Vendor CVEs
NetBSD
All CVEs
186 total · sorted by risk| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2001-1091 | 0.00 | — | 0.00 | Aug 23, 2001 | The (1) dump and (2) dump_lfs commands in NetBSD 1.4.x through 1.5.1 do not properly drop privileges, which could allow local users to gain privileges via the RCMD_CMD environment variable. | |||
| CVE-2001-1145 | 0.00 | — | 0.00 | Aug 17, 2001 | fts routines in FreeBSD 4.3 and earlier, NetBSD before 1.5.2, and OpenBSD 2.9 and earlier can be forced to change (chdir) into a different directory than intended when the directory above the current directory is moved, which could cause scripts to perform dangerous actions on… | |||
| CVE-2001-0993 | 0.00 | — | 0.00 | Jul 24, 2001 | sendmsg function in NetBSD 1.3 through 1.5 allows local users to cause a denial of service (kernel trap or panic) via a msghdr structure with a large msg_controllen length. | |||
| CVE-2001-1244 | 0.00 | — | 0.35 | Jul 7, 2001 | Multiple TCP implementations could allow remote attackers to cause a denial of service (bandwidth and CPU exhaustion) by setting the maximum segment size (MSS) to a very small number and requesting large amounts of data, which generates more packets with less TCP-level data that… | |||
| CVE-2001-0268 | 0.00 | — | 0.01 | May 3, 2001 | The i386_set_ldt system call in NetBSD 1.5 and earlier, and OpenBSD 2.8 and earlier, when the USER_LDT kernel option is enabled, does not validate a call gate target, which allows local users to gain root privileges by creating a segment call gate in the Local Descriptor Table… | |||
| CVE-2000-0314 | 0.00 | — | 0.02 | Mar 12, 2001 | traceroute in NetBSD 1.3.3 and Linux systems allows local users to flood other systems by providing traceroute with a large waittime (-w) option, which is not parsed properly and sets the time delay for sending packets to zero. | |||
| CVE-2000-0315 | 0.00 | — | 0.02 | Mar 12, 2001 | traceroute in NetBSD 1.3.3 and Linux systems allows local unprivileged users to modify the source address of the packets, which could be used in spoofing attacks. | |||
| CVE-2001-0033 | 0.00 | — | 0.00 | Feb 16, 2001 | KTH Kerberos IV allows local users to change the configuration of a Kerberos server running at an elevated privilege by specifying an alternate directory using with the KRBCONFDIR environmental variable, which allows the user to gain additional privileges. | |||
| CVE-2001-0094 | 0.00 | — | 0.00 | Feb 12, 2001 | Buffer overflow in kdc_reply_cipher of libkrb (Kerberos 4 authentication library) in NetBSD 1.5 and FreeBSD 4.2 and earlier, as used in Kerberised applications such as telnetd and login, allows local users to gain root privileges. | |||
| CVE-2000-0997 | 0.00 | — | 0.01 | Dec 19, 2000 | Format string vulnerabilities in eeprom program in OpenBSD, NetBSD, and possibly other operating systems allows local attackers to gain root privileges. | |||
| CVE-2000-0952 | 0.00 | — | 0.05 | Dec 19, 2000 | global.cgi CGI program in Global 3.55 and earlier on NetBSD allows remote attackers to execute arbitrary commands via shell metacharacters. | |||
| CVE-2000-0750 | 0.00 | — | 0.02 | Oct 20, 2000 | Buffer overflow in mopd (Maintenance Operations Protocol loader daemon) allows remote attackers to execute arbitrary commands via a long file name. | |||
| CVE-2000-0461 | 0.00 | — | 0.00 | May 29, 2000 | The undocumented semconfig system call in BSD freezes the state of semaphores, which allows local users to cause a denial of service of the semaphore system by using the semconfig call. | |||
| CVE-2000-0456 | 0.00 | — | 0.00 | May 28, 2000 | NetBSD 1.4.2 and earlier allows local users to cause a denial of service by repeatedly running certain system calls in the kernel which do not yield the CPU, aka "cpu-hog". | |||
| CVE-2000-0462 | 0.00 | — | 0.00 | May 28, 2000 | ftpd in NetBSD 1.4.2 does not properly parse entries in /etc/ftpchroot and does not chroot the specified users, which allows those users to access other files outside of their home directory. | |||
| CVE-2000-0157 | 0.00 | — | 0.00 | Feb 1, 2000 | NetBSD ptrace call on VAX allows local users to gain privileges by modifying the PSL contents in the debugging process. | |||
| CVE-2000-0092 | 0.00 | — | 0.00 | Jan 19, 2000 | The BSD make program allows local users to modify files via a symlink attack when the -j option is being used. | |||
| CVE-1999-0764 | 0.00 | — | 0.01 | May 1, 1999 | NetBSD allows ARP packets to overwrite static ARP entries. | |||
| CVE-1999-0763 | 0.00 | — | 0.01 | May 1, 1999 | NetBSD on a multi-homed host allows ARP packets on one network to modify ARP entries on another connected network. | |||
| CVE-1999-0466 | 0.00 | — | 0.00 | Apr 21, 1999 | The SVR4 /dev/wabi special device file in NetBSD 1.3.3 and earlier allows a local user to read or write arbitrary files on the disk associated with that device. | |||
| CVE-1999-0446 | 0.00 | — | 0.00 | Apr 12, 1999 | Local users can perform a denial of service in NetBSD 1.3.3 and earlier versions by creating an unusual symbolic link with the ln command, triggering a bug in VFS. | |||
| CVE-1999-0434 | 0.00 | — | 0.01 | Mar 30, 1999 | XFree86 xfs command is vulnerable to a symlink attack, allowing local users to create files in restricted directories, possibly allowing them to gain privileges or cause a denial of service. | |||
| CVE-1999-0422 | 0.00 | — | 0.00 | Mar 17, 1999 | In some cases, NetBSD 1.3.3 mount allows local users to execute programs in some file systems that have the "noexec" flag set. | |||
| CVE-1999-0420 | 0.00 | — | 0.00 | Mar 17, 1999 | umapfs allows local users to gain root privileges by changing their uid through a malicious mount_umap program. | |||
| CVE-1999-0396 | 0.00 | — | 0.01 | Feb 17, 1999 | A race condition between the select() and accept() calls in NetBSD TCP servers allows remote attackers to cause a denial of service. | |||
| CVE-1999-0367 | 0.00 | — | 0.00 | Feb 9, 1999 | NetBSD netstat command allows local users to access kernel memory. | |||
| CVE-1999-0303 | 0.00 | — | 0.00 | May 21, 1998 | Buffer overflow in BNU UUCP daemon (uucpd) through long hostnames. | |||
| CVE-1999-0010 | 0.00 | — | 0.02 | Apr 8, 1998 | Denial of Service vulnerability in BIND 8 Releases via maliciously formatted DNS messages. | |||
| CVE-1999-0323 | 0.00 | — | 0.01 | Feb 20, 1998 | FreeBSD mmap function allows users to modify append-only or immutable files. | |||
| CVE-1999-0304 | 0.00 | — | 0.00 | Feb 1, 1998 | mmap function in BSD allows local attackers in the kmem group to modify memory through devices. | |||
| CVE-1999-0017 | 0.00 | — | 0.02 | Dec 10, 1997 | FTP servers can allow an attacker to connect to arbitrary ports on machines other than the FTP client, aka FTP bounce. | |||
| CVE-1999-1214 | 0.00 | — | 0.00 | Sep 15, 1997 | The asynchronous I/O facility in 4.4 BSD kernel does not check user credentials when setting the recipient of I/O notification, which allows local users to cause a denial of service by using certain ioctl and fcntl calls to cause the signal to be sent to an arbitrary process ID. | |||
| CVE-1999-1225 | 0.00 | — | 0.02 | Aug 24, 1997 | rpc.mountd on Linux, Ultrix, and possibly other operating systems, allows remote attackers to determine the existence of a file on the server by attempting to mount that file, which generates different error messages depending on whether the file exists or not. | |||
| CVE-1999-0628 | 0.00 | — | 0.01 | Jul 1, 1997 | The rwho/rwhod service is running, which exposes machine status and user information. | |||
| CVE-1999-0297 | 0.00 | — | 0.00 | Dec 12, 1996 | Buffer overflow in Vixie Cron library up to version 3.0 allows local users to obtain root access via a long environmental variable. | |||
| CVE-1999-0085 | 0.00 | — | 0.04 | Aug 21, 1996 | Buffer overflow in rwhod on AIX and other operating systems allows remote attackers to execute arbitrary code via a UDP packet with a long hostname. |
- CVE-2001-1091Aug 23, 2001risk 0.00cvss —epss 0.00
The (1) dump and (2) dump_lfs commands in NetBSD 1.4.x through 1.5.1 do not properly drop privileges, which could allow local users to gain privileges via the RCMD_CMD environment variable.
- CVE-2001-1145Aug 17, 2001risk 0.00cvss —epss 0.00
fts routines in FreeBSD 4.3 and earlier, NetBSD before 1.5.2, and OpenBSD 2.9 and earlier can be forced to change (chdir) into a different directory than intended when the directory above the current directory is moved, which could cause scripts to perform dangerous actions on…
- CVE-2001-0993Jul 24, 2001risk 0.00cvss —epss 0.00
sendmsg function in NetBSD 1.3 through 1.5 allows local users to cause a denial of service (kernel trap or panic) via a msghdr structure with a large msg_controllen length.
- CVE-2001-1244Jul 7, 2001risk 0.00cvss —epss 0.35
Multiple TCP implementations could allow remote attackers to cause a denial of service (bandwidth and CPU exhaustion) by setting the maximum segment size (MSS) to a very small number and requesting large amounts of data, which generates more packets with less TCP-level data that…
- CVE-2001-0268May 3, 2001risk 0.00cvss —epss 0.01
The i386_set_ldt system call in NetBSD 1.5 and earlier, and OpenBSD 2.8 and earlier, when the USER_LDT kernel option is enabled, does not validate a call gate target, which allows local users to gain root privileges by creating a segment call gate in the Local Descriptor Table…
- CVE-2000-0314Mar 12, 2001risk 0.00cvss —epss 0.02
traceroute in NetBSD 1.3.3 and Linux systems allows local users to flood other systems by providing traceroute with a large waittime (-w) option, which is not parsed properly and sets the time delay for sending packets to zero.
- CVE-2000-0315Mar 12, 2001risk 0.00cvss —epss 0.02
traceroute in NetBSD 1.3.3 and Linux systems allows local unprivileged users to modify the source address of the packets, which could be used in spoofing attacks.
- CVE-2001-0033Feb 16, 2001risk 0.00cvss —epss 0.00
KTH Kerberos IV allows local users to change the configuration of a Kerberos server running at an elevated privilege by specifying an alternate directory using with the KRBCONFDIR environmental variable, which allows the user to gain additional privileges.
- CVE-2001-0094Feb 12, 2001risk 0.00cvss —epss 0.00
Buffer overflow in kdc_reply_cipher of libkrb (Kerberos 4 authentication library) in NetBSD 1.5 and FreeBSD 4.2 and earlier, as used in Kerberised applications such as telnetd and login, allows local users to gain root privileges.
- CVE-2000-0997Dec 19, 2000risk 0.00cvss —epss 0.01
Format string vulnerabilities in eeprom program in OpenBSD, NetBSD, and possibly other operating systems allows local attackers to gain root privileges.
- CVE-2000-0952Dec 19, 2000risk 0.00cvss —epss 0.05
global.cgi CGI program in Global 3.55 and earlier on NetBSD allows remote attackers to execute arbitrary commands via shell metacharacters.
- CVE-2000-0750Oct 20, 2000risk 0.00cvss —epss 0.02
Buffer overflow in mopd (Maintenance Operations Protocol loader daemon) allows remote attackers to execute arbitrary commands via a long file name.
- CVE-2000-0461May 29, 2000risk 0.00cvss —epss 0.00
The undocumented semconfig system call in BSD freezes the state of semaphores, which allows local users to cause a denial of service of the semaphore system by using the semconfig call.
- CVE-2000-0456May 28, 2000risk 0.00cvss —epss 0.00
NetBSD 1.4.2 and earlier allows local users to cause a denial of service by repeatedly running certain system calls in the kernel which do not yield the CPU, aka "cpu-hog".
- CVE-2000-0462May 28, 2000risk 0.00cvss —epss 0.00
ftpd in NetBSD 1.4.2 does not properly parse entries in /etc/ftpchroot and does not chroot the specified users, which allows those users to access other files outside of their home directory.
- CVE-2000-0157Feb 1, 2000risk 0.00cvss —epss 0.00
NetBSD ptrace call on VAX allows local users to gain privileges by modifying the PSL contents in the debugging process.
- CVE-2000-0092Jan 19, 2000risk 0.00cvss —epss 0.00
The BSD make program allows local users to modify files via a symlink attack when the -j option is being used.
- CVE-1999-0764May 1, 1999risk 0.00cvss —epss 0.01
NetBSD allows ARP packets to overwrite static ARP entries.
- CVE-1999-0763May 1, 1999risk 0.00cvss —epss 0.01
NetBSD on a multi-homed host allows ARP packets on one network to modify ARP entries on another connected network.
- CVE-1999-0466Apr 21, 1999risk 0.00cvss —epss 0.00
The SVR4 /dev/wabi special device file in NetBSD 1.3.3 and earlier allows a local user to read or write arbitrary files on the disk associated with that device.
- CVE-1999-0446Apr 12, 1999risk 0.00cvss —epss 0.00
Local users can perform a denial of service in NetBSD 1.3.3 and earlier versions by creating an unusual symbolic link with the ln command, triggering a bug in VFS.
- CVE-1999-0434Mar 30, 1999risk 0.00cvss —epss 0.01
XFree86 xfs command is vulnerable to a symlink attack, allowing local users to create files in restricted directories, possibly allowing them to gain privileges or cause a denial of service.
- CVE-1999-0422Mar 17, 1999risk 0.00cvss —epss 0.00
In some cases, NetBSD 1.3.3 mount allows local users to execute programs in some file systems that have the "noexec" flag set.
- CVE-1999-0420Mar 17, 1999risk 0.00cvss —epss 0.00
umapfs allows local users to gain root privileges by changing their uid through a malicious mount_umap program.
- CVE-1999-0396Feb 17, 1999risk 0.00cvss —epss 0.01
A race condition between the select() and accept() calls in NetBSD TCP servers allows remote attackers to cause a denial of service.
- CVE-1999-0367Feb 9, 1999risk 0.00cvss —epss 0.00
NetBSD netstat command allows local users to access kernel memory.
- CVE-1999-0303May 21, 1998risk 0.00cvss —epss 0.00
Buffer overflow in BNU UUCP daemon (uucpd) through long hostnames.
- CVE-1999-0010Apr 8, 1998risk 0.00cvss —epss 0.02
Denial of Service vulnerability in BIND 8 Releases via maliciously formatted DNS messages.
- CVE-1999-0323Feb 20, 1998risk 0.00cvss —epss 0.01
FreeBSD mmap function allows users to modify append-only or immutable files.
- CVE-1999-0304Feb 1, 1998risk 0.00cvss —epss 0.00
mmap function in BSD allows local attackers in the kmem group to modify memory through devices.
- CVE-1999-0017Dec 10, 1997risk 0.00cvss —epss 0.02
FTP servers can allow an attacker to connect to arbitrary ports on machines other than the FTP client, aka FTP bounce.
- CVE-1999-1214Sep 15, 1997risk 0.00cvss —epss 0.00
The asynchronous I/O facility in 4.4 BSD kernel does not check user credentials when setting the recipient of I/O notification, which allows local users to cause a denial of service by using certain ioctl and fcntl calls to cause the signal to be sent to an arbitrary process ID.
- CVE-1999-1225Aug 24, 1997risk 0.00cvss —epss 0.02
rpc.mountd on Linux, Ultrix, and possibly other operating systems, allows remote attackers to determine the existence of a file on the server by attempting to mount that file, which generates different error messages depending on whether the file exists or not.
- CVE-1999-0628Jul 1, 1997risk 0.00cvss —epss 0.01
The rwho/rwhod service is running, which exposes machine status and user information.
- CVE-1999-0297Dec 12, 1996risk 0.00cvss —epss 0.00
Buffer overflow in Vixie Cron library up to version 3.0 allows local users to obtain root access via a long environmental variable.
- CVE-1999-0085Aug 21, 1996risk 0.00cvss —epss 0.04
Buffer overflow in rwhod on AIX and other operating systems allows remote attackers to execute arbitrary code via a UDP packet with a long hostname.
Page 4 of 4