Vulnerabilities > Netbsd > Netbsd > 2.0.3

DATE CVE VULNERABILITY TITLE RISK
2021-12-25 CVE-2021-45484 Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) vulnerability in Netbsd
In NetBSD through 9.2, the IPv6 fragment ID generation algorithm employs a weak cryptographic PRNG.
network
low complexity
netbsd CWE-338
7.5
2021-12-25 CVE-2021-45487 Use of Insufficiently Random Values vulnerability in Netbsd
In NetBSD through 9.2, the IPv4 ID generation algorithm does not use appropriate cryptographic measures.
network
low complexity
netbsd CWE-330
7.5
2021-12-25 CVE-2021-45488 Use of Insufficiently Random Values vulnerability in Netbsd
In NetBSD through 9.2, there is an information leak in the TCP ISN (ISS) generation algorithm.
network
low complexity
netbsd CWE-330
7.5
2021-12-25 CVE-2021-45489 Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) vulnerability in Netbsd
In NetBSD through 9.2, the IPv6 Flow Label generation algorithm employs a weak cryptographic PRNG.
network
low complexity
netbsd CWE-338
5.0
2020-02-20 CVE-2012-5365 Resource Exhaustion vulnerability in Freebsd
The IPv6 implementation in FreeBSD and NetBSD (unknown versions, year 2012 and earlier) allows remote attackers to cause a denial of service via a flood of ICMPv6 Router Advertisement packets containing multiple Routing entries.
network
low complexity
freebsd netbsd CWE-400
7.8
2020-02-20 CVE-2012-5363 Resource Exhaustion vulnerability in Freebsd
The IPv6 implementation in FreeBSD and NetBSD (unknown versions, year 2012 and earlier) allows remote attackers to cause a denial of service via a flood of ICMPv6 Neighbor Solicitation messages, a different vulnerability than CVE-2011-2393.
network
low complexity
freebsd netbsd CWE-400
7.8
2017-06-19 CVE-2017-1000378 Resource Exhaustion vulnerability in Netbsd
The NetBSD qsort() function is recursive, and not randomized, an attacker can construct a pathological input array of N elements that causes qsort() to deterministically recurse N/4 times.
network
low complexity
netbsd CWE-400
7.5
2017-06-19 CVE-2017-1000375 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Netbsd
NetBSD maps the run-time link-editor ld.so directly below the stack region, even if ASLR is enabled, this allows attackers to more easily manipulate memory leading to arbitrary code execution.
network
low complexity
netbsd CWE-119
7.5
2017-06-19 CVE-2017-1000374 Security Bypass vulnerability in NetBSD
A flaw exists in NetBSD's implementation of the stack guard page that allows attackers to bypass it resulting in arbitrary code execution using certain setuid binaries.
network
low complexity
netbsd
7.5
2010-09-29 CVE-2010-2530 Numeric Errors vulnerability in multiple products
Multiple integer signedness errors in smb_subr.c in the netsmb module in the kernel in NetBSD 5.0.2 and earlier, FreeBSD, and Apple Mac OS X allow local users to cause a denial of service (panic) via a negative size value in a /dev/nsmb ioctl operation, as demonstrated by a (1) SMBIOC_LOOKUP or (2) SMBIOC_OPENSESSION ioctl call.
local
low complexity
netbsd apple freebsd CWE-189
4.9