asmon and ascpu in FreeBSD allow local users to gain root privileges via a configuration file.

Vulnerability when Network Address Translation (NAT) is enabled in Linux 2.2.10 and earlier with ipchains, or FreeBSD 3.2 with ipfw, allows remote attackers to cause a denial of service (kernel panic) via a ping -R (record route) command.

FreeBSD VFS cache (vfs_cache) allows local users to cause a denial of service by opening a large number of files.

Buffer overflow in Berkeley automounter daemon (amd) logging facility provided in the Linux am-utils package and others.

FreeBSD, NetBSD, and OpenBSD allow an attacker to cause a denial of service by creating a large number of socket pairs using the socketpair function, setting a large buffer size via setsockopt, then writing large buffers.

FreeBSD 3.2 and possibly other versions allows a local user to cause a denial of service (panic) with a large number accesses of an NFS v3 mounted directory from a large number of processes.

OpenBSD, BSDI, and other Unix operating systems allow users to set chflags and fchflags on character and block devices.

Operating systems with shared memory implementations based on BSD 4.4 code allow a user to conduct a denial of service and bypass memory limits (e.g., as specified with rlimits) using mmap or shmget to allocate memory and cause page faults.

A buffer overflow in lsof allows local users to obtain root privilege.

Buffer overflow in FreeBSD libmytinfo library allows local users to execute commands via a long TERMCAP environmental variable.