Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

  1. Reconshell
  2. Vulnerabilities (CVE)
Filtered by vendor Wouter Verhelst Subscribe
Filtered by product Nbd
Total 6 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2005-3534 1 Wouter Verhelst 1 Nbd 2018-10-03 7.5 HIGH N/A
Buffer overflow in the Network Block Device (nbd) server 2.7.5 and earlier, and 2.8.0 through 2.8.2, allows remote attackers to execute arbitrary code via a large request, which is written past the end of the buffer because nbd does not account for memory taken by the reply header.
CVE-2011-1925 1 Wouter Verhelst 1 Nbd 2017-08-16 5.0 MEDIUM N/A
nbd-server.c in Network Block Device (nbd-server) 2.9.21 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) by causing a negotiation failure, as demonstrated by specifying a name for a non-existent export.
CVE-2011-0530 1 Wouter Verhelst 1 Nbd 2017-08-16 7.5 HIGH N/A
Buffer overflow in the mainloop function in nbd-server.c in the server in Network Block Device (nbd) before 2.9.20 might allow remote attackers to execute arbitrary code via a long request. NOTE: this issue exists because of a CVE-2005-3534 regression.
CVE-2013-7441 1 Wouter Verhelst 1 Nbd 2016-12-30 7.8 HIGH N/A
The modern style negotiation in Network Block Device (nbd-server) 2.9.22 through 3.3 allows remote attackers to cause a denial of service (root process termination) by (1) closing the connection during negotiation or (2) specifying a name for a non-existent export.
CVE-2015-0847 2 Canonical, Wouter Verhelst 2 Ubuntu Linux, Nbd 2016-12-30 7.8 HIGH N/A
nbd-server.c in Network Block Device (nbd-server) before 3.11 does not properly handle signals, which allows remote attackers to cause a denial of service (deadlock) via unspecified vectors.
CVE-2013-6410 3 Canonical, Debian, Wouter Verhelst 3 Ubuntu Linux, Debian Linux, Nbd 2016-11-28 7.5 HIGH N/A
nbd-server in Network Block Device (nbd) before 3.5 does not properly check IP addresses, which might allow remote attackers to bypass intended access restrictions via an IP address that has a partial match in the authfile configuration file.