Filtered by vendor Openbsd
Subscriptions
Filtered by product Openbsd
Subscriptions
Total
199 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2006-4435 | 1 Openbsd | 1 Openbsd | 2025-04-03 | N/A |
OpenBSD 3.8, 3.9, and possibly earlier versions allows context-dependent attackers to cause a denial of service (kernel panic) by allocating more semaphores than the default. | ||||
CVE-2000-0962 | 1 Openbsd | 1 Openbsd | 2025-04-03 | N/A |
The IPSEC implementation in OpenBSD 2.7 does not properly handle empty AH/ESP packets, which allows remote attackers to cause a denial of service. | ||||
CVE-2000-0996 | 1 Openbsd | 1 Openbsd | 2025-04-03 | N/A |
Format string vulnerability in OpenBSD su program (and possibly other BSD-based operating systems) allows local attackers to gain root privileges via a malformed shell. | ||||
CVE-2000-1004 | 1 Openbsd | 1 Openbsd | 2025-04-03 | N/A |
Format string vulnerability in OpenBSD photurisd allows local users to execute arbitrary commands via a configuration file directory name that contains formatting characters. | ||||
CVE-1999-0483 | 1 Openbsd | 1 Openbsd | 2025-04-03 | N/A |
OpenBSD crash using nlink value in FFS and EXT2FS filesystems. | ||||
CVE-1999-0484 | 1 Openbsd | 1 Openbsd | 2025-04-03 | N/A |
Buffer overflow in OpenBSD ping. | ||||
CVE-1999-0727 | 1 Openbsd | 1 Openbsd | 2025-04-03 | N/A |
A kernel leak in the OpenBSD kernel allows IPsec packets to be sent unencrypted. | ||||
CVE-2000-0092 | 3 Freebsd, Netbsd, Openbsd | 3 Freebsd, Netbsd, Openbsd | 2025-04-03 | N/A |
The BSD make program allows local users to modify files via a symlink attack when the -j option is being used. | ||||
CVE-2000-0997 | 2 Netbsd, Openbsd | 2 Netbsd, Openbsd | 2025-04-03 | N/A |
Format string vulnerabilities in eeprom program in OpenBSD, NetBSD, and possibly other operating systems allows local attackers to gain root privileges. | ||||
CVE-2001-0402 | 3 Darren Reed, Freebsd, Openbsd | 3 Ipfilter, Freebsd, Openbsd | 2025-04-03 | N/A |
IPFilter 3.4.16 and earlier does not include sufficient session information in its cache, which allows remote attackers to bypass access restrictions by sending fragmented packets to a restricted port after sending unfragmented packets to an unrestricted port. | ||||
CVE-2001-1047 | 1 Openbsd | 1 Openbsd | 2025-04-03 | N/A |
Race condition in OpenBSD VFS allows local users to cause a denial of service (kernel panic) by (1) creating a pipe in one thread and causing another thread to set one of the file descriptors to NULL via a close, or (2) calling dup2 on a file descriptor in one process, then setting the descriptor to NULL via a close in another process that is created via rfork. | ||||
CVE-2023-27567 | 1 Openbsd | 1 Openbsd | 2025-03-06 | 7.5 High |
In OpenBSD 7.2, a TCP packet with destination port 0 that matches a pf divert-to rule can crash the kernel. | ||||
CVE-2022-48437 | 1 Openbsd | 2 Libressl, Openbsd | 2025-02-10 | 5.3 Medium |
An issue was discovered in x509/x509_verify.c in LibreSSL before 3.6.1, and in OpenBSD before 7.2 errata 001. x509_verify_ctx_add_chain does not store errors that occur during leaf certificate verification, and therefore an incorrect error is returned. This behavior occurs when there is an installed verification callback that instructs the verifier to continue upon detecting an invalid certificate. | ||||
CVE-2021-46880 | 1 Openbsd | 2 Libressl, Openbsd | 2025-02-07 | 9.8 Critical |
x509/x509_verify.c in LibreSSL before 3.4.2, and OpenBSD before 7.0 errata 006, allows authentication bypass because an error for an unverified certificate chain is sometimes discarded. | ||||
CVE-2023-35784 | 1 Openbsd | 2 Libressl, Openbsd | 2024-12-17 | 9.8 Critical |
A double free or use after free could occur after SSL_clear in OpenBSD 7.2 before errata 026 and 7.3 before errata 004, and in LibreSSL before 3.6.3 and 3.7.x before 3.7.3. NOTE: OpenSSL is not affected. | ||||
CVE-2024-11148 | 1 Openbsd | 1 Openbsd | 2024-12-06 | 7.5 High |
In OpenBSD 7.4 before errata 006 and OpenBSD 7.3 before errata 020, httpd(8) is vulnerable to a NULL dereference when handling a malformed fastcgi request. | ||||
CVE-2023-52558 | 1 Openbsd | 1 Openbsd | 2024-11-21 | 7.5 High |
In OpenBSD 7.4 before errata 002 and OpenBSD 7.3 before errata 019, a network buffer that had to be split at certain length that could crash the kernel after receiving specially crafted escape sequences. | ||||
CVE-2023-40216 | 1 Openbsd | 1 Openbsd | 2024-11-21 | 5.5 Medium |
OpenBSD 7.3 before errata 014 is missing an argument-count bounds check in console terminal emulation. This could cause incorrect memory access and a kernel crash after receiving crafted DCS or CSI terminal escape sequences. | ||||
CVE-2023-38283 | 3 Bgp, Openbgpd, Openbsd | 3 Openbgpd, Openbgpd, Openbsd | 2024-11-21 | 5.3 Medium |
In OpenBGPD before 8.1, incorrect handling of BGP update data (length of path attributes) set by a potentially distant remote actor may cause the system to incorrectly reset a session. This is fixed in OpenBSD 7.3 errata 006. | ||||
CVE-2023-29323 | 2 Openbsd, Opensmtpd | 2 Openbsd, Opensmtpd | 2024-11-21 | 7.8 High |
ascii_load_sockaddr in smtpd in OpenBSD before 7.1 errata 024 and 7.2 before errata 020, and OpenSMTPD Portable before 7.0.0-portable commit f748277, can abort upon a connection from a local, scoped IPv6 address. |