Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by vendor Freebsd Subscribe
Filtered by product Freebsd
Total 497 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2016-1883 1 Freebsd 1 Freebsd 2017-02-17 7.2 HIGH 7.8 HIGH
The issetugid system call in the Linux compatibility layer in FreeBSD 9.3, 10.1, and 10.2 allows local users to gain privilege via unspecified vectors.
CVE-2016-1889 1 Freebsd 1 Freebsd 2017-02-16 7.2 HIGH 7.8 HIGH
Integer overflow in the bhyve hypervisor in FreeBSD 10.1, 10.2, 10.3, and 11.0 when configured with a large amount of guest memory, allows local users to gain privilege via a crafted device descriptor.
CVE-2009-1436 1 Freebsd 1 Freebsd 2016-11-28 4.9 MEDIUM N/A
The db interface in libc in FreeBSD 6.3, 6.4, 7.0, 7.1, and 7.2-PRERELEASE does not properly initialize memory for Berkeley DB 1.85 database structures, which allows local users to obtain sensitive information by reading a database file.
CVE-2003-0078 3 Freebsd, Openbsd, Openssl 3 Freebsd, Openbsd, Openssl 2016-10-17 5.0 MEDIUM N/A
ssl3_get_record in s3_pkt.c for OpenSSL before 0.9.7a and 0.9.6 before 0.9.6i does not perform a MAC computation if an incorrect block cipher padding is used, which causes an information leak (timing discrepancy) that may make it easier to launch cryptographic attacks that rely on distinguishing between padding and MAC verification errors, possibly leading to extraction of the original plaintext, aka the "Vaudenay timing attack."
CVE-2002-0973 1 Freebsd 1 Freebsd 2016-10-17 4.6 MEDIUM N/A
Integer signedness error in several system calls for FreeBSD 4.6.1 RELEASE-p10 and earlier may allow attackers to access sensitive kernel memory via large negative values to the (1) accept, (2) getsockname, and (3) getpeername system calls, and the (4) vesa FBIO_GETPALETTE ioctl.
CVE-2002-1125 1 Freebsd 1 Freebsd 2016-10-17 2.1 LOW N/A
FreeBSD port programs that use libkvm for FreeBSD 4.6.2-RELEASE and earlier, including (1) asmon, (2) ascpu, (3) bubblemon, (4) wmmon, and (5) wmnet2, leave open file descriptors for /dev/mem and /dev/kmem, which allows local users to read kernel memory.
CVE-2002-0829 1 Freebsd 1 Freebsd 2016-10-17 4.6 MEDIUM N/A
Integer overflow in the Berkeley Fast File System (FFS) in FreeBSD 4.6.1 RELEASE-p4 and earlier allows local users to access arbitrary file contents within FFS to gain privileges by creating a file that is larger than allowed by the virtual memory system.
CVE-2002-0820 1 Freebsd 1 Freebsd 2016-10-17 7.2 HIGH N/A
FreeBSD kernel 4.6 and earlier closes the file descriptors 0, 1, and 2 after they have already been assigned to /dev/null when the descriptors reference procfs or linprocfs, which could allow local users to reuse the file descriptors in a setuid or setgid program to modify critical data and gain privileges.
CVE-2002-0831 1 Freebsd 1 Freebsd 2016-10-17 2.1 LOW N/A
The kqueue mechanism in FreeBSD 4.3 through 4.6 STABLE allows local users to cause a denial of service (kernel panic) via a pipe call in which one end is terminated and an EVFILT_WRITE filter is registered for the other end.
CVE-2002-0701 2 Freebsd, Openbsd 2 Freebsd, Openbsd 2016-10-17 2.1 LOW N/A
ktrace in BSD-based operating systems allows the owner of a process with special privileges to trace the process after its privileges have been lowered, which may allow the owner to obtain sensitive information that the process obtained while it was running with the extra privileges.
CVE-2001-0424 2 Freebsd, Timecop 2 Freebsd, Bubblemon 2016-10-17 7.2 HIGH N/A
BubbleMon 1.31 does not properly drop group privileges before executing programs, which allows local users to execute arbitrary commands with the kmem group id.
CVE-1999-1517 1 Freebsd 1 Freebsd 2016-10-17 7.2 HIGH N/A
runtar in the Amanda backup system used in various UNIX operating systems executes tar with root privileges, which allows a user to overwrite or read arbitrary files by providing the target files to runtar.
CVE-1999-1385 1 Freebsd 1 Freebsd 2016-10-17 7.2 HIGH N/A
Buffer overflow in ppp program in FreeBSD 2.1 and earlier allows local users to gain privileges via a long HOME environment variable.
CVE-1999-1339 2 Freebsd, Linux 2 Freebsd, Linux Kernel 2016-10-17 5.0 MEDIUM N/A
Vulnerability when Network Address Translation (NAT) is enabled in Linux 2.2.10 and earlier with ipchains, or FreeBSD 3.2 with ipfw, allows remote attackers to cause a denial of service (kernel panic) via a ping -R (record route) command.
CVE-1999-1008 2 Freebsd, Mandrakesoft 2 Freebsd, Mandrake Linux 2016-10-17 7.2 HIGH N/A
xsoldier program allows local users to gain root access via a long argument.
CVE-1999-0781 3 Freebsd, Kde, Linux 3 Freebsd, Kde, Linux Kernel 2016-10-17 7.2 HIGH N/A
KDE allows local users to execute arbitrary commands by setting the KDEDIR environmental variable to modify the search path that KDE uses to locate its executables.
CVE-1999-0780 3 Freebsd, Kde, Linux 3 Freebsd, Kde, Linux Kernel 2016-10-17 4.6 MEDIUM N/A
KDE klock allows local users to kill arbitrary processes by specifying an arbitrary PID in the .kss.pid file.
CVE-1999-0782 3 Freebsd, Kde, Linux 3 Freebsd, Kde, Linux Kernel 2016-10-17 2.1 LOW N/A
KDE kppp allows local users to create a directory in an arbitrary location via the HOME environmental variable.
CVE-1999-0798 5 Bsdi, Freebsd, Openbsd and 2 more 7 Bsd Os, Freebsd, Openbsd and 4 more 2016-10-17 10.0 HIGH N/A
Buffer overflow in bootpd on OpenBSD, FreeBSD, and Linux systems via a malformed header type.
CVE-2016-1887 1 Freebsd 1 Freebsd 2016-05-26 7.2 HIGH 7.8 HIGH
Integer signedness error in the sockargs function in sys/kern/uipc_syscalls.c in FreeBSD 10.1 before p34, 10.2 before p17, and 10.3 before p3 allows local users to cause a denial of service (memory overwrite and kernel panic) or gain privileges via a negative buflen argument, which triggers a heap-based buffer overflow.