CVSS: 7.5EPSS: 0%CPEs: 23EXPL: 0CVE-2020-25584 – FreeBSD Security Advisory - FreeBSD-SA-21:10.jail_mount
https://notcve.org/view.php?id=CVE-2020-25584
06 Apr 2021 — In FreeBSD 13.0-STABLE before n245118, 12.2-STABLE before r369552, 11.4-STABLE before r369560, 13.0-RC5 before p1, 12.2-RELEASE before p6, and 11.4-RELEASE before p9, a superuser inside a FreeBSD jail configured with the non-default allow.mount permission could cause a race condition between the lookup of ".." and remounting a filesystem, allowing access to filesystem hierarchy outside of the jail. En FreeBSD versiones 13.0-STABLE anteriores a n245118, versiones 12.2-STABLE anteriores a r369552, versiones 1... • https://security.FreeBSD.org/advisories/FreeBSD-SA-21:10.jail_mount.asc • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 7.8EPSS: 1%CPEs: 11EXPL: 1CVE-2021-29627 – FreeBSD Security Advisory - FreeBSD-SA-21:09.accept_filter
https://notcve.org/view.php?id=CVE-2021-29627
06 Apr 2021 — In FreeBSD 13.0-STABLE before n245050, 12.2-STABLE before r369525, 13.0-RC4 before p0, and 12.2-RELEASE before p6, listening socket accept filters implementing the accf_create callback incorrectly freed a process supplied argument string. Additional operations on the socket can lead to a double free or use after free. En FreeBSD versiones 13.0-STABLE anteriores a n245050, versiones 12.2-STABLE anteriores a r369525, versiones 13.0-RC4 anteriores a p0 y versiones 12.2-RELEASE anteriores a p6, los filtros de a... • https://github.com/raymontag/cve-2021-29627 • CWE-415: Double Free CWE-416: Use After Free •
CVSS: 5.5EPSS: 0%CPEs: 23EXPL: 0CVE-2021-29626 – FreeBSD Security Advisory - FreeBSD-SA-21:08.vm
https://notcve.org/view.php?id=CVE-2021-29626
06 Apr 2021 — In FreeBSD 13.0-STABLE before n245117, 12.2-STABLE before r369551, 11.4-STABLE before r369559, 13.0-RC5 before p1, 12.2-RELEASE before p6, and 11.4-RELEASE before p9, copy-on-write logic failed to invalidate shared memory page mappings between multiple processes allowing an unprivileged process to maintain a mapping after it is freed, allowing the process to read private data belonging to other processes or the kernel. En FreeBSD versiones 13.0-STABLE anteriores a n245117, versiones 12.2-STABLE anteriores a... • https://security.FreeBSD.org/advisories/FreeBSD-SA-21:08.vm.asc • CWE-416: Use After Free •
CVSS: 5.3EPSS: 0%CPEs: 29EXPL: 0CVE-2020-7464
https://notcve.org/view.php?id=CVE-2020-7464
26 Mar 2021 — In FreeBSD 12.2-STABLE before r365730, 11.4-STABLE before r365738, 12.1-RELEASE before p10, 11.4-RELEASE before p4, and 11.3-RELEASE before p14, a programming error in the ure(4) device driver caused some Realtek USB Ethernet interfaces to incorrectly report packets with more than 2048 bytes in a single USB transfer as having a length of only 2048 bytes. An adversary can exploit this to cause the driver to misinterpret part of the payload of a large packet as a separate packet, and thereby inject packets ac... • https://security.FreeBSD.org/advisories/FreeBSD-SA-20:27.ure.asc • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') •
CVSS: 5.5EPSS: 0%CPEs: 34EXPL: 0CVE-2020-7463 – Apple Security Advisory 2021-04-26-2
https://notcve.org/view.php?id=CVE-2020-7463
26 Mar 2021 — In FreeBSD 12.1-STABLE before r364644, 11.4-STABLE before r364651, 12.1-RELEASE before p9, 11.4-RELEASE before p3, and 11.3-RELEASE before p13, improper handling in the kernel causes a use-after-free bug by sending large user messages from multiple threads on the same SCTP socket. The use-after-free situation may result in unintended kernel behaviour including a kernel panic. En FreeBSD versiones 12.1-STABLE anteriores a r364644, 11.4-STABLE anteriores a r364651, 12.1-RELEASE anteriores a p9, 11.4-RELEASE a... • http://seclists.org/fulldisclosure/2021/Apr/49 • CWE-416: Use After Free •
CVSS: 7.6EPSS: 0%CPEs: 29EXPL: 0CVE-2020-7467
https://notcve.org/view.php?id=CVE-2020-7467
26 Mar 2021 — In FreeBSD 12.2-STABLE before r365767, 11.4-STABLE before r365769, 12.1-RELEASE before p10, 11.4-RELEASE before p4 and 11.3-RELEASE before p14 a number of AMD virtualization instructions operate on host physical addresses, are not subject to nested page table translation, and guest use of these instructions was not trapped. En FreeBSD versiones 12.2-STABLE anteriores a r365767, 11.4-STABLE anteriores a r365769, 12.1-RELEASE anteriores a p10, 11.4-RELEASE anteriores a p4 y 11.3-RELEASE anteriores a p14, vari... • https://security.FreeBSD.org/advisories/FreeBSD-SA-20:29.bhyve_svm.asc • CWE-269: Improper Privilege Management •
CVSS: 7.4EPSS: 0%CPEs: 56EXPL: 0CVE-2021-3450 – CA certificate check bypass with X509_V_FLAG_X509_STRICT
https://notcve.org/view.php?id=CVE-2021-3450
25 Mar 2021 — The X509_V_FLAG_X509_STRICT flag enables additional security checks of the certificates present in a certificate chain. It is not set by default. Starting from OpenSSL version 1.1.1h a check to disallow certificates in the chain that have explicitly encoded elliptic curve parameters was added as an additional strict check. An error in the implementation of this check meant that the result of a previous check to confirm that certificates in the chain are valid CA certificates was overwritten. This effectivel... • http://www.openwall.com/lists/oss-security/2021/03/27/1 • CWE-295: Improper Certificate Validation •
CVSS: 5.9EPSS: 15%CPEs: 205EXPL: 1CVE-2021-3449 – NULL pointer deref in signature_algorithms processing
https://notcve.org/view.php?id=CVE-2021-3449
25 Mar 2021 — An OpenSSL TLS server may crash if sent a maliciously crafted renegotiation ClientHello message from a client. If a TLSv1.2 renegotiation ClientHello omits the signature_algorithms extension (where it was present in the initial ClientHello), but includes a signature_algorithms_cert extension then a NULL pointer dereference will result, leading to a crash and a denial of service attack. A server is only vulnerable if it has TLSv1.2 and renegotiation enabled (which is the default configuration). OpenSSL TLS c... • https://github.com/riptl/cve-2021-3449 • CWE-476: NULL Pointer Dereference •
CVSS: 5.3EPSS: 0%CPEs: 12EXPL: 0CVE-2020-25580 – FreeBSD Security Advisory - FreeBSD-SA-21:03.pam_login_access
https://notcve.org/view.php?id=CVE-2020-25580
24 Feb 2021 — In FreeBSD 12.2-STABLE before r369346, 11.4-STABLE before r369345, 12.2-RELEASE before p4 and 11.4-RELEASE before p8 a regression in the login.access(5) rule processor has the effect of causing rules to fail to match even when they should not. This means that rules denying access may be ignored. En FreeBSD versiones 12.2-STABLE anteriores a r369346, 11.4-STABLE anteriores a r369345, 12.2-RELEASE anteriores a p4 y 11.4-RELEASE anteriores a p8, una regresión en el procesador de reglas login.access(5) tiene el... • https://security.FreeBSD.org/advisories/FreeBSD-SA-21:03.pam_login_access.asc • CWE-697: Incorrect Comparison •
CVSS: 8.5EPSS: 0%CPEs: 12EXPL: 0CVE-2020-25581 – FreeBSD Security Advisory - FreeBSD-SA-21:04.jail_remove
https://notcve.org/view.php?id=CVE-2020-25581
24 Feb 2021 — In FreeBSD 12.2-STABLE before r369312, 11.4-STABLE before r369313, 12.2-RELEASE before p4 and 11.4-RELEASE before p8 due to a race condition in the jail_remove(2) implementation, it may fail to kill some of the processes. En FreeBSD versiones 12.2-STABLE anteriores a r369312, 11.4-STABLE anteriores a r369313, 12.2-RELEASE anteriores a p4 y 11.4-RELEASE anteriores a p8, debido a una condición de carrera en la implementación de jail_remove(2), puede cometer un fallo al eliminar algunos de los procesos. Due to... • https://security.FreeBSD.org/advisories/FreeBSD-SA-21:04.jail_remove.asc • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •