Vulnerabilities (CVE)

Filtered by vendor Openbsd Subscribe
Total 297 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2020-15778 3 Broadcom, Netapp, Openbsd 10 Fabric Operating System, A700s, A700s Firmware and 7 more 2021-06-22 6.8 MEDIUM 7.8 HIGH
** DISPUTED ** scp in OpenSSH through 8.3p1 allows command injection in the scp.c toremote function, as demonstrated by backtick characters in the destination argument. NOTE: the vendor reportedly has stated that they intentionally omit validation of "anomalous argument transfers" because that could "stand a great chance of breaking existing workflows."
CVE-2020-26142 1 Openbsd 1 Openbsd 2021-06-07 5.0 MEDIUM 7.5 HIGH
An issue was discovered in the kernel in OpenBSD 6.6. The WEP, WPA, WPA2, and WPA3 implementations treat fragmented frames as full frames. An adversary can abuse this to inject arbitrary network packets, independent of the network configuration.
CVE-2011-0419 7 Apache, Apple, Freebsd and 4 more 8 Http Server, Portable Runtime, Mac Os X and 5 more 2021-06-06 4.3 MEDIUM N/A
Stack consumption vulnerability in the fnmatch implementation in apr_fnmatch.c in the Apache Portable Runtime (APR) library before 1.4.3 and the Apache HTTP Server before 2.2.18, and in fnmatch.c in libc in NetBSD 5.1, OpenBSD 4.8, FreeBSD, Apple Mac OS X 10.6, Oracle Solaris 10, and Android, allows context-dependent attackers to cause a denial of service (CPU and memory consumption) via *? sequences in the first argument, as demonstrated by attacks against mod_autoindex in httpd.
CVE-2004-0488 8 Apache, Gentoo, Mandrakesoft and 5 more 10 Http Server, Linux, Mandrake Linux and 7 more 2021-06-06 7.5 HIGH N/A
Stack-based buffer overflow in the ssl_util_uuencode_binary function in ssl_util.c for Apache mod_ssl, when mod_ssl is configured to trust the issuing CA, may allow remote attackers to execute arbitrary code via a client certificate with a long subject DN.
CVE-2004-0492 5 Apache, Hp, Ibm and 2 more 7 Http Server, Virtualvault, Vvos and 4 more 2021-06-06 10.0 HIGH N/A
Heap-based buffer overflow in proxy_util.c for mod_proxy in Apache 1.3.25 to 1.3.31 allows remote attackers to cause a denial of service (process crash) and possibly execute arbitrary code via a negative Content-Length HTTP header field, which causes a large amount of data to be copied.
CVE-2021-28041 3 Fedoraproject, Netapp, Openbsd 9 Fedora, Cloud Backup, Hci Compute Node and 6 more 2021-05-27 4.6 MEDIUM 7.1 HIGH
ssh-agent in OpenSSH before 8.5 has a double free that may be relevant in a few less-common scenarios, such as unconstrained agent-socket access on a legacy operating system, or the forwarding of an agent to an attacker-controlled host.
CVE-2020-14145 2 Netapp, Openbsd 10 Active Iq Unified Manager, Aff A700s, Aff A700s Firmware and 7 more 2021-05-26 4.3 MEDIUM 5.9 MEDIUM
The client side in OpenSSH 5.7 through 8.4 has an Observable Discrepancy leading to an information leak in the algorithm negotiation. This allows man-in-the-middle attackers to target initial connection attempts (where no host key for the server has been cached by the client). NOTE: some reports state that 8.5 and 8.6 are also affected.
CVE-2020-7247 2 Debian, Openbsd 2 Debian Linux, Opensmtpd 2021-04-06 10.0 HIGH 9.8 CRITICAL
smtp_mailaddr in smtp_session.c in OpenSMTPD 6.6, as used in OpenBSD 6.6 and other products, allows remote attackers to execute arbitrary commands as root via a crafted SMTP session, as demonstrated by shell metacharacters in a MAIL FROM field. This affects the "uncommented" default configuration. The issue exists because of an incorrect return value upon failure of input validation.
CVE-2007-2768 2 Netapp, Openbsd 5 Hci Management Node, Hci Storage Node, Solidfire and 2 more 2021-04-01 4.3 MEDIUM N/A
OpenSSH, when using OPIE (One-Time Passwords in Everything) for PAM, allows remote attackers to determine the existence of certain user accounts, which displays a different response if the user account exists and is configured to use one-time passwords (OTP), a similar issue to CVE-2007-2243.
CVE-2019-14899 4 Apple, Freebsd, Linux and 1 more 7 Ipad Os, Iphone Os, Mac Os X and 4 more 2020-12-15 4.9 MEDIUM 7.4 HIGH
A vulnerability was discovered in Linux, FreeBSD, OpenBSD, MacOS, iOS, and Android that allows a malicious access point, or an adjacent user, to determine if a connected user is using a VPN, make positive inferences about the websites they are visiting, and determine the correct sequence and acknowledgement numbers in use, allowing the bad actor to inject data into the TCP stream. This provides everything that is needed for an attacker to hijack active connections inside the VPN tunnel.
CVE-2019-8460 1 Openbsd 1 Openbsd 2020-10-22 5.0 MEDIUM 7.5 HIGH
OpenBSD kernel version <= 6.5 can be forced to create long chains of TCP SACK holes that causes very expensive calls to tcp_sack_option() for every incoming SACK packet which can lead to a denial of service.
CVE-2019-6111 5 Canonical, Debian, Openbsd and 2 more 5 Ubuntu Linux, Debian Linux, Openssh and 2 more 2020-08-24 5.8 MEDIUM 5.9 MEDIUM
An issue was discovered in OpenSSH 7.9. Due to the scp implementation being derived from 1983 rcp, the server chooses which files/directories are sent to the client. However, the scp client only performs cursory validation of the object name returned (only directory traversal attacks are prevented). A malicious scp server (or Man-in-The-Middle attacker) can overwrite arbitrary files in the scp client target directory. If recursive operation (-r) is performed, the server can manipulate subdirectories as well (for example, to overwrite the .ssh/authorized_keys file).
CVE-2019-6110 3 Netapp, Openbsd, Winscp 5 Element Software, Ontap Select Deploy, Storage Automation Store and 2 more 2020-08-24 4.0 MEDIUM 6.8 MEDIUM
In OpenSSH 7.9, due to accepting and displaying arbitrary stderr output from the server, a malicious server (or Man-in-The-Middle attacker) can manipulate the client output, for example to use ANSI control codes to hide additional files being transferred.
CVE-2018-20685 7 Canonical, Debian, Netapp and 4 more 11 Ubuntu Linux, Debian Linux, Cloud Backup and 8 more 2020-08-24 2.6 LOW 5.3 MEDIUM
In OpenSSH 7.9, scp.c in the scp client allows remote SSH servers to bypass intended access restrictions via the filename of . or an empty filename. The impact is modifying the permissions of the target directory on the client side.
CVE-2018-15473 5 Canonical, Debian, Netapp and 2 more 21 Ubuntu Linux, Debian Linux, Aff Baseboard Management Controller and 18 more 2020-08-24 5.0 MEDIUM 5.3 MEDIUM
OpenSSH through 7.7 is prone to a user enumeration vulnerability due to not delaying bailout for an invalid authenticating user until after the packet containing the request has been fully parsed, related to auth2-gss.c, auth2-hostbased.c, and auth2-pubkey.c.
CVE-2019-19520 1 Openbsd 1 Openbsd 2020-08-24 4.6 MEDIUM 7.8 HIGH
xlock in OpenBSD 6.6 allows local users to gain the privileges of the auth group by providing a LIBGL_DRIVERS_PATH environment variable, because xenocara/lib/mesa/src/loader/loader.c mishandles dlopen.
CVE-2017-15906 1 Openbsd 1 Openssh 2020-08-24 5.0 MEDIUM 5.3 MEDIUM
The process_open function in sftp-server.c in OpenSSH before 7.6 does not properly prevent write operations in readonly mode, which allows attackers to create zero-length files.
CVE-2019-6109 5 Canonical, Debian, Netapp and 2 more 7 Ubuntu Linux, Debian Linux, Element Software and 4 more 2020-08-24 4.0 MEDIUM 6.8 MEDIUM
An issue was discovered in OpenSSH 7.9. Due to missing character encoding in the progress display, a malicious server (or Man-in-The-Middle attacker) can employ crafted object names to manipulate the client output, e.g., by using ANSI control codes to hide additional files being transferred. This affects refresh_progress_meter() in progressmeter.c.
CVE-2019-19522 1 Openbsd 1 Openbsd 2020-08-24 7.2 HIGH 7.8 HIGH
OpenBSD 6.6, in a non-default configuration where S/Key or YubiKey authentication is enabled, allows local users to become root by leveraging membership in the auth group. This occurs because root's file can be written to /etc/skey or /var/db/yubikey, and need not be owned by root.
CVE-2019-6724 4 Apple, Barracuda, Linux and 1 more 4 Mac Os X, Vpn Client, Linux Kernel and 1 more 2020-08-24 7.2 HIGH 7.8 HIGH
The barracudavpn component of the Barracuda VPN Client prior to version 5.0.2.7 for Linux, macOS, and OpenBSD runs as a privileged process and can allow an unprivileged local attacker to load a malicious library, resulting in arbitrary code executing as root.