CVSS: 8.1EPSS: 83%CPEs: 54EXPL: 99CVE-2024-6387 – Openssh: regresshion - race condition in ssh allows rce/dos
https://notcve.org/view.php?id=CVE-2024-6387
01 Jul 2024 — A security regression (CVE-2006-5051) was discovered in OpenSSH's server (sshd). There is a race condition which can lead sshd to handle some signals in an unsafe manner. An unauthenticated, remote attacker may be able to trigger it by failing to authenticate within a set time period. Se encontró una condición de ejecución del controlador de señales en el servidor de OpenSSH (sshd), donde un cliente no se autentica dentro de los segundos de LoginGraceTime (120 de forma predeterminada, 600 en versiones anter... • https://packetstorm.news/files/id/179290 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') CWE-364: Signal Handler Race Condition •
CVSS: 5.3EPSS: 2%CPEs: 4EXPL: 1CVE-2023-51765
https://notcve.org/view.php?id=CVE-2023-51765
24 Dec 2023 — sendmail through 8.17.2 allows SMTP smuggling in certain configurations. Remote attackers can use a published exploitation technique to inject e-mail messages with a spoofed MAIL FROM address, allowing bypass of an SPF protection mechanism. This occurs because sendmail supports <LF>.<CR><LF> but some other popular e-mail servers do not. This is resolved in 8.18 and later versions with 'o' in srv_features. sendmail hasta al menos 8.14.7 permite el contrabando SMTP en ciertas configuraciones. • http://www.openwall.com/lists/oss-security/2023/12/24/1 • CWE-345: Insufficient Verification of Data Authenticity •
CVSS: 5.9EPSS: 56%CPEs: 79EXPL: 3CVE-2023-48795 – ssh: Prefix truncation attack on Binary Packet Protocol (BPP)
https://notcve.org/view.php?id=CVE-2023-48795
18 Dec 2023 — The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass integrity checks such that some packets are omitted (from the extension negotiation message), and a client and server may consequently end up with a connection for which some security features have been downgraded or disabled, aka a Terrapin attack. This occurs because the SSH Binary Packet Protocol (BPP), implemented by these extensions, mishandles the handshake phas... • https://packetstorm.news/files/id/176280 • CWE-222: Truncation of Security-relevant Information CWE-354: Improper Validation of Integrity Check Value •
CVSS: 6.8EPSS: 0%CPEs: 14EXPL: 0CVE-2023-6660 – NFS client data corruption and kernel memory disclosure
https://notcve.org/view.php?id=CVE-2023-6660
13 Dec 2023 — When a program running on an affected system appends data to a file via an NFS client mount, the bug can cause the NFS client to fail to copy in the data to be written but proceed as though the copy operation had succeeded. This means that the data to be written is instead replaced with whatever data had been in the packet buffer previously. Thus, an unprivileged user with access to an affected system may abuse the bug to trigger disclosure of sensitive information. In particular, the leak is limited to dat... • https://security.freebsd.org/advisories/FreeBSD-SA-23:18.nfsclient.asc •
CVSS: 7.8EPSS: 0%CPEs: 23EXPL: 0CVE-2023-6534 – TCP spoofing vulnerability in pf(4)
https://notcve.org/view.php?id=CVE-2023-6534
13 Dec 2023 — In versions of FreeBSD 14.0-RELEASE before 14-RELEASE-p2, FreeBSD 13.2-RELEASE before 13.2-RELEASE-p7 and FreeBSD 12.4-RELEASE before 12.4-RELEASE-p9, the pf(4) packet filter incorrectly validates TCP sequence numbers. This could allow a malicious actor to execute a denial-of-service attack against hosts behind the firewall. En las versiones de FreeBSD 14.0-RELEASE anteriores a 14-RELEASE-p2, FreeBSD 13.2-RELEASE anteriores a 13.2-RELEASE-p7 y FreeBSD 12.4-RELEASE anteriores a 12.4-RELEASE-p9, el filtro de ... • https://security.freebsd.org/advisories/FreeBSD-SA-23:17.pf.asc •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 2CVE-2023-49298
https://notcve.org/view.php?id=CVE-2023-49298
24 Nov 2023 — OpenZFS through 2.1.13 and 2.2.x through 2.2.1, in certain scenarios involving applications that try to rely on efficient copying of file data, can replace file contents with zero-valued bytes and thus potentially disable security mechanisms. NOTE: this issue is not always security related, but can be security related in realistic situations. A possible example is cp, from a recent GNU Core Utilities (coreutils) version, when attempting to preserve a rule set for denying unauthorized access. (One might use ... • https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=275308 • CWE-639: Authorization Bypass Through User-Controlled Key •
CVSS: 7.8EPSS: 0%CPEs: 6EXPL: 0CVE-2023-5978 – Incorrect libcap_net limitation list manipulation
https://notcve.org/view.php?id=CVE-2023-5978
08 Nov 2023 — In versions of FreeBSD 13-RELEASE before 13-RELEASE-p5, under certain circumstances the cap_net libcasper(3) service incorrectly validates that updated constraints are strictly subsets of the active constraints. When only a list of resolvable domain names was specified without setting any other limitations, an application could submit a new list of domains including include entries not previously listed. This could permit the application to resolve domain names that were previously restricted. En las versio... • https://security.freebsd.org/advisories/FreeBSD-SA-23:16.cap_net.asc • CWE-269: Improper Privilege Management •
CVSS: 10.0EPSS: 1%CPEs: 16EXPL: 0CVE-2023-5941 – libc stdio buffer overflow
https://notcve.org/view.php?id=CVE-2023-5941
08 Nov 2023 — In versions of FreeBSD 12.4-RELEASE prior to 12.4-RELEASE-p7 and FreeBSD 13.2-RELEASE prior to 13.2-RELEASE-p5 the __sflush() stdio function in libc does not correctly update FILE objects' write space members for write-buffered streams when the write(2) system call returns an error. Depending on the nature of an application that calls libc's stdio functions and the presence of errors returned from the write(2) system call (or an overridden stdio write routine) a heap buffer overflow may occur. Such overflow... • https://security.freebsd.org/advisories/FreeBSD-SA-23:15.stdio.asc • CWE-131: Incorrect Calculation of Buffer Size CWE-787: Out-of-bounds Write •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2023-5370 – arm64 boot CPUs may lack speculative execution protections
https://notcve.org/view.php?id=CVE-2023-5370
04 Oct 2023 — On CPU 0 the check for the SMCCC workaround is called before SMCCC support has been initialized. This resulted in no speculative execution workarounds being installed on CPU 0. En la CPU 0, se llama a la verificación del workaround de SMCCC antes de que se haya inicializado el soporte de SMCCC. Esto resultó en que no se instalaran workarounds de ejecución especulativa en la CPU 0. • https://security.FreeBSD.org/advisories/FreeBSD-SA-23:14.smccc.asc • CWE-665: Improper Initialization •
CVSS: 7.1EPSS: 0%CPEs: 1EXPL: 0CVE-2023-5369 – copy_file_range insufficient capability rights check
https://notcve.org/view.php?id=CVE-2023-5369
04 Oct 2023 — Before correction, the copy_file_range system call checked only for the CAP_READ and CAP_WRITE capabilities on the input and output file descriptors, respectively. Using an offset is logically equivalent to seeking, and the system call must additionally require the CAP_SEEK capability. This incorrect privilege check enabled sandboxed processes with only read or write but no seek capability on a file descriptor to read data from or write data to an arbitrary location within the file corresponding to that fil... • https://security.FreeBSD.org/advisories/FreeBSD-SA-23:13.capsicum.asc • CWE-273: Improper Check for Dropped Privileges •