VYPR

OpenBSD

by OpenBSD

Source repositories

CVEs (196)

  • CVE-2009-0537Mar 9, 2009
    risk 0.03cvss epss 0.04

    Integer overflow in the fts_build function in fts.c in libc in (1) OpenBSD 4.4 and earlier and (2) Microsoft Interix 6.0 build 10.0.6030.0 allows context-dependent attackers to cause a denial of service (application crash) via a deep directory tree, related to the fts_level…

  • CVE-2008-4609Oct 20, 2008
    risk 0.03cvss epss 0.32

    The TCP implementation in (1) Linux, (2) platforms based on BSD Unix, (3) Microsoft Windows, (4) Cisco products, and probably other operating systems allows remote attackers to cause a denial of service (connection queue exhaustion) via multiple vectors that manipulate…

  • CVE-2008-4247Sep 25, 2008
    risk 0.03cvss epss 0.04

    ftpd in OpenBSD 4.3, FreeBSD 7.0, NetBSD 4.0, Solaris, and possibly other operating systems interprets long commands from an FTP client as multiple commands, which allows remote attackers to conduct cross-site request forgery (CSRF) attacks and execute arbitrary FTP commands via…

  • CVE-2008-1215Mar 9, 2008
    risk 0.03cvss epss 0.01

    Stack-based buffer overflow in the command_Expand_Interpret function in command.c in ppp (aka user-ppp), as distributed in FreeBSD 6.3 and 7.0, OpenBSD 4.1 and 4.2, and the net/userppp package for NetBSD, allows local users to gain privileges via long commands containing "~"…

  • CVE-2007-6700Feb 5, 2008
    risk 0.03cvss epss 0.02

    Cross-site scripting (XSS) vulnerability in cgi-bin/bgplg in the web interface for the BGPD daemon in OpenBSD 4.1 allows remote attackers to inject arbitrary web script or HTML via the cmd parameter.

  • CVE-2008-0384Jan 22, 2008
    risk 0.03cvss epss 0.01

    OpenBSD 4.2 allows local users to cause a denial of service (kernel panic) by calling the SIOCGIFRTLABEL IOCTL on an interface that does not have a route label, which triggers a NULL pointer dereference when the return value from the rtlabel_id2name function is not checked.

  • CVE-2007-0085Jan 5, 2007
    risk 0.03cvss epss 0.01

    Unspecified vulnerability in sys/dev/pci/vga_pci.c in the VGA graphics driver for wscons in OpenBSD 3.9 and 4.0, when the kernel is compiled with the PCIAGP option and a non-AGP device is being used, allows local users to gain privileges via unspecified vectors, possibly related…

  • CVE-2006-5550Oct 26, 2006
    risk 0.03cvss epss 0.01

    The kernel in FreeBSD 6.1 and OpenBSD 4.0 allows local users to cause a denial of service via unspecified vectors involving certain ioctl requests to /dev/crypto.

  • CVE-2004-0492Aug 6, 2004
    risk 0.03cvss epss 0.34

    Heap-based buffer overflow in proxy_util.c for mod_proxy in Apache 1.3.25 to 1.3.31 allows remote attackers to cause a denial of service (process crash) and possibly execute arbitrary code via a negative Content-Length HTTP header field, which causes a large amount of data to be…

  • CVE-2004-0114Mar 3, 2004
    risk 0.03cvss epss 0.01

    The shmat system call in the System V Shared Memory interface for FreeBSD 5.2 and earlier, NetBSD 1.3 and earlier, and OpenBSD 2.6 and earlier, does not properly decrement a shared memory segment's reference count when the vm_map_find function fails, which could allow local…

  • CVE-2003-1366Dec 31, 2003
    risk 0.03cvss epss 0.01

    chpass in OpenBSD 2.0 through 3.2 allows local users to read portions of arbitrary files via a hard link attack on a temporary file used to store user database information.

  • CVE-2003-0955Dec 15, 2003
    risk 0.03cvss epss 0.01

    OpenBSD kernel 3.3 and 3.4 allows local users to cause a denial of service (kernel panic) and possibly execute arbitrary code in 3.4 via a program with an invalid header that is not properly handled by (1) ibcs2_exec.c in the iBCS2 emulation (compat_ibcs2) or (2) exec_elf.c,…

  • CVE-2003-0144Mar 31, 2003
    risk 0.03cvss epss 0.02

    Buffer overflow in the lprm command in the lprold lpr package on SuSE 7.1 through 7.3, OpenBSD 3.2 and earlier, and possibly other operating systems, allows local users to gain root privileges via long command line arguments such as (1) request ID or (2) user name.

  • CVE-2002-0572Jul 3, 2002
    risk 0.03cvss epss 0.02

    FreeBSD 4.5 and earlier, and possibly other BSD-based operating systems, allows local users to write to or read from restricted files by closing the file descriptors 0 (standard input), 1 (standard output), or 2 (standard error), which may then be reused by a called setuid…

  • CVE-2002-0542Jul 3, 2002
    risk 0.03cvss epss 0.02

    mail in OpenBSD 2.9 and 3.0 processes a tilde (~) escape character in a message even when it is not in interactive mode, which could allow local users to gain root privileges via calls to mail in cron.

  • CVE-2001-0402Jun 18, 2001
    risk 0.03cvss epss 0.02

    IPFilter 3.4.16 and earlier does not include sufficient session information in its cache, which allows remote attackers to bypass access restrictions by sending fragmented packets to a restricted port after sending unfragmented packets to an unrestricted port.

  • CVE-2000-0914Dec 19, 2000
    risk 0.03cvss epss 0.03

    OpenBSD 2.6 and earlier allows remote attackers to cause a denial of service by flooding the server with ARP requests.

  • CVE-2000-0994Dec 19, 2000
    risk 0.03cvss epss 0.01

    Format string vulnerability in OpenBSD fstat program (and possibly other BSD-based operating systems) allows local users to gain root privileges via the PWD environmental variable.

  • CVE-2000-0993Dec 19, 2000
    risk 0.03cvss epss 0.02

    Format string vulnerability in pw_error function in BSD libutil library allows local users to gain root privileges via a malformed password in commands such as chpass or passwd.

  • CVE-2000-0751Oct 20, 2000
    risk 0.03cvss epss 0.04

    mopd (Maintenance Operations Protocol loader daemon) does not properly cleanse user-injected format strings, which allows remote attackers to execute arbitrary commands.

Page 3 of 10