CVE-2001-0554

Buffer overflow in BSD-based telnetd telnet daemon on various operating systems allows remote attackers to execute arbitrary commands via a set of options including AYT (Are You There), which is not properly handled by the telrcv function.

CVE-2008-4609

The TCP implementation in (1) Linux, (2) platforms based on BSD Unix, (3) Microsoft Windows, (4) Cisco products, and probably other operating systems allows remote attackers to cause a denial of service (connection queue exhaustion) via multiple vectors that manipulate information in the TCP state ...

CVE-2011-2895

The LZW decompressor in (1) the BufCompressedFill function in fontfile/decompress.c in X.Org libXfont before 1.4.4 and (2) compress/compress.c in 4.3BSD, as used in zopen.c in OpenBSD before 3.8, FreeBSD, NetBSD 4.0.x and 5.0.x before 5.0.3 and 5.1.x before 5.1.1, FreeType 2.1.9, and other products...

CVE-1999-0001

ip_input.c in BSD-derived TCP/IP implementations allows remote attackers to cause a denial of service (crash or hang) via crafted packets.

CVE-2009-0537

Integer overflow in the fts_build function in fts.c in libc in (1) OpenBSD 4.4 and earlier and (2) Microsoft Interix 6.0 build 10.0.6030.0 allows context-dependent attackers to cause a denial of service (application crash) via a deep directory tree, related to the fts_level structure member, as dem...

CVE-2003-0028

Integer overflow in the xdrmem_getbytes() function, and possibly other functions, of XDR (external data representation) libraries derived from SunRPC, including libnsl, libc, glibc, and dietlibc, allows remote attackers to execute arbitrary code via certain integer values in length fields, a differ...

CVE-1999-0052

IP fragmentation denial of service in FreeBSD allows a remote attacker to cause a crash.

CVE-2011-2168

Multiple integer overflows in the glob implementation in libc in OpenBSD before 4.9 might allow context-dependent attackers to have an unspecified impact via a crafted string, related to the GLOB_APPEND and GLOB_DOOFFS flags, a different issue than CVE-2011-0418.

CVE-2001-0247

Buffer overflows in BSD-based FTP servers allows remote attackers to execute arbitrary commands via a long pattern string containing a {} sequence, as seen in (1) g_opendir, (2) g_lstat, (3) g_stat, and (4) the glob0 buffer as used in the glob functions glob2 and glob3.

CVE-2002-2092

Race condition in exec in OpenBSD 4.0 and earlier, NetBSD 1.5.2 and earlier, and FreeBSD 4.4 and earlier allows local users to gain privileges by attaching a debugger to a process before the kernel has determined that the process is setuid or setgid.

CVE-1999-0062

The chpass command in OpenBSD allows a local user to gain root access through file descriptor leakage.

CVE-2003-0144

Buffer overflow in the lprm command in the lprold lpr package on SuSE 7.1 through 7.3, OpenBSD 3.2 and earlier, and possibly other operating systems, allows local users to gain root privileges via long command line arguments such as (1) request ID or (2) user name.

CVE-1999-0674

The BSD profil system call allows a local user to modify the internal data space of a program via profiling and execve.

CVE-2000-0993

Format string vulnerability in pw_error function in BSD libutil library allows local users to gain root privileges via a malformed password in commands such as chpass or passwd.

CVE-2005-0740

The TCP stack (tcp_input.c) in OpenBSD 3.5 and 3.6 allows remote attackers to cause a denial of service (system panic) via crafted values in the TCP timestamp option, which causes invalid arguments to be used when calculating the retransmit timeout.

CVE-2002-0572

FreeBSD 4.5 and earlier, and possibly other BSD-based operating systems, allows local users to write to or read from restricted files by closing the file descriptors 0 (standard input), 1 (standard output), or 2 (standard error), which may then be reused by a called setuid process that intended to ...

CVE-2000-0914

OpenBSD 2.6 and earlier allows remote attackers to cause a denial of service by flooding the server with ARP requests.

CVE-1999-0798

Buffer overflow in bootpd on OpenBSD, FreeBSD, and Linux systems via a malformed header type.

CVE-2002-1915

tip on multiple BSD-based operating systems allows local users to cause a denial of service (execution prevention) by using flock() to lock the /var/log/acculog file.

CVE-2000-0994

Format string vulnerability in OpenBSD fstat program (and possibly other BSD-based operating systems) allows local users to gain root privileges via the PWD environmental variable.

CVE-2000-1004

Format string vulnerability in OpenBSD photurisd allows local users to execute arbitrary commands via a configuration file directory name that contains formatting characters.

CVE-2000-0997

Format string vulnerabilities in eeprom program in OpenBSD, NetBSD, and possibly other operating systems allows local attackers to gain root privileges.

CVE-2000-1010

Format string vulnerability in talkd in OpenBSD and possibly other BSD-based OSes allows remote attackers to execute arbitrary commands via a user name that contains format characters.

CVE-2003-1366

chpass in OpenBSD 2.0 through 3.2 allows local users to read portions of arbitrary files via a hard link attack on a temporary file used to store user database information.

CVE-2002-2180

The setitimer(2) system call in OpenBSD 2.0 through 3.1 does not properly check certain arguments, which allows local users to write to kernel memory and possibly gain root privileges, possibly via an integer signedness error.