Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by vendor Freebsd Subscribe
Filtered by product Freebsd
Total 497 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2004-1471 6 Cvs, Freebsd, Gentoo and 3 more 6 Cvs, Freebsd, Linux and 3 more 2017-07-10 7.1 HIGH N/A
Format string vulnerability in wrapper.c in CVS 1.12.x through 1.12.8, and 1.11.x through 1.11.16 allows remote attackers with CVSROOT commit access to cause a denial of service (application crash) and possibly execute arbitrary code via format string specifiers in a wrapper line.
CVE-2004-0919 1 Freebsd 1 Freebsd 2017-07-10 4.6 MEDIUM N/A
The syscons CONS_SCRSHOT ioctl in FreeBSD 5.x allows local users to read arbitrary kernel memory via (1) negative coordinates or (2) large coordinates.
CVE-2004-1066 1 Freebsd 1 Freebsd 2017-07-10 3.6 LOW N/A
The cmdline pseudofiles in (1) procfs on FreeBSD 4.8 through 5.3, and (2) linprocfs on FreeBSD 5.x through 5.3, do not properly validate a process argument vector, which allows local users to cause a denial of service (panic) or read portions of kernel memory. NOTE: this candidate might be SPLIT into 2 separate items in the future.
CVE-2004-0618 1 Freebsd 1 Freebsd 2017-07-10 2.1 LOW N/A
FreeBSD 5.1 for the Alpha processor allows local users to cause a denial of service (crash) via an execve system call with an unaligned memory address as an argument.
CVE-2004-0602 1 Freebsd 1 Freebsd 2017-07-10 2.1 LOW N/A
The binary compatibility mode for FreeBSD 4.x and 5.x does not properly handle certain Linux system calls, which could allow local users to access kernel memory to gain privileges or cause a system panic.
CVE-2004-0435 1 Freebsd 1 Freebsd 2017-07-10 3.6 LOW N/A
Certain "programming errors" in the msync system call for FreeBSD 5.2.1 and earlier, and 4.10 and earlier, do not properly handle the MS_INVALIDATE operation, which leads to cache consistency problems that allow a local user to prevent certain changes to files from being committed to disk.
CVE-2004-0370 1 Freebsd 1 Freebsd 2017-07-10 2.1 LOW N/A
The setsockopt call in the KAME Project IPv6 implementation, as used in FreeBSD 5.2, does not properly handle certain IPv6 socket options, which could allow attackers to read kernel memory and cause a system panic.
CVE-2002-1669 1 Freebsd 1 Freebsd 2017-07-10 2.1 LOW N/A
pkg_add in FreeBSD 4.2 through 4.4 creates a temporary directory with world-searchable permissions, which may allow local users to modify world-writable parts of the package during installation.
CVE-2003-1230 1 Freebsd 1 Freebsd 2017-07-10 6.4 MEDIUM N/A
The implementation of SYN cookies (syncookies) in FreeBSD 4.5 through 5.0-RELEASE-p3 uses only 32-bit internal keys when generating syncookies, which makes it easier for remote attackers to conduct brute force ISN guessing attacks and spoof legitimate traffic.
CVE-2003-0144 4 Bsd, Freebsd, Lprold and 1 more 4 Lpr, Freebsd, Lprold and 1 more 2017-07-10 7.2 HIGH N/A
Buffer overflow in the lprm command in the lprold lpr package on SuSE 7.1 through 7.3, OpenBSD 3.2 and earlier, and possibly other operating systems, allows local users to gain root privileges via long command line arguments such as (1) request ID or (2) user name.
CVE-2002-1674 1 Freebsd 1 Freebsd 2017-07-10 1.2 LOW N/A
procfs on FreeBSD before 4.5 allows local users to cause a denial of service (kernel panic) by removing a file that the fstatfs function refers to.
CVE-2002-1667 1 Freebsd 1 Freebsd 2017-07-10 2.1 LOW N/A
The virtual memory management system in FreeBSD 4.5-RELEASE and earlier does not properly check the existence of a VM object during page invalidation, which allows local users to cause a denial of service (crash) by calling msync on an unaccessed memory map created with MAP_ANON and MAP_NOSYNC flags.
CVE-2004-0125 1 Freebsd 1 Freebsd 2017-07-10 7.2 HIGH N/A
The jail system call in FreeBSD 4.x before 4.10-RELEASE does not verify that an attempt to manipulate routing tables originated from a non-jailed process, which could allow local users to modify the routing table.
CVE-2000-1066 1 Freebsd 1 Freebsd 2017-07-10 5.0 MEDIUM N/A
The getnameinfo function in FreeBSD 4.1.1 and earlier, and possibly other operating systems, allows a remote attacker to cause a denial of service via a long DNS hostname.
CVE-2016-1886 1 Freebsd 1 Freebsd 2017-04-19 7.2 HIGH 7.8 HIGH
Integer signedness error in the genkbd_commonioctl function in sys/dev/kbd/kbd.c in FreeBSD 9.3 before p42, 10.1 before p34, 10.2 before p17, and 10.3 before p3 allows local users to obtain sensitive information from kernel memory, cause a denial of service (memory overwrite and kernel crash), or gain privileges via a negative value in the flen structure member in the arg argument in a SETFKEY ioctl call, which triggers a "two way heap and stack overflow."
CVE-2017-0318 4 Freebsd, Microsoft, Nvidia and 1 more 4 Freebsd, Windows, Gpu Driver and 1 more 2017-02-23 4.9 MEDIUM 5.5 MEDIUM
All versions of NVIDIA Linux GPU Display Driver contain a vulnerability in the kernel mode layer handler where improper validation of an input parameter may cause a denial of service on the system.
CVE-2017-0321 5 Freebsd, Linux, Microsoft and 2 more 5 Freebsd, Linux Kernel, Windows and 2 more 2017-02-23 7.2 HIGH 8.8 HIGH
All versions of NVIDIA GPU Display Driver contain a vulnerability in the kernel mode layer handler where a NULL pointer dereference caused by invalid user input may lead to denial of service or potential escalation of privileges.
CVE-2017-0309 5 Freebsd, Linux, Microsoft and 2 more 5 Freebsd, Linux Kernel, Windows and 2 more 2017-02-23 7.2 HIGH 8.8 HIGH
All versions of NVIDIA GPU Display Driver contain a vulnerability in the kernel mode layer handler where multiple integer overflows may cause improper memory allocation leading to a denial of service or potential escalation of privileges.
CVE-2016-1888 1 Freebsd 1 Freebsd 2017-02-17 5.0 MEDIUM 7.5 HIGH
The telnetd service in FreeBSD 9.3, 10.1, 10.2, 10.3, and 11.0 allows remote attackers to inject arguments to login and bypass authentication via vectors involving a "sequence of memory allocation failures."
CVE-2016-1880 1 Freebsd 1 Freebsd 2017-02-17 7.2 HIGH 7.8 HIGH
The Linux compatibility layer in the kernel in FreeBSD 9.3, 10.1, and 10.2 allows local users to read portions of kernel memory and potentially gain privilege via unspecified vectors, related to "handling of Linux futex robust lists."