CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2018-6925
https://notcve.org/view.php?id=CVE-2018-6925
28 Sep 2018 — In FreeBSD before 11.2-STABLE(r338986), 11.2-RELEASE-p4, 11.1-RELEASE-p15, 10.4-STABLE(r338985), and 10.4-RELEASE-p13, due to improper maintenance of IPv6 protocol control block flags through various failure paths, an unprivileged authenticated local user may be able to cause a NULL pointer dereference causing the kernel to crash. En FreeBSD en versiones anteriores a la 11.2-STABLE(r338986), 11.2-RELEASE-p4, 11.1-RELEASE-p15, 10.4-STABLE(r338985) y 10.4-RELEASE-p13, debido al mantenimiento indebido de las e... • https://security.FreeBSD.org/advisories/FreeBSD-EN-18:11.listen.asc • CWE-476: NULL Pointer Dereference •
CVSS: 7.8EPSS: 4%CPEs: 40EXPL: 0CVE-2018-6923 – FreeBSD Security Advisory - FreeBSD-SA-18:10.ip
https://notcve.org/view.php?id=CVE-2018-6923
15 Aug 2018 — In FreeBSD before 11.1-STABLE, 11.2-RELEASE-p2, 11.1-RELEASE-p13, ip fragment reassembly code is vulnerable to a denial of service due to excessive system resource consumption. This issue can allow a remote attacker who is able to send an arbitrary ip fragments to cause the machine to consume excessive resources. En FreeBSD en versiones anteriores a la 11.1-STABLE, 11.2-RELEASE-p2 y 11.1-RELEASE-p13, el código de reensamblado de fragmentos de ip es vulnerable a una denegación de servicio (DoS) debido al con... • http://www.securityfocus.com/bid/105336 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 8.1EPSS: 0%CPEs: 1EXPL: 0CVE-2017-15037
https://notcve.org/view.php?id=CVE-2017-15037
05 Oct 2017 — In FreeBSD through 11.1, the smb_strdupin function in sys/netsmb/smb_subr.c has a race condition with a resultant out-of-bounds read, because it can cause t2p->t_name strings to lack a final '\0' character. En FreeBSD hasta la versión 11.1, la función smb_strdupin en sys/netsmb/smb_subr.c tiene una condición de carrera con una lectura fuera de límites porque puede hace que les falten el carácter "\0" a las cadenas t2p->t_name. • http://www.securityfocus.com/bid/101191 • CWE-125: Out-of-bounds Read CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 7.8EPSS: 38%CPEs: 1EXPL: 5CVE-2017-1084 – FreeBSD - 'FGPE' Stack Clash (PoC)
https://notcve.org/view.php?id=CVE-2017-1084
29 Jun 2017 — In FreeBSD before 11.2-RELEASE, multiple issues with the implementation of the stack guard-page reduce the protections afforded by the guard-page. This results in the possibility a poorly written process could be cause a stack overflow. En FreeBSD en versiones anteriores a la 11.2-RELEASE, múltiples problemas con la implementación de la página guard de la pila reducen las protecciones de la página guard. Esto resulta en la posibilidad de que un proceso mal escrito provoque un desbordamiento de pila. • https://packetstorm.news/files/id/143199 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 3CVE-2017-1085 – FreeBSD - 'setrlimit' Stack Clash (PoC)
https://notcve.org/view.php?id=CVE-2017-1085
29 Jun 2017 — In FreeBSD before 11.2-RELEASE, an application which calls setrlimit() to increase RLIMIT_STACK may turn a read-only memory region below the stack into a read-write region. A specially crafted executable could be exploited to execute arbitrary code in the user context. En FreeBSD en versiones anteriores a la 11.2-RELEASE, una aplicación que llama a setrlimit() para incrementar RLIMIT_STACK podría hacer que una región de memoria de solo lectura bajo la pila pase a ser una región de lectura y escritura. Un ej... • https://packetstorm.news/files/id/143197 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1CVE-2017-1083 – Qualys Security Advisory - the Stack Clash
https://notcve.org/view.php?id=CVE-2017-1083
20 Jun 2017 — In FreeBSD before 11.2-RELEASE, a stack guard-page is available but is disabled by default. This results in the possibility a poorly written process could be cause a stack overflow. En FreeBSD en versiones anteriores a la 11.2-RELEASE, una página guard de pila está disponible, pero está deshabilitada por defecto. Esto resulta en la posibilidad de que un proceso mal escrito provoque un desbordamiento de pila Qualys has released a large amount of research surrounding the use of stack clash vulnerabilities and... • https://www.qualys.com/2017/06/19/stack-clash/stack-clash.txt • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.8EPSS: 3%CPEs: 4EXPL: 0CVE-2017-1081 – FreeBSD Security Advisory - FreeBSD-SA-17:04.ipfilter
https://notcve.org/view.php?id=CVE-2017-1081
27 Apr 2017 — In FreeBSD before 11.0-STABLE, 11.0-RELEASE-p10, 10.3-STABLE, and 10.3-RELEASE-p19, ipfilter using "keep state" or "keep frags" options can cause a kernel panic when fed specially crafted packet fragments due to incorrect memory handling. En FreeBSD, en versiones anteriores a la 11.0-STABLE, 11.0-RELEASE-p10, 10.3-STABLE y 10.3-RELEASE-p19, cuando ipfilter emplea las opciones "keep state" o "keep frags", puede provocar un pánico del kernel cuando se le alimentan fragmentos de paquetes manipulados debido a l... • http://www.securityfocus.com/bid/98089 • CWE-20: Improper Input Validation CWE-416: Use After Free •
CVSS: 8.8EPSS: 15%CPEs: 62EXPL: 2CVE-2016-5766 – gd: Integer overflow in _gd2GetHeader() resulting in heap overflow
https://notcve.org/view.php?id=CVE-2016-5766
26 Jun 2016 — Integer overflow in the _gd2GetHeader function in gd_gd2.c in the GD Graphics Library (aka libgd) before 2.2.3, as used in PHP before 5.5.37, 5.6.x before 5.6.23, and 7.x before 7.0.8, allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via crafted chunk dimensions in an image. Desbordamiento de entero en la función _gd2GetHeader en gd_gd2.c en la GD Graphics Library (también conocido como libgd) en versiones anter... • http://github.com/php/php-src/commit/7722455726bec8c53458a32851d2a87982cf0eac?w=1 • CWE-122: Heap-based Buffer Overflow CWE-190: Integer Overflow or Wraparound •
CVSS: 7.5EPSS: 3%CPEs: 56EXPL: 0CVE-2015-1417 – FreeBSD Security Advisory - TCP Reassembly Resource Exhaustion
https://notcve.org/view.php?id=CVE-2015-1417
28 Jul 2015 — The inet module in FreeBSD 10.2x before 10.2-PRERELEASE, 10.2-BETA2-p2, 10.2-RC1-p1, 10.1x before 10.1-RELEASE-p16, 9.x before 9.3-STABLE, 9.3-RELEASE-p21, and 8.x before 8.4-STABLE, 8.4-RELEASE-p35 on systems with VNET enabled and at least 16 VNET instances allows remote attackers to cause a denial of service (mbuf consumption) via multiple concurrent TCP connections. El módulo inet en FreeBSD versión 10.2x anterior a 10.2-PRERELEASE, versión 10.2-BETA2-p2, versión 10.2-RC1-p1, versión 10.1x anterior a 10.... • http://www.securityfocus.com/bid/76112 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 3CVE-2015-1415 – FreeBSD Security Advisory - GELI Keyfile Permissions
https://notcve.org/view.php?id=CVE-2015-1415
08 Apr 2015 — The bsdinstall installer in FreeBSD 10.x before 10.1 p9, when configuring full disk encrypted ZFS, uses world-readable permissions for the GELI keyfile (/boot/encryption.key), which allows local users to obtain sensitive key information by reading the file. El instalador bsdinstall en FreeBSD 10.x anterior a 10.1 p9, cuando configura ZFS codificado de disco completo, utiliza permisos de lectura universal para el fichero de claves GELI (/boot/encryption.key), lo que permite a usuarios locales obtener informa... • https://packetstorm.news/files/id/131338 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •