CVSS: 7.9EPSS: 88%CPEs: 20EXPL: 4CVE-2012-0217 – FreeBSD - Intel SYSRET Privilege Escalation
https://notcve.org/view.php?id=CVE-2012-0217
12 Jun 2012 — The x86-64 kernel system-call functionality in Xen 4.1.2 and earlier, as used in Citrix XenServer 6.0.2 and earlier and other products; Oracle Solaris 11 and earlier; illumos before r13724; Joyent SmartOS before 20120614T184600Z; FreeBSD before 9.0-RELEASE-p3; NetBSD 6.0 Beta and earlier; Microsoft Windows Server 2008 R2 and R2 SP1 and Windows 7 Gold and SP1; and possibly other operating systems, when running on an Intel processor, incorrectly uses the sysret path in cases where a certain address is not a c... • https://packetstorm.news/files/id/152001 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.8EPSS: 0%CPEs: 7EXPL: 1CVE-2010-4210 – FreeBSD - 'pseudofs' Null Pointer Dereference Privilege Escalation
https://notcve.org/view.php?id=CVE-2010-4210
20 Nov 2010 — The pfs_getextattr function in FreeBSD 7.x before 7.3-RELEASE and 8.x before 8.0-RC1 unlocks a mutex that was not previously locked, which allows local users to cause a denial of service (kernel panic), overwrite arbitrary memory locations, and possibly execute arbitrary code via vectors related to opening a file on a file system that uses pseudofs. La función pfs_getextattr en FreeBSD v7.x antes de v7.3-RELEASE y v8.x antes de v8.0 RC1 desbloquea un mutex que no ha sido cerrado anteriormente, lo que permit... • https://www.exploit-db.com/exploits/15206 • CWE-667: Improper Locking •
CVSS: 7.8EPSS: 0%CPEs: 14EXPL: 1CVE-2010-2693 – FreeBSD - 'mbufs()' sendfile Cache Poisoning Privilege Escalation
https://notcve.org/view.php?id=CVE-2010-2693
13 Jul 2010 — FreeBSD 7.1 through 8.1-PRERELEASE does not copy the read-only flag when creating a duplicate mbuf buffer reference, which allows local users to cause a denial of service (system file corruption) and gain privileges via the sendfile system call. FreeBSD v7.1 a la v8.1-PRERELEASE no copia la bandera (flag) de solo lectura cuando crea una referencia duplicada del búfer mbuf, lo que permite a usuarios locales provocar una denegación de servicio (corrupción del sistema de ficheros) y la obtención de privilegios... • https://www.exploit-db.com/exploits/14688 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 9.8EPSS: 66%CPEs: 44EXPL: 3CVE-2010-1938 – FreeBSD 8.0 - 'ftpd' (FreeBSD-SA-10:05) Off-By-One (PoC)
https://notcve.org/view.php?id=CVE-2010-1938
28 May 2010 — Off-by-one error in the __opiereadrec function in readrec.c in libopie in OPIE 2.4.1-test1 and earlier, as used on FreeBSD 6.4 through 8.1-PRERELEASE and other platforms, allows remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code via a long username, as demonstrated by a long USER command to the FreeBSD 8.0 ftpd. Error Off-by-oneen en la función __opiereadrec en readrec.c en libopie en OPIE v2.4.1-test1 y anteriores, utilizada en FreeBSD v6.4 hasta v8.1-PRERELEASE... • https://www.exploit-db.com/exploits/12762 • CWE-189: Numeric Errors •
CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 4CVE-2010-2020 – FreeBSD - 'mountnfs()' Denial of Service
https://notcve.org/view.php?id=CVE-2010-2020
28 May 2010 — sys/nfsclient/nfs_vfsops.c in the NFS client in the kernel in FreeBSD 7.2 through 8.1-PRERELEASE, when vfs.usermount is enabled, does not validate the length of a certain fhsize parameter, which allows local users to gain privileges via a crafted mount request. sys/nfsclient/nfs_vfsops.c en el cliente NFS en el kernel en FreeBSD v7.2 hasta v8.1-PRERELEASE, cuando vfs.usermount está habilitado no valida la longitud de ciertos parámetros fhsize, lo que permite a usuarios locales obtener privilegios a través d... • https://www.exploit-db.com/exploits/14003 • CWE-20: Improper Input Validation •
CVSS: 6.9EPSS: 0%CPEs: 3EXPL: 0CVE-2010-0318
https://notcve.org/view.php?id=CVE-2010-0318
15 Jan 2010 — The replay functionality for ZFS Intent Log (ZIL) in FreeBSD 7.1, 7.2, and 8.0, when creating files during replay of a setattr transaction, uses 7777 permissions instead of the original permissions, which might allow local users to read or modify unauthorized files in opportunistic circumstances after a system crash or power failure. La funcionalidad replay para ZFS Intent Log (ZIL) en FreeBSD versiones 7.1, 7.2 y 8.0, al crear archivos durante la reproducción de una transacción setattr, utiliza 7777 permis... • http://secunia.com/advisories/38124 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.1EPSS: 0%CPEs: 5EXPL: 0CVE-2009-4358
https://notcve.org/view.php?id=CVE-2009-4358
20 Dec 2009 — freebsd-update in FreeBSD 8.0, 7.2, 7.1, 6.4, and 6.3 uses insecure permissions in its working directory (/var/db/freebsd-update by default), which allows local users to read copies of sensitive files after a (1) freebsd-update fetch (fetch) or (2) freebsd-update upgrade (upgrade) operation. FreeBSD-update en FreeBSD v8.0, v7.2, v7.1, v6.4, y v6.3 utiliza permisos inseguros en su directorio de trabajo (/var/db/Freebsd-update por defecto), lo que permite leer las copias de archivos confidenciales a usuarios ... • http://secunia.com/advisories/37575 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.8EPSS: 8%CPEs: 2EXPL: 3CVE-2009-4147 – FreeBSD 8.0 Run-Time Link-Editor (RTLD) - Local Privilege Escalation
https://notcve.org/view.php?id=CVE-2009-4147
02 Dec 2009 — The _rtld function in the Run-Time Link-Editor (rtld) in libexec/rtld-elf/rtld.c in FreeBSD 7.1 and 8.0 does not clear the (1) LD_LIBMAP, (2) LD_LIBRARY_PATH, (3) LD_LIBMAP_DISABLE, (4) LD_DEBUG, and (5) LD_ELF_HINTS_PATH environment variables, which allows local users to gain privileges by executing a setuid or setguid program with a modified variable containing an untrusted search path that points to a Trojan horse library, different vectors than CVE-2009-4146. La función _rtld en Run-Time Link-Editor (rt... • https://packetstorm.news/files/id/152997 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.8EPSS: 18%CPEs: 3EXPL: 4CVE-2009-4146 – FreeBSD 8.0 Run-Time Link-Editor (RTLD) - Local Privilege Escalation
https://notcve.org/view.php?id=CVE-2009-4146
02 Dec 2009 — The _rtld function in the Run-Time Link-Editor (rtld) in libexec/rtld-elf/rtld.c in FreeBSD 7.1, 7.2, and 8.0 does not clear the LD_PRELOAD environment variable, which allows local users to gain privileges by executing a setuid or setguid program with a modified LD_PRELOAD variable containing an untrusted search path that points to a Trojan horse library, a different vector than CVE-2009-4147. La función _rtld en el Run-Time Link-Editor (rtld) de libexec/rtld-elf/rtld.c de FreeBSD v7.1, v7.2 y v8.0, no limp... • https://packetstorm.news/files/id/152997 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 1CVE-2009-2649 – FreeBSD 6/8 - ata Device Local Denial of Service
https://notcve.org/view.php?id=CVE-2009-2649
30 Jul 2009 — The IATA (ata) driver in FreeBSD 6.0 and 8.0, when read access to /dev is available, allows local users to cause a denial of service (kernel panic) via a certain IOCTL request with a large count, which triggers a malloc call with a large value. El controlador IATA (ata) en FreeBSD v6.0 y v8.0, cuando está disponible la lectura en el directorio /dev, permite a usuarios locales provocar una denegación de servicio (kernel panic) a través de ciertas peticiones IOCTL con un "count" largo, que provoca una llamada... • https://www.exploit-db.com/exploits/9134 • CWE-264: Permissions, Privileges, and Access Controls •