cpe:2.3:o:netbsd:netbsd:2.1:*:*:*:*:*:*:*
In NetBSD through 9.2, the IPv6 Flow Label generation algorithm employs a weak cryptographic PRNG.
Max CVSS
7.5
EPSS Score
0.15%
Published
2021-12-25
Updated
2022-01-10
In NetBSD through 9.2, there is an information leak in the TCP ISN (ISS) generation algorithm.
Max CVSS
7.5
EPSS Score
0.15%
Published
2021-12-25
Updated
2022-01-10
In NetBSD through 9.2, the IPv4 ID generation algorithm does not use appropriate cryptographic measures.
Max CVSS
7.5
EPSS Score
0.16%
Published
2021-12-25
Updated
2022-01-10
In NetBSD through 9.2, the IPv6 fragment ID generation algorithm employs a weak cryptographic PRNG.
Max CVSS
7.5
EPSS Score
0.16%
Published
2021-12-25
Updated
2022-01-10
The NetBSD qsort() function is recursive, and not randomized, an attacker can construct a pathological input array of N elements that causes qsort() to deterministically recurse N/4 times. This allows attackers to consume arbitrary amounts of stack memory and manipulate stack memory to assist in arbitrary code execution attacks. This affects NetBSD 7.1 and possibly earlier versions.
Max CVSS
9.8
EPSS Score
0.58%
Published
2017-06-19
Updated
2019-10-03
NetBSD maps the run-time link-editor ld.so directly below the stack region, even if ASLR is enabled, this allows attackers to more easily manipulate memory leading to arbitrary code execution. This affects NetBSD 7.1 and possibly earlier versions.
Max CVSS
9.8
EPSS Score
2.47%
Published
2017-06-19
Updated
2017-08-12
A flaw exists in NetBSD's implementation of the stack guard page that allows attackers to bypass it resulting in arbitrary code execution using certain setuid binaries. This affects NetBSD 7.1 and possibly earlier versions.
Max CVSS
9.8
EPSS Score
0.19%
Published
2017-06-19
Updated
2019-10-03
The IPv6 implementation in FreeBSD and NetBSD (unknown versions, year 2012 and earlier) allows remote attackers to cause a denial of service via a flood of ICMPv6 Router Advertisement packets containing multiple Routing entries.
Max CVSS
7.8
EPSS Score
0.19%
Published
2020-02-20
Updated
2020-02-25
The IPv6 implementation in FreeBSD and NetBSD (unknown versions, year 2012 and earlier) allows remote attackers to cause a denial of service via a flood of ICMPv6 Neighbor Solicitation messages, a different vulnerability than CVE-2011-2393.
Max CVSS
7.8
EPSS Score
0.19%
Published
2020-02-20
Updated
2020-02-28
Multiple integer signedness errors in smb_subr.c in the netsmb module in the kernel in NetBSD 5.0.2 and earlier, FreeBSD, and Apple Mac OS X allow local users to cause a denial of service (panic) via a negative size value in a /dev/nsmb ioctl operation, as demonstrated by a (1) SMBIOC_LOOKUP or (2) SMBIOC_OPENSESSION ioctl call.
Max CVSS
4.9
EPSS Score
0.04%
Published
2010-09-29
Updated
2010-09-30
The kernel in NetBSD, probably 5.0.1 and earlier, on x86 platforms does not properly handle a pre-commit failure of the iret instruction, which might allow local users to gain privileges via vectors related to a tempEIP pseudocode variable that is outside of the code-segment limits.
Max CVSS
4.6
EPSS Score
0.04%
Published
2009-09-18
Updated
2018-10-10
The TCP implementation in (1) Linux, (2) platforms based on BSD Unix, (3) Microsoft Windows, (4) Cisco products, and probably other operating systems allows remote attackers to cause a denial of service (connection queue exhaustion) via multiple vectors that manipulate information in the TCP state table, as demonstrated by sockstress.
Max CVSS
7.1
EPSS Score
4.55%
Published
2008-10-20
Updated
2022-12-14
The ipsec4_get_ulp function in the kernel in NetBSD 2.0 through 3.1 and NetBSD-current before 20071028, when the fast_ipsec subsystem is enabled, allows remote attackers to bypass the IPsec policy by sending packets from a source machine with a different endianness than the destination machine, a different vulnerability than CVE-2006-0905.
Max CVSS
9.3
EPSS Score
0.79%
Published
2008-03-13
Updated
2008-12-10
The if_clone_list function in NetBSD-current before 20061027, NetBSD 3.0 and 3.0.1 before 20061027, and NetBSD 2.x before 20061119 allows local users to read potentially sensitive, uninitialized stack memory via unspecified vectors.
Max CVSS
2.1
EPSS Score
0.04%
Published
2006-12-20
Updated
2008-09-05
Unspecified vulnerability in ptrace in NetBSD-current before 20061027, NetBSD 3.0 and 3.0.1 before 20061027, and NetBSD 2.x before 20061119 allows local users to read kernel memory and obtain sensitive information via certain manipulations of a PT_LWPINFO request, which leads to a memory leak and information leak.
Max CVSS
2.1
EPSS Score
0.04%
Published
2006-12-20
Updated
2008-09-05
The procfs implementation in NetBSD-current before 20061023, NetBSD 3.0 and 3.0.1 before 20061024, and NetBSD 2.x before 20061029 allows local users to cause a denial of service (kernel panic) by attempting to access /emul/linux/proc/0/stat on a procfs filesystem that was mounted with mount_procfs -o linux, which results in a NULL pointer dereference.
Max CVSS
1.7
EPSS Score
0.04%
Published
2006-12-20
Updated
2008-09-05
The sendmsg function in NetBSD-current before 20061023, NetBSD 3.0 and 3.0.1 before 20061024, and NetBSD 2.x before 20061029, when run on a 64-bit architecture, allows attackers to cause a denial of service (kernel panic) via an invalid msg_controllen parameter to the sendit function.
Max CVSS
4.3
EPSS Score
0.10%
Published
2006-12-20
Updated
2008-09-05
Buffer overflow in the glob implementation (glob.c) in libc in NetBSD-current before 20050914, NetBSD 2.* and 3.* before 20061203, and Apple Mac OS X before 2007-004, as used by the FTP daemon and tnftpd, allows remote authenticated users to execute arbitrary code via a long pathname that results from path expansion.
Max CVSS
9.0
EPSS Score
2.29%
Published
2006-12-20
Updated
2018-10-17
The Xsession script, as used by X Display Manager (xdm) in NetBSD before 20060212, X.Org before 20060317, and Solaris 8 through 10 before 20061006, allows local users to overwrite arbitrary files, or read another user's Xsession errors file, via a symlink attack on a /tmp/xses-$USER file.
Max CVSS
2.6
EPSS Score
0.04%
Published
2006-10-10
Updated
2018-10-30
The ip6_savecontrol function in NetBSD 2.0 through 3.0, under certain configurations, does not check to see if IPv4-mapped sockets are being used before processing IPv6 socket options, which allows local users to cause a denial of service (crash) by creating an IPv4-mapped IPv6 socket with the SO_TIMESTAMP socket option set, then sending an IPv4 packet through the socket.
Max CVSS
4.9
EPSS Score
0.04%
Published
2006-06-23
Updated
2017-07-20
Intel RNG Driver in NetBSD 1.6 through 3.0 may incorrectly detect the presence of the pchb interface, which will cause it to always generate the same random number, which allows remote attackers to more easily crack encryption keys generated from the interface.
Max CVSS
2.6
EPSS Score
0.91%
Published
2006-04-19
Updated
2017-07-20
NetBSD 1.6, 2.0, 2.1 and 3.0 allows local users to cause a denial of service (memory exhaustion) by using the sysctl system call to lock a large buffer into physical memory.
Max CVSS
2.1
EPSS Score
0.06%
Published
2006-04-18
Updated
2017-07-20
The kernel in NetBSD-current before September 28, 2005 allows local users to cause a denial of service (system crash) by using the SIOCGIFALIAS ioctl to gather information on a non-existent alias of a network interface, which causes a NULL pointer dereference.
Max CVSS
4.9
EPSS Score
0.06%
Published
2006-04-18
Updated
2017-07-20
The elf_load_file function in NetBSD 2.0 through 3.0 allows local users to cause a denial of service (kernel crash) via an ELF interpreter that does not have a PT_LOAD section in its header, which triggers a null dereference.
Max CVSS
4.9
EPSS Score
0.04%
Published
2006-04-03
Updated
2017-07-20
The bridge ioctl (if_bridge code) in NetBSD 1.6 through 3.0 does not clear sensitive memory before copying ioctl results to the requesting process, which allows local users to obtain portions of kernel memory.
Max CVSS
2.1
EPSS Score
0.04%
Published
2006-04-03
Updated
2017-07-20
31 vulnerabilities found
1 2
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!