Page 14 of 86 results (0.005 seconds)

CVSS: 7.2EPSS: 0%CPEs: 21EXPL: 0

The device file system (devfs) in FreeBSD 5.x does not properly check parameters of the node type when creating a device node, which makes hidden devices available to attackers, who can then bypass restrictions on a jailed process. El sistema de ficheros de dispositivos en FreeBSD 5.x no comprueba adecuadamente los parámetros del tipo de nodo cuando crea un nodo de dispositivo, lo que hace que dispositivos ocultos estén disponibles a tacantes (quienes pueden por tanto sortear restricciones en ciertos procesos). • ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-05:17.devfs.asc http://secunia.com/advisories/16145 http://securitytracker.com/id?1014536 http://www.osvdb.org/18123 http://www.securityfocus.com/bid/14334 https://exchange.xforce.ibmcloud.com/vulnerabilities/21451 •

CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 0

ipfw in FreeBSD 5.4, when running on Symmetric Multi-Processor (SMP) or Uni Processor (UP) systems with the PREEMPTION kernel option enabled, does not sufficiently lock certain resources while performing table lookups, which can cause the cache results to be corrupted during multiple concurrent lookups, allowing remote attackers to bypass intended access restrictions. • ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-05:13.ipfw.asc •

CVSS: 5.0EPSS: 0%CPEs: 20EXPL: 0

FreeBSD 4.x through 4.11 and 5.x through 5.4 allows remote attackers to modify certain TCP options via a TCP packet with the SYN flag set for an already established session. • ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-05:15.tcp.asc •

CVSS: 5.0EPSS: 93%CPEs: 296EXPL: 2

Multiple TCP implementations with Protection Against Wrapped Sequence Numbers (PAWS) with the timestamps option enabled allow remote attackers to cause a denial of service (connection loss) via a spoofed packet with a large timer value, which causes the host to discard later packets because they appear to be too old. • https://www.exploit-db.com/exploits/1008 ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-05:15.tcp.asc ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2005.64/SCOSA-2005.64.txt http://secunia.com/advisories/15393 http://secunia.com/advisories/15417 http://secunia.com/advisories/18222 http://secunia.com/advisories/18662 http://support.avaya.com/elmodocs2/security/ASA-2006-032.htm http://www.cisco.com/warp/public/707/cisco-sn-20050518-tcpts.shtml http:/& •

CVSS: 4.6EPSS: 0%CPEs: 10EXPL: 0

FreeBSD 4.6 to 4.11 and 5.x to 5.4 uses insecure default permissions for the /dev/iir device, which allows local users to execute restricted ioctl calls to read or modify data on hardware that is controlled by the iir driver. • ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-05:06.iir.asc •