Filtered by vendor Openbsd Subscriptions
Filtered by product Openbsd Subscriptions
Total 199 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2006-4435 1 Openbsd 1 Openbsd 2025-04-03 N/A
OpenBSD 3.8, 3.9, and possibly earlier versions allows context-dependent attackers to cause a denial of service (kernel panic) by allocating more semaphores than the default.
CVE-2000-0962 1 Openbsd 1 Openbsd 2025-04-03 N/A
The IPSEC implementation in OpenBSD 2.7 does not properly handle empty AH/ESP packets, which allows remote attackers to cause a denial of service.
CVE-2000-0996 1 Openbsd 1 Openbsd 2025-04-03 N/A
Format string vulnerability in OpenBSD su program (and possibly other BSD-based operating systems) allows local attackers to gain root privileges via a malformed shell.
CVE-2000-1004 1 Openbsd 1 Openbsd 2025-04-03 N/A
Format string vulnerability in OpenBSD photurisd allows local users to execute arbitrary commands via a configuration file directory name that contains formatting characters.
CVE-1999-0483 1 Openbsd 1 Openbsd 2025-04-03 N/A
OpenBSD crash using nlink value in FFS and EXT2FS filesystems.
CVE-1999-0484 1 Openbsd 1 Openbsd 2025-04-03 N/A
Buffer overflow in OpenBSD ping.
CVE-1999-0727 1 Openbsd 1 Openbsd 2025-04-03 N/A
A kernel leak in the OpenBSD kernel allows IPsec packets to be sent unencrypted.
CVE-2000-0092 3 Freebsd, Netbsd, Openbsd 3 Freebsd, Netbsd, Openbsd 2025-04-03 N/A
The BSD make program allows local users to modify files via a symlink attack when the -j option is being used.
CVE-2000-0997 2 Netbsd, Openbsd 2 Netbsd, Openbsd 2025-04-03 N/A
Format string vulnerabilities in eeprom program in OpenBSD, NetBSD, and possibly other operating systems allows local attackers to gain root privileges.
CVE-2001-0402 3 Darren Reed, Freebsd, Openbsd 3 Ipfilter, Freebsd, Openbsd 2025-04-03 N/A
IPFilter 3.4.16 and earlier does not include sufficient session information in its cache, which allows remote attackers to bypass access restrictions by sending fragmented packets to a restricted port after sending unfragmented packets to an unrestricted port.
CVE-2001-1047 1 Openbsd 1 Openbsd 2025-04-03 N/A
Race condition in OpenBSD VFS allows local users to cause a denial of service (kernel panic) by (1) creating a pipe in one thread and causing another thread to set one of the file descriptors to NULL via a close, or (2) calling dup2 on a file descriptor in one process, then setting the descriptor to NULL via a close in another process that is created via rfork.
CVE-2023-27567 1 Openbsd 1 Openbsd 2025-03-06 7.5 High
In OpenBSD 7.2, a TCP packet with destination port 0 that matches a pf divert-to rule can crash the kernel.
CVE-2022-48437 1 Openbsd 2 Libressl, Openbsd 2025-02-10 5.3 Medium
An issue was discovered in x509/x509_verify.c in LibreSSL before 3.6.1, and in OpenBSD before 7.2 errata 001. x509_verify_ctx_add_chain does not store errors that occur during leaf certificate verification, and therefore an incorrect error is returned. This behavior occurs when there is an installed verification callback that instructs the verifier to continue upon detecting an invalid certificate.
CVE-2021-46880 1 Openbsd 2 Libressl, Openbsd 2025-02-07 9.8 Critical
x509/x509_verify.c in LibreSSL before 3.4.2, and OpenBSD before 7.0 errata 006, allows authentication bypass because an error for an unverified certificate chain is sometimes discarded.
CVE-2023-35784 1 Openbsd 2 Libressl, Openbsd 2024-12-17 9.8 Critical
A double free or use after free could occur after SSL_clear in OpenBSD 7.2 before errata 026 and 7.3 before errata 004, and in LibreSSL before 3.6.3 and 3.7.x before 3.7.3. NOTE: OpenSSL is not affected.
CVE-2024-11148 1 Openbsd 1 Openbsd 2024-12-06 7.5 High
In OpenBSD 7.4 before errata 006 and OpenBSD 7.3 before errata 020, httpd(8) is vulnerable to a NULL dereference when handling a malformed fastcgi request.
CVE-2023-52558 1 Openbsd 1 Openbsd 2024-11-21 7.5 High
In OpenBSD 7.4 before errata 002 and OpenBSD 7.3 before errata 019, a network buffer that had to be split at certain length that could crash the kernel after receiving specially crafted escape sequences.
CVE-2023-40216 1 Openbsd 1 Openbsd 2024-11-21 5.5 Medium
OpenBSD 7.3 before errata 014 is missing an argument-count bounds check in console terminal emulation. This could cause incorrect memory access and a kernel crash after receiving crafted DCS or CSI terminal escape sequences.
CVE-2023-38283 3 Bgp, Openbgpd, Openbsd 3 Openbgpd, Openbgpd, Openbsd 2024-11-21 5.3 Medium
In OpenBGPD before 8.1, incorrect handling of BGP update data (length of path attributes) set by a potentially distant remote actor may cause the system to incorrectly reset a session. This is fixed in OpenBSD 7.3 errata 006.
CVE-2023-29323 2 Openbsd, Opensmtpd 2 Openbsd, Opensmtpd 2024-11-21 7.8 High
ascii_load_sockaddr in smtpd in OpenBSD before 7.1 errata 024 and 7.2 before errata 020, and OpenSMTPD Portable before 7.0.0-portable commit f748277, can abort upon a connection from a local, scoped IPv6 address.