Vulnerabilities > Netbsd > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-12-25 | CVE-2021-45489 | Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) vulnerability in Netbsd In NetBSD through 9.2, the IPv6 Flow Label generation algorithm employs a weak cryptographic PRNG. | 5.0 |
| 2021-05-11 | CVE-2020-26139 | Improper Authentication vulnerability in multiple products An issue was discovered in the kernel in NetBSD 7.1. | 5.3 |
| 2019-11-27 | CVE-2011-2480 | Information Exposure vulnerability in Freebsd Information Disclosure vulnerability in the 802.11 stack, as used in FreeBSD before 8.2 and NetBSD when using certain non-x86 architectures. | 5.0 |
| 2015-10-09 | CVE-2015-5917 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Netbsd Tnftpd The glob implementation in tnftpd (formerly lukemftpd), as used in Apple OS X before 10.11, allows remote attackers to cause a denial of service (memory consumption and daemon outage) via a STAT command containing a crafted pattern, as demonstrated by multiple instances of the {..,..,..}/* substring. | 5.0 |
| 2014-12-12 | CVE-2014-7250 | Resource Management Errors vulnerability in multiple products The TCP stack in 4.3BSD Net/2, as used in FreeBSD 5.4, NetBSD possibly 2.0, and OpenBSD possibly 3.6, does not properly implement the session timer, which allows remote attackers to cause a denial of service (resource consumption) via crafted packets. | 5.0 |
| 2014-08-21 | CVE-2014-5384 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products The VIQR module in the iconv implementation in FreeBSD 10.0 before p6 and NetBSD allows context-dependent attackers to cause a denial of service (out-of-bounds array access) via a crafted argument to the iconv_open function. | 5.0 |
| 2014-08-21 | CVE-2014-3951 | The HZ module in the iconv implementation in FreeBSD 10.0 before p6 and NetBSD allows context-dependent attackers to cause a denial of service (NULL pointer dereference) via a crafted argument to the iconv_open function. | 5.0 |
| 2014-07-24 | CVE-2014-5015 | Permissions, Privileges, and Access Controls vulnerability in multiple products bozotic HTTP server (aka bozohttpd) before 20140708, as used in NetBSD, truncates paths when checking .htpasswd restrictions, which allows remote attackers to bypass the HTTP authentication scheme and access restrictions via a long path. | 5.0 |
| 2012-07-25 | CVE-2007-6754 | Numeric Errors vulnerability in multiple products The ipalloc function in libc/stdlib/malloc.c in jemalloc in libc for FreeBSD 6.4 and NetBSD does not properly allocate memory, which makes it easier for context-dependent attackers to perform memory-related attacks such as buffer overflows via a large size value, related to "integer rounding and overflow" errors. | 5.0 |
| 2012-07-25 | CVE-2006-7252 | Numeric Errors vulnerability in multiple products Integer overflow in the calloc function in libc/stdlib/malloc.c in jemalloc in libc for FreeBSD 6.4 and NetBSD makes it easier for context-dependent attackers to perform memory-related attacks such as buffer overflows via a large size value, which triggers a memory allocation of one byte. | 5.0 |