CVSS: 7.9EPSS: 88%CPEs: 20EXPL: 4CVE-2012-0217 – FreeBSD - Intel SYSRET Privilege Escalation
https://notcve.org/view.php?id=CVE-2012-0217
12 Jun 2012 — The x86-64 kernel system-call functionality in Xen 4.1.2 and earlier, as used in Citrix XenServer 6.0.2 and earlier and other products; Oracle Solaris 11 and earlier; illumos before r13724; Joyent SmartOS before 20120614T184600Z; FreeBSD before 9.0-RELEASE-p3; NetBSD 6.0 Beta and earlier; Microsoft Windows Server 2008 R2 and R2 SP1 and Windows 7 Gold and SP1; and possibly other operating systems, when running on an Intel processor, incorrectly uses the sysret path in cases where a certain address is not a c... • https://packetstorm.news/files/id/152001 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.5EPSS: 0%CPEs: 20EXPL: 3CVE-2011-1920 – Mandriva Linux Security Advisory 2013-271
https://notcve.org/view.php?id=CVE-2011-1920
23 May 2011 — The make include files in NetBSD before 1.6.2, as used in pmake 1.111 and other products, allow local users to overwrite arbitrary files via a symlink attack on a /tmp/_depend##### temporary file, related to (1) bsd.lib.mk and (2) bsd.prog.mk. El "make" incluye ficheros en NetBSD anterior a v1.6.2 usados en pmake v1.111 y otros productos, permite a usuarios locales sobreescribir ficheros de su elección a través de un ataque de enlace simbólico sobre un archivo temporal /tmp/_depend#####, relacionado con (1)... • http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=626673 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVSS: 5.5EPSS: 0%CPEs: 42EXPL: 0CVE-2010-2530
https://notcve.org/view.php?id=CVE-2010-2530
29 Sep 2010 — Multiple integer signedness errors in smb_subr.c in the netsmb module in the kernel in NetBSD 5.0.2 and earlier, FreeBSD, and Apple Mac OS X allow local users to cause a denial of service (panic) via a negative size value in a /dev/nsmb ioctl operation, as demonstrated by a (1) SMBIOC_LOOKUP or (2) SMBIOC_OPENSESSION ioctl call. Múltiples errores de signo entero en smb_subr.c en el módulo netsmb en el kernel de NetBSD v5.0.2 y versiones anteriores, FreeBSD y Mac OS X permite a usuarios locales causar una de... • http://cvsweb.netbsd.org/bsdweb.cgi/src/sys/netsmb/smb_subr.c.diff?r1=1.34&r2=1.35&only_with_tag=MAIN&f=h • CWE-189: Numeric Errors •
CVSS: 7.8EPSS: 0%CPEs: 30EXPL: 1CVE-2009-2793 – NetBSD 5.0.1 - 'IRET' General Protection Fault Handling Privilege Escalation
https://notcve.org/view.php?id=CVE-2009-2793
18 Sep 2009 — The kernel in NetBSD, probably 5.0.1 and earlier, on x86 platforms does not properly handle a pre-commit failure of the iret instruction, which might allow local users to gain privileges via vectors related to a tempEIP pseudocode variable that is outside of the code-segment limits. El kernel en NetBSD, posiblemente 5.0.1 y anteriores, en plataformas x86 no gestiona adecuadamente el fallo de preasignación de la instrucción "iret", lo que permitiría a usuarios locales conseguir privilegios a través de vector... • https://www.exploit-db.com/exploits/33229 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 5.5EPSS: 0%CPEs: 54EXPL: 0CVE-2006-5215
https://notcve.org/view.php?id=CVE-2006-5215
09 Oct 2006 — The Xsession script, as used by X Display Manager (xdm) in NetBSD before 20060212, X.Org before 20060317, and Solaris 8 through 10 before 20061006, allows local users to overwrite arbitrary files, or read another user's Xsession errors file, via a symlink attack on a /tmp/xses-$USER file. La secuencia de comandos Xsession, tambien usado por X Display Manager (xdm) en NetBSD anterior a 12/02/2006, X.Org anterior a 17/03/2006, y Solaris 8 hasta la 10 anterior a 06/10/2006, permiten a un usuario local sobre es... • http://secunia.com/advisories/22992 •
CVSS: 8.2EPSS: 0%CPEs: 3EXPL: 1CVE-2004-0114 – BSD - SHMAT System Call Privilege Escalation
https://notcve.org/view.php?id=CVE-2004-0114
03 Mar 2004 — The shmat system call in the System V Shared Memory interface for FreeBSD 5.2 and earlier, NetBSD 1.3 and earlier, and OpenBSD 2.6 and earlier, does not properly decrement a shared memory segment's reference count when the vm_map_find function fails, which could allow local users to gain read or write access to a portion of kernel memory and gain privileges. La llamada de sistema shmat en el interfaz de Memoria Compartida de Sistema V de FreeBSD 5.2 y anteriores, NetBSD 1.3 y anteriores, y OpenBSD 2.6 y ant... • https://www.exploit-db.com/exploits/23655 •
CVSS: 9.8EPSS: 16%CPEs: 4EXPL: 0CVE-2001-0670
https://notcve.org/view.php?id=CVE-2001-0670
03 Oct 2001 — Buffer overflow in BSD line printer daemon (in.lpd or lpd) in various BSD-based operating systems allows remote attackers to execute arbitrary code via an incomplete print job followed by a request to display the printer queue. • ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2001-018.txt.asc •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 1CVE-2001-0710
https://notcve.org/view.php?id=CVE-2001-0710
20 Sep 2001 — NetBSD 1.5 and earlier and FreeBSD 4.3 and earlier allows a remote attacker to cause a denial of service by sending a large number of IP fragments to the machine, exhausting the mbuf pool. • ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-01:52.fragment.asc •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2001-0268
https://notcve.org/view.php?id=CVE-2001-0268
03 May 2001 — The i386_set_ldt system call in NetBSD 1.5 and earlier, and OpenBSD 2.8 and earlier, when the USER_LDT kernel option is enabled, does not validate a call gate target, which allows local users to gain root privileges by creating a segment call gate in the Local Descriptor Table (LDT) with a target that specifies an arbitrary kernel address. • http://archives.neohapsis.com/archives/bugtraq/2001-02/0353.html •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2000-0314
https://notcve.org/view.php?id=CVE-2000-0314
12 Mar 2001 — traceroute in NetBSD 1.3.3 and Linux systems allows local users to flood other systems by providing traceroute with a large waittime (-w) option, which is not parsed properly and sets the time delay for sending packets to zero. • ftp://ftp.NetBSD.ORG/pub/NetBSD/misc/security/advisories/NetBSD-SA1999-004.txt.asc •