VYPR

Vendor CVEs

NetBSD

All CVEs

186 total · sorted by risk
  • CVE-2000-0440May 1, 2000
    risk 0.03cvss epss 0.03

    NetBSD 1.4.2 and earlier allows remote attackers to cause a denial of service by sending a packet with an unaligned IP timestamp option.

  • CVE-2000-0094Feb 16, 2000
    risk 0.03cvss epss 0.01

    procfs in BSD systems allows local users to gain root privileges by modifying the /proc/pid/mem interface via a modified file descriptor for stderr.

  • CVE-2000-0489Sep 5, 1999
    risk 0.03cvss epss 0.01

    FreeBSD, NetBSD, and OpenBSD allow an attacker to cause a denial of service by creating a large number of socket pairs using the socketpair function, setting a large buffer size via setsockopt, then writing large buffers.

  • CVE-1999-0674Aug 9, 1999
    risk 0.03cvss epss 0.01

    The BSD profil system call allows a local user to modify the internal data space of a program via profiling and execve.

  • CVE-1999-1518Jul 15, 1999
    risk 0.03cvss epss 0.03

    Operating systems with shared memory implementations based on BSD 4.4 code allow a user to conduct a denial of service and bypass memory limits (e.g., as specified with rlimits) using mmap or shmget to allocate memory and cause page faults.

  • CVE-1999-0433Mar 21, 1999
    risk 0.03cvss epss 0.01

    XFree86 startx command is vulnerable to a symlink attack, allowing local users to create files in restricted directories, possibly allowing them to gain privileges or cause a denial of service.

  • CVE-1999-1409Jul 3, 1998
    risk 0.03cvss epss 0.01

    The at program in IRIX 6.2 and NetBSD 1.3.2 and earlier allows local users to read portions of arbitrary files by submitting the file to at with the -f argument, which generates error messages that at sends to the user via e-mail.

  • CVE-2015-2305Mar 30, 2015
    risk 0.01cvss epss 0.08

    Integer overflow in the regcomp implementation in the Henry Spencer BSD regex library (aka rxspencer) alpha3.8.g5 on 32-bit platforms, as used in NetBSD through 6.1.5 and other products, might allow context-dependent attackers to execute arbitrary code via a large regular…

  • CVE-2011-2895Aug 19, 2011
    risk 0.01cvss epss 0.08

    The LZW decompressor in (1) the BufCompressedFill function in fontfile/decompress.c in X.Org libXfont before 1.4.4 and (2) compress/compress.c in 4.3BSD, as used in zopen.c in OpenBSD before 3.8, FreeBSD, NetBSD 4.0.x and 5.0.x before 5.0.3 and 5.1.x before 5.1.1, FreeType…

  • CVE-2010-4755Mar 2, 2011
    risk 0.01cvss epss 0.08

    The (1) remote_glob function in sftp-glob.c and the (2) process_put function in sftp.c in OpenSSH 5.8 and earlier, as used in FreeBSD 7.3 and 8.1, NetBSD 5.0.2, OpenBSD 4.7, and other products, allow remote authenticated users to cause a denial of service (CPU and memory…

  • CVE-2006-4304Aug 24, 2006
    risk 0.01cvss epss 0.11

    Buffer overflow in the sppp driver in FreeBSD 4.11 through 6.1, NetBSD 2.0 through 4.0 beta before 20060823, and OpenBSD 3.8 and 3.9 before 20060902 allows remote attackers to cause a denial of service (panic), obtain sensitive information, and possibly execute arbitrary code…

  • CVE-2003-0028Mar 25, 2003
    risk 0.01cvss epss 0.15

    Integer overflow in the xdrmem_getbytes() function, and possibly other functions, of XDR (external data representation) libraries derived from SunRPC, including libnsl, libc, glibc, and dietlibc, allows remote attackers to execute arbitrary code via certain integer values in…

  • CVE-2001-0670Oct 3, 2001
    risk 0.01cvss epss 0.07

    Buffer overflow in BSD line printer daemon (in.lpd or lpd) in various BSD-based operating systems allows remote attackers to execute arbitrary code via an incomplete print job followed by a request to display the printer queue.

  • CVE-1999-0074Jul 1, 1997
    risk 0.01cvss epss 0.08

    Listening TCP ports are sequentially allocated, allowing spoofing attacks.

  • CVE-2023-45198Oct 5, 2023
    risk 0.00cvss epss 0.00

    ftpd before "NetBSD-ftpd 20230930" can leak information about the host filesystem before authentication via an MLSD or MLST command. tnftpd (the portable version of NetBSD ftpd) before 20231001 is also vulnerable.

  • CVE-2021-45484Dec 25, 2021
    risk 0.00cvss epss 0.01

    In NetBSD through 9.2, the IPv6 fragment ID generation algorithm employs a weak cryptographic PRNG.

  • CVE-2021-45487Dec 25, 2021
    risk 0.00cvss epss 0.01

    In NetBSD through 9.2, the IPv4 ID generation algorithm does not use appropriate cryptographic measures.

  • CVE-2021-45488Dec 25, 2021
    risk 0.00cvss epss 0.01

    In NetBSD through 9.2, there is an information leak in the TCP ISN (ISS) generation algorithm.

  • CVE-2021-45489Dec 25, 2021
    risk 0.00cvss epss 0.01

    In NetBSD through 9.2, the IPv6 Flow Label generation algorithm employs a weak cryptographic PRNG.

  • CVE-2012-5365Feb 20, 2020
    risk 0.00cvss epss 0.03

    The IPv6 implementation in FreeBSD and NetBSD (unknown versions, year 2012 and earlier) allows remote attackers to cause a denial of service via a flood of ICMPv6 Router Advertisement packets containing multiple Routing entries.

  • CVE-2011-2480Nov 27, 2019
    risk 0.00cvss epss 0.02

    Information Disclosure vulnerability in the 802.11 stack, as used in FreeBSD before 8.2 and NetBSD when using certain non-x86 architectures. A signedness error in the IEEE80211_IOC_CHANINFO ioctl allows a local unprivileged user to cause the kernel to copy large amounts of…

  • CVE-2015-5917Oct 9, 2015
    risk 0.00cvss epss 0.03

    The glob implementation in tnftpd (formerly lukemftpd), as used in Apple OS X before 10.11, allows remote attackers to cause a denial of service (memory consumption and daemon outage) via a STAT command containing a crafted pattern, as demonstrated by multiple instances of the…

  • CVE-2014-7250Dec 12, 2014
    risk 0.00cvss epss 0.05

    The TCP stack in 4.3BSD Net/2, as used in FreeBSD 5.4, NetBSD possibly 2.0, and OpenBSD possibly 3.6, does not properly implement the session timer, which allows remote attackers to cause a denial of service (resource consumption) via crafted packets.

  • CVE-2014-5384Aug 21, 2014
    risk 0.00cvss epss 0.02

    The VIQR module in the iconv implementation in FreeBSD 10.0 before p6 and NetBSD allows context-dependent attackers to cause a denial of service (out-of-bounds array access) via a crafted argument to the iconv_open function. NOTE: this issue was SPLIT from CVE-2014-3951 per…

  • CVE-2014-3951Aug 21, 2014
    risk 0.00cvss epss 0.02

    The HZ module in the iconv implementation in FreeBSD 10.0 before p6 and NetBSD allows context-dependent attackers to cause a denial of service (NULL pointer dereference) via a crafted argument to the iconv_open function. NOTE: this issue was SPLIT per ADT2 due to different…

  • CVE-2014-5015Jul 24, 2014
    risk 0.00cvss epss 0.02

    bozotic HTTP server (aka bozohttpd) before 20140708, as used in NetBSD, truncates paths when checking .htpasswd restrictions, which allows remote attackers to bypass the HTTP authentication scheme and access restrictions via a long path.

  • CVE-2007-6754Jul 25, 2012
    risk 0.00cvss epss 0.01

    The ipalloc function in libc/stdlib/malloc.c in jemalloc in libc for FreeBSD 6.4 and NetBSD does not properly allocate memory, which makes it easier for context-dependent attackers to perform memory-related attacks such as buffer overflows via a large size value, related to…

  • CVE-2006-7252Jul 25, 2012
    risk 0.00cvss epss 0.01

    Integer overflow in the calloc function in libc/stdlib/malloc.c in jemalloc in libc for FreeBSD 6.4 and NetBSD makes it easier for context-dependent attackers to perform memory-related attacks such as buffer overflows via a large size value, which triggers a memory allocation of…

  • CVE-2011-2393Feb 2, 2012
    risk 0.00cvss epss 0.02

    The Neighbor Discovery (ND) protocol implementation in the IPv6 stack in FreeBSD, NetBSD, and possibly other BSD-based operating systems allows remote attackers to cause a denial of service (CPU consumption and device hang) by sending many Router Advertisement (RA) messages with…

  • CVE-2011-1920May 23, 2011
    risk 0.00cvss epss 0.00

    The make include files in NetBSD before 1.6.2, as used in pmake 1.111 and other products, allow local users to overwrite arbitrary files via a symlink attack on a /tmp/_depend##### temporary file, related to (1) bsd.lib.mk and (2) bsd.prog.mk.

  • CVE-2010-4754Mar 2, 2011
    risk 0.00cvss epss 0.01

    The glob implementation in libc in FreeBSD 7.3 and 8.1, NetBSD 5.0.2, and OpenBSD 4.7, and Libsystem in Apple Mac OS X before 10.6.8, allows remote authenticated users to cause a denial of service (CPU and memory consumption) via crafted glob expressions that do not match any…

  • CVE-2010-2530Sep 29, 2010
    risk 0.00cvss epss 0.00

    Multiple integer signedness errors in smb_subr.c in the netsmb module in the kernel in NetBSD 5.0.2 and earlier, FreeBSD, and Apple Mac OS X allow local users to cause a denial of service (panic) via a negative size value in a /dev/nsmb ioctl operation, as demonstrated by a (1)…

  • CVE-2010-3014Aug 20, 2010
    risk 0.00cvss epss 0.00

    The Coda filesystem kernel module, as used in NetBSD and FreeBSD, when Coda is loaded and Venus is running with /coda mounted, allows local users to read sensitive heap memory via a large out_size value in a ViceIoctl struct to a Coda ioctl, which triggers a buffer over-read.

  • CVE-2010-0561Feb 8, 2010
    risk 0.00cvss epss 0.00

    Integer signedness error in NetBSD 4.0, 5.0, and NetBSD-current before 2010-01-21 allows local users to cause a denial of service (kernel panic) via a negative mixer index number being passed to (1) the azalia_query_devinfo function in the azalia audio driver…

  • CVE-2009-2483Jul 16, 2009
    risk 0.00cvss epss 0.00

    libprop/prop_object.c in proplib in NetBSD 4.0 and 4.0.1 allows local users to cause a denial of service (NULL pointer dereference and kernel panic) via a malformed externalized plist (XML form) containing an undefined element.

  • CVE-2009-2482Jul 16, 2009
    risk 0.00cvss epss 0.00

    The pam_unix module in OpenPAM in NetBSD 4.0 before 4.0.2 and 5.0 before 5.0.1 allows local users to change the current root password if it is already known, even when they are not in the wheel group.

  • CVE-2008-2476Oct 3, 2008
    risk 0.00cvss epss 0.07

    The IPv6 Neighbor Discovery Protocol (NDP) implementation in (1) FreeBSD 6.3 through 7.1, (2) OpenBSD 4.2 and 4.3, (3) NetBSD, (4) Force10 FTOS before E7.7.1.1, (5) Juniper JUNOS, and (6) Wind River VxWorks 5.x through 6.4 does not validate the origin of Neighbor Discovery…

  • CVE-2008-3584Sep 11, 2008
    risk 0.00cvss epss 0.03

    NetBSD 3.0, 3.1, and 4.0, when a pppoe instance exists, does not properly check the length of a PPPoE packet tag, which allows remote attackers to cause a denial of service (system crash) via a crafted PPPoE packet.

  • CVE-2008-2464Sep 11, 2008
    risk 0.00cvss epss 0.02

    The mld_input function in sys/netinet6/mld6.c in the kernel in NetBSD 4.0, FreeBSD, and KAME, when INET6 is enabled, allows remote attackers to cause a denial of service (divide-by-zero error and panic) via a malformed ICMPv6 Multicast Listener Discovery (MLD) query with a…

  • CVE-2008-3530Sep 5, 2008
    risk 0.00cvss epss 0.05

    sys/netinet6/icmp6.c in the kernel in FreeBSD 6.3 through 7.1, NetBSD 3.0 through 4.0, and possibly other operating systems does not properly check the proposed new MTU in an ICMPv6 Packet Too Big Message, which allows remote attackers to cause a denial of service (panic) via a…

  • CVE-2008-1335Mar 13, 2008
    risk 0.00cvss epss 0.02

    The ipsec4_get_ulp function in the kernel in NetBSD 2.0 through 3.1 and NetBSD-current before 20071028, when the fast_ipsec subsystem is enabled, allows remote attackers to bypass the IPsec policy by sending packets from a source machine with a different endianness than the…

  • CVE-2008-1148Mar 4, 2008
    risk 0.00cvss epss 0.01

    A certain pseudo-random number generator (PRNG) algorithm that uses ADD with 0 random hops (aka "Algorithm A0"), as used in OpenBSD 3.5 through 4.2 and NetBSD 1.6.2 through 4.0, allows remote attackers to guess sensitive values such as (1) DNS transaction IDs or (2) IP…

  • CVE-2007-3654Sep 17, 2007
    risk 0.00cvss epss 0.00

    The display driver allocattr functions in NetBSD 3.0 through 4.0_BETA2, and NetBSD-current before 20070728, allow local users to cause a denial of service (panic) via a (1) negative or (2) large value in an ioctl call, as demonstrated by the vga_allocattr function.

  • CVE-2007-1677Mar 30, 2007
    risk 0.00cvss epss 0.00

    Multiple buffer overflows in the ISO network protocol support in the NetBSD kernel 2.0 through 4.0_BETA2, and NetBSD-current before 20070329, allow local users to execute arbitrary code via long parameters to certain functions, as demonstrated by a long sockaddr structure…

  • CVE-2007-1523Mar 20, 2007
    risk 0.00cvss epss 0.01

    Heap-based buffer overflow in the kernel in NetBSD 3.0, certain versions of FreeBSD and OpenBSD, and possibly other BSD derived operating systems allows local users to have an unknown impact. NOTE: this information is based upon a vague pre-advisory with no actionable…

  • CVE-2007-1273Mar 10, 2007
    risk 0.00cvss epss 0.00

    Integer overflow in the ktruser function in NetBSD-current before 20061022, NetBSD 3 and 3-0 before 20061024, and NetBSD 2 before 20070209, when the kernel is built with the COMPAT_FREEBSD or COMPAT_DARWIN option, allows local users to cause a denial of service and possibly gain…

  • CVE-2006-6730Dec 26, 2006
    risk 0.00cvss epss 0.00

    OpenBSD and NetBSD permit usermode code to kill the display server and write to the X.Org /dev/xf86 device, which allows local users with root privileges to reduce securelevel by replacing the System Management Mode (SMM) handler via a write to an SMRAM address within /dev/xf86…

  • CVE-2006-6653Dec 20, 2006
    risk 0.00cvss epss 0.00

    The accept function in NetBSD-current before 20061023, NetBSD 3.0 and 3.0.1 before 20061024, and NetBSD 2.x before 20061029 allows local users to cause a denial of service (socket consumption) via an invalid (1) name or (2) namelen parameter, which may result in the socket never…

  • CVE-2006-6655Dec 20, 2006
    risk 0.00cvss epss 0.00

    The procfs implementation in NetBSD-current before 20061023, NetBSD 3.0 and 3.0.1 before 20061024, and NetBSD 2.x before 20061029 allows local users to cause a denial of service (kernel panic) by attempting to access /emul/linux/proc/0/stat on a procfs filesystem that was…

  • CVE-2006-6656Dec 20, 2006
    risk 0.00cvss epss 0.00

    Unspecified vulnerability in ptrace in NetBSD-current before 20061027, NetBSD 3.0 and 3.0.1 before 20061027, and NetBSD 2.x before 20061119 allows local users to read kernel memory and obtain sensitive information via certain manipulations of a PT_LWPINFO request, which leads to…