Product:

Netbsd

(Netbsd)
Repositories

Unknown:

This might be proprietary software.

#Vulnerabilities 160
Date ID Summary Products Score Patch
2014-10-15 CVE-2014-3566 The SSL protocol 3.0, as used in OpenSSL through 1.0.1i and other products, uses nondeterministic CBC padding, which makes it easier for man-in-the-middle attackers to obtain cleartext data via a padding-oracle attack, aka the "POODLE" issue. Mac_os_x, Debian_linux, Fedora, Aix, Vios, Mageia, Netbsd, Suse_linux_enterprise_desktop, Suse_linux_enterprise_server, Suse_linux_enterprise_software_development_kit, Openssl, Opensuse, Database, Enterprise_linux, Enterprise_linux_desktop, Enterprise_linux_desktop_supplementary, Enterprise_linux_server, Enterprise_linux_server_supplementary, Enterprise_linux_workstation, Enterprise_linux_workstation_supplementary N/A
2017-06-19 CVE-2017-1000378 The NetBSD qsort() function is recursive, and not randomized, an attacker can construct a pathological input array of N elements that causes qsort() to deterministically recurse N/4 times. This allows attackers to consume arbitrary amounts of stack memory and manipulate stack memory to assist in arbitrary code execution attacks. This affects NetBSD 7.1 and possibly earlier versions. Netbsd 9.8
2017-06-19 CVE-2017-1000374 A flaw exists in NetBSD's implementation of the stack guard page that allows attackers to bypass it resulting in arbitrary code execution using certain setuid binaries. This affects NetBSD 7.1 and possibly earlier versions. Netbsd 9.8
2008-10-20 CVE-2008-4609 The TCP implementation in (1) Linux, (2) platforms based on BSD Unix, (3) Microsoft Windows, (4) Cisco products, and probably other operating systems allows remote attackers to cause a denial of service (connection queue exhaustion) via multiple vectors that manipulate information in the TCP state table, as demonstrated by sockstress. Bsd, Bsd_os, Ios, Dragonflybsd, Freebsd, Linux_kernel, Windows_2000, Windows_2003_server, Windows_286, Windows_386, Windows_95, Windows_98, Windows_98se, Windows_9x, Windows_ce, Windows_me, Windows_mobile, Windows_nt, Windows_server_2008, Windows_vista, Windows_xp, Midnightbsd, Netbsd, Netbsd_current, Openbsd, Trustedbsd N/A
2003-01-17 CVE-2003-0001 Multiple ethernet Network Interface Card (NIC) device drivers do not pad frames with null bytes, which allows remote attackers to obtain information from previous packets or kernel memory by using malformed packets, as demonstrated by Etherleak. Freebsd, Linux_kernel, Windows_2000, Windows_2000_terminal_services, Netbsd N/A
2017-06-19 CVE-2017-1000375 NetBSD maps the run-time link-editor ld.so directly below the stack region, even if ASLR is enabled, this allows attackers to more easily manipulate memory leading to arbitrary code execution. This affects NetBSD 7.1 and possibly earlier versions. Netbsd 9.8
2017-01-20 CVE-2016-6253 mail.local in NetBSD versions 6.0 through 6.0.6, 6.1 through 6.1.5, and 7.0 allows local users to change ownership of or append data to arbitrary files on the target system via a symlink attack on the user mailbox. Netbsd 7.8
2017-01-19 CVE-2015-8212 CGI handling flaw in bozohttpd in NetBSD 6.0 through 6.0.6, 6.1 through 6.1.5, and 7.0 allows remote attackers to execute arbitrary code via crafted arguments, which are handled by a non-CGI aware program. Netbsd 9.8
2014-11-17 CVE-2014-8517 The fetch_url function in usr.bin/ftp/fetch.c in tnftp, as used in NetBSD 5.1 through 5.1.4, 5.2 through 5.2.2, 6.0 through 6.0.6, and 6.1 through 6.1.5 allows remote attackers to execute arbitrary commands via a | (pipe) character at the end of an HTTP redirect. Mac_os_x, Netbsd N/A
2014-12-12 CVE-2014-7250 The TCP stack in 4.3BSD Net/2, as used in FreeBSD 5.4, NetBSD possibly 2.0, and OpenBSD possibly 3.6, does not properly implement the session timer, which allows remote attackers to cause a denial of service (resource consumption) via crafted packets. Bsd, Freebsd, Netbsd, Openbsd N/A