CVSS: 7.1EPSS: 2%CPEs: 2049EXPL: 0CVE-2008-4609
https://notcve.org/view.php?id=CVE-2008-4609
The TCP implementation in (1) Linux, (2) platforms based on BSD Unix, (3) Microsoft Windows, (4) Cisco products, and probably other operating systems allows remote attackers to cause a denial of service (connection queue exhaustion) via multiple vectors that manipulate information in the TCP state table, as demonstrated by sockstress. La implementación del protocolo TCP en (1) Linux, (2) plataformas basadas en BSD Unix, (3) Microsoft Windows, (4) productos Cisco, y probablemente otros sistemas operativos, permite a atacantes remotos provocar una denegación de servicio (agotamiento de cola de conexión) a través de múltiples vectores que manipulan información en la tabla de estados del TCP, como lo demuestra sockstress. • http://blog.robertlee.name/2008/10/conjecture-speculation.html http://insecure.org/stf/tcp-dos-attack-explained.html http://lists.immunitysec.com/pipermail/dailydave/2008-October/005360.html http://marc.info/?l=bugtraq&m=125856010926699&w=2 http://searchsecurity.techtarget.com.au/articles/27154-TCP-is-fundamentally-borked http://www.cisco.com/en/US/products/products_security_advisory09186a0080af511d.shtml http://www.cisco.com/en/US/products/products_security_response09186a0080a15120.html http://www.cpni • CWE-16: Configuration •
CVSS: 5.0EPSS: 0%CPEs: 23EXPL: 0CVE-1999-0001
https://notcve.org/view.php?id=CVE-1999-0001
ip_input.c in BSD-derived TCP/IP implementations allows remote attackers to cause a denial of service (crash or hang) via crafted packets. ip_input.c en implementaciones de TCP/IP derivadas de BSD permiten a atacantes remotos causar una denegación de servicio (cuelgue o caída) mediante paquetes artesanales. • http://www.openbsd.org/errata23.html#tcpfix http://www.osvdb.org/5707 • CWE-20: Improper Input Validation •
CVSS: 10.0EPSS: 2%CPEs: 10EXPL: 2CVE-1999-0002 – RedHat Linux 5.1 / Caldera OpenLinux Standard 1.2 - Mountd
https://notcve.org/view.php?id=CVE-1999-0002
Buffer overflow in NFS mountd gives root access to remote attackers, mostly in Linux systems. • https://www.exploit-db.com/exploits/19096 ftp://patches.sgi.com/support/free/security/advisories/19981006-01-I http://www.ciac.org/ciac/bulletins/j-006.shtml http://www.securityfocus.com/bid/121 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 10.0EPSS: 9%CPEs: 76EXPL: 2CVE-1999-0009 – ISC BIND (Linux/BSD) - Remote Buffer Overflow
https://notcve.org/view.php?id=CVE-1999-0009
Inverse query buffer overflow in BIND 4.9 and BIND 8 Releases. • https://www.exploit-db.com/exploits/19111 https://www.exploit-db.com/exploits/19112 ftp://patches.sgi.com/support/free/security/advisories/19980603-01-PX http://sunsolve.sun.com/pub-cgi/retrieve.pl?doctype=coll&doc=secbull/180 http://www.securityfocus.com/bid/134 http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=HPSBUX9808-083 •
CVSS: 8.4EPSS: 0%CPEs: 45EXPL: 2CVE-1999-0038 – BSD/OS 2.1 / DG/UX 7.0 / Debian 1.3 / HP-UX 10.34 / IBM AIX 4.2 / SGI IRIX 6.4 / Solaris 2.5.1 - '/usr/bin/X11/xlock' Local Privilege Escalation
https://notcve.org/view.php?id=CVE-1999-0038
Buffer overflow in xlock program allows local users to execute commands as root. • https://www.exploit-db.com/exploits/19173 https://www.exploit-db.com/exploits/19172 https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-0038 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •