Total
524 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2005-1036 | 2 Amd, Freebsd | 2 Amd64, Freebsd | 2024-02-28 | 7.2 HIGH | 7.8 HIGH |
FreeBSD 5.x to 5.4 on AMD64 does not properly initialize the IO permission bitmap used to allow user access to certain hardware, which allows local users to bypass intended access restrictions to cause a denial of service, obtain sensitive information, and possibly gain privileges. | |||||
CVE-2004-1066 | 1 Freebsd | 1 Freebsd | 2024-02-28 | 3.6 LOW | N/A |
The cmdline pseudofiles in (1) procfs on FreeBSD 4.8 through 5.3, and (2) linprocfs on FreeBSD 5.x through 5.3, do not properly validate a process argument vector, which allows local users to cause a denial of service (panic) or read portions of kernel memory. NOTE: this candidate might be SPLIT into 2 separate items in the future. | |||||
CVE-2006-2655 | 1 Freebsd | 1 Freebsd | 2024-02-28 | 6.4 MEDIUM | N/A |
The build process for ypserv in FreeBSD 5.3 up to 6.1 accidentally disables access restrictions when using the /var/yp/securenets file, which allows remote attackers to bypass intended access restrictions. | |||||
CVE-2005-4351 | 4 Dragonfly, Freebsd, Linux and 1 more | 4 Dragonfly, Freebsd, Linux Kernel and 1 more | 2024-02-28 | 4.3 MEDIUM | N/A |
The securelevels implementation in FreeBSD 7.0 and earlier, OpenBSD up to 3.8, DragonFly up to 1.2, and Linux up to 2.6.15 allows root users to bypass immutable settings for files by mounting another filesystem that masks the immutable files while the system is running. | |||||
CVE-2006-0055 | 1 Freebsd | 1 Freebsd | 2024-02-28 | 2.1 LOW | N/A |
The ispell_op function in ee on FreeBSD 4.10 to 6.0 uses predictable filenames and does not confirm which file is being written, which allows local users to overwrite arbitrary files via a symlink attack when ee invokes ispell. | |||||
CVE-2006-0226 | 1 Freebsd | 1 Freebsd | 2024-02-28 | 10.0 HIGH | N/A |
Integer overflow in IEEE 802.11 network subsystem (ieee80211_ioctl.c) in FreeBSD before 6.0-STABLE, while scanning for wireless networks, allows remote attackers to execute arbitrary code by broadcasting crafted (1) beacon or (2) probe response frames. | |||||
CVE-2006-0905 | 2 Freebsd, Netbsd | 2 Freebsd, Netbsd | 2024-02-28 | 7.5 HIGH | N/A |
A "programming error" in fast_ipsec in FreeBSD 4.8-RELEASE through 6.1-STABLE and NetBSD 2 through 3 does not properly update the sequence number associated with a Security Association, which allows packets to pass sequence number checks and allows remote attackers to capture IPSec packets and conduct replay attacks. | |||||
CVE-2006-4304 | 3 Freebsd, Netbsd, Openbsd | 3 Freebsd, Netbsd, Openbsd | 2024-02-28 | 10.0 HIGH | N/A |
Buffer overflow in the sppp driver in FreeBSD 4.11 through 6.1, NetBSD 2.0 through 4.0 beta before 20060823, and OpenBSD 3.8 and 3.9 before 20060902 allows remote attackers to cause a denial of service (panic), obtain sensitive information, and possibly execute arbitrary code via crafted Link Control Protocol (LCP) packets with an option length that exceeds the overall length, which triggers the overflow in (1) pppoe and (2) ippp. NOTE: this issue was originally incorrectly reported for the ppp driver. | |||||
CVE-2005-2218 | 1 Freebsd | 1 Freebsd | 2024-02-28 | 7.2 HIGH | N/A |
The device file system (devfs) in FreeBSD 5.x does not properly check parameters of the node type when creating a device node, which makes hidden devices available to attackers, who can then bypass restrictions on a jailed process. | |||||
CVE-2005-1406 | 1 Freebsd | 1 Freebsd | 2024-02-28 | 4.6 MEDIUM | N/A |
The kernel in FreeBSD 4.x to 4.11 and 5.x to 5.4 does not properly clear certain fixed-length buffers when copying variable-length data for use by applications, which could allow those applications to read previously used sensitive memory. | |||||
CVE-2006-0381 | 1 Freebsd | 1 Freebsd | 2024-02-28 | 5.0 MEDIUM | N/A |
A logic error in the IP fragment cache functionality in pf in FreeBSD 5.3, 5.4, and 6.0, and OpenBSD, when a 'scrub fragment crop' or 'scrub fragment drop-ovl' rule is being used, allows remote attackers to cause a denial of service (crash) via crafted packets that cause a packet fragment to be inserted twice. | |||||
CVE-2005-0988 | 7 Freebsd, Gentoo, Gnu and 4 more | 13 Freebsd, Linux, Gzip and 10 more | 2024-02-28 | 3.7 LOW | N/A |
Race condition in gzip 1.2.4, 1.3.3, and earlier, when decompressing a gzipped file, allows local users to modify permissions of arbitrary files via a hard link attack on a file while it is being decompressed, whose permissions are changed by gzip after the decompression is complete. | |||||
CVE-2006-2654 | 1 Freebsd | 1 Freebsd | 2024-02-28 | 6.4 MEDIUM | N/A |
Directory traversal vulnerability in smbfs smbfs on FreeBSD 4.10 up to 6.1 allows local users to escape chroot restrictions for an SMB-mounted filesystem via "..\\" sequences. NOTE: this is similar to CVE-2006-1864, but this is a different implementation of smbfs, so it has a different CVE identifier. | |||||
CVE-2005-2019 | 1 Freebsd | 1 Freebsd | 2024-02-28 | 5.0 MEDIUM | N/A |
ipfw in FreeBSD 5.4, when running on Symmetric Multi-Processor (SMP) or Uni Processor (UP) systems with the PREEMPTION kernel option enabled, does not sufficiently lock certain resources while performing table lookups, which can cause the cache results to be corrupted during multiple concurrent lookups, allowing remote attackers to bypass intended access restrictions. | |||||
CVE-2006-1283 | 1 Freebsd | 1 Freebsd | 2024-02-28 | 7.2 HIGH | N/A |
opiepasswd in One-Time Passwords in Everything (OPIE) in FreeBSD 4.10-RELEASE-p22 through 6.1-STABLE before 20060322 uses the getlogin function to determine the invoking user account, which might allow local users to configure OPIE access to the root account and possibly gain root privileges if a root shell is permitted by the configuration of the wheel group or sshd. | |||||
CVE-2005-1399 | 1 Freebsd | 1 Freebsd | 2024-02-28 | 4.6 MEDIUM | N/A |
FreeBSD 4.6 to 4.11 and 5.x to 5.4 uses insecure default permissions for the /dev/iir device, which allows local users to execute restricted ioctl calls to read or modify data on hardware that is controlled by the iir driver. | |||||
CVE-2005-1126 | 1 Freebsd | 1 Freebsd | 2024-02-28 | 2.1 LOW | N/A |
The SIOCGIFCONF ioctl (ifconf function) in FreeBSD 4.x through 4.11 and 5.x through 5.4 does not properly clear a buffer before using it, which allows local users to obtain portions of sensitive kernel memory. | |||||
CVE-2005-0109 | 5 Freebsd, Redhat, Sco and 2 more | 8 Freebsd, Enterprise Linux, Enterprise Linux Desktop and 5 more | 2024-02-28 | 4.7 MEDIUM | 5.6 MEDIUM |
Hyper-Threading technology, as used in FreeBSD and other operating systems that are run on Intel Pentium and other processors, allows local users to use a malicious thread to create covert channels, monitor the execution of other threads, and obtain sensitive information such as cryptographic keys, via a timing attack on memory cache misses. | |||||
CVE-2006-1056 | 2 Freebsd, Linux | 2 Freebsd, Linux Kernel | 2024-02-28 | 2.1 LOW | N/A |
The Linux kernel before 2.6.16.9 and the FreeBSD kernel, when running on AMD64 and other 7th and 8th generation AuthenticAMD processors, only save/restore the FOP, FIP, and FDP x87 registers in FXSAVE/FXRSTOR when an exception is pending, which allows one process to determine portions of the state of floating point instructions of other processes, which can be leveraged to obtain sensitive information such as cryptographic keys. NOTE: this is the documented behavior of AMD64 processors, but it is inconsistent with Intel processors in a security-relevant fashion that was not addressed by the kernels. | |||||
CVE-2006-0380 | 1 Freebsd | 1 Freebsd | 2024-02-28 | 2.1 LOW | N/A |
A logic error in FreeBSD kernel 5.4-STABLE and 6.0 causes the kernel to calculate an incorrect buffer length, which causes more data to be copied to userland than intended, which could allow local users to read portions of kernel memory. |