Export limit exceeded: 360766 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (593 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2026-4747 1 Freebsd 1 Freebsd 2026-04-20 8.8 High
Each RPCSEC_GSS data packet is validated by a routine which checks a signature in the packet. This routine copies a portion of the packet into a stack buffer, but fails to ensure that the buffer is sufficiently large, and a malicious client can trigger a stack overflow. Notably, this does not require the client to authenticate itself first. As kgssapi.ko's RPCSEC_GSS implementation is vulnerable, remote code execution in the kernel is possible by an authenticated user that is able to send packets to the kernel's NFS server while kgssapi.ko is loaded into the kernel. In userspace, applications which have librpcgss_sec loaded and run an RPC server are vulnerable to remote code execution from any client able to send it packets. We are not aware of any such applications in the FreeBSD base system.
CVE-2026-3038 1 Freebsd 1 Freebsd 2026-04-16 7.5 High
The rtsock_msg_buffer() function serializes routing information into a buffer. As a part of this, it copies sockaddr structures into a sockaddr_storage structure on the stack. It assumes that the source sockaddr length field had already been validated, but this is not necessarily the case, and it's possible for a malicious userspace program to craft a request which triggers a 127-byte overflow. In practice, this overflow immediately overwrites the canary for the rtsock_msg_buffer() stack frame, resulting in a panic once the function returns. The bug allows an unprivileged user to crash the kernel by triggering a stack buffer overflow in rtsock_msg_buffer(). In particular, the overflow will corrupt a stack canary value that is verified when the function returns; this mitigates the impact of the stack overflow by triggering a kernel panic. Other kernel bugs may exist which allow userspace to find the canary value and thus defeat the mitigation, at which point local privilege escalation may be possible.
CVE-2026-2261 1 Freebsd 1 Freebsd 2026-04-16 7.5 High
Due to a programming error, blocklistd leaks a socket descriptor for each adverse event report it receives. Once a certain number of leaked sockets is reached, blocklistd becomes unable to run the helper script: a child process is forked, but this child dereferences a null pointer and crashes before it is able to exec the helper. At this point, blocklistd still records adverse events but is unable to block new addresses or unblock addresses whose database entries have expired. Once a second, much higher number of leaked sockets is reached, blocklistd becomes unable to receive new adverse event reports. An attacker may take advantage of this by triggering a large number of adverse events from sacrificial IP addresses to effectively disable blocklistd before launching an attack. Even in the absence of attacks or probes by would-be attackers, adverse events will occur regularly in the course of normal operations, and blocklistd will gradually run out file descriptors and become ineffective. The accumulation of open sockets may have knock-on effects on other parts of the system, resulting in a general slowdown until blocklistd is restarted.
CVE-1999-0798 5 Bsdi, Freebsd, Openbsd and 2 more 7 Bsd Os, Freebsd, Openbsd and 4 more 2026-04-16 N/A
Buffer overflow in bootpd on OpenBSD, FreeBSD, and Linux systems via a malformed header type.
CVE-1999-0628 4 Freebsd, Ibm, Linux and 1 more 4 Freebsd, Aix, Linux Kernel and 1 more 2026-04-16 N/A
The rwho/rwhod service is running, which exposes machine status and user information.
CVE-2000-0752 1 Freebsd 1 Freebsd 2026-04-16 N/A
Buffer overflows in brouted in FreeBSD and possibly other OSes allows local users to gain root privileges via long command line arguments.
CVE-1999-0304 4 Bsdi, Freebsd, Netbsd and 1 more 4 Bsd Os, Freebsd, Netbsd and 1 more 2026-04-16 N/A
mmap function in BSD allows local attackers in the kmem group to modify memory through devices.
CVE-1999-0138 7 Apple, Digital, Freebsd and 4 more 9 A Ux, Osf 1, Freebsd and 6 more 2026-04-16 N/A
The suidperl and sperl program do not give up root privileges when changing UIDs back to the original users, allowing root access.
CVE-1999-0855 1 Freebsd 1 Freebsd 2026-04-16 N/A
Buffer overflow in FreeBSD gdc program.
CVE-2003-0144 4 Bsd, Freebsd, Lprold and 1 more 4 Lpr, Freebsd, Lprold and 1 more 2026-04-16 N/A
Buffer overflow in the lprm command in the lprold lpr package on SuSE 7.1 through 7.3, OpenBSD 3.2 and earlier, and possibly other operating systems, allows local users to gain root privileges via long command line arguments such as (1) request ID or (2) user name.
CVE-1999-0131 8 Bsdi, Digital, Eric Allman and 5 more 9 Bsd Os, Osf 1, Sendmail and 6 more 2026-04-16 N/A
Buffer overflow and denial of service in Sendmail 8.7.5 and earlier through GECOS field gives root access to local users.
CVE-1999-0085 3 Freebsd, Ibm, Netbsd 3 Freebsd, Aix, Netbsd 2026-04-16 N/A
Buffer overflow in rwhod on AIX and other operating systems allows remote attackers to execute arbitrary code via a UDP packet with a long hostname.
CVE-2003-1474 1 Freebsd 1 Slashem-tty 2026-04-16 N/A
slashem-tty in the FreeBSD Ports Collection is installed with write permissions for the games group, which allows local users with group games privileges to modify slashem-tty and execute arbitrary code as other users, as demonstrated using a separate vulnerability in LTris.
CVE-1999-0078 10 Bsdi, Freebsd, Hp and 7 more 11 Bsd Os, Freebsd, Hp-ux and 8 more 2026-04-16 N/A
pcnfsd (aka rpc.pcnfsd) allows local users to change file permissions, or execute arbitrary commands through arguments in the RPC call.
CVE-1999-0061 4 Bsdi, Freebsd, Linux and 1 more 4 Bsd Os, Freebsd, Linux Kernel and 1 more 2026-04-16 N/A
File creation and deletion, and remote execution, in the BSD line printer daemon (lpd).
CVE-2004-0602 1 Freebsd 1 Freebsd 2026-04-16 N/A
The binary compatibility mode for FreeBSD 4.x and 5.x does not properly handle certain Linux system calls, which could allow local users to access kernel memory to gain privileges or cause a system panic.
CVE-2004-0079 23 4d, Apple, Avaya and 20 more 67 Webstar, Mac Os X, Mac Os X Server and 64 more 2026-04-16 7.5 High
The do_change_cipher_spec function in OpenSSL 0.9.6c to 0.9.6k, and 0.9.7a to 0.9.7c, allows remote attackers to cause a denial of service (crash) via a crafted SSL/TLS handshake that triggers a null dereference.
CVE-2004-0112 24 4d, Apple, Avaya and 21 more 65 Webstar, Mac Os X, Mac Os X Server and 62 more 2026-04-16 N/A
The SSL/TLS handshaking code in OpenSSL 0.9.7a, 0.9.7b, and 0.9.7c, when using Kerberos ciphersuites, does not properly check the length of Kerberos tickets during a handshake, which allows remote attackers to cause a denial of service (crash) via a crafted SSL/TLS handshake that causes an out-of-bounds read.
CVE-1999-0052 3 Bsdi, Freebsd, Openbsd 3 Bsd Os, Freebsd, Openbsd 2026-04-16 7.5 High
IP fragmentation denial of service in FreeBSD allows a remote attacker to cause a crash.
CVE-1999-0037 2 Freebsd, Redhat 2 Freebsd, Linux 2026-04-16 N/A
Arbitrary command execution via metamail package using message headers, when user processes attacker's message using metamail.