CVSS: 7.5EPSS: 1%CPEs: 198EXPL: 0CVE-2008-1148
https://notcve.org/view.php?id=CVE-2008-1148
04 Mar 2008 — A certain pseudo-random number generator (PRNG) algorithm that uses ADD with 0 random hops (aka "Algorithm A0"), as used in OpenBSD 3.5 through 4.2 and NetBSD 1.6.2 through 4.0, allows remote attackers to guess sensitive values such as (1) DNS transaction IDs or (2) IP fragmentation IDs by observing a sequence of previously generated values. NOTE: this issue can be leveraged for attacks such as DNS cache poisoning, injection into TCP packets, and OS fingerprinting. Cierto algoritmo generador de números pseu... • http://secunia.com/advisories/28819 •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2007-3654
https://notcve.org/view.php?id=CVE-2007-3654
17 Sep 2007 — The display driver allocattr functions in NetBSD 3.0 through 4.0_BETA2, and NetBSD-current before 20070728, allow local users to cause a denial of service (panic) via a (1) negative or (2) large value in an ioctl call, as demonstrated by the vga_allocattr function. El controlador de display de las funciones allocattr en NetBSD 3.0 hasta la 4.0_BETA2, y NetBSD-actual anterior a 20070728, permite a usuarios locales provocar denegación de servicio (panic) a través de un valor negativo o largo en una llamada io... • ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2007-006.txt.asc • CWE-20: Improper Input Validation •
CVSS: 7.8EPSS: 0%CPEs: 13EXPL: 0CVE-2007-1677
https://notcve.org/view.php?id=CVE-2007-1677
30 Mar 2007 — Multiple buffer overflows in the ISO network protocol support in the NetBSD kernel 2.0 through 4.0_BETA2, and NetBSD-current before 20070329, allow local users to execute arbitrary code via long parameters to certain functions, as demonstrated by a long sockaddr structure argument to the clnp_route function. Múltiples desbordamientos de búfer en el protocolo de red ISO soportado por el NetBSD kernel 2.0 hasta la 4.0_BETA2 y el NetBSD-current anterior al 20070329, permite a usuarios locales ejecutar código d... • ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2007-004.txt.asc •
CVSS: 7.8EPSS: 0%CPEs: 9EXPL: 0CVE-2007-1273
https://notcve.org/view.php?id=CVE-2007-1273
10 Mar 2007 — Integer overflow in the ktruser function in NetBSD-current before 20061022, NetBSD 3 and 3-0 before 20061024, and NetBSD 2 before 20070209, when the kernel is built with the COMPAT_FREEBSD or COMPAT_DARWIN option, allows local users to cause a denial of service and possibly gain privileges. Desbordamiento de entero en la función ktruser en NetBSD-current versiones anteriores a 20061022, NetBSD 3 y 3-0 versiones anteriores a 20061024, y NetBSD 2 versiones anteriores a 20070209, cuando el kernel se construye ... • ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2007-001.txt.asc •
CVSS: 9.0EPSS: 32%CPEs: 45EXPL: 2CVE-2006-6652 – NetBSD - 'FTPd / Tnftpd' Remote Stack Overflow (PoC)
https://notcve.org/view.php?id=CVE-2006-6652
20 Dec 2006 — Buffer overflow in the glob implementation (glob.c) in libc in NetBSD-current before 20050914, NetBSD 2.* and 3.* before 20061203, and Apple Mac OS X before 2007-004, as used by the FTP daemon and tnftpd, allows remote authenticated users to execute arbitrary code via a long pathname that results from path expansion. Desbordamiento de búfer en la conjunto de la implementación de libc in NetBSD-current versiones anteriores a 20050914, NetBSD 2.* y 3.* versiones anteriores a 20061203, y Apple Mac OSX anterior... • https://www.exploit-db.com/exploits/2874 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2006-6653
https://notcve.org/view.php?id=CVE-2006-6653
20 Dec 2006 — The accept function in NetBSD-current before 20061023, NetBSD 3.0 and 3.0.1 before 20061024, and NetBSD 2.x before 20061029 allows local users to cause a denial of service (socket consumption) via an invalid (1) name or (2) namelen parameter, which may result in the socket never being closed (aka "a dangling socket"). La función accept en NetBSD-current versiones anteriores a 20061023, NetBSD 3.0 y 3.0.1 versiones anteriores a 20061024, y NetBSD 2.x versiones anteriores a 20061029, permite a atacantes local... • ftp://ftp.NetBSD.org/pub/NetBSD/security/advisories/NetBSD-SA2006-026.txt.asc • CWE-20: Improper Input Validation •
CVSS: 7.5EPSS: 0%CPEs: 4EXPL: 0CVE-2006-6654
https://notcve.org/view.php?id=CVE-2006-6654
20 Dec 2006 — The sendmsg function in NetBSD-current before 20061023, NetBSD 3.0 and 3.0.1 before 20061024, and NetBSD 2.x before 20061029, when run on a 64-bit architecture, allows attackers to cause a denial of service (kernel panic) via an invalid msg_controllen parameter to the sendit function. La función sendmsg en NetBSD-current versiones anteriores a 20061023, NetBSD 3.0 y 3.0.1 versiones anteriores a 20061024, y NetBSD 2.x versiones anteriores a 20061029, cuando se ejecutan en arquitecturas de 64-bit, permite a a... • ftp://ftp.NetBSD.org/pub/NetBSD/security/advisories/NetBSD-SA2006-026.txt.asc •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2006-6655
https://notcve.org/view.php?id=CVE-2006-6655
20 Dec 2006 — The procfs implementation in NetBSD-current before 20061023, NetBSD 3.0 and 3.0.1 before 20061024, and NetBSD 2.x before 20061029 allows local users to cause a denial of service (kernel panic) by attempting to access /emul/linux/proc/0/stat on a procfs filesystem that was mounted with mount_procfs -o linux, which results in a NULL pointer dereference. La implementación de procfs en NetBSD-current anterior al 23/10/2006, NetBSD 3.0 y 3.0.1 anterior al 29/10/2006 permite a usuarios locales provocar una denega... • ftp://ftp.NetBSD.org/pub/NetBSD/security/advisories/NetBSD-SA2006-026.txt.asc •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2006-6656
https://notcve.org/view.php?id=CVE-2006-6656
20 Dec 2006 — Unspecified vulnerability in ptrace in NetBSD-current before 20061027, NetBSD 3.0 and 3.0.1 before 20061027, and NetBSD 2.x before 20061119 allows local users to read kernel memory and obtain sensitive information via certain manipulations of a PT_LWPINFO request, which leads to a memory leak and information leak. Vulnerabilidad no especificada en ptrace en NetBSD-current versiones anteriores a 20061027, NetBSD 3.0 y 3.0.1 versiones anteriores a 20061027, y NetBSD 2.x versiones anteriores a 20061019, permit... • ftp://ftp.NetBSD.org/pub/NetBSD/security/advisories/NetBSD-SA2006-025.txt.asc •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2006-6657
https://notcve.org/view.php?id=CVE-2006-6657
20 Dec 2006 — The if_clone_list function in NetBSD-current before 20061027, NetBSD 3.0 and 3.0.1 before 20061027, and NetBSD 2.x before 20061119 allows local users to read potentially sensitive, uninitialized stack memory via unspecified vectors. La función if_clone_list en NetBSD-current anterior al 27/10/2006, NetBSD 3.0 y 3.0.1 anterior al 27/10/2006, y NetBSD 2.x anterior al 19/11/2006 permite a usuarios locales leer información potencialmente sensible de la memoria de la pila que no ha sido inicializada mediante vec... • ftp://ftp.NetBSD.org/pub/NetBSD/security/advisories/NetBSD-SA2006-025.txt.asc •