Vulnerabilities > Netbsd > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2006-11-21 | CVE-2006-6014 | Local Security vulnerability in Netbsd Current The NetBSD-current kernel before 20061028 does not properly perform bounds checking of an unspecified userspace parameter in the ptrace system call during a PT_DUMPCORE request, which allows local users to have an unknown impact. | 7.2 |
| 2006-03-23 | CVE-2006-0905 | A "programming error" in fast_ipsec in FreeBSD 4.8-RELEASE through 6.1-STABLE and NetBSD 2 through 3 does not properly update the sequence number associated with a Security Association, which allows packets to pass sequence number checks and allows remote attackers to capture IPSec packets and conduct replay attacks. | 7.5 |
| 2005-12-31 | CVE-2005-4776 | Denial-Of-Service vulnerability in NetBSD Integer overflow in the FreeBSD compatibility code (freebsd_misc.c) in NetBSD-current, NetBSD-3, NetBSD-2.0, and NetBSD-2 before 20050913; and NetBSD-1.6 before 20050914; allows local users to cause a denial of service (heap corruption or system crash) and possibly gain root privileges. | 7.2 |
| 2005-12-31 | CVE-2005-4741 | Local PTrace Privilege Escalation vulnerability in NetBSD NetBSD 1.6, NetBSD 2.0 through 2.1, and NetBSD-current before 20051031 allows local users to gain privileges by attaching a debugger to a setuid/setgid (P_SUGID) process that performs an exec without a reset of real credentials. | 7.5 |
| 2004-12-31 | CVE-2004-2012 | Privilege Escalation vulnerability in NetBSD/FreeBSD Port Systrace Exit Routine Access Validation The systrace_exit function in the systrace utility for NetBSD-current and 2.0 before April 16, 2004, and certain FreeBSD ports, does not verify the owner of the /dec/systrace connection before setting euid to 0, which allows local users to gain root privileges. | 7.2 |
| 2004-12-18 | CVE-2004-1374 | Local Security vulnerability in Netbsd 2.0.4 Multiple buffer overflows in NetBSD kernel may allow local users to execute arbitrary code and gain privileges. | 7.2 |
| 2003-10-20 | CVE-2003-0730 | Integer Overflow vulnerability in XFree86 Multiple integer overflows in the font libraries for XFree86 4.3.0 allow local or remote attackers to cause a denial of service or execute arbitrary code via heap-based and stack-based buffer overflow attacks. | 7.5 |
| 2003-10-06 | CVE-2003-0681 | Buffer Overflow vulnerability in Sendmail Ruleset Parsing A "potential buffer overflow in ruleset parsing" for Sendmail 8.12.9, when using the nonstandard rulesets (1) recipient (2), final, or (3) mailer-specific envelope recipients, has unknown consequences. | 7.5 |
| 2003-04-02 | CVE-2002-1500 | Buffer Overflow vulnerability in NetBSD IPv4 Multicast Tools Buffer overflow in (1) mrinfo, (2) mtrace, and (3) pppd in NetBSD 1.4.x through 1.6 allows local users to gain privileges by executing the programs after filling the file descriptor tables, which produces file descriptors larger than FD_SETSIZE, which are not checked by FD_SET(). | 7.2 |
| 2002-10-28 | CVE-2002-1194 | Buffer Overflow vulnerability in NetBSD talkd Buffer overflow in talkd on NetBSD 1.6 and earlier, and possibly other operating systems, may allow remote attackers to execute arbitrary code via a long inbound message. | 7.5 |