CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2018-6925
https://notcve.org/view.php?id=CVE-2018-6925
28 Sep 2018 — In FreeBSD before 11.2-STABLE(r338986), 11.2-RELEASE-p4, 11.1-RELEASE-p15, 10.4-STABLE(r338985), and 10.4-RELEASE-p13, due to improper maintenance of IPv6 protocol control block flags through various failure paths, an unprivileged authenticated local user may be able to cause a NULL pointer dereference causing the kernel to crash. En FreeBSD en versiones anteriores a la 11.2-STABLE(r338986), 11.2-RELEASE-p4, 11.1-RELEASE-p15, 10.4-STABLE(r338985) y 10.4-RELEASE-p13, debido al mantenimiento indebido de las e... • https://security.FreeBSD.org/advisories/FreeBSD-EN-18:11.listen.asc • CWE-476: NULL Pointer Dereference •
CVSS: 7.8EPSS: 4%CPEs: 40EXPL: 0CVE-2018-6923 – FreeBSD Security Advisory - FreeBSD-SA-18:10.ip
https://notcve.org/view.php?id=CVE-2018-6923
15 Aug 2018 — In FreeBSD before 11.1-STABLE, 11.2-RELEASE-p2, 11.1-RELEASE-p13, ip fragment reassembly code is vulnerable to a denial of service due to excessive system resource consumption. This issue can allow a remote attacker who is able to send an arbitrary ip fragments to cause the machine to consume excessive resources. En FreeBSD en versiones anteriores a la 11.1-STABLE, 11.2-RELEASE-p2 y 11.1-RELEASE-p13, el código de reensamblado de fragmentos de ip es vulnerable a una denegación de servicio (DoS) debido al con... • http://www.securityfocus.com/bid/105336 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 9.8EPSS: 1%CPEs: 5EXPL: 0CVE-2016-6559 – The BSD libc library's link_ntoa() function may be vulnerable to a classic buffer overflow
https://notcve.org/view.php?id=CVE-2016-6559
13 Jul 2018 — Improper bounds checking of the obuf variable in the link_ntoa() function in linkaddr.c of the BSD libc library may allow an attacker to read or write from memory. The full impact and severity depends on the method of exploit and how the library is used by applications. According to analysis by FreeBSD developers, it is very unlikely that applications exist that utilize link_ntoa() in an exploitable manner, and the CERT/CC is not aware of any proof of concept. A blog post describes the functionality of link... • http://www.securitytracker.com/id/1037398 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2018-6920
https://notcve.org/view.php?id=CVE-2018-6920
08 May 2018 — In FreeBSD before 11.1-STABLE(r332303), 11.1-RELEASE-p10, 10.4-STABLE(r332321), and 10.4-RELEASE-p9, due to insufficient initialization of memory copied to userland in the Linux subsystem and Atheros wireless driver, small amounts of kernel memory may be disclosed to userland processes. Unprivileged authenticated local users may be able to access small amounts of privileged kernel data. En FreeBSD, en versiones anteriores a la 11.1-STABLE(r332303), 11.1-RELEASE-p10, 10.4-STABLE(r332321) y 10.4-RELEASE-p9, d... • http://www.securityfocus.com/bid/104114 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2018-6919
https://notcve.org/view.php?id=CVE-2018-6919
04 Apr 2018 — In FreeBSD before 11.1-STABLE, 11.1-RELEASE-p9, 10.4-STABLE, 10.4-RELEASE-p8 and 10.3-RELEASE-p28, due to insufficient initialization of memory copied to userland, small amounts of kernel memory may be disclosed to userland processes. Unprivileged users may be able to access small amounts privileged kernel data. En FreeBSD, en versiones anteriores a 11.1-STABLE, 11.1-RELEASE-p9, 10.4-STABLE, 10.4-RELEASE-p8 y 10.3-RELEASE-p28, debido a la insuficiente inicialización de la memoria copiada al espacio de usuar... • http://www.securityfocus.com/bid/103760 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.5EPSS: 1%CPEs: 2EXPL: 0CVE-2018-6917 – FreeBSD Security Advisory - FreeBSD-SA-18:04.vt
https://notcve.org/view.php?id=CVE-2018-6917
04 Apr 2018 — In FreeBSD before 11.1-STABLE, 11.1-RELEASE-p9, 10.4-STABLE, 10.4-RELEASE-p8 and 10.3-RELEASE-p28, insufficient validation of user-provided font parameters can result in an integer overflow, leading to the use of arbitrary kernel memory as glyph data. Unprivileged users may be able to access privileged kernel data. En FreeBSD, en versiones anteriores a 11.1-STABLE, 11.1-RELEASE-p9, 10.4-STABLE, 10.4-RELEASE-p8 y 10.3-RELEASE-p28, la validación insuficiente de parámetros de fuente proporcionados por el usuar... • http://www.securityfocus.com/bid/103668 • CWE-190: Integer Overflow or Wraparound •
CVSS: 7.8EPSS: 4%CPEs: 2EXPL: 0CVE-2018-6918 – Apple Security Advisory 2019-5-30-1
https://notcve.org/view.php?id=CVE-2018-6918
04 Apr 2018 — In FreeBSD before 11.1-STABLE, 11.1-RELEASE-p9, 10.4-STABLE, 10.4-RELEASE-p8 and 10.3-RELEASE-p28, the length field of the ipsec option header does not count the size of the option header itself, causing an infinite loop when the length is zero. This issue can allow a remote attacker who is able to send an arbitrary packet to cause the machine to crash. En FreeBSD, en versiones anteriores a 11.1-STABLE, 11.1-RELEASE-p9, 10.4-STABLE, 10.4-RELEASE-p8 y 10.3-RELEASE-p28, el campo length de la cabecera de opció... • http://seclists.org/fulldisclosure/2019/Jun/6 • CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •
CVSS: 5.3EPSS: 0%CPEs: 85EXPL: 0CVE-2017-13081 – FreeBSD Security Advisory - FreeBSD-SA-17:07.wpa
https://notcve.org/view.php?id=CVE-2017-13081
16 Oct 2017 — Wi-Fi Protected Access (WPA and WPA2) that supports IEEE 802.11w allows reinstallation of the Integrity Group Temporal Key (IGTK) during the group key handshake, allowing an attacker within radio range to spoof frames from access points to clients. Wi-Fi Protected Access (WPA y WPA2) que soporte IEEE 802.11w permite la reinstalación de la clave temporal IGTK (Integrity Group Temporal Key) durante el handshake de clave de grupo, haciendo que un atacante en el rango de radio suplante frames desde los puntos d... • http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00020.html • CWE-323: Reusing a Nonce, Key Pair in Encryption CWE-330: Use of Insufficiently Random Values •
CVSS: 8.1EPSS: 1%CPEs: 85EXPL: 0CVE-2017-13080 – wpa_supplicant: Reinstallation of the group key in the group key handshake
https://notcve.org/view.php?id=CVE-2017-13080
16 Oct 2017 — Wi-Fi Protected Access (WPA and WPA2) allows reinstallation of the Group Temporal Key (GTK) during the group key handshake, allowing an attacker within radio range to replay frames from access points to clients. Wi-Fi Protected Access (WPA y WPA2) permite la reinstalación de la clave temporal GTK (Group Temporal Key) durante la negociación de la clave de grupo, haciendo que un atacante que se sitúe dentro del radio reproduzca frames desde los puntos de acceso hasta los clientes. A new exploitation technique... • http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00020.html • CWE-323: Reusing a Nonce, Key Pair in Encryption CWE-330: Use of Insufficiently Random Values •
CVSS: 8.1EPSS: 0%CPEs: 85EXPL: 0CVE-2017-13086 – wpa_supplicant: reinstallation of the Tunneled Direct-Link Setup (TDLS) PeerKey (TPK) key in the TDLS handshake
https://notcve.org/view.php?id=CVE-2017-13086
16 Oct 2017 — Wi-Fi Protected Access (WPA and WPA2) allows reinstallation of the Tunneled Direct-Link Setup (TDLS) Peer Key (TPK) during the TDLS handshake, allowing an attacker within radio range to replay, decrypt, or spoof frames. Wi-Fi Protected Access (WPA y WPA2) permite la reinstalación de la clave TPK (Peer Key) TDLS (Tunneled Direct-Link Setup) durante la negociación TDLS, haciendo que un atacante que se sitúe dentro del radio reproduzca, descifre o suplante frames. A new exploitation technique called key reinst... • http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2017-007.txt • CWE-323: Reusing a Nonce, Key Pair in Encryption CWE-330: Use of Insufficiently Random Values •