Page 5 of 176 results (0.012 seconds)

CVSS: 5.0EPSS: 0%CPEs: 2EXPL: 0

CVE-2007-6754

https://notcve.org/view.php?id=CVE-2007-6754

The ipalloc function in libc/stdlib/malloc.c in jemalloc in libc for FreeBSD 6.4 and NetBSD does not properly allocate memory, which makes it easier for context-dependent attackers to perform memory-related attacks such as buffer overflows via a large size value, related to "integer rounding and overflow" errors. La función ipalloc en libc /stdlib/malloc.c en jemalloc en libc para FreeBSD y NetBSD v6.4 no asignan correctamente la memoria, lo que hace que sea más fácil para los atacantes dependientes de contexto llevar a cabo ataques relacionados con la memoria, tales como desbordamientos de búfer a través de un valor de tamaño grande, relacionado con errores de "redondeo entero y desbordamiento". • http://kqueue.org/blog/2012/03/05/memory-allocator-security-revisited http://svnweb.freebsd.org/base?view=revision&revision=167872 • CWE-189: Numeric Errors •

CVSS: 5.0EPSS: 0%CPEs: 2EXPL: 0

CVE-2006-7252

https://notcve.org/view.php?id=CVE-2006-7252

Integer overflow in the calloc function in libc/stdlib/malloc.c in jemalloc in libc for FreeBSD 6.4 and NetBSD makes it easier for context-dependent attackers to perform memory-related attacks such as buffer overflows via a large size value, which triggers a memory allocation of one byte. • http://kqueue.org/blog/2012/03/05/memory-allocator-security-revisited http://svnweb.freebsd.org/base?view=revision&revision=161263 • CWE-189: Numeric Errors •

CVSS: 7.9EPSS: 0%CPEs: 20EXPL: 4

CVE-2012-0217 – FreeBSD Intel SYSRET Privilege Escalation

https://notcve.org/view.php?id=CVE-2012-0217

The x86-64 kernel system-call functionality in Xen 4.1.2 and earlier, as used in Citrix XenServer 6.0.2 and earlier and other products; Oracle Solaris 11 and earlier; illumos before r13724; Joyent SmartOS before 20120614T184600Z; FreeBSD before 9.0-RELEASE-p3; NetBSD 6.0 Beta and earlier; Microsoft Windows Server 2008 R2 and R2 SP1 and Windows 7 Gold and SP1; and possibly other operating systems, when running on an Intel processor, incorrectly uses the sysret path in cases where a certain address is not a canonical address, which allows local users to gain privileges via a crafted application. NOTE: because this issue is due to incorrect use of the Intel specification, it should have been split into separate identifiers; however, there was some value in preserving the original mapping of the multi-codebase coordinated-disclosure effort to a single identifier. El modo de usuario Scheduler en el núcleo en Microsoft Windows Server v2008 R2 y R2 SP1 y Windows v7 Gold y SP1 sobre la plataforma x64 no maneja adecuadamente solicitudes del sistema, lo que permite a usuarios locales obtener privilegios a través de una aplicación modificada, también conocida como "vulnerabilidad de corrupción de memoria de modo de usuario Scheduler". It was found that the Xen hypervisor implementation as shipped with Red Hat Enterprise Linux 5 did not properly restrict the syscall return addresses in the sysret return path to canonical addresses. An unprivileged user in a 64-bit para-virtualized guest, that is running on a 64-bit host that has an Intel CPU, could use this flaw to crash the host or, potentially, escalate their privileges, allowing them to execute arbitrary code at the hypervisor level. • https://www.exploit-db.com/exploits/46508 https://www.exploit-db.com/exploits/28718 https://www.exploit-db.com/exploits/20861 http://blog.illumos.org/2012/06/14/illumos-vulnerability-patched http://blog.xen.org/index.php/2012/06/13/the-intel-sysret-privilege-escalation http://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2012-003.txt.asc http://lists.xen.org/archives/html/xen-announce/2012-06/msg00001.html http://lists.xen.org/archives/html/xen-devel/2012-06 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0

CVE-2011-2393

https://notcve.org/view.php?id=CVE-2011-2393

The Neighbor Discovery (ND) protocol implementation in the IPv6 stack in FreeBSD, NetBSD, and possibly other BSD-based operating systems allows remote attackers to cause a denial of service (CPU consumption and device hang) by sending many Router Advertisement (RA) messages with different source addresses, a similar vulnerability to CVE-2010-4670. La implementación del protocolo de descubrimiento de vecinos (Neighbor Discovery - ND) en la pila IPv6 en FreeBSD, NetBSD, y posiblemente, otros sistemas operativos basados ??en BSD permite a atacantes remotos provocar una denegación de servicio (consumo de CPU y bloqueo del dispositivo) mediante el envío de muchos mensajes de anuncio de enrutador (Router Advertisemente - RA) con direcciones de origen diferente. Se trata de una vulnerabilidad similar a CVE-2010-4670. • http://seclists.org/fulldisclosure/2011/Apr/86 http://www.mh-sec.de/downloads/mh-RA_flooding_CVE-2010-multiple.txt • CWE-399: Resource Management Errors •

CVSS: 9.3EPSS: 1%CPEs: 40EXPL: 0

CVE-2011-2895 – BSD compress LZW decoder buffer overflow

https://notcve.org/view.php?id=CVE-2011-2895

The LZW decompressor in (1) the BufCompressedFill function in fontfile/decompress.c in X.Org libXfont before 1.4.4 and (2) compress/compress.c in 4.3BSD, as used in zopen.c in OpenBSD before 3.8, FreeBSD, NetBSD 4.0.x and 5.0.x before 5.0.3 and 5.1.x before 5.1.1, FreeType 2.1.9, and other products, does not properly handle code words that are absent from the decompression table when encountered, which allows context-dependent attackers to trigger an infinite loop or a heap-based buffer overflow, and possibly execute arbitrary code, via a crafted compressed stream, a related issue to CVE-2006-1168 and CVE-2011-2896. El descompresor en LZW en (1) la función BufCompressedFill en fontfile/decompress.c en X.Org libXfont antes de la versión v1.4.4 y (2) compress/compress.c en 4.3BSD, tal y como se utiliza en zopen.c en OpenBSD antes de la versión v3.8, FreeBSD, NetBSD, FreeType v2.1.9, y otros productos, no controla correctamente las palabras de código ausentes de la tabla de descompresión, lo que permite provocar un bucle infinito o un desbordamiento de búfer basado en memoria dinámica (heap) a atacantes (dependiendo del contexto) y posiblemente ejecutar código de su elección a través de un flujo comprimido debidamente modificado. Se trata de un problema relacionado con los CVE-2006-1168 y CVE-2011 2896. • http://cgit.freedesktop.org/xorg/lib/libXfont/commit/?id=d11ee5886e9d9ec610051a206b135a4cdc1e09a0 http://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2011-007.txt.asc http://lists.apple.com/archives/security-announce/2012/Feb/msg00000.html http://lists.apple.com/archives/security-announce/2012/May/msg00001.html http://lists.apple.com/archives/security-announce/2015/Dec/msg00000.html http://lists.apple.com/archives/security-announce/2015/Dec/msg00001.html http://lists.apple.com/archives/secur • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •