| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| The catopen function in FreeBSD 5.0 and earlier, and possibly other OSes, allows local users to read arbitrary files via the LANG environmental variable. |
| Format string vulnerability in pw_error function in BSD libutil library allows local users to gain root privileges via a malformed password in commands such as chpass or passwd. |
| Buffer overflow in Xt library of X Windowing System allows local users to execute commands with root privileges. |
| The kqueue mechanism in FreeBSD 4.3 through 4.6 STABLE allows local users to cause a denial of service (kernel panic) via a pipe call in which one end is terminated and an EVFILT_WRITE filter is registered for the other end. |
| Manual page reader (man) in FreeBSD 2.2 and earlier allows local users to gain privileges via a sequence of commands. |
| The binary compatibility mode for FreeBSD 4.x and 5.x does not properly handle certain Linux system calls, which could allow local users to access kernel memory to gain privileges or cause a system panic. |
| Format string vulnerability in top program allows local attackers to gain root privileges via the "kill" or "renice" function. |
| The default aide.conf file in Advanced Intrusion Detection Environment (AIDE) before 0.7_1 on FreeBSD before 2002-08-28 does not properly check subdirectories, which could allow local users to bypass detection. |
| The rc system startup script for FreeBSD 4 through 4.5 allows local users to delete arbitrary files via a symlink attack on X Windows lock files. |
| Buffer overflow in ncurses library allows local users to execute arbitrary commands via long environmental information such as TERM or TERMINFO_DIRS. |
| BSD pppd allows local users to change the permissions of arbitrary files via a symlink attack on a file that is specified as a tty device. |
| Buffer overflow in bootpd on OpenBSD, FreeBSD, and Linux systems via a malformed header type. |
| linprocfs on FreeBSD 4.3 and earlier does not properly restrict access to kernel memory, which allows one process with debugging rights on a privileged process to read restricted memory from that process. |
| OpenBSD, BSDI, and other Unix operating systems allow users to set chflags and fchflags on character and block devices. |
| Integer overflow in the Berkeley Fast File System (FFS) in FreeBSD 4.6.1 RELEASE-p4 and earlier allows local users to access arbitrary file contents within FFS to gain privileges by creating a file that is larger than allowed by the virtual memory system. |
| The asynchronous I/O facility in 4.4 BSD kernel does not check user credentials when setting the recipient of I/O notification, which allows local users to cause a denial of service by using certain ioctl and fcntl calls to cause the signal to be sent to an arbitrary process ID. |
| procfs in FreeBSD and possibly other operating systems allows local users to bypass access control restrictions for a jail environment and gain additional privileges. |
| Vacation program allows command execution by remote users through a sendmail command. |
| Network File System (NFS) in FreeBSD 4.6.1 RELEASE-p7 and earlier, NetBSD 1.5.3 and earlier, and possibly other operating systems, allows remote attackers to cause a denial of service (hang) via an RPC message with a zero length payload, which causes NFS to reference a previous payload and enter an infinite loop. |
| A logic error in the IP fragment cache functionality in pf in FreeBSD 5.3, 5.4, and 6.0, and OpenBSD, when a 'scrub fragment crop' or 'scrub fragment drop-ovl' rule is being used, allows remote attackers to cause a denial of service (crash) via crafted packets that cause a packet fragment to be inserted twice. |