Search Results (586 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2007-4304 2 Cerb, Freebsd 2 Cerbng, Freebsd 2026-04-23 N/A
CerbNG for FreeBSD 4.8 does not properly implement VM protection when attempting to prevent system call wrapper races, which allows local users to have an unknown impact related to an "incorrect write protection of pages".
CVE-2009-0689 6 Freebsd, K-meleon Project, Mozilla and 3 more 9 Freebsd, K-meleon, Firefox and 6 more 2026-04-23 N/A
Array index error in the (1) dtoa implementation in dtoa.c (aka pdtoa.c) and the (2) gdtoa (aka new dtoa) implementation in gdtoa/misc.c in libc, as used in multiple operating systems and products including in FreeBSD 6.4 and 7.2, NetBSD 5.0, OpenBSD 4.5, Mozilla Firefox 3.0.x before 3.0.15 and 3.5.x before 3.5.4, K-Meleon 1.5.3, SeaMonkey 1.1.8, and other products, allows context-dependent attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a large precision value in the format argument to a printf function, which triggers incorrect memory allocation and a heap-based buffer overflow during conversion to a floating-point number.
CVE-2006-5550 2 Freebsd, Openbsd 2 Freebsd, Openbsd 2026-04-23 N/A
The kernel in FreeBSD 6.1 and OpenBSD 4.0 allows local users to cause a denial of service via unspecified vectors involving certain ioctl requests to /dev/crypto.
CVE-2009-0601 6 Apple, Freebsd, Linux and 3 more 6 Mac Os X, Freebsd, Linux Kernel and 3 more 2026-04-23 N/A
Format string vulnerability in Wireshark 0.99.8 through 1.0.5 on non-Windows platforms allows local users to cause a denial of service (application crash) via format string specifiers in the HOME environment variable.
CVE-2007-0229 2 Apple, Freebsd 3 Mac Os X, Mac Os X Server, Freebsd 2026-04-23 N/A
Integer overflow in the ffs_mountfs function in Mac OS X 10.4.8 and FreeBSD 6.1 allows local users to cause a denial of service (panic) and possibly gain privileges via a crafted DMG image that causes "allocation of a negative size buffer" leading to a heap-based buffer overflow, a related issue to CVE-2006-5679. NOTE: a third party states that this issue does not cross privilege boundaries in FreeBSD because only root may mount a filesystem.
CVE-2007-3721 1 Freebsd 1 Freebsd 2026-04-23 N/A
The ULE process scheduler in the FreeBSD kernel gives preference to "interactive" processes that perform voluntary sleeps, which allows local users to cause a denial of service (CPU consumption), as described in "Secretly Monopolizing the CPU Without Superuser Privileges."
CVE-2026-4747 1 Freebsd 1 Freebsd 2026-04-20 8.8 High
Each RPCSEC_GSS data packet is validated by a routine which checks a signature in the packet. This routine copies a portion of the packet into a stack buffer, but fails to ensure that the buffer is sufficiently large, and a malicious client can trigger a stack overflow. Notably, this does not require the client to authenticate itself first. As kgssapi.ko's RPCSEC_GSS implementation is vulnerable, remote code execution in the kernel is possible by an authenticated user that is able to send packets to the kernel's NFS server while kgssapi.ko is loaded into the kernel. In userspace, applications which have librpcgss_sec loaded and run an RPC server are vulnerable to remote code execution from any client able to send it packets. We are not aware of any such applications in the FreeBSD base system.
CVE-2026-3038 1 Freebsd 1 Freebsd 2026-04-16 7.5 High
The rtsock_msg_buffer() function serializes routing information into a buffer. As a part of this, it copies sockaddr structures into a sockaddr_storage structure on the stack. It assumes that the source sockaddr length field had already been validated, but this is not necessarily the case, and it's possible for a malicious userspace program to craft a request which triggers a 127-byte overflow. In practice, this overflow immediately overwrites the canary for the rtsock_msg_buffer() stack frame, resulting in a panic once the function returns. The bug allows an unprivileged user to crash the kernel by triggering a stack buffer overflow in rtsock_msg_buffer(). In particular, the overflow will corrupt a stack canary value that is verified when the function returns; this mitigates the impact of the stack overflow by triggering a kernel panic. Other kernel bugs may exist which allow userspace to find the canary value and thus defeat the mitigation, at which point local privilege escalation may be possible.
CVE-2026-2261 1 Freebsd 1 Freebsd 2026-04-16 7.5 High
Due to a programming error, blocklistd leaks a socket descriptor for each adverse event report it receives. Once a certain number of leaked sockets is reached, blocklistd becomes unable to run the helper script: a child process is forked, but this child dereferences a null pointer and crashes before it is able to exec the helper. At this point, blocklistd still records adverse events but is unable to block new addresses or unblock addresses whose database entries have expired. Once a second, much higher number of leaked sockets is reached, blocklistd becomes unable to receive new adverse event reports. An attacker may take advantage of this by triggering a large number of adverse events from sacrificial IP addresses to effectively disable blocklistd before launching an attack. Even in the absence of attacks or probes by would-be attackers, adverse events will occur regularly in the course of normal operations, and blocklistd will gradually run out file descriptors and become ineffective. The accumulation of open sockets may have knock-on effects on other parts of the system, resulting in a general slowdown until blocklistd is restarted.
CVE-2005-1406 1 Freebsd 1 Freebsd 2026-04-16 N/A
The kernel in FreeBSD 4.x to 4.11 and 5.x to 5.4 does not properly clear certain fixed-length buffers when copying variable-length data for use by applications, which could allow those applications to read previously used sensitive memory.
CVE-2000-1167 1 Freebsd 1 Freebsd 2026-04-16 N/A
ppp utility in FreeBSD 4.1.1 and earlier does not properly restrict access as specified by the "nat deny_incoming" command, which allows remote attackers to connect to the target system.
CVE-2005-1400 1 Freebsd 1 Freebsd 2026-04-16 N/A
The i386_get_ldt system call in FreeBSD 4.7 to 4.11 and 5.x to 5.4 allows local users to access sensitive kernel memory via arguments with negative or very large values.
CVE-2000-0993 3 Freebsd, Netbsd, Openbsd 3 Freebsd, Netbsd, Openbsd 2026-04-16 N/A
Format string vulnerability in pw_error function in BSD libutil library allows local users to gain root privileges via a malformed password in commands such as chpass or passwd.
CVE-1999-0855 1 Freebsd 1 Freebsd 2026-04-16 N/A
Buffer overflow in FreeBSD gdc program.
CVE-1999-0053 1 Freebsd 1 Freebsd 2026-04-16 N/A
TCP RST denial of service in FreeBSD.
CVE-2000-0998 1 Freebsd 1 Freebsd 2026-04-16 N/A
Format string vulnerability in top program allows local attackers to gain root privileges via the "kill" or "renice" function.
CVE-1999-0017 9 Caldera, Freebsd, Gnu and 6 more 11 Openlinux, Freebsd, Inet and 8 more 2026-04-16 N/A
FTP servers can allow an attacker to connect to arbitrary ports on machines other than the FTP client, aka FTP bounce.
CVE-2000-0916 1 Freebsd 1 Freebsd 2026-04-16 N/A
FreeBSD 4.1.1 and earlier, and possibly other BSD-based OSes, uses an insufficient random number generator to generate initial TCP sequence numbers (ISN), which allows remote attackers to spoof TCP connections.
CVE-1999-0826 1 Freebsd 1 Freebsd 2026-04-16 N/A
Buffer overflow in FreeBSD angband allows local users to gain privileges.
CVE-2002-0391 5 Freebsd, Microsoft, Openbsd and 2 more 9 Freebsd, Windows 2000, Windows Nt and 6 more 2026-04-16 9.8 Critical
Integer overflow in xdr_array function in RPC servers for operating systems that use libc, glibc, or other code based on SunRPC including dietlibc, allows remote attackers to execute arbitrary code by passing a large number of arguments to xdr_array through RPC services such as rpc.cmsd and dmispd.