Vulnerabilities (CVE)

Filtered by vendor Openbsd Subscribe
Total 303 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2021-41617 2 Fedoraproject, Openbsd 2 Fedora, Openssh 2021-10-14 4.4 MEDIUM 7.0 HIGH
sshd in OpenSSH 6.2 through 8.x before 8.8, when certain non-default configurations are used, allows privilege escalation because supplemental groups are not initialized as expected. Helper programs for AuthorizedKeysCommand and AuthorizedPrincipalsCommand may run with privileges associated with group memberships of the sshd process, if the configuration specifies running the command as a different user.
CVE-2016-20012 1 Openbsd 1 Openssh 2021-10-14 4.3 MEDIUM 5.3 MEDIUM
OpenSSH through 8.7 allows remote attackers, who have a suspicion that a certain combination of username and public key is known to an SSH server, to test whether this suspicion is correct. This occurs because a challenge is sent only when that combination could be valid for a login session.
CVE-2021-41581 1 Openbsd 1 Libressl 2021-09-29 4.3 MEDIUM 5.5 MEDIUM
x509_constraints_parse_mailbox in lib/libcrypto/x509/x509_constraints.c in LibreSSL through 3.4.0 has a stack-based buffer over-read. When the input exceeds DOMAIN_PART_MAX_LEN, the buffer lacks '\0' termination.
CVE-2020-26142 1 Openbsd 1 Openbsd 2021-09-22 2.6 LOW 5.3 MEDIUM
An issue was discovered in the kernel in OpenBSD 6.6. The WEP, WPA, WPA2, and WPA3 implementations treat fragmented frames as full frames. An adversary can abuse this to inject arbitrary network packets, independent of the network configuration.
CVE-2010-4816 1 Openbsd 1 Openbsd 2021-09-20 5.0 MEDIUM 7.5 HIGH
It was found in FreeBSD 8.0, 6.3 and 4.9, and OpenBSD 4.6 that a null pointer dereference in ftpd/popen.c may lead to remote denial of service of the ftpd service.
CVE-2016-10708 4 Canonical, Debian, Netapp and 1 more 12 Ubuntu Linux, Debian Linux, Cloud Backup and 9 more 2021-09-14 5.0 MEDIUM 7.5 HIGH
sshd in OpenSSH before 7.4 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via an out-of-sequence NEWKEYS message, as demonstrated by Honggfuzz, related to kex.c and packet.c.
CVE-2016-6515 2 Fedoraproject, Openbsd 2 Fedora, Openssh 2021-09-14 7.8 HIGH 7.5 HIGH
The auth_password function in auth-passwd.c in sshd in OpenSSH before 7.3 does not limit password lengths for password authentication, which allows remote attackers to cause a denial of service (crypt CPU consumption) via a long string.
CVE-2016-10011 1 Openbsd 1 Openssh 2021-09-14 2.1 LOW 5.5 MEDIUM
authfile.c in sshd in OpenSSH before 7.4 does not properly consider the effects of realloc on buffer contents, which might allow local users to obtain sensitive private-key information by leveraging access to a privilege-separated child process.
CVE-2019-8460 1 Openbsd 1 Openbsd 2021-08-02 5.0 MEDIUM 7.5 HIGH
OpenBSD kernel version <= 6.5 can be forced to create long chains of TCP SACK holes that causes very expensive calls to tcp_sack_option() for every incoming SACK packet which can lead to a denial of service.
CVE-2019-19519 1 Openbsd 1 Openbsd 2021-07-21 4.6 MEDIUM 7.8 HIGH
In OpenBSD 6.6, local users can use the su -L option to achieve any login class (often excluding root) because there is a logic error in the main function in su/su.c.
CVE-2020-7247 2 Debian, Openbsd 2 Debian Linux, Opensmtpd 2021-07-21 10.0 HIGH 9.8 CRITICAL
smtp_mailaddr in smtp_session.c in OpenSMTPD 6.6, as used in OpenBSD 6.6 and other products, allows remote attackers to execute arbitrary commands as root via a crafted SMTP session, as demonstrated by shell metacharacters in a MAIL FROM field. This affects the "uncommented" default configuration. The issue exists because of an incorrect return value upon failure of input validation.
CVE-2020-16088 1 Openbsd 1 Openbsd 2021-07-21 7.5 HIGH 9.8 CRITICAL
iked in OpenIKED, as used in OpenBSD through 6.7, allows authentication bypass because ca.c has the wrong logic for checking whether a public key matches.
CVE-2020-14145 2 Netapp, Openbsd 10 Active Iq Unified Manager, Aff A700s, Aff A700s Firmware and 7 more 2021-07-21 4.3 MEDIUM 5.9 MEDIUM
The client side in OpenSSH 5.7 through 8.4 has an Observable Discrepancy leading to an information leak in the algorithm negotiation. This allows man-in-the-middle attackers to target initial connection attempts (where no host key for the server has been cached by the client). NOTE: some reports state that 8.5 and 8.6 are also affected.
CVE-2019-16905 1 Openbsd 1 Openssh 2021-07-21 4.4 MEDIUM 7.8 HIGH
OpenSSH 7.7 through 7.9 and 8.x before 8.1, when compiled with an experimental key type, has a pre-authentication integer overflow if a client or server is configured to use a crafted XMSS key. This leads to memory corruption and local code execution because of an error in the XMSS key parsing algorithm. NOTE: the XMSS implementation is considered experimental in all released OpenSSH versions, and there is no supported way to enable it when building portable OpenSSH.
CVE-2021-28041 3 Fedoraproject, Netapp, Openbsd 9 Fedora, Cloud Backup, Hci Compute Node and 6 more 2021-07-20 4.6 MEDIUM 7.1 HIGH
ssh-agent in OpenSSH before 8.5 has a double free that may be relevant in a few less-common scenarios, such as unconstrained agent-socket access on a legacy operating system, or the forwarding of an agent to an attacker-controlled host.
CVE-2019-25049 2 Linux, Openbsd 2 Linux Kernel, Libressl 2021-07-08 5.8 MEDIUM 7.1 HIGH
LibreSSL 2.9.1 through 3.2.1 has an out-of-bounds read in asn1_item_print_ctx (called from asn1_template_print_ctx).
CVE-2019-25048 2 Linux, Openbsd 2 Linux Kernel, Libressl 2021-07-08 5.8 MEDIUM 7.1 HIGH
LibreSSL 2.9.1 through 3.2.1 has a heap-based buffer over-read in do_print_ex (called from asn1_item_print_ctx and ASN1_item_print).
CVE-2008-4609 11 Bsd, Bsdi, Cisco and 8 more 27 Bsd, Bsd Os, Ios and 24 more 2021-07-07 7.1 HIGH N/A
The TCP implementation in (1) Linux, (2) platforms based on BSD Unix, (3) Microsoft Windows, (4) Cisco products, and probably other operating systems allows remote attackers to cause a denial of service (connection queue exhaustion) via multiple vectors that manipulate information in the TCP state table, as demonstrated by sockstress.
CVE-2019-14899 4 Apple, Freebsd, Linux and 1 more 7 Ipad Os, Iphone Os, Mac Os X and 4 more 2021-07-05 4.9 MEDIUM 7.4 HIGH
A vulnerability was discovered in Linux, FreeBSD, OpenBSD, MacOS, iOS, and Android that allows a malicious access point, or an adjacent user, to determine if a connected user is using a VPN, make positive inferences about the websites they are visiting, and determine the correct sequence and acknowledgement numbers in use, allowing the bad actor to inject data into the TCP stream. This provides everything that is needed for an attacker to hijack active connections inside the VPN tunnel.
CVE-2020-15778 3 Broadcom, Netapp, Openbsd 10 Fabric Operating System, A700s, A700s Firmware and 7 more 2021-06-22 6.8 MEDIUM 7.8 HIGH
** DISPUTED ** scp in OpenSSH through 8.3p1 allows command injection in the scp.c toremote function, as demonstrated by backtick characters in the destination argument. NOTE: the vendor reportedly has stated that they intentionally omit validation of "anomalous argument transfers" because that could "stand a great chance of breaking existing workflows."