VYPR

FreeBSD

by FreeBSD

Source repositories

CVEs (510)

  • CVE-2015-1415Apr 10, 2015
    risk 0.00cvss epss 0.00

    The bsdinstall installer in FreeBSD 10.x before 10.1 p9, when configuring full disk encrypted ZFS, uses world-readable permissions for the GELI keyfile (/boot/encryption.key), which allows local users to obtain sensitive key information by reading the file.

  • CVE-2015-1414Feb 27, 2015
    risk 0.00cvss epss 0.04

    Integer overflow in FreeBSD before 8.4 p24, 9.x before 9.3 p10. 10.0 before p18, and 10.1 before p6 allows remote attackers to cause a denial of service (crash) via a crafted IGMP packet, which triggers an incorrect size calculation and allocation of insufficient memory.

  • CVE-2014-8613Feb 2, 2015
    risk 0.00cvss epss 0.03

    The sctp module in FreeBSD 10.1 before p5, 10.0 before p17, 9.3 before p9, and 8.4 before p23 allows remote attackers to cause a denial of service (NULL pointer dereference and kernel panic) via a crafted RE_CONFIG chunk.

  • CVE-2014-8117Dec 17, 2014
    risk 0.00cvss epss 0.06

    softmagic.c in file before 5.21 does not properly limit recursion, which allows remote attackers to cause a denial of service (CPU consumption or crash) via unspecified vectors.

  • CVE-2014-8116Dec 17, 2014
    risk 0.00cvss epss 0.04

    The ELF parser (readelf.c) in file before 5.21 allows remote attackers to cause a denial of service (CPU consumption or crash) via a large number of (1) program or (2) section headers or (3) invalid capabilities.

  • CVE-2014-7250Dec 12, 2014
    risk 0.00cvss epss 0.05

    The TCP stack in 4.3BSD Net/2, as used in FreeBSD 5.4, NetBSD possibly 2.0, and OpenBSD possibly 3.6, does not properly implement the session timer, which allows remote attackers to cause a denial of service (resource consumption) via crafted packets.

  • CVE-2014-8475Nov 18, 2014
    risk 0.00cvss epss 0.02

    FreeBSD 9.1, 9.2, and 10.0, when compiling OpenSSH with Kerberos support, uses incorrect library ordering when linking sshd, which causes symbols to be resolved incorrectly and allows remote attackers to cause a denial of service (sshd deadlock and prevention of new connections)…

  • CVE-2014-8476Nov 13, 2014
    risk 0.00cvss epss 0.00

    The setlogin function in FreeBSD 8.4 through 10.1-RC4 does not initialize the buffer used to store the login name, which allows local users to obtain sensitive information from kernel memory via a call to getlogin, which returns the entire buffer.

  • CVE-2014-3955Oct 27, 2014
    risk 0.00cvss epss 0.02

    routed in FreeBSD 8.4 through 10.1-RC2 allows remote attackers to cause a denial of service (assertion failure and daemon exit) via an RIP request from a source not on a directly connected network.

  • CVE-2014-3954Oct 27, 2014
    risk 0.00cvss epss 0.04

    Stack-based buffer overflow in rtsold in FreeBSD 9.1 through 10.1-RC2 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via crafted DNS parameters in a router advertisement message.

  • CVE-2014-3711Oct 27, 2014
    risk 0.00cvss epss 0.02

    namei in FreeBSD 9.1 through 10.1-RC2 allows remote attackers to cause a denial of service (memory exhaustion) via vectors that trigger a sandboxed process to look up a large number of nonexistent path names.

  • CVE-2014-5384Aug 21, 2014
    risk 0.00cvss epss 0.02

    The VIQR module in the iconv implementation in FreeBSD 10.0 before p6 and NetBSD allows context-dependent attackers to cause a denial of service (out-of-bounds array access) via a crafted argument to the iconv_open function. NOTE: this issue was SPLIT from CVE-2014-3951 per…

  • CVE-2014-3951Aug 21, 2014
    risk 0.00cvss epss 0.02

    The HZ module in the iconv implementation in FreeBSD 10.0 before p6 and NetBSD allows context-dependent attackers to cause a denial of service (NULL pointer dereference) via a crafted argument to the iconv_open function. NOTE: this issue was SPLIT per ADT2 due to different…

  • CVE-2014-3953Jul 15, 2014
    risk 0.00cvss epss 0.00

    FreeBSD 8.4 before p14, 9.1 before p17, 9.2 before p10, and 10.0 before p7 does not properly initialize certain data structures, which allows local users to obtain sensitive information from kernel memory via a (1) SCTP_SNDRCV, (2) SCTP_EXTRCV, or (3) SCTP_RCVINFO SCTP cmsg or a…

  • CVE-2014-3952Jul 15, 2014
    risk 0.00cvss epss 0.00

    FreeBSD 8.4 before p14, 9.1 before p17, 9.2 before p10, and 10.0 before p7 does not properly initialize the buffer between the header and data of a control message, which allows local users to obtain sensitive information from kernel memory via unspecified vectors.

  • CVE-2014-3880Jun 10, 2014
    risk 0.00cvss epss 0.00

    The (1) execve and (2) fexecve system calls in the FreeBSD kernel 8.4 before p11, 9.1 before p14, 9.2 before p7, and 10.0 before p4 destroys the virtual memory address space and mappings for a process before all threads have terminated, which allows local users to cause a denial…

  • CVE-2014-3873Jun 10, 2014
    risk 0.00cvss epss 0.00

    The ktrace utility in the FreeBSD kernel 8.4 before p11, 9.1 before p14, 9.2 before p7, and 9.3-BETA1 before p1 uses an incorrect page fault kernel trace entry size, which allows local users to obtain sensitive information from kernel memory via a kernel process trace.

  • CVE-2014-3956Jun 4, 2014
    risk 0.00cvss epss 0.01

    The sm_close_on_exec function in conf.c in sendmail before 8.14.9 has arguments in the wrong order, and consequently skips setting expected FD_CLOEXEC flags, which allows local users to access unintended high-numbered file descriptors via a custom mail-delivery program.

  • CVE-2014-3001May 2, 2014
    risk 0.00cvss epss 0.01

    The device file system (aka devfs) in FreeBSD 10.0 before p2 does not load default rulesets when booting, which allows context-dependent attackers to bypass intended restrictions by leveraging a jailed device node process.

  • CVE-2014-1453Apr 16, 2014
    risk 0.00cvss epss 0.02

    The NFS server (nfsserver) in FreeBSD 8.3 through 10.0 does not acquire locks in the proper order when converting a directory file handle to a vnode, which allows remote authenticated users to cause a denial of service (deadlock) via vectors involving a thread that uses the…

Page 16 of 26