| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| KDE allows local users to execute arbitrary commands by setting the KDEDIR environmental variable to modify the search path that KDE uses to locate its executables. |
| KDE kppp allows local users to create a directory in an arbitrary location via the HOME environmental variable. |
| FreeBSD allows local users to conduct a denial of service by creating a hard link from a device special file to a file on an NFS file system. |
| FreeBSD T/TCP Extensions for Transactions can be subjected to spoofing attacks. |
| Buffer overflow in bootpd on OpenBSD, FreeBSD, and Linux systems via a malformed header type. |
| FreeBSD seyon allows users to gain privileges via a modified PATH variable for finding the xterm and seyon-emu commands. |
| FreeBSD seyon allows local users to gain privileges by providing a malicious program in the -emulator argument. |
| Buffer overflow in FreeBSD xmindpath allows local users to gain privileges via -f argument. |
| Buffer overflow in FreeBSD angband allows local users to gain privileges. |
| Buffer overflow in FreeBSD gdc program. |
| FreeBSD gdc program allows local users to modify files via a symlink attack. |
| A missing null-termination character in the last element of an nvlist array string can lead to writing outside the allocated buffer. |
| The command ctl_persistent_reserve_out allows the caller to specify an arbitrary size which will be passed to the kernel's memory allocator. |
| Malicious software running in a guest VM can exploit the buffer overflow to achieve code execution on the host in the bhyve userspace process, which typically runs as root. Note that bhyve runs in a Capsicum sandbox, so malicious code is constrained by the capabilities available to the bhyve process. |
| In ICMPv6 Neighbor Discovery (ND), the ID is always 0. When pf is configured to allow ND and block incoming Echo Requests, a crafted Echo Request packet after a Neighbor Solicitation (NS) can trigger an Echo Reply. The packet has to come from the same host as the NS and have a zero as identifier to match the state created by the Neighbor Discovery and allow replies to be generated.
ICMPv6 packets with identifier value of zero bypass firewall rules written on the assumption that the incoming packets are going to create a state in the state table. |
| The NVMe driver queue processing is vulernable to guest-induced infinite loops. |
| The hda driver is vulnerable to a buffer over-read from a guest-controlled value. |
| The virtio_vq_recordon function is subject to a time-of-check to time-of-use (TOCTOU) race condition. |
| The NVMe driver function nvme_opc_get_log_page is vulnerable to a buffer over-read from a guest-controlled value. |
| An insufficient boundary validation in the USB code could lead to an out-of-bounds read on the heap, which could potentially lead to an arbitrary write and remote code execution. |