CVSS: 6.5EPSS: 5%CPEs: 1EXPL: 0CVE-2015-2923 – Debian Security Advisory 3175-2
https://notcve.org/view.php?id=CVE-2015-2923
08 Apr 2015 — The Neighbor Discovery (ND) protocol implementation in the IPv6 stack in FreeBSD through 10.1 allows remote attackers to reconfigure a hop-limit setting via a small hop_limit value in a Router Advertisement (RA) message. La implementación del protocolo Neighbor Discovery (ND) en la pila de IPv6 en FreeBSD versiones hasta 10.1, permite a atacantes remotos reconfigurar una configuración de hop-limit por medio de un valor hop_limit pequeño en un mensaje Router Advertisement (RA). The Neighbor Discover Protocol... • http://openwall.com/lists/oss-security/2015/04/04/2 • CWE-20: Improper Input Validation •
CVSS: 7.8EPSS: 2%CPEs: 9EXPL: 0CVE-2015-1414 – Debian Security Advisory 3175-2
https://notcve.org/view.php?id=CVE-2015-1414
26 Feb 2015 — Integer overflow in FreeBSD before 8.4 p24, 9.x before 9.3 p10. 10.0 before p18, and 10.1 before p6 allows remote attackers to cause a denial of service (crash) via a crafted IGMP packet, which triggers an incorrect size calculation and allocation of insufficient memory. Desbordamiento de enteros en FreeBSD anterior a 8.4 p24, 9.x anterior a 9.3 p10. 10.0 anterior a p18, y 10.1 anterior a p6 permite a atacantes remotos causar una denegación de servicio (caída) a través de un paquete IGMP, lo que provoca un ... • http://www.debian.org/security/2015/dsa-3175 •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2014-8613 – FreeBSD Security Advisory - SCTP Stream Reset
https://notcve.org/view.php?id=CVE-2014-8613
29 Jan 2015 — The sctp module in FreeBSD 10.1 before p5, 10.0 before p17, 9.3 before p9, and 8.4 before p23 allows remote attackers to cause a denial of service (NULL pointer dereference and kernel panic) via a crafted RE_CONFIG chunk. El módulo sctp en FreeBSD 10.1 anterior a p5, 10.0 anterior a p17, 9.3 anterior a p9, y 8.4 anterior a p23 permite a atacantes remotos causar una denegación de servicio (referencia a puntero nulo y pánico del kernel) a través de un fragmento RE_CONFIG manipulado. The input validation of re... • http://www.securityfocus.com/bid/72345 •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 5CVE-2014-8612 – FreeBSD - Multiple Vulnerabilities
https://notcve.org/view.php?id=CVE-2014-8612
28 Jan 2015 — Multiple array index errors in the Stream Control Transmission Protocol (SCTP) module in FreeBSD 10.1 before p5, 10.0 before p17, 9.3 before p9, and 8.4 before p23 allow local users to (1) gain privileges via the stream id to the setsockopt function, when setting the SCTIP_SS_VALUE option, or (2) read arbitrary kernel memory via the stream id to the getsockopt function, when getting the SCTP_SS_PRIORITY option. Múltiples errors en el indice del array en el módulo Stream Control Transmission Protocol (SCTP) ... • https://packetstorm.news/files/id/130124 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 5.5EPSS: 0%CPEs: 13EXPL: 0CVE-2014-8476 – Debian Security Advisory 3070-1
https://notcve.org/view.php?id=CVE-2014-8476
05 Nov 2014 — The setlogin function in FreeBSD 8.4 through 10.1-RC4 does not initialize the buffer used to store the login name, which allows local users to obtain sensitive information from kernel memory via a call to getlogin, which returns the entire buffer. La función setlogin en FreeBSD 8.4 hasta 10.1-RC4 no inicializa el buffer usado para guardar el nombre del login, lo que permite a usuarios locales obtener información sensible desde la memoria del kernel a través de una llamada a getlogin, lo que devuelve el buff... • http://secunia.com/advisories/61118 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.5EPSS: 1%CPEs: 3EXPL: 0CVE-2014-8475 – FreeBSD Security Advisory - sshd Denial of Service
https://notcve.org/view.php?id=CVE-2014-8475
05 Nov 2014 — FreeBSD 9.1, 9.2, and 10.0, when compiling OpenSSH with Kerberos support, uses incorrect library ordering when linking sshd, which causes symbols to be resolved incorrectly and allows remote attackers to cause a denial of service (sshd deadlock and prevention of new connections) by ending multiple connections before authentication is completed. FreeBSD 9.1, 9.2, y 10.0 cuando OpenSSH es compilado con soporte de Kerberos, usa un orden de librerías incorrecto al vincular sshd, que provoca que los símbolos se ... • http://packetstormsecurity.com/files/128972/FreeBSD-Security-Advisory-sshd-Denial-Of-Service.html • CWE-17: DEPRECATED: Code •
CVSS: 7.5EPSS: 0%CPEs: 16EXPL: 0CVE-2014-3711 – FreeBSD Security Advisory - namei Memory Leak
https://notcve.org/view.php?id=CVE-2014-3711
22 Oct 2014 — namei in FreeBSD 9.1 through 10.1-RC2 allows remote attackers to cause a denial of service (memory exhaustion) via vectors that trigger a sandboxed process to look up a large number of nonexistent path names. namei en FreeBSD 9.1 hasta 10.1-RC2 permite a atacantes remotos causar una denegación de servicio (agotamiento de memoria) a través de vectores que provocan que un proceso de sandbox busque un número grande de nombres de rutas no existentes. The namei facility will leak a small amount of kernel memory ... • http://secunia.com/advisories/62218 • CWE-399: Resource Management Errors •
CVSS: 10.0EPSS: 8%CPEs: 16EXPL: 0CVE-2014-3954 – FreeBSD Security Advisory - rtsold(8) Remote Buffer Overflow
https://notcve.org/view.php?id=CVE-2014-3954
22 Oct 2014 — Stack-based buffer overflow in rtsold in FreeBSD 9.1 through 10.1-RC2 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via crafted DNS parameters in a router advertisement message. Desbordamiento de buffer basado en pila en rtsold en FreeBSD 9.1 hasta 10.1-RC2 permite a atacantes remotos causar una denegación de servicio (caída) o posiblemente ejecutar código arbitrario a través de parámetros DNS manipulados en un mensaje de anuncio de router. Due to a missing ... • http://www.securitytracker.com/id/1031098 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.5EPSS: 0%CPEs: 21EXPL: 0CVE-2014-3955 – FreeBSD Security Advisory - routed(8) Remote Denial of Service
https://notcve.org/view.php?id=CVE-2014-3955
22 Oct 2014 — routed in FreeBSD 8.4 through 10.1-RC2 allows remote attackers to cause a denial of service (assertion failure and daemon exit) via an RIP request from a source not on a directly connected network. routed en FreeBSD 8.4 hasta 10.1-RC2 permite a atacantes remotos causar una denegación de servicio (fallo de aserción y salida de demonio) a través de una solicitud RIP de una fuente que no está en una red conectada directamente. The input path in routed(8) will accept queries from any source and attempt to answe... • http://secunia.com/advisories/61865 • CWE-20: Improper Input Validation •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2014-3953 – Debian Security Advisory 3070-1
https://notcve.org/view.php?id=CVE-2014-3953
09 Jul 2014 — FreeBSD 8.4 before p14, 9.1 before p17, 9.2 before p10, and 10.0 before p7 does not properly initialize certain data structures, which allows local users to obtain sensitive information from kernel memory via a (1) SCTP_SNDRCV, (2) SCTP_EXTRCV, or (3) SCTP_RCVINFO SCTP cmsg or a (4) SCTP_PEER_ADDR_CHANGE, (5) SCTP_REMOTE_ERROR, or (6) SCTP_AUTHENTICATION_EVENT notification. FreeBSD 8.4 anterior a p14, 9.1 anterior a p17, 9.2 anterior a p10 y 10.0 anterior a p7 no inicializa debidamente ciertas estructuras d... • http://secunia.com/advisories/62218 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •