CVSS: 7.5EPSS: 25%CPEs: 13EXPL: 3CVE-2011-0419 – Apache 1.4/2.2.x - APR 'apr_fnmatch()' Denial of Service
https://notcve.org/view.php?id=CVE-2011-0419
16 May 2011 — Stack consumption vulnerability in the fnmatch implementation in apr_fnmatch.c in the Apache Portable Runtime (APR) library before 1.4.3 and the Apache HTTP Server before 2.2.18, and in fnmatch.c in libc in NetBSD 5.1, OpenBSD 4.8, FreeBSD, Apple Mac OS X 10.6, Oracle Solaris 10, and Android, allows context-dependent attackers to cause a denial of service (CPU and memory consumption) via *? sequences in the first argument, as demonstrated by attacks against mod_autoindex in httpd. Vulnerabilidad de agotamie... • https://www.exploit-db.com/exploits/35738 • CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 9.8EPSS: 14%CPEs: 5EXPL: 1CVE-2011-1547 – IPComp - encapsulation Kernel Memory Corruption
https://notcve.org/view.php?id=CVE-2011-1547
09 May 2011 — Multiple stack consumption vulnerabilities in the kernel in NetBSD 4.0, 5.0 before 5.0.3, and 5.1 before 5.1.1, when IPsec is enabled, allow remote attackers to cause a denial of service (memory corruption and panic) or possibly have unspecified other impact via a crafted (1) IPv4 or (2) IPv6 packet with nested IPComp headers. Multiples vulnerabilidades de consumos de pila en el Kernel de NetBSD v4.0, v5.0 con anterioridad a v5.0.3 y v5.1 con anterioridad a v5.1.1, IPsec cuando está activada, permite a atac... • https://www.exploit-db.com/exploits/17097 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 6.5EPSS: 1%CPEs: 5EXPL: 3CVE-2010-4754
https://notcve.org/view.php?id=CVE-2010-4754
02 Mar 2011 — The glob implementation in libc in FreeBSD 7.3 and 8.1, NetBSD 5.0.2, and OpenBSD 4.7, and Libsystem in Apple Mac OS X before 10.6.8, allows remote authenticated users to cause a denial of service (CPU and memory consumption) via crafted glob expressions that do not match any pathnames, as demonstrated by glob expressions in STAT commands to an FTP daemon, a different vulnerability than CVE-2010-2632. La implementación glob en libc en FreeBSD versiones 7.3 y 8.1, NetBSD versión 5.0.2 y OpenBSD versión 4.7, ... • http://cvsweb.netbsd.org/cgi-bin/cvsweb.cgi/src/lib/libc/gen/glob.3#rev1.30.12.1 • CWE-399: Resource Management Errors •
CVSS: 6.5EPSS: 0%CPEs: 84EXPL: 3CVE-2010-4755 – Gentoo Linux Security Advisory 201405-06
https://notcve.org/view.php?id=CVE-2010-4755
02 Mar 2011 — The (1) remote_glob function in sftp-glob.c and the (2) process_put function in sftp.c in OpenSSH 5.8 and earlier, as used in FreeBSD 7.3 and 8.1, NetBSD 5.0.2, OpenBSD 4.7, and other products, allow remote authenticated users to cause a denial of service (CPU and memory consumption) via crafted glob expressions that do not match any pathnames, as demonstrated by glob expressions in SSH_FXP_STAT requests to an sftp daemon, a different vulnerability than CVE-2010-2632. La (1) función remote_glob en sftp-glob... • http://cvsweb.netbsd.org/cgi-bin/cvsweb.cgi/src/crypto/dist/ssh/Attic/sftp-glob.c#rev1.13.12.1 • CWE-399: Resource Management Errors •
CVSS: 5.5EPSS: 0%CPEs: 42EXPL: 0CVE-2010-2530
https://notcve.org/view.php?id=CVE-2010-2530
29 Sep 2010 — Multiple integer signedness errors in smb_subr.c in the netsmb module in the kernel in NetBSD 5.0.2 and earlier, FreeBSD, and Apple Mac OS X allow local users to cause a denial of service (panic) via a negative size value in a /dev/nsmb ioctl operation, as demonstrated by a (1) SMBIOC_LOOKUP or (2) SMBIOC_OPENSESSION ioctl call. Múltiples errores de signo entero en smb_subr.c en el módulo netsmb en el kernel de NetBSD v5.0.2 y versiones anteriores, FreeBSD y Mac OS X permite a usuarios locales causar una de... • http://cvsweb.netbsd.org/bsdweb.cgi/src/sys/netsmb/smb_subr.c.diff?r1=1.34&r2=1.35&only_with_tag=MAIN&f=h • CWE-189: Numeric Errors •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2010-0561
https://notcve.org/view.php?id=CVE-2010-0561
08 Feb 2010 — Integer signedness error in NetBSD 4.0, 5.0, and NetBSD-current before 2010-01-21 allows local users to cause a denial of service (kernel panic) via a negative mixer index number being passed to (1) the azalia_query_devinfo function in the azalia audio driver (src/sys/dev/pci/azalia.c) or (2) the hdaudio_afg_query_devinfo function in the hdaudio audio driver (src/sys/dev/pci/hdaudio/hdaudio_afg.c). Error de presencia de signo entero en NetBSD v4.0, v5.0, y NetBSD-current anterior a 2010-01-21, permite a usu... • http://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2010-003.txt.asc • CWE-189: Numeric Errors •
CVSS: 7.8EPSS: 0%CPEs: 30EXPL: 1CVE-2009-2793 – NetBSD 5.0.1 - 'IRET' General Protection Fault Handling Privilege Escalation
https://notcve.org/view.php?id=CVE-2009-2793
18 Sep 2009 — The kernel in NetBSD, probably 5.0.1 and earlier, on x86 platforms does not properly handle a pre-commit failure of the iret instruction, which might allow local users to gain privileges via vectors related to a tempEIP pseudocode variable that is outside of the code-segment limits. El kernel en NetBSD, posiblemente 5.0.1 y anteriores, en plataformas x86 no gestiona adecuadamente el fallo de preasignación de la instrucción "iret", lo que permitiría a usuarios locales conseguir privilegios a través de vector... • https://www.exploit-db.com/exploits/33229 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.8EPSS: 12%CPEs: 7EXPL: 3CVE-2009-0687 – Multiple Vendor - PF Null Pointer Dereference
https://notcve.org/view.php?id=CVE-2009-0687
11 Aug 2009 — The pf_test_rule function in OpenBSD Packet Filter (PF), as used in OpenBSD 4.2 through 4.5, NetBSD 5.0 before RC3, MirOS 10 and earlier, and MidnightBSD 0.3-current allows remote attackers to cause a denial of service (panic) via crafted IP packets that trigger a NULL pointer dereference during translation, related to an IPv4 packet with an ICMPv6 payload. La función pf_test_rule de OpenBSD Packet Filter (PF), tal como es usada en OpenBSD v4.2 hasta v4.5, NetBSD v5.0 anterior a RC3, MirOS v10 y anteriores ... • https://www.exploit-db.com/exploits/8581 • CWE-399: Resource Management Errors •
CVSS: 7.1EPSS: 0%CPEs: 7EXPL: 0CVE-2009-2482
https://notcve.org/view.php?id=CVE-2009-2482
16 Jul 2009 — The pam_unix module in OpenPAM in NetBSD 4.0 before 4.0.2 and 5.0 before 5.0.1 allows local users to change the current root password if it is already known, even when they are not in the wheel group. El módulo pam_unix en OpenPAM en NetBSD v4.0 anteriores a v4.0.2 y v5.0 anteriores a v5.0.1 permite a los usuarios locales cambiar la contraseña de administrador actual si ya se conoce, aún cuando no están en el grupo "wheel ". • ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2009-004.txt.asc • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2009-2483
https://notcve.org/view.php?id=CVE-2009-2483
16 Jul 2009 — libprop/prop_object.c in proplib in NetBSD 4.0 and 4.0.1 allows local users to cause a denial of service (NULL pointer dereference and kernel panic) via a malformed externalized plist (XML form) containing an undefined element. libprop/prop_object.c en proplib en NetBSD v4.0 y v4.0.1 permite a los usuarios locales causar una denegación de servicio (puntero NULO desreferenciado y pánico del kernel) a través de un plist externalizada malformada (formulario XML) conteniendo un elemento no definido. • ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2009-003.txt.asc • CWE-189: Numeric Errors •