Filtered by vendor Openbsd
Subscribe
Total
319 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2019-8460 | 1 Openbsd | 1 Openbsd | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
OpenBSD kernel version <= 6.5 can be forced to create long chains of TCP SACK holes that causes very expensive calls to tcp_sack_option() for every incoming SACK packet which can lead to a denial of service. | |||||
CVE-2019-6724 | 4 Apple, Barracuda, Linux and 1 more | 4 Mac Os X, Vpn Client, Linux Kernel and 1 more | 2023-12-10 | 7.2 HIGH | 7.8 HIGH |
The barracudavpn component of the Barracuda VPN Client prior to version 5.0.2.7 for Linux, macOS, and OpenBSD runs as a privileged process and can allow an unprivileged local attacker to load a malicious library, resulting in arbitrary code executing as root. | |||||
CVE-2019-6110 | 4 Netapp, Openbsd, Siemens and 1 more | 9 Element Software, Ontap Select Deploy, Storage Automation Store and 6 more | 2023-12-10 | 4.0 MEDIUM | 6.8 MEDIUM |
In OpenSSH 7.9, due to accepting and displaying arbitrary stderr output from the server, a malicious server (or Man-in-The-Middle attacker) can manipulate the client output, for example to use ANSI control codes to hide additional files being transferred. | |||||
CVE-2018-14775 | 1 Openbsd | 1 Openbsd | 2023-12-10 | 4.9 MEDIUM | 5.5 MEDIUM |
tss_alloc in sys/arch/i386/i386/gdt.c in OpenBSD 6.2 and 6.3 has a Local Denial of Service (system crash) due to incorrect I/O port access control on the i386 architecture. | |||||
CVE-2019-6111 | 10 Apache, Canonical, Debian and 7 more | 27 Mina Sshd, Ubuntu Linux, Debian Linux and 24 more | 2023-12-10 | 5.8 MEDIUM | 5.9 MEDIUM |
An issue was discovered in OpenSSH 7.9. Due to the scp implementation being derived from 1983 rcp, the server chooses which files/directories are sent to the client. However, the scp client only performs cursory validation of the object name returned (only directory traversal attacks are prevented). A malicious scp server (or Man-in-The-Middle attacker) can overwrite arbitrary files in the scp client target directory. If recursive operation (-r) is performed, the server can manipulate subdirectories as well (for example, to overwrite the .ssh/authorized_keys file). | |||||
CVE-2018-15473 | 7 Canonical, Debian, Netapp and 4 more | 24 Ubuntu Linux, Debian Linux, Aff Baseboard Management Controller and 21 more | 2023-12-10 | 5.0 MEDIUM | 5.3 MEDIUM |
OpenSSH through 7.7 is prone to a user enumeration vulnerability due to not delaying bailout for an invalid authenticating user until after the packet containing the request has been fully parsed, related to auth2-gss.c, auth2-hostbased.c, and auth2-pubkey.c. | |||||
CVE-2018-15919 | 2 Netapp, Openbsd | 7 Cloud Backup, Cn1610, Cn1610 Firmware and 4 more | 2023-12-10 | 5.0 MEDIUM | 5.3 MEDIUM |
Remotely observable behaviour in auth-gss2.c in OpenSSH through 7.8 could be used by remote attackers to detect existence of users on a target system when GSS2 is in use. NOTE: the discoverer states 'We understand that the OpenSSH developers do not want to treat such a username enumeration (or "oracle") as a vulnerability.' | |||||
CVE-2019-6109 | 9 Canonical, Debian, Fedoraproject and 6 more | 28 Ubuntu Linux, Debian Linux, Fedora and 25 more | 2023-12-10 | 4.0 MEDIUM | 6.8 MEDIUM |
An issue was discovered in OpenSSH 7.9. Due to missing character encoding in the progress display, a malicious server (or Man-in-The-Middle attacker) can employ crafted object names to manipulate the client output, e.g., by using ANSI control codes to hide additional files being transferred. This affects refresh_progress_meter() in progressmeter.c. | |||||
CVE-2018-20685 | 9 Canonical, Debian, Fujitsu and 6 more | 30 Ubuntu Linux, Debian Linux, M10-1 and 27 more | 2023-12-10 | 2.6 LOW | 5.3 MEDIUM |
In OpenSSH 7.9, scp.c in the scp client allows remote SSH servers to bypass intended access restrictions via the filename of . or an empty filename. The impact is modifying the permissions of the target directory on the client side. | |||||
CVE-2016-10708 | 4 Canonical, Debian, Netapp and 1 more | 12 Ubuntu Linux, Debian Linux, Cloud Backup and 9 more | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
sshd in OpenSSH before 7.4 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via an out-of-sequence NEWKEYS message, as demonstrated by Honggfuzz, related to kex.c and packet.c. | |||||
CVE-2018-8970 | 1 Openbsd | 1 Libressl | 2023-12-10 | 5.8 MEDIUM | 7.4 HIGH |
The int_x509_param_set_hosts function in lib/libcrypto/x509/x509_vpm.c in LibreSSL 2.7.0 before 2.7.1 does not support a certain special case of a zero name length, which causes silent omission of hostname verification, and consequently allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. NOTE: the LibreSSL documentation indicates that this special case is supported, but the BoringSSL documentation does not. | |||||
CVE-2018-12434 | 1 Openbsd | 1 Libressl | 2023-12-10 | 1.9 LOW | 4.7 MEDIUM |
LibreSSL before 2.6.5 and 2.7.x before 2.7.4 allows a memory-cache side-channel attack on DSA and ECDSA signatures, aka the Return Of the Hidden Number Problem or ROHNP. To discover a key, the attacker needs access to either the local machine or a different virtual machine on the same physical host. | |||||
CVE-2017-1000373 | 1 Openbsd | 1 Openbsd | 2023-12-10 | 6.4 MEDIUM | 6.5 MEDIUM |
The OpenBSD qsort() function is recursive, and not randomized, an attacker can construct a pathological input array of N elements that causes qsort() to deterministically recurse N/4 times. This allows attackers to consume arbitrary amounts of stack memory and manipulate stack memory to assist in arbitrary code execution attacks. This affects OpenBSD 6.1 and possibly earlier versions. | |||||
CVE-2017-15906 | 5 Debian, Netapp, Openbsd and 2 more | 22 Debian Linux, Active Iq Unified Manager, Cloud Backup and 19 more | 2023-12-10 | 5.0 MEDIUM | 5.3 MEDIUM |
The process_open function in sftp-server.c in OpenSSH before 7.6 does not properly prevent write operations in readonly mode, which allows attackers to create zero-length files. | |||||
CVE-2015-7687 | 2 Fedoraproject, Openbsd | 2 Fedora, Opensmtpd | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
Use-after-free vulnerability in OpenSMTPD before 5.7.2 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via vectors involving req_ca_vrfy_smtp and req_ca_vrfy_mta. | |||||
CVE-2017-1000372 | 1 Openbsd | 1 Openbsd | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
A flaw exists in OpenBSD's implementation of the stack guard page that allows attackers to bypass it resulting in arbitrary code execution using setuid binaries such as /usr/bin/at. This affects OpenBSD 6.1 and possibly earlier versions. | |||||
CVE-2017-8301 | 1 Openbsd | 1 Libressl | 2023-12-10 | 2.6 LOW | 5.3 MEDIUM |
LibreSSL 2.5.1 to 2.5.3 lacks TLS certificate verification if SSL_get_verify_result is relied upon for a later check of a verification result, in a use case where a user-provided verification callback returns 1, as demonstrated by acceptance of invalid certificates by nginx. | |||||
CVE-2017-5850 | 1 Openbsd | 1 Openbsd | 2023-12-10 | 7.8 HIGH | 7.5 HIGH |
httpd in OpenBSD allows remote attackers to cause a denial of service (memory consumption) via a series of requests for a large file using an HTTP Range header. | |||||
CVE-2016-6243 | 1 Openbsd | 1 Openbsd | 2023-12-10 | 4.9 MEDIUM | 5.5 MEDIUM |
thrsleep in kern/kern_synch.c in OpenBSD 5.8 and 5.9 allows local users to cause a denial of service (kernel panic) via a crafted value in the tsp parameter of the __thrsleep system call. | |||||
CVE-2016-6246 | 1 Openbsd | 1 Openbsd | 2023-12-10 | 4.9 MEDIUM | 4.4 MEDIUM |
OpenBSD 5.8 and 5.9 allows certain local users with kern.usermount privileges to cause a denial of service (kernel panic) by mounting a tmpfs with a VNOVAL in the (1) username, (2) groupname, or (3) device name of the root node. |