Total
176 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2006-1797 | 1 Netbsd | 1 Netbsd | 2024-02-28 | 4.9 MEDIUM | N/A |
The kernel in NetBSD-current before September 28, 2005 allows local users to cause a denial of service (system crash) by using the SIOCGIFALIAS ioctl to gather information on a non-existent alias of a network interface, which causes a NULL pointer dereference. | |||||
CVE-2006-3202 | 1 Netbsd | 1 Netbsd | 2024-02-28 | 4.9 MEDIUM | N/A |
The ip6_savecontrol function in NetBSD 2.0 through 3.0, under certain configurations, does not check to see if IPv4-mapped sockets are being used before processing IPv6 socket options, which allows local users to cause a denial of service (crash) by creating an IPv4-mapped IPv6 socket with the SO_TIMESTAMP socket option set, then sending an IPv4 packet through the socket. | |||||
CVE-2006-1833 | 1 Netbsd | 1 Netbsd | 2024-02-28 | 2.6 LOW | N/A |
Intel RNG Driver in NetBSD 1.6 through 3.0 may incorrectly detect the presence of the pchb interface, which will cause it to always generate the same random number, which allows remote attackers to more easily crack encryption keys generated from the interface. | |||||
CVE-2005-4733 | 1 Netbsd | 1 Netbsd | 2024-02-28 | 4.9 MEDIUM | N/A |
NetBSD 2.0 before 20050316 and NetBSD-current before 20050112 allow local users to cause a denial of service (infinite loop and system hang) by calling the F_CLOSEM fcntl with a parameter value of 0. | |||||
CVE-2006-2205 | 1 Netbsd | 1 Netbsd | 2024-02-28 | 2.1 LOW | N/A |
The audio_write function in NetBSD 3.0 allows local users to cause a denial of service (kernel crash) by using the audiosetinfo ioctl to change the sample rate of an audio device. | |||||
CVE-2005-4776 | 1 Netbsd | 1 Netbsd | 2024-02-28 | 7.2 HIGH | N/A |
Integer overflow in the FreeBSD compatibility code (freebsd_misc.c) in NetBSD-current, NetBSD-3, NetBSD-2.0, and NetBSD-2 before 20050913; and NetBSD-1.6 before 20050914; allows local users to cause a denial of service (heap corruption or system crash) and possibly gain root privileges. | |||||
CVE-2006-1589 | 1 Netbsd | 1 Netbsd | 2024-02-28 | 4.9 MEDIUM | N/A |
The elf_load_file function in NetBSD 2.0 through 3.0 allows local users to cause a denial of service (kernel crash) via an ELF interpreter that does not have a PT_LOAD section in its header, which triggers a null dereference. | |||||
CVE-2006-1588 | 1 Netbsd | 1 Netbsd | 2024-02-28 | 2.1 LOW | N/A |
The bridge ioctl (if_bridge code) in NetBSD 1.6 through 3.0 does not clear sensitive memory before copying ioctl results to the requesting process, which allows local users to obtain portions of kernel memory. | |||||
CVE-2005-4741 | 1 Netbsd | 1 Netbsd | 2024-02-28 | 7.5 HIGH | N/A |
NetBSD 1.6, NetBSD 2.0 through 2.1, and NetBSD-current before 20051031 allows local users to gain privileges by attaching a debugger to a setuid/setgid (P_SUGID) process that performs an exec without a reset of real credentials. | |||||
CVE-2005-4783 | 1 Netbsd | 1 Netbsd | 2024-02-28 | 2.1 LOW | N/A |
kernfs_xread in kernfs_vnops.c in NetBSD before 20050831 does not check for a negative offset when reading the message buffer, which allows local users to read arbitrary kernel memory. | |||||
CVE-2005-4352 | 2 Linux, Netbsd | 2 Linux Kernel, Netbsd | 2024-02-28 | 2.1 LOW | N/A |
The securelevels implementation in NetBSD 2.1 and earlier, and Linux 2.6.15 and earlier, allows local users to bypass time setting restrictions and set the clock backwards by setting the clock ahead to the maximum unixtime value (19 Jan 2038), which then wraps around to the minimum value (13 Dec 1901), which can then be set ahead to the desired time, aka "settimeofday() time wrap." | |||||
CVE-2002-1500 | 1 Netbsd | 1 Netbsd | 2024-02-28 | 7.2 HIGH | N/A |
Buffer overflow in (1) mrinfo, (2) mtrace, and (3) pppd in NetBSD 1.4.x through 1.6 allows local users to gain privileges by executing the programs after filling the file descriptor tables, which produces file descriptors larger than FD_SETSIZE, which are not checked by FD_SET(). | |||||
CVE-1999-1409 | 2 Netbsd, Sgi | 2 Netbsd, Irix | 2024-02-28 | 2.1 LOW | N/A |
The at program in IRIX 6.2 and NetBSD 1.3.2 and earlier allows local users to read portions of arbitrary files by submitting the file to at with the -f argument, which generates error messages that at sends to the user via e-mail. | |||||
CVE-1999-0446 | 1 Netbsd | 1 Netbsd | 2024-02-28 | 2.1 LOW | N/A |
Local users can perform a denial of service in NetBSD 1.3.3 and earlier versions by creating an unusual symbolic link with the ln command, triggering a bug in VFS. | |||||
CVE-2004-1374 | 1 Netbsd | 1 Netbsd | 2024-02-28 | 7.2 HIGH | N/A |
Multiple buffer overflows in NetBSD kernel may allow local users to execute arbitrary code and gain privileges. | |||||
CVE-2000-0315 | 5 Debian, Digital, Netbsd and 2 more | 5 Debian Linux, Unix, Netbsd and 2 more | 2024-02-28 | 5.0 MEDIUM | N/A |
traceroute in NetBSD 1.3.3 and Linux systems allows local unprivileged users to modify the source address of the packets, which could be used in spoofing attacks. | |||||
CVE-2004-0230 | 6 Juniper, Mcafee, Netbsd and 3 more | 7 Junos, Network Data Loss Prevention, Netbsd and 4 more | 2024-02-28 | 5.0 MEDIUM | N/A |
TCP, when using a large Window Size, makes it easier for remote attackers to guess sequence numbers and cause a denial of service (connection loss) to persistent TCP connections by repeatedly injecting a TCP RST packet, especially in protocols that use long-lived connections, such as BGP. | |||||
CVE-2002-0381 | 3 Freebsd, Netbsd, Openbsd | 3 Freebsd, Netbsd, Openbsd | 2024-02-28 | 5.0 MEDIUM | N/A |
The TCP implementation in various BSD operating systems (tcp_input.c) does not properly block connections to broadcast addresses, which could allow remote attackers to bypass intended filters via packets with a unicast link layer address and an IP broadcast address. | |||||
CVE-2002-1192 | 2 Netbsd, Rogue | 2 Netbsd, Rogue | 2024-02-28 | 4.6 MEDIUM | N/A |
Multiple buffer overflows in rogue on NetBSD 1.6 and earlier, FreeBSD 4.6, and possibly other operating systems, allows local users to gain "games" group privileges via malformed entries in a game save file. | |||||
CVE-2003-0681 | 8 Apple, Gentoo, Hp and 5 more | 14 Mac Os X, Mac Os X Server, Linux and 11 more | 2024-02-28 | 7.5 HIGH | N/A |
A "potential buffer overflow in ruleset parsing" for Sendmail 8.12.9, when using the nonstandard rulesets (1) recipient (2), final, or (3) mailer-specific envelope recipients, has unknown consequences. |