Vendor CVEs
OpenBSD
All CVEs
337 total · sorted by risk| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2001-0572 | 0.01 | — | 0.07 | Aug 22, 2001 | The SSH protocols 1 and 2 (aka SSH-2) as implemented in OpenSSH and other packages have various weaknesses which can allow a remote attacker to obtain the following information via sniffing: (1) password lengths or ranges of lengths, which simplifies brute force password… | |||
| CVE-2000-0999 | 0.01 | — | 0.12 | Dec 11, 2000 | Format string vulnerabilities in OpenBSD ssh program (and possibly other BSD-based operating systems) allow attackers to gain root privileges. | |||
| CVE-2026-57589 | 0.00 | — | 0.00 | Jun 25, 2026 | sys/kern/sysv_sem.c in OpenBSD through 7.9 has a use-after-free allowing local privilege escalation to root. This is a context switch use-after-free after tsleep in sys_semget(). | |||
| CVE-2026-56099 | 0.00 | — | 0.00 | Jun 18, 2026 | OpenBSD before commit 6a23123 (2026-06-18) contains an out-of-bounds read vulnerability in the mpls_do_error function within sys/netmpls/mpls_input.c that allows remote attackers to disclose kernel stack memory by sending crafted MPLS frames with 16 labels and no Bottom-of-Stack… | |||
| CVE-2026-55706 | 0.00 | — | 0.00 | Jun 17, 2026 | sppp_pap_input in sys/net/if_spppsubr.c in OpenBSD before 076e2b1 allows authentication bypass via certain zero values for lengths. | |||
| CVE-2025-62875 | 0.00 | — | 0.00 | Nov 20, 2025 | An Improper Check for Unusual or Exceptional Conditions vulnerability in OpenSMTPD allows local users to crash OpenSMTPD. This issue affects openSUSE Tumbleweed: from ? before 7.8.0p0-1.1. | |||
| CVE-2025-32728 | 0.00 | — | 0.00 | Apr 10, 2025 | In sshd in OpenSSH before 10.0, the DisableForwarding directive does not adhere to the documentation stating that it disables X11 and agent forwarding. | |||
| CVE-2025-30334 | 0.00 | — | 0.00 | Mar 20, 2025 | In OpenBSD 7.6 before errata 006 and OpenBSD 7.5 before errata 015, traffic sent over wg(4) could result in kernel crash. | |||
| CVE-2024-11149 | 0.00 | — | 0.00 | Dec 6, 2024 | In OpenBSD 7.4 before errata 014, vmm(4) did not restore GDTR limits properly on Intel (VMX) CPUs. | |||
| CVE-2024-10933 | 0.00 | — | 0.00 | Dec 5, 2024 | In OpenBSD 7.5 before errata 009 and OpenBSD 7.4 before errata 022, exclude any '/' in readdir name validation to avoid unexpected directory traversal on untrusted file systems. | |||
| CVE-2024-11148 | 0.00 | — | 0.00 | Dec 5, 2024 | In OpenBSD 7.4 before errata 006 and OpenBSD 7.3 before errata 020, httpd(8) is vulnerable to a NULL dereference when handling a malformed fastcgi request. | |||
| CVE-2024-10934 | 0.00 | — | 0.00 | Nov 15, 2024 | In OpenBSD 7.5 before errata 008 and OpenBSD 7.4 before errata 021, avoid possible mbuf double free in NFS client and server implementation, do not use uninitialized variable in error handling of NFS server. | |||
| CVE-2021-35000 | 0.00 | — | 0.00 | May 7, 2024 | OpenBSD Kernel Multicast Routing Uninitialized Memory Information Disclosure Vulnerability. This vulnerability allows local attackers to disclose sensitive information on affected installations of OpenBSD Kernel. An attacker must first obtain the ability to execute… | |||
| CVE-2021-34999 | 0.00 | — | 0.00 | May 7, 2024 | OpenBSD Kernel Multicast Routing Uninitialized Memory Information Disclosure Vulnerability. This vulnerability allows local attackers to disclose sensitive information on affected installations of OpenBSD Kernel. An attacker must first obtain the ability to execute… | |||
| CVE-2024-29937 | 0.00 | — | 0.02 | Mar 21, 2024 | NFS in a BSD derived codebase, as used in OpenBSD through 7.4 and FreeBSD through 14.0-RELEASE, allows remote attackers to execute arbitrary code via a bug that is unrelated to memory corruption. | |||
| CVE-2023-52558 | 0.00 | — | 0.01 | Mar 1, 2024 | In OpenBSD 7.4 before errata 002 and OpenBSD 7.3 before errata 019, a network buffer that had to be split at certain length that could crash the kernel after receiving specially crafted escape sequences. | |||
| CVE-2023-52557 | 0.00 | — | 0.01 | Mar 1, 2024 | In OpenBSD 7.3 before errata 016, npppd(8) could crash by a l2tp message which has an AVP (Attribute-Value Pair) with wrong length. | |||
| CVE-2023-52556 | 0.00 | — | 0.00 | Mar 1, 2024 | In OpenBSD 7.4 before errata 009, a race condition between pf(4)'s processing of packets and expiration of packet states may cause a kernel panic. | |||
| CVE-2022-23093 | 0.00 | — | 0.02 | Feb 15, 2024 | ping reads raw IP packets from the network to process responses in the pr_pack() function. As part of processing a response ping has to reconstruct the IP header, the ICMP header and if present a "quoted packet," which represents the packet that generated an ICMP error. … | |||
| CVE-2023-38283 | 0.00 | — | 0.01 | Aug 29, 2023 | In OpenBGPD before 8.1, incorrect handling of BGP update data (length of path attributes) set by a potentially distant remote actor may cause the system to incorrectly reset a session. This is fixed in OpenBSD 7.3 errata 006. | |||
| CVE-2023-40216 | 0.00 | — | 0.00 | Aug 10, 2023 | OpenBSD 7.3 before errata 014 is missing an argument-count bounds check in console terminal emulation. This could cause incorrect memory access and a kernel crash after receiving crafted DCS or CSI terminal escape sequences. | |||
| CVE-2023-35784 | 0.00 | — | 0.01 | Jun 16, 2023 | A double free or use after free could occur after SSL_clear in OpenBSD 7.2 before errata 026 and 7.3 before errata 004, and in LibreSSL before 3.6.3 and 3.7.x before 3.7.3. NOTE: OpenSSL is not affected. | |||
| CVE-2021-46880 | 0.00 | — | 0.01 | Apr 14, 2023 | x509/x509_verify.c in LibreSSL before 3.4.2, and OpenBSD before 7.0 errata 006, allows authentication bypass because an error for an unverified certificate chain is sometimes discarded. | |||
| CVE-2022-48437 | 0.00 | — | 0.00 | Apr 12, 2023 | An issue was discovered in x509/x509_verify.c in LibreSSL before 3.6.1, and in OpenBSD before 7.2 errata 001. x509_verify_ctx_add_chain does not store errors that occur during leaf certificate verification, and therefore an incorrect error is returned. This behavior occurs when… | |||
| CVE-2023-29323 | 0.00 | — | 0.00 | Apr 4, 2023 | ascii_load_sockaddr in smtpd in OpenBSD before 7.1 errata 024 and 7.2 before errata 020, and OpenSMTPD Portable before 7.0.0-portable commit f748277, can abort upon a connection from a local, scoped IPv6 address. | |||
| CVE-2023-27567 | 0.00 | — | 0.01 | Mar 3, 2023 | In OpenBSD 7.2, a TCP packet with destination port 0 that matches a pf divert-to rule can crash the kernel. | |||
| CVE-2022-27882 | 0.00 | — | 0.02 | Mar 25, 2022 | slaacd in OpenBSD 6.9 and 7.0 before 2022-03-22 has an integer signedness error and resultant heap-based buffer overflow triggerable by a crafted IPv6 router advertisement. NOTE: privilege separation and pledge can prevent exploitation. | |||
| CVE-2022-27881 | 0.00 | — | 0.02 | Mar 25, 2022 | engine.c in slaacd in OpenBSD 6.9 and 7.0 before 2022-02-21 has a buffer overflow triggerable by an IPv6 router advertisement with more than seven nameservers. NOTE: privilege separation and pledge can prevent exploitation. | |||
| CVE-2021-41581 | 0.00 | — | 0.01 | Sep 24, 2021 | x509_constraints_parse_mailbox in lib/libcrypto/x509/x509_constraints.c in LibreSSL through 3.4.0 has a stack-based buffer over-read. When the input exceeds DOMAIN_PART_MAX_LEN, the buffer lacks '\0' termination. | |||
| CVE-2019-25049 | 0.00 | — | 0.01 | Jul 1, 2021 | LibreSSL 2.9.1 through 3.2.1 has an out-of-bounds read in asn1_item_print_ctx (called from asn1_template_print_ctx). | |||
| CVE-2019-25048 | 0.00 | — | 0.01 | Jul 1, 2021 | LibreSSL 2.9.1 through 3.2.1 has a heap-based buffer over-read in do_print_ex (called from asn1_item_print_ctx and ASN1_item_print). | |||
| CVE-2010-4816 | 0.00 | — | 0.02 | Jun 22, 2021 | It was found in FreeBSD 8.0, 6.3 and 4.9, and OpenBSD 4.6 that a null pointer dereference in ftpd/popen.c may lead to remote denial of service of the ftpd service. | |||
| CVE-2020-26142 | 0.00 | — | 0.02 | May 11, 2021 | An issue was discovered in the kernel in OpenBSD 6.6. The WEP, WPA, WPA2, and WPA3 implementations treat fragmented frames as full frames. An adversary can abuse this to inject arbitrary network packets, independent of the network configuration. | |||
| CVE-2020-35680 | 0.00 | — | 0.04 | Dec 24, 2020 | smtpd/lka_filter.c in OpenSMTPD before 6.8.0p1, in certain configurations, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted pattern of client activity, because the filter state machine does not properly maintain the… | |||
| CVE-2020-16088 | 0.00 | — | 0.02 | Jul 28, 2020 | iked in OpenIKED, as used in OpenBSD through 6.7, allows authentication bypass because ca.c has the wrong logic for checking whether a public key matches. | |||
| CVE-2015-5333 | 0.00 | — | 0.02 | Jan 23, 2020 | Memory leak in the OBJ_obj2txt function in LibreSSL before 2.3.1 allows remote attackers to cause a denial of service (memory consumption) via a large number of ASN.1 object identifiers in X.509 certificates. | |||
| CVE-2019-19519 | 0.00 | — | 0.00 | Dec 4, 2019 | In OpenBSD 6.6, local users can use the su -L option to achieve any login class (often excluding root) because there is a logic error in the main function in su/su.c. | |||
| CVE-2019-19521 | 0.00 | — | 0.03 | Dec 4, 2019 | libc in OpenBSD 6.6 allows authentication bypass via the -schallenge username, as demonstrated by smtpd, ldapd, or radiusd. This is related to gen/auth_subr.c and gen/authenticate.c in libc (and login/login.c and xenocara/app/xenodm/greeter/verify.c). | |||
| CVE-2019-19522 | 0.00 | — | 0.00 | Dec 4, 2019 | OpenBSD 6.6, in a non-default configuration where S/Key or YubiKey authentication is enabled, allows local users to become root by leveraging membership in the auth group. This occurs because root's file can be written to /etc/skey or /var/db/yubikey, and need not be owned by… | |||
| CVE-2019-7639 | 0.00 | — | 0.01 | Feb 8, 2019 | An issue was discovered in gsi-openssh-server 7.9p1 on Fedora 29. If PermitPAMUserChange is set to yes in the /etc/gsissh/sshd_config file, logins succeed with a valid username and an incorrect password, even though a failure entry is recorded in the /var/log/messages file. | |||
| CVE-2018-20685 | 0.00 | — | 0.04 | Jan 10, 2019 | In OpenSSH 7.9, scp.c in the scp client allows remote SSH servers to bypass intended access restrictions via the filename of . or an empty filename. The impact is modifying the permissions of the target directory on the client side. | |||
| CVE-2018-8970 | Hig | 0.00 | 7.4 | 0.01 | Mar 24, 2018 | The int_x509_param_set_hosts function in lib/libcrypto/x509/x509_vpm.c in LibreSSL 2.7.0 before 2.7.1 does not support a certain special case of a zero name length, which causes silent omission of hostname verification, and consequently allows man-in-the-middle attackers to… | ||
| CVE-2015-5352 | 0.00 | — | 0.05 | Aug 3, 2015 | The x11_open_helper function in channels.c in ssh in OpenSSH before 6.9, when ForwardX11Trusted mode is not used, lacks a check of the refusal deadline for X connections, which makes it easier for remote attackers to bypass intended access restrictions via a connection outside… | |||
| CVE-2014-9424 | 0.00 | — | 0.02 | Dec 29, 2014 | Double free vulnerability in the ssl_parse_clienthello_use_srtp_ext function in d1_srtp.c in LibreSSL before 2.1.2 allows remote attackers to cause a denial of service or possibly have unspecified other impact by triggering a certain length-verification error during processing… | |||
| CVE-2014-7250 | 0.00 | — | 0.05 | Dec 12, 2014 | The TCP stack in 4.3BSD Net/2, as used in FreeBSD 5.4, NetBSD possibly 2.0, and OpenBSD possibly 3.6, does not properly implement the session timer, which allows remote attackers to cause a denial of service (resource consumption) via crafted packets. | |||
| CVE-2014-9278 | 0.00 | — | 0.02 | Dec 6, 2014 | The OpenSSH server, as used in Fedora and Red Hat Enterprise Linux 7 and when running in a Kerberos environment, allows remote authenticated users to log in as another user when they are listed in the .k5users file of that user, which might bypass intended authentication… | |||
| CVE-2013-2125 | 0.00 | — | 0.02 | May 27, 2014 | OpenSMTPD before 5.3.2 does not properly handle SSL sessions, which allows remote attackers to cause a denial of service (connection blocking) by keeping a connection open. | |||
| CVE-2013-4548 | 0.00 | — | 0.03 | Nov 8, 2013 | The mm_newkeys_from_blob function in monitor_wrap.c in sshd in OpenSSH 6.2 and 6.3, when an AES-GCM cipher is used, does not properly initialize memory for a MAC context data structure, which allows remote authenticated users to bypass intended ForceCommand and login-shell… | |||
| CVE-2011-5000 | 0.00 | — | 0.03 | Apr 5, 2012 | The ssh_gssapi_parse_ename function in gss-serv.c in OpenSSH 5.8 and earlier, when gssapi-with-mic authentication is enabled, allows remote authenticated users to cause a denial of service (memory consumption) via a large value in a certain length field. NOTE: there may be… | |||
| CVE-2011-2168 | 0.00 | — | 0.01 | May 24, 2011 | Multiple integer overflows in the glob implementation in libc in OpenBSD before 4.9 might allow context-dependent attackers to have an unspecified impact via a crafted string, related to the GLOB_APPEND and GLOB_DOOFFS flags, a different issue than CVE-2011-0418. |
- CVE-2001-0572Aug 22, 2001risk 0.01cvss —epss 0.07
The SSH protocols 1 and 2 (aka SSH-2) as implemented in OpenSSH and other packages have various weaknesses which can allow a remote attacker to obtain the following information via sniffing: (1) password lengths or ranges of lengths, which simplifies brute force password…
- CVE-2000-0999Dec 11, 2000risk 0.01cvss —epss 0.12
Format string vulnerabilities in OpenBSD ssh program (and possibly other BSD-based operating systems) allow attackers to gain root privileges.
- CVE-2026-57589Jun 25, 2026risk 0.00cvss —epss 0.00
sys/kern/sysv_sem.c in OpenBSD through 7.9 has a use-after-free allowing local privilege escalation to root. This is a context switch use-after-free after tsleep in sys_semget().
- CVE-2026-56099Jun 18, 2026risk 0.00cvss —epss 0.00
OpenBSD before commit 6a23123 (2026-06-18) contains an out-of-bounds read vulnerability in the mpls_do_error function within sys/netmpls/mpls_input.c that allows remote attackers to disclose kernel stack memory by sending crafted MPLS frames with 16 labels and no Bottom-of-Stack…
- CVE-2026-55706Jun 17, 2026risk 0.00cvss —epss 0.00
sppp_pap_input in sys/net/if_spppsubr.c in OpenBSD before 076e2b1 allows authentication bypass via certain zero values for lengths.
- CVE-2025-62875Nov 20, 2025risk 0.00cvss —epss 0.00
An Improper Check for Unusual or Exceptional Conditions vulnerability in OpenSMTPD allows local users to crash OpenSMTPD. This issue affects openSUSE Tumbleweed: from ? before 7.8.0p0-1.1.
- CVE-2025-32728Apr 10, 2025risk 0.00cvss —epss 0.00
In sshd in OpenSSH before 10.0, the DisableForwarding directive does not adhere to the documentation stating that it disables X11 and agent forwarding.
- CVE-2025-30334Mar 20, 2025risk 0.00cvss —epss 0.00
In OpenBSD 7.6 before errata 006 and OpenBSD 7.5 before errata 015, traffic sent over wg(4) could result in kernel crash.
- CVE-2024-11149Dec 6, 2024risk 0.00cvss —epss 0.00
In OpenBSD 7.4 before errata 014, vmm(4) did not restore GDTR limits properly on Intel (VMX) CPUs.
- CVE-2024-10933Dec 5, 2024risk 0.00cvss —epss 0.00
In OpenBSD 7.5 before errata 009 and OpenBSD 7.4 before errata 022, exclude any '/' in readdir name validation to avoid unexpected directory traversal on untrusted file systems.
- CVE-2024-11148Dec 5, 2024risk 0.00cvss —epss 0.00
In OpenBSD 7.4 before errata 006 and OpenBSD 7.3 before errata 020, httpd(8) is vulnerable to a NULL dereference when handling a malformed fastcgi request.
- CVE-2024-10934Nov 15, 2024risk 0.00cvss —epss 0.00
In OpenBSD 7.5 before errata 008 and OpenBSD 7.4 before errata 021, avoid possible mbuf double free in NFS client and server implementation, do not use uninitialized variable in error handling of NFS server.
- CVE-2021-35000May 7, 2024risk 0.00cvss —epss 0.00
OpenBSD Kernel Multicast Routing Uninitialized Memory Information Disclosure Vulnerability. This vulnerability allows local attackers to disclose sensitive information on affected installations of OpenBSD Kernel. An attacker must first obtain the ability to execute…
- CVE-2021-34999May 7, 2024risk 0.00cvss —epss 0.00
OpenBSD Kernel Multicast Routing Uninitialized Memory Information Disclosure Vulnerability. This vulnerability allows local attackers to disclose sensitive information on affected installations of OpenBSD Kernel. An attacker must first obtain the ability to execute…
- CVE-2024-29937Mar 21, 2024risk 0.00cvss —epss 0.02
NFS in a BSD derived codebase, as used in OpenBSD through 7.4 and FreeBSD through 14.0-RELEASE, allows remote attackers to execute arbitrary code via a bug that is unrelated to memory corruption.
- CVE-2023-52558Mar 1, 2024risk 0.00cvss —epss 0.01
In OpenBSD 7.4 before errata 002 and OpenBSD 7.3 before errata 019, a network buffer that had to be split at certain length that could crash the kernel after receiving specially crafted escape sequences.
- CVE-2023-52557Mar 1, 2024risk 0.00cvss —epss 0.01
In OpenBSD 7.3 before errata 016, npppd(8) could crash by a l2tp message which has an AVP (Attribute-Value Pair) with wrong length.
- CVE-2023-52556Mar 1, 2024risk 0.00cvss —epss 0.00
In OpenBSD 7.4 before errata 009, a race condition between pf(4)'s processing of packets and expiration of packet states may cause a kernel panic.
- CVE-2022-23093Feb 15, 2024risk 0.00cvss —epss 0.02
ping reads raw IP packets from the network to process responses in the pr_pack() function. As part of processing a response ping has to reconstruct the IP header, the ICMP header and if present a "quoted packet," which represents the packet that generated an ICMP error. …
- CVE-2023-38283Aug 29, 2023risk 0.00cvss —epss 0.01
In OpenBGPD before 8.1, incorrect handling of BGP update data (length of path attributes) set by a potentially distant remote actor may cause the system to incorrectly reset a session. This is fixed in OpenBSD 7.3 errata 006.
- CVE-2023-40216Aug 10, 2023risk 0.00cvss —epss 0.00
OpenBSD 7.3 before errata 014 is missing an argument-count bounds check in console terminal emulation. This could cause incorrect memory access and a kernel crash after receiving crafted DCS or CSI terminal escape sequences.
- CVE-2023-35784Jun 16, 2023risk 0.00cvss —epss 0.01
A double free or use after free could occur after SSL_clear in OpenBSD 7.2 before errata 026 and 7.3 before errata 004, and in LibreSSL before 3.6.3 and 3.7.x before 3.7.3. NOTE: OpenSSL is not affected.
- CVE-2021-46880Apr 14, 2023risk 0.00cvss —epss 0.01
x509/x509_verify.c in LibreSSL before 3.4.2, and OpenBSD before 7.0 errata 006, allows authentication bypass because an error for an unverified certificate chain is sometimes discarded.
- CVE-2022-48437Apr 12, 2023risk 0.00cvss —epss 0.00
An issue was discovered in x509/x509_verify.c in LibreSSL before 3.6.1, and in OpenBSD before 7.2 errata 001. x509_verify_ctx_add_chain does not store errors that occur during leaf certificate verification, and therefore an incorrect error is returned. This behavior occurs when…
- CVE-2023-29323Apr 4, 2023risk 0.00cvss —epss 0.00
ascii_load_sockaddr in smtpd in OpenBSD before 7.1 errata 024 and 7.2 before errata 020, and OpenSMTPD Portable before 7.0.0-portable commit f748277, can abort upon a connection from a local, scoped IPv6 address.
- CVE-2023-27567Mar 3, 2023risk 0.00cvss —epss 0.01
In OpenBSD 7.2, a TCP packet with destination port 0 that matches a pf divert-to rule can crash the kernel.
- CVE-2022-27882Mar 25, 2022risk 0.00cvss —epss 0.02
slaacd in OpenBSD 6.9 and 7.0 before 2022-03-22 has an integer signedness error and resultant heap-based buffer overflow triggerable by a crafted IPv6 router advertisement. NOTE: privilege separation and pledge can prevent exploitation.
- CVE-2022-27881Mar 25, 2022risk 0.00cvss —epss 0.02
engine.c in slaacd in OpenBSD 6.9 and 7.0 before 2022-02-21 has a buffer overflow triggerable by an IPv6 router advertisement with more than seven nameservers. NOTE: privilege separation and pledge can prevent exploitation.
- CVE-2021-41581Sep 24, 2021risk 0.00cvss —epss 0.01
x509_constraints_parse_mailbox in lib/libcrypto/x509/x509_constraints.c in LibreSSL through 3.4.0 has a stack-based buffer over-read. When the input exceeds DOMAIN_PART_MAX_LEN, the buffer lacks '\0' termination.
- CVE-2019-25049Jul 1, 2021risk 0.00cvss —epss 0.01
LibreSSL 2.9.1 through 3.2.1 has an out-of-bounds read in asn1_item_print_ctx (called from asn1_template_print_ctx).
- CVE-2019-25048Jul 1, 2021risk 0.00cvss —epss 0.01
LibreSSL 2.9.1 through 3.2.1 has a heap-based buffer over-read in do_print_ex (called from asn1_item_print_ctx and ASN1_item_print).
- CVE-2010-4816Jun 22, 2021risk 0.00cvss —epss 0.02
It was found in FreeBSD 8.0, 6.3 and 4.9, and OpenBSD 4.6 that a null pointer dereference in ftpd/popen.c may lead to remote denial of service of the ftpd service.
- CVE-2020-26142May 11, 2021risk 0.00cvss —epss 0.02
An issue was discovered in the kernel in OpenBSD 6.6. The WEP, WPA, WPA2, and WPA3 implementations treat fragmented frames as full frames. An adversary can abuse this to inject arbitrary network packets, independent of the network configuration.
- CVE-2020-35680Dec 24, 2020risk 0.00cvss —epss 0.04
smtpd/lka_filter.c in OpenSMTPD before 6.8.0p1, in certain configurations, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted pattern of client activity, because the filter state machine does not properly maintain the…
- CVE-2020-16088Jul 28, 2020risk 0.00cvss —epss 0.02
iked in OpenIKED, as used in OpenBSD through 6.7, allows authentication bypass because ca.c has the wrong logic for checking whether a public key matches.
- CVE-2015-5333Jan 23, 2020risk 0.00cvss —epss 0.02
Memory leak in the OBJ_obj2txt function in LibreSSL before 2.3.1 allows remote attackers to cause a denial of service (memory consumption) via a large number of ASN.1 object identifiers in X.509 certificates.
- CVE-2019-19519Dec 4, 2019risk 0.00cvss —epss 0.00
In OpenBSD 6.6, local users can use the su -L option to achieve any login class (often excluding root) because there is a logic error in the main function in su/su.c.
- CVE-2019-19521Dec 4, 2019risk 0.00cvss —epss 0.03
libc in OpenBSD 6.6 allows authentication bypass via the -schallenge username, as demonstrated by smtpd, ldapd, or radiusd. This is related to gen/auth_subr.c and gen/authenticate.c in libc (and login/login.c and xenocara/app/xenodm/greeter/verify.c).
- CVE-2019-19522Dec 4, 2019risk 0.00cvss —epss 0.00
OpenBSD 6.6, in a non-default configuration where S/Key or YubiKey authentication is enabled, allows local users to become root by leveraging membership in the auth group. This occurs because root's file can be written to /etc/skey or /var/db/yubikey, and need not be owned by…
- CVE-2019-7639Feb 8, 2019risk 0.00cvss —epss 0.01
An issue was discovered in gsi-openssh-server 7.9p1 on Fedora 29. If PermitPAMUserChange is set to yes in the /etc/gsissh/sshd_config file, logins succeed with a valid username and an incorrect password, even though a failure entry is recorded in the /var/log/messages file.
- CVE-2018-20685Jan 10, 2019risk 0.00cvss —epss 0.04
In OpenSSH 7.9, scp.c in the scp client allows remote SSH servers to bypass intended access restrictions via the filename of . or an empty filename. The impact is modifying the permissions of the target directory on the client side.
- risk 0.00cvss 7.4epss 0.01
The int_x509_param_set_hosts function in lib/libcrypto/x509/x509_vpm.c in LibreSSL 2.7.0 before 2.7.1 does not support a certain special case of a zero name length, which causes silent omission of hostname verification, and consequently allows man-in-the-middle attackers to…
- CVE-2015-5352Aug 3, 2015risk 0.00cvss —epss 0.05
The x11_open_helper function in channels.c in ssh in OpenSSH before 6.9, when ForwardX11Trusted mode is not used, lacks a check of the refusal deadline for X connections, which makes it easier for remote attackers to bypass intended access restrictions via a connection outside…
- CVE-2014-9424Dec 29, 2014risk 0.00cvss —epss 0.02
Double free vulnerability in the ssl_parse_clienthello_use_srtp_ext function in d1_srtp.c in LibreSSL before 2.1.2 allows remote attackers to cause a denial of service or possibly have unspecified other impact by triggering a certain length-verification error during processing…
- CVE-2014-7250Dec 12, 2014risk 0.00cvss —epss 0.05
The TCP stack in 4.3BSD Net/2, as used in FreeBSD 5.4, NetBSD possibly 2.0, and OpenBSD possibly 3.6, does not properly implement the session timer, which allows remote attackers to cause a denial of service (resource consumption) via crafted packets.
- CVE-2014-9278Dec 6, 2014risk 0.00cvss —epss 0.02
The OpenSSH server, as used in Fedora and Red Hat Enterprise Linux 7 and when running in a Kerberos environment, allows remote authenticated users to log in as another user when they are listed in the .k5users file of that user, which might bypass intended authentication…
- CVE-2013-2125May 27, 2014risk 0.00cvss —epss 0.02
OpenSMTPD before 5.3.2 does not properly handle SSL sessions, which allows remote attackers to cause a denial of service (connection blocking) by keeping a connection open.
- CVE-2013-4548Nov 8, 2013risk 0.00cvss —epss 0.03
The mm_newkeys_from_blob function in monitor_wrap.c in sshd in OpenSSH 6.2 and 6.3, when an AES-GCM cipher is used, does not properly initialize memory for a MAC context data structure, which allows remote authenticated users to bypass intended ForceCommand and login-shell…
- CVE-2011-5000Apr 5, 2012risk 0.00cvss —epss 0.03
The ssh_gssapi_parse_ename function in gss-serv.c in OpenSSH 5.8 and earlier, when gssapi-with-mic authentication is enabled, allows remote authenticated users to cause a denial of service (memory consumption) via a large value in a certain length field. NOTE: there may be…
- CVE-2011-2168May 24, 2011risk 0.00cvss —epss 0.01
Multiple integer overflows in the glob implementation in libc in OpenBSD before 4.9 might allow context-dependent attackers to have an unspecified impact via a crafted string, related to the GLOB_APPEND and GLOB_DOOFFS flags, a different issue than CVE-2011-0418.
Page 4 of 7