CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2014-3953 – Debian Security Advisory 3070-1
https://notcve.org/view.php?id=CVE-2014-3953
09 Jul 2014 — FreeBSD 8.4 before p14, 9.1 before p17, 9.2 before p10, and 10.0 before p7 does not properly initialize certain data structures, which allows local users to obtain sensitive information from kernel memory via a (1) SCTP_SNDRCV, (2) SCTP_EXTRCV, or (3) SCTP_RCVINFO SCTP cmsg or a (4) SCTP_PEER_ADDR_CHANGE, (5) SCTP_REMOTE_ERROR, or (6) SCTP_AUTHENTICATION_EVENT notification. FreeBSD 8.4 anterior a p14, 9.1 anterior a p17, 9.2 anterior a p10 y 10.0 anterior a p7 no inicializa debidamente ciertas estructuras d... • http://secunia.com/advisories/62218 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2014-3880 – Debian Security Advisory 2952-1
https://notcve.org/view.php?id=CVE-2014-3880
06 Jun 2014 — The (1) execve and (2) fexecve system calls in the FreeBSD kernel 8.4 before p11, 9.1 before p14, 9.2 before p7, and 10.0 before p4 destroys the virtual memory address space and mappings for a process before all threads have terminated, which allows local users to cause a denial of service (triple-fault and system reboot) via a crafted system call, which triggers an invalid page table pointer dereference. Las llamadas de sistema (1) execve y (2) fexecve en el kernel de FreeBSD 8.4 anterior a p11, 9.1 anteri... • http://secunia.com/advisories/59034 • CWE-20: Improper Input Validation •
CVSS: 1.9EPSS: 0%CPEs: 56EXPL: 0CVE-2014-3956 – Gentoo Linux Security Advisory 201412-32
https://notcve.org/view.php?id=CVE-2014-3956
04 Jun 2014 — The sm_close_on_exec function in conf.c in sendmail before 8.14.9 has arguments in the wrong order, and consequently skips setting expected FD_CLOEXEC flags, which allows local users to access unintended high-numbered file descriptors via a custom mail-delivery program. La función sm_close_on_exec en conf.c en sendmail anterior a 8.14.9 tiene argumentos en el orden erróneo, y como consecuencia evade configurar etiquetas FD_CLOEXEC esperadas, lo que permite a usuarios locales acceder a descriptores de archiv... • ftp://ftp.sendmail.org/pub/sendmail/RELEASE_NOTES • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2014-3873 – FreeBSD Security Advisory - ktrace Kernel Memory Disclosure
https://notcve.org/view.php?id=CVE-2014-3873
04 Jun 2014 — The ktrace utility in the FreeBSD kernel 8.4 before p11, 9.1 before p14, 9.2 before p7, and 9.3-BETA1 before p1 uses an incorrect page fault kernel trace entry size, which allows local users to obtain sensitive information from kernel memory via a kernel process trace. La utilidad ktrace en el kernel de FreeBSD 8.4 anterior a p11, 9.1 anterior a p14, 9.2 anterior a p7 y 9.3-BETA1 anterior a p1 utiliza un tamaño incorrecto de la entrada de la traza del error de página del kernel, lo que permite a usuarios lo... • http://secunia.com/advisories/58627 • CWE-20: Improper Input Validation •
CVSS: 9.8EPSS: 1%CPEs: 1EXPL: 0CVE-2014-3879 – FreeBSD Security Advisory - PAM Policy Parser
https://notcve.org/view.php?id=CVE-2014-3879
04 Jun 2014 — OpenPAM Nummularia 9.2 through 10.0 does not properly handle the error reported when an include directive refers to a policy that does not exist, which causes the loaded policy chain to no be discarded and allows context-dependent attackers to bypass authentication via a login (1) without a password or (2) with an incorrect password. OpenPAM Nummularia versiones 9.2 hasta 10.0, maneja inapropiadamente un error reportado cuando una directiva de inclusión hace referencia a una política que no existe, lo que c... • http://www.freebsd.org/security/advisories/FreeBSD-SA-14:13.pam.asc • CWE-287: Improper Authentication •
CVSS: 7.8EPSS: 8%CPEs: 5EXPL: 0CVE-2014-3000 – Debian Security Advisory 2952-1
https://notcve.org/view.php?id=CVE-2014-3000
01 May 2014 — The TCP reassembly function in the inet module in FreeBSD 8.3 before p16, 8.4 before p9, 9.1 before p12, 9.2 before p5, and 10.0 before p2 allows remote attackers to cause a denial of service (undefined memory access and system crash) or possibly read system memory via multiple crafted packets, related to moving a reassemble queue entry to the segment list when the queue is full. La función de reensamblaje de TCP en el módulo inet en FreeBSD 8.3 anterior a p16, 8.4 anterior a p9, 9.1 anterior a p12, 9.2 ant... • http://secunia.com/advisories/58293 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 6.5EPSS: 1%CPEs: 14EXPL: 0CVE-2014-1453 – FreeBSD Security Advisory - NFS Server Deadlock
https://notcve.org/view.php?id=CVE-2014-1453
09 Apr 2014 — The NFS server (nfsserver) in FreeBSD 8.3 through 10.0 does not acquire locks in the proper order when converting a directory file handle to a vnode, which allows remote authenticated users to cause a denial of service (deadlock) via vectors involving a thread that uses the correct locking order. El servidor NFS (nfsserver) en FreeBSD 8.3 hasta 10.0 no adquiere bloqueos en el orden debido cuando convierte un manejador de archivo de directorio hacia un vnode, lo que permite a usuarios remotos autenticados ca... • http://secunia.com/advisories/57760 • CWE-399: Resource Management Errors •
CVSS: 9.8EPSS: 0%CPEs: 11EXPL: 0CVE-2014-1452 – FreeBSD Security Advisory - bsnmpd Denial of Service
https://notcve.org/view.php?id=CVE-2014-1452
15 Jan 2014 — Stack-based buffer overflow in lib/snmpagent.c in bsnmpd, as used in FreeBSD 8.3 through 10.0, allows remote attackers to cause a denial of service (daemon crash) and possibly execute arbitrary code via a crafted GETBULK PDU request. Desbordamiento de buffer basado en pila en lib/snmpagent.c en bsnmpd, como se usa en FreeBSD 8.3 a 10.0, permite a atacantes remotos causar denegación de servicio (caída del demonio) y posiblemente ejecutar código arbitrario a través de una petición GETBULK PDU manipulada. The ... • http://secunia.com/advisories/56496 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 5.5EPSS: 0%CPEs: 73EXPL: 1CVE-2013-6832
https://notcve.org/view.php?id=CVE-2013-6832
21 Nov 2013 — The nand_ioctl function in sys/dev/nand/nand_geom.c in the nand driver in the kernel in FreeBSD 10 and earlier does not properly initialize a certain data structure, which allows local users to obtain sensitive information from kernel memory via a crafted ioctl call. La función nand_ioctl en el archivo sys/dev/nand/nand_geom.c en el controlador nand en el kernel en FreeBSD versión 10 y anteriores no inicializa apropiadamente una cierta estructura de datos, lo que permite a usuarios locales obtener informaci... • http://archives.neohapsis.com/archives/fulldisclosure/2013-11/0106.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.5EPSS: 0%CPEs: 73EXPL: 1CVE-2013-6833
https://notcve.org/view.php?id=CVE-2013-6833
21 Nov 2013 — The qls_eioctl function in sys/dev/qlxge/qls_ioctl.c in the kernel in FreeBSD 10 and earlier does not validate a certain size parameter, which allows local users to obtain sensitive information from kernel memory via a crafted ioctl call. La función qls_eioctl en el archivo sys/dev/qlxge/qls_ioctl.c en el kernel en FreeBSD versión 10 y anteriores, no comprueba un parámetro de cierto tamaño, lo que permite a usuarios locales obtener información confidencial de la memoria del kernel por medio de una llamada i... • http://archives.neohapsis.com/archives/fulldisclosure/2013-11/0107.html • CWE-20: Improper Input Validation •