Filtered by vendor Freebsd
Subscribe
Total
554 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2007-3722 | 1 Freebsd | 1 Freebsd | 2025-04-09 | 2.1 LOW | N/A |
| The 4BSD process scheduler in the FreeBSD kernel performs scheduling based on CPU billing gathered from periodic process sampling ticks, which allows local users to cause a denial of service (CPU consumption) by performing voluntary nanosecond sleeps that result in the process not being active during a clock interrupt, as described in "Secretly Monopolizing the CPU Without Superuser Privileges." | |||||
| CVE-2007-6150 | 1 Freebsd | 1 Freebsd | 2025-04-09 | 2.1 LOW | N/A |
| The "internal state tracking" code for the random and urandom devices in FreeBSD 5.5, 6.1 through 6.3, and 7.0 beta 4 allows local users to obtain portions of previously-accessed random values, which could be leveraged to bypass protection mechanisms that rely on secrecy of those values. | |||||
| CVE-2009-2649 | 1 Freebsd | 1 Freebsd | 2025-04-09 | 4.7 MEDIUM | N/A |
| The IATA (ata) driver in FreeBSD 6.0 and 8.0, when read access to /dev is available, allows local users to cause a denial of service (kernel panic) via a certain IOCTL request with a large count, which triggers a malloc call with a large value. | |||||
| CVE-2010-0318 | 1 Freebsd | 1 Freebsd | 2025-04-09 | 6.9 MEDIUM | N/A |
| The replay functionality for ZFS Intent Log (ZIL) in FreeBSD 7.1, 7.2, and 8.0, when creating files during replay of a setattr transaction, uses 7777 permissions instead of the original permissions, which might allow local users to read or modify unauthorized files in opportunistic circumstances after a system crash or power failure. | |||||
| CVE-2007-0229 | 2 Apple, Freebsd | 3 Mac Os X, Mac Os X Server, Freebsd | 2025-04-09 | 7.2 HIGH | N/A |
| Integer overflow in the ffs_mountfs function in Mac OS X 10.4.8 and FreeBSD 6.1 allows local users to cause a denial of service (panic) and possibly gain privileges via a crafted DMG image that causes "allocation of a negative size buffer" leading to a heap-based buffer overflow, a related issue to CVE-2006-5679. NOTE: a third party states that this issue does not cross privilege boundaries in FreeBSD because only root may mount a filesystem. | |||||
| CVE-2008-4609 | 12 Bsd, Bsdi, Cisco and 9 more | 22 Bsd, Bsd Os, Catalyst Blade Switch 3020 and 19 more | 2025-04-09 | 7.1 HIGH | N/A |
| The TCP implementation in (1) Linux, (2) platforms based on BSD Unix, (3) Microsoft Windows, (4) Cisco products, and probably other operating systems allows remote attackers to cause a denial of service (connection queue exhaustion) via multiple vectors that manipulate information in the TCP state table, as demonstrated by sockstress. | |||||
| CVE-2009-1935 | 1 Freebsd | 1 Freebsd | 2025-04-09 | 4.9 MEDIUM | N/A |
| Integer overflow in the pipe_build_write_buffer function (sys/kern/sys_pipe.c) in the direct write optimization feature in the pipe implementation in FreeBSD 7.1 through 7.2 and 6.3 through 6.4 allows local users to bypass virtual-to-physical address lookups and read sensitive information in memory pages via unspecified vectors. | |||||
| CVE-2009-3048 | 4 Conectiva, Freebsd, Opera and 1 more | 4 Linux, Freebsd, Opera Browser and 1 more | 2025-04-09 | 4.3 MEDIUM | N/A |
| Opera before 10.00 on Linux, Solaris, and FreeBSD does not properly implement the "INPUT TYPE=file" functionality, which allows remote attackers to trick a user into uploading an unintended file via vectors involving a "dropped file." | |||||
| CVE-2008-0216 | 1 Freebsd | 1 Freebsd | 2025-04-09 | 2.1 LOW | N/A |
| The ptsname function in FreeBSD 6.0 through 7.0-PRERELEASE does not properly verify that a certain portion of a device name is associated with a pty of a user who is calling the pt_chown function, which might allow local users to read data from the pty from another user. | |||||
| CVE-2008-2476 | 6 Force10, Freebsd, Juniper and 3 more | 6 Ftos, Freebsd, Jnos and 3 more | 2025-04-09 | 9.3 HIGH | N/A |
| The IPv6 Neighbor Discovery Protocol (NDP) implementation in (1) FreeBSD 6.3 through 7.1, (2) OpenBSD 4.2 and 4.3, (3) NetBSD, (4) Force10 FTOS before E7.7.1.1, (5) Juniper JUNOS, and (6) Wind River VxWorks 5.x through 6.4 does not validate the origin of Neighbor Discovery messages, which allows remote attackers to cause a denial of service (loss of connectivity) or read private network traffic via a spoofed message that modifies the Forward Information Base (FIB). | |||||
| CVE-2009-1041 | 1 Freebsd | 1 Freebsd | 2025-04-09 | 7.2 HIGH | N/A |
| The ktimer feature (sys/kern/kern_time.c) in FreeBSD 7.0, 7.1, and 7.2 allows local users to overwrite arbitrary kernel memory via an out-of-bounds timer value. | |||||
| CVE-2019-5598 | 1 Freebsd | 1 Freebsd | 2025-04-03 | 5.0 MEDIUM | 7.5 HIGH |
| In FreeBSD 11.3-PRERELEASE before r345378, 12.0-STABLE before r345377, 11.2-RELEASE before 11.2-RELEASE-p10, and 12.0-RELEASE before 12.0-RELEASE-p4, a bug in pf does not check if the outer ICMP or ICMP6 packet has the same destination IP as the source IP of the inner protocol packet allowing a maliciously crafted ICMP/ICMP6 packet could bypass the packet filter rules and be passed to a host that would otherwise be unavailable. | |||||
| CVE-1999-0704 | 3 Bsdi, Freebsd, Redhat | 3 Bsd Os, Freebsd, Linux | 2025-04-03 | 9.3 HIGH | N/A |
| Buffer overflow in Berkeley automounter daemon (amd) logging facility provided in the Linux am-utils package and others. | |||||
| CVE-1999-0405 | 4 Debian, Freebsd, Redhat and 1 more | 4 Debian Linux, Freebsd, Linux and 1 more | 2025-04-03 | 7.2 HIGH | N/A |
| A buffer overflow in lsof allows local users to obtain root privilege. | |||||
| CVE-2005-1126 | 1 Freebsd | 1 Freebsd | 2025-04-03 | 2.1 LOW | N/A |
| The SIOCGIFCONF ioctl (ifconf function) in FreeBSD 4.x through 4.11 and 5.x through 5.4 does not properly clear a buffer before using it, which allows local users to obtain portions of sensitive kernel memory. | |||||
| CVE-2002-1915 | 3 Freebsd, Netbsd, Openbsd | 3 Freebsd, Netbsd, Openbsd | 2025-04-03 | 2.1 LOW | 5.5 MEDIUM |
| tip on multiple BSD-based operating systems allows local users to cause a denial of service (execution prevention) by using flock() to lock the /var/log/acculog file. | |||||
| CVE-2001-0796 | 2 Freebsd, Sgi | 2 Freebsd, Irix | 2025-04-03 | 5.0 MEDIUM | N/A |
| SGI IRIX 6.5 through 6.5.12f and possibly earlier versions, and FreeBSD 3.0, allows remote attackers to cause a denial of service via a malformed IGMP multicast packet with a small response delay. | |||||
| CVE-1999-0783 | 1 Freebsd | 1 Freebsd | 2025-04-03 | 5.0 MEDIUM | 5.5 MEDIUM |
| FreeBSD allows local users to conduct a denial of service by creating a hard link from a device special file to a file on an NFS file system. | |||||
| CVE-2002-0062 | 5 Debian, Freebsd, Gnu and 2 more | 5 Debian Linux, Freebsd, Ncurses and 2 more | 2025-04-03 | 7.2 HIGH | N/A |
| Buffer overflow in ncurses 5.0, and the ncurses4 compatibility package as used in Red Hat Linux, allows local users to gain privileges, related to "routines for moving the physical cursor and scrolling." | |||||
| CVE-2001-0424 | 2 Freebsd, Timecop | 2 Freebsd, Bubblemon | 2025-04-03 | 7.2 HIGH | N/A |
| BubbleMon 1.31 does not properly drop group privileges before executing programs, which allows local users to execute arbitrary commands with the kmem group id. | |||||