Product:
Netbsd
(Netbsd)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 163 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2014-10-15 | CVE-2014-3566 | The SSL protocol 3.0, as used in OpenSSL through 1.0.1i and other products, uses nondeterministic CBC padding, which makes it easier for man-in-the-middle attackers to obtain cleartext data via a padding-oracle attack, aka the "POODLE" issue. | Mac_os_x, Debian_linux, Fedora, Aix, Vios, Mageia, Netbsd, Suse_linux_enterprise_desktop, Suse_linux_enterprise_server, Suse_linux_enterprise_software_development_kit, Openssl, Opensuse, Database, Enterprise_linux, Enterprise_linux_desktop, Enterprise_linux_desktop_supplementary, Enterprise_linux_server, Enterprise_linux_server_supplementary, Enterprise_linux_workstation, Enterprise_linux_workstation_supplementary | 3.4 | ||
| 2011-05-16 | CVE-2011-0419 | Stack consumption vulnerability in the fnmatch implementation in apr_fnmatch.c in the Apache Portable Runtime (APR) library before 1.4.3 and the Apache HTTP Server before 2.2.18, and in fnmatch.c in libc in NetBSD 5.1, OpenBSD 4.8, FreeBSD, Apple Mac OS X 10.6, Oracle Solaris 10, and Android, allows context-dependent attackers to cause a denial of service (CPU and memory consumption) via *? sequences in the first argument, as demonstrated by attacks against mod_autoindex in httpd. | Http_server, Portable_runtime, Mac_os_x, Freebsd, Android, Netbsd, Openbsd, Solaris | N/A | ||
| 2020-02-20 | CVE-2012-5363 | The IPv6 implementation in FreeBSD and NetBSD (unknown versions, year 2012 and earlier) allows remote attackers to cause a denial of service via a flood of ICMPv6 Neighbor Solicitation messages, a different vulnerability than CVE-2011-2393. | Freebsd, Netbsd | N/A | ||
| 2020-02-20 | CVE-2012-5365 | The IPv6 implementation in FreeBSD and NetBSD (unknown versions, year 2012 and earlier) allows remote attackers to cause a denial of service via a flood of ICMPv6 Router Advertisement packets containing multiple Routing entries. | Freebsd, Netbsd | N/A | ||
| 2001-08-14 | CVE-2001-0554 | Buffer overflow in BSD-based telnetd telnet daemon on various operating systems allows remote attackers to execute arbitrary commands via a set of options including AYT (Are You There), which is not properly handled by the telrcv function. | Freebsd, Aix, Kerberos, Kerberos_5, Netbsd, Linux_netkit, Openbsd, Irix, Solaris, Sunos | N/A | ||
| 2001-06-18 | CVE-2001-0247 | Buffer overflows in BSD-based FTP servers allows remote attackers to execute arbitrary commands via a long pattern string containing a {} sequence, as seen in (1) g_opendir, (2) g_lstat, (3) g_stat, and (4) the glob0 buffer as used in the glob functions glob2 and glob3. | Freebsd, Kerberos_5, Netbsd, Openbsd, Irix | N/A | ||
| 2019-11-27 | CVE-2011-2480 | Information Disclosure vulnerability in the 802.11 stack, as used in FreeBSD before 8.2 and NetBSD when using certain non-x86 architectures. A signedness error in the IEEE80211_IOC_CHANINFO ioctl allows a local unprivileged user to cause the kernel to copy large amounts of kernel memory back to the user, disclosing potentially sensitive information. | Freebsd, Netbsd | N/A | ||
| 2017-06-19 | CVE-2017-1000378 | The NetBSD qsort() function is recursive, and not randomized, an attacker can construct a pathological input array of N elements that causes qsort() to deterministically recurse N/4 times. This allows attackers to consume arbitrary amounts of stack memory and manipulate stack memory to assist in arbitrary code execution attacks. This affects NetBSD 7.1 and possibly earlier versions. | Netbsd | 9.8 | ||
| 2017-06-19 | CVE-2017-1000374 | A flaw exists in NetBSD's implementation of the stack guard page that allows attackers to bypass it resulting in arbitrary code execution using certain setuid binaries. This affects NetBSD 7.1 and possibly earlier versions. | Netbsd | 9.8 | ||
| 2008-10-20 | CVE-2008-4609 | The TCP implementation in (1) Linux, (2) platforms based on BSD Unix, (3) Microsoft Windows, (4) Cisco products, and probably other operating systems allows remote attackers to cause a denial of service (connection queue exhaustion) via multiple vectors that manipulate information in the TCP state table, as demonstrated by sockstress. | Bsd, Bsd_os, Ios, Dragonflybsd, Freebsd, Linux_kernel, Windows_2000, Windows_2003_server, Windows_286, Windows_386, Windows_95, Windows_98, Windows_98se, Windows_9x, Windows_ce, Windows_me, Windows_mobile, Windows_nt, Windows_server_2008, Windows_vista, Windows_xp, Midnightbsd, Netbsd, Netbsd_current, Openbsd, Trustedbsd | N/A |