| # |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
|
1 |
CVE-2010-2530 |
189 |
|
DoS |
2010-09-29 |
2010-09-30 |
4.9 |
None |
Local |
Low |
Not required |
None |
None |
Complete |
|
Multiple integer signedness errors in smb_subr.c in the netsmb module in the kernel in NetBSD 5.0.2 and earlier, FreeBSD, and Apple Mac OS X allow local users to cause a denial of service (panic) via a negative size value in a /dev/nsmb ioctl operation, as demonstrated by a (1) SMBIOC_LOOKUP or (2) SMBIOC_OPENSESSION ioctl call. |
|
2 |
CVE-2009-2793 |
264 |
|
+Priv |
2009-09-18 |
2018-10-10 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
The kernel in NetBSD, probably 5.0.1 and earlier, on x86 platforms does not properly handle a pre-commit failure of the iret instruction, which might allow local users to gain privileges via vectors related to a tempEIP pseudocode variable that is outside of the code-segment limits. |
|
3 |
CVE-2008-4609 |
16 |
|
DoS |
2008-10-20 |
2021-07-07 |
7.1 |
None |
Remote |
Medium |
Not required |
None |
None |
Complete |
|
The TCP implementation in (1) Linux, (2) platforms based on BSD Unix, (3) Microsoft Windows, (4) Cisco products, and probably other operating systems allows remote attackers to cause a denial of service (connection queue exhaustion) via multiple vectors that manipulate information in the TCP state table, as demonstrated by sockstress. |
|
4 |
CVE-2006-5215 |
|
|
|
2006-10-10 |
2018-10-30 |
2.6 |
None |
Local |
High |
Not required |
Partial |
Partial |
None |
|
The Xsession script, as used by X Display Manager (xdm) in NetBSD before 20060212, X.Org before 20060317, and Solaris 8 through 10 before 20061006, allows local users to overwrite arbitrary files, or read another user's Xsession errors file, via a symlink attack on a /tmp/xses-$USER file. |
|
5 |
CVE-2006-1833 |
|
|
|
2006-04-19 |
2017-07-20 |
2.6 |
None |
Remote |
High |
Not required |
Partial |
None |
None |
|
Intel RNG Driver in NetBSD 1.6 through 3.0 may incorrectly detect the presence of the pchb interface, which will cause it to always generate the same random number, which allows remote attackers to more easily crack encryption keys generated from the interface. |
|
6 |
CVE-2006-1814 |
|
|
DoS |
2006-04-18 |
2017-07-20 |
2.1 |
None |
Local |
Low |
Not required |
None |
None |
Partial |
|
NetBSD 1.6, 2.0, 2.1 and 3.0 allows local users to cause a denial of service (memory exhaustion) by using the sysctl system call to lock a large buffer into physical memory. |
|
7 |
CVE-2006-1797 |
|
|
DoS |
2006-04-18 |
2017-07-20 |
4.9 |
None |
Local |
Low |
Not required |
None |
None |
Complete |
|
The kernel in NetBSD-current before September 28, 2005 allows local users to cause a denial of service (system crash) by using the SIOCGIFALIAS ioctl to gather information on a non-existent alias of a network interface, which causes a NULL pointer dereference. |
|
8 |
CVE-2006-1588 |
|
|
|
2006-04-03 |
2017-07-20 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
The bridge ioctl (if_bridge code) in NetBSD 1.6 through 3.0 does not clear sensitive memory before copying ioctl results to the requesting process, which allows local users to obtain portions of kernel memory. |
|
9 |
CVE-2006-1587 |
|
|
|
2006-04-03 |
2017-07-20 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
NetBSD 1.6 up to 3.0, when a user has "set record" in .mailrc with the default umask set, creates the record file with 0644 permissions, which allows local users to read the record file. |
|
10 |
CVE-2006-0145 |
|
|
+Priv |
2006-01-09 |
2018-10-19 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
The kernfs_xread function in kernfs in NetBSD 1.6 through 2.1, and OpenBSD 3.8, does not properly validate file offsets against negative 32-bit values that occur as a result of truncation, which allows local users to read arbitrary kernel memory and gain privileges via the lseek system call. |
|
11 |
CVE-2005-4783 |
|
|
|
2005-12-31 |
2008-09-05 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
kernfs_xread in kernfs_vnops.c in NetBSD before 20050831 does not check for a negative offset when reading the message buffer, which allows local users to read arbitrary kernel memory. |
|
12 |
CVE-2005-4776 |
|
|
DoS Overflow +Priv |
2005-12-31 |
2008-09-05 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
Integer overflow in the FreeBSD compatibility code (freebsd_misc.c) in NetBSD-current, NetBSD-3, NetBSD-2.0, and NetBSD-2 before 20050913; and NetBSD-1.6 before 20050914; allows local users to cause a denial of service (heap corruption or system crash) and possibly gain root privileges. |
|
13 |
CVE-2005-4741 |
|
|
+Priv |
2005-12-31 |
2008-09-05 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
NetBSD 1.6, NetBSD 2.0 through 2.1, and NetBSD-current before 20051031 allows local users to gain privileges by attaching a debugger to a setuid/setgid (P_SUGID) process that performs an exec without a reset of real credentials. |
|
14 |
CVE-2005-4691 |
|
|
|
2005-12-31 |
2008-09-05 |
2.1 |
None |
Local |
Low |
Not required |
None |
Partial |
None |
|
imake in NetBSD before 2.0.3, NetBSD-current before 12 September 2005, certain versions of X.Org, and certain versions of XFree86 allows local users to overwrite arbitrary files via a symlink attack on the temporary file for the file.0 target, which is used for a pre-formatted manual page. |
|
15 |
CVE-2005-4352 |
|
|
Bypass |
2005-12-31 |
2018-10-19 |
2.1 |
None |
Local |
Low |
Not required |
None |
Partial |
None |
|
The securelevels implementation in NetBSD 2.1 and earlier, and Linux 2.6.15 and earlier, allows local users to bypass time setting restrictions and set the clock backwards by setting the clock ahead to the maximum unixtime value (19 Jan 2038), which then wraps around to the minimum value (13 Dec 1901), which can then be set ahead to the desired time, aka "settimeofday() time wrap." |
|
16 |
CVE-2005-2134 |
|
|
DoS |
2005-07-05 |
2008-09-10 |
2.1 |
None |
Local |
Low |
Not required |
None |
None |
Partial |
|
The (1) clcs and (2) emuxki drivers in NetBSD 1.6 through 2.0.2 allow local users to cause a denial of service (kernel crash) by using the set-parameters ioctl on an audio device to change the block size and set the pause state to "unpaused" in the same ioctl, which causes a divide-by-zero error. |
|
17 |
CVE-2004-1323 |
|
|
DoS |
2004-12-16 |
2017-07-11 |
2.1 |
None |
Local |
Low |
Not required |
None |
None |
Partial |
|
Multiple syscalls in the compat subsystem for NetBSD before 2.0 allow local users to cause a denial of service (kernel crash) via a large signal number to (1) xxx_sys_kill, (2) xxx_sys_sigaction, and possibly other translation functions. |
|
18 |
CVE-2004-0257 |
|
|
DoS |
2004-11-23 |
2017-10-10 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
OpenBSD 3.4 and NetBSD 1.6 and 1.6.1 allow remote attackers to cause a denial of service (crash) by sending an IPv6 packet with a small MTU to a listening port and then issuing a TCP connect to that port. |
|
19 |
CVE-2004-0230 |
|
|
DoS |
2004-08-18 |
2018-10-19 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
TCP, when using a large Window Size, makes it easier for remote attackers to guess sequence numbers and cause a denial of service (connection loss) to persistent TCP connections by repeatedly injecting a TCP RST packet, especially in protocols that use long-lived connections, such as BGP. |
|
20 |
CVE-2003-0914 |
|
|
|
2003-12-15 |
2018-10-30 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
ISC BIND 8.3.x before 8.3.7, and 8.4.x before 8.4.3, allows remote attackers to poison the cache via a malicious name server that returns negative responses with a large TTL (time-to-live) value. |
|
21 |
CVE-2003-0730 |
|
|
DoS Exec Code Overflow |
2003-10-20 |
2016-10-18 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Multiple integer overflows in the font libraries for XFree86 4.3.0 allow local or remote attackers to cause a denial of service or execute arbitrary code via heap-based and stack-based buffer overflow attacks. |
|
22 |
CVE-2003-0694 |
|
|
Exec Code Overflow |
2003-10-06 |
2018-10-30 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
The prescan function in Sendmail 8.12.9 allows remote attackers to execute arbitrary code via buffer overflow attacks, as demonstrated using the parseaddr function in parseaddr.c. |
|
23 |
CVE-2003-0681 |
|
|
Overflow |
2003-10-06 |
2018-05-03 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
A "potential buffer overflow in ruleset parsing" for Sendmail 8.12.9, when using the nonstandard rulesets (1) recipient (2), final, or (3) mailer-specific envelope recipients, has unknown consequences. |
|
24 |
CVE-2003-0653 |
|
|
DoS |
2003-08-27 |
2008-09-10 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
The OSI networking kernel (sys/netiso) in NetBSD 1.6.1 and earlier does not use a BSD-required "PKTHDR" mbuf when sending certain error responses to the sender of an OSI packet, which allows remote attackers to cause a denial of service (kernel panic or crash) via certain OSI packets. |
|
25 |
CVE-2003-0466 |
|
|
Exec Code Overflow |
2003-08-27 |
2018-05-03 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
Off-by-one error in the fb_realpath() function, as derived from the realpath function in BSD, may allow attackers to execute arbitrary code, as demonstrated in wu-ftpd 2.5.0 through 2.6.2 via commands that cause pathnames of length MAXPATHLEN+1 to trigger a buffer overflow, including (1) STOR, (2) RETR, (3) APPE, (4) DELE, (5) MKD, (6) RMD, (7) STOU, or (8) RNTO. |
|
26 |
CVE-2003-0102 |
|
|
Exec Code Overflow |
2003-03-18 |
2018-05-03 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
Buffer overflow in tryelf() in readelf.c of the file command allows attackers to execute arbitrary code as the user running file, possibly via a large entity size value in an ELF header (elfhdr.e_shentsize). |
|
27 |
CVE-2003-0001 |
200 |
|
+Info |
2003-01-17 |
2019-04-30 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Multiple ethernet Network Interface Card (NIC) device drivers do not pad frames with null bytes, which allows remote attackers to obtain information from previous packets or kernel memory by using malformed packets, as demonstrated by Etherleak. |
|
28 |
CVE-2002-1543 |
|
|
Overflow +Priv |
2003-03-31 |
2008-09-05 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
Buffer overflow in trek on NetBSD 1.5 through 1.5.3 allows local users to gain privileges via long keyboard input. |
|
29 |
CVE-2002-1337 |
|
|
Exec Code Overflow |
2003-03-07 |
2018-10-30 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
Buffer overflow in Sendmail 5.79 to 8.12.7 allows remote attackers to execute arbitrary code via certain formatted address fields, related to sender and recipient header comments as processed by the crackaddr function of headers.c. |
|
30 |
CVE-2002-1194 |
|
|
Exec Code Overflow |
2002-10-28 |
2008-09-10 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Buffer overflow in talkd on NetBSD 1.6 and earlier, and possibly other operating systems, may allow remote attackers to execute arbitrary code via a long inbound message. |
|
31 |
CVE-2002-1192 |
|
|
Overflow +Priv |
2002-10-28 |
2017-07-11 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
Multiple buffer overflows in rogue on NetBSD 1.6 and earlier, FreeBSD 4.6, and possibly other operating systems, allows local users to gain "games" group privileges via malformed entries in a game save file. |
|
32 |
CVE-2002-1165 |
|
|
Bypass |
2002-10-11 |
2016-10-18 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
Sendmail Consortium's Restricted Shell (SMRSH) in Sendmail 8.12.6, 8.11.6-15, and possibly other versions after 8.11 from 5/19/1998, allows attackers to bypass the intended restrictions of smrsh by inserting additional commands after (1) "||" sequences or (2) "/" characters, which are not properly filtered or verified. |
