CVSS: 7.8EPSS: 7%CPEs: 2EXPL: 0CVE-2018-17158 – FreeBSD Security Advisory - FreeBSD-SA-18:13.nfs
https://notcve.org/view.php?id=CVE-2018-17158
28 Nov 2018 — In FreeBSD before 11.2-STABLE(r340854) and 11.2-RELEASE-p5, an integer overflow error can occur when handling the client address length field in an NFSv4 request. Unprivileged remote users with access to the NFS server can crash the system by sending a specially crafted NFSv4 request. En FreeBSD, en versiones anteriores a la 11.2-STABLE(r340854) y la 11.2-RELEASE-p5, puede ocurrir un error de desbordamiento de enteros al manejar el campo de longitud de dirección del cliente en una petición NFSv4. Los usuari... • http://www.securityfocus.com/bid/106192 • CWE-190: Integer Overflow or Wraparound •
CVSS: 7.8EPSS: 7%CPEs: 2EXPL: 0CVE-2018-17159 – FreeBSD Security Advisory - FreeBSD-SA-18:13.nfs
https://notcve.org/view.php?id=CVE-2018-17159
28 Nov 2018 — In FreeBSD before 11.2-STABLE(r340854) and 11.2-RELEASE-p5, the NFS server lacks a bounds check in the READDIRPLUS NFS request. Unprivileged remote users with access to the NFS server can cause a resource exhaustion by forcing the server to allocate an arbitrarily large memory allocation. En FreeBSD, en versiones anteriores a la 11.2-STABLE(r340854) y la 11.2-RELEASE-p5, el servidor NFS carece de una comprobación de límites en la petición NFS READDIRPLUS. Los usuarios remotos sin privilegios con acceso al s... • http://www.securityfocus.com/bid/106192 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2018-17154
https://notcve.org/view.php?id=CVE-2018-17154
28 Sep 2018 — In FreeBSD before 11.2-STABLE(r338987), 11.2-RELEASE-p4, and 11.1-RELEASE-p15, due to insufficient memory checking in the freebsd4_getfsstat system call, a NULL pointer dereference can occur. Unprivileged authenticated local users may be able to cause a denial of service. En FreeBSD en versiones anteriores a la 11.2-STABLE(r338987), 11.2-RELEASE-p4 y 11.1-RELEASE-p15, debido a una comprobación de memoria insuficiente en la llamada del sistema freebsd4_getfsstat, puede ocurrir una desreferencia de puntero NU... • https://security.FreeBSD.org/advisories/FreeBSD-EN-18:10.syscall.asc • CWE-476: NULL Pointer Dereference •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2018-17155
https://notcve.org/view.php?id=CVE-2018-17155
28 Sep 2018 — In FreeBSD before 11.2-STABLE(r338983), 11.2-RELEASE-p4, 11.1-RELEASE-p15, 10.4-STABLE(r338984), and 10.4-RELEASE-p13, due to insufficient initialization of memory copied to userland in the getcontext and swapcontext system calls, small amounts of kernel memory may be disclosed to userland processes. Unprivileged authenticated local users may be able to access small amounts privileged kernel data. En FreeBSD, en versiones anteriores a 11.2-STABLE(r338983), 11.2-RELEASE-p4, 11.1-RELEASE-p15, 10.4-STABLE(r338... • https://security.FreeBSD.org/advisories/FreeBSD-EN-18:12.mem.asc • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2018-6925
https://notcve.org/view.php?id=CVE-2018-6925
28 Sep 2018 — In FreeBSD before 11.2-STABLE(r338986), 11.2-RELEASE-p4, 11.1-RELEASE-p15, 10.4-STABLE(r338985), and 10.4-RELEASE-p13, due to improper maintenance of IPv6 protocol control block flags through various failure paths, an unprivileged authenticated local user may be able to cause a NULL pointer dereference causing the kernel to crash. En FreeBSD en versiones anteriores a la 11.2-STABLE(r338986), 11.2-RELEASE-p4, 11.1-RELEASE-p15, 10.4-STABLE(r338985) y 10.4-RELEASE-p13, debido al mantenimiento indebido de las e... • https://security.FreeBSD.org/advisories/FreeBSD-EN-18:11.listen.asc • CWE-476: NULL Pointer Dereference •
CVSS: 7.1EPSS: 0%CPEs: 3EXPL: 0CVE-2018-6924 – FreeBSD Security Advisory - FreeBSD-SA-18:12.elf
https://notcve.org/view.php?id=CVE-2018-6924
12 Sep 2018 — In FreeBSD before 11.1-STABLE, 11.2-RELEASE-p3, 11.1-RELEASE-p14, 10.4-STABLE, and 10.4-RELEASE-p12, insufficient validation in the ELF header parser could allow a malicious ELF binary to cause a kernel crash or disclose kernel memory. En FreeBSD en versiones anteriores a la 11.1-STABLE, 11.2-RELEASE-p3, 11.1-RELEASE-p14, 10.4-STABLE y 10.4-RELEASE-p12, la validación insuficiente en el analizador de la cabecera ELF podría permitir que un binario ELF malicioso provoque el cierre inesperado del kernel o revel... • http://www.securitytracker.com/id/1041646 • CWE-20: Improper Input Validation •
CVSS: 7.8EPSS: 4%CPEs: 40EXPL: 0CVE-2018-6923 – FreeBSD Security Advisory - FreeBSD-SA-18:10.ip
https://notcve.org/view.php?id=CVE-2018-6923
15 Aug 2018 — In FreeBSD before 11.1-STABLE, 11.2-RELEASE-p2, 11.1-RELEASE-p13, ip fragment reassembly code is vulnerable to a denial of service due to excessive system resource consumption. This issue can allow a remote attacker who is able to send an arbitrary ip fragments to cause the machine to consume excessive resources. En FreeBSD en versiones anteriores a la 11.1-STABLE, 11.2-RELEASE-p2 y 11.1-RELEASE-p13, el código de reensamblado de fragmentos de ip es vulnerable a una denegación de servicio (DoS) debido al con... • http://www.securityfocus.com/bid/105336 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 5.3EPSS: 0%CPEs: 19EXPL: 0CVE-2018-6922 – FreeBSD Security Advisory - FreeBSD-SA-18:08.tcp
https://notcve.org/view.php?id=CVE-2018-6922
07 Aug 2018 — One of the data structures that holds TCP segments in all versions of FreeBSD prior to 11.2-RELEASE-p1, 11.1-RELEASE-p12, and 10.4-RELEASE-p10 uses an inefficient algorithm to reassemble the data. This causes the CPU time spent on segment processing to grow linearly with the number of segments in the reassembly queue. An attacker who has the ability to send TCP traffic to a victim system can degrade the victim system's network performance and/or consume excessive CPU by exploiting the inefficiency of TCP re... • http://www.securityfocus.com/bid/105058 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 9.8EPSS: 1%CPEs: 5EXPL: 0CVE-2016-6559 – The BSD libc library's link_ntoa() function may be vulnerable to a classic buffer overflow
https://notcve.org/view.php?id=CVE-2016-6559
13 Jul 2018 — Improper bounds checking of the obuf variable in the link_ntoa() function in linkaddr.c of the BSD libc library may allow an attacker to read or write from memory. The full impact and severity depends on the method of exploit and how the library is used by applications. According to analysis by FreeBSD developers, it is very unlikely that applications exist that utilize link_ntoa() in an exploitable manner, and the CERT/CC is not aware of any proof of concept. A blog post describes the functionality of link... • http://www.securitytracker.com/id/1037398 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 5.6EPSS: 1%CPEs: 481EXPL: 0CVE-2018-3665 – Kernel: FPU state information leakage via lazy FPU restore
https://notcve.org/view.php?id=CVE-2018-3665
14 Jun 2018 — System software utilizing Lazy FP state restore technique on systems using Intel Core-based microprocessors may potentially allow a local process to infer data from another process through a speculative execution side channel. El software de sistema que emplea la técnica de restauración de estado Lazy FP en los sistemas que emplean microprocesadores de Intel Core podrían permitir que un proceso local infiera datos de otro proceso mediante un canal lateral de ejecución especulativa. A Floating Point Unit (FP... • http://www.securityfocus.com/bid/104460 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •