| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Memory leak in FreeBSD 4.5 and earlier allows remote attackers to cause a denial of service (memory exhaustion) via ICMP echo packets that trigger a bug in ip_output() in which the reference count for a routing table entry is not decremented, which prevents the entry from being removed. |
| BubbleMon 1.31 does not properly drop group privileges before executing programs, which allows local users to execute arbitrary commands with the kmem group id. |
| The SYN cache (syncache) and SYN cookie (syncookie) mechanism in FreeBSD 4.5 and earlier allows remote attackers to cause a denial of service (crash) (1) via a SYN packet that is accepted using syncookies that causes a null pointer to be referenced for the socket's TCP options, or (2) by killing and restarting a process that listens on the same socket, which does not properly clear the old inpcb pointer on restart. |
| FreeBSD 5.x, 4.x, and 3.x allows local users to cause a denial of service by executing a program with a malformed ELF image header. |
| ipfw in FreeBSD 5.4, when running on Symmetric Multi-Processor (SMP) or Uni Processor (UP) systems with the PREEMPTION kernel option enabled, does not sufficiently lock certain resources while performing table lookups, which can cause the cache results to be corrupted during multiple concurrent lookups, allowing remote attackers to bypass intended access restrictions. |
| FreeBSD 4.3 does not properly clear shared signal handlers when executing a process, which allows local users to gain privileges by calling rfork with a shared signal handler, having the child process execute a setuid program, and sending a signal to the child. |
| KAME-derived implementations of IPsec on NetBSD 1.5.2, FreeBSD 4.5, and other operating systems, does not properly consult the Security Policy Database (SPD), which could cause a Security Gateway (SG) that does not use Encapsulating Security Payload (ESP) to forward forged IPv4 packets. |
| The AES-XCBC-MAC algorithm in IPsec in FreeBSD 5.3 and 5.4, when used for authentication without other encryption, uses a constant key instead of the one that was assigned by the system administrator, which can allow remote attackers to spoof packets to establish an IPsec session. |
| Integer overflow in xdr_array function in RPC servers for operating systems that use libc, glibc, or other code based on SunRPC including dietlibc, allows remote attackers to execute arbitrary code by passing a large number of arguments to xdr_array through RPC services such as rpc.cmsd and dmispd. |
| Directory traversal vulnerability in smbfs smbfs on FreeBSD 4.10 up to 6.1 allows local users to escape chroot restrictions for an SMB-mounted filesystem via "..\\" sequences. NOTE: this is similar to CVE-2006-1864, but this is a different implementation of smbfs, so it has a different CVE identifier. |
| opiepasswd in One-Time Passwords in Everything (OPIE) in FreeBSD 4.10-RELEASE-p22 through 6.1-STABLE before 20060322 uses the getlogin function to determine the invoking user account, which might allow local users to configure OPIE access to the root account and possibly gain root privileges if a root shell is permitted by the configuration of the wheel group or sshd. |
| Zope before 2.2.4 does not properly compute local roles, which could allow users to bypass specified access restrictions and gain privileges. |
| Jolt ICMP attack causes a denial of service in Windows 95 and Windows NT systems. |
| Vulnerability in union file system in FreeBSD 2.2 and earlier, and possibly other operating systems, allows local users to cause a denial of service (system reload) via a series of certain mount_union commands. |
| Race condition in gzip 1.2.4, 1.3.3, and earlier, when decompressing a gzipped file, allows local users to modify permissions of arbitrary files via a hard link attack on a file while it is being decompressed, whose permissions are changed by gzip after the decompression is complete. |
| The arplookup function in FreeBSD 5.1 and earlier, Mac OS X before 10.2.8, and possibly other BSD-based systems, allows remote attackers on a local subnet to cause a denial of service (resource starvation and panic) via a flood of spoofed ARP requests. |
| Buffer overflow in FreeBSD libmytinfo library allows local users to execute commands via a long TERMCAP environmental variable. |
| Heap corruption vulnerability in the "at" program allows local users to execute arbitrary code via a malformed execution time, which causes at to free the same memory twice. |
| BIND 8.x through 8.3.3 allows remote attackers to cause a denial of service (crash) via SIG RR elements with invalid expiry times, which are removed from the internal BIND database and later cause a null dereference. |
| The shmat system call in the System V Shared Memory interface for FreeBSD 5.2 and earlier, NetBSD 1.3 and earlier, and OpenBSD 2.6 and earlier, does not properly decrement a shared memory segment's reference count when the vm_map_find function fails, which could allow local users to gain read or write access to a portion of kernel memory and gain privileges. |
