Vendor CVEs
FreeBSD
All CVEs
558 total · sorted by risk| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2000-1012 | 0.00 | — | 0.00 | Dec 11, 2000 | The catopen function in FreeBSD 5.0 and earlier, and possibly other OSes, allows local users to read arbitrary files via the LANG environmental variable. | |||
| CVE-2000-1066 | 0.00 | — | 0.02 | Dec 11, 2000 | The getnameinfo function in FreeBSD 4.1.1 and earlier, and possibly other operating systems, allows a remote attacker to cause a denial of service via a long DNS hostname. | |||
| CVE-2000-0852 | 0.00 | — | 0.00 | Nov 14, 2000 | Multiple buffer overflows in eject on FreeBSD and possibly other OSes allows local users to gain root privileges. | |||
| CVE-2000-0729 | 0.00 | — | 0.00 | Oct 20, 2000 | FreeBSD 5.x, 4.x, and 3.x allows local users to cause a denial of service by executing a program with a malformed ELF image header. | |||
| CVE-2000-0752 | 0.00 | — | 0.00 | Oct 20, 2000 | Buffer overflows in brouted in FreeBSD and possibly other OSes allows local users to gain root privileges via long command line arguments. | |||
| CVE-2000-0749 | 0.00 | — | 0.00 | Oct 20, 2000 | Buffer overflow in the Linux binary compatibility module in FreeBSD 3.x through 5.x allows local users to gain root privileges via long filenames in the linux shadow file system. | |||
| CVE-1999-0761 | 0.00 | — | 0.00 | Sep 16, 2000 | Buffer overflow in FreeBSD fts library routines allows local user to modify arbitrary files via the periodic program. | |||
| CVE-2000-0595 | 0.00 | — | 0.01 | Jul 5, 2000 | libedit searches for the .editrc file in the current directory instead of the user's home directory, which may allow local users to execute arbitrary commands by installing a modified .editrc in another directory. | |||
| CVE-2000-0535 | 0.00 | — | 0.01 | Jun 12, 2000 | OpenSSL 0.9.4 and OpenSSH for FreeBSD do not properly check for the existence of the /dev/random or /dev/urandom devices, which are absent on FreeBSD Alpha systems, which causes them to produce weak keys which may be more easily broken. | |||
| CVE-2000-0532 | 0.00 | — | 0.02 | Jun 7, 2000 | A FreeBSD patch for SSH on 2000-01-14 configures ssh to listen on port 722 as well as port 22, which might allow remote attackers to access SSH through port 722 even if port 22 is otherwise filtered. | |||
| CVE-2000-0534 | 0.00 | — | 0.00 | Jun 7, 2000 | The apsfilter software in the FreeBSD ports package does not properly read user filter configurations, which allows local users to execute commands as the lpd user. | |||
| CVE-2000-0461 | 0.00 | — | 0.00 | May 29, 2000 | The undocumented semconfig system call in BSD freezes the state of semaphores, which allows local users to cause a denial of service of the semaphore system by using the semconfig call. | |||
| CVE-2000-0387 | 0.00 | — | 0.00 | May 9, 2000 | The makelev program in the golddig game from the FreeBSD ports collection allows local users to overwrite arbitrary files. | |||
| CVE-2000-0294 | 0.00 | — | 0.00 | Apr 10, 2000 | Buffer overflow in healthd for FreeBSD allows local users to gain root privileges. | |||
| CVE-2000-0235 | 0.00 | — | 0.00 | Mar 27, 2000 | Buffer overflow in the huh program in the orville-write package allows local users to gain root privileges. | |||
| CVE-2000-0186 | 0.00 | — | 0.00 | Feb 28, 2000 | Buffer overflow in the dump utility in the Linux ext2fs backup package allows local users to gain privileges via a long command line argument. | |||
| CVE-2000-0092 | 0.00 | — | 0.00 | Jan 19, 2000 | The BSD make program allows local users to modify files via a symlink attack when the -j option is being used. | |||
| CVE-1999-0964 | 0.00 | — | 0.00 | Jan 1, 2000 | Buffer overflow in FreeBSD setlocale in the libc module allows attackers to execute arbitrary code via a long PATH_LOCALE environment variable. | |||
| CVE-1999-1339 | 0.00 | — | 0.03 | Dec 31, 1999 | Vulnerability when Network Address Translation (NAT) is enabled in Linux 2.2.10 and earlier with ipchains, or FreeBSD 3.2 with ipfw, allows remote attackers to cause a denial of service (kernel panic) via a ping -R (record route) command. | |||
| CVE-1999-0001 | 0.00 | — | 0.03 | Dec 30, 1999 | ip_input.c in BSD-derived TCP/IP implementations allows remote attackers to cause a denial of service (crash or hang) via crafted packets. | |||
| CVE-1999-0963 | 0.00 | — | 0.00 | Dec 1, 1999 | FreeBSD mount_union command allows local users to gain root privileges via a symlink attack. | |||
| CVE-1999-0863 | 0.00 | — | 0.00 | Nov 8, 1999 | Buffer overflow in FreeBSD seyon via HOME environmental variable, -emulator argument, -modems argument, or the GUI. | |||
| CVE-1999-1517 | 0.00 | — | 0.00 | Nov 1, 1999 | runtar in the Amanda backup system used in various UNIX operating systems executes tar with root privileges, which allows a user to overwrite or read arbitrary files by providing the target files to runtar. | |||
| CVE-1999-1564 | 0.00 | — | 0.00 | Sep 2, 1999 | FreeBSD 3.2 and possibly other versions allows a local user to cause a denial of service (panic) with a large number accesses of an NFS v3 mounted directory from a large number of processes. | |||
| CVE-1999-0703 | 0.00 | — | 0.00 | Aug 3, 1999 | OpenBSD, BSDI, and other Unix operating systems allow users to set chflags and fchflags on character and block devices. | |||
| CVE-1999-0798 | 0.00 | — | 0.02 | Dec 4, 1998 | Buffer overflow in bootpd on OpenBSD, FreeBSD, and Linux systems via a malformed header type. | |||
| CVE-1999-0780 | 0.00 | — | 0.00 | Nov 18, 1998 | KDE klock allows local users to kill arbitrary processes by specifying an arbitrary PID in the .kss.pid file. | |||
| CVE-1999-0781 | 0.00 | — | 0.00 | Nov 18, 1998 | KDE allows local users to execute arbitrary commands by setting the KDEDIR environmental variable to modify the search path that KDE uses to locate its executables. | |||
| CVE-1999-0782 | 0.00 | — | 0.00 | Nov 18, 1998 | KDE kppp allows local users to create a directory in an arbitrary location via the HOME environmental variable. | |||
| CVE-1999-0053 | 0.00 | — | 0.02 | Oct 13, 1998 | TCP RST denial of service in FreeBSD. | |||
| CVE-1999-0796 | 0.00 | — | 0.01 | May 1, 1998 | FreeBSD T/TCP Extensions for Transactions can be subjected to spoofing attacks. | |||
| CVE-1999-0323 | 0.00 | — | 0.01 | Feb 20, 1998 | FreeBSD mmap function allows users to modify append-only or immutable files. | |||
| CVE-1999-0305 | 0.00 | — | 0.01 | Feb 1, 1998 | The system configuration control (sysctl) facility in BSD based operating systems OpenBSD 2.2 and earlier, and FreeBSD 2.2.5 and earlier, does not properly restrict source routed packets even when the (1) dosourceroute or (2) forwarding variables are set, which allows remote… | |||
| CVE-1999-0304 | 0.00 | — | 0.00 | Feb 1, 1998 | mmap function in BSD allows local attackers in the kmem group to modify memory through devices. | |||
| CVE-1999-0017 | 0.00 | — | 0.02 | Dec 10, 1997 | FTP servers can allow an attacker to connect to arbitrary ports on machines other than the FTP client, aka FTP bounce. | |||
| CVE-1999-0322 | 0.00 | — | 0.00 | Oct 29, 1997 | The open() function in FreeBSD allows local attackers to write to arbitrary files. | |||
| CVE-1999-0061 | 0.00 | — | 0.02 | Oct 2, 1997 | File creation and deletion, and remote execution, in the BSD line printer daemon (lpd). | |||
| CVE-1999-1214 | 0.00 | — | 0.00 | Sep 15, 1997 | The asynchronous I/O facility in 4.4 BSD kernel does not check user credentials when setting the recipient of I/O notification, which allows local users to cause a denial of service by using certain ioctl and fcntl calls to cause the signal to be sent to an arbitrary process ID. | |||
| CVE-1999-1182 | 0.00 | — | 0.00 | Jul 17, 1997 | Buffer overflow in run-time linkers (1) ld.so or (2) ld-linux.so for Linux systems allows local users to gain privileges by calling a setuid program with a long program name (argv[0]) and forcing ld.so/ld-linux.so to report an error. | |||
| CVE-1999-0628 | 0.00 | — | 0.01 | Jul 1, 1997 | The rwho/rwhod service is running, which exposes machine status and user information. | |||
| CVE-1999-0037 | 0.00 | — | 0.04 | May 21, 1997 | Arbitrary command execution via metamail package using message headers, when user processes attacker's message using metamail. | |||
| CVE-1999-1298 | 0.00 | — | 0.01 | Apr 7, 1997 | Sysinstall in FreeBSD 2.2.1 and earlier, when configuring anonymous FTP, creates the ftp user without a password and with /bin/date as the shell, which could allow attackers to gain access to certain system resources. | |||
| CVE-1999-0299 | 0.00 | — | 0.01 | Mar 5, 1997 | Buffer overflow in FreeBSD lpd through long DNS hostnames. | |||
| CVE-1999-0345 | 0.00 | — | 0.01 | Jan 1, 1997 | Jolt ICMP attack causes a denial of service in Windows 95 and Windows NT systems. | |||
| CVE-1999-1385 | 0.00 | — | 0.00 | Dec 19, 1996 | Buffer overflow in ppp program in FreeBSD 2.1 and earlier allows local users to gain privileges via a long HOME environment variable. | |||
| CVE-1999-0297 | 0.00 | — | 0.00 | Dec 12, 1996 | Buffer overflow in Vixie Cron library up to version 3.0 allows local users to obtain root access via a long environmental variable. | |||
| CVE-1999-0096 | 0.00 | — | 0.01 | Dec 10, 1996 | Sendmail decode alias can be used to overwrite sensitive files. | |||
| CVE-1999-0129 | 0.00 | — | 0.01 | Dec 3, 1996 | Sendmail allows local users to write to a file and gain group permissions via a .forward or :include: file. | |||
| CVE-1999-0131 | 0.00 | — | 0.01 | Sep 11, 1996 | Buffer overflow and denial of service in Sendmail 8.7.5 and earlier through GECOS field gives root access to local users. | |||
| CVE-1999-1187 | 0.00 | — | 0.00 | Aug 26, 1996 | Pine before version 3.94 allows local users to gain privileges via a symlink attack on a lockfile that is created when a user receives new mail. |
- CVE-2000-1012Dec 11, 2000risk 0.00cvss —epss 0.00
The catopen function in FreeBSD 5.0 and earlier, and possibly other OSes, allows local users to read arbitrary files via the LANG environmental variable.
- CVE-2000-1066Dec 11, 2000risk 0.00cvss —epss 0.02
The getnameinfo function in FreeBSD 4.1.1 and earlier, and possibly other operating systems, allows a remote attacker to cause a denial of service via a long DNS hostname.
- CVE-2000-0852Nov 14, 2000risk 0.00cvss —epss 0.00
Multiple buffer overflows in eject on FreeBSD and possibly other OSes allows local users to gain root privileges.
- CVE-2000-0729Oct 20, 2000risk 0.00cvss —epss 0.00
FreeBSD 5.x, 4.x, and 3.x allows local users to cause a denial of service by executing a program with a malformed ELF image header.
- CVE-2000-0752Oct 20, 2000risk 0.00cvss —epss 0.00
Buffer overflows in brouted in FreeBSD and possibly other OSes allows local users to gain root privileges via long command line arguments.
- CVE-2000-0749Oct 20, 2000risk 0.00cvss —epss 0.00
Buffer overflow in the Linux binary compatibility module in FreeBSD 3.x through 5.x allows local users to gain root privileges via long filenames in the linux shadow file system.
- CVE-1999-0761Sep 16, 2000risk 0.00cvss —epss 0.00
Buffer overflow in FreeBSD fts library routines allows local user to modify arbitrary files via the periodic program.
- CVE-2000-0595Jul 5, 2000risk 0.00cvss —epss 0.01
libedit searches for the .editrc file in the current directory instead of the user's home directory, which may allow local users to execute arbitrary commands by installing a modified .editrc in another directory.
- CVE-2000-0535Jun 12, 2000risk 0.00cvss —epss 0.01
OpenSSL 0.9.4 and OpenSSH for FreeBSD do not properly check for the existence of the /dev/random or /dev/urandom devices, which are absent on FreeBSD Alpha systems, which causes them to produce weak keys which may be more easily broken.
- CVE-2000-0532Jun 7, 2000risk 0.00cvss —epss 0.02
A FreeBSD patch for SSH on 2000-01-14 configures ssh to listen on port 722 as well as port 22, which might allow remote attackers to access SSH through port 722 even if port 22 is otherwise filtered.
- CVE-2000-0534Jun 7, 2000risk 0.00cvss —epss 0.00
The apsfilter software in the FreeBSD ports package does not properly read user filter configurations, which allows local users to execute commands as the lpd user.
- CVE-2000-0461May 29, 2000risk 0.00cvss —epss 0.00
The undocumented semconfig system call in BSD freezes the state of semaphores, which allows local users to cause a denial of service of the semaphore system by using the semconfig call.
- CVE-2000-0387May 9, 2000risk 0.00cvss —epss 0.00
The makelev program in the golddig game from the FreeBSD ports collection allows local users to overwrite arbitrary files.
- CVE-2000-0294Apr 10, 2000risk 0.00cvss —epss 0.00
Buffer overflow in healthd for FreeBSD allows local users to gain root privileges.
- CVE-2000-0235Mar 27, 2000risk 0.00cvss —epss 0.00
Buffer overflow in the huh program in the orville-write package allows local users to gain root privileges.
- CVE-2000-0186Feb 28, 2000risk 0.00cvss —epss 0.00
Buffer overflow in the dump utility in the Linux ext2fs backup package allows local users to gain privileges via a long command line argument.
- CVE-2000-0092Jan 19, 2000risk 0.00cvss —epss 0.00
The BSD make program allows local users to modify files via a symlink attack when the -j option is being used.
- CVE-1999-0964Jan 1, 2000risk 0.00cvss —epss 0.00
Buffer overflow in FreeBSD setlocale in the libc module allows attackers to execute arbitrary code via a long PATH_LOCALE environment variable.
- CVE-1999-1339Dec 31, 1999risk 0.00cvss —epss 0.03
Vulnerability when Network Address Translation (NAT) is enabled in Linux 2.2.10 and earlier with ipchains, or FreeBSD 3.2 with ipfw, allows remote attackers to cause a denial of service (kernel panic) via a ping -R (record route) command.
- CVE-1999-0001Dec 30, 1999risk 0.00cvss —epss 0.03
ip_input.c in BSD-derived TCP/IP implementations allows remote attackers to cause a denial of service (crash or hang) via crafted packets.
- CVE-1999-0963Dec 1, 1999risk 0.00cvss —epss 0.00
FreeBSD mount_union command allows local users to gain root privileges via a symlink attack.
- CVE-1999-0863Nov 8, 1999risk 0.00cvss —epss 0.00
Buffer overflow in FreeBSD seyon via HOME environmental variable, -emulator argument, -modems argument, or the GUI.
- CVE-1999-1517Nov 1, 1999risk 0.00cvss —epss 0.00
runtar in the Amanda backup system used in various UNIX operating systems executes tar with root privileges, which allows a user to overwrite or read arbitrary files by providing the target files to runtar.
- CVE-1999-1564Sep 2, 1999risk 0.00cvss —epss 0.00
FreeBSD 3.2 and possibly other versions allows a local user to cause a denial of service (panic) with a large number accesses of an NFS v3 mounted directory from a large number of processes.
- CVE-1999-0703Aug 3, 1999risk 0.00cvss —epss 0.00
OpenBSD, BSDI, and other Unix operating systems allow users to set chflags and fchflags on character and block devices.
- CVE-1999-0798Dec 4, 1998risk 0.00cvss —epss 0.02
Buffer overflow in bootpd on OpenBSD, FreeBSD, and Linux systems via a malformed header type.
- CVE-1999-0780Nov 18, 1998risk 0.00cvss —epss 0.00
KDE klock allows local users to kill arbitrary processes by specifying an arbitrary PID in the .kss.pid file.
- CVE-1999-0781Nov 18, 1998risk 0.00cvss —epss 0.00
KDE allows local users to execute arbitrary commands by setting the KDEDIR environmental variable to modify the search path that KDE uses to locate its executables.
- CVE-1999-0782Nov 18, 1998risk 0.00cvss —epss 0.00
KDE kppp allows local users to create a directory in an arbitrary location via the HOME environmental variable.
- CVE-1999-0053Oct 13, 1998risk 0.00cvss —epss 0.02
TCP RST denial of service in FreeBSD.
- CVE-1999-0796May 1, 1998risk 0.00cvss —epss 0.01
FreeBSD T/TCP Extensions for Transactions can be subjected to spoofing attacks.
- CVE-1999-0323Feb 20, 1998risk 0.00cvss —epss 0.01
FreeBSD mmap function allows users to modify append-only or immutable files.
- CVE-1999-0305Feb 1, 1998risk 0.00cvss —epss 0.01
The system configuration control (sysctl) facility in BSD based operating systems OpenBSD 2.2 and earlier, and FreeBSD 2.2.5 and earlier, does not properly restrict source routed packets even when the (1) dosourceroute or (2) forwarding variables are set, which allows remote…
- CVE-1999-0304Feb 1, 1998risk 0.00cvss —epss 0.00
mmap function in BSD allows local attackers in the kmem group to modify memory through devices.
- CVE-1999-0017Dec 10, 1997risk 0.00cvss —epss 0.02
FTP servers can allow an attacker to connect to arbitrary ports on machines other than the FTP client, aka FTP bounce.
- CVE-1999-0322Oct 29, 1997risk 0.00cvss —epss 0.00
The open() function in FreeBSD allows local attackers to write to arbitrary files.
- CVE-1999-0061Oct 2, 1997risk 0.00cvss —epss 0.02
File creation and deletion, and remote execution, in the BSD line printer daemon (lpd).
- CVE-1999-1214Sep 15, 1997risk 0.00cvss —epss 0.00
The asynchronous I/O facility in 4.4 BSD kernel does not check user credentials when setting the recipient of I/O notification, which allows local users to cause a denial of service by using certain ioctl and fcntl calls to cause the signal to be sent to an arbitrary process ID.
- CVE-1999-1182Jul 17, 1997risk 0.00cvss —epss 0.00
Buffer overflow in run-time linkers (1) ld.so or (2) ld-linux.so for Linux systems allows local users to gain privileges by calling a setuid program with a long program name (argv[0]) and forcing ld.so/ld-linux.so to report an error.
- CVE-1999-0628Jul 1, 1997risk 0.00cvss —epss 0.01
The rwho/rwhod service is running, which exposes machine status and user information.
- CVE-1999-0037May 21, 1997risk 0.00cvss —epss 0.04
Arbitrary command execution via metamail package using message headers, when user processes attacker's message using metamail.
- CVE-1999-1298Apr 7, 1997risk 0.00cvss —epss 0.01
Sysinstall in FreeBSD 2.2.1 and earlier, when configuring anonymous FTP, creates the ftp user without a password and with /bin/date as the shell, which could allow attackers to gain access to certain system resources.
- CVE-1999-0299Mar 5, 1997risk 0.00cvss —epss 0.01
Buffer overflow in FreeBSD lpd through long DNS hostnames.
- CVE-1999-0345Jan 1, 1997risk 0.00cvss —epss 0.01
Jolt ICMP attack causes a denial of service in Windows 95 and Windows NT systems.
- CVE-1999-1385Dec 19, 1996risk 0.00cvss —epss 0.00
Buffer overflow in ppp program in FreeBSD 2.1 and earlier allows local users to gain privileges via a long HOME environment variable.
- CVE-1999-0297Dec 12, 1996risk 0.00cvss —epss 0.00
Buffer overflow in Vixie Cron library up to version 3.0 allows local users to obtain root access via a long environmental variable.
- CVE-1999-0096Dec 10, 1996risk 0.00cvss —epss 0.01
Sendmail decode alias can be used to overwrite sensitive files.
- CVE-1999-0129Dec 3, 1996risk 0.00cvss —epss 0.01
Sendmail allows local users to write to a file and gain group permissions via a .forward or :include: file.
- CVE-1999-0131Sep 11, 1996risk 0.00cvss —epss 0.01
Buffer overflow and denial of service in Sendmail 8.7.5 and earlier through GECOS field gives root access to local users.
- CVE-1999-1187Aug 26, 1996risk 0.00cvss —epss 0.00
Pine before version 3.94 allows local users to gain privileges via a symlink attack on a lockfile that is created when a user receives new mail.
Page 11 of 12