KAME-derived implementations of IPsec on NetBSD 1.5.2, FreeBSD 4.5, and other operating systems, does not properly consult the Security Policy Database (SPD), which could cause a Security Gateway (SG) that does not use Encapsulating Security Payload (ESP) to forward forged IPv4 packets.
Max CVSS
7.5
EPSS Score
0.45%
Published
2002-08-12
Updated
2008-09-05
Buffer overflow in talkd on NetBSD 1.6 and earlier, and possibly other operating systems, may allow remote attackers to execute arbitrary code via a long inbound message.
Max CVSS
7.5
EPSS Score
4.80%
Published
2002-10-28
Updated
2008-09-10
Format string vulnerability in startprinting() function of printjob.c in BSD-based lpr lpd package may allow local users to gain privileges via an improper syslog call that uses format strings from the checkremote() call.
Max CVSS
7.2
EPSS Score
0.06%
Published
2002-08-12
Updated
2016-10-18
Heap corruption vulnerability in the "at" program allows local users to execute arbitrary code via a malformed execution time, which causes at to free the same memory twice.
Max CVSS
7.2
EPSS Score
0.04%
Published
2002-02-27
Updated
2017-10-10
tip on multiple BSD-based operating systems allows local users to cause a denial of service (execution prevention) by using flock() to lock the /var/log/acculog file.
Max CVSS
5.5
EPSS Score
0.04%
Published
2002-12-31
Updated
2024-02-08
The TCP implementation in various BSD operating systems (tcp_input.c) does not properly block connections to broadcast addresses, which could allow remote attackers to bypass intended filters via packets with a unicast link layer address and an IP broadcast address.
Max CVSS
5.0
EPSS Score
0.16%
Published
2002-06-25
Updated
2008-09-05
IPSEC implementations including (1) FreeS/WAN and (2) KAME do not properly calculate the length of authentication data, which allows remote attackers to cause a denial of service (kernel panic) via spoofed, short Encapsulating Security Payload (ESP) packets, which result in integer signedness errors.
Max CVSS
5.0
EPSS Score
3.32%
Published
2002-11-04
Updated
2008-09-10
Sendmail Consortium's Restricted Shell (SMRSH) in Sendmail 8.12.6, 8.11.6-15, and possibly other versions after 8.11 from 5/19/1998, allows attackers to bypass the intended restrictions of smrsh by inserting additional commands after (1) "||" sequences or (2) "/" characters, which are not properly filtered or verified.
Max CVSS
4.6
EPSS Score
0.14%
Published
2002-10-11
Updated
2016-10-18
Multiple buffer overflows in rogue on NetBSD 1.6 and earlier, FreeBSD 4.6, and possibly other operating systems, allows local users to gain "games" group privileges via malformed entries in a game save file.
Max CVSS
4.6
EPSS Score
0.04%
Published
2002-10-28
Updated
2017-07-11
Race condition in exec in OpenBSD 4.0 and earlier, NetBSD 1.5.2 and earlier, and FreeBSD 4.4 and earlier allows local users to gain privileges by attaching a debugger to a process before the kernel has determined that the process is setuid or setgid.
Max CVSS
3.7
EPSS Score
0.04%
Published
2002-12-31
Updated
2017-12-19
10 vulnerabilities found
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!