FreeBSD
by FreeBSD
Source repositories
CVEs (510)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2002-0831 | 0.00 | — | 0.00 | Aug 12, 2002 | The kqueue mechanism in FreeBSD 4.3 through 4.6 STABLE allows local users to cause a denial of service (kernel panic) via a pipe call in which one end is terminated and an EVFILT_WRITE filter is registered for the other end. | |||
| CVE-2002-0701 | 0.00 | — | 0.00 | Jul 23, 2002 | ktrace in BSD-based operating systems allows the owner of a process with special privileges to trace the process after its privileges have been lowered, which may allow the owner to obtain sensitive information that the process obtained while it was running with the extra… | |||
| CVE-2002-0574 | 0.00 | — | 0.02 | Jul 3, 2002 | Memory leak in FreeBSD 4.5 and earlier allows remote attackers to cause a denial of service (memory exhaustion) via ICMP echo packets that trigger a bug in ip_output() in which the reference count for a routing table entry is not decremented, which prevents the entry from being… | |||
| CVE-2002-0381 | 0.00 | — | 0.02 | Jun 25, 2002 | The TCP implementation in various BSD operating systems (tcp_input.c) does not properly block connections to broadcast addresses, which could allow remote attackers to bypass intended filters via packets with a unicast link layer address and an IP broadcast address. | |||
| CVE-2002-0062 | 0.00 | — | 0.00 | Mar 8, 2002 | Buffer overflow in ncurses 5.0, and the ncurses4 compatibility package as used in Red Hat Linux, allows local users to gain privileges, related to "routines for moving the physical cursor and scrolling." | |||
| CVE-2001-0796 | 0.00 | — | 0.02 | Dec 6, 2001 | SGI IRIX 6.5 through 6.5.12f and possibly earlier versions, and FreeBSD 3.0, allows remote attackers to cause a denial of service via a malformed IGMP multicast packet with a small response delay. | |||
| CVE-2001-1034 | 0.00 | — | 0.00 | Sep 23, 2001 | Format string vulnerability in Hylafax on FreeBSD allows local users to execute arbitrary code via format specifiers in the -h hostname argument for (1) faxrm or (2) faxalter. | |||
| CVE-2001-0710 | 0.00 | — | 0.02 | Sep 20, 2001 | NetBSD 1.5 and earlier and FreeBSD 4.3 and earlier allows a remote attacker to cause a denial of service by sending a large number of IP fragments to the machine, exhausting the mbuf pool. | |||
| CVE-2001-1017 | 0.00 | — | 0.00 | Sep 4, 2001 | rmuser utility in FreeBSD 4.2 and 4.3 creates a copy of the master.passwd file with world-readable permissions while updating the original file, which could allow local users to gain privileges by reading the copied file while rmuser is running, obtain the password hashes, and… | |||
| CVE-2001-0969 | 0.00 | — | 0.02 | Aug 31, 2001 | ipfw in FreeBSD does not properly handle the use of "me" in its rules when point to point interfaces are used, which causes ipfw to allow connections from arbitrary remote hosts. | |||
| CVE-2001-1166 | 0.00 | — | 0.01 | Aug 21, 2001 | linprocfs on FreeBSD 4.3 and earlier does not properly restrict access to kernel memory, which allows one process with debugging rights on a privileged process to read restricted memory from that process. | |||
| CVE-2001-1145 | 0.00 | — | 0.00 | Aug 17, 2001 | fts routines in FreeBSD 4.3 and earlier, NetBSD before 1.5.2, and OpenBSD 2.9 and earlier can be forced to change (chdir) into a different directory than intended when the directory above the current directory is moved, which could cause scripts to perform dangerous actions on… | |||
| CVE-2001-1180 | 0.00 | — | 0.01 | Jul 10, 2001 | FreeBSD 4.3 does not properly clear shared signal handlers when executing a process, which allows local users to gain privileges by calling rfork with a shared signal handler, having the child process execute a setuid program, and sending a signal to the child. | |||
| CVE-2001-1244 | 0.00 | — | 0.35 | Jul 7, 2001 | Multiple TCP implementations could allow remote attackers to cause a denial of service (bandwidth and CPU exhaustion) by setting the maximum segment size (MSS) to a very small number and requesting large amounts of data, which generates more packets with less TCP-level data that… | |||
| CVE-2001-0424 | 0.00 | — | 0.00 | Jul 2, 2001 | BubbleMon 1.31 does not properly drop group privileges before executing programs, which allows local users to execute arbitrary commands with the kmem group id. | |||
| CVE-2001-0439 | 0.00 | — | 0.02 | Jul 2, 2001 | licq before 1.0.3 allows remote attackers to execute arbitrary commands via shell metacharacters in a URL. | |||
| CVE-2001-0469 | 0.00 | — | 0.02 | Jun 27, 2001 | rwho daemon rwhod in FreeBSD 4.2 and earlier, and possibly other operating systems, allows remote attackers to cause a denial of service via malformed packets with a short length. | |||
| CVE-2001-0388 | 0.00 | — | 0.03 | Jun 27, 2001 | time server daemon timed allows remote attackers to cause a denial of service via malformed packets. | |||
| CVE-2001-0371 | 0.00 | — | 0.00 | Jun 18, 2001 | Race condition in the UFS and EXT2FS file systems in FreeBSD 4.2 and earlier, and possibly other operating systems, makes deleted data available to user processes before it is zeroed out, which allows a local user to access otherwise restricted information. | |||
| CVE-2001-0310 | 0.00 | — | 0.00 | Jun 2, 2001 | sort in FreeBSD 4.1.1 and earlier, and possibly other operating systems, uses predictable temporary file names and does not properly handle when the temporary file already exists, which causes sort to crash and possibly impacts security-sensitive scripts. |
- CVE-2002-0831Aug 12, 2002risk 0.00cvss —epss 0.00
The kqueue mechanism in FreeBSD 4.3 through 4.6 STABLE allows local users to cause a denial of service (kernel panic) via a pipe call in which one end is terminated and an EVFILT_WRITE filter is registered for the other end.
- CVE-2002-0701Jul 23, 2002risk 0.00cvss —epss 0.00
ktrace in BSD-based operating systems allows the owner of a process with special privileges to trace the process after its privileges have been lowered, which may allow the owner to obtain sensitive information that the process obtained while it was running with the extra…
- CVE-2002-0574Jul 3, 2002risk 0.00cvss —epss 0.02
Memory leak in FreeBSD 4.5 and earlier allows remote attackers to cause a denial of service (memory exhaustion) via ICMP echo packets that trigger a bug in ip_output() in which the reference count for a routing table entry is not decremented, which prevents the entry from being…
- CVE-2002-0381Jun 25, 2002risk 0.00cvss —epss 0.02
The TCP implementation in various BSD operating systems (tcp_input.c) does not properly block connections to broadcast addresses, which could allow remote attackers to bypass intended filters via packets with a unicast link layer address and an IP broadcast address.
- CVE-2002-0062Mar 8, 2002risk 0.00cvss —epss 0.00
Buffer overflow in ncurses 5.0, and the ncurses4 compatibility package as used in Red Hat Linux, allows local users to gain privileges, related to "routines for moving the physical cursor and scrolling."
- CVE-2001-0796Dec 6, 2001risk 0.00cvss —epss 0.02
SGI IRIX 6.5 through 6.5.12f and possibly earlier versions, and FreeBSD 3.0, allows remote attackers to cause a denial of service via a malformed IGMP multicast packet with a small response delay.
- CVE-2001-1034Sep 23, 2001risk 0.00cvss —epss 0.00
Format string vulnerability in Hylafax on FreeBSD allows local users to execute arbitrary code via format specifiers in the -h hostname argument for (1) faxrm or (2) faxalter.
- CVE-2001-0710Sep 20, 2001risk 0.00cvss —epss 0.02
NetBSD 1.5 and earlier and FreeBSD 4.3 and earlier allows a remote attacker to cause a denial of service by sending a large number of IP fragments to the machine, exhausting the mbuf pool.
- CVE-2001-1017Sep 4, 2001risk 0.00cvss —epss 0.00
rmuser utility in FreeBSD 4.2 and 4.3 creates a copy of the master.passwd file with world-readable permissions while updating the original file, which could allow local users to gain privileges by reading the copied file while rmuser is running, obtain the password hashes, and…
- CVE-2001-0969Aug 31, 2001risk 0.00cvss —epss 0.02
ipfw in FreeBSD does not properly handle the use of "me" in its rules when point to point interfaces are used, which causes ipfw to allow connections from arbitrary remote hosts.
- CVE-2001-1166Aug 21, 2001risk 0.00cvss —epss 0.01
linprocfs on FreeBSD 4.3 and earlier does not properly restrict access to kernel memory, which allows one process with debugging rights on a privileged process to read restricted memory from that process.
- CVE-2001-1145Aug 17, 2001risk 0.00cvss —epss 0.00
fts routines in FreeBSD 4.3 and earlier, NetBSD before 1.5.2, and OpenBSD 2.9 and earlier can be forced to change (chdir) into a different directory than intended when the directory above the current directory is moved, which could cause scripts to perform dangerous actions on…
- CVE-2001-1180Jul 10, 2001risk 0.00cvss —epss 0.01
FreeBSD 4.3 does not properly clear shared signal handlers when executing a process, which allows local users to gain privileges by calling rfork with a shared signal handler, having the child process execute a setuid program, and sending a signal to the child.
- CVE-2001-1244Jul 7, 2001risk 0.00cvss —epss 0.35
Multiple TCP implementations could allow remote attackers to cause a denial of service (bandwidth and CPU exhaustion) by setting the maximum segment size (MSS) to a very small number and requesting large amounts of data, which generates more packets with less TCP-level data that…
- CVE-2001-0424Jul 2, 2001risk 0.00cvss —epss 0.00
BubbleMon 1.31 does not properly drop group privileges before executing programs, which allows local users to execute arbitrary commands with the kmem group id.
- CVE-2001-0439Jul 2, 2001risk 0.00cvss —epss 0.02
licq before 1.0.3 allows remote attackers to execute arbitrary commands via shell metacharacters in a URL.
- CVE-2001-0469Jun 27, 2001risk 0.00cvss —epss 0.02
rwho daemon rwhod in FreeBSD 4.2 and earlier, and possibly other operating systems, allows remote attackers to cause a denial of service via malformed packets with a short length.
- CVE-2001-0388Jun 27, 2001risk 0.00cvss —epss 0.03
time server daemon timed allows remote attackers to cause a denial of service via malformed packets.
- CVE-2001-0371Jun 18, 2001risk 0.00cvss —epss 0.00
Race condition in the UFS and EXT2FS file systems in FreeBSD 4.2 and earlier, and possibly other operating systems, makes deleted data available to user processes before it is zeroed out, which allows a local user to access otherwise restricted information.
- CVE-2001-0310Jun 2, 2001risk 0.00cvss —epss 0.00
sort in FreeBSD 4.1.1 and earlier, and possibly other operating systems, uses predictable temporary file names and does not properly handle when the temporary file already exists, which causes sort to crash and possibly impacts security-sensitive scripts.
Page 22 of 26