CVSS: 8.1EPSS: 39%CPEs: 21EXPL: 1CVE-2020-7457 – FreeBSD ip6_setpktopt Use-After-Free Privilege Escalation
https://notcve.org/view.php?id=CVE-2020-7457
In FreeBSD 12.1-STABLE before r359565, 12.1-RELEASE before p7, 11.4-STABLE before r362975, 11.4-RELEASE before p1, and 11.3-RELEASE before p11, missing synchronization in the IPV6_2292PKTOPTIONS socket option set handler contained a race condition allowing a malicious application to modify memory after being freed, possibly resulting in code execution. En FreeBSD versiones 12.1-ESTABLE anteriores a r359565, versiones 12.1-RELEASE anteriores a p7, versiones 11.4-ESTABLE anteriores a r362975, versiones 11.4-RELEASE anteriores a p1 y 11.3-RELEASE anteriores a p11, una falta de sincronización en el manejador del conjunto de opciones del socket IPV6_2292PKTOPTIONS contenía una condición de carrera que permitía una aplicación maliciosa para modificar la memoria después de ser liberada, resultando posiblemente en una ejecución de código • http://packetstormsecurity.com/files/158695/FreeBSD-ip6_setpktopt-Use-After-Free-Privilege-Escalation.html https://security.FreeBSD.org/advisories/FreeBSD-SA-20:20.ipv6.asc https://security.netapp.com/advisory/ntap-20200724-0002 https://hackerone.com/reports/826026 https://bsdsec.net/articles/freebsd-announce-freebsd-security-advisory-freebsd-sa-20-20-ipv6 https://www.freebsd.org/security/patches/SA-20:20/ipv6.patch https://github.com/freebsd/freebsd/blob/master/sys/netinet6/ip6_var.h https:/&# • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') CWE-416: Use After Free CWE-662: Improper Synchronization •
CVSS: 7.2EPSS: 0%CPEs: 19EXPL: 0CVE-2020-7456
https://notcve.org/view.php?id=CVE-2020-7456
In FreeBSD 12.1-STABLE before r361918, 12.1-RELEASE before p6, 11.4-STABLE before r361919, 11.3-RELEASE before p10, and 11.4-RC2 before p1, an invalid memory location may be used for HID items if the push/pop level is not restored within the processing of that HID item allowing an attacker with physical access to a USB port to be able to use a specially crafted USB device to gain kernel or user-space code execution. En FreeBSD versión 12.1-ESTABLE versiones anteriores a r361918, 12.1-RELEASE versiones anteriores a p6, 11.4-ESTABLE versiones anteriores a r361919, 11.3-RELEASE versiones anteriores a p10 y 11.4-RC2 versiones anteriores a p1, puede ser usada una ubicación de memoria no comprobada para elementos HID si el nivel de inserción/extracción no es restaurado dentro del procesamiento de ese elemento HID, permitiendo que un atacante con acceso físico a un puerto USB pueda usar un dispositivo USB especialmente diseñado para conseguir una ejecución de código de kernel o del espacio de usuario • https://security.FreeBSD.org/advisories/FreeBSD-SA-20:17.usb.asc https://security.netapp.com/advisory/ntap-20200625-0005 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 5.5EPSS: 0%CPEs: 43EXPL: 1CVE-2020-13434 – sqlite: integer overflow in sqlite3_str_vappendf function in printf.c
https://notcve.org/view.php?id=CVE-2020-13434
SQLite through 3.32.0 has an integer overflow in sqlite3_str_vappendf in printf.c. SQLite versiones hasta 3.32.0, presenta un desbordamiento de enteros en la función sqlite3_str_vappendf en el archivo printf.c. An integer overflow flaw was found in the SQLite implementation of the printf() function. This flaw allows an attacker who can control the precision of floating-point conversions, to crash the application, resulting in a denial of service. • http://seclists.org/fulldisclosure/2020/Dec/32 http://seclists.org/fulldisclosure/2020/Nov/19 http://seclists.org/fulldisclosure/2020/Nov/20 http://seclists.org/fulldisclosure/2020/Nov/22 https://lists.debian.org/debian-lts-announce/2020/05/msg00024.html https://lists.debian.org/debian-lts-announce/2020/08/msg00037.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L7KXQWHIY2MQP4LNM6ODWJENMXYYQYBN https://security.FreeBSD.org/advisories/FreeBSD-SA-20: • CWE-121: Stack-based Buffer Overflow CWE-190: Integer Overflow or Wraparound •
CVSS: 9.8EPSS: 0%CPEs: 5EXPL: 0CVE-2019-15880
https://notcve.org/view.php?id=CVE-2019-15880
In FreeBSD 12.1-STABLE before r356911, and 12.1-RELEASE before p5, insufficient checking in the cryptodev module allocated the size of a kernel buffer based on a user-supplied length allowing an unprivileged process to trigger a kernel panic. En FreeBSD versiones 12.1-STABLE anteriores a r356911 y versiones 12.1-RELEASE anteriores a p5, una comprobación insuficiente en el módulo cryptodev asignó el tamaño de un búfer del kernel basado en una longitud suministrada por el usuario permitiendo a un proceso no privilegiado desencadenar un pánico del kernel. • https://security.FreeBSD.org/advisories/FreeBSD-SA-20:16.cryptodev.asc https://security.netapp.com/advisory/ntap-20200518-0008 • CWE-20: Improper Input Validation CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.4EPSS: 0%CPEs: 14EXPL: 0CVE-2019-15879
https://notcve.org/view.php?id=CVE-2019-15879
In FreeBSD 12.1-STABLE before r356908, 12.1-RELEASE before p5, 11.3-STABLE before r356908, and 11.3-RELEASE before p9, a race condition in the cryptodev module permitted a data structure in the kernel to be used after it was freed, allowing an unprivileged process can overwrite arbitrary kernel memory. En FreeBSD versiones 12.1-STABLE anteriores a r352509, versiones 11.3-STABLE anteriores a r352509 y versiones 11.3-RELEASE anteriores a p9, una condición de carrera en el módulo cryptodev permitía utilizar una estructura de datos en el kernel después de liberarla, permitiendo a un proceso no privilegiado poder sobrescribir la memoria del kernel arbitrariamente. • https://security.FreeBSD.org/advisories/FreeBSD-SA-20:15.cryptodev.asc https://security.netapp.com/advisory/ntap-20200518-0005 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') CWE-772: Missing Release of Resource after Effective Lifetime •