ip_input.c in BSD-derived TCP/IP implementations allows remote attackers to cause a denial of service (crash or hang) via crafted packets.
9.2AI Score
0.004EPSS
Local user gains root privileges via buffer overflow in rdist, via expstr() function.
7.8CVSS
7.4AI Score
0.001EPSS
IP fragmentation denial of service in FreeBSD allows a remote attacker to cause a crash.
7.5CVSS
7.4AI Score
0.003EPSS
7.1AI Score
0.0004EPSS
OpenBSD, BSDI, and other Unix operating systems allow users to set chflags and fchflags on character and block devices.
6.9AI Score
0.001EPSS
Buffer overflow in Berkeley automounter daemon (amd) logging facility provided in the Linux am-utils package and others.
7.3AI Score
0.01EPSS
Buffer overflow in FreeBSD fts library routines allows local user to modify arbitrary files via the periodic program.
7.1AI Score
0.0004EPSS
FreeBSD seyon allows users to gain privileges via a modified PATH variable for finding the xterm and seyon-emu commands.
7.1AI Score
0.0004EPSS
FreeBSD seyon allows local users to gain privileges by providing a malicious program in the -emulator argument.
6.9AI Score
0.0004EPSS
Buffer overflow in FreeBSD xmindpath allows local users to gain privileges via -f argument.
7.2AI Score
0.0004EPSS
7.2AI Score
0.0004EPSS
7.3AI Score
0.0004EPSS
6.6AI Score
0.0004EPSS
Buffer overflow in FreeBSD seyon via HOME environmental variable, -emulator argument, -modems argument, or the GUI.
7.3AI Score
0.0004EPSS
FreeBSD VFS cache (vfs_cache) allows local users to cause a denial of service by opening a large number of files.
6.6AI Score
0.0004EPSS
FreeBSD mount_union command allows local users to gain root privileges via a symlink attack.
7.1AI Score
0.0004EPSS
Buffer overflow in FreeBSD setlocale in the libc module allows attackers to execute arbitrary code via a long PATH_LOCALE environment variable.
8.1AI Score
0.0004EPSS
6.9AI Score
0.0004EPSS
Vulnerability when Network Address Translation (NAT) is enabled in Linux 2.2.10 and earlier with ipchains, or FreeBSD 3.2 with ipfw, allows remote attackers to cause a denial of service (kernel panic) via a ping -R (record route) command.
7AI Score
0.015EPSS
runtar in the Amanda backup system used in various UNIX operating systems executes tar with root privileges, which allows a user to overwrite or read arbitrary files by providing the target files to runtar.
6.9AI Score
0.0004EPSS
Operating systems with shared memory implementations based on BSD 4.4 code allow a user to conduct a denial of service and bypass memory limits (e.g., as specified with rlimits) using mmap or shmget to allocate memory and cause page faults.
7.2AI Score
0.006EPSS
FreeBSD 3.2 and possibly other versions allows a local user to cause a denial of service (panic) with a large number accesses of an NFS v3 mounted directory from a large number of processes.
6.8AI Score
0.001EPSS
The BSD make program allows local users to modify files via a symlink attack when the -j option is being used.
6.6AI Score
0.0004EPSS
asmon and ascpu in FreeBSD allow local users to gain root privileges via a configuration file.
7AI Score
0.0004EPSS
Buffer overflow in the dump utility in the Linux ext2fs backup package allows local users to gain privileges via a long command line argument.
7.3AI Score
0.0004EPSS
Buffer overflow in the huh program in the orville-write package allows local users to gain root privileges.
7.2AI Score
0.0004EPSS
The kernel in FreeBSD 3.2 follows symbolic links when it creates core dump files, which allows local attackers to modify arbitrary files.
6.7AI Score
0.001EPSS
NetBSD 1.4.2 and earlier allows remote attackers to cause a denial of service by sending a packet with an unaligned IP timestamp option.
7AI Score
0.032EPSS
The undocumented semconfig system call in BSD freezes the state of semaphores, which allows local users to cause a denial of service of the semaphore system by using the semconfig call.
6.6AI Score
0.0004EPSS
FreeBSD, NetBSD, and OpenBSD allow an attacker to cause a denial of service by creating a large number of socket pairs using the socketpair function, setting a large buffer size via setsockopt, then writing large buffers.
7.1AI Score
0.001EPSS
A FreeBSD patch for SSH on 2000-01-14 configures ssh to listen on port 722 as well as port 22, which might allow remote attackers to access SSH through port 722 even if port 22 is otherwise filtered.
7.2AI Score
0.009EPSS
OpenSSL 0.9.4 and OpenSSH for FreeBSD do not properly check for the existence of the /dev/random or /dev/urandom devices, which are absent on FreeBSD Alpha systems, which causes them to produce weak keys which may be more easily broken.
6.5AI Score
0.003EPSS
Buffer overflow in Canna input system allows remote attackers to execute arbitrary commands via an SR_INIT command with a long user name or group name.
7.9AI Score
0.084EPSS
BitchX IRC client does not properly cleanse an untrusted format string, which allows remote attackers to cause a denial of service via an invite to a channel whose name includes special formatting characters.
7AI Score
0.137EPSS
libedit searches for the .editrc file in the current directory instead of the user's home directory, which may allow local users to execute arbitrary commands by installing a modified .editrc in another directory.
7.5AI Score
0.0004EPSS
FreeBSD 5.x, 4.x, and 3.x allows local users to cause a denial of service by executing a program with a malformed ELF image header.
6.6AI Score
0.0004EPSS
Buffer overflow in the Linux binary compatibility module in FreeBSD 3.x through 5.x allows local users to gain root privileges via long filenames in the linux shadow file system.
7.3AI Score
0.0004EPSS
Buffer overflows in brouted in FreeBSD and possibly other OSes allows local users to gain root privileges via long command line arguments.
7.2AI Score
0.0004EPSS
Multiple buffer overflows in eject on FreeBSD and possibly other OSes allows local users to gain root privileges.
7.3AI Score
0.0004EPSS
periodic in FreeBSD 4.1.1 and earlier, and possibly other operating systems, allows local users to overwrite arbitrary files via a symlink attack.
6.5AI Score
0.0004EPSS
fingerd in FreeBSD 4.1.1 allows remote attackers to read arbitrary files by specifying the target file name instead of a regular user name.
6.7AI Score
0.007EPSS
FreeBSD 4.1.1 and earlier, and possibly other BSD-based OSes, uses an insufficient random number generator to generate initial TCP sequence numbers (ISN), which allows remote attackers to spoof TCP connections.
7.6AI Score
0.003EPSS
Buffer overflow in ncurses library allows local users to execute arbitrary commands via long environmental information such as TERM or TERMINFO_DIRS.
7.6AI Score
0.0004EPSS
Format string vulnerability in pw_error function in BSD libutil library allows local users to gain root privileges via a malformed password in commands such as chpass or passwd.
6.9AI Score
0.0004EPSS
Format string vulnerability in top program allows local attackers to gain root privileges via the "kill" or "renice" function.
7AI Score
0.0004EPSS
Buffer overflow in catopen() function in FreeBSD 5.0 and earlier, and possibly other OSes, allows local users to gain root privileges via a long environmental variable.
7.3AI Score
0.0004EPSS
The catopen function in FreeBSD 5.0 and earlier, and possibly other OSes, allows local users to read arbitrary files via the LANG environmental variable.
6.8AI Score
0.0004EPSS
The setlocale function in FreeBSD 5.0 and earlier, and possibly other OSes, allows local users to read arbitrary files via the LANG environmental variable.
6.8AI Score
0.0004EPSS
The getnameinfo function in FreeBSD 4.1.1 and earlier, and possibly other operating systems, allows a remote attacker to cause a denial of service via a long DNS hostname.
7AI Score
0.008EPSS
ppp utility in FreeBSD 4.1.1 and earlier does not properly restrict access as specified by the "nat deny_incoming" command, which allows remote attackers to connect to the target system.
7.1AI Score
0.009EPSS