GCVE - cpe:2.3:o:freebsd:freebsd:10.1:rc1:*:*:*:*:*:*

Approved changes feed: RSS · Atom

cpe:2.3:o:freebsd:freebsd:10.1:rc1:*:*:*:*:*:*

part: o version: 10.1 update: rc1

Vendor	Freebsd (`1e86ea60-a74f-5f45-ac35-3eb819c9e064`)
Product	Freebsd (`be9b20ed-2a20-5a94-a224-b1a6fdcacb17`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from purl2cpe mapping

PURL mappings

PURL	Source	Last updated
`pkg:github/freebsd/freebsd-src`	purl2cpe	2026-06-01 10:12:45.144934

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2015-1415`	vulnerable	2026-06-08 05:06:25.563063	Details available The bsdinstall installer in FreeBSD 10.x before 10.1 p9, when configuring full disk encrypted ZFS, uses world-readable permissions for the GELI keyfile (/boot/encryption.key), which allows local users to obtain sensitive key information by reading the file. Published: 2015-04-10T14:00:00.000Z Updated: 2024-08-06T04:40:18.568Z Open on db.gcve.eu Reference links http://www.securitytracker.com/id/1032042 https://www.freebsd.org/security/advisories/FreeBSD-SA-15:08.bsdinstall.asc http://www.securityfocus.com/archive/1/535209/100/0/threaded http://packetstormsecurity.com/files/131338/FreeBSD-10.x-ZFS-encryption.key-Disclosure.html	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2014-8476`	vulnerable	2026-06-08 05:06:08.929146	Details available The setlogin function in FreeBSD 8.4 through 10.1-RC4 does not initialize the buffer used to store the login name, which allows local users to obtain sensitive information from kernel memory via a call to getlogin, which returns the entire buffer. Published: 2014-11-13T15:00:00.000Z Updated: 2024-08-06T13:18:48.291Z Open on db.gcve.eu Reference links http://www.debian.org/security/2014/dsa-3070 https://www.freebsd.org/security/advisories/FreeBSD-SA-14%3A25.setlogin.asc http://secunia.com/advisories/62218 http://secunia.com/advisories/61118	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2014-3955`	vulnerable	2026-06-08 05:05:43.604929	Details available routed in FreeBSD 8.4 through 10.1-RC2 allows remote attackers to cause a denial of service (assertion failure and daemon exit) via an RIP request from a source not on a directly connected network. Published: 2014-10-27T15:00:00.000Z Updated: 2024-08-06T10:57:17.940Z Open on db.gcve.eu Reference links https://www.freebsd.org/security/advisories/FreeBSD-SA-14:21.routed.asc http://secunia.com/advisories/61865 http://www.securitytracker.com/id/1031099	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2014-3954`	vulnerable	2026-06-08 05:05:43.598533	Details available Stack-based buffer overflow in rtsold in FreeBSD 9.1 through 10.1-RC2 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via crafted DNS parameters in a router advertisement message. Published: 2014-10-27T15:00:00.000Z Updated: 2024-08-06T10:57:18.167Z Open on db.gcve.eu Reference links http://www.securitytracker.com/id/1031098 https://www.freebsd.org/security/advisories/FreeBSD-SA-14%3A20.rtsold.asc	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2014-3711`	vulnerable	2026-06-08 05:05:42.544316	Details available namei in FreeBSD 9.1 through 10.1-RC2 allows remote attackers to cause a denial of service (memory exhaustion) via vectors that trigger a sandboxed process to look up a large number of nonexistent path names. Published: 2014-10-27T15:00:00.000Z Updated: 2024-08-06T10:50:18.327Z Open on db.gcve.eu Reference links http://www.debian.org/security/2014/dsa-3070 http://secunia.com/advisories/62218 https://www.freebsd.org/security/advisories/FreeBSD-SA-14:22.namei.asc http://www.securitytracker.com/id/1031100	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.