Vulnerabilities > Netbsd > Netbsd > current

DATE CVE VULNERABILITY TITLE RISK
2006-12-20 CVE-2006-6653 Improper Input Validation vulnerability in Netbsd
The accept function in NetBSD-current before 20061023, NetBSD 3.0 and 3.0.1 before 20061024, and NetBSD 2.x before 20061029 allows local users to cause a denial of service (socket consumption) via an invalid (1) name or (2) namelen parameter, which may result in the socket never being closed (aka "a dangling socket").
local
low complexity
netbsd CWE-20
1.7
1.7
2006-11-21 CVE-2006-6014 Local Security vulnerability in Netbsd Current
The NetBSD-current kernel before 20061028 does not properly perform bounds checking of an unspecified userspace parameter in the ptrace system call during a PT_DUMPCORE request, which allows local users to have an unknown impact.
local
low complexity
netbsd
7.2
7.2
2005-12-31 CVE-2005-4352 The securelevels implementation in NetBSD 2.1 and earlier, and Linux 2.6.15 and earlier, allows local users to bypass time setting restrictions and set the clock backwards by setting the clock ahead to the maximum unixtime value (19 Jan 2038), which then wraps around to the minimum value (13 Dec 1901), which can then be set ahead to the desired time, aka "settimeofday() time wrap."
local
low complexity
linux netbsd
2.1
2.1
2003-12-15 CVE-2003-0914 ISC BIND 8.3.x before 8.3.7, and 8.4.x before 8.4.3, allows remote attackers to poison the cache via a malicious name server that returns negative responses with a large TTL (time-to-live) value. 4.3
4.3