CVSS: 7.8EPSS: 0%CPEs: 29EXPL: 0CVE-2021-29631
https://notcve.org/view.php?id=CVE-2021-29631
30 Aug 2021 — In FreeBSD 13.0-STABLE before n246941-20f96f215562, 12.2-STABLE before r370400, 11.4-STABLE before r370399, 13.0-RELEASE before p4, 12.2-RELEASE before p10, and 11.4-RELEASE before p13, certain VirtIO-based device models in bhyve failed to handle errors when fetching I/O descriptors. A malicious guest may cause the device model to operate on uninitialized I/O vectors leading to memory corruption, crashing of the bhyve process, and possibly arbitrary code execution in the bhyve process. En FreeBSD versiones ... • https://security.FreeBSD.org/advisories/FreeBSD-SA-21:13.bhyve.asc • CWE-908: Use of Uninitialized Resource •
CVSS: 7.5EPSS: 0%CPEs: 26EXPL: 0CVE-2021-29629
https://notcve.org/view.php?id=CVE-2021-29629
28 May 2021 — In FreeBSD 13.0-STABLE before n245765-bec0d2c9c841, 12.2-STABLE before r369859, 11.4-STABLE before r369866, 13.0-RELEASE before p1, 12.2-RELEASE before p7, and 11.4-RELEASE before p10, missing message validation in libradius(3) could allow malicious clients or servers to trigger denial of service in vulnerable servers or clients respectively. En FreeBSD versiones 13.0-STABLE anteriores a n245765-bec0d2c9c841, versiones 12.2-STABLE anteriores a r369859, versiones 11.4-STABLE anteriores a r369866, versiones 1... • https://security.FreeBSD.org/advisories/FreeBSD-SA-21:12.libradius.asc • CWE-20: Improper Input Validation •
CVSS: 7.5EPSS: 0%CPEs: 13EXPL: 1CVE-2021-29628
https://notcve.org/view.php?id=CVE-2021-29628
28 May 2021 — In FreeBSD 13.0-STABLE before n245764-876ffe28796c, 12.2-STABLE before r369857, 13.0-RELEASE before p1, and 12.2-RELEASE before p7, a system call triggering a fault could cause SMAP protections to be disabled for the duration of the system call. This weakness could be combined with other kernel bugs to craft an exploit. En FreeBSD versiones 13.0-STABLE anteriores a n245764-876ffe28796c, versiones 12.2-STABLE anteriores a r369857, versiones 13.0-RELEASE anteriores a p1 y versiones 12.2-RELEASE anteriores a p... • https://security.FreeBSD.org/advisories/FreeBSD-SA-21:11.smap.asc • CWE-863: Incorrect Authorization •
CVSS: 5.5EPSS: 0%CPEs: 23EXPL: 0CVE-2021-29626
https://notcve.org/view.php?id=CVE-2021-29626
07 Apr 2021 — In FreeBSD 13.0-STABLE before n245117, 12.2-STABLE before r369551, 11.4-STABLE before r369559, 13.0-RC5 before p1, 12.2-RELEASE before p6, and 11.4-RELEASE before p9, copy-on-write logic failed to invalidate shared memory page mappings between multiple processes allowing an unprivileged process to maintain a mapping after it is freed, allowing the process to read private data belonging to other processes or the kernel. En FreeBSD versiones 13.0-STABLE anteriores a n245117, versiones 12.2-STABLE anteriores a... • https://security.FreeBSD.org/advisories/FreeBSD-SA-21:08.vm.asc • CWE-416: Use After Free •
CVSS: 7.8EPSS: 2%CPEs: 11EXPL: 1CVE-2021-29627
https://notcve.org/view.php?id=CVE-2021-29627
07 Apr 2021 — In FreeBSD 13.0-STABLE before n245050, 12.2-STABLE before r369525, 13.0-RC4 before p0, and 12.2-RELEASE before p6, listening socket accept filters implementing the accf_create callback incorrectly freed a process supplied argument string. Additional operations on the socket can lead to a double free or use after free. En FreeBSD versiones 13.0-STABLE anteriores a n245050, versiones 12.2-STABLE anteriores a r369525, versiones 13.0-RC4 anteriores a p0 y versiones 12.2-RELEASE anteriores a p6, los filtros de a... • https://github.com/raymontag/cve-2021-29627 • CWE-415: Double Free CWE-416: Use After Free •
CVSS: 7.5EPSS: 0%CPEs: 23EXPL: 0CVE-2020-25584
https://notcve.org/view.php?id=CVE-2020-25584
07 Apr 2021 — In FreeBSD 13.0-STABLE before n245118, 12.2-STABLE before r369552, 11.4-STABLE before r369560, 13.0-RC5 before p1, 12.2-RELEASE before p6, and 11.4-RELEASE before p9, a superuser inside a FreeBSD jail configured with the non-default allow.mount permission could cause a race condition between the lookup of ".." and remounting a filesystem, allowing access to filesystem hierarchy outside of the jail. En FreeBSD versiones 13.0-STABLE anteriores a n245118, versiones 12.2-STABLE anteriores a r369552, versiones 1... • https://security.FreeBSD.org/advisories/FreeBSD-SA-21:10.jail_mount.asc • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2020-10565
https://notcve.org/view.php?id=CVE-2020-10565
14 Mar 2020 — grub2-bhyve, as used in FreeBSD bhyve before revision 525916 2020-02-12, does not validate the address provided as part of a memrw command (read_* or write_*) by a guest through a grub2.cfg file. This allows an untrusted guest to perform arbitrary read or write operations in the context of the grub-bhyve process, resulting in code execution as root on the host OS. grub2-bhyve, como es usado en FreeBSD bhyve anterior a revisión 525916 12-02-2020, no comprueba la dirección proporcionada como parte de un coman... • https://svnweb.freebsd.org/ports?view=revision&revision=525916 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2020-10566
https://notcve.org/view.php?id=CVE-2020-10566
14 Mar 2020 — grub2-bhyve, as used in FreeBSD bhyve before revision 525916 2020-02-12, mishandles font loading by a guest through a grub2.cfg file, leading to a buffer overflow. grub2-bhyve, como es usado en FreeBSD bhyve anterior a revisión 525916 12-02-2020, maneja inapropiadamente una carga de fuentes por parte de un invitado mediante un archivo grub2.cfg, conllevando a un desbordamiento de búfer. • https://svnweb.freebsd.org/ports?view=revision&revision=525916 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 7.8EPSS: 79%CPEs: 109EXPL: 0CVE-2013-4854 – ISC BIND rdata Denial Of Service Vulnerability
https://notcve.org/view.php?id=CVE-2013-4854
26 Jul 2013 — The RFC 5011 implementation in rdata.c in ISC BIND 9.7.x and 9.8.x before 9.8.5-P2, 9.8.6b1, 9.9.x before 9.9.3-P2, and 9.9.4b1, and DNSco BIND 9.9.3-S1 before 9.9.3-S1-P1 and 9.9.4-S1b1, allows remote attackers to cause a denial of service (assertion failure and named daemon exit) via a query with a malformed RDATA section that is not properly handled during construction of a log message, as exploited in the wild in July 2013. La implementación RFC en rdata.c en ISC BIND 9.7.x y 9.8.x anterior a 9.8.5-P2, ... • http://archives.neohapsis.com/archives/bugtraq/2013-08/0030.html •