Page 23 of 728 results (0.002 seconds)

CVSS: 7.8EPSS: 0%CPEs: 6EXPL: 0

09 Nov 2022 — Insufficient validation of the IOCTL input buffer in AMD μProf may allow an attacker to send an arbitrary buffer leading to a potential Windows kernel crash resulting in denial of service. Una validación insuficiente del búfer de entrada IOCTL en AMD ?Prof puede permitir que un atacante envíe un búfer arbitrario que provoque una posible falla del kernel de Windows que provoque una denegación de servicio. • https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1046 • CWE-20: Improper Input Validation •

CVSS: 7.8EPSS: 0%CPEs: 6EXPL: 0

09 Nov 2022 — Insufficient validation in the IOCTL input/output buffer in AMD μProf may allow an attacker to bypass bounds checks potentially leading to a Windows kernel crash resulting in denial of service. Una validación insuficiente en el búfer de entrada/salida IOCTL en AMD ?Prof puede permitir a un atacante eludir las comprobaciones de límites, lo que podría provocar un fallo del kernel de Windows que provoque una denegación de servicio. • https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1046 • CWE-20: Improper Input Validation •

CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0

06 Sep 2022 — sys/netinet/tcp_timer.h in FreeBSD before 7.0 contains a denial-of-service (DoS) vulnerability due to improper handling of TSopt on TCP connections. NOTE: This vulnerability only affects products that are no longer supported by the maintainer El archivo sys/netinet/tcp_timer.h en FreeBSD versiones anteriores a 7.0, contiene una vulnerabilidad de denegación de servicio (DoS) debido a un manejo inapropiado de TSopt en conexiones TCP. NOTA: Esta vulnerabilidad sólo afecta a productos que ya no son soportados p... • http://jvn.jp/en/jp/JVN20930118 • CWE-755: Improper Handling of Exceptional Conditions •

CVSS: 7.1EPSS: 0%CPEs: 1EXPL: 0

09 Aug 2022 — A particular case of memory sharing is mishandled in the virtual memory system. This is very similar to SA-21:08.vm, but with a different root cause. An unprivileged local user process can maintain a mapping of a page after it is freed, allowing that process to read private data belonging to other processes or the kernel. Un caso particular de compartir memoria se maneja mal en el sistema de memoria virtual. Esto es muy similar a SA-21:08.vm, pero con una causa raíz diferente. • https://security.freebsd.org/advisories/FreeBSD-SA-22:11.vm.asc • CWE-401: Missing Release of Memory after Effective Lifetime •

CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0

09 Aug 2022 — When dumping core and saving process information, proc_getargv() might return an sbuf which have a sbuf_len() of 0 or -1, which is not properly handled. An out-of-bound read can happen when user constructs a specially crafted ps_string, which in turn can cause the kernel to crash. Al volcar el núcleo y guardar la información del proceso, proc_getargv() puede devolver un sbuf que tiene un sbuf_len() de 0 o -1, que no se maneja adecuadamente. Puede ocurrir una lectura fuera de los límites cuando el usuario co... • https://security.freebsd.org/advisories/FreeBSD-SA-22:09.elf.asc • CWE-125: Out-of-bounds Read •

CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 1

09 Aug 2022 — The aio_aqueue function, used by the lio_listio system call, fails to release a reference to a credential in an error case. An attacker may cause the reference count to overflow, leading to a use after free (UAF). La función aio_aqueue, utilizada por la llamada al sistema lio_listio, no puede liberar una referencia a una credencial en un caso de error. Un atacante puede provocar que el recuento de referencias se desborde, lo que provocará un use after free (UAF). • https://packetstorm.news/files/id/168105 • CWE-416: Use After Free •

CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0

09 Aug 2022 — The implementation of lib9p's handling of RWALK messages was missing a bounds check needed when unpacking the message contents. The missing check means that the receipt of a specially crafted message will cause lib9p to overwrite unrelated memory. The bug can be triggered by a malicious bhyve guest kernel to overwrite memory in the bhyve(8) process. This could potentially lead to user-mode code execution on the host, subject to bhyve's Capsicum sandbox. A la implementación del manejo de mensajes RWALK por p... • https://security.freebsd.org/advisories/FreeBSD-SA-22:12.lib9p.asc • CWE-787: Out-of-bounds Write •

CVSS: 8.2EPSS: 0%CPEs: 1EXPL: 0

06 Apr 2022 — The total size of the user-provided nmreq to nmreq_copyin() was first computed and then trusted during the copyin. This time-of-check to time-of-use bug could lead to kernel memory corruption. On systems configured to include netmap in their devfs_ruleset, a privileged process running in a jail can affect the host environment. El tamaño total del nmreq proporcionado por el usuario a nmreq_copyin() se calculó primero y luego se confió en él durante la copia. Este error de tiempo de verificación a tiempo de u... • https://security.freebsd.org/advisories/FreeBSD-SA-22:04.netmap.asc • CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition •

CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0

06 Apr 2022 — A user-provided integer option was passed to nmreq_copyin() without checking if it would overflow. This insufficient bounds checking could lead to kernel memory corruption. On systems configured to include netmap in their devfs_ruleset, a privileged process running in a jail can affect the host environment. Se pasó una opción de entero proporcionada por el usuario a nmreq_copyin() sin comprobar si se desbordaría. Esta comprobación de los límites insuficiente podría provocar daños en la memoria del kernel. • https://security.freebsd.org/advisories/FreeBSD-SA-22:04.netmap.asc • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •

CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0

06 Apr 2022 — Handlers for *_CFG_PAGE read / write ioctls in the mpr, mps, and mpt drivers allocated a buffer of a caller-specified size, but copied to it a fixed size header. Other heap content would be overwritten if the specified size was too small. Users with access to the mpr, mps or mpt device node may overwrite heap data, potentially resulting in privilege escalation. Note that the device node is only accessible to root and members of the operator group. Los controladores para *_CFG_PAGE lectura/escritura ioctls e... • https://security.freebsd.org/advisories/FreeBSD-SA-22:06.ioctl.asc • CWE-122: Heap-based Buffer Overflow •