CVSS: 7.5EPSS: 0%CPEs: 4EXPL: 0CVE-2006-6654
https://notcve.org/view.php?id=CVE-2006-6654
20 Dec 2006 — The sendmsg function in NetBSD-current before 20061023, NetBSD 3.0 and 3.0.1 before 20061024, and NetBSD 2.x before 20061029, when run on a 64-bit architecture, allows attackers to cause a denial of service (kernel panic) via an invalid msg_controllen parameter to the sendit function. La función sendmsg en NetBSD-current versiones anteriores a 20061023, NetBSD 3.0 y 3.0.1 versiones anteriores a 20061024, y NetBSD 2.x versiones anteriores a 20061029, cuando se ejecutan en arquitecturas de 64-bit, permite a a... • ftp://ftp.NetBSD.org/pub/NetBSD/security/advisories/NetBSD-SA2006-026.txt.asc •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2006-6655
https://notcve.org/view.php?id=CVE-2006-6655
20 Dec 2006 — The procfs implementation in NetBSD-current before 20061023, NetBSD 3.0 and 3.0.1 before 20061024, and NetBSD 2.x before 20061029 allows local users to cause a denial of service (kernel panic) by attempting to access /emul/linux/proc/0/stat on a procfs filesystem that was mounted with mount_procfs -o linux, which results in a NULL pointer dereference. La implementación de procfs en NetBSD-current anterior al 23/10/2006, NetBSD 3.0 y 3.0.1 anterior al 29/10/2006 permite a usuarios locales provocar una denega... • ftp://ftp.NetBSD.org/pub/NetBSD/security/advisories/NetBSD-SA2006-026.txt.asc •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2006-6656
https://notcve.org/view.php?id=CVE-2006-6656
20 Dec 2006 — Unspecified vulnerability in ptrace in NetBSD-current before 20061027, NetBSD 3.0 and 3.0.1 before 20061027, and NetBSD 2.x before 20061119 allows local users to read kernel memory and obtain sensitive information via certain manipulations of a PT_LWPINFO request, which leads to a memory leak and information leak. Vulnerabilidad no especificada en ptrace en NetBSD-current versiones anteriores a 20061027, NetBSD 3.0 y 3.0.1 versiones anteriores a 20061027, y NetBSD 2.x versiones anteriores a 20061019, permit... • ftp://ftp.NetBSD.org/pub/NetBSD/security/advisories/NetBSD-SA2006-025.txt.asc •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2006-6657
https://notcve.org/view.php?id=CVE-2006-6657
20 Dec 2006 — The if_clone_list function in NetBSD-current before 20061027, NetBSD 3.0 and 3.0.1 before 20061027, and NetBSD 2.x before 20061119 allows local users to read potentially sensitive, uninitialized stack memory via unspecified vectors. La función if_clone_list en NetBSD-current anterior al 27/10/2006, NetBSD 3.0 y 3.0.1 anterior al 27/10/2006, y NetBSD 2.x anterior al 19/11/2006 permite a usuarios locales leer información potencialmente sensible de la memoria de la pila que no ha sido inicializada mediante vec... • ftp://ftp.NetBSD.org/pub/NetBSD/security/advisories/NetBSD-SA2006-025.txt.asc •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2006-6397
https://notcve.org/view.php?id=CVE-2006-6397
08 Dec 2006 — Integer overflow in banner/banner.c in FreeBSD, NetBSD, and OpenBSD might allow local users to modify memory via a long banner. NOTE: CVE and multiple third parties dispute this issue. Since banner is not setuid, an exploit would not cross privilege boundaries in normal operations. This issue is not a vulnerability ** IMPUGNADO ** Desbordamiento de entero en banner/banner.c de FreeBSD, NetBSD, y OpenBSD podría permitir a usuarios locales modificar la memoria mediante un banner largo. NOTA: CVE y múltiples t... • http://www.securityfocus.com/archive/1/452322/100/200/threaded •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2006-6165
https://notcve.org/view.php?id=CVE-2006-6165
29 Nov 2006 — ld.so in FreeBSD, NetBSD, and possibly other BSD distributions does not remove certain harmful environment variables, which allows local users to gain privileges by passing certain environment variables to loading processes. NOTE: this issue has been disputed by a third party, stating that it is the responsibility of the application to properly sanitize the environment ** IMPUGNADA ** ld.so en FreeBSD, NetBSD, u posiblemente otras distribuciones BSD no borran ciertas variables de entorno perjudiciales, lo c... • http://www.securityfocus.com/archive/1/452371/100/0/threaded •
CVSS: 7.1EPSS: 0%CPEs: 5EXPL: 0CVE-2006-6013
https://notcve.org/view.php?id=CVE-2006-6013
21 Nov 2006 — Integer signedness error in the fw_ioctl (FW_IOCTL) function in the FireWire (IEEE-1394) drivers (dev/firewire/fwdev.c) in various BSD kernels, including DragonFlyBSD, FreeBSD 5.5, MidnightBSD 0.1-CURRENT before 20061115, NetBSD-current before 20061116, NetBSD-4 before 20061203, and TrustedBSD, allows local users to read arbitrary memory contents via certain negative values of crom_buf->len in an FW_GCROM command. NOTE: this issue has been labeled as an integer overflow, but it is more like an integer signe... • http://archives.neohapsis.com/archives/fulldisclosure/2006-11/0261.html •
CVSS: 7.1EPSS: 0%CPEs: 3EXPL: 1CVE-2006-5218
https://notcve.org/view.php?id=CVE-2006-5218
09 Oct 2006 — Integer overflow in the systrace_preprepl function (STRIOCREPLACE) in systrace in OpenBSD 3.9 and NetBSD 3 allows local users to cause a denial of service (crash), gain privileges, or read arbitrary kernel memory via large numeric arguments to the systrace ioctl. Desbordamiento de entero en la función systrace_preprepl (STRIOCREPLACE) en systrace de OpenBSD 3.9 y NetBSD 3 permite a usuarios locales provocar una denegación de servicio (caída), escalar privilegios, o leer memoria del núcleo de su elección med... • http://openbsd.org/errata.html#systrace •
CVSS: 4.7EPSS: 0%CPEs: 5EXPL: 0CVE-2006-5214
https://notcve.org/view.php?id=CVE-2006-5214
09 Oct 2006 — Race condition in the Xsession script, as used by X Display Manager (xdm) in NetBSD before 20060212, X.Org before 20060225, and Solaris 8 through 10 before 20061006, causes a user's Xsession errors file to have weak permissions before a chmod is performed, which allows local users to read Xsession errors files of other users. Condición de carrera en la secuencia de comandos Xsession, usada por el Administrador de pantalla X (X Display Manager, xdm) en NetBSD anerior al 12/02/2006, X.Org anterior al 25/02/20... • http://secunia.com/advisories/22323 •
CVSS: 5.5EPSS: 0%CPEs: 54EXPL: 0CVE-2006-5215
https://notcve.org/view.php?id=CVE-2006-5215
09 Oct 2006 — The Xsession script, as used by X Display Manager (xdm) in NetBSD before 20060212, X.Org before 20060317, and Solaris 8 through 10 before 20061006, allows local users to overwrite arbitrary files, or read another user's Xsession errors file, via a symlink attack on a /tmp/xses-$USER file. La secuencia de comandos Xsession, tambien usado por X Display Manager (xdm) en NetBSD anterior a 12/02/2006, X.Org anterior a 17/03/2006, y Solaris 8 hasta la 10 anterior a 06/10/2006, permiten a un usuario local sobre es... • http://secunia.com/advisories/22992 •