National Vulnerability Database

National Vulnerability Database

National Vulnerability
Database

Search Results (Refine Search)

Search Parameters:
  • Contains Software Flaws (CVE)
  • CPE Product Version: cpe:/o:freebsd:freebsd:3.5
There are 96 matching records.
Displaying matches 81 through 96.
Vuln ID Summary CVSS Severity
CVE-2001-0371

Race condition in the UFS and EXT2FS file systems in FreeBSD 4.2 and earlier, and possibly other operating systems, makes deleted data available to user processes before it is zeroed out, which allows a local user to access otherwise restricted information.

Published: June 18, 2001; 12:00:00 AM -04:00
    V2: 6.2 MEDIUM
CVE-2001-0402

IPFilter 3.4.16 and earlier does not include sufficient session information in its cache, which allows remote attackers to bypass access restrictions by sending fragmented packets to a restricted port after sending unfragmented packets to an unrestricted port.

Published: June 18, 2001; 12:00:00 AM -04:00
    V2: 7.5 HIGH
CVE-2001-0196

inetd ident server in FreeBSD 4.x and earlier does not properly set group permissions, which allows remote attackers to read the first 16 bytes of files that are accessible by the wheel group.

Published: May 03, 2001; 12:00:00 AM -04:00
    V2: 5.0 MEDIUM
CVE-2001-0183

ipfw and ip6fw in FreeBSD 4.2 and earlier allows remote attackers to bypass access restrictions by setting the ECE flag in a TCP packet, which makes the packet appear to be part of an established connection.

Published: March 26, 2001; 12:00:00 AM -05:00
    V2: 7.5 HIGH
CVE-2000-1167

ppp utility in FreeBSD 4.1.1 and earlier does not properly restrict access as specified by the "nat deny_incoming" command, which allows remote attackers to connect to the target system.

Published: January 09, 2001; 12:00:00 AM -05:00
    V2: 7.5 HIGH
CVE-2000-0993

Format string vulnerability in pw_error function in BSD libutil library allows local users to gain root privileges via a malformed password in commands such as chpass or passwd.

Published: December 19, 2000; 12:00:00 AM -05:00
    V2: 7.2 HIGH
CVE-2000-0998

Format string vulnerability in top program allows local attackers to gain root privileges via the "kill" or "renice" function.

Published: December 11, 2000; 12:00:00 AM -05:00
    V2: 7.2 HIGH
CVE-2000-1011

Buffer overflow in catopen() function in FreeBSD 5.0 and earlier, and possibly other OSes, allows local users to gain root privileges via a long environmental variable.

Published: December 11, 2000; 12:00:00 AM -05:00
    V2: 7.2 HIGH
CVE-2000-1012

The catopen function in FreeBSD 5.0 and earlier, and possibly other OSes, allows local users to read arbitrary files via the LANG environmental variable.

Published: December 11, 2000; 12:00:00 AM -05:00
    V2: 7.2 HIGH
CVE-2000-1013

The setlocale function in FreeBSD 5.0 and earlier, and possibly other OSes, allows local users to read arbitrary files via the LANG environmental variable.

Published: December 11, 2000; 12:00:00 AM -05:00
    V2: 7.2 HIGH
CVE-2000-0729

FreeBSD 5.x, 4.x, and 3.x allows local users to cause a denial of service by executing a program with a malformed ELF image header.

Published: October 20, 2000; 12:00:00 AM -04:00
    V2: 2.1 LOW
CVE-2000-0749

Buffer overflow in the Linux binary compatibility module in FreeBSD 3.x through 5.x allows local users to gain root privileges via long filenames in the linux shadow file system.

Published: October 20, 2000; 12:00:00 AM -04:00
    V2: 7.2 HIGH
CVE-2000-0752

Buffer overflows in brouted in FreeBSD and possibly other OSes allows local users to gain root privileges via long command line arguments.

Published: October 20, 2000; 12:00:00 AM -04:00
    V2: 7.2 HIGH
CVE-2000-0594

BitchX IRC client does not properly cleanse an untrusted format string, which allows remote attackers to cause a denial of service via an invite to a channel whose name includes special formatting characters.

Published: July 04, 2000; 12:00:00 AM -04:00
    V2: 5.0 MEDIUM
CVE-2000-0584

Buffer overflow in Canna input system allows remote attackers to execute arbitrary commands via an SR_INIT command with a long user name or group name.

Published: July 02, 2000; 12:00:00 AM -04:00
    V2: 10.0 HIGH
CVE-2000-0489

FreeBSD, NetBSD, and OpenBSD allow an attacker to cause a denial of service by creating a large number of socket pairs using the socketpair function, setting a large buffer size via setsockopt, then writing large buffers.

Published: September 05, 1999; 12:00:00 AM -04:00
    V2: 2.1 LOW