NetBSD
by NetBSD
Source repositories
CVEs (176)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-1999-0466 | 0.00 | — | 0.00 | Apr 21, 1999 | The SVR4 /dev/wabi special device file in NetBSD 1.3.3 and earlier allows a local user to read or write arbitrary files on the disk associated with that device. | |||
| CVE-1999-0446 | 0.00 | — | 0.00 | Apr 12, 1999 | Local users can perform a denial of service in NetBSD 1.3.3 and earlier versions by creating an unusual symbolic link with the ln command, triggering a bug in VFS. | |||
| CVE-1999-0434 | 0.00 | — | 0.01 | Mar 30, 1999 | XFree86 xfs command is vulnerable to a symlink attack, allowing local users to create files in restricted directories, possibly allowing them to gain privileges or cause a denial of service. | |||
| CVE-1999-0422 | 0.00 | — | 0.00 | Mar 17, 1999 | In some cases, NetBSD 1.3.3 mount allows local users to execute programs in some file systems that have the "noexec" flag set. | |||
| CVE-1999-0396 | 0.00 | — | 0.01 | Feb 17, 1999 | A race condition between the select() and accept() calls in NetBSD TCP servers allows remote attackers to cause a denial of service. | |||
| CVE-1999-0367 | 0.00 | — | 0.00 | Feb 9, 1999 | NetBSD netstat command allows local users to access kernel memory. | |||
| CVE-1999-0303 | 0.00 | — | 0.00 | May 21, 1998 | Buffer overflow in BNU UUCP daemon (uucpd) through long hostnames. | |||
| CVE-1999-0010 | 0.00 | — | 0.02 | Apr 8, 1998 | Denial of Service vulnerability in BIND 8 Releases via maliciously formatted DNS messages. | |||
| CVE-1999-0323 | 0.00 | — | 0.01 | Feb 20, 1998 | FreeBSD mmap function allows users to modify append-only or immutable files. | |||
| CVE-1999-0304 | 0.00 | — | 0.00 | Feb 1, 1998 | mmap function in BSD allows local attackers in the kmem group to modify memory through devices. | |||
| CVE-1999-0017 | 0.00 | — | 0.02 | Dec 10, 1997 | FTP servers can allow an attacker to connect to arbitrary ports on machines other than the FTP client, aka FTP bounce. | |||
| CVE-1999-1214 | 0.00 | — | 0.00 | Sep 15, 1997 | The asynchronous I/O facility in 4.4 BSD kernel does not check user credentials when setting the recipient of I/O notification, which allows local users to cause a denial of service by using certain ioctl and fcntl calls to cause the signal to be sent to an arbitrary process ID. | |||
| CVE-1999-1225 | 0.00 | — | 0.02 | Aug 24, 1997 | rpc.mountd on Linux, Ultrix, and possibly other operating systems, allows remote attackers to determine the existence of a file on the server by attempting to mount that file, which generates different error messages depending on whether the file exists or not. | |||
| CVE-1999-0628 | 0.00 | — | 0.01 | Jul 1, 1997 | The rwho/rwhod service is running, which exposes machine status and user information. | |||
| CVE-1999-0297 | 0.00 | — | 0.00 | Dec 12, 1996 | Buffer overflow in Vixie Cron library up to version 3.0 allows local users to obtain root access via a long environmental variable. | |||
| CVE-1999-0085 | 0.00 | — | 0.04 | Aug 21, 1996 | Buffer overflow in rwhod on AIX and other operating systems allows remote attackers to execute arbitrary code via a UDP packet with a long hostname. |
- CVE-1999-0466Apr 21, 1999risk 0.00cvss —epss 0.00
The SVR4 /dev/wabi special device file in NetBSD 1.3.3 and earlier allows a local user to read or write arbitrary files on the disk associated with that device.
- CVE-1999-0446Apr 12, 1999risk 0.00cvss —epss 0.00
Local users can perform a denial of service in NetBSD 1.3.3 and earlier versions by creating an unusual symbolic link with the ln command, triggering a bug in VFS.
- CVE-1999-0434Mar 30, 1999risk 0.00cvss —epss 0.01
XFree86 xfs command is vulnerable to a symlink attack, allowing local users to create files in restricted directories, possibly allowing them to gain privileges or cause a denial of service.
- CVE-1999-0422Mar 17, 1999risk 0.00cvss —epss 0.00
In some cases, NetBSD 1.3.3 mount allows local users to execute programs in some file systems that have the "noexec" flag set.
- CVE-1999-0396Feb 17, 1999risk 0.00cvss —epss 0.01
A race condition between the select() and accept() calls in NetBSD TCP servers allows remote attackers to cause a denial of service.
- CVE-1999-0367Feb 9, 1999risk 0.00cvss —epss 0.00
NetBSD netstat command allows local users to access kernel memory.
- CVE-1999-0303May 21, 1998risk 0.00cvss —epss 0.00
Buffer overflow in BNU UUCP daemon (uucpd) through long hostnames.
- CVE-1999-0010Apr 8, 1998risk 0.00cvss —epss 0.02
Denial of Service vulnerability in BIND 8 Releases via maliciously formatted DNS messages.
- CVE-1999-0323Feb 20, 1998risk 0.00cvss —epss 0.01
FreeBSD mmap function allows users to modify append-only or immutable files.
- CVE-1999-0304Feb 1, 1998risk 0.00cvss —epss 0.00
mmap function in BSD allows local attackers in the kmem group to modify memory through devices.
- CVE-1999-0017Dec 10, 1997risk 0.00cvss —epss 0.02
FTP servers can allow an attacker to connect to arbitrary ports on machines other than the FTP client, aka FTP bounce.
- CVE-1999-1214Sep 15, 1997risk 0.00cvss —epss 0.00
The asynchronous I/O facility in 4.4 BSD kernel does not check user credentials when setting the recipient of I/O notification, which allows local users to cause a denial of service by using certain ioctl and fcntl calls to cause the signal to be sent to an arbitrary process ID.
- CVE-1999-1225Aug 24, 1997risk 0.00cvss —epss 0.02
rpc.mountd on Linux, Ultrix, and possibly other operating systems, allows remote attackers to determine the existence of a file on the server by attempting to mount that file, which generates different error messages depending on whether the file exists or not.
- CVE-1999-0628Jul 1, 1997risk 0.00cvss —epss 0.01
The rwho/rwhod service is running, which exposes machine status and user information.
- CVE-1999-0297Dec 12, 1996risk 0.00cvss —epss 0.00
Buffer overflow in Vixie Cron library up to version 3.0 allows local users to obtain root access via a long environmental variable.
- CVE-1999-0085Aug 21, 1996risk 0.00cvss —epss 0.04
Buffer overflow in rwhod on AIX and other operating systems allows remote attackers to execute arbitrary code via a UDP packet with a long hostname.
Page 9 of 9