Page 13 of 391 results (0.014 seconds)

CVSS: 5.9EPSS: 1%CPEs: 91EXPL: 0

CVE-2015-7977 – ntp: restriction list NULL pointer dereference

https://notcve.org/view.php?id=CVE-2015-7977

ntpd in NTP before 4.2.8p6 and 4.3.x before 4.3.90 allows remote attackers to cause a denial of service (NULL pointer dereference) via a ntpdc reslist command. ntpd en NTP en versiones anteriores a 4.2.8p6 y 4.3.x en versiones anteriores a 4.3.90 permite a atacantes remotos provocar una denegación de servicio (referencia a puntero NULL) mediante un comando ntpdc reslist. A NULL pointer dereference flaw was found in the way ntpd processed 'ntpdc reslist' commands that queried restriction lists with a large amount of entries. A remote attacker could potentially use this flaw to crash ntpd. • http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177507.html http://lists.fedoraproject.org/pipermail/package-announce/2016-January/176434.html http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00059.html http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00060.html http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00020.html http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00038.html http://lists.opensuse.org/opensuse-security-announce&# • CWE-476: NULL Pointer Dereference •

CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0

CVE-2016-1883

https://notcve.org/view.php?id=CVE-2016-1883

The issetugid system call in the Linux compatibility layer in FreeBSD 9.3, 10.1, and 10.2 allows local users to gain privilege via unspecified vectors. La llamada de sistema issetugid en la capa de compatibilidad de Linux en FreeBSD 9.3, 10.1 y 10.2 permite a usuarios locales obtener privilegios a través de vectores no especificados. • http://www.securitytracker.com/id/1034872 https://www.freebsd.org/security/advisories/FreeBSD-SA-16:10.linux.asc • CWE-264: Permissions, Privileges, and Access Controls •

CVSS: 6.5EPSS: 0%CPEs: 81EXPL: 0

CVE-2015-7973

https://notcve.org/view.php?id=CVE-2015-7973

NTP before 4.2.8p6 and 4.3.x before 4.3.90, when configured in broadcast mode, allows man-in-the-middle attackers to conduct replay attacks by sniffing the network. NTP en versiones anteriores a 4.2.8p6 y 4.3.x en versiones anteriores a 4.3.90, cuando está configurado en modo de difusión, permite a atacantes man-in-the-middle realizar ataques de repetición rastreando la red. • http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00059.html http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00060.html http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00020.html http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00038.html http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00048.html http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00026.html http://lists.opensuse.org/opensuse-security-announce/2016-08 • CWE-254: 7PK - Security Features •

CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 1

CVE-2015-5677 – FreeBSD bsnmpd Information Disclosure

https://notcve.org/view.php?id=CVE-2015-5677

bsnmpd, as used in FreeBSD 9.3, 10.1, and 10.2, uses world-readable permissions on the snmpd.config file, which allows local users to obtain the secret key for USM authentication by reading the file. bsnmpd, como se utiliza en FreeBSD 9.3, 10.1 y 10.2, utiliza permisos de lectura universal en el archivo snmpd.config, lo que permite a usuarios locales obtener la clave secreta para autenticación USM leyendo el archivo. FreeBSD suffers from a bsnmpd information disclosure vulnerability. • http://www.securitytracker.com/id/1034678 https://pierrekim.github.io/blog/2016-01-15-cve-2015-5677-freebsd-bsnmpd.html https://www.freebsd.org/security/advisories/FreeBSD-SA-16:06.bsnmpd.asc • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 7.8EPSS: 33%CPEs: 3EXPL: 1

CVE-2016-1879 – FreeBSD SCTP ICMPv6 - Error Processing

https://notcve.org/view.php?id=CVE-2016-1879

The Stream Control Transmission Protocol (SCTP) module in FreeBSD 9.3 before p33, 10.1 before p26, and 10.2 before p9, when the kernel is configured for IPv6, allows remote attackers to cause a denial of service (assertion failure or NULL pointer dereference and kernel panic) via a crafted ICMPv6 packet. El módulo Stream Control Transmission Protocol (SCTP) en FreeBSD 9.3 en versiones anteriores a p33, 10.1 en versiones anteriores a p26 y 10.2 en versiones anteriores a p9, cuando el kernel está configurado para IPv6, permite a atacantes remotos causar una denegación de servicio (fallo de aserción o referencia a puntero NULL y kernel panic) a través de un paquete ICMPv6 manipulado. FreeBSD suffers from an SCTP ICMPv6 error processing denial of service vulnerability. • https://www.exploit-db.com/exploits/39305 http://packetstormsecurity.com/files/135369/FreeBSD-SCTP-ICMPv6-Denial-Of-Service.html http://www.securitytracker.com/id/1034673 https://www.freebsd.org/security/advisories/FreeBSD-SA-16:01.sctp.asc •