CVSS: 7.5EPSS: 1%CPEs: 2EXPL: 0CVE-2006-0433 – FreeBSD-SA-06-08.sack.txt
https://notcve.org/view.php?id=CVE-2006-0433
02 Feb 2006 — Selective Acknowledgement (SACK) in FreeBSD 5.3 and 5.4 does not properly handle an incoming selective acknowledgement when there is insufficient memory, which might allow remote attackers to cause a denial of service (infinite loop). SACK (Selective Acknowledgment) is an extension to the TCP/IP protocol that allows hosts to acknowledge the receipt of some, but not all, of the packets sent, thereby reducing the cost of retransmissions. When insufficient memory is available to handle an incoming selective ac... • ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-06:08.sack.asc •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2006-0380
https://notcve.org/view.php?id=CVE-2006-0380
25 Jan 2006 — A logic error in FreeBSD kernel 5.4-STABLE and 6.0 causes the kernel to calculate an incorrect buffer length, which causes more data to be copied to userland than intended, which could allow local users to read portions of kernel memory. • ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-06:06.kmem.asc •
CVSS: 7.5EPSS: 5%CPEs: 9EXPL: 0CVE-2006-0381
https://notcve.org/view.php?id=CVE-2006-0381
25 Jan 2006 — A logic error in the IP fragment cache functionality in pf in FreeBSD 5.3, 5.4, and 6.0, and OpenBSD, when a 'scrub fragment crop' or 'scrub fragment drop-ovl' rule is being used, allows remote attackers to cause a denial of service (crash) via crafted packets that cause a packet fragment to be inserted twice. • ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-06:07.pf.asc •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2006-0379
https://notcve.org/view.php?id=CVE-2006-0379
25 Jan 2006 — FreeBSD kernel 5.4-STABLE and 6.0 does not completely initialize a buffer before making it available to userland, which could allow local users to read portions of kernel memory. • ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-06:06.kmem.asc •
CVSS: 10.0EPSS: 17%CPEs: 2EXPL: 0CVE-2006-0226
https://notcve.org/view.php?id=CVE-2006-0226
19 Jan 2006 — Integer overflow in IEEE 802.11 network subsystem (ieee80211_ioctl.c) in FreeBSD before 6.0-STABLE, while scanning for wireless networks, allows remote attackers to execute arbitrary code by broadcasting crafted (1) beacon or (2) probe response frames. • ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-06:05.80211.asc •
CVSS: 5.3EPSS: 3%CPEs: 1EXPL: 0CVE-2006-0054 – FreeBSD-SA-06-04.ipfw.txt
https://notcve.org/view.php?id=CVE-2006-0054
11 Jan 2006 — The ipfw firewall in FreeBSD 6.0-RELEASE allows remote attackers to cause a denial of service (firewall crash) via ICMP IP fragments that match a reset, reject or unreach action, which leads to an access of an uninitialized pointer. ipfw maintains a pointer to layer 4 header information in the event that it needs to send a TCP reset or ICMP error message to discard packets. Due to incorrect handling of IP fragments, this pointer fails to get initialized. • ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-06:04.ipfw.asc • CWE-824: Access of Uninitialized Pointer •
CVSS: 5.5EPSS: 0%CPEs: 28EXPL: 0CVE-2006-0055 – FreeBSD-SA-06-02.ee.txt
https://notcve.org/view.php?id=CVE-2006-0055
11 Jan 2006 — The ispell_op function in ee on FreeBSD 4.10 to 6.0 uses predictable filenames and does not confirm which file is being written, which allows local users to overwrite arbitrary files via a symlink attack when ee invokes ispell. The ispell_op function used by ee(1) while executing spell check operations employs an insecure method of temporary file generation. This method produces predictable file names based on the process ID and fails to confirm which path will be over written with the user. • ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-06:02.ee.asc •
CVSS: 7.5EPSS: 0%CPEs: 5EXPL: 3CVE-2005-4351
https://notcve.org/view.php?id=CVE-2005-4351
31 Dec 2005 — The securelevels implementation in FreeBSD 7.0 and earlier, OpenBSD up to 3.8, DragonFly up to 1.2, and Linux up to 2.6.15 allows root users to bypass immutable settings for files by mounting another filesystem that masks the immutable files while the system is running. • https://packetstorm.news/files/id/42925 •
CVSS: 9.1EPSS: 0%CPEs: 2EXPL: 0CVE-2005-2359 – FreeBSD-SA-05-19.ipsec.txt
https://notcve.org/view.php?id=CVE-2005-2359
28 Jul 2005 — The AES-XCBC-MAC algorithm in IPsec in FreeBSD 5.3 and 5.4, when used for authentication without other encryption, uses a constant key instead of the one that was assigned by the system administrator, which can allow remote attackers to spoof packets to establish an IPsec session. El algoritmo AES-XCBC-MACen IPsec en FreeBSD 5.3 y 5.4, cuando se usa para autentificación sin otra encriptación, usa una clave constante (en vez de la que asigne el administrador del sistema). Esto puede permitir que atacantes re... • ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-05:19.ipsec.asc •
CVSS: 7.2EPSS: 0%CPEs: 21EXPL: 0CVE-2005-2218 – FreeBSD-SA-05-17.devfs.txt
https://notcve.org/view.php?id=CVE-2005-2218
21 Jul 2005 — The device file system (devfs) in FreeBSD 5.x does not properly check parameters of the node type when creating a device node, which makes hidden devices available to attackers, who can then bypass restrictions on a jailed process. El sistema de ficheros de dispositivos en FreeBSD 5.x no comprueba adecuadamente los parámetros del tipo de nodo cuando crea un nodo de dispositivo, lo que hace que dispositivos ocultos estén disponibles a tacantes (quienes pueden por tanto sortear restricciones en ciertos proces... • ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-05:17.devfs.asc •