CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  Take a third party risk management course for FREE
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Netbsd » Netbsd » * * * * : Security Vulnerabilities

Cpe Name:cpe:2.3:o:netbsd:netbsd:*:*:*:*:*:*:*:*
Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2021-45489 338 2021-12-25 2022-01-10
5.0
None Remote Low Not required Partial None None
In NetBSD through 9.2, the IPv6 Flow Label generation algorithm employs a weak cryptographic PRNG.
2 CVE-2021-45488 327 +Info 2021-12-25 2022-01-10
5.0
None Remote Low Not required Partial None None
In NetBSD through 9.2, there is an information leak in the TCP ISN (ISS) generation algorithm.
3 CVE-2021-45487 327 2021-12-25 2022-01-10
5.0
None Remote Low Not required Partial None None
In NetBSD through 9.2, the IPv4 ID generation algorithm does not use appropriate cryptographic measures.
4 CVE-2021-45484 326 2021-12-25 2022-01-10
5.0
None Remote Low Not required Partial None None
In NetBSD through 9.2, the IPv6 fragment ID generation algorithm employs a weak cryptographic PRNG.
5 CVE-2017-1000378 400 Exec Code 2017-06-19 2019-10-03
7.5
None Remote Low Not required Partial Partial Partial
The NetBSD qsort() function is recursive, and not randomized, an attacker can construct a pathological input array of N elements that causes qsort() to deterministically recurse N/4 times. This allows attackers to consume arbitrary amounts of stack memory and manipulate stack memory to assist in arbitrary code execution attacks. This affects NetBSD 7.1 and possibly earlier versions.
6 CVE-2017-1000375 119 Exec Code Overflow 2017-06-19 2017-08-12
7.5
None Remote Low Not required Partial Partial Partial
NetBSD maps the run-time link-editor ld.so directly below the stack region, even if ASLR is enabled, this allows attackers to more easily manipulate memory leading to arbitrary code execution. This affects NetBSD 7.1 and possibly earlier versions.
7 CVE-2017-1000374 Exec Code Bypass 2017-06-19 2019-10-03
7.5
None Remote Low Not required Partial Partial Partial
A flaw exists in NetBSD's implementation of the stack guard page that allows attackers to bypass it resulting in arbitrary code execution using certain setuid binaries. This affects NetBSD 7.1 and possibly earlier versions.
8 CVE-2014-5384 119 DoS Overflow 2014-08-21 2014-08-21
5.0
None Remote Low Not required None None Partial
The VIQR module in the iconv implementation in FreeBSD 10.0 before p6 and NetBSD allows context-dependent attackers to cause a denial of service (out-of-bounds array access) via a crafted argument to the iconv_open function. NOTE: this issue was SPLIT from CVE-2014-3951 per ADT2 due to different vulnerability types.
9 CVE-2014-3951 DoS 2014-08-21 2014-08-21
5.0
None Remote Low Not required None None Partial
The HZ module in the iconv implementation in FreeBSD 10.0 before p6 and NetBSD allows context-dependent attackers to cause a denial of service (NULL pointer dereference) via a crafted argument to the iconv_open function. NOTE: this issue was SPLIT per ADT2 due to different vulnerability types. CVE-2014-5384 is used for the NULL pointer dereference.
10 CVE-2012-5365 400 DoS 2020-02-20 2020-02-25
7.8
None Remote Low Not required None None Complete
The IPv6 implementation in FreeBSD and NetBSD (unknown versions, year 2012 and earlier) allows remote attackers to cause a denial of service via a flood of ICMPv6 Router Advertisement packets containing multiple Routing entries.
11 CVE-2012-5363 400 DoS 2020-02-20 2020-02-28
7.8
None Remote Low Not required None None Complete
The IPv6 implementation in FreeBSD and NetBSD (unknown versions, year 2012 and earlier) allows remote attackers to cause a denial of service via a flood of ICMPv6 Neighbor Solicitation messages, a different vulnerability than CVE-2011-2393.
12 CVE-2011-2895 119 Exec Code Overflow 2011-08-19 2017-08-29
9.3
None Remote Medium Not required Complete Complete Complete
The LZW decompressor in (1) the BufCompressedFill function in fontfile/decompress.c in X.Org libXfont before 1.4.4 and (2) compress/compress.c in 4.3BSD, as used in zopen.c in OpenBSD before 3.8, FreeBSD, NetBSD 4.0.x and 5.0.x before 5.0.3 and 5.1.x before 5.1.1, FreeType 2.1.9, and other products, does not properly handle code words that are absent from the decompression table when encountered, which allows context-dependent attackers to trigger an infinite loop or a heap-based buffer overflow, and possibly execute arbitrary code, via a crafted compressed stream, a related issue to CVE-2006-1168 and CVE-2011-2896.
13 CVE-2011-2393 399 DoS 2012-02-02 2012-02-03
7.8
None Remote Low Not required None None Complete
The Neighbor Discovery (ND) protocol implementation in the IPv6 stack in FreeBSD, NetBSD, and possibly other BSD-based operating systems allows remote attackers to cause a denial of service (CPU consumption and device hang) by sending many Router Advertisement (RA) messages with different source addresses, a similar vulnerability to CVE-2010-4670.
14 CVE-2010-3014 200 +Info 2010-08-20 2018-10-10
1.2
None Local High Not required Partial None None
The Coda filesystem kernel module, as used in NetBSD and FreeBSD, when Coda is loaded and Venus is running with /coda mounted, allows local users to read sensitive heap memory via a large out_size value in a ViceIoctl struct to a Coda ioctl, which triggers a buffer over-read.
15 CVE-2010-2530 189 DoS 2010-09-29 2010-09-30
4.9
None Local Low Not required None None Complete
Multiple integer signedness errors in smb_subr.c in the netsmb module in the kernel in NetBSD 5.0.2 and earlier, FreeBSD, and Apple Mac OS X allow local users to cause a denial of service (panic) via a negative size value in a /dev/nsmb ioctl operation, as demonstrated by a (1) SMBIOC_LOOKUP or (2) SMBIOC_OPENSESSION ioctl call.
16 CVE-2009-2793 264 +Priv 2009-09-18 2018-10-10
4.6
None Local Low Not required Partial Partial Partial
The kernel in NetBSD, probably 5.0.1 and earlier, on x86 platforms does not properly handle a pre-commit failure of the iret instruction, which might allow local users to gain privileges via vectors related to a tempEIP pseudocode variable that is outside of the code-segment limits.
17 CVE-2008-4609 16 DoS 2008-10-20 2021-07-07
7.1
None Remote Medium Not required None None Complete
The TCP implementation in (1) Linux, (2) platforms based on BSD Unix, (3) Microsoft Windows, (4) Cisco products, and probably other operating systems allows remote attackers to cause a denial of service (connection queue exhaustion) via multiple vectors that manipulate information in the TCP state table, as demonstrated by sockstress.
18 CVE-2008-2476 20 DoS 2008-10-03 2017-09-29
9.3
None Remote Medium Not required Complete Complete Complete
The IPv6 Neighbor Discovery Protocol (NDP) implementation in (1) FreeBSD 6.3 through 7.1, (2) OpenBSD 4.2 and 4.3, (3) NetBSD, (4) Force10 FTOS before E7.7.1.1, (5) Juniper JUNOS, and (6) Wind River VxWorks 5.x through 6.4 does not validate the origin of Neighbor Discovery messages, which allows remote attackers to cause a denial of service (loss of connectivity) or read private network traffic via a spoofed message that modifies the Forward Information Base (FIB).
19 CVE-2008-1215 264 Overflow +Priv 2008-03-09 2017-08-08
4.6
None Local Low Not required Partial Partial Partial
Stack-based buffer overflow in the command_Expand_Interpret function in command.c in ppp (aka user-ppp), as distributed in FreeBSD 6.3 and 7.0, OpenBSD 4.1 and 4.2, and the net/userppp package for NetBSD, allows local users to gain privileges via long commands containing "~" characters.
20 CVE-2007-6754 189 Overflow 2012-07-25 2012-07-26
5.0
None Remote Low Not required None None Partial
The ipalloc function in libc/stdlib/malloc.c in jemalloc in libc for FreeBSD 6.4 and NetBSD does not properly allocate memory, which makes it easier for context-dependent attackers to perform memory-related attacks such as buffer overflows via a large size value, related to "integer rounding and overflow" errors.
21 CVE-2006-7252 189 Overflow 2012-07-25 2012-07-26
5.0
None Remote Low Not required None None Partial
Integer overflow in the calloc function in libc/stdlib/malloc.c in jemalloc in libc for FreeBSD 6.4 and NetBSD makes it easier for context-dependent attackers to perform memory-related attacks such as buffer overflows via a large size value, which triggers a memory allocation of one byte.
22 CVE-2006-5215 2006-10-10 2018-10-30
2.6
None Local High Not required Partial Partial None
The Xsession script, as used by X Display Manager (xdm) in NetBSD before 20060212, X.Org before 20060317, and Solaris 8 through 10 before 20061006, allows local users to overwrite arbitrary files, or read another user's Xsession errors file, via a symlink attack on a /tmp/xses-$USER file.
23 CVE-2004-0114 +Priv 2004-03-03 2017-10-10
4.6
None Local Low Not required Partial Partial Partial
The shmat system call in the System V Shared Memory interface for FreeBSD 5.2 and earlier, NetBSD 1.3 and earlier, and OpenBSD 2.6 and earlier, does not properly decrement a shared memory segment's reference count when the vm_map_find function fails, which could allow local users to gain read or write access to a portion of kernel memory and gain privileges.
24 CVE-2001-0710 DoS 2001-09-20 2017-10-10
5.0
None Remote Low Not required None None Partial
NetBSD 1.5 and earlier and FreeBSD 4.3 and earlier allows a remote attacker to cause a denial of service by sending a large number of IP fragments to the machine, exhausting the mbuf pool.
25 CVE-2001-0670 Exec Code Overflow 2001-10-03 2017-10-10
7.5
None Remote Low Not required Partial Partial Partial
Buffer overflow in BSD line printer daemon (in.lpd or lpd) in various BSD-based operating systems allows remote attackers to execute arbitrary code via an incomplete print job followed by a request to display the printer queue.
26 CVE-2001-0268 +Priv 2001-05-03 2017-10-10
7.2
None Local Low Not required Complete Complete Complete
The i386_set_ldt system call in NetBSD 1.5 and earlier, and OpenBSD 2.8 and earlier, when the USER_LDT kernel option is enabled, does not validate a call gate target, which allows local users to gain root privileges by creating a segment call gate in the Local Descriptor Table (LDT) with a target that specifies an arbitrary kernel address.
27 CVE-2000-0315 2001-03-12 2016-10-18
5.0
None Remote Low Not required None Partial None
traceroute in NetBSD 1.3.3 and Linux systems allows local unprivileged users to modify the source address of the packets, which could be used in spoofing attacks.
28 CVE-2000-0314 2001-03-12 2016-10-18
5.0
None Remote Low Not required None None Partial
traceroute in NetBSD 1.3.3 and Linux systems allows local users to flood other systems by providing traceroute with a large waittime (-w) option, which is not parsed properly and sets the time delay for sending packets to zero.
29 CVE-1999-1409 1998-07-03 2016-10-18
2.1
None Local Low Not required Partial None None
The at program in IRIX 6.2 and NetBSD 1.3.2 and earlier allows local users to read portions of arbitrary files by submitting the file to at with the -f argument, which generates error messages that at sends to the user via e-mail.
Total number of vulnerabilities : 29   Page : 1 (This Page)
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.