Page 4 of 36 results (0.009 seconds)

CVSS: 7.1EPSS: 2%CPEs: 2049EXPL: 0

The TCP implementation in (1) Linux, (2) platforms based on BSD Unix, (3) Microsoft Windows, (4) Cisco products, and probably other operating systems allows remote attackers to cause a denial of service (connection queue exhaustion) via multiple vectors that manipulate information in the TCP state table, as demonstrated by sockstress. La implementación del protocolo TCP en (1) Linux, (2) plataformas basadas en BSD Unix, (3) Microsoft Windows, (4) productos Cisco, y probablemente otros sistemas operativos, permite a atacantes remotos provocar una denegación de servicio (agotamiento de cola de conexión) a través de múltiples vectores que manipulan información en la tabla de estados del TCP, como lo demuestra sockstress. • http://blog.robertlee.name/2008/10/conjecture-speculation.html http://insecure.org/stf/tcp-dos-attack-explained.html http://lists.immunitysec.com/pipermail/dailydave/2008-October/005360.html http://marc.info/?l=bugtraq&m=125856010926699&w=2 http://searchsecurity.techtarget.com.au/articles/27154-TCP-is-fundamentally-borked http://www.cisco.com/en/US/products/products_security_advisory09186a0080af511d.shtml http://www.cisco.com/en/US/products/products_security_response09186a0080a15120.html http://www.cpni • CWE-16: Configuration •

CVSS: 2.6EPSS: 0%CPEs: 54EXPL: 0

The Xsession script, as used by X Display Manager (xdm) in NetBSD before 20060212, X.Org before 20060317, and Solaris 8 through 10 before 20061006, allows local users to overwrite arbitrary files, or read another user's Xsession errors file, via a symlink attack on a /tmp/xses-$USER file. La secuencia de comandos Xsession, tambien usado por X Display Manager (xdm) en NetBSD anterior a 12/02/2006, X.Org anterior a 17/03/2006, y Solaris 8 hasta la 10 anterior a 06/10/2006, permiten a un usuario local sobre escribir archivos de su elección, o leer otros ficheros de errores de usuarios de Xsession, a través de un ataque de enlaces simbólicos sobre un archivo/tmp/xses-$USER. • http://secunia.com/advisories/22992 http://securitytracker.com/id?1017015 http://sunsolve.sun.com/search/document.do?assetkey=1-26-102652-1 http://support.avaya.com/elmodocs2/security/ASA-2006-250.htm http://www.netbsd.org/cgi-bin/query-pr-single.pl?number=32805 https://bugs.freedesktop.org/show_bug.cgi?id=5898 https://exchange.xforce.ibmcloud.com/vulnerabilities/29427 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2205 •

CVSS: 5.5EPSS: 0%CPEs: 38EXPL: 0

tip on multiple BSD-based operating systems allows local users to cause a denial of service (execution prevention) by using flock() to lock the /var/log/acculog file. • http://online.securityfocus.com/archive/1/283033 http://www.iss.net/security_center/static/9633.php http://www.securityfocus.com/bid/5265 • CWE-667: Improper Locking •

CVSS: 3.7EPSS: 0%CPEs: 52EXPL: 0

Race condition in exec in OpenBSD 4.0 and earlier, NetBSD 1.5.2 and earlier, and FreeBSD 4.4 and earlier allows local users to gain privileges by attaching a debugger to a process before the kernel has determined that the process is setuid or setgid. • ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:08.exec.asc ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2002-001.txt.asc http://www.osvdb.org/19475 http://www.securityfocus.com/bid/3891 https://exchange.xforce.ibmcloud.com/vulnerabilities/7945 •

CVSS: 7.5EPSS: 19%CPEs: 4EXPL: 0

Buffer overflow in BSD line printer daemon (in.lpd or lpd) in various BSD-based operating systems allows remote attackers to execute arbitrary code via an incomplete print job followed by a request to display the printer queue. • ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2001-018.txt.asc ftp://stage.caldera.com/pub/security/openserver/CSSA-2001-SCO.20/CSSA-2001-SCO.20.txt http://www.cert.org/advisories/CA-2001-30.html http://www.kb.cert.org/vuls/id/274043 http://www.openbsd.com/errata28.html http://www.redhat.com/support/errata/RHSA-2001-147.html http://www.securityfocus.com/bid/3252 http://xforce.iss.net/alerts/advise94.php https://exchange.xforce.ibmcloud.com/vulnera •