(Jun 8) Jailed processes can manipulate host routing tables.
(May 27) In some situations, a user with read access to a file may be able to prevent changes to that file from being committed to disk.
(May 19) Malformed data can cause a heap buffer to overflow, allowing the client to overwrite arbitrary portions of the server’s memory.
(May 10) A remote attacker may send a specially formatted message to k5admind, causing it to crash or possibly resulting in arbitrary code execution.
(May 10) It is possible for the Key Distribution Center (KDC) of a realm to forge part or all of the `transited’ field to fake zone trustedness.
(Jul 2) It may be possible for a local attacker to read and/or overwrite portions of kernel memory, resulting in disclosure of sensitive information or potential privilege escalation.
(Dec 2) The implementation of the /proc/curproc/cmdline pseudofile in the procfs(5) file system on FreeBSD 4.x and 5.x, and of the /proc/self/cmdline pseudofile in the linprocfs(5) file system on FreeBSD 5.x reads a process’ argument vector from the process address space. During this operation, a pointer was dereferenced directly without the necessary validation steps being performed.
(Nov 18) An integer overflow condition in the processing of HTTP headers can result in a buffer overflow.
(Oct 4) The syscons CONS_SCRSHOT ioctl(2) does insufficient validation of its input arguments. In particular, negative coordinates or large coordinates may cause unexpected behavior.
(Sep 20) A number of vulnerabilities were discovered in CVS by Stefan Esser, Sebastian Krahmer, and Derek Price.