CVSS: 7.5EPSS: 1%CPEs: 198EXPL: 0CVE-2008-1147
https://notcve.org/view.php?id=CVE-2008-1147
04 Mar 2008 — A certain pseudo-random number generator (PRNG) algorithm that uses XOR and 2-bit random hops (aka "Algorithm X2"), as used in OpenBSD 2.6 through 3.4, Mac OS X 10 through 10.5.1, FreeBSD 4.4 through 7.0, and DragonFlyBSD 1.0 through 1.10.1, allows remote attackers to guess sensitive values such as IP fragmentation IDs by observing a sequence of previously generated values. NOTE: this issue can be leveraged for attacks such as injection into TCP packets and OS fingerprinting. Cierto algoritmo generador de n... • http://seclists.org/bugtraq/2008/Feb/0052.html •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 1CVE-2008-0777
https://notcve.org/view.php?id=CVE-2008-0777
15 Feb 2008 — The sendfile system call in FreeBSD 5.5 through 7.0 does not check the access flags of the file descriptor used for sending a file, which allows local users to read the contents of write-only files. La llamada al sistema de envío de ficheros (sendfile) en FreeBSD 5.5 hasta 7.0 no comprueba los indicadores de acceso del descriptor del fichero utilizado para enviar un archivo, esto permite a usuarios locales leer los contenidos de los ficheros de sólo-escritura. • http://secunia.com/advisories/28928 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 5.5EPSS: 0%CPEs: 13EXPL: 0CVE-2008-0216
https://notcve.org/view.php?id=CVE-2008-0216
16 Jan 2008 — The ptsname function in FreeBSD 6.0 through 7.0-PRERELEASE does not properly verify that a certain portion of a device name is associated with a pty of a user who is calling the pt_chown function, which might allow local users to read data from the pty from another user. La función ptsname en FreeBSD 6.0 hasta el 7.0-PRERELEASE no verifica de forma adecuada que una cierta porción de un nombre de dispositivo está asociado con un pty de un usuario quien está llamando a la función, la cual podría permitir a us... • http://secunia.com/advisories/28498 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.8EPSS: 0%CPEs: 7EXPL: 0CVE-2008-0217
https://notcve.org/view.php?id=CVE-2008-0217
16 Jan 2008 — The script program in FreeBSD 5.0 through 7.0-PRERELEASE invokes openpty, which creates a pseudo-terminal with world-readable and world-writable permissions when it is not run as root, which allows local users to read data from the terminal of the user running script. La secuencia de comandos en FreeBSD 5.0 hasta 7.0-PRERELEASE llama a openpty, el cual crea un pseudo-terminal con permisos: lectura-todos y escritura-todos cuando no está funcionando como root, lo cual permite a usuarios locales leer datos des... • http://secunia.com/advisories/28498 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.1EPSS: 0%CPEs: 5EXPL: 0CVE-2007-6150
https://notcve.org/view.php?id=CVE-2007-6150
30 Nov 2007 — The "internal state tracking" code for the random and urandom devices in FreeBSD 5.5, 6.1 through 6.3, and 7.0 beta 4 allows local users to obtain portions of previously-accessed random values, which could be leveraged to bypass protection mechanisms that rely on secrecy of those values. El código de "seguimiento del estado interno" para los dispositivos random y urandom de FreeBSD 5.5, 6.1 hasta 6.3, y 7.0 beta 4 permite a usuarios locales obtener parte de valores aleatorios que han sido accedidos previame... • http://osvdb.org/39600 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 9.8EPSS: 74%CPEs: 49EXPL: 2CVE-2007-3798 – tcpdump - Print-bgp.C Remote Integer Underflow
https://notcve.org/view.php?id=CVE-2007-3798
16 Jul 2007 — Integer overflow in print-bgp.c in the BGP dissector in tcpdump 3.9.6 and earlier allows remote attackers to execute arbitrary code via crafted TLVs in a BGP packet, related to an unchecked return value. Un desbordamiento de enteros en el archivo print-bgp.c en el disector BGP en tcpdump versión 3.9.6 y anteriores, permite a atacantes remotos ejecutar código arbitrario por medio de TLVs especialmente diseñados en un paquete BGP, relacionado a un valor de retorno no comprobado. • https://www.exploit-db.com/exploits/30319 • CWE-190: Integer Overflow or Wraparound CWE-252: Unchecked Return Value •
CVSS: 6.6EPSS: 0%CPEs: 2EXPL: 1CVE-2007-0267 – Apple Mac OSX 10.4.8 - DMG UFS UFS_LookUp Denial of Service
https://notcve.org/view.php?id=CVE-2007-0267
17 Jan 2007 — The ufs_lookup function in the Mac OS X 10.4.8 and FreeBSD 6.1 kernels allows local users to cause a denial of service (kernel panic) and possibly corrupt other filesystems by mounting a crafted UNIX File System (UFS) DMG image that contains a corrupted directory entry (struct direct), related to the ufs_dirbad function. NOTE: a third party states that the FreeBSD issue does not cross privilege boundaries. La función ufs_lookup en los kernel de Mac OS X versión 10.4.8 y FreeBSD versión 6.1, permite a los us... • https://www.exploit-db.com/exploits/29452 • CWE-399: Resource Management Errors •
CVSS: 7.8EPSS: 2%CPEs: 3EXPL: 2CVE-2007-0229 – Apple Mac OSX 10.4.8 - DMG UFS FFS_MountFS Integer Overflow
https://notcve.org/view.php?id=CVE-2007-0229
13 Jan 2007 — Integer overflow in the ffs_mountfs function in Mac OS X 10.4.8 and FreeBSD 6.1 allows local users to cause a denial of service (panic) and possibly gain privileges via a crafted DMG image that causes "allocation of a negative size buffer" leading to a heap-based buffer overflow, a related issue to CVE-2006-5679. NOTE: a third party states that this issue does not cross privilege boundaries in FreeBSD because only root may mount a filesystem. Un desbordamiento de enteros en la función ffs_mountfs en Mac OS ... • https://www.exploit-db.com/exploits/29441 • CWE-189: Numeric Errors •
CVSS: 6.6EPSS: 0%CPEs: 2EXPL: 1CVE-2007-0166
https://notcve.org/view.php?id=CVE-2007-0166
11 Jan 2007 — The jail rc.d script in FreeBSD 5.3 up to 6.2 does not verify pathnames when writing to /var/log/console.log during a jail start-up, or when file systems are mounted or unmounted, which allows local root users to overwrite arbitrary files, or mount/unmount files, outside of the jail via a symlink attack. El script de cárcel rc.d en FreeBSD 5.3 hasta to 6.2 no verifica nombres de ruta cuando escribe en /var/log/console.log durante un arranque de cárcel, o cuando ficheros del sistema están montados o desmonta... • http://osvdb.org/32726 •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2006-5824
https://notcve.org/view.php?id=CVE-2006-5824
09 Nov 2006 — Integer overflow in the ffs_rdextattr function in FreeBSD 6.1 allows local users to cause a denial of service (kernel panic) and trigger a heap-based buffer overflow via a crafted UFS filesystem, a different vulnerability than CVE-2006-5679. NOTE: a third party states that this issue does not cross privilege boundaries in FreeBSD because only root may mount a filesystem. Desbordamiento de búfer en la función ffs_rdextattr de FreeBSD 6.1 permite a usuarios locales provocar una denegación de servicio (kernel ... • http://lists.freebsd.org/pipermail/freebsd-security/2007-January/004218.html •