CVSS: 7.8EPSS: 0%CPEs: 7EXPL: 0CVE-2012-4576
https://notcve.org/view.php?id=CVE-2012-4576
FreeBSD: Input Validation Flaw allows local users to gain elevated privileges FreeBSD: un Fallo de Comprobación de Entrada permite a usuarios locales alcanzar privilegios elevados. • http://archives.neohapsis.com/archives/bugtraq/2012-11/0089.html http://www.securityfocus.com/bid/56654 http://www.securitytracker.com/id?1027809 https://access.redhat.com/security/cve/cve-2012-4576 https://exchange.xforce.ibmcloud.com/vulnerabilities/80321 https://security-tracker.debian.org/tracker/CVE-2012-4576 • CWE-20: Improper Input Validation •
CVSS: 7.8EPSS: 5%CPEs: 1EXPL: 3CVE-2012-3549 – FreeBSD - SCTP Remote NULL Ptr Dereference Denial of Service
https://notcve.org/view.php?id=CVE-2012-3549
The SCTP implementation in FreeBSD 8.2 allows remote attackers to cause a denial of service (NULL pointer dereference and kernel panic) via a crafted ASCONF chunk. La implementación SCTP ??en FreeBSD v8.2, permite a atacantes remotos provocar una denegación de servicio (desreferencia de puntero NULL y un "kernel panic") a través de un chunk ASCONF modificado para este fin. • https://www.exploit-db.com/exploits/20226 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=686962 http://www.exploit-db.com/exploits/20226 http://www.openwall.com/lists/oss-security/2012/08/28/9 http://www.openwall.com/lists/oss-security/2012/08/29/6 http://www.securityfocus.com/bid/54797 •
CVSS: 2.1EPSS: 0%CPEs: 3EXPL: 0CVE-2012-4578
https://notcve.org/view.php?id=CVE-2012-4578
The geli encryption provider 7 before r239184 on FreeBSD 10 uses a weak Master Key, which makes it easier for local users to defeat a cryptographic protection mechanism via a brute-force attack. Geli Encription Provider v7 anterior a r239184 on FreeBSD v10 usa una clave máster débil, lo que provoca que sea fácil para usuarios locales saltarse el mecanismo de protección criptográfico a través de un ataque por fuerza bruta. • http://lists.freebsd.org/pipermail/freebsd-security/2012-August/006541.html https://exchange.xforce.ibmcloud.com/vulnerabilities/78057 • CWE-310: Cryptographic Issues •
CVSS: 5.0EPSS: 0%CPEs: 2EXPL: 0CVE-2007-6754
https://notcve.org/view.php?id=CVE-2007-6754
The ipalloc function in libc/stdlib/malloc.c in jemalloc in libc for FreeBSD 6.4 and NetBSD does not properly allocate memory, which makes it easier for context-dependent attackers to perform memory-related attacks such as buffer overflows via a large size value, related to "integer rounding and overflow" errors. La función ipalloc en libc /stdlib/malloc.c en jemalloc en libc para FreeBSD y NetBSD v6.4 no asignan correctamente la memoria, lo que hace que sea más fácil para los atacantes dependientes de contexto llevar a cabo ataques relacionados con la memoria, tales como desbordamientos de búfer a través de un valor de tamaño grande, relacionado con errores de "redondeo entero y desbordamiento". • http://kqueue.org/blog/2012/03/05/memory-allocator-security-revisited http://svnweb.freebsd.org/base?view=revision&revision=167872 • CWE-189: Numeric Errors •
CVSS: 5.0EPSS: 0%CPEs: 2EXPL: 0CVE-2006-7252
https://notcve.org/view.php?id=CVE-2006-7252
Integer overflow in the calloc function in libc/stdlib/malloc.c in jemalloc in libc for FreeBSD 6.4 and NetBSD makes it easier for context-dependent attackers to perform memory-related attacks such as buffer overflows via a large size value, which triggers a memory allocation of one byte. • http://kqueue.org/blog/2012/03/05/memory-allocator-security-revisited http://svnweb.freebsd.org/base?view=revision&revision=161263 • CWE-189: Numeric Errors •