VYPR

FreeBSD

by FreeBSD

Source repositories

CVEs (510)

  • CVE-2014-1452Jan 21, 2014
    risk 0.00cvss epss 0.02

    Stack-based buffer overflow in lib/snmpagent.c in bsnmpd, as used in FreeBSD 8.3 through 10.0, allows remote attackers to cause a denial of service (daemon crash) and possibly execute arbitrary code via a crafted GETBULK PDU request.

  • CVE-2013-6834Nov 21, 2013
    risk 0.00cvss epss 0.00

    The ql_eioctl function in sys/dev/qlxgbe/ql_ioctl.c in the kernel in FreeBSD 10 and earlier does not validate a certain size parameter, which allows local users to obtain sensitive information from kernel memory via a crafted ioctl call.

  • CVE-2013-6833Nov 21, 2013
    risk 0.00cvss epss 0.00

    The qls_eioctl function in sys/dev/qlxge/qls_ioctl.c in the kernel in FreeBSD 10 and earlier does not validate a certain size parameter, which allows local users to obtain sensitive information from kernel memory via a crafted ioctl call.

  • CVE-2013-6832Nov 21, 2013
    risk 0.00cvss epss 0.00

    The nand_ioctl function in sys/dev/nand/nand_geom.c in the nand driver in the kernel in FreeBSD 10 and earlier does not properly initialize a certain data structure, which allows local users to obtain sensitive information from kernel memory via a crafted ioctl call.

  • CVE-2013-0211Sep 30, 2013
    risk 0.00cvss epss 0.04

    Integer signedness error in the archive_write_zip_data function in archive_write_set_format_zip.c in libarchive 3.1.2 and earlier, when running on 64-bit machines, allows context-dependent attackers to cause a denial of service (crash) via unspecified vectors, which triggers an…

  • CVE-2013-5710Sep 23, 2013
    risk 0.00cvss epss 0.00

    The nullfs implementation in sys/fs/nullfs/null_vnops.c in the kernel in FreeBSD 8.3 through 9.2 allows local users with certain permissions to bypass access restrictions via a hardlink in a nullfs instance to a file in a different instance.

  • CVE-2013-5666Sep 23, 2013
    risk 0.00cvss epss 0.00

    The sendfile system-call implementation in sys/kern/uipc_syscalls.c in the kernel in FreeBSD 9.2-RC1 and 9.2-RC2 does not properly pad transmissions, which allows local users to obtain sensitive information (kernel memory) via a length greater than the length of the file.

  • CVE-2013-5691Sep 23, 2013
    risk 0.00cvss epss 0.00

    The (1) IPv6 and (2) ATM ioctl request handlers in the kernel in FreeBSD 8.3 through 9.2-STABLE do not validate SIOCSIFADDR, SIOCSIFBRDADDR, SIOCSIFDSTADDR, and SIOCSIFNETMASK requests, which allows local users to perform link-layer actions, cause a denial of service (panic), or…

  • CVE-2013-5209Aug 29, 2013
    risk 0.00cvss epss 0.03

    The sctp_send_initiate_ack function in sys/netinet/sctp_output.c in the SCTP implementation in the kernel in FreeBSD 8.3 through 9.2-PRERELEASE does not properly initialize the state-cookie data structure, which allows remote attackers to obtain sensitive information from kernel…

  • CVE-2013-3077Aug 28, 2013
    risk 0.00cvss epss 0.00

    Multiple integer overflows in the IP_MSFILTER and IPV6_MSFILTER features in (1) sys/netinet/in_mcast.c and (2) sys/netinet6/in6_mcast.c in the multicast implementation in the kernel in FreeBSD 8.3 through 9.2-PRERELEASE allow local users to bypass intended restrictions on…

  • CVE-2013-4851Jul 29, 2013
    risk 0.00cvss epss 0.02

    The vfs_hang_addrlist function in sys/kern/vfs_export.c in the NFS server implementation in the kernel in FreeBSD 8.3 and 9.x through 9.1-RELEASE-p5 controls authorization for host/subnet export entries on the basis of group information sent by the client, which allows remote…

  • CVE-2013-3266May 2, 2013
    risk 0.00cvss epss 0.04

    The nfsrvd_readdir function in sys/fs/nfsserver/nfs_nfsdport.c in the new NFS server in FreeBSD 8.0 through 9.1-RELEASE-p3 does not verify that a READDIR request is for a directory node, which allows remote attackers to cause a denial of service (memory corruption) or possibly…

  • CVE-2007-6754Jul 25, 2012
    risk 0.00cvss epss 0.01

    The ipalloc function in libc/stdlib/malloc.c in jemalloc in libc for FreeBSD 6.4 and NetBSD does not properly allocate memory, which makes it easier for context-dependent attackers to perform memory-related attacks such as buffer overflows via a large size value, related to…

  • CVE-2006-7252Jul 25, 2012
    risk 0.00cvss epss 0.01

    Integer overflow in the calloc function in libc/stdlib/malloc.c in jemalloc in libc for FreeBSD 6.4 and NetBSD makes it easier for context-dependent attackers to perform memory-related attacks such as buffer overflows via a large size value, which triggers a memory allocation of…

  • CVE-2012-2143Jul 5, 2012
    risk 0.00cvss epss 0.06

    The crypt_des (aka DES-based crypt) function in FreeBSD before 9.0-RELEASE-p2, as used in PHP, PostgreSQL, and other products, does not process the complete cleartext password if this password contains a 0x80 character, which makes it easier for context-dependent attackers to…

  • CVE-2011-2393Feb 2, 2012
    risk 0.00cvss epss 0.02

    The Neighbor Discovery (ND) protocol implementation in the IPv6 stack in FreeBSD, NetBSD, and possibly other BSD-based operating systems allows remote attackers to cause a denial of service (CPU consumption and device hang) by sending many Router Advertisement (RA) messages with…

  • CVE-2011-1739May 3, 2011
    risk 0.00cvss epss 0.01

    The makemask function in mountd.c in mountd in FreeBSD 7.4 through 8.2 does not properly handle a -network field specifying a CIDR block with a prefix length that is not an integer multiple of 8, which allows remote attackers to bypass intended access restrictions in…

  • CVE-2011-1074Mar 4, 2011
    risk 0.00cvss epss 0.01

    crontab.c in crontab in FreeBSD allows local users to determine the existence of arbitrary directories via a command-line argument composed of a directory name concatenated with a directory traversal sequence that leads to the /etc/crontab pathname.

  • CVE-2011-1073Mar 4, 2011
    risk 0.00cvss epss 0.00

    crontab.c in crontab in FreeBSD and Apple Mac OS X allows local users to (1) determine the existence of arbitrary files via a symlink attack on a /tmp/crontab.XXXXXXXXXX temporary file and (2) perform MD5 checksum comparisons on arbitrary pairs of files via two symlink attacks…

  • CVE-2010-4754Mar 2, 2011
    risk 0.00cvss epss 0.01

    The glob implementation in libc in FreeBSD 7.3 and 8.1, NetBSD 5.0.2, and OpenBSD 4.7, and Libsystem in Apple Mac OS X before 10.6.8, allows remote authenticated users to cause a denial of service (CPU and memory consumption) via crafted glob expressions that do not match any…

Page 17 of 26