| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| The syscons CONS_SCRSHOT ioctl in FreeBSD 5.x allows local users to read arbitrary kernel memory via (1) negative coordinates or (2) large coordinates. |
| Format string vulnerability in top program allows local attackers to gain root privileges via the "kill" or "renice" function. |
| Buffer overflow in FreeBSD setlocale in the libc module allows attackers to execute arbitrary code via a long PATH_LOCALE environment variable. |
| The jail_attach system call in FreeBSD 5.1 and 5.2 changes the directory of a calling process even if the process doesn't have permission to change directory, which allows local users to gain read/write privileges to files and directories within another jail. |
| mksnap_ffs in FreeBSD 5.1 and 5.2 only sets the snapshot flag when creating a snapshot for a file system, which causes default values for other flags to be used, possibly disabling security-critical settings and allowing a local user to bypass intended access restrictions. |
| Format string vulnerability in pw_error function in BSD libutil library allows local users to gain root privileges via a malformed password in commands such as chpass or passwd. |
| KDE klock allows local users to kill arbitrary processes by specifying an arbitrary PID in the .kss.pid file. |
| The TCP MSS (maximum segment size) functionality in netinet allows remote attackers to cause a denial of service (resource exhaustion) via (1) a low MTU, which causes a large number of small packets to be produced, or (2) via a large number of packets with a small TCP payload, which cause a large number of calls to the resource-intensive sowakeup function. |
| Integer overflow in the Berkeley Fast File System (FFS) in FreeBSD 4.6.1 RELEASE-p4 and earlier allows local users to access arbitrary file contents within FFS to gain privileges by creating a file that is larger than allowed by the virtual memory system. |
| periodic in FreeBSD 4.1.1 and earlier, and possibly other operating systems, allows local users to overwrite arbitrary files via a symlink attack. |
| The arplookup function in FreeBSD 5.1 and earlier, Mac OS X before 10.2.8, and possibly other BSD-based systems, allows remote attackers on a local subnet to cause a denial of service (resource starvation and panic) via a flood of spoofed ARP requests. |
| Buffer overflow in the lprm command in the lprold lpr package on SuSE 7.1 through 7.3, OpenBSD 3.2 and earlier, and possibly other operating systems, allows local users to gain root privileges via long command line arguments such as (1) request ID or (2) user name. |
| Buffer overflow in the Linux binary compatibility module in FreeBSD 3.x through 5.x allows local users to gain root privileges via long filenames in the linux shadow file system. |
| FreeBSD mount_union command allows local users to gain root privileges via a symlink attack. |
| Buffer overflows in brouted in FreeBSD and possibly other OSes allows local users to gain root privileges via long command line arguments. |
| procfs on FreeBSD before 4.5 allows local users to cause a denial of service (kernel panic) by removing a file that the fstatfs function refers to. |
| Buffer overflow in FreeBSD seyon via HOME environmental variable, -emulator argument, -modems argument, or the GUI. |
| Integer signedness error in several system calls for FreeBSD 4.6.1 RELEASE-p10 and earlier may allow attackers to access sensitive kernel memory via large negative values to the (1) accept, (2) getsockname, and (3) getpeername system calls, and the (4) vesa FBIO_GETPALETTE ioctl. |
| Network File System (NFS) in FreeBSD 4.6.1 RELEASE-p7 and earlier, NetBSD 1.5.3 and earlier, and possibly other operating systems, allows remote attackers to cause a denial of service (hang) via an RPC message with a zero length payload, which causes NFS to reference a previous payload and enter an infinite loop. |
| The undocumented semconfig system call in BSD freezes the state of semaphores, which allows local users to cause a denial of service of the semaphore system by using the semconfig call. |
