Filtered by vendor Freebsd
Subscribe
Total
514 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2006-0226 | 1 Freebsd | 1 Freebsd | 2017-07-19 | 10.0 HIGH | N/A |
| Integer overflow in IEEE 802.11 network subsystem (ieee80211_ioctl.c) in FreeBSD before 6.0-STABLE, while scanning for wireless networks, allows remote attackers to execute arbitrary code by broadcasting crafted (1) beacon or (2) probe response frames. | |||||
| CVE-2003-1289 | 2 Freebsd, Netbsd | 2 Freebsd, Netbsd | 2017-07-19 | 2.1 LOW | N/A |
| The iBCS2 system call translator for statfs in NetBSD 1.5 through 1.5.3 and FreeBSD 4 up to 4.8-RELEASE-p2 and 5 up to 5.1-RELEASE-p1 allows local users to read portions of kernel memory (memory disclosure) via a large length parameter, which copies additional kernel memory into userland memory. | |||||
| CVE-2005-4351 | 4 Dragonfly, Freebsd, Linux and 1 more | 4 Dragonfly, Freebsd, Linux Kernel and 1 more | 2017-07-19 | 4.3 MEDIUM | N/A |
| The securelevels implementation in FreeBSD 7.0 and earlier, OpenBSD up to 3.8, DragonFly up to 1.2, and Linux up to 2.6.15 allows root users to bypass immutable settings for files by mounting another filesystem that masks the immutable files while the system is running. | |||||
| CVE-2006-0054 | 1 Freebsd | 1 Freebsd | 2017-07-19 | 5.0 MEDIUM | N/A |
| The ipfw firewall in FreeBSD 6.0-RELEASE allows remote attackers to cause a denial of service (firewall crash) via ICMP IP fragments that match a reset, reject or unreach action, which leads to an access of an uninitialized pointer. | |||||
| CVE-2006-0055 | 1 Freebsd | 1 Freebsd | 2017-07-19 | 2.1 LOW | N/A |
| The ispell_op function in ee on FreeBSD 4.10 to 6.0 uses predictable filenames and does not confirm which file is being written, which allows local users to overwrite arbitrary files via a symlink attack when ee invokes ispell. | |||||
| CVE-2006-0379 | 1 Freebsd | 1 Freebsd | 2017-07-19 | 2.1 LOW | N/A |
| FreeBSD kernel 5.4-STABLE and 6.0 does not completely initialize a buffer before making it available to userland, which could allow local users to read portions of kernel memory. | |||||
| CVE-2006-0380 | 1 Freebsd | 1 Freebsd | 2017-07-19 | 2.1 LOW | N/A |
| A logic error in FreeBSD kernel 5.4-STABLE and 6.0 causes the kernel to calculate an incorrect buffer length, which causes more data to be copied to userland than intended, which could allow local users to read portions of kernel memory. | |||||
| CVE-2006-0381 | 1 Freebsd | 1 Freebsd | 2017-07-19 | 5.0 MEDIUM | N/A |
| A logic error in the IP fragment cache functionality in pf in FreeBSD 5.3, 5.4, and 6.0, and OpenBSD, when a 'scrub fragment crop' or 'scrub fragment drop-ovl' rule is being used, allows remote attackers to cause a denial of service (crash) via crafted packets that cause a packet fragment to be inserted twice. | |||||
| CVE-2006-0433 | 1 Freebsd | 1 Freebsd | 2017-07-19 | 5.0 MEDIUM | N/A |
| Selective Acknowledgement (SACK) in FreeBSD 5.3 and 5.4 does not properly handle an incoming selective acknowledgement when there is insufficient memory, which might allow remote attackers to cause a denial of service (infinite loop). | |||||
| CVE-2005-2218 | 1 Freebsd | 1 Freebsd | 2017-07-10 | 7.2 HIGH | N/A |
| The device file system (devfs) in FreeBSD 5.x does not properly check parameters of the node type when creating a device node, which makes hidden devices available to attackers, who can then bypass restrictions on a jailed process. | |||||
| CVE-2005-1126 | 1 Freebsd | 1 Freebsd | 2017-07-10 | 2.1 LOW | N/A |
| The SIOCGIFCONF ioctl (ifconf function) in FreeBSD 4.x through 4.11 and 5.x through 5.4 does not properly clear a buffer before using it, which allows local users to obtain portions of sensitive kernel memory. | |||||
| CVE-2005-2359 | 1 Freebsd | 1 Freebsd | 2017-07-10 | 5.0 MEDIUM | N/A |
| The AES-XCBC-MAC algorithm in IPsec in FreeBSD 5.3 and 5.4, when used for authentication without other encryption, uses a constant key instead of the one that was assigned by the system administrator, which can allow remote attackers to spoof packets to establish an IPsec session. | |||||
| CVE-2004-1471 | 6 Cvs, Freebsd, Gentoo and 3 more | 6 Cvs, Freebsd, Linux and 3 more | 2017-07-10 | 7.1 HIGH | N/A |
| Format string vulnerability in wrapper.c in CVS 1.12.x through 1.12.8, and 1.11.x through 1.11.16 allows remote attackers with CVSROOT commit access to cause a denial of service (application crash) and possibly execute arbitrary code via format string specifiers in a wrapper line. | |||||
| CVE-2004-0618 | 1 Freebsd | 1 Freebsd | 2017-07-10 | 2.1 LOW | N/A |
| FreeBSD 5.1 for the Alpha processor allows local users to cause a denial of service (crash) via an execve system call with an unaligned memory address as an argument. | |||||
| CVE-2004-1053 | 1 Freebsd | 1 Fetch | 2017-07-10 | 10.0 HIGH | N/A |
| Integer overflow in fetch on FreeBSD 4.1 through 5.3 allows remote malicious servers to execute arbitrary code via certain HTTP headers in an HTTP response, which lead to a buffer overflow. | |||||
| CVE-2004-0919 | 1 Freebsd | 1 Freebsd | 2017-07-10 | 4.6 MEDIUM | N/A |
| The syscons CONS_SCRSHOT ioctl in FreeBSD 5.x allows local users to read arbitrary kernel memory via (1) negative coordinates or (2) large coordinates. | |||||
| CVE-2004-0370 | 1 Freebsd | 1 Freebsd | 2017-07-10 | 2.1 LOW | N/A |
| The setsockopt call in the KAME Project IPv6 implementation, as used in FreeBSD 5.2, does not properly handle certain IPv6 socket options, which could allow attackers to read kernel memory and cause a system panic. | |||||
| CVE-2004-0435 | 1 Freebsd | 1 Freebsd | 2017-07-10 | 3.6 LOW | N/A |
| Certain "programming errors" in the msync system call for FreeBSD 5.2.1 and earlier, and 4.10 and earlier, do not properly handle the MS_INVALIDATE operation, which leads to cache consistency problems that allow a local user to prevent certain changes to files from being committed to disk. | |||||
| CVE-2004-1066 | 1 Freebsd | 1 Freebsd | 2017-07-10 | 3.6 LOW | N/A |
| The cmdline pseudofiles in (1) procfs on FreeBSD 4.8 through 5.3, and (2) linprocfs on FreeBSD 5.x through 5.3, do not properly validate a process argument vector, which allows local users to cause a denial of service (panic) or read portions of kernel memory. NOTE: this candidate might be SPLIT into 2 separate items in the future. | |||||
| CVE-2004-0602 | 1 Freebsd | 1 Freebsd | 2017-07-10 | 2.1 LOW | N/A |
| The binary compatibility mode for FreeBSD 4.x and 5.x does not properly handle certain Linux system calls, which could allow local users to access kernel memory to gain privileges or cause a system panic. | |||||