CVE-2020-7453
https://notcve.org/view.php?id=CVE-2020-7453
In FreeBSD 12.1-STABLE before r359021, 12.1-RELEASE before 12.1-RELEASE-p3, 11.3-STABLE before r359020, and 11.3-RELEASE before 11.3-RELEASE-p7, a missing null termination check in the jail_set configuration option "osrelease" may return more bytes with a subsequent jail_get system call allowing a malicious jail superuser with permission to create nested jails to read kernel memory. En FreeBSD versiones 12.1-ESTABLE anteriores a r359021, versiones 12.1-RELEASE anteriores a 12.1-RELEASE-p3, versiones 11.3-ESTABLE anteriores a r359020 y versiones 11.3-RELEASE anteriores a 11.3-RELEASE-p7, una falta de comprobación de terminación null en la opción de configuración "osrelease" de jail_set puede devolver más bytes con una llamada posterior al sistema jail_get que permite a un superusuario de jaula (jail) malicioso con permiso para crear jaulas (jails) anidadas leer la memoria del kernel. • https://security.FreeBSD.org/advisories/FreeBSD-SA-20:08.jail.asc • CWE-754: Improper Check for Unusual or Exceptional Conditions •
CVE-2020-7451
https://notcve.org/view.php?id=CVE-2020-7451
In FreeBSD 12.1-STABLE before r358739, 12.1-RELEASE before 12.1-RELEASE-p3, 11.3-STABLE before r358740, and 11.3-RELEASE before 11.3-RELEASE-p7, a TCP SYN-ACK or challenge TCP-ACK segment over IPv6 that is transmitted or retransmitted does not properly initialize the Traffic Class field disclosing one byte of kernel memory over the network. En FreeBSD versiones 12.1-2.1-STABLE anteriores a r358739, versiones 12.1-RELEASE anteriores a 12.1-RELEASE-p3, versiones 11.3-STABLE anteriores a r358740, y versiones 11.3-RELEASE anteriores a 11.3-RELEASE-p7, un segmento de TCP SYN-ACK o de desafío TCP-ACK sobre IPv6 que es transmitido o retransmitido no inicializa apropiadamente el campo Traffic Class que revela un byte de memoria del kernel por medio de la red. • https://security.FreeBSD.org/advisories/FreeBSD-SA-20:04.tcp.asc • CWE-908: Use of Uninitialized Resource •
CVE-2019-15876
https://notcve.org/view.php?id=CVE-2019-15876
In FreeBSD 12.1-STABLE before r356089, 12.1-RELEASE before 12.1-RELEASE-p3, 11.3-STABLE before r356090, and 11.3-RELEASE before 11.3-RELEASE-p7, driver specific ioctl command handlers in the oce network driver failed to check whether the caller has sufficient privileges allowing unprivileged users to send passthrough commands to the device firmware. En FreeBSD versiones 12.1-STABLE anteriores a r356089, versiones 12.1-RELEASE anteriores a 12.1-RELEASE-p3, versiones 11.3-STABLE anteriores a r356090 y versiones 11.3-RELEASE anteriores a 11.3-RELEASE-p7, los manejadores del comando ioctl específico del controlador en el controlador de red oce presentaron un fallo al comprobar si él que llama tiene suficientes privilegios que permite a los usuarios no privilegiados enviar comandos passthrough al firmware del dispositivo. • https://security.FreeBSD.org/advisories/FreeBSD-SA-20:05.if_oce_ioctl.asc • CWE-862: Missing Authorization •
CVE-2019-15877
https://notcve.org/view.php?id=CVE-2019-15877
In FreeBSD 12.1-STABLE before r356606 and 12.1-RELEASE before 12.1-RELEASE-p3, driver specific ioctl command handlers in the ixl network driver failed to check whether the caller has sufficient privileges allowing unprivileged users to trigger updates to the device's non-volatile memory. En FreeBSD versiones 12.1-STABLE anteriores a r356606 y versiones 12.1-RELEASE anteriores a 12.1-RELEASE-p3, los manejadores del comando ioctl específico del controlador en el controlador de red ixl presentaron un fallo al comprobar si él que llama tiene suficientes privilegios que permite a los usuarios no privilegiados activar actualizaciones en la memoria no volátil del dispositivo . • https://security.FreeBSD.org/advisories/FreeBSD-SA-20:06.if_ixl_ioctl.asc • CWE-862: Missing Authorization •
CVE-2020-1967 – Segmentation fault in SSL_check_chain
https://notcve.org/view.php?id=CVE-2020-1967
Server or client applications that call the SSL_check_chain() function during or after a TLS 1.3 handshake may crash due to a NULL pointer dereference as a result of incorrect handling of the "signature_algorithms_cert" TLS extension. The crash occurs if an invalid or unrecognised signature algorithm is received from the peer. This could be exploited by a malicious peer in a Denial of Service attack. OpenSSL version 1.1.1d, 1.1.1e, and 1.1.1f are affected by this issue. This issue did not affect OpenSSL versions prior to 1.1.1d. • https://github.com/irsl/CVE-2020-1967 http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00004.html http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00011.html http://packetstormsecurity.com/files/157527/OpenSSL-signature_algorithms_cert-Denial-Of-Service.html http://seclists.org/fulldisclosure/2020/May/5 http://www.openwall.com/lists/oss-security/2020/04/22/2 https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=eb563247aef3e83dda7679c43f9649270462e5b1 https:/ • CWE-476: NULL Pointer Dereference •