CVSS: 9.1EPSS: 2%CPEs: 11EXPL: 1CVE-2019-5597 – FreeBSD Security Advisory - FreeBSD-SA-19:05.pf
https://notcve.org/view.php?id=CVE-2019-5597
15 May 2019 — In FreeBSD 11.3-PRERELEASE and 12.0-STABLE before r347591, 11.2-RELEASE before 11.2-RELEASE-p10, and 12.0-RELEASE before 12.0-RELEASE-p4, a bug in the pf IPv6 fragment reassembly logic incorrectly uses the last extension header offset from the last received packet instead of the first packet allowing maliciously crafted IPv6 packets to cause a crash or potentially bypass the packet filter. En FreeBSD 11.3-PRERELEASE y 12.0-STABLE anterior a r347591, 11.2-RELEASE anterior a 11.2-RELEASE-p10, y 12.0-RELEASE a... • http://packetstormsecurity.com/files/152933/FreeBSD-Security-Advisory-FreeBSD-SA-19-05.pf.html • CWE-20: Improper Input Validation •
CVSS: 7.5EPSS: 0%CPEs: 12EXPL: 0CVE-2019-5598 – FreeBSD Security Advisory - FreeBSD-SA-19:06.pf
https://notcve.org/view.php?id=CVE-2019-5598
15 May 2019 — In FreeBSD 11.3-PRERELEASE before r345378, 12.0-STABLE before r345377, 11.2-RELEASE before 11.2-RELEASE-p10, and 12.0-RELEASE before 12.0-RELEASE-p4, a bug in pf does not check if the outer ICMP or ICMP6 packet has the same destination IP as the source IP of the inner protocol packet allowing a maliciously crafted ICMP/ICMP6 packet could bypass the packet filter rules and be passed to a host that would otherwise be unavailable. n FreeBSD 11.3-PRERELEASE antes de r345378, 12.0-ESTABLE antes de r345377, 11.2-... • http://packetstormsecurity.com/files/152934/FreeBSD-Security-Advisory-FreeBSD-SA-19-06.pf.html • CWE-20: Improper Input Validation •
CVSS: 5.9EPSS: 1%CPEs: 24EXPL: 0CVE-2019-9494 – The implementations of SAE in hostapd and wpa_supplicant are vulnerable to side-channel attacks
https://notcve.org/view.php?id=CVE-2019-9494
17 Apr 2019 — The implementations of SAE in hostapd and wpa_supplicant are vulnerable to side channel attacks as a result of observable timing differences and cache access patterns. An attacker may be able to gain leaked information from a side channel attack that can be used for full password recovery. Both hostapd with SAE support and wpa_supplicant with SAE support prior to and including version 2.7 are affected. Las implementaciones SAE en hostapd y wpa_supplicant son vulnerables a los ataques de canal lateral (side ... • http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00021.html • CWE-203: Observable Discrepancy CWE-208: Observable Timing Discrepancy CWE-524: Use of Cache Containing Sensitive Information •
CVSS: 4.3EPSS: 3%CPEs: 25EXPL: 0CVE-2019-9495 – The implementations of EAP-PWD in hostapd and wpa_supplicant are vulnerable to side-channel attacks as a result of cache access patterns
https://notcve.org/view.php?id=CVE-2019-9495
11 Apr 2019 — The implementations of EAP-PWD in hostapd and wpa_supplicant are vulnerable to side-channel attacks as a result of cache access patterns. All versions of hostapd and wpa_supplicant with EAP-PWD support are vulnerable. The ability to install and execute applications is necessary for a successful attack. Memory access patterns are visible in a shared cache. Weak passwords may be cracked. • http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00021.html • CWE-203: Observable Discrepancy CWE-524: Use of Cache Containing Sensitive Information •
CVSS: 8.1EPSS: 1%CPEs: 28EXPL: 0CVE-2019-9499 – The implementations of EAP-PWD in wpa_supplicant EAP Peer do not validate the scalar and element values in EAP-pwd-Commit
https://notcve.org/view.php?id=CVE-2019-9499
11 Apr 2019 — The implementations of EAP-PWD in wpa_supplicant EAP Peer, when built against a crypto library missing explicit validation on imported elements, do not validate the scalar and element values in EAP-pwd-Commit. An attacker may complete authentication, session key and control of the data connection with a client. Both hostapd with SAE support and wpa_supplicant with SAE support prior to and including version 2.4 are affected. Both hostapd with EAP-pwd support and wpa_supplicant with EAP-pwd support prior to a... • http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00021.html • CWE-287: Improper Authentication CWE-346: Origin Validation Error •
CVSS: 8.1EPSS: 1%CPEs: 28EXPL: 0CVE-2019-9498 – The implementations of EAP-PWD in hostapd EAP Server do not validate the scalar and element values in EAP-pwd-Commit
https://notcve.org/view.php?id=CVE-2019-9498
11 Apr 2019 — The implementations of EAP-PWD in hostapd EAP Server, when built against a crypto library missing explicit validation on imported elements, do not validate the scalar and element values in EAP-pwd-Commit. An attacker may be able to use invalid scalar/element values to complete authentication, gaining session key and network access without needing or learning the password. Both hostapd with SAE support and wpa_supplicant with SAE support prior to and including version 2.4 are affected. Both hostapd with EAP-... • http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00021.html • CWE-287: Improper Authentication CWE-346: Origin Validation Error •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2019-5595 – FreeBSD Security Advisory - FreeBSD-SA-19:01.syscall
https://notcve.org/view.php?id=CVE-2019-5595
06 Feb 2019 — In FreeBSD before 11.2-STABLE(r343782), 11.2-RELEASE-p9, 12.0-STABLE(r343781), and 12.0-RELEASE-p3, kernel callee-save registers are not properly sanitized before return from system calls, potentially allowing some kernel data used in the system call to be exposed. En FreeBSD, en versiones anteriores a la 11.2-STABLE(r343782), 11.2-RELEASE-p9, 12.0-STABLE(r343781) y 12.0-RELEASE-p3, los registros callee-save del kernel no se sanean correctamente antes de volver de las llamadas del sistema, lo que podría per... • https://exchange.xforce.ibmcloud.com/vulnerabilities/156624 • CWE-459: Incomplete Cleanup •
CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 4CVE-2019-5596 – FreeBSD 12.0 - 'fd' Local Privilege Escalation
https://notcve.org/view.php?id=CVE-2019-5596
06 Feb 2019 — In FreeBSD 11.2-STABLE after r338618 and before r343786, 12.0-STABLE before r343781, and 12.0-RELEASE before 12.0-RELEASE-p3, a bug in the reference count implementation for UNIX domain sockets can cause a file structure to be incorrectly released potentially allowing a malicious local user to gain root privileges or escape from a jail. En FreeBSD 11.2-STABLE tras r338618 y antes de r343786, 12.0-STABLE antes de r343781 y 12.0-RELEASE antes de 12.0-RELEASE-p3, un error en la implementación del conteo de ref... • https://packetstorm.news/files/id/155790 •
CVSS: 5.9EPSS: 56%CPEs: 55EXPL: 6CVE-2019-6111 – OpenSSH SCP Client - Write Arbitrary Files
https://notcve.org/view.php?id=CVE-2019-6111
16 Jan 2019 — An issue was discovered in OpenSSH 7.9. Due to the scp implementation being derived from 1983 rcp, the server chooses which files/directories are sent to the client. However, the scp client only performs cursory validation of the object name returned (only directory traversal attacks are prevented). A malicious scp server (or Man-in-The-Middle attacker) can overwrite arbitrary files in the scp client target directory. If recursive operation (-r) is performed, the server can manipulate subdirectories as well... • https://packetstorm.news/files/id/151227 • CWE-20: Improper Input Validation CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 9.8EPSS: 2%CPEs: 7EXPL: 0CVE-2018-17161 – FreeBSD Security Advisory - FreeBSD-SA-18:15.bootpd
https://notcve.org/view.php?id=CVE-2018-17161
20 Dec 2018 — In FreeBSD before 11.2-STABLE(r348229), 11.2-RELEASE-p7, 12.0-STABLE(r342228), and 12.0-RELEASE-p1, insufficient validation of network-provided data in bootpd may make it possible for a malicious attacker to craft a bootp packet which could cause a stack buffer overflow. It is possible that the buffer overflow could lead to a Denial of Service or remote code execution. En FreeBSD en versiones anteriores a la 1.2-STABLE(r348229), 11.2-RELEASE-p7 y 12.0-STABLE(r342228) y en la 12.0-RELEASE-p1, una validación ... • http://www.securityfocus.com/bid/106292 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •