| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Integer overflow in the f_count counter in FreeBSD before 4.2 through 5.0 allows local users to cause a denial of service (crash) and possibly execute arbitrary code via multiple calls to (1) fpathconf and (2) lseek, which do not properly decrement f_count through a call to fdrop. |
| Buffer overflow in BSD-based telnetd telnet daemon on various operating systems allows remote attackers to execute arbitrary commands via a set of options including AYT (Are You There), which is not properly handled by the telrcv function. |
| rwho daemon rwhod in FreeBSD 4.2 and earlier, and possibly other operating systems, allows remote attackers to cause a denial of service via malformed packets with a short length. |
| OpenBSD, BSDI, and other Unix operating systems allow users to set chflags and fchflags on character and block devices. |
| licq before 1.0.3 allows remote attackers to execute arbitrary commands via shell metacharacters in a URL. |
| The AES-XCBC-MAC algorithm in IPsec in FreeBSD 5.3 and 5.4, when used for authentication without other encryption, uses a constant key instead of the one that was assigned by the system administrator, which can allow remote attackers to spoof packets to establish an IPsec session. |
| BubbleMon 1.31 does not properly drop group privileges before executing programs, which allows local users to execute arbitrary commands with the kmem group id. |
| FreeBSD 4.3 does not properly clear shared signal handlers when executing a process, which allows local users to gain privileges by calling rfork with a shared signal handler, having the child process execute a setuid program, and sending a signal to the child. |
| The jail system call in FreeBSD 4.x before 4.10-RELEASE does not verify that an attempt to manipulate routing tables originated from a non-jailed process, which could allow local users to modify the routing table. |
| Format string vulnerability in wrapper.c in CVS 1.12.x through 1.12.8, and 1.11.x through 1.11.16 allows remote attackers with CVSROOT commit access to cause a denial of service (application crash) and possibly execute arbitrary code via format string specifiers in a wrapper line. |
| Buffer overflow in ppp program in FreeBSD 2.1 and earlier allows local users to gain privileges via a long HOME environment variable. |
| time server daemon timed allows remote attackers to cause a denial of service via malformed packets. |
| The jail_attach system call in FreeBSD 5.1 and 5.2 changes the directory of a calling process even if the process doesn't have permission to change directory, which allows local users to gain read/write privileges to files and directories within another jail. |
| Race condition in the UFS and EXT2FS file systems in FreeBSD 4.2 and earlier, and possibly other operating systems, makes deleted data available to user processes before it is zeroed out, which allows a local user to access otherwise restricted information. |
| FreeBSD mmap function allows users to modify append-only or immutable files. |
| Listening TCP ports are sequentially allocated, allowing spoofing attacks. |
| Zope before 2.2.4 does not properly compute local roles, which could allow users to bypass specified access restrictions and gain privileges. |
| fts routines in FreeBSD 4.3 and earlier, NetBSD before 1.5.2, and OpenBSD 2.9 and earlier can be forced to change (chdir) into a different directory than intended when the directory above the current directory is moved, which could cause scripts to perform dangerous actions on the wrong directories. |
| Manual page reader (man) in FreeBSD 2.2 and earlier allows local users to gain privileges via a sequence of commands. |
| procfs in FreeBSD and possibly other operating systems allows local users to bypass access control restrictions for a jail environment and gain additional privileges. |
