CVSS: 7.5EPSS: 32%CPEs: 13EXPL: 1CVE-2003-0015 – CVS 1.11.x - Directory Request Double-Free Heap Corruption
https://notcve.org/view.php?id=CVE-2003-0015
Double-free vulnerability in CVS 1.11.4 and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary code via a malformed Directory request, as demonstrated by bypassing write checks to execute Update-prog and Checkin-prog commands. Vulnerabilidad de doble liberación de memoria en CVS 1.11.4 y anteriores permite a atacantes remotos causar una denegación de servicio y posiblemente ejecutar código arbitrario mediante una petición de de directorio mal formada, como ha sido demostrado evitando las comprobaciones de escritura para ejecutar los comandos Update-prog y Checkin-prog. • https://www.exploit-db.com/exploits/22187 http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0028.html http://ccvs.cvshome.org/servlets/NewsItemView?newsID=51&JServSessionIdservlets=5of2iuhr14 http://marc.info/?l=bugtraq&m=104333092200589&w=2 http://marc.info/?l=bugtraq&m=104342550612736&w=2 http://marc.info/?l=bugtraq&m=104428571204468&w=2 http://marc.info/? • CWE-415: Double Free •
CVSS: 5.3EPSS: 2%CPEs: 37EXPL: 3CVE-2003-0001 – Linux Kernel 2.0.x/2.2.x/2.4.x (FreeBSD 4.x) - Network Device Driver Frame Padding Information Disclosure
https://notcve.org/view.php?id=CVE-2003-0001
Multiple ethernet Network Interface Card (NIC) device drivers do not pad frames with null bytes, which allows remote attackers to obtain information from previous packets or kernel memory by using malformed packets, as demonstrated by Etherleak. Múltiples controladores de dispositivo (device drivers) de Tarjetas de Interfaz de Red (Network Interface Card - NIC) Ethernet no rellenan las tramas con bytes nulos, lo que permite a atacantes remotos obtener información de paquetes anteriores o memoria del kernel usando paquetes malformados, como ha sido demostrado por Etherleak. • https://www.exploit-db.com/exploits/22131 https://www.exploit-db.com/exploits/26076 https://www.exploit-db.com/exploits/3555 http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0016.html http://marc.info/?l=bugtraq&m=104222046632243&w=2 http://secunia.com/advisories/7996 http://www.atstake.com/research/advisories/2003/a010603-1.txt http://www.atstake.com/research/advisories/2003/atstake_etherleak_report.pdf http://www.kb.cert.org/vuls/id/412115 http://www.ora • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 2.1EPSS: 0%CPEs: 3EXPL: 0CVE-2002-1669
https://notcve.org/view.php?id=CVE-2002-1669
pkg_add in FreeBSD 4.2 through 4.4 creates a temporary directory with world-searchable permissions, which may allow local users to modify world-writable parts of the package during installation. • ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:01.pkg_add.asc http://www.securityfocus.com/bid/3819 https://exchange.xforce.ibmcloud.com/vulnerabilities/7852 •
CVSS: 2.1EPSS: 0%CPEs: 2EXPL: 0CVE-2002-1667
https://notcve.org/view.php?id=CVE-2002-1667
The virtual memory management system in FreeBSD 4.5-RELEASE and earlier does not properly check the existence of a VM object during page invalidation, which allows local users to cause a denial of service (crash) by calling msync on an unaccessed memory map created with MAP_ANON and MAP_NOSYNC flags. • ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:22.mmap.asc https://exchange.xforce.ibmcloud.com/vulnerabilities/8921 •
CVSS: 1.2EPSS: 0%CPEs: 6EXPL: 0CVE-2002-1674
https://notcve.org/view.php?id=CVE-2002-1674
procfs on FreeBSD before 4.5 allows local users to cause a denial of service (kernel panic) by removing a file that the fstatfs function refers to. • ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:09.fstatfs.asc http://www.securityfocus.com/bid/4040 https://exchange.xforce.ibmcloud.com/vulnerabilities/8112 •