Home/Product/freebsd
Product

freebsd

500 known vulnerabilities across versions
Vulnerabilities are listed by affected version. Select any CVE for the full briefing and its intelligence graph.
CVE-2026-42512
all versions
As dhclient is building an environment to pass to dhclient-script, it may need to resize the array of string pointers. The code w
8.1HIGH
 CVE-2026-39457
all versions
When exchanging data over a socket, libnv uses select(2) to wait for data to arrive. However, it does not verify whether the prov
7.8HIGH
 CVE-2026-35547
all versions
When processing the header of an incoming message, libnv failed to properly validate the message size. The lack of validation all
8.1HIGH
 CVE-2026-7164
all versions
Incorrect packet validation allowed unbounded recursion parsing SCTP chunk parameters. This can eventually result in a stack over
7.5HIGH
 CVE-2026-7270
all versions
An operator precedence bug in the kernel results in a scenario where a buffer overflow causes attacker-controlled data to overwrit
7.8HIGH
 CVE-2026-42511
all versions
The BOOTP file field is written to the lease file without escaping embedded double-quotes, allowing injection of arbitrary dhclien
8.1HIGH
 CVE-2026-6386
all versions
In order to apply a particular protection key to an address range, the kernel must update the corresponding page table entries. T
6.2MEDIUM
 CVE-2026-5398
all versions
The implementation of TIOCNOTTY failed to clear a back-pointer from the structure representing the controlling terminal to the cal
8.4HIGH
 CVE-2026-4748
>= 14.0 and < 14.4
A regression in the way hashes were calculated caused rules containing the address range syntax (x.x.x.x - y.y.y.y) that only diff
7.5HIGH
 CVE-2026-4747
all versions
Each RPCSEC_GSS data packet is validated by a routine which checks a signature in the packet. This routine copies a portion of th
8.8HIGH
 CVE-2026-4652
all versions
On a system exposing an NVMe/TCP target, a remote client can trigger a kernel panic by sending a CONNECT command for an I/O queue
7.5HIGH
 CVE-2026-4247
all versions
When a challenge ACK is to be sent tcp_respond() constructs and sends the challenge ACK and consumes the mbuf that is passed in.
7.5HIGH
 CVE-2026-3038
all versions
The rtsock_msg_buffer() function serializes routing information into a buffer. As a part of this, it copies sockaddr structures i
7.5HIGH
 CVE-2026-2261
all versions
Due to a programming error, blocklistd leaks a socket descriptor for each adverse event report it receives. Once a certain number
7.5HIGH
 CVE-2025-15576
all versions
If two sibling jails are restricted to separate filesystem trees, which is to say that neither of the two jail root directories is
7.5HIGH
 CVE-2025-15547
all versions
By default, jailed processes cannot mount filesystems, including nullfs(4). However, the allow.mount.nullfs option enables mounti
8.8HIGH
 CVE-2025-14769
all versions
In some cases, the tcp-setmss handler may free the packet data and throw an error without halting the rule processing engine. A
7.5HIGH
 CVE-2025-14558
all versions
The rtsol(8) and rtsold(8) programs do not validate the domain search list options provided in router advertisement messages; the
7.2HIGH
 CVE-2024-8178
>= 13.0 and < 13.3
The ctl_write_buffer and ctl_read_buffer functions allocated memory to be returned to userspace, without initializing it. Malicio
8.8HIGH
 CVE-2024-45063
>= 13.0 and < 13.3
The function ctl_write_buffer incorrectly set a flag which resulted in a kernel Use-After-Free when a command finished processing.
8.8HIGH
 CVE-2024-43110
>= 13.0 and < 13.3
The ctl_request_sense function could expose up to three bytes of the kernel heap to userspace. Malicious software running in a gu
8.8HIGH
 CVE-2024-43102
>= 13.0 and < 13.3
Concurrent removals of certain anonymous shared memory mappings by using the UMTX_SHM_DESTROY sub-request of UMTX_OP_SHM can lead
10.0CRITICAL
 CVE-2024-42416
>= 13.0 and < 13.3
The ctl_report_supported_opcodes function did not sufficiently validate a field provided by userspace, allowing an arbitrary write
8.8HIGH
 CVE-2024-32668
>= 13.0 and < 13.3
An insufficient boundary validation in the USB code could lead to an out-of-bounds write on the heap, with data controlled by the
8.2HIGH
 CVE-2024-45287
>= 13.0 and < 13.3
A malicious value of size in a structure of packed libnv can cause an integer overflow, leading to the allocation of a smaller buf
7.5HIGH
 CVE-2024-7589
< 13.0
A signal handler in sshd(8) may call a logging function that is not async-signal-safe. The signal handler is invoked when a clien
8.1HIGH
 CVE-2024-6760
< 13.0
A logic bug in the code which disables kernel tracing for setuid programs meant that tracing was not disabled when it should have,
7.5HIGH
 CVE-2024-6759
< 13.0
When mounting a remote filesystem using NFS, the kernel did not sanitize remotely provided filenames for the path separator charac
5.3MEDIUM
 CVE-2024-6387
all versions
A security regression (CVE-2006-5051) was discovered in OpenSSH's server (sshd). There is a race condition which can lead sshd to
8.1HIGH
 CVE-2024-29937
all versions
NFS in a BSD derived codebase, as used in OpenBSD through 7.4 and FreeBSD through 14.0-RELEASE, allows remote attackers to execute
9.8CRITICAL
 CVE-2022-23093
all versions
ping reads raw IP packets from the network to process responses in the pr_pack() function. As part of processing a response ping
6.5MEDIUM
 CVE-2022-23092
all versions
The implementation of lib9p's handling of RWALK messages was missing a bounds check needed when unpacking the message contents. T
8.8HIGH
 CVE-2022-23091
< 12.3
A particular case of memory sharing is mishandled in the virtual memory system. This is very similar to SA-21:08.vm, but with a d
4.0MEDIUM
 CVE-2022-23090
all versions
The aio_aqueue function, used by the lio_listio system call, fails to release a reference to a credential in an error case. An at
7.7HIGH
 CVE-2024-25941
< 13.2
The jail(2) system call has not limited a visiblity of allocated TTYs (the kern.ttys sysctl). This gives rise to an information l
3.3LOW
 CVE-2024-25940
< 13.2
bhyveload -h <host-path> may be used to grant loader access to the <host-path> directory tree on the host. Affected versions of
6.3MEDIUM
 CVE-2022-23089
< 12.3
When dumping core and saving process information, proc_getargv() might return an sbuf which have a sbuf_len() of 0 or -1, which is
4.7MEDIUM
 CVE-2022-23088
< 12.3
The 802.11 beacon handling routine failed to validate the length of an IEEE 802.11s Mesh ID before copying it to a heap-allocated
9.8CRITICAL
 CVE-2022-23087
>= 12.0 and < 12.3
The e1000 network adapters permit a variety of modifications to an Ethernet packet when it is being transmitted. These include th
8.8HIGH
 CVE-2022-23086
>= 12.0 and < 12.3
Handlers for *_CFG_PAGE read / write ioctls in the mpr, mps, and mpt drivers allocated a buffer of a caller-specified size, but co
7.8HIGH
 CVE-2022-23085
>= 12.0 and < 12.3
A user-provided integer option was passed to nmreq_copyin() without checking if it would overflow. This insufficient bounds check
8.2HIGH
 CVE-2022-23084
>= 12.0 and < 12.3
The total size of the user-provided nmreq to nmreq_copyin() was first computed and then trusted during the copyin. This time-of-c
7.5HIGH
 CVE-2023-51765
< 11.0
sendmail through 8.17.2 allows SMTP smuggling in certain configurations. Remote attackers can use a published exploitation techniq
5.3MEDIUM
 CVE-2023-48795
<= 12.4
The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attacker
5.9MEDIUM
 CVE-2023-6660
all versions
When a program running on an affected system appends data to a file via an NFS client mount, the bug can cause the NFS client to f
6.5MEDIUM
 CVE-2023-6534
all versions
In versions of FreeBSD 14.0-RELEASE before 14-RELEASE-p2, FreeBSD 13.2-RELEASE before 13.2-RELEASE-p7 and FreeBSD 12.4-RELEASE bef
7.5HIGH
 CVE-2023-5978
>= 13.0 and < 13.2
In versions of FreeBSD 13-RELEASE before 13-RELEASE-p5, under certain circumstances the cap_net libcasper(3) service incorrectly v
7.5HIGH
 CVE-2023-5941
< 12.4
In versions of FreeBSD 12.4-RELEASE prior to 12.4-RELEASE-p7 and FreeBSD 13.2-RELEASE prior to 13.2-RELEASE-p5 the __sflush() stdi
9.8CRITICAL
 CVE-2023-5370
all versions
On CPU 0 the check for the SMCCC workaround is called before SMCCC support has been initialized. This resulted in no speculative e
5.5MEDIUM
 CVE-2023-5369
all versions
Before correction, the copy_file_range system call checked only for the CAP_READ and CAP_WRITE capabilities on the input and out
7.1HIGH
 CVE-2023-5368
< 12.4
On an msdosfs filesystem, the 'truncate' or 'ftruncate' system calls under certain circumstances populate the additional space in
6.5MEDIUM
 CVE-2023-4809
< 12.4
In pf packet processing with a 'scrub fragment reassemble' rule, a packet containing multiple IPv6 fragment headers would be reass
7.5HIGH
 CVE-2023-3494
all versions
The fwctl driver implements a state machine which is executed when a bhyve guest accesses certain x86 I/O ports. The interface le
8.8HIGH
 CVE-2023-3107
all versions
A set of carefully crafted ipv6 packets can trigger an integer overflow in the calculation of a fragment reassembled packet's payl
7.5HIGH
 CVE-2023-3326
< 12.4
pam_krb5 authenticates a user by essentially running kinit with the password, getting a ticket-granting ticket (tgt) from the Kerb
9.8CRITICAL
 CVE-2023-0751
all versions
When GELI reads a key file from standard input, it does not reuse the key file to initialize multiple providers at once resulting
6.5MEDIUM
 CVE-2022-32264
< 7.0
sys/netinet/tcp_timer.h in FreeBSD before 7.0 contains a denial-of-service (DoS) vulnerability due to improper handling of TSopt o
7.5HIGH
 CVE-2021-29632
all versions
In FreeBSD 13.0-STABLE before n247428-9352de39c3dc, 12.2-STABLE before r370674, 13.0-RELEASE before p6, and 12.2-RELEASE before p1
7.5HIGH
 CVE-2011-1075
all versions
FreeBSD's crontab calculates the MD5 sum of the previous and new cronjob to determine if any changes have been made before copying
3.7LOW
 CVE-2021-29630
all versions
In FreeBSD 13.0-STABLE before n246938-0729ba2f49c9, 12.2-STABLE before r370383, 11.4-STABLE before r370381, 13.0-RELEASE before p4
8.1HIGH
 CVE-2021-29631
all versions
In FreeBSD 13.0-STABLE before n246941-20f96f215562, 12.2-STABLE before r370400, 11.4-STABLE before r370399, 13.0-RELEASE before p4
7.8HIGH
 CVE-2020-7469
all versions
In FreeBSD 12.2-STABLE before r367402, 11.4-STABLE before r368202, 12.2-RELEASE before p1, 12.1-RELEASE before p11 and 11.4-RELEAS
7.5HIGH
 CVE-2021-29629
all versions
In FreeBSD 13.0-STABLE before n245765-bec0d2c9c841, 12.2-STABLE before r369859, 11.4-STABLE before r369866, 13.0-RELEASE before p1
7.5HIGH
 CVE-2021-29628
all versions
In FreeBSD 13.0-STABLE before n245764-876ffe28796c, 12.2-STABLE before r369857, 13.0-RELEASE before p1, and 12.2-RELEASE before p7
7.5HIGH
 CVE-2021-29627
>= 12.0 and < 12.2
In FreeBSD 13.0-STABLE before n245050, 12.2-STABLE before r369525, 13.0-RC4 before p0, and 12.2-RELEASE before p6, listening socke
7.8HIGH
 CVE-2021-29626
< 11.4
In FreeBSD 13.0-STABLE before n245117, 12.2-STABLE before r369551, 11.4-STABLE before r369559, 13.0-RC5 before p1, 12.2-RELEASE be
5.5MEDIUM
 CVE-2020-25584
< 11.4
In FreeBSD 13.0-STABLE before n245118, 12.2-STABLE before r369552, 11.4-STABLE before r369560, 13.0-RC5 before p1, 12.2-RELEASE be
7.5HIGH
 CVE-2020-25583
all versions
In FreeBSD 12.2-STABLE before r368250, 11.4-STABLE before r368253, 12.2-RELEASE before p1, 12.1-RELEASE before p11 and 11.4-RELEAS
9.8CRITICAL
 CVE-2020-25577
all versions
In FreeBSD 12.2-STABLE before r368250, 11.4-STABLE before r368253, 12.2-RELEASE before p1, 12.1-RELEASE before p11 and 11.4-RELEAS
9.8CRITICAL
 CVE-2020-7468
all versions
In FreeBSD 12.2-STABLE before r365772, 11.4-STABLE before r365773, 12.1-RELEASE before p10, 11.4-RELEASE before p4 and 11.3-RELEAS
8.8HIGH
 CVE-2020-7467
all versions
In FreeBSD 12.2-STABLE before r365767, 11.4-STABLE before r365769, 12.1-RELEASE before p10, 11.4-RELEASE before p4 and 11.3-RELEAS
7.6HIGH
 CVE-2020-7464
all versions
In FreeBSD 12.2-STABLE before r365730, 11.4-STABLE before r365738, 12.1-RELEASE before p10, 11.4-RELEASE before p4, and 11.3-RELEA
5.3MEDIUM
 CVE-2020-7463
all versions
In FreeBSD 12.1-STABLE before r364644, 11.4-STABLE before r364651, 12.1-RELEASE before p9, 11.4-RELEASE before p3, and 11.3-RELEAS
5.5MEDIUM
 CVE-2020-7462
all versions
In 11.4-PRERELEASE before r360733 and 11.3-RELEASE before p13, improper mbuf handling in the kernel causes a use-after-free bug by
5.5MEDIUM
 CVE-2020-7461
all versions
In FreeBSD 12.1-STABLE before r365010, 11.4-STABLE before r365011, 12.1-RELEASE before p9, 11.4-RELEASE before p3, and 11.3-RELEAS
7.3HIGH
 CVE-2020-25582
all versions
In FreeBSD 12.2-STABLE before r369334, 11.4-STABLE before r369335, 12.2-RELEASE before p4 and 11.4-RELEASE before p8 when a proces
8.7HIGH
 CVE-2020-25581
all versions
In FreeBSD 12.2-STABLE before r369312, 11.4-STABLE before r369313, 12.2-RELEASE before p4 and 11.4-RELEASE before p8 due to a race
7.5HIGH
 CVE-2020-25580
all versions
In FreeBSD 12.2-STABLE before r369346, 11.4-STABLE before r369345, 12.2-RELEASE before p4 and 11.4-RELEASE before p8 a regression
5.3MEDIUM
 CVE-2020-25579
all versions
In FreeBSD 12.2-STABLE before r368969, 11.4-STABLE before r369047, 12.2-RELEASE before p3, 12.1-RELEASE before p13 and 11.4-RELEAS
5.3MEDIUM
 CVE-2020-25578
all versions
In FreeBSD 12.2-STABLE before r368969, 11.4-STABLE before r369047, 12.2-RELEASE before p3, 12.1-RELEASE before p13 and 11.4-RELEAS
5.3MEDIUM
 CVE-2021-3450
all versions
The X509_V_FLAG_X509_STRICT flag enables additional security checks of the certificates present in a certificate chain. It is not
7.4HIGH
 CVE-2021-3449
all versions
An OpenSSL TLS server may crash if sent a maliciously crafted renegotiation ClientHello message from a client. If a TLSv1.2 renego
5.9MEDIUM
 CVE-2020-24718
<= 11.2
bhyve, as used in FreeBSD through 12.1 and illumos (e.g., OmniOS CE through r151034 and OpenIndiana through Hipster 2020.04), does
8.2HIGH
 CVE-2020-24863
<= 11.4
A memory corruption vulnerability was found in the kernel function kern_getfsstat in MidnightBSD before 1.2.7 and 1.3 through 2020
5.5MEDIUM
 CVE-2020-24385
<= 7.0
In MidnightBSD before 1.2.6 and 1.3 before August 2020, and FreeBSD before 7, a NULL pointer dereference was found in the Linux em
5.5MEDIUM
 CVE-2020-7460
all versions
In FreeBSD 12.1-STABLE before r363918, 12.1-RELEASE before p8, 11.4-STABLE before r363919, 11.4-RELEASE before p2, and 11.3-RELEAS
7.0HIGH
 CVE-2020-7459
all versions
In FreeBSD 12.1-STABLE before r362166, 12.1-RELEASE before p8, 11.4-STABLE before r362167, 11.4-RELEASE before p2, and 11.3-RELEAS
6.8MEDIUM
 CVE-2020-7458
all versions
In FreeBSD 12.1-STABLE before r362281, 11.4-STABLE before r362281, and 11.4-RELEASE before p1, long values in the user-controlled
9.8CRITICAL
 CVE-2020-7457
all versions
In FreeBSD 12.1-STABLE before r359565, 12.1-RELEASE before p7, 11.4-STABLE before r362975, 11.4-RELEASE before p1, and 11.3-RELEAS
8.1HIGH
 CVE-2020-7456
all versions
In FreeBSD 12.1-STABLE before r361918, 12.1-RELEASE before p6, 11.4-STABLE before r361919, 11.3-RELEASE before p10, and 11.4-RC2 b
6.8MEDIUM
 CVE-2020-13434
>= 11.0 and < 11.4
SQLite through 3.32.0 has an integer overflow in sqlite3_str_vappendf in printf.c.
5.5MEDIUM
 CVE-2020-7455
all versions
In FreeBSD 12.1-STABLE before r360973, 12.1-RELEASE before p5, 11.4-STABLE before r360973, 11.4-BETA1 before p1 and 11.3-RELEASE b
5.5MEDIUM
 CVE-2020-7454
all versions
In FreeBSD 12.1-STABLE before r360971, 12.1-RELEASE before p5, 11.4-STABLE before r360971, 11.4-BETA1 before p1 and 11.3-RELEASE b
9.8CRITICAL
 CVE-2019-15880
all versions
In FreeBSD 12.1-STABLE before r356911, and 12.1-RELEASE before p5, insufficient checking in the cryptodev module allocated the siz
9.8CRITICAL
 CVE-2019-15879
all versions
In FreeBSD 12.1-STABLE before r356908, 12.1-RELEASE before p5, 11.3-STABLE before r356908, and 11.3-RELEASE before p9, a race cond
7.4HIGH
 CVE-2019-15878
all versions
In FreeBSD 12.1-STABLE before r352509, 11.3-STABLE before r352509, and 11.3-RELEASE before p9, an unprivileged local user can trig
7.8HIGH
 CVE-2020-7453
all versions
In FreeBSD 12.1-STABLE before r359021, 12.1-RELEASE before 12.1-RELEASE-p3, 11.3-STABLE before r359020, and 11.3-RELEASE before 11
6.0MEDIUM
 CVE-2020-7452
all versions
In FreeBSD 12.1-STABLE before r357490, 12.1-RELEASE before 12.1-RELEASE-p3, 11.3-STABLE before r357489, and 11.3-RELEASE before 11
9.1CRITICAL
 CVE-2019-5614
all versions
In FreeBSD 12.1-STABLE before r356035, 12.1-RELEASE before 12.1-RELEASE-p4, 11.3-STABLE before r356036, and 11.3-RELEASE before 11
9.8CRITICAL
 CVE-2019-15874
all versions
In FreeBSD 12.1-STABLE before r356035, 12.1-RELEASE before 12.1-RELEASE-p4, 11.3-STABLE before r356036, and 11.3-RELEASE before 11
9.8CRITICAL
 CVE-2020-7451
all versions
In FreeBSD 12.1-STABLE before r358739, 12.1-RELEASE before 12.1-RELEASE-p3, 11.3-STABLE before r358740, and 11.3-RELEASE before 11
5.3MEDIUM
 CVE-2019-15877
all versions
In FreeBSD 12.1-STABLE before r356606 and 12.1-RELEASE before 12.1-RELEASE-p3, driver specific ioctl command handlers in the ixl n
5.5MEDIUM
 CVE-2019-15876
all versions
In FreeBSD 12.1-STABLE before r356089, 12.1-RELEASE before 12.1-RELEASE-p3, 11.3-STABLE before r356090, and 11.3-RELEASE before 11
5.5MEDIUM
 CVE-2020-1967
all versions
Server or client applications that call the SSL_check_chain() function during or after a TLS 1.3 handshake may crash due to a NULL
7.5HIGH
 CVE-2020-10566
< 525916_2020-02-12
grub2-bhyve, as used in FreeBSD bhyve before revision 525916 2020-02-12, mishandles font loading by a guest through a grub2.cfg fi
7.8HIGH
 CVE-2020-10565
< 525916_2020-02-12
grub2-bhyve, as used in FreeBSD bhyve before revision 525916 2020-02-12, does not validate the address provided as part of a memrw
7.8HIGH
 CVE-2012-5365
< 9.2
The IPv6 implementation in FreeBSD and NetBSD (unknown versions, year 2012 and earlier) allows remote attackers to cause a denial
7.5HIGH
 CVE-2012-5363
< 9.2
The IPv6 implementation in FreeBSD and NetBSD (unknown versions, year 2012 and earlier) allows remote attackers to cause a denial
7.5HIGH
 CVE-2015-2923
< 10.1
The Neighbor Discovery (ND) protocol implementation in the IPv6 stack in FreeBSD through 10.1 allows remote attackers to reconfigu
6.5MEDIUM
 CVE-2014-3879
<= 9.2
OpenPAM Nummularia 9.2 through 10.0 does not properly handle the error reported when an include directive refers to a policy that
9.8CRITICAL
 CVE-2020-7450
all versions
In FreeBSD 12.1-STABLE before r357213, 12.1-RELEASE before 12.1-RELEASE-p2, 12.0-RELEASE before 12.0-RELEASE-p13, 11.3-STABLE befo
9.8CRITICAL
 CVE-2019-5613
all versions
In FreeBSD 12.0-RELEASE before 12.0-RELEASE-p13, a missing check in the ipsec packet processor allows reinjection of an old packet
9.8CRITICAL
 CVE-2019-15875
all versions
In FreeBSD 12.1-STABLE before r354734, 12.1-RELEASE before 12.1-RELEASE-p2, 12.0-RELEASE before 12.0-RELEASE-p13, 11.3-STABLE befo
3.3LOW
 CVE-2011-3336
all versions
regcomp in the BSD implementation of libc is vulnerable to denial of service due to stack exhaustion.
7.5HIGH
 CVE-2019-14899
all versions
A vulnerability was discovered in Linux, FreeBSD, OpenBSD, MacOS, iOS, and Android that allows a malicious access point, or an adj
7.4HIGH
 CVE-2012-4576
all versions
FreeBSD: Input Validation Flaw allows local users to gain elevated privileges
7.8HIGH
 CVE-2011-2480
< 8.2
Information Disclosure vulnerability in the 802.11 stack, as used in FreeBSD before 8.2 and NetBSD when using certain non-x86 arch
7.5HIGH
 CVE-2019-5612
all versions
In FreeBSD 12.0-STABLE before r351264, 12.0-RELEASE before 12.0-RELEASE-p10, 11.3-STABLE before r351265, 11.3-RELEASE before 11.3-
7.5HIGH
 CVE-2019-5611
all versions
In FreeBSD 12.0-STABLE before r350828, 12.0-RELEASE before 12.0-RELEASE-p10, 11.3-STABLE before r350829, 11.3-RELEASE before 11.3-
7.5HIGH
 CVE-2019-5610
all versions
In FreeBSD 12.0-STABLE before r350637, 12.0-RELEASE before 12.0-RELEASE-p9, 11.3-STABLE before r350638, 11.3-RELEASE before 11.3-R
7.5HIGH
 CVE-2019-5609
all versions
In FreeBSD 12.0-STABLE before r350619, 12.0-RELEASE before 12.0-RELEASE-p9, 11.3-STABLE before r350619, 11.3-RELEASE before 11.3-R
7.5HIGH
 CVE-2019-5608
all versions
In FreeBSD 12.0-STABLE before r350648, 12.0-RELEASE before 12.0-RELEASE-p9, 11.3-STABLE before r350650, 11.3-RELEASE before 11.3-R
9.8CRITICAL
 CVE-2019-5607
all versions
In FreeBSD 12.0-STABLE before r350222, 12.0-RELEASE before 12.0-RELEASE-p8, 11.3-STABLE before r350223, 11.3-RELEASE before 11.3-R
7.8HIGH
 CVE-2019-5606
all versions
In FreeBSD 12.0-STABLE before r349805, 12.0-RELEASE before 12.0-RELEASE-p8, 11.3-STABLE before r349806, 11.3-RELEASE before 11.3-R
7.8HIGH
 CVE-2019-5605
all versions
In FreeBSD 11.3-STABLE before r350217, 11.3-RELEASE before 11.3-RELEASE-p1, and 11.2-RELEASE before 11.2-RELEASE-p12, due to insuf
6.5MEDIUM
 CVE-2019-5604
all versions
In FreeBSD 12.0-STABLE before r350246, 12.0-RELEASE before 12.0-RELEASE-p8, 11.3-STABLE before r350247, 11.3-RELEASE before 11.3-R
9.6CRITICAL
 CVE-2019-5603
all versions
In FreeBSD 12.0-STABLE before r350261, 12.0-RELEASE before 12.0-RELEASE-p8, 11.3-STABLE before r350263, 11.3-RELEASE before 11.3-R
7.8HIGH
 CVE-2019-5602
all versions
In FreeBSD 12.0-STABLE before r349628, 12.0-RELEASE before 12.0-RELEASE-p7, 11.3-PRERELEASE before r349629, 11.3-RC3 before 11.3-R
8.8HIGH
 CVE-2019-5601
all versions
In FreeBSD 12.0-STABLE before r347474, 12.0-RELEASE before 12.0-RELEASE-p7, 11.2-STABLE before r347475, and 11.2-RELEASE before 11
6.5MEDIUM
 CVE-2019-5600
all versions
In FreeBSD 12.0-STABLE before r349622, 12.0-RELEASE before 12.0-RELEASE-p7, 11.3-PRERELEASE before r349624, 11.3-RC3 before 11.3-R
9.8CRITICAL
 CVE-2019-5599
all versions
In FreeBSD 12.0-STABLE before r349197 and 12.0-RELEASE before 12.0-RELEASE-p6, a bug in the non-default RACK TCP stack can allow a
7.5HIGH
 CVE-2019-12900
all versions
BZ2_decompress in decompress.c in bzip2 through 1.0.6 has an out-of-bounds write when there are many selectors.
9.8CRITICAL
 CVE-2019-5598
all versions
In FreeBSD 11.3-PRERELEASE before r345378, 12.0-STABLE before r345377, 11.2-RELEASE before 11.2-RELEASE-p10, and 12.0-RELEASE befo
7.5HIGH
 CVE-2019-5597
all versions
In FreeBSD 11.3-PRERELEASE and 12.0-STABLE before r347591, 11.2-RELEASE before 11.2-RELEASE-p10, and 12.0-RELEASE before 12.0-RELE
9.1CRITICAL
 CVE-2019-9499
>= 11.0 and <= 11.1
The implementations of EAP-PWD in wpa_supplicant EAP Peer, when built against a crypto library missing explicit validation on impo
8.1HIGH
 CVE-2019-9498
>= 11.0 and <= 11.1
The implementations of EAP-PWD in hostapd EAP Server, when built against a crypto library missing explicit validation on imported
8.1HIGH
 CVE-2019-9495
all versions
The implementations of EAP-PWD in hostapd and wpa_supplicant are vulnerable to side-channel attacks as a result of cache access pa
3.7LOW
 CVE-2019-9494
all versions
The implementations of SAE in hostapd and wpa_supplicant are vulnerable to side channel attacks as a result of observable timing d
5.9MEDIUM
 CVE-2019-5596
all versions
In FreeBSD 11.2-STABLE after r338618 and before r343786, 12.0-STABLE before r343781, and 12.0-RELEASE before 12.0-RELEASE-p3, a bu
8.8HIGH
 CVE-2019-5595
all versions
In FreeBSD before 11.2-STABLE(r343782), 11.2-RELEASE-p9, 12.0-STABLE(r343781), and 12.0-RELEASE-p3, kernel callee-save registers a
5.5MEDIUM
 CVE-2018-1000998
>= 2.0.4 and <= 2.0.6
FreeBSD CVSweb version 2.x contains a Cross Site Scripting (XSS) vulnerability in all pages that can result in limited impact--CVS
6.1MEDIUM
 CVE-2019-6111
< 12.0
An issue was discovered in OpenSSH 7.9. Due to the scp implementation being derived from 1983 rcp, the server chooses which files/
5.9MEDIUM
 CVE-2018-17161
all versions
In FreeBSD before 11.2-STABLE(r348229), 11.2-RELEASE-p7, 12.0-STABLE(r342228), and 12.0-RELEASE-p1, insufficient validation of net
9.8CRITICAL
 CVE-2018-17160
< 11.2
In FreeBSD before 11.2-STABLE(r341486) and 11.2-RELEASE-p6, insufficient bounds checking in one of the device models provided by b
10.0CRITICAL
 CVE-2018-17159
< 11.2
In FreeBSD before 11.2-STABLE(r340854) and 11.2-RELEASE-p5, the NFS server lacks a bounds check in the READDIRPLUS NFS request. Un
7.5HIGH
 CVE-2018-17158
< 11.2
In FreeBSD before 11.2-STABLE(r340854) and 11.2-RELEASE-p5, an integer overflow error can occur when handling the client address l
7.5HIGH
 CVE-2018-17157
< 11.2
In FreeBSD before 11.2-STABLE(r340854) and 11.2-RELEASE-p5, an integer overflow error when handling opcodes can cause memory corru
9.8CRITICAL
 CVE-2018-17156
< 11.2
In FreeBSD before 11.2-STABLE(r340268) and 11.2-RELEASE-p5, due to incorrectly accounting for padding on 64-bit platforms, a buffe
5.9MEDIUM
 CVE-2018-6925
< 11.2
In FreeBSD before 11.2-STABLE(r338986), 11.2-RELEASE-p4, 11.1-RELEASE-p15, 10.4-STABLE(r338985), and 10.4-RELEASE-p13, due to impr
5.5MEDIUM
 CVE-2018-17155
< 11.2
In FreeBSD before 11.2-STABLE(r338983), 11.2-RELEASE-p4, 11.1-RELEASE-p15, 10.4-STABLE(r338984), and 10.4-RELEASE-p13, due to insu
5.5MEDIUM
 CVE-2018-17154
< 11.2
In FreeBSD before 11.2-STABLE(r338987), 11.2-RELEASE-p4, and 11.1-RELEASE-p15, due to insufficient memory checking in the freebsd4
5.5MEDIUM
 CVE-2018-6924
>= 11.0 and < 11.1
In FreeBSD before 11.1-STABLE, 11.2-RELEASE-p3, 11.1-RELEASE-p14, 10.4-STABLE, and 10.4-RELEASE-p12, insufficient validation in th
7.1HIGH
 CVE-2017-1085
< 11.2
In FreeBSD before 11.2-RELEASE, an application which calls setrlimit() to increase RLIMIT_STACK may turn a read-only memory region
7.8HIGH
 CVE-2017-1084
< 11.2
In FreeBSD before 11.2-RELEASE, multiple issues with the implementation of the stack guard-page reduce the protections afforded by
7.5HIGH
 CVE-2017-1083
< 11.2
In FreeBSD before 11.2-RELEASE, a stack guard-page is available but is disabled by default. This results in the possibility a poor
7.5HIGH
 CVE-2017-1082
>= 10.0 and <= 10.4
In FreeBSD 11.x before 11.1-RELEASE and 10.x before 10.4-RELEASE, the qsort algorithm has a deterministic recursion pattern. Feedi
7.5HIGH
 CVE-2018-6923
all versions
In FreeBSD before 11.1-STABLE, 11.2-RELEASE-p2, 11.1-RELEASE-p13, ip fragment reassembly code is vulnerable to a denial of service
7.5HIGH
 CVE-2018-6922
all versions
One of the data structures that holds TCP segments in all versions of FreeBSD prior to 11.2-RELEASE-p1, 11.1-RELEASE-p12, and 10.4
5.3MEDIUM
 CVE-2016-6559
all versions
Improper bounds checking of the obuf variable in the link_ntoa() function in linkaddr.c of the BSD libc library may allow an attac
9.8CRITICAL
 CVE-2018-3665
all versions
System software utilizing Lazy FP state restore technique on systems using Intel Core-based microprocessors may potentially allow
5.6MEDIUM
 CVE-2016-9042
all versions
An exploitable denial of service vulnerability exists in the origin timestamp check functionality of ntpd 4.2.8p9. A specially cra
5.9MEDIUM
 CVE-2018-6921
>= 11.0 and < 11.1
In FreeBSD before 11.1-STABLE(r332066) and 11.1-RELEASE-p10, due to insufficient initialization of memory copied to userland in th
5.5MEDIUM
 CVE-2018-6920
>= 10.0 and < 10.4
In FreeBSD before 11.1-STABLE(r332303), 11.1-RELEASE-p10, 10.4-STABLE(r332321), and 10.4-RELEASE-p9, due to insufficient initializ
5.5MEDIUM
 CVE-2018-8897
>= 11.0 and < 11.1
A statement in the System Programming Guide of the Intel 64 and IA-32 Architectures Software Developer's Manual (SDM) was mishandl
7.8HIGH
 CVE-2017-1081
<= 11.0
In FreeBSD before 11.0-STABLE, 11.0-RELEASE-p10, 10.3-STABLE, and 10.3-RELEASE-p19, ipfilter using "keep state" or "keep frags" op
7.5HIGH
 CVE-2018-6919
>= 10.0 and < 10.4
In FreeBSD before 11.1-STABLE, 11.1-RELEASE-p9, 10.4-STABLE, 10.4-RELEASE-p8 and 10.3-RELEASE-p28, due to insufficient initializat
7.5HIGH
 CVE-2018-6918
>= 10.0 and < 10.4
In FreeBSD before 11.1-STABLE, 11.1-RELEASE-p9, 10.4-STABLE, 10.4-RELEASE-p8 and 10.3-RELEASE-p28, the length field of the ipsec o
7.5HIGH
 CVE-2018-6917
>= 10.0 and < 10.4
In FreeBSD before 11.1-STABLE, 11.1-RELEASE-p9, 10.4-STABLE, 10.4-RELEASE-p8 and 10.3-RELEASE-p28, insufficient validation of user
7.5HIGH
 CVE-2018-6916
>= 11.0 and < 11.1
In FreeBSD before 11.1-STABLE, 11.1-RELEASE-p7, 10.4-STABLE, 10.4-RELEASE-p7, and 10.3-RELEASE-p28, the kernel does not properly v
9.8CRITICAL
 CVE-2018-7183
all versions
Buffer overflow in the decodearr function in ntpq in ntp 4.2.8p6 through 4.2.8p10 allows remote attackers to execute arbitrary cod
9.8CRITICAL
 CVE-2015-5674
all versions
The routed daemon in FreeBSD 9.3 before 9.3-RELEASE-p22, 10.2-RC2 before 10.2-RC2-p1, 10.2-RC1 before 10.2-RC1-p2, 10.2 before 10.
6.5MEDIUM
 CVE-2015-1418
all versions
The do_ed_script function in pch.c in GNU patch through 2.7.6, and patch in FreeBSD 10.1 before 10.1-RELEASE-p17, 10.2 before 10.2
7.8HIGH
 CVE-2015-1416
all versions
Larry Wall's patch; patch in FreeBSD 10.2-RC1 before 10.2-RC1-p1, 10.2 before 10.2-BETA2-p2, and 10.1 before 10.1-RELEASE-p16; Bit
7.8HIGH
 CVE-2017-1088
all versions
In FreeBSD before 11.1-STABLE, 11.1-RELEASE-p4, 11.0-RELEASE-p15, 10.4-STABLE, 10.4-RELEASE-p3, and 10.3-RELEASE-p24, the kernel d
3.3LOW
 CVE-2017-1087
all versions
In FreeBSD 10.x before 10.4-STABLE, 10.4-RELEASE-p3, and 10.3-RELEASE-p24 named paths are globally scoped, meaning a process locat
7.8HIGH
 CVE-2017-1086
all versions
In FreeBSD before 11.1-STABLE, 11.1-RELEASE-p4, 11.0-RELEASE-p15, 10.4-STABLE, 10.4-RELEASE-p3, and 10.3-RELEASE-p24, not all info
3.3LOW
 CVE-2017-13088
all versions
Wi-Fi Protected Access (WPA and WPA2) that support 802.11v allows reinstallation of the Integrity Group Temporal Key (IGTK) when p
5.3MEDIUM
 CVE-2017-13087
all versions
Wi-Fi Protected Access (WPA and WPA2) that support 802.11v allows reinstallation of the Group Temporal Key (GTK) when processing a
5.3MEDIUM
 CVE-2017-13086
all versions
Wi-Fi Protected Access (WPA and WPA2) allows reinstallation of the Tunneled Direct-Link Setup (TDLS) Peer Key (TPK) during the TDL
6.8MEDIUM
 CVE-2017-13084
all versions
Wi-Fi Protected Access (WPA and WPA2) allows reinstallation of the Station-To-Station-Link (STSL) Transient Key (STK) during the P
6.8MEDIUM
 CVE-2017-13082
all versions
Wi-Fi Protected Access (WPA and WPA2) that supports IEEE 802.11r allows reinstallation of the Pairwise Transient Key (PTK) Tempora
8.1HIGH
 CVE-2017-13081
all versions
Wi-Fi Protected Access (WPA and WPA2) that supports IEEE 802.11w allows reinstallation of the Integrity Group Temporal Key (IGTK)
5.3MEDIUM
 CVE-2017-13080
all versions
Wi-Fi Protected Access (WPA and WPA2) allows reinstallation of the Group Temporal Key (GTK) during the group key handshake, allowi
5.3MEDIUM
 CVE-2017-13079
all versions
Wi-Fi Protected Access (WPA and WPA2) that supports IEEE 802.11w allows reinstallation of the Integrity Group Temporal Key (IGTK)
5.3MEDIUM
 CVE-2017-13078
all versions
Wi-Fi Protected Access (WPA and WPA2) allows reinstallation of the Group Temporal Key (GTK) during the four-way handshake, allowin
5.3MEDIUM
 CVE-2017-13077
all versions
Wi-Fi Protected Access (WPA and WPA2) allows reinstallation of the Pairwise Transient Key (PTK) Temporal Key (TK) during the four-
6.8MEDIUM
 CVE-2015-5675
all versions
The sys_amd64 IRET Handler in the kernel in FreeBSD 9.3 and 10.1 allows local users to gain privileges or cause a denial of servic
7.8HIGH
 CVE-2017-15037
<= 11.1
In FreeBSD through 11.1, the smb_strdupin function in sys/netsmb/smb_subr.c has a race condition with a resultant out-of-bounds re
8.1HIGH
 CVE-2015-1417
all versions
The inet module in FreeBSD 10.2x before 10.2-PRERELEASE, 10.2-BETA2-p2, 10.2-RC1-p1, 10.1x before 10.1-RELEASE-p16, 9.x before 9.3
7.5HIGH
 CVE-2017-11103
all versions
Heimdal before 7.4 allows remote attackers to impersonate services with Orpheus' Lyre attacks because it obtains service-principal
8.1HIGH
 CVE-2016-1889
all versions
Integer overflow in the bhyve hypervisor in FreeBSD 10.1, 10.2, 10.3, and 11.0 when configured with a large amount of guest memory
7.8HIGH
 CVE-2016-1888
all versions
The telnetd service in FreeBSD 9.3, 10.1, 10.2, 10.3, and 11.0 allows remote attackers to inject arguments to login and bypass aut
7.5HIGH
 CVE-2016-1883
all versions
The issetugid system call in the Linux compatibility layer in FreeBSD 9.3, 10.1, and 10.2 allows local users to gain privilege via
7.8HIGH
 CVE-2016-1881
all versions
The kernel in FreeBSD 9.3, 10.1, and 10.2 allows local users to cause a denial of service (crash) or potentially gain privilege vi
7.8HIGH
 CVE-2016-1880
all versions
The Linux compatibility layer in the kernel in FreeBSD 9.3, 10.1, and 10.2 allows local users to read portions of kernel memory an
7.8HIGH
 CVE-2015-5677
all versions
bsnmpd, as used in FreeBSD 9.3, 10.1, and 10.2, uses world-readable permissions on the snmpd.config file, which allows local users
5.5MEDIUM
 CVE-2016-2518
all versions
The MATCH_ASSOC function in NTP before version 4.2.8p9 and 4.3.x before 4.3.92 allows remote attackers to cause an out-of-bounds r
5.3MEDIUM
 CVE-2015-7977
all versions
ntpd in NTP before 4.2.8p6 and 4.3.x before 4.3.90 allows remote attackers to cause a denial of service (NULL pointer dereference)
5.9MEDIUM
 CVE-2015-7973
>= 10.0 and < 10.1
NTP before 4.2.8p6 and 4.3.x before 4.3.90, when configured in broadcast mode, allows man-in-the-middle attackers to conduct repla
6.5MEDIUM
 CVE-2016-5766
all versions
Integer overflow in the _gd2GetHeader function in gd_gd2.c in the GD Graphics Library (aka libgd) before 2.2.3, as used in PHP bef
8.8HIGH
 CVE-2016-1887
all versions
Integer signedness error in the sockargs function in sys/kern/uipc_syscalls.c in FreeBSD 10.1 before p34, 10.2 before p17, and 10.
7.8HIGH
 CVE-2016-1886
all versions
Integer signedness error in the genkbd_commonioctl function in sys/dev/kbd/kbd.c in FreeBSD 9.3 before p42, 10.1 before p34, 10.2
7.8HIGH
 CVE-2016-1885
all versions
Integer signedness error in the amd64_set_ldt function in sys/amd64/amd64/sys_machdep.c in FreeBSD 9.3 before p39, 10.1 before p31
6.2MEDIUM
 CVE-2016-1882
all versions
FreeBSD 9.3 before p33, 10.1 before p26, and 10.2 before p9 allow remote attackers to cause a denial of service (kernel crash) via
7.5HIGH
 CVE-2016-1879
all versions
The Stream Control Transmission Protocol (SCTP) module in FreeBSD 9.3 before p33, 10.1 before p26, and 10.2 before p9, when the ke
7.5HIGH
 CVE-2014-8611
all versions
The __sflush function in fflush.c in stdio in libc in FreeBSD 10.1 and the kernel in Apple iOS before 9 mishandles failures of the
 CVE-2015-1415
<= 10.1
The bsdinstall installer in FreeBSD 10.x before 10.1 p9, when configuring full disk encrypted ZFS, uses world-readable permissions
 CVE-2015-1414
all versions
Integer overflow in FreeBSD before 8.4 p24, 9.x before 9.3 p10. 10.0 before p18, and 10.1 before p6 allows remote attackers to cau
 CVE-2014-8613
all versions
The sctp module in FreeBSD 10.1 before p5, 10.0 before p17, 9.3 before p9, and 8.4 before p23 allows remote attackers to cause a d
 CVE-2014-8612
all versions
Multiple array index errors in the Stream Control Transmission Protocol (SCTP) module in FreeBSD 10.1 before p5, 10.0 before p17,
 CVE-2014-0998
all versions
Integer signedness error in the vt console driver (formerly Newcons) in FreeBSD 9.3 before p10 and 10.1 before p6 allows local use
 CVE-2014-8117
all versions
softmagic.c in file before 5.21 does not properly limit recursion, which allows remote attackers to cause a denial of service (CPU
 CVE-2014-8116
all versions
The ELF parser (readelf.c) in file before 5.21 allows remote attackers to cause a denial of service (CPU consumption or crash) via
 CVE-2014-7250
all versions
The TCP stack in 4.3BSD Net/2, as used in FreeBSD 5.4, NetBSD possibly 2.0, and OpenBSD possibly 3.6, does not properly implement
 CVE-2014-8475
all versions
FreeBSD 9.1, 9.2, and 10.0, when compiling OpenSSH with Kerberos support, uses incorrect library ordering when linking sshd, which
 CVE-2014-8476
all versions
The setlogin function in FreeBSD 8.4 through 10.1-RC4 does not initialize the buffer used to store the login name, which allows lo
 CVE-2014-3955
all versions
routed in FreeBSD 8.4 through 10.1-RC2 allows remote attackers to cause a denial of service (assertion failure and daemon exit) vi
 CVE-2014-3954
all versions
Stack-based buffer overflow in rtsold in FreeBSD 9.1 through 10.1-RC2 allows remote attackers to cause a denial of service (crash)
 CVE-2014-3711
all versions
namei in FreeBSD 9.1 through 10.1-RC2 allows remote attackers to cause a denial of service (memory exhaustion) via vectors that tr
 CVE-2014-5384
all versions
The VIQR module in the iconv implementation in FreeBSD 10.0 before p6 and NetBSD allows context-dependent attackers to cause a den
 CVE-2014-3951
all versions
The HZ module in the iconv implementation in FreeBSD 10.0 before p6 and NetBSD allows context-dependent attackers to cause a denia
 CVE-2014-3953
all versions
FreeBSD 8.4 before p14, 9.1 before p17, 9.2 before p10, and 10.0 before p7 does not properly initialize certain data structures, w
 CVE-2014-3952
all versions
FreeBSD 8.4 before p14, 9.1 before p17, 9.2 before p10, and 10.0 before p7 does not properly initialize the buffer between the hea
 CVE-2014-3880
all versions
The (1) execve and (2) fexecve system calls in the FreeBSD kernel 8.4 before p11, 9.1 before p14, 9.2 before p7, and 10.0 before p
 CVE-2014-3873
all versions
The ktrace utility in the FreeBSD kernel 8.4 before p11, 9.1 before p14, 9.2 before p7, and 9.3-BETA1 before p1 uses an incorrect
 CVE-2014-3956
<= 9.2
The sm_close_on_exec function in conf.c in sendmail before 8.14.9 has arguments in the wrong order, and consequently skips setting
 CVE-2014-3001
all versions
The device file system (aka devfs) in FreeBSD 10.0 before p2 does not load default rulesets when booting, which allows context-dep
 CVE-2014-3000
all versions
The TCP reassembly function in the inet module in FreeBSD 8.3 before p16, 8.4 before p9, 9.1 before p12, 9.2 before p5, and 10.0 b
 CVE-2014-1453
all versions
The NFS server (nfsserver) in FreeBSD 8.3 through 10.0 does not acquire locks in the proper order when converting a directory file
 CVE-2014-1452
all versions
Stack-based buffer overflow in lib/snmpagent.c in bsnmpd, as used in FreeBSD 8.3 through 10.0, allows remote attackers to cause a
 CVE-2013-6834
<= 10.0
The ql_eioctl function in sys/dev/qlxgbe/ql_ioctl.c in the kernel in FreeBSD 10 and earlier does not validate a certain size param
 CVE-2013-6833
<= 10.0
The qls_eioctl function in sys/dev/qlxge/qls_ioctl.c in the kernel in FreeBSD 10 and earlier does not validate a certain size para
 CVE-2013-6832
<= 10.0
The nand_ioctl function in sys/dev/nand/nand_geom.c in the nand driver in the kernel in FreeBSD 10 and earlier does not properly i
 CVE-2013-0211
all versions
Integer signedness error in the archive_write_zip_data function in archive_write_set_format_zip.c in libarchive 3.1.2 and earlier,
 CVE-2013-5710
all versions
The nullfs implementation in sys/fs/nullfs/null_vnops.c in the kernel in FreeBSD 8.3 through 9.2 allows local users with certain p
 CVE-2013-5666
all versions
The sendfile system-call implementation in sys/kern/uipc_syscalls.c in the kernel in FreeBSD 9.2-RC1 and 9.2-RC2 does not properly
 CVE-2013-5691
all versions
The (1) IPv6 and (2) ATM ioctl request handlers in the kernel in FreeBSD 8.3 through 9.2-STABLE do not validate SIOCSIFADDR, SIOCS
 CVE-2013-5209
all versions
The sctp_send_initiate_ack function in sys/netinet/sctp_output.c in the SCTP implementation in the kernel in FreeBSD 8.3 through 9
 CVE-2013-3077
all versions
Multiple integer overflows in the IP_MSFILTER and IPV6_MSFILTER features in (1) sys/netinet/in_mcast.c and (2) sys/netinet6/in6_mc
 CVE-2013-4851
all versions
The vfs_hang_addrlist function in sys/kern/vfs_export.c in the NFS server implementation in the kernel in FreeBSD 8.3 and 9.x thro
 CVE-2013-4854
all versions
The RFC 5011 implementation in rdata.c in ISC BIND 9.7.x and 9.8.x before 9.8.5-P2, 9.8.6b1, 9.9.x before 9.9.3-P2, and 9.9.4b1, a
 CVE-2013-2171
all versions
The vm_map_lookup function in sys/vm/vm_map.c in the mmap implementation in the kernel in FreeBSD 9.0 through 9.1-RELEASE-p4 does
 CVE-2013-3266
all versions
The nfsrvd_readdir function in sys/fs/nfsserver/nfs_nfsdport.c in the new NFS server in FreeBSD 8.0 through 9.1-RELEASE-p3 does no
 CVE-2012-3549
all versions
The SCTP implementation in FreeBSD 8.2 allows remote attackers to cause a denial of service (NULL pointer dereference and kernel p
 CVE-2007-6754
all versions
The ipalloc function in libc/stdlib/malloc.c in jemalloc in libc for FreeBSD 6.4 and NetBSD does not properly allocate memory, whi
 CVE-2006-7252
all versions
Integer overflow in the calloc function in libc/stdlib/malloc.c in jemalloc in libc for FreeBSD 6.4 and NetBSD makes it easier for
 CVE-2012-2143
<= 9.0
The crypt_des (aka DES-based crypt) function in FreeBSD before 9.0-RELEASE-p2, as used in PHP, PostgreSQL, and other products, doe
 CVE-2012-0217
<= 9.0
The x86-64 kernel system-call functionality in Xen 4.1.2 and earlier, as used in Citrix XenServer 6.0.2 and earlier and other prod
 CVE-2011-1779
all versions
Multiple use-after-free vulnerabilities in libarchive 2.8.4 and 2.8.5 allow remote attackers to cause a denial of service (applica
 CVE-2011-1778
<= 2.8.5
Buffer overflow in libarchive through 2.8.5 allows remote attackers to cause a denial of service (application crash) or possibly e
 CVE-2011-1777
<= 2.8.5
Multiple buffer overflows in the (1) heap_add_entry and (2) relocate_dir functions in archive_read_support_format_iso9660.c in lib
 CVE-2010-4666
all versions
Buffer overflow in libarchive 3.0 pre-release code allows remote attackers to cause a denial of service (application crash) or pos
 CVE-2011-2393
all versions
The Neighbor Discovery (ND) protocol implementation in the IPv6 stack in FreeBSD, NetBSD, and possibly other BSD-based operating s
 CVE-2011-4862
>= 7.3 and <= 9.0
Buffer overflow in libtelnet/encrypt.c in telnetd in FreeBSD 7.3 through 9.0, MIT Kerberos Version 5 Applications (aka krb5-appl)
 CVE-2011-4122
all versions
Directory traversal vulnerability in openpam_configure.c in OpenPAM before r478 on FreeBSD 8.1 allows local users to load arbitrar
 CVE-2011-4062
all versions
Buffer overflow in the kernel in FreeBSD 7.3 through 9.0-RC1 allows local users to cause a denial of service (panic) or possibly g
 CVE-2011-2895
all versions
The LZW decompressor in (1) the BufCompressedFill function in fontfile/decompress.c in X.Org libXfont before 1.4.4 and (2) compres
 CVE-2011-0419
all versions
Stack consumption vulnerability in the fnmatch implementation in apr_fnmatch.c in the Apache Portable Runtime (APR) library before
 CVE-2011-1739
all versions
The makemask function in mountd.c in mountd in FreeBSD 7.4 through 8.2 does not properly handle a -network field specifying a CIDR
 CVE-2011-1074
all versions
crontab.c in crontab in FreeBSD allows local users to determine the existence of arbitrary directories via a command-line argument
 CVE-2011-1073
all versions
crontab.c in crontab in FreeBSD and Apple Mac OS X allows local users to (1) determine the existence of arbitrary files via a syml
 CVE-2010-4755
all versions
The (1) remote_glob function in sftp-glob.c and the (2) process_put function in sftp.c in OpenSSH 5.8 and earlier, as used in Free
 CVE-2010-4754
all versions
The glob implementation in libc in FreeBSD 7.3 and 8.1, NetBSD 5.0.2, and OpenBSD 4.7, and Libsystem in Apple Mac OS X before 10.6
 CVE-2010-4210
>= 7.0 and < 7.3
The pfs_getextattr function in FreeBSD 7.x before 7.3-RELEASE and 8.x before 8.0-RC1 unlocks a mutex that was not previously locke
7.8HIGH
 CVE-2010-2530
all versions
Multiple integer signedness errors in smb_subr.c in the netsmb module in the kernel in NetBSD 5.0.2 and earlier, FreeBSD, and Appl
 CVE-2010-3014
all versions
The Coda filesystem kernel module, as used in NetBSD and FreeBSD, when Coda is loaded and Venus is running with /coda mounted, all
 CVE-2010-2693
all versions
FreeBSD 7.1 through 8.1-PRERELEASE does not copy the read-only flag when creating a duplicate mbuf buffer reference, which allows
 CVE-2010-2022
all versions
jail.c in jail in FreeBSD 8.0 and 8.1-PRERELEASE, when the "-l -U root" options are omitted, does not properly restrict access to
 CVE-2010-2020
all versions
sys/nfsclient/nfs_vfsops.c in the NFS client in the kernel in FreeBSD 7.2 through 8.1-PRERELEASE, when vfs.usermount is enabled, d
 CVE-2010-1938
all versions
Off-by-one error in the __opiereadrec function in readrec.c in libopie in OPIE 2.4.1-test1 and earlier, as used on FreeBSD 6.4 thr
 CVE-2010-0318
all versions
The replay functionality for ZFS Intent Log (ZIL) in FreeBSD 7.1, 7.2, and 8.0, when creating files during replay of a setattr tra
 CVE-2009-4358
all versions
freebsd-update in FreeBSD 8.0, 7.2, 7.1, 6.4, and 6.3 uses insecure permissions in its working directory (/var/db/freebsd-update b
 CVE-2009-4147
all versions
The _rtld function in the Run-Time Link-Editor (rtld) in libexec/rtld-elf/rtld.c in FreeBSD 7.1 and 8.0 does not clear the (1) LD_
 CVE-2009-4146
all versions
The _rtld function in the Run-Time Link-Editor (rtld) in libexec/rtld-elf/rtld.c in FreeBSD 7.1, 7.2, and 8.0 does not clear the L
 CVE-2009-3527
all versions
Race condition in the Pipe (IPC) close function in FreeBSD 6.3 and 6.4 allows local users to cause a denial of service (crash) or
 CVE-2009-2649
all versions
The IATA (ata) driver in FreeBSD 6.0 and 8.0, when read access to /dev is available, allows local users to cause a denial of servi
 CVE-2009-0689
all versions
Array index error in the (1) dtoa implementation in dtoa.c (aka pdtoa.c) and the (2) gdtoa (aka new dtoa) implementation in gdtoa/
 CVE-2009-2208
all versions
FreeBSD 6.3, 6.4, 7.1, and 7.2 does not enforce permissions on the SIOCSIFINFO_IN6 IOCTL, which allows local users to modify or di
 CVE-2009-1935
all versions
Integer overflow in the pipe_build_write_buffer function (sys/kern/sys_pipe.c) in the direct write optimization feature in the pip
 CVE-2009-1436
all versions
The db interface in libc in FreeBSD 6.3, 6.4, 7.0, 7.1, and 7.2-PRERELEASE does not properly initialize memory for Berkeley DB 1.8
 CVE-2009-1041
all versions
The ktimer feature (sys/kern/kern_time.c) in FreeBSD 7.0, 7.1, and 7.2 allows local users to overwrite arbitrary kernel memory via
 CVE-2009-0641
all versions
sys_term.c in telnetd in FreeBSD 7.0-RELEASE and other 7.x versions deletes dangerous environment variables with a method that was
 CVE-2008-5736
all versions
Multiple unspecified vulnerabilities in FreeBSD 6 before 6.4-STABLE, 6.3 before 6.3-RELEASE-p7, 6.4 before 6.4-RELEASE-p1, 7.0 bef
 CVE-2008-5162
>= 6.4 and < 7.0
The arc4random function in the kernel in FreeBSD 6.3 through 7.1 does not have a proper entropy source for a short time period imm
7.0HIGH
 CVE-2008-5142
all versions
sendbug in freebsd-sendpr 3.113+5.3 on Debian GNU/Linux allows local users to overwrite arbitrary files via a symlink attack on a
 CVE-2008-4609
all versions
The TCP implementation in (1) Linux, (2) platforms based on BSD Unix, (3) Microsoft Windows, (4) Cisco products, and probably othe
 CVE-2008-2476
all versions
The IPv6 Neighbor Discovery Protocol (NDP) implementation in (1) FreeBSD 6.3 through 7.1, (2) OpenBSD 4.2 and 4.3, (3) NetBSD, (4)
 CVE-2008-4247
all versions
ftpd in OpenBSD 4.3, FreeBSD 7.0, NetBSD 4.0, Solaris, and possibly other operating systems interprets long commands from an FTP c
 CVE-2008-2464
all versions
The mld_input function in sys/netinet6/mld6.c in the kernel in NetBSD 4.0, FreeBSD, and KAME, when INET6 is enabled, allows remote
 CVE-2008-3890
all versions
The kernel in FreeBSD 6.3 through 7.0 on amd64 platforms can make an extra swapgs call after a General Protection Fault (GPF), whi
 CVE-2008-3531
all versions
Stack-based buffer overflow in sys/kern/vfs_mount.c in the kernel in FreeBSD 7.0 and 7.1, when vfs.usermount is enabled, allows lo
 CVE-2008-3530
all versions
sys/netinet6/icmp6.c in the kernel in FreeBSD 6.3 through 7.1, NetBSD 3.0 through 4.0, and possibly other operating systems does n
 CVE-2008-1391
all versions
Multiple integer overflows in libc in NetBSD 4.x, FreeBSD 6.x and 7.x, and probably other BSD and Apple Mac OS platforms allow con
 CVE-2008-1215
all versions
Stack-based buffer overflow in the command_Expand_Interpret function in command.c in ppp (aka user-ppp), as distributed in FreeBSD
 CVE-2008-0777
all versions
The sendfile system call in FreeBSD 5.5 through 7.0 does not check the access flags of the file descriptor used for sending a file
 CVE-2008-0217
all versions
The script program in FreeBSD 5.0 through 7.0-PRERELEASE invokes openpty, which creates a pseudo-terminal with world-readable and
 CVE-2008-0216
all versions
The ptsname function in FreeBSD 6.0 through 7.0-PRERELEASE does not properly verify that a certain portion of a device name is ass
 CVE-2007-6150
all versions
The "internal state tracking" code for the random and urandom devices in FreeBSD 5.5, 6.1 through 6.3, and 7.0 beta 4 allows local
 CVE-2007-3798
>= 5.0 and < 5.5
Integer overflow in print-bgp.c in the BGP dissector in tcpdump 3.9.6 and earlier allows remote attackers to execute arbitrary cod
9.8CRITICAL
 CVE-2007-3645
<= 2.2.3
archive_read_support_format_tar.c in libarchive before 2.2.4 allows user-assisted remote attackers to cause a denial of service (c
 CVE-2007-3644
<= 2.2.3
archive_read_support_format_tar.c in libarchive before 2.2.4 allows user-assisted remote attackers to cause a denial of service (i
 CVE-2007-3641
<= 2.2.3
archive_read_support_format_tar.c in libarchive before 2.2.4 does not properly compute the length of a certain buffer when process
 CVE-2007-3722
all versions
The 4BSD process scheduler in the FreeBSD kernel performs scheduling based on CPU billing gathered from periodic process sampling
 CVE-2007-3721
all versions
The ULE process scheduler in the FreeBSD kernel gives preference to "interactive" processes that perform voluntary sleeps, which a
 CVE-2007-0267
all versions
The ufs_lookup function in the Mac OS X 10.4.8 and FreeBSD 6.1 kernels allows local users to cause a denial of service (kernel pan
 CVE-2007-0229
all versions
Integer overflow in the ffs_mountfs function in Mac OS X 10.4.8 and FreeBSD 6.1 allows local users to cause a denial of service (p
 CVE-2007-0166
<= 6.2
The jail rc.d script in FreeBSD 5.3 up to 6.2 does not verify pathnames when writing to /var/log/console.log during a jail start-u
 CVE-2006-6397
all versions
Integer overflow in banner/banner.c in FreeBSD, NetBSD, and OpenBSD might allow local users to modify memory via a long banner. N
 CVE-2006-6165
all versions
ld.so in FreeBSD, NetBSD, and possibly other BSD distributions does not remove certain harmful environment variables, which allows
7.8HIGH
 CVE-2006-6013
all versions
Integer signedness error in the fw_ioctl (FW_IOCTL) function in the FireWire (IEEE-1394) drivers (dev/firewire/fwdev.c) in various
 CVE-2006-5824
all versions
Integer overflow in the ffs_rdextattr function in FreeBSD 6.1 allows local users to cause a denial of service (kernel panic) and t
 CVE-2006-5680
all versions
The libarchive library in FreeBSD 6-STABLE after 2006-09-05 and before 2006-11-08 allows context-dependent attackers to cause a de
 CVE-2006-5679
all versions
Integer overflow in the ffs_mountfs function in FreeBSD 6.1 allows local users to cause a denial of service (panic) and possibly e
 CVE-2006-5550
all versions
The kernel in FreeBSD 6.1 and OpenBSD 4.0 allows local users to cause a denial of service via unspecified vectors involving certai
 CVE-2006-5483
all versions
p1003_1b.c in FreeBSD 6.1 allows local users to cause an unspecified denial of service by setting a scheduler policy, which should
 CVE-2006-5482
all versions
ufs_vnops.c in FreeBSD 6.1 allows local users to cause an unspecified denial of service by calling the ftruncate function on a fil
 CVE-2006-4516
all versions
Integer signedness error in FreeBSD 6.0-RELEASE allows local users to cause a denial of service (memory corruption and kernel pani
 CVE-2006-4178
<= 5.5
Integer signedness error in the i386_set_ldt call in FreeBSD 5.5, and possibly earlier versions down to 5.2, allows local users to
 CVE-2006-4172
<= 5.5
Integer overflow vulnerability in the i386_set_ldt call in FreeBSD 5.5, and possibly earlier versions down to 5.2, allows local us
 CVE-2006-4304
all versions
Buffer overflow in the sppp driver in FreeBSD 4.11 through 6.1, NetBSD 2.0 through 4.0 beta before 20060823, and OpenBSD 3.8 and 3
 CVE-2006-2655
all versions
The build process for ypserv in FreeBSD 5.3 up to 6.1 accidentally disables access restrictions when using the /var/yp/securenets
 CVE-2006-2654
all versions
Directory traversal vulnerability in smbfs on FreeBSD 4.10 up to 6.1 allows local users to escape chroot restrictions for an
 CVE-2006-1056
all versions
The Linux kernel before 2.6.16.9 and the FreeBSD kernel, when running on AMD64 and other 7th and 8th generation AuthenticAMD proce
 CVE-2006-1283
all versions
opiepasswd in One-Time Passwords in Everything (OPIE) in FreeBSD 4.10-RELEASE-p22 through 6.1-STABLE before 20060322 uses the getl
 CVE-2006-0905
all versions
A "programming error" in fast_ipsec in FreeBSD 4.8-RELEASE through 6.1-STABLE and NetBSD 2 through 3 does not properly update the
 CVE-2006-0883
all versions
OpenSSH on FreeBSD 5.3 and 5.4, when used with OpenPAM, does not properly handle when a forked child process terminates during PAM
 CVE-2006-0900
all versions
nfsd in FreeBSD 6.0 kernel allows remote attackers to cause a denial of service via a crafted NFS mount request, as demonstrated b
 CVE-2006-0433
all versions
Selective Acknowledgement (SACK) in FreeBSD 5.3 and 5.4 does not properly handle an incoming selective acknowledgement when there
 CVE-2006-0381
all versions
A logic error in the IP fragment cache functionality in pf in FreeBSD 5.3, 5.4, and 6.0, and OpenBSD, when a 'scrub fragment crop'
 CVE-2006-0380
all versions
A logic error in FreeBSD kernel 5.4-STABLE and 6.0 causes the kernel to calculate an incorrect buffer length, which causes more da
 CVE-2006-0379
all versions
FreeBSD kernel 5.4-STABLE and 6.0 does not completely initialize a buffer before making it available to userland, which could allo
 CVE-2006-0226
all versions
Integer overflow in IEEE 802.11 network subsystem (ieee80211_ioctl.c) in FreeBSD before 6.0-STABLE, while scanning for wireless ne
 CVE-2006-0055
all versions
The ispell_op function in ee on FreeBSD 4.10 to 6.0 uses predictable filenames and does not confirm which file is being written, w
 CVE-2006-0054
all versions
The ipfw firewall in FreeBSD 6.0-RELEASE allows remote attackers to cause a denial of service (firewall crash) via ICMP IP fragmen
5.3MEDIUM
 CVE-2005-4351
<= 6.0
The securelevels implementation in FreeBSD 7.0 and earlier, OpenBSD up to 3.8, DragonFly up to 1.2, and Linux up to 2.6.15 allows
 CVE-2005-2359
all versions
The AES-XCBC-MAC algorithm in IPsec in FreeBSD 5.3 and 5.4, when used for authentication without other encryption, uses a constant
 CVE-2005-2218
all versions
The device file system (devfs) in FreeBSD 5.x does not properly check parameters of the node type when creating a device node, whi
 CVE-2005-2068
all versions
FreeBSD 4.x through 4.11 and 5.x through 5.4 allows remote attackers to modify certain TCP options via a TCP packet with the SYN f
 CVE-2005-2019
all versions
ipfw in FreeBSD 5.4, when running on Symmetric Multi-Processor (SMP) or Uni Processor (UP) systems with the PREEMPTION kernel opti
 CVE-2005-0356
all versions
Multiple TCP implementations with Protection Against Wrapped Sequence Numbers (PAWS) with the timestamps option enabled allow remo
 CVE-2005-1406
all versions
The kernel in FreeBSD 4.x to 4.11 and 5.x to 5.4 does not properly clear certain fixed-length buffers when copying variable-length
 CVE-2005-1400
all versions
The i386_get_ldt system call in FreeBSD 4.7 to 4.11 and 5.x to 5.4 allows local users to access sensitive kernel memory via argume
 CVE-2005-1399
all versions
FreeBSD 4.6 to 4.11 and 5.x to 5.4 uses insecure default permissions for the /dev/iir device, which allows local users to execute
 CVE-2005-1036
>= 5.0 and <= 5.4
FreeBSD 5.x to 5.4 on AMD64 does not properly initialize the IO permission bitmap used to allow user access to certain hardware, w
7.8HIGH
 CVE-2005-0988
all versions
Race condition in gzip 1.2.4, 1.3.3, and earlier, when decompressing a gzipped file, allows local users to modify permissions of a
 CVE-2005-0708
all versions
The sendfile system call in FreeBSD 4.8 through 4.11 and 5 through 5.4 can transfer portions of kernel memory if a file is truncat
 CVE-2005-1126
all versions
The SIOCGIFCONF ioctl (ifconf function) in FreeBSD 4.x through 4.11 and 5.x through 5.4 does not properly clear a buffer before us
 CVE-2005-0610
all versions
Multiple symlink vulnerabilities in portupgrade before 20041226_2 in FreeBSD allow local users to (1) overwrite arbitrary files an
 CVE-2005-0109
all versions
Hyper-Threading technology, as used in FreeBSD and other operating systems that are run on Intel Pentium and other processors, all
5.6MEDIUM
 CVE-2004-1053
all versions
Integer overflow in fetch on FreeBSD 4.1 through 5.3 allows remote malicious servers to execute arbitrary code via certain HTTP he
 CVE-2004-1066
all versions
The cmdline pseudofiles in (1) procfs on FreeBSD 4.8 through 5.3, and (2) linprocfs on FreeBSD 5.x through 5.3, do not properly va
 CVE-2004-1471
all versions
Format string vulnerability in wrapper.c in CVS 1.12.x through 1.12.8, and 1.11.x through 1.11.16 allows remote attackers with CVS
 CVE-2004-0919
all versions
The syscons CONS_SCRSHOT ioctl in FreeBSD 5.x allows local users to read arbitrary kernel memory via (1) negative coordinates or (
 CVE-2004-0618
all versions
FreeBSD 5.1 for the Alpha processor allows local users to cause a denial of service (crash) via an execve system call with an unal
 CVE-2004-0602
all versions
The binary compatibility mode for FreeBSD 4.x and 5.x does not properly handle certain Linux system calls, which could allow local
 CVE-2004-0112
all versions
The SSL/TLS handshaking code in OpenSSL 0.9.7a, 0.9.7b, and 0.9.7c, when using Kerberos ciphersuites, does not properly check the
 CVE-2004-0081
all versions
OpenSSL 0.9.6 before 0.9.6d does not properly handle unknown message types, which allows remote attackers to cause a denial of ser
 CVE-2004-0079
all versions
The do_change_cipher_spec function in OpenSSL 0.9.6c to 0.9.6k, and 0.9.7a to 0.9.7c, allows remote attackers to cause a denial of
7.5HIGH
 CVE-2004-0435
all versions
Certain "programming errors" in the msync system call for FreeBSD 5.2.1 and earlier, and 4.10 and earlier, do not properly handle
 CVE-2004-0125
all versions
The jail system call in FreeBSD 4.x before 4.10-RELEASE does not verify that an attempt to manipulate routing tables originated fr
 CVE-2004-0370
all versions
The setsockopt call in the KAME Project IPv6 implementation, as used in FreeBSD 5.2, does not properly handle certain IPv6 socket
 CVE-2004-0126
all versions
The jail_attach system call in FreeBSD 5.1 and 5.2 changes the directory of a calling process even if the process doesn't have per
 CVE-2004-0171
all versions
FreeBSD 5.1 and earlier, and Mac OS X before 10.3.4, allows remote attackers to cause a denial of service (resource exhaustion of
 CVE-2004-0114
<= 5.2
The shmat system call in the System V Shared Memory interface for FreeBSD 5.2 and earlier, NetBSD 1.3 and earlier, and OpenBSD 2.6
 CVE-2004-0099
all versions
mksnap_ffs in FreeBSD 5.1 and 5.2 only sets the snapshot flag when creating a snapshot for a file system, which causes default val
 CVE-2004-0002
all versions
The TCP MSS (maximum segment size) functionality in netinet allows remote attackers to cause a denial of service (resource exhaust
 CVE-2003-1234
all versions
Integer overflow in the f_count counter in FreeBSD before 4.2 through 5.0 allows local users to cause a denial of service (crash)
 CVE-2003-0914
all versions
ISC BIND 8.3.x before 8.3.7, and 8.4.x before 8.4.3, allows remote attackers to poison the cache via a malicious name server that
 CVE-2003-0804
all versions
The arplookup function in FreeBSD 5.1 and earlier, Mac OS X before 10.2.8, and possibly other BSD-based systems, allows remote att
 CVE-2003-0688
all versions
The DNS map code in Sendmail 8.12.8 and earlier, when using the "enhdnsbl" feature, does not properly initialize certain data stru
 CVE-2003-0694
all versions
The prescan function in Sendmail 8.12.9 allows remote attackers to execute arbitrary code via buffer overflow attacks, as demonstr
 CVE-2003-0466
>= 4.0 and <= 5.0
Off-by-one error in the fb_realpath() function, as derived from the realpath function in BSD, may allow attackers to execute arbit
9.8CRITICAL
 CVE-2003-0144
all versions
Buffer overflow in the lprm command in the lprold lpr package on SuSE 7.1 through 7.3, OpenBSD 3.2 and earlier, and possibly other
 CVE-2003-0028
all versions
Integer overflow in the xdrmem_getbytes() function, and possibly other functions, of XDR (external data representation) libraries
 CVE-2003-0078
all versions
ssl3_get_record in s3_pkt.c for OpenSSL before 0.9.7a and 0.9.6 before 0.9.6i does not perform a MAC computation if an incorrect b
 CVE-2003-0015
all versions
Double-free vulnerability in CVS 1.11.4 and earlier allows remote attackers to cause a denial of service and possibly execute arbi
 CVE-2003-0001
all versions
Multiple ethernet Network Interface Card (NIC) device drivers do not pad frames with null bytes, which allows remote attackers to
 CVE-2002-2199
< 0.7_1
The default aide.conf file in Advanced Intrusion Detection Environment (AIDE) before 0.7_1 on FreeBSD before 2002-08-28 does not p
 CVE-2002-2092
all versions
Race condition in exec in OpenBSD 4.0 and earlier, NetBSD 1.5.2 and earlier, and FreeBSD 4.4 and earlier allows local users to gai
 CVE-2002-1915
all versions
tip on multiple BSD-based operating systems allows local users to cause a denial of service (execution prevention) by using flock(
5.5MEDIUM
 CVE-2002-1674
all versions
procfs on FreeBSD before 4.5 allows local users to cause a denial of service (kernel panic) by removing a file that the fstatfs fu
 CVE-2002-1669
all versions
pkg_add in FreeBSD 4.2 through 4.4 creates a temporary directory with world-searchable permissions, which may allow local users to
 CVE-2002-1667
all versions
The virtual memory management system in FreeBSD 4.5-RELEASE and earlier does not properly check the existence of a VM object durin
 CVE-2002-1221
all versions
BIND 8.x through 8.3.3 allows remote attackers to cause a denial of service (crash) via SIG RR elements with invalid expiry times,
 CVE-2002-1220
all versions
BIND 8.3.x through 8.3.3 allows remote attackers to cause a denial of service (termination due to assertion failure) via a request
 CVE-2002-1219
all versions
Buffer overflow in named in BIND 4 versions 4.9.10 and earlier, and 8 versions 8.3.3 and earlier, allows remote attackers to execu
 CVE-2002-0666
all versions
IPSEC implementations including (1) FreeS/WAN and (2) KAME do not properly calculate the length of authentication data, which allo
 CVE-2002-1125
all versions
FreeBSD port programs that use libkvm for FreeBSD 4.6.2-RELEASE and earlier, including (1) asmon, (2) ascpu, (3) bubblemon, (4) wm
 CVE-2002-0973
all versions
Integer signedness error in several system calls for FreeBSD 4.6.1 RELEASE-p10 and earlier may allow attackers to access sensitive
 CVE-2002-0831
all versions
The kqueue mechanism in FreeBSD 4.3 through 4.6 STABLE allows local users to cause a denial of service (kernel panic) via a pipe c
 CVE-2002-0830
<= 4.6.1
Network File System (NFS) in FreeBSD 4.6.1 RELEASE-p7 and earlier, NetBSD 1.5.3 and earlier, and possibly other operating systems,
 CVE-2002-0829
<= 4.6.1
Integer overflow in the Berkeley Fast File System (FFS) in FreeBSD 4.6.1 RELEASE-p4 and earlier allows local users to access arbit
 CVE-2002-0820
all versions
FreeBSD kernel 4.6 and earlier closes the file descriptors 0, 1, and 2 after they have already been assigned to /dev/null when the
 CVE-2002-0795
all versions
The rc system startup script for FreeBSD 4 through 4.5 allows local users to delete arbitrary files via a symlink attack on X Wind
 CVE-2002-0794
all versions
The accept_filter mechanism in FreeBSD 4 through 4.5 does not properly remove entries from the incomplete listen queue when adding
 CVE-2002-0755
all versions
Kerberos 5 su (k5su) in FreeBSD 4.5 and earlier does not verify that a user is a member of the wheel group before granting superus
 CVE-2002-0754
all versions
Kerberos 5 su (k5su) in FreeBSD 4.4 and earlier relies on the getlogin system call to determine if the user running k5su is root,
 CVE-2002-0518
all versions
The SYN cache (syncache) and SYN cookie (syncookie) mechanism in FreeBSD 4.5 and earlier allows remote attackers to cause a denial
 CVE-2002-0414
all versions
KAME-derived implementations of IPsec on NetBSD 1.5.2, FreeBSD 4.5, and other operating systems, does not properly consult the Sec
 CVE-2002-0391
<= 4.6.1
Integer overflow in xdr_array function in RPC servers for operating systems that use libc, glibc, or other code based on SunRPC in
9.8CRITICAL
 CVE-2002-0701
all versions
ktrace in BSD-based operating systems allows the owner of a process with special privileges to trace the process after its privile
 CVE-2002-0574
<= 4.5
Memory leak in FreeBSD 4.5 and earlier allows remote attackers to cause a denial of service (memory exhaustion) via ICMP echo pack
 CVE-2002-0572
all versions
FreeBSD 4.5 and earlier, and possibly other BSD-based operating systems, allows local users to write to or read from restricted fi
 CVE-2002-0381
<= 4.5
The TCP implementation in various BSD operating systems (tcp_input.c) does not properly block connections to broadcast addresses,
 CVE-2002-0062
all versions
Buffer overflow in ncurses 5.0, and the ncurses4 compatibility package as used in Red Hat Linux, allows local users to gain privil
 CVE-2002-0004
all versions
Heap corruption vulnerability in the "at" program allows local users to execute arbitrary code via a malformed execution time, whi
 CVE-2001-1185
all versions
Some AIO operations in FreeBSD 4.4 may be delayed until after a call to execve, which could allow a local user to overwrite memory
 CVE-2001-0796
all versions
SGI IRIX 6.5 through 6.5.12f and possibly earlier versions, and FreeBSD 3.0, allows remote attackers to cause a denial of service
 CVE-2001-0670
<= 4.3
Buffer overflow in BSD line printer daemon (in.lpd or lpd) in various BSD-based operating systems allows remote attackers to execu
 CVE-2001-1034
all versions
Format string vulnerability in Hylafax on FreeBSD allows local users to execute arbitrary code via format specifiers in the -h hos
 CVE-2001-1029
<= 4.4
libutil in OpenSSH on FreeBSD 4.4 and earlier does not drop privileges before verifying the capabilities for reading the copyright
 CVE-2001-0710
<= 4.3
NetBSD 1.5 and earlier and FreeBSD 4.3 and earlier allows a remote attacker to cause a denial of service by sending a large number
 CVE-2001-1017
all versions
rmuser utility in FreeBSD 4.2 and 4.3 creates a copy of the master.passwd file with world-readable permissions while updating the
 CVE-2001-0969
all versions
ipfw in FreeBSD does not properly handle the use of "me" in its rules when point to point interfaces are used, which causes ipfw t
 CVE-2001-1155
>= 4.1.1 and <= 4.3
TCP Wrappers (tcp_wrappers) in FreeBSD 4.1.1 through 4.3 with the PARANOID ACL option enabled does not properly check the result o
9.8CRITICAL
 CVE-2001-1166
all versions
linprocfs on FreeBSD 4.3 and earlier does not properly restrict access to kernel memory, which allows one process with debugging r
 CVE-2001-1145
all versions
fts routines in FreeBSD 4.3 and earlier, NetBSD before 1.5.2, and OpenBSD 2.9 and earlier can be forced to change (chdir) into a d
 CVE-2001-0554
all versions
Buffer overflow in BSD-based telnetd telnet daemon on various operating systems allows remote attackers to execute arbitrary comma
 CVE-2001-1180
all versions
FreeBSD 4.3 does not properly clear shared signal handlers when executing a process, which allows local users to gain privileges b
 CVE-2001-1244
all versions
Multiple TCP implementations could allow remote attackers to cause a denial of service (bandwidth and CPU exhaustion) by setting t
 CVE-2001-0439
all versions
licq before 1.0.3 allows remote attackers to execute arbitrary commands via shell metacharacters in a URL.
 CVE-2001-0424
all versions
BubbleMon 1.31 does not properly drop group privileges before executing programs, which allows local users to execute arbitrary co
 CVE-2001-0469
<= 4.2
rwho daemon rwhod in FreeBSD 4.2 and earlier, and possibly other operating systems, allows remote attackers to cause a denial of s
 CVE-2001-0388
<= 4.1
time server daemon timed allows remote attackers to cause a denial of service via malformed packets.
 CVE-2001-0402
<= 4.1
IPFilter 3.4.16 and earlier does not include sufficient session information in its cache, which allows remote attackers to bypass
 CVE-2001-0371
<= 4.2
Race condition in the UFS and EXT2FS file systems in FreeBSD 4.2 and earlier, and possibly other operating systems, makes deleted
 CVE-2001-0247
all versions
Buffer overflows in BSD-based FTP servers allows remote attackers to execute arbitrary commands via a long pattern string containi
 CVE-2001-0310
all versions
sort in FreeBSD 4.1.1 and earlier, and possibly other operating systems, uses predictable temporary file names and does not proper
 CVE-2001-0230
<= 0.4_1
Buffer overflow in dc20ctrl before 0.4_1 in FreeBSD, and possibly other operating systems, allows local users to gain privileges.
 CVE-2001-0196
all versions
inetd ident server in FreeBSD 4.x and earlier does not properly set group permissions, which allows remote attackers to read the f
 CVE-2001-0183
all versions
ipfw and ip6fw in FreeBSD 4.2 and earlier allows remote attackers to bypass access restrictions by setting the ECE flag in a TCP p
 CVE-2001-0128
all versions
Zope before 2.2.4 does not properly compute local roles, which could allow users to bypass specified access restrictions and gain
 CVE-2000-0375
all versions
The kernel in FreeBSD 3.2 follows symbolic links when it creates core dump files, which allows local attackers to modify arbitrary
 CVE-2000-0890
all versions
periodic in FreeBSD 4.1.1 and earlier, and possibly other operating systems, allows local users to overwrite arbitrary files via a
 CVE-2001-0094
all versions
Buffer overflow in kdc_reply_cipher of libkrb (Kerberos 4 authentication library) in NetBSD 1.5 and FreeBSD 4.2 and earlier, as us
 CVE-2001-0093
all versions
Vulnerability in telnetd in FreeBSD 1.5 allows local users to gain root privileges by modifying critical environmental variables t
 CVE-2001-0063
all versions
procfs in FreeBSD and possibly other operating systems allows local users to bypass access control restrictions for a jail environ
 CVE-2001-0062
all versions
procfs in FreeBSD and possibly other operating systems allows local users to cause a denial of service by calling mmap on the proc
 CVE-2001-0061
all versions
procfs in FreeBSD and possibly other operating systems does not properly restrict access to per-process mem and ctl files, which a
 CVE-2000-1184
all versions
telnetd in FreeBSD 4.2 and earlier, and possibly other operating systems, allows remote attackers to cause a denial of service by
 CVE-2000-1167
all versions
ppp utility in FreeBSD 4.1.1 and earlier does not properly restrict access as specified by the "nat deny_incoming" command, which
 CVE-2000-0993
all versions
Format string vulnerability in pw_error function in BSD libutil library allows local users to gain root privileges via a malformed
 CVE-2000-0963
all versions
Buffer overflow in ncurses library allows local users to execute arbitrary commands via long environmental information such as TER
 CVE-2000-0916
all versions
FreeBSD 4.1.1 and earlier, and possibly other BSD-based OSes, uses an insufficient random number generator to generate initial TCP
 CVE-2000-0915
all versions
fingerd in FreeBSD 4.1.1 allows remote attackers to read arbitrary files by specifying the target file name instead of a regular u
 CVE-2000-1066
all versions
The getnameinfo function in FreeBSD 4.1.1 and earlier, and possibly other operating systems, allows a remote attacker to cause a d
 CVE-2000-1013
all versions
The setlocale function in FreeBSD 5.0 and earlier, and possibly other OSes, allows local users to read arbitrary files via the LAN
 CVE-2000-1012
all versions
The catopen function in FreeBSD 5.0 and earlier, and possibly other OSes, allows local users to read arbitrary files via the LANG
 CVE-2000-1011
all versions
Buffer overflow in catopen() function in FreeBSD 5.0 and earlier, and possibly other OSes, allows local users to gain root privile
 CVE-2000-0998
all versions
Format string vulnerability in top program allows local attackers to gain root privileges via the "kill" or "renice" function.
 CVE-2000-0852
all versions
Multiple buffer overflows in eject on FreeBSD and possibly other OSes allows local users to gain root privileges.
 CVE-2000-0752
all versions
Buffer overflows in brouted in FreeBSD and possibly other OSes allows local users to gain root privileges via long command line ar
 CVE-2000-0749
all versions
Buffer overflow in the Linux binary compatibility module in FreeBSD 3.x through 5.x allows local users to gain root privileges via
 CVE-2000-0729
all versions
FreeBSD 5.x, 4.x, and 3.x allows local users to cause a denial of service by executing a program with a malformed ELF image header
 CVE-1999-0761
all versions
Buffer overflow in FreeBSD fts library routines allows local user to modify arbitrary files via the periodic program.
 CVE-2000-0595
all versions
libedit searches for the .editrc file in the current directory instead of the user's home directory, which may allow local users t
 CVE-2000-0594
all versions
BitchX IRC client does not properly cleanse an untrusted format string, which allows remote attackers to cause a denial of service
 CVE-2000-0584
all versions
Buffer overflow in Canna input system allows remote attackers to execute arbitrary commands via an SR_INIT command with a long use
 CVE-2000-0535
all versions
OpenSSL 0.9.4 and OpenSSH for FreeBSD do not properly check for the existence of the /dev/random or /dev/urandom devices, which ar
 CVE-2000-0532
all versions
A FreeBSD patch for SSH on 2000-01-14 configures ssh to listen on port 722 as well as port 22, which might allow remote attackers
 CVE-2000-0461
all versions
The undocumented semconfig system call in BSD freezes the state of semaphores, which allows local users to cause a denial of servi
 CVE-1999-1008
all versions
xsoldier program allows local users to gain root access via a long argument.
 CVE-2000-0440
all versions
NetBSD 1.4.2 and earlier allows remote attackers to cause a denial of service by sending a packet with an unaligned IP timestamp o
 CVE-2000-0235
all versions
Buffer overflow in the huh program in the orville-write package allows local users to gain root privileges.
 CVE-2000-0186
all versions
Buffer overflow in the dump utility in the Linux ext2fs backup package allows local users to gain privileges via a long command li
 CVE-2000-0163
all versions
asmon and ascpu in FreeBSD allow local users to gain root privileges via a configuration file.
 CVE-2000-0092
all versions
The BSD make program allows local users to modify files via a symlink attack when the -j option is being used.
 CVE-1999-0964
all versions
Buffer overflow in FreeBSD setlocale in the libc module allows attackers to execute arbitrary code via a long PATH_LOCALE environm
 CVE-1999-1339
all versions
Vulnerability when Network Address Translation (NAT) is enabled in Linux 2.2.10 and earlier with ipchains, or FreeBSD 3.2 with ipf
 CVE-1999-0001
all versions
ip_input.c in BSD-derived TCP/IP implementations allows remote attackers to cause a denial of service (crash or hang) via crafted
 CVE-1999-0963
all versions
FreeBSD mount_union command allows local users to gain root privileges via a symlink attack.
 CVE-1999-0857
all versions
FreeBSD gdc program allows local users to modify files via a symlink attack.
 CVE-1999-0855
all versions
Buffer overflow in FreeBSD gdc program.
 CVE-1999-0826
all versions
Buffer overflow in FreeBSD angband allows local users to gain privileges.
 CVE-1999-0823
all versions
Buffer overflow in FreeBSD xmindpath allows local users to gain privileges via -f argument.
 CVE-1999-0820
all versions
FreeBSD seyon allows users to gain privileges via a modified PATH variable for finding the xterm and seyon-emu commands.
 CVE-1999-0863
all versions
Buffer overflow in FreeBSD seyon via HOME environmental variable, -emulator argument, -modems argument, or the GUI.
 CVE-1999-0821
all versions
FreeBSD seyon allows local users to gain privileges by providing a malicious program in the -emulator argument.
 CVE-1999-1517
all versions
runtar in the Amanda backup system used in various UNIX operating systems executes tar with root privileges, which allows a user t
 CVE-1999-0912
all versions
FreeBSD VFS cache (vfs_cache) allows local users to cause a denial of service by opening a large number of files.
 CVE-1999-0704
all versions
Buffer overflow in Berkeley automounter daemon (amd) logging facility provided in the Linux am-utils package and others.
 CVE-2000-0489
all versions
FreeBSD, NetBSD, and OpenBSD allow an attacker to cause a denial of service by creating a large number of socket pairs using the s
 CVE-1999-1564
all versions
FreeBSD 3.2 and possibly other versions allows a local user to cause a denial of service (panic) with a large number accesses of a
 CVE-1999-0703
all versions
OpenBSD, BSDI, and other Unix operating systems allow users to set chflags and fchflags on character and block devices.
 CVE-1999-1518
all versions
Operating systems with shared memory implementations based on BSD 4.4 code allow a user to conduct a denial of service and bypass
 CVE-1999-0405
all versions
A buffer overflow in lsof allows local users to obtain root privilege.
 CVE-1999-0798
all versions
Buffer overflow in bootpd on OpenBSD, FreeBSD, and Linux systems via a malformed header type.
 CVE-1999-0782
all versions
KDE kppp allows local users to create a directory in an arbitrary location via the HOME environmental variable.
 CVE-1999-0781
all versions
KDE allows local users to execute arbitrary commands by setting the KDEDIR environmental variable to modify the search path that K
 CVE-1999-0780
all versions
KDE klock allows local users to kill arbitrary processes by specifying an arbitrary PID in the .kss.pid file.
 CVE-1999-0057
all versions
Vacation program allows command execution by remote users through a sendmail command.
 CVE-1999-0052
all versions
IP fragmentation denial of service in FreeBSD allows a remote attacker to cause a crash.
7.5HIGH
 CVE-1999-0053
all versions
TCP RST denial of service in FreeBSD.
 CVE-1999-0783
all versions
FreeBSD allows local users to conduct a denial of service by creating a hard link from a device special file to a file on an NFS f
5.5MEDIUM
 CVE-1999-0796
all versions
FreeBSD T/TCP Extensions for Transactions can be subjected to spoofing attacks.
 CVE-1999-0323
all versions
FreeBSD mmap function allows users to modify append-only or immutable files.
 CVE-1999-0305
all versions
The system configuration control (sysctl) facility in BSD based operating systems OpenBSD 2.2 and earlier, and FreeBSD 2.2.5 and e
 CVE-1999-0304
all versions
mmap function in BSD allows local attackers in the kmem group to modify memory through devices.
 CVE-1999-0513
all versions
ICMP messages to broadcast addresses are allowed, allowing for a Smurf attack that can cause a denial of service.
 CVE-1999-0017
all versions
FTP servers can allow an attacker to connect to arbitrary ports on machines other than the FTP client, aka FTP bounce.
Vulnerabilities
CISA KEV catalog
CWE weaknesses
CAPEC attack patterns
Package vulnerabilities
Threat intelligence
Threat actors
Tools & malware
ATT&CK techniques
IOCs
Detection & defense
Sigma rules
YARA rules
Atomic Red Team tests
D3FEND countermeasures
Compliance
NIST 800-53
ISO 27001:2022
SOC 2 TSC
PCI-DSS v4.0
CIS Controls v8.1
About
All capabilities
Live statistics
Data sources
Privacy policy
Terms of service
threatengine.sh  ·  Open-source threat intelligence platform  ·  100+ authoritative sources  ·  Every fact traces to its origin