Search Results (602 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2014-8476 1 Freebsd 1 Freebsd 2025-04-12 N/A
The setlogin function in FreeBSD 8.4 through 10.1-RC4 does not initialize the buffer used to store the login name, which allows local users to obtain sensitive information from kernel memory via a call to getlogin, which returns the entire buffer.
CVE-2014-8611 2 Apple, Freebsd 3 Iphone Os, Mac Os X, Freebsd 2025-04-12 N/A
The __sflush function in fflush.c in stdio in libc in FreeBSD 10.1 and the kernel in Apple iOS before 9 mishandles failures of the write system call, which allows context-dependent attackers to execute arbitrary code or cause a denial of service (heap-based buffer overflow) via a crafted application.
CVE-2016-1886 1 Freebsd 1 Freebsd 2025-04-12 N/A
Integer signedness error in the genkbd_commonioctl function in sys/dev/kbd/kbd.c in FreeBSD 9.3 before p42, 10.1 before p34, 10.2 before p17, and 10.3 before p3 allows local users to obtain sensitive information from kernel memory, cause a denial of service (memory overwrite and kernel crash), or gain privileges via a negative value in the flen structure member in the arg argument in a SETFKEY ioctl call, which triggers a "two way heap and stack overflow."
CVE-2016-1887 1 Freebsd 1 Freebsd 2025-04-12 N/A
Integer signedness error in the sockargs function in sys/kern/uipc_syscalls.c in FreeBSD 10.1 before p34, 10.2 before p17, and 10.3 before p3 allows local users to cause a denial of service (memory overwrite and kernel panic) or gain privileges via a negative buflen argument, which triggers a heap-based buffer overflow.
CVE-2016-1885 1 Freebsd 1 Freebsd 2025-04-12 N/A
Integer signedness error in the amd64_set_ldt function in sys/amd64/amd64/sys_machdep.c in FreeBSD 9.3 before p39, 10.1 before p31, and 10.2 before p14 allows local users to cause a denial of service (kernel panic) via an i386_set_ldt system call, which triggers a heap-based buffer overflow.
CVE-2014-3956 4 Fedoraproject, Freebsd, Hp and 1 more 4 Fedora, Freebsd, Hpux and 1 more 2025-04-12 N/A
The sm_close_on_exec function in conf.c in sendmail before 8.14.9 has arguments in the wrong order, and consequently skips setting expected FD_CLOEXEC flags, which allows local users to access unintended high-numbered file descriptors via a custom mail-delivery program.
CVE-2014-5384 2 Freebsd, Netbsd 2 Freebsd, Netbsd 2025-04-12 N/A
The VIQR module in the iconv implementation in FreeBSD 10.0 before p6 and NetBSD allows context-dependent attackers to cause a denial of service (out-of-bounds array access) via a crafted argument to the iconv_open function. NOTE: this issue was SPLIT from CVE-2014-3951 per ADT2 due to different vulnerability types.
CVE-2014-3001 1 Freebsd 1 Freebsd 2025-04-12 N/A
The device file system (aka devfs) in FreeBSD 10.0 before p2 does not load default rulesets when booting, which allows context-dependent attackers to bypass intended restrictions by leveraging a jailed device node process.
CVE-2014-1453 1 Freebsd 1 Freebsd 2025-04-12 N/A
The NFS server (nfsserver) in FreeBSD 8.3 through 10.0 does not acquire locks in the proper order when converting a directory file handle to a vnode, which allows remote authenticated users to cause a denial of service (deadlock) via vectors involving a thread that uses the correct locking order.
CVE-2014-3000 1 Freebsd 1 Freebsd 2025-04-12 N/A
The TCP reassembly function in the inet module in FreeBSD 8.3 before p16, 8.4 before p9, 9.1 before p12, 9.2 before p5, and 10.0 before p2 allows remote attackers to cause a denial of service (undefined memory access and system crash) or possibly read system memory via multiple crafted packets, related to moving a reassemble queue entry to the segment list when the queue is full.
CVE-2016-1879 1 Freebsd 1 Freebsd 2025-04-12 N/A
The Stream Control Transmission Protocol (SCTP) module in FreeBSD 9.3 before p33, 10.1 before p26, and 10.2 before p9, when the kernel is configured for IPv6, allows remote attackers to cause a denial of service (assertion failure or NULL pointer dereference and kernel panic) via a crafted ICMPv6 packet.
CVE-2014-0998 1 Freebsd 1 Freebsd 2025-04-12 N/A
Integer signedness error in the vt console driver (formerly Newcons) in FreeBSD 9.3 before p10 and 10.1 before p6 allows local users to cause a denial of service (crash) and possibly gain privileges via a negative value in a VT_WAITACTIVE ioctl call, which triggers an array index error and out-of-bounds kernel memory access.
CVE-2015-1414 3 Debian, Freebsd, Netgate 3 Debian Linux, Freebsd, Pfsense 2025-04-12 N/A
Integer overflow in FreeBSD before 8.4 p24, 9.x before 9.3 p10. 10.0 before p18, and 10.1 before p6 allows remote attackers to cause a denial of service (crash) via a crafted IGMP packet, which triggers an incorrect size calculation and allocation of insufficient memory.
CVE-2010-3014 2 Freebsd, Netbsd 2 Freebsd, Netbsd 2025-04-11 N/A
The Coda filesystem kernel module, as used in NetBSD and FreeBSD, when Coda is loaded and Venus is running with /coda mounted, allows local users to read sensitive heap memory via a large out_size value in a ViceIoctl struct to a Coda ioctl, which triggers a buffer over-read.
CVE-2012-3549 1 Freebsd 1 Freebsd 2025-04-11 N/A
The SCTP implementation in FreeBSD 8.2 allows remote attackers to cause a denial of service (NULL pointer dereference and kernel panic) via a crafted ASCONF chunk.
CVE-2011-1074 1 Freebsd 1 Freebsd 2025-04-11 N/A
crontab.c in crontab in FreeBSD allows local users to determine the existence of arbitrary directories via a command-line argument composed of a directory name concatenated with a directory traversal sequence that leads to the /etc/crontab pathname.
CVE-2013-6834 1 Freebsd 1 Freebsd 2025-04-11 N/A
The ql_eioctl function in sys/dev/qlxgbe/ql_ioctl.c in the kernel in FreeBSD 10 and earlier does not validate a certain size parameter, which allows local users to obtain sensitive information from kernel memory via a crafted ioctl call.
CVE-2011-1073 2 Apple, Freebsd 2 Mac Os X, Freebsd 2025-04-11 N/A
crontab.c in crontab in FreeBSD and Apple Mac OS X allows local users to (1) determine the existence of arbitrary files via a symlink attack on a /tmp/crontab.XXXXXXXXXX temporary file and (2) perform MD5 checksum comparisons on arbitrary pairs of files via two symlink attacks on /tmp/crontab.XXXXXXXXXX temporary files.
CVE-2006-7252 2 Freebsd, Netbsd 2 Freebsd, Netbsd 2025-04-11 N/A
Integer overflow in the calloc function in libc/stdlib/malloc.c in jemalloc in libc for FreeBSD 6.4 and NetBSD makes it easier for context-dependent attackers to perform memory-related attacks such as buffer overflows via a large size value, which triggers a memory allocation of one byte.
CVE-2007-6754 2 Freebsd, Netbsd 2 Freebsd, Netbsd 2025-04-11 N/A
The ipalloc function in libc/stdlib/malloc.c in jemalloc in libc for FreeBSD 6.4 and NetBSD does not properly allocate memory, which makes it easier for context-dependent attackers to perform memory-related attacks such as buffer overflows via a large size value, related to "integer rounding and overflow" errors.