Filtered by vendor Freebsd
Subscriptions
Total
530 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-1999-0040 | 7 Bsdi, Freebsd, Hp and 4 more | 10 Bsd Os, Freebsd, Hp-ux and 7 more | 2022-08-17 | N/A |
Buffer overflow in Xt library of X Windowing System allows local users to execute commands with root privileges. | ||||
CVE-1999-0037 | 2 Freebsd, Redhat | 2 Freebsd, Linux | 2022-08-17 | N/A |
Arbitrary command execution via metamail package using message headers, when user processes attacker's message using metamail. | ||||
CVE-1999-0023 | 6 Bsdi, Freebsd, Ibm and 3 more | 10 Bsd Os, Freebsd, Aix and 7 more | 2022-08-17 | N/A |
Local user gains root privileges via buffer overflow in rdist, via lookup() function. | ||||
CVE-1999-0017 | 9 Caldera, Freebsd, Gnu and 6 more | 11 Openlinux, Freebsd, Inet and 8 more | 2022-08-17 | N/A |
FTP servers can allow an attacker to connect to arbitrary ports on machines other than the FTP client, aka FTP bounce. | ||||
CVE-1999-0345 | 4 Freebsd, Ibm, Sco and 1 more | 7 Freebsd, Aix, Sng and 4 more | 2022-08-17 | N/A |
Jolt ICMP attack causes a denial of service in Windows 95 and Windows NT systems. | ||||
CVE-1999-0129 | 7 Bsdi, Eric Allman, Freebsd and 4 more | 9 Bsd Os, Sendmail, Freebsd and 6 more | 2022-08-17 | N/A |
Sendmail allows local users to write to a file and gain group permissions via a .forward or :include: file. | ||||
CVE-1999-0074 | 4 Freebsd, Linux, Microsoft and 1 more | 4 Freebsd, Linux Kernel, Windows Nt and 1 more | 2022-08-17 | N/A |
Listening TCP ports are sequentially allocated, allowing spoofing attacks. | ||||
CVE-2020-25582 | 1 Freebsd | 1 Freebsd | 2022-07-12 | 8.7 High |
In FreeBSD 12.2-STABLE before r369334, 11.4-STABLE before r369335, 12.2-RELEASE before p4 and 11.4-RELEASE before p8 when a process, such as jexec(8) or killall(1), calls jail_attach(2) to enter a jail, the jailed root can attach to it using ptrace(2) before the current working directory is changed. | ||||
CVE-2020-7468 | 1 Freebsd | 1 Freebsd | 2022-07-12 | 8.8 High |
In FreeBSD 12.2-STABLE before r365772, 11.4-STABLE before r365773, 12.1-RELEASE before p10, 11.4-RELEASE before p4 and 11.3-RELEASE before p14 a ftpd(8) bug in the implementation of the file system sandbox, combined with capabilities available to an authenticated FTP user, can be used to escape the file system restriction configured in ftpchroot(5). Moreover, the bug allows a malicious client to gain root privileges. | ||||
CVE-2020-25579 | 1 Freebsd | 1 Freebsd | 2022-07-12 | 5.3 Medium |
In FreeBSD 12.2-STABLE before r368969, 11.4-STABLE before r369047, 12.2-RELEASE before p3, 12.1-RELEASE before p13 and 11.4-RELEASE before p7 msdosfs(5) was failing to zero-fill a pair of padding fields in the dirent structure, resulting in a leak of three uninitialized bytes. | ||||
CVE-2020-25580 | 1 Freebsd | 1 Freebsd | 2022-07-12 | 5.3 Medium |
In FreeBSD 12.2-STABLE before r369346, 11.4-STABLE before r369345, 12.2-RELEASE before p4 and 11.4-RELEASE before p8 a regression in the login.access(5) rule processor has the effect of causing rules to fail to match even when they should not. This means that rules denying access may be ignored. | ||||
CVE-2020-7452 | 1 Freebsd | 1 Freebsd | 2022-07-12 | 9.1 Critical |
In FreeBSD 12.1-STABLE before r357490, 12.1-RELEASE before 12.1-RELEASE-p3, 11.3-STABLE before r357489, and 11.3-RELEASE before 11.3-RELEASE-p7, incorrect use of a user-controlled pointer in the epair virtual network module allowed vnet jailed privileged users to panic the host system and potentially execute arbitrary code in the kernel. | ||||
CVE-2020-7460 | 1 Freebsd | 1 Freebsd | 2022-07-01 | 7.0 High |
In FreeBSD 12.1-STABLE before r363918, 12.1-RELEASE before p8, 11.4-STABLE before r363919, 11.4-RELEASE before p2, and 11.3-RELEASE before p12, the sendmsg system call in the compat32 subsystem on 64-bit platforms has a time-of-check to time-of-use vulnerability allowing a mailcious userspace program to modify control message headers after they were validation. | ||||
CVE-2020-25578 | 1 Freebsd | 1 Freebsd | 2022-06-28 | 5.3 Medium |
In FreeBSD 12.2-STABLE before r368969, 11.4-STABLE before r369047, 12.2-RELEASE before p3, 12.1-RELEASE before p13 and 11.4-RELEASE before p7 several file systems were not properly initializing the d_off field of the dirent structures returned by VOP_READDIR. In particular, tmpfs(5), smbfs(5), autofs(5) and mqueuefs(5) were failing to do so. As a result, eight uninitialized kernel stack bytes may be leaked to userspace by these file systems. | ||||
CVE-2020-7459 | 1 Freebsd | 1 Freebsd | 2022-06-05 | 6.8 Medium |
In FreeBSD 12.1-STABLE before r362166, 12.1-RELEASE before p8, 11.4-STABLE before r362167, 11.4-RELEASE before p2, and 11.3-RELEASE before p12, missing length validation code common to mulitple USB network drivers allows a malicious USB device to write beyond the end of an allocated network packet buffer. | ||||
CVE-2020-7455 | 1 Freebsd | 1 Freebsd | 2022-06-05 | 5.5 Medium |
In FreeBSD 12.1-STABLE before r360973, 12.1-RELEASE before p5, 11.4-STABLE before r360973, 11.4-BETA1 before p1 and 11.3-RELEASE before p9, the FTP packet handler in libalias incorrectly calculates some packet length allowing disclosure of small amounts of kernel (for kernel NAT) or natd process space (for userspace natd). | ||||
CVE-2020-7469 | 2 Freebsd, Netapp | 2 Freebsd, Clustered Data Ontap | 2022-05-31 | 7.5 High |
In FreeBSD 12.2-STABLE before r367402, 11.4-STABLE before r368202, 12.2-RELEASE before p1, 12.1-RELEASE before p11 and 11.4-RELEASE before p5 the handler for a routing option caches a pointer into the packet buffer holding the ICMPv6 message. However, when processing subsequent options the packet buffer may be freed, rendering the cached pointer invalid. The network stack may later dereference the pointer, potentially triggering a use-after-free. | ||||
CVE-2021-29627 | 1 Freebsd | 1 Freebsd | 2022-05-27 | 7.8 High |
In FreeBSD 13.0-STABLE before n245050, 12.2-STABLE before r369525, 13.0-RC4 before p0, and 12.2-RELEASE before p6, listening socket accept filters implementing the accf_create callback incorrectly freed a process supplied argument string. Additional operations on the socket can lead to a double free or use after free. | ||||
CVE-2021-29626 | 1 Freebsd | 1 Freebsd | 2022-05-27 | 5.5 Medium |
In FreeBSD 13.0-STABLE before n245117, 12.2-STABLE before r369551, 11.4-STABLE before r369559, 13.0-RC5 before p1, 12.2-RELEASE before p6, and 11.4-RELEASE before p9, copy-on-write logic failed to invalidate shared memory page mappings between multiple processes allowing an unprivileged process to maintain a mapping after it is freed, allowing the process to read private data belonging to other processes or the kernel. | ||||
CVE-2021-29628 | 1 Freebsd | 1 Freebsd | 2022-05-16 | 7.5 High |
In FreeBSD 13.0-STABLE before n245764-876ffe28796c, 12.2-STABLE before r369857, 13.0-RELEASE before p1, and 12.2-RELEASE before p7, a system call triggering a fault could cause SMAP protections to be disabled for the duration of the system call. This weakness could be combined with other kernel bugs to craft an exploit. |