These pages are published after PatchSiren validates generated defensive summaries against stored public CVE and source evidence.
CVE-2026-45255 is a command-injection flaw in FreeBSD's bsdinstall and bsdconfig Wi‑Fi scan flow. When these tools build a menu of nearby networks, a shell script handles network names unsafely, allowing a specially crafted SSID to trigger subshell command execution as root. The attacker must be within Wi‑Fi range, and the flaw is exposed as soon as the scan prompt is shown, even if the malicious network [truncated]
CVE-2026-45254 describes a limit-validation flaw in the cap_net service where an omitted key in a new limit could be interpreted as "allow any" rather than being rejected. In practical terms, a process that had previously been constrained on a subset of network operations could request a new limit that unintentionally expanded its permissions. The issue is described in the NVD record and tied to the FreeB [truncated]
CVE-2026-45253 is a newly published vulnerability reported on 2026-05-21 that affects the ptrace(PT_SC_REMOTE) path. According to the CVE description and the linked FreeBSD advisory, missing validation for syscall(2) and __syscall(2) meta-system calls can let a user who can debug a process trigger arbitrary kernel code execution, creating a path to local privilege escalation. The supplied corpus points to [truncated]
CVE-2026-45252 is a FreeBSD fusefs kernel bug in extended-attribute handling. When the kernel asks a FUSE daemon for a list of xattrs, it expects a packed list of NUL-terminated strings. In this issue, the kernel calls strlen() on daemon-supplied data without first confirming that the full list is properly terminated. A malicious daemon can use that gap to drive an out-of-bounds read and, in some cases, a [truncated]
CVE-2026-45251 describes a kernel use-after-free condition that can occur when a thread is blocked in poll(2) or select(2) waiting on a file descriptor that gets closed. In some file descriptor types, the blocked thread was not removed from the object’s wait queue before the object was freed. If the thread is later woken, it can access freed memory. The issue is reported as triggerable by an unprivileged [truncated]
CVE-2026-39461 describes a stack-corruption issue in FreeBSD’s libcasper(3) helper-process communication path. The flaw stems from using select(2) without verifying that the socket descriptor is below FD_SETSIZE (1024). An attacker who can drive an application to allocate large file descriptors may be able to trigger corruption; if the affected application runs with setuid root privileges, the issue could [truncated]
CVE-2026-7270 is a FreeBSD kernel vulnerability in execve(2) argument handling. The issue is described as an operator precedence bug that can cause a buffer overflow, allowing attacker-controlled data to overwrite adjacent execve argument buffers. According to the CVE description, an unprivileged local user may be able to exploit the flaw to obtain superuser privileges.
CVE-2016-2518 affects NTP before 4.2.8p9 and 4.3.x before 4.3.92. A remote, unauthenticated attacker can send a crafted addpeer request with a large hmode value to reach MATCH_ASSOC and trigger an out-of-bounds reference (CWE-125). NVD rates the issue medium severity (CVSS 5.3), with a network attack vector and availability-only impact.
CVE-2015-7977 is a remote denial-of-service vulnerability in ntpd. According to the official NVD record, a crafted ntpdc reslist command can trigger a NULL pointer dereference and crash the service. The issue affects NTP before 4.2.8p6 and 4.3.x before 4.3.90.
CVE-2015-7973 is a medium-severity NTP issue that matters when ntpd is configured in broadcast mode. A network-positioned attacker who can sniff traffic may replay packets and influence synchronization behavior. NVD published the record on 2017-01-30 and later modified it on 2026-05-13.
CVE-2017-0321 describes a kernel-mode NULL pointer dereference in NVIDIA GPU Display Driver handling of invalid user input. The issue is high severity and can result in denial of service, with potential impact beyond availability because NVD records a changed security scope and high confidentiality, integrity, and availability impact in its CVSS vector. The CVE was published on 2017-02-15. NVD’s affected- [truncated]
CVE-2017-0318 is a medium-severity vulnerability in NVIDIA Linux GPU Display Driver kernel-mode handling. The issue is caused by improper validation of an input parameter and can result in a denial of service on the affected system. The official NVD record maps the vulnerable CPE to NVIDIA GPU driver software and classifies the weakness as CWE-20 (Improper Input Validation).
CVE-2017-0311 is a high-severity access control flaw affecting NVIDIA GPU Display Driver R378 in the kernel mode layer handler. NVD rates the issue as local, low-complexity, and requiring low privileges, with potential impact to confidentiality, integrity, and availability. The reported effect is denial of service or possible escalation of privileges.
CVE-2017-0310 describes an access-control weakness in the kernel mode layer handler of NVIDIA GPU Display Driver versions. According to the NVD record, an unprivileged local user can trigger a denial of service. The issue was published on 2017-02-15 and later modified on 2026-05-13 in the source record.
CVE-2017-0309 is a high-severity NVIDIA GPU Display Driver issue published on 2017-02-15. According to NVD, multiple integer overflows in the kernel mode layer handler may lead to improper memory allocation, which can result in denial of service or potential privilege escalation. The CVSS 3.0 vector (AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H) indicates a local attack that requires limited privileges but can hav [truncated]
CVE-2016-1889 is a high-severity FreeBSD bhyve issue that can let a local attacker escalate privileges on affected hosts. The supplied NVD record ties the flaw to an integer overflow in the bhyve hypervisor when configured with a large amount of guest memory.
CVE-2016-1888 is a high-severity authentication issue in FreeBSD's telnetd service. According to the official NVD record and FreeBSD advisory, a remote attacker could trigger a sequence of memory allocation failures that led telnetd to inject arguments to login and bypass authentication. The affected FreeBSD releases listed by NVD are 9.3, 10.1, 10.2, 10.3, and 11.0.
CVE-2016-1883 describes a local privilege-escalation issue in the issetugid system call within FreeBSD's Linux compatibility layer. The supplied NVD data says the bug affects FreeBSD 9.3, 10.1, and 10.2, and that local users may gain privilege through unspecified vectors. Because the CVSS 3.0 vector is AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H, the practical defensive concern is a low-complexity local escalatio [truncated]
CVE-2016-1881 describes a local vulnerability in the FreeBSD kernel’s Linux compatibility layer. A crafted setgroups system call can crash the system and may also enable privilege escalation. NVD lists affected FreeBSD releases as 9.3, 10.1, and 10.2, and assigns a high-severity CVSS v3.0 score of 7.8.
CVE-2016-1880 is a high-severity FreeBSD kernel issue in the Linux compatibility layer. According to NVD and the linked FreeBSD advisory, the flaw affects FreeBSD 9.3, 10.1, and 10.2 and is tied to handling of Linux futex robust lists. A local attacker with limited privileges could read portions of kernel memory and potentially escalate privileges.
CVE-2015-5677 is a local information disclosure issue in FreeBSD's bsnmpd. In affected FreeBSD 9.3, 10.1, and 10.2 systems, the snmpd.config file was world-readable, which could let a local user read the secret key used for SNMP USM authentication. The NVD entry lists the issue as CVSS 5.5 (Medium) with local access, low privileges, and no user interaction required.