Total
497 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-1999-0130 | 7 Bsdi, Caldera, Eric Allman and 4 more | 7 Bsd Os, Network Desktop, Sendmail and 4 more | 2008-09-09 | 7.2 HIGH | N/A |
Local users can start Sendmail in daemon mode and gain root privileges. | |||||
CVE-1999-0131 | 8 Bsdi, Digital, Eric Allman and 5 more | 9 Bsd Os, Osf 1, Sendmail and 6 more | 2008-09-09 | 7.2 HIGH | N/A |
Buffer overflow and denial of service in Sendmail 8.7.5 and earlier through GECOS field gives root access to local users. | |||||
CVE-1999-0057 | 5 Eric Allman, Freebsd, Hp and 2 more | 7 Vacation, Freebsd, Hp-ux and 4 more | 2008-09-09 | 7.5 HIGH | N/A |
Vacation program allows command execution by remote users through a sendmail command. | |||||
CVE-2008-0777 | 1 Freebsd | 1 Freebsd | 2008-09-05 | 4.9 MEDIUM | N/A |
The sendfile system call in FreeBSD 5.5 through 7.0 does not check the access flags of the file descriptor used for sending a file, which allows local users to read the contents of write-only files. | |||||
CVE-2007-4303 | 2 Cerb, Freebsd | 2 Cerbng, Freebsd | 2008-09-05 | 6.2 MEDIUM | N/A |
Multiple race conditions in (1) certain rules and (2) argument copying during VM protection, in CerbNG for FreeBSD 4.8 allow local users to defeat system call interposition and possibly gain privileges or bypass auditing, as demonstrated by modifying command lines in log-exec.cb. | |||||
CVE-2007-4304 | 2 Cerb, Freebsd | 2 Cerbng, Freebsd | 2008-09-05 | 6.2 MEDIUM | N/A |
CerbNG for FreeBSD 4.8 does not properly implement VM protection when attempting to prevent system call wrapper races, which allows local users to have an unknown impact related to an "incorrect write protection of pages". | |||||
CVE-2006-5483 | 1 Freebsd | 1 Freebsd | 2008-09-05 | 2.1 LOW | N/A |
p1003_1b.c in FreeBSD 6.1 allows local users to cause an unspecified denial of service by setting a scheduler policy, which should only be settable by root. | |||||
CVE-2006-5550 | 2 Freebsd, Openbsd | 2 Freebsd, Openbsd | 2008-09-05 | 4.9 MEDIUM | N/A |
The kernel in FreeBSD 6.1 and OpenBSD 4.0 allows local users to cause a denial of service via unspecified vectors involving certain ioctl requests to /dev/crypto. | |||||
CVE-2006-5482 | 1 Freebsd | 1 Freebsd | 2008-09-05 | 2.1 LOW | N/A |
ufs_vnops.c in FreeBSD 6.1 allows local users to cause an unspecified denial of service by calling the ftruncate function on a file type that is not VREG, VLNK or VDIR, which is not defined in POSIX. | |||||
CVE-2005-2068 | 1 Freebsd | 1 Freebsd | 2008-09-05 | 5.0 MEDIUM | N/A |
FreeBSD 4.x through 4.11 and 5.x through 5.4 allows remote attackers to modify certain TCP options via a TCP packet with the SYN flag set for an already established session. | |||||
CVE-2005-2019 | 1 Freebsd | 1 Freebsd | 2008-09-05 | 5.0 MEDIUM | N/A |
ipfw in FreeBSD 5.4, when running on Symmetric Multi-Processor (SMP) or Uni Processor (UP) systems with the PREEMPTION kernel option enabled, does not sufficiently lock certain resources while performing table lookups, which can cause the cache results to be corrupted during multiple concurrent lookups, allowing remote attackers to bypass intended access restrictions. | |||||
CVE-2005-1399 | 1 Freebsd | 1 Freebsd | 2008-09-05 | 4.6 MEDIUM | N/A |
FreeBSD 4.6 to 4.11 and 5.x to 5.4 uses insecure default permissions for the /dev/iir device, which allows local users to execute restricted ioctl calls to read or modify data on hardware that is controlled by the iir driver. | |||||
CVE-2005-1400 | 1 Freebsd | 1 Freebsd | 2008-09-05 | 4.6 MEDIUM | N/A |
The i386_get_ldt system call in FreeBSD 4.7 to 4.11 and 5.x to 5.4 allows local users to access sensitive kernel memory via arguments with negative or very large values. | |||||
CVE-2005-1036 | 1 Freebsd | 1 Freebsd | 2008-09-05 | 7.2 HIGH | N/A |
FreeBSD 5.x to 5.4 on AMD64 does not properly initialize the IO permission bitmap used to allow user access to certain hardware, which allows local users to bypass intended access restrictions to cause a denial of service, obtain sensitive information, and possibly gain privileges. | |||||
CVE-2005-0610 | 1 Freebsd | 1 Freebsd | 2008-09-05 | 7.2 HIGH | N/A |
Multiple symlink vulnerabilities in portupgrade before 20041226_2 in FreeBSD allow local users to (1) overwrite arbitrary files and possibly replace packages to execute arbitrary code via pkg_fetch, (2) overwrite arbitrary files via temporary files when portupgrade upgrades a port or package, or (3) create arbitrary zero-byte files via the pkgdb.fixme temporary file. | |||||
CVE-2002-1915 | 3 Freebsd, Netbsd, Openbsd | 3 Freebsd, Netbsd, Openbsd | 2008-09-05 | 2.1 LOW | N/A |
tip on multiple BSD-based operating systems allows local users to cause a denial of service (execution prevention) by using flock() to lock the /var/log/acculog file. | |||||
CVE-2002-0754 | 2 Freebsd, Kth | 3 Freebsd, Heimdal, Heimdal | 2008-09-05 | 7.2 HIGH | N/A |
Kerberos 5 su (k5su) in FreeBSD 4.4 and earlier relies on the getlogin system call to determine if the user running k5su is root, which could allow a root-initiated process to regain its privileges after it has dropped them. | |||||
CVE-2002-0755 | 1 Freebsd | 1 Freebsd | 2008-09-05 | 7.2 HIGH | N/A |
Kerberos 5 su (k5su) in FreeBSD 4.5 and earlier does not verify that a user is a member of the wheel group before granting superuser privileges, which could allow unauthorized users to execute commands as root. | |||||
CVE-2002-0794 | 1 Freebsd | 1 Freebsd | 2008-09-05 | 5.0 MEDIUM | N/A |
The accept_filter mechanism in FreeBSD 4 through 4.5 does not properly remove entries from the incomplete listen queue when adding a syncache, which allows remote attackers to cause a denial of service (network service availability) via a large number of connection attempts, which fills the queue. | |||||
CVE-2002-0518 | 1 Freebsd | 1 Freebsd | 2008-09-05 | 5.0 MEDIUM | N/A |
The SYN cache (syncache) and SYN cookie (syncookie) mechanism in FreeBSD 4.5 and earlier allows remote attackers to cause a denial of service (crash) (1) via a SYN packet that is accepted using syncookies that causes a null pointer to be referenced for the socket's TCP options, or (2) by killing and restarting a process that listens on the same socket, which does not properly clear the old inpcb pointer on restart. |