CVSS: 7.5EPSS: 0%CPEs: 12EXPL: 0CVE-2019-5598 – FreeBSD Security Advisory - FreeBSD-SA-19:06.pf
https://notcve.org/view.php?id=CVE-2019-5598
15 May 2019 — In FreeBSD 11.3-PRERELEASE before r345378, 12.0-STABLE before r345377, 11.2-RELEASE before 11.2-RELEASE-p10, and 12.0-RELEASE before 12.0-RELEASE-p4, a bug in pf does not check if the outer ICMP or ICMP6 packet has the same destination IP as the source IP of the inner protocol packet allowing a maliciously crafted ICMP/ICMP6 packet could bypass the packet filter rules and be passed to a host that would otherwise be unavailable. n FreeBSD 11.3-PRERELEASE antes de r345378, 12.0-ESTABLE antes de r345377, 11.2-... • http://packetstormsecurity.com/files/152934/FreeBSD-Security-Advisory-FreeBSD-SA-19-06.pf.html • CWE-20: Improper Input Validation •
CVSS: 5.9EPSS: 1%CPEs: 24EXPL: 0CVE-2019-9494 – The implementations of SAE in hostapd and wpa_supplicant are vulnerable to side-channel attacks
https://notcve.org/view.php?id=CVE-2019-9494
17 Apr 2019 — The implementations of SAE in hostapd and wpa_supplicant are vulnerable to side channel attacks as a result of observable timing differences and cache access patterns. An attacker may be able to gain leaked information from a side channel attack that can be used for full password recovery. Both hostapd with SAE support and wpa_supplicant with SAE support prior to and including version 2.7 are affected. Las implementaciones SAE en hostapd y wpa_supplicant son vulnerables a los ataques de canal lateral (side ... • http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00021.html • CWE-203: Observable Discrepancy CWE-208: Observable Timing Discrepancy CWE-524: Use of Cache Containing Sensitive Information •
CVSS: 8.1EPSS: 1%CPEs: 28EXPL: 0CVE-2019-9498 – The implementations of EAP-PWD in hostapd EAP Server do not validate the scalar and element values in EAP-pwd-Commit
https://notcve.org/view.php?id=CVE-2019-9498
11 Apr 2019 — The implementations of EAP-PWD in hostapd EAP Server, when built against a crypto library missing explicit validation on imported elements, do not validate the scalar and element values in EAP-pwd-Commit. An attacker may be able to use invalid scalar/element values to complete authentication, gaining session key and network access without needing or learning the password. Both hostapd with SAE support and wpa_supplicant with SAE support prior to and including version 2.4 are affected. Both hostapd with EAP-... • http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00021.html • CWE-287: Improper Authentication CWE-346: Origin Validation Error •
CVSS: 8.1EPSS: 1%CPEs: 28EXPL: 0CVE-2019-9499 – The implementations of EAP-PWD in wpa_supplicant EAP Peer do not validate the scalar and element values in EAP-pwd-Commit
https://notcve.org/view.php?id=CVE-2019-9499
11 Apr 2019 — The implementations of EAP-PWD in wpa_supplicant EAP Peer, when built against a crypto library missing explicit validation on imported elements, do not validate the scalar and element values in EAP-pwd-Commit. An attacker may complete authentication, session key and control of the data connection with a client. Both hostapd with SAE support and wpa_supplicant with SAE support prior to and including version 2.4 are affected. Both hostapd with EAP-pwd support and wpa_supplicant with EAP-pwd support prior to a... • http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00021.html • CWE-287: Improper Authentication CWE-346: Origin Validation Error •
CVSS: 4.3EPSS: 2%CPEs: 25EXPL: 0CVE-2019-9495 – The implementations of EAP-PWD in hostapd and wpa_supplicant are vulnerable to side-channel attacks as a result of cache access patterns
https://notcve.org/view.php?id=CVE-2019-9495
11 Apr 2019 — The implementations of EAP-PWD in hostapd and wpa_supplicant are vulnerable to side-channel attacks as a result of cache access patterns. All versions of hostapd and wpa_supplicant with EAP-PWD support are vulnerable. The ability to install and execute applications is necessary for a successful attack. Memory access patterns are visible in a shared cache. Weak passwords may be cracked. • http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00021.html • CWE-203: Observable Discrepancy CWE-524: Use of Cache Containing Sensitive Information •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2019-5595 – FreeBSD Security Advisory - FreeBSD-SA-19:01.syscall
https://notcve.org/view.php?id=CVE-2019-5595
06 Feb 2019 — In FreeBSD before 11.2-STABLE(r343782), 11.2-RELEASE-p9, 12.0-STABLE(r343781), and 12.0-RELEASE-p3, kernel callee-save registers are not properly sanitized before return from system calls, potentially allowing some kernel data used in the system call to be exposed. En FreeBSD, en versiones anteriores a la 11.2-STABLE(r343782), 11.2-RELEASE-p9, 12.0-STABLE(r343781) y 12.0-RELEASE-p3, los registros callee-save del kernel no se sanean correctamente antes de volver de las llamadas del sistema, lo que podría per... • https://exchange.xforce.ibmcloud.com/vulnerabilities/156624 • CWE-459: Incomplete Cleanup •
CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 4CVE-2019-5596 – FreeBSD-SA-19:02.fd - Privilege Escalation
https://notcve.org/view.php?id=CVE-2019-5596
06 Feb 2019 — In FreeBSD 11.2-STABLE after r338618 and before r343786, 12.0-STABLE before r343781, and 12.0-RELEASE before 12.0-RELEASE-p3, a bug in the reference count implementation for UNIX domain sockets can cause a file structure to be incorrectly released potentially allowing a malicious local user to gain root privileges or escape from a jail. En FreeBSD 11.2-STABLE tras r338618 y antes de r343786, 12.0-STABLE antes de r343781 y 12.0-RELEASE antes de 12.0-RELEASE-p3, un error en la implementación del conteo de ref... • https://packetstorm.news/files/id/155790 •
CVSS: 5.9EPSS: 66%CPEs: 55EXPL: 6CVE-2019-6111 – SCP Client - Multiple Vulnerabilities (SSHtranger Things)
https://notcve.org/view.php?id=CVE-2019-6111
16 Jan 2019 — An issue was discovered in OpenSSH 7.9. Due to the scp implementation being derived from 1983 rcp, the server chooses which files/directories are sent to the client. However, the scp client only performs cursory validation of the object name returned (only directory traversal attacks are prevented). A malicious scp server (or Man-in-The-Middle attacker) can overwrite arbitrary files in the scp client target directory. If recursive operation (-r) is performed, the server can manipulate subdirectories as well... • https://packetstorm.news/files/id/151227 • CWE-20: Improper Input Validation CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 9.8EPSS: 2%CPEs: 7EXPL: 0CVE-2018-17161 – FreeBSD Security Advisory - FreeBSD-SA-18:15.bootpd
https://notcve.org/view.php?id=CVE-2018-17161
19 Dec 2018 — In FreeBSD before 11.2-STABLE(r348229), 11.2-RELEASE-p7, 12.0-STABLE(r342228), and 12.0-RELEASE-p1, insufficient validation of network-provided data in bootpd may make it possible for a malicious attacker to craft a bootp packet which could cause a stack buffer overflow. It is possible that the buffer overflow could lead to a Denial of Service or remote code execution. En FreeBSD en versiones anteriores a la 1.2-STABLE(r348229), 11.2-RELEASE-p7 y 12.0-STABLE(r342228) y en la 12.0-RELEASE-p1, una validación ... • http://www.securityfocus.com/bid/106292 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 10.0EPSS: 92%CPEs: 21EXPL: 12CVE-2011-4862 – Telnet Service Encryption Key ID Overflow Detection
https://notcve.org/view.php?id=CVE-2011-4862
25 Dec 2011 — Buffer overflow in libtelnet/encrypt.c in telnetd in FreeBSD 7.3 through 9.0, MIT Kerberos Version 5 Applications (aka krb5-appl) 1.0.2 and earlier, Heimdal 1.5.1 and earlier, GNU inetutils, and possibly other products allows remote attackers to execute arbitrary code via a long encryption key, as exploited in the wild in December 2011. Desbordamiento de búfer basado en pila en libtelnet/encrypt.c en telnetd en FreeBSD v7.3 hasta v9.0, MIT Kerberos Version v5 Applications (también conocido como krb5-appl) v... • https://packetstorm.news/files/id/180955 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •