Page 3 of 402 results (0.004 seconds)

CVSS: 6.8EPSS: 1%CPEs: 14EXPL: 0

25 Jul 2019 — In FreeBSD 11.3-STABLE before r350217, 11.3-RELEASE before 11.3-RELEASE-p1, and 11.2-RELEASE before 11.2-RELEASE-p12, due to insufficient initialization of memory copied to userland in the freebsd32_ioctl interface, small amounts of kernel memory may be disclosed to userland processes. This may allow an attacker to leverage this information to obtain elevated privileges either directly or indirectly. En FreeBSD versión 11.3-STABLE anterior a r350217, versión 11.3-RELEASE anterior a 11.3-RELEASE-p1, y versió... • http://packetstormsecurity.com/files/153749/FreeBSD-Security-Advisory-FreeBSD-SA-19-14.freebsd32.html • CWE-665: Improper Initialization •

CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0

24 Jul 2019 — In FreeBSD 12.0-STABLE before r349805, 12.0-RELEASE before 12.0-RELEASE-p8, 11.3-STABLE before r349806, 11.3-RELEASE before 11.3-RELEASE-p1, and 11.2-RELEASE before 11.2-RELEASE-p12, code which handles close of a descriptor created by posix_openpt fails to undo a signal configuration. This causes an incorrect signal to be raised leading to a write after free of kernel memory allowing a malicious user to gain root privileges or escape a jail. En FreeBSD versión 12.0-STABLE anterior a r349805, versión 12.0-RE... • http://packetstormsecurity.com/files/153748/FreeBSD-Security-Advisory-FreeBSD-SA-19-13.pts.html • CWE-416: Use After Free •

CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0

24 Jul 2019 — In FreeBSD 12.0-STABLE before r350222, 12.0-RELEASE before 12.0-RELEASE-p8, 11.3-STABLE before r350223, 11.3-RELEASE before 11.3-RELEASE-p1, and 11.2-RELEASE before 11.2-RELEASE-p12, rights transmitted over a domain socket did not properly release a reference on transmission error allowing a malicious user to cause the reference counter to wrap, forcing a free event. This could allow a malicious local user to gain root privileges or escape from a jail. En FreeBSD versión 12.0-STABLE anterior a r350222, vers... • http://packetstormsecurity.com/files/153755/FreeBSD-Security-Advisory-FreeBSD-SA-19-17.fd.html • CWE-404: Improper Resource Shutdown or Release CWE-682: Incorrect Calculation •

CVSS: 8.1EPSS: 1%CPEs: 28EXPL: 0

11 Apr 2019 — The implementations of EAP-PWD in hostapd EAP Server, when built against a crypto library missing explicit validation on imported elements, do not validate the scalar and element values in EAP-pwd-Commit. An attacker may be able to use invalid scalar/element values to complete authentication, gaining session key and network access without needing or learning the password. Both hostapd with SAE support and wpa_supplicant with SAE support prior to and including version 2.4 are affected. Both hostapd with EAP-... • http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00021.html • CWE-287: Improper Authentication CWE-346: Origin Validation Error •

CVSS: 8.1EPSS: 1%CPEs: 28EXPL: 0

11 Apr 2019 — The implementations of EAP-PWD in wpa_supplicant EAP Peer, when built against a crypto library missing explicit validation on imported elements, do not validate the scalar and element values in EAP-pwd-Commit. An attacker may complete authentication, session key and control of the data connection with a client. Both hostapd with SAE support and wpa_supplicant with SAE support prior to and including version 2.4 are affected. Both hostapd with EAP-pwd support and wpa_supplicant with EAP-pwd support prior to a... • http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00021.html • CWE-287: Improper Authentication CWE-346: Origin Validation Error •

CVSS: 5.9EPSS: 57%CPEs: 55EXPL: 6

16 Jan 2019 — An issue was discovered in OpenSSH 7.9. Due to the scp implementation being derived from 1983 rcp, the server chooses which files/directories are sent to the client. However, the scp client only performs cursory validation of the object name returned (only directory traversal attacks are prevented). A malicious scp server (or Man-in-The-Middle attacker) can overwrite arbitrary files in the scp client target directory. If recursive operation (-r) is performed, the server can manipulate subdirectories as well... • https://packetstorm.news/files/id/151227 • CWE-20: Improper Input Validation CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •

CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 0

04 Dec 2018 — In FreeBSD before 11.2-STABLE(r341486) and 11.2-RELEASE-p6, insufficient bounds checking in one of the device models provided by bhyve can permit a guest operating system to overwrite memory in the bhyve host possibly permitting arbitrary code execution. A guest OS using a firmware image can cause the bhyve process to crash, or possibly execute arbitrary code on the host as root. En FreeBSD, en versiones anteriores a la 11.2-STABLE(r340854) y la 11.2-RELEASE-p5, una comprobación de límites insuficiente en u... • http://www.securityfocus.com/bid/106210 • CWE-787: Out-of-bounds Write •

CVSS: 5.9EPSS: 0%CPEs: 2EXPL: 1

28 Nov 2018 — In FreeBSD before 11.2-STABLE(r340268) and 11.2-RELEASE-p5, due to incorrectly accounting for padding on 64-bit platforms, a buffer underwrite could occur when constructing an ICMP reply packet when using a non-standard value for the net.inet.icmp.quotelen sysctl. En FreeBSD, en versiones anteriores a la 11.2-STABLE(r340268) y 11.2-RELEASE-p5, debido al recuento incorrecto de relleno en plataformas de 64 bits, podría ocurrir una subescritura de búfer al construir un paquete de respuesta ICMP al emplear un v... • http://www.securityfocus.com/bid/106052 • CWE-787: Out-of-bounds Write •

CVSS: 7.8EPSS: 7%CPEs: 2EXPL: 0

28 Nov 2018 — In FreeBSD before 11.2-STABLE(r340854) and 11.2-RELEASE-p5, the NFS server lacks a bounds check in the READDIRPLUS NFS request. Unprivileged remote users with access to the NFS server can cause a resource exhaustion by forcing the server to allocate an arbitrarily large memory allocation. En FreeBSD, en versiones anteriores a la 11.2-STABLE(r340854) y la 11.2-RELEASE-p5, el servidor NFS carece de una comprobación de límites en la petición NFS READDIRPLUS. Los usuarios remotos sin privilegios con acceso al s... • http://www.securityfocus.com/bid/106192 • CWE-400: Uncontrolled Resource Consumption •

CVSS: 7.8EPSS: 7%CPEs: 2EXPL: 0

28 Nov 2018 — In FreeBSD before 11.2-STABLE(r340854) and 11.2-RELEASE-p5, an integer overflow error can occur when handling the client address length field in an NFSv4 request. Unprivileged remote users with access to the NFS server can crash the system by sending a specially crafted NFSv4 request. En FreeBSD, en versiones anteriores a la 11.2-STABLE(r340854) y la 11.2-RELEASE-p5, puede ocurrir un error de desbordamiento de enteros al manejar el campo de longitud de dirección del cliente en una petición NFSv4. Los usuari... • http://www.securityfocus.com/bid/106192 • CWE-190: Integer Overflow or Wraparound •