FreeBSD 5.x to 5.4 on AMD64 does not properly initialize the IO permission bitmap used to allow user access to certain hardware, which allows local users to bypass intended access restrictions to cause a denial of service, obtain sensitive information, and possibly gain privileges.
Max CVSS
7.8
EPSS Score
0.04%
Published
2005-05-02
Updated
2024-02-08

CVE-2006-0900

Public exploit
nfsd in FreeBSD 6.0 kernel allows remote attackers to cause a denial of service via a crafted NFS mount request, as demonstrated by the ProtoVer NFS test suite.
Max CVSS
7.8
EPSS Score
96.59%
Published
2006-02-27
Updated
2017-07-20
The pfs_getextattr function in FreeBSD 7.x before 7.3-RELEASE and 8.x before 8.0-RC1 unlocks a mutex that was not previously locked, which allows local users to cause a denial of service (kernel panic), overwrite arbitrary memory locations, and possibly execute arbitrary code via vectors related to opening a file on a file system that uses pseudofs.
Max CVSS
7.8
EPSS Score
0.20%
Published
2010-11-22
Updated
2024-02-15
The Neighbor Discovery (ND) protocol implementation in the IPv6 stack in FreeBSD, NetBSD, and possibly other BSD-based operating systems allows remote attackers to cause a denial of service (CPU consumption and device hang) by sending many Router Advertisement (RA) messages with different source addresses, a similar vulnerability to CVE-2010-4670.
Max CVSS
7.8
EPSS Score
0.20%
Published
2012-02-02
Updated
2012-02-03
regcomp in the BSD implementation of libc is vulnerable to denial of service due to stack exhaustion.
Max CVSS
7.8
EPSS Score
6.30%
Published
2020-02-12
Updated
2020-02-18
The SCTP implementation in FreeBSD 8.2 allows remote attackers to cause a denial of service (NULL pointer dereference and kernel panic) via a crafted ASCONF chunk.
Max CVSS
7.8
EPSS Score
3.20%
Published
2012-10-09
Updated
2013-01-30
FreeBSD: Input Validation Flaw allows local users to gain elevated privileges
Max CVSS
7.8
EPSS Score
0.04%
Published
2019-12-02
Updated
2019-12-11
The IPv6 implementation in FreeBSD and NetBSD (unknown versions, year 2012 and earlier) allows remote attackers to cause a denial of service via a flood of ICMPv6 Neighbor Solicitation messages, a different vulnerability than CVE-2011-2393.
Max CVSS
7.8
EPSS Score
0.19%
Published
2020-02-20
Updated
2020-02-28
The IPv6 implementation in FreeBSD and NetBSD (unknown versions, year 2012 and earlier) allows remote attackers to cause a denial of service via a flood of ICMPv6 Router Advertisement packets containing multiple Routing entries.
Max CVSS
7.8
EPSS Score
0.19%
Published
2020-02-20
Updated
2020-02-25
The RFC 5011 implementation in rdata.c in ISC BIND 9.7.x and 9.8.x before 9.8.5-P2, 9.8.6b1, 9.9.x before 9.9.3-P2, and 9.9.4b1, and DNSco BIND 9.9.3-S1 before 9.9.3-S1-P1 and 9.9.4-S1b1, allows remote attackers to cause a denial of service (assertion failure and named daemon exit) via a query with a malformed RDATA section that is not properly handled during construction of a log message, as exploited in the wild in July 2013.
Max CVSS
7.8
EPSS Score
95.80%
Published
2013-07-29
Updated
2019-04-22
The sctp_send_initiate_ack function in sys/netinet/sctp_output.c in the SCTP implementation in the kernel in FreeBSD 8.3 through 9.2-PRERELEASE does not properly initialize the state-cookie data structure, which allows remote attackers to obtain sensitive information from kernel stack memory by reading packet data in INIT-ACK chunks.
Max CVSS
7.8
EPSS Score
0.35%
Published
2013-08-29
Updated
2019-03-18
The TCP reassembly function in the inet module in FreeBSD 8.3 before p16, 8.4 before p9, 9.1 before p12, 9.2 before p5, and 10.0 before p2 allows remote attackers to cause a denial of service (undefined memory access and system crash) or possibly read system memory via multiple crafted packets, related to moving a reassemble queue entry to the segment list when the queue is full.
Max CVSS
7.8
EPSS Score
10.63%
Published
2014-05-02
Updated
2014-06-21
The sctp module in FreeBSD 10.1 before p5, 10.0 before p17, 9.3 before p9, and 8.4 before p23 allows remote attackers to cause a denial of service (NULL pointer dereference and kernel panic) via a crafted RE_CONFIG chunk.
Max CVSS
7.8
EPSS Score
0.71%
Published
2015-02-02
Updated
2015-02-04
Integer overflow in FreeBSD before 8.4 p24, 9.x before 9.3 p10. 10.0 before p18, and 10.1 before p6 allows remote attackers to cause a denial of service (crash) via a crafted IGMP packet, which triggers an incorrect size calculation and allocation of insufficient memory.
Max CVSS
7.8
EPSS Score
2.91%
Published
2015-02-27
Updated
2019-05-30
The sys_amd64 IRET Handler in the kernel in FreeBSD 9.3 and 10.1 allows local users to gain privileges or cause a denial of service (kernel panic).
Max CVSS
7.8
EPSS Score
0.04%
Published
2017-10-10
Updated
2018-10-09
The Stream Control Transmission Protocol (SCTP) module in FreeBSD 9.3 before p33, 10.1 before p26, and 10.2 before p9, when the kernel is configured for IPv6, allows remote attackers to cause a denial of service (assertion failure or NULL pointer dereference and kernel panic) via a crafted ICMPv6 packet.
Max CVSS
7.8
EPSS Score
22.40%
Published
2016-01-29
Updated
2017-09-10
The Linux compatibility layer in the kernel in FreeBSD 9.3, 10.1, and 10.2 allows local users to read portions of kernel memory and potentially gain privilege via unspecified vectors, related to "handling of Linux futex robust lists."
Max CVSS
7.8
EPSS Score
0.04%
Published
2017-02-15
Updated
2017-02-17
The kernel in FreeBSD 9.3, 10.1, and 10.2 allows local users to cause a denial of service (crash) or potentially gain privilege via a crafted Linux compatibility layer setgroups system call.
Max CVSS
7.8
EPSS Score
0.04%
Published
2017-02-15
Updated
2018-01-30
FreeBSD 9.3 before p33, 10.1 before p26, and 10.2 before p9 allow remote attackers to cause a denial of service (kernel crash) via vectors related to creating a TCP connection with the TCP_MD5SIG and TCP_NOOPT socket options.
Max CVSS
7.8
EPSS Score
0.35%
Published
2016-01-29
Updated
2016-03-02
The issetugid system call in the Linux compatibility layer in FreeBSD 9.3, 10.1, and 10.2 allows local users to gain privilege via unspecified vectors.
Max CVSS
7.8
EPSS Score
0.04%
Published
2017-02-15
Updated
2017-02-17
Integer signedness error in the genkbd_commonioctl function in sys/dev/kbd/kbd.c in FreeBSD 9.3 before p42, 10.1 before p34, 10.2 before p17, and 10.3 before p3 allows local users to obtain sensitive information from kernel memory, cause a denial of service (memory overwrite and kernel crash), or gain privileges via a negative value in the flen structure member in the arg argument in a SETFKEY ioctl call, which triggers a "two way heap and stack overflow."
Max CVSS
7.8
EPSS Score
0.06%
Published
2016-05-25
Updated
2017-04-20
Integer signedness error in the sockargs function in sys/kern/uipc_syscalls.c in FreeBSD 10.1 before p34, 10.2 before p17, and 10.3 before p3 allows local users to cause a denial of service (memory overwrite and kernel panic) or gain privileges via a negative buflen argument, which triggers a heap-based buffer overflow.
Max CVSS
7.8
EPSS Score
0.07%
Published
2016-05-25
Updated
2016-05-26
Integer overflow in the bhyve hypervisor in FreeBSD 10.1, 10.2, 10.3, and 11.0 when configured with a large amount of guest memory, allows local users to gain privilege via a crafted device descriptor.
Max CVSS
7.8
EPSS Score
0.04%
Published
2017-02-15
Updated
2017-02-16
In FreeBSD before 11.0-STABLE, 11.0-RELEASE-p10, 10.3-STABLE, and 10.3-RELEASE-p19, ipfilter using "keep state" or "keep frags" options can cause a kernel panic when fed specially crafted packet fragments due to incorrect memory handling.
Max CVSS
7.8
EPSS Score
0.41%
Published
2018-04-10
Updated
2019-10-09
In FreeBSD before 11.2-RELEASE, a stack guard-page is available but is disabled by default. This results in the possibility a poorly written process could be cause a stack overflow.
Max CVSS
7.8
EPSS Score
0.49%
Published
2018-09-12
Updated
2018-11-23
164 vulnerabilities found
1 2 3 4 5 6 7
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!