CVSS: 7.5EPSS: 3%CPEs: 4EXPL: 0CVE-2014-7250
https://notcve.org/view.php?id=CVE-2014-7250
12 Dec 2014 — The TCP stack in 4.3BSD Net/2, as used in FreeBSD 5.4, NetBSD possibly 2.0, and OpenBSD possibly 3.6, does not properly implement the session timer, which allows remote attackers to cause a denial of service (resource consumption) via crafted packets. La pila de TCP en 4.3BSD Net/2, utilizado en FreeBSD 5.4, NetBSD posiblemente 2.0, y OpenBSD posiblemente 3.6, no implementa correctamente el temporizador de la sesión, lo que permite a atacantes remotos causar una denegación de servicio (consumo de recursos) ... • http://jvn.jp/en/jp/JVN07930208/index.html • CWE-399: Resource Management Errors •
CVSS: 7.9EPSS: 88%CPEs: 20EXPL: 4CVE-2012-0217 – FreeBSD - Intel SYSRET Privilege Escalation
https://notcve.org/view.php?id=CVE-2012-0217
12 Jun 2012 — The x86-64 kernel system-call functionality in Xen 4.1.2 and earlier, as used in Citrix XenServer 6.0.2 and earlier and other products; Oracle Solaris 11 and earlier; illumos before r13724; Joyent SmartOS before 20120614T184600Z; FreeBSD before 9.0-RELEASE-p3; NetBSD 6.0 Beta and earlier; Microsoft Windows Server 2008 R2 and R2 SP1 and Windows 7 Gold and SP1; and possibly other operating systems, when running on an Intel processor, incorrectly uses the sysret path in cases where a certain address is not a c... • https://packetstorm.news/files/id/152001 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.8EPSS: 8%CPEs: 40EXPL: 0CVE-2011-2895 – BSD compress LZW decoder buffer overflow
https://notcve.org/view.php?id=CVE-2011-2895
19 Aug 2011 — The LZW decompressor in (1) the BufCompressedFill function in fontfile/decompress.c in X.Org libXfont before 1.4.4 and (2) compress/compress.c in 4.3BSD, as used in zopen.c in OpenBSD before 3.8, FreeBSD, NetBSD 4.0.x and 5.0.x before 5.0.3 and 5.1.x before 5.1.1, FreeType 2.1.9, and other products, does not properly handle code words that are absent from the decompression table when encountered, which allows context-dependent attackers to trigger an infinite loop or a heap-based buffer overflow, and possib... • http://cgit.freedesktop.org/xorg/lib/libXfont/commit/?id=d11ee5886e9d9ec610051a206b135a4cdc1e09a0 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 5.5EPSS: 0%CPEs: 42EXPL: 0CVE-2010-2530
https://notcve.org/view.php?id=CVE-2010-2530
29 Sep 2010 — Multiple integer signedness errors in smb_subr.c in the netsmb module in the kernel in NetBSD 5.0.2 and earlier, FreeBSD, and Apple Mac OS X allow local users to cause a denial of service (panic) via a negative size value in a /dev/nsmb ioctl operation, as demonstrated by a (1) SMBIOC_LOOKUP or (2) SMBIOC_OPENSESSION ioctl call. Múltiples errores de signo entero en smb_subr.c en el módulo netsmb en el kernel de NetBSD v5.0.2 y versiones anteriores, FreeBSD y Mac OS X permite a usuarios locales causar una de... • http://cvsweb.netbsd.org/bsdweb.cgi/src/sys/netsmb/smb_subr.c.diff?r1=1.34&r2=1.35&only_with_tag=MAIN&f=h • CWE-189: Numeric Errors •
CVSS: 7.8EPSS: 0%CPEs: 30EXPL: 1CVE-2009-2793 – NetBSD 5.0.1 - 'IRET' General Protection Fault Handling Privilege Escalation
https://notcve.org/view.php?id=CVE-2009-2793
18 Sep 2009 — The kernel in NetBSD, probably 5.0.1 and earlier, on x86 platforms does not properly handle a pre-commit failure of the iret instruction, which might allow local users to gain privileges via vectors related to a tempEIP pseudocode variable that is outside of the code-segment limits. El kernel en NetBSD, posiblemente 5.0.1 y anteriores, en plataformas x86 no gestiona adecuadamente el fallo de preasignación de la instrucción "iret", lo que permitiría a usuarios locales conseguir privilegios a través de vector... • https://www.exploit-db.com/exploits/33229 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.5EPSS: 0%CPEs: 2049EXPL: 1CVE-2008-4609
https://notcve.org/view.php?id=CVE-2008-4609
20 Oct 2008 — The TCP implementation in (1) Linux, (2) platforms based on BSD Unix, (3) Microsoft Windows, (4) Cisco products, and probably other operating systems allows remote attackers to cause a denial of service (connection queue exhaustion) via multiple vectors that manipulate information in the TCP state table, as demonstrated by sockstress. La implementación del protocolo TCP en (1) Linux, (2) plataformas basadas en BSD Unix, (3) Microsoft Windows, (4) productos Cisco, y probablemente otros sistemas operativos, p... • https://github.com/mrclki/sockstress • CWE-16: Configuration •
CVSS: 9.3EPSS: 0%CPEs: 14EXPL: 0CVE-2008-1335
https://notcve.org/view.php?id=CVE-2008-1335
13 Mar 2008 — The ipsec4_get_ulp function in the kernel in NetBSD 2.0 through 3.1 and NetBSD-current before 20071028, when the fast_ipsec subsystem is enabled, allows remote attackers to bypass the IPsec policy by sending packets from a source machine with a different endianness than the destination machine, a different vulnerability than CVE-2006-0905. La función ipsec4_get_ulp del kernel en las versiones 2.0 a 3.1 de NetBSD y NetBSD-current anterior a 20071028, cuando está habilitado el subsistema fast_ipsec, permite a... • ftp://ftp.NetBSD.org/pub/NetBSD/security/advisories/NetBSD-SA2008-002.txt.asc •
CVSS: 6.8EPSS: 1%CPEs: 198EXPL: 0CVE-2008-1146
https://notcve.org/view.php?id=CVE-2008-1146
04 Mar 2008 — A certain pseudo-random number generator (PRNG) algorithm that uses XOR and 3-bit random hops (aka "Algorithm X3"), as used in OpenBSD 2.8 through 4.2, allows remote attackers to guess sensitive values such as DNS transaction IDs by observing a sequence of previously generated values. NOTE: this issue can be leveraged for attacks such as DNS cache poisoning against OpenBSD's modification of BIND. Cierto algoritmo generador de números pseudo-aleatorios(PRNG) que usa XOR y alterna en saltos de 3-bit (también ... • http://secunia.com/advisories/28819 •
CVSS: 7.5EPSS: 1%CPEs: 198EXPL: 0CVE-2008-1147
https://notcve.org/view.php?id=CVE-2008-1147
04 Mar 2008 — A certain pseudo-random number generator (PRNG) algorithm that uses XOR and 2-bit random hops (aka "Algorithm X2"), as used in OpenBSD 2.6 through 3.4, Mac OS X 10 through 10.5.1, FreeBSD 4.4 through 7.0, and DragonFlyBSD 1.0 through 1.10.1, allows remote attackers to guess sensitive values such as IP fragmentation IDs by observing a sequence of previously generated values. NOTE: this issue can be leveraged for attacks such as injection into TCP packets and OS fingerprinting. Cierto algoritmo generador de n... • http://seclists.org/bugtraq/2008/Feb/0052.html •
CVSS: 7.5EPSS: 1%CPEs: 198EXPL: 0CVE-2008-1148
https://notcve.org/view.php?id=CVE-2008-1148
04 Mar 2008 — A certain pseudo-random number generator (PRNG) algorithm that uses ADD with 0 random hops (aka "Algorithm A0"), as used in OpenBSD 3.5 through 4.2 and NetBSD 1.6.2 through 4.0, allows remote attackers to guess sensitive values such as (1) DNS transaction IDs or (2) IP fragmentation IDs by observing a sequence of previously generated values. NOTE: this issue can be leveraged for attacks such as DNS cache poisoning, injection into TCP packets, and OS fingerprinting. Cierto algoritmo generador de números pseu... • http://secunia.com/advisories/28819 •