Lucene search

K
FreebsdFreebsd

501 matches found

CVE
CVE
added 2021/10/19 3:15 p.m.48 views

CVE-2011-1075

FreeBSD's crontab calculates the MD5 sum of the previous and new cronjob to determine if any changes have been made before copying the new version in. In particular, it uses the MD5File() function, which takes a pathname as an argument, and is called with euid 0. A race condition in this process ma...

4.3CVSS4.4AI score0.00197EPSS
CVE
CVE
added 2013/11/21 4:40 a.m.48 views

CVE-2013-6834

The ql_eioctl function in sys/dev/qlxgbe/ql_ioctl.c in the kernel in FreeBSD 10 and earlier does not validate a certain size parameter, which allows local users to obtain sensitive information from kernel memory via a crafted ioctl call.

4.9CVSS5.7AI score0.00057EPSS
CVE
CVE
added 2018/02/05 4:29 p.m.48 views

CVE-2015-1416

Larry Wall's patch; patch in FreeBSD 10.2-RC1 before 10.2-RC1-p1, 10.2 before 10.2-BETA2-p2, and 10.1 before 10.1-RELEASE-p16; Bitrig; GNU patch before 2.2.5; and possibly other patch variants allow remote attackers to execute arbitrary shell commands via a crafted patch file.

9.3CVSS7.9AI score0.00878EPSS
CVE
CVE
added 2017/10/10 4:29 p.m.48 views

CVE-2015-5675

The sys_amd64 IRET Handler in the kernel in FreeBSD 9.3 and 10.1 allows local users to gain privileges or cause a denial of service (kernel panic).

7.8CVSS7.4AI score0.00051EPSS
CVE
CVE
added 2018/09/04 6:29 p.m.48 views

CVE-2018-6923

In FreeBSD before 11.1-STABLE, 11.2-RELEASE-p2, 11.1-RELEASE-p13, ip fragment reassembly code is vulnerable to a denial of service due to excessive system resource consumption. This issue can allow a remote attacker who is able to send an arbitrary ip fragments to cause the machine to consume exces...

7.8CVSS6.3AI score0.02472EPSS
CVE
CVE
added 1999/09/29 4:0 a.m.47 views

CVE-1999-0037

Arbitrary command execution via metamail package using message headers, when user processes attacker's message using metamail.

7.5CVSS7.5AI score0.00777EPSS
CVE
CVE
added 1999/09/29 4:0 a.m.47 views

CVE-1999-0057

Vacation program allows command execution by remote users through a sendmail command.

7.5CVSS7.1AI score0.02856EPSS
CVE
CVE
added 2001/09/18 4:0 a.m.47 views

CVE-2001-0439

licq before 1.0.3 allows remote attackers to execute arbitrary commands via shell metacharacters in a URL.

7.5CVSS7.7AI score0.01079EPSS
CVE
CVE
added 2002/02/02 5:0 a.m.47 views

CVE-2001-1034

Format string vulnerability in Hylafax on FreeBSD allows local users to execute arbitrary code via format specifiers in the -h hostname argument for (1) faxrm or (2) faxalter.

7.2CVSS7AI score0.00054EPSS
CVE
CVE
added 2004/09/01 4:0 a.m.47 views

CVE-2003-0015

Double-free vulnerability in CVS 1.11.4 and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary code via a malformed Directory request, as demonstrated by bypassing write checks to execute Update-prog and Checkin-prog commands.

7.5CVSS7.5AI score0.62854EPSS
CVE
CVE
added 2003/10/20 4:0 a.m.47 views

CVE-2003-0688

The DNS map code in Sendmail 8.12.8 and earlier, when using the "enhdnsbl" feature, does not properly initialize certain data structures, which allows remote attackers to cause a denial of service (process crash) via an invalid DNS response that causes Sendmail to free incorrect data.

5CVSS6.7AI score0.01711EPSS
CVE
CVE
added 2005/07/05 4:0 a.m.47 views

CVE-2005-2019

ipfw in FreeBSD 5.4, when running on Symmetric Multi-Processor (SMP) or Uni Processor (UP) systems with the PREEMPTION kernel option enabled, does not sufficiently lock certain resources while performing table lookups, which can cause the cache results to be corrupted during multiple concurrent loo...

5CVSS6.5AI score0.00219EPSS
CVE
CVE
added 2005/07/05 4:0 a.m.47 views

CVE-2005-2068

FreeBSD 4.x through 4.11 and 5.x through 5.4 allows remote attackers to modify certain TCP options via a TCP packet with the SYN flag set for an already established session.

5CVSS6.6AI score0.00336EPSS
CVE
CVE
added 2006/01/11 9:3 p.m.47 views

CVE-2006-0054

The ipfw firewall in FreeBSD 6.0-RELEASE allows remote attackers to cause a denial of service (firewall crash) via ICMP IP fragments that match a reset, reject or unreach action, which leads to an access of an uninitialized pointer.

5.3CVSS6.5AI score0.03086EPSS
CVE
CVE
added 2007/07/12 4:30 p.m.47 views

CVE-2007-3721

The ULE process scheduler in the FreeBSD kernel gives preference to "interactive" processes that perform voluntary sleeps, which allows local users to cause a denial of service (CPU consumption), as described in "Secretly Monopolizing the CPU Without Superuser Privileges."

2.1CVSS6.1AI score0.00058EPSS
CVE
CVE
added 2018/04/04 2:29 p.m.47 views

CVE-2018-6919

In FreeBSD before 11.1-STABLE, 11.1-RELEASE-p9, 10.4-STABLE, 10.4-RELEASE-p8 and 10.3-RELEASE-p28, due to insufficient initialization of memory copied to userland, small amounts of kernel memory may be disclosed to userland processes. Unprivileged users may be able to access small amounts privilege...

7.5CVSS7.2AI score0.00323EPSS
CVE
CVE
added 2019/02/12 5:29 a.m.47 views

CVE-2019-5595

In FreeBSD before 11.2-STABLE(r343782), 11.2-RELEASE-p9, 12.0-STABLE(r343781), and 12.0-RELEASE-p3, kernel callee-save registers are not properly sanitized before return from system calls, potentially allowing some kernel data used in the system call to be exposed.

5.5CVSS5.2AI score0.0006EPSS
CVE
CVE
added 2021/03/29 8:15 p.m.47 views

CVE-2020-25583

In FreeBSD 12.2-STABLE before r368250, 11.4-STABLE before r368253, 12.2-RELEASE before p1, 12.1-RELEASE before p11 and 11.4-RELEASE before p5 when processing a DNSSL option, rtsold(8) decodes domain name labels per an encoding specified in RFC 1035 in which the first octet of each label contains th...

10CVSS9.6AI score0.00477EPSS
CVE
CVE
added 2000/01/04 5:0 a.m.46 views

CVE-1999-0304

mmap function in BSD allows local attackers in the kmem group to modify memory through devices.

7.2CVSS7.1AI score0.0006EPSS
CVE
CVE
added 2000/01/04 5:0 a.m.46 views

CVE-1999-0322

The open() function in FreeBSD allows local attackers to write to arbitrary files.

2.1CVSS7.3AI score0.00112EPSS
CVE
CVE
added 2000/03/22 5:0 a.m.46 views

CVE-1999-0964

Buffer overflow in FreeBSD setlocale in the libc module allows attackers to execute arbitrary code via a long PATH_LOCALE environment variable.

7.2CVSS8.1AI score0.0008EPSS
CVE
CVE
added 2000/10/13 4:0 a.m.46 views

CVE-2000-0594

BitchX IRC client does not properly cleanse an untrusted format string, which allows remote attackers to cause a denial of service via an invite to a channel whose name includes special formatting characters.

5CVSS7AI score0.11965EPSS
CVE
CVE
added 2005/06/21 4:0 a.m.46 views

CVE-2002-1669

pkg_add in FreeBSD 4.2 through 4.4 creates a temporary directory with world-searchable permissions, which may allow local users to modify world-writable parts of the package during installation.

2.1CVSS6.6AI score0.00051EPSS
CVE
CVE
added 2004/09/01 4:0 a.m.46 views

CVE-2004-0099

mksnap_ffs in FreeBSD 5.1 and 5.2 only sets the snapshot flag when creating a snapshot for a file system, which causes default values for other flags to be used, possibly disabling security-critical settings and allowing a local user to bypass intended access restrictions.

4.6CVSS6.3AI score0.00068EPSS
CVE
CVE
added 2008/01/16 2:0 a.m.46 views

CVE-2008-0216

The ptsname function in FreeBSD 6.0 through 7.0-PRERELEASE does not properly verify that a certain portion of a device name is associated with a pty of a user who is calling the pt_chown function, which might allow local users to read data from the pty from another user.

2.1CVSS5.9AI score0.00071EPSS
CVE
CVE
added 2011/10/18 1:55 a.m.46 views

CVE-2011-4062

Buffer overflow in the kernel in FreeBSD 7.3 through 9.0-RC1 allows local users to cause a denial of service (panic) or possibly gain privileges via a bind system call with a long pathname for a UNIX socket.

7.2CVSS6.9AI score0.00901EPSS
CVE
CVE
added 2014/08/21 10:55 p.m.46 views

CVE-2014-3951

The HZ module in the iconv implementation in FreeBSD 10.0 before p6 and NetBSD allows context-dependent attackers to cause a denial of service (NULL pointer dereference) via a crafted argument to the iconv_open function. NOTE: this issue was SPLIT per ADT2 due to different vulnerability types. CVE-...

5CVSS6.3AI score0.00408EPSS
CVE
CVE
added 2014/12/12 3:3 a.m.46 views

CVE-2014-7250

The TCP stack in 4.3BSD Net/2, as used in FreeBSD 5.4, NetBSD possibly 2.0, and OpenBSD possibly 3.6, does not properly implement the session timer, which allows remote attackers to cause a denial of service (resource consumption) via crafted packets.

5CVSS6.9AI score0.0373EPSS
CVE
CVE
added 2017/10/05 7:29 a.m.46 views

CVE-2017-15037

In FreeBSD through 11.1, the smb_strdupin function in sys/netsmb/smb_subr.c has a race condition with a resultant out-of-bounds read, because it can cause t2p->t_name strings to lack a final '\0' character.

8.1CVSS7.9AI score0.00362EPSS
CVE
CVE
added 2019/05/15 4:29 p.m.46 views

CVE-2019-5598

In FreeBSD 11.3-PRERELEASE before r345378, 12.0-STABLE before r345377, 11.2-RELEASE before 11.2-RELEASE-p10, and 12.0-RELEASE before 12.0-RELEASE-p4, a bug in pf does not check if the outer ICMP or ICMP6 packet has the same destination IP as the source IP of the inner protocol packet allowing a mal...

7.5CVSS7.4AI score0.00614EPSS
CVE
CVE
added 2000/10/13 4:0 a.m.45 views

CVE-1999-0912

FreeBSD VFS cache (vfs_cache) allows local users to cause a denial of service by opening a large number of files.

2.1CVSS6.6AI score0.00195EPSS
CVE
CVE
added 2001/09/12 4:0 a.m.45 views

CVE-1999-1518

Operating systems with shared memory implementations based on BSD 4.4 code allow a user to conduct a denial of service and bypass memory limits (e.g., as specified with rlimits) using mmap or shmget to allocate memory and cause page faults.

5CVSS7.2AI score0.02159EPSS
CVE
CVE
added 2000/04/10 4:0 a.m.45 views

CVE-2000-0186

Buffer overflow in the dump utility in the Linux ext2fs backup package allows local users to gain privileges via a long command line argument.

7.2CVSS7.3AI score0.00063EPSS
CVE
CVE
added 2000/12/19 5:0 a.m.45 views

CVE-2000-0963

Buffer overflow in ncurses library allows local users to execute arbitrary commands via long environmental information such as TERM or TERMINFO_DIRS.

7.2CVSS7.6AI score0.00156EPSS
CVE
CVE
added 2001/01/22 5:0 a.m.45 views

CVE-2000-0993

Format string vulnerability in pw_error function in BSD libutil library allows local users to gain root privileges via a malformed password in commands such as chpass or passwd.

7.2CVSS6.9AI score0.0023EPSS
CVE
CVE
added 2005/05/06 4:0 a.m.45 views

CVE-2005-1406

The kernel in FreeBSD 4.x to 4.11 and 5.x to 5.4 does not properly clear certain fixed-length buffers when copying variable-length data for use by applications, which could allow those applications to read previously used sensitive memory.

4.6CVSS6AI score0.0009EPSS
CVE
CVE
added 2006/06/02 1:2 a.m.45 views

CVE-2006-2655

The build process for ypserv in FreeBSD 5.3 up to 6.1 accidentally disables access restrictions when using the /var/yp/securenets file, which allows remote attackers to bypass intended access restrictions.

6.4CVSS6.6AI score0.00438EPSS
CVE
CVE
added 2006/11/29 1:28 a.m.45 views

CVE-2006-6165

ld.so in FreeBSD, NetBSD, and possibly other BSD distributions does not remove certain harmful environment variables, which allows local users to gain privileges by passing certain environment variables to loading processes. NOTE: this issue has been disputed by a third party, stating that it is th...

7.8CVSS7AI score0.00044EPSS
CVE
CVE
added 2009/02/20 6:47 a.m.45 views

CVE-2009-0641

sys_term.c in telnetd in FreeBSD 7.0-RELEASE and other 7.x versions deletes dangerous environment variables with a method that was valid only in older FreeBSD distributions, which might allow remote attackers to execute arbitrary code by passing a crafted environment variable from a telnet client, ...

9.3CVSS7.8AI score0.05745EPSS
CVE
CVE
added 2018/07/13 8:29 p.m.45 views

CVE-2016-6559

Improper bounds checking of the obuf variable in the link_ntoa() function in linkaddr.c of the BSD libc library may allow an attacker to read or write from memory. The full impact and severity depends on the method of exploit and how the library is used by applications. According to analysis by Fre...

9.8CVSS8.5AI score0.01046EPSS
CVE
CVE
added 2018/05/08 7:29 p.m.45 views

CVE-2018-6920

In FreeBSD before 11.1-STABLE(r332303), 11.1-RELEASE-p10, 10.4-STABLE(r332321), and 10.4-RELEASE-p9, due to insufficient initialization of memory copied to userland in the Linux subsystem and Atheros wireless driver, small amounts of kernel memory may be disclosed to userland processes. Unprivilege...

5.5CVSS5.2AI score0.00059EPSS
CVE
CVE
added 2020/04/28 8:15 p.m.45 views

CVE-2019-15876

In FreeBSD 12.1-STABLE before r356089, 12.1-RELEASE before 12.1-RELEASE-p3, 11.3-STABLE before r356090, and 11.3-RELEASE before 11.3-RELEASE-p7, driver specific ioctl command handlers in the oce network driver failed to check whether the caller has sufficient privileges allowing unprivileged users ...

5.5CVSS5.7AI score0.00115EPSS
CVE
CVE
added 2020/05/13 4:15 p.m.45 views

CVE-2020-7454

In FreeBSD 12.1-STABLE before r360971, 12.1-RELEASE before p5, 11.4-STABLE before r360971, 11.4-BETA1 before p1 and 11.3-RELEASE before p9, libalias does not properly validate packet length resulting in modules causing an out of bounds read/write condition if no checking was built into the module.

9.8CVSS9.4AI score0.00631EPSS
CVE
CVE
added 2020/06/09 7:15 p.m.45 views

CVE-2020-7456

In FreeBSD 12.1-STABLE before r361918, 12.1-RELEASE before p6, 11.4-STABLE before r361919, 11.3-RELEASE before p10, and 11.4-RC2 before p1, an invalid memory location may be used for HID items if the push/pop level is not restored within the processing of that HID item allowing an attacker with phy...

7.2CVSS6.6AI score0.00153EPSS
CVE
CVE
added 1999/09/29 4:0 a.m.44 views

CVE-1999-0096

Sendmail decode alias can be used to overwrite sensitive files.

5CVSS6.7AI score0.00661EPSS
CVE
CVE
added 2002/03/09 5:0 a.m.44 views

CVE-1999-1214

The asynchronous I/O facility in 4.4 BSD kernel does not check user credentials when setting the recipient of I/O notification, which allows local users to cause a denial of service by using certain ioctl and fcntl calls to cause the signal to be sent to an arbitrary process ID.

2.1CVSS7.1AI score0.00081EPSS
CVE
CVE
added 2000/10/13 4:0 a.m.44 views

CVE-2000-0595

libedit searches for the .editrc file in the current directory instead of the user's home directory, which may allow local users to execute arbitrary commands by installing a modified .editrc in another directory.

4.6CVSS7.5AI score0.00124EPSS
CVE
CVE
added 2000/12/11 5:0 a.m.44 views

CVE-2000-0998

Format string vulnerability in top program allows local attackers to gain root privileges via the "kill" or "renice" function.

7.2CVSS7AI score0.00258EPSS
CVE
CVE
added 2000/12/11 5:0 a.m.44 views

CVE-2000-1012

The catopen function in FreeBSD 5.0 and earlier, and possibly other OSes, allows local users to read arbitrary files via the LANG environmental variable.

7.2CVSS6.8AI score0.00046EPSS
CVE
CVE
added 2000/12/11 5:0 a.m.44 views

CVE-2000-1066

The getnameinfo function in FreeBSD 4.1.1 and earlier, and possibly other operating systems, allows a remote attacker to cause a denial of service via a long DNS hostname.

5CVSS7AI score0.00739EPSS
Total number of security vulnerabilities501