CVSS: 7.2EPSS: 0%CPEs: 22EXPL: 3CVE-2003-0144 – BSD 'lpr' 2000.05.07/0.48/0.72 / lpr-ppd 0.72 - Local Buffer Overflow
https://notcve.org/view.php?id=CVE-2003-0144
Buffer overflow in the lprm command in the lprold lpr package on SuSE 7.1 through 7.3, OpenBSD 3.2 and earlier, and possibly other operating systems, allows local users to gain root privileges via long command line arguments such as (1) request ID or (2) user name. • https://www.exploit-db.com/exploits/22331 https://www.exploit-db.com/exploits/22332 ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.2/common/010_lprm.patch ftp://patches.sgi.com/support/free/security/advisories/20030406-02-P http://marc.info/?l=bugtraq&m=104690434504429&w=2 http://marc.info/?l=bugtraq&m=104714441925019&w=2 http://secunia.com/advisories/8293 http://www.debian.org/security/2003/dsa-267 http://www.debian.org/security/2003/dsa-275 http://www& •
CVSS: 5.0EPSS: 2%CPEs: 18EXPL: 1CVE-2003-0078 – OpenSSL 0.9.x - CBC Error Information Leakage
https://notcve.org/view.php?id=CVE-2003-0078
ssl3_get_record in s3_pkt.c for OpenSSL before 0.9.7a and 0.9.6 before 0.9.6i does not perform a MAC computation if an incorrect block cipher padding is used, which causes an information leak (timing discrepancy) that may make it easier to launch cryptographic attacks that rely on distinguishing between padding and MAC verification errors, possibly leading to extraction of the original plaintext, aka the "Vaudenay timing attack." ssl3_get_record en s3_ptk.c de OpenSSL anteriores a 0.9.7a y 0.9.6 anteriores a 0.9.6i no realiza un cálculo MAC si un relleno de bloque de cifra incorrecto es usado, lo que causa una fuga de información (discrepancia en temporización) que puede hacer más fácil lanzar ataques criptográficos que dependan de distinguir entren errores de relleno o de verificación de MAC, posiblemente conducentes a la extracción del texto plano original, también conocida como "Ataque de temporización de Vaudenay". • https://www.exploit-db.com/exploits/22264 ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2003-001.txt.asc ftp://patches.sgi.com/support/free/security/advisories/20030501-01-I http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000570 http://marc.info/?l=bugtraq&m=104567627211904&w=2 http://marc.info/?l=bugtraq&m=104568426824439&w=2 http://marc.info/?l=bugtraq&m=104577183206905&w=2 http://www.ciac.org/ciac/bulletins/n-051.shtml http://www& • CWE-203: Observable Discrepancy •
CVSS: 2.1EPSS: 0%CPEs: 4EXPL: 0CVE-2002-2280
https://notcve.org/view.php?id=CVE-2002-2280
syslogd on OpenBSD 2.9 through 3.2 does not change the source IP address of syslog packets when the machine's IP addressed is changed without rebooting, e.g. via ifconfig, which can cause incorrect information to be sent to the syslog server. • http://archives.neohapsis.com/archives/bugtraq/2002-11/0272.html http://www.securityfocus.com/bid/6219 https://exchange.xforce.ibmcloud.com/vulnerabilities/10702 • CWE-16: Configuration •
CVSS: 3.7EPSS: 0%CPEs: 52EXPL: 0CVE-2002-2092
https://notcve.org/view.php?id=CVE-2002-2092
Race condition in exec in OpenBSD 4.0 and earlier, NetBSD 1.5.2 and earlier, and FreeBSD 4.4 and earlier allows local users to gain privileges by attaching a debugger to a process before the kernel has determined that the process is setuid or setgid. • ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:08.exec.asc ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2002-001.txt.asc http://www.osvdb.org/19475 http://www.securityfocus.com/bid/3891 https://exchange.xforce.ibmcloud.com/vulnerabilities/7945 •
CVSS: 5.0EPSS: 12%CPEs: 11EXPL: 1CVE-2002-1220 – ISC BIND 8.3.x - OPT Record Large UDP Denial of Service
https://notcve.org/view.php?id=CVE-2002-1220
BIND 8.3.x through 8.3.3 allows remote attackers to cause a denial of service (termination due to assertion failure) via a request for a subdomain that does not exist, with an OPT resource record with a large UDP payload size. BIND 8.3.x a 8.3.3 permite a atacantes remotos causar una denegación de servicio (terminación debido a fallo en aseveración) mediante una petición para un subdominio que no existe, con un registro de recurso OPT con una carga UDP grande. • https://www.exploit-db.com/exploits/22011 http://bvlive01.iss.net/issEn/delivery/xforce/alertdetail.jsp?oid=21469 http://lists.apple.com/archives/Security-announce/2002/Nov/msg00000.html http://marc.info/?l=bugtraq&m=103713117612842&w=2 http://marc.info/?l=bugtraq&m=103763574715133&w=2 http://online.securityfocus.com/advisories/4999 http://online.securityfocus.com/archive/1/300019 http://www.cert.org/advisories/CA-2002-31.html http://www.ciac.org/ciac/bulletins/n-013. •