Page 12 of 98 results (0.006 seconds)

CVSS: 4.6EPSS: 0%CPEs: 10EXPL: 0

FreeBSD 4.6 to 4.11 and 5.x to 5.4 uses insecure default permissions for the /dev/iir device, which allows local users to execute restricted ioctl calls to read or modify data on hardware that is controlled by the iir driver. • ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-05:06.iir.asc •

CVSS: 4.6EPSS: 0%CPEs: 9EXPL: 0

The i386_get_ldt system call in FreeBSD 4.7 to 4.11 and 5.x to 5.4 allows local users to access sensitive kernel memory via arguments with negative or very large values. • ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-05:07.ldt.asc •

CVSS: 4.6EPSS: 0%CPEs: 15EXPL: 0

The kernel in FreeBSD 4.x to 4.11 and 5.x to 5.4 does not properly clear certain fixed-length buffers when copying variable-length data for use by applications, which could allow those applications to read previously used sensitive memory. • ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-05:08.kmem.asc http://lists.apple.com/archives/security-announce/2005/Oct/msg00000.html http://secunia.com/advisories/17368 http://www.securityfocus.com/bid/13526 http://www.securityfocus.com/bid/15252 http://www.vupen.com/english/advisories/2005/2256 •

CVSS: 2.1EPSS: 0%CPEs: 61EXPL: 0

The SIOCGIFCONF ioctl (ifconf function) in FreeBSD 4.x through 4.11 and 5.x through 5.4 does not properly clear a buffer before using it, which allows local users to obtain portions of sensitive kernel memory. • ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-05:04.ifconf.asc http://lists.apple.com/archives/security-announce/2005/Oct/msg00000.html http://secunia.com/advisories/14959 http://secunia.com/advisories/17368 http://www.osvdb.org/15514 http://www.securityfocus.com/bid/15252 http://www.vupen.com/english/advisories/2005/2256 https://exchange.xforce.ibmcloud.com/vulnerabilities/20114 • CWE-399: Resource Management Errors •

CVSS: 7.2EPSS: 0%CPEs: 63EXPL: 0

Multiple symlink vulnerabilities in portupgrade before 20041226_2 in FreeBSD allow local users to (1) overwrite arbitrary files and possibly replace packages to execute arbitrary code via pkg_fetch, (2) overwrite arbitrary files via temporary files when portupgrade upgrades a port or package, or (3) create arbitrary zero-byte files via the pkgdb.fixme temporary file. • http://secunia.com/advisories/14903 http://www.securityfocus.com/bid/13106 http://www.vuxml.org/freebsd/22f00553-a09d-11d9-a788-0001020eed82.html •