Format string vulnerability in OpenBSD fstat program (and possibly other BSD-based operating systems) allows local users to gain root privileges via the PWD environmental variable.

Format string vulnerabilities in eeprom program in OpenBSD, NetBSD, and possibly other operating systems allows local attackers to gain root privileges.

Format string vulnerability in OpenBSD photurisd allows local users to execute arbitrary commands via a configuration file directory name that contains formatting characters.

Format string vulnerability in talkd in OpenBSD and possibly other BSD-based OSes allows remote attackers to execute arbitrary commands via a user name that contains format characters.

Buffer overflow in mopd (Maintenance Operations Protocol loader daemon) allows remote attackers to execute arbitrary commands via a long file name.

mopd (Maintenance Operations Protocol loader daemon) does not properly cleanse user-injected format strings, which allows remote attackers to execute arbitrary commands.

ip_input.c in BSD-derived TCP/IP implementations allows remote attackers to cause a denial of service (crash or hang) via crafted packets.

The BSD profil system call allows a local user to modify the internal data space of a program via profiling and execve.

Denial of service in "poll" in OpenBSD.

Remote attackers can cause a system crash through ipintr() in ipq in OpenBSD.

A race condition between the select() and accept() calls in NetBSD TCP servers allows remote attackers to cause a denial of service.

Buffer overflow in bootpd on OpenBSD, FreeBSD, and Linux systems via a malformed header type.

IP fragmentation denial of service in FreeBSD allows a remote attacker to cause a crash.