Vulnerabilities > Netbsd
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2011-03-02 | CVE-2010-4754 | Resource Management Errors vulnerability in multiple products The glob implementation in libc in FreeBSD 7.3 and 8.1, NetBSD 5.0.2, and OpenBSD 4.7, and Libsystem in Apple Mac OS X before 10.6.8, allows remote authenticated users to cause a denial of service (CPU and memory consumption) via crafted glob expressions that do not match any pathnames, as demonstrated by glob expressions in STAT commands to an FTP daemon, a different vulnerability than CVE-2010-2632. | 4.0 |
| 2010-09-29 | CVE-2010-2530 | Numeric Errors vulnerability in multiple products Multiple integer signedness errors in smb_subr.c in the netsmb module in the kernel in NetBSD 5.0.2 and earlier, FreeBSD, and Apple Mac OS X allow local users to cause a denial of service (panic) via a negative size value in a /dev/nsmb ioctl operation, as demonstrated by a (1) SMBIOC_LOOKUP or (2) SMBIOC_OPENSESSION ioctl call. | 4.9 |
| 2010-08-20 | CVE-2010-3014 | Information Exposure vulnerability in multiple products The Coda filesystem kernel module, as used in NetBSD and FreeBSD, when Coda is loaded and Venus is running with /coda mounted, allows local users to read sensitive heap memory via a large out_size value in a ViceIoctl struct to a Coda ioctl, which triggers a buffer over-read. | 1.2 |
| 2010-02-08 | CVE-2010-0561 | Numeric Errors vulnerability in Netbsd 4.0/5.0 Integer signedness error in NetBSD 4.0, 5.0, and NetBSD-current before 2010-01-21 allows local users to cause a denial of service (kernel panic) via a negative mixer index number being passed to (1) the azalia_query_devinfo function in the azalia audio driver (src/sys/dev/pci/azalia.c) or (2) the hdaudio_afg_query_devinfo function in the hdaudio audio driver (src/sys/dev/pci/hdaudio/hdaudio_afg.c). | 4.9 |
| 2009-09-18 | CVE-2009-2793 | Permissions, Privileges, and Access Controls vulnerability in Netbsd The kernel in NetBSD, probably 5.0.1 and earlier, on x86 platforms does not properly handle a pre-commit failure of the iret instruction, which might allow local users to gain privileges via vectors related to a tempEIP pseudocode variable that is outside of the code-segment limits. | 4.6 |
| 2009-08-11 | CVE-2009-0687 | Resource Management Errors vulnerability in multiple products The pf_test_rule function in OpenBSD Packet Filter (PF), as used in OpenBSD 4.2 through 4.5, NetBSD 5.0 before RC3, MirOS 10 and earlier, and MidnightBSD 0.3-current allows remote attackers to cause a denial of service (panic) via crafted IP packets that trigger a NULL pointer dereference during translation, related to an IPv4 packet with an ICMPv6 payload. | 7.8 |
| 2009-07-16 | CVE-2009-2483 | Numeric Errors vulnerability in Netbsd 4.0/4.0.1 libprop/prop_object.c in proplib in NetBSD 4.0 and 4.0.1 allows local users to cause a denial of service (NULL pointer dereference and kernel panic) via a malformed externalized plist (XML form) containing an undefined element. | 4.9 |
| 2009-07-16 | CVE-2009-2482 | Permissions, Privileges, and Access Controls vulnerability in Netbsd The pam_unix module in OpenPAM in NetBSD 4.0 before 4.0.2 and 5.0 before 5.0.1 allows local users to change the current root password if it is already known, even when they are not in the wheel group. | 6.9 |
| 2009-07-01 | CVE-2009-0689 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products Array index error in the (1) dtoa implementation in dtoa.c (aka pdtoa.c) and the (2) gdtoa (aka new dtoa) implementation in gdtoa/misc.c in libc, as used in multiple operating systems and products including in FreeBSD 6.4 and 7.2, NetBSD 5.0, OpenBSD 4.5, Mozilla Firefox 3.0.x before 3.0.15 and 3.5.x before 3.5.4, K-Meleon 1.5.3, SeaMonkey 1.1.8, and other products, allows context-dependent attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a large precision value in the format argument to a printf function, which triggers incorrect memory allocation and a heap-based buffer overflow during conversion to a floating-point number. | 6.8 |
| 2009-02-16 | CVE-2009-0601 | USE of Externally-Controlled Format String vulnerability in Wireshark Format string vulnerability in Wireshark 0.99.8 through 1.0.5 on non-Windows platforms allows local users to cause a denial of service (application crash) via format string specifiers in the HOME environment variable. | 2.1 |