CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register   Reset Password   Activate Account
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Netbsd : Security Vulnerabilities (CVSS score between 5 and 5.99)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2014-5384 119 DoS Overflow 2014-08-21 2014-08-21
5.0
None Remote Low Not required None None Partial
The VIQR module in the iconv implementation in FreeBSD 10.0 before p6 and NetBSD allows context-dependent attackers to cause a denial of service (out-of-bounds array access) via a crafted argument to the iconv_open function. NOTE: this issue was SPLIT from CVE-2014-3951 per ADT2 due to different vulnerability types.
2 CVE-2014-5015 264 Bypass 2014-07-24 2014-07-25
5.0
None Remote Low Not required Partial None None
bozotic HTTP server (aka bozohttpd) before 20140708, as used in NetBSD, truncates paths when checking .htpasswd restrictions, which allows remote attackers to bypass the HTTP authentication scheme and access restrictions via a long path.
3 CVE-2014-3951 DoS 2014-08-21 2014-08-21
5.0
None Remote Low Not required None None Partial
The HZ module in the iconv implementation in FreeBSD 10.0 before p6 and NetBSD allows context-dependent attackers to cause a denial of service (NULL pointer dereference) via a crafted argument to the iconv_open function. NOTE: this issue was SPLIT per ADT2 due to different vulnerability types. CVE-2014-5384 is used for the NULL pointer dereference.
4 CVE-2007-6754 189 Overflow 2012-07-25 2012-07-26
5.0
None Remote Low Not required None None Partial
The ipalloc function in libc/stdlib/malloc.c in jemalloc in libc for FreeBSD 6.4 and NetBSD does not properly allocate memory, which makes it easier for context-dependent attackers to perform memory-related attacks such as buffer overflows via a large size value, related to "integer rounding and overflow" errors.
5 CVE-2006-7252 189 Overflow 2012-07-25 2012-07-26
5.0
None Remote Low Not required None None Partial
Integer overflow in the calloc function in libc/stdlib/malloc.c in jemalloc in libc for FreeBSD 6.4 and NetBSD makes it easier for context-dependent attackers to perform memory-related attacks such as buffer overflows via a large size value, which triggers a memory allocation of one byte.
6 CVE-2004-0257 DoS 2004-11-23 2008-09-05
5.0
None Remote Low Not required None None Partial
OpenBSD 3.4 and NetBSD 1.6 and 1.6.1 allow remote attackers to cause a denial of service (crash) by sending an IPv6 packet with a small MTU to a listening port and then issuing a TCP connect to that port.
7 CVE-2003-0653 DoS 2003-08-27 2008-09-10
5.0
None Remote Low Not required None None Partial
The OSI networking kernel (sys/netiso) in NetBSD 1.6.1 and earlier does not use a BSD-required "PKTHDR" mbuf when sending certain error responses to the sender of an OSI packet, which allows remote attackers to cause a denial of service (kernel panic or crash) via certain OSI packets.
8 CVE-2003-0001 +Info 2003-01-17 2008-09-10
5.0
None Remote Low Not required Partial None None
Multiple ethernet Network Interface Card (NIC) device drivers do not pad frames with null bytes, which allows remote attackers to obtain information from previous packets or kernel memory by using malformed packets, as demonstrated by Etherleak.
9 CVE-2002-2245 189 2002-12-31 2008-09-05
5.0
None Remote Low Not required None Partial None
ftpd in NetBSD 1.5 through 1.5.3 and 1.6 does not properly quote a digit in response to a STAT command for a filename that contains a carriage return followed by a digit, which can cause firewalls and other intermediary devices to lose proper track of the FTP session.
10 CVE-2002-0666 DoS 2002-11-04 2008-09-10
5.0
None Remote Low Not required None None Partial
IPSEC implementations including (1) FreeS/WAN and (2) KAME do not properly calculate the length of authentication data, which allows remote attackers to cause a denial of service (kernel panic) via spoofed, short Encapsulating Security Payload (ESP) packets, which result in integer signedness errors.
11 CVE-2002-0381 Bypass 2002-06-25 2008-09-05
5.0
None Remote Low Not required Partial None None
The TCP implementation in various BSD operating systems (tcp_input.c) does not properly block connections to broadcast addresses, which could allow remote attackers to bypass intended filters via packets with a unicast link layer address and an IP broadcast address.
12 CVE-2001-1244 DoS 2001-07-07 2008-09-05
5.0
None Remote Low Not required None None Partial
Multiple TCP implementations could allow remote attackers to cause a denial of service (bandwidth and CPU exhaustion) by setting the maximum segment size (MSS) to a very small number and requesting large amounts of data, which generates more packets with less TCP-level data that amplify network traffic and consume more server CPU to process.
13 CVE-2001-0710 DoS 2001-09-20 2008-09-05
5.0
None Remote Low Not required None None Partial
NetBSD 1.5 and earlier and FreeBSD 4.3 and earlier allows a remote attacker to cause a denial of service by sending a large number of IP fragments to the machine, exhausting the mbuf pool.
14 CVE-2000-0440 DoS 2000-05-01 2008-09-10
5.0
None Remote Low Not required None None Partial
NetBSD 1.4.2 and earlier allows remote attackers to cause a denial of service by sending a packet with an unaligned IP timestamp option.
15 CVE-2000-0315 2001-03-12 2008-09-05
5.0
None Remote Low Not required None Partial None
traceroute in NetBSD 1.3.3 and Linux systems allows local unprivileged users to modify the source address of the packets, which could be used in spoofing attacks.
16 CVE-2000-0314 2001-03-12 2008-09-05
5.0
None Remote Low Not required None None Partial
traceroute in NetBSD 1.3.3 and Linux systems allows local users to flood other systems by providing traceroute with a large waittime (-w) option, which is not parsed properly and sets the time delay for sending packets to zero.
17 CVE-1999-1518 DoS Bypass 1999-07-15 2008-09-05
5.0
None Remote Low Not required None None Partial
Operating systems with shared memory implementations based on BSD 4.4 code allow a user to conduct a denial of service and bypass memory limits (e.g., as specified with rlimits) using mmap or shmget to allocate memory and cause page faults.
18 CVE-1999-1225 1997-08-24 2008-09-10
5.0
None Remote Low Not required Partial None None
rpc.mountd on Linux, Ultrix, and possibly other operating systems, allows remote attackers to determine the existence of a file on the server by attempting to mount that file, which generates different error messages depending on whether the file exists or not.
19 CVE-1999-0628 1997-07-01 2008-09-09
5.0
None Remote Low Not required Partial None None
The rwho/rwhod service is running, which exposes machine status and user information.
20 CVE-1999-0513 DoS 1998-01-05 2008-09-09
5.0
None Remote Low Not required None None Partial
ICMP messages to broadcast addresses are allowed, allowing for a Smurf attack that can cause a denial of service.
21 CVE-1999-0016 DoS 1997-12-01 2008-09-09
5.0
None Remote Low Not required None None Partial
Land IP denial of service.
22 CVE-1999-0015 DoS 1997-12-16 2009-03-04
5.0
None Remote Low Not required None None Partial
Teardrop IP denial of service.
23 CVE-1999-0010 DoS 1998-04-08 2008-09-09
5.0
None Remote Low Not required None None Partial
Denial of Service vulnerability in BIND 8 Releases via maliciously formatted DNS messages.
Total number of vulnerabilities : 23   Page : 1 (This Page)
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.