CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2020-10565
https://notcve.org/view.php?id=CVE-2020-10565
14 Mar 2020 — grub2-bhyve, as used in FreeBSD bhyve before revision 525916 2020-02-12, does not validate the address provided as part of a memrw command (read_* or write_*) by a guest through a grub2.cfg file. This allows an untrusted guest to perform arbitrary read or write operations in the context of the grub-bhyve process, resulting in code execution as root on the host OS. grub2-bhyve, como es usado en FreeBSD bhyve anterior a revisión 525916 12-02-2020, no comprueba la dirección proporcionada como parte de un coman... • https://svnweb.freebsd.org/ports?view=revision&revision=525916 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2020-10566
https://notcve.org/view.php?id=CVE-2020-10566
14 Mar 2020 — grub2-bhyve, as used in FreeBSD bhyve before revision 525916 2020-02-12, mishandles font loading by a guest through a grub2.cfg file, leading to a buffer overflow. grub2-bhyve, como es usado en FreeBSD bhyve anterior a revisión 525916 12-02-2020, maneja inapropiadamente una carga de fuentes por parte de un invitado mediante un archivo grub2.cfg, conllevando a un desbordamiento de búfer. • https://svnweb.freebsd.org/ports?view=revision&revision=525916 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 7.8EPSS: 4%CPEs: 25EXPL: 2CVE-2019-5611 – FreeBSD Security Advisory - FreeBSD-SA-19:22.mbuf
https://notcve.org/view.php?id=CVE-2019-5611
21 Aug 2019 — In FreeBSD 12.0-STABLE before r350828, 12.0-RELEASE before 12.0-RELEASE-p10, 11.3-STABLE before r350829, 11.3-RELEASE before 11.3-RELEASE-p3, and 11.2-RELEASE before 11.2-RELEASE-p14, a missing check in the function to arrange data in a chain of mbufs could cause data returned not to be contiguous. Extra checks in the IPv6 stack could catch the error condition and trigger a kernel panic, leading to a remote denial of service. En FreeBSD versión 12.0-STABLE anterior a r350828, versión 12.0-RELEASE anterior a... • http://packetstormsecurity.com/files/154170/FreeBSD-Security-Advisory-FreeBSD-SA-19-22.mbuf.html • CWE-20: Improper Input Validation •
CVSS: 7.8EPSS: 0%CPEs: 25EXPL: 0CVE-2019-5612 – FreeBSD Security Advisory - FreeBSD-SA-19:23.midi
https://notcve.org/view.php?id=CVE-2019-5612
21 Aug 2019 — In FreeBSD 12.0-STABLE before r351264, 12.0-RELEASE before 12.0-RELEASE-p10, 11.3-STABLE before r351265, 11.3-RELEASE before 11.3-RELEASE-p3, and 11.2-RELEASE before 11.2-RELEASE-p14, the kernel driver for /dev/midistat implements a read handler that is not thread-safe. A multi-threaded program can exploit races in the handler to copy out kernel memory outside the boundaries of midistat's data buffer. En FreeBSD versión 12.0-STABLE anterior a r351264, versión 12.0-RELEASE anterior a 12.0-RELEASE-p10, versió... • https://security.FreeBSD.org/advisories/FreeBSD-SA-19:23.midi.asc • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 9.8EPSS: 4%CPEs: 25EXPL: 0CVE-2019-5608 – FreeBSD Security Advisory - FreeBSD-SA-19:19.mldv2
https://notcve.org/view.php?id=CVE-2019-5608
06 Aug 2019 — In FreeBSD 12.0-STABLE before r350648, 12.0-RELEASE before 12.0-RELEASE-p9, 11.3-STABLE before r350650, 11.3-RELEASE before 11.3-RELEASE-p2, and 11.2-RELEASE before 11.2-RELEASE-p13, the ICMPv6 input path incorrectly handles cases where an MLDv2 listener query packet is internally fragmented across multiple mbufs. A remote attacker may be able to cause an out-of-bounds read or write that may cause the kernel to attempt to access an unmapped page and subsequently panic. En FreeBSD versión 12.0-STABLE anterio... • https://security.FreeBSD.org/advisories/FreeBSD-SA-19:19.mldv2.asc • CWE-125: Out-of-bounds Read CWE-787: Out-of-bounds Write •
CVSS: 7.5EPSS: 0%CPEs: 24EXPL: 0CVE-2019-5609 – FreeBSD Security Advisory - FreeBSD-SA-19:21.bhyve
https://notcve.org/view.php?id=CVE-2019-5609
06 Aug 2019 — In FreeBSD 12.0-STABLE before r350619, 12.0-RELEASE before 12.0-RELEASE-p9, 11.3-STABLE before r350619, 11.3-RELEASE before 11.3-RELEASE-p2, and 11.2-RELEASE before 11.2-RELEASE-p13, the bhyve e1000 device emulation used a guest-provided value to determine the size of the on-stack buffer without validation when TCP segmentation offload is requested for a transmitted packet. A misbehaving bhyve guest could overwrite memory in the bhyve process on the host. En FreeBSD versiones 12.0-STABLE anteriores a r35061... • https://security.FreeBSD.org/advisories/FreeBSD-SA-19:21.bhyve.asc • CWE-787: Out-of-bounds Write •
CVSS: 7.5EPSS: 1%CPEs: 25EXPL: 0CVE-2019-5610 – FreeBSD Security Advisory - FreeBSD-SA-19:20.bsnmp
https://notcve.org/view.php?id=CVE-2019-5610
06 Aug 2019 — In FreeBSD 12.0-STABLE before r350637, 12.0-RELEASE before 12.0-RELEASE-p9, 11.3-STABLE before r350638, 11.3-RELEASE before 11.3-RELEASE-p2, and 11.2-RELEASE before 11.2-RELEASE-p13, the bsnmp library is not properly validating the submitted length from a type-length-value encoding. A remote user could cause an out-of-bounds read or trigger a crash of the software such as bsnmpd resulting in a denial of service. En FreeBSD versión 12.0-STABLE anterior a r350637, versión 12.0-RELEASE anterior a 12.0-RELEASE-... • http://packetstormsecurity.com/files/153959/FreeBSD-Security-Advisory-FreeBSD-SA-19-20.bsnmp.html • CWE-125: Out-of-bounds Read •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2019-5606 – FreeBSD Security Advisory - FreeBSD-SA-19:13.pts
https://notcve.org/view.php?id=CVE-2019-5606
25 Jul 2019 — In FreeBSD 12.0-STABLE before r349805, 12.0-RELEASE before 12.0-RELEASE-p8, 11.3-STABLE before r349806, 11.3-RELEASE before 11.3-RELEASE-p1, and 11.2-RELEASE before 11.2-RELEASE-p12, code which handles close of a descriptor created by posix_openpt fails to undo a signal configuration. This causes an incorrect signal to be raised leading to a write after free of kernel memory allowing a malicious user to gain root privileges or escape a jail. En FreeBSD versión 12.0-STABLE anterior a r349805, versión 12.0-RE... • http://packetstormsecurity.com/files/153748/FreeBSD-Security-Advisory-FreeBSD-SA-19-13.pts.html • CWE-416: Use After Free •
CVSS: 7.8EPSS: 0%CPEs: 22EXPL: 1CVE-2019-5603 – FreeBSD Security Advisory - FreeBSD-SA-19:24.mqueuefs
https://notcve.org/view.php?id=CVE-2019-5603
25 Jul 2019 — In FreeBSD 12.0-STABLE before r350261, 12.0-RELEASE before 12.0-RELEASE-p8, 11.3-STABLE before r350263, 11.3-RELEASE before 11.3-RELEASE-p1, and 11.2-RELEASE before 11.2-RELEASE-p12, system calls operating on file descriptors as part of mqueuefs did not properly release the reference allowing a malicious user to overflow the counter allowing access to files, directories, and sockets opened by processes owned by other users. En FreeBSD versión 12.0-STABLE anterior a r350261, versión 12.0-RELEASE anterior a 1... • https://github.com/raymontag/CVE-2019-5603 • CWE-404: Improper Resource Shutdown or Release •
CVSS: 9.6EPSS: 1%CPEs: 22EXPL: 0CVE-2019-5604 – FreeBSD Security Advisory - FreeBSD-SA-19:16.bhyve
https://notcve.org/view.php?id=CVE-2019-5604
25 Jul 2019 — In FreeBSD 12.0-STABLE before r350246, 12.0-RELEASE before 12.0-RELEASE-p8, 11.3-STABLE before r350247, 11.3-RELEASE before 11.3-RELEASE-p1, and 11.2-RELEASE before 11.2-RELEASE-p12, the emulated XHCI device included with the bhyve hypervisor did not properly validate data provided by the guest, allowing an out-of-bounds read. This provides a malicious guest the possibility to crash the system or access system memory. En FreeBSD versión 12.0-STABLE anterior a r350246, versión 12.0-RELEASE anterior a 12.0-RE... • http://packetstormsecurity.com/files/153753/FreeBSD-Security-Advisory-FreeBSD-SA-19-16.bhyve.html • CWE-125: Out-of-bounds Read •