OpenBSD
by OpenBSD
Source repositories
CVEs (196)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2001-0378 | 0.00 | — | 0.00 | Jun 27, 2001 | readline prior to 4.1, in OpenBSD 2.8 and earlier, creates history files with insecure permissions, which allows a local attacker to recover potentially sensitive information via readline history files. | |||
| CVE-2001-1047 | 0.00 | — | 0.00 | Jun 2, 2001 | Race condition in OpenBSD VFS allows local users to cause a denial of service (kernel panic) by (1) creating a pipe in one thread and causing another thread to set one of the file descriptors to NULL via a close, or (2) calling dup2 on a file descriptor in one process, then… | |||
| CVE-2001-0268 | 0.00 | — | 0.01 | May 3, 2001 | The i386_set_ldt system call in NetBSD 1.5 and earlier, and OpenBSD 2.8 and earlier, when the USER_LDT kernel option is enabled, does not validate a call gate target, which allows local users to gain root privileges by creating a segment call gate in the Local Descriptor Table… | |||
| CVE-2001-0284 | 0.00 | — | 0.03 | May 3, 2001 | Buffer overflow in IPSEC authentication mechanism for OpenBSD 2.8 and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary commands via a malformed Authentication header (AH) IPv4 option. | |||
| CVE-2000-0309 | 0.00 | — | 0.00 | Mar 12, 2001 | The i386 trace-trap handling in OpenBSD 2.4 with DDB enabled allows a local user to cause a denial of service. | |||
| CVE-2000-0313 | 0.00 | — | 0.00 | Mar 12, 2001 | Vulnerability in OpenBSD 2.6 allows a local user to change interface media configurations. | |||
| CVE-2000-0310 | 0.00 | — | 0.01 | Mar 12, 2001 | IP fragment assembly in OpenBSD 2.4 allows a remote attacker to cause a denial of service by sending a large number of fragmented packets. | |||
| CVE-2000-0312 | 0.00 | — | 0.01 | Mar 12, 2001 | cron in OpenBSD 2.5 allows local users to gain root privileges via an argv[] that is not NULL terminated, which is passed to cron's fake popen function. | |||
| CVE-2000-0995 | 0.00 | — | 0.01 | Dec 19, 2000 | Format string vulnerability in OpenBSD yp_passwd program (and possibly other BSD-based operating systems) allows attackers to gain root privileges a malformed name. | |||
| CVE-2000-0962 | 0.00 | — | 0.02 | Dec 19, 2000 | The IPSEC implementation in OpenBSD 2.7 does not properly handle empty AH/ESP packets, which allows remote attackers to cause a denial of service. | |||
| CVE-2000-0997 | 0.00 | — | 0.01 | Dec 19, 2000 | Format string vulnerabilities in eeprom program in OpenBSD, NetBSD, and possibly other operating systems allows local attackers to gain root privileges. | |||
| CVE-2000-0996 | 0.00 | — | 0.01 | Dec 19, 2000 | Format string vulnerability in OpenBSD su program (and possibly other BSD-based operating systems) allows local attackers to gain root privileges via a malformed shell. | |||
| CVE-2000-1004 | 0.00 | — | 0.00 | Dec 11, 2000 | Format string vulnerability in OpenBSD photurisd allows local users to execute arbitrary commands via a configuration file directory name that contains formatting characters. | |||
| CVE-2000-1010 | 0.00 | — | 0.05 | Dec 11, 2000 | Format string vulnerability in talkd in OpenBSD and possibly other BSD-based OSes allows remote attackers to execute arbitrary commands via a user name that contains format characters. | |||
| CVE-2000-0750 | 0.00 | — | 0.02 | Oct 20, 2000 | Buffer overflow in mopd (Maintenance Operations Protocol loader daemon) allows remote attackers to execute arbitrary commands via a long file name. | |||
| CVE-2000-0461 | 0.00 | — | 0.00 | May 29, 2000 | The undocumented semconfig system call in BSD freezes the state of semaphores, which allows local users to cause a denial of service of the semaphore system by using the semconfig call. | |||
| CVE-2000-0092 | 0.00 | — | 0.00 | Jan 19, 2000 | The BSD make program allows local users to modify files via a symlink attack when the -j option is being used. | |||
| CVE-1999-0001 | 0.00 | — | 0.03 | Dec 30, 1999 | ip_input.c in BSD-derived TCP/IP implementations allows remote attackers to cause a denial of service (crash or hang) via crafted packets. | |||
| CVE-1999-0724 | 0.00 | — | 0.00 | Aug 12, 1999 | Buffer overflow in OpenBSD procfs and fdescfs file systems via uio_offset in the readdir() function. | |||
| CVE-1999-0727 | 0.00 | — | 0.01 | Aug 6, 1999 | A kernel leak in the OpenBSD kernel allows IPsec packets to be sent unencrypted. |
- CVE-2001-0378Jun 27, 2001risk 0.00cvss —epss 0.00
readline prior to 4.1, in OpenBSD 2.8 and earlier, creates history files with insecure permissions, which allows a local attacker to recover potentially sensitive information via readline history files.
- CVE-2001-1047Jun 2, 2001risk 0.00cvss —epss 0.00
Race condition in OpenBSD VFS allows local users to cause a denial of service (kernel panic) by (1) creating a pipe in one thread and causing another thread to set one of the file descriptors to NULL via a close, or (2) calling dup2 on a file descriptor in one process, then…
- CVE-2001-0268May 3, 2001risk 0.00cvss —epss 0.01
The i386_set_ldt system call in NetBSD 1.5 and earlier, and OpenBSD 2.8 and earlier, when the USER_LDT kernel option is enabled, does not validate a call gate target, which allows local users to gain root privileges by creating a segment call gate in the Local Descriptor Table…
- CVE-2001-0284May 3, 2001risk 0.00cvss —epss 0.03
Buffer overflow in IPSEC authentication mechanism for OpenBSD 2.8 and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary commands via a malformed Authentication header (AH) IPv4 option.
- CVE-2000-0309Mar 12, 2001risk 0.00cvss —epss 0.00
The i386 trace-trap handling in OpenBSD 2.4 with DDB enabled allows a local user to cause a denial of service.
- CVE-2000-0313Mar 12, 2001risk 0.00cvss —epss 0.00
Vulnerability in OpenBSD 2.6 allows a local user to change interface media configurations.
- CVE-2000-0310Mar 12, 2001risk 0.00cvss —epss 0.01
IP fragment assembly in OpenBSD 2.4 allows a remote attacker to cause a denial of service by sending a large number of fragmented packets.
- CVE-2000-0312Mar 12, 2001risk 0.00cvss —epss 0.01
cron in OpenBSD 2.5 allows local users to gain root privileges via an argv[] that is not NULL terminated, which is passed to cron's fake popen function.
- CVE-2000-0995Dec 19, 2000risk 0.00cvss —epss 0.01
Format string vulnerability in OpenBSD yp_passwd program (and possibly other BSD-based operating systems) allows attackers to gain root privileges a malformed name.
- CVE-2000-0962Dec 19, 2000risk 0.00cvss —epss 0.02
The IPSEC implementation in OpenBSD 2.7 does not properly handle empty AH/ESP packets, which allows remote attackers to cause a denial of service.
- CVE-2000-0997Dec 19, 2000risk 0.00cvss —epss 0.01
Format string vulnerabilities in eeprom program in OpenBSD, NetBSD, and possibly other operating systems allows local attackers to gain root privileges.
- CVE-2000-0996Dec 19, 2000risk 0.00cvss —epss 0.01
Format string vulnerability in OpenBSD su program (and possibly other BSD-based operating systems) allows local attackers to gain root privileges via a malformed shell.
- CVE-2000-1004Dec 11, 2000risk 0.00cvss —epss 0.00
Format string vulnerability in OpenBSD photurisd allows local users to execute arbitrary commands via a configuration file directory name that contains formatting characters.
- CVE-2000-1010Dec 11, 2000risk 0.00cvss —epss 0.05
Format string vulnerability in talkd in OpenBSD and possibly other BSD-based OSes allows remote attackers to execute arbitrary commands via a user name that contains format characters.
- CVE-2000-0750Oct 20, 2000risk 0.00cvss —epss 0.02
Buffer overflow in mopd (Maintenance Operations Protocol loader daemon) allows remote attackers to execute arbitrary commands via a long file name.
- CVE-2000-0461May 29, 2000risk 0.00cvss —epss 0.00
The undocumented semconfig system call in BSD freezes the state of semaphores, which allows local users to cause a denial of service of the semaphore system by using the semconfig call.
- CVE-2000-0092Jan 19, 2000risk 0.00cvss —epss 0.00
The BSD make program allows local users to modify files via a symlink attack when the -j option is being used.
- CVE-1999-0001Dec 30, 1999risk 0.00cvss —epss 0.03
ip_input.c in BSD-derived TCP/IP implementations allows remote attackers to cause a denial of service (crash or hang) via crafted packets.
- CVE-1999-0724Aug 12, 1999risk 0.00cvss —epss 0.00
Buffer overflow in OpenBSD procfs and fdescfs file systems via uio_offset in the readdir() function.
- CVE-1999-0727Aug 6, 1999risk 0.00cvss —epss 0.01
A kernel leak in the OpenBSD kernel allows IPsec packets to be sent unencrypted.
Page 9 of 10