CVSS: 9.1EPSS: 0%CPEs: 2EXPL: 0CVE-2005-2359 – FreeBSD-SA-05-19.ipsec.txt
https://notcve.org/view.php?id=CVE-2005-2359
28 Jul 2005 — The AES-XCBC-MAC algorithm in IPsec in FreeBSD 5.3 and 5.4, when used for authentication without other encryption, uses a constant key instead of the one that was assigned by the system administrator, which can allow remote attackers to spoof packets to establish an IPsec session. El algoritmo AES-XCBC-MACen IPsec en FreeBSD 5.3 y 5.4, cuando se usa para autentificación sin otra encriptación, usa una clave constante (en vez de la que asigne el administrador del sistema). Esto puede permitir que atacantes re... • ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-05:19.ipsec.asc •
CVSS: 7.2EPSS: 0%CPEs: 21EXPL: 0CVE-2005-2218 – FreeBSD-SA-05-17.devfs.txt
https://notcve.org/view.php?id=CVE-2005-2218
21 Jul 2005 — The device file system (devfs) in FreeBSD 5.x does not properly check parameters of the node type when creating a device node, which makes hidden devices available to attackers, who can then bypass restrictions on a jailed process. El sistema de ficheros de dispositivos en FreeBSD 5.x no comprueba adecuadamente los parámetros del tipo de nodo cuando crea un nodo de dispositivo, lo que hace que dispositivos ocultos estén disponibles a tacantes (quienes pueden por tanto sortear restricciones en ciertos proces... • ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-05:17.devfs.asc •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2005-2019 – FreeBSD-SA-05-13.ipfw.txt
https://notcve.org/view.php?id=CVE-2005-2019
30 Jun 2005 — ipfw in FreeBSD 5.4, when running on Symmetric Multi-Processor (SMP) or Uni Processor (UP) systems with the PREEMPTION kernel option enabled, does not sufficiently lock certain resources while performing table lookups, which can cause the cache results to be corrupted during multiple concurrent lookups, allowing remote attackers to bypass intended access restrictions. The ipfw tables lookup code caches the result of the last query. The kernel may process multiple packets concurrently, performing several con... • ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-05:13.ipfw.asc •
CVSS: 7.5EPSS: 0%CPEs: 20EXPL: 0CVE-2005-2068
https://notcve.org/view.php?id=CVE-2005-2068
30 Jun 2005 — FreeBSD 4.x through 4.11 and 5.x through 5.4 allows remote attackers to modify certain TCP options via a TCP packet with the SYN flag set for an already established session. • ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-05:15.tcp.asc •
CVSS: 7.5EPSS: 80%CPEs: 296EXPL: 2CVE-2005-0356 – TCP TIMESTAMPS - Denial of Service
https://notcve.org/view.php?id=CVE-2005-0356
31 May 2005 — Multiple TCP implementations with Protection Against Wrapped Sequence Numbers (PAWS) with the timestamps option enabled allow remote attackers to cause a denial of service (connection loss) via a spoofed packet with a large timer value, which causes the host to discard later packets because they appear to be too old. • https://www.exploit-db.com/exploits/1008 •
CVSS: 7.8EPSS: 0%CPEs: 10EXPL: 0CVE-2005-1399 – FreeBSD-SA-05-06.iir.txt
https://notcve.org/view.php?id=CVE-2005-1399
06 May 2005 — FreeBSD 4.6 to 4.11 and 5.x to 5.4 uses insecure default permissions for the /dev/iir device, which allows local users to execute restricted ioctl calls to read or modify data on hardware that is controlled by the iir driver. The default permissions on the /dev/iir device node allow unprivileged local users to open the device and execute ioctl calls. Unprivileged local users can send commands to the hardware supported by the iir(4) driver, allowing destruction of data and possible disclosure of data. • ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-05:06.iir.asc •
CVSS: 7.5EPSS: 0%CPEs: 15EXPL: 0CVE-2005-1406 – FreeBSD-SA-05-08.kmem.txt
https://notcve.org/view.php?id=CVE-2005-1406
06 May 2005 — The kernel in FreeBSD 4.x to 4.11 and 5.x to 5.4 does not properly clear certain fixed-length buffers when copying variable-length data for use by applications, which could allow those applications to read previously used sensitive memory. In many parts of the FreeBSD kernel, names (of mount points, devices, files, etc.) are manipulated as NULL-terminated strings, but are provided to applications within fixed-length buffers. • ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-05:08.kmem.asc •
CVSS: 5.5EPSS: 0%CPEs: 9EXPL: 0CVE-2005-1400 – FreeBSD-SA-05-07.ldt
https://notcve.org/view.php?id=CVE-2005-1400
06 May 2005 — The i386_get_ldt system call in FreeBSD 4.7 to 4.11 and 5.x to 5.4 allows local users to access sensitive kernel memory via arguments with negative or very large values. The i386_get_ldt(2) system call allows a process to request that a portion of its Local Descriptor Table be copied from the kernel into userland. The i386_get_ldt(2) syscall performs insufficient validation of its input arguments. In particular, negative or very large values may allow inappropriate data to be copied from the kernel. • ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-05:07.ldt.asc •
CVSS: 5.5EPSS: 0%CPEs: 61EXPL: 0CVE-2005-1126 – Apple Security Advisory 2005-10-31
https://notcve.org/view.php?id=CVE-2005-1126
15 Apr 2005 — The SIOCGIFCONF ioctl (ifconf function) in FreeBSD 4.x through 4.11 and 5.x through 5.4 does not properly clear a buffer before using it, which allows local users to obtain portions of sensitive kernel memory. Flaws for Finder, Software Update, memberd, Keychain, and the kernel have all been addressed in this latest Apple update. • ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-05:04.ifconf.asc • CWE-399: Resource Management Errors •
CVSS: 7.2EPSS: 0%CPEs: 63EXPL: 0CVE-2005-0610
https://notcve.org/view.php?id=CVE-2005-0610
12 Apr 2005 — Multiple symlink vulnerabilities in portupgrade before 20041226_2 in FreeBSD allow local users to (1) overwrite arbitrary files and possibly replace packages to execute arbitrary code via pkg_fetch, (2) overwrite arbitrary files via temporary files when portupgrade upgrades a port or package, or (3) create arbitrary zero-byte files via the pkgdb.fixme temporary file. • http://secunia.com/advisories/14903 •