Filtered by vendor Openbsd
Subscribe
Total
326 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2001-1380 | 1 Openbsd | 1 Openssh | 2025-04-03 | 7.5 HIGH | N/A |
| OpenSSH before 2.9.9, while using keypairs and multiple keys of different types in the ~/.ssh/authorized_keys2 file, may not properly handle the "from" option associated with a key, which could allow remote attackers to login from unauthorized IP addresses. | |||||
| CVE-2002-2092 | 3 Freebsd, Netbsd, Openbsd | 3 Freebsd, Netbsd, Openbsd | 2025-04-03 | 3.7 LOW | N/A |
| Race condition in exec in OpenBSD 4.0 and earlier, NetBSD 1.5.2 and earlier, and FreeBSD 4.4 and earlier allows local users to gain privileges by attaching a debugger to a process before the kernel has determined that the process is setuid or setgid. | |||||
| CVE-2001-1507 | 1 Openbsd | 1 Openssh | 2025-04-03 | 7.5 HIGH | N/A |
| OpenSSH before 3.0.1 with Kerberos V enabled does not properly authenticate users, which could allow remote attackers to login unchallenged. | |||||
| CVE-2002-0639 | 1 Openbsd | 1 Openssh | 2025-04-03 | 10.0 HIGH | 9.8 CRITICAL |
| Integer overflow in sshd in OpenSSH 2.9.9 through 3.3 allows remote attackers to execute arbitrary code during challenge response authentication (ChallengeResponseAuthentication) when OpenSSH is using SKEY or BSD_AUTH authentication. | |||||
| CVE-2004-2760 | 1 Openbsd | 1 Openssh | 2025-04-03 | 6.8 MEDIUM | N/A |
| sshd in OpenSSH 3.5p1, when PermitRootLogin is disabled, immediately closes the TCP connection after a root login attempt with the correct password, but leaves the connection open after an attempt with an incorrect password, which makes it easier for remote attackers to guess the password by observing the connection state, a different vulnerability than CVE-2003-0190. NOTE: it could be argued that in most environments, this does not cross privilege boundaries without requiring leverage of a separate vulnerability. | |||||
| CVE-2000-1004 | 1 Openbsd | 1 Openbsd | 2025-04-03 | 4.6 MEDIUM | N/A |
| Format string vulnerability in OpenBSD photurisd allows local users to execute arbitrary commands via a configuration file directory name that contains formatting characters. | |||||
| CVE-2002-2180 | 1 Openbsd | 1 Openbsd | 2025-04-03 | 6.8 MEDIUM | N/A |
| The setitimer(2) system call in OpenBSD 2.0 through 3.1 does not properly check certain arguments, which allows local users to write to kernel memory and possibly gain root privileges, possibly via an integer signedness error. | |||||
| CVE-2000-0996 | 1 Openbsd | 1 Openbsd | 2025-04-03 | 7.2 HIGH | N/A |
| Format string vulnerability in OpenBSD su program (and possibly other BSD-based operating systems) allows local attackers to gain root privileges via a malformed shell. | |||||
| CVE-2002-1915 | 3 Freebsd, Netbsd, Openbsd | 3 Freebsd, Netbsd, Openbsd | 2025-04-03 | 2.1 LOW | 5.5 MEDIUM |
| tip on multiple BSD-based operating systems allows local users to cause a denial of service (execution prevention) by using flock() to lock the /var/log/acculog file. | |||||
| CVE-1999-0703 | 3 Bsdi, Freebsd, Openbsd | 3 Bsd Os, Freebsd, Openbsd | 2025-04-03 | 3.6 LOW | N/A |
| OpenBSD, BSDI, and other Unix operating systems allow users to set chflags and fchflags on character and block devices. | |||||
| CVE-2002-0542 | 1 Openbsd | 1 Openbsd | 2025-04-03 | 7.2 HIGH | N/A |
| mail in OpenBSD 2.9 and 3.0 processes a tilde (~) escape character in a message even when it is not in interactive mode, which could allow local users to gain root privileges via calls to mail in cron. | |||||
| CVE-2002-0381 | 3 Freebsd, Netbsd, Openbsd | 3 Freebsd, Netbsd, Openbsd | 2025-04-03 | 5.0 MEDIUM | N/A |
| The TCP implementation in various BSD operating systems (tcp_input.c) does not properly block connections to broadcast addresses, which could allow remote attackers to bypass intended filters via packets with a unicast link layer address and an IP broadcast address. | |||||
| CVE-2002-2188 | 1 Openbsd | 1 Openbsd | 2025-04-03 | 4.9 MEDIUM | N/A |
| OpenBSD before 3.2 allows local users to cause a denial of service (kernel crash) via a call to getrlimit(2) with invalid arguments, possibly due to an integer signedness error. | |||||
| CVE-2004-0416 | 5 Cvs, Gentoo, Openbsd and 2 more | 5 Cvs, Linux, Openbsd and 2 more | 2025-04-03 | 10.0 HIGH | N/A |
| Double free vulnerability for the error_prog_name string in CVS 1.12.x through 1.12.8, and 1.11.x through 1.11.16, may allow remote attackers to execute arbitrary code. | |||||
| CVE-2001-0247 | 5 Freebsd, Mit, Netbsd and 2 more | 5 Freebsd, Kerberos 5, Netbsd and 2 more | 2025-04-03 | 10.0 HIGH | N/A |
| Buffer overflows in BSD-based FTP servers allows remote attackers to execute arbitrary commands via a long pattern string containing a {} sequence, as seen in (1) g_opendir, (2) g_lstat, (3) g_stat, and (4) the glob0 buffer as used in the glob functions glob2 and glob3. | |||||
| CVE-2004-0084 | 2 Openbsd, Xfree86 Project | 2 Openbsd, X11r6 | 2025-04-03 | 10.0 HIGH | N/A |
| Buffer overflow in the ReadFontAlias function in XFree86 4.1.0 to 4.3.0, when using the CopyISOLatin1Lowered function, allows local or remote authenticated users to execute arbitrary code via a malformed entry in the font alias (font.alias) file, a different vulnerability than CVE-2004-0083 and CVE-2004-0106. | |||||
| CVE-2004-0218 | 1 Openbsd | 1 Openbsd | 2025-04-03 | 5.0 MEDIUM | N/A |
| isakmpd in OpenBSD 3.4 and earlier allows remote attackers to cause a denial of service (infinite loop) via an ISAKMP packet with a zero-length payload, as demonstrated by the Striker ISAKMP Protocol Test Suite. | |||||
| CVE-2001-0816 | 1 Openbsd | 1 Openssh | 2025-04-03 | 7.5 HIGH | N/A |
| OpenSSH before 2.9.9, when running sftp using sftp-server and using restricted keypairs, allows remote authenticated users to bypass authorized_keys2 command= restrictions using sftp commands. | |||||
| CVE-2003-1366 | 1 Openbsd | 1 Openbsd | 2025-04-03 | 3.3 LOW | N/A |
| chpass in OpenBSD 2.0 through 3.2 allows local users to read portions of arbitrary files via a hard link attack on a temporary file used to store user database information. | |||||
| CVE-1999-0062 | 1 Openbsd | 1 Openbsd | 2025-04-03 | 7.2 HIGH | N/A |
| The chpass command in OpenBSD allows a local user to gain root access through file descriptor leakage. | |||||