Filtered by vendor Freebsd
Subscribe
Total
541 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2016-1882 | 1 Freebsd | 1 Freebsd | 2024-02-28 | 7.8 HIGH | 7.5 HIGH |
| FreeBSD 9.3 before p33, 10.1 before p26, and 10.2 before p9 allow remote attackers to cause a denial of service (kernel crash) via vectors related to creating a TCP connection with the TCP_MD5SIG and TCP_NOOPT socket options. | |||||
| CVE-2016-1885 | 1 Freebsd | 1 Freebsd | 2024-02-28 | 4.9 MEDIUM | 6.2 MEDIUM |
| Integer signedness error in the amd64_set_ldt function in sys/amd64/amd64/sys_machdep.c in FreeBSD 9.3 before p39, 10.1 before p31, and 10.2 before p14 allows local users to cause a denial of service (kernel panic) via an i386_set_ldt system call, which triggers a heap-based buffer overflow. | |||||
| CVE-2014-1453 | 1 Freebsd | 1 Freebsd | 2024-02-28 | 4.0 MEDIUM | N/A |
| The NFS server (nfsserver) in FreeBSD 8.3 through 10.0 does not acquire locks in the proper order when converting a directory file handle to a vnode, which allows remote authenticated users to cause a denial of service (deadlock) via vectors involving a thread that uses the correct locking order. | |||||
| CVE-2014-5384 | 2 Freebsd, Netbsd | 2 Freebsd, Netbsd | 2024-02-28 | 5.0 MEDIUM | N/A |
| The VIQR module in the iconv implementation in FreeBSD 10.0 before p6 and NetBSD allows context-dependent attackers to cause a denial of service (out-of-bounds array access) via a crafted argument to the iconv_open function. NOTE: this issue was SPLIT from CVE-2014-3951 per ADT2 due to different vulnerability types. | |||||
| CVE-2014-3954 | 1 Freebsd | 1 Freebsd | 2024-02-28 | 10.0 HIGH | N/A |
| Stack-based buffer overflow in rtsold in FreeBSD 9.1 through 10.1-RC2 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via crafted DNS parameters in a router advertisement message. | |||||
| CVE-2014-3953 | 1 Freebsd | 1 Freebsd | 2024-02-28 | 4.9 MEDIUM | N/A |
| FreeBSD 8.4 before p14, 9.1 before p17, 9.2 before p10, and 10.0 before p7 does not properly initialize certain data structures, which allows local users to obtain sensitive information from kernel memory via a (1) SCTP_SNDRCV, (2) SCTP_EXTRCV, or (3) SCTP_RCVINFO SCTP cmsg or a (4) SCTP_PEER_ADDR_CHANGE, (5) SCTP_REMOTE_ERROR, or (6) SCTP_AUTHENTICATION_EVENT notification. | |||||
| CVE-2014-8117 | 4 Canonical, File Project, Freebsd and 1 more | 4 Ubuntu Linux, File, Freebsd and 1 more | 2024-02-28 | 5.0 MEDIUM | N/A |
| softmagic.c in file before 5.21 does not properly limit recursion, which allows remote attackers to cause a denial of service (CPU consumption or crash) via unspecified vectors. | |||||
| CVE-2015-1415 | 1 Freebsd | 1 Freebsd | 2024-02-28 | 2.1 LOW | N/A |
| The bsdinstall installer in FreeBSD 10.x before 10.1 p9, when configuring full disk encrypted ZFS, uses world-readable permissions for the GELI keyfile (/boot/encryption.key), which allows local users to obtain sensitive key information by reading the file. | |||||
| CVE-2014-3952 | 1 Freebsd | 1 Freebsd | 2024-02-28 | 4.9 MEDIUM | N/A |
| FreeBSD 8.4 before p14, 9.1 before p17, 9.2 before p10, and 10.0 before p7 does not properly initialize the buffer between the header and data of a control message, which allows local users to obtain sensitive information from kernel memory via unspecified vectors. | |||||
| CVE-2014-3951 | 2 Freebsd, Netbsd | 2 Freebsd, Netbsd | 2024-02-28 | 5.0 MEDIUM | N/A |
| The HZ module in the iconv implementation in FreeBSD 10.0 before p6 and NetBSD allows context-dependent attackers to cause a denial of service (NULL pointer dereference) via a crafted argument to the iconv_open function. NOTE: this issue was SPLIT per ADT2 due to different vulnerability types. CVE-2014-5384 is used for the NULL pointer dereference. | |||||
| CVE-2014-0998 | 1 Freebsd | 1 Freebsd | 2024-02-28 | 7.2 HIGH | N/A |
| Integer signedness error in the vt console driver (formerly Newcons) in FreeBSD 9.3 before p10 and 10.1 before p6 allows local users to cause a denial of service (crash) and possibly gain privileges via a negative value in a VT_WAITACTIVE ioctl call, which triggers an array index error and out-of-bounds kernel memory access. | |||||
| CVE-2014-8476 | 1 Freebsd | 1 Freebsd | 2024-02-28 | 2.1 LOW | N/A |
| The setlogin function in FreeBSD 8.4 through 10.1-RC4 does not initialize the buffer used to store the login name, which allows local users to obtain sensitive information from kernel memory via a call to getlogin, which returns the entire buffer. | |||||
| CVE-2014-1452 | 1 Freebsd | 1 Freebsd | 2024-02-28 | 5.8 MEDIUM | N/A |
| Stack-based buffer overflow in lib/snmpagent.c in bsnmpd, as used in FreeBSD 8.3 through 10.0, allows remote attackers to cause a denial of service (daemon crash) and possibly execute arbitrary code via a crafted GETBULK PDU request. | |||||
| CVE-2014-8612 | 1 Freebsd | 1 Freebsd | 2024-02-28 | 4.6 MEDIUM | N/A |
| Multiple array index errors in the Stream Control Transmission Protocol (SCTP) module in FreeBSD 10.1 before p5, 10.0 before p17, 9.3 before p9, and 8.4 before p23 allow local users to (1) gain privileges via the stream id to the setsockopt function, when setting the SCTIP_SS_VALUE option, or (2) read arbitrary kernel memory via the stream id to the getsockopt function, when getting the SCTP_SS_PRIORITY option. | |||||
| CVE-2014-3873 | 1 Freebsd | 1 Freebsd | 2024-02-28 | 2.1 LOW | N/A |
| The ktrace utility in the FreeBSD kernel 8.4 before p11, 9.1 before p14, 9.2 before p7, and 9.3-BETA1 before p1 uses an incorrect page fault kernel trace entry size, which allows local users to obtain sensitive information from kernel memory via a kernel process trace. | |||||
| CVE-2014-3956 | 4 Fedoraproject, Freebsd, Hp and 1 more | 4 Fedora, Freebsd, Hpux and 1 more | 2024-02-28 | 1.9 LOW | N/A |
| The sm_close_on_exec function in conf.c in sendmail before 8.14.9 has arguments in the wrong order, and consequently skips setting expected FD_CLOEXEC flags, which allows local users to access unintended high-numbered file descriptors via a custom mail-delivery program. | |||||
| CVE-2015-1414 | 3 Debian, Freebsd, Netgate | 3 Debian Linux, Freebsd, Pfsense | 2024-02-28 | 7.8 HIGH | N/A |
| Integer overflow in FreeBSD before 8.4 p24, 9.x before 9.3 p10. 10.0 before p18, and 10.1 before p6 allows remote attackers to cause a denial of service (crash) via a crafted IGMP packet, which triggers an incorrect size calculation and allocation of insufficient memory. | |||||
| CVE-2014-3000 | 1 Freebsd | 1 Freebsd | 2024-02-28 | 7.8 HIGH | N/A |
| The TCP reassembly function in the inet module in FreeBSD 8.3 before p16, 8.4 before p9, 9.1 before p12, 9.2 before p5, and 10.0 before p2 allows remote attackers to cause a denial of service (undefined memory access and system crash) or possibly read system memory via multiple crafted packets, related to moving a reassemble queue entry to the segment list when the queue is full. | |||||
| CVE-2014-3001 | 1 Freebsd | 1 Freebsd | 2024-02-28 | 5.8 MEDIUM | N/A |
| The device file system (aka devfs) in FreeBSD 10.0 before p2 does not load default rulesets when booting, which allows context-dependent attackers to bypass intended restrictions by leveraging a jailed device node process. | |||||
| CVE-2014-3711 | 1 Freebsd | 1 Freebsd | 2024-02-28 | 5.0 MEDIUM | N/A |
| namei in FreeBSD 9.1 through 10.1-RC2 allows remote attackers to cause a denial of service (memory exhaustion) via vectors that trigger a sandboxed process to look up a large number of nonexistent path names. | |||||