Filtered by vendor Freebsd
Subscribe
Total
554 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2006-0905 | 2 Freebsd, Netbsd | 2 Freebsd, Netbsd | 2025-04-03 | 7.5 HIGH | N/A |
| A "programming error" in fast_ipsec in FreeBSD 4.8-RELEASE through 6.1-STABLE and NetBSD 2 through 3 does not properly update the sequence number associated with a Security Association, which allows packets to pass sequence number checks and allows remote attackers to capture IPSec packets and conduct replay attacks. | |||||
| CVE-1999-1564 | 1 Freebsd | 1 Freebsd | 2025-04-03 | 2.1 LOW | N/A |
| FreeBSD 3.2 and possibly other versions allows a local user to cause a denial of service (panic) with a large number accesses of an NFS v3 mounted directory from a large number of processes. | |||||
| CVE-2001-0670 | 4 Bsd, Freebsd, Netbsd and 1 more | 4 Bsd, Freebsd, Netbsd and 1 more | 2025-04-03 | 7.5 HIGH | N/A |
| Buffer overflow in BSD line printer daemon (in.lpd or lpd) in various BSD-based operating systems allows remote attackers to execute arbitrary code via an incomplete print job followed by a request to display the printer queue. | |||||
| CVE-2003-0078 | 3 Freebsd, Openbsd, Openssl | 3 Freebsd, Openbsd, Openssl | 2025-04-03 | 5.0 MEDIUM | N/A |
| ssl3_get_record in s3_pkt.c for OpenSSL before 0.9.7a and 0.9.6 before 0.9.6i does not perform a MAC computation if an incorrect block cipher padding is used, which causes an information leak (timing discrepancy) that may make it easier to launch cryptographic attacks that rely on distinguishing between padding and MAC verification errors, possibly leading to extraction of the original plaintext, aka the "Vaudenay timing attack." | |||||
| CVE-2001-0710 | 2 Freebsd, Netbsd | 2 Freebsd, Netbsd | 2025-04-03 | 5.0 MEDIUM | N/A |
| NetBSD 1.5 and earlier and FreeBSD 4.3 and earlier allows a remote attacker to cause a denial of service by sending a large number of IP fragments to the machine, exhausting the mbuf pool. | |||||
| CVE-2000-0235 | 1 Freebsd | 1 Freebsd | 2025-04-03 | 7.2 HIGH | N/A |
| Buffer overflow in the huh program in the orville-write package allows local users to gain root privileges. | |||||
| CVE-2000-0388 | 1 Freebsd | 1 Freebsd | 2025-04-03 | 7.5 HIGH | N/A |
| Buffer overflow in FreeBSD libmytinfo library allows local users to execute commands via a long TERMCAP environmental variable. | |||||
| CVE-2006-2655 | 1 Freebsd | 1 Freebsd | 2025-04-03 | 6.4 MEDIUM | N/A |
| The build process for ypserv in FreeBSD 5.3 up to 6.1 accidentally disables access restrictions when using the /var/yp/securenets file, which allows remote attackers to bypass intended access restrictions. | |||||
| CVE-2005-2218 | 1 Freebsd | 1 Freebsd | 2025-04-03 | 7.2 HIGH | N/A |
| The device file system (devfs) in FreeBSD 5.x does not properly check parameters of the node type when creating a device node, which makes hidden devices available to attackers, who can then bypass restrictions on a jailed process. | |||||
| CVE-1999-0780 | 3 Freebsd, Kde, Linux | 3 Freebsd, Kde, Linux Kernel | 2025-04-03 | 4.6 MEDIUM | N/A |
| KDE klock allows local users to kill arbitrary processes by specifying an arbitrary PID in the .kss.pid file. | |||||
| CVE-2000-0532 | 1 Freebsd | 1 Freebsd | 2025-04-03 | 7.5 HIGH | N/A |
| A FreeBSD patch for SSH on 2000-01-14 configures ssh to listen on port 722 as well as port 22, which might allow remote attackers to access SSH through port 722 even if port 22 is otherwise filtered. | |||||
| CVE-2000-1012 | 1 Freebsd | 1 Freebsd | 2025-04-03 | 7.2 HIGH | N/A |
| The catopen function in FreeBSD 5.0 and earlier, and possibly other OSes, allows local users to read arbitrary files via the LANG environmental variable. | |||||
| CVE-2001-0424 | 2 Freebsd, Timecop | 2 Freebsd, Bubblemon | 2025-04-03 | 7.2 HIGH | N/A |
| BubbleMon 1.31 does not properly drop group privileges before executing programs, which allows local users to execute arbitrary commands with the kmem group id. | |||||
| CVE-2005-0610 | 1 Freebsd | 1 Freebsd | 2025-04-03 | 7.2 HIGH | N/A |
| Multiple symlink vulnerabilities in portupgrade before 20041226_2 in FreeBSD allow local users to (1) overwrite arbitrary files and possibly replace packages to execute arbitrary code via pkg_fetch, (2) overwrite arbitrary files via temporary files when portupgrade upgrades a port or package, or (3) create arbitrary zero-byte files via the pkgdb.fixme temporary file. | |||||
| CVE-2002-2199 | 1 Freebsd | 1 Advanced Intrusion Detection Environment | 2025-04-03 | 4.6 MEDIUM | N/A |
| The default aide.conf file in Advanced Intrusion Detection Environment (AIDE) before 0.7_1 on FreeBSD before 2002-08-28 does not properly check subdirectories, which could allow local users to bypass detection. | |||||
| CVE-2001-0796 | 2 Freebsd, Sgi | 2 Freebsd, Irix | 2025-04-03 | 5.0 MEDIUM | N/A |
| SGI IRIX 6.5 through 6.5.12f and possibly earlier versions, and FreeBSD 3.0, allows remote attackers to cause a denial of service via a malformed IGMP multicast packet with a small response delay. | |||||
| CVE-1999-1572 | 5 Debian, Freebsd, Mandrakesoft and 2 more | 6 Debian Linux, Freebsd, Mandrake Linux and 3 more | 2025-04-03 | 2.1 LOW | N/A |
| cpio on FreeBSD 2.1.0, Debian GNU/Linux 3.0, and possibly other operating systems, uses a 0 umask when creating files using the -O (archive) or -F options, which creates the files with mode 0666 and allows local users to read or overwrite those files. | |||||
| CVE-1999-0023 | 6 Bsdi, Freebsd, Ibm and 3 more | 10 Bsd Os, Freebsd, Aix and 7 more | 2025-04-03 | 7.2 HIGH | N/A |
| Local user gains root privileges via buffer overflow in rdist, via lookup() function. | |||||
| CVE-1999-1187 | 3 Freebsd, Slackware, University Of Washington | 3 Freebsd, Slackware Linux, Pine | 2025-04-03 | 4.6 MEDIUM | N/A |
| Pine before version 3.94 allows local users to gain privileges via a symlink attack on a lockfile that is created when a user receives new mail. | |||||
| CVE-2002-1667 | 1 Freebsd | 1 Freebsd | 2025-04-03 | 2.1 LOW | N/A |
| The virtual memory management system in FreeBSD 4.5-RELEASE and earlier does not properly check the existence of a VM object during page invalidation, which allows local users to cause a denial of service (crash) by calling msync on an unaccessed memory map created with MAP_ANON and MAP_NOSYNC flags. | |||||