Vulnerabilities > Freebsd

DATE CVE VULNERABILITY TITLE RISK
2005-03-05 CVE-2005-0109 Hyper-Threading technology, as used in FreeBSD and other operating systems that are run on Intel Pentium and other processors, allows local users to use a malicious thread to create covert channels, monitor the execution of other threads, and obtain sensitive information such as cryptographic keys, via a timing attack on memory cache misses.
local
high complexity
freebsd sco redhat ubuntu sun
5.6
2004-11-23 CVE-2004-0079 NULL Pointer Dereference vulnerability in multiple products
The do_change_cipher_spec function in OpenSSL 0.9.6c to 0.9.6k, and 0.9.7a to 0.9.7c, allows remote attackers to cause a denial of service (crash) via a crafted SSL/TLS handshake that triggers a null dereference.
7.5
2003-08-27 CVE-2003-0466 Off-by-one Error vulnerability in multiple products
Off-by-one error in the fb_realpath() function, as derived from the realpath function in BSD, may allow attackers to execute arbitrary code, as demonstrated in wu-ftpd 2.5.0 through 2.6.2 via commands that cause pathnames of length MAXPATHLEN+1 to trigger a buffer overflow, including (1) STOR, (2) RETR, (3) APPE, (4) DELE, (5) MKD, (6) RMD, (7) STOU, or (8) RNTO.
network
low complexity
wuftpd redhat apple sun freebsd netbsd openbsd CWE-193
critical
9.8
2002-12-31 CVE-2002-1915 Improper Locking vulnerability in multiple products
tip on multiple BSD-based operating systems allows local users to cause a denial of service (execution prevention) by using flock() to lock the /var/log/acculog file.
local
low complexity
openbsd netbsd freebsd CWE-667
5.5
2002-08-12 CVE-2002-0391 Integer Overflow or Wraparound vulnerability in multiple products
Integer overflow in xdr_array function in RPC servers for operating systems that use libc, glibc, or other code based on SunRPC including dietlibc, allows remote attackers to execute arbitrary code by passing a large number of arguments to xdr_array through RPC services such as rpc.cmsd and dmispd.
network
low complexity
openbsd sun freebsd microsoft CWE-190
critical
9.8
2001-08-23 CVE-2001-1155 Incorrect Authorization vulnerability in Freebsd 4.1.1/4.2/4.3
TCP Wrappers (tcp_wrappers) in FreeBSD 4.1.1 through 4.3 with the PARANOID ACL option enabled does not properly check the result of a reverse DNS lookup, which could allow remote attackers to bypass intended access restrictions via DNS spoofing.
network
low complexity
freebsd CWE-863
critical
9.8
1998-06-16 CVE-1999-0783 Link Following vulnerability in Freebsd 2.2
FreeBSD allows local users to conduct a denial of service by creating a hard link from a device special file to a file on an NFS file system.
local
low complexity
freebsd CWE-59
5.5