libedit searches for the .editrc file in the current directory instead of the user's home directory, which may allow local users to execute arbitrary commands by installing a modified .editrc in another directory.

The undocumented semconfig system call in BSD freezes the state of semaphores, which allows local users to cause a denial of service of the semaphore system by using the semconfig call.

xsoldier program allows local users to gain root access via a long argument.

Buffer overflow in the huh program in the orville-write package allows local users to gain root privileges.

asmon and ascpu in FreeBSD allow local users to gain root privileges via a configuration file.

FreeBSD gdc program allows local users to modify files via a symlink attack.

FreeBSD seyon allows users to gain privileges via a modified PATH variable for finding the xterm and seyon-emu commands.

Buffer overflow in FreeBSD xmindpath allows local users to gain privileges via -f argument.

Buffer overflow in FreeBSD angband allows local users to gain privileges.

Buffer overflow in FreeBSD gdc program.