| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| The (1) clcs and (2) emuxki drivers in NetBSD 1.6 through 2.0.2 allow local users to cause a denial of service (kernel crash) by using the set-parameters ioctl on an audio device to change the block size and set the pause state to "unpaused" in the same ioctl, which causes a divide-by-zero error. |
| tip on multiple BSD-based operating systems allows local users to cause a denial of service (execution prevention) by using flock() to lock the /var/log/acculog file. |
| imake in NetBSD before 2.0.3, NetBSD-current before 12 September 2005, certain versions of X.Org, and certain versions of XFree86 allows local users to overwrite arbitrary files via a symlink attack on the temporary file for the file.0 target, which is used for a pre-formatted manual page. |
| Off-by-one error in the fb_realpath() function, as derived from the realpath function in BSD, may allow attackers to execute arbitrary code, as demonstrated in wu-ftpd 2.5.0 through 2.6.2 via commands that cause pathnames of length MAXPATHLEN+1 to trigger a buffer overflow, including (1) STOR, (2) RETR, (3) APPE, (4) DELE, (5) MKD, (6) RMD, (7) STOU, or (8) RNTO. |
| Integer overflow in the FreeBSD compatibility code (freebsd_misc.c) in NetBSD-current, NetBSD-3, NetBSD-2.0, and NetBSD-2 before 20050913; and NetBSD-1.6 before 20050914; allows local users to cause a denial of service (heap corruption or system crash) and possibly gain root privileges. |
| A race condition between the select() and accept() calls in NetBSD TCP servers allows remote attackers to cause a denial of service. |
| sendmsg function in NetBSD 1.3 through 1.5 allows local users to cause a denial of service (kernel trap or panic) via a msghdr structure with a large msg_controllen length. |
| The BSD make program allows local users to modify files via a symlink attack when the -j option is being used. |
| Local users can perform a denial of service in NetBSD 1.3.3 and earlier versions by creating an unusual symbolic link with the ln command, triggering a bug in VFS. |
| XFree86 startx command is vulnerable to a symlink attack, allowing local users to create files in restricted directories, possibly allowing them to gain privileges or cause a denial of service. |
| NetBSD on a multi-homed host allows ARP packets on one network to modify ARP entries on another connected network. |
| The SVR4 /dev/wabi special device file in NetBSD 1.3.3 and earlier allows a local user to read or write arbitrary files on the disk associated with that device. |
| Buffer overflow in rwhod on AIX and other operating systems allows remote attackers to execute arbitrary code via a UDP packet with a long hostname. |
| The i386_set_ldt system call in NetBSD 1.5 and earlier, and OpenBSD 2.8 and earlier, when the USER_LDT kernel option is enabled, does not validate a call gate target, which allows local users to gain root privileges by creating a segment call gate in the Local Descriptor Table (LDT) with a target that specifies an arbitrary kernel address. |
| NetBSD 1.4.2 and earlier allows local users to cause a denial of service by repeatedly running certain system calls in the kernel which do not yield the CPU, aka "cpu-hog". |
| NetBSD allows ARP packets to overwrite static ARP entries. |
| Listening TCP ports are sequentially allocated, allowing spoofing attacks. |
| Buffer overflow of rlogin program using TERM environmental variable. |
| FTP servers can allow an attacker to connect to arbitrary ports on machines other than the FTP client, aka FTP bounce. |
| Land IP denial of service. |
