Page 6 of 91 results (0.012 seconds)

CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0

In FreeBSD before 11.2-STABLE(r338987), 11.2-RELEASE-p4, and 11.1-RELEASE-p15, due to insufficient memory checking in the freebsd4_getfsstat system call, a NULL pointer dereference can occur. Unprivileged authenticated local users may be able to cause a denial of service. En FreeBSD en versiones anteriores a la 11.2-STABLE(r338987), 11.2-RELEASE-p4 y 11.1-RELEASE-p15, debido a una comprobación de memoria insuficiente en la llamada del sistema freebsd4_getfsstat, puede ocurrir una desreferencia de puntero NULL. Los usuarios autenticados no privilegiados podrían ser capaces de provocar una denegación de servicio (DoS). • https://security.FreeBSD.org/advisories/FreeBSD-EN-18:10.syscall.asc • CWE-476: NULL Pointer Dereference •

CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0

In FreeBSD before 11.2-STABLE(r338986), 11.2-RELEASE-p4, 11.1-RELEASE-p15, 10.4-STABLE(r338985), and 10.4-RELEASE-p13, due to improper maintenance of IPv6 protocol control block flags through various failure paths, an unprivileged authenticated local user may be able to cause a NULL pointer dereference causing the kernel to crash. En FreeBSD en versiones anteriores a la 11.2-STABLE(r338986), 11.2-RELEASE-p4, 11.1-RELEASE-p15, 10.4-STABLE(r338985) y 10.4-RELEASE-p13, debido al mantenimiento indebido de las etiquetas de bloques de control del protocolo IPv6 mediante varias rutas de error, un usuario local autenticado sin privilegios podría provocar una desreferencia de puntero NULL que haga que el kernel se cierre inesperadamente. • https://security.FreeBSD.org/advisories/FreeBSD-EN-18:11.listen.asc https://www.flexera.com/company/secunia-research/advisories/SR-2018-21.html • CWE-476: NULL Pointer Dereference •

CVSS: 7.8EPSS: 0%CPEs: 40EXPL: 0

In FreeBSD before 11.1-STABLE, 11.2-RELEASE-p2, 11.1-RELEASE-p13, ip fragment reassembly code is vulnerable to a denial of service due to excessive system resource consumption. This issue can allow a remote attacker who is able to send an arbitrary ip fragments to cause the machine to consume excessive resources. En FreeBSD en versiones anteriores a la 11.1-STABLE, 11.2-RELEASE-p2 y 11.1-RELEASE-p13, el código de reensamblado de fragmentos de ip es vulnerable a una denegación de servicio (DoS) debido al consumo excesivo de recursos del sistema. Este problema puede permitir que un atacante remoto que pueda enviar fragmentos de ip arbitrarios haga que la máquina consuma demasiados recursos. • http://www.securityfocus.com/bid/105336 http://www.securitytracker.com/id/1041505 https://www.freebsd.org/security/advisories/FreeBSD-SA-18:10.ip.asc • CWE-400: Uncontrolled Resource Consumption •

CVSS: 5.6EPSS: 0%CPEs: 481EXPL: 0

System software utilizing Lazy FP state restore technique on systems using Intel Core-based microprocessors may potentially allow a local process to infer data from another process through a speculative execution side channel. El software de sistema que emplea la técnica de restauración de estado Lazy FP en los sistemas que emplean microprocesadores de Intel Core podrían permitir que un proceso local infiera datos de otro proceso mediante un canal lateral de ejecución especulativa. A Floating Point Unit (FPU) state information leakage flaw was found in the way the Linux kernel saved and restored the FPU state during task switch. Linux kernels that follow the "Lazy FPU Restore" scheme are vulnerable to the FPU state information leakage issue. An unprivileged local attacker could use this flaw to read FPU state bits by conducting targeted cache side-channel attacks, similar to the Meltdown vulnerability disclosed earlier this year. • http://www.securityfocus.com/bid/104460 http://www.securitytracker.com/id/1041124 http://www.securitytracker.com/id/1041125 https://access.redhat.com/errata/RHSA-2018:1852 https://access.redhat.com/errata/RHSA-2018:1944 https://access.redhat.com/errata/RHSA-2018:2164 https://access.redhat.com/errata/RHSA-2018:2165 https://access.redhat.com/errata/RHSA-2019:1170 https://access.redhat.com/errata/RHSA-2019:1190 https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes& • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 7.8EPSS: 0%CPEs: 24EXPL: 4

A statement in the System Programming Guide of the Intel 64 and IA-32 Architectures Software Developer's Manual (SDM) was mishandled in the development of some or all operating-system kernels, resulting in unexpected behavior for #DB exceptions that are deferred by MOV SS or POP SS, as demonstrated by (for example) privilege escalation in Windows, macOS, some Xen configurations, or FreeBSD, or a Linux kernel crash. The MOV to SS and POP SS instructions inhibit interrupts (including NMIs), data breakpoints, and single step trap exceptions until the instruction boundary following the next instruction (SDM Vol. 3A; section 6.8.3). (The inhibited data breakpoints are those on memory accessed by the MOV to SS or POP to SS instruction itself.) Note that debug exceptions are not inhibited by the interrupt enable (EFLAGS.IF) system flag (SDM Vol. 3A; section 2.3). If the instruction following the MOV to SS or POP to SS instruction is an instruction like SYSCALL, SYSENTER, INT 3, etc. that transfers control to the operating system at CPL < 3, the debug exception is delivered after the transfer to CPL < 3 is complete. • https://www.exploit-db.com/exploits/44697 https://www.exploit-db.com/exploits/45024 https://github.com/can1357/CVE-2018-8897 https://github.com/nmulasmajic/CVE-2018-8897 http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=d8ba61ba58c88d5207c1ba2f7d9a2280e7d03be9 http://openwall.com/lists/oss-security/2018/05/08/1 http://openwall.com/lists/oss-security/2018/05/08/4 http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20190921-01-debug-en http: • CWE-250: Execution with Unnecessary Privileges CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •