CVSS: 7.9EPSS: 88%CPEs: 20EXPL: 4CVE-2012-0217 – FreeBSD - Intel SYSRET Privilege Escalation
https://notcve.org/view.php?id=CVE-2012-0217
12 Jun 2012 — The x86-64 kernel system-call functionality in Xen 4.1.2 and earlier, as used in Citrix XenServer 6.0.2 and earlier and other products; Oracle Solaris 11 and earlier; illumos before r13724; Joyent SmartOS before 20120614T184600Z; FreeBSD before 9.0-RELEASE-p3; NetBSD 6.0 Beta and earlier; Microsoft Windows Server 2008 R2 and R2 SP1 and Windows 7 Gold and SP1; and possibly other operating systems, when running on an Intel processor, incorrectly uses the sysret path in cases where a certain address is not a c... • https://packetstorm.news/files/id/152001 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.5EPSS: 0%CPEs: 20EXPL: 3CVE-2011-1920 – Mandriva Linux Security Advisory 2013-271
https://notcve.org/view.php?id=CVE-2011-1920
23 May 2011 — The make include files in NetBSD before 1.6.2, as used in pmake 1.111 and other products, allow local users to overwrite arbitrary files via a symlink attack on a /tmp/_depend##### temporary file, related to (1) bsd.lib.mk and (2) bsd.prog.mk. El "make" incluye ficheros en NetBSD anterior a v1.6.2 usados en pmake v1.111 y otros productos, permite a usuarios locales sobreescribir ficheros de su elección a través de un ataque de enlace simbólico sobre un archivo temporal /tmp/_depend#####, relacionado con (1)... • http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=626673 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVSS: 5.5EPSS: 0%CPEs: 42EXPL: 0CVE-2010-2530
https://notcve.org/view.php?id=CVE-2010-2530
29 Sep 2010 — Multiple integer signedness errors in smb_subr.c in the netsmb module in the kernel in NetBSD 5.0.2 and earlier, FreeBSD, and Apple Mac OS X allow local users to cause a denial of service (panic) via a negative size value in a /dev/nsmb ioctl operation, as demonstrated by a (1) SMBIOC_LOOKUP or (2) SMBIOC_OPENSESSION ioctl call. Múltiples errores de signo entero en smb_subr.c en el módulo netsmb en el kernel de NetBSD v5.0.2 y versiones anteriores, FreeBSD y Mac OS X permite a usuarios locales causar una de... • http://cvsweb.netbsd.org/bsdweb.cgi/src/sys/netsmb/smb_subr.c.diff?r1=1.34&r2=1.35&only_with_tag=MAIN&f=h • CWE-189: Numeric Errors •
CVSS: 7.8EPSS: 0%CPEs: 30EXPL: 1CVE-2009-2793 – NetBSD 5.0.1 - 'IRET' General Protection Fault Handling Privilege Escalation
https://notcve.org/view.php?id=CVE-2009-2793
18 Sep 2009 — The kernel in NetBSD, probably 5.0.1 and earlier, on x86 platforms does not properly handle a pre-commit failure of the iret instruction, which might allow local users to gain privileges via vectors related to a tempEIP pseudocode variable that is outside of the code-segment limits. El kernel en NetBSD, posiblemente 5.0.1 y anteriores, en plataformas x86 no gestiona adecuadamente el fallo de preasignación de la instrucción "iret", lo que permitiría a usuarios locales conseguir privilegios a través de vector... • https://www.exploit-db.com/exploits/33229 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.5EPSS: 0%CPEs: 2049EXPL: 1CVE-2008-4609
https://notcve.org/view.php?id=CVE-2008-4609
20 Oct 2008 — The TCP implementation in (1) Linux, (2) platforms based on BSD Unix, (3) Microsoft Windows, (4) Cisco products, and probably other operating systems allows remote attackers to cause a denial of service (connection queue exhaustion) via multiple vectors that manipulate information in the TCP state table, as demonstrated by sockstress. La implementación del protocolo TCP en (1) Linux, (2) plataformas basadas en BSD Unix, (3) Microsoft Windows, (4) productos Cisco, y probablemente otros sistemas operativos, p... • https://github.com/mrclki/sockstress • CWE-16: Configuration •
CVSS: 5.5EPSS: 0%CPEs: 54EXPL: 0CVE-2006-5215
https://notcve.org/view.php?id=CVE-2006-5215
09 Oct 2006 — The Xsession script, as used by X Display Manager (xdm) in NetBSD before 20060212, X.Org before 20060317, and Solaris 8 through 10 before 20061006, allows local users to overwrite arbitrary files, or read another user's Xsession errors file, via a symlink attack on a /tmp/xses-$USER file. La secuencia de comandos Xsession, tambien usado por X Display Manager (xdm) en NetBSD anterior a 12/02/2006, X.Org anterior a 17/03/2006, y Solaris 8 hasta la 10 anterior a 06/10/2006, permiten a un usuario local sobre es... • http://secunia.com/advisories/22992 •
CVSS: 7.8EPSS: 0%CPEs: 8EXPL: 2CVE-2004-2012 – NetBSD/FreeBSD Port Systrace 1.x - Exit Routine Access Validation Privilege Escalation
https://notcve.org/view.php?id=CVE-2004-2012
31 Dec 2004 — The systrace_exit function in the systrace utility for NetBSD-current and 2.0 before April 16, 2004, and certain FreeBSD ports, does not verify the owner of the /dec/systrace connection before setting euid to 0, which allows local users to gain root privileges. • https://www.exploit-db.com/exploits/24113 •
CVSS: 9.8EPSS: 13%CPEs: 105EXPL: 1CVE-2003-0681 – Sendmail 8.12.9 - 'Prescan()' Variant Remote Buffer Overrun
https://notcve.org/view.php?id=CVE-2003-0681
18 Sep 2003 — A "potential buffer overflow in ruleset parsing" for Sendmail 8.12.9, when using the nonstandard rulesets (1) recipient (2), final, or (3) mailer-specific envelope recipients, has unknown consequences. Un "desbordamiento de búfer potencial en el análisis de reglas" (ruleset parsing) en Sendmail 8.12.9 cuando se usan los conjuntos de reglas no estándar: (1) receptor, (2) final, o (3) receptores de envoltorio específicos del enviador de correo, tienen consecuencias desconocidas. • https://www.exploit-db.com/exploits/23154 •
CVSS: 10.0EPSS: 75%CPEs: 163EXPL: 1CVE-2003-0694 – Sendmail SMTP Address prescan Memory Corruption
https://notcve.org/view.php?id=CVE-2003-0694
18 Sep 2003 — The prescan function in Sendmail 8.12.9 allows remote attackers to execute arbitrary code via buffer overflow attacks, as demonstrated using the parseaddr function in parseaddr.c. La función de prescan en Sendmail 8.12.9 permite a atacantes remotos ejecutar código arbitrario mediante ataques de desbordamiento de búfer, como se demostró usando la función parseaddr en parseaddr.c. • https://packetstorm.news/files/id/180502 •
CVSS: 7.8EPSS: 0%CPEs: 6EXPL: 0CVE-2002-1476
https://notcve.org/view.php?id=CVE-2002-1476
22 Apr 2003 — Buffer overflow in setlocale in libc on NetBSD 1.4.x through 1.6, and possibly other operating systems, when called with the LC_ALL category, allows local attackers to execute arbitrary code via a user-controlled locale string that has more than 6 elements, which exceeds the boundaries of the new_categories category array, as exploitable through programs such as xterm and zsh. Desbordamiento de búfer en setlocale en libc de NetBSD 1.4.x a 1.5, y posiblemente otros sistemas operativos, cuando es llamado con ... • ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2002-012.txt.asc •