Page 40 of 402 results (0.011 seconds)

CVSS: 7.2EPSS: 0%CPEs: 100EXPL: 0

opiepasswd in One-Time Passwords in Everything (OPIE) in FreeBSD 4.10-RELEASE-p22 through 6.1-STABLE before 20060322 uses the getlogin function to determine the invoking user account, which might allow local users to configure OPIE access to the root account and possibly gain root privileges if a root shell is permitted by the configuration of the wheel group or sshd. 'opiepasswd' en One-Time Passwords en Everything (OPIE) en FreeBSDE 4.10-RELEASE-p22 a 6.1-STABLE anteriores a 20060322 usa la función "getlogin" para determinar la cuenta de usuario invocante, lo que podría permitir a usuarios locales para configurar acceso de OPIE a la cuenta 'root' y posiblemente ganar privilegios de root si un intérprete de comandos de root es permitido por la configuración del grupo 'wheel' o sshd. • ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-06:12.opie.asc http://secunia.com/advisories/19347 http://securitytracker.com/id?1015817 http://www.osvdb.org/24067 http://www.securityfocus.com/bid/17194 http://www.vupen.com/english/advisories/2006/1074 https://exchange.xforce.ibmcloud.com/vulnerabilities/25397 •

CVSS: 7.5EPSS: 1%CPEs: 38EXPL: 0

A "programming error" in fast_ipsec in FreeBSD 4.8-RELEASE through 6.1-STABLE and NetBSD 2 through 3 does not properly update the sequence number associated with a Security Association, which allows packets to pass sequence number checks and allows remote attackers to capture IPSec packets and conduct replay attacks. • ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-06:11.ipsec.asc ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2006-011.txt.asc http://secunia.com/advisories/19366 http://securitytracker.com/id?1015809 http://www.osvdb.org/24068 http://www.securityfocus.com/bid/17191 https://exchange.xforce.ibmcloud.com/vulnerabilities/25398 •

CVSS: 5.0EPSS: 4%CPEs: 9EXPL: 0

OpenSSH on FreeBSD 5.3 and 5.4, when used with OpenPAM, does not properly handle when a forked child process terminates during PAM authentication, which allows remote attackers to cause a denial of service (client connection refusal) by connecting multiple times to the SSH server, waiting for the password prompt, then disconnecting. • ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-06:09.openssh.asc http://bugzilla.mindrot.org/show_bug.cgi?id=839 http://securityreason.com/securityalert/520 http://securitytracker.com/id?1015706 http://www.osvdb.org/23797 http://www.securityfocus.com/bid/16892 http://www.vupen.com/english/advisories/2006/0805 https://exchange.xforce.ibmcloud.com/vulnerabilities/25116 • CWE-399: Resource Management Errors •

CVSS: 7.8EPSS: 96%CPEs: 1EXPL: 1

nfsd in FreeBSD 6.0 kernel allows remote attackers to cause a denial of service via a crafted NFS mount request, as demonstrated by the ProtoVer NFS test suite. • https://www.exploit-db.com/exploits/1540 ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-06:10.nfs.asc http://lists.immunitysec.com/pipermail/dailydave/2006-February/002982.html http://secunia.com/advisories/19017 http://securityreason.com/securityalert/521 http://www.osvdb.org/23511 http://www.securityfocus.com/bid/16838 https://exchange.xforce.ibmcloud.com/vulnerabilities/24918 •

CVSS: 5.0EPSS: 6%CPEs: 2EXPL: 0

Selective Acknowledgement (SACK) in FreeBSD 5.3 and 5.4 does not properly handle an incoming selective acknowledgement when there is insufficient memory, which might allow remote attackers to cause a denial of service (infinite loop). • ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-06:08.sack.asc http://secunia.com/advisories/18696 http://securityreason.com/securityalert/399 http://securitytracker.com/id?1015566 http://www.osvdb.org/22861 http://www.securityfocus.com/bid/16466 http://www.vupen.com/english/advisories/2006/0409 https://exchange.xforce.ibmcloud.com/vulnerabilities/24453 •