Freebsd@4.0 Security Vulnerabilities and Issues — Freebsd@4.0 CVE List

Lucene search

FreebsdFreebsd4.0

11 matches found

CVE•added 2005/05/31 4:0 a.m.•114 views

CVE-2005-0356

Multiple TCP implementations with Protection Against Wrapped Sequence Numbers (PAWS) with the timestamps option enabled allow remote attackers to cause a denial of service (connection loss) via a spoofed packet with a large timer value, which causes the host to discard later packets because they ap...

5CVSS6.2AI score0.86024EPSS

CVE•added 2005/03/08 5:0 a.m.•79 views

CVE-2005-0109

Hyper-Threading technology, as used in FreeBSD and other operating systems that are run on Intel Pentium and other processors, allows local users to use a malicious thread to create covert channels, monitor the execution of other threads, and obtain sensitive information such as cryptographic keys,...

5.6CVSS5.4AI score0.00143EPSS

CVE•added 2005/05/02 4:0 a.m.•69 views

CVE-2005-0988

Race condition in gzip 1.2.4, 1.3.3, and earlier, when decompressing a gzipped file, allows local users to modify permissions of arbitrary files via a hard link attack on a file while it is being decompressed, whose permissions are changed by gzip after the decompression is complete.

3.7CVSS5.9AI score0.00115EPSS

CVE•added 2005/08/05 4:0 a.m.•54 views

CVE-2002-2092

Race condition in exec in OpenBSD 4.0 and earlier, NetBSD 1.5.2 and earlier, and FreeBSD 4.4 and earlier allows local users to gain privileges by attaching a debugger to a process before the kernel has determined that the process is setuid or setgid.

3.7CVSS6.9AI score0.00068EPSS

CVE•added 2005/02/13 5:0 a.m.•53 views

CVE-2004-1471

Format string vulnerability in wrapper.c in CVS 1.12.x through 1.12.8, and 1.11.x through 1.11.16 allows remote attackers with CVSROOT commit access to cause a denial of service (application crash) and possibly execute arbitrary code via format string specifiers in a wrapper line.

7.1CVSS7.7AI score0.05947EPSS

CVE•added 2005/01/10 5:0 a.m.•52 views

CVE-2004-1066

The cmdline pseudofiles in (1) procfs on FreeBSD 4.8 through 5.3, and (2) linprocfs on FreeBSD 5.x through 5.3, do not properly validate a process argument vector, which allows local users to cause a denial of service (panic) or read portions of kernel memory. NOTE: this candidate might be SPLIT in...

3.6CVSS6AI score0.0006EPSS

CVE•added 2005/07/05 4:0 a.m.•47 views

CVE-2005-2068

FreeBSD 4.x through 4.11 and 5.x through 5.4 allows remote attackers to modify certain TCP options via a TCP packet with the SYN flag set for an already established session.

5CVSS6.6AI score0.00336EPSS

CVE•added 2005/05/02 4:0 a.m.•43 views

CVE-2005-0708

The sendfile system call in FreeBSD 4.8 through 4.11 and 5 through 5.4 can transfer portions of kernel memory if a file is truncated while it is being sent, which could allow remote attackers to obtain sensitive information.

10CVSS6.1AI score0.01229EPSS

CVE•added 2005/06/28 4:0 a.m.•41 views

CVE-2002-1915

tip on multiple BSD-based operating systems allows local users to cause a denial of service (execution prevention) by using flock() to lock the /var/log/acculog file.

5.5CVSS6.6AI score0.0023EPSS

CVE•added 2005/04/13 4:0 a.m.•35 views

CVE-2005-0610

Multiple symlink vulnerabilities in portupgrade before 20041226_2 in FreeBSD allow local users to (1) overwrite arbitrary files and possibly replace packages to execute arbitrary code via pkg_fetch, (2) overwrite arbitrary files via temporary files when portupgrade upgrades a port or package, or (3...

7.2CVSS7.4AI score0.00054EPSS

CVE•added 2005/04/16 4:0 a.m.•33 views

CVE-2005-1126

The SIOCGIFCONF ioctl (ifconf function) in FreeBSD 4.x through 4.11 and 5.x through 5.4 does not properly clear a buffer before using it, which allows local users to obtain portions of sensitive kernel memory.

2.1CVSS6AI score0.0007EPSS