Page 14 of 80 results (0.004 seconds)

CVSS: 7.5EPSS: 2%CPEs: 3EXPL: 1

IPFilter 3.4.16 and earlier does not include sufficient session information in its cache, which allows remote attackers to bypass access restrictions by sending fragmented packets to a restricted port after sending unfragmented packets to an unrestricted port. • https://www.exploit-db.com/exploits/20730 http://archives.neohapsis.com/archives/freebsd/2001-04/0338.html http://marc.info/?l=bugtraq&m=98679734015538&w=2 https://exchange.xforce.ibmcloud.com/vulnerabilities/6331 •

CVSS: 7.5EPSS: 0%CPEs: 5EXPL: 1

FreeBSD 4.1.1 and earlier, and possibly other BSD-based OSes, uses an insufficient random number generator to generate initial TCP sequence numbers (ISN), which allows remote attackers to spoof TCP connections. • https://www.exploit-db.com/exploits/19522 ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-00:52.tcp-iss.asc http://www.securityfocus.com/bid/1766 •

CVSS: 2.1EPSS: 0%CPEs: 31EXPL: 0

The undocumented semconfig system call in BSD freezes the state of semaphores, which allows local users to cause a denial of service of the semaphore system by using the semconfig call. • ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-00:19.semconfig.asc ftp://ftp.netbsd.org/pub/NetBSD/misc/security/advisories/NetBSD-SA2000-004.txt.asc http://www.openbsd.org/errata26.html#semconfig http://www.securityfocus.com/bid/1270 •

CVSS: 7.2EPSS: 0%CPEs: 15EXPL: 0

Buffer overflow in FreeBSD fts library routines allows local user to modify arbitrary files via the periodic program. • http://www.osvdb.org/1074 http://www.securityfocus.com/bid/644 •

CVSS: 5.0EPSS: 0%CPEs: 23EXPL: 0

ip_input.c in BSD-derived TCP/IP implementations allows remote attackers to cause a denial of service (crash or hang) via crafted packets. ip_input.c en implementaciones de TCP/IP derivadas de BSD permiten a atacantes remotos causar una denegación de servicio (cuelgue o caída) mediante paquetes artesanales. • http://www.openbsd.org/errata23.html#tcpfix http://www.osvdb.org/5707 • CWE-20: Improper Input Validation •