CVSS: 8.7EPSS: 0%CPEs: 12EXPL: 0CVE-2020-25582 – FreeBSD Security Advisory - FreeBSD-SA-21:05.jail_chdir
https://notcve.org/view.php?id=CVE-2020-25582
24 Feb 2021 — In FreeBSD 12.2-STABLE before r369334, 11.4-STABLE before r369335, 12.2-RELEASE before p4 and 11.4-RELEASE before p8 when a process, such as jexec(8) or killall(1), calls jail_attach(2) to enter a jail, the jailed root can attach to it using ptrace(2) before the current working directory is changed. En FreeBSD versiones 12.2-STABLE anteriores a r369334, 11.4-STABLE anteriores a r369335, 12.2-RELEASE anteriores a p4 y 11.4-RELEASE anteriores a p8, cuando un proceso, como jexec(8) o killall(1), llama a jail_a... • https://security.FreeBSD.org/advisories/FreeBSD-SA-21:05.jail_chdir.asc • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 8.5EPSS: 0%CPEs: 12EXPL: 0CVE-2020-25581 – FreeBSD Security Advisory - FreeBSD-SA-21:04.jail_remove
https://notcve.org/view.php?id=CVE-2020-25581
24 Feb 2021 — In FreeBSD 12.2-STABLE before r369312, 11.4-STABLE before r369313, 12.2-RELEASE before p4 and 11.4-RELEASE before p8 due to a race condition in the jail_remove(2) implementation, it may fail to kill some of the processes. En FreeBSD versiones 12.2-STABLE anteriores a r369312, 11.4-STABLE anteriores a r369313, 12.2-RELEASE anteriores a p4 y 11.4-RELEASE anteriores a p8, debido a una condición de carrera en la implementación de jail_remove(2), puede cometer un fallo al eliminar algunos de los procesos. Due to... • https://security.FreeBSD.org/advisories/FreeBSD-SA-21:04.jail_remove.asc • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 5.3EPSS: 0%CPEs: 12EXPL: 0CVE-2020-25580 – FreeBSD Security Advisory - FreeBSD-SA-21:03.pam_login_access
https://notcve.org/view.php?id=CVE-2020-25580
24 Feb 2021 — In FreeBSD 12.2-STABLE before r369346, 11.4-STABLE before r369345, 12.2-RELEASE before p4 and 11.4-RELEASE before p8 a regression in the login.access(5) rule processor has the effect of causing rules to fail to match even when they should not. This means that rules denying access may be ignored. En FreeBSD versiones 12.2-STABLE anteriores a r369346, 11.4-STABLE anteriores a r369345, 12.2-RELEASE anteriores a p4 y 11.4-RELEASE anteriores a p8, una regresión en el procesador de reglas login.access(5) tiene el... • https://security.FreeBSD.org/advisories/FreeBSD-SA-21:03.pam_login_access.asc • CWE-697: Incorrect Comparison •
CVSS: 5.3EPSS: 0%CPEs: 23EXPL: 0CVE-2020-25579 – FreeBSD Security Advisory - FreeBSD-SA-21:01.fsdisclosure
https://notcve.org/view.php?id=CVE-2020-25579
29 Jan 2021 — In FreeBSD 12.2-STABLE before r368969, 11.4-STABLE before r369047, 12.2-RELEASE before p3, 12.1-RELEASE before p13 and 11.4-RELEASE before p7 msdosfs(5) was failing to zero-fill a pair of padding fields in the dirent structure, resulting in a leak of three uninitialized bytes. En FreeBSD versiones 12.2-STABLE anteriores a r368969, 11.4-STABLE anteriores a r369047, 12.2-RELEASE anteriores a p3, 12.1-RELEASE anteriores a p13 y 11.4-RELEASE anteriores a p7, msdosfs(5) no lograba llenar con cero un par de campo... • https://security.FreeBSD.org/advisories/FreeBSD-SA-21:01.fsdisclosure.asc • CWE-909: Missing Initialization of Resource •
CVSS: 5.3EPSS: 6%CPEs: 23EXPL: 1CVE-2020-25578 – FreeBSD Security Advisory - FreeBSD-SA-21:01.fsdisclosure
https://notcve.org/view.php?id=CVE-2020-25578
29 Jan 2021 — In FreeBSD 12.2-STABLE before r368969, 11.4-STABLE before r369047, 12.2-RELEASE before p3, 12.1-RELEASE before p13 and 11.4-RELEASE before p7 several file systems were not properly initializing the d_off field of the dirent structures returned by VOP_READDIR. In particular, tmpfs(5), smbfs(5), autofs(5) and mqueuefs(5) were failing to do so. As a result, eight uninitialized kernel stack bytes may be leaked to userspace by these file systems. En FreeBSD versiones 12.2-STABLE anteriores a r368969, 11.4-STABLE... • https://github.com/farazsth98/freebsd-dirent-info-leak-bugs • CWE-665: Improper Initialization •
CVSS: 9.0EPSS: 0%CPEs: 29EXPL: 0CVE-2020-7468 – FreeBSD FTPD Improper Handling of Exceptional Conditions Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2020-7468
15 Dec 2020 — In FreeBSD 12.2-STABLE before r365772, 11.4-STABLE before r365773, 12.1-RELEASE before p10, 11.4-RELEASE before p4 and 11.3-RELEASE before p14 a ftpd(8) bug in the implementation of the file system sandbox, combined with capabilities available to an authenticated FTP user, can be used to escape the file system restriction configured in ftpchroot(5). Moreover, the bug allows a malicious client to gain root privileges. En FreeBSD versiones 12.2-STABLE anteriores a r365772, 11.4-STABLE anteriores a r365773, 12... • https://security.FreeBSD.org/advisories/FreeBSD-SA-20:30.ftpd.asc •
CVSS: 7.5EPSS: 0%CPEs: 20EXPL: 0CVE-2020-7469 – FreeBSD Security Advisory - FreeBSD-SA-20:31.icmp6
https://notcve.org/view.php?id=CVE-2020-7469
01 Dec 2020 — In FreeBSD 12.2-STABLE before r367402, 11.4-STABLE before r368202, 12.2-RELEASE before p1, 12.1-RELEASE before p11 and 11.4-RELEASE before p5 the handler for a routing option caches a pointer into the packet buffer holding the ICMPv6 message. However, when processing subsequent options the packet buffer may be freed, rendering the cached pointer invalid. The network stack may later dereference the pointer, potentially triggering a use-after-free. En FreeBSD versiones 12.2-STABLE anteriores a r367402, versio... • https://security.FreeBSD.org/advisories/FreeBSD-SA-20:31.icmp6.asc • CWE-416: Use After Free •
CVSS: 10.0EPSS: 0%CPEs: 29EXPL: 0CVE-2020-25583 – FreeBSD Security Advisory - FreeBSD-SA-20:32.rtsold
https://notcve.org/view.php?id=CVE-2020-25583
01 Dec 2020 — In FreeBSD 12.2-STABLE before r368250, 11.4-STABLE before r368253, 12.2-RELEASE before p1, 12.1-RELEASE before p11 and 11.4-RELEASE before p5 when processing a DNSSL option, rtsold(8) decodes domain name labels per an encoding specified in RFC 1035 in which the first octet of each label contains the label's length. rtsold(8) did not validate label lengths correctly and could overflow the destination buffer. En FreeBSD versiones 12.2-STABLE anteriores a r368250, versiones 11.4-STABLE anteriores a r368253, ve... • https://security.FreeBSD.org/advisories/FreeBSD-SA-20:32.rtsold.asc • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 10.0EPSS: 0%CPEs: 15EXPL: 0CVE-2020-25577 – FreeBSD Security Advisory - FreeBSD-SA-20:32.rtsold
https://notcve.org/view.php?id=CVE-2020-25577
01 Dec 2020 — In FreeBSD 12.2-STABLE before r368250, 11.4-STABLE before r368253, 12.2-RELEASE before p1, 12.1-RELEASE before p11 and 11.4-RELEASE before p5 rtsold(8) does not verify that the RDNSS option does not extend past the end of the received packet before processing its contents. While the kernel currently ignores such malformed packets, it passes them to userspace programs. Any programs expecting the kernel to do validation may be vulnerable to an overflow. En FreeBSD versiones 12.2-STABLE anteriores a r368250, v... • https://security.FreeBSD.org/advisories/FreeBSD-SA-20:32.rtsold.asc • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 8.2EPSS: 0%CPEs: 49EXPL: 1CVE-2020-24718
https://notcve.org/view.php?id=CVE-2020-24718
25 Sep 2020 — bhyve, as used in FreeBSD through 12.1 and illumos (e.g., OmniOS CE through r151034 and OpenIndiana through Hipster 2020.04), does not properly restrict VMCS and VMCB read/write operations, as demonstrated by a root user in a container on an Intel system, who can gain privileges by modifying VMCS_HOST_RIP. bhyve, como es usado en FreeBSD versiones hasta 12.1 e illumos (por ejemplo, OmniOS CE versiones hasta r151034 y OpenIndiana versiones hasta Hipster 2020.04), no restringe apropiadamente las operaciones d... • https://github.com/illumos/illumos-gate/blob/84971882a96ac0fecd538b02208054a872ff8af3/usr/src/uts/i86pc/io/vmm/intel/vmcs.c#L246-L249 • CWE-862: Missing Authorization •