Total
497 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2004-1471 | 6 Cvs, Freebsd, Gentoo and 3 more | 6 Cvs, Freebsd, Linux and 3 more | 2017-07-10 | 7.1 HIGH | N/A |
Format string vulnerability in wrapper.c in CVS 1.12.x through 1.12.8, and 1.11.x through 1.11.16 allows remote attackers with CVSROOT commit access to cause a denial of service (application crash) and possibly execute arbitrary code via format string specifiers in a wrapper line. | |||||
CVE-2004-0919 | 1 Freebsd | 1 Freebsd | 2017-07-10 | 4.6 MEDIUM | N/A |
The syscons CONS_SCRSHOT ioctl in FreeBSD 5.x allows local users to read arbitrary kernel memory via (1) negative coordinates or (2) large coordinates. | |||||
CVE-2004-1066 | 1 Freebsd | 1 Freebsd | 2017-07-10 | 3.6 LOW | N/A |
The cmdline pseudofiles in (1) procfs on FreeBSD 4.8 through 5.3, and (2) linprocfs on FreeBSD 5.x through 5.3, do not properly validate a process argument vector, which allows local users to cause a denial of service (panic) or read portions of kernel memory. NOTE: this candidate might be SPLIT into 2 separate items in the future. | |||||
CVE-2004-0618 | 1 Freebsd | 1 Freebsd | 2017-07-10 | 2.1 LOW | N/A |
FreeBSD 5.1 for the Alpha processor allows local users to cause a denial of service (crash) via an execve system call with an unaligned memory address as an argument. | |||||
CVE-2004-0602 | 1 Freebsd | 1 Freebsd | 2017-07-10 | 2.1 LOW | N/A |
The binary compatibility mode for FreeBSD 4.x and 5.x does not properly handle certain Linux system calls, which could allow local users to access kernel memory to gain privileges or cause a system panic. | |||||
CVE-2004-0435 | 1 Freebsd | 1 Freebsd | 2017-07-10 | 3.6 LOW | N/A |
Certain "programming errors" in the msync system call for FreeBSD 5.2.1 and earlier, and 4.10 and earlier, do not properly handle the MS_INVALIDATE operation, which leads to cache consistency problems that allow a local user to prevent certain changes to files from being committed to disk. | |||||
CVE-2004-0370 | 1 Freebsd | 1 Freebsd | 2017-07-10 | 2.1 LOW | N/A |
The setsockopt call in the KAME Project IPv6 implementation, as used in FreeBSD 5.2, does not properly handle certain IPv6 socket options, which could allow attackers to read kernel memory and cause a system panic. | |||||
CVE-2002-1669 | 1 Freebsd | 1 Freebsd | 2017-07-10 | 2.1 LOW | N/A |
pkg_add in FreeBSD 4.2 through 4.4 creates a temporary directory with world-searchable permissions, which may allow local users to modify world-writable parts of the package during installation. | |||||
CVE-2003-1230 | 1 Freebsd | 1 Freebsd | 2017-07-10 | 6.4 MEDIUM | N/A |
The implementation of SYN cookies (syncookies) in FreeBSD 4.5 through 5.0-RELEASE-p3 uses only 32-bit internal keys when generating syncookies, which makes it easier for remote attackers to conduct brute force ISN guessing attacks and spoof legitimate traffic. | |||||
CVE-2003-0144 | 4 Bsd, Freebsd, Lprold and 1 more | 4 Lpr, Freebsd, Lprold and 1 more | 2017-07-10 | 7.2 HIGH | N/A |
Buffer overflow in the lprm command in the lprold lpr package on SuSE 7.1 through 7.3, OpenBSD 3.2 and earlier, and possibly other operating systems, allows local users to gain root privileges via long command line arguments such as (1) request ID or (2) user name. | |||||
CVE-2002-1674 | 1 Freebsd | 1 Freebsd | 2017-07-10 | 1.2 LOW | N/A |
procfs on FreeBSD before 4.5 allows local users to cause a denial of service (kernel panic) by removing a file that the fstatfs function refers to. | |||||
CVE-2002-1667 | 1 Freebsd | 1 Freebsd | 2017-07-10 | 2.1 LOW | N/A |
The virtual memory management system in FreeBSD 4.5-RELEASE and earlier does not properly check the existence of a VM object during page invalidation, which allows local users to cause a denial of service (crash) by calling msync on an unaccessed memory map created with MAP_ANON and MAP_NOSYNC flags. | |||||
CVE-2004-0125 | 1 Freebsd | 1 Freebsd | 2017-07-10 | 7.2 HIGH | N/A |
The jail system call in FreeBSD 4.x before 4.10-RELEASE does not verify that an attempt to manipulate routing tables originated from a non-jailed process, which could allow local users to modify the routing table. | |||||
CVE-2000-1066 | 1 Freebsd | 1 Freebsd | 2017-07-10 | 5.0 MEDIUM | N/A |
The getnameinfo function in FreeBSD 4.1.1 and earlier, and possibly other operating systems, allows a remote attacker to cause a denial of service via a long DNS hostname. | |||||
CVE-2016-1886 | 1 Freebsd | 1 Freebsd | 2017-04-19 | 7.2 HIGH | 7.8 HIGH |
Integer signedness error in the genkbd_commonioctl function in sys/dev/kbd/kbd.c in FreeBSD 9.3 before p42, 10.1 before p34, 10.2 before p17, and 10.3 before p3 allows local users to obtain sensitive information from kernel memory, cause a denial of service (memory overwrite and kernel crash), or gain privileges via a negative value in the flen structure member in the arg argument in a SETFKEY ioctl call, which triggers a "two way heap and stack overflow." | |||||
CVE-2017-0318 | 4 Freebsd, Microsoft, Nvidia and 1 more | 4 Freebsd, Windows, Gpu Driver and 1 more | 2017-02-23 | 4.9 MEDIUM | 5.5 MEDIUM |
All versions of NVIDIA Linux GPU Display Driver contain a vulnerability in the kernel mode layer handler where improper validation of an input parameter may cause a denial of service on the system. | |||||
CVE-2017-0321 | 5 Freebsd, Linux, Microsoft and 2 more | 5 Freebsd, Linux Kernel, Windows and 2 more | 2017-02-23 | 7.2 HIGH | 8.8 HIGH |
All versions of NVIDIA GPU Display Driver contain a vulnerability in the kernel mode layer handler where a NULL pointer dereference caused by invalid user input may lead to denial of service or potential escalation of privileges. | |||||
CVE-2017-0309 | 5 Freebsd, Linux, Microsoft and 2 more | 5 Freebsd, Linux Kernel, Windows and 2 more | 2017-02-23 | 7.2 HIGH | 8.8 HIGH |
All versions of NVIDIA GPU Display Driver contain a vulnerability in the kernel mode layer handler where multiple integer overflows may cause improper memory allocation leading to a denial of service or potential escalation of privileges. | |||||
CVE-2016-1888 | 1 Freebsd | 1 Freebsd | 2017-02-17 | 5.0 MEDIUM | 7.5 HIGH |
The telnetd service in FreeBSD 9.3, 10.1, 10.2, 10.3, and 11.0 allows remote attackers to inject arguments to login and bypass authentication via vectors involving a "sequence of memory allocation failures." | |||||
CVE-2016-1880 | 1 Freebsd | 1 Freebsd | 2017-02-17 | 7.2 HIGH | 7.8 HIGH |
The Linux compatibility layer in the kernel in FreeBSD 9.3, 10.1, and 10.2 allows local users to read portions of kernel memory and potentially gain privilege via unspecified vectors, related to "handling of Linux futex robust lists." |