CVSS: 7.2EPSS: 0%CPEs: 22EXPL: 3CVE-2003-0144 – BSD 'lpr' 2000.05.07/0.48/0.72 / lpr-ppd 0.72 - Local Buffer Overflow
https://notcve.org/view.php?id=CVE-2003-0144
Buffer overflow in the lprm command in the lprold lpr package on SuSE 7.1 through 7.3, OpenBSD 3.2 and earlier, and possibly other operating systems, allows local users to gain root privileges via long command line arguments such as (1) request ID or (2) user name. • https://www.exploit-db.com/exploits/22331 https://www.exploit-db.com/exploits/22332 ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.2/common/010_lprm.patch ftp://patches.sgi.com/support/free/security/advisories/20030406-02-P http://marc.info/?l=bugtraq&m=104690434504429&w=2 http://marc.info/?l=bugtraq&m=104714441925019&w=2 http://secunia.com/advisories/8293 http://www.debian.org/security/2003/dsa-267 http://www.debian.org/security/2003/dsa-275 http://www& •
CVSS: 5.0EPSS: 2%CPEs: 18EXPL: 1CVE-2003-0078 – OpenSSL 0.9.x - CBC Error Information Leakage
https://notcve.org/view.php?id=CVE-2003-0078
ssl3_get_record in s3_pkt.c for OpenSSL before 0.9.7a and 0.9.6 before 0.9.6i does not perform a MAC computation if an incorrect block cipher padding is used, which causes an information leak (timing discrepancy) that may make it easier to launch cryptographic attacks that rely on distinguishing between padding and MAC verification errors, possibly leading to extraction of the original plaintext, aka the "Vaudenay timing attack." ssl3_get_record en s3_ptk.c de OpenSSL anteriores a 0.9.7a y 0.9.6 anteriores a 0.9.6i no realiza un cálculo MAC si un relleno de bloque de cifra incorrecto es usado, lo que causa una fuga de información (discrepancia en temporización) que puede hacer más fácil lanzar ataques criptográficos que dependan de distinguir entren errores de relleno o de verificación de MAC, posiblemente conducentes a la extracción del texto plano original, también conocida como "Ataque de temporización de Vaudenay". • https://www.exploit-db.com/exploits/22264 ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2003-001.txt.asc ftp://patches.sgi.com/support/free/security/advisories/20030501-01-I http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000570 http://marc.info/?l=bugtraq&m=104567627211904&w=2 http://marc.info/?l=bugtraq&m=104568426824439&w=2 http://marc.info/?l=bugtraq&m=104577183206905&w=2 http://www.ciac.org/ciac/bulletins/n-051.shtml http://www& • CWE-203: Observable Discrepancy •
CVSS: 5.5EPSS: 0%CPEs: 38EXPL: 0CVE-2002-1915
https://notcve.org/view.php?id=CVE-2002-1915
tip on multiple BSD-based operating systems allows local users to cause a denial of service (execution prevention) by using flock() to lock the /var/log/acculog file. • http://online.securityfocus.com/archive/1/283033 http://www.iss.net/security_center/static/9633.php http://www.securityfocus.com/bid/5265 • CWE-667: Improper Locking •
CVSS: 4.9EPSS: 0%CPEs: 2EXPL: 0CVE-2002-2188
https://notcve.org/view.php?id=CVE-2002-2188
OpenBSD before 3.2 allows local users to cause a denial of service (kernel crash) via a call to getrlimit(2) with invalid arguments, possibly due to an integer signedness error. • ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.1/common/018_kernresource.patch http://www.iss.net/security_center/static/10572.php http://www.openbsd.org/errata30.html#kernresource http://www.openbsd.org/errata31.html#kernresource http://www.securityfocus.com/bid/6124 •
CVSS: 5.1EPSS: 0%CPEs: 2EXPL: 0CVE-2002-2222
https://notcve.org/view.php?id=CVE-2002-2222
isakmpd/message.c in isakmpd in FreeBSD before isakmpd-20020403_1, and in OpenBSD 3.1, allows remote attackers to cause a denial of service (crash) by sending Internet Key Exchange (IKE) payloads out of sequence. • ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SN-02:05.asc http://www.kb.cert.org/vuls/id/287771 http://www.openbsd.org/errata31.html#isakmpd https://exchange.xforce.ibmcloud.com/vulnerabilities/9850 •