FreeBSD, NetBSD Security Vulnerabilities

CVE-2021-45484

In NetBSD through 9.2, the IPv6 fragment ID generation algorithm employs a weak cryptographic...

CVE-2021-45487

In NetBSD through 9.2, the IPv4 ID generation algorithm does not use appropriate cryptographic...

FreeBSD Ports: tnftpd

The remote host is missing an update to the system as announced in the referenced...

FreeBSD Ports: FreeBSD

The remote host is missing an update to the system as announced in the referenced...

FreeBSD Ports: libXfont

The remote host is missing an update to the system as announced in the referenced...

FreeBSD Ports: FreeBSD

The remote host is missing an update to the system as announced in the referenced...

FreeBSD Ports: pure-ftpd

The remote host is missing an update to the system as announced in the referenced...

FreeBSD Ports: apr0

The remote host is missing an update to the system as announced in the referenced...

FreeBSD Ports: apr1

The remote host is missing an update to the system as announced in the referenced...

FreeBSD Ports: apr1

The remote host is missing an update to the system as announced in the referenced...

Mandriva Update for libxfont MDVSA-2011:153 (libxfont)

The remote host is missing an update for...

SUSE SLES11 Security Update : kernel (SUSE-SU-2021:14764-1)

The remote SUSE Linux SLES11 / SLES_SAP11 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2021:14764-1 advisory. The 802.11 standard that underpins Wi-Fi Protected Access (WPA, WPA2, and WPA3) and Wired Equivalent Privacy (WEP) doesn't...

SUSE SLES12 Security Update : kernel (SUSE-SU-2021:1899-1)

The remote SUSE Linux SLES12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2021:1899-1 advisory. The 802.11 standard that underpins Wi-Fi Protected Access (WPA, WPA2, and WPA3) and Wired Equivalent Privacy (WEP) doesn't require that...

SUSE SLES15 Security Update : kernel (SUSE-SU-2021:1888-1)

The remote SUSE Linux SLES15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2021:1888-1 advisory. The 802.11 standard that underpins Wi-Fi Protected Access (WPA, WPA2, and WPA3) and Wired Equivalent Privacy (WEP) doesn't require that...

SUSE SLED15 / SLES15 Security Update : kernel (SUSE-SU-2021:1890-1)

The remote SUSE Linux SLED15 / SLES15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2021:1890-1 advisory. The 802.11 standard that underpins Wi-Fi Protected Access (WPA, WPA2, and WPA3) and Wired Equivalent Privacy (WEP) doesn't...

SUSE SLES15 Security Update : kernel (SUSE-SU-2021:1889-1)

The remote SUSE Linux SLES15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2021:1889-1 advisory. The 802.11 standard that underpins Wi-Fi Protected Access (WPA, WPA2, and WPA3) and Wired Equivalent Privacy (WEP) doesn't require that...

SUSE SLES15 Security Update : kernel (SUSE-SU-2021:2208-1)

The remote SUSE Linux SLES15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2021:2208-1 advisory. The 802.11 standard that underpins Wi-Fi Protected Access (WPA, WPA2, and WPA3) and Wired Equivalent Privacy (WEP) doesn't require that...

SUSE SLES12 Security Update : kernel (SUSE-SU-2021:2406-1)

The remote SUSE Linux SLES12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2021:2406-1 advisory. The 802.11 standard that underpins Wi-Fi Protected Access (WPA, WPA2, and WPA3) and Wired Equivalent Privacy (WEP) doesn't require that...

SUSE SLES12 Security Update : kernel (SUSE-SU-2021:1887-1)

The remote SUSE Linux SLES12 / SLES_SAP12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2021:1887-1 advisory. The 802.11 standard that underpins Wi-Fi Protected Access (WPA, WPA2, and WPA3) and Wired Equivalent Privacy (WEP) doesn't...

SUSE SLES12 Security Update : kernel (SUSE-SU-2021:1891-1)

The remote SUSE Linux SLES12 / SLES_SAP12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2021:1891-1 advisory. The 802.11 standard that underpins Wi-Fi Protected Access (WPA, WPA2, and WPA3) and Wired Equivalent Privacy (WEP) doesn't...

SUSE SLES15 Security Update : kernel (SUSE-SU-2021:1912-1)

The remote SUSE Linux SLES15 / SLES_SAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2021:1912-1 advisory. The 802.11 standard that underpins Wi-Fi Protected Access (WPA, WPA2, and WPA3) and Wired Equivalent Privacy (WEP) doesn't...

SUSE SLED12 / SLES12 Security Update : kernel (SUSE-SU-2021:1913-1)

The remote SUSE Linux SLED12 / SLES12 / SLES_SAP12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2021:1913-1 advisory. The 802.11 standard that underpins Wi-Fi Protected Access (WPA, WPA2, and WPA3) and Wired Equivalent Privacy (WEP)...

SUSE SLES12 Security Update : kernel (SUSE-SU-2021:2451-1)

The remote SUSE Linux SLES12 / SLES_SAP12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2021:2451-1 advisory. The 802.11 standard that underpins Wi-Fi Protected Access (WPA, WPA2, and WPA3) and Wired Equivalent Privacy (WEP) doesn't...

SUSE SLES15 Security Update : kernel (SUSE-SU-2021:2421-1)

The remote SUSE Linux SLES15 / SLES_SAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2021:2421-1 advisory. The 802.11 standard that underpins Wi-Fi Protected Access (WPA, WPA2, and WPA3) and Wired Equivalent Privacy (WEP) doesn't...

SUSE SLES15 Security Update : kernel (SUSE-SU-2021:1975-1)

The remote SUSE Linux SLES15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2021:1975-1 advisory. An issue was discovered in the Linux kernel through 5.3.9. There is a use-after-free when aa_label_parse() fails in aa_audit_rule_init()...

SUSE SLED15 / SLES15 Security Update : kernel (SUSE-SU-2021:1977-1)

The remote SUSE Linux SLED15 / SLES15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2021:1977-1 advisory. An issue was discovered in the Linux kernel through 5.3.9. There is a use-after-free when aa_label_parse() fails in...

Debian: Security Advisory (DLA-491)

The remote host is missing an update for the...

php5 - security update

CVE-2015-2305 Integer overflow in the regcomp implementation in the Henry Spencer BSD regex library (aka rxspencer) alpha3.8.g5 on 32-bit platforms, as used in NetBSD through 6.1.5 and other products, might allow context-dependent attackers to execute arbitrary code via a large regular...

Heimdal Kerberos vulnerable to remotely triggered NULL pointer dereference

Overview The Heimdal Software Kerberos 5 implementation is vulnerable to a null pointer dereferance. An attacker with network access to an application that depends on the vulnerable code path can cause the application to crash. Description CVE-2022-3116 A flawed logical condition in...

Devices supporting Bluetooth Core and Mesh Specifications are vulnerable to impersonation attacks and AuthValue disclosure

Overview Devices supporting the Bluetooth Core and Mesh Specifications are vulnerable to impersonation attacks and AuthValue disclosure that could allow an attacker to impersonate a legitimate device during pairing. Description The Bluetooth Core Specification and Mesh Profile Specification are...

L2 network security controls can be bypassed using VLAN 0 stacking and/or 802.3 headers

Overview Layer-2 (L2) network security controls provided by various devices, such as switches, routers, and operating systems, can be bypassed by stacking Ethernet protocol headers. An attacker can send crafted packets through vulnerable devices to cause Denial-of-service (DoS) or to perform a...

NetBSD mail.local Privilege Escalation

This module attempts to exploit a race condition in mail.local with SUID bit set on: NetBSD 7.0 - 7.0.1 (verified on 7.0.1) NetBSD 6.1 - 6.1.5 NetBSD 6.0 - 6.0.6 Successful exploitation relies on a crontab job with root privilege, which may take up to 10min to...

uClibc, uClibc-ng libraries have monotonically increasing DNS transaction ID

Overview The uClibc and uClibc-ng libraries, prior to uClibc-ng 1.0.41, are vulnerable to DNS cache poisoning due to the use of predicatble DNS transaction IDs when making DNS requests. This vulnerability can allow an attacker to perform DNS cache poisoning attacks against a vulnerable...

Netatalk contains multiple error and memory management vulnerabilities

Overview There are six new vulnerabilities in the latest release of Netatalk (3.1.12) that could allow for Remote Code Execution as well as Out-of-bounds Read. Description Below are the new CVEs. Per ZDI: CVE-2022-0194 This vulnerability allows remote attackers to execute arbitrary code on...

K15082 : OpenSSH vulnerability CVE-2010-4755

Security Advisory Description The (1) remote_glob function in sftp-glob.c and the (2) process_put function in sftp.c in OpenSSH 5.8 and earlier, as used in FreeBSD 7.3 and 8.1, NetBSD 5.0.2, OpenBSD 4.7, and other products, allow remote authenticated users to cause a denial of service (CPU and...

K15920 : Apache vulnerability CVE-2011-0419

Security Advisory Description Stack consumption vulnerability in the fnmatch implementation in apr_fnmatch.c in the Apache Portable Runtime (APR) library before 1.4.3 and the Apache HTTP Server before 2.2.18, and in fnmatch.c in libc in NetBSD 5.1, OpenBSD 4.8, FreeBSD, Apple Mac OS X 10.6, Oracle....

K16831 : BSD regex library vulnerability CVE-2015-2305

Security Advisory Description Description Integer overflow in the regcomp implementation in the Henry Spencer BSD regex library (aka rxspencer) alpha3.8.g5 on 32-bit platforms, as used in NetBSD through 6.1.5 and other products, might allow context-dependent attackers to execute arbitrary code...

Denial Of Service (DoS)

OpenSSL is vulnerable to denial of service flaw. Flaws in OpenSSL's DTLS implementation allows a remote attacker to cause a DTLS server to use excessive amounts of memory, or crash on an invalid memory access or NULL pointer...

Denial Of Service (DoS)

OpenSSL is vulnerable to denial of service flaw. Flaws in OpenSSL's DTLS implementation allows a remote attacker to cause a DTLS server to use excessive amounts of memory, or crash on an invalid memory access or NULL pointer...

Information Disclosure

OpenSSL is vulnerable to information disclosure. This is possible because the SSL protocol 3.0 uses a nondeterministic CBC padding allowing attackers to perform man-in-the-middle (MitM) attacks. This is also known as the POODLE...

Information Disclosure

OpenSSL is vulnerable to information disclosure. This is possible because the SSL protocol 3.0 uses a nondeterministic CBC padding allowing attackers to perform man-in-the-middle (MitM) attacks. This is also known as the POODLE...

Design/Logic Flaw

Use-after-free vulnerability in the dtls1_retrieve_buffered_fragment function in ssl/d1_both.c in OpenSSL 1.0.0 Beta 2 allows remote attackers to cause a denial of service (openssl s_client crash) and possibly have unspecified other impact via a DTLS packet, as demonstrated by a packet from a...

Design/Logic Flaw

Use-after-free vulnerability in ISC BIND 9.3.0 up to 9.3.3, 9.4.0a1 up to 9.4.0a6, 9.4.0b1 up to 9.4.0b4, 9.4.0rc1, and 9.5.0a1 (Bind Forum only) allows remote attackers to cause a denial of service (named daemon crash) via unspecified vectors that cause named to "dereference a freed fetch...

Denial Of Service (DoS)

ISC BIND (Berkeley Internet Name Domain) is vulnerable to Denial Of Service (DoS). A use-after-free flaw was found in BIND. On servers that have recursion enabled, this could allow a remote attacker to cause a denial of...

Code injection

The do_free_upto function in crypto/cms/cms_smime.c in OpenSSL before 0.9.8zg, 1.0.0 before 1.0.0s, 1.0.1 before 1.0.1n, and 1.0.2 before 1.0.2b allows remote attackers to cause a denial of service (infinite loop) via vectors that trigger a NULL value of a BIO data structure, as demonstrated by an....

Denial Of Service (DoS)

OpenSSL is vulnerable to denial of service (DoS) attacks. A malicious user can pass an unrecognized X.660 OID to the hash function to the system to cause an infinite loop that can cause the system to...

Out-of-bounds

The X509_cmp_time function in crypto/x509/x509_vfy.c in OpenSSL before 0.9.8zg, 1.0.0 before 1.0.0s, 1.0.1 before 1.0.1n, and 1.0.2 before 1.0.2b allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted length field in ASN1_TIME data, as...

Denial Of Service (DoS)

OpenSSL is vulnerable to denial of service (DoS) attacks. These attacks can be triggered through the length field in ASN1_TIME data via X509_cmp_time function in crypto/x509/x509_vfy.c, causing an out-of-bounds read and an application...

CVE-2009-1379

Use-after-free vulnerability in the dtls1_retrieve_buffered_fragment function in ssl/d1_both.c in OpenSSL 1.0.0 Beta 2 allows remote attackers to cause a denial of service (openssl s_client crash) and possibly have unspecified other impact via a DTLS packet, as demonstrated by a packet from a...

CVE-2009-1379

Use-after-free vulnerability in the dtls1_retrieve_buffered_fragment function in ssl/d1_both.c in OpenSSL 1.0.0 Beta 2 allows remote attackers to cause a denial of service (openssl s_client crash) and possibly have unspecified other impact via a DTLS packet, as demonstrated by a packet from a...