CVSS: 7.5EPSS: 3%CPEs: 4EXPL: 0CVE-2014-7250
https://notcve.org/view.php?id=CVE-2014-7250
12 Dec 2014 — The TCP stack in 4.3BSD Net/2, as used in FreeBSD 5.4, NetBSD possibly 2.0, and OpenBSD possibly 3.6, does not properly implement the session timer, which allows remote attackers to cause a denial of service (resource consumption) via crafted packets. La pila de TCP en 4.3BSD Net/2, utilizado en FreeBSD 5.4, NetBSD posiblemente 2.0, y OpenBSD posiblemente 3.6, no implementa correctamente el temporizador de la sesión, lo que permite a atacantes remotos causar una denegación de servicio (consumo de recursos) ... • http://jvn.jp/en/jp/JVN07930208/index.html • CWE-399: Resource Management Errors •
CVSS: 7.5EPSS: 1%CPEs: 3EXPL: 0CVE-2014-8475 – FreeBSD Security Advisory - sshd Denial of Service
https://notcve.org/view.php?id=CVE-2014-8475
05 Nov 2014 — FreeBSD 9.1, 9.2, and 10.0, when compiling OpenSSH with Kerberos support, uses incorrect library ordering when linking sshd, which causes symbols to be resolved incorrectly and allows remote attackers to cause a denial of service (sshd deadlock and prevention of new connections) by ending multiple connections before authentication is completed. FreeBSD 9.1, 9.2, y 10.0 cuando OpenSSH es compilado con soporte de Kerberos, usa un orden de librerías incorrecto al vincular sshd, que provoca que los símbolos se ... • http://packetstormsecurity.com/files/128972/FreeBSD-Security-Advisory-sshd-Denial-Of-Service.html • CWE-17: DEPRECATED: Code •
CVSS: 5.5EPSS: 0%CPEs: 13EXPL: 0CVE-2014-8476 – Debian Security Advisory 3070-1
https://notcve.org/view.php?id=CVE-2014-8476
05 Nov 2014 — The setlogin function in FreeBSD 8.4 through 10.1-RC4 does not initialize the buffer used to store the login name, which allows local users to obtain sensitive information from kernel memory via a call to getlogin, which returns the entire buffer. La función setlogin en FreeBSD 8.4 hasta 10.1-RC4 no inicializa el buffer usado para guardar el nombre del login, lo que permite a usuarios locales obtener información sensible desde la memoria del kernel a través de una llamada a getlogin, lo que devuelve el buff... • http://secunia.com/advisories/61118 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.5EPSS: 0%CPEs: 16EXPL: 0CVE-2014-3711 – FreeBSD Security Advisory - namei Memory Leak
https://notcve.org/view.php?id=CVE-2014-3711
22 Oct 2014 — namei in FreeBSD 9.1 through 10.1-RC2 allows remote attackers to cause a denial of service (memory exhaustion) via vectors that trigger a sandboxed process to look up a large number of nonexistent path names. namei en FreeBSD 9.1 hasta 10.1-RC2 permite a atacantes remotos causar una denegación de servicio (agotamiento de memoria) a través de vectores que provocan que un proceso de sandbox busque un número grande de nombres de rutas no existentes. The namei facility will leak a small amount of kernel memory ... • http://secunia.com/advisories/62218 • CWE-399: Resource Management Errors •
CVSS: 10.0EPSS: 8%CPEs: 16EXPL: 0CVE-2014-3954 – FreeBSD Security Advisory - rtsold(8) Remote Buffer Overflow
https://notcve.org/view.php?id=CVE-2014-3954
22 Oct 2014 — Stack-based buffer overflow in rtsold in FreeBSD 9.1 through 10.1-RC2 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via crafted DNS parameters in a router advertisement message. Desbordamiento de buffer basado en pila en rtsold en FreeBSD 9.1 hasta 10.1-RC2 permite a atacantes remotos causar una denegación de servicio (caída) o posiblemente ejecutar código arbitrario a través de parámetros DNS manipulados en un mensaje de anuncio de router. Due to a missing ... • http://www.securitytracker.com/id/1031098 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.5EPSS: 0%CPEs: 21EXPL: 0CVE-2014-3955 – FreeBSD Security Advisory - routed(8) Remote Denial of Service
https://notcve.org/view.php?id=CVE-2014-3955
22 Oct 2014 — routed in FreeBSD 8.4 through 10.1-RC2 allows remote attackers to cause a denial of service (assertion failure and daemon exit) via an RIP request from a source not on a directly connected network. routed en FreeBSD 8.4 hasta 10.1-RC2 permite a atacantes remotos causar una denegación de servicio (fallo de aserción y salida de demonio) a través de una solicitud RIP de una fuente que no está en una red conectada directamente. The input path in routed(8) will accept queries from any source and attempt to answe... • http://secunia.com/advisories/61865 • CWE-20: Improper Input Validation •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2014-3952 – Debian Security Advisory 3070-1
https://notcve.org/view.php?id=CVE-2014-3952
09 Jul 2014 — FreeBSD 8.4 before p14, 9.1 before p17, 9.2 before p10, and 10.0 before p7 does not properly initialize the buffer between the header and data of a control message, which allows local users to obtain sensitive information from kernel memory via unspecified vectors. FreeBSD 8.4 anterior a p14, 9.1 anterior a p17, 9.2 anterior a p10 y 10.0 anterior a p7 no inicializa debidamente el buffer entre la cabecera y los datos de un mensaje de control, lo que permite a usuarios locales obtener información sensible de ... • http://secunia.com/advisories/62218 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2014-3953 – Debian Security Advisory 3070-1
https://notcve.org/view.php?id=CVE-2014-3953
09 Jul 2014 — FreeBSD 8.4 before p14, 9.1 before p17, 9.2 before p10, and 10.0 before p7 does not properly initialize certain data structures, which allows local users to obtain sensitive information from kernel memory via a (1) SCTP_SNDRCV, (2) SCTP_EXTRCV, or (3) SCTP_RCVINFO SCTP cmsg or a (4) SCTP_PEER_ADDR_CHANGE, (5) SCTP_REMOTE_ERROR, or (6) SCTP_AUTHENTICATION_EVENT notification. FreeBSD 8.4 anterior a p14, 9.1 anterior a p17, 9.2 anterior a p10 y 10.0 anterior a p7 no inicializa debidamente ciertas estructuras d... • http://secunia.com/advisories/62218 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2014-3880 – Debian Security Advisory 2952-1
https://notcve.org/view.php?id=CVE-2014-3880
06 Jun 2014 — The (1) execve and (2) fexecve system calls in the FreeBSD kernel 8.4 before p11, 9.1 before p14, 9.2 before p7, and 10.0 before p4 destroys the virtual memory address space and mappings for a process before all threads have terminated, which allows local users to cause a denial of service (triple-fault and system reboot) via a crafted system call, which triggers an invalid page table pointer dereference. Las llamadas de sistema (1) execve y (2) fexecve en el kernel de FreeBSD 8.4 anterior a p11, 9.1 anteri... • http://secunia.com/advisories/59034 • CWE-20: Improper Input Validation •
CVSS: 1.9EPSS: 0%CPEs: 56EXPL: 0CVE-2014-3956 – Gentoo Linux Security Advisory 201412-32
https://notcve.org/view.php?id=CVE-2014-3956
04 Jun 2014 — The sm_close_on_exec function in conf.c in sendmail before 8.14.9 has arguments in the wrong order, and consequently skips setting expected FD_CLOEXEC flags, which allows local users to access unintended high-numbered file descriptors via a custom mail-delivery program. La función sm_close_on_exec en conf.c en sendmail anterior a 8.14.9 tiene argumentos en el orden erróneo, y como consecuencia evade configurar etiquetas FD_CLOEXEC esperadas, lo que permite a usuarios locales acceder a descriptores de archiv... • ftp://ftp.sendmail.org/pub/sendmail/RELEASE_NOTES • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •