/07/2019.
Identifiers: CVE-2019-5604, FreeBSD-SA-19:16.bhyve, VIGILANCE-VUL-29878.
Description of the vulnerability
An attacker can force a read at an invalid address via bhyve pci_xhci_device_doorbell() of FreeBSD, in order to trigger a denial of service, or to obtain sensitive information.
Full Vigil@nce bulletin... (Free trial) |
FreeBSD: read-write access via mqueuefs
Synthesis of the vulnerability
An attacker can bypass access restrictions via mqueuefs of FreeBSD, in order to read or alter data.
Impacted products: FreeBSD.
Severity: 2/4.
Consequences: data reading, data creation/edition, data deletion.
Provenance: user shell.
Creation date: 25/07/2019.
Identifiers: CVE-2019-5603, FreeBSD-SA-19:15.mqueuefs, VIGILANCE-VUL-29877.
Description of the vulnerability
An attacker can bypass access restrictions via mqueuefs of FreeBSD, in order to read or alter data.
Full Vigil@nce bulletin... (Free trial) |
FreeBSD: information disclosure via freebsd32_ioctl
Synthesis of the vulnerability
A local attacker can read a memory fragment via freebsd32_ioctl of FreeBSD, in order to obtain sensitive information.
Impacted products: FreeBSD.
Severity: 1/4.
Consequences: data reading.
Provenance: user shell.
Creation date: 25/07/2019.
Identifiers: CVE-2019-5605, FreeBSD-SA-19:14.freebsd32, VIGILANCE-VUL-29876.
Description of the vulnerability
A local attacker can read a memory fragment via freebsd32_ioctl of FreeBSD, in order to obtain sensitive information.
Full Vigil@nce bulletin... (Free trial) |
FreeBSD: use after free via posix_openpt
Synthesis of the vulnerability
An attacker can force the usage of a freed memory area via posix_openpt() of FreeBSD, in order to trigger a denial of service, and possibly to run code.
Impacted products: FreeBSD.
Severity: 2/4.
Consequences: administrator access/rights, denial of service on server.
Provenance: user shell.
Creation date: 25/07/2019.
Identifiers: CVE-2019-5606, FreeBSD-SA-19:13.pts, VIGILANCE-VUL-29875.
Description of the vulnerability
An attacker can force the usage of a freed memory area via posix_openpt() of FreeBSD, in order to trigger a denial of service, and possibly to run code.
Full Vigil@nce bulletin... (Free trial) |
Our database contains other pages. You can request a free trial to read them.
Display information about FreeBSD:
|