| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| fts routines in FreeBSD 4.3 and earlier, NetBSD before 1.5.2, and OpenBSD 2.9 and earlier can be forced to change (chdir) into a different directory than intended when the directory above the current directory is moved, which could cause scripts to perform dangerous actions on the wrong directories. |
| vi.recover in OpenBSD before 3.1 allows local users to remove arbitrary zero-byte files such as device nodes. |
| Off-by-one error in the fb_realpath() function, as derived from the realpath function in BSD, may allow attackers to execute arbitrary code, as demonstrated in wu-ftpd 2.5.0 through 2.6.2 via commands that cause pathnames of length MAXPATHLEN+1 to trigger a buffer overflow, including (1) STOR, (2) RETR, (3) APPE, (4) DELE, (5) MKD, (6) RMD, (7) STOU, or (8) RNTO. |
| The BSD make program allows local users to modify files via a symlink attack when the -j option is being used. |
| IP fragment assembly in OpenBSD 2.4 allows a remote attacker to cause a denial of service by sending a large number of fragmented packets. |
| cron in OpenBSD 2.5 allows local users to gain root privileges via an argv[] that is not NULL terminated, which is passed to cron's fake popen function. |
| Vulnerability in OpenBSD 2.6 allows a local user to change interface media configurations. |
| A "potential buffer overflow in ruleset parsing" for Sendmail 8.12.9, when using the nonstandard rulesets (1) recipient (2), final, or (3) mailer-specific envelope recipients, has unknown consequences. |
| KAME-derived implementations of IPsec on NetBSD 1.5.2, FreeBSD 4.5, and other operating systems, does not properly consult the Security Policy Database (SPD), which could cause a Security Gateway (SG) that does not use Encapsulating Security Payload (ESP) to forward forged IPv4 packets. |
| Buffer overflow in mopd (Maintenance Operations Protocol loader daemon) allows remote attackers to execute arbitrary commands via a long file name. |
| mopd (Maintenance Operations Protocol loader daemon) does not properly cleanse user-injected format strings, which allows remote attackers to execute arbitrary commands. |
| The IPSEC implementation in OpenBSD 2.7 does not properly handle empty AH/ESP packets, which allows remote attackers to cause a denial of service. |
| Format string vulnerability in OpenBSD fstat program (and possibly other BSD-based operating systems) allows local users to gain root privileges via the PWD environmental variable. |
| Format string vulnerability in OpenBSD su program (and possibly other BSD-based operating systems) allows local attackers to gain root privileges via a malformed shell. |
| Format string vulnerability in OpenBSD photurisd allows local users to execute arbitrary commands via a configuration file directory name that contains formatting characters. |
| Format string vulnerability in talkd in OpenBSD and possibly other BSD-based OSes allows remote attackers to execute arbitrary commands via a user name that contains format characters. |
| File creation and deletion, and remote execution, in the BSD line printer daemon (lpd). |
| OpenBSD 2.9 through 3.1 allows local users to cause a denial of service (resource exhaustion) and gain root privileges by filling the kernel's file descriptor table and closing file descriptors 0, 1, or 2 before executing a privileged process, which is not properly handled when OpenBSD fails to open an alternate descriptor. |
| OpenBSD kernel 3.3 and 3.4 allows local users to cause a denial of service (kernel panic) and possibly execute arbitrary code in 3.4 via a program with an invalid header that is not properly handled by (1) ibcs2_exec.c in the iBCS2 emulation (compat_ibcs2) or (2) exec_elf.c, which leads to a stack-based buffer overflow. |
| Buffer overflow in BNU UUCP daemon (uucpd) through long hostnames. |
