Sendmail allows local users to write to a file and gain group permissions via a .forward or :include: file.
Max CVSS
4.6
EPSS Score
0.05%
Published
1996-12-03
Updated
2022-08-17
KDE klock allows local users to kill arbitrary processes by specifying an arbitrary PID in the .kss.pid file.
Max CVSS
4.6
EPSS Score
0.04%
Published
1998-11-18
Updated
2016-10-18
FreeBSD seyon allows users to gain privileges via a modified PATH variable for finding the xterm and seyon-emu commands.
Max CVSS
4.6
EPSS Score
0.05%
Published
1999-12-01
Updated
2008-09-09
FreeBSD seyon allows local users to gain privileges by providing a malicious program in the -emulator argument.
Max CVSS
4.6
EPSS Score
0.04%
Published
1999-11-08
Updated
2008-09-09
Buffer overflow in FreeBSD xmindpath allows local users to gain privileges via -f argument.
Max CVSS
4.6
EPSS Score
0.04%
Published
1999-12-01
Updated
2008-09-09
Buffer overflow in FreeBSD angband allows local users to gain privileges.
Max CVSS
4.6
EPSS Score
0.04%
Published
1999-12-01
Updated
2008-09-09
Buffer overflow in FreeBSD seyon via HOME environmental variable, -emulator argument, -modems argument, or the GUI.
Max CVSS
4.6
EPSS Score
0.04%
Published
1999-11-08
Updated
2022-08-17
Pine before version 3.94 allows local users to gain privileges via a symlink attack on a lockfile that is created when a user receives new mail.
Max CVSS
4.6
EPSS Score
0.05%
Published
1996-08-26
Updated
2017-12-19
Manual page reader (man) in FreeBSD 2.2 and earlier allows local users to gain privileges via a sequence of commands.
Max CVSS
4.6
EPSS Score
0.04%
Published
1996-05-23
Updated
2017-12-19
asmon and ascpu in FreeBSD allow local users to gain root privileges via a configuration file.
Max CVSS
4.6
EPSS Score
0.04%
Published
2000-02-21
Updated
2008-09-10
libedit searches for the .editrc file in the current directory instead of the user's home directory, which may allow local users to execute arbitrary commands by installing a modified .editrc in another directory.
Max CVSS
4.6
EPSS Score
0.04%
Published
2000-07-05
Updated
2008-09-10
Buffer overflow in dc20ctrl before 0.4_1 in FreeBSD, and possibly other operating systems, allows local users to gain privileges.
Max CVSS
4.6
EPSS Score
0.04%
Published
2001-06-02
Updated
2017-10-10
Integer overflow in the Berkeley Fast File System (FFS) in FreeBSD 4.6.1 RELEASE-p4 and earlier allows local users to access arbitrary file contents within FFS to gain privileges by creating a file that is larger than allowed by the virtual memory system.
Max CVSS
4.6
EPSS Score
0.04%
Published
2002-08-12
Updated
2016-10-18
Integer signedness error in several system calls for FreeBSD 4.6.1 RELEASE-p10 and earlier may allow attackers to access sensitive kernel memory via large negative values to the (1) accept, (2) getsockname, and (3) getpeername system calls, and the (4) vesa FBIO_GETPALETTE ioctl.
Max CVSS
4.6
EPSS Score
0.05%
Published
2002-09-24
Updated
2016-10-18
ISC BIND 8.3.x before 8.3.7, and 8.4.x before 8.4.3, allows remote attackers to poison the cache via a malicious name server that returns negative responses with a large TTL (time-to-live) value.
Max CVSS
4.3
EPSS Score
2.35%
Published
2003-12-15
Updated
2018-10-30
mksnap_ffs in FreeBSD 5.1 and 5.2 only sets the snapshot flag when creating a snapshot for a file system, which causes default values for other flags to be used, possibly disabling security-critical settings and allowing a local user to bypass intended access restrictions.
Max CVSS
4.6
EPSS Score
0.04%
Published
2004-03-03
Updated
2017-10-10
The shmat system call in the System V Shared Memory interface for FreeBSD 5.2 and earlier, NetBSD 1.3 and earlier, and OpenBSD 2.6 and earlier, does not properly decrement a shared memory segment's reference count when the vm_map_find function fails, which could allow local users to gain read or write access to a portion of kernel memory and gain privileges.
Max CVSS
4.6
EPSS Score
0.04%
Published
2004-03-03
Updated
2017-10-10
The jail_attach system call in FreeBSD 5.1 and 5.2 changes the directory of a calling process even if the process doesn't have permission to change directory, which allows local users to gain read/write privileges to files and directories within another jail.
Max CVSS
4.6
EPSS Score
0.04%
Published
2004-03-29
Updated
2017-10-10
The syscons CONS_SCRSHOT ioctl in FreeBSD 5.x allows local users to read arbitrary kernel memory via (1) negative coordinates or (2) large coordinates.
Max CVSS
4.6
EPSS Score
0.04%
Published
2004-12-31
Updated
2017-07-11
FreeBSD 4.6 to 4.11 and 5.x to 5.4 uses insecure default permissions for the /dev/iir device, which allows local users to execute restricted ioctl calls to read or modify data on hardware that is controlled by the iir driver.
Max CVSS
4.6
EPSS Score
0.04%
Published
2005-05-06
Updated
2008-09-05
The i386_get_ldt system call in FreeBSD 4.7 to 4.11 and 5.x to 5.4 allows local users to access sensitive kernel memory via arguments with negative or very large values.
Max CVSS
4.6
EPSS Score
0.04%
Published
2005-05-06
Updated
2008-09-05
The kernel in FreeBSD 4.x to 4.11 and 5.x to 5.4 does not properly clear certain fixed-length buffers when copying variable-length data for use by applications, which could allow those applications to read previously used sensitive memory.
Max CVSS
4.6
EPSS Score
0.07%
Published
2005-05-06
Updated
2011-03-08
The securelevels implementation in FreeBSD 7.0 and earlier, OpenBSD up to 3.8, DragonFly up to 1.2, and Linux up to 2.6.15 allows root users to bypass immutable settings for files by mounting another filesystem that masks the immutable files while the system is running.
Max CVSS
4.3
EPSS Score
0.12%
Published
2005-12-31
Updated
2017-07-20
Integer signedness error in the i386_set_ldt call in FreeBSD 5.5, and possibly earlier versions down to 5.2, allows local users to cause a denial of service (crash) via unspecified arguments that use negative signed integers to cause the bzero function to be called with a large length parameter, a different vulnerability than CVE-2006-4172.
Max CVSS
4.9
EPSS Score
0.04%
Published
2006-09-26
Updated
2018-10-17
Integer signedness error in FreeBSD 6.0-RELEASE allows local users to cause a denial of service (memory corruption and kernel panic) via a PT_LWPINFO ptrace command with a large negative data value that satisfies a signed maximum value check but is used in an unsigned copyout function call.
Max CVSS
4.9
EPSS Score
0.04%
Published
2006-10-12
Updated
2017-07-20
53 vulnerabilities found
1 2 3
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!