Page 12 of 100 results (0.011 seconds)

CVSS: 8.1EPSS: 0%CPEs: 28EXPL: 0

The implementations of EAP-PWD in wpa_supplicant EAP Peer, when built against a crypto library missing explicit validation on imported elements, do not validate the scalar and element values in EAP-pwd-Commit. An attacker may complete authentication, session key and control of the data connection with a client. Both hostapd with SAE support and wpa_supplicant with SAE support prior to and including version 2.4 are affected. Both hostapd with EAP-pwd support and wpa_supplicant with EAP-pwd support prior to and including version 2.7 are affected. Las implementaciones del componente EAP-PWD en wpa_supplicant EAP Peer, cuando se construyen contra una biblioteca criptográfica que carece de comprobación explícita en elementos importados, no comprueban los valores escalares y de elementos en EAP-pwd-Commit. • http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00021.html https://lists.debian.org/debian-lts-announce/2019/07/msg00030.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/56OBBOJJSKRTDGEXZOVFSTP4HDSDBLAE https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SVMJOFEYBGXZLFF5IOLW67SSOPKFEJP3 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TDOZGR3T7FVO5JSZWK2QPR7AOFIEJTIZ https://seclists.org/bugtraq& • CWE-287: Improper Authentication CWE-346: Origin Validation Error •

CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 3

In FreeBSD 11.2-STABLE after r338618 and before r343786, 12.0-STABLE before r343781, and 12.0-RELEASE before 12.0-RELEASE-p3, a bug in the reference count implementation for UNIX domain sockets can cause a file structure to be incorrectly released potentially allowing a malicious local user to gain root privileges or escape from a jail. En FreeBSD 11.2-STABLE tras r338618 y antes de r343786, 12.0-STABLE antes de r343781 y 12.0-RELEASE antes de 12.0-RELEASE-p3, un error en la implementación del conteo de referencias para los sockets del dominio UNIX pueden provocar que se lance incorrectamente una estructura de datos. Esto podría permitir que un usuario local malicioso obtenga privilegios root o escape de una cárcel. • https://www.exploit-db.com/exploits/47081 https://www.exploit-db.com/exploits/47829 https://github.com/raymontag/CVE-2019-5596 http://packetstormsecurity.com/files/155790/FreeBSD-fd-Privilege-Escalation.html https://security.FreeBSD.org/advisories/FreeBSD-SA-19:02.fd.asc •

CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0

In FreeBSD before 11.2-STABLE(r343782), 11.2-RELEASE-p9, 12.0-STABLE(r343781), and 12.0-RELEASE-p3, kernel callee-save registers are not properly sanitized before return from system calls, potentially allowing some kernel data used in the system call to be exposed. En FreeBSD, en versiones anteriores a la 11.2-STABLE(r343782), 11.2-RELEASE-p9, 12.0-STABLE(r343781) y 12.0-RELEASE-p3, los registros callee-save del kernel no se sanean correctamente antes de volver de las llamadas del sistema, lo que podría permitir que se expongan algunos datos del kernel empleados en la llamada del sistema. • https://exchange.xforce.ibmcloud.com/vulnerabilities/156624 https://security.FreeBSD.org/advisories/FreeBSD-SA-19:01.syscall.asc • CWE-459: Incomplete Cleanup •

CVSS: 5.9EPSS: 0%CPEs: 55EXPL: 3

An issue was discovered in OpenSSH 7.9. Due to the scp implementation being derived from 1983 rcp, the server chooses which files/directories are sent to the client. However, the scp client only performs cursory validation of the object name returned (only directory traversal attacks are prevented). A malicious scp server (or Man-in-The-Middle attacker) can overwrite arbitrary files in the scp client target directory. If recursive operation (-r) is performed, the server can manipulate subdirectories as well (for example, to overwrite the .ssh/authorized_keys file). • https://www.exploit-db.com/exploits/46516 https://www.exploit-db.com/exploits/46193 http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00058.html http://www.openwall.com/lists/oss-security/2019/04/18/1 http://www.openwall.com/lists/oss-security/2022/08/02/1 http://www.securityfocus.com/bid/106741 https://access.redhat.com/errata/RHSA-2019:3702 https://bugzilla.redhat.com/show_bug.cgi?id=1677794 https://cert-portal.siemens.com/productcert/pdf/ssa-412672&# • CWE-20: Improper Input Validation CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •

CVSS: 9.8EPSS: 2%CPEs: 7EXPL: 0

In FreeBSD before 11.2-STABLE(r348229), 11.2-RELEASE-p7, 12.0-STABLE(r342228), and 12.0-RELEASE-p1, insufficient validation of network-provided data in bootpd may make it possible for a malicious attacker to craft a bootp packet which could cause a stack buffer overflow. It is possible that the buffer overflow could lead to a Denial of Service or remote code execution. En FreeBSD en versiones anteriores a la 1.2-STABLE(r348229), 11.2-RELEASE-p7 y 12.0-STABLE(r342228) y en la 12.0-RELEASE-p1, una validación insuficiente de los datos proporcionados por la red en bootpd podría permitir que un atacante malicioso manipule un paquete bootp, lo que podría conducir a un desbordamiento de búfer basado en pila. Es posible que el desbordamiento de búfer provoque una denegación de servicio (DoS) o ejecución remota de código. • http://www.securityfocus.com/bid/106292 https://security.freebsd.org/advisories/FreeBSD-SA-18:15.bootpd.asc • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •