The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

Computer vulnerabilities of NetBSD

vulnerability 29470

NetBSD: information disclosure

Synthesis of the vulnerability

A local attacker can read a memory fragment of NetBSD, in order to obtain sensitive information.
Impacted products: NetBSD.
Severity: 1/4.
Consequences: data reading.
Provenance: user shell.
Creation date: 05/06/2019.
Identifiers: VIGILANCE-VUL-29470.

Description of the vulnerability

A local attacker can read a memory fragment of NetBSD, in order to obtain sensitive information.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability bulletin 29218

NetBSD: information disclosure via SIOCGIFCONF

Synthesis of the vulnerability

A local attacker can read a memory fragment via SIOCGIFCONF of NetBSD, in order to obtain sensitive information.
Impacted products: NetBSD.
Severity: 1/4.
Consequences: data reading.
Provenance: user shell.
Creation date: 03/05/2019.
Identifiers: NetBSD-SA2019-003, VIGILANCE-VUL-29218.

Description of the vulnerability

A local attacker can read a memory fragment via SIOCGIFCONF of NetBSD, in order to obtain sensitive information.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability announce 29217

NetBSD: memory corruption via mq_send

Synthesis of the vulnerability

An attacker can trigger a memory corruption via mq_send() of NetBSD, in order to trigger a denial of service, and possibly to run code.
Impacted products: NetBSD.
Severity: 2/4.
Consequences: administrator access/rights, privileged access/rights, denial of service on server, denial of service on service, denial of service on client.
Provenance: user shell.
Creation date: 03/05/2019.
Identifiers: NetBSD-SA2019-002, VIGILANCE-VUL-29217.

Description of the vulnerability

An attacker can trigger a memory corruption via mq_send() of NetBSD, in order to trigger a denial of service, and possibly to run code.
Full Vigil@nce bulletin... (Free trial)

vulnerability 28460

NetBSD: information disclosure via Kernel Memory Leaks

Synthesis of the vulnerability

A local attacker can read a memory fragment of NetBSD, in order to obtain sensitive information.
Impacted products: NetBSD.
Severity: 2/4.
Consequences: data reading.
Provenance: user shell.
Creation date: 07/02/2019.
Identifiers: NetBSD-SA2019-001, VIGILANCE-VUL-28460.

Description of the vulnerability

A local attacker can read a memory fragment of NetBSD, in order to obtain sensitive information.
Full Vigil@nce bulletin... (Free trial)

vulnerability announce 28012

NetBSD: information disclosure via bozohttpd htpasswd

Synthesis of the vulnerability

An attacker can bypass access restrictions to data via bozohttpd htpasswd of NetBSD, in order to obtain sensitive information.
Impacted products: NetBSD.
Severity: 3/4.
Consequences: data reading.
Provenance: internet client.
Creation date: 12/12/2018.
Identifiers: NetBSD-SA2018-009, VIGILANCE-VUL-28012.

Description of the vulnerability

An attacker can bypass access restrictions to data via bozohttpd htpasswd of NetBSD, in order to obtain sensitive information.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability 26225

NetBSD: bypassing NPF rule via ICMP

Synthesis of the vulnerability

An attacker can trigger an use after free in NPF by sending an IPv6 packet to NetBSD, in order to bypass rules or trigger a denial of service.
Impacted products: NetBSD.
Severity: 3/4.
Consequences: data flow, denial of service on server, denial of service on service.
Provenance: internet client.
Creation date: 25/05/2018.
Identifiers: NetBSD-SA2018-008, VIGILANCE-VUL-26225.

Description of the vulnerability

An attacker can trigger an use after free in NPF by sending an IPv6 packet to NetBSD, in order to bypass rules or trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability note 26079

NetBSD: multiple vulnerabilities via IPsec

Synthesis of the vulnerability

An attacker can use several vulnerabilities via IPsec of NetBSD.
Impacted products: NetBSD.
Severity: 3/4.
Consequences: denial of service on service.
Provenance: internet client.
Creation date: 09/05/2018.
Identifiers: NetBSD-SA2018-007, VIGILANCE-VUL-26079.

Description of the vulnerability

An attacker can use several vulnerabilities via IPsec of NetBSD.
Full Vigil@nce bulletin... (Free trial)

vulnerability note 25814

NetBSD: multiple vulnerabilities via Network Stack

Synthesis of the vulnerability

An attacker can use several vulnerabilities via Network Stack of NetBSD.
Impacted products: NetBSD.
Severity: 3/4.
Consequences: user access/rights, denial of service on server, denial of service on client.
Provenance: internet client.
Creation date: 10/04/2018.
Identifiers: NetBSD-SA2018-006, VIGILANCE-VUL-25814.

Description of the vulnerability

An attacker can use several vulnerabilities via Network Stack of NetBSD.
Full Vigil@nce bulletin... (Free trial)

vulnerability bulletin 25813

NetBSD: privilege escalation via Xen-amd64

Synthesis of the vulnerability

An attacker can bypass restrictions via Xen-amd64 of NetBSD, in order to escalate his privileges.
Impacted products: NetBSD.
Severity: 2/4.
Consequences: administrator access/rights, privileged access/rights.
Provenance: user shell.
Creation date: 10/04/2018.
Identifiers: NetBSD-SA2018-005, VIGILANCE-VUL-25813.

Description of the vulnerability

An attacker can bypass restrictions via Xen-amd64 of NetBSD, in order to escalate his privileges.
Full Vigil@nce bulletin... (Free trial)

vulnerability bulletin 25283

NetBSD: denial of service via a IPsec AH packet for IPv6

Synthesis of the vulnerability

An attacker can send an IPsec AH packet for IPv6 with an option of declared size 0 to a NetBSD host, in order to trigger an endless loop in the kernel and so an host freeze.
Impacted products: NetBSD.
Severity: 3/4.
Consequences: denial of service on server, denial of service on service.
Provenance: internet client.
Creation date: 13/02/2018.
Identifiers: NetBSD-SA2018-003, VIGILANCE-VUL-25283.

Description of the vulnerability

An attacker can send an IPsec AH packet for IPv6 with an option of declared size 0 to a NetBSD host, in order to trigger an endless loop in the kernel and so an host freeze.
Full Vigil@nce bulletin... (Free trial)
Our database contains other pages. You can request a free trial to read them.

Display information about NetBSD: