Filtered by vendor Openbsd
Subscribe
Total
319 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2004-0688 | 4 Openbsd, Suse, X.org and 1 more | 4 Openbsd, Suse Linux, X11r6 and 1 more | 2023-12-10 | 7.5 HIGH | N/A |
Multiple integer overflows in (1) the xpmParseColors function in parse.c, (2) XpmCreateImageFromXpmImage, (3) CreateXImage, (4) ParsePixels, and (5) ParseAndPutPixels for libXpm before 6.8.1 may allow remote attackers to execute arbitrary code via a malformed XPM image file. | |||||
CVE-2001-1029 | 2 Freebsd, Openbsd | 2 Freebsd, Openssh | 2023-12-10 | 2.1 LOW | N/A |
libutil in OpenSSH on FreeBSD 4.4 and earlier does not drop privileges before verifying the capabilities for reading the copyright and welcome files, which allows local users to bypass the capabilities checks and read arbitrary files by specifying alternate copyright or welcome files. | |||||
CVE-2000-1208 | 4 Immunix, Netbsd, Openbsd and 1 more | 4 Immunix, Netbsd, Openbsd and 1 more | 2023-12-10 | 7.2 HIGH | N/A |
Format string vulnerability in startprinting() function of printjob.c in BSD-based lpr lpd package may allow local users to gain privileges via an improper syslog call that uses format strings from the checkremote() call. | |||||
CVE-2004-0171 | 2 Freebsd, Openbsd | 2 Freebsd, Openbsd | 2023-12-10 | 5.0 MEDIUM | N/A |
FreeBSD 5.1 and earlier, and Mac OS X before 10.3.4, allows remote attackers to cause a denial of service (resource exhaustion of memory buffers and system crash) via a large number of out-of-sequence TCP packets, which prevents the operating system from creating new connections. | |||||
CVE-2001-1585 | 1 Openbsd | 1 Openssh | 2023-12-10 | 6.8 MEDIUM | N/A |
SSH protocol 2 (aka SSH-2) public key authentication in the development snapshot of OpenSSH 2.3.1, available from 2001-01-18 through 2001-02-08, does not perform a challenge-response step to ensure that the client has the proper private key, which allows remote attackers to bypass authentication as other users by supplying a public key from that user's authorized_keys file. | |||||
CVE-2002-1220 | 3 Freebsd, Isc, Openbsd | 3 Freebsd, Bind, Openbsd | 2023-12-10 | 5.0 MEDIUM | N/A |
BIND 8.3.x through 8.3.3 allows remote attackers to cause a denial of service (termination due to assertion failure) via a request for a subdomain that does not exist, with an OPT resource record with a large UDP payload size. | |||||
CVE-2001-0816 | 1 Openbsd | 1 Openssh | 2023-12-10 | 7.5 HIGH | N/A |
OpenSSH before 2.9.9, when running sftp using sftp-server and using restricted keypairs, allows remote authenticated users to bypass authorized_keys2 command= restrictions using sftp commands. | |||||
CVE-2000-0996 | 1 Openbsd | 1 Openbsd | 2023-12-10 | 7.2 HIGH | N/A |
Format string vulnerability in OpenBSD su program (and possibly other BSD-based operating systems) allows local attackers to gain root privileges via a malformed shell. | |||||
CVE-2003-0681 | 8 Apple, Gentoo, Hp and 5 more | 14 Mac Os X, Mac Os X Server, Linux and 11 more | 2023-12-10 | 7.5 HIGH | N/A |
A "potential buffer overflow in ruleset parsing" for Sendmail 8.12.9, when using the nonstandard rulesets (1) recipient (2), final, or (3) mailer-specific envelope recipients, has unknown consequences. | |||||
CVE-1999-0727 | 1 Openbsd | 1 Openbsd | 2023-12-10 | 5.0 MEDIUM | N/A |
A kernel leak in the OpenBSD kernel allows IPsec packets to be sent unencrypted. | |||||
CVE-2002-2092 | 3 Freebsd, Netbsd, Openbsd | 3 Freebsd, Netbsd, Openbsd | 2023-12-10 | 3.7 LOW | N/A |
Race condition in exec in OpenBSD 4.0 and earlier, NetBSD 1.5.2 and earlier, and FreeBSD 4.4 and earlier allows local users to gain privileges by attaching a debugger to a process before the kernel has determined that the process is setuid or setgid. | |||||
CVE-1999-0396 | 2 Netbsd, Openbsd | 2 Netbsd, Openbsd | 2023-12-10 | 2.6 LOW | N/A |
A race condition between the select() and accept() calls in NetBSD TCP servers allows remote attackers to cause a denial of service. | |||||
CVE-2003-1562 | 1 Openbsd | 1 Openssh | 2023-12-10 | 7.6 HIGH | N/A |
sshd in OpenSSH 3.6.1p2 and earlier, when PermitRootLogin is disabled and using PAM keyboard-interactive authentication, does not insert a delay after a root login attempt with the correct password, which makes it easier for remote attackers to use timing differences to determine if the password step of a multi-step authentication is successful, a different vulnerability than CVE-2003-0190. | |||||
CVE-2002-0640 | 1 Openbsd | 1 Openssh | 2023-12-10 | 10.0 HIGH | N/A |
Buffer overflow in sshd in OpenSSH 2.3.1 through 3.3 may allow remote attackers to execute arbitrary code via a large number of responses during challenge response authentication when OpenBSD is using PAM modules with interactive keyboard authentication (PAMAuthenticationViaKbdInt). | |||||
CVE-2000-0750 | 3 Netbsd, Openbsd, Redhat | 3 Netbsd, Openbsd, Linux | 2023-12-10 | 7.5 HIGH | N/A |
Buffer overflow in mopd (Maintenance Operations Protocol loader daemon) allows remote attackers to execute arbitrary commands via a long file name. | |||||
CVE-1999-0061 | 4 Bsdi, Freebsd, Linux and 1 more | 4 Bsd Os, Freebsd, Linux Kernel and 1 more | 2023-12-10 | 5.1 MEDIUM | N/A |
File creation and deletion, and remote execution, in the BSD line printer daemon (lpd). | |||||
CVE-2002-2222 | 2 Freebsd, Openbsd | 2 Ports Collection, Openbsd | 2023-12-10 | 5.1 MEDIUM | N/A |
isakmpd/message.c in isakmpd in FreeBSD before isakmpd-20020403_1, and in OpenBSD 3.1, allows remote attackers to cause a denial of service (crash) by sending Internet Key Exchange (IKE) payloads out of sequence. | |||||
CVE-2002-1420 | 1 Openbsd | 1 Openbsd | 2023-12-10 | 7.2 HIGH | N/A |
Integer signedness error in select() on OpenBSD 3.1 and earlier allows local users to overwrite arbitrary kernel memory via a negative value for the size parameter, which satisfies the boundary check as a signed integer, but is later used as an unsigned integer during a data copying operation. | |||||
CVE-2001-1382 | 1 Openbsd | 1 Openssh | 2023-12-10 | 5.0 MEDIUM | N/A |
The "echo simulation" traffic analysis countermeasure in OpenSSH before 2.9.9p2 sends an additional echo packet after the password and carriage return is entered, which could allow remote attackers to determine that the countermeasure is being used. | |||||
CVE-2000-0995 | 1 Openbsd | 1 Openbsd | 2023-12-10 | 7.2 HIGH | N/A |
Format string vulnerability in OpenBSD yp_passwd program (and possibly other BSD-based operating systems) allows attackers to gain root privileges a malformed name. |