Vulnerabilities > Netbsd > Netbsd > 6.0.6

DATE CVE VULNERABILITY TITLE RISK
2021-12-25 CVE-2021-45484 Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) vulnerability in Netbsd
In NetBSD through 9.2, the IPv6 fragment ID generation algorithm employs a weak cryptographic PRNG.
network
low complexity
netbsd CWE-338
7.5
2021-12-25 CVE-2021-45487 Use of Insufficiently Random Values vulnerability in Netbsd
In NetBSD through 9.2, the IPv4 ID generation algorithm does not use appropriate cryptographic measures.
network
low complexity
netbsd CWE-330
7.5
2021-12-25 CVE-2021-45488 Use of Insufficiently Random Values vulnerability in Netbsd
In NetBSD through 9.2, there is an information leak in the TCP ISN (ISS) generation algorithm.
network
low complexity
netbsd CWE-330
7.5
2021-12-25 CVE-2021-45489 Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) vulnerability in Netbsd
In NetBSD through 9.2, the IPv6 Flow Label generation algorithm employs a weak cryptographic PRNG.
network
low complexity
netbsd CWE-338
5.0
2017-06-19 CVE-2017-1000378 Resource Exhaustion vulnerability in Netbsd
The NetBSD qsort() function is recursive, and not randomized, an attacker can construct a pathological input array of N elements that causes qsort() to deterministically recurse N/4 times.
network
low complexity
netbsd CWE-400
7.5
2017-06-19 CVE-2017-1000375 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Netbsd
NetBSD maps the run-time link-editor ld.so directly below the stack region, even if ASLR is enabled, this allows attackers to more easily manipulate memory leading to arbitrary code execution.
network
low complexity
netbsd CWE-119
7.5
2017-06-19 CVE-2017-1000374 Security Bypass vulnerability in NetBSD
A flaw exists in NetBSD's implementation of the stack guard page that allows attackers to bypass it resulting in arbitrary code execution using certain setuid binaries.
network
low complexity
netbsd
7.5
2017-01-20 CVE-2016-6253 Link Following vulnerability in Netbsd
mail.local in NetBSD versions 6.0 through 6.0.6, 6.1 through 6.1.5, and 7.0 allows local users to change ownership of or append data to arbitrary files on the target system via a symlink attack on the user mailbox.
local
low complexity
netbsd CWE-59
7.2
2017-01-19 CVE-2015-8212 Improper Input Validation vulnerability in Netbsd
CGI handling flaw in bozohttpd in NetBSD 6.0 through 6.0.6, 6.1 through 6.1.5, and 7.0 allows remote attackers to execute arbitrary code via crafted arguments, which are handled by a non-CGI aware program.
network
low complexity
netbsd CWE-20
7.5
2014-11-17 CVE-2014-8517 Command Injection vulnerability in multiple products
The fetch_url function in usr.bin/ftp/fetch.c in tnftp, as used in NetBSD 5.1 through 5.1.4, 5.2 through 5.2.2, 6.0 through 6.0.6, and 6.1 through 6.1.5 allows remote attackers to execute arbitrary commands via a | (pipe) character at the end of an HTTP redirect.
network
low complexity
apple netbsd CWE-77
7.5