| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| The virtual memory management system in FreeBSD 4.5-RELEASE and earlier does not properly check the existence of a VM object during page invalidation, which allows local users to cause a denial of service (crash) by calling msync on an unaccessed memory map created with MAP_ANON and MAP_NOSYNC flags. |
| The undocumented semconfig system call in BSD freezes the state of semaphores, which allows local users to cause a denial of service of the semaphore system by using the semconfig call. |
| The rc system startup script for FreeBSD 4 through 4.5 allows local users to delete arbitrary files via a symlink attack on X Windows lock files. |
| Buffer overflow in FreeBSD fts library routines allows local user to modify arbitrary files via the periodic program. |
| Buffer overflow in the Linux binary compatibility module in FreeBSD 3.x through 5.x allows local users to gain root privileges via long filenames in the linux shadow file system. |
| licq before 1.0.3 allows remote attackers to execute arbitrary commands via shell metacharacters in a URL. |
| Buffer overflow in Berkeley automounter daemon (amd) logging facility provided in the Linux am-utils package and others. |
| The rwho/rwhod service is running, which exposes machine status and user information. |
| The catopen function in FreeBSD 5.0 and earlier, and possibly other OSes, allows local users to read arbitrary files via the LANG environmental variable. |
| OpenSSL 0.9.4 and OpenSSH for FreeBSD do not properly check for the existence of the /dev/random or /dev/urandom devices, which are absent on FreeBSD Alpha systems, which causes them to produce weak keys which may be more easily broken. |
| ICMP messages to broadcast addresses are allowed, allowing for a Smurf attack that can cause a denial of service. |
| Integer overflow in fetch on FreeBSD 4.1 through 5.3 allows remote malicious servers to execute arbitrary code via certain HTTP headers in an HTTP response, which lead to a buffer overflow. |
| Buffer overflow in catopen() function in FreeBSD 5.0 and earlier, and possibly other OSes, allows local users to gain root privileges via a long environmental variable. |
| Buffer overflow in ppp program in FreeBSD 2.1 and earlier allows local users to gain privileges via a long HOME environment variable. |
| The device file system (devfs) in FreeBSD 5.x does not properly check parameters of the node type when creating a device node, which makes hidden devices available to attackers, who can then bypass restrictions on a jailed process. |
| Buffer overflow in the dump utility in the Linux ext2fs backup package allows local users to gain privileges via a long command line argument. |
| The system configuration control (sysctl) facility in BSD based operating systems OpenBSD 2.2 and earlier, and FreeBSD 2.2.5 and earlier, does not properly restrict source routed packets even when the (1) dosourceroute or (2) forwarding variables are set, which allows remote attackers to spoof TCP connections. |
| The kernel in FreeBSD 3.2 follows symbolic links when it creates core dump files, which allows local attackers to modify arbitrary files. |
| KDE kppp allows local users to create a directory in an arbitrary location via the HOME environmental variable. |
| KDE klock allows local users to kill arbitrary processes by specifying an arbitrary PID in the .kss.pid file. |
