CVE-2016-6253

Public exploit
mail.local in NetBSD versions 6.0 through 6.0.6, 6.1 through 6.1.5, and 7.0 allows local users to change ownership of or append data to arbitrary files on the target system via a symlink attack on the user mailbox.
Max CVSS
7.8
EPSS Score
0.09%
Published
2017-01-20
Updated
2017-01-20

CVE-2014-8517

Public exploit
The fetch_url function in usr.bin/ftp/fetch.c in tnftp, as used in NetBSD 5.1 through 5.1.4, 5.2 through 5.2.2, 6.0 through 6.0.6, and 6.1 through 6.1.5 allows remote attackers to execute arbitrary commands via a | (pipe) character at the end of an HTTP redirect.
Max CVSS
7.5
EPSS Score
95.88%
Published
2014-11-17
Updated
2017-11-06

CVE-2012-0217

Public exploit
The x86-64 kernel system-call functionality in Xen 4.1.2 and earlier, as used in Citrix XenServer 6.0.2 and earlier and other products; Oracle Solaris 11 and earlier; illumos before r13724; Joyent SmartOS before 20120614T184600Z; FreeBSD before 9.0-RELEASE-p3; NetBSD 6.0 Beta and earlier; Microsoft Windows Server 2008 R2 and R2 SP1 and Windows 7 Gold and SP1; and possibly other operating systems, when running on an Intel processor, incorrectly uses the sysret path in cases where a certain address is not a canonical address, which allows local users to gain privileges via a crafted application. NOTE: because this issue is due to incorrect use of the Intel specification, it should have been split into separate identifiers; however, there was some value in preserving the original mapping of the multi-codebase coordinated-disclosure effort to a single identifier.
Max CVSS
7.2
EPSS Score
0.06%
Published
2012-06-12
Updated
2020-09-28
ftpd before "NetBSD-ftpd 20230930" can leak information about the host filesystem before authentication via an MLSD or MLST command. tnftpd (the portable version of NetBSD ftpd) before 20231001 is also vulnerable.
Max CVSS
7.5
EPSS Score
0.09%
Published
2023-10-05
Updated
2023-10-11
In NetBSD through 9.2, the IPv6 Flow Label generation algorithm employs a weak cryptographic PRNG.
Max CVSS
7.5
EPSS Score
0.15%
Published
2021-12-25
Updated
2022-01-10
In NetBSD through 9.2, there is an information leak in the TCP ISN (ISS) generation algorithm.
Max CVSS
7.5
EPSS Score
0.15%
Published
2021-12-25
Updated
2022-01-10
In NetBSD through 9.2, the IPv4 ID generation algorithm does not use appropriate cryptographic measures.
Max CVSS
7.5
EPSS Score
0.16%
Published
2021-12-25
Updated
2022-01-10
In NetBSD through 9.2, the IPv6 fragment ID generation algorithm employs a weak cryptographic PRNG.
Max CVSS
7.5
EPSS Score
0.16%
Published
2021-12-25
Updated
2022-01-10
The IPv6 implementation in FreeBSD and NetBSD (unknown versions, year 2012 and earlier) allows remote attackers to cause a denial of service via a flood of ICMPv6 Router Advertisement packets containing multiple Routing entries.
Max CVSS
7.8
EPSS Score
0.19%
Published
2020-02-20
Updated
2020-02-25
The IPv6 implementation in FreeBSD and NetBSD (unknown versions, year 2012 and earlier) allows remote attackers to cause a denial of service via a flood of ICMPv6 Neighbor Solicitation messages, a different vulnerability than CVE-2011-2393.
Max CVSS
7.8
EPSS Score
0.19%
Published
2020-02-20
Updated
2020-02-28
Information Disclosure vulnerability in the 802.11 stack, as used in FreeBSD before 8.2 and NetBSD when using certain non-x86 architectures. A signedness error in the IEEE80211_IOC_CHANINFO ioctl allows a local unprivileged user to cause the kernel to copy large amounts of kernel memory back to the user, disclosing potentially sensitive information.
Max CVSS
7.5
EPSS Score
0.18%
Published
2019-11-27
Updated
2019-12-10
The Neighbor Discovery (ND) protocol implementation in the IPv6 stack in FreeBSD, NetBSD, and possibly other BSD-based operating systems allows remote attackers to cause a denial of service (CPU consumption and device hang) by sending many Router Advertisement (RA) messages with different source addresses, a similar vulnerability to CVE-2010-4670.
Max CVSS
7.8
EPSS Score
0.20%
Published
2012-02-02
Updated
2012-02-03
The pf_test_rule function in OpenBSD Packet Filter (PF), as used in OpenBSD 4.2 through 4.5, NetBSD 5.0 before RC3, MirOS 10 and earlier, and MidnightBSD 0.3-current allows remote attackers to cause a denial of service (panic) via crafted IP packets that trigger a NULL pointer dereference during translation, related to an IPv4 packet with an ICMPv6 payload.
Max CVSS
7.8
EPSS Score
5.90%
Published
2009-08-11
Updated
2017-09-29
The TCP implementation in (1) Linux, (2) platforms based on BSD Unix, (3) Microsoft Windows, (4) Cisco products, and probably other operating systems allows remote attackers to cause a denial of service (connection queue exhaustion) via multiple vectors that manipulate information in the TCP state table, as demonstrated by sockstress.
Max CVSS
7.1
EPSS Score
4.55%
Published
2008-10-20
Updated
2022-12-14
ftpd in OpenBSD 4.3, FreeBSD 7.0, NetBSD 4.0, Solaris, and possibly other operating systems interprets long commands from an FTP client as multiple commands, which allows remote attackers to conduct cross-site request forgery (CSRF) attacks and execute arbitrary FTP commands via a long ftp:// URI that leverages an existing session from the FTP client implementation in a web browser.
Max CVSS
7.5
EPSS Score
9.38%
Published
2008-09-25
Updated
2012-10-23
The mld_input function in sys/netinet6/mld6.c in the kernel in NetBSD 4.0, FreeBSD, and KAME, when INET6 is enabled, allows remote attackers to cause a denial of service (divide-by-zero error and panic) via a malformed ICMPv6 Multicast Listener Discovery (MLD) query with a certain Maximum Response Delay value.
Max CVSS
7.1
EPSS Score
0.76%
Published
2008-09-11
Updated
2008-09-11
Multiple integer overflows in libc in NetBSD 4.x, FreeBSD 6.x and 7.x, and probably other BSD and Apple Mac OS platforms allow context-dependent attackers to execute arbitrary code via large values of certain integer fields in the format argument to (1) the strfmon function in lib/libc/stdlib/strfmon.c, related to the GET_NUMBER macro; and (2) the printf function, related to left_prec and right_prec.
Max CVSS
7.5
EPSS Score
2.22%
Published
2008-03-27
Updated
2018-10-11
Heap-based buffer overflow in the kernel in NetBSD 3.0, certain versions of FreeBSD and OpenBSD, and possibly other BSD derived operating systems allows local users to have an unknown impact. NOTE: this information is based upon a vague pre-advisory with no actionable information. Details will be updated after 20070329.
Max CVSS
7.5
EPSS Score
0.24%
Published
2007-03-20
Updated
2013-08-28
ld.so in FreeBSD, NetBSD, and possibly other BSD distributions does not remove certain harmful environment variables, which allows local users to gain privileges by passing certain environment variables to loading processes. NOTE: this issue has been disputed by a third party, stating that it is the responsibility of the application to properly sanitize the environment
Max CVSS
7.2
EPSS Score
0.04%
Published
2006-11-29
Updated
2024-03-21
The NetBSD-current kernel before 20061028 does not properly perform bounds checking of an unspecified userspace parameter in the ptrace system call during a PT_DUMPCORE request, which allows local users to have an unknown impact.
Max CVSS
7.2
EPSS Score
0.04%
Published
2006-11-21
Updated
2008-09-05
A "programming error" in fast_ipsec in FreeBSD 4.8-RELEASE through 6.1-STABLE and NetBSD 2 through 3 does not properly update the sequence number associated with a Security Association, which allows packets to pass sequence number checks and allows remote attackers to capture IPSec packets and conduct replay attacks.
Max CVSS
7.5
EPSS Score
1.83%
Published
2006-03-23
Updated
2017-07-20
Integer overflow in the FreeBSD compatibility code (freebsd_misc.c) in NetBSD-current, NetBSD-3, NetBSD-2.0, and NetBSD-2 before 20050913; and NetBSD-1.6 before 20050914; allows local users to cause a denial of service (heap corruption or system crash) and possibly gain root privileges.
Max CVSS
7.2
EPSS Score
0.04%
Published
2005-12-31
Updated
2008-09-05
NetBSD 1.6, NetBSD 2.0 through 2.1, and NetBSD-current before 20051031 allows local users to gain privileges by attaching a debugger to a setuid/setgid (P_SUGID) process that performs an exec without a reset of real credentials.
Max CVSS
7.5
EPSS Score
0.45%
Published
2005-12-31
Updated
2008-09-05
The systrace_exit function in the systrace utility for NetBSD-current and 2.0 before April 16, 2004, and certain FreeBSD ports, does not verify the owner of the /dec/systrace connection before setting euid to 0, which allows local users to gain root privileges.
Max CVSS
7.2
EPSS Score
0.04%
Published
2004-12-31
Updated
2017-07-11
Multiple buffer overflows in NetBSD kernel may allow local users to execute arbitrary code and gain privileges.
Max CVSS
7.2
EPSS Score
0.04%
Published
2004-12-18
Updated
2008-09-05
51 vulnerabilities found
1 2 3
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!