CVSS: 5.9EPSS: 56%CPEs: 55EXPL: 6CVE-2019-6111 – OpenSSH SCP Client - Write Arbitrary Files
https://notcve.org/view.php?id=CVE-2019-6111
16 Jan 2019 — An issue was discovered in OpenSSH 7.9. Due to the scp implementation being derived from 1983 rcp, the server chooses which files/directories are sent to the client. However, the scp client only performs cursory validation of the object name returned (only directory traversal attacks are prevented). A malicious scp server (or Man-in-The-Middle attacker) can overwrite arbitrary files in the scp client target directory. If recursive operation (-r) is performed, the server can manipulate subdirectories as well... • https://packetstorm.news/files/id/151227 • CWE-20: Improper Input Validation CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 0CVE-2018-17160 – FreeBSD Security Advisory - FreeBSD-SA-18:14.bhyve
https://notcve.org/view.php?id=CVE-2018-17160
04 Dec 2018 — In FreeBSD before 11.2-STABLE(r341486) and 11.2-RELEASE-p6, insufficient bounds checking in one of the device models provided by bhyve can permit a guest operating system to overwrite memory in the bhyve host possibly permitting arbitrary code execution. A guest OS using a firmware image can cause the bhyve process to crash, or possibly execute arbitrary code on the host as root. En FreeBSD, en versiones anteriores a la 11.2-STABLE(r340854) y la 11.2-RELEASE-p5, una comprobación de límites insuficiente en u... • http://www.securityfocus.com/bid/106210 • CWE-787: Out-of-bounds Write •
CVSS: 5.9EPSS: 0%CPEs: 2EXPL: 1CVE-2018-17156
https://notcve.org/view.php?id=CVE-2018-17156
28 Nov 2018 — In FreeBSD before 11.2-STABLE(r340268) and 11.2-RELEASE-p5, due to incorrectly accounting for padding on 64-bit platforms, a buffer underwrite could occur when constructing an ICMP reply packet when using a non-standard value for the net.inet.icmp.quotelen sysctl. En FreeBSD, en versiones anteriores a la 11.2-STABLE(r340268) y 11.2-RELEASE-p5, debido al recuento incorrecto de relleno en plataformas de 64 bits, podría ocurrir una subescritura de búfer al construir un paquete de respuesta ICMP al emplear un v... • http://www.securityfocus.com/bid/106052 • CWE-787: Out-of-bounds Write •
CVSS: 10.0EPSS: 43%CPEs: 2EXPL: 0CVE-2018-17157 – FreeBSD Security Advisory - FreeBSD-SA-18:13.nfs
https://notcve.org/view.php?id=CVE-2018-17157
28 Nov 2018 — In FreeBSD before 11.2-STABLE(r340854) and 11.2-RELEASE-p5, an integer overflow error when handling opcodes can cause memory corruption by sending a specially crafted NFSv4 request. Unprivileged remote users with access to the NFS server may be able to execute arbitrary code. En FreeBSD, en versiones anteriores a la 11.2-STABLE(r340854) y la 11.2-RELEASE-p5, un error de desbordamiento de enteros al manejar opcodes puede provocar una corrupción de memoria mediante el envío de una petición NFSv4 especialmente... • http://www.securityfocus.com/bid/106192 • CWE-190: Integer Overflow or Wraparound •
CVSS: 7.8EPSS: 7%CPEs: 2EXPL: 0CVE-2018-17158 – FreeBSD Security Advisory - FreeBSD-SA-18:13.nfs
https://notcve.org/view.php?id=CVE-2018-17158
28 Nov 2018 — In FreeBSD before 11.2-STABLE(r340854) and 11.2-RELEASE-p5, an integer overflow error can occur when handling the client address length field in an NFSv4 request. Unprivileged remote users with access to the NFS server can crash the system by sending a specially crafted NFSv4 request. En FreeBSD, en versiones anteriores a la 11.2-STABLE(r340854) y la 11.2-RELEASE-p5, puede ocurrir un error de desbordamiento de enteros al manejar el campo de longitud de dirección del cliente en una petición NFSv4. Los usuari... • http://www.securityfocus.com/bid/106192 • CWE-190: Integer Overflow or Wraparound •
CVSS: 7.8EPSS: 7%CPEs: 2EXPL: 0CVE-2018-17159 – FreeBSD Security Advisory - FreeBSD-SA-18:13.nfs
https://notcve.org/view.php?id=CVE-2018-17159
28 Nov 2018 — In FreeBSD before 11.2-STABLE(r340854) and 11.2-RELEASE-p5, the NFS server lacks a bounds check in the READDIRPLUS NFS request. Unprivileged remote users with access to the NFS server can cause a resource exhaustion by forcing the server to allocate an arbitrarily large memory allocation. En FreeBSD, en versiones anteriores a la 11.2-STABLE(r340854) y la 11.2-RELEASE-p5, el servidor NFS carece de una comprobación de límites en la petición NFS READDIRPLUS. Los usuarios remotos sin privilegios con acceso al s... • http://www.securityfocus.com/bid/106192 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2018-17154
https://notcve.org/view.php?id=CVE-2018-17154
28 Sep 2018 — In FreeBSD before 11.2-STABLE(r338987), 11.2-RELEASE-p4, and 11.1-RELEASE-p15, due to insufficient memory checking in the freebsd4_getfsstat system call, a NULL pointer dereference can occur. Unprivileged authenticated local users may be able to cause a denial of service. En FreeBSD en versiones anteriores a la 11.2-STABLE(r338987), 11.2-RELEASE-p4 y 11.1-RELEASE-p15, debido a una comprobación de memoria insuficiente en la llamada del sistema freebsd4_getfsstat, puede ocurrir una desreferencia de puntero NU... • https://security.FreeBSD.org/advisories/FreeBSD-EN-18:10.syscall.asc • CWE-476: NULL Pointer Dereference •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2018-17155
https://notcve.org/view.php?id=CVE-2018-17155
28 Sep 2018 — In FreeBSD before 11.2-STABLE(r338983), 11.2-RELEASE-p4, 11.1-RELEASE-p15, 10.4-STABLE(r338984), and 10.4-RELEASE-p13, due to insufficient initialization of memory copied to userland in the getcontext and swapcontext system calls, small amounts of kernel memory may be disclosed to userland processes. Unprivileged authenticated local users may be able to access small amounts privileged kernel data. En FreeBSD, en versiones anteriores a 11.2-STABLE(r338983), 11.2-RELEASE-p4, 11.1-RELEASE-p15, 10.4-STABLE(r338... • https://security.FreeBSD.org/advisories/FreeBSD-EN-18:12.mem.asc • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2018-6925
https://notcve.org/view.php?id=CVE-2018-6925
28 Sep 2018 — In FreeBSD before 11.2-STABLE(r338986), 11.2-RELEASE-p4, 11.1-RELEASE-p15, 10.4-STABLE(r338985), and 10.4-RELEASE-p13, due to improper maintenance of IPv6 protocol control block flags through various failure paths, an unprivileged authenticated local user may be able to cause a NULL pointer dereference causing the kernel to crash. En FreeBSD en versiones anteriores a la 11.2-STABLE(r338986), 11.2-RELEASE-p4, 11.1-RELEASE-p15, 10.4-STABLE(r338985) y 10.4-RELEASE-p13, debido al mantenimiento indebido de las e... • https://security.FreeBSD.org/advisories/FreeBSD-EN-18:11.listen.asc • CWE-476: NULL Pointer Dereference •
CVSS: 7.1EPSS: 0%CPEs: 3EXPL: 0CVE-2018-6924 – FreeBSD Security Advisory - FreeBSD-SA-18:12.elf
https://notcve.org/view.php?id=CVE-2018-6924
12 Sep 2018 — In FreeBSD before 11.1-STABLE, 11.2-RELEASE-p3, 11.1-RELEASE-p14, 10.4-STABLE, and 10.4-RELEASE-p12, insufficient validation in the ELF header parser could allow a malicious ELF binary to cause a kernel crash or disclose kernel memory. En FreeBSD en versiones anteriores a la 11.1-STABLE, 11.2-RELEASE-p3, 11.1-RELEASE-p14, 10.4-STABLE y 10.4-RELEASE-p12, la validación insuficiente en el analizador de la cabecera ELF podría permitir que un binario ELF malicioso provoque el cierre inesperado del kernel o revel... • http://www.securitytracker.com/id/1041646 • CWE-20: Improper Input Validation •