Page 8 of 40 results (0.006 seconds)

CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 3

The uipc system calls (uipc_syscalls.c) in OpenBSD 2.9 and 3.0 provide user mode return instead of versus rval kernel mode values to the fdrelease function, which allows local users to cause a denial of service and trigger a null dereference. • https://www.exploit-db.com/exploits/21167 http://archives.neohapsis.com/archives/bugtraq/2001-12/0014.html http://monkey.org/openbsd/archive/tech/0112/msg00015.html http://www.iss.net/security_center/static/7690.php • CWE-476: NULL Pointer Dereference •

CVSS: 4.6EPSS: 0%CPEs: 2EXPL: 0

vi.recover in OpenBSD before 3.1 allows local users to remove arbitrary zero-byte files such as device nodes. • ftp://ftp.openbsd.org/pub/OpenBSD/patches/2.9/common/016_recover.patch http://www.kb.cert.org/vuls/id/191675 https://exchange.xforce.ibmcloud.com/vulnerabilities/10149 •

CVSS: 6.2EPSS: 0%CPEs: 4EXPL: 0

fts routines in FreeBSD 4.3 and earlier, NetBSD before 1.5.2, and OpenBSD 2.9 and earlier can be forced to change (chdir) into a different directory than intended when the directory above the current directory is moved, which could cause scripts to perform dangerous actions on the wrong directories. • ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-01:40.fts.v1.1.asc http://archives.neohapsis.com/archives/netbsd/2001-q3/0204.html http://www.iss.net/security_center/static/8715.php http://www.openbsd.org/errata28.html http://www.osvdb.org/5466 http://www.securityfocus.com/bid/3205 •

CVSS: 5.0EPSS: 1%CPEs: 29EXPL: 2

Multiple TCP implementations could allow remote attackers to cause a denial of service (bandwidth and CPU exhaustion) by setting the maximum segment size (MSS) to a very small number and requesting large amounts of data, which generates more packets with less TCP-level data that amplify network traffic and consume more server CPU to process. • https://www.exploit-db.com/exploits/20997 http://www.securityfocus.com/archive/1/195457 http://www.securityfocus.com/bid/2997 https://exchange.xforce.ibmcloud.com/vulnerabilities/6824 •

CVSS: 1.2EPSS: 0%CPEs: 4EXPL: 0

Race condition in OpenBSD VFS allows local users to cause a denial of service (kernel panic) by (1) creating a pipe in one thread and causing another thread to set one of the file descriptors to NULL via a close, or (2) calling dup2 on a file descriptor in one process, then setting the descriptor to NULL via a close in another process that is created via rfork. • http://seclists.org/bugtraq/2001/Jun/0020.html http://www.securityfocus.com/bid/2817 http://www.securityfocus.com/bid/2818 https://exchange.xforce.ibmcloud.com/vulnerabilities/6660 https://exchange.xforce.ibmcloud.com/vulnerabilities/6661 •