Freebsd

Freebsd

509 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
5

CVE-2014-8117

  • EPSS 16.45%
  • Veröffentlicht 17.12.2014 19:59:05
  • Zuletzt bearbeitet 12.04.2025 10:46:40

softmagic.c in file before 5.21 does not properly limit recursion, which allows remote attackers to cause a denial of service (CPU consumption or crash) via unspecified vectors.

5

CVE-2014-8116

  • EPSS 15.88%
  • Veröffentlicht 17.12.2014 19:59:02
  • Zuletzt bearbeitet 12.04.2025 10:46:40

The ELF parser (readelf.c) in file before 5.21 allows remote attackers to cause a denial of service (CPU consumption or crash) via a large number of (1) program or (2) section headers or (3) invalid capabilities.

5

CVE-2014-7250

  • EPSS 3.73%
  • Veröffentlicht 12.12.2014 03:03:47
  • Zuletzt bearbeitet 12.04.2025 10:46:40

The TCP stack in 4.3BSD Net/2, as used in FreeBSD 5.4, NetBSD possibly 2.0, and OpenBSD possibly 3.6, does not properly implement the session timer, which allows remote attackers to cause a denial of service (resource consumption) via crafted packets...

4.3

CVE-2014-8475

  • EPSS 1.68%
  • Veröffentlicht 18.11.2014 15:59:05
  • Zuletzt bearbeitet 12.04.2025 10:46:40

FreeBSD 9.1, 9.2, and 10.0, when compiling OpenSSH with Kerberos support, uses incorrect library ordering when linking sshd, which causes symbols to be resolved incorrectly and allows remote attackers to cause a denial of service (sshd deadlock and p...

2.1

CVE-2014-8476

  • EPSS 0.07%
  • Veröffentlicht 13.11.2014 21:32:07
  • Zuletzt bearbeitet 12.04.2025 10:46:40

The setlogin function in FreeBSD 8.4 through 10.1-RC4 does not initialize the buffer used to store the login name, which allows local users to obtain sensitive information from kernel memory via a call to getlogin, which returns the entire buffer.

5

CVE-2014-3711

  • EPSS 0.6%
  • Veröffentlicht 27.10.2014 15:55:24
  • Zuletzt bearbeitet 12.04.2025 10:46:40

namei in FreeBSD 9.1 through 10.1-RC2 allows remote attackers to cause a denial of service (memory exhaustion) via vectors that trigger a sandboxed process to look up a large number of nonexistent path names.

10

CVE-2014-3954

  • EPSS 8.93%
  • Veröffentlicht 27.10.2014 15:55:24
  • Zuletzt bearbeitet 12.04.2025 10:46:40

Stack-based buffer overflow in rtsold in FreeBSD 9.1 through 10.1-RC2 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via crafted DNS parameters in a router advertisement message.

5

CVE-2014-3955

  • EPSS 0.54%
  • Veröffentlicht 27.10.2014 15:55:24
  • Zuletzt bearbeitet 12.04.2025 10:46:40

routed in FreeBSD 8.4 through 10.1-RC2 allows remote attackers to cause a denial of service (assertion failure and daemon exit) via an RIP request from a source not on a directly connected network.

5

CVE-2014-3951

  • EPSS 0.41%
  • Veröffentlicht 21.08.2014 22:55:03
  • Zuletzt bearbeitet 12.04.2025 10:46:40

The HZ module in the iconv implementation in FreeBSD 10.0 before p6 and NetBSD allows context-dependent attackers to cause a denial of service (NULL pointer dereference) via a crafted argument to the iconv_open function. NOTE: this issue was SPLIT p...

5

CVE-2014-5384

  • EPSS 0.41%
  • Veröffentlicht 21.08.2014 22:55:03
  • Zuletzt bearbeitet 12.04.2025 10:46:40

The VIQR module in the iconv implementation in FreeBSD 10.0 before p6 and NetBSD allows context-dependent attackers to cause a denial of service (out-of-bounds array access) via a crafted argument to the iconv_open function. NOTE: this issue was SPL...