The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.
In FreeBSD 12.1-STABLE before r364644, 11.4-STABLE before r364651, 12.1-RELEASE before p9, 11.4-RELEASE before p3, and 11.3-RELEASE before p13, improper handling in the kernel causes a use-after-free bug by sending large user messages from multiple threads on the same SCTP socket. The use-after-free situation may result in unintended kernel behaviour including a kernel panic.
Base Score: 4.9
Impact Score: 6.9
Exploitability Score: 3.9
Base Score: 5.5
Impact Score: 3.6
Exploitability Score: 1.8
|149061||Apple iOS < 14.5 Multiple Vulnerabilities (HT212317)||Nessus||Mobile Devices|
|149041||macOS 11.x < 11.3 (HT212325)||Nessus||MacOS X Local Security Checks|
|149023||Apple iTunes < 12.11.3 Multiple Vulnerabilities (credentialed check)||Nessus||Windows|
|149022||Apple iTunes < 12.11.3 Multiple Vulnerabilities (uncredentialed check)||Nessus||Peer-To-Peer File Sharing|
|701340||Safari < 14.1 Multiple Vulnerabilities||Nessus Network Monitor||Web Clients|
|140237||FreeBSD : FreeBSD -- SCTP socket use-after-free bug (77b877aa-ec18-11ea-88f8-901b0ef719ab)||Nessus||FreeBSD Local Security Checks|