CVSS: 7.5EPSS: 0%CPEs: 21EXPL: 0CVE-2014-3955 – FreeBSD Security Advisory - routed(8) Remote Denial of Service
https://notcve.org/view.php?id=CVE-2014-3955
22 Oct 2014 — routed in FreeBSD 8.4 through 10.1-RC2 allows remote attackers to cause a denial of service (assertion failure and daemon exit) via an RIP request from a source not on a directly connected network. routed en FreeBSD 8.4 hasta 10.1-RC2 permite a atacantes remotos causar una denegación de servicio (fallo de aserción y salida de demonio) a través de una solicitud RIP de una fuente que no está en una red conectada directamente. The input path in routed(8) will accept queries from any source and attempt to answe... • http://secunia.com/advisories/61865 • CWE-20: Improper Input Validation •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2014-5384
https://notcve.org/view.php?id=CVE-2014-5384
21 Aug 2014 — The VIQR module in the iconv implementation in FreeBSD 10.0 before p6 and NetBSD allows context-dependent attackers to cause a denial of service (out-of-bounds array access) via a crafted argument to the iconv_open function. NOTE: this issue was SPLIT from CVE-2014-3951 per ADT2 due to different vulnerability types. El módulo VIQR en la implementación iconv en FreeBSD 10.0 anterior a p6 y NetBSD permite a atacantes dependientes de contexto causar una denegación de servicio (acceso a array fuera de rango) a ... • http://mail-index.netbsd.org/source-changes/2014/06/24/msg055822.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2014-3952 – Debian Security Advisory 3070-1
https://notcve.org/view.php?id=CVE-2014-3952
09 Jul 2014 — FreeBSD 8.4 before p14, 9.1 before p17, 9.2 before p10, and 10.0 before p7 does not properly initialize the buffer between the header and data of a control message, which allows local users to obtain sensitive information from kernel memory via unspecified vectors. FreeBSD 8.4 anterior a p14, 9.1 anterior a p17, 9.2 anterior a p10 y 10.0 anterior a p7 no inicializa debidamente el buffer entre la cabecera y los datos de un mensaje de control, lo que permite a usuarios locales obtener información sensible de ... • http://secunia.com/advisories/62218 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2014-3953 – Debian Security Advisory 3070-1
https://notcve.org/view.php?id=CVE-2014-3953
09 Jul 2014 — FreeBSD 8.4 before p14, 9.1 before p17, 9.2 before p10, and 10.0 before p7 does not properly initialize certain data structures, which allows local users to obtain sensitive information from kernel memory via a (1) SCTP_SNDRCV, (2) SCTP_EXTRCV, or (3) SCTP_RCVINFO SCTP cmsg or a (4) SCTP_PEER_ADDR_CHANGE, (5) SCTP_REMOTE_ERROR, or (6) SCTP_AUTHENTICATION_EVENT notification. FreeBSD 8.4 anterior a p14, 9.1 anterior a p17, 9.2 anterior a p10 y 10.0 anterior a p7 no inicializa debidamente ciertas estructuras d... • http://secunia.com/advisories/62218 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2014-3951 – FreeBSD Security Advisory - iconv NULL Pointer Dereference
https://notcve.org/view.php?id=CVE-2014-3951
25 Jun 2014 — The HZ module in the iconv implementation in FreeBSD 10.0 before p6 and NetBSD allows context-dependent attackers to cause a denial of service (NULL pointer dereference) via a crafted argument to the iconv_open function. NOTE: this issue was SPLIT per ADT2 due to different vulnerability types. CVE-2014-5384 is used for the NULL pointer dereference. El módulo HZ en la implementación iconv en FreeBSD 10.0 anterior a p6 y NetBSD permite a atacantes dependientes de contexto causar una denegación de servicio (re... • http://mail-index.netbsd.org/source-changes/2014/06/24/msg055822.html •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2014-3880 – Debian Security Advisory 2952-1
https://notcve.org/view.php?id=CVE-2014-3880
06 Jun 2014 — The (1) execve and (2) fexecve system calls in the FreeBSD kernel 8.4 before p11, 9.1 before p14, 9.2 before p7, and 10.0 before p4 destroys the virtual memory address space and mappings for a process before all threads have terminated, which allows local users to cause a denial of service (triple-fault and system reboot) via a crafted system call, which triggers an invalid page table pointer dereference. Las llamadas de sistema (1) execve y (2) fexecve en el kernel de FreeBSD 8.4 anterior a p11, 9.1 anteri... • http://secunia.com/advisories/59034 • CWE-20: Improper Input Validation •
CVSS: 7.8EPSS: 8%CPEs: 5EXPL: 0CVE-2014-3000 – Debian Security Advisory 2952-1
https://notcve.org/view.php?id=CVE-2014-3000
01 May 2014 — The TCP reassembly function in the inet module in FreeBSD 8.3 before p16, 8.4 before p9, 9.1 before p12, 9.2 before p5, and 10.0 before p2 allows remote attackers to cause a denial of service (undefined memory access and system crash) or possibly read system memory via multiple crafted packets, related to moving a reassemble queue entry to the segment list when the queue is full. La función de reensamblaje de TCP en el módulo inet en FreeBSD 8.3 anterior a p16, 8.4 anterior a p9, 9.1 anterior a p12, 9.2 ant... • http://secunia.com/advisories/58293 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.1EPSS: 0%CPEs: 1EXPL: 0CVE-2014-3001 – FreeBSD Security Advisory - devfs Rule Fail
https://notcve.org/view.php?id=CVE-2014-3001
01 May 2014 — The device file system (aka devfs) in FreeBSD 10.0 before p2 does not load default rulesets when booting, which allows context-dependent attackers to bypass intended restrictions by leveraging a jailed device node process. El sistema de archivo de dispositivo (también conocido como devfs) en FreeBSD 10.0 anterior a p2 no carga reglas de asignación por defecto en el arranque, lo que permite a atacantes dependientes de contexto evadir restricciones mediante el aprovechamiento de un proceso de nodo de disposit... • http://www.freebsd.org/security/advisories/FreeBSD-SA-14:07.devfs.asc • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 6.5EPSS: 1%CPEs: 14EXPL: 0CVE-2014-1453 – FreeBSD Security Advisory - NFS Server Deadlock
https://notcve.org/view.php?id=CVE-2014-1453
09 Apr 2014 — The NFS server (nfsserver) in FreeBSD 8.3 through 10.0 does not acquire locks in the proper order when converting a directory file handle to a vnode, which allows remote authenticated users to cause a denial of service (deadlock) via vectors involving a thread that uses the correct locking order. El servidor NFS (nfsserver) en FreeBSD 8.3 hasta 10.0 no adquiere bloqueos en el orden debido cuando convierte un manejador de archivo de directorio hacia un vnode, lo que permite a usuarios remotos autenticados ca... • http://secunia.com/advisories/57760 • CWE-399: Resource Management Errors •
CVSS: 9.8EPSS: 0%CPEs: 11EXPL: 0CVE-2014-1452 – FreeBSD Security Advisory - bsnmpd Denial of Service
https://notcve.org/view.php?id=CVE-2014-1452
15 Jan 2014 — Stack-based buffer overflow in lib/snmpagent.c in bsnmpd, as used in FreeBSD 8.3 through 10.0, allows remote attackers to cause a denial of service (daemon crash) and possibly execute arbitrary code via a crafted GETBULK PDU request. Desbordamiento de buffer basado en pila en lib/snmpagent.c en bsnmpd, como se usa en FreeBSD 8.3 a 10.0, permite a atacantes remotos causar denegación de servicio (caída del demonio) y posiblemente ejecutar código arbitrario a través de una petición GETBULK PDU manipulada. The ... • http://secunia.com/advisories/56496 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •