A security regression (CVE-2006-5051) was discovered in OpenSSH's server (sshd). There is a race condition which can lead sshd to handle some signals in an unsafe manner. An unauthenticated, remote attacker may be able to trigger it by failing to authenticate within a set time period.
CVSS Score
8.1
EPSS Score
0.475
Published
2024-07-01
In NetBSD through 9.2, the IPv6 fragment ID generation algorithm employs a weak cryptographic PRNG.
CVSS Score
7.5
EPSS Score
0.003
Published
2021-12-25
In NetBSD through 9.2, the IPv4 ID generation algorithm does not use appropriate cryptographic measures.
CVSS Score
7.5
EPSS Score
0.003
Published
2021-12-25
In NetBSD through 9.2, there is an information leak in the TCP ISN (ISS) generation algorithm.
CVSS Score
7.5
EPSS Score
0.003
Published
2021-12-25
In NetBSD through 9.2, the IPv6 Flow Label generation algorithm employs a weak cryptographic PRNG.
CVSS Score
7.5
EPSS Score
0.003
Published
2021-12-25
The HZ module in the iconv implementation in FreeBSD 10.0 before p6 and NetBSD allows context-dependent attackers to cause a denial of service (NULL pointer dereference) via a crafted argument to the iconv_open function. NOTE: this issue was SPLIT per ADT2 due to different vulnerability types. CVE-2014-5384 is used for the NULL pointer dereference.
CVSS Score
5.0
EPSS Score
0.004
Published
2014-08-21
The VIQR module in the iconv implementation in FreeBSD 10.0 before p6 and NetBSD allows context-dependent attackers to cause a denial of service (out-of-bounds array access) via a crafted argument to the iconv_open function. NOTE: this issue was SPLIT from CVE-2014-3951 per ADT2 due to different vulnerability types.
CVSS Score
5.0
EPSS Score
0.004
Published
2014-08-21
Integer overflow in the calloc function in libc/stdlib/malloc.c in jemalloc in libc for FreeBSD 6.4 and NetBSD makes it easier for context-dependent attackers to perform memory-related attacks such as buffer overflows via a large size value, which triggers a memory allocation of one byte.
CVSS Score
5.0
EPSS Score
0.003
Published
2012-07-25
The ipalloc function in libc/stdlib/malloc.c in jemalloc in libc for FreeBSD 6.4 and NetBSD does not properly allocate memory, which makes it easier for context-dependent attackers to perform memory-related attacks such as buffer overflows via a large size value, related to "integer rounding and overflow" errors.
CVSS Score
5.0
EPSS Score
0.003
Published
2012-07-25
The Neighbor Discovery (ND) protocol implementation in the IPv6 stack in FreeBSD, NetBSD, and possibly other BSD-based operating systems allows remote attackers to cause a denial of service (CPU consumption and device hang) by sending many Router Advertisement (RA) messages with different source addresses, a similar vulnerability to CVE-2010-4670.
CVSS Score
7.8
EPSS Score
0.005
Published
2012-02-02
Page 1