Page 2 of 17 results (0.005 seconds)

CVSS: 6.5EPSS: 0%CPEs: 18EXPL: 0

When GELI reads a key file from standard input, it does not reuse the key file to initialize multiple providers at once resulting in the second and subsequent devices silently using a NULL key as the user key file. If a user only uses a key file without a user passphrase, the master key is encrypted with an empty key file allowing trivial recovery of the master key. • https://security.FreeBSD.org/advisories/FreeBSD-SA-23:01.geli.asc • CWE-20: Improper Input Validation •

CVSS: 7.5EPSS: 0%CPEs: 30EXPL: 0

In FreeBSD 13.0-STABLE before n247428-9352de39c3dc, 12.2-STABLE before r370674, 13.0-RELEASE before p6, and 12.2-RELEASE before p12, certain conditions involving use of the highlight buffer while text is scrolling on the console, console data may overwrite data structures associated with the system console or other kernel memory. En FreeBSD versión 13.0-STABLE anteriores a n247428-9352de39c3dc, 12.2-STABLE anteriores a r370674, 13.0-RELEASE anteriores a p6 y 12.2-RELEASE anteriores a p12, en determinadas condiciones que implican el uso del búfer de resaltado mientras el texto se desplaza en la consola, los datos de la consola pueden sobrescribir estructuras de datos asociadas con la consola del sistema u otra memoria del kernel • https://security.freebsd.org/advisories/FreeBSD-SA-22:01.vt.asc https://security.netapp.com/advisory/ntap-20220217-0004 •

CVSS: 8.1EPSS: 0%CPEs: 29EXPL: 0

In FreeBSD 13.0-STABLE before n246938-0729ba2f49c9, 12.2-STABLE before r370383, 11.4-STABLE before r370381, 13.0-RELEASE before p4, 12.2-RELEASE before p10, and 11.4-RELEASE before p13, the ggatec daemon does not validate the size of a response before writing it to a fixed-sized buffer allowing a malicious attacker in a privileged network position to overwrite the stack of ggatec and potentially execute arbitrary code. En FreeBSD versiones 13.0-STABLE anteriores a n246938-0729ba2f49c9, 12.2-STABLE anteriores a r370383, 11.4-STABLE anteriores a r370381, 13.0-RELEASE anteriores a p4, 12.2-RELEASE anteriores a p10, y 11. 4-RELEASE anteriores a p13, el demonio ggatec no comprueba el tamaño de una respuesta antes de escribirla en un búfer de tamaño fijo, permitiendo a un atacante malicioso en una posición de red privilegiada sobrescribir la pila de ggatec y ejecutar potencialmente código arbitrario. • https://security.FreeBSD.org/advisories/FreeBSD-SA-21:14.ggatec.asc https://security.netapp.com/advisory/ntap-20210923-0005 • CWE-787: Out-of-bounds Write •

CVSS: 7.8EPSS: 0%CPEs: 29EXPL: 0

In FreeBSD 13.0-STABLE before n246941-20f96f215562, 12.2-STABLE before r370400, 11.4-STABLE before r370399, 13.0-RELEASE before p4, 12.2-RELEASE before p10, and 11.4-RELEASE before p13, certain VirtIO-based device models in bhyve failed to handle errors when fetching I/O descriptors. A malicious guest may cause the device model to operate on uninitialized I/O vectors leading to memory corruption, crashing of the bhyve process, and possibly arbitrary code execution in the bhyve process. En FreeBSD versiones 13.0-STABLE anteriores a n246941-20f96f215562, 12.2-STABLE anteriores a r370400, 11.4-STABLE anteriores a r370399, 13.0-RELEASE anteriores a p4, 12.2-RELEASE anteriores a p10, y 11.4-RELEASE anteriores a p13, determinados modelos de dispositivos basados en VirtIO en bhyve presentaban un fallo al manejar los errores cuando se obtenían descriptores de E/S. Un huésped malicioso puede causar al modelo de dispositivo operar en vectores de E/S no inicializados, conllevando a una corrupción de la memoria, un bloqueo del proceso bhyve y, posiblemente, una ejecución de código arbitrario en el proceso bhyve. • https://security.FreeBSD.org/advisories/FreeBSD-SA-21:13.bhyve.asc https://security.netapp.com/advisory/ntap-20210923-0004 • CWE-908: Use of Uninitialized Resource •

CVSS: 7.5EPSS: 0%CPEs: 26EXPL: 0

In FreeBSD 13.0-STABLE before n245765-bec0d2c9c841, 12.2-STABLE before r369859, 11.4-STABLE before r369866, 13.0-RELEASE before p1, 12.2-RELEASE before p7, and 11.4-RELEASE before p10, missing message validation in libradius(3) could allow malicious clients or servers to trigger denial of service in vulnerable servers or clients respectively. En FreeBSD versiones 13.0-STABLE anteriores a n245765-bec0d2c9c841, versiones 12.2-STABLE anteriores a r369859, versiones 11.4-STABLE anteriores a r369866, versiones 13.0-RELEASE anteriores a p1, versiones 12.2-RELEASE anteriores a p7 y versiones 11.4-RELEASE anteriores a p10, una falta comprobación de mensaje en la función libradius(3) podría permitir a clientes o servidores maliciosos desencadenar una denegación de servicio en servidores o clientes vulnerables, respectivamente • https://security.FreeBSD.org/advisories/FreeBSD-SA-21:12.libradius.asc https://security.netapp.com/advisory/ntap-20210713-0003 • CWE-20: Improper Input Validation •