| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Buffer overflow in Xt library of X Windowing System allows local users to execute commands with root privileges. |
| Integer overflow in the xdrmem_getbytes() function, and possibly other functions, of XDR (external data representation) libraries derived from SunRPC, including libnsl, libc, glibc, and dietlibc, allows remote attackers to execute arbitrary code via certain integer values in length fields, a different vulnerability than CVE-2002-0391. |
| FreeBSD kernel 4.6 and earlier closes the file descriptors 0, 1, and 2 after they have already been assigned to /dev/null when the descriptors reference procfs or linprocfs, which could allow local users to reuse the file descriptors in a setuid or setgid program to modify critical data and gain privileges. |
| The asynchronous I/O facility in 4.4 BSD kernel does not check user credentials when setting the recipient of I/O notification, which allows local users to cause a denial of service by using certain ioctl and fcntl calls to cause the signal to be sent to an arbitrary process ID. |
| Buffer overflow in Canna input system allows remote attackers to execute arbitrary commands via an SR_INIT command with a long user name or group name. |
| ICMP messages to broadcast addresses are allowed, allowing for a Smurf attack that can cause a denial of service. |
| Buffer overflow in ncurses 5.0, and the ncurses4 compatibility package as used in Red Hat Linux, allows local users to gain privileges, related to "routines for moving the physical cursor and scrolling." |
| time server daemon timed allows remote attackers to cause a denial of service via malformed packets. |
| FTP servers can allow an attacker to connect to arbitrary ports on machines other than the FTP client, aka FTP bounce. |
| Local user gains root privileges via buffer overflow in rdist, via expstr() function. |
| Pine before version 3.94 allows local users to gain privileges via a symlink attack on a lockfile that is created when a user receives new mail. |
| Multiple buffer overflows in eject on FreeBSD and possibly other OSes allows local users to gain root privileges. |
| File creation and deletion, and remote execution, in the BSD line printer daemon (lpd). |
| The device file system (devfs) in FreeBSD 5.x does not properly check parameters of the node type when creating a device node, which makes hidden devices available to attackers, who can then bypass restrictions on a jailed process. |
| BubbleMon 1.31 does not properly drop group privileges before executing programs, which allows local users to execute arbitrary commands with the kmem group id. |
| Hyper-Threading technology, as used in FreeBSD and other operating systems that are run on Intel Pentium and other processors, allows local users to use a malicious thread to create covert channels, monitor the execution of other threads, and obtain sensitive information such as cryptographic keys, via a timing attack on memory cache misses. |
| Local users can start Sendmail in daemon mode and gain root privileges. |
| FreeBSD T/TCP Extensions for Transactions can be subjected to spoofing attacks. |
| FreeBSD gdc program allows local users to modify files via a symlink attack. |
| Integer signedness error in the i386_set_ldt call in FreeBSD 5.5, and possibly earlier versions down to 5.2, allows local users to cause a denial of service (crash) via unspecified arguments that use negative signed integers to cause the bzero function to be called with a large length parameter, a different vulnerability than CVE-2006-4172. |
