CVSS: 5.9EPSS: 18%CPEs: 18EXPL: 1CVE-2003-0078 – OpenSSL 0.9.x - CBC Error Information Leakage
https://notcve.org/view.php?id=CVE-2003-0078
03 Mar 2003 — ssl3_get_record in s3_pkt.c for OpenSSL before 0.9.7a and 0.9.6 before 0.9.6i does not perform a MAC computation if an incorrect block cipher padding is used, which causes an information leak (timing discrepancy) that may make it easier to launch cryptographic attacks that rely on distinguishing between padding and MAC verification errors, possibly leading to extraction of the original plaintext, aka the "Vaudenay timing attack." ssl3_get_record en s3_ptk.c de OpenSSL anteriores a 0.9.7a y 0.9.6 anteriores ... • https://www.exploit-db.com/exploits/22264 • CWE-203: Observable Discrepancy •
CVSS: 9.8EPSS: 62%CPEs: 13EXPL: 1CVE-2003-0015 – CVS 1.11.x - Directory Request Double-Free Heap Corruption
https://notcve.org/view.php?id=CVE-2003-0015
23 Jan 2003 — Double-free vulnerability in CVS 1.11.4 and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary code via a malformed Directory request, as demonstrated by bypassing write checks to execute Update-prog and Checkin-prog commands. Vulnerabilidad de doble liberación de memoria en CVS 1.11.4 y anteriores permite a atacantes remotos causar una denegación de servicio y posiblemente ejecutar código arbitrario mediante una petición de de directorio mal formada, como ha sido de... • https://www.exploit-db.com/exploits/22187 • CWE-415: Double Free •
CVSS: 5.3EPSS: 3%CPEs: 37EXPL: 5CVE-2003-0001 – Cisco ASA < 8.4.4.6 < 8.2.5.32 - Ethernet Information Leak
https://notcve.org/view.php?id=CVE-2003-0001
08 Jan 2003 — Multiple ethernet Network Interface Card (NIC) device drivers do not pad frames with null bytes, which allows remote attackers to obtain information from previous packets or kernel memory by using malformed packets, as demonstrated by Etherleak. Múltiples controladores de dispositivo (device drivers) de Tarjetas de Interfaz de Red (Network Interface Card - NIC) Ethernet no rellenan las tramas con bytes nulos, lo que permite a atacantes remotos obtener información de paquetes anteriores o memoria del kernel ... • https://packetstorm.news/files/id/121969 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 0CVE-2002-1674
https://notcve.org/view.php?id=CVE-2002-1674
31 Dec 2002 — procfs on FreeBSD before 4.5 allows local users to cause a denial of service (kernel panic) by removing a file that the fstatfs function refers to. • ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:09.fstatfs.asc •
CVSS: 7.0EPSS: 0%CPEs: 52EXPL: 0CVE-2002-2092
https://notcve.org/view.php?id=CVE-2002-2092
31 Dec 2002 — Race condition in exec in OpenBSD 4.0 and earlier, NetBSD 1.5.2 and earlier, and FreeBSD 4.4 and earlier allows local users to gain privileges by attaching a debugger to a process before the kernel has determined that the process is setuid or setgid. • ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:08.exec.asc •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2002-1667
https://notcve.org/view.php?id=CVE-2002-1667
31 Dec 2002 — The virtual memory management system in FreeBSD 4.5-RELEASE and earlier does not properly check the existence of a VM object during page invalidation, which allows local users to cause a denial of service (crash) by calling msync on an unaccessed memory map created with MAP_ANON and MAP_NOSYNC flags. • ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:22.mmap.asc •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2002-1669
https://notcve.org/view.php?id=CVE-2002-1669
31 Dec 2002 — pkg_add in FreeBSD 4.2 through 4.4 creates a temporary directory with world-searchable permissions, which may allow local users to modify world-writable parts of the package during installation. • ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:01.pkg_add.asc •
CVSS: 5.5EPSS: 0%CPEs: 38EXPL: 0CVE-2002-1915
https://notcve.org/view.php?id=CVE-2002-1915
31 Dec 2002 — tip on multiple BSD-based operating systems allows local users to cause a denial of service (execution prevention) by using flock() to lock the /var/log/acculog file. • http://online.securityfocus.com/archive/1/283033 • CWE-667: Improper Locking •
CVSS: 7.5EPSS: 3%CPEs: 21EXPL: 0CVE-2002-1221
https://notcve.org/view.php?id=CVE-2002-1221
29 Nov 2002 — BIND 8.x through 8.3.3 allows remote attackers to cause a denial of service (crash) via SIG RR elements with invalid expiry times, which are removed from the internal BIND database and later cause a null dereference. BIND 8.x a 8.3.3 permite a atacantes remotos causar una denegación de servicio (caída) mediante elementos registro de recurso (RR) SIG con fecha de expiració inválida, que son eliminados de la la base de datos interna de BIND y luego causan una desreferencia a nulo. • http://bvlive01.iss.net/issEn/delivery/xforce/alertdetail.jsp?oid=21469 •
CVSS: 9.8EPSS: 7%CPEs: 24EXPL: 0CVE-2002-1219
https://notcve.org/view.php?id=CVE-2002-1219
29 Nov 2002 — Buffer overflow in named in BIND 4 versions 4.9.10 and earlier, and 8 versions 8.3.3 and earlier, allows remote attackers to execute arbitrary code via a certain DNS server response containing SIG resource records (RR). Desbordamiento de búfer en BIND versiones 4 anteriores a 4.9.10, y versiones 8 anteriores a 8.3.3, permite a atacantes remotos ejecutar código arbitrario mediante una cierta respuesta de servidor DNS conteniendo registros de recursos (RR) SIG. • ftp://patches.sgi.com/support/free/security/advisories/20021201-01-P •