National Vulnerability Database

National Vulnerability Database

National Vulnerability
Database

Search Results (Refine Search)

Search Parameters:
  • Contains Software Flaws (CVE)
  • CPE Product Version: cpe:/o:freebsd:freebsd:4.6:p19
There are 90 matching records.
Displaying matches 81 through 90.
Vuln ID Summary CVSS Severity
CVE-2003-0015

Double-free vulnerability in CVS 1.11.4 and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary code via a malformed Directory request, as demonstrated by bypassing write checks to execute Update-prog and Checkin-prog commands.

Published: February 07, 2003; 12:00:00 AM -05:00
    V2: 7.5 HIGH
CVE-2003-0001

Multiple ethernet Network Interface Card (NIC) device drivers do not pad frames with null bytes, which allows remote attackers to obtain information from previous packets or kernel memory by using malformed packets, as demonstrated by Etherleak.

Published: January 17, 2003; 12:00:00 AM -05:00
    V2: 5.0 MEDIUM
CVE-2002-1915

tip on multiple BSD-based operating systems allows local users to cause a denial of service (execution prevention) by using flock() to lock the /var/log/acculog file.

Published: December 31, 2002; 12:00:00 AM -05:00
    V2: 2.1 LOW
CVE-2002-1219

Buffer overflow in named in BIND 4 versions 4.9.10 and earlier, and 8 versions 8.3.3 and earlier, allows remote attackers to execute arbitrary code via a certain DNS server response containing SIG resource records (RR).

Published: November 29, 2002; 12:00:00 AM -05:00
    V2: 7.5 HIGH
CVE-2002-1220

BIND 8.3.x through 8.3.3 allows remote attackers to cause a denial of service (termination due to assertion failure) via a request for a subdomain that does not exist, with an OPT resource record with a large UDP payload size.

Published: November 29, 2002; 12:00:00 AM -05:00
    V2: 5.0 MEDIUM
CVE-2002-1221

BIND 8.x through 8.3.3 allows remote attackers to cause a denial of service (crash) via SIG RR elements with invalid expiry times, which are removed from the internal BIND database and later cause a null dereference.

Published: November 29, 2002; 12:00:00 AM -05:00
    V2: 5.0 MEDIUM
CVE-2002-0666

IPSEC implementations including (1) FreeS/WAN and (2) KAME do not properly calculate the length of authentication data, which allows remote attackers to cause a denial of service (kernel panic) via spoofed, short Encapsulating Security Payload (ESP) packets, which result in integer signedness errors.

Published: November 04, 2002; 12:00:00 AM -05:00
    V2: 5.0 MEDIUM
CVE-2002-0973

Integer signedness error in several system calls for FreeBSD 4.6.1 RELEASE-p10 and earlier may allow attackers to access sensitive kernel memory via large negative values to the (1) accept, (2) getsockname, and (3) getpeername system calls, and the (4) vesa FBIO_GETPALETTE ioctl.

Published: September 24, 2002; 12:00:00 AM -04:00
    V2: 4.6 MEDIUM
CVE-2002-1125

FreeBSD port programs that use libkvm for FreeBSD 4.6.2-RELEASE and earlier, including (1) asmon, (2) ascpu, (3) bubblemon, (4) wmmon, and (5) wmnet2, leave open file descriptors for /dev/mem and /dev/kmem, which allows local users to read kernel memory.

Published: September 24, 2002; 12:00:00 AM -04:00
    V2: 2.1 LOW
CVE-2002-0820

FreeBSD kernel 4.6 and earlier closes the file descriptors 0, 1, and 2 after they have already been assigned to /dev/null when the descriptors reference procfs or linprocfs, which could allow local users to reuse the file descriptors in a setuid or setgid program to modify critical data and gain privileges.

Published: August 12, 2002; 12:00:00 AM -04:00
    V2: 7.2 HIGH