Filtered by vendor Openbsd
Subscribe
Total
319 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2001-1047 | 1 Openbsd | 1 Openbsd | 2023-12-10 | 1.2 LOW | N/A |
Race condition in OpenBSD VFS allows local users to cause a denial of service (kernel panic) by (1) creating a pipe in one thread and causing another thread to set one of the file descriptors to NULL via a close, or (2) calling dup2 on a file descriptor in one process, then setting the descriptor to NULL via a close in another process that is created via rfork. | |||||
CVE-2001-0268 | 2 Netbsd, Openbsd | 2 Netbsd, Openbsd | 2023-12-10 | 7.2 HIGH | N/A |
The i386_set_ldt system call in NetBSD 1.5 and earlier, and OpenBSD 2.8 and earlier, when the USER_LDT kernel option is enabled, does not validate a call gate target, which allows local users to gain root privileges by creating a segment call gate in the Local Descriptor Table (LDT) with a target that specifies an arbitrary kernel address. | |||||
CVE-1999-0305 | 3 Bsdi, Freebsd, Openbsd | 3 Bsd Os, Freebsd, Openbsd | 2023-12-10 | 5.0 MEDIUM | N/A |
The system configuration control (sysctl) facility in BSD based operating systems OpenBSD 2.2 and earlier, and FreeBSD 2.2.5 and earlier, does not properly restrict source routed packets even when the (1) dosourceroute or (2) forwarding variables are set, which allows remote attackers to spoof TCP connections. | |||||
CVE-2003-0804 | 3 Apple, Freebsd, Openbsd | 4 Mac Os X, Mac Os X Server, Freebsd and 1 more | 2023-12-10 | 5.0 MEDIUM | N/A |
The arplookup function in FreeBSD 5.1 and earlier, Mac OS X before 10.2.8, and possibly other BSD-based systems, allows remote attackers on a local subnet to cause a denial of service (resource starvation and panic) via a flood of spoofed ARP requests. | |||||
CVE-2004-2163 | 1 Openbsd | 1 Openbsd | 2023-12-10 | 7.5 HIGH | N/A |
login_radius on OpenBSD 3.2, 3.5, and possibly other versions does not verify the shared secret in a response packet from a RADIUS server, which allows remote attackers to bypass authentication by spoofing server replies. | |||||
CVE-1999-0303 | 4 Digital, Netbsd, Openbsd and 1 more | 5 Osf 1, Netbsd, Openbsd and 2 more | 2023-12-10 | 4.6 MEDIUM | N/A |
Buffer overflow in BNU UUCP daemon (uucpd) through long hostnames. | |||||
CVE-2001-0529 | 1 Openbsd | 1 Openssh | 2023-12-10 | 7.2 HIGH | N/A |
OpenSSH version 2.9 and earlier, with X forwarding enabled, allows a local attacker to delete any file named 'cookies' via a symlink attack. | |||||
CVE-2004-2230 | 1 Openbsd | 1 Openbsd | 2023-12-10 | 2.1 LOW | N/A |
Heap-based buffer overflow in isakmpd on OpenBSD 3.4 through 3.6 allows local users to cause a denial of service (panic) and corrupt memory via IPSEC credentials on a socket. | |||||
CVE-1999-0481 | 1 Openbsd | 1 Openbsd | 2023-12-10 | 5.0 MEDIUM | N/A |
Denial of service in "poll" in OpenBSD. | |||||
CVE-2002-0414 | 3 Freebsd, Netbsd, Openbsd | 3 Freebsd, Netbsd, Openbsd | 2023-12-10 | 7.5 HIGH | N/A |
KAME-derived implementations of IPsec on NetBSD 1.5.2, FreeBSD 4.5, and other operating systems, does not properly consult the Security Policy Database (SPD), which could cause a Security Gateway (SG) that does not use Encapsulating Security Payload (ESP) to forward forged IPv4 packets. | |||||
CVE-1999-0062 | 1 Openbsd | 1 Openbsd | 2023-12-10 | 7.2 HIGH | N/A |
The chpass command in OpenBSD allows a local user to gain root access through file descriptor leakage. | |||||
CVE-1999-0484 | 1 Openbsd | 1 Openbsd | 2023-12-10 | 2.1 LOW | N/A |
Buffer overflow in OpenBSD ping. | |||||
CVE-2002-1221 | 3 Freebsd, Isc, Openbsd | 3 Freebsd, Bind, Openbsd | 2023-12-10 | 5.0 MEDIUM | N/A |
BIND 8.x through 8.3.3 allows remote attackers to cause a denial of service (crash) via SIG RR elements with invalid expiry times, which are removed from the internal BIND database and later cause a null dereference. | |||||
CVE-2001-0402 | 3 Darren Reed, Freebsd, Openbsd | 3 Ipfilter, Freebsd, Openbsd | 2023-12-10 | 7.5 HIGH | N/A |
IPFilter 3.4.16 and earlier does not include sufficient session information in its cache, which allows remote attackers to bypass access restrictions by sending fragmented packets to a restricted port after sending unfragmented packets to an unrestricted port. | |||||
CVE-2004-0220 | 1 Openbsd | 1 Openbsd | 2023-12-10 | 10.0 HIGH | N/A |
isakmpd in OpenBSD 3.4 and earlier allows remote attackers to cause a denial of service via an ISAKMP packet with a malformed Cert Request payload, which causes an integer underflow that is used in a malloc operation that is not properly handled, as demonstrated by the Striker ISAKMP Protocol Test Suite. | |||||
CVE-2002-1219 | 3 Freebsd, Isc, Openbsd | 3 Freebsd, Bind, Openbsd | 2023-12-10 | 7.5 HIGH | N/A |
Buffer overflow in named in BIND 4 versions 4.9.10 and earlier, and 8 versions 8.3.3 and earlier, allows remote attackers to execute arbitrary code via a certain DNS server response containing SIG resource records (RR). | |||||
CVE-1999-0482 | 1 Openbsd | 1 Openbsd | 2023-12-10 | 5.0 MEDIUM | N/A |
OpenBSD kernel crash through TSS handling, as caused by the crashme program. | |||||
CVE-2004-0492 | 5 Apache, Hp, Ibm and 2 more | 7 Http Server, Virtualvault, Vvos and 4 more | 2023-12-10 | 10.0 HIGH | N/A |
Heap-based buffer overflow in proxy_util.c for mod_proxy in Apache 1.3.25 to 1.3.31 allows remote attackers to cause a denial of service (process crash) and possibly execute arbitrary code via a negative Content-Length HTTP header field, which causes a large amount of data to be copied. | |||||
CVE-2002-0542 | 1 Openbsd | 1 Openbsd | 2023-12-10 | 7.2 HIGH | N/A |
mail in OpenBSD 2.9 and 3.0 processes a tilde (~) escape character in a message even when it is not in interactive mode, which could allow local users to gain root privileges via calls to mail in cron. | |||||
CVE-2004-0416 | 5 Cvs, Gentoo, Openbsd and 2 more | 5 Cvs, Linux, Openbsd and 2 more | 2023-12-10 | 10.0 HIGH | N/A |
Double free vulnerability for the error_prog_name string in CVS 1.12.x through 1.12.8, and 1.11.x through 1.11.16, may allow remote attackers to execute arbitrary code. |