VYPR

Vendor CVEs

FreeBSD

All CVEs

558 total · sorted by risk
  • CVE-2000-1012Dec 11, 2000
    risk 0.00cvss epss 0.00

    The catopen function in FreeBSD 5.0 and earlier, and possibly other OSes, allows local users to read arbitrary files via the LANG environmental variable.

  • CVE-2000-1066Dec 11, 2000
    risk 0.00cvss epss 0.02

    The getnameinfo function in FreeBSD 4.1.1 and earlier, and possibly other operating systems, allows a remote attacker to cause a denial of service via a long DNS hostname.

  • CVE-2000-0852Nov 14, 2000
    risk 0.00cvss epss 0.00

    Multiple buffer overflows in eject on FreeBSD and possibly other OSes allows local users to gain root privileges.

  • CVE-2000-0729Oct 20, 2000
    risk 0.00cvss epss 0.00

    FreeBSD 5.x, 4.x, and 3.x allows local users to cause a denial of service by executing a program with a malformed ELF image header.

  • CVE-2000-0752Oct 20, 2000
    risk 0.00cvss epss 0.00

    Buffer overflows in brouted in FreeBSD and possibly other OSes allows local users to gain root privileges via long command line arguments.

  • CVE-2000-0749Oct 20, 2000
    risk 0.00cvss epss 0.00

    Buffer overflow in the Linux binary compatibility module in FreeBSD 3.x through 5.x allows local users to gain root privileges via long filenames in the linux shadow file system.

  • CVE-1999-0761Sep 16, 2000
    risk 0.00cvss epss 0.00

    Buffer overflow in FreeBSD fts library routines allows local user to modify arbitrary files via the periodic program.

  • CVE-2000-0595Jul 5, 2000
    risk 0.00cvss epss 0.01

    libedit searches for the .editrc file in the current directory instead of the user's home directory, which may allow local users to execute arbitrary commands by installing a modified .editrc in another directory.

  • CVE-2000-0535Jun 12, 2000
    risk 0.00cvss epss 0.01

    OpenSSL 0.9.4 and OpenSSH for FreeBSD do not properly check for the existence of the /dev/random or /dev/urandom devices, which are absent on FreeBSD Alpha systems, which causes them to produce weak keys which may be more easily broken.

  • CVE-2000-0532Jun 7, 2000
    risk 0.00cvss epss 0.02

    A FreeBSD patch for SSH on 2000-01-14 configures ssh to listen on port 722 as well as port 22, which might allow remote attackers to access SSH through port 722 even if port 22 is otherwise filtered.

  • CVE-2000-0534Jun 7, 2000
    risk 0.00cvss epss 0.00

    The apsfilter software in the FreeBSD ports package does not properly read user filter configurations, which allows local users to execute commands as the lpd user.

  • CVE-2000-0461May 29, 2000
    risk 0.00cvss epss 0.00

    The undocumented semconfig system call in BSD freezes the state of semaphores, which allows local users to cause a denial of service of the semaphore system by using the semconfig call.

  • CVE-2000-0387May 9, 2000
    risk 0.00cvss epss 0.00

    The makelev program in the golddig game from the FreeBSD ports collection allows local users to overwrite arbitrary files.

  • CVE-2000-0294Apr 10, 2000
    risk 0.00cvss epss 0.00

    Buffer overflow in healthd for FreeBSD allows local users to gain root privileges.

  • CVE-2000-0235Mar 27, 2000
    risk 0.00cvss epss 0.00

    Buffer overflow in the huh program in the orville-write package allows local users to gain root privileges.

  • CVE-2000-0186Feb 28, 2000
    risk 0.00cvss epss 0.00

    Buffer overflow in the dump utility in the Linux ext2fs backup package allows local users to gain privileges via a long command line argument.

  • CVE-2000-0092Jan 19, 2000
    risk 0.00cvss epss 0.00

    The BSD make program allows local users to modify files via a symlink attack when the -j option is being used.

  • CVE-1999-0964Jan 1, 2000
    risk 0.00cvss epss 0.00

    Buffer overflow in FreeBSD setlocale in the libc module allows attackers to execute arbitrary code via a long PATH_LOCALE environment variable.

  • CVE-1999-1339Dec 31, 1999
    risk 0.00cvss epss 0.03

    Vulnerability when Network Address Translation (NAT) is enabled in Linux 2.2.10 and earlier with ipchains, or FreeBSD 3.2 with ipfw, allows remote attackers to cause a denial of service (kernel panic) via a ping -R (record route) command.

  • CVE-1999-0001Dec 30, 1999
    risk 0.00cvss epss 0.03

    ip_input.c in BSD-derived TCP/IP implementations allows remote attackers to cause a denial of service (crash or hang) via crafted packets.

  • CVE-1999-0963Dec 1, 1999
    risk 0.00cvss epss 0.00

    FreeBSD mount_union command allows local users to gain root privileges via a symlink attack.

  • CVE-1999-0863Nov 8, 1999
    risk 0.00cvss epss 0.00

    Buffer overflow in FreeBSD seyon via HOME environmental variable, -emulator argument, -modems argument, or the GUI.

  • CVE-1999-1517Nov 1, 1999
    risk 0.00cvss epss 0.00

    runtar in the Amanda backup system used in various UNIX operating systems executes tar with root privileges, which allows a user to overwrite or read arbitrary files by providing the target files to runtar.

  • CVE-1999-1564Sep 2, 1999
    risk 0.00cvss epss 0.00

    FreeBSD 3.2 and possibly other versions allows a local user to cause a denial of service (panic) with a large number accesses of an NFS v3 mounted directory from a large number of processes.

  • CVE-1999-0703Aug 3, 1999
    risk 0.00cvss epss 0.00

    OpenBSD, BSDI, and other Unix operating systems allow users to set chflags and fchflags on character and block devices.

  • CVE-1999-0798Dec 4, 1998
    risk 0.00cvss epss 0.02

    Buffer overflow in bootpd on OpenBSD, FreeBSD, and Linux systems via a malformed header type.

  • CVE-1999-0780Nov 18, 1998
    risk 0.00cvss epss 0.00

    KDE klock allows local users to kill arbitrary processes by specifying an arbitrary PID in the .kss.pid file.

  • CVE-1999-0781Nov 18, 1998
    risk 0.00cvss epss 0.00

    KDE allows local users to execute arbitrary commands by setting the KDEDIR environmental variable to modify the search path that KDE uses to locate its executables.

  • CVE-1999-0782Nov 18, 1998
    risk 0.00cvss epss 0.00

    KDE kppp allows local users to create a directory in an arbitrary location via the HOME environmental variable.

  • CVE-1999-0053Oct 13, 1998
    risk 0.00cvss epss 0.02

    TCP RST denial of service in FreeBSD.

  • CVE-1999-0796May 1, 1998
    risk 0.00cvss epss 0.01

    FreeBSD T/TCP Extensions for Transactions can be subjected to spoofing attacks.

  • CVE-1999-0323Feb 20, 1998
    risk 0.00cvss epss 0.01

    FreeBSD mmap function allows users to modify append-only or immutable files.

  • CVE-1999-0305Feb 1, 1998
    risk 0.00cvss epss 0.01

    The system configuration control (sysctl) facility in BSD based operating systems OpenBSD 2.2 and earlier, and FreeBSD 2.2.5 and earlier, does not properly restrict source routed packets even when the (1) dosourceroute or (2) forwarding variables are set, which allows remote…

  • CVE-1999-0304Feb 1, 1998
    risk 0.00cvss epss 0.00

    mmap function in BSD allows local attackers in the kmem group to modify memory through devices.

  • CVE-1999-0017Dec 10, 1997
    risk 0.00cvss epss 0.02

    FTP servers can allow an attacker to connect to arbitrary ports on machines other than the FTP client, aka FTP bounce.

  • CVE-1999-0322Oct 29, 1997
    risk 0.00cvss epss 0.00

    The open() function in FreeBSD allows local attackers to write to arbitrary files.

  • CVE-1999-0061Oct 2, 1997
    risk 0.00cvss epss 0.02

    File creation and deletion, and remote execution, in the BSD line printer daemon (lpd).

  • CVE-1999-1214Sep 15, 1997
    risk 0.00cvss epss 0.00

    The asynchronous I/O facility in 4.4 BSD kernel does not check user credentials when setting the recipient of I/O notification, which allows local users to cause a denial of service by using certain ioctl and fcntl calls to cause the signal to be sent to an arbitrary process ID.

  • CVE-1999-1182Jul 17, 1997
    risk 0.00cvss epss 0.00

    Buffer overflow in run-time linkers (1) ld.so or (2) ld-linux.so for Linux systems allows local users to gain privileges by calling a setuid program with a long program name (argv[0]) and forcing ld.so/ld-linux.so to report an error.

  • CVE-1999-0628Jul 1, 1997
    risk 0.00cvss epss 0.01

    The rwho/rwhod service is running, which exposes machine status and user information.

  • CVE-1999-0037May 21, 1997
    risk 0.00cvss epss 0.04

    Arbitrary command execution via metamail package using message headers, when user processes attacker's message using metamail.

  • CVE-1999-1298Apr 7, 1997
    risk 0.00cvss epss 0.01

    Sysinstall in FreeBSD 2.2.1 and earlier, when configuring anonymous FTP, creates the ftp user without a password and with /bin/date as the shell, which could allow attackers to gain access to certain system resources.

  • CVE-1999-0299Mar 5, 1997
    risk 0.00cvss epss 0.01

    Buffer overflow in FreeBSD lpd through long DNS hostnames.

  • CVE-1999-0345Jan 1, 1997
    risk 0.00cvss epss 0.01

    Jolt ICMP attack causes a denial of service in Windows 95 and Windows NT systems.

  • CVE-1999-1385Dec 19, 1996
    risk 0.00cvss epss 0.00

    Buffer overflow in ppp program in FreeBSD 2.1 and earlier allows local users to gain privileges via a long HOME environment variable.

  • CVE-1999-0297Dec 12, 1996
    risk 0.00cvss epss 0.00

    Buffer overflow in Vixie Cron library up to version 3.0 allows local users to obtain root access via a long environmental variable.

  • CVE-1999-0096Dec 10, 1996
    risk 0.00cvss epss 0.01

    Sendmail decode alias can be used to overwrite sensitive files.

  • CVE-1999-0129Dec 3, 1996
    risk 0.00cvss epss 0.01

    Sendmail allows local users to write to a file and gain group permissions via a .forward or :include: file.

  • CVE-1999-0131Sep 11, 1996
    risk 0.00cvss epss 0.01

    Buffer overflow and denial of service in Sendmail 8.7.5 and earlier through GECOS field gives root access to local users.

  • CVE-1999-1187Aug 26, 1996
    risk 0.00cvss epss 0.00

    Pine before version 3.94 allows local users to gain privileges via a symlink attack on a lockfile that is created when a user receives new mail.

Page 11 of 12