VYPR

OpenBSD

by OpenBSD

Source repositories

CVEs (196)

  • CVE-2005-0637May 2, 2005
    risk 0.00cvss epss 0.01

    The copy functions in locore.s such as copyout in OpenBSD 3.5 and 3.6, and possibly other BSD based operating systems, may allow attackers to exceed certain address boundaries and modify kernel memory.

  • CVE-2005-0960May 2, 2005
    risk 0.00cvss epss 0.01

    Multiple vulnerabilities in the SACK functionality in (1) tcp_input.c and (2) tcp_usrreq.c OpenBSD 3.5 and 3.6 allow remote attackers to cause a denial of service (memory exhaustion or system crash).

  • CVE-2005-0740Jan 13, 2005
    risk 0.00cvss epss 0.02

    The TCP stack (tcp_input.c) in OpenBSD 3.5 and 3.6 allows remote attackers to cause a denial of service (system panic) via crafted values in the TCP timestamp option, which causes invalid arguments to be used when calculating the retransmit timeout.

  • CVE-2004-1799Dec 31, 2004
    risk 0.00cvss epss 0.01

    PF in certain OpenBSD versions, when stateful filtering is enabled, does not limit packets for a session to the original interface, which allows remote attackers to bypass intended packet filters via spoofed packets to other interfaces.

  • CVE-2004-2163Dec 31, 2004
    risk 0.00cvss epss 0.02

    login_radius on OpenBSD 3.2, 3.5, and possibly other versions does not verify the shared secret in a response packet from a RADIUS server, which allows remote attackers to bypass authentication by spoofing server replies.

  • CVE-2004-2338Dec 31, 2004
    risk 0.00cvss epss 0.01

    OpenBSD 3.3 and 3.4 does not properly parse Accept and Deny rules without netmasks on big-endian 64-bit platforms such as SPARC64, which may allow remote attackers to bypass access restrictions.

  • CVE-2004-2230Dec 31, 2004
    risk 0.00cvss epss 0.00

    Heap-based buffer overflow in isakmpd on OpenBSD 3.4 through 3.6 allows local users to cause a denial of service (panic) and corrupt memory via IPSEC credentials on a socket.

  • CVE-2004-0257Nov 23, 2004
    risk 0.00cvss epss 0.02

    OpenBSD 3.4 and NetBSD 1.6 and 1.6.1 allow remote attackers to cause a denial of service (crash) by sending an IPv6 packet with a small MTU to a listening port and then issuing a TCP connect to that port.

  • CVE-2004-0819Aug 25, 2004
    risk 0.00cvss epss 0.01

    The bridge functionality in OpenBSD 3.4 and 3.5, when running a gateway configured as a bridging firewall with the link2 option for IPSec enabled, allows remote attackers to cause a denial of service (crash) via an ICMP echo (ping) packet.

  • CVE-2004-0417Aug 6, 2004
    risk 0.00cvss epss 0.03

    Integer overflow in the "Max-dotdot" CVS protocol command (serve_max_dotdot) for CVS 1.12.x through 1.12.8, and 1.11.x through 1.11.16, may allow remote attackers to cause a server crash, which could cause temporary data to remain undeleted and consume disk space.

  • CVE-2004-0418Aug 6, 2004
    risk 0.00cvss epss 0.06

    serve_notify in CVS 1.12.x through 1.12.8, and 1.11.x through 1.11.16, does not properly handle empty data lines, which may allow remote attackers to perform an "out-of-bounds" write for a single byte to execute arbitrary code or modify critical program data.

  • CVE-2004-0414Aug 6, 2004
    risk 0.00cvss epss 0.04

    CVS 1.12.x through 1.12.8, and 1.11.x through 1.11.16, does not properly handle malformed "Entry" lines, which prevents a NULL terminator from being used and may lead to a denial of service (crash), modification of critical program data, or arbitrary code execution.

  • CVE-2004-0482Jul 7, 2004
    risk 0.00cvss epss 0.00

    Multiple integer overflows in (1) procfs_cmdline.c, (2) procfs_fpregs.c, (3) procfs_linux.c, (4) procfs_regs.c, (5) procfs_status.c, and (6) procfs_subr.c in procfs for OpenBSD 3.5 and earlier allow local users to read sensitive kernel memory and possibly perform other…

  • CVE-2004-0219May 4, 2004
    risk 0.00cvss epss 0.03

    isakmpd in OpenBSD 3.4 and earlier allows remote attackers to cause a denial of service (crash) via an ISAKMP packet with a malformed IPSEC SA payload, as demonstrated by the Striker ISAKMP Protocol Test Suite.

  • CVE-2004-0221May 4, 2004
    risk 0.00cvss epss 0.04

    isakmpd in OpenBSD 3.4 and earlier allows remote attackers to cause a denial of service (crash) via an ISAKMP packet with a delete payload containing a large number of SPIs, which triggers an out-of-bounds read error, as demonstrated by the Striker ISAKMP Protocol Test Suite.

  • CVE-2004-0222May 4, 2004
    risk 0.00cvss epss 0.04

    Multiple memory leaks in isakmpd in OpenBSD 3.4 and earlier allow remote attackers to cause a denial of service (memory exhaustion) via certain ISAKMP packets, as demonstrated by the Striker ISAKMP Protocol Test Suite.

  • CVE-2004-0218May 4, 2004
    risk 0.00cvss epss 0.03

    isakmpd in OpenBSD 3.4 and earlier allows remote attackers to cause a denial of service (infinite loop) via an ISAKMP packet with a zero-length payload, as demonstrated by the Striker ISAKMP Protocol Test Suite.

  • CVE-2004-0220May 4, 2004
    risk 0.00cvss epss 0.05

    isakmpd in OpenBSD 3.4 and earlier allows remote attackers to cause a denial of service via an ISAKMP packet with a malformed Cert Request payload, which causes an integer underflow that is used in a malloc operation that is not properly handled, as demonstrated by the Striker…

  • CVE-2004-0171Mar 15, 2004
    risk 0.00cvss epss 0.03

    FreeBSD 5.1 and earlier, and Mac OS X before 10.3.4, allows remote attackers to cause a denial of service (resource exhaustion of memory buffers and system crash) via a large number of out-of-sequence TCP packets, which prevents the operating system from creating new connections.

  • CVE-2004-0106Mar 3, 2004
    risk 0.00cvss epss 0.00

    Multiple unknown vulnerabilities in XFree86 4.1.0 to 4.3.0, related to improper handling of font files, a different set of vulnerabilities than CVE-2004-0083 and CVE-2004-0084.

Page 7 of 10