MidnightBSD

Advisories for freebsd

CVE-1999-0001 MEDIUM

ip_input.c in BSD-derived TCP/IP implementations allows remote attackers to cause a denial of service (crash or hang) via crafted packets.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-20,

Products Affected

Vendor Product Version
openbsd openbsd 2.4
bsdi bsd_os 3.1
freebsd freebsd 2.2.5
freebsd freebsd 2.2
freebsd freebsd 2.2.8
freebsd freebsd 2.1.7.1
freebsd freebsd 2.2.4
freebsd freebsd 2.0
freebsd freebsd 2.1.6
freebsd freebsd 2.1.7
freebsd freebsd 1.0
freebsd freebsd 1.1.5.1
freebsd freebsd 2.2.3
freebsd freebsd 3.0
freebsd freebsd 2.1.6.1
openbsd openbsd 2.3
freebsd freebsd 2.1.5
freebsd freebsd 1.1
freebsd freebsd 2.2.2
freebsd freebsd 2.2.6
freebsd freebsd 2.0.5
freebsd freebsd 1.2
freebsd freebsd 2.0.1
CVE-1999-0017 HIGH

FTP servers can allow an attacker to connect to arbitrary ports on machines other than the FTP client, aka FTP bounce.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
gnu inet 6.02
sco open_desktop 3.0
sun sunos 4.1.4
netbsd netbsd 1.2.1
gnu inet 5.01
caldera openlinux 1.2
ibm aix 4.1
freebsd freebsd 1.1
sun sunos 5.3
netbsd netbsd 1.0
sco openserver 5.0.4
sun sunos 4.1.3u1
freebsd freebsd 1.2
ibm aix 4.3
sun sunos 5.5.1
netbsd netbsd 1.1
netbsd netbsd 1.2
sco unixware 2.1
freebsd freebsd 2.0
freebsd freebsd 2.1.7
gnu inet 6.01
ibm aix 4.2
sun sunos 5.4
freebsd freebsd 1.0
freebsd freebsd 2.1.0
washington_university wu-ftpd 2.4
siemens reliant_unix *
ibm aix 3.2
sun sunos 5.5
CVE-1999-0022 HIGH

Local user gains root privileges via buffer overflow in rdist, via expstr() function.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,CWE-125,

Products Affected

Vendor Product Version
sgi irix 5.2
sgi irix 6.4
sun sunos 5.2
hp hp-ux 10.00
sun sunos 5.1
sgi irix 5.0.1
ibm aix 4.1.1
sgi irix 6.2
ibm aix 4.1
sgi irix 5.0
sun sunos 5.3
sgi irix 6.1
sgi irix 6.3
sun sunos 4.1.1
sun sunos 4.1.3u1
ibm aix 3.2.4
ibm aix 4.1.3
sun sunos 5.0
sgi irix 6.0.1
sgi irix 6.0
freebsd freebsd 2.0
bsdi bsd_os 1.1
ibm aix 3.1
sun sunos 4.1.2
ibm aix 4.2
ibm aix 4.1.4
sgi irix 5.1.1
sun sunos 5.4
sun solaris 4.1.3
sgi irix 5.3
freebsd freebsd 2.1.0
ibm aix 4.1.2
ibm aix 3.2.5
freebsd freebsd 2.0.5
ibm aix 3.2
ibm aix 4.1.5
sgi irix 5.1
CVE-1999-0023 HIGH

Local user gains root privileges via buffer overflow in rdist, via lookup() function.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
sco open_desktop 3.0
sun sunos 4.1.4
sco openserver 5.0.2
sco internet_faststart 1.0
sun sunos 4.1.3
ibm aix 4.1
sun sunos 5.3
inet inet 6.01
sco tcp_ip 1.2.0
sco openserver 5.0
sun sunos 4.1.3u1
sco open_desktop 2.0
sun sunos 5.5.1
freebsd freebsd 2.2
inet inet 5.01
sco openserver 2.0
sco unixware 2.1
freebsd freebsd 2.0
ibm aix 4.2
sun sunos 5.4
sco unixware 2.0
sun sunos -
freebsd freebsd 2.1.0
bsdi bsd_os *
freebsd freebsd 2.0.5
ibm aix 3.2
sun sunos 5.5
sco tcp_ip 1.2.1
CVE-1999-0032 HIGH

Buffer overflow in lpr, as used in BSD-based systems including Linux, allows local users to execute arbitrary code as root via a long -C (classification) command line option.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
sgi irix 5.2
sgi irix 6.4
sun sunos 4.1.4
sgi irix 6.0.1
sgi irix 6.0
freebsd freebsd 2.0
sgi irix 5.0.1
sgi irix 5.1.1
sgi irix 5.3
freebsd freebsd 2.1.0
next nextstep 4.1
sgi irix 6.2
freebsd freebsd 2.1.5
sgi irix 5.0
sgi irix 6.1
sgi irix 6.3
bsdi bsd_os 2.1
freebsd freebsd 2.0.5
sun sunos 4.1.3u1
sgi irix 5.1
next nextstep 4.0
CVE-1999-0037 HIGH

Arbitrary command execution via metamail package using message headers, when user processes attacker's message using metamail.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
freebsd freebsd 6.2
redhat linux *
CVE-1999-0040 HIGH

Buffer overflow in Xt library of X Windowing System allows local users to execute commands with root privileges.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
sgi irix 6.4
sun sunos 4.1.4
hp hp-ux 10.00
hp hp-ux 9.10
sun solaris 2.5.1
hp hp-ux 10.08
hp hp-ux 10.34
freebsd freebsd 1.1.5.1
nec asl_ux_4800 64
hp hp-ux 10.30
sun sunos 4.1.3
nec up-ux_v 4.2mp
sgi irix 6.2
ibm aix 4.1
hp hp-ux 10.20
bsdi bsd_os 2.0
hp hp-ux 10.16
sgi irix 5.0
sun sunos 5.3
sgi irix 6.1
nec ews-ux_v 4.2
sgi irix 6.3
bsdi bsd_os 2.1
sun sunos 4.1.3u1
sun solaris 2.5
sun sunos 5.5.1
hp hp-ux 9.01
sgi irix 6.0
freebsd freebsd 2.0
nec ews-ux_v 4.2mp
ibm aix 4.2
sun sunos 5.4
hp hp-ux 10.10
bsdi bsd_os 2.0.1
hp hp-ux 10.24
hp hp-ux 9.00
sgi irix 5.3
sun solaris 2.4
hp hp-ux 10.01
ibm aix 3.2
sun sunos 5.5
sgi irix 4.0
hp hp-ux 10.09
CVE-1999-0046 HIGH

Buffer overflow of rlogin program using TERM environmental variable.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-120,

Products Affected

Vendor Product Version
sun sunos 4.1.4
digital ultrix 4.1
hp hp-ux 10.08
digital ultrix 4.2
ibm aix 4.1.1
oracle solaris 2.6
digital ultrix 4.3
digital ultrix 4.3a
hp hp-ux 10.30
next nextstep 3.3
oracle solaris 7.0
ibm aix 4.1
next nextstep 1.0
next nextstep 2.1
sun sunos 5.3
bsdi bsd_os 2.1
data_general dg_ux 4.0
sun sunos 4.1.3u1
ibm aix 4.1.3
bsdi bsd_os 2.0.1
hp hp-ux 10.24
digital ultrix 3.0
freebsd freebsd 2.1.5
data_general dg_ux 3.0
freebsd freebsd 2.0.5
hp hp-ux 10.01
ibm aix 3.2
sun sunos 5.5
next nextstep 1.0a
hp hp-ux 10.09
next nextstep 4.0
next nextstep -
hp hp-ux 10.00
sun solaris 2.5.1
hp hp-ux 10.34
freebsd freebsd 1.1.5.1
next nextstep 3.1
digital unix 4.0a
hp hp-ux 10.20
next nextstep 2.0
bsdi bsd_os 2.0
hp hp-ux 10.16
digital unix 4.0b
next nextstep 3.0
netbsd netbsd 1.0
digital unix 4.0
sun solaris 2.5
oracle solaris 8
oracle solaris -
digital ultrix 4.5
sun sunos 5.5.1
netbsd netbsd 1.1
freebsd freebsd 2.0
bsdi bsd_os 1.1
digital unix 3.2g
ibm aix 4.1.4
next nextstep 3.2
sun sunos 5.4
digital ultrix 4.4
hp hp-ux 10.10
digital ultrix 2.2
sun solaris 2.4
freebsd freebsd 2.1.0
data_general dg_ux 1.0
ibm aix 4.1.2
digital ultrix -
digital ultrix 4.0
ibm aix 4.1.5
data_general dg_ux 2.0
debian debian_linux 0.93
CVE-1999-0052 MEDIUM

IP fragmentation denial of service in FreeBSD allows a remote attacker to cause a crash.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,CWE-476,

Products Affected

Vendor Product Version
openbsd openbsd 2.4
freebsd freebsd 2.2.8
freebsd freebsd 2.1.7.1
freebsd freebsd 2.0
freebsd freebsd 2.1.6
freebsd freebsd 1.1.5.1
freebsd freebsd 2.1.0
openbsd openbsd 2.2
openbsd openbsd 2.3
freebsd freebsd 2.1.5
freebsd freebsd 2.2.2
bsdi bsd_os 4.0
freebsd freebsd 2.0.5
CVE-1999-0053 MEDIUM

TCP RST denial of service in FreeBSD.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
freebsd freebsd 6.2
CVE-1999-0057 HIGH

Vacation program allows command execution by remote users through a sendmail command.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
hp hp-ux 9
hp vvos *
sun sunos *
hp hp-ux 10.00
freebsd freebsd 6.2
eric_allman vacation *
sun solaris *
ibm aix *
hp hp-ux 10.24
hp hp-ux 10.09
CVE-1999-0061 MEDIUM

File creation and deletion, and remote execution, in the BSD line printer daemon (lpd).

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
linux linux_kernel 2.6.20.1
openbsd openbsd 2.1
freebsd freebsd 6.2
bsdi bsd_os *
CVE-1999-0074 MEDIUM

Listening TCP ports are sequentially allocated, allowing spoofing attacks.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
linux linux_kernel 2.6.20.1
microsoft windows_nt *
freebsd freebsd 6.2
netbsd netbsd 2.0.4
CVE-1999-0078 LOW

pcnfsd (aka rpc.pcnfsd) allows local users to change file permissions, or execute arbitrary commands through arguments in the RPC call.

CVSS 2.0

Severity: LOW

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
nec up-ux_v *
ncr mp-ras 3.01
ncr mp-ras 2.03
sco openserver 5
freebsd freebsd 6.2
ncr mp-ras 3.0
sco unixware 2.1
hp hp-ux *
ibm aix 4.2
sun sunos 5.4
sgi irix 5.3
sun sunos 4.1
ibm aix 4.1
bsdi bsd_os *
next nextstep *
ibm aix 3.2
sun sunos 5.5
CVE-1999-0085 HIGH

Buffer overflow in rwhod on AIX and other operating systems allows remote attackers to execute arbitrary code via a UDP packet with a long hostname.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
freebsd freebsd 6.2
ibm aix 4.2
netbsd netbsd 2.0.4
CVE-1999-0096 MEDIUM

Sendmail decode alias can be used to overwrite sensitive files.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
freebsd freebsd 2.1.6.1
sco openserver 5.0.2
freebsd freebsd 2.1.5
bsdi bsd_os *
freebsd freebsd 2.1.6
sco internet_faststart 1.0
sco internet_faststart 1.1
sco openserver 5.0
CVE-1999-0129 MEDIUM

Sendmail allows local users to write to a file and gain group permissions via a .forward or :include: file.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
sun sunos 4.1.4
hp hp-ux 10.00
sco openserver 5.0.2
sun solaris 2.5.1
sco internet_faststart 1.0
eric_allman sendmail 8.8.1
freebsd freebsd 2.1.6.1
ibm aix 4.1
eric_allman sendmail 8.8.3
hp hp-ux 10.20
hp hp-ux 10.16
sun sunos 5.3
bsdi bsd_os 2.1
sco openserver 5.0
sun sunos 4.1.3u1
sun solaris 2.5
eric_allman sendmail 8.8
sun sunos 5.5.1
freebsd freebsd 2.1.6
ibm aix 4.2
sun sunos 5.4
hp hp-ux 10.10
sun solaris 2.4
freebsd freebsd 2.1.5
eric_allman sendmail 8.8.2
sco internet_faststart 1.1
hp hp-ux 10.01
ibm aix 3.2
sun sunos 5.5
CVE-1999-0130 HIGH

Local users can start Sendmail in daemon mode and gain root privileges.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
eric_allman sendmail 8.8
hp hp-ux 10.00
freebsd freebsd 2.1.6
ibm aix 4.2
redhat linux 4.0
hp hp-ux 10.10
eric_allman sendmail 8.8.1
hp hp-ux 10.20
freebsd freebsd 2.1.5
caldera network_desktop 1.0
eric_allman sendmail 8.8.2
bsdi bsd_os 2.1
hp hp-ux 10.01
eric_allman sendmail 8.7
CVE-1999-0131 HIGH

Buffer overflow and denial of service in Sendmail 8.7.5 and earlier through GECOS field gives root access to local users.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
eric_allman sendmail 8.7.5
digital osf_1 1.3.2
sco openserver 5.0.2
ibm aix 4.2
sco internet_faststart 1.0
hp hp-ux 10.10
eric_allman sendmail 8.7.2
ibm aix 4.1
hp hp-ux 10.20
freebsd freebsd 2.1.5
eric_allman sendmail 8.7.3
bsdi bsd_os 2.1
hp hp-ux 10.01
ibm aix 3.2
sco openserver 5.0
eric_allman sendmail 8.7.1
redhat linux 3.0.3
eric_allman sendmail 8.6
eric_allman sendmail 8.7.4
CVE-1999-0138 HIGH

The suidperl and sperl program do not give up root privileges when changing UIDs back to the original users, allowing root access.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
hp hp-ux 9
freebsd freebsd 2.0
nec ews-ux_v 4.2mp
hp hp-ux 8
nec asl_ux_4800 *
freebsd freebsd 2.1.0
nec up-ux_v 4.2mp
apple a_ux 3.1.1
ibm aix 3.2.5
digital osf_1 1.3
hp hp-ux 10
linux linux_kernel 2.0
nec ews-ux_v 4.2
freebsd freebsd 2.0.5
linux linux_kernel 1.2.0
ibm aix 4
CVE-1999-0297 HIGH

Buffer overflow in Vixie Cron library up to version 3.0 allows local users to obtain root access via a long environmental variable.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
paul_vixie vixie_cron 3.0
bsdi bsd_os 2.1
redhat linux *
netbsd netbsd 2.0.4
freebsd freebsd 2.1.0
CVE-1999-0299 HIGH

Buffer overflow in FreeBSD lpd through long DNS hostnames.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
freebsd freebsd 6.2
CVE-1999-0304 HIGH

mmap function in BSD allows local attackers in the kmem group to modify memory through devices.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
openbsd openbsd 2.2
freebsd freebsd 2.2
netbsd netbsd 2.0.4
bsdi bsd_os 3.0
CVE-1999-0305 MEDIUM

The system configuration control (sysctl) facility in BSD based operating systems OpenBSD 2.2 and earlier, and FreeBSD 2.2.5 and earlier, does not properly restrict source routed packets even when the (1) dosourceroute or (2) forwarding variables are set, which allows remote attackers to spoof TCP connections.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
openbsd openbsd 2.2
freebsd freebsd 2.2.5
openbsd openbsd 2.1
freebsd freebsd 2.2
bsdi bsd_os *
openbsd openbsd 2.0
CVE-1999-0322 LOW

The open() function in FreeBSD allows local attackers to write to arbitrary files.

CVSS 2.0

Severity: LOW

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
freebsd freebsd 2.2
freebsd freebsd 2.1.0
CVE-1999-0323 HIGH

FreeBSD mmap function allows users to modify append-only or immutable files.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
openbsd openbsd 2.2
freebsd freebsd 2.2
netbsd netbsd 2.0.4
bsdi bsd_os 3.0
CVE-1999-0345 MEDIUM

Jolt ICMP attack causes a denial of service in Windows 95 and Windows NT systems.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
sco open_desktop 3
sco openserver 5
freebsd freebsd 2.0
ibm aix 4.2
sco internet_faststart 1.0
freebsd freebsd 1.0
freebsd freebsd 1.1.5.1
sun sunos *
ibm aix 4.1
freebsd freebsd 1.1
sco internet_faststart 1.1
freebsd freebsd 2.0.5
ibm sng 2.1
ibm sng 2.2
ibm aix 3.2
freebsd freebsd 1.2
CVE-1999-0405 HIGH

A buffer overflow in lsof allows local users to obtain root privilege.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
freebsd freebsd 2.1.7.1
suse suse_linux 6.1
suse suse_linux 4.4
freebsd freebsd 3.0
suse suse_linux 4.2
suse suse_linux 5.3
freebsd freebsd 3.2
suse suse_linux 5.0
debian debian_linux 2.0
freebsd freebsd 2.2.5
freebsd freebsd 2.2.8
freebsd freebsd 2.2.4
freebsd freebsd 2.0
freebsd freebsd 2.1.6
suse suse_linux 4.4.1
redhat linux 5.2
suse suse_linux 4.3
freebsd freebsd 2.2.3
freebsd freebsd 2.1.0
suse suse_linux 5.1
freebsd freebsd 3.1
freebsd freebsd 2.1.5
freebsd freebsd 2.2.2
debian debian_linux 2.0.5
freebsd freebsd 2.2.6
freebsd freebsd 2.0.5
suse suse_linux 6.0
suse suse_linux 5.2
CVE-1999-0513 MEDIUM

ICMP messages to broadcast addresses are allowed, allowing for a Smurf attack that can cause a denial of service.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
sun solaris 2.5.1
digital unix 4.0c
freebsd freebsd 2.1.7.1
sun solaris 2.6
freebsd freebsd 1.1.5.1
digital unix 4.0a
hp hp-ux 10.20
digital unix 4.0d
digital unix 4.0b
digital unix 4.0
sun solaris 2.5
hp hp-ux 11.00
sun sunos 5.5.1
netbsd netbsd 1.2
ibm aix 3.2.4
freebsd freebsd 2.2.4
linux linux_kernel 2.1
freebsd freebsd 2.1.6
ibm aix 3.1
digital unix 3.2g
sun sunos 5.4
freebsd freebsd 2.2.3
sun sunos -
sun solaris 2.4
freebsd freebsd 2.1.0
ibm aix 3.2.5
freebsd freebsd 2.1.5
freebsd freebsd 2.2.2
linux linux_kernel 2.0
freebsd freebsd 2.0.5
ibm aix 3.2
sun sunos 5.5
CVE-1999-0628 MEDIUM

The rwho/rwhod service is running, which exposes machine status and user information.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
linux linux_kernel 2.6.20.1
freebsd freebsd 6.2
ibm aix 4.2
netbsd netbsd 2.0.4
CVE-1999-0703 LOW

OpenBSD, BSDI, and other Unix operating systems allow users to set chflags and fchflags on character and block devices.

CVSS 2.0

Severity: LOW

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
openbsd openbsd 2.5
bsdi bsd_os 3.2
freebsd freebsd 3.2
CVE-1999-0704 HIGH

Buffer overflow in Berkeley automounter daemon (amd) logging facility provided in the Linux am-utils package and others.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
bsdi bsd_os 4.0.1
bsdi bsd_os 3.1
freebsd freebsd 3.1
redhat linux 6.0
redhat linux 5.1
redhat linux 5.2
freebsd freebsd 3.0
freebsd freebsd 3.2
redhat linux 4.2
redhat linux 5.0
CVE-1999-0761 HIGH

Buffer overflow in FreeBSD fts library routines allows local user to modify arbitrary files via the periodic program.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
freebsd freebsd 2.2.5
freebsd freebsd 2.2.8
freebsd freebsd 2.1.7.1
freebsd freebsd 2.2.4
freebsd freebsd 2.0
freebsd freebsd 1.1.5.1
freebsd freebsd 2.2.3
freebsd freebsd 3.0
freebsd freebsd 2.1.0
freebsd freebsd 3.1
freebsd freebsd 2.1.5
freebsd freebsd 2.2.2
freebsd freebsd 2.2.6
freebsd freebsd 2.0.5
freebsd freebsd 3.2
CVE-1999-0780 MEDIUM

KDE klock allows local users to kill arbitrary processes by specifying an arbitrary PID in the .kss.pid file.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
linux linux_kernel 2.6.20.1
freebsd freebsd 6.2
kde kde 1.0
CVE-1999-0781 HIGH

KDE allows local users to execute arbitrary commands by setting the KDEDIR environmental variable to modify the search path that KDE uses to locate its executables.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
linux linux_kernel 2.6.20.1
freebsd freebsd 6.2
kde kde 1.0
CVE-1999-0782 LOW

KDE kppp allows local users to create a directory in an arbitrary location via the HOME environmental variable.

CVSS 2.0

Severity: LOW

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
linux linux_kernel 2.6.20.1
freebsd freebsd 6.2
kde kde 1.0
CVE-1999-0783 MEDIUM

FreeBSD allows local users to conduct a denial of service by creating a hard link from a device special file to a file on an NFS file system.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-59,

Products Affected

Vendor Product Version
freebsd freebsd 2.2
CVE-1999-0796 HIGH

FreeBSD T/TCP Extensions for Transactions can be subjected to spoofing attacks.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
freebsd freebsd 2.2
freebsd freebsd 2.1.0
CVE-1999-0798 HIGH

Buffer overflow in bootpd on OpenBSD, FreeBSD, and Linux systems via a malformed header type.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
openbsd openbsd 2.4
sco internet_faststart *
openbsd openbsd 2.3
freebsd freebsd 6.2
bsdi bsd_os *
sco unixware 7.0
redhat linux *
sco openserver *
sco unixware 7.0.1
CVE-1999-0820 MEDIUM

FreeBSD seyon allows users to gain privileges via a modified PATH variable for finding the xterm and seyon-emu commands.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
freebsd freebsd 3.3
CVE-1999-0821 MEDIUM

FreeBSD seyon allows local users to gain privileges by providing a malicious program in the -emulator argument.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
freebsd freebsd 3.3
CVE-1999-0823 MEDIUM

Buffer overflow in FreeBSD xmindpath allows local users to gain privileges via -f argument.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
freebsd freebsd 3.3
CVE-1999-0826 MEDIUM

Buffer overflow in FreeBSD angband allows local users to gain privileges.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
freebsd freebsd 3.3
CVE-1999-0855 HIGH

Buffer overflow in FreeBSD gdc program.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
freebsd freebsd 3.3
CVE-1999-0857 LOW

FreeBSD gdc program allows local users to modify files via a symlink attack.

CVSS 2.0

Severity: LOW

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
freebsd freebsd 3.3
CVE-1999-0863 MEDIUM

Buffer overflow in FreeBSD seyon via HOME environmental variable, -emulator argument, -modems argument, or the GUI.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
freebsd freebsd 3.3
CVE-1999-0912 LOW

FreeBSD VFS cache (vfs_cache) allows local users to cause a denial of service by opening a large number of files.

CVSS 2.0

Severity: LOW

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
freebsd freebsd 3.1
freebsd freebsd 3.0
freebsd freebsd 3.2
CVE-1999-0963 HIGH

FreeBSD mount_union command allows local users to gain root privileges via a symlink attack.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
freebsd freebsd 2.2
CVE-1999-0964 HIGH

Buffer overflow in FreeBSD setlocale in the libc module allows attackers to execute arbitrary code via a long PATH_LOCALE environment variable.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
freebsd freebsd 2.1.6
CVE-1999-1008 HIGH

xsoldier program allows local users to gain root access via a long argument.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
mandrakesoft mandrake_linux 7.0
freebsd freebsd 3.3
CVE-1999-1187 MEDIUM

Pine before version 3.94 allows local users to gain privileges via a symlink attack on a lockfile that is created when a user receives new mail.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
slackware slackware_linux 3.0
university_of_washington pine *
freebsd freebsd 2.1.0
CVE-1999-1214 LOW

The asynchronous I/O facility in 4.4 BSD kernel does not check user credentials when setting the recipient of I/O notification, which allows local users to cause a denial of service by using certain ioctl and fcntl calls to cause the signal to be sent to an arbitrary process ID.

CVSS 2.0

Severity: LOW

Problem Type: CWE-255,

Products Affected

Vendor Product Version
bsd bsd *
sgi irix *
bsd bsd 4.4
openbsd openbsd 2.1
freebsd freebsd 6.2
netbsd netbsd 2.0.4
CVE-1999-1298 HIGH

Sysinstall in FreeBSD 2.2.1 and earlier, when configuring anonymous FTP, creates the ftp user without a password and with /bin/date as the shell, which could allow attackers to gain access to certain system resources.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
freebsd freebsd *
freebsd freebsd 2.2
freebsd freebsd 2.1.5
freebsd freebsd 2.1.6
freebsd freebsd 2.1.7
freebsd freebsd 2.1.0
CVE-1999-1301 HIGH

A design flaw in the Z-Modem protocol allows the remote sender of a file to execute arbitrary programs on the client, as implemented in rz in the rzsz module of FreeBSD before 2.1.5, and possibly other programs.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
freebsd freebsd *
CVE-1999-1313 MEDIUM

Manual page reader (man) in FreeBSD 2.2 and earlier allows local users to gain privileges via a sequence of commands.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
freebsd freebsd *
freebsd freebsd 2.0
freebsd freebsd 2.0.5
freebsd freebsd 2.1.0
CVE-1999-1314 LOW

Vulnerability in union file system in FreeBSD 2.2 and earlier, and possibly other operating systems, allows local users to cause a denial of service (system reload) via a series of certain mount_union commands.

CVSS 2.0

Severity: LOW

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
freebsd freebsd *
freebsd freebsd 2.2
freebsd freebsd 2.1
freebsd freebsd 2.0
freebsd freebsd 2.0.5
freebsd freebsd 2.1.0
CVE-1999-1339 MEDIUM

Vulnerability when Network Address Translation (NAT) is enabled in Linux 2.2.10 and earlier with ipchains, or FreeBSD 3.2 with ipfw, allows remote attackers to cause a denial of service (kernel panic) via a ping -R (record route) command.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
linux linux_kernel *
freebsd freebsd 3.2
CVE-1999-1385 HIGH

Buffer overflow in ppp program in FreeBSD 2.1 and earlier allows local users to gain privileges via a long HOME environment variable.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
freebsd freebsd 2.1.6.1
freebsd freebsd *
freebsd freebsd 2.1.5
freebsd freebsd 1.1
freebsd freebsd 2.1.6
freebsd freebsd 1.0
CVE-1999-1402 LOW

The access permissions for a UNIX domain socket are ignored in Solaris 2.x and SunOS 4.x, and other BSD-based operating systems before 4.4, which could allow local users to connect to the socket and possibly disrupt or control the operations of the program using that socket.

CVSS 2.0

Severity: LOW

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
sun sunos 5.5.1
freebsd freebsd 2.2.5
sun solaris 2.5.1
freebsd freebsd 2.2.8
sun sunos 5.0
freebsd freebsd 2.2.4
sun solaris 2.6
freebsd freebsd 2.2.3
freebsd freebsd 3.0
sun sunos -
sun sunos 4.0
freebsd freebsd 3.1
freebsd freebsd 2.2.2
freebsd freebsd 2.2.6
sun sunos 5.5
sun solaris 2.5
CVE-1999-1517 HIGH

runtar in the Amanda backup system used in various UNIX operating systems executes tar with root privileges, which allows a user to overwrite or read arbitrary files by providing the target files to runtar.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
freebsd freebsd 3.3
CVE-1999-1518 MEDIUM

Operating systems with shared memory implementations based on BSD 4.4 code allow a user to conduct a denial of service and bypass memory limits (e.g., as specified with rlimits) using mmap or shmget to allocate memory and cause page faults.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
freebsd freebsd 2.2.5
netbsd netbsd 1.3.3
freebsd freebsd 2.2.8
freebsd freebsd 2.1.7.1
freebsd freebsd 2.2.4
netbsd netbsd 1.4
freebsd freebsd 2.0
freebsd freebsd 2.1.6
freebsd freebsd 1.1.5.1
freebsd freebsd 2.2.3
netbsd netbsd 1.3.1
freebsd freebsd 3.0
freebsd freebsd 2.1.0
freebsd freebsd 3.1
netbsd netbsd 1.3.2
freebsd freebsd 2.1.5
freebsd freebsd 2.2.2
freebsd freebsd 2.2.6
freebsd freebsd 2.0.5
freebsd freebsd 3.2
CVE-1999-1564 LOW

FreeBSD 3.2 and possibly other versions allows a local user to cause a denial of service (panic) with a large number accesses of an NFS v3 mounted directory from a large number of processes.

CVSS 2.0

Severity: LOW

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
freebsd freebsd 3.2
CVE-1999-1572 LOW

cpio on FreeBSD 2.1.0, Debian GNU/Linux 3.0, and possibly other operating systems, uses a 0 umask when creating files using the -O (archive) or -F options, which creates the files with mode 0666 and allows local users to read or overwrite those files.

CVSS 2.0

Severity: LOW

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
mandrakesoft mandrake_linux 10.0
ubuntu ubuntu_linux 4.10
debian debian_linux 3.0
redhat enterprise_linux 4.0
mandrakesoft mandrake_linux cs2.1
mandrakesoft mandrake_linux 9.2
redhat enterprise_linux_desktop 4.0
mandrakesoft mandrake_linux 10.1
mandrakesoft mandrake_linux cs3.0
freebsd freebsd 2.1.0
CVE-2000-0092 MEDIUM

The BSD make program allows local users to modify files via a symlink attack when the -j option is being used.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
freebsd freebsd 3.4
netbsd netbsd 1.4.1
openbsd openbsd 2.6
CVE-2000-0163 MEDIUM

asmon and ascpu in FreeBSD allow local users to gain root privileges via a configuration file.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
freebsd freebsd 3.1
freebsd freebsd 3.4
freebsd freebsd 3.0
freebsd freebsd 3.2
freebsd freebsd 3.3
CVE-2000-0186 HIGH

Buffer overflow in the dump utility in the Linux ext2fs backup package allows local users to gain privileges via a long command line argument.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
mandrakesoft mandrake_linux 7.0
redhat linux 6.0
redhat linux 5.1
redhat linux 5.2
turbolinux turbolinux 4.2
freebsd freebsd 3.4
mandrakesoft mandrake_linux 6.1
redhat linux 6.1
turbolinux turbolinux 4.4
redhat linux 6.2
turbolinux turbolinux 6.0.2
CVE-2000-0235 HIGH

Buffer overflow in the huh program in the orville-write package allows local users to gain root privileges.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
freebsd freebsd 3.1
freebsd freebsd 3.4
freebsd freebsd 3.0
freebsd freebsd 3.2
freebsd freebsd 3.3
CVE-2000-0375 LOW

The kernel in FreeBSD 3.2 follows symbolic links when it creates core dump files, which allows local attackers to modify arbitrary files.

CVSS 2.0

Severity: LOW

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
freebsd freebsd 3.2
CVE-2000-0388 HIGH

Buffer overflow in FreeBSD libmytinfo library allows local users to execute commands via a long TERMCAP environmental variable.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
freebsd freebsd 3.1
freebsd freebsd 3.4
freebsd freebsd 3.0
freebsd freebsd 3.2
freebsd freebsd 3.3
CVE-2000-0440 MEDIUM

NetBSD 1.4.2 and earlier allows remote attackers to cause a denial of service by sending a packet with an unaligned IP timestamp option.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
freebsd freebsd 4.0
freebsd freebsd 5.0
netbsd netbsd 1.4.2
freebsd freebsd 3.4
netbsd netbsd 1.4.1
CVE-2000-0461 LOW

The undocumented semconfig system call in BSD freezes the state of semaphores, which allows local users to cause a denial of service of the semaphore system by using the semconfig call.

CVSS 2.0

Severity: LOW

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
freebsd freebsd 2.1.7.1
freebsd freebsd 5.0
netbsd netbsd 1.4.2
freebsd freebsd 1.1.5.1
freebsd freebsd 3.0
freebsd freebsd 2.1.6.1
freebsd freebsd 3.2
freebsd freebsd 2.2.5
freebsd freebsd 2.2
freebsd freebsd 2.2.8
freebsd freebsd 2.2.4
freebsd freebsd 2.0
freebsd freebsd 2.1.6
freebsd freebsd 3.4
freebsd freebsd 2.2.3
netbsd netbsd 1.4.1
freebsd freebsd 3.3
freebsd freebsd 2.1.0
freebsd freebsd 3.1
freebsd freebsd 2.1.5
freebsd freebsd 2.2.2
freebsd freebsd 4.0
freebsd freebsd 2.2.6
freebsd freebsd 2.0.5
CVE-2000-0489 LOW

FreeBSD, NetBSD, and OpenBSD allow an attacker to cause a denial of service by creating a large number of socket pairs using the socketpair function, setting a large buffer size via setsockopt, then writing large buffers.

CVSS 2.0

Severity: LOW

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
freebsd freebsd 3.5
netbsd netbsd 1.4
freebsd freebsd 5.0
netbsd netbsd 1.4.2
freebsd freebsd 3.4
netbsd netbsd 1.4.1
freebsd freebsd 3.0
freebsd freebsd 3.3
freebsd freebsd 3.1
openbsd openbsd 2.5
freebsd freebsd 4.0
openbsd openbsd 2.6
openbsd openbsd 2.7
freebsd freebsd 3.2
CVE-2000-0532 HIGH

A FreeBSD patch for SSH on 2000-01-14 configures ssh to listen on port 722 as well as port 22, which might allow remote attackers to access SSH through port 722 even if port 22 is otherwise filtered.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
freebsd freebsd 4.0
CVE-2000-0535 MEDIUM

OpenSSL 0.9.4 and OpenSSH for FreeBSD do not properly check for the existence of the /dev/random or /dev/urandom devices, which are absent on FreeBSD Alpha systems, which causes them to produce weak keys which may be more easily broken.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
freebsd freebsd 4.0
freebsd freebsd 5.0
openssl openssl 0.9.4
CVE-2000-0584 HIGH

Buffer overflow in Canna input system allows remote attackers to execute arbitrary commands via an SR_INIT command with a long user name or group name.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
freebsd freebsd 3.5
debian debian_linux 2.1
CVE-2000-0594 MEDIUM

BitchX IRC client does not properly cleanse an untrusted format string, which allows remote attackers to cause a denial of service via an invite to a channel whose name includes special formatting characters.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
caldera openlinux_eserver 2.3
freebsd freebsd 3.5
caldera openlinux_edesktop 2.4
freebsd freebsd 4.0
caldera openlinux_desktop 2.3
caldera openlinux_ebuilder 2.3
mandrakesoft mandrake_linux 2007
CVE-2000-0595 MEDIUM

libedit searches for the .editrc file in the current directory instead of the user's home directory, which may allow local users to execute arbitrary commands by installing a modified .editrc in another directory.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
freebsd freebsd 3.1
freebsd freebsd 4.0
freebsd freebsd 3.4
freebsd freebsd 3.0
freebsd freebsd 3.2
freebsd freebsd 3.3
CVE-2000-0729 LOW

FreeBSD 5.x, 4.x, and 3.x allows local users to cause a denial of service by executing a program with a malformed ELF image header.

CVSS 2.0

Severity: LOW

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
freebsd freebsd 3.5
freebsd freebsd 3.1
freebsd freebsd 4.0
freebsd freebsd 5.0
freebsd freebsd 3.4
freebsd freebsd 3.0
freebsd freebsd 3.2
freebsd freebsd 4.1
freebsd freebsd 3.3
CVE-2000-0749 HIGH

Buffer overflow in the Linux binary compatibility module in FreeBSD 3.x through 5.x allows local users to gain root privileges via long filenames in the linux shadow file system.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
freebsd freebsd 3.5
freebsd freebsd 3.1
freebsd freebsd 4.0
freebsd freebsd 5.0
freebsd freebsd 3.4
freebsd freebsd 3.0
freebsd freebsd 3.2
freebsd freebsd 4.1
freebsd freebsd 3.3
CVE-2000-0752 HIGH

Buffer overflows in brouted in FreeBSD and possibly other OSes allows local users to gain root privileges via long command line arguments.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
freebsd freebsd 3.5
freebsd freebsd 4.0
freebsd freebsd 5.0
freebsd freebsd 4.1
CVE-2000-0852 HIGH

Multiple buffer overflows in eject on FreeBSD and possibly other OSes allows local users to gain root privileges.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
freebsd freebsd 4.0
freebsd freebsd 5.0
freebsd freebsd 3.0
CVE-2000-0890 LOW

periodic in FreeBSD 4.1.1 and earlier, and possibly other operating systems, allows local users to overwrite arbitrary files via a symlink attack.

CVSS 2.0

Severity: LOW

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
freebsd freebsd 6.2
CVE-2000-0915 MEDIUM

fingerd in FreeBSD 4.1.1 allows remote attackers to read arbitrary files by specifying the target file name instead of a regular user name.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
freebsd freebsd 4.1.1
CVE-2000-0916 HIGH

FreeBSD 4.1.1 and earlier, and possibly other BSD-based OSes, uses an insufficient random number generator to generate initial TCP sequence numbers (ISN), which allows remote attackers to spoof TCP connections.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
freebsd freebsd 4.0
freebsd freebsd 2.0
freebsd freebsd 4.1.1
freebsd freebsd 3.0
freebsd freebsd 4.1
CVE-2000-0963 HIGH

Buffer overflow in ncurses library allows local users to execute arbitrary commands via long environmental information such as TERM or TERMINFO_DIRS.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
immunix immunix 7.0_beta
redhat linux 7.0
gnu ncurses *
freebsd freebsd 4.0
immunix immunix 6.2
freebsd freebsd 3.4
freebsd freebsd 3.5.1
freebsd freebsd 4.1.1
freebsd freebsd 4.1
redhat linux 6.2
CVE-2000-0993 HIGH

Format string vulnerability in pw_error function in BSD libutil library allows local users to gain root privileges via a malformed password in commands such as chpass or passwd.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
openbsd openbsd 2.4
freebsd freebsd 3.5
netbsd netbsd 1.4
netbsd netbsd 1.4.2
freebsd freebsd 3.4
netbsd netbsd 1.4.1
freebsd freebsd 3.3
openbsd openbsd 2.5
openbsd openbsd 2.3
freebsd freebsd 4.0
openbsd openbsd 2.6
openbsd openbsd 2.7
freebsd freebsd 3.2
CVE-2000-0998 HIGH

Format string vulnerability in top program allows local attackers to gain root privileges via the "kill" or "renice" function.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
freebsd freebsd 3.5
freebsd freebsd 4.0
freebsd freebsd 3.5.1
freebsd freebsd 4.1.1
freebsd freebsd 4.1
CVE-2000-1011 HIGH

Buffer overflow in catopen() function in FreeBSD 5.0 and earlier, and possibly other OSes, allows local users to gain root privileges via a long environmental variable.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
freebsd freebsd 3.5
freebsd freebsd 5.0
freebsd freebsd 4.2
freebsd freebsd 3.4
freebsd freebsd 3.5.1
freebsd freebsd 3.0
freebsd freebsd 3.3
freebsd freebsd 3.1
freebsd freebsd 4.0
freebsd freebsd 4.1.1
freebsd freebsd 3.2
freebsd freebsd 4.1
CVE-2000-1012 HIGH

The catopen function in FreeBSD 5.0 and earlier, and possibly other OSes, allows local users to read arbitrary files via the LANG environmental variable.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
freebsd freebsd 3.5
freebsd freebsd 5.0
freebsd freebsd 4.2
freebsd freebsd 3.4
freebsd freebsd 3.5.1
freebsd freebsd 3.0
freebsd freebsd 3.3
freebsd freebsd 3.1
freebsd freebsd 4.0
freebsd freebsd 4.1.1
freebsd freebsd 3.2
freebsd freebsd 4.1
CVE-2000-1013 HIGH

The setlocale function in FreeBSD 5.0 and earlier, and possibly other OSes, allows local users to read arbitrary files via the LANG environmental variable.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
freebsd freebsd 3.5
freebsd freebsd 5.0
freebsd freebsd 4.2
freebsd freebsd 3.4
freebsd freebsd 3.5.1
freebsd freebsd 3.0
freebsd freebsd 3.3
freebsd freebsd 3.1
freebsd freebsd 4.0
freebsd freebsd 4.1.1
freebsd freebsd 3.2
freebsd freebsd 4.1
CVE-2000-1066 MEDIUM

The getnameinfo function in FreeBSD 4.1.1 and earlier, and possibly other operating systems, allows a remote attacker to cause a denial of service via a long DNS hostname.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
freebsd freebsd 4.0
freebsd freebsd 4.1.1
freebsd freebsd 4.1
CVE-2000-1167 HIGH

ppp utility in FreeBSD 4.1.1 and earlier does not properly restrict access as specified by the "nat deny_incoming" command, which allows remote attackers to connect to the target system.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
freebsd freebsd 3.5
freebsd freebsd 4.0
freebsd freebsd 3.5.1
freebsd freebsd 4.1.1
freebsd freebsd 4.1
CVE-2000-1184 MEDIUM

telnetd in FreeBSD 4.2 and earlier, and possibly other operating systems, allows remote attackers to cause a denial of service by specifying an arbitrary large file in the TERMCAP environmental variable, which consumes resources as the server processes the file.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
freebsd freebsd 4.0
freebsd freebsd 3.5.1
freebsd freebsd 4.1.1
freebsd freebsd 3.0
freebsd freebsd 4.1
CVE-2001-0061 HIGH

procfs in FreeBSD and possibly other operating systems does not properly restrict access to per-process mem and ctl files, which allows local users to gain root privileges by forking a child process and executing a privileged process from the child, while the parent retains access to the child's address space.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
freebsd freebsd 4.2
freebsd freebsd 3.5.1
freebsd freebsd 4.1.1
freebsd freebsd 4.1
CVE-2001-0062 LOW

procfs in FreeBSD and possibly other operating systems allows local users to cause a denial of service by calling mmap on the process' own mem file, which causes the kernel to hang.

CVSS 2.0

Severity: LOW

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
freebsd freebsd 4.2
freebsd freebsd 3.5.1
freebsd freebsd 4.1.1
freebsd freebsd 4.1
CVE-2001-0063 HIGH

procfs in FreeBSD and possibly other operating systems allows local users to bypass access control restrictions for a jail environment and gain additional privileges.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
freebsd freebsd 4.2
freebsd freebsd 3.5.1
freebsd freebsd 4.1.1
freebsd freebsd 4.1
CVE-2001-0093 HIGH

Vulnerability in telnetd in FreeBSD 1.5 allows local users to gain root privileges by modifying critical environmental variables that affect the behavior of telnetd.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
freebsd freebsd 1.5
CVE-2001-0094 HIGH

Buffer overflow in kdc_reply_cipher of libkrb (Kerberos 4 authentication library) in NetBSD 1.5 and FreeBSD 4.2 and earlier, as used in Kerberised applications such as telnetd and login, allows local users to gain root privileges.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
freebsd freebsd 1.5
CVE-2001-0128 HIGH

Zope before 2.2.4 does not properly compute local roles, which could allow users to bypass specified access restrictions and gain privileges.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
redhat linux_powertools 7.0
freebsd freebsd 6.2
conectiva linux 4.2
conectiva linux 5.1
conectiva linux 5.0
zope zope *
conectiva linux 6.0
mandrakesoft mandrake_linux 7.2
redhat linux 7.0
mandrakesoft mandrake_linux 7.1
redhat linux 6.1
debian debian_linux 2.2
redhat linux_powertools 6.1
redhat linux 6.2
redhat linux_powertools 6.2
CVE-2001-0183 HIGH

ipfw and ip6fw in FreeBSD 4.2 and earlier allows remote attackers to bypass access restrictions by setting the ECE flag in a TCP packet, which makes the packet appear to be part of an established connection.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
freebsd freebsd 3.5
freebsd freebsd 3.1
freebsd freebsd 4.0
freebsd freebsd 4.2
freebsd freebsd 3.4
freebsd freebsd 3.5.1
freebsd freebsd 4.1.1
freebsd freebsd 3.0
freebsd freebsd 4.1
freebsd freebsd 3.3
CVE-2001-0196 MEDIUM

inetd ident server in FreeBSD 4.x and earlier does not properly set group permissions, which allows remote attackers to read the first 16 bytes of files that are accessible by the wheel group.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
freebsd freebsd 3.5
freebsd freebsd 4.2
freebsd freebsd 3.5.1
freebsd freebsd 4.1.1
CVE-2001-0221 HIGH

Buffer overflow in ja-xklock 2.7.1 and earlier allows local users to gain root privileges.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
freebsd ja-xklock *
CVE-2001-0230 MEDIUM

Buffer overflow in dc20ctrl before 0.4_1 in FreeBSD, and possibly other operating systems, allows local users to gain privileges.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
freebsd freebsd *
CVE-2001-0247 HIGH

Buffer overflows in BSD-based FTP servers allows remote attackers to execute arbitrary commands via a long pattern string containing a {} sequence, as seen in (1) g_opendir, (2) g_lstat, (3) g_stat, and (4) the glob0 buffer as used in the glob functions glob2 and glob3.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
sgi irix 6.5.3
sgi irix 6.5.5
netbsd netbsd 1.4.2
sgi irix 6.5.2m
sgi irix 6.5.11
sgi irix 6.5.4
freebsd freebsd 2.2.8
netbsd netbsd 1.3
netbsd netbsd 1.4
freebsd freebsd 2.2.3
netbsd netbsd 1.4.1
freebsd freebsd 3.5.1
freebsd freebsd 3.1
netbsd netbsd 1.3.2
openbsd openbsd 2.5
openbsd openbsd 2.3
sgi irix 6.5.3f
freebsd freebsd 2.2.6
openbsd openbsd 2.6
freebsd freebsd 4.1
sgi irix 6.5.7
sgi irix 6.5.6
openbsd openbsd 2.4
mit kerberos_5 1.1.1
netbsd netbsd 1.3.3
netbsd netbsd 1.2.1
openbsd openbsd 2.8
netbsd netbsd 1.4.3
mit kerberos_5 1.2.2
netbsd netbsd 1.3.1
freebsd freebsd 3.0
sgi irix 6.5.10
sgi irix 6.1
openbsd openbsd 2.7
freebsd freebsd 3.2
sgi irix 6.5.3m
freebsd freebsd 3.5
freebsd freebsd 2.2.5
freebsd freebsd 2.2
mit kerberos_5 1.2
freebsd freebsd 2.2.4
freebsd freebsd 4.2
freebsd freebsd 3.4
mit kerberos_5 1.2.1
freebsd freebsd 3.3
sgi irix 6.5.1
freebsd freebsd 2.2.2
freebsd freebsd 4.0
sgi irix 6.5.8
netbsd netbsd 1.5
freebsd freebsd 4.1.1
CVE-2001-0310 LOW

sort in FreeBSD 4.1.1 and earlier, and possibly other operating systems, uses predictable temporary file names and does not properly handle when the temporary file already exists, which causes sort to crash and possibly impacts security-sensitive scripts.

CVSS 2.0

Severity: LOW

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
freebsd freebsd 3.5.1
freebsd freebsd 4.1.1
CVE-2001-0371 MEDIUM

Race condition in the UFS and EXT2FS file systems in FreeBSD 4.2 and earlier, and possibly other operating systems, makes deleted data available to user processes before it is zeroed out, which allows a local user to access otherwise restricted information.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
freebsd freebsd *
CVE-2001-0388 HIGH

time server daemon timed allows remote attackers to cause a denial of service via malformed packets.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
mandrakesoft mandrake_linux 7.0
freebsd freebsd *
suse suse_linux 6.1
suse suse_linux 7.0
mandrakesoft mandrake_linux 7.2
suse suse_linux 6.4
mandrakesoft mandrake_linux 7.1
suse suse_linux 7.1
mandrakesoft mandrake_linux 6.0
mandrakesoft mandrake_linux 6.1
suse suse_linux 6.2
suse suse_linux 6.3
CVE-2001-0402 HIGH

IPFilter 3.4.16 and earlier does not include sufficient session information in its cache, which allows remote attackers to bypass access restrictions by sending fragmented packets to a restricted port after sending unfragmented packets to an unrestricted port.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
freebsd freebsd *
openbsd openbsd 2.8
darren_reed ipfilter *
CVE-2001-0424 HIGH

BubbleMon 1.31 does not properly drop group privileges before executing programs, which allows local users to execute arbitrary commands with the kmem group id.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
timecop bubblemon 1.1test5
freebsd freebsd 6.2
timecop bubblemon 1.1
timecop bubblemon 1.3
timecop bubblemon 1.2
timecop bubblemon 1.1test4
timecop bubblemon 1.21test1
timecop bubblemon 1.0pl7
timecop bubblemon 1.1test6
timecop bubblemon 1.0pl4
timecop bubblemon 1.0pl6
timecop bubblemon 1.0pl9
timecop bubblemon 1.0pl3
timecop bubblemon 1.2test1
timecop bubblemon 1.31
timecop bubblemon 1.1test1
timecop bubblemon 1.1test7
timecop bubblemon 1.0pl1
timecop bubblemon 1.22
timecop bubblemon 1.0pl2
timecop bubblemon 1.0pl8
timecop bubblemon 1.21
timecop bubblemon 1.0
timecop bubblemon 1.1test2
timecop bubblemon 1.1test3
timecop bubblemon 1.23
CVE-2001-0439 HIGH

licq before 1.0.3 allows remote attackers to execute arbitrary commands via shell metacharacters in a URL.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
conectiva linux 4.2
freebsd freebsd 4.2
conectiva linux 4.0es
freebsd freebsd 3.5.1
conectiva linux 5.0
mandrakesoft mandrake_linux 7.2
conectiva linux 4.0
mandrakesoft mandrake_linux_corporate_server 1.0.1
redhat linux 7.0
mandrakesoft mandrake_linux 7.1
licq licq *
conectiva linux 4.1
CVE-2001-0469 MEDIUM

rwho daemon rwhod in FreeBSD 4.2 and earlier, and possibly other operating systems, allows remote attackers to cause a denial of service via malformed packets with a short length.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
freebsd freebsd *
CVE-2001-0554 HIGH

Buffer overflow in BSD-based telnetd telnet daemon on various operating systems allows remote attackers to execute arbitrary commands via a set of options including AYT (Are You There), which is not properly handled by the telrcv function.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-120,

Products Affected

Vendor Product Version
freebsd freebsd 4.3
sun sunos 5.2
freebsd freebsd 2.1.7.1
sun solaris 2.6
netbsd netbsd 1.4.2
sun sunos 5.3
openbsd openbsd 2.1
netbsd netbsd 1.2
netbsd netbsd 1.5.1
freebsd freebsd 2.2.8
netbsd netbsd 1.3
sun sunos 5.0
netbsd netbsd 1.4
freebsd freebsd 2.1.6
freebsd freebsd 2.2.3
netbsd netbsd 1.4.1
freebsd freebsd 3.5.1
sgi irix 6.5
mit kerberos_5 1.1
freebsd freebsd 3.1
netbsd netbsd 1.3.2
openbsd openbsd 2.5
openbsd openbsd 2.3
freebsd freebsd 2.1.5
ibm aix 4.3.2
sun sunos 5.7
sun sunos 5.8
netkit linux_netkit 0.11
freebsd freebsd 2.2.6
freebsd freebsd 2.0.5
openbsd openbsd 2.6
sun sunos 5.5
freebsd freebsd 2.2.7
freebsd freebsd 4.1
debian debian_linux 2.2
freebsd freebsd 2.0.1
openbsd openbsd 2.4
mit kerberos_5 1.1.1
netbsd netbsd 1.3.3
sun sunos 5.1
netbsd netbsd 1.2.1
freebsd freebsd 2.2.1
openbsd openbsd 2.8
netbsd netbsd 1.4.3
mit kerberos_5 1.2.2
netbsd netbsd 1.3.1
freebsd freebsd 3.0
freebsd freebsd 2.1.6.1
netkit linux_netkit 0.10
freebsd freebsd 2.1
openbsd openbsd 2.7
netbsd netbsd 1.0
freebsd freebsd 3.2
ibm aix 4.3
freebsd freebsd 3.5
sun sunos 5.5.1
netbsd netbsd 1.1
freebsd freebsd 2.2.5
freebsd freebsd 2.2
mit kerberos_5 1.2
ibm aix 4.3.3
netkit linux_netkit 0.12
freebsd freebsd 2.2.4
freebsd freebsd 2.0
freebsd freebsd 2.1.7
freebsd freebsd 4.2
sun sunos 5.4
freebsd freebsd 3.4
openbsd openbsd 2.0
mit kerberos_5 1.2.1
freebsd freebsd 3.3
freebsd freebsd 2.1.0
ibm aix 5.1
mit kerberos 1.0
openbsd openbsd 2.2
freebsd freebsd 2.2.2
freebsd freebsd 4.0
netbsd netbsd 1.5
freebsd freebsd 4.1.1
ibm aix 4.3.1
CVE-2001-0670 HIGH

Buffer overflow in BSD line printer daemon (in.lpd or lpd) in various BSD-based operating systems allows remote attackers to execute arbitrary code via an incomplete print job followed by a request to display the printer queue.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
bsd bsd *
openbsd openbsd *
freebsd freebsd *
netbsd netbsd *
CVE-2001-0710 MEDIUM

NetBSD 1.5 and earlier and FreeBSD 4.3 and earlier allows a remote attacker to cause a denial of service by sending a large number of IP fragments to the machine, exhausting the mbuf pool.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
freebsd freebsd *
netbsd netbsd *
CVE-2001-0796 MEDIUM

SGI IRIX 6.5 through 6.5.12f and possibly earlier versions, and FreeBSD 3.0, allows remote attackers to cause a denial of service via a malformed IGMP multicast packet with a small response delay.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
sgi irix *
freebsd freebsd 3.0
sgi irix 6.5
CVE-2001-0969 HIGH

ipfw in FreeBSD does not properly handle the use of "me" in its rules when point to point interfaces are used, which causes ipfw to allow connections from arbitrary remote hosts.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
freebsd freebsd 4.3
CVE-2001-1017 HIGH

rmuser utility in FreeBSD 4.2 and 4.3 creates a copy of the master.passwd file with world-readable permissions while updating the original file, which could allow local users to gain privileges by reading the copied file while rmuser is running, obtain the password hashes, and crack the passwords.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
freebsd freebsd 4.3
freebsd freebsd 4.2
CVE-2001-1029 LOW

libutil in OpenSSH on FreeBSD 4.4 and earlier does not drop privileges before verifying the capabilities for reading the copyright and welcome files, which allows local users to bypass the capabilities checks and read arbitrary files by specifying alternate copyright or welcome files.

CVSS 2.0

Severity: LOW

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
freebsd freebsd *
openbsd openssh 4.5
CVE-2001-1034 HIGH

Format string vulnerability in Hylafax on FreeBSD allows local users to execute arbitrary code via format specifiers in the -h hostname argument for (1) faxrm or (2) faxalter.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
freebsd freebsd 4.4
CVE-2001-1145 MEDIUM

fts routines in FreeBSD 4.3 and earlier, NetBSD before 1.5.2, and OpenBSD 2.9 and earlier can be forced to change (chdir) into a different directory than intended when the directory above the current directory is moved, which could cause scripts to perform dangerous actions on the wrong directories.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
freebsd freebsd 4.3
openbsd openbsd *
netbsd netbsd 1.5.1
netbsd netbsd 1.5
CVE-2001-1155 HIGH

TCP Wrappers (tcp_wrappers) in FreeBSD 4.1.1 through 4.3 with the PARANOID ACL option enabled does not properly check the result of a reverse DNS lookup, which could allow remote attackers to bypass intended access restrictions via DNS spoofing.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-863,

Products Affected

Vendor Product Version
freebsd freebsd *
CVE-2001-1166 MEDIUM

linprocfs on FreeBSD 4.3 and earlier does not properly restrict access to kernel memory, which allows one process with debugging rights on a privileged process to read restricted memory from that process.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
freebsd freebsd 4.3
freebsd freebsd 4.0
freebsd freebsd 4.2
freebsd freebsd 4.1
CVE-2001-1180 HIGH

FreeBSD 4.3 does not properly clear shared signal handlers when executing a process, which allows local users to gain privileges by calling rfork with a shared signal handler, having the child process execute a setuid program, and sending a signal to the child.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
freebsd freebsd 4.3
freebsd freebsd 4.0
freebsd freebsd 4.2
freebsd freebsd 4.1
CVE-2001-1185 MEDIUM

Some AIO operations in FreeBSD 4.4 may be delayed until after a call to execve, which could allow a local user to overwrite memory of the new process and gain privileges.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
freebsd freebsd 4.4
CVE-2001-1244 MEDIUM

Multiple TCP implementations could allow remote attackers to cause a denial of service (bandwidth and CPU exhaustion) by setting the maximum segment size (MSS) to a very small number and requesting large amounts of data, which generates more packets with less TCP-level data that amplify network traffic and consume more server CPU to process.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
hp hp-ux 11.00
freebsd freebsd 4.3
sun sunos 5.5.1
netbsd netbsd 1.5.1
openbsd openbsd 2.8
linux linux_kernel 2.4.3
linux linux_kernel 2.4.0
linux linux_kernel 2.4.2
hp hp-ux 11.11
microsoft windows_nt 4.0
linux linux_kernel 2.4.1
linux linux_kernel 2.4.5
sun sunos 5.7
sun sunos 5.8
hp vvos 11.04
netbsd netbsd 1.5
linux linux_kernel 2.4.4
openbsd openbsd 2.9
microsoft windows_2000 *
hp hp-ux 11.0.4
CVE-2002-0004 HIGH

Heap corruption vulnerability in the "at" program allows local users to execute arbitrary code via a malformed execution time, which causes at to free the same memory twice.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
freebsd freebsd 4.3
freebsd freebsd 4.4
suse suse_linux 7.0
freebsd freebsd 4.2
caldera openlinux_workstation 3.1
mandrakesoft mandrake_linux 8.0
redhat linux 7.2
mandrakesoft mandrake_linux 8.1
netbsd netbsd 1.5.2
suse suse_linux 6.4
suse suse_linux 7.3
redhat linux 7.0
caldera openlinux_server 3.1
redhat linux 7.1
slackware slackware_linux 8.0
slackware slackware_linux 7.1
slackware slackware_linux 7.0
suse suse_linux 7.1
suse suse_linux 7.2
freebsd freebsd 4.1.1
debian debian_linux 2.2
redhat linux 6.2
CVE-2002-0062 HIGH

Buffer overflow in ncurses 5.0, and the ncurses4 compatibility package as used in Red Hat Linux, allows local users to gain privileges, related to "routines for moving the physical cursor and scrolling."

CVSS 2.0

Severity: HIGH

Problem Type: CWE-120,

Products Affected

Vendor Product Version
freebsd freebsd 3.5
gnu ncurses *
suse suse_linux 7.0
freebsd freebsd 5.0
redhat linux 7.2
freebsd freebsd 3.4
freebsd freebsd 3.5.1
freebsd freebsd 3.3
freebsd freebsd 3.1
redhat linux 7.0
freebsd freebsd 4.0
redhat linux 7.1
redhat linux 6.1
freebsd freebsd 4.1.1
freebsd freebsd 3.2
freebsd freebsd 4.1
debian debian_linux 2.2
suse suse_linux 6.2
suse suse_linux 6.3
CVE-2002-0381 MEDIUM

The TCP implementation in various BSD operating systems (tcp_input.c) does not properly block connections to broadcast addresses, which could allow remote attackers to bypass intended filters via packets with a unicast link layer address and an IP broadcast address.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
openbsd openbsd *
freebsd freebsd *
netbsd netbsd 2.0.4
CVE-2002-0391 HIGH

Integer overflow in xdr_array function in RPC servers for operating systems that use libc, glibc, or other code based on SunRPC including dietlibc, allows remote attackers to execute arbitrary code by passing a large number of arguments to xdr_array through RPC services such as rpc.cmsd and dmispd.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-190,CWE-190,

Products Affected

Vendor Product Version
sun solaris 9.0
sun sunos 5.5.1
microsoft windows_nt 4.0
freebsd freebsd *
openbsd openbsd 3.1
sun sunos 5.7
sun solaris 2.6
sun sunos 5.8
microsoft windows_xp -
microsoft windows_2000 -
CVE-2002-0414 HIGH

KAME-derived implementations of IPsec on NetBSD 1.5.2, FreeBSD 4.5, and other operating systems, does not properly consult the Security Policy Database (SPD), which could cause a Security Gateway (SG) that does not use Encapsulating Security Payload (ESP) to forward forged IPv4 packets.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
freebsd freebsd 4.3
freebsd freebsd 4.4
netbsd netbsd 1.5.1
freebsd freebsd 4.2
openbsd openbsd 2.6
openbsd openbsd 2.7
netbsd netbsd 1.5
freebsd freebsd 4.5
netbsd netbsd 1.5.2
CVE-2002-0518 MEDIUM

The SYN cache (syncache) and SYN cookie (syncookie) mechanism in FreeBSD 4.5 and earlier allows remote attackers to cause a denial of service (crash) (1) via a SYN packet that is accepted using syncookies that causes a null pointer to be referenced for the socket's TCP options, or (2) by killing and restarting a process that listens on the same socket, which does not properly clear the old inpcb pointer on restart.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
freebsd freebsd 4.5
CVE-2002-0572 HIGH

FreeBSD 4.5 and earlier, and possibly other BSD-based operating systems, allows local users to write to or read from restricted files by closing the file descriptors 0 (standard input), 1 (standard output), or 2 (standard error), which may then be reused by a called setuid process that intended to perform I/O on normal files.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
freebsd freebsd 4.4
sun sunos 5.5.1
openbsd openbsd 2.1
sun solaris 8.0
sun solaris 2.5.1
sun solaris 2.6
openbsd openbsd 2.0
sun sunos -
openbsd openbsd 2.2
openbsd openbsd 2.3
sun sunos 5.7
sun sunos 5.8
sun solaris 7.0
freebsd freebsd 4.5
CVE-2002-0574 MEDIUM

Memory leak in FreeBSD 4.5 and earlier allows remote attackers to cause a denial of service (memory exhaustion) via ICMP echo packets that trigger a bug in ip_output() in which the reference count for a routing table entry is not decremented, which prevents the entry from being removed.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-401,

Products Affected

Vendor Product Version
freebsd freebsd *
CVE-2002-0666 MEDIUM

IPSEC implementations including (1) FreeS/WAN and (2) KAME do not properly calculate the length of authentication data, which allows remote attackers to cause a denial of service (kernel panic) via spoofed, short Encapsulating Security Payload (ESP) packets, which result in integer signedness errors.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
frees_wan frees_wan 1.9.6
global_technology_associates gnat_box_firmware 3.2
nec ix1011 *
frees_wan frees_wan 1.9.4
apple mac_os_x 10.2
apple mac_os_x_server 10.2
frees_wan frees_wan 1.9.3
global_technology_associates gnat_box_firmware 3.1
nec ix2010 *
freebsd freebsd 4.6
netbsd netbsd 1.5.1
global_technology_associates gnat_box_firmware 3.3
frees_wan frees_wan 1.9.2
nec ix1010 *
nec ix1020 *
netbsd netbsd 1.6
netbsd netbsd 1.5.3
frees_wan frees_wan 1.9.5
netbsd netbsd 1.5.2
frees_wan frees_wan 1.9
nec ix1050 *
frees_wan frees_wan 1.9.1
netbsd netbsd 1.5
nec bluefire_ix1035_router *
CVE-2002-0701 LOW

ktrace in BSD-based operating systems allows the owner of a process with special privileges to trace the process after its privileges have been lowered, which may allow the owner to obtain sensitive information that the process obtained while it was running with the extra privileges.

CVSS 2.0

Severity: LOW

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
openbsd openbsd *
freebsd freebsd 6.2
CVE-2002-0754 HIGH

Kerberos 5 su (k5su) in FreeBSD 4.4 and earlier relies on the getlogin system call to determine if the user running k5su is root, which could allow a root-initiated process to regain its privileges after it has dropped them.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
freebsd freebsd 4.3
kth heimdal 0.4e
freebsd freebsd 4.4
freebsd freebsd 4.0
freebsd freebsd 4.2
freebsd heimdal 0.4e
freebsd freebsd 4.1.1
freebsd freebsd 4.1
CVE-2002-0755 HIGH

Kerberos 5 su (k5su) in FreeBSD 4.5 and earlier does not verify that a user is a member of the wheel group before granting superuser privileges, which could allow unauthorized users to execute commands as root.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
freebsd freebsd 4.4
freebsd freebsd 4.5
CVE-2002-0794 MEDIUM

The accept_filter mechanism in FreeBSD 4 through 4.5 does not properly remove entries from the incomplete listen queue when adding a syncache, which allows remote attackers to cause a denial of service (network service availability) via a large number of connection attempts, which fills the queue.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
freebsd freebsd 4.5
CVE-2002-0795 LOW

The rc system startup script for FreeBSD 4 through 4.5 allows local users to delete arbitrary files via a symlink attack on X Windows lock files.

CVSS 2.0

Severity: LOW

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
freebsd freebsd 4.5
CVE-2002-0820 HIGH

FreeBSD kernel 4.6 and earlier closes the file descriptors 0, 1, and 2 after they have already been assigned to /dev/null when the descriptors reference procfs or linprocfs, which could allow local users to reuse the file descriptors in a setuid or setgid program to modify critical data and gain privileges.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
freebsd freebsd 4.6
CVE-2002-0824 MEDIUM

BSD pppd allows local users to change the permissions of arbitrary files via a symlink attack on a file that is specified as a tty device.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-59,

Products Affected

Vendor Product Version
freebsd point-to-point_protocol_daemon -
CVE-2002-0829 MEDIUM

Integer overflow in the Berkeley Fast File System (FFS) in FreeBSD 4.6.1 RELEASE-p4 and earlier allows local users to access arbitrary file contents within FFS to gain privileges by creating a file that is larger than allowed by the virtual memory system.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
freebsd freebsd *
CVE-2002-0830 MEDIUM

Network File System (NFS) in FreeBSD 4.6.1 RELEASE-p7 and earlier, NetBSD 1.5.3 and earlier, and possibly other operating systems, allows remote attackers to cause a denial of service (hang) via an RPC message with a zero length payload, which causes NFS to reference a previous payload and enter an infinite loop.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
freebsd freebsd *
CVE-2002-0831 LOW

The kqueue mechanism in FreeBSD 4.3 through 4.6 STABLE allows local users to cause a denial of service (kernel panic) via a pipe call in which one end is terminated and an EVFILT_WRITE filter is registered for the other end.

CVSS 2.0

Severity: LOW

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
freebsd freebsd 4.3
freebsd freebsd 4.4
freebsd freebsd 4.6
freebsd freebsd 4.5
CVE-2002-0973 MEDIUM

Integer signedness error in several system calls for FreeBSD 4.6.1 RELEASE-p10 and earlier may allow attackers to access sensitive kernel memory via large negative values to the (1) accept, (2) getsockname, and (3) getpeername system calls, and the (4) vesa FBIO_GETPALETTE ioctl.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
freebsd freebsd 4.3
freebsd freebsd 4.4
freebsd freebsd 4.6
freebsd freebsd 4.0
freebsd freebsd 4.6.1
freebsd freebsd 4.2
freebsd freebsd 4.1.1
freebsd freebsd 4.1
freebsd freebsd 4.5
CVE-2002-1125 LOW

FreeBSD port programs that use libkvm for FreeBSD 4.6.2-RELEASE and earlier, including (1) asmon, (2) ascpu, (3) bubblemon, (4) wmmon, and (5) wmnet2, leave open file descriptors for /dev/mem and /dev/kmem, which allows local users to read kernel memory.

CVSS 2.0

Severity: LOW

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
freebsd freebsd 4.3
freebsd freebsd 4.4
freebsd freebsd 4.6
freebsd freebsd 4.2
freebsd freebsd 4.5
CVE-2002-1219 HIGH

Buffer overflow in named in BIND 4 versions 4.9.10 and earlier, and 8 versions 8.3.3 and earlier, allows remote attackers to execute arbitrary code via a certain DNS server response containing SIG resource records (RR).

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
isc bind 8.2.2
freebsd freebsd 4.4
isc bind 4.9.10
isc bind 8.2.4
isc bind 8.3.1
isc bind 8.2.5
openbsd openbsd 3.1
isc bind 8.2.3
isc bind 8.2.6
isc bind 8.2
isc bind 4.9.6
isc bind 8.3.2
isc bind 4.9.9
isc bind 8.3.0
freebsd freebsd 4.6
freebsd freebsd 4.7
isc bind 8.3.3
openbsd openbsd 3.2
isc bind 8.2.1
isc bind 4.9.8
isc bind 4.9.7
openbsd openbsd 3.0
isc bind 4.9.5
freebsd freebsd 4.5
CVE-2002-1220 MEDIUM

BIND 8.3.x through 8.3.3 allows remote attackers to cause a denial of service (termination due to assertion failure) via a request for a subdomain that does not exist, with an OPT resource record with a large UDP payload size.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
openbsd openbsd 3.2
isc bind 8.3.0
freebsd freebsd 4.4
freebsd freebsd 4.6
freebsd freebsd 4.7
isc bind 8.3.1
openbsd openbsd 3.1
openbsd openbsd 3.0
isc bind 8.3.2
freebsd freebsd 4.5
isc bind 8.3.3
CVE-2002-1221 MEDIUM

BIND 8.x through 8.3.3 allows remote attackers to cause a denial of service (crash) via SIG RR elements with invalid expiry times, which are removed from the internal BIND database and later cause a null dereference.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
isc bind 8.2.2
isc bind 8.3.0
freebsd freebsd 4.4
freebsd freebsd 4.6
freebsd freebsd 4.7
isc bind 8.2.4
isc bind 8.3.1
isc bind 8.2.5
openbsd openbsd 3.1
isc bind 8.1
isc bind 8.1.2
isc bind 8.2.3
isc bind 8.3.3
openbsd openbsd 3.2
isc bind 8.2.6
isc bind 8.2
isc bind 8.2.1
isc bind 8.1.1
openbsd openbsd 3.0
isc bind 8.3.2
freebsd freebsd 4.5
CVE-2002-1667 LOW

The virtual memory management system in FreeBSD 4.5-RELEASE and earlier does not properly check the existence of a VM object during page invalidation, which allows local users to cause a denial of service (crash) by calling msync on an unaccessed memory map created with MAP_ANON and MAP_NOSYNC flags.

CVSS 2.0

Severity: LOW

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
freebsd freebsd 4.5
CVE-2002-1669 LOW

pkg_add in FreeBSD 4.2 through 4.4 creates a temporary directory with world-searchable permissions, which may allow local users to modify world-writable parts of the package during installation.

CVSS 2.0

Severity: LOW

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
freebsd freebsd 4.3
freebsd freebsd 4.4
freebsd freebsd 4.2
CVE-2002-1674 LOW

procfs on FreeBSD before 4.5 allows local users to cause a denial of service (kernel panic) by removing a file that the fstatfs function refers to.

CVSS 2.0

Severity: LOW

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
freebsd freebsd 4.3
freebsd freebsd 4.4
freebsd freebsd 4.2
freebsd freebsd 4.1.1
freebsd freebsd 4.1
freebsd freebsd 4.5
CVE-2002-1915 LOW

tip on multiple BSD-based operating systems allows local users to cause a denial of service (execution prevention) by using flock() to lock the /var/log/acculog file.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 1.8 3.6

CVSS 2.0

Severity: LOW

Problem Type: CWE-667,

Products Affected

Vendor Product Version
openbsd openbsd 2.4
freebsd freebsd 4.3
freebsd freebsd 4.4
netbsd netbsd 1.3.3
netbsd netbsd 1.2.1
openbsd openbsd 2.8
openbsd openbsd 3.1
freebsd freebsd 5.0
netbsd netbsd 1.4.3
netbsd netbsd 1.4.2
netbsd netbsd 1.3.1
openbsd openbsd 2.7
netbsd netbsd 1.0
freebsd freebsd 3.5
freebsd freebsd 4.6
netbsd netbsd 1.1
openbsd openbsd 2.1
netbsd netbsd 1.2
netbsd netbsd 1.5.1
netbsd netbsd 1.3
netbsd netbsd 1.4
freebsd freebsd 4.2
netbsd netbsd 1.4.1
openbsd openbsd 2.0
freebsd freebsd 3.5.1
netbsd netbsd 1.5.2
openbsd openbsd 2.2
netbsd netbsd 1.3.2
openbsd openbsd 2.5
openbsd openbsd 2.3
freebsd freebsd 4.0
openbsd openbsd 3.0
openbsd openbsd 2.6
netbsd netbsd 1.5
freebsd freebsd 4.1.1
openbsd openbsd 2.9
freebsd freebsd 4.1
freebsd freebsd 4.5
CVE-2002-2092 LOW

Race condition in exec in OpenBSD 4.0 and earlier, NetBSD 1.5.2 and earlier, and FreeBSD 4.4 and earlier allows local users to gain privileges by attaching a debugger to a process before the kernel has determined that the process is setuid or setgid.

CVSS 2.0

Severity: LOW

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
openbsd openbsd 2.4
freebsd freebsd 4.3
freebsd freebsd 4.4
netbsd netbsd 1.3.3
openbsd openbsd 2.8
netbsd netbsd 1.4.3
netbsd netbsd 1.4.2
netbsd netbsd 1.3.1
freebsd freebsd 3.0
openbsd openbsd 2.7
freebsd freebsd 3.2
freebsd freebsd 3.5
freebsd freebsd 2.2.5
openbsd openbsd 2.1
netbsd netbsd 1.5.1
freebsd freebsd 2.2
freebsd freebsd 2.2.8
netbsd netbsd 1.3
freebsd freebsd 2.2.4
netbsd netbsd 1.4
freebsd freebsd 2.0
freebsd freebsd 4.2
freebsd freebsd 3.4
freebsd freebsd 2.2.3
netbsd netbsd 1.4.1
openbsd openbsd 2.0
freebsd freebsd 3.5.1
freebsd freebsd 3.3
freebsd freebsd 2.1.0
netbsd netbsd 1.5.2
freebsd freebsd 3.1
openbsd openbsd 2.2
netbsd netbsd 1.3.2
openbsd openbsd 2.5
openbsd openbsd 2.3
freebsd freebsd 2.2.2
freebsd freebsd 4.0
openbsd openbsd 3.0
freebsd freebsd 2.2.6
openbsd openbsd 2.6
netbsd netbsd 1.5
freebsd freebsd 4.1.1
openbsd openbsd 2.9
freebsd freebsd 4.1
CVE-2002-2199 MEDIUM

The default aide.conf file in Advanced Intrusion Detection Environment (AIDE) before 0.7_1 on FreeBSD before 2002-08-28 does not properly check subdirectories, which could allow local users to bypass detection.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
freebsd advanced_intrusion_detection_environment *
CVE-2002-2222 MEDIUM

isakmpd/message.c in isakmpd in FreeBSD before isakmpd-20020403_1, and in OpenBSD 3.1, allows remote attackers to cause a denial of service (crash) by sending Internet Key Exchange (IKE) payloads out of sequence.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
openbsd openbsd 3.1
freebsd ports_collection *
CVE-2003-0001 MEDIUM

Multiple ethernet Network Interface Card (NIC) device drivers do not pad frames with null bytes, which allows remote attackers to obtain information from previous packets or kernel memory by using malformed packets, as demonstrated by Etherleak.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-200,

Products Affected

Vendor Product Version
freebsd freebsd 4.3
freebsd freebsd 4.4
linux linux_kernel 2.4.6
linux linux_kernel 2.4.20
linux linux_kernel 2.4.10
linux linux_kernel 2.4.3
linux linux_kernel 2.4.13
linux linux_kernel 2.4.5
microsoft windows_2000_terminal_services *
linux linux_kernel 2.4.7
microsoft windows_2000 *
linux linux_kernel 2.4.16
linux linux_kernel 2.4.9
linux linux_kernel 2.4.18
freebsd freebsd 4.6
freebsd freebsd 4.7
linux linux_kernel 2.4.11
netbsd netbsd 1.5.1
linux linux_kernel 2.4.17
freebsd freebsd 4.2
linux linux_kernel 2.4.12
netbsd netbsd 1.6
netbsd netbsd 1.5.3
netbsd netbsd 1.5.2
linux linux_kernel 2.4.2
linux linux_kernel 2.4.14
linux linux_kernel 2.4.1
linux linux_kernel 2.4.19
linux linux_kernel 2.4.8
netbsd netbsd 1.5
linux linux_kernel 2.4.4
linux linux_kernel 2.4.15
freebsd freebsd 4.5
CVE-2003-0015 HIGH

Double-free vulnerability in CVS 1.11.4 and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary code via a malformed Directory request, as demonstrated by bypassing write checks to execute Update-prog and Checkin-prog commands.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-415,

Products Affected

Vendor Product Version
freebsd freebsd 4.4
freebsd freebsd 4.6
freebsd freebsd 4.7
cvs cvs 1.11.3
cvs cvs 1.11
freebsd freebsd 5.0
cvs cvs 1.11.1p1
cvs cvs 1.10.7
cvs cvs 1.11.2
cvs cvs 1.10.8
cvs cvs 1.11.4
cvs cvs 1.11.1
freebsd freebsd 4.5
CVE-2003-0028 HIGH

Integer overflow in the xdrmem_getbytes() function, and possibly other functions, of XDR (external data representation) libraries derived from SunRPC, including libnsl, libc, glibc, and dietlibc, allows remote attackers to execute arbitrary code via certain integer values in length fields, a different vulnerability than CVE-2002-0391.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
cray unicos 8.3
sgi irix 6.5.3
sgi irix 6.5.18m
sgi irix 6.5.15
cray unicos 6.0
sun solaris 2.6
mit kerberos_5 1.2.4
gnu glibc 2.2.2
openafs openafs 1.2.4
openafs openafs 1.2.6
sgi irix 6.5.8m
mit kerberos_5 1.2.3
cray unicos 8.0
sgi irix 6.5.11
hp hp-ux 11.00
freebsd freebsd 4.6
openbsd openbsd 2.1
sgi irix 6.5.13
gnu glibc 2.2.5
sgi irix 6.5.5f
openafs openafs 1.1
sgi irix 6.5
sgi irix 6.5.12f
gnu glibc 2.1.1
openbsd openbsd 3.2
sgi irix 6.5.11f
sgi irix 6.5.3f
sun sunos 5.7
sun sunos 5.8
cray unicos 9.0
openbsd openbsd 2.9
sgi irix 6.5.6m
sgi irix 6.5.7
gnu glibc 2.3.2
sgi irix 6.5.14
mit kerberos_5 1.2.2
sgi irix 6.5.10
hp hp-ux 10.20
ibm aix 5.2
cray unicos 9.0.2.5
sgi irix 6.5.10f
hp hp-ux_series_800 10.20
sgi irix 6.5.19
sgi irix 6.5.9m
sgi irix 6.5.10m
sgi irix 6.5.16m
sgi irix 6.5.17m
sgi irix 6.5.3m
freebsd freebsd 4.7
mit kerberos_5 1.2.5
sun solaris 8.0
openafs openafs 1.2.2
ibm aix 4.3.3
hp hp-ux_series_700 10.20
sgi irix 6.5.5m
openbsd openbsd 2.0
sun sunos -
mit kerberos_5 1.2.1
ibm aix 5.1
sgi irix 6.5.9f
sgi irix 6.5.18
cray unicos 7.0
hp hp-ux 11.20
cray unicos 9.2
gnu glibc 2.2.3
freebsd freebsd 4.0
gnu glibc 2.1
sgi irix 6.5.8f
sgi irix 6.5.4m
openafs openafs 1.3.1
sgi irix 6.5.8
freebsd freebsd 4.1.1
freebsd freebsd 4.3
openafs openafs 1.0.4
freebsd freebsd 4.4
openafs openafs 1.1.1a
sgi irix 6.5.4f
sgi irix 6.5.5
freebsd freebsd 5.0
sgi irix 6.5.2f
sgi irix 6.5.2
sgi irix 6.5.12
gnu glibc 2.2.1
sgi irix 6.5.2m
openafs openafs 1.2.5
sgi irix 6.5.14m
gnu glibc 2.3
sun solaris 7.0
sgi irix 6.5.4
sun solaris 9.0
sgi irix 6.5.15m
cray unicos 6.1
openafs openafs 1.2.3
sgi irix 6.5.7m
gnu glibc 2.2.4
hp hp-ux 10.24
sgi irix 6.5.9
sgi irix 6.5.13m
cray unicos 9.2.4
openbsd openbsd 2.5
openbsd openbsd 2.3
hp hp-ux 11.11
gnu glibc 2.1.2
cray unicos 6.0e
gnu glibc 2.1.3
openbsd openbsd 3.0
openafs openafs 1.3
openafs openafs 1.0
openbsd openbsd 2.6
openafs openafs 1.0.3
openafs openafs 1.2.2b
freebsd freebsd 4.1
sgi irix 6.5.6
openbsd openbsd 2.4
sgi irix 6.5.20
sun solaris 2.5.1
openafs openafs 1.2
openbsd openbsd 2.8
hp hp-ux 11.22
openbsd openbsd 3.1
openafs openafs 1.1.1
sgi irix 6.5.13f
sgi irix 6.5.7f
sgi irix 6.5.6f
openbsd openbsd 2.7
openafs openafs 1.0.1
openafs openafs 1.2.2a
sun sunos 5.5.1
openafs openafs 1.0.2
sgi irix 6.5.17f
gnu glibc 2.3.1
mit kerberos_5 1.2
mit kerberos_5 1.2.7
freebsd freebsd 4.2
openafs openafs 1.3.2
sgi irix 6.5.16
sgi irix 6.5.14f
sgi irix 6.5.12m
openafs openafs 1.2.1
sgi irix 6.5.1
sgi irix 6.5.18f
sgi irix 6.5.17
sgi irix 6.5.15f
openbsd openbsd 2.2
openafs openafs 1.0.4a
sgi irix 6.5.16f
freebsd freebsd 4.6.2
mit kerberos_5 1.2.6
freebsd freebsd 4.5
hp hp-ux 11.04
gnu glibc 2.2
sgi irix 6.5.11m
CVE-2003-0078 MEDIUM

ssl3_get_record in s3_pkt.c for OpenSSL before 0.9.7a and 0.9.6 before 0.9.6i does not perform a MAC computation if an incorrect block cipher padding is used, which causes an information leak (timing discrepancy) that may make it easier to launch cryptographic attacks that rely on distinguishing between padding and MAC verification errors, possibly leading to extraction of the original plaintext, aka the "Vaudenay timing attack."

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-203,

Products Affected

Vendor Product Version
freebsd freebsd 4.3
freebsd freebsd 4.4
freebsd freebsd 4.6
freebsd freebsd 4.7
openbsd openbsd 3.1
freebsd freebsd 5.0
freebsd freebsd 4.2
openssl openssl *
openbsd openbsd 3.2
openssl openssl 0.9.6i
freebsd freebsd 4.5
openssl openssl 0.9.7
CVE-2003-0144 HIGH

Buffer overflow in the lprm command in the lprold lpr package on SuSE 7.1 through 7.3, OpenBSD 3.2 and earlier, and possibly other operating systems, allows local users to gain root privileges via long command line arguments such as (1) request ID or (2) user name.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
openbsd openbsd 2.4
freebsd freebsd 2.2.5
openbsd openbsd 2.1
freebsd freebsd 2.2
openbsd openbsd 2.8
freebsd freebsd 2.2.4
openbsd openbsd 3.1
lprold lprold 3.0.48
freebsd freebsd 2.2.3
openbsd openbsd 2.0
openbsd openbsd 3.2
openbsd openbsd 2.2
openbsd openbsd 2.5
openbsd openbsd 2.3
freebsd freebsd 2.2.2
openbsd openbsd 3.0
freebsd freebsd 2.2.6
bsd lpr 0.48
openbsd openbsd 2.6
openbsd openbsd 2.7
openbsd openbsd 2.9
bsd lpr 2000-05-07
CVE-2003-0466 HIGH

Off-by-one error in the fb_realpath() function, as derived from the realpath function in BSD, may allow attackers to execute arbitrary code, as demonstrated in wu-ftpd 2.5.0 through 2.6.2 via commands that cause pathnames of length MAXPATHLEN+1 to trigger a buffer overflow, including (1) STOR, (2) RETR, (3) APPE, (4) DELE, (5) MKD, (6) RMD, (7) STOU, or (8) RNTO.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-193,

Products Affected

Vendor Product Version
sun solaris 9.0
openbsd openbsd *
wuftpd wu-ftpd *
redhat wu_ftpd 2.6.1-16
freebsd freebsd *
netbsd netbsd *
apple mac_os_x 10.2.6
apple mac_os_x_server 10.2.6
CVE-2003-0688 MEDIUM

The DNS map code in Sendmail 8.12.8 and earlier, when using the "enhdnsbl" feature, does not properly initialize certain data structures, which allows remote attackers to cause a denial of service (process crash) via an invalid DNS response that causes Sendmail to free incorrect data.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
redhat sendmail 8.12.5-7
freebsd freebsd 4.6
freebsd freebsd 4.7
compaq tru64 5.1
sgi irix 6.5.20
sendmail sendmail 8.12.4
freebsd freebsd 5.0
compaq tru64 5.0a
sendmail sendmail 8.12.5
sendmail sendmail 8.12.6
sendmail sendmail 8.12.8
openbsd openbsd 3.2
sendmail sendmail 8.12.2
sgi irix 6.5.21
sendmail sendmail 8.12.1
freebsd freebsd 4.8
sgi irix 6.5.19
redhat sendmail 8.12.8-4
sendmail sendmail 8.12.7
sendmail sendmail 8.12.3
CVE-2003-0694 HIGH

The prescan function in Sendmail 8.12.9 allows remote attackers to execute arbitrary code via buffer overflow attacks, as demonstrated using the parseaddr function in parseaddr.c.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
compaq tru64 4.0g
sgi irix 6.5.18m
sgi irix 6.5.15
sgi irix 6.5.19m
sendmail sendmail_switch 2.2.1
sun solaris 2.6
compaq tru64 4.0f_pk7_bl18
sgi irix 6.5.20f
compaq tru64 5.1a_pk5_bl23
sendmail sendmail 3.0
apple mac_os_x_server 10.2.3
sendmail advanced_message_server 1.3
sendmail sendmail_switch 2.1.1
compaq tru64 4.0g_pk4_bl22
hp hp-ux 11.00
freebsd freebsd 4.6
sendmail sendmail 8.9.0
turbolinux turbolinux_workstation 8.0
gentoo linux 1.2
sendmail sendmail 8.10.2
sendmail sendmail 8.12.1
sendmail sendmail_switch 3.0.1
netbsd netbsd 1.6.1
sun sunos 5.7
sun sunos 5.8
compaq tru64 4.0g_pk3_bl17
sendmail sendmail 8.11.1
sgi irix 6.5.20m
sendmail sendmail 8.11.3
compaq tru64 5.1_pk4_bl18
netbsd netbsd 1.4.3
compaq tru64 4.0f_pk6_bl17
apple mac_os_x_server 10.2.4
sendmail sendmail 2.6.1
sendmail sendmail 8.11.6
apple mac_os_x_server 10.2.5
freebsd freebsd 4.9
sendmail sendmail 8.12.2
sendmail sendmail_switch 2.1
ibm aix 5.2
turbolinux turbolinux_workstation 6.0
sgi irix 6.5.17m
gentoo linux 0.7
sendmail sendmail_pro 8.9.2
sendmail sendmail 3.0.1
sendmail sendmail_switch 3.0.2
freebsd freebsd 4.7
freebsd freebsd 5.1
sun solaris 8.0
sgi irix 6.5.19f
compaq tru64 4.0f_pk8_bl22
sendmail sendmail 8.12.4
ibm aix 4.3.3
gentoo linux 1.1a
netbsd netbsd 1.6
sendmail sendmail_switch 2.2
sun sunos -
sendmail sendmail 8.10
sendmail sendmail 8.8.8
compaq tru64 5.1_pk3_bl17
netbsd netbsd 1.5.2
ibm aix 5.1
sendmail sendmail 8.9.3
sgi irix 6.5.21m
sendmail sendmail_switch 2.1.2
compaq tru64 5.1a_pk2_bl2
freebsd freebsd 4.0
turbolinux turbolinux_advanced_server 6.0
apple mac_os_x 10.2.1
freebsd freebsd 4.8
sendmail sendmail 8.12.3
compaq tru64 4.0f
freebsd freebsd 4.3
freebsd freebsd 4.4
sendmail sendmail_pro 8.9.3
freebsd freebsd 5.0
gentoo linux 1.4
sendmail sendmail 8.12.8
compaq tru64 5.1a_pk3_bl3
turbolinux turbolinux_server 7.0
sendmail sendmail_switch 2.1.3
apple mac_os_x_server 10.2
sendmail sendmail 8.11.4
sendmail advanced_message_server 1.2
sendmail sendmail 3.0.2
sendmail sendmail_switch 2.2.5
sun solaris 7.0
apple mac_os_x_server 10.2.6
sun solaris 9.0
sendmail sendmail_switch 2.2.4
netbsd netbsd 1.5.1
compaq tru64 5.1
sendmail sendmail 8.9.1
sendmail sendmail_switch 2.2.3
sendmail sendmail 8.12.6
sgi irix 6.5.21f
apple mac_os_x_server 10.2.1
turbolinux turbolinux_server 6.5
sendmail sendmail 8.9.2
hp hp-ux 11.11
sendmail sendmail_switch 3.0
sendmail sendmail_switch 3.0.3
sendmail sendmail 2.6
compaq tru64 5.1b_pk2_bl22
compaq tru64 5.1_pk6_bl20
apple mac_os_x 10.2.5
sendmail sendmail 8.12.7
apple mac_os_x 10.2.4
sendmail sendmail_switch 2.1.4
apple mac_os_x_server 10.2.2
compaq tru64 5.1_pk5_bl19
hp hp-ux 11.22
sendmail sendmail_switch 2.2.2
compaq tru64 5.1b_pk1_bl1
sendmail sendmail 8.11.0
freebsd freebsd 3.0
sendmail sendmail 2.6.2
sendmail sendmail 8.10.1
sendmail sendmail 8.12.0
apple mac_os_x 10.2
compaq tru64 5.1b
sendmail sendmail 8.11.2
turbolinux turbolinux_server 8.0
turbolinux turbolinux_workstation 7.0
sgi irix 6.5.17f
sendmail sendmail 8.12.9
sendmail sendmail 8.11.5
sgi irix 6.5.16
netbsd netbsd 1.5.3
apple mac_os_x 10.2.6
sendmail sendmail 8.12.5
apple mac_os_x 10.2.3
gentoo linux 0.5
compaq tru64 5.1a_pk1_bl1
sgi irix 6.5.18f
sendmail sendmail 8.12
compaq tru64 5.1a_pk4_bl21
sendmail sendmail_switch 2.1.5
turbolinux turbolinux_server 6.1
netbsd netbsd 1.5
compaq tru64 5.1a
freebsd freebsd 4.5
sendmail sendmail 3.0.3
apple mac_os_x 10.2.2
hp hp-ux 11.0.4
CVE-2003-0804 MEDIUM

The arplookup function in FreeBSD 5.1 and earlier, Mac OS X before 10.2.8, and possibly other BSD-based systems, allows remote attackers on a local subnet to cause a denial of service (resource starvation and panic) via a flood of spoofed ARP requests.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
freebsd freebsd 4.3
freebsd freebsd 4.4
apple mac_os_x_server 10.2.2
apple mac_os_x 10.2.7
freebsd freebsd 5.0
apple mac_os_x_server 10.2.4
apple mac_os_x_server 10.2.5
apple mac_os_x 10.2
freebsd freebsd 4.9
apple mac_os_x_server 10.2
apple mac_os_x_server 10.2.3
apple mac_os_x_server 10.2.6
freebsd freebsd 4.6
freebsd freebsd 4.7
freebsd freebsd 5.1
freebsd freebsd 4.2
apple mac_os_x 10.2.6
apple mac_os_x 10.2.3
apple mac_os_x_server 10.2.1
openbsd openbsd 3.3
openbsd openbsd 3.2
freebsd freebsd 4.0
freebsd freebsd 4.6.2
apple mac_os_x 10.2.1
freebsd freebsd 4.8
openbsd openbsd 3.4
freebsd freebsd 4.1.1
apple mac_os_x_server 10.2.7
apple mac_os_x 10.2.5
freebsd freebsd 4.1
freebsd freebsd 4.5
apple mac_os_x 10.2.4
apple mac_os_x 10.2.2
CVE-2003-0914 MEDIUM

ISC BIND 8.3.x before 8.3.7, and 8.4.x before 8.4.3, allows remote attackers to poison the cache via a malicious name server that returns negative responses with a large TTL (time-to-live) value.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
freebsd freebsd 4.4
compaq tru64 4.0g
isc bind 8.2.4
isc bind 8.3.1
isc bind 8.3.6
freebsd freebsd 5.0
isc bind 8.4
compaq tru64 4.0f_pk7_bl18
compaq tru64 5.1a_pk3_bl3
isc bind 8.2.3
isc bind 8.2.6
compaq tru64 5.1a_pk5_bl23
isc bind 8.2.7
netbsd netbsd current
isc bind 8.3.2
sun solaris 7.0
compaq tru64 4.0g_pk4_bl22
hp hp-ux 11.00
sun solaris 9.0
isc bind 8.3.0
freebsd freebsd 4.6
sco unixware 7.1.1
compaq tru64 5.1
nixu namesurfer suite_3.0.1
hp hp-ux 11.11
netbsd netbsd 1.6.1
sun sunos 5.7
sun sunos 5.8
compaq tru64 4.0g_pk3_bl17
compaq tru64 5.1b_pk2_bl22
compaq tru64 5.1_pk6_bl20
compaq tru64 5.1_pk4_bl18
isc bind 8.4.1
compaq tru64 5.1_pk5_bl19
isc bind 8.2.5
compaq tru64 5.1b_pk1_bl1
compaq tru64 4.0f_pk6_bl17
freebsd freebsd 4.9
compaq tru64 5.1b
isc bind 8.3.4
isc bind 8.3.5
freebsd freebsd 4.7
sun solaris 8.0
compaq tru64 4.0f_pk8_bl22
ibm aix 5.1l
netbsd netbsd 1.6
compaq tru64 5.1_pk3_bl17
compaq tru64 5.1a_pk1_bl1
isc bind 8.3.3
compaq tru64 5.1a_pk4_bl21
nixu namesurfer standard_3.0.1
compaq tru64 5.1a_pk2_bl2
freebsd freebsd 4.6.2
freebsd freebsd 4.8
compaq tru64 5.1a
freebsd freebsd 4.5
compaq tru64 4.0f
CVE-2003-1234 LOW

Integer overflow in the f_count counter in FreeBSD before 4.2 through 5.0 allows local users to cause a denial of service (crash) and possibly execute arbitrary code via multiple calls to (1) fpathconf and (2) lseek, which do not properly decrement f_count through a call to fdrop.

CVSS 2.0

Severity: LOW

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
freebsd freebsd 4.3
freebsd freebsd 4.4
freebsd freebsd 2.1.7.1
freebsd freebsd 2.2.1
freebsd freebsd 5.0
freebsd freebsd 1.1.5.1
freebsd freebsd 2.1.6.1
freebsd freebsd 4.9
freebsd freebsd 4.11
freebsd freebsd 3.2
freebsd freebsd 3.5
freebsd freebsd 4.6
freebsd freebsd 4.7
freebsd freebsd 2.2.5
freebsd freebsd 2.2
freebsd freebsd 4.10
freebsd freebsd 2.2.8
freebsd freebsd 2.2.4
freebsd freebsd 2.1.6
freebsd freebsd 2.1.7
freebsd freebsd 4.2
freebsd freebsd 3.4
freebsd freebsd 2.2.3
freebsd freebsd 3.5.1
freebsd freebsd 3.3
freebsd freebsd 2.1.0
freebsd freebsd 3.1
freebsd freebsd 2.1.5
freebsd freebsd 2.2.2
freebsd freebsd 2.2.6
freebsd freebsd 2.2.7
freebsd freebsd 4.5
CVE-2003-1474 HIGH

slashem-tty in the FreeBSD Ports Collection is installed with write permissions for the games group, which allows local users with group games privileges to modify slashem-tty and execute arbitrary code as other users, as demonstrated using a separate vulnerability in LTris.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-264,

Products Affected

Vendor Product Version
freebsd slashem-tty 0.0.6e.4f.8
CVE-2004-0002 HIGH

The TCP MSS (maximum segment size) functionality in netinet allows remote attackers to cause a denial of service (resource exhaustion) via (1) a low MTU, which causes a large number of small packets to be produced, or (2) via a large number of packets with a small TCP payload, which cause a large number of calls to the resource-intensive sowakeup function.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
freebsd freebsd 4.3
freebsd freebsd 3.5
freebsd freebsd 4.4
freebsd freebsd 4.6
freebsd freebsd 4.7
freebsd freebsd 5.1
freebsd freebsd 5.0
freebsd freebsd 4.2
freebsd freebsd 3.4
freebsd freebsd 3.5.1
freebsd freebsd 3.0
freebsd freebsd 3.3
freebsd freebsd 3.1
freebsd freebsd 4.9
freebsd freebsd 4.0
freebsd freebsd 4.6.2
freebsd freebsd 4.8
freebsd freebsd 4.1.1
freebsd freebsd 3.2
freebsd freebsd 4.1
freebsd freebsd 5.2
freebsd freebsd 4.5
CVE-2004-0079 MEDIUM

The do_change_cipher_spec function in OpenSSL 0.9.6c to 0.9.6k, and 0.9.7a to 0.9.7c, allows remote attackers to cause a denial of service (crash) via a crafted SSL/TLS handshake that triggers a null dereference.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-476,CWE-476,

Products Affected

Vendor Product Version
stonesoft stonebeat_fullcluster 1_2.0
stonesoft stonegate_vpn_client 2.0.7
securecomputing sidewinder 5.2
lite speed_technologies_litespeed_web_server 1.1
securecomputing sidewinder 5.2.0.01
cisco ciscoworks_common_services 2.2
avaya sg5 4.4
cisco pix_firewall_software 6.3(3.109)
cisco webns 6.10_b4
cisco firewall_services_module 1.1_(3.005)
novell edirectory 8.0
hp wbem a.01.05.08
stonesoft stonegate_vpn_client 2.0.9
avaya s8500 r2.0.0
lite speed_technologies_litespeed_web_server 1.3
redhat enterprise_linux_desktop 3.0
hp apache-based_web_server 2.0.43.00
cisco access_registrar *
cisco firewall_services_module 1.1.2
stonesoft stonegate 2.1
openssl openssl 0.9.6d
redhat openssl 0.9.6b-3
openssl openssl 0.9.6h
stonesoft stonebeat_fullcluster 1_3.0
novell edirectory 8.5.12a
stonesoft stonebeat_webcluster 2.0
stonesoft stonegate 1.7
cisco webns 6.10
cisco pix_firewall_software 6.0(3)
lite speed_technologies_litespeed_web_server 1.3.1
novell edirectory 8.5.27
avaya sg208 *
bluecoat cacheos_ca_sa 4.1.12
cisco pix_firewall_software 6.1(1)
hp apache-based_web_server 2.0.43.04
cisco application_and_content_networking_software *
cisco ios 12.2sy
openssl openssl 0.9.6c
avaya s8300 r2.0.1
stonesoft stonegate 1.6.3
tarantella tarantella_enterprise 3.40
stonesoft stonegate 1.7.2
sgi propack 3.0
avaya vsu 500
openssl openssl 0.9.6j
securecomputing sidewinder 5.2.0.04
avaya vsu 5x
stonesoft stonegate 2.0.8
cisco pix_firewall_software 6.3(2)
lite speed_technologies_litespeed_web_server 1.1.1
hp hp-ux 8.05
stonesoft stonegate 1.5.18
stonesoft stonegate 1.5.17
redhat linux 7.3
cisco webns 7.1_0.2.06
cisco firewall_services_module 2.1_(0.208)
openbsd openbsd 3.3
neoteris instant_virtual_extranet 3.0
checkpoint firewall-1 2.0
neoteris instant_virtual_extranet 3.3
cisco css11000_content_services_switch *
stonesoft stonegate 2.2
avaya sg200 4.4
sgi propack 2.4
avaya intuity_audix 5.1.46
avaya vsu 5
novell edirectory 8.6.2
openssl openssl 0.9.6e
stonesoft stonebeat_fullcluster 3.0
avaya vsu 7500_r2.0.1
openssl openssl 0.9.6i
cisco webns 7.2_0.0.03
checkpoint firewall-1 next_generation_fp2
cisco pix_firewall_software 6.2(1)
stonesoft stonebeat_fullcluster 2.5
apple mac_os_x_server 10.3.3
cisco pix_firewall_software 6.1(3)
cisco pix_firewall_software 6.1(4)
avaya vsu 10000_r2.0.1
hp hp-ux 11.23
checkpoint vpn-1 next_generation_fp2
dell bsafe_ssl-j 3.0.1
openbsd openbsd 3.4
openssl openssl 0.9.7
sgi propack 2.3
checkpoint vpn-1 vsx_ng_with_application_intelligence
sun crypto_accelerator_4000 1.0
cisco ios 12.2za
cisco pix_firewall_software 6.3(3.102)
lite speed_technologies_litespeed_web_server 1.3_rc2
cisco firewall_services_module 1.1.3
bluecoat proxysg *
4d webstar 5.2.2
avaya vsu 100_r2.0.1
vmware gsx_server 2.0
cisco pix_firewall_software 6.1(5)
checkpoint firewall-1 next_generation_fp0
lite speed_technologies_litespeed_web_server 1.2.2
lite speed_technologies_litespeed_web_server 1.2_rc1
redhat openssl 0.9.6-15
cisco threat_response *
4d webstar 5.2
avaya intuity_audix *
cisco ios 12.1(11b)e14
securecomputing sidewinder 5.2.0.03
tarantella tarantella_enterprise 3.20
cisco pix_firewall_software 6.1
cisco ciscoworks_common_management_foundation 2.1
4d webstar 4.0
avaya sg5 4.3
redhat enterprise_linux 3.0
redhat linux 8.0
avaya s8300 r2.0.0
tarantella tarantella_enterprise 3.30
avaya s8700 r2.0.1
cisco ios 12.1(11b)e12
stonesoft stonebeat_securitycluster 2.5
cisco call_manager *
openssl openssl 0.9.6f
cisco gss_4490_global_site_selector *
lite speed_technologies_litespeed_web_server 1.0.2
avaya s8700 r2.0.0
stonesoft stonegate 2.0.5
avaya sg203 4.4
4d webstar 5.2.3
cisco pix_firewall_software 6.2(3.100)
cisco webns 7.1_0.1.02
freebsd freebsd 5.2
hp hp-ux 11.00
cisco firewall_services_module *
bluecoat cacheos_ca_sa 4.1.10
cisco ios 12.1(11b)e
lite speed_technologies_litespeed_web_server 1.2_rc2
redhat openssl 0.9.7a-2
cisco pix_firewall_software 6.2
cisco css_secure_content_accelerator 2.0
stonesoft stonegate_vpn_client 2.0
cisco pix_firewall_software 6.2(3)
checkpoint firewall-1 *
stonesoft stonebeat_securitycluster 2.0
cisco pix_firewall_software 6.0(4.101)
cisco secure_content_accelerator 10000
securecomputing sidewinder 5.2.1
cisco gss_4480_global_site_selector *
cisco ios 12.1(13)e9
openssl openssl 0.9.7a
4d webstar 5.3
redhat linux 7.2
cisco okena_stormwatch 3.2
neoteris instant_virtual_extranet 3.2
dell bsafe_ssl-j 3.0
freebsd freebsd 4.9
cisco webns 7.10_.0.06s
stonesoft stonegate_vpn_client 2.0.8
stonesoft stonegate_vpn_client 1.7
neoteris instant_virtual_extranet 3.1
hp aaa_server *
stonesoft stonegate 2.0.4
cisco pix_firewall_software 6.1(2)
vmware gsx_server 2.5.1_build_5336
freebsd freebsd 5.1
cisco pix_firewall_software 6.3
apple mac_os_x 10.3.3
checkpoint firewall-1 next_generation_fp1
cisco ios 12.2(14)sy
avaya sg203 4.31.29
4d webstar 5.2.4
cisco pix_firewall_software 6.2(2)
cisco pix_firewall 6.2.2_.111
avaya sg5 4.2
freebsd freebsd 4.8
cisco mds_9000 *
avaya intuity_audix s3210
hp wbem a.02.00.00
cisco pix_firewall_software 6.0(4)
lite speed_technologies_litespeed_web_server 1.3_rc1
cisco ios 12.1(11)e
novell edirectory 8.5
vmware gsx_server 2.5.1
cisco pix_firewall_software 6.0
cisco pix_firewall_software 6.0(2)
securecomputing sidewinder 5.2.1.02
avaya s8500 r2.0.1
novell imanager 2.0
stonesoft stonegate 2.0.1
avaya vsu 2000_r2.0.1
lite speed_technologies_litespeed_web_server 1.0.3
freebsd freebsd 5.2.1
cisco css_secure_content_accelerator 1.0
stonesoft servercluster 2.5.2
openssl openssl 0.9.7c
avaya sg208 4.4
dell bsafe_ssl-j 3.1
stonesoft stonegate 1.7.1
stonesoft stonebeat_fullcluster 2.0
4d webstar 5.2.1
cisco ios 12.2(14)sy1
avaya converged_communications_server 2.0
openssl openssl 0.9.7b
stonesoft stonegate 2.2.1
novell edirectory 8.7.1
cisco content_services_switch_11500 *
hp hp-ux 11.11
cisco ios 12.1(19)e1
novell edirectory 8.7
stonesoft stonegate_vpn_client 1.7.2
checkpoint vpn-1 next_generation_fp0
symantec clientless_vpn_gateway_4400 5.0
lite speed_technologies_litespeed_web_server 1.2.1
novell imanager 1.5
vmware gsx_server 2.0.1_build_2129
stonesoft stonegate 1.6.2
openssl openssl 0.9.6g
cisco pix_firewall_software 6.3(1)
avaya intuity_audix s3400
stonesoft stonebeat_webcluster 2.5
stonesoft servercluster 2.5
securecomputing sidewinder 5.2.0.02
checkpoint vpn-1 next_generation_fp1
cisco webns 7.10
lite speed_technologies_litespeed_web_server 1.3_rc3
stonesoft stonegate 2.0.6
sco openserver 5.0.7
stonesoft stonegate 2.2.4
avaya sg200 4.31.29
cisco pix_firewall_software 6.0(1)
sco openserver 5.0.6
hp wbem a.02.00.01
checkpoint provider-1 4.1
neoteris instant_virtual_extranet 3.3.1
4d webstar 5.3.1
stonesoft stonegate 2.0.9
openssl openssl 0.9.6k
lite speed_technologies_litespeed_web_server 1.0.1
stonesoft stonegate 2.0.7
vmware gsx_server 3.0_build_7592
avaya vsu 5000_r2.0.1
CVE-2004-0081 MEDIUM

OpenSSL 0.9.6 before 0.9.6d does not properly handle unknown message types, which allows remote attackers to cause a denial of service (infinite loop), as demonstrated using the Codenomicon TLS Test Tool.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
stonesoft stonebeat_fullcluster 1_2.0
stonesoft stonegate_vpn_client 2.0.7
securecomputing sidewinder 5.2
lite speed_technologies_litespeed_web_server 1.1
securecomputing sidewinder 5.2.0.01
cisco ciscoworks_common_services 2.2
avaya sg5 4.4
cisco pix_firewall_software 6.3(3.109)
cisco webns 6.10_b4
cisco firewall_services_module 1.1_(3.005)
novell edirectory 8.0
hp wbem a.01.05.08
stonesoft stonegate_vpn_client 2.0.9
avaya s8500 r2.0.0
lite speed_technologies_litespeed_web_server 1.3
redhat enterprise_linux_desktop 3.0
hp apache-based_web_server 2.0.43.00
cisco access_registrar *
cisco firewall_services_module 1.1.2
stonesoft stonegate 2.1
openssl openssl 0.9.6d
redhat openssl 0.9.6b-3
openssl openssl 0.9.6h
stonesoft stonebeat_fullcluster 1_3.0
novell edirectory 8.5.12a
stonesoft stonebeat_webcluster 2.0
stonesoft stonegate 1.7
cisco webns 6.10
cisco pix_firewall_software 6.0(3)
lite speed_technologies_litespeed_web_server 1.3.1
novell edirectory 8.5.27
avaya sg208 *
bluecoat cacheos_ca_sa 4.1.12
cisco pix_firewall_software 6.1(1)
hp apache-based_web_server 2.0.43.04
cisco application_and_content_networking_software *
cisco ios 12.2sy
openssl openssl 0.9.6c
avaya s8300 r2.0.1
stonesoft stonegate 1.6.3
tarantella tarantella_enterprise 3.40
stonesoft stonegate 1.7.2
sgi propack 3.0
avaya vsu 500
openssl openssl 0.9.6j
securecomputing sidewinder 5.2.0.04
avaya vsu 5x
stonesoft stonegate 2.0.8
cisco pix_firewall_software 6.3(2)
lite speed_technologies_litespeed_web_server 1.1.1
hp hp-ux 8.05
stonesoft stonegate 1.5.18
stonesoft stonegate 1.5.17
redhat linux 7.3
cisco webns 7.1_0.2.06
cisco firewall_services_module 2.1_(0.208)
openbsd openbsd 3.3
neoteris instant_virtual_extranet 3.0
checkpoint firewall-1 2.0
checkpoint vpn-1 next_generation
neoteris instant_virtual_extranet 3.3
cisco css11000_content_services_switch *
stonesoft stonegate 2.2
avaya sg200 4.4
sgi propack 2.4
avaya intuity_audix 5.1.46
avaya vsu 5
novell edirectory 8.6.2
openssl openssl 0.9.6e
stonesoft stonebeat_fullcluster 3.0
avaya vsu 7500_r2.0.1
openssl openssl 0.9.6i
cisco webns 7.2_0.0.03
checkpoint firewall-1 next_generation_fp2
cisco pix_firewall_software 6.2(1)
stonesoft stonebeat_fullcluster 2.5
apple mac_os_x_server 10.3.3
cisco pix_firewall_software 6.1(3)
cisco pix_firewall_software 6.1(4)
avaya vsu 10000_r2.0.1
hp hp-ux 11.23
dell bsafe_ssl-j 3.0.1
openbsd openbsd 3.4
openssl openssl 0.9.7
sgi propack 2.3
checkpoint vpn-1 vsx_ng_with_application_intelligence
sun crypto_accelerator_4000 1.0
cisco ios 12.2za
cisco pix_firewall_software 6.3(3.102)
lite speed_technologies_litespeed_web_server 1.3_rc2
cisco firewall_services_module 1.1.3
bluecoat proxysg *
4d webstar 5.2.2
avaya vsu 100_r2.0.1
vmware gsx_server 2.0
cisco pix_firewall_software 6.1(5)
checkpoint firewall-1 next_generation_fp0
lite speed_technologies_litespeed_web_server 1.2.2
lite speed_technologies_litespeed_web_server 1.2_rc1
redhat openssl 0.9.6-15
cisco threat_response *
4d webstar 5.2
avaya intuity_audix *
cisco ios 12.1(11b)e14
securecomputing sidewinder 5.2.0.03
tarantella tarantella_enterprise 3.20
cisco pix_firewall_software 6.1
cisco ciscoworks_common_management_foundation 2.1
4d webstar 4.0
avaya sg5 4.3
redhat enterprise_linux 3.0
redhat linux 8.0
avaya s8300 r2.0.0
tarantella tarantella_enterprise 3.30
avaya s8700 r2.0.1
cisco ios 12.1(11b)e12
stonesoft stonebeat_securitycluster 2.5
cisco call_manager *
openssl openssl 0.9.6f
cisco gss_4490_global_site_selector *
lite speed_technologies_litespeed_web_server 1.0.2
avaya s8700 r2.0.0
stonesoft stonegate 2.0.5
avaya sg203 4.4
4d webstar 5.2.3
cisco pix_firewall_software 6.2(3.100)
cisco webns 7.1_0.1.02
freebsd freebsd 5.2
hp hp-ux 11.00
cisco firewall_services_module *
bluecoat cacheos_ca_sa 4.1.10
cisco ios 12.1(11b)e
lite speed_technologies_litespeed_web_server 1.2_rc2
redhat openssl 0.9.7a-2
cisco pix_firewall_software 6.2
cisco css_secure_content_accelerator 2.0
stonesoft stonegate_vpn_client 2.0
cisco pix_firewall_software 6.2(3)
checkpoint firewall-1 *
stonesoft stonebeat_securitycluster 2.0
cisco pix_firewall_software 6.0(4.101)
cisco secure_content_accelerator 10000
securecomputing sidewinder 5.2.1
cisco gss_4480_global_site_selector *
cisco ios 12.1(13)e9
openssl openssl 0.9.7a
4d webstar 5.3
redhat linux 7.2
cisco okena_stormwatch 3.2
neoteris instant_virtual_extranet 3.2
dell bsafe_ssl-j 3.0
freebsd freebsd 4.9
cisco webns 7.10_.0.06s
stonesoft stonegate_vpn_client 2.0.8
stonesoft stonegate_vpn_client 1.7
neoteris instant_virtual_extranet 3.1
hp aaa_server *
stonesoft stonegate 2.0.4
cisco pix_firewall_software 6.1(2)
vmware gsx_server 2.5.1_build_5336
freebsd freebsd 5.1
cisco pix_firewall_software 6.3
apple mac_os_x 10.3.3
checkpoint firewall-1 next_generation_fp1
cisco ios 12.2(14)sy
avaya sg203 4.31.29
4d webstar 5.2.4
cisco pix_firewall_software 6.2(2)
cisco pix_firewall 6.2.2_.111
avaya sg5 4.2
freebsd freebsd 4.8
cisco mds_9000 *
avaya intuity_audix s3210
hp wbem a.02.00.00
cisco pix_firewall_software 6.0(4)
lite speed_technologies_litespeed_web_server 1.3_rc1
cisco ios 12.1(11)e
novell edirectory 8.5
vmware gsx_server 2.5.1
cisco pix_firewall_software 6.0
cisco pix_firewall_software 6.0(2)
securecomputing sidewinder 5.2.1.02
avaya s8500 r2.0.1
novell imanager 2.0
stonesoft stonegate 2.0.1
avaya vsu 2000_r2.0.1
lite speed_technologies_litespeed_web_server 1.0.3
freebsd freebsd 5.2.1
cisco css_secure_content_accelerator 1.0
stonesoft servercluster 2.5.2
openssl openssl 0.9.7c
avaya sg208 4.4
dell bsafe_ssl-j 3.1
stonesoft stonegate 1.7.1
stonesoft stonebeat_fullcluster 2.0
4d webstar 5.2.1
cisco ios 12.2(14)sy1
avaya converged_communications_server 2.0
openssl openssl 0.9.7b
stonesoft stonegate 2.2.1
novell edirectory 8.7.1
cisco content_services_switch_11500 *
hp hp-ux 11.11
cisco ios 12.1(19)e1
novell edirectory 8.7
stonesoft stonegate_vpn_client 1.7.2
checkpoint vpn-1 next_generation_fp0
symantec clientless_vpn_gateway_4400 5.0
lite speed_technologies_litespeed_web_server 1.2.1
novell imanager 1.5
vmware gsx_server 2.0.1_build_2129
stonesoft stonegate 1.6.2
openssl openssl 0.9.6g
cisco pix_firewall_software 6.3(1)
avaya intuity_audix s3400
stonesoft stonebeat_webcluster 2.5
stonesoft servercluster 2.5
securecomputing sidewinder 5.2.0.02
checkpoint vpn-1 next_generation_fp1
cisco webns 7.10
lite speed_technologies_litespeed_web_server 1.3_rc3
stonesoft stonegate 2.0.6
sco openserver 5.0.7
stonesoft stonegate 2.2.4
avaya sg200 4.31.29
cisco pix_firewall_software 6.0(1)
sco openserver 5.0.6
hp wbem a.02.00.01
checkpoint provider-1 4.1
neoteris instant_virtual_extranet 3.3.1
4d webstar 5.3.1
stonesoft stonegate 2.0.9
openssl openssl 0.9.6k
lite speed_technologies_litespeed_web_server 1.0.1
stonesoft stonegate 2.0.7
vmware gsx_server 3.0_build_7592
avaya vsu 5000_r2.0.1
CVE-2004-0099 MEDIUM

mksnap_ffs in FreeBSD 5.1 and 5.2 only sets the snapshot flag when creating a snapshot for a file system, which causes default values for other flags to be used, possibly disabling security-critical settings and allowing a local user to bypass intended access restrictions.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
freebsd freebsd 5.1
freebsd freebsd 5.2.1
CVE-2004-0112 MEDIUM

The SSL/TLS handshaking code in OpenSSL 0.9.7a, 0.9.7b, and 0.9.7c, when using Kerberos ciphersuites, does not properly check the length of Kerberos tickets during a handshake, which allows remote attackers to cause a denial of service (crash) via a crafted SSL/TLS handshake that causes an out-of-bounds read.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-125,

Products Affected

Vendor Product Version
stonesoft stonebeat_fullcluster 1_2.0
forcepoint stonegate 2.2.1
securecomputing sidewinder 5.2
securecomputing sidewinder 5.2.0.01
cisco ciscoworks_common_services 2.2
avaya sg5 4.4
cisco pix_firewall_software 6.3(3.109)
cisco webns 6.10_b4
cisco firewall_services_module 1.1_(3.005)
novell edirectory 8.0
hp wbem a.01.05.08
avaya s8500 r2.0.0
redhat enterprise_linux_desktop 3.0
hp apache-based_web_server 2.0.43.00
cisco access_registrar *
cisco firewall_services_module 1.1.2
openssl openssl 0.9.6d
redhat openssl 0.9.6b-3
forcepoint stonegate 1.7.2
openssl openssl 0.9.6h
stonesoft stonebeat_fullcluster 1_3.0
novell edirectory 8.5.12a
stonesoft stonebeat_webcluster 2.0
cisco webns 6.10
cisco pix_firewall_software 6.0(3)
novell edirectory 8.5.27
avaya sg208 *
bluecoat cacheos_ca_sa 4.1.12
cisco pix_firewall_software 6.1(1)
hp apache-based_web_server 2.0.43.04
cisco application_and_content_networking_software *
cisco ios 12.2sy
openssl openssl 0.9.6c
avaya s8300 r2.0.1
tarantella tarantella_enterprise 3.40
sgi propack 3.0
avaya vsu 500
openssl openssl 0.9.6j
securecomputing sidewinder 5.2.0.04
avaya vsu 5x
cisco pix_firewall_software 6.3(2)
hp hp-ux 8.05
redhat linux 7.3
cisco webns 7.1_0.2.06
cisco firewall_services_module 2.1_(0.208)
openbsd openbsd 3.3
neoteris instant_virtual_extranet 3.0
checkpoint firewall-1 2.0
forcepoint stonegate 1.6.2
neoteris instant_virtual_extranet 3.3
cisco css11000_content_services_switch *
avaya sg200 4.4
sgi propack 2.4
avaya intuity_audix 5.1.46
avaya vsu 5
novell edirectory 8.6.2
forcepoint stonegate 1.7.1
openssl openssl 0.9.6e
stonesoft stonebeat_fullcluster 3.0
avaya vsu 7500_r2.0.1
openssl openssl 0.9.6i
cisco webns 7.2_0.0.03
checkpoint firewall-1 next_generation_fp2
forcepoint stonegate 1.7
forcepoint stonegate 2.0.8
forcepoint stonegate 2.0.1
cisco pix_firewall_software 6.2(1)
forcepoint stonegate 2.0.7
stonesoft stonebeat_fullcluster 2.5
apple mac_os_x_server 10.3.3
cisco pix_firewall_software 6.1(3)
cisco pix_firewall_software 6.1(4)
avaya vsu 10000_r2.0.1
hp hp-ux 11.23
checkpoint vpn-1 next_generation_fp2
dell bsafe_ssl-j 3.0.1
openbsd openbsd 3.4
openssl openssl 0.9.7
sgi propack 2.3
checkpoint vpn-1 vsx_ng_with_application_intelligence
sun crypto_accelerator_4000 1.0
cisco ios 12.2za
cisco pix_firewall_software 6.3(3.102)
litespeedtech litespeed_web_server 1.0.1
cisco firewall_services_module 1.1.3
bluecoat proxysg *
4d webstar 5.2.2
avaya vsu 100_r2.0.1
vmware gsx_server 2.0
cisco pix_firewall_software 6.1(5)
checkpoint firewall-1 next_generation_fp0
redhat openssl 0.9.6-15
cisco threat_response *
forcepoint stonegate 2.0.4
4d webstar 5.2
avaya intuity_audix *
cisco ios 12.1(11b)e14
securecomputing sidewinder 5.2.0.03
tarantella tarantella_enterprise 3.20
cisco pix_firewall_software 6.1
cisco ciscoworks_common_management_foundation 2.1
4d webstar 4.0
avaya sg5 4.3
redhat enterprise_linux 3.0
redhat linux 8.0
avaya s8300 r2.0.0
tarantella tarantella_enterprise 3.30
avaya s8700 r2.0.1
cisco ios 12.1(11b)e12
stonesoft stonebeat_securitycluster 2.5
cisco call_manager *
forcepoint stonegate 2.1
forcepoint stonegate 1.5.17
openssl openssl 0.9.6f
cisco gss_4490_global_site_selector *
forcepoint stonegate 1.5.18
forcepoint stonegate 2.0.9
avaya s8700 r2.0.0
avaya sg203 4.4
4d webstar 5.2.3
cisco pix_firewall_software 6.2(3.100)
cisco webns 7.1_0.1.02
freebsd freebsd 5.2
hp hp-ux 11.00
cisco firewall_services_module *
bluecoat cacheos_ca_sa 4.1.10
cisco ios 12.1(11b)e
redhat openssl 0.9.7a-2
cisco pix_firewall_software 6.2
cisco css_secure_content_accelerator 2.0
cisco pix_firewall_software 6.2(3)
checkpoint firewall-1 *
stonesoft stonebeat_securitycluster 2.0
forcepoint stonegate 2.0.6
cisco pix_firewall_software 6.0(4.101)
cisco secure_content_accelerator 10000
securecomputing sidewinder 5.2.1
cisco gss_4480_global_site_selector *
forcepoint stonegate 2.2
cisco ios 12.1(13)e9
openssl openssl 0.9.7a
4d webstar 5.3
redhat linux 7.2
cisco okena_stormwatch 3.2
neoteris instant_virtual_extranet 3.2
dell bsafe_ssl-j 3.0
freebsd freebsd 4.9
cisco webns 7.10_.0.06s
neoteris instant_virtual_extranet 3.1
hp aaa_server *
cisco pix_firewall_software 6.1(2)
vmware gsx_server 2.5.1_build_5336
freebsd freebsd 5.1
cisco pix_firewall_software 6.3
apple mac_os_x 10.3.3
checkpoint firewall-1 next_generation_fp1
cisco ios 12.2(14)sy
avaya sg203 4.31.29
4d webstar 5.2.4
cisco pix_firewall_software 6.2(2)
forcepoint stonegate 2.0.5
cisco pix_firewall 6.2.2_.111
avaya sg5 4.2
freebsd freebsd 4.8
cisco mds_9000 *
avaya intuity_audix s3210
hp wbem a.02.00.00
cisco pix_firewall_software 6.0(4)
cisco ios 12.1(11)e
novell edirectory 8.5
vmware gsx_server 2.5.1
cisco pix_firewall_software 6.0
cisco pix_firewall_software 6.0(2)
securecomputing sidewinder 5.2.1.02
avaya s8500 r2.0.1
novell imanager 2.0
avaya vsu 2000_r2.0.1
freebsd freebsd 5.2.1
cisco css_secure_content_accelerator 1.0
stonesoft servercluster 2.5.2
openssl openssl 0.9.7c
avaya sg208 4.4
dell bsafe_ssl-j 3.1
stonesoft stonebeat_fullcluster 2.0
4d webstar 5.2.1
cisco ios 12.2(14)sy1
avaya converged_communications_server 2.0
openssl openssl 0.9.7b
novell edirectory 8.7.1
cisco content_services_switch_11500 *
hp hp-ux 11.11
cisco ios 12.1(19)e1
novell edirectory 8.7
checkpoint vpn-1 next_generation_fp0
symantec clientless_vpn_gateway_4400 5.0
novell imanager 1.5
vmware gsx_server 2.0.1_build_2129
openssl openssl 0.9.6g
cisco pix_firewall_software 6.3(1)
avaya intuity_audix s3400
stonesoft stonebeat_webcluster 2.5
stonesoft servercluster 2.5
securecomputing sidewinder 5.2.0.02
checkpoint vpn-1 next_generation_fp1
cisco webns 7.10
sco openserver 5.0.7
avaya sg200 4.31.29
cisco pix_firewall_software 6.0(1)
forcepoint stonegate 1.6.3
sco openserver 5.0.6
hp wbem a.02.00.01
checkpoint provider-1 4.1
neoteris instant_virtual_extranet 3.3.1
4d webstar 5.3.1
openssl openssl 0.9.6k
forcepoint stonegate 2.2.4
vmware gsx_server 3.0_build_7592
avaya vsu 5000_r2.0.1
CVE-2004-0114 MEDIUM

The shmat system call in the System V Shared Memory interface for FreeBSD 5.2 and earlier, NetBSD 1.3 and earlier, and OpenBSD 2.6 and earlier, does not properly decrement a shared memory segment's reference count when the vm_map_find function fails, which could allow local users to gain read or write access to a portion of kernel memory and gain privileges.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
openbsd openbsd *
freebsd freebsd *
netbsd netbsd *
CVE-2004-0125 HIGH

The jail system call in FreeBSD 4.x before 4.10-RELEASE does not verify that an attempt to manipulate routing tables originated from a non-jailed process, which could allow local users to modify the routing table.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
freebsd freebsd 4.3
freebsd freebsd 4.4
freebsd freebsd 4.6
freebsd freebsd 4.7
freebsd freebsd 4.10
freebsd freebsd 4.2
freebsd freebsd 4.9
freebsd freebsd 4.0
freebsd freebsd 4.6.2
freebsd freebsd 4.8
freebsd freebsd 4.1.1
freebsd freebsd 4.1
freebsd freebsd 4.5
CVE-2004-0126 MEDIUM

The jail_attach system call in FreeBSD 5.1 and 5.2 changes the directory of a calling process even if the process doesn't have permission to change directory, which allows local users to gain read/write privileges to files and directories within another jail.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
freebsd freebsd 5.1
freebsd freebsd 5.2.1
freebsd freebsd 5.2
CVE-2004-0171 MEDIUM

FreeBSD 5.1 and earlier, and Mac OS X before 10.3.4, allows remote attackers to cause a denial of service (resource exhaustion of memory buffers and system crash) via a large number of out-of-sequence TCP packets, which prevents the operating system from creating new connections.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
freebsd freebsd 4.7
freebsd freebsd 4.9
freebsd freebsd 5.1
freebsd freebsd 5.0
freebsd freebsd 4.6.2
freebsd freebsd 4.8
openbsd openbsd 3.4
freebsd freebsd 5.2
openbsd openbsd 3.3
CVE-2004-0370 LOW

The setsockopt call in the KAME Project IPv6 implementation, as used in FreeBSD 5.2, does not properly handle certain IPv6 socket options, which could allow attackers to read kernel memory and cause a system panic.

CVSS 2.0

Severity: LOW

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
freebsd freebsd 5.2
CVE-2004-0435 LOW

Certain "programming errors" in the msync system call for FreeBSD 5.2.1 and earlier, and 4.10 and earlier, do not properly handle the MS_INVALIDATE operation, which leads to cache consistency problems that allow a local user to prevent certain changes to files from being committed to disk.

CVSS 2.0

Severity: LOW

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
freebsd freebsd 4.9
freebsd freebsd 4.10
freebsd freebsd 4.0
freebsd freebsd 4.8
freebsd freebsd 5.2.1
freebsd freebsd 5.2
CVE-2004-0602 LOW

The binary compatibility mode for FreeBSD 4.x and 5.x does not properly handle certain Linux system calls, which could allow local users to access kernel memory to gain privileges or cause a system panic.

CVSS 2.0

Severity: LOW

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
freebsd freebsd 4.0
freebsd freebsd 5.0
CVE-2004-0618 LOW

FreeBSD 5.1 for the Alpha processor allows local users to cause a denial of service (crash) via an execve system call with an unaligned memory address as an argument.

CVSS 2.0

Severity: LOW

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
freebsd freebsd 5.1
freebsd freebsd 4.10
freebsd freebsd 5.2.1
CVE-2004-0919 MEDIUM

The syscons CONS_SCRSHOT ioctl in FreeBSD 5.x allows local users to read arbitrary kernel memory via (1) negative coordinates or (2) large coordinates.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
freebsd freebsd 5.1
freebsd freebsd 5.0
freebsd freebsd 5.2.1
freebsd freebsd 5.2
CVE-2004-1053 HIGH

Integer overflow in fetch on FreeBSD 4.1 through 5.3 allows remote malicious servers to execute arbitrary code via certain HTTP headers in an HTTP response, which lead to a buffer overflow.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
freebsd fetch *
CVE-2004-1066 LOW

The cmdline pseudofiles in (1) procfs on FreeBSD 4.8 through 5.3, and (2) linprocfs on FreeBSD 5.x through 5.3, do not properly validate a process argument vector, which allows local users to cause a denial of service (panic) or read portions of kernel memory. NOTE: this candidate might be SPLIT into 2 separate items in the future.

CVSS 2.0

Severity: LOW

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
freebsd freebsd 4.3
freebsd freebsd 4.4
freebsd freebsd 4.6
freebsd freebsd 4.7
freebsd freebsd 5.1
freebsd freebsd 4.10
freebsd freebsd 5.0
freebsd freebsd 4.2
freebsd freebsd 5.3
freebsd freebsd 4.9
freebsd freebsd 4.0
freebsd freebsd 4.8
freebsd freebsd 5.2.1
freebsd freebsd 4.1.1
freebsd freebsd 4.1
freebsd freebsd 5.2
freebsd freebsd 4.5
CVE-2004-1471 HIGH

Format string vulnerability in wrapper.c in CVS 1.12.x through 1.12.8, and 1.11.x through 1.11.16 allows remote attackers with CVSROOT commit access to cause a denial of service (application crash) and possibly execute arbitrary code via format string specifiers in a wrapper line.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
freebsd freebsd 4.3
freebsd freebsd 4.4
sgi propack 2.4
cvs cvs 1.11.3
freebsd freebsd 2.1.7.1
cvs cvs 1.11
freebsd freebsd 5.0
openbsd openbsd current
gentoo linux 1.4
cvs cvs 1.12.8
openpkg openpkg 2.0
cvs cvs 1.11.2
cvs cvs 1.11.5
cvs cvs 1.10.8
cvs cvs 1.11.1_p1
cvs cvs 1.11.4
freebsd freebsd 5.2.1
cvs cvs 1.11.1
freebsd freebsd 5.2
freebsd freebsd 4.6
cvs cvs 1.11.14
freebsd freebsd 2.2.8
freebsd freebsd 2.1.6
cvs cvs 1.12.7
cvs cvs 1.11.6
freebsd freebsd 2.2.3
freebsd freebsd 3.5.1
openpkg openpkg current
freebsd freebsd 3.1
freebsd freebsd 2.1.5
cvs cvs 1.11.10
freebsd freebsd 2.2.6
freebsd freebsd 2.0.5
openbsd openbsd 3.4
freebsd freebsd 4.1
sgi propack 3.0
freebsd freebsd 1.1.5.1
cvs cvs 1.11.15
cvs cvs 1.12.2
freebsd freebsd 3.0
freebsd freebsd 2.1.6.1
cvs cvs 1.10.7
freebsd freebsd 4.9
cvs cvs 1.11.11
cvs cvs 1.12.1
freebsd freebsd 3.2
freebsd freebsd 3.5
freebsd freebsd 4.7
freebsd freebsd 2.2.5
freebsd freebsd 5.1
freebsd freebsd 2.2
freebsd freebsd 4.10
openpkg openpkg 1.3
freebsd freebsd 2.2.4
freebsd freebsd 2.0
freebsd freebsd 4.2
cvs cvs 1.11.16
freebsd freebsd 3.4
freebsd freebsd 3.3
freebsd freebsd 2.1.0
openbsd openbsd 3.5
cvs cvs 1.12.5
freebsd freebsd 2.2.2
freebsd freebsd 4.0
freebsd freebsd 4.6.2
freebsd freebsd 4.8
freebsd freebsd 4.1.1
freebsd freebsd 4.5
CVE-2005-0109 MEDIUM

Hyper-Threading technology, as used in FreeBSD and other operating systems that are run on Intel Pentium and other processors, allows local users to use a malicious thread to create covert channels, monitor the execution of other threads, and obtain sensitive information such as cryptographic keys, via a timing attack on memory cache misses.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
freebsd freebsd 4.3
freebsd freebsd 4.4
freebsd freebsd 2.1.7.1
freebsd freebsd 5.0
redhat fedora_core core_3.0
sco unixware 7.1.3
freebsd freebsd 5.2.1
redhat enterprise_linux_desktop 3.0
freebsd freebsd 5.2
sun solaris 7.0
sun solaris 9.0
freebsd freebsd 4.6
freebsd freebsd 2.2.8
freebsd freebsd 2.1.6
freebsd freebsd 2.2.3
ubuntu ubuntu_linux 5.04
redhat enterprise_linux_desktop 4.0
freebsd freebsd 3.5.1
freebsd freebsd 5.3
freebsd freebsd 3.1
freebsd freebsd 2.1.5
sun solaris 10.0
freebsd freebsd 2.2.6
freebsd freebsd 2.0.5
freebsd freebsd 4.1
ubuntu ubuntu_linux 4.1
sco unixware 7.1.3_up
freebsd freebsd 1.1.5.1
freebsd freebsd 3.0
freebsd freebsd 2.1.6.1
freebsd freebsd 4.9
freebsd freebsd 4.11
freebsd freebsd 5.4
freebsd freebsd 3.2
sco openserver 5.0.7
freebsd freebsd 3.5
sco unixware 7.1.4
freebsd freebsd 4.7
freebsd freebsd 2.2.5
freebsd freebsd 5.1
freebsd freebsd 2.2
sun solaris 8.0
freebsd freebsd 4.10
freebsd freebsd 2.2.4
freebsd freebsd 2.0
freebsd freebsd 4.2
freebsd freebsd 3.4
freebsd freebsd 3.3
freebsd freebsd 2.1.0
redhat enterprise_linux 3.0
freebsd freebsd 2.2.2
freebsd freebsd 4.0
freebsd freebsd 4.6.2
freebsd freebsd 4.8
redhat enterprise_linux 4.0
redhat enterprise_linux 2.1
freebsd freebsd 4.1.1
freebsd freebsd 4.5
CVE-2005-0356 MEDIUM

Multiple TCP implementations with Protection Against Wrapped Sequence Numbers (PAWS) with the timestamps option enabled allow remote attackers to cause a denial of service (connection loss) via a spoofed packet with a large timer value, which causes the host to discard later packets because they appear to be too old.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
cisco support_tools *
cisco ciscoworks_vpn_security_management_solution *
microsoft windows_2003_server standard_64-bit
cisco ciscoworks_common_management_foundation 2.2
microsoft windows_2003_server web
cisco ciscoworks_common_services 2.2
alaxala alaxala_networks ax5400s
nortel ethernet_routing_switch_1624 *
cisco sn_5420_storage_router *
cisco call_manager 3.2
f5 tmos 4.6.2
cisco ciscoworks_lms 1.3
cisco sn_5428_storage_router 3.2.1-k9
cisco call_manager 2.0
hitachi alaxala ax
cisco sn_5428_storage_router 3.3.1-k9
cisco unity_server 3.1
cisco ciscoworks_common_management_foundation 2.0
cisco ciscoworks_cd1 4th
freebsd freebsd 3.5.1
cisco e-mail_manager *
openbsd openbsd 3.2
freebsd freebsd 3.1
nortel callpilot 703t
cisco secure_access_control_server 2.5
nortel business_communications_manager 1000
f5 tmos 9.0
freebsd freebsd 2.2.6
nortel universal_signaling_point compact_lite
cisco secure_access_control_server 2.4
f5 tmos 4.5.11
cisco secure_access_control_server 3.0.1
cisco intelligent_contact_manager 5.0
cisco secure_access_control_server 3.3(1)
cisco secure_access_control_server 3.3.1
cisco ciscoworks_cd1 5th
cisco ciscoworks_windows_wug *
cisco webns 7.10_(05.07)s
cisco content_services_switch_11503 *
cisco call_manager 3.3(3)
cisco personal_assistant 1.3(2)
freebsd freebsd 5.4
nortel contact_center *
f5 tmos 4.5
cisco unity_server 4.0
cisco sn_5420_storage_router_firmware 1.1(7)
f5 tmos 4.5.6
yamaha rtv700 *
freebsd freebsd 3.5
freebsd freebsd 2.2.5
freebsd freebsd 4.10
cisco sn_5420_storage_router_firmware 1.1(3)
cisco webns 7.30_(00.09)s
freebsd freebsd 2.0
microsoft windows_2003_server standard
cisco conference_connection 1.2
cisco secure_access_control_server 3.2
cisco aironet_ap1200 *
cisco sn_5428_storage_router 3.3.2-k9
cisco sn_5420_storage_router_firmware 1.1(4)
openbsd openbsd 3.3
hitachi gr4000 *
cisco secure_access_control_server 2.3
cisco call_manager 1.0
cisco personal_assistant 1.3(4)
cisco sn_5420_storage_router_firmware 1.1(5)
freebsd freebsd 4.3
cisco sn_5428_storage_router 3.2.2-k9
cisco secure_access_control_server 3.0
cisco content_services_switch_11506 *
cisco content_services_switch_11050 *
nortel callpilot 200i
yamaha rt250i *
f5 tmos 9.0.4
cisco personal_assistant 1.4(2)
cisco secure_access_control_server 3.1
cisco call_manager 3.3
microsoft windows_xp *
f5 tmos 4.6
f5 tmos 4.0
cisco aironet_ap350 *
f5 tmos 4.5.12
yamaha rtx1500 *
cisco remote_monitoring_suite_option *
freebsd freebsd 2.2.3
cisco unity_server 3.0
nortel ethernet_routing_switch_1648 *
cisco mgx_8250 1.2.11
openbsd openbsd 3.4
freebsd freebsd 4.1
yamaha rtx2000 *
cisco secure_access_control_server 3.2.2
cisco unity_server 2.3
cisco secure_access_control_server 2.6.2
openbsd openbsd 3.1
cisco ip_contact_center_enterprise *
f5 tmos 4.2
freebsd freebsd 3.0
cisco secure_access_control_server 3.2(2)
freebsd freebsd 2.1.6.1
cisco secure_access_control_server 3.3.2
cisco secure_access_control_server 2.1
cisco mgx_8230 1.2.10
cisco webns 7.20_(03.10)s
cisco web_collaboration_option *
cisco ciscoworks_windows *
nortel callpilot 702t
freebsd freebsd 2.2
freebsd freebsd 2.2.4
yamaha rtx1100 *
cisco call_manager 3.1(3a)
cisco ciscoworks_common_management_foundation 2.1
freebsd freebsd 3.3
cisco call_manager 3.1
nortel ethernet_routing_switch_1612 *
nortel succession_communication_server_1000 *
cisco secure_access_control_server 2.6
freebsd freebsd 4.6.2
cisco personal_assistant 1.3(3)
freebsd freebsd 4.5
hitachi gs4000 *
cisco ciscoworks_cd1 3rd
freebsd freebsd 2.1.7.1
cisco secure_access_control_server 2.3.5.1
cisco webns 7.30_(00.08)s
cisco ciscoworks_1105_hosting_solution_engine *
cisco ciscoworks_cd1 1st
cisco sn_5428_storage_router 2-3.3.2-k9
cisco unity_server 3.3
nortel universal_signaling_point 5200
cisco content_services_switch_11150 *
cisco agent_desktop *
freebsd freebsd 5.2
cisco secure_access_control_server 3.2(1)
freebsd freebsd 4.6
cisco secure_access_control_server 3.0.3
freebsd freebsd 2.1.6
yamaha rtx1000 *
cisco secure_access_control_server 2.3.6.1
cisco secure_access_control_server 3.1.1
f5 tmos 9.0.5
cisco personal_assistant 1.4(1)
cisco secure_access_control_server 2.42
cisco unity_server 2.0
cisco call_manager 4.0
freebsd freebsd 2.1.5
freebsd freebsd 2.0.5
nortel 7250_wlan_access_point *
cisco mgx_8230 1.2.11
nortel survivable_remote_gateway 1.0
nortel optical_metro_5000 *
freebsd freebsd 4.9
freebsd freebsd 4.11
cisco ciscoworks_cd1 2nd
cisco unity_server 2.4
f5 tmos 9.0.1
cisco sn_5420_storage_router_firmware 1.1.3
cisco mgx_8250 1.2.10
microsoft windows_2003_server enterprise
cisco conference_connection 1.1(1)
cisco call_manager 3.1(2)
cisco ciscoworks_access_control_list_manager 1.5
freebsd freebsd 4.7
freebsd freebsd 5.1
nortel 7220_wlan_access_point *
nortel optical_metro_5200 *
cisco secure_access_control_server 2.6.4
freebsd freebsd 3.4
cisco unity_server 3.2
openbsd openbsd 3.5
cisco ciscoworks_1105_wireless_lan_solution_engine *
cisco personal_assistant 1.3(1)
nortel business_communications_manager 200
yamaha rt300i *
freebsd freebsd 2.2.2
freebsd freebsd 4.0
cisco interactive_voice_response *
freebsd freebsd 4.8
openbsd openbsd 3.6
freebsd freebsd 4.1.1
freebsd freebsd 4.4
cisco emergency_responder 1.1
microsoft windows_2003_server r2
freebsd freebsd 5.0
f5 tmos 9.0.3
cisco call_manager 3.0
freebsd freebsd 5.2.1
f5 tmos 4.3
cisco secure_access_control_server 3.2(1.20)
cisco secure_access_control_server 3.2.1
hitachi gr3000 *
f5 tmos 9.0.2
cisco secure_access_control_server 2.0
yamaha rt105 *
f5 tmos 4.5.10
nortel business_communications_manager 400
freebsd freebsd 2.2.8
cisco ciscoworks_access_control_list_manager 1.6
cisco content_services_switch_11500 *
freebsd freebsd 5.3
openbsd openbsd 3.0
cisco secure_access_control_server 2.6.3
nortel callpilot 201i
cisco unity_server 2.46
cisco webns 7.20_(03.09)s
cisco meetingplace *
yamaha rt57i *
alaxala alaxala_networks ax7800s
freebsd freebsd 1.1.5.1
cisco sn_5420_storage_router_firmware 1.1(2)
microsoft windows_2003_server enterprise_64-bit
f5 tmos 4.5.9
cisco content_services_switch_11800 *
cisco secure_access_control_server 3.3
f5 tmos 4.4
cisco content_services_switch_11501 *
freebsd freebsd 3.2
microsoft windows_2000 *
nortel optical_metro_5100 *
cisco sn_5428_storage_router 2-3.3.1-k9
freebsd freebsd 4.2
cisco unity_server 2.1
freebsd freebsd 2.1.0
alaxala alaxala_networks ax7800r
cisco content_services_switch_11000 *
cisco sn_5428_storage_router 2.5.1-k9
cisco secure_access_control_server 3.2(3)
cisco ip_contact_center_express *
cisco unity_server 2.2
CVE-2005-0610 HIGH

Multiple symlink vulnerabilities in portupgrade before 20041226_2 in FreeBSD allow local users to (1) overwrite arbitrary files and possibly replace packages to execute arbitrary code via pkg_fetch, (2) overwrite arbitrary files via temporary files when portupgrade upgrades a port or package, or (3) create arbitrary zero-byte files via the pkgdb.fixme temporary file.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
freebsd freebsd 4.3
freebsd freebsd 4.4
freebsd freebsd 4.6
freebsd freebsd 4.7
freebsd freebsd 5.1
freebsd freebsd 4.10
freebsd freebsd 5.0
freebsd freebsd 4.2
freebsd freebsd 5.3
freebsd freebsd 4.9
freebsd freebsd 4.11
freebsd freebsd 4.0
freebsd freebsd 4.6.2
freebsd freebsd 4.8
freebsd freebsd 5.2.1
freebsd freebsd 5.4
freebsd freebsd 4.1.1
freebsd freebsd 4.1
freebsd freebsd 5.2
freebsd freebsd 4.5
CVE-2005-0708 HIGH

The sendfile system call in FreeBSD 4.8 through 4.11 and 5 through 5.4 can transfer portions of kernel memory if a file is truncated while it is being sent, which could allow remote attackers to obtain sensitive information.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
freebsd freebsd 4.3
freebsd freebsd 4.4
freebsd freebsd 4.6
freebsd freebsd 4.7
freebsd freebsd 5.1
freebsd freebsd 4.10
freebsd freebsd 5.0
freebsd freebsd 4.2
freebsd freebsd 5.3
freebsd freebsd 4.9
freebsd freebsd 4.11
freebsd freebsd 4.0
dragonflybsd dragonflybsd 1.1
freebsd freebsd 4.6.2
freebsd freebsd 4.8
freebsd freebsd 5.2.1
freebsd freebsd 5.4
freebsd freebsd 4.1.1
freebsd freebsd 4.1
freebsd freebsd 5.2
dragonflybsd dragonflybsd 1.0
freebsd freebsd 4.5
CVE-2005-0988 LOW

Race condition in gzip 1.2.4, 1.3.3, and earlier, when decompressing a gzipped file, allows local users to modify permissions of arbitrary files via a hard link attack on a file while it is being decompressed, whose permissions are changed by gzip after the decompression is complete.

CVSS 2.0

Severity: LOW

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
freebsd freebsd 4.3
freebsd freebsd 4.4
ubuntu ubuntu_linux 4.1
freebsd freebsd 5.0
trustix secure_linux 2.1
trustix secure_linux 2.0
turbolinux turbolinux_server 7.0
turbolinux turbolinux_appliance_server 1.0_workgroup
gentoo linux *
freebsd freebsd 4.9
freebsd freebsd 4.11
gnu gzip 1.3.3
freebsd freebsd 5.2.1
redhat enterprise_linux_desktop 3.0
turbolinux turbolinux_desktop 10.0
freebsd freebsd 5.4
freebsd freebsd 5.2
turbolinux turbolinux_server 8.0
freebsd freebsd 4.6
freebsd freebsd 4.7
turbolinux turbolinux_workstation 7.0
freebsd freebsd 5.1
freebsd freebsd 4.10
turbolinux turbolinux_workstation 8.0
freebsd freebsd 4.2
turbolinux turbolinux_server 10.0
ubuntu ubuntu_linux 5.04
redhat enterprise_linux_desktop 4.0
gnu gzip 1.2.4a
freebsd freebsd 5.3
redhat enterprise_linux 3.0
gnu gzip 1.2.4
turbolinux turbolinux_home *
freebsd freebsd 4.0
freebsd freebsd 4.6.2
freebsd freebsd 4.8
redhat enterprise_linux 4.0
redhat enterprise_linux 2.1
freebsd freebsd 4.1.1
redhat linux_advanced_workstation 2.1
freebsd freebsd 4.1
turbolinux turbolinux_appliance_server 1.0_hosting
freebsd freebsd 4.5
trustix secure_linux 2.2
CVE-2005-1036 HIGH

FreeBSD 5.x to 5.4 on AMD64 does not properly initialize the IO permission bitmap used to allow user access to certain hardware, which allows local users to bypass intended access restrictions to cause a denial of service, obtain sensitive information, and possibly gain privileges.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-909,

Products Affected

Vendor Product Version
freebsd freebsd *
CVE-2005-1126 LOW

The SIOCGIFCONF ioctl (ifconf function) in FreeBSD 4.x through 4.11 and 5.x through 5.4 does not properly clear a buffer before using it, which allows local users to obtain portions of sensitive kernel memory.

CVSS 2.0

Severity: LOW

Problem Type: CWE-399,

Products Affected

Vendor Product Version
freebsd freebsd 4.3
freebsd freebsd 4.4
freebsd freebsd 4.6
freebsd freebsd 4.7
freebsd freebsd 5.1
freebsd freebsd 4.10
freebsd freebsd 5.0
freebsd freebsd 4.2
freebsd freebsd 5.3
freebsd freebsd 4.9
freebsd freebsd 4.11
freebsd freebsd 4.0
freebsd freebsd 4.6.2
freebsd freebsd 4.8
freebsd freebsd 5.2.1
freebsd freebsd 4.1.1
freebsd freebsd 4.1
freebsd freebsd 5.2
freebsd freebsd 4.5
CVE-2005-1399 MEDIUM

FreeBSD 4.6 to 4.11 and 5.x to 5.4 uses insecure default permissions for the /dev/iir device, which allows local users to execute restricted ioctl calls to read or modify data on hardware that is controlled by the iir driver.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
freebsd freebsd 4.6
freebsd freebsd 4.7
freebsd freebsd 4.9
freebsd freebsd 4.11
freebsd freebsd 5.1
freebsd freebsd 4.10
freebsd freebsd 4.8
freebsd freebsd 5.4
freebsd freebsd 5.2
freebsd freebsd 5.3
CVE-2005-1400 MEDIUM

The i386_get_ldt system call in FreeBSD 4.7 to 4.11 and 5.x to 5.4 allows local users to access sensitive kernel memory via arguments with negative or very large values.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
freebsd freebsd 4.7
freebsd freebsd 4.9
freebsd freebsd 4.11
freebsd freebsd 5.1
freebsd freebsd 4.10
freebsd freebsd 4.8
freebsd freebsd 5.4
freebsd freebsd 5.2
freebsd freebsd 5.3
CVE-2005-1406 MEDIUM

The kernel in FreeBSD 4.x to 4.11 and 5.x to 5.4 does not properly clear certain fixed-length buffers when copying variable-length data for use by applications, which could allow those applications to read previously used sensitive memory.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
freebsd freebsd 4.3
freebsd freebsd 4.4
freebsd freebsd 4.6
freebsd freebsd 4.7
freebsd freebsd 5.1
freebsd freebsd 4.10
freebsd freebsd 4.2
freebsd freebsd 5.3
freebsd freebsd 4.9
freebsd freebsd 4.11
freebsd freebsd 4.8
freebsd freebsd 5.4
freebsd freebsd 4.1
freebsd freebsd 5.2
freebsd freebsd 4.5
CVE-2005-2019 MEDIUM

ipfw in FreeBSD 5.4, when running on Symmetric Multi-Processor (SMP) or Uni Processor (UP) systems with the PREEMPTION kernel option enabled, does not sufficiently lock certain resources while performing table lookups, which can cause the cache results to be corrupted during multiple concurrent lookups, allowing remote attackers to bypass intended access restrictions.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
freebsd freebsd 5.4
CVE-2005-2068 MEDIUM

FreeBSD 4.x through 4.11 and 5.x through 5.4 allows remote attackers to modify certain TCP options via a TCP packet with the SYN flag set for an already established session.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
freebsd freebsd 4.3
freebsd freebsd 4.4
freebsd freebsd 4.6
freebsd freebsd 4.7
freebsd freebsd 5.1
freebsd freebsd 4.10
freebsd freebsd 5.0
freebsd freebsd 4.2
freebsd freebsd 5.3
freebsd freebsd 4.9
freebsd freebsd 4.11
freebsd freebsd 4.0
freebsd freebsd 4.6.2
freebsd freebsd 4.8
freebsd freebsd 5.2.1
freebsd freebsd 5.4
freebsd freebsd 4.1.1
freebsd freebsd 4.1
freebsd freebsd 5.2
freebsd freebsd 4.5
CVE-2005-2218 HIGH

The device file system (devfs) in FreeBSD 5.x does not properly check parameters of the node type when creating a device node, which makes hidden devices available to attackers, who can then bypass restrictions on a jailed process.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
freebsd freebsd 5.1
freebsd freebsd 5.0
freebsd freebsd 5.2.1
freebsd freebsd 5.4
freebsd freebsd 5.2
freebsd freebsd 5.3
CVE-2005-2359 MEDIUM

The AES-XCBC-MAC algorithm in IPsec in FreeBSD 5.3 and 5.4, when used for authentication without other encryption, uses a constant key instead of the one that was assigned by the system administrator, which can allow remote attackers to spoof packets to establish an IPsec session.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
freebsd freebsd 5.4
freebsd freebsd 5.3
CVE-2005-4351 MEDIUM

The securelevels implementation in FreeBSD 7.0 and earlier, OpenBSD up to 3.8, DragonFly up to 1.2, and Linux up to 2.6.15 allows root users to bypass immutable settings for files by mounting another filesystem that masks the immutable files while the system is running.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
openbsd openbsd *
freebsd freebsd *
linux linux_kernel *
freebsd freebsd 7.0
dragonfly dragonfly *
CVE-2006-0054 MEDIUM

The ipfw firewall in FreeBSD 6.0-RELEASE allows remote attackers to cause a denial of service (firewall crash) via ICMP IP fragments that match a reset, reject or unreach action, which leads to an access of an uninitialized pointer.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-824,CWE-824,

Products Affected

Vendor Product Version
freebsd freebsd 6.0
CVE-2006-0055 LOW

The ispell_op function in ee on FreeBSD 4.10 to 6.0 uses predictable filenames and does not confirm which file is being written, which allows local users to overwrite arbitrary files via a symlink attack when ee invokes ispell.

CVSS 2.0

Severity: LOW

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
freebsd freebsd 4.11
freebsd freebsd 5.1
freebsd freebsd 4.10
freebsd freebsd 5.0
freebsd freebsd 5.2.1
freebsd freebsd 5.4
freebsd freebsd 6.0
freebsd freebsd 5.2
freebsd freebsd 5.3
CVE-2006-0226 HIGH

Integer overflow in IEEE 802.11 network subsystem (ieee80211_ioctl.c) in FreeBSD before 6.0-STABLE, while scanning for wireless networks, allows remote attackers to execute arbitrary code by broadcasting crafted (1) beacon or (2) probe response frames.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
freebsd freebsd 6.0
CVE-2006-0379 LOW

FreeBSD kernel 5.4-STABLE and 6.0 does not completely initialize a buffer before making it available to userland, which could allow local users to read portions of kernel memory.

CVSS 2.0

Severity: LOW

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
freebsd freebsd 5.4
freebsd freebsd 6.0
CVE-2006-0380 LOW

A logic error in FreeBSD kernel 5.4-STABLE and 6.0 causes the kernel to calculate an incorrect buffer length, which causes more data to be copied to userland than intended, which could allow local users to read portions of kernel memory.

CVSS 2.0

Severity: LOW

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
freebsd freebsd 5.4
freebsd freebsd 6.0
CVE-2006-0381 MEDIUM

A logic error in the IP fragment cache functionality in pf in FreeBSD 5.3, 5.4, and 6.0, and OpenBSD, when a 'scrub fragment crop' or 'scrub fragment drop-ovl' rule is being used, allows remote attackers to cause a denial of service (crash) via crafted packets that cause a packet fragment to be inserted twice.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
freebsd freebsd 5.4
freebsd freebsd 6.0
freebsd freebsd 5.3
CVE-2006-0433 MEDIUM

Selective Acknowledgement (SACK) in FreeBSD 5.3 and 5.4 does not properly handle an incoming selective acknowledgement when there is insufficient memory, which might allow remote attackers to cause a denial of service (infinite loop).

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
freebsd freebsd 5.4
freebsd freebsd 5.3
CVE-2006-0883 MEDIUM

OpenSSH on FreeBSD 5.3 and 5.4, when used with OpenPAM, does not properly handle when a forked child process terminates during PAM authentication, which allows remote attackers to cause a denial of service (client connection refusal) by connecting multiple times to the SSH server, waiting for the password prompt, then disconnecting.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-399,

Products Affected

Vendor Product Version
freebsd freebsd 5.4
openbsd openssh 3.8.1p1
freebsd freebsd 5.3
CVE-2006-0900 HIGH

nfsd in FreeBSD 6.0 kernel allows remote attackers to cause a denial of service via a crafted NFS mount request, as demonstrated by the ProtoVer NFS test suite.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
freebsd freebsd 6.0
CVE-2006-0905 HIGH

A "programming error" in fast_ipsec in FreeBSD 4.8-RELEASE through 6.1-STABLE and NetBSD 2 through 3 does not properly update the sequence number associated with a Security Association, which allows packets to pass sequence number checks and allows remote attackers to capture IPSec packets and conduct replay attacks.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
netbsd netbsd 2.0
freebsd freebsd 5.1
freebsd freebsd 4.10
freebsd freebsd 5.0
freebsd freebsd 5.3
freebsd freebsd 4.9
freebsd freebsd 4.11
freebsd freebsd 4.8
freebsd freebsd 5.2.1
freebsd freebsd 5.4
freebsd freebsd 6.0
freebsd freebsd 5.2
netbsd netbsd 3.0
CVE-2006-1056 LOW

The Linux kernel before 2.6.16.9 and the FreeBSD kernel, when running on AMD64 and other 7th and 8th generation AuthenticAMD processors, only save/restore the FOP, FIP, and FDP x87 registers in FXSAVE/FXRSTOR when an exception is pending, which allows one process to determine portions of the state of floating point instructions of other processes, which can be leveraged to obtain sensitive information such as cryptographic keys. NOTE: this is the documented behavior of AMD64 processors, but it is inconsistent with Intel processors in a security-relevant fashion that was not addressed by the kernels.

CVSS 2.0

Severity: LOW

Problem Type: CWE-310,

Products Affected

Vendor Product Version
linux linux_kernel 2.6.11.1
linux linux_kernel 2.6.16.2
linux linux_kernel 2.6.13
linux linux_kernel 2.6.11.8
linux linux_kernel 2.6.16.4
linux linux_kernel 2.6.13.4
linux linux_kernel 2.6.12.3
linux linux_kernel 2.6.10
linux linux_kernel 2.6.4
linux linux_kernel 2.6.11.10
linux linux_kernel 2.6.13.3
linux linux_kernel 2.6.14.3
linux linux_kernel 2.6.16.6
linux linux_kernel 2.6.11.11
linux linux_kernel 2.6.15.6
linux linux_kernel 2.6.14
linux linux_kernel 2.6.16.3
linux linux_kernel 2.6.14.6
linux linux_kernel 2.6.12.2
linux linux_kernel 2.6.11.7
linux linux_kernel 2.6.11.5
linux linux_kernel 2.6.9
linux linux_kernel 2.6.14.2
linux linux_kernel 2.6.12.6
linux linux_kernel 2.6.14.5
linux linux_kernel 2.6.15.2
linux linux_kernel 2.6.11
linux linux_kernel 2.6.14.7
linux linux_kernel 2.6.0
linux linux_kernel 2.6.11.4
linux linux_kernel 2.6.15.3
linux linux_kernel 2.6.12.4
linux linux_kernel 2.6.14.1
linux linux_kernel 2.6.2
linux linux_kernel 2.6.6
linux linux_kernel 2.6.15.5
linux linux_kernel 2.6.1
linux linux_kernel 2.6.5
linux linux_kernel 2.6.13.2
linux linux_kernel 2.6.16.7
linux linux_kernel *
linux linux_kernel 2.6.16.5
linux linux_kernel 2.6.16
linux linux_kernel 2.6.11.2
linux linux_kernel 2.6.8
linux linux_kernel 2.6_test9_cvs
linux linux_kernel 2.6.15.4
freebsd freebsd *
linux linux_kernel 2.6.12
linux linux_kernel 2.6.15.1
linux linux_kernel 2.6.12.5
linux linux_kernel 2.6.15
linux linux_kernel 2.6.11.3
linux linux_kernel 2.6.11.12
linux linux_kernel 2.6.12.1
linux linux_kernel 2.6.11.6
linux linux_kernel 2.6.14.4
linux linux_kernel 2.6.16.1
linux linux_kernel 2.6.11.9
linux linux_kernel 2.6.15.7
linux linux_kernel 2.6.3
linux linux_kernel 2.6.7
linux linux_kernel 2.6.13.1
linux linux_kernel 2.6.16_rc7
CVE-2006-1283 HIGH

opiepasswd in One-Time Passwords in Everything (OPIE) in FreeBSD 4.10-RELEASE-p22 through 6.1-STABLE before 20060322 uses the getlogin function to determine the invoking user account, which might allow local users to configure OPIE access to the root account and possibly gain root privileges if a root shell is permitted by the configuration of the wheel group or sshd.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
freebsd freebsd 4.3
freebsd freebsd 4.4
freebsd freebsd 2.1.7.1
freebsd freebsd 2.2.1
freebsd freebsd 5.0
freebsd freebsd 1.1.5.1
freebsd freebsd 3.0
freebsd freebsd 2.1.6.1
freebsd freebsd 4.9
freebsd freebsd 4.11
freebsd freebsd 2.1
freebsd freebsd 5.2.1
freebsd freebsd 5.4
freebsd freebsd 3.2
freebsd freebsd 5.2
freebsd freebsd 3.5
freebsd freebsd 4.6
freebsd freebsd 4.7
freebsd freebsd 2.2.5
freebsd freebsd 5.1
freebsd freebsd 2.2
freebsd freebsd 4.10
freebsd freebsd 2.2.8
freebsd freebsd 2.2.4
freebsd freebsd 2.0
freebsd freebsd 2.1.6
freebsd freebsd 2.1.7
freebsd freebsd 4.2
freebsd freebsd 3.4
freebsd freebsd 2.2.3
freebsd freebsd 3.5.1
freebsd freebsd 3.3
freebsd freebsd 2.1.0
freebsd freebsd 5.3
freebsd freebsd 3.1
freebsd freebsd 2.1.5
freebsd freebsd 2.2.2
freebsd freebsd 4.0
freebsd freebsd 4.6.2
freebsd freebsd 4.8
freebsd freebsd 2.2.6
freebsd freebsd 6.0
freebsd freebsd 2.0.5
freebsd freebsd 2.2.7
freebsd freebsd 4.1.1
freebsd freebsd 4.1
freebsd freebsd 4.5
CVE-2006-2654 MEDIUM

Directory traversal vulnerability in smbfs smbfs on FreeBSD 4.10 up to 6.1 allows local users to escape chroot restrictions for an SMB-mounted filesystem via "..\\" sequences. NOTE: this is similar to CVE-2006-1864, but this is a different implementation of smbfs, so it has a different CVE identifier.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
freebsd freebsd 5.1
freebsd freebsd 5.0
freebsd freebsd 5.2.1
freebsd freebsd 5.4
freebsd freebsd 6.0
freebsd freebsd 5.2
freebsd freebsd 5.3
CVE-2006-2655 MEDIUM

The build process for ypserv in FreeBSD 5.3 up to 6.1 accidentally disables access restrictions when using the /var/yp/securenets file, which allows remote attackers to bypass intended access restrictions.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
freebsd freebsd 6.1
freebsd freebsd 5.4
freebsd freebsd 6.0
freebsd freebsd 5.3
CVE-2006-6165 HIGH

ld.so in FreeBSD, NetBSD, and possibly other BSD distributions does not remove certain harmful environment variables, which allows local users to gain privileges by passing certain environment variables to loading processes. NOTE: this issue has been disputed by a third party, stating that it is the responsibility of the application to properly sanitize the environment

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
freebsd freebsd 6.2
netbsd netbsd 2.0.4
CVE-2006-6397 MEDIUM

Integer overflow in banner/banner.c in FreeBSD, NetBSD, and OpenBSD might allow local users to modify memory via a long banner. NOTE: CVE and multiple third parties dispute this issue. Since banner is not setuid, an exploit would not cross privilege boundaries in normal operations. This issue is not a vulnerability

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
openbsd openbsd *
freebsd freebsd 6.2
netbsd netbsd 2.0.4
CVE-2007-3798 MEDIUM

Integer overflow in print-bgp.c in the BGP dissector in tcpdump 3.9.6 and earlier allows remote attackers to execute arbitrary code via crafted TLVs in a BGP packet, related to an unchecked return value.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-252,CWE-252,

Products Affected

Vendor Product Version
slackware slackware 10.0
freebsd freebsd *
tcpdump tcpdump *
freebsd freebsd 6.2
freebsd freebsd 6.1
slackware slackware 10.2
slackware slackware 9.1
slackware slackware 12.0
canonical ubuntu_linux 7.04
apple mac_os_x_server *
apple mac_os_x *
canonical ubuntu_linux 6.10
slackware slackware 10.1
slackware slackware 9.0
canonical ubuntu_linux 6.06
freebsd freebsd 5.5
slackware slackware 11.0
debian debian_linux 4.0
debian debian_linux 3.1
CVE-2008-2464 HIGH

The mld_input function in sys/netinet6/mld6.c in the kernel in NetBSD 4.0, FreeBSD, and KAME, when INET6 is enabled, allows remote attackers to cause a denial of service (divide-by-zero error and panic) via a malformed ICMPv6 Multicast Listener Discovery (MLD) query with a certain Maximum Response Delay value.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-189,

Products Affected

Vendor Product Version
freebsd freebsd *
netbsd netbsd 4.0
kame kame *
CVE-2008-4609 HIGH

The TCP implementation in (1) Linux, (2) platforms based on BSD Unix, (3) Microsoft Windows, (4) Cisco products, and probably other operating systems allows remote attackers to cause a denial of service (connection queue exhaustion) via multiple vectors that manipulate information in the TCP state table, as demonstrated by sockstress.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-16,NVD-CWE-noinfo,

Products Affected

Vendor Product Version
linux linux_kernel 2.6.13
cisco ios 12.2(11)ja
cisco ios 12.1(5)yi1
cisco ios 12.0(5)wc2b
cisco ios 12.0(15)sc
linux linux_kernel 2.6.16.47
netbsd netbsd 1.4.2
cisco ios 12.2(7b)
cisco ios 12.2yv
cisco ios 12.2(4)t6
cisco ios 12.4(7)
cisco ios 12.0(5)wc13
cisco ios 12.0(18)w5(22b)
cisco ios 12.0(15)s
cisco ios 12.1(5)xm4
cisco ios 12.1yd
cisco ios 12.2(2)xa
netbsd netbsd 3.0
linux linux_kernel 2.5.27
cisco ios 12.2(6.8)t1a
cisco ios 12.2yp
cisco ios 12.2ew
cisco ios 12.0(20)sp1
cisco ios 12.2zl
cisco ios 12.2(8)yw2
cisco ios 12.1cx
cisco ios 12.3(7)ja1
cisco ios 12.2(15)t16
cisco ios 12.0(19)s2
cisco ios 12.2(20)ew2
linux linux_kernel 2.4.20
cisco ios 12.1(5c)e12
linux linux_kernel 2.4.10
cisco ios 12.3(4)t2
cisco ios 12.0(5)t
linux linux_kernel 2.0.9.9
linux linux_kernel 2.6.5
cisco ios 12.2(25)seb4
cisco ios 12.2(12c)
cisco ios 12.2sea
cisco ios 11.2(15a)p
linux linux_kernel 2.6.16.20
cisco ios 12.3(14)t5
cisco ios 12.1(19)fc1
freebsd freebsd 3.5
linux linux_kernel 2.2.3
cisco ios 12.3xa
cisco ios 12.2sg
cisco ios 12.2t
openbsd openbsd 3.3
linux linux_kernel 2.6.16.12
cisco ios 11.1(7)
linux linux_kernel 2.5.49
cisco ios 11.1(24)
cisco ios 12.1(5)t15
cisco ios 12.2(18)sv
cisco ios 12.0(05)wc8
cisco ios 12.2(4)
bsd bsd 4.1
cisco ios 12.0(19)st2
cisco ios 12.3yd
cisco ios 12.0(18)st1
cisco ios 12.3yr
cisco ios 12.2ex
cisco ios 12.0(3)xe
cisco ios 12.0(2a)
cisco ios 12.0(4)xe1
cisco ios 12.2(1)xd4
cisco ios 11.2(11b)t2
cisco ios 12.0(3d)
linux linux_kernel 2.4.23
cisco ios 12.0(7)t2
cisco ios 12.2(14)sx1
linux linux_kernel 2.6.11.11
cisco ios 12.2(13)zd4
cisco ios 12.3(4)t
cisco ios 12.2(13)ze
cisco ios 12.1ew
netbsd netbsd 1.2
cisco ios 12.2(9.4)da
linux linux_kernel 2.0.6
cisco ios 12.2(14.5)t
cisco ios 12.1(2)t
cisco ios 12.1(5)da1
linux linux_kernel 2.6.16.11
linux linux_kernel 2.6.16.34
cisco ios 12.1(13)e12
cisco ios 12.2yy
cisco ios 12.4(2)mr1
linux linux_kernel 2.2.13
linux linux_kernel 2.3.50
linux linux_kernel 2.6.17.6
openbsd openbsd 3.4
cisco ios 12.1(8)aa1
cisco ios 12.3(2)xe3
cisco ios 12.1(3)db1
cisco ios 12.2(18)ew
cisco ios 12.3(14)yu1
linux linux_kernel 2.5.7
cisco ios 12.0(8.0.2)s
cisco ios 12.0(21)sx
cisco ios 12.2(2)b
cisco catalyst_blade_switch_3120x_firmware *
linux linux_kernel 2.6.2
cisco ios 12.1(14)e4
cisco ios 12.0(26)s6
cisco ios 12.0(17)st1
freebsd freebsd 2.1.6.1
cisco ios 11.1(22)
cisco ios 12.3(4)xk3
cisco ios 12.2(2)xc1
linux linux_kernel 2.5.10
cisco ios 12.2(4)mb12
cisco ios 12.1(19)e6
cisco ios 12.0(5a)e
linux linux_kernel 2.4.11
freebsd freebsd 2.2.4
cisco ios 12.0(8a)
cisco ios 12.2(4)mb3
freebsd freebsd 3.3
cisco ios 12.4(3b)
cisco ios 12.3(14)yt1
cisco ios 12.0(21)s1
linux linux_kernel 2.2.22
cisco ios 12.0(26)s2
cisco ios 11.1(14)
cisco ios 11.2f
linux linux_kernel 2.5.42
cisco ios 12.1(11b)e12
cisco ios 11.3(11c)
cisco ios 12.2(1)xs1
cisco ios 11.1(13)ia
linux linux_kernel 2.6.19.3
cisco ios 12.1xk
cisco ios 12.0(26)w5(28)
cisco ios 12.3(2)xc2
cisco ios 12.3(7)t9
cisco ios 12.1(1)db2
cisco ios 12.2xs
cisco ios 12.3(10d)
linux linux_kernel 2.5.55
cisco ios 12.2(13)zd3
netbsd netbsd 2.0.4
cisco ios 12.1(7a)ey3
linux linux_kernel 2.3.39
cisco ios 12.1az
linux linux_kernel 2.5.24
linux linux_kernel 2.6.14.3
cisco ios 12.1ay
cisco ios 12.1(8)ea
cisco ios 12.2sbc
cisco ios 12.4(8)
linux linux_kernel 2.5.14
cisco ios 12.0(30)s2
linux linux_kernel 2.3.18
cisco ios 12.1(8a)ex
cisco ios 11.1ca
cisco ios 12.3ya
cisco ios 12.0(5.2)xu
linux linux_kernel 2.0.9
openbsd openbsd 2.9
cisco ios 11.0(20.3)
cisco ios 12.3jk
cisco ios 12.2(13)zd
cisco ios 12.3(14)yt
cisco ios 12.1(6)ea2c
netbsd netbsd 1.4.3
linux linux_kernel 2.5.48
cisco ios 12.0(27)s1
linux linux_kernel 2.3.7
cisco ios 12.2zp
cisco ios 12.0(5)s
cisco ios 8.3
cisco ios 12.2(29a)
cisco ios 12.1ga
cisco ios 12.2(15)bc1f
cisco ios 12.2(10g)
cisco ios 12.3(5a)b5
cisco ios 11.1(13)aa
linux linux_kernel 2.5.32
freebsd freebsd 4.7
freebsd freebsd 5.1
freebsd freebsd 6.3
cisco ios 12.2(2)xh3
cisco ios 12.1(3b)
cisco ios 12.1(5)yi
linux linux_kernel 2.4.35
cisco ios 11.2(26)p2
cisco ios 12.0(8)
cisco ios 12.2(14)za2
cisco ios 12.2su
cisco ios 12.3(10c)
cisco ios 12.2(15)zo
openbsd openbsd 3.6
cisco ios 12.0xr
linux linux_kernel 2.6.23.5
cisco ios 12.2(20)ewa3
freebsd freebsd 4.4
linux linux_kernel 2.3.15
linux linux_kernel 2.6.16.2
cisco ios 12.2(1)xe2
freebsd freebsd 5.0
linux linux_kernel 2.3.16
linux linux_kernel 2.0.5
cisco ios 12.2(1b)
linux linux_kernel 2.6.23.1
cisco ios 12.3(11)xl
linux linux_kernel 2.2.19
cisco ios 12.2xf
linux linux_kernel 2.5.40
cisco ios 12.0(16)st1
linux linux_kernel 2.0.20
cisco ios 12.2(14)s
linux linux_kernel 2.3.5
netbsd netbsd 1.4
cisco ios 12.3(14)yq
cisco ios 12.2(18)sxd7
cisco ios 12.2xv
cisco ios 12.2yw
cisco ios 12.0(15)sl
cisco ios 12.1(8)
linux linux_kernel 2.5.57
cisco ios 12.1(22)ea4
openbsd openbsd 3.0
cisco ios 11.1(9)ia
cisco ios 12.1xc
linux linux_kernel 2.2.21
cisco ios 12.2(20)s2
cisco ios 12.3xw
cisco ios 12.1(12)e
cisco ios 12.1(5)xs
cisco ios 12.2yg
cisco ios 12.0(20.4)sp
cisco ios 12.1(8b)e8
cisco ios 12.2(24)sv1
linux linux_kernel 2.5.47
cisco ios 12.1(3a)t7
cisco ios 11.2(14)gs2
cisco ios 12.2(17a)
linux linux_kernel 2.6.16.38
linux linux_kernel 2.4.30
linux linux_kernel 2.6.20.9
cisco ios 12.0(21)s3
cisco ios 12.2(4)ya7
linux linux_kernel 2.0.11
cisco ios 11.1(13)
cisco ios 12.0(28)w5-32a
cisco ios 12.2(14.5)
cisco ios 12.2zk
cisco ios 12.1(4)dc2
linux linux_kernel 2.6.16.15
linux linux_kernel 2.6.23.4
linux linux_kernel 2.6.16.40
cisco ios 12.1xp
cisco ios 12.1xb
cisco ios 12.2(3.4)bp
cisco ios 12.2(5)
cisco ios 12.3bw
cisco ios 12.1(8b)e20
cisco ios 12.0(7)wx5(15a)
cisco ios 12.2(18)sxd6
netbsd netbsd 3.99.15
cisco ios 12.4xw
cisco ios 12.2
cisco ios 11.2wa4
cisco ios 12.0(30)s4
cisco ios 12.1(13)ew4
cisco ios 12.0(2)xc
cisco ios 12.2(25)seb3
linux linux_kernel 2.0.7
cisco ios 12.2(15)sl1
cisco ios 12.1(14)eb
linux linux_kernel 2.4.18
cisco ios 12.2(4)t1
cisco ios 12.3(14)t4
linux linux_kernel 2.4.33.5
cisco ios 12.2(4)t
cisco ios 12.4(2)t
freebsd freebsd 3.1
cisco ios 12.2ca
cisco ios 12.0(17)s
cisco ios 12.1(14)ea1
cisco ios 12.2zb
cisco ios 12.1(22)ea3
cisco ios 12.3(12e)
cisco ios 12.1(13)ea1c
cisco ios 12.0(11)st4
cisco ios 12.0(28)s3
linux linux_kernel 2.6.18.6
linux linux_kernel 2.6.19.4
cisco ios 12.0(5)wc11
cisco ios 12.0(24)s1
cisco ios 12.3(11)yk2
cisco ios 12.2(14)za
cisco ios 12.2(15)t8
cisco ios 12.2(15)mc2c
cisco ios 12.1(20)ew4
linux linux_kernel 2.0.24
cisco ios 12.0xs
cisco ios 12.1(8b)e9
cisco ios 12.0(1)st
cisco ios 12.0(14)w5(20)
linux linux_kernel 2.6.16.5
cisco ios 12.2(17d)sxb
cisco ios 12.2(8)bc1
cisco ios 12.0
cisco ios 12.1(10)ex
cisco ios 12.4xb
cisco ios 12.0(20)st6
cisco ios 12.0(30)s1
cisco ios 12.1(7b)
linux linux_kernel 2.4.35.2
openbsd openbsd 3.9
cisco ios 12.1(13)e1
cisco ios 12.2sec
cisco ios 12.2(4)ya11
cisco ios 12.2(25)sw4a
cisco ios 12.0(3.4)t
cisco ios 12.0(16)sc3
cisco ios 12.0(31)s1
linux linux_kernel 2.6.3
linux linux_kernel 2.6.20.6
cisco ios 12.0(9a)
cisco ios 12.1ye
cisco ios 10.3(4.2)
linux linux_kernel 2.0.33
linux linux_kernel 2.3.0
linux linux_kernel 2.6.20
linux linux_kernel 2.0.38
cisco ios 12.1(9)e3
cisco ios 12.2(22)sv1
cisco ios 12.4(3a)
linux linux_kernel 2.6.16.3
linux linux_kernel 2.5.69
linux linux_kernel 2.5.11
cisco ios 12.1(4a)
cisco ios 12.2(15)bz
cisco ios 12.1(2)xf5
cisco ios 12.2yj
cisco ios 11.2(8)sa3
linux linux_kernel 2.6.17.1
cisco ios 12.0(10)w5
linux linux_kernel 2.6.16.52
linux linux_kernel 2.6.17
linux linux_kernel 2.5.1
cisco ios 12.1(5)dc2
linux linux_kernel 2.6.12.22
linux linux_kernel 2.6.14.5
cisco ios 12.4(2)mr
cisco ios 12.1xt
cisco ios 12.2(12.05)t
freebsd freebsd 2.0.1
cisco ios 12.1(1a)t1
cisco ios 12.3(4)xg2
cisco ios 12.2(15)t17
cisco ios 12.1(10)e
freebsd freebsd 2.2.1
linux linux_kernel 2.6.18.0
cisco ios 12.2(12i)
cisco ios 12.0(19)sp
cisco ios 12.2(16.5)s
freebsd freebsd 3.0
linux linux_kernel 2.6.17.10
cisco ios 12.0(5)wc3b
linux linux_kernel 2.6.15.5
cisco ios 12.0(21)st6
cisco ios 12.2(15)zk
cisco ios 12.0(18)s5a
bsdi bsd_os 2.0
freebsd freebsd 2.1
cisco ios 12.4(3d)
cisco ios 12.2(4)xw1
cisco ios 12.2ewa
cisco ios 12.4sw
linux linux_kernel 2.0.19
cisco ios 12.0(5.1)xp
cisco ios 12.2(4)bc1
linux linux_kernel 2.5.54
cisco ios 12.3jeb
linux linux_kernel 2.6.16.41
cisco ios 12.2(18)sw
bsd bsd 4.2
linux linux_kernel 2.6.15.11
cisco ios 12.2yb
cisco ios 12.2(4)xl4
cisco ios 12.0(5)t1
freebsd freebsd 2.1.7.1
cisco ios 12.0xb
cisco ios 11.2(8.2)sa6
cisco ios 12.3yi
linux linux_kernel 2.5.52
cisco ios 11.2(10)
cisco ios 12.3xg
cisco ios 12.0(20)sp
cisco ios 12.1(3a)e8
cisco ios 12.2(6c)
cisco ios 12.3(8)yf
linux linux_kernel 2.6.12.3
cisco ios 4.1.2
cisco ios 12.1(3a)e7
cisco ios 12.2(4)b4
cisco ios 12.2sh
microsoft windows_server_2003 -
cisco ios 12.3(9a)bc2
cisco ios 12.3yh
netbsd netbsd 1.3
cisco ios 11.1cc
linux linux_kernel 2.1
freebsd freebsd 2.1.6
cisco ios 12.2(15)jk5
linux linux_kernel 2.6.16.24
cisco ios 12.0xq
cisco ios 11.2bc
cisco ios 12.1xa
cisco ios 12.3t
cisco ios 12.0(21a)
linux linux_kernel 2.6.9
cisco ios 12.0db
linux linux_kernel 2.5.15
linux linux_kernel 2.5.37
cisco ios 12.0(27)sv
cisco ios 12.1(4)
cisco ios 11.3na
linux linux_kernel 2.5.64
cisco ios 12.3
cisco ios 12.2(2)xb11
linux linux_kernel 2.6.0
cisco ios 12.2(20)eu1
cisco ios 12.2mx
linux linux_kernel 2.0.3
linux linux_kernel 2.5.19
cisco ios 12.2(17)
cisco ios 12.0(27)s
cisco ios 12.0(1)s
cisco ios 12.0(19)s
cisco ios 12.2zf
cisco ios 12.1db
linux linux_kernel 2.6.17.5
cisco ios 12.2(15)zl
cisco ios 12.1xz
linux linux_kernel 2.4.33.4
cisco ios 12.0(16)s
cisco ios 12.2(18)s8
linux linux_kernel 2.6.12
cisco ios 12.1(5)yd6
cisco ios 12.2(16)b1
cisco ios 12.1(20)e3
freebsd freebsd -
cisco ios 12.2(17d)sx
cisco ios 12.2(25)ey
cisco ios 12.2(15)ys_1.2(1)
linux linux_kernel 2.6.22.4
cisco ios 12.0(5)xn1
cisco ios 12.1(4)xz7
cisco ios 12.0(16.06)s
cisco ios 12.4(4)t
cisco ios 12.1(5)xv
cisco ios 12.1(19)ew3
cisco ios 12.3(8)ya1
cisco ios 12.2sa
cisco ios 12.2(15.1)s
cisco ios 12.3(2)xc1
cisco ios 12.3(10e)
cisco ios 12.1(13)e3
cisco ios 12.0(10)s3b
linux linux_kernel 1.2.0
linux linux_kernel 2.5.68
cisco ios 12.3xd
cisco ios 10.3(19a)
cisco ios 12.1xj
cisco ios 12.1xw
linux linux_kernel 2.6.17.8
cisco ios 12.1(6)ey
cisco ios 12.1ey
linux linux_kernel 2.5.34
cisco ios 11.2(8.9)sa6
linux linux_kernel 2.5.46
cisco ios 12.0(20)st2
cisco ios 12.2(4)mx
netbsd netbsd 3.0.1
netbsd netbsd 1.3.2
openbsd openbsd 2.5
linux linux_kernel 2.3.40
linux linux_kernel 2.6.21.1
cisco ios 12.2(27)sv1
linux linux_kernel 2.6.24
cisco ios 12.1(8b)ex4
cisco ios 12.2(1)xd1
cisco ios 12.0(14a)
cisco ios 12.2(20)ew3
cisco ios 12.2(23a)
cisco ios 12.2(18.2)
cisco ios 11.3(2)xa
cisco ios 12.1(6)ez2
cisco ios 12.2(4)ya8
cisco ios 12.0(10a)
cisco ios 12.2(13)zh3
cisco ios 12.3(2)xc4
cisco ios 12.4(2)t1
linux linux_kernel 2.5.51
cisco ios 12.0(5)
linux linux_kernel 2.0.21
cisco ios 12.2(25)sec2
cisco ios 12.3(2)ja5
cisco ios 11.0(22a)
cisco ios 12.2(2)yc
cisco ios 12.2yh
cisco ios 12.2(13)zj
linux linux_kernel 2.6.12.12
linux linux_kernel 2.5.6
cisco ios 12.1(19)ec
cisco ios 12.2zd
cisco ios 12.1(3)xi
cisco ios 12.3xn
cisco ios 12.2xh
cisco ios 12.2ym
bsdi bsd_os 4.0
cisco ios 12.0(20)w5(22b)
cisco ios 12.2(4)t3
cisco ios 12.2bx
cisco ios 12.3ye
cisco ios 12.0(26)w5(28a)
linux linux_kernel 2.4.17
cisco ios 12.2xi
linux linux_kernel 2.3.31
linux linux_kernel 2.5.26
cisco ios 12.1(23)e1
cisco ios 12.3(9a)bc
cisco ios 12.3(11)ys
linux linux_kernel 2.3.99
cisco ios 12.1(11)ec
cisco ios 12.2(1)dx
linux linux_kernel 2.4.2
cisco ios 12.2yk
cisco ios 12.2(14)su2
linux linux_kernel 2.6.21
cisco ios 11.2(16)
cisco ios 12.3yj
cisco ios 12.2(13)t9
cisco ios 12.2(1)xh
cisco ios 12.2zn
linux linux_kernel 2.6.16.32
cisco ios 12.0(5)xe
linux linux_kernel 2.5.39
linux linux_kernel 2.4.25
cisco ios 12.2fx
linux linux_kernel 2.6.16.35
cisco ios 12.2(18)sxe3
cisco ios 12.1(5)xg5
cisco ios 12.2fy
cisco ios 12.1(5)xm7
cisco ios 12.3(11)xl3
linux linux_kernel 2.4.7
linux linux_kernel 2.3.4
linux linux_kernel 2.5.67
linux linux_kernel 2.6.8
cisco ios 12.4(4)mr
cisco ios 12.3(2)t8
cisco ios 12.0(28d)
cisco ios 11.2p
cisco ios 12.2xu
cisco ios 12.3(2)xe4
cisco ios 12.2bw
cisco ios 12.1(20)eo
openbsd openbsd 3.7
linux linux_kernel 2.6.20.5
cisco ios 12.1(7)da2
linux linux_kernel 2.6.15.7
linux linux_kernel 2.6.7
cisco ios 12.2yf
linux linux_kernel 2.3.42
linux linux_kernel 2.5.23
cisco ios 12.0(28)s5
cisco ios 12.2(11)t2
cisco ios 12.2(2)xt
cisco ios 12.3(5a)
cisco ios 12.0w5
cisco ios 12.0(7)xk
cisco ios 12.3yg
linux linux_kernel 2.5.2
cisco ios 12.3(7)ja
cisco ios 12.0(10)s7
bsdi bsd_os 3.2
cisco ios 11.1(28a)ct
linux linux_kernel 2.5.22
linux linux_kernel 2.0.39
cisco ios 11.2(8)sa5
cisco ios 12.3(11)yr
cisco ios 12.2(18)ewa
linux linux_kernel 2.0.36
cisco ios 12.1(4)dc
cisco ios 12.3tpc
linux linux_kernel 2.5.29
cisco ios 12.3(13a)bc
cisco ios 12.0(5)wc3
dragonflybsd dragonflybsd 1.1
cisco ios 12.2tpc
cisco ios 12.1(4)db2
cisco ios 12.1gb
freebsd freebsd 4.1
cisco ios 12.1(8b)e16
linux linux_kernel 2.3.23
linux linux_kernel 2.6.21.2
linux linux_kernel 2.6.18.4
linux linux_kernel 2.6.12.4
cisco ios 12.2(3d)
cisco ios 12.0(16)s10
linux linux_kernel 2.6.16.25
linux linux_kernel 2.6.13.2
cisco ios 12.2xt
cisco ios 12.3(13a)
cisco ios 12.2(10)da2
cisco ios 12.2(11)t9
cisco ios 12.2f
cisco ios 12.0(25)w5(27c)
linux linux_kernel 2.5.17
cisco ios 12.2(15)t15
cisco ios 12.4(6)t1
cisco ios 12.4xf
cisco ios 12.2(2)xj
linux linux_kernel 2.6.16.36
cisco ios 12.3xq
linux linux_kernel 2.0.15
cisco ios 12.2(8)yd
cisco ios 12.2(20)s7
cisco ios 12.1(5)xm
linux linux_kernel 2.4.19
cisco ios 12.0(14)st3
linux linux_kernel 2.5.20
cisco ios 12.3(5b)
linux linux_kernel 2.6.16.1
netbsd netbsd 1.5
cisco ios 12.2(20)ewa2
cisco ios 11.1(20)aa4
cisco ios 12.0(5)wc9
linux linux_kernel 2.3.47
bsdi bsd_os 3.1
linux linux_kernel 2.4.34.2
cisco ios 12.2(20)s4
cisco ios 12.2(4)xl
freebsd freebsd 0.4_1
cisco ios 12.0(24)s2
cisco ios 12.0(8.3)sc
cisco ios 12.0(3.3)s
linux linux_kernel 2.5.16
cisco ios 12.2(18)sxd1
cisco ios 12.0xl
cisco ios 12.2(8)tpc10a
cisco ios 12.2(8)t
cisco ios 12.2(2)xb15
cisco ios 12.2(15)cx
cisco ios 12.1(3)xt
cisco ios 12.2(13.03)b
cisco ios 12.1(11b)e
cisco ios 12.0(19)st
cisco ios 12.2(18)sxd4
cisco ios 12.2(23f)
freebsd freebsd 1.5
cisco ios 12.2(2)xr
cisco ios 12.2zo
cisco ios 12.4(4)t2
cisco ios 12.2(2)xh
cisco ios 12.3(12b)
linux linux_kernel 2.3.10
cisco ios 12.4(2)t2
cisco ios 12.0(4)xm
cisco ios 12.2(2)xa1
linux linux_kernel 2.5.8
cisco ios 11.3
linux linux_kernel 2.6.16.23
cisco ios 12.0(5)xn
bsd bsd 4.4
cisco ios 12.2(28)
cisco ios 11.2wa3
linux linux_kernel 2.0.1
linux linux_kernel 2.6.8.1.5
linux linux_kernel 2.0.10
linux linux_kernel 2.6.22.3
cisco ios 12.2xj
linux linux_kernel 2.6.15.4
linux linux_kernel 2.6.21.4
cisco ios 12.1(13)e7
cisco ios 12.3(12)
linux linux_kernel 2.2.17
cisco ios 12.2(2)xn
cisco ios 12.0(20)st7
cisco ios 12.2(14)sy
cisco ios 12.1(10)ey
freebsd freebsd 4.8
cisco ios 12.2(13)t16
cisco ios 12.0(19)s2a
cisco ios 12.0(28)w5-30b
freebsd freebsd 4.1.1
cisco ios 12.1(12)
linux linux_kernel 2.0.22
linux linux_kernel 2.2.12
linux linux_kernel 2.5.50
cisco ios 12.1(12c)e7
linux linux_kernel 2.6.17.12
trustedbsd trustedbsd -
linux linux_kernel 2.2.25
linux linux_kernel 2.6.22.5
linux linux_kernel 2.6.18.5
cisco ios 12.2(15)zj1
cisco ios 12.2(21)
cisco ios 12.3(2)t3
cisco ios 12.1(3)dc2
netbsd netbsd 2.1.1
cisco ios 12.0(21)s6
cisco ios 11.1(16)
cisco ios 11.1(15)
cisco ios 12.2(11)yp1
cisco ios 12.2(25)ey2
cisco ios 12.2by
cisco ios 12.1(9)ea
cisco ios 12.2zq
cisco ios 12.3(5f)
cisco ios 12.0(2)xd
bsdi bsd_os 4.2
cisco ios 12.0(1)
cisco ios 12.4xn
cisco ios 12.0(7)s1
linux linux_kernel 2.6.20.14
cisco ios 12.1(5)yh
cisco ios 12.2(14)sz1
cisco ios 11.2(19)gs0.2
cisco ios 12.1xd
cisco ios 12.0(9)s
cisco ios 12.2(8)t10
cisco ios 12.1(20)
cisco ios 12.3(11)
linux linux_kernel 2.3.49
linux linux_kernel 2.5.65
cisco ios 12.0(22)s4
cisco ios 12.0xw
linux linux_kernel 2.5.9
cisco ios 12.2(15)t
cisco ios 12.0(18)s
linux linux_kernel 2.2.11
cisco ios 12.0(5)xs
cisco ios 12.2(1)xq
cisco ios 12.1(6.5)
cisco ios 12.3(9a)bc6
cisco ios 12.2(25)ex
linux linux_kernel 2.0.29
cisco ios 12.4(5b)
cisco ios 9.0
cisco ios 12.3(11)yj
cisco ios 11.1(17)
freebsd freebsd 4.2
linux linux_kernel 2.0.14
cisco ios 12.2so
cisco ios 12.1(10)
linux linux_kernel 2.0.28
cisco ios 12.2(8)zb7
cisco ios 12.2xg
linux linux_kernel 2.4.15
cisco ios 12.3yk
linux linux_kernel -
cisco ios 12.3(14)ym4
cisco ios 12.2(15)mc1
linux linux_kernel 2.6.23.3
linux linux_kernel 2.3.17
cisco ios 11.1(15)ca
cisco ios 12.0(21)st
cisco ios 12.1xv
cisco ios 12.2(15)t5
linux linux_kernel 2.6.22.1
cisco ios 12.1(12c)ev01
cisco ios 11.2(4)xaf
cisco ios 11.3(11b)t2
cisco ios 12.2zi
cisco ios 12.1(8a)e
cisco ios 12.1(10)e4
cisco ios 12.0(17)sl2
cisco ios 12.1xf
cisco ios 11.0(17)bt
linux linux_kernel 2.6.17.2
cisco ios 12.1(22)ea4a
cisco ios 12.2(18)ew5
cisco ios 12.4
cisco ios 12.3(4)t8
cisco ios 12.0(26)s
cisco ios 12.2(14)sz
netbsd netbsd 1.2.1
linux linux_kernel 2.5.13
cisco ios 12.1yc
freebsd freebsd 5.4
freebsd freebsd 5.5
linux linux_kernel 2.6.18.3
cisco ios 12.2(11)yz2
cisco ios 12.0(21)sl
cisco ios 12.2(22)ea6
cisco ios 12.0(23)s5
cisco ios 12.1(6)ea2a
cisco ios 12.2(17f)
linux linux_kernel 2.3.11
cisco ios 12.2xm
midnightbsd midnightbsd -
cisco ios 12.2sxa
cisco ios 12.3yw
cisco ios 12.2(15)zj3
cisco ios 12.3xv
cisco ios 12.2(1)xd3
linux linux_kernel 2.3.36
cisco ios 12.1(6)
cisco ios 11.2(26b)
bsdi bsd_os 4.0.1
cisco ios 12.0xn
cisco ios 12.1aa
oracle solaris 10
cisco ios 12.3(15b)
linux linux_kernel 2.6.16.22
cisco ios 12.2(25)ewa3
cisco ios 11.0(22b)
cisco ios 12.3(7.7)
bsdi bsd_os 2.1
cisco ios 12.2yx
cisco ios 12.0(17)sl
cisco ios -
linux linux_kernel 2.6.22.16
linux linux_kernel 2.4.21
linux linux_kernel 2.6.11.5
linux linux_kernel 2.4.14
cisco ios 12.3(13)
cisco ios 12.1(6.5)ec3
cisco ios 12.2(12.02)t
linux linux_kernel 2.3.21
cisco ios 10.3(4.3)
cisco ios 12.1(10.5)ec
linux linux_kernel 2.6.16.8
linux linux_kernel 2.6.14.7
cisco ios 12.0(23)s3
cisco ios 12.2(16f)
cisco ios 12.1(9a)
freebsd freebsd 6.2
cisco ios 12.3xf
cisco ios 12.1(5)xv3
netbsd netbsd 1.3.1
cisco ios 12.1(20)ec2
cisco ios 12.0(19)
cisco ios 12.3(6)
cisco ios 12.1(7a)e6
cisco ios 12.2(17d)sxb7
bsdi bsd_os 3.0
cisco ios 12.2(11)t
cisco ios 12.4md
cisco ios 12.1(13)
netbsd netbsd 1.5.3
cisco ios 12.0(19)s4
linux linux_kernel 2.6.11.12
cisco ios 12.1(22)e3
cisco ios 12.2xn
cisco ios 12.3(2)jk1
cisco ios 12.2(25)s4
cisco ios 11.1aa
cisco ios 12.1(14)
cisco ios 12.2(13)zh8
linux linux_kernel 2.3.8
cisco ios 12.2mb
cisco ios 12.1(1c)
linux linux_kernel 2.2.24
linux linux_kernel 2.6.16.16
linux linux_kernel 2.6.21.3
cisco ios 12.2sxf
cisco ios 12.0(5)xk2
cisco ios 12.2(12.02)s
cisco ios 12.2(2)xb4
cisco ios 12.3(16)
netbsd netbsd 2.1
cisco ios 11.2(8)
linux linux_kernel 2.6.20.15
linux linux_kernel 2.5.41
cisco ios 12.0(9)s8
cisco ios 12.0(23)sz
cisco ios 12.1(5)yb5
cisco ios 12.3(11)yw
linux linux_kernel 2.3.14
cisco ios 12.0(7)xf
cisco ios 12.2(4)ya9
cisco ios 12.2(4)yb
cisco ios 12.2(7a)
cisco ios 12.0(7)db2
cisco ios 12.3(3e)
cisco ios 12.2(12.05)s
cisco ios 12.1(8)ea2b
cisco ios 12.0(7)xe2
cisco ios 12.2(7)
cisco ios 9.14
cisco ios 11.3aa
cisco ios 12.0(20)sx
cisco ios 12.2(25)sv2
cisco ios 12.3(11)yl
cisco ios 12.2(8)yy3
cisco ios 12.2(13)zf
cisco ios 12.2(18)ew3
cisco ios 12.0(15)s7
cisco ios 12.1(11b)
cisco ios 12.3(7)jx
cisco ios 11.1(5)
cisco ios 12.1(22)ea6
cisco ios 12.3(11)yf4
cisco ios 12.0(18)sl
linux linux_kernel 2.6.23.14
linux linux_kernel 2.5.38
cisco ios 12.4(2)xb2
cisco ios 12.2(13)zc
cisco ios 12.2(20)ewa
freebsd freebsd 2.2.2
cisco ios 12.2(8)ja
cisco ios 12.0(17)s7
cisco ios 12.2(2)xb3
linux linux_kernel 2.0.27
cisco ios 12.2(26b)
cisco ios 12.1(11)e
cisco ios 12.2(18)sxf
cisco ios 12.2xr
cisco ios 11.0(12)
cisco ios 12.2(12.05)
cisco ios 12.2sxd
linux linux_kernel 2.6.11.1
linux linux_kernel 2.0.16
cisco ios 12.2(15)jk2
cisco ios 12.0(23)s4
cisco ios 12.1(8)ea1b
cisco ios 12.1xm
linux linux_kernel 2.6.16.45
cisco ios 12.2(1)xe3
linux linux_kernel 2.6.17.14
cisco ios 12.0(15)s6
cisco ios 12.0xu
cisco ios 12.1(2)xf4
cisco ios 12.2(19)b
cisco ios 12.0(23)s2
linux linux_kernel 2.4.34.1
linux linux_kernel 2.5.43
cisco ios 12.3(9)
linux linux_kernel 2.4.22
cisco ios 12.1xi
cisco ios 12.2n
linux linux_kernel 2.0.32
cisco ios 12.2(13)t14
linux linux_kernel 2.2.10
freebsd freebsd 5.3
linux linux_kernel 2.3.6
cisco ios 12.3(14)t2
cisco ios 12.1(22)e1
cisco ios 12.2(11)yu
cisco ios 12.2(25)ewa1
openbsd openbsd 2.6
linux linux_kernel 2.2.14
linux linux_kernel 2.5.18
cisco ios 12.2(15)mc2e
netbsd netbsd 2.0.2
dragonflybsd dragonflybsd 1.2
linux linux_kernel 2.6.15.3
cisco ios 12.1(14.5)
cisco ios 12.2yn
freebsd freebsd 1.1.5.1
cisco ios 12.2xb
cisco ios 12.2(18)ew2
linux linux_kernel 2.6.1
linux linux_kernel 2.6.16.26
cisco ios 12.3(2)xa5
linux linux_kernel 2.6.16.7
linux linux_kernel 2.6.16
linux linux_kernel 2.6.16.37
cisco ios 12.3yl
linux linux_kernel 2.6.16.50
cisco ios 12.0(4)s
cisco ios 12.1yj
dragonflybsd dragonflybsd 1.10.1
cisco ios 12.1(6)ea1a
linux linux_kernel 2.5.61
cisco ios 12.1xq
cisco ios 12.2(16.1)b
cisco ios 12.1xl
cisco ios 12.0(5)xk
openbsd openbsd 2.2
cisco ios 12.0xe
cisco ios 12.1(8b)e15
cisco ios 12.0(5)t2
cisco ios 12.0(2)xe
cisco ios 12.0(26)
cisco ios 11.2sa
cisco ios 12.0xt
cisco ios 12.2pb
cisco ios 11.1(24c)
cisco ios 12.2(11)t8
openbsd openbsd 4.2
cisco ios 12.0st
cisco ios 12.1(14)e9
linux linux_kernel 2.5.31
cisco ios 12.0xc
cisco ios 11.0(x)
cisco ios 11.2(11)
cisco ios 12.3(11)ys1
cisco ios 12.2(13)zh
linux linux_kernel 2.5.25
cisco ios 11.3(7)db1
cisco ios 12.3yz
cisco ios 12.0(28c)
cisco ios 12.0(19a)
linux linux_kernel 2.6.22.6
cisco ios 12.1(8b)e14
cisco ios 12.0(23)s6
linux linux_kernel 2.3.30
linux linux_kernel 2.5.3
linux linux_kernel 2.4.1
cisco ios 12.0(5)wx
cisco ios 12.0(1)xa3
cisco ios 12.1(13)ex2
cisco ios 12.2(13)zg
cisco ios 12.2e
cisco ios 12.0(22)sy
cisco ios 12.2(2)by2
cisco ios 12.0(19)sl4
linux linux_kernel 1.3.0
cisco ios 12.1(4)ea1e
cisco ios 12.3(8)yg3
linux linux_kernel 2.6.18.2
cisco ios 12.2sxb
linux linux_kernel 2.6.16.48
linux linux_kernel 2.0.4
cisco ios 12.0(17)st8
linux linux_kernel 2.2.23
cisco ios 12.1(3)xq
cisco ios 11.1(7)ca
cisco ios 12.0xi
netbsd netbsd 2.0
cisco ios 12.1(5)t
cisco ios 12.1ev
cisco ios 12.2yd
linux linux_kernel 2.2.15
linux linux_kernel 2.6.18.7
cisco ios 12.2(1.1)
cisco ios 12.1(1)t
cisco ios 12.0(24.2)s
cisco ios 12.2(12)
cisco ios 12.1(12b)
linux linux_kernel 2.4.31
cisco ios 12.2(2)t
cisco ios 12.3(6a)
cisco ios 11.2gs
cisco ios 12.4(7a)
linux linux_kernel 2.6.16.4
cisco ios 12.1(20)ew
linux linux_kernel 2.3.9
linux linux_kernel 2.1.89
cisco ios 12.3xi
cisco ios 12.3(9e)
linux linux_kernel 2.4.13
cisco ios 12.0(17)
cisco ios 12.3(4)t1
cisco ios 11.3(1)
linux linux_kernel 2.0.2
linux linux_kernel 2.5.58
linux linux_kernel 2.6.16.30
linux linux_kernel 2.6.16.51
cisco ios 12.2(2)xf
cisco ios 12.2(15)t9
cisco ios 12.2(1)s
cisco ios 12.2(14)sz2
cisco ios 12.2(2)xi
linux linux_kernel 2.3.1
cisco ios 12.0(12)
cisco ios 12.1(5)yc
cisco ios 12.2(15)bc2i
cisco ios 12.0sl
cisco ios 12.2xz
cisco ios 12.0(5)wc2
cisco ios 12.2(25)sw
cisco ios 12.2b
cisco ios 12.2(12h)
cisco ios 12.3(14)yq4
cisco ios 12.3yc
cisco ios 12.4xk
cisco ios 12.0(14)s8
cisco ios 12.1xe
cisco catalyst_blade_switch_3020_firmware *
cisco ios 12.2(4)mb13c
cisco ios 12.0(7)xv
cisco ios 12.1(2b)
linux linux_kernel 2.5.36
cisco ios 12.1(5)xu1
cisco ios 12.1(7a)ey
cisco ios 12.0xg
cisco ios 12.3(4)xg1
linux linux_kernel 2.4.32
linux linux_kernel 2.3.28
cisco ios 12.2(25)sec1
cisco ios 12.3yt
linux linux_kernel 2.3.34
cisco ios 12.2(15)zj
cisco ios 12.3(4)eo1
cisco ios 12.0(8)s1
cisco ios 12.1s
linux linux_kernel 2.6.11.2
oracle solaris 8
bsdi bsd_os 4.1
cisco ios 12.1(6)e8
cisco ios 12.2(22)s
linux linux_kernel 2.2.20
cisco ios 12.2da
cisco ios 12.1(11b)e14
cisco ios 11.2(23a)bc1
cisco ios 11.1(15)aa
cisco ios 12.1ax
cisco ios 12.3(8)ja1
cisco ios 11.1(36)ca2
cisco ios 12.2(25)s
linux linux_kernel 2.2.7
cisco ios 12.1(5)xy6
cisco ios 12.1ya
cisco ios 12.1(5a)e
cisco ios 12.1(8)e
linux linux_kernel 2.0
cisco ios 12.3(6f)
cisco ios 11.2(15)g
cisco ios 12.0s
cisco ios 12.1(5)yb
cisco ios 12.2(23)
linux linux_kernel 2.2.9
cisco ios 12.2(15)b
linux linux_kernel 2.2.16
cisco ios 12.0wx
linux linux_kernel 2.0.23
cisco ios 11.3(8)t1
cisco ios 12.1(18)
linux linux_kernel 2.6.19.2
cisco ios 12.2(13)t1
cisco ios 12.3(8)t7
cisco ios 12.1(10)ec
linux linux_kernel 2.6.16.6
cisco ios 12.0xf
cisco ios 12.2xl
cisco ios 12.0(5)wc9a
openbsd openbsd 2.1
cisco ios 11.2(4)f1
cisco ios 11.1(36)cc2
cisco ios 12.1da
cisco ios 12.1(20)ew1
cisco ios 12.0wt
linux linux_kernel 2.6.12.2
cisco ios 12.2(2)xh2
cisco ios 12.2yc
linux linux_kernel 2.5.30
cisco ios 12.1xu
cisco ios 11.2(8)sa1
cisco ios 12.1(10)aa
cisco ios 12.1(4)e3
linux linux_kernel 2.0.31
freebsd freebsd 2.0.5
cisco ios 12.3(8)t4
cisco ios 12.0xp
cisco ios 12.0(11)s6
cisco ios 12.4(2)t3
cisco ios 12.2(15)jk4
linux linux_kernel 2.6.17.11
cisco ios 12.0(25)s1
cisco ios 11.2(26e)
cisco ios 12.1(5e)
cisco ios 12.2sxe
cisco ios 12.4xv
cisco ios 12.2(17b)sxa
linux linux_kernel 2.3.51
cisco ios 12.4t
freebsd freebsd 4.11
cisco ios 12.2(18)sxd5
cisco ios 12.3xh
linux linux_kernel 2.4.16
cisco ios 11.1(17)ct
cisco ios 12.2(17d)
cisco ios 12.3(11)t4
cisco ios 12.2(1b)da1
cisco ios 11.1(36)ca4
linux linux_kernel 2.4.33.3
linux linux_kernel 2.6.20.8
cisco ios 11.3(11)b
cisco ios 12.2seb
freebsd freebsd 3.4
cisco ios 12.2(2)xa5
linux linux_kernel 2.6.20.10
cisco ios 12.1xs
cisco ios 12.0(1)w
freebsd freebsd 4.0
cisco ios 12.1(26)e3
cisco ios 8.2
cisco ios 11.1(16)ia
cisco ios 12.1(5)db1
cisco ios 12.1(12c)ec
cisco ios 12.3xc
cisco ios 10.3(16)
cisco ios 12.1(20)eo3
freebsd freebsd 6.1
cisco ios 12.1(13)ew
cisco ios 11.1(7)aa
cisco ios 12.2(24)
linux linux_kernel 2.6.18
cisco ios 12.0(5)yb4
cisco ios 12.4xm
linux linux_kernel 2.6.11.10
cisco ios 12.0(11a)
cisco ios 12.4ja
linux linux_kernel 2.5.5
cisco ios 12.0sy
cisco ios 12.1(3a)xi8
openbsd openbsd -
cisco ios 12.0(5)wc
cisco ios 12.1(4)db
cisco ios 12.1(5)yc2
freebsd freebsd 2.2.8
cisco ios 12.1(27b)
cisco ios 12.0(12)s3
netbsd netbsd -
cisco ios 12.2(25)sw3a
cisco ios 12.0(12a)
cisco ios 12.2(18)s
cisco ios 12.1(19)e1
linux linux_kernel 2.6.11
cisco ios 12.1(12a)
cisco ios 12.3yb
cisco ios 12.3(5c)
cisco ios 12.0(23)sx
linux linux_kernel 2.3.37
cisco ios 12.1(2)e1
linux linux_kernel 2.6.16.33
cisco ios 11.3(1)ed
bsd bsd -
cisco ios 12.2(14)s15
cisco ios 12.1(7)
cisco ios 12.1(5)xr2
cisco ios 12.3(6e)
netbsd netbsd 3.0.2
cisco ios 12.1(5)dc
cisco ios 12.1yh
cisco ios 12.2(2)xb
cisco ios 12.3(11)t6
cisco ios 12.0(19)sl
cisco ios 12.1(16)
cisco ios 12.2xe
cisco ios 11.1(13)ca
cisco ios 12.2(2)dd3
linux linux_kernel 2.6.19
linux linux_kernel 2.4.29
cisco ios 12.1dc
cisco ios 12.2(4)b3
linux linux_kernel 2.5.4
microsoft windows_2000 -
cisco ios 11.3(11d)
freebsd freebsd 2.1.0
cisco ios 12.1(9)aa
cisco ios 12.1(8c)
cisco ios 12.3(3h)
freebsd freebsd 1.1.5
cisco ios 4.1.1
cisco ios 12.2pi
linux linux_kernel 2.6.11.6
linux linux_kernel 2.6.16.27
cisco ios 12.3(4)xq
microsoft windows_server_2008 -
cisco ios 12.2x
cisco ios 11.3da
linux linux_kernel 2.3.26
cisco ios 11.1(15)ia
cisco ios 11.2(16)p
cisco ios 12.0(31)s
cisco ios 12.2(2)by
cisco ios 12.3(13a)bc1
cisco ios 12.0(2)xf
linux linux_kernel 2.2.27
cisco ios 12.3(8)xy6
linux linux_kernel 2.3.33
linux linux_kernel 2.4.34
linux linux_kernel 2.6.16.14
cisco ios 12.2dx
cisco ios 12.1(20)e
cisco ios 12.0(21)s4a
cisco ios 12.2(21a)
linux linux_kernel 2.3.25
cisco ios 12.1(22)
cisco ios 12.2(25)seb
linux linux_kernel 2.6.11.7
cisco ios 11.1(12)
openbsd openbsd 3.2
cisco ios 12.2(1)xs
cisco ios 12.2(2)xb14
cisco ios 12.0(22)s5
cisco ios 12.2(10)da4
freebsd freebsd 7.1
cisco ios 12.1(20)ec
linux linux_kernel 2.6.15.2
freebsd freebsd 2.2.6
cisco ios 12.0(22)s
openbsd openbsd 3.8
cisco ios 12.0(18b)
cisco ios 12.1
cisco ios 12.1(20)ew2
cisco ios 12.2(1d)
cisco ios 12.3(11)t5
cisco ios 12.0wc
cisco ios 12.2ze
cisco ios 11.2(15b)
linux linux_kernel 2.6.20.1
cisco ios 12.1(12c)
cisco ios 12.0(1)xb
cisco ios 12.0(5)wc5a
cisco ios 12.0(13)wt6(1)
cisco ios 11
linux linux_kernel 2.2.1
cisco ios 12.2(2)xg
cisco ios 11.3xa
cisco ios 12.1(1)ex
linux linux_kernel 2.6.15
cisco ios 12.3(15)
linux linux_kernel 2.0.18
cisco ios 12.2(18)sxe
cisco ios 12.2(25)fy
cisco ios 11.1ct
linux linux_kernel 2.6.13.5
cisco ios 12.2(15)cz3
cisco ios 12.2(4)mb13b
cisco ios 12.0(1)xe
linux linux_kernel 2.6.13.1
cisco ios 12.2(9)s
cisco ios 12.0(25)w5(27)
linux linux_kernel 2.6.16.21
cisco ios 12.3(5a)b2
cisco ios 12.0(28)w5(31a)
linux linux_kernel 2.6.16.44
cisco ios 12.0(25.4)s1
linux linux_kernel 2.5.62
linux linux_kernel 2.6.20.7
cisco ios 12.2dd
cisco ios 12.3(5)
cisco ios 12.2(1)
cisco ios 12.3(14)yq3
linux linux_kernel 2.4.33.2
cisco ios 12.1(19)e
cisco ios 12.1(22)eb
cisco ios 12.1(27)
cisco ios 12.0(20)sl
cisco ios 12.2(20)eu2
cisco ios 12.2cz
cisco ios 12.2(25)ez1
cisco ios 12.2xw
cisco ios 12.0(27)sv2
cisco ios 12.2yu
cisco ios 12.3xy
cisco ios 12.1(13)e13
cisco ios 12.3(11)yk1
cisco ios 12.2yr
cisco ios 12.4(9)t
cisco ios 12.4(1)
cisco ios 12.2za
cisco ios 12.0t
cisco ios 12.0(17)sl6
cisco ios 12.2(15)zj2
cisco ios 12.2(1.4)s
cisco ios 12.2(15)zn
freebsd freebsd 1.1
linux linux_kernel 2.6.17.7
cisco ios 12.3(9a)bc7
cisco ios 12.0(17)sl9
cisco ios 12.2(26)sv
cisco ios 12.1yf
cisco ios 11.0.12(a)bt
cisco ios 11.1
cisco ios 12.2(6.8)t0a
netbsd netbsd 3.1
netbsd netbsd 4.0
cisco ios 12.3(8)yh
cisco ios 12.3jx
cisco ios 12.2(28c)
linux linux_kernel 2.6.16.49
cisco ios 12.2(13a)
cisco ios 10.3(3.4)
cisco ios 12.3(1a)
cisco ios 12.3(8)xy5
cisco ios 12.0(6b)
oracle solaris 9
cisco ios 12.2zm
linux linux_kernel 2.6.20.12
cisco ios 12.3(6d)
cisco ios 12.3(10)
cisco ios 12.0(26)s1
cisco ios 12.1(5c)ex
cisco ios 12.1ea
linux linux_kernel 2.5.63
cisco ios 12.1(1)
linux linux_kernel 2.6.16.17
cisco ios 12.2(18)so4
cisco ios 12.2s
cisco ios 12.2(26)sv1
cisco ios 12.3yu
linux linux_kernel 2.6.15.6
cisco ios 12.0(9)
cisco ios 12.0(16)s8
freebsd freebsd 4.6
linux linux_kernel 2.6.14
cisco ios 12.1(7)cx
cisco ios 12.3(8)yg1
cisco ios 12.0(4)xe
cisco ios 12.1(6)e12
cisco ios 12.0da
linux linux_kernel 2.3.24
cisco ios 12.1x(l)
linux linux_kernel 2.3.22
cisco ios 12.1(11)
cisco ios 12.1(6)ea2
netbsd netbsd 1.6.1
cisco ios 12.3yn
cisco ios 12.3(11)t8
cisco ios 12.2(25)sg
cisco ios 11.3wa4
cisco ios 12.0(7)xk3
linux linux_kernel 2.6.18.8
cisco ios 12.1(13)e9
linux linux_kernel 2.6.16.18
cisco ios 12.0xd
cisco ios 12.2(25)s1
cisco ios 12.3(4)t4
cisco ios 12.3(8)yi3
freebsd freebsd 4.9
linux linux_kernel 2.3.2
cisco ios 12.1(10)ec1
cisco ios 12.2bz
linux linux_kernel 2.6.22.7
cisco ios 12.1(20)e1
netbsd netbsd 1.0
cisco ios 12.0(6)
cisco ios 12.2(15)xr2
linux linux_kernel 2.0.12
cisco ios 12.2(23)sv1
cisco ios 12.2(11)yv
cisco ios 12.0(3.2)
linux linux_kernel 2.6.16.31
cisco ios 12.1(13)e17
cisco ios 12.3(4)tpc11a
freebsd freebsd 4.6.1
cisco ios 12.3(4)xq1
cisco ios 12.1(20)ec1
cisco ios 12.2eu
cisco ios 12.2(23.6)
cisco ios 12.3j
cisco ios 11.3db
cisco ios 12.3(2)ja
cisco ios 12.3(8)t9
linux linux_kernel 2.4.4
linux linux_kernel 2.6.20.13
cisco ios 12.1(20)eo1
cisco ios 12.2yl
cisco ios 12.2(2)xt3
linux linux_kernel 2.2.2
linux linux_kernel 2.6.23.7
cisco ios 12.2(18)s10
linux linux_kernel 2.3.32
cisco ios 12.2(25)sw4
cisco ios 12.3yf
cisco ios 11.3ma
cisco ios 12.0xv
cisco ios 12.1(9)ex
cisco ios 12.2(6.8a)
cisco ios 12.0(14)s7
cisco ios 12.1yi
cisco ios 12.2(13)ja1
cisco ios 12.2(17d)sxb10
cisco ios 12.0(16)st
cisco ios 12.1(20)ea1
netbsd netbsd 1.6.2
cisco ios 12.2(15)t7
cisco ios 12.0(12)s4
cisco ios 12.3xr
cisco ios 12.2(14)sy1
cisco ios 12.3xk
cisco ios 12.4xe
cisco ios 12.2zj
cisco ios 12.2(14)za8
cisco ios 12.2jk
cisco ios 12.2xc
linux linux_kernel 2.5.21
cisco ios 12.2ez
cisco ios 11.2(17)
cisco ios 12.3(2)jk
cisco ios 12.1(10a)
openbsd openbsd 2.4
cisco ios 11.1(24a)
cisco ios 12.1(3)t
cisco ios 12.3(4)ja
linux linux_kernel 2.6.16.39
cisco ios 12.1ex
cisco ios 12.2(25)s6
linux linux_kernel 2.3.29
cisco ios 12.3ys
cisco ios 12.0(2)xg
cisco ios 12.0(21)s7
cisco ios 12.2(15)zl1
linux linux_kernel 2.3.46
cisco ios 11.2(26)p5
linux linux_kernel 2.3.45
openbsd openbsd 2.7
microsoft windows_xp -
cisco ios 12.2(7)da
cisco ios 12.2(20)eu
cisco ios 12.2(4)ya
netbsd netbsd 1.1
linux linux_kernel 2.5.45
cisco ios 12.0(28)
cisco ios 12.3(3i)
freebsd freebsd 1.0
cisco ios 12.2(25)se
cisco ios 12.2zg
cisco catalyst_blade_switch_3120_firmware *
cisco ios 12.2ys
cisco ios 12.3(11)yf3
cisco ios 12.0(10)w5(18g)
freebsd freebsd 6.0
cisco ios 11.2(19a)gs6
linux linux_kernel 2.0.37
cisco ios 12.3(7)t4
cisco ios 12.3(7)xr4
linux linux_kernel 2.6.23.9
cisco ios 11.3(11b)
cisco ios 10.3(3.3)
cisco ios 12.1(8a)ew
netbsd netbsd 2.0.3
cisco ios 12.3(11)t9
linux linux_kernel 2.0.34
cisco ios 12.1(19)ew
cisco ios 12.2(4)ya1
cisco ios 12.2(2)t1
cisco ios 12.1(1)db
linux linux_kernel 2.5.53
cisco ios 12.1(5)xv5
cisco ios 12.4(5)
cisco ios 12.4(6)t
cisco ios 12.3xj
cisco ios 12.1(26)eb1
cisco ios 12.0(3)
cisco ios 12.2(4)ja
cisco ios 12.2cy
dragonflybsd dragonflybsd 1.0
linux linux_kernel 2.5.28
cisco ios 12.3(7)xi4
cisco ios 12.0ev
cisco ios 12.1(6)ea2b
linux linux_kernel 2.3.48
netbsd netbsd 1.4.1
freebsd freebsd 3.5.1
cisco ios 12.2(11)bc3c
linux linux_kernel 2.6.23
cisco ios 12.1(8a)ew1
cisco ios 12.2(2)t4
linux linux_kernel 2.3.35
cisco ios 12.2sy
freebsd freebsd 2.2.7
cisco ios 12.4(3)t2
cisco ios 12.1(5)ya2
cisco ios 12.0(15a)
cisco ios 12.1xh
cisco ios 12.2(2)xj1
linux linux_kernel 2.4.24
cisco ios 12.2(4)xr
cisco ios 12.0(21)s5a
cisco ios 12.2(20)se3
cisco ios 12.2(18)s9
cisco ios 12.2zc
cisco ios 12.1e
cisco ios 12.2(4)bx
cisco ios 12.1(3)xt3
cisco ios 12.1(6)ez1
cisco ios 12.1(19)
freebsd freebsd 2.2.5
cisco ios 11.1(17)cc
cisco ios 11.1(16)aa
dragonflybsd dragonflybsd -
cisco ios 12.0(16)sc
cisco ios 12.1(1.3)t
netbsd netbsd 1.6
openbsd openbsd 2.0
cisco ios 12.2(5d)
cisco ios 12.1(2)xf
linux linux_kernel 2.6.11.3
linux linux_kernel 2.6.17.3
cisco ios 12.1(14)e10
cisco ios 12.2(16)bx
cisco ios 12.3(8)xu2
cisco ios 12.1(4)xz
cisco ios 12.2(20)ew
cisco ios 11.2(9)p
freebsd freebsd 4.3
cisco ios 12.4(2)xb
cisco ios 12.3(4)xd
cisco ios 12.4(3)
linux linux_kernel 2.6.10
cisco ios 11.0(17)
linux linux_kernel 2.6.8.1
cisco ios 12.2(25)sed
cisco ios 12.1(7)da3
cisco ios 11.3(8)db2
cisco ios 12.3ja
cisco ios 11.1(28a)ia
linux linux_kernel 2.0.25
netbsd netbsd 1.5.1
cisco ios 12.0xa
linux linux_kernel 2.6.16.43
linux linux_kernel 2.3.20
cisco ios 12.2mc
cisco ios 12.1(5)yf2
cisco ios 12.1(23)e4
cisco ios 12.0(7.4)s
cisco ios 12.1(5)ey
linux linux_kernel 2.3.12
cisco ios 12.4(1b)
cisco ios 11.0
cisco ios 12.4xg
cisco ios 11.2(8)p
cisco ios 12.1eb
cisco ios 12.2(14)s13
netbsd netbsd 1.3.3
cisco ios 12.3(8)yd
linux linux_kernel 2.6.11.4
openbsd openbsd 3.1
cisco ios 12.1(26)e1
linux linux_kernel 2.3.44
cisco ios 12.2(20)s9
openbsd openbsd 4.0
cisco ios 12.0(2)
cisco ios 12.4xp
cisco ios 12.0(17)s4
cisco ios 12.1(5)xs2
cisco ios 12.0(15)s3
cisco ios 12.2(25)ez
cisco ios 12.2(20)s1
cisco ios 12.2(17)a
linux linux_kernel 2.6.16.13
cisco ios 11.2(4)
freebsd freebsd 2.2
cisco ios 12.2(15)bc
bsdi bsd_os 1.1
cisco ios 12.2(14)s14
cisco ios 12.4xa
cisco ios 12.3xs
cisco ios 12.2(23)sw
cisco ios 11.1(36)cc4
cisco ios 12.2(12)da3
cisco ios 12.2(13e)
freebsd freebsd 4.5
cisco ios 12.0(25)w5-27d
cisco ios 12.2yz
cisco ios 12.3(7)xr6
cisco ios 10.3
cisco ios 12.3(4)xh
cisco ios 12.2(24)sv
cisco ios 12.2ya
cisco ios 12.0(14)
cisco ios 12.2(17a)sxa
cisco ios 12.3(7)t10
cisco ios 11.1(24b)
cisco ios 12.0(21)st7
cisco ios 12.2(13)
cisco ios 12.1(18.4)
cisco ios 12.3xx
linux linux_kernel 2.6.16.29
cisco ios 12.2cx
cisco ios 12.3(11)yf
cisco ios 12.2(11)ja1
linux linux_kernel 2.2.18
freebsd freebsd 5.2
linux linux_kernel 2.6.17.13
cisco ios 12.1(8b)e18
linux linux_kernel 2.1.132
cisco ios 12.1(3a)
cisco ios 12.2(12)da9
linux linux_kernel 2.6.14.6
cisco ios 12.3yx
cisco ios 12.0(4)
cisco ios 12.0(7)xk2
cisco ios 12.1(13)ea1
cisco ios 12.3xe
linux linux_kernel 2.6.16.46
cisco ios 12.2xk
cisco ios 12.0sp
cisco ios 12.2(27)sbc
cisco ios 12.1(4.3)t
microsoft windows_vista -
cisco ios 12.0(7)xf1
cisco ios 12.3(5e)
cisco ios 12.0(3)t2
cisco ios 12.2sw
cisco ios 12.1(1)dc
cisco ios 12.2(31)
cisco ios 12.1sec
cisco ios 12.0(16)s8a
cisco ios 12.2(2)xi1
cisco ios 12.2sv
cisco ios 12.3jec
linux linux_kernel 2.4.9
cisco ios 12.1(13.4)e
cisco ios 12.2(2)xu
linux linux_kernel 2.6.15.1
cisco ios 12.3(5)b1
bsdi bsd_os -
cisco ios 12.2yt
cisco ios 12.1(9)
openbsd openbsd 3.5
linux linux_kernel 2.6.12.1
linux linux_kernel 2.5.35
cisco ios 12.1(5)t9
cisco ios 12.0(7)t3
cisco ios 12.2zh
cisco ios 12.0(5)xu
cisco ios 12.0(13)w5(19c)
cisco ios 12.3(7)xi7
cisco ios 12.2(10.5)s
linux linux_kernel 2.5.56
cisco ios 11.2(4)f
linux linux_kernel 2.6.23.2
cisco ios 12.1(20)e5
cisco ios 12.4xc
linux linux_kernel 2.6.16.19
cisco ios 11.3ha
cisco ios 12.2(18)sv3
cisco ios 12.2(27b)
cisco ios 12.3(2)xc3
cisco ios 12.3(11)yf2
freebsd freebsd 5.2.1
cisco ios 12.3(5a)b
cisco ios 12.3(9d)
cisco ios 12.2(25)fx
linux linux_kernel 2.3.41
cisco ios 12.2yo
cisco ios 12.2jx
cisco ios 12.1(5c)
linux linux_kernel 2.5.60
linux linux_kernel 2.3.38
cisco ios 12.2(22)s2
cisco ios 12.3jea
cisco ios 12.3(7)t8
linux linux_kernel 2.0.35
linux linux_kernel 2.4.6
cisco ios 12.1(5)yd2
openbsd openbsd 4.1
cisco ios 12.0(13)s6
cisco ios 12.2(3)
linux linux_kernel 2.4.3
linux linux_kernel 2.6.6
cisco ios 12.0xh
cisco ios 12.3xl
cisco ios 12.2(15)ys
cisco ios 12.2(19)
cisco ios 12.2(12g)
cisco ios 12.3(14)yu
linux linux_kernel 2.4.5
cisco ios 12.3xz
linux linux_kernel 2.2.6
cisco ios 12.0(7)xe
cisco ios 12.1(5)t12
linux linux_kernel 2.3.13
cisco ios 12.1(9)ex3
cisco ios 12.2(1.1)pi
cisco ios 12.3(4)xg5
cisco ios 12.1(5)yf4
cisco ios 12.2(5)ca1
cisco ios 12.3(7)t
cisco ios 12.0(7a)
cisco ios 12.2(20)s8
linux linux_kernel 2.4.8
linux linux_kernel 2.3.43
cisco ios 11.2(4)xa
cisco ios 12.1(11)ea1
cisco ios 12.1(1)e5
linux linux_kernel 2.6.11.8
cisco ios 12.2(12)da8
cisco ios 12.1ec
cisco ios 12.3ym
cisco ios 12.1(20)ea1a
cisco ios 12.1(4)xm4
cisco ios 12.1(11.5)e
cisco ios 12.2(12m)
cisco ios 12.2(25)ewa
cisco ios 12.3(4)t3
linux linux_kernel 2.6.13.3
cisco ios 11.2xa
cisco ios 12.1(6a)
cisco ios 12.2(4)mx1
freebsd freebsd 1.2
cisco ios 12.2(2)xu2
cisco ios 12.2(4)xm2
cisco ios 12.0(10)
cisco ios 12.0(18)s5
cisco ios 11.1ia
cisco ios 12.0(10)s8
cisco ios 12.2(15)bc1
cisco ios 12.4xl
cisco ios 12.3(4)ja1
cisco ios 12.2(15)bx
linux linux_kernel 2.6.20.3
cisco ios 12.2(12b)
cisco ios 12.3(8)xy4
cisco ios 12.0(17a)
cisco ios 12.3xt
openbsd openbsd 4.3
cisco ios 12.2(13)zl
linux linux_kernel 2.6.18.1
cisco ios 12.3(2)xa4
cisco ios 12.3(4)xe4
cisco ios 12.0(7)t
cisco ios 12.1(4)db1
cisco ios 12.2(11)yx1
cisco ios 12.4(2)xa
cisco ios 12.0(16a)
cisco ios 12.2(4)b2
cisco ios 12.2sx
cisco ios 12.2(7c)
cisco ios 12.3(8)yg2
cisco ios 12.2(4)ya10
linux linux_kernel 2.6.19.1
cisco ios 12.2(4)ja1
cisco ios 12.1(3)
cisco ios 12.3b
cisco ios 12.1(12c)ew4
linux linux_kernel 2.4.27
cisco ios 12.1(15)bc1
cisco ios 12.3(7)xi3
cisco ios 12.2(11)t3
cisco ios 12.2(7.4)s
linux linux_kernel 2.2.4
cisco ios 12.1(5)ya
freebsd freebsd 4.10
cisco ios 12.1(9)e
linux linux_kernel 2.6.16.28
freebsd freebsd 2.0
cisco ios 12.2ey
cisco ios 12.2(15)bc2f
cisco ios 12.3(7)xr3
cisco ios 12.1(5)yf
linux linux_kernel 2.6.20.11
linux linux_kernel 2.6.20.4
cisco ios 12.1(6)ea1
cisco ios 12.2(4)xm
linux linux_kernel 2.6.14.4
cisco ios 12.2(15)xr
linux linux_kernel 2.5.33
linux linux_kernel 2.4.33
linux linux_kernel 2.6.17.9
cisco ios 12.2(2)xk2
cisco ios 12.3(11)t
cisco ios 12.1(5)xv4
cisco ios 12.2(13)zk
cisco ios 12.1xy
cisco ios 12.0(18)s7
cisco ios 12.2yq
linux linux_kernel 2.3.3
cisco ios 12.3(14)t
cisco ios 12.0(5.3)wc1
cisco ios 12.3(11)yk
cisco ios 11.3(1)t
cisco ios 12.3(13b)
cisco ios 12.2(2)xk
cisco ios 12.3xu
freebsd freebsd 2.2.3
cisco ios 12.2(8)yy
bsdi bsd_os 2.0.1
cisco ios 12.2(13)t
linux linux_kernel 2.6.14.2
cisco ios 11.1(11)
cisco ios 11.2(26a)
cisco ios 12.1m
cisco ios 12.3(4)xd2
cisco ios 12.2(2.2)t
cisco ios 12.0(10)w5(18f)
cisco ios 12.2(8)yw3
cisco ios 12.2(30)s1
cisco ios 12.3(4)xg4
cisco ios 12.0(7)sc
linux linux_kernel 2.2.5
cisco ios 12.3(4)xk
cisco ios 12.2(16)b
openbsd openbsd 2.8
cisco ios 12.4xj
cisco ios 12.2(25)ewa4
cisco ios 12.3(4)xk1
linux linux_kernel 2.5.59
cisco ios 12.2(4)b1
cisco ios 12.4mr
linux linux_kernel 2.0.17
cisco ios 12.4(2)t4
cisco ios 12.2(2)bx
cisco ios 12.1(7)ec
cisco ios 12.0(24)s5
cisco ios 12.3(8)t11
linux linux_kernel 2.2.8
cisco ios 12.0(4)t
cisco ios 12.1(3)xp4
cisco ios 12.3yq
linux linux_kernel 2.6.23.6
cisco ios 12.3xm
freebsd freebsd 2.1.7
cisco ios 10.0
cisco ios 12.2(1)t
linux linux_kernel 2.6.20.2
linux linux_kernel 2.6.12.5
cisco ios 12.0(14)st
freebsd freebsd 4.6.2
cisco ios 11.3t
cisco ios 12.0(27)sv1
cisco ios 12.4xd
linux linux_kernel 2.6.13.4
cisco ios 9.1
linux linux_kernel 2.4.0
linux linux_kernel 2.6.16.53
cisco ios 12.3(8)ja
cisco ios 12.0xk
cisco ios 12.2xd
cisco ios 12.2(18)s6
cisco ios 12.2(20)s
cisco ios 12.2(4)xw
cisco ios 12.0(3.6)w5(9.0.5)
cisco ios 12.1(1)dc2
linux linux_kernel 2.2.0
cisco ios 12.0dc
cisco ios 12.0(19)st6
cisco ios 12.1yb
cisco ios 12.3(8)yi
cisco ios 12.2(1)xa
cisco ios 12.2(17)zd3
cisco ios 12.0(20a)
cisco ios 12.2(15)bc2h
cisco ios 12.1eo
freebsd freebsd 2.1.5
linux linux_kernel 2.6.12.6
cisco ios 12.3bc
cisco ios 12.0(24)s4
cisco ios 12.0(5.4)wc1
cisco ios 12.0(13a)
linux linux_kernel 2.0.13
linux linux_kernel 2.5.0
cisco ios 11.2(10)bc
cisco ios 12.2(1)xe
cisco ios 12.0(13)s8
cisco ios 12.1(14)e1
cisco ios 12.3(8)yg
freebsd freebsd 7.0
linux linux_kernel 2.2.26
cisco ios 12.3(4)xk4
cisco ios 12.2(18)sxe1
cisco ios 12.2ja
cisco ios 12.2se
cisco ios 11.2
cisco ios 11.2(9)xa
cisco ios 12.2(13)mc1
cisco ios 12.4(1c)
cisco ios 12.0(2b)
cisco ios 12.0sx
cisco ios 12.2(21b)
linux linux_kernel 2.4.12
cisco ios 11.1(18)
cisco ios 12.2(4)bc1a
cisco ios 12.2(25)ey3
netbsd netbsd 1.5.2
cisco ios 12.1(5)yd
linux linux_kernel 2.6.11.9
linux linux_kernel 2.5.66
cisco ios 12.2xq
cisco ios 12.0(16)w5(21)
cisco ios 12.0(24)s6
linux linux_kernel 2.4.28
cisco ios 12.3xb
cisco ios 12.3(8)t8
linux linux_kernel 2.5.12
linux linux_kernel 2.6.4
cisco ios 12.2(18)se
cisco ios 12.2(14)sy03
bsd bsd 4.3
cisco ios 12.1(22)ea5a
cisco ios 12.0(4)xm1
cisco ios 12.1t
cisco ios 12.1xg
linux linux_kernel 2.0.8
cisco ios 12.1(3)xp
cisco ios 12.1(5)yh3
cisco ios 12.0sv
cisco ios 12.1ez
cisco ios 12.1(13)ay
cisco ios 12.2(25)s3
netbsd netbsd 2.0.1
cisco ios 12.1(19.3)e
cisco ios 12.3(14)yq1
openbsd openbsd 2.3
cisco ios 12.0xj
cisco ios 12.2(25)seb2
linux linux_kernel 2.3.19
linux linux_kernel 2.6.16.10
cisco ios 12.2(4)b
cisco ios 12.3(8)yi1
cisco ios 12.1(20)e2
cisco ios 12.0(27)
linux linux_kernel 2.5.44
cisco ios 12.0sc
linux linux_kernel 2.3.27
cisco ios 12.0sz
linux linux_kernel 2.6.14.1
cisco ios 12.1(3a)t4
linux linux_kernel 2.0.26
cisco ios 12.1(11a)
cisco ios 12.2(2)xi2
cisco ios 12.0(7)dc1
cisco ios 12.2(1)xd
cisco ios 12.2sz
linux linux_kernel 2.0.30
cisco ios 12.1xx
cisco ios 12.1eu
cisco ios 12.3(11)yn
cisco ios 4.1
cisco ios 12.0xm
cisco ios 12.2xa
cisco ios 12.2ye
cisco ios 12.2bc
freebsd freebsd 3.2
cisco ios 12.3(7)t12
linux linux_kernel 2.4.26
cisco ios 12.4xt
cisco ios 12.2(17d)sxb8
cisco ios 12.1(5)yc1
cisco ios 12.3(4)xd1
linux linux_kernel 2.6.17.4
cisco ios 12.1(5)yb4
cisco ios 12.0(17)st5
linux linux_kernel 2.6.22
cisco ios 11.0(18)
cisco ios 12.1xr
cisco ios 12.0(21)s
cisco ios 11.2(18)
linux linux_kernel 2.6.16.9
CVE-2008-5162 MEDIUM

The arc4random function in the kernel in FreeBSD 6.3 through 7.1 does not have a proper entropy source for a short time period immediately after boot, which makes it easier for attackers to predict the function's return values and conduct certain attacks against the GEOM framework and various network protocols, related to the Yarrow random number generator.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.0 HIGH CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H 1.0 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-330,

Products Affected

Vendor Product Version
freebsd freebsd 6.3
freebsd freebsd *
freebsd freebsd 7.1
freebsd freebsd 7.0
CVE-2010-1938 HIGH

Off-by-one error in the __opiereadrec function in readrec.c in libopie in OPIE 2.4.1-test1 and earlier, as used on FreeBSD 6.4 through 8.1-PRERELEASE and other platforms, allows remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code via a long username, as demonstrated by a long USER command to the FreeBSD 8.0 ftpd.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-189,

Products Affected

Vendor Product Version
freebsd freebsd 8.1-prerelease
nrl opie 2.2
freebsd freebsd 6.4
nrl opie 2.4
nrl opie 2.10
freebsd freebsd 7.2
nrl opie 2.21
freebsd freebsd 7.0
nrl opie *
nrl opie 2.32
freebsd freebsd 7.0-release
nrl opie 2.22
freebsd freebsd 7.1
nrl opie 2.3
freebsd freebsd 8.0
freebsd freebsd 7.0_beta4
nrl opie 2.11
freebsd freebsd 6
freebsd freebsd 7.0_releng
CVE-2010-2020 MEDIUM

sys/nfsclient/nfs_vfsops.c in the NFS client in the kernel in FreeBSD 7.2 through 8.1-PRERELEASE, when vfs.usermount is enabled, does not validate the length of a certain fhsize parameter, which allows local users to gain privileges via a crafted mount request.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-20,

Products Affected

Vendor Product Version
freebsd freebsd 8.1-prerelease
freebsd freebsd 7.2
freebsd freebsd 8.0
CVE-2010-2022 LOW

jail.c in jail in FreeBSD 8.0 and 8.1-PRERELEASE, when the "-l -U root" options are omitted, does not properly restrict access to the current working directory, which might allow local users to read, modify, or create arbitrary files via standard filesystem operations.

CVSS 2.0

Severity: LOW

Problem Type: CWE-264,

Products Affected

Vendor Product Version
freebsd freebsd 8.1-prerelease
freebsd freebsd 8.0
CVE-2010-2530 MEDIUM

Multiple integer signedness errors in smb_subr.c in the netsmb module in the kernel in NetBSD 5.0.2 and earlier, FreeBSD, and Apple Mac OS X allow local users to cause a denial of service (panic) via a negative size value in a /dev/nsmb ioctl operation, as demonstrated by a (1) SMBIOC_LOOKUP or (2) SMBIOC_OPENSESSION ioctl call.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-189,

Products Affected

Vendor Product Version
netbsd netbsd 3.99.15
netbsd netbsd 0.9
netbsd netbsd 2.0.2
netbsd netbsd 1.3.3
netbsd netbsd 1.2.1
netbsd netbsd 2.0.3
netbsd netbsd 1.4.3
netbsd netbsd 1.4.2
apple mac_os_x *
netbsd netbsd 1.3.1
netbsd netbsd 2.0.4
netbsd netbsd 2.1.1
netbsd netbsd 3.0.2
netbsd netbsd *
netbsd netbsd 0.8
netbsd netbsd 1.0
netbsd netbsd 3.0
netbsd netbsd 2.1
netbsd netbsd 5.0
netbsd netbsd 5.0.1
netbsd netbsd 2.0
netbsd netbsd 1.1
netbsd netbsd 1.2
netbsd netbsd 1.5.1
freebsd freebsd *
netbsd netbsd 1.6.2
netbsd netbsd 1.3
netbsd netbsd 3.1
netbsd netbsd 4.0
netbsd netbsd 1.4
netbsd netbsd 1.6
netbsd netbsd 1.5.3
netbsd netbsd 1.4.1
netbsd netbsd 2.0.1
netbsd netbsd 4.0.1
netbsd netbsd 1.5.2
netbsd netbsd 3.0.1
netbsd netbsd 1.3.2
netbsd netbsd 1.6.1
netbsd netbsd 1.5
CVE-2010-2693 HIGH

FreeBSD 7.1 through 8.1-PRERELEASE does not copy the read-only flag when creating a duplicate mbuf buffer reference, which allows local users to cause a denial of service (system file corruption) and gain privileges via the sendfile system call.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-264,

Products Affected

Vendor Product Version
freebsd freebsd 7.1
freebsd freebsd 7.3
freebsd freebsd 8.1
freebsd freebsd 7.2
freebsd freebsd 8.0
CVE-2010-3014 LOW

The Coda filesystem kernel module, as used in NetBSD and FreeBSD, when Coda is loaded and Venus is running with /coda mounted, allows local users to read sensitive heap memory via a large out_size value in a ViceIoctl struct to a Coda ioctl, which triggers a buffer over-read.

CVSS 2.0

Severity: LOW

Problem Type: CWE-200,

Products Affected

Vendor Product Version
freebsd freebsd *
netbsd netbsd *
CVE-2010-4210 HIGH

The pfs_getextattr function in FreeBSD 7.x before 7.3-RELEASE and 8.x before 8.0-RC1 unlocks a mutex that was not previously locked, which allows local users to cause a denial of service (kernel panic), overwrite arbitrary memory locations, and possibly execute arbitrary code via vectors related to opening a file on a file system that uses pseudofs.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-667,

Products Affected

Vendor Product Version
freebsd freebsd *
freebsd freebsd 8.0
CVE-2010-4666 HIGH

Buffer overflow in libarchive 3.0 pre-release code allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted CAB file, which is not properly handled during the reading of Huffman code data within LZX compressed data.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-119,

Products Affected

Vendor Product Version
freebsd libarchive 3.0
CVE-2010-4754 MEDIUM

The glob implementation in libc in FreeBSD 7.3 and 8.1, NetBSD 5.0.2, and OpenBSD 4.7, and Libsystem in Apple Mac OS X before 10.6.8, allows remote authenticated users to cause a denial of service (CPU and memory consumption) via crafted glob expressions that do not match any pathnames, as demonstrated by glob expressions in STAT commands to an FTP daemon, a different vulnerability than CVE-2010-2632.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-399,

Products Affected

Vendor Product Version
openbsd openbsd 4.7
netbsd netbsd 5.0.2
freebsd freebsd 7.3
freebsd freebsd 8.1
apple mac_os_x *
CVE-2010-4755 MEDIUM

The (1) remote_glob function in sftp-glob.c and the (2) process_put function in sftp.c in OpenSSH 5.8 and earlier, as used in FreeBSD 7.3 and 8.1, NetBSD 5.0.2, OpenBSD 4.7, and other products, allow remote authenticated users to cause a denial of service (CPU and memory consumption) via crafted glob expressions that do not match any pathnames, as demonstrated by glob expressions in SSH_FXP_STAT requests to an sftp daemon, a different vulnerability than CVE-2010-2632.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-399,

Products Affected

Vendor Product Version
freebsd freebsd 7.3
openbsd openssh 2.9
openbsd openssh 3.2.3p1
openbsd openssh 3.0.1p1
openbsd openssh 3.0p1
openbsd openssh 4.3p2
openbsd openssh 4.4p1
openbsd openssh 4.6
openbsd openssh 5.7
openbsd openssh 4.3
openbsd openssh 1.5.8
openbsd openssh 4.0
openbsd openssh 4.1p1
openbsd openssh 2.9.9
openbsd openssh 3.3p1
openbsd openssh 3.5p1
openbsd openssh 3.8.1p1
openbsd openssh 4.5
openbsd openssh 3.0.1
openbsd openssh 3.0.2
openbsd openssh 3.9
openbsd openssh 3.9.1
openbsd openssh 2.1.1
openbsd openssh 5.3
openbsd openssh 3.1
openbsd openssh 3.2.2p1
openbsd openssh 3.2
openbsd openssh 5.5
freebsd freebsd 8.1
openbsd openssh 3.7
openbsd openssh 4.2p1
openbsd openssh 1.3
openbsd openssh 5.1
openbsd openssh 3.0.2p1
openbsd openbsd 4.7
openbsd openssh 3.7.1p1
openbsd openssh 3.2.2
openbsd openssh 4.3p1
openbsd openssh 4.7
openbsd openssh 1.2.27
openbsd openssh 2.3
openbsd openssh 1.2.1
openbsd openssh 3.5
openbsd openssh 3.9.1p1
openbsd openssh 1.2.3
openbsd openssh 2.2
openbsd openssh 4.1
openbsd openssh 3.7.1
openbsd openssh 4.9
openbsd openssh 3.0
openbsd openssh 2.5.1
openbsd openssh 5.4
openbsd openssh 3.4p1
openbsd openssh 2.5
openbsd openssh 2.9p1
openbsd openssh 1.2
openbsd openssh 3.1p1
openbsd openssh 3.6
openbsd openssh 3.3
openbsd openssh 5.2
openbsd openssh 3.7.1p2
openbsd openssh 4.0p1
openbsd openssh 3.4
openbsd openssh 5.6
openbsd openssh 1.5.7
openbsd openssh 2.9.9p2
openbsd openssh 4.4
openbsd openssh 3.6.1
openbsd openssh 2.1
openbsd openssh 2.3.1
openbsd openssh *
openbsd openssh 4.2
openbsd openssh 1.2.2
openbsd openssh 4.8
netbsd netbsd 5.0.2
openbsd openssh 2.9p2
openbsd openssh 4.7p1
openbsd openssh 5.0
openbsd openssh 3.6.1p2
openbsd openssh 3.8
openbsd openssh 3.8.1
openbsd openssh 3.6.1p1
openbsd openssh 2.5.2
openbsd openssh 1.5
CVE-2011-0419 MEDIUM

Stack consumption vulnerability in the fnmatch implementation in apr_fnmatch.c in the Apache Portable Runtime (APR) library before 1.4.3 and the Apache HTTP Server before 2.2.18, and in fnmatch.c in libc in NetBSD 5.1, OpenBSD 4.8, FreeBSD, Apple Mac OS X 10.6, Oracle Solaris 10, and Android, allows context-dependent attackers to cause a denial of service (CPU and memory consumption) via *? sequences in the first argument, as demonstrated by attacks against mod_autoindex in httpd.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-770,

Products Affected

Vendor Product Version
netbsd netbsd 5.1
debian debian_linux 5.0
freebsd freebsd *
openbsd openbsd 4.8
suse linux_enterprise_server 10
apache portable_runtime *
apache http_server *
oracle solaris 10
google android *
apple mac_os_x 10.6.0
debian debian_linux 6.0
debian debian_linux 7.0
CVE-2011-1073 LOW

crontab.c in crontab in FreeBSD and Apple Mac OS X allows local users to (1) determine the existence of arbitrary files via a symlink attack on a /tmp/crontab.XXXXXXXXXX temporary file and (2) perform MD5 checksum comparisons on arbitrary pairs of files via two symlink attacks on /tmp/crontab.XXXXXXXXXX temporary files.

CVSS 2.0

Severity: LOW

Problem Type: CWE-59,

Products Affected

Vendor Product Version
freebsd freebsd *
apple mac_os_x *
CVE-2011-1074 LOW

crontab.c in crontab in FreeBSD allows local users to determine the existence of arbitrary directories via a command-line argument composed of a directory name concatenated with a directory traversal sequence that leads to the /etc/crontab pathname.

CVSS 2.0

Severity: LOW

Problem Type: CWE-200,

Products Affected

Vendor Product Version
freebsd freebsd *
CVE-2011-1739 MEDIUM

The makemask function in mountd.c in mountd in FreeBSD 7.4 through 8.2 does not properly handle a -network field specifying a CIDR block with a prefix length that is not an integer multiple of 8, which allows remote attackers to bypass intended access restrictions in opportunistic circumstances via an NFS mount request.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-20,

Products Affected

Vendor Product Version
freebsd freebsd 8.1
freebsd freebsd 8.0
freebsd freebsd 8.2
freebsd freebsd 7.4
CVE-2011-1777 MEDIUM

Multiple buffer overflows in the (1) heap_add_entry and (2) relocate_dir functions in archive_read_support_format_iso9660.c in libarchive through 2.8.5 allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted ISO9660 image.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,

Products Affected

Vendor Product Version
freebsd libarchive 2.3
freebsd libarchive 2.6
freebsd libarchive 2.8.0
freebsd libarchive 2.6.2
freebsd libarchive *
freebsd libarchive 2.6.1
freebsd libarchive 2.4
freebsd libarchive 2.7.0
freebsd libarchive 2.7.1
freebsd libarchive 2.0
freebsd libarchive 2.1
freebsd libarchive 2.8.2
freebsd libarchive 2.2
freebsd libarchive 2.2.3
freebsd libarchive 2.8.4
freebsd libarchive 2.5
freebsd libarchive 2.8.1
freebsd libarchive 2.8.3
CVE-2011-1778 MEDIUM

Buffer overflow in libarchive through 2.8.5 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted TAR archive.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,

Products Affected

Vendor Product Version
freebsd libarchive 2.3
freebsd libarchive 2.6
freebsd libarchive 2.8.0
freebsd libarchive 2.6.2
freebsd libarchive *
freebsd libarchive 2.6.1
freebsd libarchive 2.4
freebsd libarchive 2.7.0
freebsd libarchive 2.7.1
freebsd libarchive 2.0
freebsd libarchive 2.1
freebsd libarchive 2.8.2
freebsd libarchive 2.2
freebsd libarchive 2.2.3
freebsd libarchive 2.8.4
freebsd libarchive 2.5
freebsd libarchive 2.8.1
freebsd libarchive 2.8.3
CVE-2011-1779 HIGH

Multiple use-after-free vulnerabilities in libarchive 2.8.4 and 2.8.5 allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted (1) TAR archive or (2) ISO9660 image.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-399,

Products Affected

Vendor Product Version
freebsd libarchive 2.8.4
freebsd libarchive 2.8.5
CVE-2011-2393 HIGH

The Neighbor Discovery (ND) protocol implementation in the IPv6 stack in FreeBSD, NetBSD, and possibly other BSD-based operating systems allows remote attackers to cause a denial of service (CPU consumption and device hang) by sending many Router Advertisement (RA) messages with different source addresses, a similar vulnerability to CVE-2010-4670.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-399,

Products Affected

Vendor Product Version
freebsd freebsd *
netbsd netbsd *
CVE-2011-2895 HIGH

The LZW decompressor in (1) the BufCompressedFill function in fontfile/decompress.c in X.Org libXfont before 1.4.4 and (2) compress/compress.c in 4.3BSD, as used in zopen.c in OpenBSD before 3.8, FreeBSD, NetBSD 4.0.x and 5.0.x before 5.0.3 and 5.1.x before 5.1.1, FreeType 2.1.9, and other products, does not properly handle code words that are absent from the decompression table when encountered, which allows context-dependent attackers to trigger an infinite loop or a heap-based buffer overflow, and possibly execute arbitrary code, via a crafted compressed stream, a related issue to CVE-2006-1168 and CVE-2011-2896.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-119,

Products Affected

Vendor Product Version
openbsd openbsd 2.4
x libxfont 1.2.5
openbsd openbsd *
x libxfont 1.3.4
openbsd openbsd 2.8
openbsd openbsd 3.1
freetype freetype 2.1.9
x libxfont 1.3.3
x libxfont 1.3.0
x libxfont 1.3.1
x libxfont 1.2.0
x libxfont 1.2.9
netbsd netbsd *
x libxfont 1.3.2
openbsd openbsd 2.7
x libxfont *
x libxfont 1.2.2
openbsd openbsd 2.1
freebsd freebsd *
x libxfont 1.2.3
x libxfont 1.2.1
x libxfont 1.4.2
openbsd openbsd 2.0
openbsd openbsd 3.3
openbsd openbsd 3.2
x libxfont 1.4.1
openbsd openbsd 2.2
openbsd openbsd 2.5
openbsd openbsd 3.5
openbsd openbsd 2.3
x libxfont 1.2.6
x libxfont 1.2.7
x libxfont 1.2.4
openbsd openbsd 3.0
openbsd openbsd 3.6
openbsd openbsd 2.6
openbsd openbsd 3.4
x libxfont 1.2.8
openbsd openbsd 2.9
x libxfont 1.4.0
CVE-2011-4062 HIGH

Buffer overflow in the kernel in FreeBSD 7.3 through 9.0-RC1 allows local users to cause a denial of service (panic) or possibly gain privileges via a bind system call with a long pathname for a UNIX socket.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-119,

Products Affected

Vendor Product Version
freebsd freebsd 7.3
freebsd freebsd 8.1
freebsd freebsd 8.2
freebsd freebsd 7.4
freebsd freebsd 9.0
CVE-2011-4122 MEDIUM

Directory traversal vulnerability in openpam_configure.c in OpenPAM before r478 on FreeBSD 8.1 allows local users to load arbitrary DSOs and gain privileges via a .. (dot dot) in the service_name argument to the pam_start function, as demonstrated by a .. in the -c option to kcheckpass.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-22,

Products Affected

Vendor Product Version
freebsd freebsd 8.1
CVE-2011-4862 HIGH

Buffer overflow in libtelnet/encrypt.c in telnetd in FreeBSD 7.3 through 9.0, MIT Kerberos Version 5 Applications (aka krb5-appl) 1.0.2 and earlier, Heimdal 1.5.1 and earlier, GNU inetutils, and possibly other products allows remote attackers to execute arbitrary code via a long encryption key, as exploited in the wild in December 2011.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-120,

Products Affected

Vendor Product Version
debian debian_linux 5.0
suse linux_enterprise_desktop 10
freebsd freebsd *
heimdal_project heimdal *
fedoraproject fedora 15
suse linux_enterprise_software_development_kit 11
gnu inetutils *
fedoraproject fedora 16
mit krb5-appl *
suse linux_enterprise_server 10
suse linux_enterprise_desktop 11
suse linux_enterprise_server 9
opensuse opensuse 11.4
suse linux_enterprise_server 11
suse linux_enterprise_software_development_kit 10
debian debian_linux 6.0
opensuse opensuse 11.3
debian debian_linux 7.0
CVE-2012-0217 HIGH

The x86-64 kernel system-call functionality in Xen 4.1.2 and earlier, as used in Citrix XenServer 6.0.2 and earlier and other products; Oracle Solaris 11 and earlier; illumos before r13724; Joyent SmartOS before 20120614T184600Z; FreeBSD before 9.0-RELEASE-p3; NetBSD 6.0 Beta and earlier; Microsoft Windows Server 2008 R2 and R2 SP1 and Windows 7 Gold and SP1; and possibly other operating systems, when running on an Intel processor, incorrectly uses the sysret path in cases where a certain address is not a canonical address, which allows local users to gain privileges via a crafted application. NOTE: because this issue is due to incorrect use of the Intel specification, it should have been split into separate identifiers; however, there was some value in preserving the original mapping of the multi-codebase coordinated-disclosure effort to a single identifier.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-119,

Products Affected

Vendor Product Version
freebsd freebsd *
xen xen 4.1.1
xen xen 4.0.4
microsoft windows_server_2008 r2
xen xen 4.1.0
xen xen 4.0.1
xen xen 4.0.2
xen xen *
microsoft windows_server_2003 *
sun sunos *
joyent smartos *
citrix xenserver *
citrix xenserver 6.0
xen xen 4.0.3
netbsd netbsd *
microsoft windows_xp *
xen xen 4.0.0
illumos illumos *
microsoft windows_7 *
CVE-2012-2143 MEDIUM

The crypt_des (aka DES-based crypt) function in FreeBSD before 9.0-RELEASE-p2, as used in PHP, PostgreSQL, and other products, does not process the complete cleartext password if this password contains a 0x80 character, which makes it easier for context-dependent attackers to obtain access via an authentication attempt with an initial substring of the intended password, as demonstrated by a Unicode password.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-310,

Products Affected

Vendor Product Version
freebsd freebsd 4.3
freebsd freebsd 4.4
freebsd freebsd 6.4
freebsd freebsd 6.1
freebsd freebsd 7.3
freebsd freebsd 5.0
freebsd freebsd 8.2
freebsd freebsd 5.2.1
freebsd freebsd 5.2
freebsd freebsd 8.3
freebsd freebsd 4.6
freebsd freebsd 2.2.8
php php *
freebsd freebsd 2.1.6
freebsd freebsd 7.2
freebsd freebsd 7.4
freebsd freebsd 5.3
freebsd freebsd 3.1
freebsd freebsd 2.1.5
freebsd freebsd 7.1
freebsd freebsd 8.1
postgresql postgresql 9.1
freebsd freebsd 2.2.6
freebsd freebsd 2.0.5
postgresql postgresql 8.4
freebsd freebsd 2.2.7
freebsd freebsd 4.1
postgresql postgresql 9.0
freebsd freebsd 6.2
freebsd freebsd 2.2.1
freebsd freebsd 1.1.5.1
freebsd freebsd 7.0
freebsd freebsd 3.0
freebsd freebsd 4.9
freebsd freebsd 4.11
postgresql postgresql *
freebsd freebsd 1.1
freebsd freebsd 2.1
freebsd freebsd 8.0
freebsd freebsd 5.4
freebsd freebsd 5.5
freebsd freebsd 3.2
freebsd freebsd 3.5
freebsd freebsd 4.7
freebsd freebsd 2.2.5
freebsd freebsd 5.1
freebsd freebsd 6.3
freebsd freebsd *
freebsd freebsd 2.2
freebsd freebsd 4.10
freebsd freebsd 2.0
freebsd freebsd 2.1.7
freebsd freebsd 4.2
freebsd freebsd 1.0
freebsd freebsd 3.4
freebsd freebsd 3.3
freebsd freebsd 1.1.5
freebsd freebsd 2.2.2
freebsd freebsd 4.0
freebsd freebsd 4.6.2
freebsd freebsd 4.8
freebsd freebsd 6.0
freebsd freebsd 4.1.1
postgresql postgresql 8.3
freebsd freebsd 4.5
debian debian_linux 6.0
CVE-2013-0211 MEDIUM

Integer signedness error in the archive_write_zip_data function in archive_write_set_format_zip.c in libarchive 3.1.2 and earlier, when running on 64-bit machines, allows context-dependent attackers to cause a denial of service (crash) via unspecified vectors, which triggers an improper conversion between unsigned and signed types, leading to a buffer overflow.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-189,

Products Affected

Vendor Product Version
opensuse opensuse 13.1
freebsd freebsd 9.3
fedoraproject fedora 18
libarchive libarchive *
canonical ubuntu_linux 14.04
opensuse opensuse 13.2
canonical ubuntu_linux 14.10
fedoraproject fedora 17
canonical ubuntu_linux 12.04
CVE-2013-2171 MEDIUM

The vm_map_lookup function in sys/vm/vm_map.c in the mmap implementation in the kernel in FreeBSD 9.0 through 9.1-RELEASE-p4 does not properly determine whether a task should have write access to a memory location, which allows local users to bypass filesystem write permissions and consequently gain privileges via a crafted application that leverages read permissions, and makes mmap and ptrace system calls.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-264,

Products Affected

Vendor Product Version
freebsd freebsd 9.1
freebsd freebsd 9.0
CVE-2013-3077 HIGH

Multiple integer overflows in the IP_MSFILTER and IPV6_MSFILTER features in (1) sys/netinet/in_mcast.c and (2) sys/netinet6/in6_mcast.c in the multicast implementation in the kernel in FreeBSD 8.3 through 9.2-PRERELEASE allow local users to bypass intended restrictions on kernel-memory read and write operations, and consequently gain privileges, via vectors involving a large number of source-filter entries.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-189,

Products Affected

Vendor Product Version
freebsd freebsd 9.1
freebsd freebsd 8.3
freebsd freebsd 9.0
freebsd freebsd 9.2
CVE-2013-3266 HIGH

The nfsrvd_readdir function in sys/fs/nfsserver/nfs_nfsdport.c in the new NFS server in FreeBSD 8.0 through 9.1-RELEASE-p3 does not verify that a READDIR request is for a directory node, which allows remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code by specifying a plain file instead of a directory.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-20,

Products Affected

Vendor Product Version
freebsd freebsd 9.1
freebsd freebsd 8.1
freebsd freebsd 8.0
freebsd freebsd 8.2
freebsd freebsd 8.3
freebsd freebsd 9.0
CVE-2013-4851 MEDIUM

The vfs_hang_addrlist function in sys/kern/vfs_export.c in the NFS server implementation in the kernel in FreeBSD 8.3 and 9.x through 9.1-RELEASE-p5 controls authorization for host/subnet export entries on the basis of group information sent by the client, which allows remote attackers to bypass file permissions on NFS filesystems via crafted requests.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-264,

Products Affected

Vendor Product Version
freebsd freebsd 9.1
freebsd freebsd 8.3
freebsd freebsd 9.0
CVE-2013-4854 HIGH

The RFC 5011 implementation in rdata.c in ISC BIND 9.7.x and 9.8.x before 9.8.5-P2, 9.8.6b1, 9.9.x before 9.9.3-P2, and 9.9.4b1, and DNSco BIND 9.9.3-S1 before 9.9.3-S1-P1 and 9.9.4-S1b1, allows remote attackers to cause a denial of service (assertion failure and named daemon exit) via a query with a malformed RDATA section that is not properly handled during construction of a log message, as exploited in the wild in July 2013.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
slackware slackware_linux 13.0
slackware slackware_linux 12.1
freebsd freebsd 8.2
mandriva enterprise_server 5.0
novell suse_linux 11
slackware slackware_linux 13.1
slackware slackware_linux 13.37
fedoraproject fedora 19
hp hp-ux b.11.31
freebsd freebsd 9.0
isc bind 9.8.0
slackware slackware_linux 12.2
isc dnsco_bind 9.9.3
redhat enterprise_linux 5
isc bind 9.7.7
isc bind 9.9.0
isc bind 9.8.6
freebsd freebsd 8.0
isc bind 9.7.1
freebsd freebsd 8.3
freebsd freebsd 9.2
isc bind 9.9.2
freebsd freebsd 9.1
isc bind 9.9.3
isc bind 9.8.4
isc bind 9.7.4
isc bind 9.8.3
mandriva business_server 1.0
suse suse_linux_enterprise_software_development_kit 11.0
isc bind 9.7.6
isc bind 9.8.1
freebsd freebsd 8.4
isc bind 9.8.2
fedoraproject fedora 18
isc bind 9.7.0
isc bind 9.7.3
freebsd freebsd 8.1
isc bind 9.7.5
isc bind 9.7.2
opensuse opensuse 11.4
isc bind 9.9.1
redhat enterprise_linux 6.0
isc bind 9.8.5
isc dnsco_bind 9.9.4
CVE-2013-5209 HIGH

The sctp_send_initiate_ack function in sys/netinet/sctp_output.c in the SCTP implementation in the kernel in FreeBSD 8.3 through 9.2-PRERELEASE does not properly initialize the state-cookie data structure, which allows remote attackers to obtain sensitive information from kernel stack memory by reading packet data in INIT-ACK chunks.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-200,

Products Affected

Vendor Product Version
freebsd freebsd 9.1
freebsd freebsd 8.3
freebsd freebsd 9.0
freebsd freebsd 9.2
CVE-2013-5666 MEDIUM

The sendfile system-call implementation in sys/kern/uipc_syscalls.c in the kernel in FreeBSD 9.2-RC1 and 9.2-RC2 does not properly pad transmissions, which allows local users to obtain sensitive information (kernel memory) via a length greater than the length of the file.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-200,

Products Affected

Vendor Product Version
freebsd freebsd 9.2
CVE-2013-5691 MEDIUM

The (1) IPv6 and (2) ATM ioctl request handlers in the kernel in FreeBSD 8.3 through 9.2-STABLE do not validate SIOCSIFADDR, SIOCSIFBRDADDR, SIOCSIFDSTADDR, and SIOCSIFNETMASK requests, which allows local users to perform link-layer actions, cause a denial of service (panic), or possibly gain privileges via a crafted application.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-264,

Products Affected

Vendor Product Version
freebsd freebsd 9.1
freebsd freebsd 8.3
freebsd freebsd 9.0
freebsd freebsd 9.2
CVE-2013-5710 LOW

The nullfs implementation in sys/fs/nullfs/null_vnops.c in the kernel in FreeBSD 8.3 through 9.2 allows local users with certain permissions to bypass access restrictions via a hardlink in a nullfs instance to a file in a different instance.

CVSS 2.0

Severity: LOW

Problem Type: CWE-264,

Products Affected

Vendor Product Version
freebsd freebsd 9.1
freebsd freebsd 8.0
freebsd freebsd 8.3
freebsd freebsd 9.0
freebsd freebsd 9.2
freebsd freebsd 8.4
CVE-2013-6832 MEDIUM

The nand_ioctl function in sys/dev/nand/nand_geom.c in the nand driver in the kernel in FreeBSD 10 and earlier does not properly initialize a certain data structure, which allows local users to obtain sensitive information from kernel memory via a crafted ioctl call.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-200,

Products Affected

Vendor Product Version
freebsd freebsd 4.3
freebsd freebsd 4.4
freebsd freebsd 6.4
freebsd freebsd 2.1.7.1
freebsd freebsd 6.1
freebsd freebsd 7.3
freebsd freebsd 5.0
freebsd freebsd 8.2
freebsd freebsd 0.4_1
freebsd freebsd 5.2.1
freebsd freebsd 5.2
freebsd freebsd 8.3
freebsd freebsd 9.2
freebsd freebsd 1.2
freebsd freebsd 4.6
freebsd freebsd 2.2.8
freebsd freebsd 2.1.6
freebsd freebsd 7.2
freebsd freebsd 2.2.3
freebsd freebsd 3.5.1
freebsd freebsd 7.4
freebsd freebsd 5.3
freebsd freebsd 1.5
freebsd freebsd 3.1
freebsd freebsd 2.1.5
freebsd freebsd 7.1
freebsd freebsd 8.1
freebsd freebsd 2.2.6
freebsd freebsd 2.0.5
freebsd freebsd 2.2.7
freebsd freebsd 4.1
freebsd freebsd 2.0.1
freebsd freebsd 6.2
freebsd freebsd 2.2.1
freebsd freebsd 1.1.5.1
freebsd freebsd 7.0
freebsd freebsd 3.0
freebsd freebsd 9.0
freebsd freebsd 2.1.6.1
freebsd freebsd 4.9
freebsd freebsd 4.11
freebsd freebsd 1.1
freebsd freebsd 2.1
freebsd freebsd 8.0
freebsd freebsd 5.4
freebsd freebsd 5.5
freebsd freebsd 3.2
freebsd freebsd 3.5
freebsd freebsd 4.7
freebsd freebsd 9.1
freebsd freebsd 2.2.5
freebsd freebsd 5.1
freebsd freebsd 6.3
freebsd freebsd *
freebsd freebsd 2.2
freebsd freebsd 4.10
freebsd freebsd 2.2.4
freebsd freebsd 2.0
freebsd freebsd 2.1.7
freebsd freebsd 4.2
freebsd freebsd 1.0
freebsd freebsd 3.4
freebsd freebsd 3.3
freebsd freebsd 2.1.0
freebsd freebsd 8.4
freebsd freebsd 1.1.5
freebsd freebsd 2.2.2
freebsd freebsd 4.0
freebsd freebsd 4.6.2
freebsd freebsd 4.8
freebsd freebsd 6.0
freebsd freebsd 4.1.1
freebsd freebsd 4.5
CVE-2013-6833 MEDIUM

The qls_eioctl function in sys/dev/qlxge/qls_ioctl.c in the kernel in FreeBSD 10 and earlier does not validate a certain size parameter, which allows local users to obtain sensitive information from kernel memory via a crafted ioctl call.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-20,

Products Affected

Vendor Product Version
freebsd freebsd 4.3
freebsd freebsd 4.4
freebsd freebsd 6.4
freebsd freebsd 2.1.7.1
freebsd freebsd 6.1
freebsd freebsd 7.3
freebsd freebsd 5.0
freebsd freebsd 8.2
freebsd freebsd 0.4_1
freebsd freebsd 5.2.1
freebsd freebsd 5.2
freebsd freebsd 8.3
freebsd freebsd 9.2
freebsd freebsd 1.2
freebsd freebsd 4.6
freebsd freebsd 2.2.8
freebsd freebsd 2.1.6
freebsd freebsd 7.2
freebsd freebsd 2.2.3
freebsd freebsd 3.5.1
freebsd freebsd 7.4
freebsd freebsd 5.3
freebsd freebsd 1.5
freebsd freebsd 3.1
freebsd freebsd 2.1.5
freebsd freebsd 7.1
freebsd freebsd 8.1
freebsd freebsd 2.2.6
freebsd freebsd 2.0.5
freebsd freebsd 2.2.7
freebsd freebsd 4.1
freebsd freebsd 2.0.1
freebsd freebsd 6.2
freebsd freebsd 2.2.1
freebsd freebsd 1.1.5.1
freebsd freebsd 7.0
freebsd freebsd 3.0
freebsd freebsd 9.0
freebsd freebsd 2.1.6.1
freebsd freebsd 4.9
freebsd freebsd 4.11
freebsd freebsd 1.1
freebsd freebsd 2.1
freebsd freebsd 8.0
freebsd freebsd 5.4
freebsd freebsd 5.5
freebsd freebsd 3.2
freebsd freebsd 3.5
freebsd freebsd 4.7
freebsd freebsd 9.1
freebsd freebsd 2.2.5
freebsd freebsd 5.1
freebsd freebsd 6.3
freebsd freebsd *
freebsd freebsd 2.2
freebsd freebsd 4.10
freebsd freebsd 2.2.4
freebsd freebsd 2.0
freebsd freebsd 2.1.7
freebsd freebsd 4.2
freebsd freebsd 1.0
freebsd freebsd 3.4
freebsd freebsd 3.3
freebsd freebsd 2.1.0
freebsd freebsd 8.4
freebsd freebsd 1.1.5
freebsd freebsd 2.2.2
freebsd freebsd 4.0
freebsd freebsd 4.6.2
freebsd freebsd 4.8
freebsd freebsd 6.0
freebsd freebsd 4.1.1
freebsd freebsd 4.5
CVE-2013-6834 MEDIUM

The ql_eioctl function in sys/dev/qlxgbe/ql_ioctl.c in the kernel in FreeBSD 10 and earlier does not validate a certain size parameter, which allows local users to obtain sensitive information from kernel memory via a crafted ioctl call.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-20,

Products Affected

Vendor Product Version
freebsd freebsd 4.3
freebsd freebsd 4.4
freebsd freebsd 6.4
freebsd freebsd 2.1.7.1
freebsd freebsd 6.1
freebsd freebsd 7.3
freebsd freebsd 5.0
freebsd freebsd 8.2
freebsd freebsd 0.4_1
freebsd freebsd 5.2.1
freebsd freebsd 5.2
freebsd freebsd 8.3
freebsd freebsd 9.2
freebsd freebsd 1.2
freebsd freebsd 4.6
freebsd freebsd 2.2.8
freebsd freebsd 2.1.6
freebsd freebsd 7.2
freebsd freebsd 2.2.3
freebsd freebsd 3.5.1
freebsd freebsd 7.4
freebsd freebsd 5.3
freebsd freebsd 1.5
freebsd freebsd 3.1
freebsd freebsd 2.1.5
freebsd freebsd 7.1
freebsd freebsd 8.1
freebsd freebsd 2.2.6
freebsd freebsd 2.0.5
freebsd freebsd 2.2.7
freebsd freebsd 4.1
freebsd freebsd 2.0.1
freebsd freebsd 6.2
freebsd freebsd 2.2.1
freebsd freebsd 1.1.5.1
freebsd freebsd 7.0
freebsd freebsd 3.0
freebsd freebsd 9.0
freebsd freebsd 2.1.6.1
freebsd freebsd 4.9
freebsd freebsd 4.11
freebsd freebsd 1.1
freebsd freebsd 2.1
freebsd freebsd 8.0
freebsd freebsd 5.4
freebsd freebsd 5.5
freebsd freebsd 3.2
freebsd freebsd 3.5
freebsd freebsd 4.7
freebsd freebsd 9.1
freebsd freebsd 2.2.5
freebsd freebsd 5.1
freebsd freebsd 6.3
freebsd freebsd *
freebsd freebsd 2.2
freebsd freebsd 4.10
freebsd freebsd 2.2.4
freebsd freebsd 2.0
freebsd freebsd 2.1.7
freebsd freebsd 4.2
freebsd freebsd 1.0
freebsd freebsd 3.4
freebsd freebsd 3.3
freebsd freebsd 2.1.0
freebsd freebsd 8.4
freebsd freebsd 1.1.5
freebsd freebsd 2.2.2
freebsd freebsd 4.0
freebsd freebsd 4.6.2
freebsd freebsd 4.8
freebsd freebsd 6.0
freebsd freebsd 4.1.1
freebsd freebsd 4.5
CVE-2014-0998 HIGH

Integer signedness error in the vt console driver (formerly Newcons) in FreeBSD 9.3 before p10 and 10.1 before p6 allows local users to cause a denial of service (crash) and possibly gain privileges via a negative value in a VT_WAITACTIVE ioctl call, which triggers an array index error and out-of-bounds kernel memory access.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-189,

Products Affected

Vendor Product Version
freebsd freebsd 10.1
CVE-2014-1452 MEDIUM

Stack-based buffer overflow in lib/snmpagent.c in bsnmpd, as used in FreeBSD 8.3 through 10.0, allows remote attackers to cause a denial of service (daemon crash) and possibly execute arbitrary code via a crafted GETBULK PDU request.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,

Products Affected

Vendor Product Version
freebsd freebsd 9.1
freebsd freebsd 8.3
freebsd freebsd 9.0
freebsd freebsd 9.2
freebsd freebsd 10.0
freebsd freebsd 8.4
CVE-2014-1453 MEDIUM

The NFS server (nfsserver) in FreeBSD 8.3 through 10.0 does not acquire locks in the proper order when converting a directory file handle to a vnode, which allows remote authenticated users to cause a denial of service (deadlock) via vectors involving a thread that uses the correct locking order.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-399,

Products Affected

Vendor Product Version
freebsd freebsd 9.1
freebsd freebsd 8.3
freebsd freebsd 9.0
freebsd freebsd 9.2
freebsd freebsd 10.0
freebsd freebsd 8.4
CVE-2014-3000 HIGH

The TCP reassembly function in the inet module in FreeBSD 8.3 before p16, 8.4 before p9, 9.1 before p12, 9.2 before p5, and 10.0 before p2 allows remote attackers to cause a denial of service (undefined memory access and system crash) or possibly read system memory via multiple crafted packets, related to moving a reassemble queue entry to the segment list when the queue is full.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-119,

Products Affected

Vendor Product Version
freebsd freebsd 9.1
freebsd freebsd 8.3
freebsd freebsd 9.2
freebsd freebsd 10.0
freebsd freebsd 8.4
CVE-2014-3001 MEDIUM

The device file system (aka devfs) in FreeBSD 10.0 before p2 does not load default rulesets when booting, which allows context-dependent attackers to bypass intended restrictions by leveraging a jailed device node process.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-264,

Products Affected

Vendor Product Version
freebsd freebsd 10.0
CVE-2014-3711 MEDIUM

namei in FreeBSD 9.1 through 10.1-RC2 allows remote attackers to cause a denial of service (memory exhaustion) via vectors that trigger a sandboxed process to look up a large number of nonexistent path names.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-399,

Products Affected

Vendor Product Version
freebsd freebsd 10.1
freebsd freebsd 9.1
freebsd freebsd 9.3
freebsd freebsd 9.2
freebsd freebsd 10.0
CVE-2014-3873 LOW

The ktrace utility in the FreeBSD kernel 8.4 before p11, 9.1 before p14, 9.2 before p7, and 9.3-BETA1 before p1 uses an incorrect page fault kernel trace entry size, which allows local users to obtain sensitive information from kernel memory via a kernel process trace.

CVSS 2.0

Severity: LOW

Problem Type: CWE-20,

Products Affected

Vendor Product Version
freebsd freebsd 9.1
freebsd freebsd 9.3
freebsd freebsd 9.2
freebsd freebsd 8.4
CVE-2014-3879 HIGH

OpenPAM Nummularia 9.2 through 10.0 does not properly handle the error reported when an include directive refers to a policy that does not exist, which causes the loaded policy chain to no be discarded and allows context-dependent attackers to bypass authentication via a login (1) without a password or (2) with an incorrect password.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-287,

Products Affected

Vendor Product Version
freebsd freebsd *
CVE-2014-3880 MEDIUM

The (1) execve and (2) fexecve system calls in the FreeBSD kernel 8.4 before p11, 9.1 before p14, 9.2 before p7, and 10.0 before p4 destroys the virtual memory address space and mappings for a process before all threads have terminated, which allows local users to cause a denial of service (triple-fault and system reboot) via a crafted system call, which triggers an invalid page table pointer dereference.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-20,

Products Affected

Vendor Product Version
freebsd freebsd 9.1
freebsd freebsd 9.2
freebsd freebsd 10.0
freebsd freebsd 8.4
CVE-2014-3951 MEDIUM

The HZ module in the iconv implementation in FreeBSD 10.0 before p6 and NetBSD allows context-dependent attackers to cause a denial of service (NULL pointer dereference) via a crafted argument to the iconv_open function. NOTE: this issue was SPLIT per ADT2 due to different vulnerability types. CVE-2014-5384 is used for the NULL pointer dereference.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
netbsd netbsd *
freebsd freebsd 10.0
CVE-2014-3952 MEDIUM

FreeBSD 8.4 before p14, 9.1 before p17, 9.2 before p10, and 10.0 before p7 does not properly initialize the buffer between the header and data of a control message, which allows local users to obtain sensitive information from kernel memory via unspecified vectors.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,

Products Affected

Vendor Product Version
freebsd freebsd 9.1
freebsd freebsd 9.2
freebsd freebsd 10.0
freebsd freebsd 8.4
CVE-2014-3953 MEDIUM

FreeBSD 8.4 before p14, 9.1 before p17, 9.2 before p10, and 10.0 before p7 does not properly initialize certain data structures, which allows local users to obtain sensitive information from kernel memory via a (1) SCTP_SNDRCV, (2) SCTP_EXTRCV, or (3) SCTP_RCVINFO SCTP cmsg or a (4) SCTP_PEER_ADDR_CHANGE, (5) SCTP_REMOTE_ERROR, or (6) SCTP_AUTHENTICATION_EVENT notification.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,

Products Affected

Vendor Product Version
freebsd freebsd 9.1
freebsd freebsd 9.2
freebsd freebsd 10.0
freebsd freebsd 8.4
CVE-2014-3954 HIGH

Stack-based buffer overflow in rtsold in FreeBSD 9.1 through 10.1-RC2 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via crafted DNS parameters in a router advertisement message.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-119,

Products Affected

Vendor Product Version
freebsd freebsd 10.1
freebsd freebsd 9.1
freebsd freebsd 9.3
freebsd freebsd 9.2
freebsd freebsd 10.0
CVE-2014-3955 MEDIUM

routed in FreeBSD 8.4 through 10.1-RC2 allows remote attackers to cause a denial of service (assertion failure and daemon exit) via an RIP request from a source not on a directly connected network.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-20,

Products Affected

Vendor Product Version
freebsd freebsd 10.1
freebsd freebsd 9.1
freebsd freebsd 9.3
freebsd freebsd 9.0
freebsd freebsd 9.2
freebsd freebsd 10.0
freebsd freebsd 8.4
CVE-2014-3956 LOW

The sm_close_on_exec function in conf.c in sendmail before 8.14.9 has arguments in the wrong order, and consequently skips setting expected FD_CLOEXEC flags, which allows local users to access unintended high-numbered file descriptors via a custom mail-delivery program.

CVSS 2.0

Severity: LOW

Problem Type: CWE-200,

Products Affected

Vendor Product Version
sendmail sendmail 8.7.6
sendmail sendmail 8.13.8
sendmail sendmail 8.13.7
sendmail sendmail 8.12.8
sendmail sendmail 8.14.4
sendmail sendmail 8.7.9
sendmail sendmail 8.11.4
sendmail sendmail 8.6.7
sendmail sendmail 8.14.7
sendmail sendmail 8.14.2
sendmail sendmail 8.14.6
sendmail sendmail 8.11.7
sendmail sendmail 8.9.0
sendmail sendmail 8.9.1
sendmail sendmail 8.14.0
sendmail sendmail 8.13.3
sendmail sendmail *
sendmail sendmail 8.12.6
sendmail sendmail 8.9.2
sendmail sendmail 8.10.2
sendmail sendmail 8.13.0
hp hpux *
sendmail sendmail 8.12.1
sendmail sendmail 8.13.4
sendmail sendmail 8.12.7
sendmail sendmail 8.13.2
sendmail sendmail 8.11.1
sendmail sendmail 8.11.3
sendmail sendmail 8.10.0
sendmail sendmail 8.12.10
sendmail sendmail 8.13.6
sendmail sendmail 8.11.0
sendmail sendmail 8.11.6
sendmail sendmail 8.10.1
sendmail sendmail 8.12.0
sendmail sendmail 8.12.2
sendmail sendmail 8.7.8
sendmail sendmail 8.14.3
sendmail sendmail 8.11.2
freebsd freebsd *
sendmail sendmail 8.12.4
sendmail sendmail 8.12.9
sendmail sendmail 8.11.5
sendmail sendmail 8.12.5
sendmail sendmail 8.10
sendmail sendmail 8.14.1
sendmail sendmail 8.8.8
sendmail sendmail 8.9.3
sendmail sendmail 8.7.10
sendmail sendmail 8.14.5
sendmail sendmail 8.13.1
fedoraproject fedora 20
sendmail sendmail 8.12.11
sendmail sendmail 8.13.5
sendmail sendmail 8.7.7
sendmail sendmail 8.12.3
CVE-2014-5384 MEDIUM

The VIQR module in the iconv implementation in FreeBSD 10.0 before p6 and NetBSD allows context-dependent attackers to cause a denial of service (out-of-bounds array access) via a crafted argument to the iconv_open function. NOTE: this issue was SPLIT from CVE-2014-3951 per ADT2 due to different vulnerability types.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,

Products Affected

Vendor Product Version
netbsd netbsd *
freebsd freebsd 10.0
CVE-2014-7250 MEDIUM

The TCP stack in 4.3BSD Net/2, as used in FreeBSD 5.4, NetBSD possibly 2.0, and OpenBSD possibly 3.6, does not properly implement the session timer, which allows remote attackers to cause a denial of service (resource consumption) via crafted packets.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-399,

Products Affected

Vendor Product Version
netbsd netbsd 2.0
bsd bsd 4.3
freebsd freebsd 5.4
openbsd openbsd 3.6
CVE-2014-8116 MEDIUM

The ELF parser (readelf.c) in file before 5.21 allows remote attackers to cause a denial of service (CPU consumption or crash) via a large number of (1) program or (2) section headers or (3) invalid capabilities.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-399,

Products Affected

Vendor Product Version
freebsd freebsd *
file_project file 5.20
canonical ubuntu_linux 14.04
mageia mageia 4.0
canonical ubuntu_linux 14.10
canonical ubuntu_linux 10.04
canonical ubuntu_linux 12.04
CVE-2014-8117 MEDIUM

softmagic.c in file before 5.21 does not properly limit recursion, which allows remote attackers to cause a denial of service (CPU consumption or crash) via unspecified vectors.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-399,

Products Affected

Vendor Product Version
freebsd freebsd *
canonical ubuntu_linux 14.04
mageia mageia 4.0
canonical ubuntu_linux 14.10
file_project file *
canonical ubuntu_linux 10.04
canonical ubuntu_linux 12.04
CVE-2014-8475 MEDIUM

FreeBSD 9.1, 9.2, and 10.0, when compiling OpenSSH with Kerberos support, uses incorrect library ordering when linking sshd, which causes symbols to be resolved incorrectly and allows remote attackers to cause a denial of service (sshd deadlock and prevention of new connections) by ending multiple connections before authentication is completed.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-17,

Products Affected

Vendor Product Version
freebsd freebsd 9.1
freebsd freebsd 9.2
freebsd freebsd 10.0
CVE-2014-8476 LOW

The setlogin function in FreeBSD 8.4 through 10.1-RC4 does not initialize the buffer used to store the login name, which allows local users to obtain sensitive information from kernel memory via a call to getlogin, which returns the entire buffer.

CVSS 2.0

Severity: LOW

Problem Type: CWE-200,

Products Affected

Vendor Product Version
freebsd freebsd 10.1
freebsd freebsd 9.1
freebsd freebsd 9.3
freebsd freebsd 9.0
freebsd freebsd 9.2
freebsd freebsd 10.0
freebsd freebsd 8.4
CVE-2014-8611 MEDIUM

The __sflush function in fflush.c in stdio in libc in FreeBSD 10.1 and the kernel in Apple iOS before 9 mishandles failures of the write system call, which allows context-dependent attackers to execute arbitrary code or cause a denial of service (heap-based buffer overflow) via a crafted application.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,

Products Affected

Vendor Product Version
apple iphone_os *
freebsd freebsd 10.1
apple mac_os_x *
CVE-2014-8612 MEDIUM

Multiple array index errors in the Stream Control Transmission Protocol (SCTP) module in FreeBSD 10.1 before p5, 10.0 before p17, 9.3 before p9, and 8.4 before p23 allow local users to (1) gain privileges via the stream id to the setsockopt function, when setting the SCTIP_SS_VALUE option, or (2) read arbitrary kernel memory via the stream id to the getsockopt function, when getting the SCTP_SS_PRIORITY option.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-264,

Products Affected

Vendor Product Version
freebsd freebsd 10.1
freebsd freebsd 9.3
freebsd freebsd 10.0
freebsd freebsd 8.4
CVE-2014-8613 HIGH

The sctp module in FreeBSD 10.1 before p5, 10.0 before p17, 9.3 before p9, and 8.4 before p23 allows remote attackers to cause a denial of service (NULL pointer dereference and kernel panic) via a crafted RE_CONFIG chunk.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
freebsd freebsd 10.1
freebsd freebsd 9.3
freebsd freebsd 8.4
CVE-2015-1414 HIGH

Integer overflow in FreeBSD before 8.4 p24, 9.x before 9.3 p10. 10.0 before p18, and 10.1 before p6 allows remote attackers to cause a denial of service (crash) via a crafted IGMP packet, which triggers an incorrect size calculation and allocation of insufficient memory.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
freebsd freebsd 10.1
freebsd freebsd 9.1
freebsd freebsd 9.3
netgate pfsense 2.2.1
freebsd freebsd 9.0
freebsd freebsd 9.2
freebsd freebsd 10.0
debian debian_linux 7.0
freebsd freebsd 8.4
CVE-2015-1415 LOW

The bsdinstall installer in FreeBSD 10.x before 10.1 p9, when configuring full disk encrypted ZFS, uses world-readable permissions for the GELI keyfile (/boot/encryption.key), which allows local users to obtain sensitive key information by reading the file.

CVSS 2.0

Severity: LOW

Problem Type: CWE-200,

Products Affected

Vendor Product Version
freebsd freebsd 10.1
freebsd freebsd *
freebsd freebsd 10.0
CVE-2015-1416 HIGH

Larry Wall's patch; patch in FreeBSD 10.2-RC1 before 10.2-RC1-p1, 10.2 before 10.2-BETA2-p2, and 10.1 before 10.1-RELEASE-p16; Bitrig; GNU patch before 2.2.5; and possibly other patch variants allow remote attackers to execute arbitrary shell commands via a crafted patch file.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-264,

Products Affected

Vendor Product Version
freebsd freebsd 10.1
freebsd freebsd 10.2
freebsd freebsd 10.0
CVE-2015-1417 MEDIUM

The inet module in FreeBSD 10.2x before 10.2-PRERELEASE, 10.2-BETA2-p2, 10.2-RC1-p1, 10.1x before 10.1-RELEASE-p16, 9.x before 9.3-STABLE, 9.3-RELEASE-p21, and 8.x before 8.4-STABLE, 8.4-RELEASE-p35 on systems with VNET enabled and at least 16 VNET instances allows remote attackers to cause a denial of service (mbuf consumption) via multiple concurrent TCP connections.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-400,

Products Affected

Vendor Product Version
freebsd freebsd 10.1
freebsd freebsd 9.3
freebsd freebsd 10.2
freebsd freebsd 8.4
CVE-2015-1418 HIGH

The do_ed_script function in pch.c in GNU patch through 2.7.6, and patch in FreeBSD 10.1 before 10.1-RELEASE-p17, 10.2 before 10.2-BETA2-p3, 10.2-RC1 before 10.2-RC1-p2, and 0.2-RC2 before 10.2-RC2-p1, allows remote attackers to execute arbitrary commands via a crafted patch file, because a '!' character can be passed to the ed program.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-200,

Products Affected

Vendor Product Version
freebsd freebsd 10.1
freebsd freebsd 10.2
CVE-2015-2923 LOW

The Neighbor Discovery (ND) protocol implementation in the IPv6 stack in FreeBSD through 10.1 allows remote attackers to reconfigure a hop-limit setting via a small hop_limit value in a Router Advertisement (RA) message.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 2.8 3.6

CVSS 2.0

Severity: LOW

Problem Type: CWE-20,

Products Affected

Vendor Product Version
freebsd freebsd *
CVE-2015-5674 MEDIUM

The routed daemon in FreeBSD 9.3 before 9.3-RELEASE-p22, 10.2-RC2 before 10.2-RC2-p1, 10.2-RC1 before 10.2-RC1-p2, 10.2 before 10.2-BETA2-p3, and 10.1 before 10.1-RELEASE-p17 allows remote authenticated users to cause a denial of service (assertion failure and daemon exit) via a query from a network that is not directly connected.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-20,

Products Affected

Vendor Product Version
freebsd freebsd 10.1
freebsd freebsd 9.3
freebsd freebsd 10.2
CVE-2015-5675 HIGH

The sys_amd64 IRET Handler in the kernel in FreeBSD 9.3 and 10.1 allows local users to gain privileges or cause a denial of service (kernel panic).

CVSS 2.0

Severity: HIGH

Problem Type: CWE-264,

Products Affected

Vendor Product Version
freebsd freebsd 10.1
freebsd freebsd 9.3
CVE-2015-5677 LOW

bsnmpd, as used in FreeBSD 9.3, 10.1, and 10.2, uses world-readable permissions on the snmpd.config file, which allows local users to obtain the secret key for USM authentication by reading the file.

CVSS 2.0

Severity: LOW

Problem Type: CWE-200,

Products Affected

Vendor Product Version
freebsd freebsd 10.1
freebsd freebsd 9.3
freebsd freebsd 10.2
CVE-2015-7973 MEDIUM

NTP before 4.2.8p6 and 4.3.x before 4.3.90, when configured in broadcast mode, allows man-in-the-middle attackers to conduct replay attacks by sniffing the network.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H 2.2 4.2

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-254,

Products Affected

Vendor Product Version
freebsd freebsd 10.1
freebsd freebsd 9.3
netapp oncommand_balance -
freebsd freebsd 10.2
freebsd freebsd *
siemens tim_4r-ie_firmware *
ntp ntp *
canonical ubuntu_linux 14.04
ntp ntp 4.2.8
netapp clustered_data_ontap -
canonical ubuntu_linux 12.04
canonical ubuntu_linux 16.04
siemens tim_4r-ie_dnp3_firmware *
CVE-2015-7977 MEDIUM

ntpd in NTP before 4.2.8p6 and 4.3.x before 4.3.90 allows remote attackers to cause a denial of service (NULL pointer dereference) via a ntpdc reslist command.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.9 MEDIUM CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H 2.2 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-476,

Products Affected

Vendor Product Version
freebsd freebsd 10.1
fedoraproject fedora 22
freebsd freebsd 9.3
netapp oncommand_balance -
freebsd freebsd 10.2
oracle linux 6
debian debian_linux 8.0
siemens tim_4r-ie_firmware *
ntp ntp *
fedoraproject fedora 23
siemens tim_4r-ie_dnp3_firmware -
canonical ubuntu_linux 14.04
ntp ntp 4.2.8
netapp clustered_data_ontap -
canonical ubuntu_linux 12.04
debian debian_linux 9.0
canonical ubuntu_linux 16.04
CVE-2016-1879 HIGH

The Stream Control Transmission Protocol (SCTP) module in FreeBSD 9.3 before p33, 10.1 before p26, and 10.2 before p9, when the kernel is configured for IPv6, allows remote attackers to cause a denial of service (assertion failure or NULL pointer dereference and kernel panic) via a crafted ICMPv6 packet.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
freebsd freebsd 10.1
freebsd freebsd 9.3
freebsd freebsd 10.2
CVE-2016-1880 HIGH

The Linux compatibility layer in the kernel in FreeBSD 9.3, 10.1, and 10.2 allows local users to read portions of kernel memory and potentially gain privilege via unspecified vectors, related to "handling of Linux futex robust lists."

CVSS 2.0

Severity: HIGH

Problem Type: CWE-264,

Products Affected

Vendor Product Version
freebsd freebsd 10.1
freebsd freebsd 9.3
freebsd freebsd 10.2
CVE-2016-1881 HIGH

The kernel in FreeBSD 9.3, 10.1, and 10.2 allows local users to cause a denial of service (crash) or potentially gain privilege via a crafted Linux compatibility layer setgroups system call.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-264,

Products Affected

Vendor Product Version
freebsd freebsd 10.1
freebsd freebsd 9.3
freebsd freebsd 10.2
CVE-2016-1882 HIGH

FreeBSD 9.3 before p33, 10.1 before p26, and 10.2 before p9 allow remote attackers to cause a denial of service (kernel crash) via vectors related to creating a TCP connection with the TCP_MD5SIG and TCP_NOOPT socket options.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-19,

Products Affected

Vendor Product Version
freebsd freebsd 10.1
freebsd freebsd 9.3
freebsd freebsd 10.2
CVE-2016-1883 HIGH

The issetugid system call in the Linux compatibility layer in FreeBSD 9.3, 10.1, and 10.2 allows local users to gain privilege via unspecified vectors.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-264,

Products Affected

Vendor Product Version
freebsd freebsd 10.1
freebsd freebsd 9.3
freebsd freebsd 10.2
CVE-2016-1885 MEDIUM

Integer signedness error in the amd64_set_ldt function in sys/amd64/amd64/sys_machdep.c in FreeBSD 9.3 before p39, 10.1 before p31, and 10.2 before p14 allows local users to cause a denial of service (kernel panic) via an i386_set_ldt system call, which triggers a heap-based buffer overflow.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,

Products Affected

Vendor Product Version
freebsd freebsd 10.1
freebsd freebsd 9.3
freebsd freebsd 10.2
CVE-2016-1886 HIGH

Integer signedness error in the genkbd_commonioctl function in sys/dev/kbd/kbd.c in FreeBSD 9.3 before p42, 10.1 before p34, 10.2 before p17, and 10.3 before p3 allows local users to obtain sensitive information from kernel memory, cause a denial of service (memory overwrite and kernel crash), or gain privileges via a negative value in the flen structure member in the arg argument in a SETFKEY ioctl call, which triggers a "two way heap and stack overflow."

CVSS 2.0

Severity: HIGH

Problem Type: CWE-119,

Products Affected

Vendor Product Version
freebsd freebsd 10.1
freebsd freebsd 9.3
freebsd freebsd 10.2
freebsd freebsd 10.3
CVE-2016-1887 HIGH

Integer signedness error in the sockargs function in sys/kern/uipc_syscalls.c in FreeBSD 10.1 before p34, 10.2 before p17, and 10.3 before p3 allows local users to cause a denial of service (memory overwrite and kernel panic) or gain privileges via a negative buflen argument, which triggers a heap-based buffer overflow.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-264,

Products Affected

Vendor Product Version
freebsd freebsd 10.1
freebsd freebsd 10.2
freebsd freebsd 10.3
CVE-2016-1888 MEDIUM

The telnetd service in FreeBSD 9.3, 10.1, 10.2, 10.3, and 11.0 allows remote attackers to inject arguments to login and bypass authentication via vectors involving a "sequence of memory allocation failures."

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-287,

Products Affected

Vendor Product Version
freebsd freebsd 10.1
freebsd freebsd 9.3
freebsd freebsd 10.2
freebsd freebsd 10.3
freebsd freebsd 11.0
CVE-2016-1889 HIGH

Integer overflow in the bhyve hypervisor in FreeBSD 10.1, 10.2, 10.3, and 11.0 when configured with a large amount of guest memory, allows local users to gain privilege via a crafted device descriptor.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-190,

Products Affected

Vendor Product Version
freebsd freebsd 10.1
freebsd freebsd 10.2
freebsd freebsd 10.3
freebsd freebsd 11.0
CVE-2016-2518 MEDIUM

The MATCH_ASSOC function in NTP before version 4.2.8p9 and 4.3.x before 4.3.92 allows remote attackers to cause an out-of-bounds reference via an addpeer request with a large hmode value.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L 3.9 1.4

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-125,

Products Affected

Vendor Product Version
redhat enterprise_linux_server_eus 7.2
redhat enterprise_linux_server_aus 7.2
redhat enterprise_linux_server_aus 7.4
freebsd freebsd 9.3
redhat enterprise_linux_desktop 7.0
netapp oncommand_balance -
oracle linux 6
oracle communications_user_data_repository 10.0.0
redhat enterprise_linux_server_tus 7.3
oracle communications_user_data_repository 12.0.0
siemens simatic_net_cp_443-1_opc_ua_firmware *
redhat enterprise_linux_server_eus 7.4
netapp oncommand_performance_manager -
redhat enterprise_linux_server_tus 7.6
redhat enterprise_linux_server_eus 7.7
oracle communications_user_data_repository 10.0.1
redhat enterprise_linux_server_eus 7.5
ntp ntp 4.2.8
redhat enterprise_linux_server_tus 7.7
netapp data_ontap -
freebsd freebsd 10.1
freebsd freebsd 10.2
oracle linux 7
redhat enterprise_linux_server_eus 7.3
redhat enterprise_linux_server_eus 7.6
freebsd freebsd 10.3
redhat enterprise_linux_server 6.0
debian debian_linux 8.0
netapp oncommand_unified_manager_for_clustered_data_ontap -
redhat enterprise_linux_workstation 6.0
ntp ntp *
redhat enterprise_linux_server 7.0
netapp clustered_data_ontap -
debian debian_linux 9.0
redhat enterprise_linux_server_aus 7.6
redhat enterprise_linux_server_tus 7.2
debian debian_linux 10.0
CVE-2016-5766 MEDIUM

Integer overflow in the _gd2GetHeader function in gd_gd2.c in the GD Graphics Library (aka libgd) before 2.2.3, as used in PHP before 5.5.37, 5.6.x before 5.6.23, and 7.x before 7.0.8, allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via crafted chunk dimensions in an image.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-190,

Products Affected

Vendor Product Version
redhat openshift 2.0
freebsd freebsd 10.1
fedoraproject fedora 22
freebsd freebsd 9.1
freebsd freebsd 9.3
freebsd freebsd 10.2
redhat enterprise_linux 7.0
freebsd freebsd 8.2
freebsd freebsd 10.3
debian debian_linux 8.0
fedoraproject fedora 24
freebsd freebsd 9.0
freebsd freebsd 10.0
freebsd freebsd 8.4
libgd libgd 2.2.2
fedoraproject fedora 23
redhat enterprise_linux 5
freebsd freebsd 8.1
freebsd freebsd 8.0
redhat enterprise_linux 6.0
freebsd freebsd 8.3
freebsd freebsd 9.2
CVE-2016-6559 HIGH

Improper bounds checking of the obuf variable in the link_ntoa() function in linkaddr.c of the BSD libc library may allow an attacker to read or write from memory. The full impact and severity depends on the method of exploit and how the library is used by applications. According to analysis by FreeBSD developers, it is very unlikely that applications exist that utilize link_ntoa() in an exploitable manner, and the CERT/CC is not aware of any proof of concept. A blog post describes the functionality of link_ntoa() and points out that none of the base utilities use this function in an exploitable manner. For more information, please see FreeBSD Security Advisory SA-16:37.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-120,CWE-119,

Products Affected

Vendor Product Version
freebsd freebsd 10.1
freebsd freebsd 9.3
freebsd freebsd 10.2
freebsd freebsd 10.3
freebsd freebsd 11.0
CVE-2016-9042 MEDIUM

An exploitable denial of service vulnerability exists in the origin timestamp check functionality of ntpd 4.2.8p9. A specially crafted unauthenticated network packet can be used to reset the expected origin timestamp for target peers. Legitimate replies from targeted peers will fail the origin timestamp check (TEST2) causing the reply to be dropped and creating a denial of service condition.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.9 MEDIUM CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H 2.2 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-20,

Products Affected

Vendor Product Version
ntp ntp 4.2.8
hpe hpux-ntp *
freebsd freebsd 11.0
freebsd freebsd 10.0
siemens simatic_net_cp_443-1_opc_ua_firmware *
CVE-2017-1081 HIGH

In FreeBSD before 11.0-STABLE, 11.0-RELEASE-p10, 10.3-STABLE, and 10.3-RELEASE-p19, ipfilter using "keep state" or "keep frags" options can cause a kernel panic when fed specially crafted packet fragments due to incorrect memory handling.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-416,CWE-20,

Products Affected

Vendor Product Version
freebsd freebsd *
freebsd freebsd 10.3
freebsd freebsd 11.0
CVE-2017-1082 MEDIUM

In FreeBSD 11.x before 11.1-RELEASE and 10.x before 10.4-RELEASE, the qsort algorithm has a deterministic recursion pattern. Feeding a pathological input to the algorithm can lead to excessive stack usage and potential overflow. Applications that use qsort to handle large data set may crash if the input follows the pathological pattern.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-20,

Products Affected

Vendor Product Version
freebsd freebsd *
CVE-2017-1083 HIGH

In FreeBSD before 11.2-RELEASE, a stack guard-page is available but is disabled by default. This results in the possibility a poorly written process could be cause a stack overflow.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-119,

Products Affected

Vendor Product Version
freebsd freebsd *
CVE-2017-1084 HIGH

In FreeBSD before 11.2-RELEASE, multiple issues with the implementation of the stack guard-page reduce the protections afforded by the guard-page. This results in the possibility a poorly written process could be cause a stack overflow.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-119,

Products Affected

Vendor Product Version
freebsd freebsd *
CVE-2017-1085 HIGH

In FreeBSD before 11.2-RELEASE, an application which calls setrlimit() to increase RLIMIT_STACK may turn a read-only memory region below the stack into a read-write region. A specially crafted executable could be exploited to execute arbitrary code in the user context.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-119,

Products Affected

Vendor Product Version
freebsd freebsd *
CVE-2017-1086 LOW

In FreeBSD before 11.1-STABLE, 11.1-RELEASE-p4, 11.0-RELEASE-p15, 10.4-STABLE, 10.4-RELEASE-p3, and 10.3-RELEASE-p24, not all information in the struct ptrace_lwpinfo is relevant for the state of any thread, and the kernel does not fill the irrelevant bytes or short strings. Since the structure filled by the kernel is allocated on the kernel stack and copied to userspace, a leak of information of the kernel stack of the thread is possible from the debugger. As a result, some bytes from the kernel stack of the thread using ptrace (PT_LWPINFO) call can be observed in userspace.

CVSS 2.0

Severity: LOW

Problem Type: CWE-200,

Products Affected

Vendor Product Version
freebsd freebsd -
CVE-2017-1087 MEDIUM

In FreeBSD 10.x before 10.4-STABLE, 10.4-RELEASE-p3, and 10.3-RELEASE-p24 named paths are globally scoped, meaning a process located in one jail can read and modify the content of POSIX shared memory objects created by a process in another jail or the host system. As a result, a malicious user that has access to a jailed system is able to abuse shared memory by injecting malicious content in the shared memory region. This memory region might be executed by applications trusting the shared memory, like Squid. This issue could lead to a Denial of Service or local privilege escalation.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-22,

Products Affected

Vendor Product Version
freebsd freebsd -
CVE-2017-1088 LOW

In FreeBSD before 11.1-STABLE, 11.1-RELEASE-p4, 11.0-RELEASE-p15, 10.4-STABLE, 10.4-RELEASE-p3, and 10.3-RELEASE-p24, the kernel does not properly clear the memory of the kld_file_stat structure before filling the data. Since the structure filled by the kernel is allocated on the kernel stack and copied to userspace, a leak of information from the kernel stack is possible. As a result, some bytes from the kernel stack can be observed in userspace.

CVSS 2.0

Severity: LOW

Problem Type: CWE-200,

Products Affected

Vendor Product Version
freebsd freebsd -
CVE-2017-11103 MEDIUM

Heimdal before 7.4 allows remote attackers to impersonate services with Orpheus' Lyre attacks because it obtains service-principal names in a way that violates the Kerberos 5 protocol specification. In _krb5_extract_ticket() the KDC-REP service name must be obtained from the encrypted version stored in 'enc_part' instead of the unencrypted version stored in 'ticket'. Use of the unencrypted version provides an opportunity for successful server impersonation and other attacks. NOTE: this CVE is only for Heimdal and other products that embed Heimdal code; it does not apply to other instances in which this part of the Kerberos 5 protocol specification is violated.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.1 HIGH CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H 2.2 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-345,

Products Affected

Vendor Product Version
freebsd freebsd -
apple iphone_os *
heimdal_project heimdal *
samba samba *
debian debian_linux 8.0
apple mac_os_x *
debian debian_linux 9.0
debian debian_linux 10.0
CVE-2017-13077 MEDIUM

Wi-Fi Protected Access (WPA and WPA2) allows reinstallation of the Pairwise Transient Key (PTK) Temporal Key (TK) during the four-way handshake, allowing an attacker within radio range to replay, decrypt, or spoof frames.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-330,

Products Affected

Vendor Product Version
w1.fi hostapd 0.2.4
w1.fi wpa_supplicant 1.1
w1.fi wpa_supplicant 0.5.11
w1.fi wpa_supplicant 0.2.7
w1.fi wpa_supplicant 0.4.8
w1.fi hostapd 1.0
w1.fi hostapd 0.6.8
w1.fi wpa_supplicant 0.2.4
w1.fi wpa_supplicant 2.1
w1.fi hostapd 0.2.5
w1.fi hostapd 2.2
redhat enterprise_linux_server 7
w1.fi hostapd 0.3.7
w1.fi hostapd 2.1
w1.fi wpa_supplicant 0.3.9
freebsd freebsd 10
w1.fi hostapd 0.3.11
freebsd freebsd 11.1
canonical ubuntu_linux 14.04
w1.fi wpa_supplicant 2.3
w1.fi wpa_supplicant 0.5.7
w1.fi hostapd 0.5.9
w1.fi wpa_supplicant 0.3.11
w1.fi wpa_supplicant 0.6.9
w1.fi hostapd 0.4.9
w1.fi hostapd 0.6.10
w1.fi wpa_supplicant 2.0
w1.fi wpa_supplicant 0.4.9
w1.fi hostapd 0.2.8
w1.fi hostapd 0.3.9
w1.fi hostapd 0.5.10
w1.fi hostapd 2.6
w1.fi hostapd 0.4.11
w1.fi hostapd 0.5.7
w1.fi wpa_supplicant 0.2.6
opensuse leap 42.3
w1.fi hostapd 2.5
w1.fi wpa_supplicant 0.4.7
freebsd freebsd 11
w1.fi hostapd 0.4.8
suse linux_enterprise_server 12
w1.fi wpa_supplicant 0.2.8
w1.fi wpa_supplicant 0.5.8
debian debian_linux 9.0
w1.fi wpa_supplicant 2.5
suse openstack_cloud 6
w1.fi hostapd 0.4.10
redhat enterprise_linux_desktop 7
w1.fi hostapd 0.6.9
w1.fi wpa_supplicant 0.4.10
w1.fi wpa_supplicant 0.3.10
w1.fi hostapd 0.3.10
suse linux_enterprise_point_of_sale 11
w1.fi hostapd 2.3
w1.fi wpa_supplicant 0.2.5
w1.fi wpa_supplicant 0.3.8
suse linux_enterprise_desktop 12
w1.fi wpa_supplicant 2.4
w1.fi wpa_supplicant 0.6.10
w1.fi wpa_supplicant 0.7.3
w1.fi wpa_supplicant 0.6.8
w1.fi hostapd 2.0
suse linux_enterprise_server 11
w1.fi hostapd 0.2.6
w1.fi wpa_supplicant 0.5.10
w1.fi wpa_supplicant 2.2
freebsd freebsd *
w1.fi hostapd 1.1
w1.fi wpa_supplicant 0.3.7
w1.fi hostapd 0.7.3
debian debian_linux 8.0
canonical ubuntu_linux 17.04
opensuse leap 42.2
w1.fi wpa_supplicant 0.5.9
w1.fi wpa_supplicant 2.6
w1.fi hostapd 0.4.7
freebsd freebsd 10.4
w1.fi wpa_supplicant 1.0
w1.fi hostapd 2.4
w1.fi hostapd 0.5.8
w1.fi hostapd 0.5.11
w1.fi wpa_supplicant 0.4.11
canonical ubuntu_linux 16.04
CVE-2017-13078 LOW

Wi-Fi Protected Access (WPA and WPA2) allows reinstallation of the Group Temporal Key (GTK) during the four-way handshake, allowing an attacker within radio range to replay frames from access points to clients.

CVSS 2.0

Severity: LOW

Problem Type: CWE-323,CWE-330,

Products Affected

Vendor Product Version
w1.fi hostapd 0.2.4
w1.fi wpa_supplicant 1.1
w1.fi wpa_supplicant 0.5.11
w1.fi wpa_supplicant 0.2.7
w1.fi wpa_supplicant 0.4.8
w1.fi hostapd 1.0
w1.fi hostapd 0.6.8
w1.fi wpa_supplicant 0.2.4
w1.fi wpa_supplicant 2.1
w1.fi hostapd 0.2.5
w1.fi hostapd 2.2
redhat enterprise_linux_server 7
w1.fi hostapd 0.3.7
w1.fi hostapd 2.1
w1.fi wpa_supplicant 0.3.9
freebsd freebsd 10
w1.fi hostapd 0.3.11
freebsd freebsd 11.1
canonical ubuntu_linux 14.04
w1.fi wpa_supplicant 2.3
w1.fi wpa_supplicant 0.5.7
w1.fi hostapd 0.5.9
w1.fi wpa_supplicant 0.3.11
w1.fi wpa_supplicant 0.6.9
w1.fi hostapd 0.4.9
w1.fi hostapd 0.6.10
w1.fi wpa_supplicant 2.0
w1.fi wpa_supplicant 0.4.9
w1.fi hostapd 0.2.8
w1.fi hostapd 0.3.9
w1.fi hostapd 0.5.10
w1.fi hostapd 2.6
w1.fi hostapd 0.4.11
w1.fi hostapd 0.5.7
w1.fi wpa_supplicant 0.2.6
opensuse leap 42.3
w1.fi hostapd 2.5
w1.fi wpa_supplicant 0.4.7
freebsd freebsd 11
w1.fi hostapd 0.4.8
suse linux_enterprise_server 12
w1.fi wpa_supplicant 0.2.8
w1.fi wpa_supplicant 0.5.8
debian debian_linux 9.0
w1.fi wpa_supplicant 2.5
suse openstack_cloud 6
w1.fi hostapd 0.4.10
redhat enterprise_linux_desktop 7
w1.fi hostapd 0.6.9
w1.fi wpa_supplicant 0.4.10
w1.fi wpa_supplicant 0.3.10
w1.fi hostapd 0.3.10
suse linux_enterprise_point_of_sale 11
w1.fi hostapd 2.3
w1.fi wpa_supplicant 0.2.5
w1.fi wpa_supplicant 0.3.8
suse linux_enterprise_desktop 12
w1.fi wpa_supplicant 2.4
w1.fi wpa_supplicant 0.6.10
w1.fi wpa_supplicant 0.7.3
w1.fi wpa_supplicant 0.6.8
w1.fi hostapd 2.0
suse linux_enterprise_server 11
w1.fi hostapd 0.2.6
w1.fi wpa_supplicant 0.5.10
w1.fi wpa_supplicant 2.2
freebsd freebsd *
w1.fi hostapd 1.1
w1.fi wpa_supplicant 0.3.7
w1.fi hostapd 0.7.3
debian debian_linux 8.0
canonical ubuntu_linux 17.04
opensuse leap 42.2
w1.fi wpa_supplicant 0.5.9
w1.fi wpa_supplicant 2.6
w1.fi hostapd 0.4.7
freebsd freebsd 10.4
w1.fi wpa_supplicant 1.0
w1.fi hostapd 2.4
w1.fi hostapd 0.5.8
w1.fi hostapd 0.5.11
w1.fi wpa_supplicant 0.4.11
canonical ubuntu_linux 16.04
CVE-2017-13079 LOW

Wi-Fi Protected Access (WPA and WPA2) that supports IEEE 802.11w allows reinstallation of the Integrity Group Temporal Key (IGTK) during the four-way handshake, allowing an attacker within radio range to spoof frames from access points to clients.

CVSS 2.0

Severity: LOW

Problem Type: CWE-323,CWE-330,

Products Affected

Vendor Product Version
w1.fi hostapd 0.2.4
w1.fi wpa_supplicant 1.1
w1.fi wpa_supplicant 0.5.11
w1.fi wpa_supplicant 0.2.7
w1.fi wpa_supplicant 0.4.8
w1.fi hostapd 1.0
w1.fi hostapd 0.6.8
w1.fi wpa_supplicant 0.2.4
w1.fi wpa_supplicant 2.1
w1.fi hostapd 0.2.5
w1.fi hostapd 2.2
redhat enterprise_linux_server 7
w1.fi hostapd 0.3.7
w1.fi hostapd 2.1
w1.fi wpa_supplicant 0.3.9
freebsd freebsd 10
w1.fi hostapd 0.3.11
freebsd freebsd 11.1
canonical ubuntu_linux 14.04
w1.fi wpa_supplicant 2.3
w1.fi wpa_supplicant 0.5.7
w1.fi hostapd 0.5.9
w1.fi wpa_supplicant 0.3.11
w1.fi wpa_supplicant 0.6.9
w1.fi hostapd 0.4.9
w1.fi hostapd 0.6.10
w1.fi wpa_supplicant 2.0
w1.fi wpa_supplicant 0.4.9
w1.fi hostapd 0.2.8
w1.fi hostapd 0.3.9
w1.fi hostapd 0.5.10
w1.fi hostapd 2.6
w1.fi hostapd 0.4.11
w1.fi hostapd 0.5.7
w1.fi wpa_supplicant 0.2.6
opensuse leap 42.3
w1.fi hostapd 2.5
w1.fi wpa_supplicant 0.4.7
freebsd freebsd 11
w1.fi hostapd 0.4.8
suse linux_enterprise_server 12
w1.fi wpa_supplicant 0.2.8
w1.fi wpa_supplicant 0.5.8
debian debian_linux 9.0
w1.fi wpa_supplicant 2.5
suse openstack_cloud 6
w1.fi hostapd 0.4.10
redhat enterprise_linux_desktop 7
w1.fi hostapd 0.6.9
w1.fi wpa_supplicant 0.4.10
w1.fi wpa_supplicant 0.3.10
w1.fi hostapd 0.3.10
suse linux_enterprise_point_of_sale 11
w1.fi hostapd 2.3
w1.fi wpa_supplicant 0.2.5
w1.fi wpa_supplicant 0.3.8
suse linux_enterprise_desktop 12
w1.fi wpa_supplicant 2.4
w1.fi wpa_supplicant 0.6.10
w1.fi wpa_supplicant 0.7.3
w1.fi wpa_supplicant 0.6.8
w1.fi hostapd 2.0
suse linux_enterprise_server 11
w1.fi hostapd 0.2.6
w1.fi wpa_supplicant 0.5.10
w1.fi wpa_supplicant 2.2
freebsd freebsd *
w1.fi hostapd 1.1
w1.fi wpa_supplicant 0.3.7
w1.fi hostapd 0.7.3
debian debian_linux 8.0
canonical ubuntu_linux 17.04
opensuse leap 42.2
w1.fi wpa_supplicant 0.5.9
w1.fi wpa_supplicant 2.6
w1.fi hostapd 0.4.7
freebsd freebsd 10.4
w1.fi wpa_supplicant 1.0
w1.fi hostapd 2.4
w1.fi hostapd 0.5.8
w1.fi hostapd 0.5.11
w1.fi wpa_supplicant 0.4.11
canonical ubuntu_linux 16.04
CVE-2017-13080 LOW

Wi-Fi Protected Access (WPA and WPA2) allows reinstallation of the Group Temporal Key (GTK) during the group key handshake, allowing an attacker within radio range to replay frames from access points to clients.

CVSS 2.0

Severity: LOW

Problem Type: CWE-323,CWE-330,

Products Affected

Vendor Product Version
w1.fi hostapd 0.2.4
w1.fi wpa_supplicant 1.1
w1.fi wpa_supplicant 0.5.11
w1.fi wpa_supplicant 0.2.7
w1.fi wpa_supplicant 0.4.8
w1.fi hostapd 1.0
w1.fi hostapd 0.6.8
w1.fi wpa_supplicant 0.2.4
w1.fi wpa_supplicant 2.1
w1.fi hostapd 0.2.5
w1.fi hostapd 2.2
redhat enterprise_linux_server 7
w1.fi hostapd 0.3.7
w1.fi hostapd 2.1
w1.fi wpa_supplicant 0.3.9
freebsd freebsd 10
w1.fi hostapd 0.3.11
freebsd freebsd 11.1
canonical ubuntu_linux 14.04
w1.fi wpa_supplicant 2.3
w1.fi wpa_supplicant 0.5.7
w1.fi hostapd 0.5.9
w1.fi wpa_supplicant 0.3.11
w1.fi wpa_supplicant 0.6.9
w1.fi hostapd 0.4.9
w1.fi hostapd 0.6.10
w1.fi wpa_supplicant 2.0
w1.fi wpa_supplicant 0.4.9
w1.fi hostapd 0.2.8
w1.fi hostapd 0.3.9
w1.fi hostapd 0.5.10
w1.fi hostapd 2.6
w1.fi hostapd 0.4.11
w1.fi hostapd 0.5.7
w1.fi wpa_supplicant 0.2.6
opensuse leap 42.3
w1.fi hostapd 2.5
w1.fi wpa_supplicant 0.4.7
freebsd freebsd 11
w1.fi hostapd 0.4.8
suse linux_enterprise_server 12
w1.fi wpa_supplicant 0.2.8
w1.fi wpa_supplicant 0.5.8
debian debian_linux 9.0
w1.fi wpa_supplicant 2.5
suse openstack_cloud 6
w1.fi hostapd 0.4.10
redhat enterprise_linux_desktop 7
w1.fi hostapd 0.6.9
w1.fi wpa_supplicant 0.4.10
w1.fi wpa_supplicant 0.3.10
w1.fi hostapd 0.3.10
suse linux_enterprise_point_of_sale 11
w1.fi hostapd 2.3
w1.fi wpa_supplicant 0.2.5
w1.fi wpa_supplicant 0.3.8
suse linux_enterprise_desktop 12
w1.fi wpa_supplicant 2.4
w1.fi wpa_supplicant 0.6.10
w1.fi wpa_supplicant 0.7.3
w1.fi wpa_supplicant 0.6.8
w1.fi hostapd 2.0
suse linux_enterprise_server 11
w1.fi hostapd 0.2.6
w1.fi wpa_supplicant 0.5.10
w1.fi wpa_supplicant 2.2
freebsd freebsd *
w1.fi hostapd 1.1
w1.fi wpa_supplicant 0.3.7
w1.fi hostapd 0.7.3
debian debian_linux 8.0
canonical ubuntu_linux 17.04
opensuse leap 42.2
w1.fi wpa_supplicant 0.5.9
w1.fi wpa_supplicant 2.6
w1.fi hostapd 0.4.7
freebsd freebsd 10.4
w1.fi wpa_supplicant 1.0
w1.fi hostapd 2.4
w1.fi hostapd 0.5.8
w1.fi hostapd 0.5.11
w1.fi wpa_supplicant 0.4.11
canonical ubuntu_linux 16.04
CVE-2017-13081 LOW

Wi-Fi Protected Access (WPA and WPA2) that supports IEEE 802.11w allows reinstallation of the Integrity Group Temporal Key (IGTK) during the group key handshake, allowing an attacker within radio range to spoof frames from access points to clients.

CVSS 2.0

Severity: LOW

Problem Type: CWE-323,CWE-330,

Products Affected

Vendor Product Version
w1.fi hostapd 0.2.4
w1.fi wpa_supplicant 1.1
w1.fi wpa_supplicant 0.5.11
w1.fi wpa_supplicant 0.2.7
w1.fi wpa_supplicant 0.4.8
w1.fi hostapd 1.0
w1.fi hostapd 0.6.8
w1.fi wpa_supplicant 0.2.4
w1.fi wpa_supplicant 2.1
w1.fi hostapd 0.2.5
w1.fi hostapd 2.2
redhat enterprise_linux_server 7
w1.fi hostapd 0.3.7
w1.fi hostapd 2.1
w1.fi wpa_supplicant 0.3.9
freebsd freebsd 10
w1.fi hostapd 0.3.11
freebsd freebsd 11.1
canonical ubuntu_linux 14.04
w1.fi wpa_supplicant 2.3
w1.fi wpa_supplicant 0.5.7
w1.fi hostapd 0.5.9
w1.fi wpa_supplicant 0.3.11
w1.fi wpa_supplicant 0.6.9
w1.fi hostapd 0.4.9
w1.fi hostapd 0.6.10
w1.fi wpa_supplicant 2.0
w1.fi wpa_supplicant 0.4.9
w1.fi hostapd 0.2.8
w1.fi hostapd 0.3.9
w1.fi hostapd 0.5.10
w1.fi hostapd 2.6
w1.fi hostapd 0.4.11
w1.fi hostapd 0.5.7
w1.fi wpa_supplicant 0.2.6
opensuse leap 42.3
w1.fi hostapd 2.5
w1.fi wpa_supplicant 0.4.7
freebsd freebsd 11
w1.fi hostapd 0.4.8
suse linux_enterprise_server 12
w1.fi wpa_supplicant 0.2.8
w1.fi wpa_supplicant 0.5.8
debian debian_linux 9.0
w1.fi wpa_supplicant 2.5
suse openstack_cloud 6
w1.fi hostapd 0.4.10
redhat enterprise_linux_desktop 7
w1.fi hostapd 0.6.9
w1.fi wpa_supplicant 0.4.10
w1.fi wpa_supplicant 0.3.10
w1.fi hostapd 0.3.10
suse linux_enterprise_point_of_sale 11
w1.fi hostapd 2.3
w1.fi wpa_supplicant 0.2.5
w1.fi wpa_supplicant 0.3.8
suse linux_enterprise_desktop 12
w1.fi wpa_supplicant 2.4
w1.fi wpa_supplicant 0.6.10
w1.fi wpa_supplicant 0.7.3
w1.fi wpa_supplicant 0.6.8
w1.fi hostapd 2.0
suse linux_enterprise_server 11
w1.fi hostapd 0.2.6
w1.fi wpa_supplicant 0.5.10
w1.fi wpa_supplicant 2.2
freebsd freebsd *
w1.fi hostapd 1.1
w1.fi wpa_supplicant 0.3.7
w1.fi hostapd 0.7.3
debian debian_linux 8.0
canonical ubuntu_linux 17.04
opensuse leap 42.2
w1.fi wpa_supplicant 0.5.9
w1.fi wpa_supplicant 2.6
w1.fi hostapd 0.4.7
freebsd freebsd 10.4
w1.fi wpa_supplicant 1.0
w1.fi hostapd 2.4
w1.fi hostapd 0.5.8
w1.fi hostapd 0.5.11
w1.fi wpa_supplicant 0.4.11
canonical ubuntu_linux 16.04
CVE-2017-13082 MEDIUM

Wi-Fi Protected Access (WPA and WPA2) that supports IEEE 802.11r allows reinstallation of the Pairwise Transient Key (PTK) Temporal Key (TK) during the fast BSS transmission (FT) handshake, allowing an attacker within radio range to replay, decrypt, or spoof frames.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-323,CWE-330,

Products Affected

Vendor Product Version
w1.fi hostapd 0.2.4
w1.fi wpa_supplicant 1.1
w1.fi wpa_supplicant 0.5.11
w1.fi wpa_supplicant 0.2.7
w1.fi wpa_supplicant 0.4.8
w1.fi hostapd 1.0
w1.fi hostapd 0.6.8
w1.fi wpa_supplicant 0.2.4
w1.fi wpa_supplicant 2.1
w1.fi hostapd 0.2.5
w1.fi hostapd 2.2
redhat enterprise_linux_server 7
w1.fi hostapd 0.3.7
w1.fi hostapd 2.1
w1.fi wpa_supplicant 0.3.9
freebsd freebsd 10
w1.fi hostapd 0.3.11
freebsd freebsd 11.1
canonical ubuntu_linux 14.04
w1.fi wpa_supplicant 2.3
w1.fi wpa_supplicant 0.5.7
w1.fi hostapd 0.5.9
w1.fi wpa_supplicant 0.3.11
w1.fi wpa_supplicant 0.6.9
w1.fi hostapd 0.4.9
w1.fi hostapd 0.6.10
w1.fi wpa_supplicant 2.0
w1.fi wpa_supplicant 0.4.9
w1.fi hostapd 0.2.8
w1.fi hostapd 0.3.9
w1.fi hostapd 0.5.10
w1.fi hostapd 2.6
w1.fi hostapd 0.4.11
w1.fi hostapd 0.5.7
w1.fi wpa_supplicant 0.2.6
opensuse leap 42.3
w1.fi hostapd 2.5
w1.fi wpa_supplicant 0.4.7
freebsd freebsd 11
w1.fi hostapd 0.4.8
suse linux_enterprise_server 12
w1.fi wpa_supplicant 0.2.8
w1.fi wpa_supplicant 0.5.8
debian debian_linux 9.0
w1.fi wpa_supplicant 2.5
suse openstack_cloud 6
w1.fi hostapd 0.4.10
redhat enterprise_linux_desktop 7
w1.fi hostapd 0.6.9
w1.fi wpa_supplicant 0.4.10
w1.fi wpa_supplicant 0.3.10
w1.fi hostapd 0.3.10
suse linux_enterprise_point_of_sale 11
w1.fi hostapd 2.3
w1.fi wpa_supplicant 0.2.5
w1.fi wpa_supplicant 0.3.8
suse linux_enterprise_desktop 12
w1.fi wpa_supplicant 2.4
w1.fi wpa_supplicant 0.6.10
w1.fi wpa_supplicant 0.7.3
w1.fi wpa_supplicant 0.6.8
w1.fi hostapd 2.0
suse linux_enterprise_server 11
w1.fi hostapd 0.2.6
w1.fi wpa_supplicant 0.5.10
w1.fi wpa_supplicant 2.2
freebsd freebsd *
w1.fi hostapd 1.1
w1.fi wpa_supplicant 0.3.7
w1.fi hostapd 0.7.3
debian debian_linux 8.0
canonical ubuntu_linux 17.04
opensuse leap 42.2
w1.fi wpa_supplicant 0.5.9
w1.fi wpa_supplicant 2.6
w1.fi hostapd 0.4.7
freebsd freebsd 10.4
w1.fi wpa_supplicant 1.0
w1.fi hostapd 2.4
w1.fi hostapd 0.5.8
w1.fi hostapd 0.5.11
w1.fi wpa_supplicant 0.4.11
canonical ubuntu_linux 16.04
CVE-2017-13084 MEDIUM

Wi-Fi Protected Access (WPA and WPA2) allows reinstallation of the Station-To-Station-Link (STSL) Transient Key (STK) during the PeerKey handshake, allowing an attacker within radio range to replay, decrypt, or spoof frames.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-323,CWE-330,

Products Affected

Vendor Product Version
w1.fi hostapd 0.2.4
w1.fi wpa_supplicant 1.1
w1.fi wpa_supplicant 0.5.11
w1.fi wpa_supplicant 0.2.7
w1.fi wpa_supplicant 0.4.8
w1.fi hostapd 1.0
w1.fi hostapd 0.6.8
w1.fi wpa_supplicant 0.2.4
w1.fi wpa_supplicant 2.1
w1.fi hostapd 0.2.5
w1.fi hostapd 2.2
redhat enterprise_linux_server 7
w1.fi hostapd 0.3.7
w1.fi hostapd 2.1
w1.fi wpa_supplicant 0.3.9
freebsd freebsd 10
w1.fi hostapd 0.3.11
freebsd freebsd 11.1
canonical ubuntu_linux 14.04
w1.fi wpa_supplicant 2.3
w1.fi wpa_supplicant 0.5.7
w1.fi hostapd 0.5.9
w1.fi wpa_supplicant 0.3.11
w1.fi wpa_supplicant 0.6.9
w1.fi hostapd 0.4.9
w1.fi hostapd 0.6.10
w1.fi wpa_supplicant 2.0
w1.fi wpa_supplicant 0.4.9
w1.fi hostapd 0.2.8
w1.fi hostapd 0.3.9
w1.fi hostapd 0.5.10
w1.fi hostapd 2.6
w1.fi hostapd 0.4.11
w1.fi hostapd 0.5.7
w1.fi wpa_supplicant 0.2.6
opensuse leap 42.3
w1.fi hostapd 2.5
w1.fi wpa_supplicant 0.4.7
freebsd freebsd 11
w1.fi hostapd 0.4.8
suse linux_enterprise_server 12
w1.fi wpa_supplicant 0.2.8
w1.fi wpa_supplicant 0.5.8
debian debian_linux 9.0
w1.fi wpa_supplicant 2.5
suse openstack_cloud 6
w1.fi hostapd 0.4.10
redhat enterprise_linux_desktop 7
w1.fi hostapd 0.6.9
w1.fi wpa_supplicant 0.4.10
w1.fi wpa_supplicant 0.3.10
w1.fi hostapd 0.3.10
suse linux_enterprise_point_of_sale 11
w1.fi hostapd 2.3
w1.fi wpa_supplicant 0.2.5
w1.fi wpa_supplicant 0.3.8
suse linux_enterprise_desktop 12
w1.fi wpa_supplicant 2.4
w1.fi wpa_supplicant 0.6.10
w1.fi wpa_supplicant 0.7.3
w1.fi wpa_supplicant 0.6.8
w1.fi hostapd 2.0
suse linux_enterprise_server 11
w1.fi hostapd 0.2.6
w1.fi wpa_supplicant 0.5.10
w1.fi wpa_supplicant 2.2
freebsd freebsd *
w1.fi hostapd 1.1
w1.fi wpa_supplicant 0.3.7
w1.fi hostapd 0.7.3
debian debian_linux 8.0
canonical ubuntu_linux 17.04
opensuse leap 42.2
w1.fi wpa_supplicant 0.5.9
w1.fi wpa_supplicant 2.6
w1.fi hostapd 0.4.7
freebsd freebsd 10.4
w1.fi wpa_supplicant 1.0
w1.fi hostapd 2.4
w1.fi hostapd 0.5.8
w1.fi hostapd 0.5.11
w1.fi wpa_supplicant 0.4.11
canonical ubuntu_linux 16.04
CVE-2017-13086 MEDIUM

Wi-Fi Protected Access (WPA and WPA2) allows reinstallation of the Tunneled Direct-Link Setup (TDLS) Peer Key (TPK) during the TDLS handshake, allowing an attacker within radio range to replay, decrypt, or spoof frames.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-323,CWE-330,

Products Affected

Vendor Product Version
w1.fi hostapd 0.2.4
w1.fi wpa_supplicant 1.1
w1.fi wpa_supplicant 0.5.11
w1.fi wpa_supplicant 0.2.7
w1.fi wpa_supplicant 0.4.8
w1.fi hostapd 1.0
w1.fi hostapd 0.6.8
w1.fi wpa_supplicant 0.2.4
w1.fi wpa_supplicant 2.1
w1.fi hostapd 0.2.5
w1.fi hostapd 2.2
redhat enterprise_linux_server 7
w1.fi hostapd 0.3.7
w1.fi hostapd 2.1
w1.fi wpa_supplicant 0.3.9
freebsd freebsd 10
w1.fi hostapd 0.3.11
freebsd freebsd 11.1
canonical ubuntu_linux 14.04
w1.fi wpa_supplicant 2.3
w1.fi wpa_supplicant 0.5.7
w1.fi hostapd 0.5.9
w1.fi wpa_supplicant 0.3.11
w1.fi wpa_supplicant 0.6.9
w1.fi hostapd 0.4.9
w1.fi hostapd 0.6.10
w1.fi wpa_supplicant 2.0
w1.fi wpa_supplicant 0.4.9
w1.fi hostapd 0.2.8
w1.fi hostapd 0.3.9
w1.fi hostapd 0.5.10
w1.fi hostapd 2.6
w1.fi hostapd 0.4.11
w1.fi hostapd 0.5.7
w1.fi wpa_supplicant 0.2.6
opensuse leap 42.3
w1.fi hostapd 2.5
w1.fi wpa_supplicant 0.4.7
freebsd freebsd 11
w1.fi hostapd 0.4.8
suse linux_enterprise_server 12
w1.fi wpa_supplicant 0.2.8
w1.fi wpa_supplicant 0.5.8
debian debian_linux 9.0
w1.fi wpa_supplicant 2.5
suse openstack_cloud 6
w1.fi hostapd 0.4.10
redhat enterprise_linux_desktop 7
w1.fi hostapd 0.6.9
w1.fi wpa_supplicant 0.4.10
w1.fi wpa_supplicant 0.3.10
w1.fi hostapd 0.3.10
suse linux_enterprise_point_of_sale 11
w1.fi hostapd 2.3
w1.fi wpa_supplicant 0.2.5
w1.fi wpa_supplicant 0.3.8
suse linux_enterprise_desktop 12
w1.fi wpa_supplicant 2.4
w1.fi wpa_supplicant 0.6.10
w1.fi wpa_supplicant 0.7.3
w1.fi wpa_supplicant 0.6.8
w1.fi hostapd 2.0
suse linux_enterprise_server 11
w1.fi hostapd 0.2.6
w1.fi wpa_supplicant 0.5.10
w1.fi wpa_supplicant 2.2
freebsd freebsd *
w1.fi hostapd 1.1
w1.fi wpa_supplicant 0.3.7
w1.fi hostapd 0.7.3
debian debian_linux 8.0
canonical ubuntu_linux 17.04
opensuse leap 42.2
w1.fi wpa_supplicant 0.5.9
w1.fi wpa_supplicant 2.6
w1.fi hostapd 0.4.7
freebsd freebsd 10.4
w1.fi wpa_supplicant 1.0
w1.fi hostapd 2.4
w1.fi hostapd 0.5.8
w1.fi hostapd 0.5.11
w1.fi wpa_supplicant 0.4.11
canonical ubuntu_linux 16.04
CVE-2017-13087 LOW

Wi-Fi Protected Access (WPA and WPA2) that support 802.11v allows reinstallation of the Group Temporal Key (GTK) when processing a Wireless Network Management (WNM) Sleep Mode Response frame, allowing an attacker within radio range to replay frames from access points to clients.

CVSS 2.0

Severity: LOW

Problem Type: CWE-330,

Products Affected

Vendor Product Version
w1.fi hostapd 0.2.4
w1.fi wpa_supplicant 1.1
w1.fi wpa_supplicant 0.5.11
w1.fi wpa_supplicant 0.2.7
w1.fi wpa_supplicant 0.4.8
w1.fi hostapd 1.0
w1.fi hostapd 0.6.8
w1.fi wpa_supplicant 0.2.4
w1.fi wpa_supplicant 2.1
w1.fi hostapd 0.2.5
w1.fi hostapd 2.2
redhat enterprise_linux_server 7
w1.fi hostapd 0.3.7
w1.fi hostapd 2.1
w1.fi wpa_supplicant 0.3.9
freebsd freebsd 10
w1.fi hostapd 0.3.11
freebsd freebsd 11.1
canonical ubuntu_linux 14.04
w1.fi wpa_supplicant 2.3
w1.fi wpa_supplicant 0.5.7
w1.fi hostapd 0.5.9
w1.fi wpa_supplicant 0.3.11
w1.fi wpa_supplicant 0.6.9
w1.fi hostapd 0.4.9
w1.fi hostapd 0.6.10
w1.fi wpa_supplicant 2.0
w1.fi wpa_supplicant 0.4.9
w1.fi hostapd 0.2.8
w1.fi hostapd 0.3.9
w1.fi hostapd 0.5.10
w1.fi hostapd 2.6
w1.fi hostapd 0.4.11
w1.fi hostapd 0.5.7
w1.fi wpa_supplicant 0.2.6
opensuse leap 42.3
w1.fi hostapd 2.5
w1.fi wpa_supplicant 0.4.7
freebsd freebsd 11
w1.fi hostapd 0.4.8
suse linux_enterprise_server 12
w1.fi wpa_supplicant 0.2.8
w1.fi wpa_supplicant 0.5.8
debian debian_linux 9.0
w1.fi wpa_supplicant 2.5
suse openstack_cloud 6
w1.fi hostapd 0.4.10
redhat enterprise_linux_desktop 7
w1.fi hostapd 0.6.9
w1.fi wpa_supplicant 0.4.10
w1.fi wpa_supplicant 0.3.10
w1.fi hostapd 0.3.10
suse linux_enterprise_point_of_sale 11
w1.fi hostapd 2.3
w1.fi wpa_supplicant 0.2.5
w1.fi wpa_supplicant 0.3.8
suse linux_enterprise_desktop 12
w1.fi wpa_supplicant 2.4
w1.fi wpa_supplicant 0.6.10
w1.fi wpa_supplicant 0.7.3
w1.fi wpa_supplicant 0.6.8
w1.fi hostapd 2.0
suse linux_enterprise_server 11
w1.fi hostapd 0.2.6
w1.fi wpa_supplicant 0.5.10
w1.fi wpa_supplicant 2.2
freebsd freebsd *
w1.fi hostapd 1.1
w1.fi wpa_supplicant 0.3.7
w1.fi hostapd 0.7.3
debian debian_linux 8.0
canonical ubuntu_linux 17.04
opensuse leap 42.2
w1.fi wpa_supplicant 0.5.9
w1.fi wpa_supplicant 2.6
w1.fi hostapd 0.4.7
freebsd freebsd 10.4
w1.fi wpa_supplicant 1.0
w1.fi hostapd 2.4
w1.fi hostapd 0.5.8
w1.fi hostapd 0.5.11
w1.fi wpa_supplicant 0.4.11
canonical ubuntu_linux 16.04
CVE-2017-13088 LOW

Wi-Fi Protected Access (WPA and WPA2) that support 802.11v allows reinstallation of the Integrity Group Temporal Key (IGTK) when processing a Wireless Network Management (WNM) Sleep Mode Response frame, allowing an attacker within radio range to replay frames from access points to clients.

CVSS 2.0

Severity: LOW

Problem Type: CWE-323,CWE-330,

Products Affected

Vendor Product Version
w1.fi hostapd 0.2.4
w1.fi wpa_supplicant 1.1
w1.fi wpa_supplicant 0.5.11
w1.fi wpa_supplicant 0.2.7
w1.fi wpa_supplicant 0.4.8
w1.fi hostapd 1.0
w1.fi hostapd 0.6.8
w1.fi wpa_supplicant 0.2.4
w1.fi wpa_supplicant 2.1
w1.fi hostapd 0.2.5
w1.fi hostapd 2.2
redhat enterprise_linux_server 7
w1.fi hostapd 0.3.7
w1.fi hostapd 2.1
w1.fi wpa_supplicant 0.3.9
freebsd freebsd 10
w1.fi hostapd 0.3.11
freebsd freebsd 11.1
canonical ubuntu_linux 14.04
w1.fi wpa_supplicant 2.3
w1.fi wpa_supplicant 0.5.7
w1.fi hostapd 0.5.9
w1.fi wpa_supplicant 0.3.11
w1.fi wpa_supplicant 0.6.9
w1.fi hostapd 0.4.9
w1.fi hostapd 0.6.10
w1.fi wpa_supplicant 2.0
w1.fi wpa_supplicant 0.4.9
w1.fi hostapd 0.2.8
w1.fi hostapd 0.3.9
w1.fi hostapd 0.5.10
w1.fi hostapd 2.6
w1.fi hostapd 0.4.11
w1.fi hostapd 0.5.7
w1.fi wpa_supplicant 0.2.6
opensuse leap 42.3
w1.fi hostapd 2.5
w1.fi wpa_supplicant 0.4.7
freebsd freebsd 11
w1.fi hostapd 0.4.8
suse linux_enterprise_server 12
w1.fi wpa_supplicant 0.2.8
w1.fi wpa_supplicant 0.5.8
debian debian_linux 9.0
w1.fi wpa_supplicant 2.5
suse openstack_cloud 6
w1.fi hostapd 0.4.10
redhat enterprise_linux_desktop 7
w1.fi hostapd 0.6.9
w1.fi wpa_supplicant 0.4.10
w1.fi wpa_supplicant 0.3.10
w1.fi hostapd 0.3.10
suse linux_enterprise_point_of_sale 11
w1.fi hostapd 2.3
w1.fi wpa_supplicant 0.2.5
w1.fi wpa_supplicant 0.3.8
suse linux_enterprise_desktop 12
w1.fi wpa_supplicant 2.4
w1.fi wpa_supplicant 0.6.10
w1.fi wpa_supplicant 0.7.3
w1.fi wpa_supplicant 0.6.8
w1.fi hostapd 2.0
suse linux_enterprise_server 11
w1.fi hostapd 0.2.6
w1.fi wpa_supplicant 0.5.10
w1.fi wpa_supplicant 2.2
freebsd freebsd *
w1.fi hostapd 1.1
w1.fi wpa_supplicant 0.3.7
w1.fi hostapd 0.7.3
debian debian_linux 8.0
canonical ubuntu_linux 17.04
opensuse leap 42.2
w1.fi wpa_supplicant 0.5.9
w1.fi wpa_supplicant 2.6
w1.fi hostapd 0.4.7
freebsd freebsd 10.4
w1.fi wpa_supplicant 1.0
w1.fi hostapd 2.4
w1.fi hostapd 0.5.8
w1.fi hostapd 0.5.11
w1.fi wpa_supplicant 0.4.11
canonical ubuntu_linux 16.04
CVE-2017-15037 MEDIUM

In FreeBSD through 11.1, the smb_strdupin function in sys/netsmb/smb_subr.c has a race condition with a resultant out-of-bounds read, because it can cause t2p->t_name strings to lack a final '\0' character.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-125,CWE-362,

Products Affected

Vendor Product Version
freebsd freebsd *
CVE-2018-1000998 MEDIUM

FreeBSD CVSweb version 2.x contains a Cross Site Scripting (XSS) vulnerability in all pages that can result in limited impact--CVSweb is anonymous & read-only. It might impact other sites on same domain. This attack appears to be exploitable via victim must load specially crafted url. This vulnerability appears to have been fixed in 3.x.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
freebsd cvsweb *
CVE-2018-17154 MEDIUM

In FreeBSD before 11.2-STABLE(r338987), 11.2-RELEASE-p4, and 11.1-RELEASE-p15, due to insufficient memory checking in the freebsd4_getfsstat system call, a NULL pointer dereference can occur. Unprivileged authenticated local users may be able to cause a denial of service.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-476,

Products Affected

Vendor Product Version
freebsd freebsd *
freebsd freebsd 11.1
freebsd freebsd 11.2
CVE-2018-17155 LOW

In FreeBSD before 11.2-STABLE(r338983), 11.2-RELEASE-p4, 11.1-RELEASE-p15, 10.4-STABLE(r338984), and 10.4-RELEASE-p13, due to insufficient initialization of memory copied to userland in the getcontext and swapcontext system calls, small amounts of kernel memory may be disclosed to userland processes. Unprivileged authenticated local users may be able to access small amounts privileged kernel data.

CVSS 2.0

Severity: LOW

Problem Type: CWE-200,

Products Affected

Vendor Product Version
freebsd freebsd *
freebsd freebsd 11.1
freebsd freebsd 10.4
freebsd freebsd 11.2
CVE-2018-17156 MEDIUM

In FreeBSD before 11.2-STABLE(r340268) and 11.2-RELEASE-p5, due to incorrectly accounting for padding on 64-bit platforms, a buffer underwrite could occur when constructing an ICMP reply packet when using a non-standard value for the net.inet.icmp.quotelen sysctl.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-787,

Products Affected

Vendor Product Version
freebsd freebsd *
freebsd freebsd 11.2
CVE-2018-17157 HIGH

In FreeBSD before 11.2-STABLE(r340854) and 11.2-RELEASE-p5, an integer overflow error when handling opcodes can cause memory corruption by sending a specially crafted NFSv4 request. Unprivileged remote users with access to the NFS server may be able to execute arbitrary code.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-190,

Products Affected

Vendor Product Version
freebsd freebsd *
freebsd freebsd 11.2
CVE-2018-17158 HIGH

In FreeBSD before 11.2-STABLE(r340854) and 11.2-RELEASE-p5, an integer overflow error can occur when handling the client address length field in an NFSv4 request. Unprivileged remote users with access to the NFS server can crash the system by sending a specially crafted NFSv4 request.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-190,

Products Affected

Vendor Product Version
freebsd freebsd *
freebsd freebsd 11.2
CVE-2018-17159 HIGH

In FreeBSD before 11.2-STABLE(r340854) and 11.2-RELEASE-p5, the NFS server lacks a bounds check in the READDIRPLUS NFS request. Unprivileged remote users with access to the NFS server can cause a resource exhaustion by forcing the server to allocate an arbitrarily large memory allocation.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-400,

Products Affected

Vendor Product Version
freebsd freebsd *
freebsd freebsd 11.2
CVE-2018-17160 HIGH

In FreeBSD before 11.2-STABLE(r341486) and 11.2-RELEASE-p6, insufficient bounds checking in one of the device models provided by bhyve can permit a guest operating system to overwrite memory in the bhyve host possibly permitting arbitrary code execution. A guest OS using a firmware image can cause the bhyve process to crash, or possibly execute arbitrary code on the host as root.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-787,

Products Affected

Vendor Product Version
freebsd freebsd *
freebsd freebsd 11.2
CVE-2018-17161 HIGH

In FreeBSD before 11.2-STABLE(r348229), 11.2-RELEASE-p7, 12.0-STABLE(r342228), and 12.0-RELEASE-p1, insufficient validation of network-provided data in bootpd may make it possible for a malicious attacker to craft a bootp packet which could cause a stack buffer overflow. It is possible that the buffer overflow could lead to a Denial of Service or remote code execution.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-119,

Products Affected

Vendor Product Version
freebsd freebsd 12.0
freebsd freebsd 11.2
CVE-2018-3665 MEDIUM

System software utilizing Lazy FP state restore technique on systems using Intel Core-based microprocessors may potentially allow a local process to infer data from another process through a speculative execution side channel.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.6 MEDIUM CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N 1.1 4.0

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-200,

Products Affected

Vendor Product Version
intel core_i7 4700eq
redhat enterprise_linux_desktop 7.0
intel core_i3 6100
intel core_i7 5775r
intel core_i7 3540m
intel core_i5 5575r
intel core_i5 6287u
intel core_m3 6y30
intel core_i3 6100te
intel core_i5 655k
intel core_i5 6400t
intel core_i7 2600s
intel core_i3 4330t
intel core_i5 3470
intel core_i5 8350u
intel core_i5 4300y
intel core_i7 640um
intel core_i7 975
intel core_i3 4020y
intel core_i5 2500k
intel core_i5 6685r
intel core_i7 3517u
intel core_i7 4790s
intel core_i5 4278u
intel core_i3 4158u
intel core_i3 3217u
intel core_i7 5775c
intel core_i7 3615qm
intel core_i5 4410e
intel core_i3 2130
intel core_i3 4120u
intel core_i3 4000m
intel core_i7 3610qm
intel core_i3 4170t
intel core_i5 4330m
intel core_i3 4150t
intel core_i5 2405s
intel core_i5 3339y
intel core_i7 5850eq
intel core_i7 3770t
intel core_i5 2540m
intel core_i7 2677m
intel core_i7 680um
intel core_i3 4100u
intel core_m5 6y54
intel core_i5 4220y
intel core_i7 2760qm
intel core_i5 450m
intel core_i3 5020u
intel core_i5 6500
intel core_i7 4610m
intel core_i7 4790t
citrix xenserver 7.3
intel core_i7 4600m
intel core_i5 4400e
intel core_i7 640lm
intel core_m 5y10
intel core_i7 5550u
intel core_i5 750
intel core_m 5y51
intel core_i5 4210y
intel core_i7 4702hq
intel core_i5 5675c
intel core_i7 965
intel core_i5 4570te
intel core_i3 3110m
intel core_i5 680
intel core_i5 760
intel core_i7 3740qm
intel core_i3 3240
intel core_i3 4010y
intel core_i5 4210m
intel core_i3 4010u
intel core_i5 4690t
intel core_m 5y70
intel core_i5 3317u
intel core_i5 3550s
intel core_i7 4770te
intel core_i5 4308u
intel core_i7 7700hq
canonical ubuntu_linux 12.04
intel core_i7 2710qe
intel core_i5 3330
intel core_i3 4170
intel core_i5 3437u
intel core_i7 2960xm
intel core_i3 3220
intel core_i5 2520m
intel core_i3 2377m
intel core_i5 520um
intel core_i7 870s
intel core_i5 430um
intel core_m 5y31
intel core_i3 2312m
intel core_i7 3770s
intel core_i3 2340ue
intel core_i7 2820qm
intel core_i3 2125
intel core_i5 580m
intel core_i5 4200u
intel core_i5 5250u
intel core_i5 3210m
intel core_i5 4590s
intel core_i5 6260u
intel core_i7 2637m
intel core_i7 4500u
intel core_i7 3820qm
intel core_i7 7600u
intel core_i7 3555le
intel core_i7 8700k
intel core_i7 4950hq
intel core_i7 4960hq
intel core_i7 4850hq
intel core_i7 5600u
intel core_i7 5700hq
intel core_i3 6102e
intel core_i7 720qm
intel core_m 5y10c
citrix xenserver 7.1
intel core_i7 4710hq
intel core_i7 2617m
intel core_i5 4340m
intel core_i7 4700ec
intel core_i5 2450m
intel core_i5 6600k
intel core_i7 7567u
canonical ubuntu_linux 16.04
intel core_i3 4160t
intel core_i3 4330
intel core_i5 6500te
intel core_i7 4710mq
citrix xenserver 7.5
intel core_i7 4578u
intel core_i7 4510u
intel core_i5 6400
intel core_i7 4790
intel core_i7 2600
intel core_i7 3770k
intel core_i3 8350k
intel core_i5 3427u
intel core_i7 3537u
intel core_i5 4202y
intel core_i5 670
intel core_i5 3337u
intel core_i5 6360u
intel core_i3 3217ue
intel core_i7 4702ec
intel core_i5 470um
intel core_i5 460m
intel core_i3 8100
intel core_i5 2430m
intel core_i7 4760hq
intel core_i7 4771
intel core_i5 6300u
intel core_i7 940
intel core_i3 5010u
intel core_i7 3632qm
intel core_i3 4130
intel core_i3 560
intel core_i7 620ue
intel core_i3 540
intel core_i3 2357m
intel core_i7 660lm
intel core_i3 6100t
intel core_i5 4402e
intel core_i3 4110m
intel core_i5 5350h
intel core_i3 6100u
intel core_i7 4980hq
intel core_i5 4590t
intel core_i7 4610y
intel core_i7 5950hq
intel core_i5 5350u
freebsd freebsd 11.2
intel core_i7 2700k
intel core_i5 3610me
intel core_i7 2920xm
intel core_i5 4460
intel core_i5 2300
intel core_i5 3340m
intel core_i5 4302y
redhat enterprise_linux 7.0
intel core_i7 2670qm
intel core_i3 4340te
intel core_i5 8400
intel core_i5 4460s
intel core_i7 860s
intel core_i7 4600u
canonical ubuntu_linux 14.04
intel core_i7 960
intel core_i5 2310
intel core_i5 6442eq
intel core_i7 2620m
intel core_i7 7700
intel core_i5 4350u
intel core_i5 3340
redhat enterprise_linux_workstation 6.0
intel core_i5 2510e
intel core_i7 7500u
intel core_i3 3227u
intel core_i5 3380m
intel core_i3 2120t
intel core_i5 650
intel core_i5 2410m
intel core_i7 740qm
intel core_i3 6006u
intel core_i3 4005u
intel core_i5 4200y
intel core_i7 4750hq
intel core_i5 5200u
intel core_i7 3840qm
intel core_i3 4112e
intel core_i3 370m
intel core_i7 980x
intel core_i5 661
intel core_i3 4012y
intel core_i5 2400s
intel core_i7 660ue
intel core_i5 4310m
intel core_i3 4102e
intel core_i7 4770hq
intel core_i7 880
intel core_i5 4430s
intel core_i7 3612qe
intel core_i7 920
intel core_i7 4785t
intel core_i3 4160
intel core_i5 480m
intel core_i7 4810mq
redhat enterprise_linux 6.0
intel core_m5 6y57
intel core_i5 3320m
intel core_i3 4110e
intel core_i5 4250u
intel core_i7 4700hq
intel core_i3 2100
intel core_i5 6402p
intel core_i5 2390t
intel core_i7 2720qm
intel core_i5 5257u
intel core_i3 6320
intel core_i3 330e
intel core_i5 2515e
intel core_i5 3330s
intel core_i3 2375m
intel core_i3 4330te
intel core_i3 6167u
intel core_i3 4360
intel core_i5 540um
intel core_i7 4800mq
intel core_i5 4570s
intel core_i5 4310u
intel core_i5 2320
intel core_i7 4700mq
intel core_i7 2640m
intel core_i7 3520m
intel core_i7 4712mq
intel core_i5 4690k
redhat enterprise_linux_workstation 7.0
intel core_i3 6100h
intel core_i5 3550
intel core_i5 4300u
intel core_i5 6500t
intel core_i7 4770t
intel core_i7 5557u
intel core_i7 7920hq
intel core_i7 7560u
intel core_i3 380um
intel core_i3 2310m
intel core_i7 5750hq
intel core_i5 3350p
intel core_i5 4690
intel core_i7 5500u
intel core_i3 3250t
intel core_i7 3612qm
intel core_i7 620le
intel core_i7 620m
intel core_i5 2380p
intel core_i7 8550u
intel core_i3 5015u
intel core_i7 3630qm
intel core_i5 6585r
intel core_i5 4670
intel core_i7 3667u
intel core_i7 3689y
intel core_i5 5300u
intel core_i7 4720hq
intel core_i5 4460t
intel core_i5 2500
intel core_i5 6600
intel core_i3 3130m
intel core_i5 3570
intel core_i7 7y75
intel core_i7 2715qe
intel core_i7 940xm
intel core_i3 2330e
intel core_i3 4370t
intel core_i7 4770k
intel core_i5 4210u
intel core_i3 4340
intel core_i3 550
intel core_i7 820qm
intel core_i3 6100e
intel core_i5 6350hq
intel core_i3 3240t
intel core_i7 2630qm
intel core_i5 3570t
intel core_i7 4770r
intel core_i3 6300t
intel core_m 5y71
intel core_i7 5850hq
intel core_i3 5157u
intel core_i5 540m
intel core_i7 920xm
intel core_i5 6267u
intel core_i7 870
intel core_i3 530
intel core_i5 4402ec
intel core_i5 3439y
intel core_i3 390m
intel core_i5 4200h
intel core_i7 875k
intel core_i7 2600k
intel core_i3 3220t
intel core_i5 430m
intel core_i3 2328m
intel core_i3 6300
intel core_i5 5287u
citrix xenserver 7.4
intel core_i3 2100t
intel core_i7 4860hq
intel core_i7 8650u
intel core_i3 380m
intel core_i7 620lm
intel core_i3 2350m
intel core_i5 2435m
intel core_i5 660
intel core_i5 4200m
intel core_i3 4150
intel core_i3 2105
intel core_i3 4100e
intel core_i5 2550k
intel core_i5 4422e
intel core_i3 2310e
intel core_i5 4590
intel core_i7 4770s
intel core_i5 4288u
intel core_i5 4670k
intel core_i5 8250u
intel core_i7 3687u
intel core_i5 3340s
intel core_i5 4670s
intel core_i7 3615qe
intel core_i7 640m
intel core_i3 3229y
intel core_i7 4722hq
intel core_i3 2120
intel core_i3 3120me
intel core_i5 6440eq
intel core_i3 2102
intel core_i5 3470s
intel core_i5 4670t
intel core_i3 2370m
intel core_i7 7820hq
intel core_i5 4210h
intel core_i3 2115c
intel core_i5 750s
intel core_i3 2367m
intel core_i5 2557m
intel core_i5 4570
intel core_m 5y10a
intel core_i3 4350
intel core_i5 3570k
intel core_i7 8700
intel core_i7 970
intel core_i7 4702mq
intel core_i7 7700k
intel core_m7 6y75
intel core_i3 330um
intel core_i5 520m
intel core_i5 4258u
intel core_i5 4440
intel core_i7 2610ue
intel core_i5 4570t
intel core_i3 3250
intel core_i7 980
intel core_i7 4770
intel core_i7 3610qe
intel core_i5 2500t
intel core_i3 4030u
debian debian_linux 9.0
intel core_i3 6157u
intel core_i7 2657m
intel core_i3 4030y
intel core_i3 330m
intel core_i7 3720qm
intel core_i5 4360u
intel core_i5 6300hq
intel core_i7 2635qm
intel core_i5 3360m
intel core_i7 5700eq
intel core_i7 840qm
intel core_i3 4100m
intel core_i7 2860qm
redhat enterprise_linux_desktop 6.0
intel core_i3 6098p
intel core_i7 990x
intel core_i7 3770
intel core_i5 2467m
intel core_i5 520e
intel core_i7 2655le
intel core_i5 2537m
intel core_i3 3245
intel core_i5 6200u
intel core_i3 4130t
intel core_i5 5675r
intel core_i7 7820hk
intel core_i5 4670r
intel core_i7 4790k
intel core_i5 8600k
intel core_i5 560m
intel core_i5 4260u
intel core_i7 5650u
intel core_i3 3210
intel core_i5 3475s
intel core_i7 7660u
intel core_i3 4025u
intel core_i5 4430
intel core_i7 930
intel core_i5 6440hq
intel core_i3 4360t
intel core_i7 2629m
intel core_i7 3517ue
intel core_i3 2365m
freebsd freebsd 11.1
intel core_i5 2500s
intel core_i7 2675qm
intel core_i7 4550u
intel core_i3 3225
intel core_i5 3470t
intel core_i7 4910mq
intel core_i5 2400
intel core_i7 4765t
intel core_i3 4350t
intel core_i5 3230m
intel core_i5 4570r
intel core_i7 7700t
intel core_i3 2330m
intel core_i7 7820eq
intel core_i7 4900mq
intel core_i5 6600t
intel core_i7 610e
intel core_i7 2649m
intel core_i3 2348m
intel core_i5 2450p
intel core_i3 3115c
intel core_i5 4300m
intel core_i7 4870hq
intel core_i7 3635qm
intel core_i3 350m
intel core_i7 4650u
intel core_i5 4690s
intel core_i7 620um
intel core_i7 4712hq
intel core_i3 4370
intel core_i5 560um
citrix xenserver 7.0
intel core_i7 860
debian debian_linux 8.0
intel core_i5 3450s
freebsd freebsd 11.0
intel core_i7 660um
intel core_i5 3570s
intel core_i3 5005u
intel core_m3 7y30
intel core_i3 3120m
intel core_m3 7y32
intel core_i5 3450
intel core_i7 950
intel core_i7 4558u
intel core_i5 4440s
CVE-2018-6916 HIGH

In FreeBSD before 11.1-STABLE, 11.1-RELEASE-p7, 10.4-STABLE, 10.4-RELEASE-p7, and 10.3-RELEASE-p28, the kernel does not properly validate IPsec packets coming from a trusted host. Additionally, a use-after-free vulnerability exists in the IPsec AH handling code. This issue could cause a system crash or other unpredictable results.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-416,

Products Affected

Vendor Product Version
freebsd freebsd *
freebsd freebsd 10.4
freebsd freebsd 10.3
CVE-2018-6917 MEDIUM

In FreeBSD before 11.1-STABLE, 11.1-RELEASE-p9, 10.4-STABLE, 10.4-RELEASE-p8 and 10.3-RELEASE-p28, insufficient validation of user-provided font parameters can result in an integer overflow, leading to the use of arbitrary kernel memory as glyph data. Unprivileged users may be able to access privileged kernel data.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-190,

Products Affected

Vendor Product Version
freebsd freebsd *
CVE-2018-6918 HIGH

In FreeBSD before 11.1-STABLE, 11.1-RELEASE-p9, 10.4-STABLE, 10.4-RELEASE-p8 and 10.3-RELEASE-p28, the length field of the ipsec option header does not count the size of the option header itself, causing an infinite loop when the length is zero. This issue can allow a remote attacker who is able to send an arbitrary packet to cause the machine to crash.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-835,

Products Affected

Vendor Product Version
freebsd freebsd *
CVE-2018-6919 MEDIUM

In FreeBSD before 11.1-STABLE, 11.1-RELEASE-p9, 10.4-STABLE, 10.4-RELEASE-p8 and 10.3-RELEASE-p28, due to insufficient initialization of memory copied to userland, small amounts of kernel memory may be disclosed to userland processes. Unprivileged users may be able to access small amounts privileged kernel data.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-200,

Products Affected

Vendor Product Version
freebsd freebsd *
CVE-2018-6920 LOW

In FreeBSD before 11.1-STABLE(r332303), 11.1-RELEASE-p10, 10.4-STABLE(r332321), and 10.4-RELEASE-p9, due to insufficient initialization of memory copied to userland in the Linux subsystem and Atheros wireless driver, small amounts of kernel memory may be disclosed to userland processes. Unprivileged authenticated local users may be able to access small amounts of privileged kernel data.

CVSS 2.0

Severity: LOW

Problem Type: CWE-200,

Products Affected

Vendor Product Version
freebsd freebsd *
CVE-2018-6921 LOW

In FreeBSD before 11.1-STABLE(r332066) and 11.1-RELEASE-p10, due to insufficient initialization of memory copied to userland in the network subsystem, small amounts of kernel memory may be disclosed to userland processes. Unprivileged authenticated local users may be able to access small amounts of privileged kernel data.

CVSS 2.0

Severity: LOW

Problem Type: CWE-200,

Products Affected

Vendor Product Version
freebsd freebsd *
CVE-2018-6922 MEDIUM

One of the data structures that holds TCP segments in all versions of FreeBSD prior to 11.2-RELEASE-p1, 11.1-RELEASE-p12, and 10.4-RELEASE-p10 uses an inefficient algorithm to reassemble the data. This causes the CPU time spent on segment processing to grow linearly with the number of segments in the reassembly queue. An attacker who has the ability to send TCP traffic to a victim system can degrade the victim system's network performance and/or consume excessive CPU by exploiting the inefficiency of TCP reassembly handling, with relatively small bandwidth cost.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-400,CWE-400,

Products Affected

Vendor Product Version
freebsd freebsd 11.1
freebsd freebsd 10.4
freebsd freebsd 11.2
CVE-2018-6923 HIGH

In FreeBSD before 11.1-STABLE, 11.2-RELEASE-p2, 11.1-RELEASE-p13, ip fragment reassembly code is vulnerable to a denial of service due to excessive system resource consumption. This issue can allow a remote attacker who is able to send an arbitrary ip fragments to cause the machine to consume excessive resources.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-400,

Products Affected

Vendor Product Version
freebsd freebsd 4.3
freebsd freebsd 4.4
freebsd freebsd 6.4
freebsd freebsd 9.3
freebsd freebsd 6.2
freebsd freebsd 6.1
freebsd freebsd 7.3
freebsd freebsd 5.0
freebsd freebsd 8.2
freebsd freebsd 7.0
freebsd freebsd 3.0
freebsd freebsd 9.0
freebsd freebsd 10.0
freebsd freebsd 4.9
freebsd freebsd 4.11
freebsd freebsd 11.1
freebsd freebsd 8.0
freebsd freebsd 5.4
freebsd freebsd 5.5
freebsd freebsd 5.2
freebsd freebsd 8.3
freebsd freebsd 9.2
freebsd freebsd 4.6
freebsd freebsd 4.7
freebsd freebsd 9.1
freebsd freebsd 5.1
freebsd freebsd 6.3
freebsd freebsd 2.2
freebsd freebsd 4.10
freebsd freebsd 7.2
freebsd freebsd 7.4
freebsd freebsd 11.0
freebsd freebsd 5.3
freebsd freebsd 8.4
freebsd freebsd 7.1
freebsd freebsd 8.1
freebsd freebsd 4.8
freebsd freebsd 6.0
freebsd freebsd 11.2
freebsd freebsd 4.5
CVE-2018-6924 MEDIUM

In FreeBSD before 11.1-STABLE, 11.2-RELEASE-p3, 11.1-RELEASE-p14, 10.4-STABLE, and 10.4-RELEASE-p12, insufficient validation in the ELF header parser could allow a malicious ELF binary to cause a kernel crash or disclose kernel memory.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-20,

Products Affected

Vendor Product Version
freebsd freebsd *
freebsd freebsd 10.4
freebsd freebsd 11.2
CVE-2018-6925 MEDIUM

In FreeBSD before 11.2-STABLE(r338986), 11.2-RELEASE-p4, 11.1-RELEASE-p15, 10.4-STABLE(r338985), and 10.4-RELEASE-p13, due to improper maintenance of IPv6 protocol control block flags through various failure paths, an unprivileged authenticated local user may be able to cause a NULL pointer dereference causing the kernel to crash.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-476,

Products Affected

Vendor Product Version
freebsd freebsd *
freebsd freebsd 11.1
freebsd freebsd 10.4
freebsd freebsd 11.2
CVE-2018-7183 HIGH

Buffer overflow in the decodearr function in ntpq in ntp 4.2.8p6 through 4.2.8p10 allows remote attackers to execute arbitrary code by leveraging an ntpq query and sending a response with a crafted array.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-787,

Products Affected

Vendor Product Version
canonical ubuntu_linux 17.10
netapp element_software -
freebsd freebsd 11.1
freebsd freebsd 10.4
canonical ubuntu_linux 14.04
ntp ntp 4.2.8
freebsd freebsd 10.3
canonical ubuntu_linux 18.04
canonical ubuntu_linux 12.04
canonical ubuntu_linux 16.04
CVE-2018-8897 HIGH

A statement in the System Programming Guide of the Intel 64 and IA-32 Architectures Software Developer's Manual (SDM) was mishandled in the development of some or all operating-system kernels, resulting in unexpected behavior for #DB exceptions that are deferred by MOV SS or POP SS, as demonstrated by (for example) privilege escalation in Windows, macOS, some Xen configurations, or FreeBSD, or a Linux kernel crash. The MOV to SS and POP SS instructions inhibit interrupts (including NMIs), data breakpoints, and single step trap exceptions until the instruction boundary following the next instruction (SDM Vol. 3A; section 6.8.3). (The inhibited data breakpoints are those on memory accessed by the MOV to SS or POP to SS instruction itself.) Note that debug exceptions are not inhibited by the interrupt enable (EFLAGS.IF) system flag (SDM Vol. 3A; section 2.3). If the instruction following the MOV to SS or POP to SS instruction is an instruction like SYSCALL, SYSENTER, INT 3, etc. that transfers control to the operating system at CPL < 3, the debug exception is delivered after the transfer to CPL < 3 is complete. OS kernels may not expect this order of events and may therefore experience unexpected behavior when it occurs.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-362,

Products Affected

Vendor Product Version
apple mac_os_x *
citrix xenserver 7.4
synology skynas -
synology diskstation_manager 5.2
xen xen -
redhat enterprise_linux_workstation 7.0
synology diskstation_manager 6.0
canonical ubuntu_linux 14.04
citrix xenserver 7.0
citrix xenserver 7.2
synology diskstation_manager 6.1
citrix xenserver 7.3
citrix xenserver 7.1
canonical ubuntu_linux 17.10
freebsd freebsd *
debian debian_linux 8.0
citrix xenserver 6.0.2
citrix xenserver 6.2.0
redhat enterprise_linux_server 7.0
citrix xenserver 6.5
debian debian_linux 9.0
canonical ubuntu_linux 16.04
redhat enterprise_virtualization_manager 3.0
debian debian_linux 7.0
CVE-2019-12900 HIGH

BZ2_decompress in decompress.c in bzip2 through 1.0.6 has an out-of-bounds write when there are many selectors.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-787,CWE-787,

Products Affected

Vendor Product Version
opensuse leap 15.1
freebsd freebsd 12.0
bzip bzip2 *
freebsd freebsd 11.3
debian debian_linux 8.0
opensuse leap 15.0
python python *
canonical ubuntu_linux 14.04
canonical ubuntu_linux 18.04
freebsd freebsd 11.2
canonical ubuntu_linux 12.04
canonical ubuntu_linux 16.04
canonical ubuntu_linux 19.04
CVE-2019-14899 MEDIUM

A vulnerability was discovered in Linux, FreeBSD, OpenBSD, MacOS, iOS, and Android that allows a malicious access point, or an adjacent user, to determine if a connected user is using a VPN, make positive inferences about the websites they are visiting, and determine the correct sequence and acknowledgement numbers in use, allowing the bad actor to inject data into the TCP stream. This provides everything that is needed for an attacker to hijack active connections inside the VPN tunnel.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.4 HIGH CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H 1.5 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-300,NVD-CWE-Other,

Products Affected

Vendor Product Version
freebsd freebsd -
apple iphone_os *
apple tvos *
apple macos 11.0
linux linux_kernel -
apple ipados *
apple mac_os_x *
openbsd openbsd -
CVE-2019-15874 HIGH

In FreeBSD 12.1-STABLE before r356035, 12.1-RELEASE before 12.1-RELEASE-p4, 11.3-STABLE before r356036, and 11.3-RELEASE before 11.3-RELEASE-p8, incomplete packet data validation may result in memory access after it has been freed leading to a kernel panic or other unpredictable results.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-20,CWE-416,

Products Affected

Vendor Product Version
freebsd freebsd 11.3
netapp clustered_data_ontap -
freebsd freebsd 12.1
CVE-2019-15875 LOW

In FreeBSD 12.1-STABLE before r354734, 12.1-RELEASE before 12.1-RELEASE-p2, 12.0-RELEASE before 12.0-RELEASE-p13, 11.3-STABLE before r354735, and 11.3-RELEASE before 11.3-RELEASE-p6, due to incorrect initialization of a stack data structure, core dump files may contain up to 20 bytes of kernel data previously stored on the stack.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 3.3 LOW CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N 1.8 1.4

CVSS 2.0

Severity: LOW

Problem Type: CWE-665,

Products Affected

Vendor Product Version
freebsd freebsd 12.0
freebsd freebsd 11.3
freebsd freebsd 12.1
CVE-2019-15876 LOW

In FreeBSD 12.1-STABLE before r356089, 12.1-RELEASE before 12.1-RELEASE-p3, 11.3-STABLE before r356090, and 11.3-RELEASE before 11.3-RELEASE-p7, driver specific ioctl command handlers in the oce network driver failed to check whether the caller has sufficient privileges allowing unprivileged users to send passthrough commands to the device firmware.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N 1.8 3.6

CVSS 2.0

Severity: LOW

Problem Type: CWE-862,

Products Affected

Vendor Product Version
freebsd freebsd 11.3
freebsd freebsd 12.1
CVE-2019-15877 LOW

In FreeBSD 12.1-STABLE before r356606 and 12.1-RELEASE before 12.1-RELEASE-p3, driver specific ioctl command handlers in the ixl network driver failed to check whether the caller has sufficient privileges allowing unprivileged users to trigger updates to the device's non-volatile memory.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N 1.8 3.6

CVSS 2.0

Severity: LOW

Problem Type: CWE-862,

Products Affected

Vendor Product Version
freebsd freebsd 12.1
CVE-2019-15878 MEDIUM

In FreeBSD 12.1-STABLE before r352509, 11.3-STABLE before r352509, and 11.3-RELEASE before p9, an unprivileged local user can trigger a use-after-free situation due to improper checking in SCTP when an application tries to update an SCTP-AUTH shared key.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-416,

Products Affected

Vendor Product Version
freebsd freebsd 11.3
freebsd freebsd 12.1
CVE-2019-15879 MEDIUM

In FreeBSD 12.1-STABLE before r356908, 12.1-RELEASE before p5, 11.3-STABLE before r356908, and 11.3-RELEASE before p9, a race condition in the cryptodev module permitted a data structure in the kernel to be used after it was freed, allowing an unprivileged process can overwrite arbitrary kernel memory.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.4 HIGH CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H 2.2 5.2

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-362,CWE-772,

Products Affected

Vendor Product Version
freebsd freebsd 11.3
freebsd freebsd 12.1
CVE-2019-15880 HIGH

In FreeBSD 12.1-STABLE before r356911, and 12.1-RELEASE before p5, insufficient checking in the cryptodev module allocated the size of a kernel buffer based on a user-supplied length allowing an unprivileged process to trigger a kernel panic.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-20,CWE-119,

Products Affected

Vendor Product Version
freebsd freebsd 12.1
CVE-2019-5595 LOW

In FreeBSD before 11.2-STABLE(r343782), 11.2-RELEASE-p9, 12.0-STABLE(r343781), and 12.0-RELEASE-p3, kernel callee-save registers are not properly sanitized before return from system calls, potentially allowing some kernel data used in the system call to be exposed.

CVSS 2.0

Severity: LOW

Problem Type: CWE-459,

Products Affected

Vendor Product Version
freebsd freebsd 12.0
freebsd freebsd 11.2
CVE-2019-5596 HIGH

In FreeBSD 11.2-STABLE after r338618 and before r343786, 12.0-STABLE before r343781, and 12.0-RELEASE before 12.0-RELEASE-p3, a bug in the reference count implementation for UNIX domain sockets can cause a file structure to be incorrectly released potentially allowing a malicious local user to gain root privileges or escape from a jail.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
freebsd freebsd 12.0
freebsd freebsd 11.2
CVE-2019-5597 MEDIUM

In FreeBSD 11.3-PRERELEASE and 12.0-STABLE before r347591, 11.2-RELEASE before 11.2-RELEASE-p10, and 12.0-RELEASE before 12.0-RELEASE-p4, a bug in the pf IPv6 fragment reassembly logic incorrectly uses the last extension header offset from the last received packet instead of the first packet allowing maliciously crafted IPv6 packets to cause a crash or potentially bypass the packet filter.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-20,

Products Affected

Vendor Product Version
freebsd freebsd 12.0
freebsd freebsd 11.2
CVE-2019-5598 MEDIUM

In FreeBSD 11.3-PRERELEASE before r345378, 12.0-STABLE before r345377, 11.2-RELEASE before 11.2-RELEASE-p10, and 12.0-RELEASE before 12.0-RELEASE-p4, a bug in pf does not check if the outer ICMP or ICMP6 packet has the same destination IP as the source IP of the inner protocol packet allowing a maliciously crafted ICMP/ICMP6 packet could bypass the packet filter rules and be passed to a host that would otherwise be unavailable.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-20,

Products Affected

Vendor Product Version
freebsd freebsd 12.0
freebsd freebsd 11.2
CVE-2019-5599 HIGH

In FreeBSD 12.0-STABLE before r349197 and 12.0-RELEASE before 12.0-RELEASE-p6, a bug in the non-default RACK TCP stack can allow an attacker to cause several linked lists to grow unbounded and cause an expensive list traversal on every packet being processed, leading to resource exhaustion and a denial of service.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-770,

Products Affected

Vendor Product Version
freebsd freebsd 12.0
CVE-2019-5600 HIGH

In FreeBSD 12.0-STABLE before r349622, 12.0-RELEASE before 12.0-RELEASE-p7, 11.3-PRERELEASE before r349624, 11.3-RC3 before 11.3-RC3-p1, and 11.2-RELEASE before 11.2-RELEASE-p11, a bug in iconv implementation may allow an attacker to write past the end of an output buffer. Depending on the implementation, an attacker may be able to create a denial of service, provoke incorrect program behavior, or induce a remote code execution.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-787,

Products Affected

Vendor Product Version
freebsd freebsd 12.0
freebsd freebsd 11.3
freebsd freebsd 11.2
CVE-2019-5601 MEDIUM

In FreeBSD 12.0-STABLE before r347474, 12.0-RELEASE before 12.0-RELEASE-p7, 11.2-STABLE before r347475, and 11.2-RELEASE before 11.2-RELEASE-p11, a bug in the FFS implementation causes up to three bytes of kernel stack memory to be written to disk as uninitialized directory entry padding.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-200,

Products Affected

Vendor Product Version
freebsd freebsd 12.0
freebsd freebsd 11.2
CVE-2019-5602 HIGH

In FreeBSD 12.0-STABLE before r349628, 12.0-RELEASE before 12.0-RELEASE-p7, 11.3-PRERELEASE before r349629, 11.3-RC3 before 11.3-RC3-p1, and 11.2-RELEASE before 11.2-RELEASE-p11, a bug in the cdrom driver allows users with read access to the cdrom device to arbitrarily overwrite kernel memory when media is present thereby allowing a malicious user in the operator group to gain root privileges.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-787,CWE-863,

Products Affected

Vendor Product Version
freebsd freebsd 12.0
freebsd freebsd 11.3
freebsd freebsd 11.2
CVE-2019-5603 HIGH

In FreeBSD 12.0-STABLE before r350261, 12.0-RELEASE before 12.0-RELEASE-p8, 11.3-STABLE before r350263, 11.3-RELEASE before 11.3-RELEASE-p1, and 11.2-RELEASE before 11.2-RELEASE-p12, system calls operating on file descriptors as part of mqueuefs did not properly release the reference allowing a malicious user to overflow the counter allowing access to files, directories, and sockets opened by processes owned by other users.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-404,

Products Affected

Vendor Product Version
freebsd freebsd 12.0
freebsd freebsd 11.3
freebsd freebsd 11.2
freebsd freebsd 11.0
CVE-2019-5604 HIGH

In FreeBSD 12.0-STABLE before r350246, 12.0-RELEASE before 12.0-RELEASE-p8, 11.3-STABLE before r350247, 11.3-RELEASE before 11.3-RELEASE-p1, and 11.2-RELEASE before 11.2-RELEASE-p12, the emulated XHCI device included with the bhyve hypervisor did not properly validate data provided by the guest, allowing an out-of-bounds read. This provides a malicious guest the possibility to crash the system or access system memory.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.6 CRITICAL CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:H 3.1 5.8

CVSS 2.0

Severity: HIGH

Problem Type: CWE-125,

Products Affected

Vendor Product Version
freebsd freebsd 12.0
freebsd freebsd 11.3
freebsd freebsd 11.2
freebsd freebsd 11.0
CVE-2019-5605 MEDIUM

In FreeBSD 11.3-STABLE before r350217, 11.3-RELEASE before 11.3-RELEASE-p1, and 11.2-RELEASE before 11.2-RELEASE-p12, due to insufficient initialization of memory copied to userland in the freebsd32_ioctl interface, small amounts of kernel memory may be disclosed to userland processes. This may allow an attacker to leverage this information to obtain elevated privileges either directly or indirectly.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N 2.8 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-665,

Products Affected

Vendor Product Version
freebsd freebsd 11.3
freebsd freebsd 11.2
freebsd freebsd 11.0
CVE-2019-5606 HIGH

In FreeBSD 12.0-STABLE before r349805, 12.0-RELEASE before 12.0-RELEASE-p8, 11.3-STABLE before r349806, 11.3-RELEASE before 11.3-RELEASE-p1, and 11.2-RELEASE before 11.2-RELEASE-p12, code which handles close of a descriptor created by posix_openpt fails to undo a signal configuration. This causes an incorrect signal to be raised leading to a write after free of kernel memory allowing a malicious user to gain root privileges or escape a jail.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-416,

Products Affected

Vendor Product Version
freebsd freebsd 12.0
freebsd freebsd 11.3
freebsd freebsd 11.2
freebsd freebsd 11.0
CVE-2019-5607 HIGH

In FreeBSD 12.0-STABLE before r350222, 12.0-RELEASE before 12.0-RELEASE-p8, 11.3-STABLE before r350223, 11.3-RELEASE before 11.3-RELEASE-p1, and 11.2-RELEASE before 11.2-RELEASE-p12, rights transmitted over a domain socket did not properly release a reference on transmission error allowing a malicious user to cause the reference counter to wrap, forcing a free event. This could allow a malicious local user to gain root privileges or escape from a jail.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-404,CWE-682,

Products Affected

Vendor Product Version
freebsd freebsd 12.0
freebsd freebsd 11.3
freebsd freebsd 11.2
freebsd freebsd 11.0
CVE-2019-5608 HIGH

In FreeBSD 12.0-STABLE before r350648, 12.0-RELEASE before 12.0-RELEASE-p9, 11.3-STABLE before r350650, 11.3-RELEASE before 11.3-RELEASE-p2, and 11.2-RELEASE before 11.2-RELEASE-p13, the ICMPv6 input path incorrectly handles cases where an MLDv2 listener query packet is internally fragmented across multiple mbufs. A remote attacker may be able to cause an out-of-bounds read or write that may cause the kernel to attempt to access an unmapped page and subsequently panic.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-125,CWE-787,

Products Affected

Vendor Product Version
freebsd freebsd 12.0
freebsd freebsd 11.3
freebsd freebsd 11.2
netapp clustered_data_ontap -
CVE-2019-5609 MEDIUM

In FreeBSD 12.0-STABLE before r350619, 12.0-RELEASE before 12.0-RELEASE-p9, 11.3-STABLE before r350619, 11.3-RELEASE before 11.3-RELEASE-p2, and 11.2-RELEASE before 11.2-RELEASE-p13, the bhyve e1000 device emulation used a guest-provided value to determine the size of the on-stack buffer without validation when TCP segmentation offload is requested for a transmitted packet. A misbehaving bhyve guest could overwrite memory in the bhyve process on the host.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-787,

Products Affected

Vendor Product Version
freebsd freebsd 12.0
freebsd freebsd 11.3
freebsd freebsd 11.2
CVE-2019-5610 MEDIUM

In FreeBSD 12.0-STABLE before r350637, 12.0-RELEASE before 12.0-RELEASE-p9, 11.3-STABLE before r350638, 11.3-RELEASE before 11.3-RELEASE-p2, and 11.2-RELEASE before 11.2-RELEASE-p13, the bsnmp library is not properly validating the submitted length from a type-length-value encoding. A remote user could cause an out-of-bounds read or trigger a crash of the software such as bsnmpd resulting in a denial of service.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-125,

Products Affected

Vendor Product Version
freebsd freebsd 12.0
freebsd freebsd 11.3
freebsd freebsd 11.2
netapp clustered_data_ontap -
CVE-2019-5611 HIGH

In FreeBSD 12.0-STABLE before r350828, 12.0-RELEASE before 12.0-RELEASE-p10, 11.3-STABLE before r350829, 11.3-RELEASE before 11.3-RELEASE-p3, and 11.2-RELEASE before 11.2-RELEASE-p14, a missing check in the function to arrange data in a chain of mbufs could cause data returned not to be contiguous. Extra checks in the IPv6 stack could catch the error condition and trigger a kernel panic, leading to a remote denial of service.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-20,

Products Affected

Vendor Product Version
freebsd freebsd 12.0
freebsd freebsd 11.3
freebsd freebsd 11.2
netapp clustered_data_ontap -
CVE-2019-5612 HIGH

In FreeBSD 12.0-STABLE before r351264, 12.0-RELEASE before 12.0-RELEASE-p10, 11.3-STABLE before r351265, 11.3-RELEASE before 11.3-RELEASE-p3, and 11.2-RELEASE before 11.2-RELEASE-p14, the kernel driver for /dev/midistat implements a read handler that is not thread-safe. A multi-threaded program can exploit races in the handler to copy out kernel memory outside the boundaries of midistat's data buffer.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-362,

Products Affected

Vendor Product Version
freebsd freebsd 12.0
freebsd freebsd 11.3
freebsd freebsd 11.2
netapp clustered_data_ontap -
CVE-2019-5613 HIGH

In FreeBSD 12.0-RELEASE before 12.0-RELEASE-p13, a missing check in the ipsec packet processor allows reinjection of an old packet to be accepted by the ipsec endpoint. Depending on the higher-level protocol in use over ipsec, this could allow an action to be repeated.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-345,

Products Affected

Vendor Product Version
freebsd freebsd 12.0
CVE-2019-5614 HIGH

In FreeBSD 12.1-STABLE before r356035, 12.1-RELEASE before 12.1-RELEASE-p4, 11.3-STABLE before r356036, and 11.3-RELEASE before 11.3-RELEASE-p8, incomplete packet data validation may result in accessing out-of-bounds memory leading to a kernel panic or other unpredictable results.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-20,CWE-119,

Products Affected

Vendor Product Version
freebsd freebsd 11.3
netapp clustered_data_ontap -
freebsd freebsd 12.1
CVE-2019-6111 MEDIUM

An issue was discovered in OpenSSH 7.9. Due to the scp implementation being derived from 1983 rcp, the server chooses which files/directories are sent to the client. However, the scp client only performs cursory validation of the object name returned (only directory traversal attacks are prevented). A malicious scp server (or Man-in-The-Middle attacker) can overwrite arbitrary files in the scp client target directory. If recursive operation (-r) is performed, the server can manipulate subdirectories as well (for example, to overwrite the .ssh/authorized_keys file).

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.9 MEDIUM CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N 2.2 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-22,CWE-22,

Products Affected

Vendor Product Version
redhat enterprise_linux 7.0
fedoraproject fedora 30
siemens scalance_x204rna_firmware *
redhat enterprise_linux_server_aus 8.6
siemens scalance_x204rna_eec_firmware *
apache mina_sshd 2.2.0
redhat enterprise_linux_server_tus 8.6
winscp winscp *
canonical ubuntu_linux 18.10
canonical ubuntu_linux 14.04
redhat enterprise_linux_eus 8.6
redhat enterprise_linux_server_aus 8.4
fujitsu m10-4_firmware *
redhat enterprise_linux_server_tus 8.2
redhat enterprise_linux_eus 8.4
redhat enterprise_linux 8.0
redhat enterprise_linux_eus 8.1
fujitsu m10-4s_firmware *
freebsd freebsd *
redhat enterprise_linux_server_aus 8.2
freebsd freebsd 12.0
fujitsu m12-2s_firmware *
fujitsu m12-2_firmware *
debian debian_linux 8.0
fujitsu m10-1_firmware *
openbsd openssh *
redhat enterprise_linux_server_tus 8.4
redhat enterprise_linux_eus 8.2
canonical ubuntu_linux 18.04
fujitsu m12-1_firmware *
debian debian_linux 9.0
canonical ubuntu_linux 16.04
CVE-2019-9494 MEDIUM

The implementations of SAE in hostapd and wpa_supplicant are vulnerable to side channel attacks as a result of observable timing differences and cache access patterns. An attacker may be able to gain leaked information from a side channel attack that can be used for full password recovery. Both hostapd with SAE support and wpa_supplicant with SAE support prior to and including version 2.7 are affected.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.9 MEDIUM CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N 2.2 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-208,CWE-524,CWE-203,

Products Affected

Vendor Product Version
opensuse leap 15.1
fedoraproject fedora 29
w1.fi wpa_supplicant *
fedoraproject fedora 28
fedoraproject fedora 30
freebsd freebsd 12.0
synology router_manager *
opensuse backports_sle 15.0
w1.fi hostapd *
freebsd freebsd 11.2
synology radius_server 3.0
CVE-2019-9495 MEDIUM

The implementations of EAP-PWD in hostapd and wpa_supplicant are vulnerable to side-channel attacks as a result of cache access patterns. All versions of hostapd and wpa_supplicant with EAP-PWD support are vulnerable. The ability to install and execute applications is necessary for a successful attack. Memory access patterns are visible in a shared cache. Weak passwords may be cracked. Versions of hostapd/wpa_supplicant 2.7 and newer, are not vulnerable to the timing attack described in CVE-2019-9494. Both hostapd with EAP-pwd support and wpa_supplicant with EAP-pwd support prior to and including version 2.7 are affected.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 3.7 LOW CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N 2.2 1.4

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-524,CWE-203,

Products Affected

Vendor Product Version
opensuse leap 15.1
fedoraproject fedora 29
w1.fi wpa_supplicant *
fedoraproject fedora 28
fedoraproject fedora 30
freebsd freebsd 12.0
synology router_manager *
debian debian_linux 8.0
opensuse backports_sle 15.0
w1.fi hostapd *
synology radius_server 3.0
freebsd freebsd 11.2
CVE-2019-9498 MEDIUM

The implementations of EAP-PWD in hostapd EAP Server, when built against a crypto library missing explicit validation on imported elements, do not validate the scalar and element values in EAP-pwd-Commit. An attacker may be able to use invalid scalar/element values to complete authentication, gaining session key and network access without needing or learning the password. Both hostapd with SAE support and wpa_supplicant with SAE support prior to and including version 2.4 are affected. Both hostapd with EAP-pwd support and wpa_supplicant with EAP-pwd support prior to and including version 2.7 are affected.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.1 HIGH CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H 2.2 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-346,CWE-287,

Products Affected

Vendor Product Version
opensuse leap 15.1
fedoraproject fedora 29
freebsd freebsd *
w1.fi wpa_supplicant *
fedoraproject fedora 28
fedoraproject fedora 30
freebsd freebsd 12.0
debian debian_linux 8.0
opensuse backports_sle 15.0
w1.fi hostapd *
synology router_manager 1.2
synology radius_server 3.0
freebsd freebsd 11.2
CVE-2019-9499 MEDIUM

The implementations of EAP-PWD in wpa_supplicant EAP Peer, when built against a crypto library missing explicit validation on imported elements, do not validate the scalar and element values in EAP-pwd-Commit. An attacker may complete authentication, session key and control of the data connection with a client. Both hostapd with SAE support and wpa_supplicant with SAE support prior to and including version 2.4 are affected. Both hostapd with EAP-pwd support and wpa_supplicant with EAP-pwd support prior to and including version 2.7 are affected.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.1 HIGH CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H 2.2 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-346,CWE-287,

Products Affected

Vendor Product Version
opensuse leap 15.1
fedoraproject fedora 29
freebsd freebsd *
w1.fi wpa_supplicant *
fedoraproject fedora 28
fedoraproject fedora 30
freebsd freebsd 12.0
debian debian_linux 8.0
opensuse backports_sle 15.0
w1.fi hostapd *
synology router_manager 1.2
synology radius_server 3.0
freebsd freebsd 11.2
CVE-2020-10565 HIGH

grub2-bhyve, as used in FreeBSD bhyve before revision 525916 2020-02-12, does not validate the address provided as part of a memrw command (read_* or write_*) by a guest through a grub2.cfg file. This allows an untrusted guest to perform arbitrary read or write operations in the context of the grub-bhyve process, resulting in code execution as root on the host OS.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-119,

Products Affected

Vendor Product Version
freebsd freebsd *
CVE-2020-10566 MEDIUM

grub2-bhyve, as used in FreeBSD bhyve before revision 525916 2020-02-12, mishandles font loading by a guest through a grub2.cfg file, leading to a buffer overflow.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-120,

Products Affected

Vendor Product Version
freebsd freebsd *
CVE-2020-13434 LOW

SQLite through 3.32.0 has an integer overflow in sqlite3_str_vappendf in printf.c.

CVSS 2.0

Severity: LOW

Problem Type: CWE-190,

Products Affected

Vendor Product Version
apple ipados *
freebsd freebsd *
oracle communications_network_charging_and_control *
freebsd freebsd 12.0
oracle communications_cloud_native_core_policy 1.14.0
debian debian_linux 8.0
apple icloud *
canonical ubuntu_linux 20.04
oracle communications_network_charging_and_control 6.0.1
apple macos *
apple iphone_os *
apple tvos *
apple watchos *
apple itunes *
freebsd freebsd 11.4
fedoraproject fedora 32
canonical ubuntu_linux 18.04
debian debian_linux 9.0
canonical ubuntu_linux 16.04
canonical ubuntu_linux 19.10
sqlite sqlite *
freebsd freebsd 12.1
oracle outside_in_technology 8.5.5
CVE-2020-1967 MEDIUM

Server or client applications that call the SSL_check_chain() function during or after a TLS 1.3 handshake may crash due to a NULL pointer dereference as a result of incorrect handling of the "signature_algorithms_cert" TLS extension. The crash occurs if an invalid or unrecognised signature algorithm is received from the peer. This could be exploited by a malicious peer in a Denial of Service attack. OpenSSL version 1.1.1d, 1.1.1e, and 1.1.1f are affected by this issue. This issue did not affect OpenSSL versions prior to 1.1.1d. Fixed in OpenSSL 1.1.1g (Affected 1.1.1d-1.1.1f).

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-476,

Products Affected

Vendor Product Version
oracle enterprise_manager_for_storage_management 13.3.0.0
fedoraproject fedora 31
broadcom fabric_operating_system -
netapp oncommand_workflow_automation -
fedoraproject fedora 30
oracle mysql_enterprise_monitor *
jdedwards enterpriseone *
netapp e-series_performance_analyzer -
oracle enterprise_manager_base_platform 13.4.0.0
netapp oncommand_insight -
oracle application_server 12.1.3
oracle peoplesoft_enterprise_peopletools 8.57
oracle mysql *
fedoraproject fedora 32
netapp active_iq_unified_manager *
oracle http_server 12.2.1.4.0
oracle enterprise_manager_for_storage_management 13.4.0.0
freebsd freebsd 12.1
oracle enterprise_manager_ops_center 12.4.0
netapp smi-s_provider -
oracle jd_edwards_world_security a9.4
opensuse leap 15.1
oracle peoplesoft_enterprise_peopletools 8.59
tenable log_correlation_engine *
oracle peoplesoft_enterprise_peopletools 8.56
openssl openssl *
netapp snapcenter -
oracle peoplesoft_enterprise_peopletools 8.58
oracle mysql_workbench *
netapp steelstore_cloud_integrated_storage -
opensuse leap 15.2
oracle mysql_connectors *
debian debian_linux 9.0
debian debian_linux 10.0
CVE-2020-24385 MEDIUM

In MidnightBSD before 1.2.6 and 1.3 before August 2020, and FreeBSD before 7, a NULL pointer dereference was found in the Linux emulation layer that allows attackers to crash the running kernel. During binary interaction, td->td_emuldata in sys/compat/linux/linux_emul.h is not getting initialized and returns NULL from em_find().

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 1.8 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-476,

Products Affected

Vendor Product Version
freebsd freebsd *
midnightbsd midnightbsd *
CVE-2020-24718 HIGH

bhyve, as used in FreeBSD through 12.1 and illumos (e.g., OmniOS CE through r151034 and OpenIndiana through Hipster 2020.04), does not properly restrict VMCS and VMCB read/write operations, as demonstrated by a root user in a container on an Intel system, who can gain privileges by modifying VMCS_HOST_RIP.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.2 HIGH CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H 1.5 6.0

CVSS 2.0

Severity: HIGH

Problem Type: CWE-862,

Products Affected

Vendor Product Version
omniosce omnios *
freebsd freebsd *
freebsd freebsd 11.4
freebsd freebsd 12.0
freebsd freebsd 11.3
netapp clustered_data_ontap -
freebsd freebsd 12.1
openindiana openindiana *
CVE-2020-24863 MEDIUM

A memory corruption vulnerability was found in the kernel function kern_getfsstat in MidnightBSD before 1.2.7 and 1.3 through 2020-08-19, and FreeBSD through 11.4, that allows an attacker to trigger an invalid free and crash the system via a crafted size value in conjunction with an invalid mode.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 1.8 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-787,

Products Affected

Vendor Product Version
freebsd freebsd *
midnightbsd midnightbsd *
CVE-2020-25577 HIGH

In FreeBSD 12.2-STABLE before r368250, 11.4-STABLE before r368253, 12.2-RELEASE before p1, 12.1-RELEASE before p11 and 11.4-RELEASE before p5 rtsold(8) does not verify that the RDNSS option does not extend past the end of the received packet before processing its contents. While the kernel currently ignores such malformed packets, it passes them to userspace programs. Any programs expecting the kernel to do validation may be vulnerable to an overflow.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-120,

Products Affected

Vendor Product Version
freebsd freebsd 11.4
freebsd freebsd 12.2
freebsd freebsd 12.1
CVE-2020-25578 MEDIUM

In FreeBSD 12.2-STABLE before r368969, 11.4-STABLE before r369047, 12.2-RELEASE before p3, 12.1-RELEASE before p13 and 11.4-RELEASE before p7 several file systems were not properly initializing the d_off field of the dirent structures returned by VOP_READDIR. In particular, tmpfs(5), smbfs(5), autofs(5) and mqueuefs(5) were failing to do so. As a result, eight uninitialized kernel stack bytes may be leaked to userspace by these file systems.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N 3.9 1.4

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-665,

Products Affected

Vendor Product Version
freebsd freebsd 11.4
freebsd freebsd 12.2
freebsd freebsd 12.1
CVE-2020-25579 MEDIUM

In FreeBSD 12.2-STABLE before r368969, 11.4-STABLE before r369047, 12.2-RELEASE before p3, 12.1-RELEASE before p13 and 11.4-RELEASE before p7 msdosfs(5) was failing to zero-fill a pair of padding fields in the dirent structure, resulting in a leak of three uninitialized bytes.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N 3.9 1.4

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-909,

Products Affected

Vendor Product Version
freebsd freebsd 11.4
freebsd freebsd 12.2
freebsd freebsd 12.1
CVE-2020-25580 MEDIUM

In FreeBSD 12.2-STABLE before r369346, 11.4-STABLE before r369345, 12.2-RELEASE before p4 and 11.4-RELEASE before p8 a regression in the login.access(5) rule processor has the effect of causing rules to fail to match even when they should not. This means that rules denying access may be ignored.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N 3.9 1.4

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-697,

Products Affected

Vendor Product Version
freebsd freebsd 11.4
freebsd freebsd 12.2
CVE-2020-25581 HIGH

In FreeBSD 12.2-STABLE before r369312, 11.4-STABLE before r369313, 12.2-RELEASE before p4 and 11.4-RELEASE before p8 due to a race condition in the jail_remove(2) implementation, it may fail to kill some of the processes.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H 1.6 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-362,

Products Affected

Vendor Product Version
freebsd freebsd 11.4
freebsd freebsd 12.2
CVE-2020-25582 HIGH

In FreeBSD 12.2-STABLE before r369334, 11.4-STABLE before r369335, 12.2-RELEASE before p4 and 11.4-RELEASE before p8 when a process, such as jexec(8) or killall(1), calls jail_attach(2) to enter a jail, the jailed root can attach to it using ptrace(2) before the current working directory is changed.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.7 HIGH CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N 2.3 5.8

CVSS 2.0

Severity: HIGH

Problem Type: CWE-362,

Products Affected

Vendor Product Version
freebsd freebsd 11.4
freebsd freebsd 12.2
CVE-2020-25583 HIGH

In FreeBSD 12.2-STABLE before r368250, 11.4-STABLE before r368253, 12.2-RELEASE before p1, 12.1-RELEASE before p11 and 11.4-RELEASE before p5 when processing a DNSSL option, rtsold(8) decodes domain name labels per an encoding specified in RFC 1035 in which the first octet of each label contains the label's length. rtsold(8) did not validate label lengths correctly and could overflow the destination buffer.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-120,

Products Affected

Vendor Product Version
freebsd freebsd 11.4
freebsd freebsd 12.2
freebsd freebsd 11.3
freebsd freebsd 12.1
CVE-2020-25584 MEDIUM

In FreeBSD 13.0-STABLE before n245118, 12.2-STABLE before r369552, 11.4-STABLE before r369560, 13.0-RC5 before p1, 12.2-RELEASE before p6, and 11.4-RELEASE before p9, a superuser inside a FreeBSD jail configured with the non-default allow.mount permission could cause a race condition between the lookup of ".." and remounting a filesystem, allowing access to filesystem hierarchy outside of the jail.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H 0.8 6.0

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-362,

Products Affected

Vendor Product Version
freebsd freebsd *
freebsd freebsd 11.4
freebsd freebsd 12.2
freebsd freebsd 13.0
CVE-2020-7450 HIGH

In FreeBSD 12.1-STABLE before r357213, 12.1-RELEASE before 12.1-RELEASE-p2, 12.0-RELEASE before 12.0-RELEASE-p13, 11.3-STABLE before r357214, and 11.3-RELEASE before 11.3-RELEASE-p6, URL handling in libfetch with URLs containing username and/or password components is vulnerable to a heap buffer overflow allowing program misbehavior or malicious code execution.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-787,

Products Affected

Vendor Product Version
freebsd freebsd 12.0
freebsd freebsd 11.3
freebsd freebsd 12.1
CVE-2020-7451 MEDIUM

In FreeBSD 12.1-STABLE before r358739, 12.1-RELEASE before 12.1-RELEASE-p3, 11.3-STABLE before r358740, and 11.3-RELEASE before 11.3-RELEASE-p7, a TCP SYN-ACK or challenge TCP-ACK segment over IPv6 that is transmitted or retransmitted does not properly initialize the Traffic Class field disclosing one byte of kernel memory over the network.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N 3.9 1.4

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-908,

Products Affected

Vendor Product Version
freebsd freebsd 11.3
freebsd freebsd 12.1
CVE-2020-7452 HIGH

In FreeBSD 12.1-STABLE before r357490, 12.1-RELEASE before 12.1-RELEASE-p3, 11.3-STABLE before r357489, and 11.3-RELEASE before 11.3-RELEASE-p7, incorrect use of a user-controlled pointer in the epair virtual network module allowed vnet jailed privileged users to panic the host system and potentially execute arbitrary code in the kernel.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.1 CRITICAL CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H 2.3 6.0

CVSS 2.0

Severity: HIGH

Problem Type: CWE-119,

Products Affected

Vendor Product Version
freebsd freebsd 11.3
freebsd freebsd 12.1
CVE-2020-7453 LOW

In FreeBSD 12.1-STABLE before r359021, 12.1-RELEASE before 12.1-RELEASE-p3, 11.3-STABLE before r359020, and 11.3-RELEASE before 11.3-RELEASE-p7, a missing null termination check in the jail_set configuration option "osrelease" may return more bytes with a subsequent jail_get system call allowing a malicious jail superuser with permission to create nested jails to read kernel memory.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.0 MEDIUM CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N 0.8 5.2

CVSS 2.0

Severity: LOW

Problem Type: CWE-754,

Products Affected

Vendor Product Version
freebsd freebsd 11.3
freebsd freebsd 12.1
CVE-2020-7454 HIGH

In FreeBSD 12.1-STABLE before r360971, 12.1-RELEASE before p5, 11.4-STABLE before r360971, 11.4-BETA1 before p1 and 11.3-RELEASE before p9, libalias does not properly validate packet length resulting in modules causing an out of bounds read/write condition if no checking was built into the module.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-20,CWE-787,

Products Affected

Vendor Product Version
freebsd freebsd 11.4
freebsd freebsd 11.3
freebsd freebsd 12.1
CVE-2020-7455 LOW

In FreeBSD 12.1-STABLE before r360973, 12.1-RELEASE before p5, 11.4-STABLE before r360973, 11.4-BETA1 before p1 and 11.3-RELEASE before p9, the FTP packet handler in libalias incorrectly calculates some packet length allowing disclosure of small amounts of kernel (for kernel NAT) or natd process space (for userspace natd).

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N 1.8 3.6

CVSS 2.0

Severity: LOW

Problem Type: CWE-772,

Products Affected

Vendor Product Version
freebsd freebsd 11.4
freebsd freebsd 11.3
freebsd freebsd 12.1
CVE-2020-7456 HIGH

In FreeBSD 12.1-STABLE before r361918, 12.1-RELEASE before p6, 11.4-STABLE before r361919, 11.3-RELEASE before p10, and 11.4-RC2 before p1, an invalid memory location may be used for HID items if the push/pop level is not restored within the processing of that HID item allowing an attacker with physical access to a USB port to be able to use a specially crafted USB device to gain kernel or user-space code execution.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.8 MEDIUM CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 0.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-119,

Products Affected

Vendor Product Version
freebsd freebsd 11.4
freebsd freebsd 11.3
netapp clustered_data_ontap -
freebsd freebsd 12.1
CVE-2020-7457 MEDIUM

In FreeBSD 12.1-STABLE before r359565, 12.1-RELEASE before p7, 11.4-STABLE before r362975, 11.4-RELEASE before p1, and 11.3-RELEASE before p11, missing synchronization in the IPV6_2292PKTOPTIONS socket option set handler contained a race condition allowing a malicious application to modify memory after being freed, possibly resulting in code execution.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.1 HIGH CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H 2.2 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-362,CWE-416,CWE-662,

Products Affected

Vendor Product Version
freebsd freebsd 11.4
freebsd freebsd 11.3
freebsd freebsd 12.1
CVE-2020-7458 HIGH

In FreeBSD 12.1-STABLE before r362281, 11.4-STABLE before r362281, and 11.4-RELEASE before p1, long values in the user-controlled PATH environment variable cause posix_spawnp to write beyond the end of the heap allocated stack possibly leading to arbitrary code execution.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-787,

Products Affected

Vendor Product Version
freebsd freebsd 11.4
freebsd freebsd 12.1
CVE-2020-7459 MEDIUM

In FreeBSD 12.1-STABLE before r362166, 12.1-RELEASE before p8, 11.4-STABLE before r362167, 11.4-RELEASE before p2, and 11.3-RELEASE before p12, missing length validation code common to mulitple USB network drivers allows a malicious USB device to write beyond the end of an allocated network packet buffer.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.8 MEDIUM CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 0.9 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-20,

Products Affected

Vendor Product Version
freebsd freebsd 11.4
freebsd freebsd 11.3
freebsd freebsd 12.1
CVE-2020-7460 MEDIUM

In FreeBSD 12.1-STABLE before r363918, 12.1-RELEASE before p8, 11.4-STABLE before r363919, 11.4-RELEASE before p2, and 11.3-RELEASE before p12, the sendmsg system call in the compat32 subsystem on 64-bit platforms has a time-of-check to time-of-use vulnerability allowing a mailcious userspace program to modify control message headers after they were validation.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.0 HIGH CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H 1.0 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-367,

Products Affected

Vendor Product Version
freebsd freebsd 11.4
freebsd freebsd 11.3
freebsd freebsd 12.1
CVE-2020-7461 HIGH

In FreeBSD 12.1-STABLE before r365010, 11.4-STABLE before r365011, 12.1-RELEASE before p9, 11.4-RELEASE before p3, and 11.3-RELEASE before p13, dhclient(8) fails to handle certain malformed input related to handling of DHCP option 119 resulting a heap overflow. The heap overflow could in principle be exploited to achieve remote code execution. The affected process runs with reduced privileges in a Capsicum sandbox, limiting the immediate impact of an exploit.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.3 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L 3.9 3.4

CVSS 2.0

Severity: HIGH

Problem Type: CWE-787,

Products Affected

Vendor Product Version
siemens simatic_rf650m_firmware *
freebsd freebsd 11.4
siemens simatic_rf350m_firmware *
freebsd freebsd 11.3
freebsd freebsd 12.1
CVE-2020-7462 MEDIUM

In 11.4-PRERELEASE before r360733 and 11.3-RELEASE before p13, improper mbuf handling in the kernel causes a use-after-free bug by sending IPv6 Hop-by-Hop options over the loopback interface. The use-after-free situation may result in unintended kernel behaviour including a kernel panic.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 1.8 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-416,

Products Affected

Vendor Product Version
freebsd freebsd 11.4
freebsd freebsd 11.3
CVE-2020-7463 MEDIUM

In FreeBSD 12.1-STABLE before r364644, 11.4-STABLE before r364651, 12.1-RELEASE before p9, 11.4-RELEASE before p3, and 11.3-RELEASE before p13, improper handling in the kernel causes a use-after-free bug by sending large user messages from multiple threads on the same SCTP socket. The use-after-free situation may result in unintended kernel behaviour including a kernel panic.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-416,

Products Affected

Vendor Product Version
apple ipados *
freebsd freebsd 11.3
apple icloud *
apple macos *
apple iphone_os *
apple tvos *
apple safari *
apple watchos *
apple itunes *
freebsd freebsd 11.4
freebsd freebsd 12.2
freebsd freebsd 12.1
CVE-2020-7464 MEDIUM

In FreeBSD 12.2-STABLE before r365730, 11.4-STABLE before r365738, 12.1-RELEASE before p10, 11.4-RELEASE before p4, and 11.3-RELEASE before p14, a programming error in the ure(4) device driver caused some Realtek USB Ethernet interfaces to incorrectly report packets with more than 2048 bytes in a single USB transfer as having a length of only 2048 bytes. An adversary can exploit this to cause the driver to misinterpret part of the payload of a large packet as a separate packet, and thereby inject packets across security boundaries such as VLANs.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N 3.9 1.4

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-74,

Products Affected

Vendor Product Version
freebsd freebsd 11.4
freebsd freebsd 12.2
freebsd freebsd 11.3
freebsd freebsd 12.1
CVE-2020-7467 HIGH

In FreeBSD 12.2-STABLE before r365767, 11.4-STABLE before r365769, 12.1-RELEASE before p10, 11.4-RELEASE before p4 and 11.3-RELEASE before p14 a number of AMD virtualization instructions operate on host physical addresses, are not subject to nested page table translation, and guest use of these instructions was not trapped.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.6 HIGH CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H 0.9 6.0

CVSS 2.0

Severity: HIGH

Problem Type: CWE-269,

Products Affected

Vendor Product Version
freebsd freebsd 11.4
freebsd freebsd 12.2
freebsd freebsd 11.3
freebsd freebsd 12.1
CVE-2020-7468 HIGH

In FreeBSD 12.2-STABLE before r365772, 11.4-STABLE before r365773, 12.1-RELEASE before p10, 11.4-RELEASE before p4 and 11.3-RELEASE before p14 a ftpd(8) bug in the implementation of the file system sandbox, combined with capabilities available to an authenticated FTP user, can be used to escape the file system restriction configured in ftpchroot(5). Moreover, the bug allows a malicious client to gain root privileges.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
freebsd freebsd 11.4
freebsd freebsd 12.2
freebsd freebsd 11.3
freebsd freebsd 12.1
CVE-2020-7469 MEDIUM

In FreeBSD 12.2-STABLE before r367402, 11.4-STABLE before r368202, 12.2-RELEASE before p1, 12.1-RELEASE before p11 and 11.4-RELEASE before p5 the handler for a routing option caches a pointer into the packet buffer holding the ICMPv6 message. However, when processing subsequent options the packet buffer may be freed, rendering the cached pointer invalid. The network stack may later dereference the pointer, potentially triggering a use-after-free.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-416,

Products Affected

Vendor Product Version
freebsd freebsd 11.4
freebsd freebsd 12.2
netapp clustered_data_ontap -
freebsd freebsd 12.1
CVE-2021-29626 LOW

In FreeBSD 13.0-STABLE before n245117, 12.2-STABLE before r369551, 11.4-STABLE before r369559, 13.0-RC5 before p1, 12.2-RELEASE before p6, and 11.4-RELEASE before p9, copy-on-write logic failed to invalidate shared memory page mappings between multiple processes allowing an unprivileged process to maintain a mapping after it is freed, allowing the process to read private data belonging to other processes or the kernel.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N 1.8 3.6

CVSS 2.0

Severity: LOW

Problem Type: CWE-416,

Products Affected

Vendor Product Version
freebsd freebsd *
freebsd freebsd 11.4
freebsd freebsd 12.2
freebsd freebsd 13.0
CVE-2021-29627 HIGH

In FreeBSD 13.0-STABLE before n245050, 12.2-STABLE before r369525, 13.0-RC4 before p0, and 12.2-RELEASE before p6, listening socket accept filters implementing the accf_create callback incorrectly freed a process supplied argument string. Additional operations on the socket can lead to a double free or use after free.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-415,CWE-416,

Products Affected

Vendor Product Version
freebsd freebsd *
freebsd freebsd 12.2
freebsd freebsd 13.0
CVE-2021-29628 MEDIUM

In FreeBSD 13.0-STABLE before n245764-876ffe28796c, 12.2-STABLE before r369857, 13.0-RELEASE before p1, and 12.2-RELEASE before p7, a system call triggering a fault could cause SMAP protections to be disabled for the duration of the system call. This weakness could be combined with other kernel bugs to craft an exploit.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-863,

Products Affected

Vendor Product Version
freebsd freebsd 12.2
freebsd freebsd 13.0
CVE-2021-29629 MEDIUM

In FreeBSD 13.0-STABLE before n245765-bec0d2c9c841, 12.2-STABLE before r369859, 11.4-STABLE before r369866, 13.0-RELEASE before p1, 12.2-RELEASE before p7, and 11.4-RELEASE before p10, missing message validation in libradius(3) could allow malicious clients or servers to trigger denial of service in vulnerable servers or clients respectively.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-20,

Products Affected

Vendor Product Version
freebsd freebsd 11.4
freebsd freebsd 12.2
freebsd freebsd 13.0
CVE-2021-29630 HIGH

In FreeBSD 13.0-STABLE before n246938-0729ba2f49c9, 12.2-STABLE before r370383, 11.4-STABLE before r370381, 13.0-RELEASE before p4, 12.2-RELEASE before p10, and 11.4-RELEASE before p13, the ggatec daemon does not validate the size of a response before writing it to a fixed-sized buffer allowing a malicious attacker in a privileged network position to overwrite the stack of ggatec and potentially execute arbitrary code.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.1 HIGH CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H 2.2 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-787,

Products Affected

Vendor Product Version
freebsd freebsd 11.4
freebsd freebsd 12.2
freebsd freebsd 13.0
CVE-2021-29631 HIGH

In FreeBSD 13.0-STABLE before n246941-20f96f215562, 12.2-STABLE before r370400, 11.4-STABLE before r370399, 13.0-RELEASE before p4, 12.2-RELEASE before p10, and 11.4-RELEASE before p13, certain VirtIO-based device models in bhyve failed to handle errors when fetching I/O descriptors. A malicious guest may cause the device model to operate on uninitialized I/O vectors leading to memory corruption, crashing of the bhyve process, and possibly arbitrary code execution in the bhyve process.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-908,

Products Affected

Vendor Product Version
freebsd freebsd 11.4
freebsd freebsd 12.2
freebsd freebsd 13.0
CVE-2021-29632 MEDIUM

In FreeBSD 13.0-STABLE before n247428-9352de39c3dc, 12.2-STABLE before r370674, 13.0-RELEASE before p6, and 12.2-RELEASE before p12, certain conditions involving use of the highlight buffer while text is scrolling on the console, console data may overwrite data structures associated with the system console or other kernel memory.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
freebsd freebsd 12.2
freebsd freebsd 13.0
CVE-2021-3449 MEDIUM

An OpenSSL TLS server may crash if sent a maliciously crafted renegotiation ClientHello message from a client. If a TLSv1.2 renegotiation ClientHello omits the signature_algorithms extension (where it was present in the initial ClientHello), but includes a signature_algorithms_cert extension then a NULL pointer dereference will result, leading to a crash and a denial of service attack. A server is only vulnerable if it has TLSv1.2 and renegotiation enabled (which is the default configuration). OpenSSL TLS clients are not impacted by this issue. All OpenSSL 1.1.1 versions are affected by this issue. Users of these versions should upgrade to OpenSSL 1.1.1k. OpenSSL 1.0.2 is not impacted by this issue. Fixed in OpenSSL 1.1.1k (Affected 1.1.1-1.1.1j).

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.9 MEDIUM CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H 2.2 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-476,

Products Affected

Vendor Product Version
oracle graalvm 19.3.5
oracle zfs_storage_appliance_kit 8.8
siemens simatic_s7-1200_cpu_1212c_firmware *
tenable nessus_network_monitor 5.11.0
netapp active_iq_unified_manager -
netapp e-series_performance_analyzer -
siemens scalance_xr524-8c_firmware *
siemens simatic_cloud_connect_7_firmware -
siemens sinamics_connect_300_firmware *
siemens simatic_process_historian_opc_ua_server_firmware *
siemens simatic_net_cp_1543sp-1_firmware *
oracle peoplesoft_enterprise_peopletools 8.57
siemens simatic_net_cp1243-7_lte_eu_firmware *
tenable nessus_network_monitor 5.13.0
siemens simatic_rf360r_firmware *
siemens scalance_xm-400_firmware *
siemens simatic_s7-1200_cpu_1215c_firmware *
tenable tenable.sc *
siemens scalance_w1700_firmware *
oracle jd_edwards_world_security a9.4
siemens simatic_s7-1200_cpu_1214_fc_firmware *
siemens simatic_cloud_connect_7_firmware *
siemens simatic_pcs_neo_firmware *
mcafee web_gateway 8.2.19
oracle mysql_server *
checkpoint quantum_security_gateway_firmware r80.40
oracle primavera_unifier *
siemens simatic_mv500_firmware *
siemens tia_administrator *
netapp ontap_select_deploy_administration_utility -
siemens simatic_pdm_firmware *
oracle peoplesoft_enterprise_peopletools 8.58
freebsd freebsd 12.2
oracle secure_backup *
debian debian_linux 9.0
debian debian_linux 10.0
siemens simatic_logon *
siemens scalance_s623_firmware *
sonicwall sma100_firmware *
siemens simatic_hmi_comfort_outdoor_panels_firmware *
checkpoint quantum_security_management_firmware r80.40
siemens simatic_rf188c_firmware *
siemens simatic_logon 1.5
siemens scalance_xr552-12_firmware *
siemens scalance_xc-200_firmware *
tenable nessus_network_monitor 5.12.0
tenable nessus_network_monitor 5.12.1
oracle enterprise_manager_for_storage_management 13.4.0.0
siemens simatic_net_cp_1545-1_firmware *
siemens scalance_xb-200_firmware *
netapp storagegrid -
siemens scalance_xr526-8c_firmware *
siemens simatic_hmi_ktp_mobile_panels_firmware *
siemens scalance_xr-300wg_firmware *
tenable nessus_network_monitor 5.11.1
oracle peoplesoft_enterprise_peopletools 8.59
oracle primavera_unifier 19.12
siemens simatic_rf185c_firmware *
siemens simatic_s7-1200_cpu_1211c_firmware *
siemens simatic_s7-1200_cpu_1215_fc_firmware *
oracle graalvm 21.0.0.2
checkpoint quantum_security_gateway_firmware r81
oracle communications_communications_policy_management 12.6.0.0.0
siemens scalance_sc-600_firmware *
mcafee web_gateway_cloud_service 9.2.10
siemens simatic_net_cp_1543-1_firmware *
mcafee web_gateway_cloud_service 10.1.1
oracle mysql_connectors *
oracle secure_global_desktop 5.6
siemens simatic_wincc_telecontrol -
nodejs node.js *
netapp oncommand_workflow_automation -
siemens simatic_s7-1200_cpu_1212fc_firmware *
siemens simatic_cp_1242-7_gprs_v2_firmware -
siemens simatic_wincc_runtime_advanced *
siemens simatic_s7-1500_cpu_1518-4_pn/dp_mfp_firmware *
siemens simatic_net_cp_1542sp-1_irc_firmware *
siemens tim_1531_irc_firmware *
mcafee web_gateway 10.1.1
oracle jd_edwards_enterpriseone_tools *
siemens scalance_s612_firmware *
siemens sinumerik_opc_ua_server *
siemens simatic_rf188ci_firmware *
siemens simatic_hmi_basic_panels_2nd_generation_firmware *
sonicwall sonicos 7.0.1.0
mcafee web_gateway 9.2.10
oracle primavera_unifier 20.12
checkpoint multi-domain_management_firmware r80.40
siemens scalance_m-800_firmware *
siemens scalance_w700_firmware *
siemens simatic_cp_1242-7_gprs_v2_firmware *
openssl openssl *
netapp snapcenter -
oracle essbase 21.2
siemens scalance_xr528-6m_firmware *
siemens scalance_s602_firmware *
oracle primavera_unifier 21.12
checkpoint quantum_security_management_firmware r81
oracle graalvm 20.3.1.2
checkpoint multi-domain_management_firmware r81
siemens simatic_rf186ci_firmware *
fedoraproject fedora 34
mcafee web_gateway_cloud_service 8.2.19
netapp oncommand_insight -
siemens simatic_net_cp_1243-1_firmware *
siemens simatic_s7-1200_cpu_1217c_firmware *
siemens sinec_pni -
siemens simatic_net_cp_1243-8_irc_firmware *
tenable nessus *
netapp santricity_smi-s_provider -
siemens simatic_pcs_7_telecontrol_firmware *
siemens simatic_rf186c_firmware *
siemens scalance_xp-200_firmware *
siemens scalance_s615_firmware *
tenable log_correlation_engine *
siemens scalance_xf-200ba_firmware *
siemens scalance_s627-2m_firmware *
sonicwall capture_client 3.5
siemens sinema_server 14.0
siemens sinec_nms 1.0
siemens sinec_infrastructure_network_services *
siemens simatic_net_cp1243-7_lte_us_firmware *
oracle mysql_workbench *
siemens simatic_rf166c_firmware *
siemens simatic_s7-1200_cpu_1214c_firmware *
netapp cloud_volumes_ontap_mediator -
siemens scalance_lpe9403_firmware *
siemens ruggedcom_rcm1224_firmware *
CVE-2021-3450 MEDIUM

The X509_V_FLAG_X509_STRICT flag enables additional security checks of the certificates present in a certificate chain. It is not set by default. Starting from OpenSSL version 1.1.1h a check to disallow certificates in the chain that have explicitly encoded elliptic curve parameters was added as an additional strict check. An error in the implementation of this check meant that the result of a previous check to confirm that certificates in the chain are valid CA certificates was overwritten. This effectively bypasses the check that non-CA certificates must not be able to issue other certificates. If a "purpose" has been configured then there is a subsequent opportunity for checks that the certificate is a valid CA. All of the named "purpose" values implemented in libcrypto perform this check. Therefore, where a purpose is set the certificate chain will still be rejected even when the strict flag has been used. A purpose is set by default in libssl client and server certificate verification routines, but it can be overridden or removed by an application. In order to be affected, an application must explicitly set the X509_V_FLAG_X509_STRICT verification flag and either not set a purpose for the certificate verification or, in the case of TLS client or server applications, override the default purpose. OpenSSL versions 1.1.1h and newer are affected by this issue. Users of these versions should upgrade to OpenSSL 1.1.1k. OpenSSL 1.0.2 is not impacted by this issue. Fixed in OpenSSL 1.1.1k (Affected 1.1.1h-1.1.1j).

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.4 HIGH CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N 2.2 5.2

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-295,

Products Affected

Vendor Product Version
oracle graalvm 19.3.5
windriver linux 19.0
oracle weblogic_server 12.2.1.4.0
oracle graalvm 20.3.1.2
sonicwall email_security *
nodejs node.js *
netapp oncommand_workflow_automation -
sonicwall sma100_firmware *
fedoraproject fedora 34
oracle mysql_enterprise_monitor *
tenable nessus_network_monitor 5.11.0
mcafee web_gateway 10.1.1
mcafee web_gateway_cloud_service 8.2.19
oracle jd_edwards_enterpriseone_tools *
oracle commerce_guided_search 11.3.2
windriver linux -
tenable nessus_network_monitor 5.13.0
tenable nessus *
netapp storagegrid_firmware -
tenable nessus_agent *
tenable nessus_network_monitor 5.12.0
netapp santricity_smi-s_provider_firmware -
tenable nessus_network_monitor 5.12.1
mcafee web_gateway 9.2.10
oracle enterprise_manager_for_storage_management 13.4.0.0
windriver linux 18.0
netapp storagegrid -
oracle jd_edwards_world_security a9.4
tenable nessus_network_monitor 5.11.1
sonicwall sonicos *
mcafee web_gateway 8.2.19
sonicwall capture_client *
oracle graalvm 21.0.0.2
oracle mysql_server *
mcafee web_gateway_cloud_service 9.2.10
openssl openssl *
netapp ontap_select_deploy_administration_utility -
oracle weblogic_server 14.1.1.0.0
oracle peoplesoft_enterprise_peopletools *
oracle mysql_workbench *
freebsd freebsd 12.2
oracle secure_backup *
netapp cloud_volumes_ontap_mediator -
windriver linux 17.0
mcafee web_gateway_cloud_service 10.1.1
oracle mysql_connectors *
oracle secure_global_desktop 5.6
CVE-2021-36159 MEDIUM

libfetch before 2021-07-26, as used in apk-tools, xbps, and other products, mishandles numeric strings for the FTP and HTTP protocols. The FTP passive mode implementation allows an out-of-bounds read because strtol is used to parse the relevant numbers into address bytes. It does not check if the line ends prematurely. If it does, the for-loop condition checks for the '\0' terminator one byte too late.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.1 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H 3.9 5.2

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-125,

Products Affected

Vendor Product Version
freebsd libfetch *
CVE-2022-23084

The total size of the user-provided nmreq to nmreq_copyin() was first computed and then trusted during the copyin. This time-of-check to time-of-use bug could lead to kernel memory corruption. On systems configured to include netmap in their devfs_ruleset, a privileged process running in a jail can affect the host environment.

Products Affected

Vendor Product Version
freebsd freebsd 12.3
freebsd freebsd *
freebsd freebsd 13.0
CVE-2022-23085

A user-provided integer option was passed to nmreq_copyin() without checking if it would overflow. This insufficient bounds checking could lead to kernel memory corruption. On systems configured to include netmap in their devfs_ruleset, a privileged process running in a jail can affect the host environment.

Products Affected

Vendor Product Version
freebsd freebsd 12.3
freebsd freebsd *
freebsd freebsd 13.0
CVE-2022-23086

Handlers for *_CFG_PAGE read / write ioctls in the mpr, mps, and mpt drivers allocated a buffer of a caller-specified size, but copied to it a fixed size header. Other heap content would be overwritten if the specified size was too small. Users with access to the mpr, mps or mpt device node may overwrite heap data, potentially resulting in privilege escalation. Note that the device node is only accessible to root and members of the operator group.

Products Affected

Vendor Product Version
freebsd freebsd 12.3
freebsd freebsd *
freebsd freebsd 13.0
CVE-2022-23087

The e1000 network adapters permit a variety of modifications to an Ethernet packet when it is being transmitted. These include the insertion of IP and TCP checksums, insertion of an Ethernet VLAN header, and TCP segmentation offload ("TSO"). The e1000 device model uses an on-stack buffer to generate the modified packet header when simulating these modifications on transmitted packets. When checksum offload is requested for a transmitted packet, the e1000 device model used a guest-provided value to specify the checksum offset in the on-stack buffer. The offset was not validated for certain packet types. A misbehaving bhyve guest could overwrite memory in the bhyve process on the host, possibly leading to code execution in the host context. The bhyve process runs in a Capsicum sandbox, which (depending on the FreeBSD version and bhyve configuration) limits the impact of exploiting this issue.

Products Affected

Vendor Product Version
freebsd freebsd 12.3
freebsd freebsd *
freebsd freebsd 13.0
CVE-2022-23088

The 802.11 beacon handling routine failed to validate the length of an IEEE 802.11s Mesh ID before copying it to a heap-allocated buffer. While a FreeBSD Wi-Fi client is in scanning mode (i.e., not associated with a SSID) a malicious beacon frame may overwrite kernel memory, leading to remote code execution.

Products Affected

Vendor Product Version
freebsd freebsd 12.3
freebsd freebsd 13.1
freebsd freebsd *
freebsd freebsd 13.0
CVE-2022-23089

When dumping core and saving process information, proc_getargv() might return an sbuf which have a sbuf_len() of 0 or -1, which is not properly handled. An out-of-bound read can happen when user constructs a specially crafted ps_string, which in turn can cause the kernel to crash.

Products Affected

Vendor Product Version
freebsd freebsd 12.3
freebsd freebsd 13.1
freebsd freebsd *
freebsd freebsd 13.0
CVE-2022-23090

The aio_aqueue function, used by the lio_listio system call, fails to release a reference to a credential in an error case. An attacker may cause the reference count to overflow, leading to a use after free (UAF).

Products Affected

Vendor Product Version
freebsd freebsd 12.3
freebsd freebsd 13.0
CVE-2022-23091

A particular case of memory sharing is mishandled in the virtual memory system. This is very similar to SA-21:08.vm, but with a different root cause. An unprivileged local user process can maintain a mapping of a page after it is freed, allowing that process to read private data belonging to other processes or the kernel.

Products Affected

Vendor Product Version
freebsd freebsd 12.3
freebsd freebsd 13.1
freebsd freebsd *
freebsd freebsd 13.0
CVE-2022-23092

The implementation of lib9p's handling of RWALK messages was missing a bounds check needed when unpacking the message contents. The missing check means that the receipt of a specially crafted message will cause lib9p to overwrite unrelated memory. The bug can be triggered by a malicious bhyve guest kernel to overwrite memory in the bhyve(8) process. This could potentially lead to user-mode code execution on the host, subject to bhyve's Capsicum sandbox.

Products Affected

Vendor Product Version
freebsd freebsd 13.1
freebsd freebsd 13.0
CVE-2022-23093

ping reads raw IP packets from the network to process responses in the pr_pack() function. As part of processing a response ping has to reconstruct the IP header, the ICMP header and if present a "quoted packet," which represents the packet that generated an ICMP error. The quoted packet again has an IP header and an ICMP header. The pr_pack() copies received IP and ICMP headers into stack buffers for further processing. In so doing, it fails to take into account the possible presence of IP option headers following the IP header in either the response or the quoted packet. When IP options are present, pr_pack() overflows the destination buffer by up to 40 bytes. The memory safety bugs described above can be triggered by a remote host, causing the ping program to crash. The ping process runs in a capability mode sandbox on all affected versions of FreeBSD and is thus very constrained in how it can interact with the rest of the system at the point where the bug can occur.

Products Affected

Vendor Product Version
freebsd freebsd 12.3
freebsd freebsd 13.1
freebsd freebsd 12.4
CVE-2022-32264

sys/netinet/tcp_timer.h in FreeBSD before 7.0 contains a denial-of-service (DoS) vulnerability due to improper handling of TSopt on TCP connections. NOTE: This vulnerability only affects products that are no longer supported by the maintainer

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

Products Affected

Vendor Product Version
freebsd freebsd *
CVE-2023-0751

When GELI reads a key file from standard input, it does not reuse the key file to initialize multiple providers at once resulting in the second and subsequent devices silently using a NULL key as the user key file. If a user only uses a key file without a user passphrase, the master key is encrypted with an empty key file allowing trivial recovery of the master key.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N 2.8 3.6

Products Affected

Vendor Product Version
freebsd freebsd 12.3
freebsd freebsd 13.1
freebsd freebsd 12.4
CVE-2023-3107

A set of carefully crafted ipv6 packets can trigger an integer overflow in the calculation of a fragment reassembled packet's payload length field. This allows an attacker to trigger a kernel panic, resulting in a denial of service.

Products Affected

Vendor Product Version
freebsd freebsd 13.2
freebsd freebsd 13.1
freebsd freebsd 12.4
netapp clustered_data_ontap 9.0
CVE-2023-3326

pam_krb5 authenticates a user by essentially running kinit with the password, getting a ticket-granting ticket (tgt) from the Kerberos KDC (Key Distribution Center) over the network, as a way to verify the password. However, if a keytab is not provisioned on the system, pam_krb5 has no way to validate the response from the KDC, and essentially trusts the tgt provided over the network as being valid. In a non-default FreeBSD installation that leverages pam_krb5 for authentication and does not have a keytab provisioned, an attacker that is able to control both the password and the KDC responses can return a valid tgt, allowing authentication to occur for any user on the system.

Products Affected

Vendor Product Version
freebsd freebsd 13.2
freebsd freebsd 13.1
freebsd freebsd *
freebsd freebsd 12.4
CVE-2023-3494

The fwctl driver implements a state machine which is executed when a bhyve guest accesses certain x86 I/O ports. The interface lets the guest copy a string into a buffer resident in the bhyve process' memory. A bug in the state machine implementation can result in a buffer overflowing when copying this string. Malicious, privileged software running in a guest VM can exploit the buffer overflow to achieve code execution on the host in the bhyve userspace process, which typically runs as root, mitigated by the capabilities assigned through the Capsicum sandbox available to the bhyve process.

Products Affected

Vendor Product Version
freebsd freebsd 13.2
freebsd freebsd 13.1
CVE-2023-4809

In pf packet processing with a 'scrub fragment reassemble' rule, a packet containing multiple IPv6 fragment headers would be reassembled, and then immediately processed. That is, a packet with multiple fragment extension headers would not be recognized as the correct ultimate payload. Instead a packet with multiple IPv6 fragment headers would unexpectedly be interpreted as a fragmented packet, rather than as whatever the real payload is. As a result, IPv6 fragments may bypass pf firewall rules written on the assumption all fragments have been reassembled and, as a result, be forwarded or processed by the host.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N 3.9 3.6

Products Affected

Vendor Product Version
freebsd freebsd 13.2
freebsd freebsd *
freebsd freebsd 12.4
CVE-2023-48795

The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass integrity checks such that some packets are omitted (from the extension negotiation message), and a client and server may consequently end up with a connection for which some security features have been downgraded or disabled, aka a Terrapin attack. This occurs because the SSH Binary Packet Protocol (BPP), implemented by these extensions, mishandles the handshake phase and mishandles use of sequence numbers. For example, there is an effective attack against SSH's use of ChaCha20-Poly1305 (and CBC with Encrypt-then-MAC). The bypass occurs in chacha20-poly1305@openssh.com and (if CBC is used) the -etm@openssh.com MAC algorithms. This also affects Maverick Synergy Java SSH API before 3.1.0-SNAPSHOT, Dropbear through 2022.83, Ssh before 5.1.1 in Erlang/OTP, PuTTY before 0.80, AsyncSSH before 2.14.2, golang.org/x/crypto before 0.17.0, libssh before 0.10.6, libssh2 through 1.11.0, Thorn Tech SFTP Gateway before 3.4.6, Tera Term before 5.1, Paramiko before 3.4.0, jsch before 0.2.15, SFTPGo before 2.5.6, Netgate pfSense Plus through 23.09.1, Netgate pfSense CE through 2.7.2, HPN-SSH through 18.2.0, ProFTPD before 1.3.8b (and before 1.3.9rc2), ORYX CycloneSSH before 2.3.4, NetSarang XShell 7 before Build 0144, CrushFTP before 10.6.0, ConnectBot SSH library before 2.2.22, Apache MINA sshd through 2.11.0, sshj through 0.37.0, TinySSH through 20230101, trilead-ssh2 6401, LANCOM LCOS and LANconfig, FileZilla before 3.66.4, Nova before 11.8, PKIX-SSH before 14.4, SecureCRT before 9.4.3, Transmit5 before 5.10.4, Win32-OpenSSH before 9.5.0.0p1-Beta, WinSCP before 6.2.2, Bitvise SSH Server before 9.32, Bitvise SSH Client before 9.33, KiTTY through 0.76.1.13, the net-ssh gem 7.2.0 for Ruby, the mscdex ssh2 module before 1.15.0 for Node.js, the thrussh library before 0.35.1 for Rust, and the Russh crate before 0.40.2 for Rust.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.9 MEDIUM CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N 2.2 3.6

Products Affected

Vendor Product Version
tera_term_project tera_term *
netgate pfsense_ce *
redhat enterprise_linux 9.0
redhat advanced_cluster_security 3.0
bitvise ssh_client *
thorntech sftp_gateway_firmware *
fedoraproject fedora 39
jadaptive maverick_synergy_java_ssh_api *
lancom-systems lcos_sx 4.20
redhat storage 3.0
russh_project russh *
filezilla-project filezilla_client *
lancom-systems lcos *
apache sshj *
netgate pfsense_plus *
panic nova *
bitvise ssh_server *
ssh ssh *
redhat openshift_data_foundation 4.0
panic transmit_5 *
redhat advanced_cluster_security 4.0
oryx-embedded cyclone_ssh *
redhat discovery -
redhat openshift_serverless -
redhat openstack_platform 16.1
redhat openshift_dev_spaces -
redhat openshift_gitops -
redhat openstack_platform 17.1
roumenpetrov pkixssh *
erlang erlang/otp *
ssh2_project ssh2 *
redhat cert-manager_operator_for_red_hat_openshift -
libssh2 libssh2 *
lancom-systems lcos_lx -
microsoft powershell *
sftpgo_project sftpgo *
redhat ceph_storage 6.0
lancom-systems lanconfig -
debian debian_linux 10.0
redhat single_sign-on 7.0
crates thrussh *
redhat openshift_container_platform 4.0
redhat openstack_platform 16.2
putty putty *
lancom-systems lcos_sx 5.20
libssh libssh *
gentoo security -
net-ssh net-ssh 7.2.0
winscp winscp *
redhat jboss_enterprise_application_platform 7.0
redhat keycloak -
netsarang xshell_7 *
paramiko paramiko *
lancom-systems lcos_fx -
crushftp crushftp *
fedoraproject fedora 38
redhat openshift_developer_tools_and_services -
vandyke securecrt *
redhat enterprise_linux 8.0
proftpd proftpd *
golang crypto *
freebsd freebsd *
redhat openshift_virtualization 4
apache sshd *
redhat openshift_pipelines -
connectbot sshlib *
trilead ssh2 6401
dropbear_ssh_project dropbear_ssh *
redhat openshift_api_for_data_protection -
apple macos *
openbsd openssh *
kitty_project kitty *
asyncssh_project asyncssh *
matez jsch *
tinyssh tinyssh *
CVE-2023-51765

sendmail through 8.17.2 allows SMTP smuggling in certain configurations. Remote attackers can use a published exploitation technique to inject e-mail messages with a spoofed MAIL FROM address, allowing bypass of an SPF protection mechanism. This occurs because sendmail supports <LF>.<CR><LF> but some other popular e-mail servers do not. This is resolved in 8.18 and later versions with 'o' in srv_features.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N 3.9 1.4

Products Affected

Vendor Product Version
redhat enterprise_linux 8.0
freebsd freebsd *
redhat enterprise_linux 9.0
sendmail sendmail *
CVE-2023-5368

On an msdosfs filesystem, the 'truncate' or 'ftruncate' system calls under certain circumstances populate the additional space in the file with unallocated data from the underlying disk device, rather than zero bytes. This may permit a user with write access to files on a msdosfs filesystem to read unintended data (e.g. from a previously deleted file).

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N 2.8 3.6

Products Affected

Vendor Product Version
freebsd freebsd 13.2
freebsd freebsd *
freebsd freebsd 12.4
CVE-2023-5369

Before correction, the copy_file_range system call checked only for the CAP_READ and CAP_WRITE capabilities on the input and output file descriptors, respectively. Using an offset is logically equivalent to seeking, and the system call must additionally require the CAP_SEEK capability. This incorrect privilege check enabled sandboxed processes with only read or write but no seek capability on a file descriptor to read data from or write data to an arbitrary location within the file corresponding to that file descriptor.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.1 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N 1.8 5.2

Products Affected

Vendor Product Version
freebsd freebsd 13.2
CVE-2023-5370

On CPU 0 the check for the SMCCC workaround is called before SMCCC support has been initialized. This resulted in no speculative execution workarounds being installed on CPU 0.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N 1.8 3.6

Products Affected

Vendor Product Version
freebsd freebsd 13.2
CVE-2023-5941

In versions of FreeBSD 12.4-RELEASE prior to 12.4-RELEASE-p7 and FreeBSD 13.2-RELEASE prior to 13.2-RELEASE-p5 the __sflush() stdio function in libc does not correctly update FILE objects' write space members for write-buffered streams when the write(2) system call returns an error.  Depending on the nature of an application that calls libc's stdio functions and the presence of errors returned from the write(2) system call (or an overridden stdio write routine) a heap buffer overflow may occur. Such overflows may lead to data corruption or the execution of arbitrary code at the privilege level of the calling program.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

Products Affected

Vendor Product Version
freebsd freebsd 13.2
freebsd freebsd *
freebsd freebsd 12.4
CVE-2023-5978

In versions of FreeBSD 13-RELEASE before 13-RELEASE-p5, under certain circumstances the cap_net libcasper(3) service incorrectly validates that updated constraints are strictly subsets of the active constraints.  When only a list of resolvable domain names was specified without setting any other limitations, an application could submit a new list of domains including include entries not previously listed.  This could permit the application to resolve domain names that were previously restricted.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N 3.9 3.6

Products Affected

Vendor Product Version
freebsd freebsd 13.2
freebsd freebsd *
CVE-2023-6534

In versions of FreeBSD 14.0-RELEASE before 14-RELEASE-p2, FreeBSD 13.2-RELEASE before 13.2-RELEASE-p7 and FreeBSD 12.4-RELEASE before 12.4-RELEASE-p9, the pf(4) packet filter incorrectly validates TCP sequence numbers.  This could allow a malicious actor to execute a denial-of-service attack against hosts behind the firewall.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

Products Affected

Vendor Product Version
freebsd freebsd 13.2
freebsd freebsd 14.0
freebsd freebsd 12.4
CVE-2023-6660

When a program running on an affected system appends data to a file via an NFS client mount, the bug can cause the NFS client to fail to copy in the data to be written but proceed as though the copy operation had succeeded. This means that the data to be written is instead replaced with whatever data had been in the packet buffer previously. Thus, an unprivileged user with access to an affected system may abuse the bug to trigger disclosure of sensitive information. In particular, the leak is limited to data previously stored in mbufs, which are used for network transmission and reception, and for certain types of inter-process communication. The bug can also be triggered unintentionally by system applications, in which case the data written by the application to an NFS mount may be corrupted. Corrupted data is written over the network to the NFS server, and thus also susceptible to being snooped by other hosts on the network. Note that the bug exists only in the NFS client; the version and implementation of the server has no effect on whether a given system is affected by the problem.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N 2.8 3.6

Products Affected

Vendor Product Version
freebsd freebsd 13.2
freebsd freebsd 14.0
CVE-2024-25940

`bhyveload -h <host-path>` may be used to grant loader access to the <host-path> directory tree on the host. Affected versions of bhyveload(8) do not make any attempt to restrict loader's access to <host-path>, allowing the loader to read any file the host user has access to. In the bhyveload(8) model, the host supplies a userboot.so to boot with, but the loader scripts generally come from the guest image. A maliciously crafted script could be used to exfiltrate sensitive data from the host accessible to the user running bhyhveload(8), which is often the system root.

Products Affected

Vendor Product Version
freebsd freebsd 13.2
freebsd freebsd *
freebsd freebsd 14.0
CVE-2024-25941

The jail(2) system call has not limited a visiblity of allocated TTYs (the kern.ttys sysctl). This gives rise to an information leak about processes outside the current jail. Attacker can get information about TTYs allocated on the host or in other jails. Effectively, the information printed by "pstat -t" may be leaked.

Products Affected

Vendor Product Version
freebsd freebsd 13.2
freebsd freebsd *
freebsd freebsd 14.0
CVE-2024-29937

NFS in a BSD derived codebase, as used in OpenBSD through 7.4 and FreeBSD through 14.0-RELEASE, allows remote attackers to execute arbitrary code via a bug that is unrelated to memory corruption.

Products Affected

Vendor Product Version
openbsd openbsd *
freebsd freebsd 14.0
CVE-2024-32668

An insufficient boundary validation in the USB code could lead to an out-of-bounds write on the heap, with data controlled by the caller. A malicious, privileged software running in a guest VM can exploit the vulnerability to achieve code execution on the host in the bhyve userspace process, which typically runs as root. Note that bhyve runs in a Capsicum sandbox, so malicious code is constrained by the capabilities available to the bhyve process.

Products Affected

Vendor Product Version
freebsd freebsd 13.4
freebsd freebsd *
freebsd freebsd 14.0
freebsd freebsd 14.1
freebsd freebsd 13.3
CVE-2024-42416

The ctl_report_supported_opcodes function did not sufficiently validate a field provided by userspace, allowing an arbitrary write to a limited amount of kernel help memory. Malicious software running in a guest VM that exposes virtio_scsi can exploit the vulnerabilities to achieve code execution on the host in the bhyve userspace process, which typically runs as root. Note that bhyve runs in a Capsicum sandbox, so malicious code is constrained by the capabilities available to the bhyve process. A malicious iSCSI initiator could achieve remote code execution on the iSCSI target host.

Products Affected

Vendor Product Version
freebsd freebsd 13.4
freebsd freebsd *
freebsd freebsd 14.0
freebsd freebsd 14.1
freebsd freebsd 13.3
CVE-2024-43102

Concurrent removals of certain anonymous shared memory mappings by using the UMTX_SHM_DESTROY sub-request of UMTX_OP_SHM can lead to decreasing the reference count of the object representing the mapping too many times, causing it to be freed too early. A malicious code exercizing the UMTX_SHM_DESTROY sub-request in parallel can panic the kernel or enable further Use-After-Free attacks, potentially including code execution or Capsicum sandbox escape.

Products Affected

Vendor Product Version
freebsd freebsd 13.4
freebsd freebsd *
freebsd freebsd 14.0
freebsd freebsd 14.1
freebsd freebsd 13.3
CVE-2024-43110

The ctl_request_sense function could expose up to three bytes of the kernel heap to userspace. Malicious software running in a guest VM that exposes virtio_scsi can exploit the vulnerabilities to achieve code execution on the host in the bhyve userspace process, which typically runs as root. Note that bhyve runs in a Capsicum sandbox, so malicious code is constrained by the capabilities available to the bhyve process. A malicious iSCSI initiator could achieve remote code execution on the iSCSI target host.

Products Affected

Vendor Product Version
freebsd freebsd 13.4
freebsd freebsd *
freebsd freebsd 14.0
freebsd freebsd 14.1
freebsd freebsd 13.3
CVE-2024-45063

The function ctl_write_buffer incorrectly set a flag which resulted in a kernel Use-After-Free when a command finished processing. Malicious software running in a guest VM that exposes virtio_scsi can exploit the vulnerabilities to achieve code execution on the host in the bhyve userspace process, which typically runs as root. Note that bhyve runs in a Capsicum sandbox, so malicious code is constrained by the capabilities available to the bhyve process. A malicious iSCSI initiator could achieve remote code execution on the iSCSI target host.

Products Affected

Vendor Product Version
freebsd freebsd 13.4
freebsd freebsd *
freebsd freebsd 14.0
freebsd freebsd 14.1
freebsd freebsd 13.3
CVE-2024-45287

A malicious value of size in a structure of packed libnv can cause an integer overflow, leading to the allocation of a smaller buffer than required for the parsed data.

Products Affected

Vendor Product Version
freebsd freebsd 13.4
freebsd freebsd *
freebsd freebsd 14.0
freebsd freebsd 14.1
freebsd freebsd 13.3
CVE-2024-6387

A security regression (CVE-2006-5051) was discovered in OpenSSH's server (sshd). There is a race condition which can lead sshd to handle some signals in an unsafe manner. An unauthenticated, remote attacker may be able to trigger it by failing to authenticate within a set time period.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
secalert@redhat.com 8.1 HIGH CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H 2.2 5.9

Products Affected

Vendor Product Version
canonical ubuntu_linux 22.04
canonical ubuntu_linux 24.04
amazon amazon_linux 2023.0
netapp e-series_santricity_os_controller *
freebsd freebsd 14.1
netapp active_iq_unified_manager -
redhat enterprise_linux 9.0
almalinux almalinux 9.0
arista eos *
openbsd openssh 8.6
netapp ontap 9
netapp a250_firmware -
netapp c800_firmware -
suse linux_enterprise_micro 6.0
netbsd netbsd *
redhat enterprise_linux_for_ibm_z_systems_eus 9.4_s390x
debian debian_linux 12.0
redhat enterprise_linux_for_power_little_endian 9.0_ppc64le
freebsd freebsd 13.2
netapp fas2820_firmware -
canonical ubuntu_linux 23.10
netapp a400_firmware -
netapp a220_firmware -
freebsd freebsd 13.3
netapp ontap_select_deploy_administration_utility -
sonicwall sma_6200_firmware -
canonical ubuntu_linux 22.10
netapp a150_firmware -
sonicwall sra_ex_7000_firmware -
netapp a700s_firmware -
netapp ontap_tools 10
netapp a9500_firmware -
netapp 500f_firmware -
netapp a90_firmware -
redhat openshift_container_platform 4.0
netapp a900_firmware -
redhat enterprise_linux_for_ibm_z_systems 9.0_s390x
amazon linux_2023 -
redhat enterprise_linux_for_arm_64 9.0_aarch64
redhat enterprise_linux_server_aus 9.4
sonicwall sma_7200_firmware -
netapp bootstrap_os -
netapp fas2720_firmware -
netapp a1k_firmware -
redhat enterprise_linux_for_power_little_endian_eus 9.4_ppc64le
netapp a70_firmware -
redhat enterprise_linux_eus 9.4
netapp 8300_firmware -
netapp a800_firmware -
netapp ontap_tools 9
sonicwall sma_7210_firmware -
sonicwall sma_8200v_firmware -
freebsd freebsd 14.0
redhat enterprise_linux_for_arm_64_eus 9.4_aarch64
netapp fas2750_firmware -
openbsd openssh 4.4
apple macos *
openbsd openssh *
netapp 8700_firmware -
openbsd openssh 8.5
sonicwall sma_6210_firmware -
netapp c190_firmware -
netapp c250_firmware -
netapp c400_firmware -
canonical ubuntu_linux 23.04
CVE-2024-6759

When mounting a remote filesystem using NFS, the kernel did not sanitize remotely provided filenames for the path separator character, "/". This allows readdir(3) and related functions to return filesystem entries with names containing additional path components. The lack of validation described above gives rise to a confused deputy problem. For example, a program copying files from an NFS mount could be tricked into copying from outside the intended source directory, and/or to a location outside the intended destination directory.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
134c704f-9b21-4f2e-91b3-4a467353bcc0 5.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N 3.9 1.4

Products Affected

Vendor Product Version
freebsd freebsd *
freebsd freebsd 14.0
freebsd freebsd 14.1
freebsd freebsd 13.3
CVE-2024-6760

A logic bug in the code which disables kernel tracing for setuid programs meant that tracing was not disabled when it should have, allowing unprivileged users to trace and inspect the behavior of setuid programs. The bug may be used by an unprivileged user to read the contents of files to which they would not otherwise have access, such as the local password database.

Products Affected

Vendor Product Version
freebsd freebsd *
freebsd freebsd 14.0
freebsd freebsd 14.1
freebsd freebsd 13.3
CVE-2024-7589

A signal handler in sshd(8) may call a logging function that is not async-signal-safe. The signal handler is invoked when a client does not authenticate within the LoginGraceTime seconds (120 by default). This signal handler executes in the context of the sshd(8)'s privileged code, which is not sandboxed and runs with full root privileges. This issue is another instance of the problem in CVE-2024-6387 addressed by FreeBSD-SA-24:04.openssh. The faulty code in this case is from the integration of blacklistd in OpenSSH in FreeBSD. As a result of calling functions that are not async-signal-safe in the privileged sshd(8) context, a race condition exists that a determined attacker may be able to exploit to allow an unauthenticated remote code execution as root.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
134c704f-9b21-4f2e-91b3-4a467353bcc0 8.1 HIGH CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H 2.2 5.9

Products Affected

Vendor Product Version
freebsd freebsd *
freebsd freebsd 14.0
freebsd freebsd 14.1
freebsd freebsd 13.3
CVE-2024-8178

The ctl_write_buffer and ctl_read_buffer functions allocated memory to be returned to userspace, without initializing it. Malicious software running in a guest VM that exposes virtio_scsi can exploit the vulnerabilities to achieve code execution on the host in the bhyve userspace process, which typically runs as root. Note that bhyve runs in a Capsicum sandbox, so malicious code is constrained by the capabilities available to the bhyve process. A malicious iSCSI initiator could achieve remote code execution on the iSCSI target host.

Products Affected

Vendor Product Version
freebsd freebsd 13.4
freebsd freebsd *
freebsd freebsd 14.0
freebsd freebsd 14.1
freebsd freebsd 13.3
CVE-2025-14558

The rtsol(8) and rtsold(8) programs do not validate the domain search list options provided in router advertisement messages; the option body is passed to resolvconf(8) unmodified. resolvconf(8) is a shell script which does not validate its input. A lack of quoting meant that shell commands pass as input to resolvconf(8) may be executed.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
134c704f-9b21-4f2e-91b3-4a467353bcc0 7.2 HIGH CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 1.2 5.9

Products Affected

Vendor Product Version
freebsd freebsd 14.3
freebsd freebsd 13.5
freebsd freebsd 15.0
CVE-2025-14769

In some cases, the `tcp-setmss` handler may free the packet data and throw an error without halting the rule processing engine. A subsequent rule can then allow the traffic after the packet data is gone, resulting in a NULL pointer dereference. Maliciously crafted packets sent from a remote host may result in a Denial of Service (DoS) if the `tcp-setmss` directive is used and a subsequent rule would allow the traffic to pass.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
134c704f-9b21-4f2e-91b3-4a467353bcc0 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

Products Affected

Vendor Product Version
freebsd freebsd 14.3
freebsd freebsd 13.5
CVE-2025-15547

By default, jailed processes cannot mount filesystems, including nullfs(4). However, the allow.mount.nullfs option enables mounting nullfs filesystems, subject to privilege checks. If a privileged user within a jail is able to nullfs-mount directories, a limitation of the kernel's path lookup logic allows that user to escape the jail's chroot, yielding access to the full filesystem of the host or parent jail. In a jail configured to allow nullfs(4) mounts from within the jail, the jailed root user can escape the jail's filesystem root.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
134c704f-9b21-4f2e-91b3-4a467353bcc0 8.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H 2.0 6.0

Products Affected

Vendor Product Version
freebsd freebsd 14.3
freebsd freebsd 13.5
CVE-2025-15576

If two sibling jails are restricted to separate filesystem trees, which is to say that neither of the two jail root directories is an ancestor of the other, jailed processes may nonetheless be able to access a shared directory via a nullfs mount, if the administrator has configured one. In this case, cooperating processes in the two jails may establish a connection using a unix domain socket and exchange directory descriptors with each other. When performing a filesystem name lookup, at each step of the lookup, the kernel checks whether the lookup would descend below the jail root of the current process. If the jail root directory is not encountered, the lookup continues. In a configuration where processes in two different jails are able to exchange file descriptors using a unix domain socket, it is possible for a jailed process to receive a directory for a descriptor that is below that process' jail root. This enables full filesystem access for a jailed process, breaking the chroot. Note that the system administrator is still responsible for ensuring that an unprivileged user on the jail host is not able to pass directory descriptors to a jailed process, even in a patched kernel.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
134c704f-9b21-4f2e-91b3-4a467353bcc0 7.5 HIGH CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:N 1.1 5.8

Products Affected

Vendor Product Version
freebsd freebsd 14.3
freebsd freebsd 13.5
CVE-2026-2261

Due to a programming error, blocklistd leaks a socket descriptor for each adverse event report it receives. Once a certain number of leaked sockets is reached, blocklistd becomes unable to run the helper script: a child process is forked, but this child dereferences a null pointer and crashes before it is able to exec the helper. At this point, blocklistd still records adverse events but is unable to block new addresses or unblock addresses whose database entries have expired. Once a second, much higher number of leaked sockets is reached, blocklistd becomes unable to receive new adverse event reports. An attacker may take advantage of this by triggering a large number of adverse events from sacrificial IP addresses to effectively disable blocklistd before launching an attack. Even in the absence of attacks or probes by would-be attackers, adverse events will occur regularly in the course of normal operations, and blocklistd will gradually run out file descriptors and become ineffective. The accumulation of open sockets may have knock-on effects on other parts of the system, resulting in a general slowdown until blocklistd is restarted.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6
134c704f-9b21-4f2e-91b3-4a467353bcc0 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

Products Affected

Vendor Product Version
freebsd freebsd 15.0
CVE-2026-3038

The rtsock_msg_buffer() function serializes routing information into a buffer. As a part of this, it copies sockaddr structures into a sockaddr_storage structure on the stack. It assumes that the source sockaddr length field had already been validated, but this is not necessarily the case, and it's possible for a malicious userspace program to craft a request which triggers a 127-byte overflow. In practice, this overflow immediately overwrites the canary for the rtsock_msg_buffer() stack frame, resulting in a panic once the function returns. The bug allows an unprivileged user to crash the kernel by triggering a stack buffer overflow in rtsock_msg_buffer(). In particular, the overflow will corrupt a stack canary value that is verified when the function returns; this mitigates the impact of the stack overflow by triggering a kernel panic. Other kernel bugs may exist which allow userspace to find the canary value and thus defeat the mitigation, at which point local privilege escalation may be possible.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
134c704f-9b21-4f2e-91b3-4a467353bcc0 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

Products Affected

Vendor Product Version
freebsd freebsd 14.4
freebsd freebsd 14.3
freebsd freebsd 13.5
freebsd freebsd 15.0
CVE-2026-4748

A regression in the way hashes were calculated caused rules containing the address range syntax (x.x.x.x - y.y.y.y) that only differ in the address range(s) involved to be silently dropped as duplicates. Only the first of such rules is actually loaded into pf. Ranges expressed using the address[/mask-bits] syntax were not affected. Some keywords representing actions taken on a packet-matching rule, such as 'log', 'return tll', or 'dnpipe', may suffer from the same issue. It is unlikely that users have such configurations, as these rules would always be redundant. Affected rules are silently ignored, which can lead to unexpected behaviour including over- and underblocking.

Products Affected

Vendor Product Version
freebsd freebsd *
freebsd freebsd 14.4
freebsd freebsd 14.3
freebsd freebsd 15.0