CVSS: 10.0EPSS: 5%CPEs: 11EXPL: 0CVE-2006-4304
https://notcve.org/view.php?id=CVE-2006-4304
24 Aug 2006 — Buffer overflow in the sppp driver in FreeBSD 4.11 through 6.1, NetBSD 2.0 through 4.0 beta before 20060823, and OpenBSD 3.8 and 3.9 before 20060902 allows remote attackers to cause a denial of service (panic), obtain sensitive information, and possibly execute arbitrary code via crafted Link Control Protocol (LCP) packets with an option length that exceeds the overall length, which triggers the overflow in (1) pppoe and (2) ippp. NOTE: this issue was originally incorrectly reported for the ppp driver. Desb... • ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2006-019.txt.asc •
CVSS: 7.1EPSS: 0%CPEs: 27EXPL: 0CVE-2006-2654
https://notcve.org/view.php?id=CVE-2006-2654
02 Jun 2006 — Directory traversal vulnerability in smbfs smbfs on FreeBSD 4.10 up to 6.1 allows local users to escape chroot restrictions for an SMB-mounted filesystem via "..\\" sequences. NOTE: this is similar to CVE-2006-1864, but this is a different implementation of smbfs, so it has a different CVE identifier. • http://secunia.com/advisories/20390 •
CVSS: 7.8EPSS: 0%CPEs: 100EXPL: 0CVE-2006-1283
https://notcve.org/view.php?id=CVE-2006-1283
23 Mar 2006 — opiepasswd in One-Time Passwords in Everything (OPIE) in FreeBSD 4.10-RELEASE-p22 through 6.1-STABLE before 20060322 uses the getlogin function to determine the invoking user account, which might allow local users to configure OPIE access to the root account and possibly gain root privileges if a root shell is permitted by the configuration of the wheel group or sshd. 'opiepasswd' en One-Time Passwords en Everything (OPIE) en FreeBSDE 4.10-RELEASE-p22 a 6.1-STABLE anteriores a 20060322 usa la función "getlo... • ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-06:12.opie.asc •
CVSS: 7.5EPSS: 1%CPEs: 38EXPL: 0CVE-2006-0905
https://notcve.org/view.php?id=CVE-2006-0905
23 Mar 2006 — A "programming error" in fast_ipsec in FreeBSD 4.8-RELEASE through 6.1-STABLE and NetBSD 2 through 3 does not properly update the sequence number associated with a Security Association, which allows packets to pass sequence number checks and allows remote attackers to capture IPSec packets and conduct replay attacks. • ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-06:11.ipsec.asc •
CVSS: 5.5EPSS: 0%CPEs: 28EXPL: 0CVE-2006-0055
https://notcve.org/view.php?id=CVE-2006-0055
11 Jan 2006 — The ispell_op function in ee on FreeBSD 4.10 to 6.0 uses predictable filenames and does not confirm which file is being written, which allows local users to overwrite arbitrary files via a symlink attack when ee invokes ispell. • ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-06:02.ee.asc •
CVSS: 7.5EPSS: 0%CPEs: 5EXPL: 2CVE-2005-4351
https://notcve.org/view.php?id=CVE-2005-4351
31 Dec 2005 — The securelevels implementation in FreeBSD 7.0 and earlier, OpenBSD up to 3.8, DragonFly up to 1.2, and Linux up to 2.6.15 allows root users to bypass immutable settings for files by mounting another filesystem that masks the immutable files while the system is running. • http://archives.neohapsis.com/archives/openbsd/2005-10/1523.html •
CVSS: 7.2EPSS: 0%CPEs: 21EXPL: 0CVE-2005-2218
https://notcve.org/view.php?id=CVE-2005-2218
26 Jul 2005 — The device file system (devfs) in FreeBSD 5.x does not properly check parameters of the node type when creating a device node, which makes hidden devices available to attackers, who can then bypass restrictions on a jailed process. El sistema de ficheros de dispositivos en FreeBSD 5.x no comprueba adecuadamente los parámetros del tipo de nodo cuando crea un nodo de dispositivo, lo que hace que dispositivos ocultos estén disponibles a tacantes (quienes pueden por tanto sortear restricciones en ciertos proces... • ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-05:17.devfs.asc •
CVSS: 7.5EPSS: 0%CPEs: 20EXPL: 0CVE-2005-2068
https://notcve.org/view.php?id=CVE-2005-2068
30 Jun 2005 — FreeBSD 4.x through 4.11 and 5.x through 5.4 allows remote attackers to modify certain TCP options via a TCP packet with the SYN flag set for an already established session. • ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-05:15.tcp.asc •
CVSS: 7.5EPSS: 79%CPEs: 296EXPL: 2CVE-2005-0356 – TCP TIMESTAMPS - Denial of Service
https://notcve.org/view.php?id=CVE-2005-0356
31 May 2005 — Multiple TCP implementations with Protection Against Wrapped Sequence Numbers (PAWS) with the timestamps option enabled allow remote attackers to cause a denial of service (connection loss) via a spoofed packet with a large timer value, which causes the host to discard later packets because they appear to be too old. • https://www.exploit-db.com/exploits/1008 •
CVSS: 7.8EPSS: 0%CPEs: 10EXPL: 0CVE-2005-1399
https://notcve.org/view.php?id=CVE-2005-1399
06 May 2005 — FreeBSD 4.6 to 4.11 and 5.x to 5.4 uses insecure default permissions for the /dev/iir device, which allows local users to execute restricted ioctl calls to read or modify data on hardware that is controlled by the iir driver. • ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-05:06.iir.asc •