Vulnerabilities > Freebsd
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2015-02-02 | CVE-2014-8612 | Permissions, Privileges, and Access Controls vulnerability in Freebsd Multiple array index errors in the Stream Control Transmission Protocol (SCTP) module in FreeBSD 10.1 before p5, 10.0 before p17, 9.3 before p9, and 8.4 before p23 allow local users to (1) gain privileges via the stream id to the setsockopt function, when setting the SCTIP_SS_VALUE option, or (2) read arbitrary kernel memory via the stream id to the getsockopt function, when getting the SCTP_SS_PRIORITY option. | 4.6 |
| 2015-02-02 | CVE-2014-0998 | Numeric Errors vulnerability in Freebsd 10.1 Integer signedness error in the vt console driver (formerly Newcons) in FreeBSD 9.3 before p10 and 10.1 before p6 allows local users to cause a denial of service (crash) and possibly gain privileges via a negative value in a VT_WAITACTIVE ioctl call, which triggers an array index error and out-of-bounds kernel memory access. | 7.2 |
| 2014-12-17 | CVE-2014-8117 | Resource Management Errors vulnerability in multiple products softmagic.c in file before 5.21 does not properly limit recursion, which allows remote attackers to cause a denial of service (CPU consumption or crash) via unspecified vectors. | 5.0 |
| 2014-12-17 | CVE-2014-8116 | Resource Management Errors vulnerability in multiple products The ELF parser (readelf.c) in file before 5.21 allows remote attackers to cause a denial of service (CPU consumption or crash) via a large number of (1) program or (2) section headers or (3) invalid capabilities. | 5.0 |
| 2014-12-12 | CVE-2014-7250 | Resource Management Errors vulnerability in multiple products The TCP stack in 4.3BSD Net/2, as used in FreeBSD 5.4, NetBSD possibly 2.0, and OpenBSD possibly 3.6, does not properly implement the session timer, which allows remote attackers to cause a denial of service (resource consumption) via crafted packets. | 5.0 |
| 2014-11-18 | CVE-2014-8475 | Code vulnerability in Freebsd 10.0/9.1/9.2 FreeBSD 9.1, 9.2, and 10.0, when compiling OpenSSH with Kerberos support, uses incorrect library ordering when linking sshd, which causes symbols to be resolved incorrectly and allows remote attackers to cause a denial of service (sshd deadlock and prevention of new connections) by ending multiple connections before authentication is completed. | 4.3 |
| 2014-11-13 | CVE-2014-8476 | Information Exposure vulnerability in Freebsd The setlogin function in FreeBSD 8.4 through 10.1-RC4 does not initialize the buffer used to store the login name, which allows local users to obtain sensitive information from kernel memory via a call to getlogin, which returns the entire buffer. | 2.1 |
| 2014-10-27 | CVE-2014-3955 | Improper Input Validation vulnerability in Freebsd routed in FreeBSD 8.4 through 10.1-RC2 allows remote attackers to cause a denial of service (assertion failure and daemon exit) via an RIP request from a source not on a directly connected network. | 5.0 |
| 2014-10-27 | CVE-2014-3954 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Freebsd Stack-based buffer overflow in rtsold in FreeBSD 9.1 through 10.1-RC2 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via crafted DNS parameters in a router advertisement message. | 10.0 |
| 2014-10-27 | CVE-2014-3711 | Resource Management Errors vulnerability in Freebsd namei in FreeBSD 9.1 through 10.1-RC2 allows remote attackers to cause a denial of service (memory exhaustion) via vectors that trigger a sandboxed process to look up a large number of nonexistent path names. | 5.0 |