Filtered by vendor Openbsd
Subscribe
Total
319 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2003-0693 | 1 Openbsd | 1 Openssh | 2023-12-10 | 10.0 HIGH | N/A |
A "buffer management error" in buffer_append_space of buffer.c for OpenSSH before 3.7 may allow remote attackers to execute arbitrary code by causing an incorrect amount of memory to be freed and corrupting the heap, a different vulnerability than CVE-2003-0695. | |||||
CVE-2004-0687 | 4 Openbsd, Suse, X.org and 1 more | 4 Openbsd, Suse Linux, X11r6 and 1 more | 2023-12-10 | 7.5 HIGH | N/A |
Multiple stack-based buffer overflows in (1) xpmParseColors in parse.c, (2) ParseAndPutPixels in create.c, and (3) ParsePixels in parse.c for libXpm before 6.8.1 allow remote attackers to execute arbitrary code via a malformed XPM image file. | |||||
CVE-2000-0217 | 2 Openbsd, Ssh | 3 Openssh, Ssh, Ssh2 | 2023-12-10 | 5.1 MEDIUM | N/A |
The default configuration of SSH allows X forwarding, which could allow a remote attacker to control a client's X sessions via a malicious xauth program. | |||||
CVE-2003-1366 | 1 Openbsd | 1 Openbsd | 2023-12-10 | 3.3 LOW | N/A |
chpass in OpenBSD 2.0 through 3.2 allows local users to read portions of arbitrary files via a hard link attack on a temporary file used to store user database information. | |||||
CVE-2001-0247 | 5 Freebsd, Mit, Netbsd and 2 more | 5 Freebsd, Kerberos 5, Netbsd and 2 more | 2023-12-10 | 10.0 HIGH | N/A |
Buffer overflows in BSD-based FTP servers allows remote attackers to execute arbitrary commands via a long pattern string containing a {} sequence, as seen in (1) g_opendir, (2) g_lstat, (3) g_stat, and (4) the glob0 buffer as used in the glob functions glob2 and glob3. | |||||
CVE-1999-1214 | 5 Bsd, Freebsd, Netbsd and 2 more | 5 Bsd, Freebsd, Netbsd and 2 more | 2023-12-10 | 2.1 LOW | N/A |
The asynchronous I/O facility in 4.4 BSD kernel does not check user credentials when setting the recipient of I/O notification, which allows local users to cause a denial of service by using certain ioctl and fcntl calls to cause the signal to be sent to an arbitrary process ID. | |||||
CVE-2000-0751 | 3 Netbsd, Openbsd, Redhat | 3 Netbsd, Openbsd, Linux | 2023-12-10 | 7.5 HIGH | N/A |
mopd (Maintenance Operations Protocol loader daemon) does not properly cleanse user-injected format strings, which allows remote attackers to execute arbitrary commands. | |||||
CVE-2001-0361 | 2 Openbsd, Ssh | 2 Openssh, Ssh | 2023-12-10 | 4.0 MEDIUM | N/A |
Implementations of SSH version 1.5, including (1) OpenSSH up to version 2.3.0, (2) AppGate, and (3) ssh-1 up to version 1.2.31, in certain configurations, allow a remote attacker to decrypt and/or alter traffic via a "Bleichenbacher attack" on PKCS#1 version 1.5. | |||||
CVE-2002-0572 | 3 Freebsd, Openbsd, Sun | 4 Freebsd, Openbsd, Solaris and 1 more | 2023-12-10 | 7.2 HIGH | N/A |
FreeBSD 4.5 and earlier, and possibly other BSD-based operating systems, allows local users to write to or read from restricted files by closing the file descriptors 0 (standard input), 1 (standard output), or 2 (standard error), which may then be reused by a called setuid process that intended to perform I/O on normal files. | |||||
CVE-2003-0144 | 4 Bsd, Freebsd, Lprold and 1 more | 4 Lpr, Freebsd, Lprold and 1 more | 2023-12-10 | 7.2 HIGH | N/A |
Buffer overflow in the lprm command in the lprold lpr package on SuSE 7.1 through 7.3, OpenBSD 3.2 and earlier, and possibly other operating systems, allows local users to gain root privileges via long command line arguments such as (1) request ID or (2) user name. | |||||
CVE-2003-0955 | 1 Openbsd | 1 Openbsd | 2023-12-10 | 4.6 MEDIUM | N/A |
OpenBSD kernel 3.3 and 3.4 allows local users to cause a denial of service (kernel panic) and possibly execute arbitrary code in 3.4 via a program with an invalid header that is not properly handled by (1) ibcs2_exec.c in the iBCS2 emulation (compat_ibcs2) or (2) exec_elf.c, which leads to a stack-based buffer overflow. | |||||
CVE-2003-0688 | 6 Compaq, Freebsd, Openbsd and 3 more | 6 Tru64, Freebsd, Openbsd and 3 more | 2023-12-10 | 5.0 MEDIUM | N/A |
The DNS map code in Sendmail 8.12.8 and earlier, when using the "enhdnsbl" feature, does not properly initialize certain data structures, which allows remote attackers to cause a denial of service (process crash) via an invalid DNS response that causes Sendmail to free incorrect data. | |||||
CVE-2004-0083 | 2 Openbsd, Xfree86 Project | 2 Openbsd, X11r6 | 2023-12-10 | 10.0 HIGH | N/A |
Buffer overflow in ReadFontAlias from dirfile.c of XFree86 4.1.0 through 4.3.0 allows local users and remote attackers to execute arbitrary code via a font alias file (font.alias) with a long token, a different vulnerability than CVE-2004-0084 and CVE-2004-0106. | |||||
CVE-2003-0028 | 10 Cray, Freebsd, Gnu and 7 more | 13 Unicos, Freebsd, Glibc and 10 more | 2023-12-10 | 7.5 HIGH | N/A |
Integer overflow in the xdrmem_getbytes() function, and possibly other functions, of XDR (external data representation) libraries derived from SunRPC, including libnsl, libc, glibc, and dietlibc, allows remote attackers to execute arbitrary code via certain integer values in length fields, a different vulnerability than CVE-2002-0391. | |||||
CVE-2000-0489 | 3 Freebsd, Netbsd, Openbsd | 3 Freebsd, Netbsd, Openbsd | 2023-12-10 | 2.1 LOW | N/A |
FreeBSD, NetBSD, and OpenBSD allow an attacker to cause a denial of service by creating a large number of socket pairs using the socketpair function, setting a large buffer size via setsockopt, then writing large buffers. | |||||
CVE-2000-1169 | 1 Openbsd | 1 Openssh | 2023-12-10 | 7.5 HIGH | N/A |
OpenSSH SSH client before 2.3.0 does not properly disable X11 or agent forwarding, which could allow a malicious SSH server to gain access to the X11 display and sniff X11 events, or gain access to the ssh-agent. | |||||
CVE-2001-0378 | 1 Openbsd | 1 Openbsd | 2023-12-10 | 2.1 LOW | N/A |
readline prior to 4.1, in OpenBSD 2.8 and earlier, creates history files with insecure permissions, which allows a local attacker to recover potentially sensitive information via readline history files. | |||||
CVE-2000-0310 | 1 Openbsd | 1 Openbsd | 2023-12-10 | 5.0 MEDIUM | N/A |
IP fragment assembly in OpenBSD 2.4 allows a remote attacker to cause a denial of service by sending a large number of fragmented packets. | |||||
CVE-2000-0525 | 1 Openbsd | 1 Openssh | 2023-12-10 | 10.0 HIGH | N/A |
OpenSSH does not properly drop privileges when the UseLogin option is enabled, which allows local users to execute arbitrary commands by providing the command to the ssh daemon. | |||||
CVE-2000-0092 | 3 Freebsd, Netbsd, Openbsd | 3 Freebsd, Netbsd, Openbsd | 2023-12-10 | 6.2 MEDIUM | N/A |
The BSD make program allows local users to modify files via a symlink attack when the -j option is being used. |