CVSS: 7.5EPSS: 0%CPEs: 2049EXPL: 1CVE-2008-4609
https://notcve.org/view.php?id=CVE-2008-4609
20 Oct 2008 — The TCP implementation in (1) Linux, (2) platforms based on BSD Unix, (3) Microsoft Windows, (4) Cisco products, and probably other operating systems allows remote attackers to cause a denial of service (connection queue exhaustion) via multiple vectors that manipulate information in the TCP state table, as demonstrated by sockstress. La implementación del protocolo TCP en (1) Linux, (2) plataformas basadas en BSD Unix, (3) Microsoft Windows, (4) productos Cisco, y probablemente otros sistemas operativos, p... • https://github.com/mrclki/sockstress • CWE-16: Configuration •
CVSS: 9.3EPSS: 8%CPEs: 10EXPL: 0CVE-2008-2476 – TP-Link VxWorks / 2-Series Switches Fail
https://notcve.org/view.php?id=CVE-2008-2476
03 Oct 2008 — The IPv6 Neighbor Discovery Protocol (NDP) implementation in (1) FreeBSD 6.3 through 7.1, (2) OpenBSD 4.2 and 4.3, (3) NetBSD, (4) Force10 FTOS before E7.7.1.1, (5) Juniper JUNOS, and (6) Wind River VxWorks 5.x through 6.4 does not validate the origin of Neighbor Discovery messages, which allows remote attackers to cause a denial of service (loss of connectivity) or read private network traffic via a spoofed message that modifies the Forward Information Base (FIB). La implementación IPv6 Neighbor Discovery ... • ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2008-013.txt.asc • CWE-20: Improper Input Validation •
CVSS: 8.8EPSS: 9%CPEs: 3EXPL: 3CVE-2008-4247 – Multiple Vendor FTP Server - Long Command Handling Security
https://notcve.org/view.php?id=CVE-2008-4247
25 Sep 2008 — ftpd in OpenBSD 4.3, FreeBSD 7.0, NetBSD 4.0, Solaris, and possibly other operating systems interprets long commands from an FTP client as multiple commands, which allows remote attackers to conduct cross-site request forgery (CSRF) attacks and execute arbitrary FTP commands via a long ftp:// URI that leverages an existing session from the FTP client implementation in a web browser. ftpd en OpenBSD 4.3, FreeBSD 7.0, y NetBSD 4.0 interpreta como múltiples comandos los comandos largos desde un cliente FTP, lo... • https://www.exploit-db.com/exploits/32399 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 4CVE-2008-1215 – BSD PPP 'pppx.conf' - Local Denial of Service
https://notcve.org/view.php?id=CVE-2008-1215
09 Mar 2008 — Stack-based buffer overflow in the command_Expand_Interpret function in command.c in ppp (aka user-ppp), as distributed in FreeBSD 6.3 and 7.0, OpenBSD 4.1 and 4.2, and the net/userppp package for NetBSD, allows local users to gain privileges via long commands containing "~" characters. Desbordamiento de búfer basado en pila en la función command_Expand_Interpret de command.c en ppp (aka user-ppp), como se distribuyó en FreeBSD 6.3 y 7.0, OpenBSD 4.1 y 4.2, y el paquete net/userppp para NetBSD, permite a us... • https://www.exploit-db.com/exploits/31333 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 6.8EPSS: 1%CPEs: 198EXPL: 0CVE-2008-1146
https://notcve.org/view.php?id=CVE-2008-1146
04 Mar 2008 — A certain pseudo-random number generator (PRNG) algorithm that uses XOR and 3-bit random hops (aka "Algorithm X3"), as used in OpenBSD 2.8 through 4.2, allows remote attackers to guess sensitive values such as DNS transaction IDs by observing a sequence of previously generated values. NOTE: this issue can be leveraged for attacks such as DNS cache poisoning against OpenBSD's modification of BIND. Cierto algoritmo generador de números pseudo-aleatorios(PRNG) que usa XOR y alterna en saltos de 3-bit (también ... • http://secunia.com/advisories/28819 •
CVSS: 7.5EPSS: 1%CPEs: 198EXPL: 0CVE-2008-1147
https://notcve.org/view.php?id=CVE-2008-1147
04 Mar 2008 — A certain pseudo-random number generator (PRNG) algorithm that uses XOR and 2-bit random hops (aka "Algorithm X2"), as used in OpenBSD 2.6 through 3.4, Mac OS X 10 through 10.5.1, FreeBSD 4.4 through 7.0, and DragonFlyBSD 1.0 through 1.10.1, allows remote attackers to guess sensitive values such as IP fragmentation IDs by observing a sequence of previously generated values. NOTE: this issue can be leveraged for attacks such as injection into TCP packets and OS fingerprinting. Cierto algoritmo generador de n... • http://seclists.org/bugtraq/2008/Feb/0052.html •
CVSS: 7.5EPSS: 1%CPEs: 198EXPL: 0CVE-2008-1148
https://notcve.org/view.php?id=CVE-2008-1148
04 Mar 2008 — A certain pseudo-random number generator (PRNG) algorithm that uses ADD with 0 random hops (aka "Algorithm A0"), as used in OpenBSD 3.5 through 4.2 and NetBSD 1.6.2 through 4.0, allows remote attackers to guess sensitive values such as (1) DNS transaction IDs or (2) IP fragmentation IDs by observing a sequence of previously generated values. NOTE: this issue can be leveraged for attacks such as DNS cache poisoning, injection into TCP packets, and OS fingerprinting. Cierto algoritmo generador de números pseu... • http://secunia.com/advisories/28819 •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2008-1057
https://notcve.org/view.php?id=CVE-2008-1057
28 Feb 2008 — The ip6_check_rh0hdr function in netinet6/ip6_input.c in OpenBSD 4.2 allows attackers to cause a denial of service (panic) via malformed IPv6 routing headers. La función ip6_check_rh0hdr de netinet6/ip6_input.c en OpenBSD 4.2, permite a atacantes provocar una denegación de servicio (error irrecuperable del sistema) a través de cabeceras de enrutamiento IPv6 mal formadas. • http://secunia.com/advisories/29078 •
CVSS: 7.8EPSS: 2%CPEs: 2EXPL: 0CVE-2008-1058
https://notcve.org/view.php?id=CVE-2008-1058
28 Feb 2008 — The tcp_respond function in netinet/tcp_subr.c in OpenBSD 4.1 and 4.2 allows attackers to cause a denial of service (panic) via crafted TCP packets. NOTE: some of these details are obtained from third party information. Vulnerabilidad de Denegación de servicio en netinet/tcp_subr.c en OpenBSD 4.1 y 4.2, que permite a atacantes remotos causar una denegación de servicio (kernel panic) a través de paquetes TCP manipulados. NOTA: algunos d estos detalles han sido obtenidos de información de terceros. • http://secunia.com/advisories/29078 •
CVSS: 6.1EPSS: 3%CPEs: 1EXPL: 2CVE-2007-6700 – OpenBSD 4.1 - bgplg 'cmd' Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2007-6700
05 Feb 2008 — Cross-site scripting (XSS) vulnerability in cgi-bin/bgplg in the web interface for the BGPD daemon in OpenBSD 4.1 allows remote attackers to inject arbitrary web script or HTML via the cmd parameter. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en cgi-bin/bgplg en la interfaz web para el demonio BGPD de OpernBSD 4.1 permite a atacantes remotos inyectar web script o HTML de su elección a través del parámetro cmd. • https://www.exploit-db.com/exploits/31081 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •