| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| The BSD make program allows local users to modify files via a symlink attack when the -j option is being used. |
| asmon and ascpu in FreeBSD allow local users to gain root privileges via a configuration file. |
| Buffer overflow in the dump utility in the Linux ext2fs backup package allows local users to gain privileges via a long command line argument. |
| Buffer overflow in the huh program in the orville-write package allows local users to gain root privileges. |
| The kernel in FreeBSD 3.2 follows symbolic links when it creates core dump files, which allows local attackers to modify arbitrary files. |
| Buffer overflow in FreeBSD libmytinfo library allows local users to execute commands via a long TERMCAP environmental variable. |
| NetBSD 1.4.2 and earlier allows remote attackers to cause a denial of service by sending a packet with an unaligned IP timestamp option. |
| The undocumented semconfig system call in BSD freezes the state of semaphores, which allows local users to cause a denial of service of the semaphore system by using the semconfig call. |
| FreeBSD, NetBSD, and OpenBSD allow an attacker to cause a denial of service by creating a large number of socket pairs using the socketpair function, setting a large buffer size via setsockopt, then writing large buffers. |
| A FreeBSD patch for SSH on 2000-01-14 configures ssh to listen on port 722 as well as port 22, which might allow remote attackers to access SSH through port 722 even if port 22 is otherwise filtered. |
| OpenSSL 0.9.4 and OpenSSH for FreeBSD do not properly check for the existence of the /dev/random or /dev/urandom devices, which are absent on FreeBSD Alpha systems, which causes them to produce weak keys which may be more easily broken. |
| Buffer overflow in Canna input system allows remote attackers to execute arbitrary commands via an SR_INIT command with a long user name or group name. |
| BitchX IRC client does not properly cleanse an untrusted format string, which allows remote attackers to cause a denial of service via an invite to a channel whose name includes special formatting characters. |
| libedit searches for the .editrc file in the current directory instead of the user's home directory, which may allow local users to execute arbitrary commands by installing a modified .editrc in another directory. |
| Arbitrary command execution via metamail package using message headers, when user processes attacker's message using metamail. |
| The virtio_vq_recordon function is subject to a time-of-check to time-of-use (TOCTOU) race condition. |
| An insufficient boundary validation in the USB code could lead to an out-of-bounds read on the heap, which could potentially lead to an arbitrary write and remote code execution. |
| Malicious software running in a guest VM can exploit the buffer overflow to achieve code execution on the host in the bhyve userspace process, which typically runs as root. Note that bhyve runs in a Capsicum sandbox, so malicious code is constrained by the capabilities available to the bhyve process. |
| The command ctl_persistent_reserve_out allows the caller to specify an arbitrary size which will be passed to the kernel's memory allocator. |
| A missing null-termination character in the last element of an nvlist array string can lead to writing outside the allocated buffer. |
