CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2016-1881
https://notcve.org/view.php?id=CVE-2016-1881
The kernel in FreeBSD 9.3, 10.1, and 10.2 allows local users to cause a denial of service (crash) or potentially gain privilege via a crafted Linux compatibility layer setgroups system call. El kernel en FreeBSD 9.3, 10.1 y 10.2 permite a usuarios locales provocar una denegación de servicio (caída) o potencialmente obtener privilegios a través de una llamada de sistema setgroups de capa de compatibilidad de Linux. • http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html http://www.securitytracker.com/id/1034676 https://www.freebsd.org/security/advisories/FreeBSD-SA-16:04.linux.asc • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2015-5675
https://notcve.org/view.php?id=CVE-2015-5675
The sys_amd64 IRET Handler in the kernel in FreeBSD 9.3 and 10.1 allows local users to gain privileges or cause a denial of service (kernel panic). El manipulador IRET sys_amd64 en el kernel en FreeBSD 9.3 y 10.1 permite que usuarios locales obtengan privilegios o provoquen una denegación de servicio (pánico del kernel). • http://packetstormsecurity.com/files/133335/FreeBSD-Security-Advisory-IRET-Handler-Privilege-Escalation.html http://www.securityfocus.com/archive/1/536321/100/0/threaded http://www.securityfocus.com/bid/76485 http://www.securitytracker.com/id/1033376 https://www.freebsd.org/security/advisories/FreeBSD-SA-15:21.amd64.asc • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 9.3EPSS: 1%CPEs: 2EXPL: 0CVE-2015-1418
https://notcve.org/view.php?id=CVE-2015-1418
The do_ed_script function in pch.c in GNU patch through 2.7.6, and patch in FreeBSD 10.1 before 10.1-RELEASE-p17, 10.2 before 10.2-BETA2-p3, 10.2-RC1 before 10.2-RC1-p2, and 0.2-RC2 before 10.2-RC2-p1, allows remote attackers to execute arbitrary commands via a crafted patch file, because a '!' character can be passed to the ed program. La función do_ed_script en pch.c en GNU patch hasta la versión 2.7.6; y patch in FreeBSD en versiones 10.1 anteriores a la 10.1-RELEASE-p17, versiones 10.2 anteriores a la 10.2-BETA2-p3, versiones 10.2-RC1 anteriores a la 10.2-RC1-p2 y versiones 0.2-RC2 anteriores a la 10.2-RC2-p1, permite que atacantes remotos ejecuten comandos arbitrarios mediante un archivo patch manipulado. Esto se debe a que se puede pasar un carácter '!' al programa ed. • http://rachelbythebay.com/w/2018/04/05/bangpatch http://www.securityfocus.com/bid/76236 http://www.securitytracker.com/id/1033188 https://bugs.debian.org/894667 https://ftp.openbsd.org/pub/OpenBSD/patches/5.7/common/013_patch.patch.sig https://www.freebsd.org/security/advisories/FreeBSD-SA-15:18.bsdpatch.asc • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.5EPSS: 0%CPEs: 3EXPL: 0CVE-2015-5674
https://notcve.org/view.php?id=CVE-2015-5674
The routed daemon in FreeBSD 9.3 before 9.3-RELEASE-p22, 10.2-RC2 before 10.2-RC2-p1, 10.2-RC1 before 10.2-RC1-p2, 10.2 before 10.2-BETA2-p3, and 10.1 before 10.1-RELEASE-p17 allows remote authenticated users to cause a denial of service (assertion failure and daemon exit) via a query from a network that is not directly connected. Routed daemon en FreeBSD 9.3 anteriores a 9.3-RELEASE-p22, 10.2-RC2 anteriores a 10.2-RC2-p1, 10.2-RC1 anteriores a 10.2-RC1-p2, 10.2 anteriores a 10.2-BETA2-p3 y 10.1 anteriores a 10.1-RELEASE-p17 permite que los usuarios autenticados remotos provocan una denegación de servicio (fallo de aserción y cierre del demonio) mediante una consulta de una red que no está conectada directamente. • http://www.securityfocus.com/bid/76244 http://www.securitytracker.com/id/1033185 https://www.freebsd.org/security/advisories/FreeBSD-SA-15:19.routed.asc • CWE-20: Improper Input Validation •
CVSS: 9.3EPSS: 1%CPEs: 3EXPL: 0CVE-2015-1416
https://notcve.org/view.php?id=CVE-2015-1416
Larry Wall's patch; patch in FreeBSD 10.2-RC1 before 10.2-RC1-p1, 10.2 before 10.2-BETA2-p2, and 10.1 before 10.1-RELEASE-p16; Bitrig; GNU patch before 2.2.5; and possibly other patch variants allow remote attackers to execute arbitrary shell commands via a crafted patch file. El parche Larry Wall, el parche en FreeBSD en versiones 10.2-RC1 anteriores a la 10.2-RC1-p1, 10.2 anteriores a la 10.2-BETA2-p2, 10.1 anteriores a la 10.1-RELEASE-p16; Bitrig, el parche GNU en versiones anteriores a la 2.2.5 y posiblemente otras variantes de parches permiten que los atacantes remotos ejecutan comandos shell mediante un archivo de parche manipulado. • http://www.openwall.com/lists/oss-security/2015/07/30/9 http://www.openwall.com/lists/oss-security/2015/08/01/4 http://www.openwall.com/lists/oss-security/2015/08/02/1 http://www.openwall.com/lists/oss-security/2015/08/02/6 http://www.securityfocus.com/bid/76116 http://www.securitytracker.com/id/1033110 https://www.freebsd.org/security/advisories/FreeBSD-SA-15:14.bsdpatch.asc • CWE-264: Permissions, Privileges, and Access Controls •