Vulnerabilities > Freebsd > Low
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2010-05-28 | CVE-2010-2022 | Permissions, Privileges, and Access Controls vulnerability in Freebsd 8.0/8.1Prerelease jail.c in jail in FreeBSD 8.0 and 8.1-PRERELEASE, when the "-l -U root" options are omitted, does not properly restrict access to the current working directory, which might allow local users to read, modify, or create arbitrary files via standard filesystem operations. | 3.3 |
| 2010-02-25 | CVE-2010-0119 | Information Exposure vulnerability in Becauseinter Bournal Bournal before 1.4.1 on FreeBSD 8.0, when the -K option is used, places a ccrypt key on the command line, which allows local users to obtain sensitive information by listing the process and its arguments, related to "echoing." | 2.1 |
| 2009-06-25 | CVE-2009-2208 | Permissions, Privileges, and Access Controls vulnerability in Freebsd FreeBSD 6.3, 6.4, 7.1, and 7.2 does not enforce permissions on the SIOCSIFINFO_IN6 IOCTL, which allows local users to modify or disable IPv6 network interfaces, as demonstrated by modifying the MTU. | 3.6 |
| 2009-02-16 | CVE-2009-0601 | USE of Externally-Controlled Format String vulnerability in Wireshark Format string vulnerability in Wireshark 0.99.8 through 1.0.5 on non-Windows platforms allows local users to cause a denial of service (application crash) via format string specifiers in the HOME environment variable. | 2.1 |
| 2008-01-16 | CVE-2008-0216 | Permissions, Privileges, and Access Controls vulnerability in Freebsd The ptsname function in FreeBSD 6.0 through 7.0-PRERELEASE does not properly verify that a certain portion of a device name is associated with a pty of a user who is calling the pt_chown function, which might allow local users to read data from the pty from another user. | 2.1 |
| 2007-11-30 | CVE-2007-6150 | Information Exposure vulnerability in Freebsd The "internal state tracking" code for the random and urandom devices in FreeBSD 5.5, 6.1 through 6.3, and 7.0 beta 4 allows local users to obtain portions of previously-accessed random values, which could be leveraged to bypass protection mechanisms that rely on secrecy of those values. | 2.1 |
| 2007-07-12 | CVE-2007-3721 | Denial-Of-Service vulnerability in FreeBSD The ULE process scheduler in the FreeBSD kernel gives preference to "interactive" processes that perform voluntary sleeps, which allows local users to cause a denial of service (CPU consumption), as described in "Secretly Monopolizing the CPU Without Superuser Privileges." | 2.1 |
| 2007-07-12 | CVE-2007-3722 | Denial-Of-Service vulnerability in FreeBSD The 4BSD process scheduler in the FreeBSD kernel performs scheduling based on CPU billing gathered from periodic process sampling ticks, which allows local users to cause a denial of service (CPU consumption) by performing voluntary nanosecond sleeps that result in the process not being active during a clock interrupt, as described in "Secretly Monopolizing the CPU Without Superuser Privileges." | 2.1 |
| 2006-11-21 | CVE-2006-6013 | Local Integer Overflow vulnerability in Multiple BSD Vendor FireWire IOCTL Integer signedness error in the fw_ioctl (FW_IOCTL) function in the FireWire (IEEE-1394) drivers (dev/firewire/fwdev.c) in various BSD kernels, including DragonFlyBSD, FreeBSD 5.5, MidnightBSD 0.1-CURRENT before 20061115, NetBSD-current before 20061116, NetBSD-4 before 20061203, and TrustedBSD, allows local users to read arbitrary memory contents via certain negative values of crom_buf->len in an FW_GCROM command. | 2.1 |
| 2006-10-24 | CVE-2006-5482 | Denial-Of-Service vulnerability in Freebsd 6.1 ufs_vnops.c in FreeBSD 6.1 allows local users to cause an unspecified denial of service by calling the ftruncate function on a file type that is not VREG, VLNK or VDIR, which is not defined in POSIX. | 2.1 |