Filtered by vendor Freebsd
Subscribe
Total
514 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2002-0829 | 1 Freebsd | 1 Freebsd | 2016-10-17 | 4.6 MEDIUM | N/A |
Integer overflow in the Berkeley Fast File System (FFS) in FreeBSD 4.6.1 RELEASE-p4 and earlier allows local users to access arbitrary file contents within FFS to gain privileges by creating a file that is larger than allowed by the virtual memory system. | |||||
CVE-2002-0820 | 1 Freebsd | 1 Freebsd | 2016-10-17 | 7.2 HIGH | N/A |
FreeBSD kernel 4.6 and earlier closes the file descriptors 0, 1, and 2 after they have already been assigned to /dev/null when the descriptors reference procfs or linprocfs, which could allow local users to reuse the file descriptors in a setuid or setgid program to modify critical data and gain privileges. | |||||
CVE-2002-0701 | 2 Freebsd, Openbsd | 2 Freebsd, Openbsd | 2016-10-17 | 2.1 LOW | N/A |
ktrace in BSD-based operating systems allows the owner of a process with special privileges to trace the process after its privileges have been lowered, which may allow the owner to obtain sensitive information that the process obtained while it was running with the extra privileges. | |||||
CVE-2001-0424 | 2 Freebsd, Timecop | 2 Freebsd, Bubblemon | 2016-10-17 | 7.2 HIGH | N/A |
BubbleMon 1.31 does not properly drop group privileges before executing programs, which allows local users to execute arbitrary commands with the kmem group id. | |||||
CVE-1999-1517 | 1 Freebsd | 1 Freebsd | 2016-10-17 | 7.2 HIGH | N/A |
runtar in the Amanda backup system used in various UNIX operating systems executes tar with root privileges, which allows a user to overwrite or read arbitrary files by providing the target files to runtar. | |||||
CVE-1999-1385 | 1 Freebsd | 1 Freebsd | 2016-10-17 | 7.2 HIGH | N/A |
Buffer overflow in ppp program in FreeBSD 2.1 and earlier allows local users to gain privileges via a long HOME environment variable. | |||||
CVE-1999-1339 | 2 Freebsd, Linux | 2 Freebsd, Linux Kernel | 2016-10-17 | 5.0 MEDIUM | N/A |
Vulnerability when Network Address Translation (NAT) is enabled in Linux 2.2.10 and earlier with ipchains, or FreeBSD 3.2 with ipfw, allows remote attackers to cause a denial of service (kernel panic) via a ping -R (record route) command. | |||||
CVE-1999-1008 | 2 Freebsd, Mandrakesoft | 2 Freebsd, Mandrake Linux | 2016-10-17 | 7.2 HIGH | N/A |
xsoldier program allows local users to gain root access via a long argument. | |||||
CVE-1999-0781 | 3 Freebsd, Kde, Linux | 3 Freebsd, Kde, Linux Kernel | 2016-10-17 | 7.2 HIGH | N/A |
KDE allows local users to execute arbitrary commands by setting the KDEDIR environmental variable to modify the search path that KDE uses to locate its executables. | |||||
CVE-1999-0780 | 3 Freebsd, Kde, Linux | 3 Freebsd, Kde, Linux Kernel | 2016-10-17 | 4.6 MEDIUM | N/A |
KDE klock allows local users to kill arbitrary processes by specifying an arbitrary PID in the .kss.pid file. | |||||
CVE-1999-0798 | 5 Bsdi, Freebsd, Openbsd and 2 more | 7 Bsd Os, Freebsd, Openbsd and 4 more | 2016-10-17 | 10.0 HIGH | N/A |
Buffer overflow in bootpd on OpenBSD, FreeBSD, and Linux systems via a malformed header type. | |||||
CVE-1999-0782 | 3 Freebsd, Kde, Linux | 3 Freebsd, Kde, Linux Kernel | 2016-10-17 | 2.1 LOW | N/A |
KDE kppp allows local users to create a directory in an arbitrary location via the HOME environmental variable. | |||||
CVE-2016-1887 | 1 Freebsd | 1 Freebsd | 2016-05-26 | 7.2 HIGH | 7.8 HIGH |
Integer signedness error in the sockargs function in sys/kern/uipc_syscalls.c in FreeBSD 10.1 before p34, 10.2 before p17, and 10.3 before p3 allows local users to cause a denial of service (memory overwrite and kernel panic) or gain privileges via a negative buflen argument, which triggers a heap-based buffer overflow. | |||||
CVE-2014-8611 | 2 Apple, Freebsd | 3 Iphone Os, Mac Os X, Freebsd | 2016-04-06 | 6.9 MEDIUM | N/A |
The __sflush function in fflush.c in stdio in libc in FreeBSD 10.1 and the kernel in Apple iOS before 9 mishandles failures of the write system call, which allows context-dependent attackers to execute arbitrary code or cause a denial of service (heap-based buffer overflow) via a crafted application. | |||||
CVE-2016-1882 | 1 Freebsd | 1 Freebsd | 2016-03-01 | 7.8 HIGH | 7.5 HIGH |
FreeBSD 9.3 before p33, 10.1 before p26, and 10.2 before p9 allow remote attackers to cause a denial of service (kernel crash) via vectors related to creating a TCP connection with the TCP_MD5SIG and TCP_NOOPT socket options. | |||||
CVE-2014-8613 | 1 Freebsd | 1 Freebsd | 2015-02-03 | 7.8 HIGH | N/A |
The sctp module in FreeBSD 10.1 before p5, 10.0 before p17, 9.3 before p9, and 8.4 before p23 allows remote attackers to cause a denial of service (NULL pointer dereference and kernel panic) via a crafted RE_CONFIG chunk. | |||||
CVE-2014-7250 | 4 Bsd, Freebsd, Netbsd and 1 more | 4 Bsd, Freebsd, Netbsd and 1 more | 2014-12-12 | 5.0 MEDIUM | N/A |
The TCP stack in 4.3BSD Net/2, as used in FreeBSD 5.4, NetBSD possibly 2.0, and OpenBSD possibly 3.6, does not properly implement the session timer, which allows remote attackers to cause a denial of service (resource consumption) via crafted packets. | |||||
CVE-2014-3953 | 1 Freebsd | 1 Freebsd | 2014-11-18 | 4.9 MEDIUM | N/A |
FreeBSD 8.4 before p14, 9.1 before p17, 9.2 before p10, and 10.0 before p7 does not properly initialize certain data structures, which allows local users to obtain sensitive information from kernel memory via a (1) SCTP_SNDRCV, (2) SCTP_EXTRCV, or (3) SCTP_RCVINFO SCTP cmsg or a (4) SCTP_PEER_ADDR_CHANGE, (5) SCTP_REMOTE_ERROR, or (6) SCTP_AUTHENTICATION_EVENT notification. | |||||
CVE-2014-8476 | 1 Freebsd | 1 Freebsd | 2014-11-14 | 2.1 LOW | N/A |
The setlogin function in FreeBSD 8.4 through 10.1-RC4 does not initialize the buffer used to store the login name, which allows local users to obtain sensitive information from kernel memory via a call to getlogin, which returns the entire buffer. | |||||
CVE-2014-5384 | 2 Freebsd, Netbsd | 2 Freebsd, Netbsd | 2014-08-21 | 5.0 MEDIUM | N/A |
The VIQR module in the iconv implementation in FreeBSD 10.0 before p6 and NetBSD allows context-dependent attackers to cause a denial of service (out-of-bounds array access) via a crafted argument to the iconv_open function. NOTE: this issue was SPLIT from CVE-2014-3951 per ADT2 due to different vulnerability types. |