Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by vendor Netbsd Subscribe
Filtered by product Netbsd
Total 175 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2005-4352 2 Linux, Netbsd 2 Linux Kernel, Netbsd 2018-10-19 2.1 LOW N/A
The securelevels implementation in NetBSD 2.1 and earlier, and Linux 2.6.15 and earlier, allows local users to bypass time setting restrictions and set the clock backwards by setting the clock ahead to the maximum unixtime value (19 Jan 2038), which then wraps around to the minimum value (13 Dec 1901), which can then be set ahead to the desired time, aka "settimeofday() time wrap."
CVE-2004-0230 6 Juniper, Mcafee, Netbsd and 3 more 7 Junos, Network Data Loss Prevention, Netbsd and 4 more 2018-10-19 5.0 MEDIUM N/A
TCP, when using a large Window Size, makes it easier for remote attackers to guess sequence numbers and cause a denial of service (connection loss) to persistent TCP connections by repeatedly injecting a TCP RST packet, especially in protocols that use long-lived connections, such as BGP.
CVE-2006-6730 2 Netbsd, Openbsd 2 Netbsd, Openbsd 2018-10-17 6.6 MEDIUM N/A
OpenBSD and NetBSD permit usermode code to kill the display server and write to the X.Org /dev/xf86 device, which allows local users with root privileges to reduce securelevel by replacing the System Management Mode (SMM) handler via a write to an SMRAM address within /dev/xf86 (aka the video card memory-mapped I/O range), and then launching the new handler via a System Management Interrupt (SMI), as demonstrated by a write to Programmed I/O port 0xB2.
CVE-2006-6397 3 Freebsd, Netbsd, Openbsd 3 Freebsd, Netbsd, Openbsd 2018-10-17 4.4 MEDIUM N/A
** DISPUTED ** Integer overflow in banner/banner.c in FreeBSD, NetBSD, and OpenBSD might allow local users to modify memory via a long banner. NOTE: CVE and multiple third parties dispute this issue. Since banner is not setuid, an exploit would not cross privilege boundaries in normal operations. This issue is not a vulnerability.
CVE-2006-6165 2 Freebsd, Netbsd 2 Freebsd, Netbsd 2018-10-17 7.2 HIGH N/A
** DISPUTED ** ld.so in FreeBSD, NetBSD, and possibly other BSD distributions does not remove certain harmful environment variables, which allows local users to gain privileges by passing certain environment variables to loading processes. NOTE: this issue has been disputed by a third party, stating that it is the responsibility of the application to properly sanitize the environment.
CVE-2006-6013 5 Dragonflybsd, Freebsd, Midnightbsd and 2 more 5 Dragonflybsd, Freebsd, Midnightbsd and 2 more 2018-10-17 2.1 LOW N/A
Integer signedness error in the fw_ioctl (FW_IOCTL) function in the FireWire (IEEE-1394) drivers (dev/firewire/fwdev.c) in various BSD kernels, including DragonFlyBSD, FreeBSD 5.5, MidnightBSD 0.1-CURRENT before 20061115, NetBSD-current before 20061116, NetBSD-4 before 20061203, and TrustedBSD, allows local users to read arbitrary memory contents via certain negative values of crom_buf->len in an FW_GCROM command. NOTE: this issue has been labeled as an integer overflow, but it is more like an integer signedness error.
CVE-2006-6652 2 Apple, Netbsd 2 Mac Os X, Netbsd 2018-10-17 9.0 HIGH N/A
Buffer overflow in the glob implementation (glob.c) in libc in NetBSD-current before 20050914, NetBSD 2.* and 3.* before 20061203, and Apple Mac OS X before 2007-004, as used by the FTP daemon and tnftpd, allows remote authenticated users to execute arbitrary code via a long pathname that results from path expansion.
CVE-2007-2242 4 Freebsd, Ietf, Netbsd and 1 more 4 Freebsd, Ipv6, Netbsd and 1 more 2018-10-16 7.8 HIGH N/A
The IPv6 protocol allows remote attackers to cause a denial of service via crafted IPv6 type 0 route headers (IPV6_RTHDR_TYPE_0) that create network amplification between two routers.
CVE-2008-1391 2 Freebsd, Netbsd 2 Freebsd, Netbsd 2018-10-11 7.5 HIGH N/A
Multiple integer overflows in libc in NetBSD 4.x, FreeBSD 6.x and 7.x, and probably other BSD and Apple Mac OS platforms allow context-dependent attackers to execute arbitrary code via large values of certain integer fields in the format argument to (1) the strfmon function in lib/libc/stdlib/strfmon.c, related to the GET_NUMBER macro; and (2) the printf function, related to left_prec and right_prec.
CVE-2010-3014 2 Freebsd, Netbsd 2 Freebsd, Netbsd 2018-10-10 1.2 LOW N/A
The Coda filesystem kernel module, as used in NetBSD and FreeBSD, when Coda is loaded and Venus is running with /coda mounted, allows local users to read sensitive heap memory via a large out_size value in a ViceIoctl struct to a Coda ioctl, which triggers a buffer over-read.
CVE-2009-2793 1 Netbsd 1 Netbsd 2018-10-10 4.6 MEDIUM N/A
The kernel in NetBSD, probably 5.0.1 and earlier, on x86 platforms does not properly handle a pre-commit failure of the iret instruction, which might allow local users to gain privileges via vectors related to a tempEIP pseudocode variable that is outside of the code-segment limits.
CVE-2009-0601 6 Apple, Freebsd, Linux and 3 more 6 Mac Os X, Freebsd, Linux and 3 more 2018-10-10 2.1 LOW N/A
Format string vulnerability in Wireshark 0.99.8 through 1.0.5 on non-Windows platforms allows local users to cause a denial of service (application crash) via format string specifiers in the HOME environment variable.
CVE-2000-0094 1 Netbsd 1 Netbsd 2018-05-02 7.2 HIGH N/A
procfs in BSD systems allows local users to gain root privileges by modifying the /proc/pid/mem interface via a modified file descriptor for stderr.
CVE-2003-0102 2 File, Netbsd 2 File, Netbsd 2018-05-02 4.6 MEDIUM N/A
Buffer overflow in tryelf() in readelf.c of the file command allows attackers to execute arbitrary code as the user running file, possibly via a large entity size value in an ELF header (elfhdr.e_shentsize).
CVE-1999-0015 4 Hp, Microsoft, Netbsd and 1 more 5 Hp-ux, Windows 95, Windows Nt and 2 more 2018-05-02 5.0 MEDIUM N/A
Teardrop IP denial of service.
CVE-2003-0681 8 Apple, Gentoo, Hp and 5 more 14 Mac Os X, Mac Os X Server, Linux and 11 more 2018-05-02 7.5 HIGH N/A
A "potential buffer overflow in ruleset parsing" for Sendmail 8.12.9, when using the nonstandard rulesets (1) recipient (2), final, or (3) mailer-specific envelope recipients, has unknown consequences.
CVE-2000-0997 2 Netbsd, Openbsd 2 Netbsd, Openbsd 2018-05-02 7.2 HIGH N/A
Format string vulnerabilities in eeprom program in OpenBSD, NetBSD, and possibly other operating systems allows local attackers to gain root privileges.
CVE-2003-0466 7 Apple, Freebsd, Netbsd and 4 more 8 Mac Os X, Mac Os X Server, Freebsd and 5 more 2018-05-02 10.0 HIGH N/A
Off-by-one error in the fb_realpath() function, as derived from the realpath function in BSD, may allow attackers to execute arbitrary code, as demonstrated in wu-ftpd 2.5.0 through 2.6.2 via commands that cause pathnames of length MAXPATHLEN+1 to trigger a buffer overflow, including (1) STOR, (2) RETR, (3) APPE, (4) DELE, (5) MKD, (6) RMD, (7) STOU, or (8) RNTO.
CVE-1999-0085 3 Freebsd, Ibm, Netbsd 3 Freebsd, Aix, Netbsd 2018-05-02 7.5 HIGH N/A
Buffer overflow in rwhod on AIX and other operating systems allows remote attackers to execute arbitrary code via a UDP packet with a long hostname.
CVE-2002-2092 3 Freebsd, Netbsd, Openbsd 3 Freebsd, Netbsd, Openbsd 2017-12-18 3.7 LOW N/A
Race condition in exec in OpenBSD 4.0 and earlier, NetBSD 1.5.2 and earlier, and FreeBSD 4.4 and earlier allows local users to gain privileges by attaching a debugger to a process before the kernel has determined that the process is setuid or setgid.