Page 7 of 441 results (0.009 seconds)

CVSS: 9.1EPSS: 0%CPEs: 10EXPL: 0

In FreeBSD 12.1-STABLE before r357490, 12.1-RELEASE before 12.1-RELEASE-p3, 11.3-STABLE before r357489, and 11.3-RELEASE before 11.3-RELEASE-p7, incorrect use of a user-controlled pointer in the epair virtual network module allowed vnet jailed privileged users to panic the host system and potentially execute arbitrary code in the kernel. En FreeBSD versiones 12.1-ESTABLE anteriores a r357490, versiones 12.1-RELEASE anteriores a 12.1-RELEASE-p3, versiones 11.3-ESTABLE anteriores a r357489 y versiones 11.3-RELEASE anteriores a 11.3-RELEASE-p7, se permite el uso incorrecto de un puntero controlado por el usuario en el módulo de red virtual vnet de epair enjauló a usuarios con privilegios para aterrorizar el sistema host y potencialmente ejecutar código arbitrario en el kernel. • https://security.FreeBSD.org/advisories/FreeBSD-SA-20:07.epair.asc • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 6.0EPSS: 0%CPEs: 10EXPL: 0

In FreeBSD 12.1-STABLE before r359021, 12.1-RELEASE before 12.1-RELEASE-p3, 11.3-STABLE before r359020, and 11.3-RELEASE before 11.3-RELEASE-p7, a missing null termination check in the jail_set configuration option "osrelease" may return more bytes with a subsequent jail_get system call allowing a malicious jail superuser with permission to create nested jails to read kernel memory. En FreeBSD versiones 12.1-ESTABLE anteriores a r359021, versiones 12.1-RELEASE anteriores a 12.1-RELEASE-p3, versiones 11.3-ESTABLE anteriores a r359020 y versiones 11.3-RELEASE anteriores a 11.3-RELEASE-p7, una falta de comprobación de terminación null en la opción de configuración "osrelease" de jail_set puede devolver más bytes con una llamada posterior al sistema jail_get que permite a un superusuario de jaula (jail) malicioso con permiso para crear jaulas (jails) anidadas leer la memoria del kernel. • https://security.FreeBSD.org/advisories/FreeBSD-SA-20:08.jail.asc • CWE-754: Improper Check for Unusual or Exceptional Conditions •

CVSS: 5.3EPSS: 0%CPEs: 10EXPL: 0

In FreeBSD 12.1-STABLE before r358739, 12.1-RELEASE before 12.1-RELEASE-p3, 11.3-STABLE before r358740, and 11.3-RELEASE before 11.3-RELEASE-p7, a TCP SYN-ACK or challenge TCP-ACK segment over IPv6 that is transmitted or retransmitted does not properly initialize the Traffic Class field disclosing one byte of kernel memory over the network. En FreeBSD versiones 12.1-2.1-STABLE anteriores a r358739, versiones 12.1-RELEASE anteriores a 12.1-RELEASE-p3, versiones 11.3-STABLE anteriores a r358740, y versiones 11.3-RELEASE anteriores a 11.3-RELEASE-p7, un segmento de TCP SYN-ACK o de desafío TCP-ACK sobre IPv6 que es transmitido o retransmitido no inicializa apropiadamente el campo Traffic Class que revela un byte de memoria del kernel por medio de la red. • https://security.FreeBSD.org/advisories/FreeBSD-SA-20:04.tcp.asc • CWE-908: Use of Uninitialized Resource •

CVSS: 5.5EPSS: 0%CPEs: 10EXPL: 0

In FreeBSD 12.1-STABLE before r356089, 12.1-RELEASE before 12.1-RELEASE-p3, 11.3-STABLE before r356090, and 11.3-RELEASE before 11.3-RELEASE-p7, driver specific ioctl command handlers in the oce network driver failed to check whether the caller has sufficient privileges allowing unprivileged users to send passthrough commands to the device firmware. En FreeBSD versiones 12.1-STABLE anteriores a r356089, versiones 12.1-RELEASE anteriores a 12.1-RELEASE-p3, versiones 11.3-STABLE anteriores a r356090 y versiones 11.3-RELEASE anteriores a 11.3-RELEASE-p7, los manejadores del comando ioctl específico del controlador en el controlador de red oce presentaron un fallo al comprobar si él que llama tiene suficientes privilegios que permite a los usuarios no privilegiados enviar comandos passthrough al firmware del dispositivo. • https://security.FreeBSD.org/advisories/FreeBSD-SA-20:05.if_oce_ioctl.asc • CWE-862: Missing Authorization •

CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0

grub2-bhyve, as used in FreeBSD bhyve before revision 525916 2020-02-12, does not validate the address provided as part of a memrw command (read_* or write_*) by a guest through a grub2.cfg file. This allows an untrusted guest to perform arbitrary read or write operations in the context of the grub-bhyve process, resulting in code execution as root on the host OS. grub2-bhyve, como es usado en FreeBSD bhyve anterior a revisión 525916 12-02-2020, no comprueba la dirección proporcionada como parte de un comando memrw (read_* o write_*) por parte de un invitado mediante un archivo grub2.cfg. Esto permite a un invitado no confiable llevar a cabo operaciones de lectura o escritura arbitrarias en el contexto del proceso de grub-bhyve, resultando en una ejecución de código de tipo root en el Sistema Operativo host. • https://svnweb.freebsd.org/ports?view=revision&revision=525916 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •