CVSS: 3.3EPSS: 0%CPEs: 20EXPL: 0CVE-2019-15875 – FreeBSD Security Advisory - FreeBSD-SA-20:03.thrmisc
https://notcve.org/view.php?id=CVE-2019-15875
28 Jan 2020 — In FreeBSD 12.1-STABLE before r354734, 12.1-RELEASE before 12.1-RELEASE-p2, 12.0-RELEASE before 12.0-RELEASE-p13, 11.3-STABLE before r354735, and 11.3-RELEASE before 11.3-RELEASE-p6, due to incorrect initialization of a stack data structure, core dump files may contain up to 20 bytes of kernel data previously stored on the stack. En FreeBSD versiones 12.1-STABLE anteriores a r354734, versiones 12.1-RELEASE anteriores a 12.1-RELEASE-p2, versiones 12.0-RELEASE anteriores a 12.0-RELEASE-p13, versiones 11.3-STA... • https://security.FreeBSD.org/advisories/FreeBSD-SA-20:03.thrmisc.asc • CWE-665: Improper Initialization •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2011-2480
https://notcve.org/view.php?id=CVE-2011-2480
27 Nov 2019 — Information Disclosure vulnerability in the 802.11 stack, as used in FreeBSD before 8.2 and NetBSD when using certain non-x86 architectures. A signedness error in the IEEE80211_IOC_CHANINFO ioctl allows a local unprivileged user to cause the kernel to copy large amounts of kernel memory back to the user, disclosing potentially sensitive information. Una vulnerabilidad de Divulgación de Información en el protocolo 802.11 stack, como es usado en FreeBSD versiones anteriores a la versión 8.2 y NetBSD cuando es... • https://access.redhat.com/security/cve/cve-2011-2480 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.8EPSS: 4%CPEs: 25EXPL: 2CVE-2019-5611 – FreeBSD Security Advisory - FreeBSD-SA-19:22.mbuf
https://notcve.org/view.php?id=CVE-2019-5611
21 Aug 2019 — In FreeBSD 12.0-STABLE before r350828, 12.0-RELEASE before 12.0-RELEASE-p10, 11.3-STABLE before r350829, 11.3-RELEASE before 11.3-RELEASE-p3, and 11.2-RELEASE before 11.2-RELEASE-p14, a missing check in the function to arrange data in a chain of mbufs could cause data returned not to be contiguous. Extra checks in the IPv6 stack could catch the error condition and trigger a kernel panic, leading to a remote denial of service. En FreeBSD versión 12.0-STABLE anterior a r350828, versión 12.0-RELEASE anterior a... • http://packetstormsecurity.com/files/154170/FreeBSD-Security-Advisory-FreeBSD-SA-19-22.mbuf.html • CWE-20: Improper Input Validation •
CVSS: 7.8EPSS: 0%CPEs: 25EXPL: 0CVE-2019-5612 – FreeBSD Security Advisory - FreeBSD-SA-19:23.midi
https://notcve.org/view.php?id=CVE-2019-5612
21 Aug 2019 — In FreeBSD 12.0-STABLE before r351264, 12.0-RELEASE before 12.0-RELEASE-p10, 11.3-STABLE before r351265, 11.3-RELEASE before 11.3-RELEASE-p3, and 11.2-RELEASE before 11.2-RELEASE-p14, the kernel driver for /dev/midistat implements a read handler that is not thread-safe. A multi-threaded program can exploit races in the handler to copy out kernel memory outside the boundaries of midistat's data buffer. En FreeBSD versión 12.0-STABLE anterior a r351264, versión 12.0-RELEASE anterior a 12.0-RELEASE-p10, versió... • https://security.FreeBSD.org/advisories/FreeBSD-SA-19:23.midi.asc • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 7.5EPSS: 0%CPEs: 24EXPL: 0CVE-2019-5609 – FreeBSD Security Advisory - FreeBSD-SA-19:21.bhyve
https://notcve.org/view.php?id=CVE-2019-5609
06 Aug 2019 — In FreeBSD 12.0-STABLE before r350619, 12.0-RELEASE before 12.0-RELEASE-p9, 11.3-STABLE before r350619, 11.3-RELEASE before 11.3-RELEASE-p2, and 11.2-RELEASE before 11.2-RELEASE-p13, the bhyve e1000 device emulation used a guest-provided value to determine the size of the on-stack buffer without validation when TCP segmentation offload is requested for a transmitted packet. A misbehaving bhyve guest could overwrite memory in the bhyve process on the host. En FreeBSD versiones 12.0-STABLE anteriores a r35061... • https://security.FreeBSD.org/advisories/FreeBSD-SA-19:21.bhyve.asc • CWE-787: Out-of-bounds Write •
CVSS: 9.8EPSS: 8%CPEs: 25EXPL: 0CVE-2019-5608 – FreeBSD Security Advisory - FreeBSD-SA-19:19.mldv2
https://notcve.org/view.php?id=CVE-2019-5608
06 Aug 2019 — In FreeBSD 12.0-STABLE before r350648, 12.0-RELEASE before 12.0-RELEASE-p9, 11.3-STABLE before r350650, 11.3-RELEASE before 11.3-RELEASE-p2, and 11.2-RELEASE before 11.2-RELEASE-p13, the ICMPv6 input path incorrectly handles cases where an MLDv2 listener query packet is internally fragmented across multiple mbufs. A remote attacker may be able to cause an out-of-bounds read or write that may cause the kernel to attempt to access an unmapped page and subsequently panic. En FreeBSD versión 12.0-STABLE anterio... • https://security.FreeBSD.org/advisories/FreeBSD-SA-19:19.mldv2.asc • CWE-125: Out-of-bounds Read CWE-787: Out-of-bounds Write •
CVSS: 7.5EPSS: 1%CPEs: 25EXPL: 0CVE-2019-5610 – FreeBSD Security Advisory - FreeBSD-SA-19:20.bsnmp
https://notcve.org/view.php?id=CVE-2019-5610
06 Aug 2019 — In FreeBSD 12.0-STABLE before r350637, 12.0-RELEASE before 12.0-RELEASE-p9, 11.3-STABLE before r350638, 11.3-RELEASE before 11.3-RELEASE-p2, and 11.2-RELEASE before 11.2-RELEASE-p13, the bsnmp library is not properly validating the submitted length from a type-length-value encoding. A remote user could cause an out-of-bounds read or trigger a crash of the software such as bsnmpd resulting in a denial of service. En FreeBSD versión 12.0-STABLE anterior a r350637, versión 12.0-RELEASE anterior a 12.0-RELEASE-... • http://packetstormsecurity.com/files/153959/FreeBSD-Security-Advisory-FreeBSD-SA-19-20.bsnmp.html • CWE-125: Out-of-bounds Read •
CVSS: 7.8EPSS: 0%CPEs: 22EXPL: 1CVE-2019-5603 – FreeBSD Security Advisory - FreeBSD-SA-19:24.mqueuefs
https://notcve.org/view.php?id=CVE-2019-5603
25 Jul 2019 — In FreeBSD 12.0-STABLE before r350261, 12.0-RELEASE before 12.0-RELEASE-p8, 11.3-STABLE before r350263, 11.3-RELEASE before 11.3-RELEASE-p1, and 11.2-RELEASE before 11.2-RELEASE-p12, system calls operating on file descriptors as part of mqueuefs did not properly release the reference allowing a malicious user to overflow the counter allowing access to files, directories, and sockets opened by processes owned by other users. En FreeBSD versión 12.0-STABLE anterior a r350261, versión 12.0-RELEASE anterior a 1... • https://github.com/raymontag/CVE-2019-5603 • CWE-404: Improper Resource Shutdown or Release •
CVSS: 9.6EPSS: 1%CPEs: 22EXPL: 0CVE-2019-5604 – FreeBSD Security Advisory - FreeBSD-SA-19:16.bhyve
https://notcve.org/view.php?id=CVE-2019-5604
25 Jul 2019 — In FreeBSD 12.0-STABLE before r350246, 12.0-RELEASE before 12.0-RELEASE-p8, 11.3-STABLE before r350247, 11.3-RELEASE before 11.3-RELEASE-p1, and 11.2-RELEASE before 11.2-RELEASE-p12, the emulated XHCI device included with the bhyve hypervisor did not properly validate data provided by the guest, allowing an out-of-bounds read. This provides a malicious guest the possibility to crash the system or access system memory. En FreeBSD versión 12.0-STABLE anterior a r350246, versión 12.0-RELEASE anterior a 12.0-RE... • http://packetstormsecurity.com/files/153753/FreeBSD-Security-Advisory-FreeBSD-SA-19-16.bhyve.html • CWE-125: Out-of-bounds Read •
CVSS: 6.8EPSS: 1%CPEs: 14EXPL: 0CVE-2019-5605 – FreeBSD Security Advisory - FreeBSD-SA-19:14.freebsd32
https://notcve.org/view.php?id=CVE-2019-5605
25 Jul 2019 — In FreeBSD 11.3-STABLE before r350217, 11.3-RELEASE before 11.3-RELEASE-p1, and 11.2-RELEASE before 11.2-RELEASE-p12, due to insufficient initialization of memory copied to userland in the freebsd32_ioctl interface, small amounts of kernel memory may be disclosed to userland processes. This may allow an attacker to leverage this information to obtain elevated privileges either directly or indirectly. En FreeBSD versión 11.3-STABLE anterior a r350217, versión 11.3-RELEASE anterior a 11.3-RELEASE-p1, y versió... • http://packetstormsecurity.com/files/153749/FreeBSD-Security-Advisory-FreeBSD-SA-19-14.freebsd32.html • CWE-665: Improper Initialization •