BsdCVEs & Vulnerabilities

11 CVEs affecting Bsd products, tracked from the National Vulnerability Database, with CVSS/EPSS scores and exploitation status.

Most Affected Products

bsd 15lpr 2nvi 1
CVE-2014-7250MEDIUM

The TCP stack in 4.3BSD Net/2, as used in FreeBSD 5.4, NetBSD possibly 2.0, and OpenBSD possibly 3.6, does not properly implement the session timer, which allows remote attackers to cause a denial of service (resource consumption) via crafted packets.

12 Dec 2014
5.0
CVSS
CVE-2008-4609HIGH

The TCP implementation in (1) Linux, (2) platforms based on BSD Unix, (3) Microsoft Windows, (4) Cisco products, and probably other operating systems allows remote attackers to cause a denial of service (connection queue exhaustion) via multiple vectors that manipulate information in the TCP state table, as demonstrated by sockstress.

20 Oct 2008
7.1
CVSS
CVE-2007-2191MEDIUMpoc

Multiple cross-site scripting (XSS) vulnerabilities in freePBX 2.2.x allow remote attackers to inject arbitrary web script or HTML via the (1) From, (2) To, (3) Call-ID, (4) User-Agent, and unspecified other SIP protocol fields, which are stored in /var/log/asterisk/full and displayed by admin/modules/logfiles/asterisk-full-log.php.

24 Apr 2007
6.8
CVSS
CVE-2003-0144HIGHpoc

Buffer overflow in the lprm command in the lprold lpr package on SuSE 7.1 through 7.3, OpenBSD 3.2 and earlier, and possibly other operating systems, allows local users to gain root privileges via long command line arguments such as (1) request ID or (2) user name.

31 Mar 2003
7.2
CVSS
CVE-2001-1562HIGH

Format string vulnerability in nvi before 1.79 allows local users to gain privileges via format string specifiers in a filename.

31 Dec 2001
7.2
CVSS
CVE-2001-0670HIGH

Buffer overflow in BSD line printer daemon (in.lpd or lpd) in various BSD-based operating systems allows remote attackers to execute arbitrary code via an incomplete print job followed by a request to display the printer queue.

3 Oct 2001
7.5
CVSS
CVE-1999-1102LOW

lpr on SunOS 4.1.1, BSD 4.3, A/UX 2.0.1, and other BSD-based operating systems allows local users to create or overwrite arbitrary files via a symlink attack that is triggered after invoking lpr 1000 times.

31 Dec 1999
2.1
CVSS
CVE-1999-1394LOWpoc

BSD 4.4 based operating systems, when running at security level 1, allow the root user to clear the immutable and append-only flags for files by unmounting the file system and using a file system editor such as fsdb to directly modify the file through a device.

2 Jul 1999
2.1
CVSS
CVE-1999-1214LOW

The asynchronous I/O facility in 4.4 BSD kernel does not check user credentials when setting the recipient of I/O notification, which allows local users to cause a denial of service by using certain ioctl and fcntl calls to cause the signal to be sent to an arbitrary process ID.

15 Sep 1997
2.1
CVSS
CVE-1999-1098MEDIUM

Vulnerability in BSD Telnet client with encryption and Kerberos 4 authentication allows remote attackers to decrypt the session via sniffing.

3 Mar 1995
5.0
CVSS
CVE-1999-1471HIGH

Buffer overflow in passwd in BSD based operating systems 4.3 and earlier allows local users to gain root privileges by specifying a long shell or GECOS field.

1 Jan 1989
7.2
CVSS
← PrevPage 1 / 1Next →