Netbsd
Products by Netbsd Sorted by Most Security Vulnerabilities since 2018
By the Year
In 2022 there have been 0 vulnerabilities in Netbsd . Last year Netbsd had 5 security vulnerabilities published. Right now, Netbsd is on track to have less security vulnerabilities in 2022 than it did last year.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2022 | 0 | 0.00 |
| 2021 | 5 | 7.06 |
| 2020 | 0 | 0.00 |
| 2019 | 0 | 0.00 |
| 2018 | 0 | 0.00 |
It may take a day or so for new Netbsd vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Netbsd Security Vulnerabilities
In NetBSD through 9.2
CVE-2021-45489
7.5 - High
- December 25, 2021
In NetBSD through 9.2, the IPv6 Flow Label generation algorithm employs a weak cryptographic PRNG.
PRNG
In NetBSD through 9.2
CVE-2021-45488
7.5 - High
- December 25, 2021
In NetBSD through 9.2, there is an information leak in the TCP ISN (ISS) generation algorithm.
Use of a Broken or Risky Cryptographic Algorithm
In NetBSD through 9.2
CVE-2021-45487
7.5 - High
- December 25, 2021
In NetBSD through 9.2, the IPv4 ID generation algorithm does not use appropriate cryptographic measures.
Use of a Broken or Risky Cryptographic Algorithm
In NetBSD through 9.2
CVE-2021-45484
7.5 - High
- December 25, 2021
In NetBSD through 9.2, the IPv6 fragment ID generation algorithm employs a weak cryptographic PRNG.
Inadequate Encryption Strength
An issue was discovered in the kernel in NetBSD 7.1
CVE-2020-26139
5.3 - Medium
- May 11, 2021
An issue was discovered in the kernel in NetBSD 7.1. An Access Point (AP) forwards EAPOL frames to other clients even though the sender has not yet successfully authenticated to the AP. This might be abused in projected Wi-Fi networks to launch denial-of-service attacks against connected clients and makes it easier to exploit other vulnerabilities in connected clients.
authentification
The SSL protocol 3.0, as used in OpenSSL through 1.0.1i and other products, uses nondeterministic CBC padding, which makes it easier for man-in-the-middle attackers to obtain cleartext data
CVE-2014-3566
3.4 - Low
- October 15, 2014
The SSL protocol 3.0, as used in OpenSSL through 1.0.1i and other products, uses nondeterministic CBC padding, which makes it easier for man-in-the-middle attackers to obtain cleartext data via a padding-oracle attack, aka the "POODLE" issue.
Cryptographic Issues
Stack consumption vulnerability in the fnmatch implementation in apr_fnmatch.c in the Apache Portable Runtime (APR) library before 1.4.3 and the Apache HTTP Server before 2.2.18, and in fnmatch.c in libc in NetBSD 5.1, OpenBSD 4.8, FreeBSD, Apple Mac OS X 10.6, Oracle Solaris 10, and Android
CVE-2011-0419
- May 16, 2011
Stack consumption vulnerability in the fnmatch implementation in apr_fnmatch.c in the Apache Portable Runtime (APR) library before 1.4.3 and the Apache HTTP Server before 2.2.18, and in fnmatch.c in libc in NetBSD 5.1, OpenBSD 4.8, FreeBSD, Apple Mac OS X 10.6, Oracle Solaris 10, and Android, allows context-dependent attackers to cause a denial of service (CPU and memory consumption) via *? sequences in the first argument, as demonstrated by attacks against mod_autoindex in httpd.
Resource Management Errors
The TCP implementation in (1) Linux, (2) platforms based on BSD Unix, (3) Microsoft Windows, (4) Cisco products, and probably other operating systems allows remote attackers to cause a denial of service (connection queue exhaustion) via multiple vectors
CVE-2008-4609
- October 20, 2008
The TCP implementation in (1) Linux, (2) platforms based on BSD Unix, (3) Microsoft Windows, (4) Cisco products, and probably other operating systems allows remote attackers to cause a denial of service (connection queue exhaustion) via multiple vectors that manipulate information in the TCP state table, as demonstrated by sockstress.
Configuration
Buffer overflow in BSD-based telnetd telnet daemon on various operating systems
CVE-2001-0554
- August 14, 2001
Buffer overflow in BSD-based telnetd telnet daemon on various operating systems allows remote attackers to execute arbitrary commands via a set of options including AYT (Are You There), which is not properly handled by the telrcv function.
Classic Buffer Overflow