Vulnerabilities (CVE)

  1. Yack CVE
  2. Vulnerabilities (CVE)
Filtered by vendor Netbsd
Angry Yack Logo
Total 180 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-1999-1409 2 Netbsd, Sgi 2 Netbsd, Irix 2025-04-03 2.1 LOW N/A
The at program in IRIX 6.2 and NetBSD 1.3.2 and earlier allows local users to read portions of arbitrary files by submitting the file to at with the -f argument, which generates error messages that at sends to the user via e-mail.
CVE-1999-0674 3 Netbsd, Openbsd, Sun 4 Netbsd, Openbsd, Solaris and 1 more 2025-04-03 7.2 HIGH N/A
The BSD profil system call allows a local user to modify the internal data space of a program via profiling and execve.
CVE-1999-0010 8 Data General, Ibm, Isc and 5 more 11 Dg Ux, Aix, Bind and 8 more 2025-04-03 5.0 MEDIUM N/A
Denial of Service vulnerability in BIND 8 Releases via maliciously formatted DNS messages.
CVE-2002-1337 7 Gentoo, Hp, Netbsd and 4 more 9 Linux, Alphaserver Sc, Hp-ux and 6 more 2025-04-03 10.0 HIGH N/A
Buffer overflow in Sendmail 5.79 to 8.12.7 allows remote attackers to execute arbitrary code via certain formatted address fields, related to sender and recipient header comments as processed by the crackaddr function of headers.c.
CVE-2002-1476 1 Netbsd 1 Netbsd 2025-04-03 4.6 MEDIUM N/A
Buffer overflow in setlocale in libc on NetBSD 1.4.x through 1.6, and possibly other operating systems, when called with the LC_ALL category, allows local attackers to execute arbitrary code via a user-controlled locale string that has more than 6 elements, which exceeds the boundaries of the new_categories category array, as exploitable through programs such as xterm and zsh.
CVE-2002-0004 8 Caldera, Debian, Freebsd and 5 more 9 Openlinux Server, Openlinux Workstation, Debian Linux and 6 more 2025-04-03 7.2 HIGH N/A
Heap corruption vulnerability in the "at" program allows local users to execute arbitrary code via a malformed execution time, which causes at to free the same memory twice.
CVE-2005-4779 1 Netbsd 1 Netbsd 2025-04-03 3.6 LOW N/A
verifiedexecioctl in verified_exec.c in NetBSD 2.0.2 calls NDINIT with UIO_USERSPACE rather than UID_SYSSPACE, which removes the functionality of the verified exec kernel subsystem and might allow local users to execute Trojan horse programs.
CVE-2003-0914 9 Compaq, Freebsd, Hp and 6 more 10 Tru64, Freebsd, Hp-ux and 7 more 2025-04-03 4.3 MEDIUM N/A
ISC BIND 8.3.x before 8.3.7, and 8.4.x before 8.4.3, allows remote attackers to poison the cache via a malicious name server that returns negative responses with a large TTL (time-to-live) value.
CVE-2002-2092 3 Freebsd, Netbsd, Openbsd 3 Freebsd, Netbsd, Openbsd 2025-04-03 3.7 LOW N/A
Race condition in exec in OpenBSD 4.0 and earlier, NetBSD 1.5.2 and earlier, and FreeBSD 4.4 and earlier allows local users to gain privileges by attaching a debugger to a process before the kernel has determined that the process is setuid or setgid.
CVE-2003-0102 2 File, Netbsd 2 File, Netbsd 2025-04-03 4.6 MEDIUM N/A
Buffer overflow in tryelf() in readelf.c of the file command allows attackers to execute arbitrary code as the user running file, possibly via a large entity size value in an ELF header (elfhdr.e_shentsize).
CVE-2006-0145 1 Netbsd 1 Netbsd 2025-04-03 4.6 MEDIUM N/A
The kernfs_xread function in kernfs in NetBSD 1.6 through 2.1, and OpenBSD 3.8, does not properly validate file offsets against negative 32-bit values that occur as a result of truncation, which allows local users to read arbitrary kernel memory and gain privileges via the lseek system call.
CVE-2023-45198 1 Netbsd 2 Ftpd, Tnftpd 2024-11-21 N/A 7.5 HIGH
ftpd before "NetBSD-ftpd 20230930" can leak information about the host filesystem before authentication via an MLSD or MLST command. tnftpd (the portable version of NetBSD ftpd) before 20231001 is also vulnerable.
CVE-2021-45489 1 Netbsd 1 Netbsd 2024-11-21 5.0 MEDIUM 7.5 HIGH
In NetBSD through 9.2, the IPv6 Flow Label generation algorithm employs a weak cryptographic PRNG.
CVE-2021-45488 1 Netbsd 1 Netbsd 2024-11-21 5.0 MEDIUM 7.5 HIGH
In NetBSD through 9.2, there is an information leak in the TCP ISN (ISS) generation algorithm.
CVE-2021-45487 1 Netbsd 1 Netbsd 2024-11-21 5.0 MEDIUM 7.5 HIGH
In NetBSD through 9.2, the IPv4 ID generation algorithm does not use appropriate cryptographic measures.
CVE-2021-45484 1 Netbsd 1 Netbsd 2024-11-21 5.0 MEDIUM 7.5 HIGH
In NetBSD through 9.2, the IPv6 fragment ID generation algorithm employs a weak cryptographic PRNG.
CVE-2020-26139 5 Arista, Cisco, Debian and 2 more 330 C-100, C-100 Firmware, C-110 and 327 more 2024-11-21 2.9 LOW 5.3 MEDIUM
An issue was discovered in the kernel in NetBSD 7.1. An Access Point (AP) forwards EAPOL frames to other clients even though the sender has not yet successfully authenticated to the AP. This might be abused in projected Wi-Fi networks to launch denial-of-service attacks against connected clients and makes it easier to exploit other vulnerabilities in connected clients.
CVE-2012-5365 2 Freebsd, Netbsd 2 Freebsd, Netbsd 2024-11-21 7.8 HIGH 7.5 HIGH
The IPv6 implementation in FreeBSD and NetBSD (unknown versions, year 2012 and earlier) allows remote attackers to cause a denial of service via a flood of ICMPv6 Router Advertisement packets containing multiple Routing entries.
CVE-2012-5363 2 Freebsd, Netbsd 2 Freebsd, Netbsd 2024-11-21 7.8 HIGH 7.5 HIGH
The IPv6 implementation in FreeBSD and NetBSD (unknown versions, year 2012 and earlier) allows remote attackers to cause a denial of service via a flood of ICMPv6 Neighbor Solicitation messages, a different vulnerability than CVE-2011-2393.
CVE-2011-2480 2 Freebsd, Netbsd 2 Freebsd, Netbsd 2024-11-21 5.0 MEDIUM 7.5 HIGH
Information Disclosure vulnerability in the 802.11 stack, as used in FreeBSD before 8.2 and NetBSD when using certain non-x86 architectures. A signedness error in the IEEE80211_IOC_CHANINFO ioctl allows a local unprivileged user to cause the kernel to copy large amounts of kernel memory back to the user, disclosing potentially sensitive information.