CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 2CVE-2020-24863
https://notcve.org/view.php?id=CVE-2020-24863
03 Sep 2020 — A memory corruption vulnerability was found in the kernel function kern_getfsstat in MidnightBSD before 1.2.7 and 1.3 through 2020-08-19, and FreeBSD through 11.4, that allows an attacker to trigger an invalid free and crash the system via a crafted size value in conjunction with an invalid mode. Se encontró una vulnerabilidad de corrupción de memoria en la función del kernel kern_getfsstat en MidnightBSD versiones anteriores a 1.2.7 y versiones 1.3 hasta el19-08-2020, y FreeBSD versiones hasta 11.4, que pe... • http://www.midnightbsd.org/security/adv/MIDNIGHTBSD-SA-20:01.txt • CWE-787: Out-of-bounds Write •
CVSS: 7.5EPSS: 60%CPEs: 38EXPL: 2CVE-2020-1967 – Segmentation fault in SSL_check_chain
https://notcve.org/view.php?id=CVE-2020-1967
21 Apr 2020 — Server or client applications that call the SSL_check_chain() function during or after a TLS 1.3 handshake may crash due to a NULL pointer dereference as a result of incorrect handling of the "signature_algorithms_cert" TLS extension. The crash occurs if an invalid or unrecognised signature algorithm is received from the peer. This could be exploited by a malicious peer in a Denial of Service attack. OpenSSL version 1.1.1d, 1.1.1e, and 1.1.1f are affected by this issue. This issue did not affect OpenSSL ver... • https://packetstorm.news/files/id/157527 • CWE-476: NULL Pointer Dereference •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2020-10565
https://notcve.org/view.php?id=CVE-2020-10565
14 Mar 2020 — grub2-bhyve, as used in FreeBSD bhyve before revision 525916 2020-02-12, does not validate the address provided as part of a memrw command (read_* or write_*) by a guest through a grub2.cfg file. This allows an untrusted guest to perform arbitrary read or write operations in the context of the grub-bhyve process, resulting in code execution as root on the host OS. grub2-bhyve, como es usado en FreeBSD bhyve anterior a revisión 525916 12-02-2020, no comprueba la dirección proporcionada como parte de un coman... • https://svnweb.freebsd.org/ports?view=revision&revision=525916 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2020-10566
https://notcve.org/view.php?id=CVE-2020-10566
14 Mar 2020 — grub2-bhyve, as used in FreeBSD bhyve before revision 525916 2020-02-12, mishandles font loading by a guest through a grub2.cfg file, leading to a buffer overflow. grub2-bhyve, como es usado en FreeBSD bhyve anterior a revisión 525916 12-02-2020, maneja inapropiadamente una carga de fuentes por parte de un invitado mediante un archivo grub2.cfg, conllevando a un desbordamiento de búfer. • https://svnweb.freebsd.org/ports?view=revision&revision=525916 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 7.8EPSS: 0%CPEs: 7EXPL: 0CVE-2012-4576
https://notcve.org/view.php?id=CVE-2012-4576
02 Dec 2019 — FreeBSD: Input Validation Flaw allows local users to gain elevated privileges FreeBSD: un Fallo de Comprobación de Entrada permite a usuarios locales alcanzar privilegios elevados. • http://archives.neohapsis.com/archives/bugtraq/2012-11/0089.html • CWE-20: Improper Input Validation •
CVSS: 5.9EPSS: 56%CPEs: 55EXPL: 6CVE-2019-6111 – OpenSSH SCP Client - Write Arbitrary Files
https://notcve.org/view.php?id=CVE-2019-6111
16 Jan 2019 — An issue was discovered in OpenSSH 7.9. Due to the scp implementation being derived from 1983 rcp, the server chooses which files/directories are sent to the client. However, the scp client only performs cursory validation of the object name returned (only directory traversal attacks are prevented). A malicious scp server (or Man-in-The-Middle attacker) can overwrite arbitrary files in the scp client target directory. If recursive operation (-r) is performed, the server can manipulate subdirectories as well... • https://packetstorm.news/files/id/151227 • CWE-20: Improper Input Validation CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 0CVE-2018-17160 – FreeBSD Security Advisory - FreeBSD-SA-18:14.bhyve
https://notcve.org/view.php?id=CVE-2018-17160
04 Dec 2018 — In FreeBSD before 11.2-STABLE(r341486) and 11.2-RELEASE-p6, insufficient bounds checking in one of the device models provided by bhyve can permit a guest operating system to overwrite memory in the bhyve host possibly permitting arbitrary code execution. A guest OS using a firmware image can cause the bhyve process to crash, or possibly execute arbitrary code on the host as root. En FreeBSD, en versiones anteriores a la 11.2-STABLE(r340854) y la 11.2-RELEASE-p5, una comprobación de límites insuficiente en u... • http://www.securityfocus.com/bid/106210 • CWE-787: Out-of-bounds Write •
CVSS: 5.9EPSS: 0%CPEs: 2EXPL: 1CVE-2018-17156
https://notcve.org/view.php?id=CVE-2018-17156
28 Nov 2018 — In FreeBSD before 11.2-STABLE(r340268) and 11.2-RELEASE-p5, due to incorrectly accounting for padding on 64-bit platforms, a buffer underwrite could occur when constructing an ICMP reply packet when using a non-standard value for the net.inet.icmp.quotelen sysctl. En FreeBSD, en versiones anteriores a la 11.2-STABLE(r340268) y 11.2-RELEASE-p5, debido al recuento incorrecto de relleno en plataformas de 64 bits, podría ocurrir una subescritura de búfer al construir un paquete de respuesta ICMP al emplear un v... • http://www.securityfocus.com/bid/106052 • CWE-787: Out-of-bounds Write •
CVSS: 10.0EPSS: 43%CPEs: 2EXPL: 0CVE-2018-17157 – FreeBSD Security Advisory - FreeBSD-SA-18:13.nfs
https://notcve.org/view.php?id=CVE-2018-17157
28 Nov 2018 — In FreeBSD before 11.2-STABLE(r340854) and 11.2-RELEASE-p5, an integer overflow error when handling opcodes can cause memory corruption by sending a specially crafted NFSv4 request. Unprivileged remote users with access to the NFS server may be able to execute arbitrary code. En FreeBSD, en versiones anteriores a la 11.2-STABLE(r340854) y la 11.2-RELEASE-p5, un error de desbordamiento de enteros al manejar opcodes puede provocar una corrupción de memoria mediante el envío de una petición NFSv4 especialmente... • http://www.securityfocus.com/bid/106192 • CWE-190: Integer Overflow or Wraparound •
CVSS: 7.8EPSS: 7%CPEs: 2EXPL: 0CVE-2018-17158 – FreeBSD Security Advisory - FreeBSD-SA-18:13.nfs
https://notcve.org/view.php?id=CVE-2018-17158
28 Nov 2018 — In FreeBSD before 11.2-STABLE(r340854) and 11.2-RELEASE-p5, an integer overflow error can occur when handling the client address length field in an NFSv4 request. Unprivileged remote users with access to the NFS server can crash the system by sending a specially crafted NFSv4 request. En FreeBSD, en versiones anteriores a la 11.2-STABLE(r340854) y la 11.2-RELEASE-p5, puede ocurrir un error de desbordamiento de enteros al manejar el campo de longitud de dirección del cliente en una petición NFSv4. Los usuari... • http://www.securityfocus.com/bid/106192 • CWE-190: Integer Overflow or Wraparound •