Vulnerabilities > Netbsd > Netbsd > 5.1.3
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2021-12-25 | CVE-2021-45484 | Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) vulnerability in Netbsd In NetBSD through 9.2, the IPv6 fragment ID generation algorithm employs a weak cryptographic PRNG. | 7.5 |
2021-12-25 | CVE-2021-45487 | Use of Insufficiently Random Values vulnerability in Netbsd In NetBSD through 9.2, the IPv4 ID generation algorithm does not use appropriate cryptographic measures. | 7.5 |
2021-12-25 | CVE-2021-45488 | Use of Insufficiently Random Values vulnerability in Netbsd In NetBSD through 9.2, there is an information leak in the TCP ISN (ISS) generation algorithm. | 7.5 |
2021-12-25 | CVE-2021-45489 | Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) vulnerability in Netbsd In NetBSD through 9.2, the IPv6 Flow Label generation algorithm employs a weak cryptographic PRNG. | 5.0 |
2020-02-20 | CVE-2012-5365 | Resource Exhaustion vulnerability in Freebsd The IPv6 implementation in FreeBSD and NetBSD (unknown versions, year 2012 and earlier) allows remote attackers to cause a denial of service via a flood of ICMPv6 Router Advertisement packets containing multiple Routing entries. | 7.8 |
2020-02-20 | CVE-2012-5363 | Resource Exhaustion vulnerability in Freebsd The IPv6 implementation in FreeBSD and NetBSD (unknown versions, year 2012 and earlier) allows remote attackers to cause a denial of service via a flood of ICMPv6 Neighbor Solicitation messages, a different vulnerability than CVE-2011-2393. | 7.8 |
2017-06-19 | CVE-2017-1000378 | Resource Exhaustion vulnerability in Netbsd The NetBSD qsort() function is recursive, and not randomized, an attacker can construct a pathological input array of N elements that causes qsort() to deterministically recurse N/4 times. | 7.5 |
2017-06-19 | CVE-2017-1000375 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Netbsd NetBSD maps the run-time link-editor ld.so directly below the stack region, even if ASLR is enabled, this allows attackers to more easily manipulate memory leading to arbitrary code execution. | 7.5 |
2017-06-19 | CVE-2017-1000374 | Security Bypass vulnerability in NetBSD A flaw exists in NetBSD's implementation of the stack guard page that allows attackers to bypass it resulting in arbitrary code execution using certain setuid binaries. | 7.5 |
2014-11-17 | CVE-2014-8517 | Command Injection vulnerability in multiple products The fetch_url function in usr.bin/ftp/fetch.c in tnftp, as used in NetBSD 5.1 through 5.1.4, 5.2 through 5.2.2, 6.0 through 6.0.6, and 6.1 through 6.1.5 allows remote attackers to execute arbitrary commands via a | (pipe) character at the end of an HTTP redirect. | 7.5 |