Vulnerabilities > Netbsd > High

DATE CVE VULNERABILITY TITLE RISK
2024-07-01 CVE-2024-6387 Race Condition vulnerability in multiple products
A security regression (CVE-2006-5051) was discovered in OpenSSH's server (sshd). 		8.1
8.1
2023-10-05 CVE-2023-45198 Unspecified vulnerability in Netbsd Ftpd and Tnftpd
ftpd before "NetBSD-ftpd 20230930" can leak information about the host filesystem before authentication via an MLSD or MLST command.
network
low complexity
netbsd
7.5
7.5
2021-12-25 CVE-2021-45484 Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) vulnerability in Netbsd
In NetBSD through 9.2, the IPv6 fragment ID generation algorithm employs a weak cryptographic PRNG.
network
low complexity
netbsd CWE-338
7.5
7.5
2021-12-25 CVE-2021-45487 Use of Insufficiently Random Values vulnerability in Netbsd
In NetBSD through 9.2, the IPv4 ID generation algorithm does not use appropriate cryptographic measures.
network
low complexity
netbsd CWE-330
7.5
7.5
2021-12-25 CVE-2021-45488 Use of Insufficiently Random Values vulnerability in Netbsd
In NetBSD through 9.2, there is an information leak in the TCP ISN (ISS) generation algorithm.
network
low complexity
netbsd CWE-330
7.5
7.5
2021-12-25 CVE-2021-45489 Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) vulnerability in Netbsd
In NetBSD through 9.2, the IPv6 Flow Label generation algorithm employs a weak cryptographic PRNG.
network
low complexity
netbsd CWE-338
7.5
7.5
2020-02-20 CVE-2012-5365 Resource Exhaustion vulnerability in multiple products
The IPv6 implementation in FreeBSD and NetBSD (unknown versions, year 2012 and earlier) allows remote attackers to cause a denial of service via a flood of ICMPv6 Router Advertisement packets containing multiple Routing entries.
network
low complexity
freebsd netbsd CWE-400
7.5
7.5
2020-02-20 CVE-2012-5363 Resource Exhaustion vulnerability in multiple products
The IPv6 implementation in FreeBSD and NetBSD (unknown versions, year 2012 and earlier) allows remote attackers to cause a denial of service via a flood of ICMPv6 Neighbor Solicitation messages, a different vulnerability than CVE-2011-2393.
network
low complexity
freebsd netbsd CWE-400
7.5
7.5
2019-11-27 CVE-2011-2480 Information Exposure vulnerability in multiple products
Information Disclosure vulnerability in the 802.11 stack, as used in FreeBSD before 8.2 and NetBSD when using certain non-x86 architectures.
network
low complexity
freebsd netbsd CWE-200
7.5
7.5
2017-01-20 CVE-2016-6253 Link Following vulnerability in Netbsd
mail.local in NetBSD versions 6.0 through 6.0.6, 6.1 through 6.1.5, and 7.0 allows local users to change ownership of or append data to arbitrary files on the target system via a symlink attack on the user mailbox.
local
low complexity
netbsd CWE-59
7.8
7.8