VYPR

NetBSD

by NetBSD

Source repositories

CVEs (176)

  • CVE-2003-0466CriAug 27, 2003
    risk 0.73cvss 9.8epss 0.78

    Off-by-one error in the fb_realpath() function, as derived from the realpath function in BSD, may allow attackers to execute arbitrary code, as demonstrated in wu-ftpd 2.5.0 through 2.6.2 via commands that cause pathnames of length MAXPATHLEN+1 to trigger a buffer overflow,…

  • CVE-2017-1000375CriJun 19, 2017
    risk 0.68cvss 9.8epss 0.19

    NetBSD maps the run-time link-editor ld.so directly below the stack region, even if ASLR is enabled, this allows attackers to more easily manipulate memory leading to arbitrary code execution. This affects NetBSD 7.1 and possibly earlier versions.

  • CVE-2024-6387HigJul 1, 2024
    risk 0.64cvss 8.1epss 1.00

    A security regression (CVE-2006-5051) was discovered in OpenSSH's server (sshd). There is a race condition which can lead sshd to handle some signals in an unsafe manner. An unauthenticated, remote attacker may be able to trigger it by failing to authenticate within a set time…

  • CVE-2017-1000378CriJun 19, 2017
    risk 0.64cvss 9.8epss 0.04

    The NetBSD qsort() function is recursive, and not randomized, an attacker can construct a pathological input array of N elements that causes qsort() to deterministically recurse N/4 times. This allows attackers to consume arbitrary amounts of stack memory and manipulate stack…

  • CVE-2017-1000374CriJun 19, 2017
    risk 0.64cvss 9.8epss 0.03

    A flaw exists in NetBSD's implementation of the stack guard page that allows attackers to bypass it resulting in arbitrary code execution using certain setuid binaries. This affects NetBSD 7.1 and possibly earlier versions.

  • CVE-2015-8212CriJan 19, 2017
    risk 0.64cvss 9.8epss 0.03

    CGI handling flaw in bozohttpd in NetBSD 6.0 through 6.0.6, 6.1 through 6.1.5, and 7.0 allows remote attackers to execute arbitrary code via crafted arguments, which are handled by a non-CGI aware program.

  • CVE-2016-6253HigJan 20, 2017
    risk 0.54cvss 7.8epss 0.04

    mail.local in NetBSD versions 6.0 through 6.0.6, 6.1 through 6.1.5, and 7.0 allows local users to change ownership of or append data to arbitrary files on the target system via a symlink attack on the user mailbox.

  • CVE-2006-6165HigNov 29, 2006
    risk 0.51cvss 7.8epss 0.00

    ld.so in FreeBSD, NetBSD, and possibly other BSD distributions does not remove certain harmful environment variables, which allows local users to gain privileges by passing certain environment variables to loading processes. NOTE: this issue has been disputed by a third party,…

  • CVE-2002-1915MedDec 31, 2002
    risk 0.36cvss 5.5epss 0.00

    tip on multiple BSD-based operating systems allows local users to cause a denial of service (execution prevention) by using flock() to lock the /var/log/acculog file.

  • CVE-1999-0011MedApr 8, 1998
    risk 0.36cvss 5.4epss 0.05

    Denial of Service vulnerabilities in BIND 4.9 and BIND 8 Releases via CNAME record and zone transfer.

  • CVE-2020-26139MedMay 11, 2021
    risk 0.35cvss 5.3epss 0.06

    An issue was discovered in the kernel in NetBSD 7.1. An Access Point (AP) forwards EAPOL frames to other clients even though the sender has not yet successfully authenticated to the AP. This might be abused in projected Wi-Fi networks to launch denial-of-service attacks against…

  • CVE-2014-3566LowOct 15, 2014
    risk 0.33cvss 3.4epss 1.00

    The SSL protocol 3.0, as used in OpenSSL through 1.0.1i and other products, uses nondeterministic CBC padding, which makes it easier for man-in-the-middle attackers to obtain cleartext data via a padding-oracle attack, aka the "POODLE" issue.

  • CVE-2026-32849MedMay 18, 2026
    risk 0.29cvss 5.5epss 0.00

    NetBSD prior to commit ec8451e contains a signed integer overflow vulnerability in the cryptodev_op() function in sys/opencrypto/cryptodev.c where the local variable iov_len is declared as a signed int but assigned from an unsigned cop->dst_len value, causing undefined behavior…

  • CVE-2026-32848MedMay 18, 2026
    risk 0.24cvss 4.7epss 0.00

    NetBSD prior to commit ec8451e contains a race condition vulnerability in cryptodev_op() within the opencrypto subsystem that allows local attackers to trigger a double-free condition by concurrently issuing CIOCCRYPT operations on the same session identifier on SMP systems.…

  • CVE-1999-0016Dec 1, 1997
    risk 0.11cvss epss 0.96

    Land IP denial of service.

  • CVE-2014-8517Nov 17, 2014
    risk 0.09cvss epss 0.69

    The fetch_url function in usr.bin/ftp/fetch.c in tnftp, as used in NetBSD 5.1 through 5.1.4, 5.2 through 5.2.2, 6.0 through 6.0.6, and 6.1 through 6.1.5 allows remote attackers to execute arbitrary commands via a | (pipe) character at the end of an HTTP redirect.

  • CVE-2004-0230Aug 18, 2004
    risk 0.09cvss epss 0.81

    TCP, when using a large Window Size, makes it easier for remote attackers to guess sequence numbers and cause a denial of service (connection loss) to persistent TCP connections by repeatedly injecting a TCP RST packet, especially in protocols that use long-lived connections,…

  • CVE-2002-1337Mar 7, 2003
    risk 0.09cvss epss 0.72

    Buffer overflow in Sendmail 5.79 to 8.12.7 allows remote attackers to execute arbitrary code via certain formatted address fields, related to sender and recipient header comments as processed by the crackaddr function of headers.c.

  • CVE-2003-0001Jan 17, 2003
    risk 0.09cvss epss 0.73

    Multiple ethernet Network Interface Card (NIC) device drivers do not pad frames with null bytes, which allows remote attackers to obtain information from previous packets or kernel memory by using malformed packets, as demonstrated by Etherleak.

  • CVE-1999-0513Jan 5, 1998
    risk 0.09cvss epss 0.70

    ICMP messages to broadcast addresses are allowed, allowing for a Smurf attack that can cause a denial of service.

Page 1 of 9