CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2012-5365
https://notcve.org/view.php?id=CVE-2012-5365
The IPv6 implementation in FreeBSD and NetBSD (unknown versions, year 2012 and earlier) allows remote attackers to cause a denial of service via a flood of ICMPv6 Router Advertisement packets containing multiple Routing entries. La implementación de IPv6 en FreeBSD y NetBSD (versiones desconocidas, año 2012 y anteriores) permite a atacantes remotos causar una denegación de servicio por medio de una avalancha de paquetes ICMPv6 Router Advertisement, que contienen múltiples entradas de Enrutamiento. • http://www.openwall.com/lists/oss-security/2012/10/10/12 https://www.securityfocus.com/bid/56170/info • CWE-400: Uncontrolled Resource Consumption •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2011-2480
https://notcve.org/view.php?id=CVE-2011-2480
Information Disclosure vulnerability in the 802.11 stack, as used in FreeBSD before 8.2 and NetBSD when using certain non-x86 architectures. A signedness error in the IEEE80211_IOC_CHANINFO ioctl allows a local unprivileged user to cause the kernel to copy large amounts of kernel memory back to the user, disclosing potentially sensitive information. Una vulnerabilidad de Divulgación de Información en el protocolo 802.11 stack, como es usado en FreeBSD versiones anteriores a la versión 8.2 y NetBSD cuando es usado en ciertas arquitecturas que no son x86. Un error de firma en la ioctl IEEE80211_IOC_CHANINFO permite a un usuario local sin privilegios causar que el kernel copie grandes cantidades de memoria de kernel hacia el usuario, revelando información potencialmente confidencial. • https://access.redhat.com/security/cve/cve-2011-2480 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=631160 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=631161 https://security-tracker.debian.org/tracker/CVE-2011-2480 https://www.openwall.com/lists/oss-security/2011/06/20/15 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.9EPSS: 0%CPEs: 55EXPL: 3CVE-2019-6111 – OpenSSH SCP Client - Write Arbitrary Files
https://notcve.org/view.php?id=CVE-2019-6111
An issue was discovered in OpenSSH 7.9. Due to the scp implementation being derived from 1983 rcp, the server chooses which files/directories are sent to the client. However, the scp client only performs cursory validation of the object name returned (only directory traversal attacks are prevented). A malicious scp server (or Man-in-The-Middle attacker) can overwrite arbitrary files in the scp client target directory. If recursive operation (-r) is performed, the server can manipulate subdirectories as well (for example, to overwrite the .ssh/authorized_keys file). • https://www.exploit-db.com/exploits/46516 https://www.exploit-db.com/exploits/46193 http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00058.html http://www.openwall.com/lists/oss-security/2019/04/18/1 http://www.openwall.com/lists/oss-security/2022/08/02/1 http://www.securityfocus.com/bid/106741 https://access.redhat.com/errata/RHSA-2019:3702 https://bugzilla.redhat.com/show_bug.cgi?id=1677794 https://cert-portal.siemens.com/productcert/pdf/ssa-412672&# • CWE-20: Improper Input Validation CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 0CVE-2018-17160
https://notcve.org/view.php?id=CVE-2018-17160
In FreeBSD before 11.2-STABLE(r341486) and 11.2-RELEASE-p6, insufficient bounds checking in one of the device models provided by bhyve can permit a guest operating system to overwrite memory in the bhyve host possibly permitting arbitrary code execution. A guest OS using a firmware image can cause the bhyve process to crash, or possibly execute arbitrary code on the host as root. En FreeBSD, en versiones anteriores a la 11.2-STABLE(r340854) y la 11.2-RELEASE-p5, una comprobación de límites insuficiente en uno de los modelos del dispositivo proporcionado por bhyve puede permitir que un sistema operativo invitado sobrescriba la memoria en el host bhyve, lo que podría permitir la ejecución de código arbitrario. Un sistema operativo invitado que emplea una imagen de firmware puede provocar que el proceso bhyve se cierre inesperadamente, así como la posible ejecución de código arbitrario en el host como root. • http://www.securityfocus.com/bid/106210 https://security.freebsd.org/advisories/FreeBSD-SA-18:14.bhyve.asc • CWE-787: Out-of-bounds Write •
CVSS: 10.0EPSS: 48%CPEs: 2EXPL: 0CVE-2018-17157
https://notcve.org/view.php?id=CVE-2018-17157
In FreeBSD before 11.2-STABLE(r340854) and 11.2-RELEASE-p5, an integer overflow error when handling opcodes can cause memory corruption by sending a specially crafted NFSv4 request. Unprivileged remote users with access to the NFS server may be able to execute arbitrary code. En FreeBSD, en versiones anteriores a la 11.2-STABLE(r340854) y la 11.2-RELEASE-p5, un error de desbordamiento de enteros al manejar opcodes puede provocar una corrupción de memoria mediante el envío de una petición NFSv4 especialmente manipulada. Los usuarios remotos sin privilegios con acceso al servidor NFS podrían ser capaces de ejecutar código arbitrario. • http://www.securityfocus.com/bid/106192 http://www.securitytracker.com/id/1042164 https://secuniaresearch.flexerasoftware.com/secunia_research/2018-25 https://security.freebsd.org/advisories/FreeBSD-SA-18:13.nfs.asc • CWE-190: Integer Overflow or Wraparound •