Vulnerabilities > Netbsd > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-06-19 | CVE-2017-1000378 | Resource Exhaustion vulnerability in Netbsd The NetBSD qsort() function is recursive, and not randomized, an attacker can construct a pathological input array of N elements that causes qsort() to deterministically recurse N/4 times. | 9.8 |
| 2017-06-19 | CVE-2017-1000375 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Netbsd NetBSD maps the run-time link-editor ld.so directly below the stack region, even if ASLR is enabled, this allows attackers to more easily manipulate memory leading to arbitrary code execution. | 9.8 |
| 2017-06-19 | CVE-2017-1000374 | Unspecified vulnerability in Netbsd A flaw exists in NetBSD's implementation of the stack guard page that allows attackers to bypass it resulting in arbitrary code execution using certain setuid binaries. | 9.8 |
| 2017-01-19 | CVE-2015-8212 | Improper Input Validation vulnerability in Netbsd CGI handling flaw in bozohttpd in NetBSD 6.0 through 6.0.6, 6.1 through 6.1.5, and 7.0 allows remote attackers to execute arbitrary code via crafted arguments, which are handled by a non-CGI aware program. | 9.8 |
| 2003-08-27 | CVE-2003-0466 | Off-by-one Error vulnerability in multiple products Off-by-one error in the fb_realpath() function, as derived from the realpath function in BSD, may allow attackers to execute arbitrary code, as demonstrated in wu-ftpd 2.5.0 through 2.6.2 via commands that cause pathnames of length MAXPATHLEN+1 to trigger a buffer overflow, including (1) STOR, (2) RETR, (3) APPE, (4) DELE, (5) MKD, (6) RMD, (7) STOU, or (8) RNTO. | 9.8 |