U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

Search Results (Refine Search)

Search Parameters:
  • CPE Product Version: cpe:/o:freebsd:freebsd:2.2
There are 82 matching records.
Displaying matches 61 through 80.
Vuln ID Summary CVSS Severity
CVE-2001-0670

Buffer overflow in BSD line printer daemon (in.lpd or lpd) in various BSD-based operating systems allows remote attackers to execute arbitrary code via an incomplete print job followed by a request to display the printer queue.

Published: October 03, 2001; 12:00:00 AM -0400
V3.x:(not available)
V2.0: 7.5 HIGH
CVE-2001-0710

NetBSD 1.5 and earlier and FreeBSD 4.3 and earlier allows a remote attacker to cause a denial of service by sending a large number of IP fragments to the machine, exhausting the mbuf pool.

Published: September 20, 2001; 12:00:00 AM -0400
V3.x:(not available)
V2.0: 5.0 MEDIUM
CVE-2001-1029

libutil in OpenSSH on FreeBSD 4.4 and earlier does not drop privileges before verifying the capabilities for reading the copyright and welcome files, which allows local users to bypass the capabilities checks and read arbitrary files by specifying alternate copyright or welcome files.

Published: September 20, 2001; 12:00:00 AM -0400
V3.x:(not available)
V2.0: 2.1 LOW
CVE-2001-0554

Buffer overflow in BSD-based telnetd telnet daemon on various operating systems allows remote attackers to execute arbitrary commands via a set of options including AYT (Are You There), which is not properly handled by the telrcv function.

Published: August 14, 2001; 12:00:00 AM -0400
V3.x:(not available)
V2.0: 10.0 HIGH
CVE-2001-0388

time server daemon timed allows remote attackers to cause a denial of service via malformed packets.

Published: June 27, 2001; 12:00:00 AM -0400
V3.x:(not available)
V2.0: 10.0 HIGH
CVE-2001-0469

rwho daemon rwhod in FreeBSD 4.2 and earlier, and possibly other operating systems, allows remote attackers to cause a denial of service via malformed packets with a short length.

Published: June 27, 2001; 12:00:00 AM -0400
V3.x:(not available)
V2.0: 5.0 MEDIUM
CVE-2001-0247

Buffer overflows in BSD-based FTP servers allows remote attackers to execute arbitrary commands via a long pattern string containing a {} sequence, as seen in (1) g_opendir, (2) g_lstat, (3) g_stat, and (4) the glob0 buffer as used in the glob functions glob2 and glob3.

Published: June 18, 2001; 12:00:00 AM -0400
V3.x:(not available)
V2.0: 10.0 HIGH
CVE-2001-0371

Race condition in the UFS and EXT2FS file systems in FreeBSD 4.2 and earlier, and possibly other operating systems, makes deleted data available to user processes before it is zeroed out, which allows a local user to access otherwise restricted information.

Published: June 18, 2001; 12:00:00 AM -0400
V3.x:(not available)
V2.0: 6.2 MEDIUM
CVE-2001-0402

IPFilter 3.4.16 and earlier does not include sufficient session information in its cache, which allows remote attackers to bypass access restrictions by sending fragmented packets to a restricted port after sending unfragmented packets to an unrestricted port.

Published: June 18, 2001; 12:00:00 AM -0400
V3.x:(not available)
V2.0: 7.5 HIGH
CVE-2000-0461

The undocumented semconfig system call in BSD freezes the state of semaphores, which allows local users to cause a denial of service of the semaphore system by using the semconfig call.

Published: May 29, 2000; 12:00:00 AM -0400
V3.x:(not available)
V2.0: 2.1 LOW
CVE-1999-0001

ip_input.c in BSD-derived TCP/IP implementations allows remote attackers to cause a denial of service (crash or hang) via crafted packets.

Published: December 30, 1999; 12:00:00 AM -0500
V3.x:(not available)
V2.0: 5.0 MEDIUM
CVE-1999-0963

FreeBSD mount_union command allows local users to gain root privileges via a symlink attack.

Published: December 01, 1999; 12:00:00 AM -0500
V3.x:(not available)
V2.0: 7.2 HIGH
CVE-1999-0783

FreeBSD allows local users to conduct a denial of service by creating a hard link from a device special file to a file on an NFS file system.

Published: June 16, 1998; 12:00:00 AM -0400
V3.1: 5.5 MEDIUM
V2.0: 5.0 MEDIUM
CVE-1999-0796

FreeBSD T/TCP Extensions for Transactions can be subjected to spoofing attacks.

Published: May 01, 1998; 12:00:00 AM -0400
V3.x:(not available)
V2.0: 7.5 HIGH
CVE-1999-0323

FreeBSD mmap function allows users to modify append-only or immutable files.

Published: February 20, 1998; 12:00:00 AM -0500
V3.x:(not available)
V2.0: 10.0 HIGH
CVE-1999-0304

mmap function in BSD allows local attackers in the kmem group to modify memory through devices.

Published: February 01, 1998; 12:00:00 AM -0500
V3.x:(not available)
V2.0: 7.2 HIGH
CVE-1999-0305

The system configuration control (sysctl) facility in BSD based operating systems OpenBSD 2.2 and earlier, and FreeBSD 2.2.5 and earlier, does not properly restrict source routed packets even when the (1) dosourceroute or (2) forwarding variables are set, which allows remote attackers to spoof TCP connections.

Published: February 01, 1998; 12:00:00 AM -0500
V3.x:(not available)
V2.0: 5.0 MEDIUM
CVE-1999-0322

The open() function in FreeBSD allows local attackers to write to arbitrary files.

Published: October 29, 1997; 12:00:00 AM -0500
V3.x:(not available)
V2.0: 2.1 LOW
CVE-1999-1298

Sysinstall in FreeBSD 2.2.1 and earlier, when configuring anonymous FTP, creates the ftp user without a password and with /bin/date as the shell, which could allow attackers to gain access to certain system resources.

Published: April 07, 1997; 12:00:00 AM -0400
V3.x:(not available)
V2.0: 7.5 HIGH
CVE-1999-0023

Local user gains root privileges via buffer overflow in rdist, via lookup() function.

Published: July 24, 1996; 12:00:00 AM -0400
V3.x:(not available)
V2.0: 7.2 HIGH