Vulnerabilities > Netbsd

DATE CVE VULNERABILITY TITLE RISK
2020-02-20 CVE-2012-5365 Resource Exhaustion vulnerability in Freebsd
The IPv6 implementation in FreeBSD and NetBSD (unknown versions, year 2012 and earlier) allows remote attackers to cause a denial of service via a flood of ICMPv6 Router Advertisement packets containing multiple Routing entries.
network
low complexity
freebsd netbsd CWE-400
7.8
2020-02-20 CVE-2012-5363 Resource Exhaustion vulnerability in Freebsd
The IPv6 implementation in FreeBSD and NetBSD (unknown versions, year 2012 and earlier) allows remote attackers to cause a denial of service via a flood of ICMPv6 Neighbor Solicitation messages, a different vulnerability than CVE-2011-2393.
network
low complexity
freebsd netbsd CWE-400
7.8
2019-11-27 CVE-2011-2480 Information Exposure vulnerability in Freebsd
Information Disclosure vulnerability in the 802.11 stack, as used in FreeBSD before 8.2 and NetBSD when using certain non-x86 architectures.
network
low complexity
freebsd netbsd CWE-200
5.0
2017-06-19 CVE-2017-1000378 Resource Exhaustion vulnerability in Netbsd
The NetBSD qsort() function is recursive, and not randomized, an attacker can construct a pathological input array of N elements that causes qsort() to deterministically recurse N/4 times.
network
low complexity
netbsd CWE-400
7.5
2017-06-19 CVE-2017-1000375 Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Netbsd
NetBSD maps the run-time link-editor ld.so directly below the stack region, even if ASLR is enabled, this allows attackers to more easily manipulate memory leading to arbitrary code execution.
network
low complexity
netbsd CWE-119
7.5
2017-06-19 CVE-2017-1000374 Security Bypass vulnerability in NetBSD
A flaw exists in NetBSD's implementation of the stack guard page that allows attackers to bypass it resulting in arbitrary code execution using certain setuid binaries.
network
low complexity
netbsd
7.5
2017-01-20 CVE-2016-6253 Link Following vulnerability in Netbsd
mail.local in NetBSD versions 6.0 through 6.0.6, 6.1 through 6.1.5, and 7.0 allows local users to change ownership of or append data to arbitrary files on the target system via a symlink attack on the user mailbox.
local
low complexity
netbsd CWE-59
7.2
2017-01-19 CVE-2015-8212 Improper Input Validation vulnerability in Netbsd
CGI handling flaw in bozohttpd in NetBSD 6.0 through 6.0.6, 6.1 through 6.1.5, and 7.0 allows remote attackers to execute arbitrary code via crafted arguments, which are handled by a non-CGI aware program.
network
low complexity
netbsd CWE-20
7.5
2015-10-09 CVE-2015-5917 Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Netbsd Tnftpd
The glob implementation in tnftpd (formerly lukemftpd), as used in Apple OS X before 10.11, allows remote attackers to cause a denial of service (memory consumption and daemon outage) via a STAT command containing a crafted pattern, as demonstrated by multiple instances of the {..,..,..}/* substring.
network
low complexity
netbsd apple CWE-119
5.0
2014-12-12 CVE-2014-7250 Resource Management Errors vulnerability in multiple products
The TCP stack in 4.3BSD Net/2, as used in FreeBSD 5.4, NetBSD possibly 2.0, and OpenBSD possibly 3.6, does not properly implement the session timer, which allows remote attackers to cause a denial of service (resource consumption) via crafted packets.
network
low complexity
bsd freebsd netbsd openbsd CWE-399
5.0