Monthly
Remote code execution as root in FreeBSD dhclient allows malicious DHCP servers to inject arbitrary commands via unsanitized BOOTP file field in DHCP responses. When dhclient writes lease data without escaping embedded double-quotes and later re-parses it (e.g., after system restart), injected dhclient.conf directives execute through dhclient-script. EPSS score is notably low (0.02%, 5th percentile) with SSVC indicating no observed exploitation and partial technical impact, suggesting limited real-world targeting despite the high-severity nature of root code execution. No public exploit code identified at time of analysis.
When running in Appliance mode, an authenticated attacker assigned the Administrator or Resource Administrator role may be able to bypass Appliance mode restrictions utilizing system diagnostics. Rated high severity (CVSS 8.3), this vulnerability is low attack complexity. No vendor patch available.
PostgreSQL libpq functions PQescapeLiteral(), PQescapeIdentifier(), PQescapeString(), and PQescapeStringConn() improperly neutralize quoting syntax, enabling SQL injection when function results are used to construct psql input. This vulnerability was used as the initial access vector in the BeyondTrust RS compromise chain.
Remote code execution as root in FreeBSD dhclient allows malicious DHCP servers to inject arbitrary commands via unsanitized BOOTP file field in DHCP responses. When dhclient writes lease data without escaping embedded double-quotes and later re-parses it (e.g., after system restart), injected dhclient.conf directives execute through dhclient-script. EPSS score is notably low (0.02%, 5th percentile) with SSVC indicating no observed exploitation and partial technical impact, suggesting limited real-world targeting despite the high-severity nature of root code execution. No public exploit code identified at time of analysis.
When running in Appliance mode, an authenticated attacker assigned the Administrator or Resource Administrator role may be able to bypass Appliance mode restrictions utilizing system diagnostics. Rated high severity (CVSS 8.3), this vulnerability is low attack complexity. No vendor patch available.
PostgreSQL libpq functions PQescapeLiteral(), PQescapeIdentifier(), PQescapeString(), and PQescapeStringConn() improperly neutralize quoting syntax, enabling SQL injection when function results are used to construct psql input. This vulnerability was used as the initial access vector in the BeyondTrust RS compromise chain.