Integer signedness error in the i386_set_ldt call in FreeBSD 5.5, and possibly earlier versions down to 5.2, allows local users to cause a denial of service (crash) via unspecified arguments that use negative signed integers to cause the bzero function to be called with a large length parameter, a different vulnerability than CVE-2006-4172.
Max CVSS
4.9
EPSS Score
0.04%
Published
2006-09-26
Updated
2018-10-17
Integer signedness error in FreeBSD 6.0-RELEASE allows local users to cause a denial of service (memory corruption and kernel panic) via a PT_LWPINFO ptrace command with a large negative data value that satisfies a signed maximum value check but is used in an unsigned copyout function call.
Max CVSS
4.9
EPSS Score
0.04%
Published
2006-10-12
Updated
2017-07-20
The kernel in FreeBSD 6.1 and OpenBSD 4.0 allows local users to cause a denial of service via unspecified vectors involving certain ioctl requests to /dev/crypto.
Max CVSS
4.9
EPSS Score
0.05%
Published
2006-10-26
Updated
2008-09-05
Integer overflow in the ffs_rdextattr function in FreeBSD 6.1 allows local users to cause a denial of service (kernel panic) and trigger a heap-based buffer overflow via a crafted UFS filesystem, a different vulnerability than CVE-2006-5679. NOTE: a third party states that this issue does not cross privilege boundaries in FreeBSD because only root may mount a filesystem.
Max CVSS
4.9
EPSS Score
0.04%
Published
2006-11-09
Updated
2017-07-20
The sendfile system call in FreeBSD 5.5 through 7.0 does not check the access flags of the file descriptor used for sending a file, which allows local users to read the contents of write-only files.
Max CVSS
4.9
EPSS Score
0.04%
Published
2008-02-15
Updated
2008-09-05
The db interface in libc in FreeBSD 6.3, 6.4, 7.0, 7.1, and 7.2-PRERELEASE does not properly initialize memory for Berkeley DB 1.85 database structures, which allows local users to obtain sensitive information by reading a database file.
Max CVSS
4.9
EPSS Score
0.04%
Published
2009-04-27
Updated
2016-11-28
Integer overflow in the pipe_build_write_buffer function (sys/kern/sys_pipe.c) in the direct write optimization feature in the pipe implementation in FreeBSD 7.1 through 7.2 and 6.3 through 6.4 allows local users to bypass virtual-to-physical address lookups and read sensitive information in memory pages via unspecified vectors.
Max CVSS
4.9
EPSS Score
0.04%
Published
2009-06-18
Updated
2017-08-17
Multiple integer signedness errors in smb_subr.c in the netsmb module in the kernel in NetBSD 5.0.2 and earlier, FreeBSD, and Apple Mac OS X allow local users to cause a denial of service (panic) via a negative size value in a /dev/nsmb ioctl operation, as demonstrated by a (1) SMBIOC_LOOKUP or (2) SMBIOC_OPENSESSION ioctl call.
Max CVSS
4.9
EPSS Score
0.04%
Published
2010-09-29
Updated
2010-09-30
The nand_ioctl function in sys/dev/nand/nand_geom.c in the nand driver in the kernel in FreeBSD 10 and earlier does not properly initialize a certain data structure, which allows local users to obtain sensitive information from kernel memory via a crafted ioctl call.
Max CVSS
4.9
EPSS Score
0.04%
Published
2013-11-21
Updated
2013-11-25
The qls_eioctl function in sys/dev/qlxge/qls_ioctl.c in the kernel in FreeBSD 10 and earlier does not validate a certain size parameter, which allows local users to obtain sensitive information from kernel memory via a crafted ioctl call.
Max CVSS
4.9
EPSS Score
0.04%
Published
2013-11-21
Updated
2013-11-25
The ql_eioctl function in sys/dev/qlxgbe/ql_ioctl.c in the kernel in FreeBSD 10 and earlier does not validate a certain size parameter, which allows local users to obtain sensitive information from kernel memory via a crafted ioctl call.
Max CVSS
4.9
EPSS Score
0.04%
Published
2013-11-21
Updated
2014-03-04
The (1) execve and (2) fexecve system calls in the FreeBSD kernel 8.4 before p11, 9.1 before p14, 9.2 before p7, and 10.0 before p4 destroys the virtual memory address space and mappings for a process before all threads have terminated, which allows local users to cause a denial of service (triple-fault and system reboot) via a crafted system call, which triggers an invalid page table pointer dereference.
Max CVSS
4.9
EPSS Score
0.04%
Published
2014-06-10
Updated
2014-06-21
FreeBSD 8.4 before p14, 9.1 before p17, 9.2 before p10, and 10.0 before p7 does not properly initialize the buffer between the header and data of a control message, which allows local users to obtain sensitive information from kernel memory via unspecified vectors.
Max CVSS
4.9
EPSS Score
0.04%
Published
2014-07-15
Updated
2017-08-29
FreeBSD 8.4 before p14, 9.1 before p17, 9.2 before p10, and 10.0 before p7 does not properly initialize certain data structures, which allows local users to obtain sensitive information from kernel memory via a (1) SCTP_SNDRCV, (2) SCTP_EXTRCV, or (3) SCTP_RCVINFO SCTP cmsg or a (4) SCTP_PEER_ADDR_CHANGE, (5) SCTP_REMOTE_ERROR, or (6) SCTP_AUTHENTICATION_EVENT notification.
Max CVSS
4.9
EPSS Score
0.04%
Published
2014-07-15
Updated
2014-11-19
The IATA (ata) driver in FreeBSD 6.0 and 8.0, when read access to /dev is available, allows local users to cause a denial of service (kernel panic) via a certain IOCTL request with a large count, which triggers a malloc call with a large value.
Max CVSS
4.7
EPSS Score
0.04%
Published
2009-07-30
Updated
2017-10-19
freebsd-update in FreeBSD 8.0, 7.2, 7.1, 6.4, and 6.3 uses insecure permissions in its working directory (/var/db/freebsd-update by default), which allows local users to read copies of sensitive files after a (1) freebsd-update fetch (fetch) or (2) freebsd-update upgrade (upgrade) operation.
Max CVSS
4.7
EPSS Score
0.04%
Published
2009-12-20
Updated
2009-12-21
The sendfile system-call implementation in sys/kern/uipc_syscalls.c in the kernel in FreeBSD 9.2-RC1 and 9.2-RC2 does not properly pad transmissions, which allows local users to obtain sensitive information (kernel memory) via a length greater than the length of the file.
Max CVSS
4.7
EPSS Score
0.04%
Published
2013-09-23
Updated
2013-09-26
Sendmail allows local users to write to a file and gain group permissions via a .forward or :include: file.
Max CVSS
4.6
EPSS Score
0.05%
Published
1996-12-03
Updated
2022-08-17
KDE klock allows local users to kill arbitrary processes by specifying an arbitrary PID in the .kss.pid file.
Max CVSS
4.6
EPSS Score
0.04%
Published
1998-11-18
Updated
2016-10-18
FreeBSD seyon allows users to gain privileges via a modified PATH variable for finding the xterm and seyon-emu commands.
Max CVSS
4.6
EPSS Score
0.05%
Published
1999-12-01
Updated
2008-09-09
FreeBSD seyon allows local users to gain privileges by providing a malicious program in the -emulator argument.
Max CVSS
4.6
EPSS Score
0.04%
Published
1999-11-08
Updated
2008-09-09
Buffer overflow in FreeBSD xmindpath allows local users to gain privileges via -f argument.
Max CVSS
4.6
EPSS Score
0.04%
Published
1999-12-01
Updated
2008-09-09
Buffer overflow in FreeBSD angband allows local users to gain privileges.
Max CVSS
4.6
EPSS Score
0.04%
Published
1999-12-01
Updated
2008-09-09
Buffer overflow in FreeBSD seyon via HOME environmental variable, -emulator argument, -modems argument, or the GUI.
Max CVSS
4.6
EPSS Score
0.04%
Published
1999-11-08
Updated
2022-08-17
Pine before version 3.94 allows local users to gain privileges via a symlink attack on a lockfile that is created when a user receives new mail.
Max CVSS
4.6
EPSS Score
0.05%
Published
1996-08-26
Updated
2017-12-19
53 vulnerabilities found
1 2 3
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!