CVSS: 2.1EPSS: 0%CPEs: 4EXPL: 0CVE-2002-2280
https://notcve.org/view.php?id=CVE-2002-2280
31 Dec 2002 — syslogd on OpenBSD 2.9 through 3.2 does not change the source IP address of syslog packets when the machine's IP addressed is changed without rebooting, e.g. via ifconfig, which can cause incorrect information to be sent to the syslog server. • http://archives.neohapsis.com/archives/bugtraq/2002-11/0272.html • CWE-16: Configuration •
CVSS: 7.5EPSS: 2%CPEs: 15EXPL: 0CVE-2002-1345
https://notcve.org/view.php?id=CVE-2002-1345
17 Dec 2002 — Directory traversal vulnerabilities in multiple FTP clients on UNIX systems allow remote malicious FTP servers to create or overwrite files as the client user via filenames containing /absolute/path or .. (dot dot) sequences. • ftp://patches.sgi.com/support/free/security/advisories/20021205-01-A •
CVSS: 9.8EPSS: 7%CPEs: 24EXPL: 0CVE-2002-1219
https://notcve.org/view.php?id=CVE-2002-1219
29 Nov 2002 — Buffer overflow in named in BIND 4 versions 4.9.10 and earlier, and 8 versions 8.3.3 and earlier, allows remote attackers to execute arbitrary code via a certain DNS server response containing SIG resource records (RR). Desbordamiento de búfer en BIND versiones 4 anteriores a 4.9.10, y versiones 8 anteriores a 8.3.3, permite a atacantes remotos ejecutar código arbitrario mediante una cierta respuesta de servidor DNS conteniendo registros de recursos (RR) SIG. • ftp://patches.sgi.com/support/free/security/advisories/20021201-01-P •
CVSS: 7.5EPSS: 19%CPEs: 11EXPL: 1CVE-2002-1220 – ISC BIND 8.3.x - OPT Record Large UDP Denial of Service
https://notcve.org/view.php?id=CVE-2002-1220
29 Nov 2002 — BIND 8.3.x through 8.3.3 allows remote attackers to cause a denial of service (termination due to assertion failure) via a request for a subdomain that does not exist, with an OPT resource record with a large UDP payload size. BIND 8.3.x a 8.3.3 permite a atacantes remotos causar una denegación de servicio (terminación debido a fallo en aseveración) mediante una petición para un subdominio que no existe, con un registro de recurso OPT con una carga UDP grande. • https://www.exploit-db.com/exploits/22011 •
CVSS: 7.5EPSS: 3%CPEs: 21EXPL: 0CVE-2002-1221
https://notcve.org/view.php?id=CVE-2002-1221
29 Nov 2002 — BIND 8.x through 8.3.3 allows remote attackers to cause a denial of service (crash) via SIG RR elements with invalid expiry times, which are removed from the internal BIND database and later cause a null dereference. BIND 8.x a 8.3.3 permite a atacantes remotos causar una denegación de servicio (caída) mediante elementos registro de recurso (RR) SIG con fecha de expiració inválida, que son eliminados de la la base de datos interna de BIND y luego causan una desreferencia a nulo. • http://bvlive01.iss.net/issEn/delivery/xforce/alertdetail.jsp?oid=21469 •
CVSS: 7.2EPSS: 0%CPEs: 3EXPL: 0CVE-2002-0766
https://notcve.org/view.php?id=CVE-2002-0766
12 Aug 2002 — OpenBSD 2.9 through 3.1 allows local users to cause a denial of service (resource exhaustion) and gain root privileges by filling the kernel's file descriptor table and closing file descriptors 0, 1, or 2 before executing a privileged process, which is not properly handled when OpenBSD fails to open an alternate descriptor. • http://online.securityfocus.com/archive/1/271702 •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 3CVE-2002-0542 – OpenBSD 2.9/3.0 - Default Crontab Root Command Injection
https://notcve.org/view.php?id=CVE-2002-0542
03 Jul 2002 — mail in OpenBSD 2.9 and 3.0 processes a tilde (~) escape character in a message even when it is not in interactive mode, which could allow local users to gain root privileges via calls to mail in cron. • https://www.exploit-db.com/exploits/21373 •
CVSS: 5.3EPSS: 1%CPEs: 1EXPL: 1CVE-2002-0514
https://notcve.org/view.php?id=CVE-2002-0514
11 Jun 2002 — PF in OpenBSD 3.0 with the return-rst rule sets the TTL to 128 in the RST packet, which allows remote attackers to determine if a port is being filtered because the TTL is different than the default TTL. PF en OpenBSD 3.0 con la regla return-rst establece el TTL (Time to Live) a 128 en el paquete RST, lo que permite a atacantes remotos determinar si un puerto está siendo filtrado porque el TTL es diferente del de por defecto. • http://www.iss.net/security_center/static/8738.php • CWE-203: Observable Discrepancy •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2002-0557
https://notcve.org/view.php?id=CVE-2002-0557
11 Jun 2002 — Vulnerability in OpenBSD 3.0, when using YP with netgroups in the password database, causes (1) rexec or (2) rsh to run another user's shell, or (3) atrun to change to a different user's directory, possibly due to memory allocation failures or an incorrect call to auth_approval(). • http://www.iss.net/security_center/static/8625.php •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 3CVE-2001-1559 – OpenBSD 2.x/3.0 - User Mode Return Value Denial of Service
https://notcve.org/view.php?id=CVE-2001-1559
31 Dec 2001 — The uipc system calls (uipc_syscalls.c) in OpenBSD 2.9 and 3.0 provide user mode return instead of versus rval kernel mode values to the fdrelease function, which allows local users to cause a denial of service and trigger a null dereference. • https://www.exploit-db.com/exploits/21167 • CWE-476: NULL Pointer Dereference •