Vulnerabilities > Freebsd > Low
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-02-07 | CVE-2015-5677 | Information Exposure vulnerability in Freebsd 10.1/10.2/9.3 bsnmpd, as used in FreeBSD 9.3, 10.1, and 10.2, uses world-readable permissions on the snmpd.config file, which allows local users to obtain the secret key for USM authentication by reading the file. | 2.1 |
| 2015-04-10 | CVE-2015-1415 | Information Exposure vulnerability in Freebsd The bsdinstall installer in FreeBSD 10.x before 10.1 p9, when configuring full disk encrypted ZFS, uses world-readable permissions for the GELI keyfile (/boot/encryption.key), which allows local users to obtain sensitive key information by reading the file. | 2.1 |
| 2014-11-13 | CVE-2014-8476 | Information Exposure vulnerability in Freebsd The setlogin function in FreeBSD 8.4 through 10.1-RC4 does not initialize the buffer used to store the login name, which allows local users to obtain sensitive information from kernel memory via a call to getlogin, which returns the entire buffer. | 2.1 |
| 2014-06-10 | CVE-2014-3873 | Improper Input Validation vulnerability in Freebsd The ktrace utility in the FreeBSD kernel 8.4 before p11, 9.1 before p14, 9.2 before p7, and 9.3-BETA1 before p1 uses an incorrect page fault kernel trace entry size, which allows local users to obtain sensitive information from kernel memory via a kernel process trace. | 2.1 |
| 2014-06-04 | CVE-2014-3956 | Information Exposure vulnerability in multiple products The sm_close_on_exec function in conf.c in sendmail before 8.14.9 has arguments in the wrong order, and consequently skips setting expected FD_CLOEXEC flags, which allows local users to access unintended high-numbered file descriptors via a custom mail-delivery program. | 1.9 |
| 2013-09-23 | CVE-2013-5710 | Permissions, Privileges, and Access Controls vulnerability in Freebsd The nullfs implementation in sys/fs/nullfs/null_vnops.c in the kernel in FreeBSD 8.3 through 9.2 allows local users with certain permissions to bypass access restrictions via a hardlink in a nullfs instance to a file in a different instance. | 3.7 |
| 2012-08-21 | CVE-2012-4578 | Cryptographic Issues vulnerability in Pawel Jakub Dawidek Geli 4/7 The geli encryption provider 7 before r239184 on FreeBSD 10 uses a weak Master Key, which makes it easier for local users to defeat a cryptographic protection mechanism via a brute-force attack. | 2.1 |
| 2011-03-04 | CVE-2011-1073 | Link Following vulnerability in multiple products crontab.c in crontab in FreeBSD and Apple Mac OS X allows local users to (1) determine the existence of arbitrary files via a symlink attack on a /tmp/crontab.XXXXXXXXXX temporary file and (2) perform MD5 checksum comparisons on arbitrary pairs of files via two symlink attacks on /tmp/crontab.XXXXXXXXXX temporary files. | 1.9 |
| 2011-03-04 | CVE-2011-1074 | Information Exposure vulnerability in Freebsd crontab.c in crontab in FreeBSD allows local users to determine the existence of arbitrary directories via a command-line argument composed of a directory name concatenated with a directory traversal sequence that leads to the /etc/crontab pathname. | 1.9 |
| 2010-08-20 | CVE-2010-3014 | Information Exposure vulnerability in multiple products The Coda filesystem kernel module, as used in NetBSD and FreeBSD, when Coda is loaded and Venus is running with /coda mounted, allows local users to read sensitive heap memory via a large out_size value in a ViceIoctl struct to a Coda ioctl, which triggers a buffer over-read. | 1.2 |