CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1CVE-2017-1083
https://notcve.org/view.php?id=CVE-2017-1083
In FreeBSD before 11.2-RELEASE, a stack guard-page is available but is disabled by default. This results in the possibility a poorly written process could be cause a stack overflow. En FreeBSD en versiones anteriores a la 11.2-RELEASE, una página guard de pila está disponible, pero está deshabilitada por defecto. Esto resulta en la posibilidad de que un proceso mal escrito provoque un desbordamiento de pila • https://www.qualys.com/2017/06/19/stack-clash/stack-clash.txt • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2017-1081
https://notcve.org/view.php?id=CVE-2017-1081
In FreeBSD before 11.0-STABLE, 11.0-RELEASE-p10, 10.3-STABLE, and 10.3-RELEASE-p19, ipfilter using "keep state" or "keep frags" options can cause a kernel panic when fed specially crafted packet fragments due to incorrect memory handling. En FreeBSD, en versiones anteriores a la 11.0-STABLE, 11.0-RELEASE-p10, 10.3-STABLE y 10.3-RELEASE-p19, cuando ipfilter emplea las opciones "keep state" o "keep frags", puede provocar un pánico del kernel cuando se le alimentan fragmentos de paquetes manipulados debido a la gestión incorrecta de memoria. • http://www.securityfocus.com/bid/98089 http://www.securitytracker.com/id/1038369 https://www.freebsd.org/security/advisories/FreeBSD-SA-17:04.ipfilter.asc • CWE-20: Improper Input Validation CWE-416: Use After Free •
CVSS: 5.3EPSS: 0%CPEs: 125EXPL: 0CVE-2016-2518 – ntp: out-of-bounds references on crafted packet
https://notcve.org/view.php?id=CVE-2016-2518
The MATCH_ASSOC function in NTP before version 4.2.8p9 and 4.3.x before 4.3.92 allows remote attackers to cause an out-of-bounds reference via an addpeer request with a large hmode value. La función MATCH_ASSOC en NTP en versiones anteriores 4.2.8p9 y 4.3.x en versiones anteriores a 4.3.92 permite a atacantes remotos provocar una referencia fuera de los límites a través de una solicitud addpeer con un valor hmode grande. An out-of-bounds access flaw was found in the way ntpd processed certain packets. An authenticated attacker could use a crafted packet to create a peer association with hmode of 7 and larger, which could potentially (although highly unlikely) cause ntpd to crash. • http://lists.fedoraproject.org/pipermail/package-announce/2016-May/183647.html http://lists.fedoraproject.org/pipermail/package-announce/2016-May/184669.html http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00034.html http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00037.html http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00052.html http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00001.html http://lists.opensuse.org/opensuse-security-announce/2016& • CWE-125: Out-of-bounds Read •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2015-2923
https://notcve.org/view.php?id=CVE-2015-2923
The Neighbor Discovery (ND) protocol implementation in the IPv6 stack in FreeBSD through 10.1 allows remote attackers to reconfigure a hop-limit setting via a small hop_limit value in a Router Advertisement (RA) message. La implementación del protocolo Neighbor Discovery (ND) en la pila de IPv6 en FreeBSD versiones hasta 10.1, permite a atacantes remotos reconfigurar una configuración de hop-limit por medio de un valor hop_limit pequeño en un mensaje Router Advertisement (RA). • http://openwall.com/lists/oss-security/2015/04/04/2 https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=6fd99094de2b83d1d4c8457f2c83483b2828e75a https://lists.freebsd.org/pipermail/freebsd-net/2015-April/041934.html https://www.freebsd.org/security/advisories/FreeBSD-SA-15:09.ipv6.asc • CWE-20: Improper Input Validation •
CVSS: 2.1EPSS: 0%CPEs: 8EXPL: 2CVE-2015-1415 – FreeBSD 10.x ZFS encryption.key Disclosure
https://notcve.org/view.php?id=CVE-2015-1415
The bsdinstall installer in FreeBSD 10.x before 10.1 p9, when configuring full disk encrypted ZFS, uses world-readable permissions for the GELI keyfile (/boot/encryption.key), which allows local users to obtain sensitive key information by reading the file. El instalador bsdinstall en FreeBSD 10.x anterior a 10.1 p9, cuando configura ZFS codificado de disco completo, utiliza permisos de lectura universal para el fichero de claves GELI (/boot/encryption.key), lo que permite a usuarios locales obtener información sensible de claves mediante la lectura del fichero. FreeBSD 10.x installer supports the installation of FreeBSD 10.x on an encrypted ZFS filesystem by default. When using the encryption system within ZFS during the installation of FreeBSD 10.0 and FreeBSD 10.1, the encryption.key has wrong permissions which allow local users to read this file. Even if the keyfile is passphrase-encrypted, it can present a risk. • http://packetstormsecurity.com/files/131338/FreeBSD-10.x-ZFS-encryption.key-Disclosure.html http://www.securityfocus.com/archive/1/535209/100/0/threaded http://www.securitytracker.com/id/1032042 https://www.freebsd.org/security/advisories/FreeBSD-SA-15:08.bsdinstall.asc • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •