CVSS: 7.8EPSS: 34%CPEs: 3EXPL: 2CVE-2016-1879 – FreeBSD SCTP ICMPv6 - Error Processing
https://notcve.org/view.php?id=CVE-2016-1879
15 Jan 2016 — The Stream Control Transmission Protocol (SCTP) module in FreeBSD 9.3 before p33, 10.1 before p26, and 10.2 before p9, when the kernel is configured for IPv6, allows remote attackers to cause a denial of service (assertion failure or NULL pointer dereference and kernel panic) via a crafted ICMPv6 packet. El módulo Stream Control Transmission Protocol (SCTP) en FreeBSD 9.3 en versiones anteriores a p33, 10.1 en versiones anteriores a p26 y 10.2 en versiones anteriores a p9, cuando el kernel está configurado ... • https://packetstorm.news/files/id/135369 •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2015-5675 – FreeBSD Security Advisory - IRET Handler Privilege Escalation
https://notcve.org/view.php?id=CVE-2015-5675
26 Aug 2015 — The sys_amd64 IRET Handler in the kernel in FreeBSD 9.3 and 10.1 allows local users to gain privileges or cause a denial of service (kernel panic). El manipulador IRET sys_amd64 en el kernel en FreeBSD 9.3 y 10.1 permite que usuarios locales obtengan privilegios o provoquen una denegación de servicio (pánico del kernel). If the kernel-mode IRET instruction generates an #SS or #NP exception, but the exception handler does not properly ensure that the right GS register base for kernel is reloaded, the userlan... • http://packetstormsecurity.com/files/133335/FreeBSD-Security-Advisory-IRET-Handler-Privilege-Escalation.html • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 6.5EPSS: 0%CPEs: 3EXPL: 0CVE-2015-5674 – FreeBSD Security Advisory - routed Denial of Service
https://notcve.org/view.php?id=CVE-2015-5674
06 Aug 2015 — The routed daemon in FreeBSD 9.3 before 9.3-RELEASE-p22, 10.2-RC2 before 10.2-RC2-p1, 10.2-RC1 before 10.2-RC1-p2, 10.2 before 10.2-BETA2-p3, and 10.1 before 10.1-RELEASE-p17 allows remote authenticated users to cause a denial of service (assertion failure and daemon exit) via a query from a network that is not directly connected. Routed daemon en FreeBSD 9.3 anteriores a 9.3-RELEASE-p22, 10.2-RC2 anteriores a 10.2-RC2-p1, 10.2-RC1 anteriores a 10.2-RC1-p2, 10.2 anteriores a 10.2-BETA2-p3 y 10.1 anteriores ... • http://www.securityfocus.com/bid/76244 • CWE-20: Improper Input Validation •
CVSS: 7.5EPSS: 0%CPEs: 56EXPL: 0CVE-2015-1417 – FreeBSD Security Advisory - TCP Reassembly Resource Exhaustion
https://notcve.org/view.php?id=CVE-2015-1417
28 Jul 2015 — The inet module in FreeBSD 10.2x before 10.2-PRERELEASE, 10.2-BETA2-p2, 10.2-RC1-p1, 10.1x before 10.1-RELEASE-p16, 9.x before 9.3-STABLE, 9.3-RELEASE-p21, and 8.x before 8.4-STABLE, 8.4-RELEASE-p35 on systems with VNET enabled and at least 16 VNET instances allows remote attackers to cause a denial of service (mbuf consumption) via multiple concurrent TCP connections. El módulo inet en FreeBSD versión 10.2x anterior a 10.2-PRERELEASE, versión 10.2-BETA2-p2, versión 10.2-RC1-p1, versión 10.1x anterior a 10.... • http://www.securityfocus.com/bid/76112 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 3CVE-2015-1415 – FreeBSD Security Advisory - GELI Keyfile Permissions
https://notcve.org/view.php?id=CVE-2015-1415
08 Apr 2015 — The bsdinstall installer in FreeBSD 10.x before 10.1 p9, when configuring full disk encrypted ZFS, uses world-readable permissions for the GELI keyfile (/boot/encryption.key), which allows local users to obtain sensitive key information by reading the file. El instalador bsdinstall en FreeBSD 10.x anterior a 10.1 p9, cuando configura ZFS codificado de disco completo, utiliza permisos de lectura universal para el fichero de claves GELI (/boot/encryption.key), lo que permite a usuarios locales obtener informa... • https://packetstorm.news/files/id/131338 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2015-2923 – Debian Security Advisory 3175-2
https://notcve.org/view.php?id=CVE-2015-2923
08 Apr 2015 — The Neighbor Discovery (ND) protocol implementation in the IPv6 stack in FreeBSD through 10.1 allows remote attackers to reconfigure a hop-limit setting via a small hop_limit value in a Router Advertisement (RA) message. La implementación del protocolo Neighbor Discovery (ND) en la pila de IPv6 en FreeBSD versiones hasta 10.1, permite a atacantes remotos reconfigurar una configuración de hop-limit por medio de un valor hop_limit pequeño en un mensaje Router Advertisement (RA). The Neighbor Discover Protocol... • http://openwall.com/lists/oss-security/2015/04/04/2 • CWE-20: Improper Input Validation •
CVSS: 7.8EPSS: 11%CPEs: 9EXPL: 0CVE-2015-1414 – Debian Security Advisory 3175-2
https://notcve.org/view.php?id=CVE-2015-1414
26 Feb 2015 — Integer overflow in FreeBSD before 8.4 p24, 9.x before 9.3 p10. 10.0 before p18, and 10.1 before p6 allows remote attackers to cause a denial of service (crash) via a crafted IGMP packet, which triggers an incorrect size calculation and allocation of insufficient memory. Desbordamiento de enteros en FreeBSD anterior a 8.4 p24, 9.x anterior a 9.3 p10. 10.0 anterior a p18, y 10.1 anterior a p6 permite a atacantes remotos causar una denegación de servicio (caída) a través de un paquete IGMP, lo que provoca un ... • http://www.debian.org/security/2015/dsa-3175 •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2014-8613 – FreeBSD Security Advisory - SCTP Stream Reset
https://notcve.org/view.php?id=CVE-2014-8613
29 Jan 2015 — The sctp module in FreeBSD 10.1 before p5, 10.0 before p17, 9.3 before p9, and 8.4 before p23 allows remote attackers to cause a denial of service (NULL pointer dereference and kernel panic) via a crafted RE_CONFIG chunk. El módulo sctp en FreeBSD 10.1 anterior a p5, 10.0 anterior a p17, 9.3 anterior a p9, y 8.4 anterior a p23 permite a atacantes remotos causar una denegación de servicio (referencia a puntero nulo y pánico del kernel) a través de un fragmento RE_CONFIG manipulado. The input validation of re... • http://www.securityfocus.com/bid/72345 •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 5CVE-2014-8612 – FreeBSD - Multiple Vulnerabilities
https://notcve.org/view.php?id=CVE-2014-8612
28 Jan 2015 — Multiple array index errors in the Stream Control Transmission Protocol (SCTP) module in FreeBSD 10.1 before p5, 10.0 before p17, 9.3 before p9, and 8.4 before p23 allow local users to (1) gain privileges via the stream id to the setsockopt function, when setting the SCTIP_SS_VALUE option, or (2) read arbitrary kernel memory via the stream id to the getsockopt function, when getting the SCTP_SS_PRIORITY option. Múltiples errors en el indice del array en el módulo Stream Control Transmission Protocol (SCTP) ... • https://packetstorm.news/files/id/130124 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 5.5EPSS: 0%CPEs: 13EXPL: 0CVE-2014-8476 – Debian Security Advisory 3070-1
https://notcve.org/view.php?id=CVE-2014-8476
05 Nov 2014 — The setlogin function in FreeBSD 8.4 through 10.1-RC4 does not initialize the buffer used to store the login name, which allows local users to obtain sensitive information from kernel memory via a call to getlogin, which returns the entire buffer. La función setlogin en FreeBSD 8.4 hasta 10.1-RC4 no inicializa el buffer usado para guardar el nombre del login, lo que permite a usuarios locales obtener información sensible desde la memoria del kernel a través de una llamada a getlogin, lo que devuelve el buff... • http://secunia.com/advisories/61118 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •