Vulnerabilities > Netbsd > Netbsd > 6.0.6
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2021-12-25 | CVE-2021-45484 | Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) vulnerability in Netbsd In NetBSD through 9.2, the IPv6 fragment ID generation algorithm employs a weak cryptographic PRNG. | 7.5 |
2021-12-25 | CVE-2021-45487 | Use of Insufficiently Random Values vulnerability in Netbsd In NetBSD through 9.2, the IPv4 ID generation algorithm does not use appropriate cryptographic measures. | 7.5 |
2021-12-25 | CVE-2021-45488 | Use of Insufficiently Random Values vulnerability in Netbsd In NetBSD through 9.2, there is an information leak in the TCP ISN (ISS) generation algorithm. | 7.5 |
2021-12-25 | CVE-2021-45489 | Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) vulnerability in Netbsd In NetBSD through 9.2, the IPv6 Flow Label generation algorithm employs a weak cryptographic PRNG. | 5.0 |
2017-06-19 | CVE-2017-1000378 | Resource Exhaustion vulnerability in Netbsd The NetBSD qsort() function is recursive, and not randomized, an attacker can construct a pathological input array of N elements that causes qsort() to deterministically recurse N/4 times. | 7.5 |
2017-06-19 | CVE-2017-1000375 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Netbsd NetBSD maps the run-time link-editor ld.so directly below the stack region, even if ASLR is enabled, this allows attackers to more easily manipulate memory leading to arbitrary code execution. | 7.5 |
2017-06-19 | CVE-2017-1000374 | Security Bypass vulnerability in NetBSD A flaw exists in NetBSD's implementation of the stack guard page that allows attackers to bypass it resulting in arbitrary code execution using certain setuid binaries. | 7.5 |
2017-01-20 | CVE-2016-6253 | Link Following vulnerability in Netbsd mail.local in NetBSD versions 6.0 through 6.0.6, 6.1 through 6.1.5, and 7.0 allows local users to change ownership of or append data to arbitrary files on the target system via a symlink attack on the user mailbox. | 7.2 |
2017-01-19 | CVE-2015-8212 | Improper Input Validation vulnerability in Netbsd CGI handling flaw in bozohttpd in NetBSD 6.0 through 6.0.6, 6.1 through 6.1.5, and 7.0 allows remote attackers to execute arbitrary code via crafted arguments, which are handled by a non-CGI aware program. | 7.5 |
2014-11-17 | CVE-2014-8517 | Command Injection vulnerability in multiple products The fetch_url function in usr.bin/ftp/fetch.c in tnftp, as used in NetBSD 5.1 through 5.1.4, 5.2 through 5.2.2, 6.0 through 6.0.6, and 6.1 through 6.1.5 allows remote attackers to execute arbitrary commands via a | (pipe) character at the end of an HTTP redirect. | 7.5 |