Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by vendor Netbsd Subscribe
Filtered by product Netbsd
Total 175 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2008-4247 3 Freebsd, Netbsd, Openbsd 3 Freebsd, Netbsd, Openbsd 2012-10-22 7.5 HIGH N/A
ftpd in OpenBSD 4.3, FreeBSD 7.0, NetBSD 4.0, Solaris, and possibly other operating systems interprets long commands from an FTP client as multiple commands, which allows remote attackers to conduct cross-site request forgery (CSRF) attacks and execute arbitrary FTP commands via a long ftp:// URI that leverages an existing session from the FTP client implementation in a web browser.
CVE-2007-6754 2 Freebsd, Netbsd 2 Freebsd, Netbsd 2012-07-26 5.0 MEDIUM N/A
The ipalloc function in libc/stdlib/malloc.c in jemalloc in libc for FreeBSD 6.4 and NetBSD does not properly allocate memory, which makes it easier for context-dependent attackers to perform memory-related attacks such as buffer overflows via a large size value, related to "integer rounding and overflow" errors.
CVE-2006-7252 2 Freebsd, Netbsd 2 Freebsd, Netbsd 2012-07-25 5.0 MEDIUM N/A
Integer overflow in the calloc function in libc/stdlib/malloc.c in jemalloc in libc for FreeBSD 6.4 and NetBSD makes it easier for context-dependent attackers to perform memory-related attacks such as buffer overflows via a large size value, which triggers a memory allocation of one byte.
CVE-2011-2393 2 Freebsd, Netbsd 2 Freebsd, Netbsd 2012-02-02 7.8 HIGH N/A
The Neighbor Discovery (ND) protocol implementation in the IPv6 stack in FreeBSD, NetBSD, and possibly other BSD-based operating systems allows remote attackers to cause a denial of service (CPU consumption and device hang) by sending many Router Advertisement (RA) messages with different source addresses, a similar vulnerability to CVE-2010-4670.
CVE-2011-0418 2 Netbsd, Pureftpd 2 Netbsd, Pure-ftpd 2011-09-21 4.0 MEDIUM N/A
The glob implementation in Pure-FTPd before 1.0.32, and in libc in NetBSD 5.1, does not properly expand expressions containing curly brackets, which allows remote authenticated users to cause a denial of service (memory consumption) via a crafted FTP STAT command.
CVE-2010-4754 4 Apple, Freebsd, Netbsd and 1 more 4 Mac Os X, Freebsd, Netbsd and 1 more 2011-09-20 4.0 MEDIUM N/A
The glob implementation in libc in FreeBSD 7.3 and 8.1, NetBSD 5.0.2, and OpenBSD 4.7, and Libsystem in Apple Mac OS X before 10.6.8, allows remote authenticated users to cause a denial of service (CPU and memory consumption) via crafted glob expressions that do not match any pathnames, as demonstrated by glob expressions in STAT commands to an FTP daemon, a different vulnerability than CVE-2010-2632.
CVE-2011-1547 1 Netbsd 1 Netbsd 2011-09-06 6.8 MEDIUM N/A
Multiple stack consumption vulnerabilities in the kernel in NetBSD 4.0, 5.0 before 5.0.3, and 5.1 before 5.1.1, when IPsec is enabled, allow remote attackers to cause a denial of service (memory corruption and panic) or possibly have unspecified other impact via a crafted (1) IPv4 or (2) IPv6 packet with nested IPComp headers.
CVE-2006-6653 1 Netbsd 1 Netbsd 2011-07-24 1.7 LOW N/A
The accept function in NetBSD-current before 20061023, NetBSD 3.0 and 3.0.1 before 20061024, and NetBSD 2.x before 20061029 allows local users to cause a denial of service (socket consumption) via an invalid (1) name or (2) namelen parameter, which may result in the socket never being closed (aka "a dangling socket").
CVE-2000-0092 3 Freebsd, Netbsd, Openbsd 3 Freebsd, Netbsd, Openbsd 2011-03-07 6.2 MEDIUM N/A
The BSD make program allows local users to modify files via a symlink attack when the -j option is being used.
CVE-2010-2530 3 Apple, Freebsd, Netbsd 3 Mac Os X, Freebsd, Netbsd 2010-09-29 4.9 MEDIUM N/A
Multiple integer signedness errors in smb_subr.c in the netsmb module in the kernel in NetBSD 5.0.2 and earlier, FreeBSD, and Apple Mac OS X allow local users to cause a denial of service (panic) via a negative size value in a /dev/nsmb ioctl operation, as demonstrated by a (1) SMBIOC_LOOKUP or (2) SMBIOC_OPENSESSION ioctl call.
CVE-2010-0561 1 Netbsd 1 Netbsd 2010-02-08 4.9 MEDIUM N/A
Integer signedness error in NetBSD 4.0, 5.0, and NetBSD-current before 2010-01-21 allows local users to cause a denial of service (kernel panic) via a negative mixer index number being passed to (1) the azalia_query_devinfo function in the azalia audio driver (src/sys/dev/pci/azalia.c) or (2) the hdaudio_afg_query_devinfo function in the hdaudio audio driver (src/sys/dev/pci/hdaudio/hdaudio_afg.c).
CVE-2007-1273 2 Navision, Netbsd 2 Financials Server, Netbsd 2009-10-13 6.9 MEDIUM N/A
Integer overflow in the ktruser function in NetBSD-current before 20061022, NetBSD 3 and 3-0 before 20061024, and NetBSD 2 before 20070209, when the kernel is built with the COMPAT_FREEBSD or COMPAT_DARWIN option, allows local users to cause a denial of service and possibly gain privileges.
CVE-2008-1335 1 Netbsd 2 Netbsd, Netbsd Current 2008-12-09 9.3 HIGH N/A
The ipsec4_get_ulp function in the kernel in NetBSD 2.0 through 3.1 and NetBSD-current before 20071028, when the fast_ipsec subsystem is enabled, allows remote attackers to bypass the IPsec policy by sending packets from a source machine with a different endianness than the destination machine, a different vulnerability than CVE-2006-0905.
CVE-2008-2464 3 Freebsd, Kame, Netbsd 3 Freebsd, Kame, Netbsd 2008-09-10 7.1 HIGH N/A
The mld_input function in sys/netinet6/mld6.c in the kernel in NetBSD 4.0, FreeBSD, and KAME, when INET6 is enabled, allows remote attackers to cause a denial of service (divide-by-zero error and panic) via a malformed ICMPv6 Multicast Listener Discovery (MLD) query with a certain Maximum Response Delay value.
CVE-2005-2134 1 Netbsd 1 Netbsd 2008-09-10 2.1 LOW N/A
The (1) clcs and (2) emuxki drivers in NetBSD 1.6 through 2.0.2 allow local users to cause a denial of service (kernel crash) by using the set-parameters ioctl on an audio device to change the block size and set the pause state to "unpaused" in the same ioctl, which causes a divide-by-zero error.
CVE-2003-0653 1 Netbsd 1 Netbsd 2008-09-10 5.0 MEDIUM N/A
The OSI networking kernel (sys/netiso) in NetBSD 1.6.1 and earlier does not use a BSD-required "PKTHDR" mbuf when sending certain error responses to the sender of an OSI packet, which allows remote attackers to cause a denial of service (kernel panic or crash) via certain OSI packets.
CVE-2002-1194 1 Netbsd 1 Netbsd 2008-09-10 7.5 HIGH N/A
Buffer overflow in talkd on NetBSD 1.6 and earlier, and possibly other operating systems, may allow remote attackers to execute arbitrary code via a long inbound message.
CVE-2002-0666 6 Apple, Freebsd, Frees Wan and 3 more 12 Mac Os X, Mac Os X Server, Freebsd and 9 more 2008-09-10 5.0 MEDIUM N/A
IPSEC implementations including (1) FreeS/WAN and (2) KAME do not properly calculate the length of authentication data, which allows remote attackers to cause a denial of service (kernel panic) via spoofed, short Encapsulating Security Payload (ESP) packets, which result in integer signedness errors.
CVE-2001-1145 3 Freebsd, Netbsd, Openbsd 3 Freebsd, Netbsd, Openbsd 2008-09-10 6.2 MEDIUM N/A
fts routines in FreeBSD 4.3 and earlier, NetBSD before 1.5.2, and OpenBSD 2.9 and earlier can be forced to change (chdir) into a different directory than intended when the directory above the current directory is moved, which could cause scripts to perform dangerous actions on the wrong directories.
CVE-2000-0750 3 Netbsd, Openbsd, Redhat 3 Netbsd, Openbsd, Linux 2008-09-10 7.5 HIGH N/A
Buffer overflow in mopd (Maintenance Operations Protocol loader daemon) allows remote attackers to execute arbitrary commands via a long file name.