VYPR

Vendor CVEs

FreeBSD

All CVEs

558 total · sorted by risk
  • CVE-2006-5483Oct 24, 2006
    risk 0.03cvss epss 0.01

    p1003_1b.c in FreeBSD 6.1 allows local users to cause an unspecified denial of service by setting a scheduler policy, which should only be settable by root.

  • CVE-2006-5482Oct 24, 2006
    risk 0.03cvss epss 0.01

    ufs_vnops.c in FreeBSD 6.1 allows local users to cause an unspecified denial of service by calling the ftruncate function on a file type that is not VREG, VLNK or VDIR, which is not defined in POSIX.

  • CVE-2006-4516Oct 12, 2006
    risk 0.03cvss epss 0.01

    Integer signedness error in FreeBSD 6.0-RELEASE allows local users to cause a denial of service (memory corruption and kernel panic) via a PT_LWPINFO ptrace command with a large negative data value that satisfies a signed maximum value check but is used in an unsigned copyout…

  • CVE-2006-4178Sep 26, 2006
    risk 0.03cvss epss 0.01

    Integer signedness error in the i386_set_ldt call in FreeBSD 5.5, and possibly earlier versions down to 5.2, allows local users to cause a denial of service (crash) via unspecified arguments that use negative signed integers to cause the bzero function to be called with a large…

  • CVE-2004-2012Dec 31, 2004
    risk 0.03cvss epss 0.01

    The systrace_exit function in the systrace utility for NetBSD-current and 2.0 before April 16, 2004, and certain FreeBSD ports, does not verify the owner of the /dec/systrace connection before setting euid to 0, which allows local users to gain root privileges.

  • CVE-2004-0618Dec 6, 2004
    risk 0.03cvss epss 0.01

    FreeBSD 5.1 for the Alpha processor allows local users to cause a denial of service (crash) via an execve system call with an unaligned memory address as an argument.

  • CVE-2004-0114Mar 3, 2004
    risk 0.03cvss epss 0.01

    The shmat system call in the System V Shared Memory interface for FreeBSD 5.2 and earlier, NetBSD 1.3 and earlier, and OpenBSD 2.6 and earlier, does not properly decrement a shared memory segment's reference count when the vm_map_find function fails, which could allow local…

  • CVE-2003-0144Mar 31, 2003
    risk 0.03cvss epss 0.02

    Buffer overflow in the lprm command in the lprold lpr package on SuSE 7.1 through 7.3, OpenBSD 3.2 and earlier, and possibly other operating systems, allows local users to gain root privileges via long command line arguments such as (1) request ID or (2) user name.

  • CVE-2002-1125Sep 24, 2002
    risk 0.03cvss epss 0.01

    FreeBSD port programs that use libkvm for FreeBSD 4.6.2-RELEASE and earlier, including (1) asmon, (2) ascpu, (3) bubblemon, (4) wmmon, and (5) wmnet2, leave open file descriptors for /dev/mem and /dev/kmem, which allows local users to read kernel memory.

  • CVE-2002-0824Aug 12, 2002
    risk 0.03cvss epss 0.01

    BSD pppd allows local users to change the permissions of arbitrary files via a symlink attack on a file that is specified as a tty device.

  • CVE-2002-0572Jul 3, 2002
    risk 0.03cvss epss 0.02

    FreeBSD 4.5 and earlier, and possibly other BSD-based operating systems, allows local users to write to or read from restricted files by closing the file descriptors 0 (standard input), 1 (standard output), or 2 (standard error), which may then be reused by a called setuid…

  • CVE-2002-0004Feb 27, 2002
    risk 0.03cvss epss 0.01

    Heap corruption vulnerability in the "at" program allows local users to execute arbitrary code via a malformed execution time, which causes at to free the same memory twice.

  • CVE-2001-1185Dec 10, 2001
    risk 0.03cvss epss 0.01

    Some AIO operations in FreeBSD 4.4 may be delayed until after a call to execve, which could allow a local user to overwrite memory of the new process and gain privileges.

  • CVE-2001-1029Sep 20, 2001
    risk 0.03cvss epss 0.01

    libutil in OpenSSH on FreeBSD 4.4 and earlier does not drop privileges before verifying the capabilities for reading the copyright and welcome files, which allows local users to bypass the capabilities checks and read arbitrary files by specifying alternate copyright or welcome…

  • CVE-2001-0402Jun 18, 2001
    risk 0.03cvss epss 0.02

    IPFilter 3.4.16 and earlier does not include sufficient session information in its cache, which allows remote attackers to bypass access restrictions by sending fragmented packets to a restricted port after sending unfragmented packets to an unrestricted port.

  • CVE-2001-0221Jun 2, 2001
    risk 0.03cvss epss 0.01

    Buffer overflow in ja-xklock 2.7.1 and earlier allows local users to gain root privileges.

  • CVE-2001-0093Feb 12, 2001
    risk 0.03cvss epss 0.01

    Vulnerability in telnetd in FreeBSD 1.5 allows local users to gain root privileges by modifying critical environmental variables that affect the behavior of telnetd.

  • CVE-2000-1096Jan 9, 2001
    risk 0.03cvss epss 0.01

    crontab by Paul Vixie uses predictable file names for a temporary file and does not properly ensure that the file is owned by the user executing the crontab -e command, which allows local users with write access to the crontab spool directory to execute arbitrary commands by…

  • CVE-2000-0916Dec 19, 2000
    risk 0.03cvss epss 0.06

    FreeBSD 4.1.1 and earlier, and possibly other BSD-based OSes, uses an insufficient random number generator to generate initial TCP sequence numbers (ISN), which allows remote attackers to spoof TCP connections.

  • CVE-2000-0993Dec 19, 2000
    risk 0.03cvss epss 0.02

    Format string vulnerability in pw_error function in BSD libutil library allows local users to gain root privileges via a malformed password in commands such as chpass or passwd.

  • CVE-2000-0998Dec 11, 2000
    risk 0.03cvss epss 0.01

    Format string vulnerability in top program allows local attackers to gain root privileges via the "kill" or "renice" function.

  • CVE-2000-0584Jul 2, 2000
    risk 0.03cvss epss 0.06

    Buffer overflow in Canna input system allows remote attackers to execute arbitrary commands via an SR_INIT command with a long user name or group name.

  • CVE-1999-1008May 17, 2000
    risk 0.03cvss epss 0.01

    xsoldier program allows local users to gain root access via a long argument.

  • CVE-2000-0440May 1, 2000
    risk 0.03cvss epss 0.03

    NetBSD 1.4.2 and earlier allows remote attackers to cause a denial of service by sending a packet with an unaligned IP timestamp option.

  • CVE-2000-0163Feb 21, 2000
    risk 0.03cvss epss 0.01

    asmon and ascpu in FreeBSD allow local users to gain root privileges via a configuration file.

  • CVE-1999-0857Dec 1, 1999
    risk 0.03cvss epss 0.01

    FreeBSD gdc program allows local users to modify files via a symlink attack.

  • CVE-1999-0820Dec 1, 1999
    risk 0.03cvss epss 0.01

    FreeBSD seyon allows users to gain privileges via a modified PATH variable for finding the xterm and seyon-emu commands.

  • CVE-1999-0826Dec 1, 1999
    risk 0.03cvss epss 0.01

    Buffer overflow in FreeBSD angband allows local users to gain privileges.

  • CVE-1999-0855Dec 1, 1999
    risk 0.03cvss epss 0.01

    Buffer overflow in FreeBSD gdc program.

  • CVE-1999-0823Dec 1, 1999
    risk 0.03cvss epss 0.01

    Buffer overflow in FreeBSD xmindpath allows local users to gain privileges via -f argument.

  • CVE-1999-0821Nov 8, 1999
    risk 0.03cvss epss 0.01

    FreeBSD seyon allows local users to gain privileges by providing a malicious program in the -emulator argument.

  • CVE-1999-0912Sep 22, 1999
    risk 0.03cvss epss 0.01

    FreeBSD VFS cache (vfs_cache) allows local users to cause a denial of service by opening a large number of files.

  • CVE-1999-0704Sep 16, 1999
    risk 0.03cvss epss 0.04

    Buffer overflow in Berkeley automounter daemon (amd) logging facility provided in the Linux am-utils package and others.

  • CVE-2000-0489Sep 5, 1999
    risk 0.03cvss epss 0.01

    FreeBSD, NetBSD, and OpenBSD allow an attacker to cause a denial of service by creating a large number of socket pairs using the socketpair function, setting a large buffer size via setsockopt, then writing large buffers.

  • CVE-1999-1518Jul 15, 1999
    risk 0.03cvss epss 0.03

    Operating systems with shared memory implementations based on BSD 4.4 code allow a user to conduct a denial of service and bypass memory limits (e.g., as specified with rlimits) using mmap or shmget to allocate memory and cause page faults.

  • CVE-2000-0412May 1, 1999
    risk 0.03cvss epss 0.03

    The gnapster and knapster clients for Napster do not properly restrict access only to MP3 files, which allows remote attackers to read arbitrary files from the client by specifying the full pathname for the file.

  • CVE-1999-0405Feb 18, 1999
    risk 0.03cvss epss 0.01

    A buffer overflow in lsof allows local users to obtain root privilege.

  • CVE-1999-1402May 17, 1997
    risk 0.03cvss epss 0.01

    The access permissions for a UNIX domain socket are ignored in Solaris 2.x and SunOS 4.x, and other BSD-based operating systems before 4.4, which could allow local users to connect to the socket and possibly disrupt or control the operations of the program using that socket.

  • CVE-1999-0040May 1, 1997
    risk 0.03cvss epss 0.01

    Buffer overflow in Xt library of X Windowing System allows local users to execute commands with root privileges.

  • CVE-1999-0130Nov 16, 1996
    risk 0.03cvss epss 0.01

    Local users can start Sendmail in daemon mode and gain root privileges.

  • CVE-1999-0032Oct 25, 1996
    risk 0.03cvss epss 0.01

    Buffer overflow in lpr, as used in BSD-based systems including Linux, allows local users to execute arbitrary code as root via a long -C (classification) command line option.

  • CVE-1999-0023Jul 24, 1996
    risk 0.03cvss epss 0.01

    Local user gains root privileges via buffer overflow in rdist, via lookup() function.

  • CVE-2024-45063Sep 5, 2024
    risk 0.01cvss epss 0.01

    The function ctl_write_buffer incorrectly set a flag which resulted in a kernel Use-After-Free when a command finished processing. Malicious software running in a guest VM that exposes virtio_scsi can exploit the vulnerabilities to achieve code execution on the host in the…

  • CVE-2024-7589Aug 11, 2024
    risk 0.01cvss epss 0.02

    A signal handler in sshd(8) may call a logging function that is not async-signal-safe. The signal handler is invoked when a client does not authenticate within the LoginGraceTime seconds (120 by default). This signal handler executes in the context of the sshd(8)'s privileged…

  • CVE-2020-7461Mar 26, 2021
    risk 0.01cvss epss 0.04

    In FreeBSD 12.1-STABLE before r365010, 11.4-STABLE before r365011, 12.1-RELEASE before p9, 11.4-RELEASE before p3, and 11.3-RELEASE before p13, dhclient(8) fails to handle certain malformed input related to handling of DHCP option 119 resulting a heap overflow. The heap overflow…

  • CVE-2020-25578Mar 26, 2021
    risk 0.01cvss epss 0.02

    In FreeBSD 12.2-STABLE before r368969, 11.4-STABLE before r369047, 12.2-RELEASE before p3, 12.1-RELEASE before p13 and 11.4-RELEASE before p7 several file systems were not properly initializing the d_off field of the dirent structures returned by VOP_READDIR. In particular,…

  • CVE-2019-5599Jul 2, 2019
    risk 0.01cvss epss 0.05

    In FreeBSD 12.0-STABLE before r349197 and 12.0-RELEASE before 12.0-RELEASE-p6, a bug in the non-default RACK TCP stack can allow an attacker to cause several linked lists to grow unbounded and cause an expensive list traversal on every packet being processed, leading to resource…

  • CVE-2018-17157Dec 4, 2018
    risk 0.01cvss epss 0.24

    In FreeBSD before 11.2-STABLE(r340854) and 11.2-RELEASE-p5, an integer overflow error when handling opcodes can cause memory corruption by sending a specially crafted NFSv4 request. Unprivileged remote users with access to the NFS server may be able to execute arbitrary code.

  • CVE-2014-3000May 2, 2014
    risk 0.01cvss epss 0.13

    The TCP reassembly function in the inet module in FreeBSD 8.3 before p16, 8.4 before p9, 9.1 before p12, 9.2 before p5, and 10.0 before p2 allows remote attackers to cause a denial of service (undefined memory access and system crash) or possibly read system memory via multiple…

  • CVE-2011-2895Aug 19, 2011
    risk 0.01cvss epss 0.08

    The LZW decompressor in (1) the BufCompressedFill function in fontfile/decompress.c in X.Org libXfont before 1.4.4 and (2) compress/compress.c in 4.3BSD, as used in zopen.c in OpenBSD before 3.8, FreeBSD, NetBSD 4.0.x and 5.0.x before 5.0.3 and 5.1.x before 5.1.1, FreeType…

Page 4 of 12