cpe:2.3:o:netbsd:netbsd:1.2.1:*:*:*:*:*:*:*
In NetBSD through 9.2, the IPv6 Flow Label generation algorithm employs a weak cryptographic PRNG.
Max CVSS
7.5
EPSS Score
0.15%
Published
2021-12-25
Updated
2022-01-10
In NetBSD through 9.2, there is an information leak in the TCP ISN (ISS) generation algorithm.
Max CVSS
7.5
EPSS Score
0.15%
Published
2021-12-25
Updated
2022-01-10
In NetBSD through 9.2, the IPv4 ID generation algorithm does not use appropriate cryptographic measures.
Max CVSS
7.5
EPSS Score
0.16%
Published
2021-12-25
Updated
2022-01-10
In NetBSD through 9.2, the IPv6 fragment ID generation algorithm employs a weak cryptographic PRNG.
Max CVSS
7.5
EPSS Score
0.16%
Published
2021-12-25
Updated
2022-01-10
The NetBSD qsort() function is recursive, and not randomized, an attacker can construct a pathological input array of N elements that causes qsort() to deterministically recurse N/4 times. This allows attackers to consume arbitrary amounts of stack memory and manipulate stack memory to assist in arbitrary code execution attacks. This affects NetBSD 7.1 and possibly earlier versions.
Max CVSS
9.8
EPSS Score
0.58%
Published
2017-06-19
Updated
2019-10-03
NetBSD maps the run-time link-editor ld.so directly below the stack region, even if ASLR is enabled, this allows attackers to more easily manipulate memory leading to arbitrary code execution. This affects NetBSD 7.1 and possibly earlier versions.
Max CVSS
9.8
EPSS Score
2.47%
Published
2017-06-19
Updated
2017-08-12
A flaw exists in NetBSD's implementation of the stack guard page that allows attackers to bypass it resulting in arbitrary code execution using certain setuid binaries. This affects NetBSD 7.1 and possibly earlier versions.
Max CVSS
9.8
EPSS Score
0.19%
Published
2017-06-19
Updated
2019-10-03
The IPv6 implementation in FreeBSD and NetBSD (unknown versions, year 2012 and earlier) allows remote attackers to cause a denial of service via a flood of ICMPv6 Router Advertisement packets containing multiple Routing entries.
Max CVSS
7.8
EPSS Score
0.19%
Published
2020-02-20
Updated
2020-02-25
The IPv6 implementation in FreeBSD and NetBSD (unknown versions, year 2012 and earlier) allows remote attackers to cause a denial of service via a flood of ICMPv6 Neighbor Solicitation messages, a different vulnerability than CVE-2011-2393.
Max CVSS
7.8
EPSS Score
0.19%
Published
2020-02-20
Updated
2020-02-28
The make include files in NetBSD before 1.6.2, as used in pmake 1.111 and other products, allow local users to overwrite arbitrary files via a symlink attack on a /tmp/_depend##### temporary file, related to (1) bsd.lib.mk and (2) bsd.prog.mk.
Max CVSS
3.3
EPSS Score
0.04%
Published
2011-05-23
Updated
2017-08-17
Multiple integer signedness errors in smb_subr.c in the netsmb module in the kernel in NetBSD 5.0.2 and earlier, FreeBSD, and Apple Mac OS X allow local users to cause a denial of service (panic) via a negative size value in a /dev/nsmb ioctl operation, as demonstrated by a (1) SMBIOC_LOOKUP or (2) SMBIOC_OPENSESSION ioctl call.
Max CVSS
4.9
EPSS Score
0.04%
Published
2010-09-29
Updated
2010-09-30
The kernel in NetBSD, probably 5.0.1 and earlier, on x86 platforms does not properly handle a pre-commit failure of the iret instruction, which might allow local users to gain privileges via vectors related to a tempEIP pseudocode variable that is outside of the code-segment limits.
Max CVSS
4.6
EPSS Score
0.04%
Published
2009-09-18
Updated
2018-10-10
The TCP implementation in (1) Linux, (2) platforms based on BSD Unix, (3) Microsoft Windows, (4) Cisco products, and probably other operating systems allows remote attackers to cause a denial of service (connection queue exhaustion) via multiple vectors that manipulate information in the TCP state table, as demonstrated by sockstress.
Max CVSS
7.1
EPSS Score
4.55%
Published
2008-10-20
Updated
2022-12-14
The Xsession script, as used by X Display Manager (xdm) in NetBSD before 20060212, X.Org before 20060317, and Solaris 8 through 10 before 20061006, allows local users to overwrite arbitrary files, or read another user's Xsession errors file, via a symlink attack on a /tmp/xses-$USER file.
Max CVSS
2.6
EPSS Score
0.04%
Published
2006-10-10
Updated
2018-10-30
The shmat system call in the System V Shared Memory interface for FreeBSD 5.2 and earlier, NetBSD 1.3 and earlier, and OpenBSD 2.6 and earlier, does not properly decrement a shared memory segment's reference count when the vm_map_find function fails, which could allow local users to gain read or write access to a portion of kernel memory and gain privileges.
Max CVSS
4.6
EPSS Score
0.04%
Published
2004-03-03
Updated
2017-10-10
tip on multiple BSD-based operating systems allows local users to cause a denial of service (execution prevention) by using flock() to lock the /var/log/acculog file.
Max CVSS
5.5
EPSS Score
0.04%
Published
2002-12-31
Updated
2024-02-08
NetBSD 1.5 and earlier and FreeBSD 4.3 and earlier allows a remote attacker to cause a denial of service by sending a large number of IP fragments to the machine, exhausting the mbuf pool.
Max CVSS
5.0
EPSS Score
1.41%
Published
2001-09-20
Updated
2017-10-10
Buffer overflow in BSD line printer daemon (in.lpd or lpd) in various BSD-based operating systems allows remote attackers to execute arbitrary code via an incomplete print job followed by a request to display the printer queue.
Max CVSS
7.5
EPSS Score
19.92%
Published
2001-10-03
Updated
2017-10-10
Buffer overflow in BSD-based telnetd telnet daemon on various operating systems allows remote attackers to execute arbitrary commands via a set of options including AYT (Are You There), which is not properly handled by the telrcv function.
Max CVSS
10.0
EPSS Score
0.92%
Published
2001-08-14
Updated
2022-01-21
The i386_set_ldt system call in NetBSD 1.5 and earlier, and OpenBSD 2.8 and earlier, when the USER_LDT kernel option is enabled, does not validate a call gate target, which allows local users to gain root privileges by creating a segment call gate in the Local Descriptor Table (LDT) with a target that specifies an arbitrary kernel address.
Max CVSS
7.2
EPSS Score
0.06%
Published
2001-05-03
Updated
2017-10-10
Buffer overflows in BSD-based FTP servers allows remote attackers to execute arbitrary commands via a long pattern string containing a {} sequence, as seen in (1) g_opendir, (2) g_lstat, (3) g_stat, and (4) the glob0 buffer as used in the glob functions glob2 and glob3.
Max CVSS
10.0
EPSS Score
1.90%
Published
2001-06-18
Updated
2020-01-21
traceroute in NetBSD 1.3.3 and Linux systems allows local unprivileged users to modify the source address of the packets, which could be used in spoofing attacks.
Max CVSS
5.0
EPSS Score
0.28%
Published
2001-03-12
Updated
2016-10-18
traceroute in NetBSD 1.3.3 and Linux systems allows local users to flood other systems by providing traceroute with a large waittime (-w) option, which is not parsed properly and sets the time delay for sending packets to zero.
Max CVSS
5.0
EPSS Score
0.26%
Published
2001-03-12
Updated
2016-10-18
The at program in IRIX 6.2 and NetBSD 1.3.2 and earlier allows local users to read portions of arbitrary files by submitting the file to at with the -f argument, which generates error messages that at sends to the user via e-mail.
Max CVSS
2.1
EPSS Score
0.04%
Published
1998-07-03
Updated
2016-10-18
The BSD profil system call allows a local user to modify the internal data space of a program via profiling and execve.
Max CVSS
7.2
EPSS Score
0.04%
Published
1999-08-09
Updated
2018-10-30
28 vulnerabilities found
1 2
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!