Vulnerabilities > Netbsd > Netbsd > 5.1.3

DATE CVE VULNERABILITY TITLE RISK
2021-12-25 CVE-2021-45484 Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) vulnerability in Netbsd
In NetBSD through 9.2, the IPv6 fragment ID generation algorithm employs a weak cryptographic PRNG.
network
low complexity
netbsd CWE-338
7.5
2021-12-25 CVE-2021-45487 Use of Insufficiently Random Values vulnerability in Netbsd
In NetBSD through 9.2, the IPv4 ID generation algorithm does not use appropriate cryptographic measures.
network
low complexity
netbsd CWE-330
7.5
2021-12-25 CVE-2021-45488 Use of Insufficiently Random Values vulnerability in Netbsd
In NetBSD through 9.2, there is an information leak in the TCP ISN (ISS) generation algorithm.
network
low complexity
netbsd CWE-330
7.5
2021-12-25 CVE-2021-45489 Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) vulnerability in Netbsd
In NetBSD through 9.2, the IPv6 Flow Label generation algorithm employs a weak cryptographic PRNG.
network
low complexity
netbsd CWE-338
5.0
2020-02-20 CVE-2012-5365 Resource Exhaustion vulnerability in Freebsd
The IPv6 implementation in FreeBSD and NetBSD (unknown versions, year 2012 and earlier) allows remote attackers to cause a denial of service via a flood of ICMPv6 Router Advertisement packets containing multiple Routing entries.
network
low complexity
freebsd netbsd CWE-400
7.8
2020-02-20 CVE-2012-5363 Resource Exhaustion vulnerability in Freebsd
The IPv6 implementation in FreeBSD and NetBSD (unknown versions, year 2012 and earlier) allows remote attackers to cause a denial of service via a flood of ICMPv6 Neighbor Solicitation messages, a different vulnerability than CVE-2011-2393.
network
low complexity
freebsd netbsd CWE-400
7.8
2017-06-19 CVE-2017-1000378 Resource Exhaustion vulnerability in Netbsd
The NetBSD qsort() function is recursive, and not randomized, an attacker can construct a pathological input array of N elements that causes qsort() to deterministically recurse N/4 times.
network
low complexity
netbsd CWE-400
7.5
2017-06-19 CVE-2017-1000375 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Netbsd
NetBSD maps the run-time link-editor ld.so directly below the stack region, even if ASLR is enabled, this allows attackers to more easily manipulate memory leading to arbitrary code execution.
network
low complexity
netbsd CWE-119
7.5
2017-06-19 CVE-2017-1000374 Security Bypass vulnerability in NetBSD
A flaw exists in NetBSD's implementation of the stack guard page that allows attackers to bypass it resulting in arbitrary code execution using certain setuid binaries.
network
low complexity
netbsd
7.5
2014-11-17 CVE-2014-8517 Command Injection vulnerability in multiple products
The fetch_url function in usr.bin/ftp/fetch.c in tnftp, as used in NetBSD 5.1 through 5.1.4, 5.2 through 5.2.2, 6.0 through 6.0.6, and 6.1 through 6.1.5 allows remote attackers to execute arbitrary commands via a | (pipe) character at the end of an HTTP redirect.
network
low complexity
apple netbsd CWE-77
7.5