Vulnerabilities (CVE)

Filtered by vendor Netbsd Subscribe
Total 180 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2006-1588 1 Netbsd 1 Netbsd 2024-11-21 2.1 LOW N/A
The bridge ioctl (if_bridge code) in NetBSD 1.6 through 3.0 does not clear sensitive memory before copying ioctl results to the requesting process, which allows local users to obtain portions of kernel memory.
CVE-2006-1587 1 Netbsd 1 Netbsd 2024-11-21 2.1 LOW N/A
NetBSD 1.6 up to 3.0, when a user has "set record" in .mailrc with the default umask set, creates the record file with 0644 permissions, which allows local users to read the record file.
CVE-2006-0905 2 Freebsd, Netbsd 2 Freebsd, Netbsd 2024-11-21 7.5 HIGH N/A
A "programming error" in fast_ipsec in FreeBSD 4.8-RELEASE through 6.1-STABLE and NetBSD 2 through 3 does not properly update the sequence number associated with a Security Association, which allows packets to pass sequence number checks and allows remote attackers to capture IPSec packets and conduct replay attacks.
CVE-2006-0145 1 Netbsd 1 Netbsd 2024-11-21 4.6 MEDIUM N/A
The kernfs_xread function in kernfs in NetBSD 1.6 through 2.1, and OpenBSD 3.8, does not properly validate file offsets against negative 32-bit values that occur as a result of truncation, which allows local users to read arbitrary kernel memory and gain privileges via the lseek system call.
CVE-2005-4783 1 Netbsd 1 Netbsd 2024-11-21 2.1 LOW N/A
kernfs_xread in kernfs_vnops.c in NetBSD before 20050831 does not check for a negative offset when reading the message buffer, which allows local users to read arbitrary kernel memory.
CVE-2005-4782 1 Netbsd 1 Netbsd 2024-11-21 4.9 MEDIUM N/A
NetBSD 2.0 before 2.0.4, 2.1 before 2.1.1, and 3, when the kernel is compiled with "options DIAGNOSTIC," allows local users to cause a denial of service (kernel assertion panic) via a negative linger time in the SO_LINGER socket option.
CVE-2005-4779 1 Netbsd 1 Netbsd 2024-11-21 3.6 LOW N/A
verifiedexecioctl in verified_exec.c in NetBSD 2.0.2 calls NDINIT with UIO_USERSPACE rather than UID_SYSSPACE, which removes the functionality of the verified exec kernel subsystem and might allow local users to execute Trojan horse programs.
CVE-2005-4776 1 Netbsd 1 Netbsd 2024-11-21 7.2 HIGH N/A
Integer overflow in the FreeBSD compatibility code (freebsd_misc.c) in NetBSD-current, NetBSD-3, NetBSD-2.0, and NetBSD-2 before 20050913; and NetBSD-1.6 before 20050914; allows local users to cause a denial of service (heap corruption or system crash) and possibly gain root privileges.
CVE-2005-4741 1 Netbsd 1 Netbsd 2024-11-21 7.5 HIGH N/A
NetBSD 1.6, NetBSD 2.0 through 2.1, and NetBSD-current before 20051031 allows local users to gain privileges by attaching a debugger to a setuid/setgid (P_SUGID) process that performs an exec without a reset of real credentials.
CVE-2005-4733 1 Netbsd 1 Netbsd 2024-11-21 4.9 MEDIUM N/A
NetBSD 2.0 before 20050316 and NetBSD-current before 20050112 allow local users to cause a denial of service (infinite loop and system hang) by calling the F_CLOSEM fcntl with a parameter value of 0.
CVE-2005-4691 1 Netbsd 1 Netbsd 2024-11-21 2.1 LOW N/A
imake in NetBSD before 2.0.3, NetBSD-current before 12 September 2005, certain versions of X.Org, and certain versions of XFree86 allows local users to overwrite arbitrary files via a symlink attack on the temporary file for the file.0 target, which is used for a pre-formatted manual page.
CVE-2005-4352 2 Linux, Netbsd 2 Linux Kernel, Netbsd 2024-11-21 2.1 LOW N/A
The securelevels implementation in NetBSD 2.1 and earlier, and Linux 2.6.15 and earlier, allows local users to bypass time setting restrictions and set the clock backwards by setting the clock ahead to the maximum unixtime value (19 Jan 2038), which then wraps around to the minimum value (13 Dec 1901), which can then be set ahead to the desired time, aka "settimeofday() time wrap."
CVE-2005-2134 1 Netbsd 1 Netbsd 2024-11-20 2.1 LOW N/A
The (1) clcs and (2) emuxki drivers in NetBSD 1.6 through 2.0.2 allow local users to cause a denial of service (kernel crash) by using the set-parameters ioctl on an audio device to change the block size and set the pause state to "unpaused" in the same ioctl, which causes a divide-by-zero error.
CVE-2004-2012 3 Netbsd, Niels, Vladimir Kotal 3 Netbsd, Provos Systrace, Systrace Port For Freebsd 2024-11-20 7.2 HIGH N/A
The systrace_exit function in the systrace utility for NetBSD-current and 2.0 before April 16, 2004, and certain FreeBSD ports, does not verify the owner of the /dec/systrace connection before setting euid to 0, which allows local users to gain root privileges.
CVE-2004-1374 1 Netbsd 1 Netbsd 2024-11-20 7.2 HIGH N/A
Multiple buffer overflows in NetBSD kernel may allow local users to execute arbitrary code and gain privileges.
CVE-2004-1323 1 Netbsd 1 Netbsd 2024-11-20 2.1 LOW N/A
Multiple syscalls in the compat subsystem for NetBSD before 2.0 allow local users to cause a denial of service (kernel crash) via a large signal number to (1) xxx_sys_kill, (2) xxx_sys_sigaction, and possibly other translation functions.
CVE-2004-0257 2 Netbsd, Openbsd 2 Netbsd, Openbsd 2024-11-20 5.0 MEDIUM N/A
OpenBSD 3.4 and NetBSD 1.6 and 1.6.1 allow remote attackers to cause a denial of service (crash) by sending an IPv6 packet with a small MTU to a listening port and then issuing a TCP connect to that port.
CVE-2004-0230 6 Juniper, Mcafee, Netbsd and 3 more 7 Junos, Network Data Loss Prevention, Netbsd and 4 more 2024-11-20 5.0 MEDIUM N/A
TCP, when using a large Window Size, makes it easier for remote attackers to guess sequence numbers and cause a denial of service (connection loss) to persistent TCP connections by repeatedly injecting a TCP RST packet, especially in protocols that use long-lived connections, such as BGP.
CVE-2004-0114 3 Freebsd, Netbsd, Openbsd 3 Freebsd, Netbsd, Openbsd 2024-11-20 4.6 MEDIUM N/A
The shmat system call in the System V Shared Memory interface for FreeBSD 5.2 and earlier, NetBSD 1.3 and earlier, and OpenBSD 2.6 and earlier, does not properly decrement a shared memory segment's reference count when the vm_map_find function fails, which could allow local users to gain read or write access to a portion of kernel memory and gain privileges.
CVE-2003-1289 2 Freebsd, Netbsd 2 Freebsd, Netbsd 2024-11-20 2.1 LOW N/A
The iBCS2 system call translator for statfs in NetBSD 1.5 through 1.5.3 and FreeBSD 4 up to 4.8-RELEASE-p2 and 5 up to 5.1-RELEASE-p1 allows local users to read portions of kernel memory (memory disclosure) via a large length parameter, which copies additional kernel memory into userland memory.