Vendor CVEs
OpenBSD
All CVEs
337 total · sorted by risk| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2004-0414 | 0.00 | — | 0.04 | Aug 6, 2004 | CVS 1.12.x through 1.12.8, and 1.11.x through 1.11.16, does not properly handle malformed "Entry" lines, which prevents a NULL terminator from being used and may lead to a denial of service (crash), modification of critical program data, or arbitrary code execution. | |||
| CVE-2004-0417 | 0.00 | — | 0.03 | Aug 6, 2004 | Integer overflow in the "Max-dotdot" CVS protocol command (serve_max_dotdot) for CVS 1.12.x through 1.12.8, and 1.11.x through 1.11.16, may allow remote attackers to cause a server crash, which could cause temporary data to remain undeleted and consume disk space. | |||
| CVE-2004-0418 | 0.00 | — | 0.06 | Aug 6, 2004 | serve_notify in CVS 1.12.x through 1.12.8, and 1.11.x through 1.11.16, does not properly handle empty data lines, which may allow remote attackers to perform an "out-of-bounds" write for a single byte to execute arbitrary code or modify critical program data. | |||
| CVE-2004-0482 | 0.00 | — | 0.00 | Jul 7, 2004 | Multiple integer overflows in (1) procfs_cmdline.c, (2) procfs_fpregs.c, (3) procfs_linux.c, (4) procfs_regs.c, (5) procfs_status.c, and (6) procfs_subr.c in procfs for OpenBSD 3.5 and earlier allow local users to read sensitive kernel memory and possibly perform other… | |||
| CVE-2004-0221 | 0.00 | — | 0.04 | May 4, 2004 | isakmpd in OpenBSD 3.4 and earlier allows remote attackers to cause a denial of service (crash) via an ISAKMP packet with a delete payload containing a large number of SPIs, which triggers an out-of-bounds read error, as demonstrated by the Striker ISAKMP Protocol Test Suite. | |||
| CVE-2004-0220 | 0.00 | — | 0.05 | May 4, 2004 | isakmpd in OpenBSD 3.4 and earlier allows remote attackers to cause a denial of service via an ISAKMP packet with a malformed Cert Request payload, which causes an integer underflow that is used in a malloc operation that is not properly handled, as demonstrated by the Striker… | |||
| CVE-2004-0222 | 0.00 | — | 0.04 | May 4, 2004 | Multiple memory leaks in isakmpd in OpenBSD 3.4 and earlier allow remote attackers to cause a denial of service (memory exhaustion) via certain ISAKMP packets, as demonstrated by the Striker ISAKMP Protocol Test Suite. | |||
| CVE-2004-0218 | 0.00 | — | 0.03 | May 4, 2004 | isakmpd in OpenBSD 3.4 and earlier allows remote attackers to cause a denial of service (infinite loop) via an ISAKMP packet with a zero-length payload, as demonstrated by the Striker ISAKMP Protocol Test Suite. | |||
| CVE-2004-0219 | 0.00 | — | 0.03 | May 4, 2004 | isakmpd in OpenBSD 3.4 and earlier allows remote attackers to cause a denial of service (crash) via an ISAKMP packet with a malformed IPSEC SA payload, as demonstrated by the Striker ISAKMP Protocol Test Suite. | |||
| CVE-2004-0171 | 0.00 | — | 0.03 | Mar 15, 2004 | FreeBSD 5.1 and earlier, and Mac OS X before 10.3.4, allows remote attackers to cause a denial of service (resource exhaustion of memory buffers and system crash) via a large number of out-of-sequence TCP packets, which prevents the operating system from creating new connections. | |||
| CVE-2004-0106 | 0.00 | — | 0.00 | Mar 3, 2004 | Multiple unknown vulnerabilities in XFree86 4.1.0 to 4.3.0, related to improper handling of font files, a different set of vulnerabilities than CVE-2004-0083 and CVE-2004-0084. | |||
| CVE-2003-1562 | 0.00 | — | 0.06 | Dec 31, 2003 | sshd in OpenSSH 3.6.1p2 and earlier, when PermitRootLogin is disabled and using PAM keyboard-interactive authentication, does not insert a delay after a root login attempt with the correct password, which makes it easier for remote attackers to use timing differences to… | |||
| CVE-2003-0804 | 0.00 | — | 0.01 | Nov 17, 2003 | The arplookup function in FreeBSD 5.1 and earlier, Mac OS X before 10.2.8, and possibly other BSD-based systems, allows remote attackers on a local subnet to cause a denial of service (resource starvation and panic) via a flood of spoofed ARP requests. | |||
| CVE-2003-0787 | 0.00 | — | 0.02 | Nov 17, 2003 | The PAM conversation function in OpenSSH 3.7.1 and 3.7.1p1 interprets an array of structures as an array of pointers, which allows attackers to modify the stack and possibly gain privileges. | |||
| CVE-2003-0786 | 0.00 | — | 0.03 | Nov 17, 2003 | The SSH1 PAM challenge response authentication in OpenSSH 3.7.1 and 3.7.1p1, when Privilege Separation is disabled, does not check the result of the authentication attempt, which can allow remote attackers to gain privileges. | |||
| CVE-2003-0688 | 0.00 | — | 0.03 | Oct 20, 2003 | The DNS map code in Sendmail 8.12.8 and earlier, when using the "enhdnsbl" feature, does not properly initialize certain data structures, which allows remote attackers to cause a denial of service (process crash) via an invalid DNS response that causes Sendmail to free incorrect… | |||
| CVE-2003-0695 | 0.00 | — | 0.04 | Oct 6, 2003 | Multiple "buffer management errors" in OpenSSH before 3.7.1 may allow attackers to cause a denial of service or execute arbitrary code using (1) buffer_init in buffer.c, (2) buffer_free in buffer.c, or (3) a separate function in channels.c, a different vulnerability than… | |||
| CVE-2003-0693 | 0.00 | — | 0.10 | Sep 22, 2003 | A "buffer management error" in buffer_append_space of buffer.c for OpenSSH before 3.7 may allow remote attackers to execute arbitrary code by causing an incorrect amount of memory to be freed and corrupting the heap, a different vulnerability than CVE-2003-0695. | |||
| CVE-2003-0386 | 0.00 | — | 0.06 | Jul 2, 2003 | OpenSSH 3.6.1 and earlier, when restricting host access by numeric IP addresses and with VerifyReverseMapping disabled, allows remote attackers to bypass "from=" and "user@host" address restrictions by connecting to a host from a system whose reverse DNS hostname contains the… | |||
| CVE-2002-1420 | 0.00 | — | 0.00 | Apr 11, 2003 | Integer signedness error in select() on OpenBSD 3.1 and earlier allows local users to overwrite arbitrary kernel memory via a negative value for the size parameter, which satisfies the boundary check as a signed integer, but is later used as an unsigned integer during a data… | |||
| CVE-2002-2180 | 0.00 | — | 0.01 | Dec 31, 2002 | The setitimer(2) system call in OpenBSD 2.0 through 3.1 does not properly check certain arguments, which allows local users to write to kernel memory and possibly gain root privileges, possibly via an integer signedness error. | |||
| CVE-2002-2280 | 0.00 | — | 0.00 | Dec 31, 2002 | syslogd on OpenBSD 2.9 through 3.2 does not change the source IP address of syslog packets when the machine's IP addressed is changed without rebooting, e.g. via ifconfig, which can cause incorrect information to be sent to the syslog server. | |||
| CVE-2002-2222 | 0.00 | — | 0.01 | Dec 31, 2002 | isakmpd/message.c in isakmpd in FreeBSD before isakmpd-20020403_1, and in OpenBSD 3.1, allows remote attackers to cause a denial of service (crash) by sending Internet Key Exchange (IKE) payloads out of sequence. | |||
| CVE-2002-2188 | 0.00 | — | 0.00 | Dec 31, 2002 | OpenBSD before 3.2 allows local users to cause a denial of service (kernel crash) via a call to getrlimit(2) with invalid arguments, possibly due to an integer signedness error. | |||
| CVE-2002-2092 | 0.00 | — | 0.00 | Dec 31, 2002 | Race condition in exec in OpenBSD 4.0 and earlier, NetBSD 1.5.2 and earlier, and FreeBSD 4.4 and earlier allows local users to gain privileges by attaching a debugger to a process before the kernel has determined that the process is setuid or setgid. | |||
| CVE-2002-1345 | 0.00 | — | 0.03 | Dec 23, 2002 | Directory traversal vulnerabilities in multiple FTP clients on UNIX systems allow remote malicious FTP servers to create or overwrite files as the client user via filenames containing /absolute/path or .. (dot dot) sequences. | |||
| CVE-2002-0766 | 0.00 | — | 0.01 | Aug 12, 2002 | OpenBSD 2.9 through 3.1 allows local users to cause a denial of service (resource exhaustion) and gain root privileges by filling the kernel's file descriptor table and closing file descriptors 0, 1, or 2 before executing a privileged process, which is not properly handled when… | |||
| CVE-2002-0414 | 0.00 | — | 0.01 | Aug 12, 2002 | KAME-derived implementations of IPsec on NetBSD 1.5.2, FreeBSD 4.5, and other operating systems, does not properly consult the Security Policy Database (SPD), which could cause a Security Gateway (SG) that does not use Encapsulating Security Payload (ESP) to forward forged IPv4… | |||
| CVE-2002-0514 | 0.00 | — | 0.02 | Aug 12, 2002 | PF in OpenBSD 3.0 with the return-rst rule sets the TTL to 128 in the RST packet, which allows remote attackers to determine if a port is being filtered because the TTL is different than the default TTL. | |||
| CVE-2000-1208 | 0.00 | — | 0.00 | Aug 12, 2002 | Format string vulnerability in startprinting() function of printjob.c in BSD-based lpr lpd package may allow local users to gain privileges via an improper syslog call that uses format strings from the checkremote() call. | |||
| CVE-2002-0765 | 0.00 | — | 0.01 | Aug 12, 2002 | sshd in OpenSSH 3.2.2, when using YP with netgroups and under certain conditions, may allow users to successfully authenticate and log in with another user's password. | |||
| CVE-2002-0701 | 0.00 | — | 0.00 | Jul 23, 2002 | ktrace in BSD-based operating systems allows the owner of a process with special privileges to trace the process after its privileges have been lowered, which may allow the owner to obtain sensitive information that the process obtained while it was running with the extra… | |||
| CVE-2002-0557 | 0.00 | — | 0.01 | Jul 3, 2002 | Vulnerability in OpenBSD 3.0, when using YP with netgroups in the password database, causes (1) rexec or (2) rsh to run another user's shell, or (3) atrun to change to a different user's directory, possibly due to memory allocation failures or an incorrect call to… | |||
| CVE-2002-0640 | 0.00 | — | 0.27 | Jul 3, 2002 | Buffer overflow in sshd in OpenSSH 2.3.1 through 3.3 may allow remote attackers to execute arbitrary code via a large number of responses during challenge response authentication when OpenBSD is using PAM modules with interactive keyboard authentication… | |||
| CVE-2002-0381 | 0.00 | — | 0.02 | Jun 25, 2002 | The TCP implementation in various BSD operating systems (tcp_input.c) does not properly block connections to broadcast addresses, which could allow remote attackers to bypass intended filters via packets with a unicast link layer address and an IP broadcast address. | |||
| CVE-2001-1585 | 0.00 | — | 0.02 | Dec 31, 2001 | SSH protocol 2 (aka SSH-2) public key authentication in the development snapshot of OpenSSH 2.3.1, available from 2001-01-18 through 2001-02-08, does not perform a challenge-response step to ensure that the client has the proper private key, which allows remote attackers to… | |||
| CVE-2001-1507 | 0.00 | — | 0.02 | Dec 31, 2001 | OpenSSH before 3.0.1 with Kerberos V enabled does not properly authenticate users, which could allow remote attackers to login unchallenged. | |||
| CVE-2001-0872 | 0.00 | — | 0.01 | Dec 21, 2001 | OpenSSH 3.0.1 and earlier with UseLogin enabled does not properly cleanse critical environment variables such as LD_PRELOAD, which allows local users to gain root privileges. | |||
| CVE-2001-0816 | 0.00 | — | 0.02 | Dec 6, 2001 | OpenSSH before 2.9.9, when running sftp using sftp-server and using restricted keypairs, allows remote authenticated users to bypass authorized_keys2 command= restrictions using sftp commands. | |||
| CVE-2001-1415 | 0.00 | — | 0.00 | Nov 13, 2001 | vi.recover in OpenBSD before 3.1 allows local users to remove arbitrary zero-byte files such as device nodes. | |||
| CVE-2001-1380 | 0.00 | — | 0.03 | Oct 18, 2001 | OpenSSH before 2.9.9, while using keypairs and multiple keys of different types in the ~/.ssh/authorized_keys2 file, may not properly handle the "from" option associated with a key, which could allow remote attackers to login from unauthorized IP addresses. | |||
| CVE-2001-1145 | 0.00 | — | 0.00 | Aug 17, 2001 | fts routines in FreeBSD 4.3 and earlier, NetBSD before 1.5.2, and OpenBSD 2.9 and earlier can be forced to change (chdir) into a different directory than intended when the directory above the current directory is moved, which could cause scripts to perform dangerous actions on… | |||
| CVE-2001-0529 | 0.00 | — | 0.01 | Aug 14, 2001 | OpenSSH version 2.9 and earlier, with X forwarding enabled, allows a local attacker to delete any file named 'cookies' via a symlink attack. | |||
| CVE-2001-1244 | 0.00 | — | 0.35 | Jul 7, 2001 | Multiple TCP implementations could allow remote attackers to cause a denial of service (bandwidth and CPU exhaustion) by setting the maximum segment size (MSS) to a very small number and requesting large amounts of data, which generates more packets with less TCP-level data that… | |||
| CVE-2001-0378 | 0.00 | — | 0.00 | Jun 27, 2001 | readline prior to 4.1, in OpenBSD 2.8 and earlier, creates history files with insecure permissions, which allows a local attacker to recover potentially sensitive information via readline history files. | |||
| CVE-2001-0361 | 0.00 | — | 0.03 | Jun 27, 2001 | Implementations of SSH version 1.5, including (1) OpenSSH up to version 2.3.0, (2) AppGate, and (3) ssh-1 up to version 1.2.31, in certain configurations, allow a remote attacker to decrypt and/or alter traffic via a "Bleichenbacher attack" on PKCS#1 version 1.5. | |||
| CVE-2001-1459 | 0.00 | — | 0.02 | Jun 19, 2001 | OpenSSH 2.9 and earlier does not initiate a Pluggable Authentication Module (PAM) session if commands are executed with no pty, which allows local users to bypass resource limits (rlimits) set in pam.d. | |||
| CVE-2001-1047 | 0.00 | — | 0.00 | Jun 2, 2001 | Race condition in OpenBSD VFS allows local users to cause a denial of service (kernel panic) by (1) creating a pipe in one thread and causing another thread to set one of the file descriptors to NULL via a close, or (2) calling dup2 on a file descriptor in one process, then… | |||
| CVE-2001-0284 | 0.00 | — | 0.03 | May 3, 2001 | Buffer overflow in IPSEC authentication mechanism for OpenBSD 2.8 and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary commands via a malformed Authentication header (AH) IPv4 option. | |||
| CVE-2001-0268 | 0.00 | — | 0.01 | May 3, 2001 | The i386_set_ldt system call in NetBSD 1.5 and earlier, and OpenBSD 2.8 and earlier, when the USER_LDT kernel option is enabled, does not validate a call gate target, which allows local users to gain root privileges by creating a segment call gate in the Local Descriptor Table… |
- CVE-2004-0414Aug 6, 2004risk 0.00cvss —epss 0.04
CVS 1.12.x through 1.12.8, and 1.11.x through 1.11.16, does not properly handle malformed "Entry" lines, which prevents a NULL terminator from being used and may lead to a denial of service (crash), modification of critical program data, or arbitrary code execution.
- CVE-2004-0417Aug 6, 2004risk 0.00cvss —epss 0.03
Integer overflow in the "Max-dotdot" CVS protocol command (serve_max_dotdot) for CVS 1.12.x through 1.12.8, and 1.11.x through 1.11.16, may allow remote attackers to cause a server crash, which could cause temporary data to remain undeleted and consume disk space.
- CVE-2004-0418Aug 6, 2004risk 0.00cvss —epss 0.06
serve_notify in CVS 1.12.x through 1.12.8, and 1.11.x through 1.11.16, does not properly handle empty data lines, which may allow remote attackers to perform an "out-of-bounds" write for a single byte to execute arbitrary code or modify critical program data.
- CVE-2004-0482Jul 7, 2004risk 0.00cvss —epss 0.00
Multiple integer overflows in (1) procfs_cmdline.c, (2) procfs_fpregs.c, (3) procfs_linux.c, (4) procfs_regs.c, (5) procfs_status.c, and (6) procfs_subr.c in procfs for OpenBSD 3.5 and earlier allow local users to read sensitive kernel memory and possibly perform other…
- CVE-2004-0221May 4, 2004risk 0.00cvss —epss 0.04
isakmpd in OpenBSD 3.4 and earlier allows remote attackers to cause a denial of service (crash) via an ISAKMP packet with a delete payload containing a large number of SPIs, which triggers an out-of-bounds read error, as demonstrated by the Striker ISAKMP Protocol Test Suite.
- CVE-2004-0220May 4, 2004risk 0.00cvss —epss 0.05
isakmpd in OpenBSD 3.4 and earlier allows remote attackers to cause a denial of service via an ISAKMP packet with a malformed Cert Request payload, which causes an integer underflow that is used in a malloc operation that is not properly handled, as demonstrated by the Striker…
- CVE-2004-0222May 4, 2004risk 0.00cvss —epss 0.04
Multiple memory leaks in isakmpd in OpenBSD 3.4 and earlier allow remote attackers to cause a denial of service (memory exhaustion) via certain ISAKMP packets, as demonstrated by the Striker ISAKMP Protocol Test Suite.
- CVE-2004-0218May 4, 2004risk 0.00cvss —epss 0.03
isakmpd in OpenBSD 3.4 and earlier allows remote attackers to cause a denial of service (infinite loop) via an ISAKMP packet with a zero-length payload, as demonstrated by the Striker ISAKMP Protocol Test Suite.
- CVE-2004-0219May 4, 2004risk 0.00cvss —epss 0.03
isakmpd in OpenBSD 3.4 and earlier allows remote attackers to cause a denial of service (crash) via an ISAKMP packet with a malformed IPSEC SA payload, as demonstrated by the Striker ISAKMP Protocol Test Suite.
- CVE-2004-0171Mar 15, 2004risk 0.00cvss —epss 0.03
FreeBSD 5.1 and earlier, and Mac OS X before 10.3.4, allows remote attackers to cause a denial of service (resource exhaustion of memory buffers and system crash) via a large number of out-of-sequence TCP packets, which prevents the operating system from creating new connections.
- CVE-2004-0106Mar 3, 2004risk 0.00cvss —epss 0.00
Multiple unknown vulnerabilities in XFree86 4.1.0 to 4.3.0, related to improper handling of font files, a different set of vulnerabilities than CVE-2004-0083 and CVE-2004-0084.
- CVE-2003-1562Dec 31, 2003risk 0.00cvss —epss 0.06
sshd in OpenSSH 3.6.1p2 and earlier, when PermitRootLogin is disabled and using PAM keyboard-interactive authentication, does not insert a delay after a root login attempt with the correct password, which makes it easier for remote attackers to use timing differences to…
- CVE-2003-0804Nov 17, 2003risk 0.00cvss —epss 0.01
The arplookup function in FreeBSD 5.1 and earlier, Mac OS X before 10.2.8, and possibly other BSD-based systems, allows remote attackers on a local subnet to cause a denial of service (resource starvation and panic) via a flood of spoofed ARP requests.
- CVE-2003-0787Nov 17, 2003risk 0.00cvss —epss 0.02
The PAM conversation function in OpenSSH 3.7.1 and 3.7.1p1 interprets an array of structures as an array of pointers, which allows attackers to modify the stack and possibly gain privileges.
- CVE-2003-0786Nov 17, 2003risk 0.00cvss —epss 0.03
The SSH1 PAM challenge response authentication in OpenSSH 3.7.1 and 3.7.1p1, when Privilege Separation is disabled, does not check the result of the authentication attempt, which can allow remote attackers to gain privileges.
- CVE-2003-0688Oct 20, 2003risk 0.00cvss —epss 0.03
The DNS map code in Sendmail 8.12.8 and earlier, when using the "enhdnsbl" feature, does not properly initialize certain data structures, which allows remote attackers to cause a denial of service (process crash) via an invalid DNS response that causes Sendmail to free incorrect…
- CVE-2003-0695Oct 6, 2003risk 0.00cvss —epss 0.04
Multiple "buffer management errors" in OpenSSH before 3.7.1 may allow attackers to cause a denial of service or execute arbitrary code using (1) buffer_init in buffer.c, (2) buffer_free in buffer.c, or (3) a separate function in channels.c, a different vulnerability than…
- CVE-2003-0693Sep 22, 2003risk 0.00cvss —epss 0.10
A "buffer management error" in buffer_append_space of buffer.c for OpenSSH before 3.7 may allow remote attackers to execute arbitrary code by causing an incorrect amount of memory to be freed and corrupting the heap, a different vulnerability than CVE-2003-0695.
- CVE-2003-0386Jul 2, 2003risk 0.00cvss —epss 0.06
OpenSSH 3.6.1 and earlier, when restricting host access by numeric IP addresses and with VerifyReverseMapping disabled, allows remote attackers to bypass "from=" and "user@host" address restrictions by connecting to a host from a system whose reverse DNS hostname contains the…
- CVE-2002-1420Apr 11, 2003risk 0.00cvss —epss 0.00
Integer signedness error in select() on OpenBSD 3.1 and earlier allows local users to overwrite arbitrary kernel memory via a negative value for the size parameter, which satisfies the boundary check as a signed integer, but is later used as an unsigned integer during a data…
- CVE-2002-2180Dec 31, 2002risk 0.00cvss —epss 0.01
The setitimer(2) system call in OpenBSD 2.0 through 3.1 does not properly check certain arguments, which allows local users to write to kernel memory and possibly gain root privileges, possibly via an integer signedness error.
- CVE-2002-2280Dec 31, 2002risk 0.00cvss —epss 0.00
syslogd on OpenBSD 2.9 through 3.2 does not change the source IP address of syslog packets when the machine's IP addressed is changed without rebooting, e.g. via ifconfig, which can cause incorrect information to be sent to the syslog server.
- CVE-2002-2222Dec 31, 2002risk 0.00cvss —epss 0.01
isakmpd/message.c in isakmpd in FreeBSD before isakmpd-20020403_1, and in OpenBSD 3.1, allows remote attackers to cause a denial of service (crash) by sending Internet Key Exchange (IKE) payloads out of sequence.
- CVE-2002-2188Dec 31, 2002risk 0.00cvss —epss 0.00
OpenBSD before 3.2 allows local users to cause a denial of service (kernel crash) via a call to getrlimit(2) with invalid arguments, possibly due to an integer signedness error.
- CVE-2002-2092Dec 31, 2002risk 0.00cvss —epss 0.00
Race condition in exec in OpenBSD 4.0 and earlier, NetBSD 1.5.2 and earlier, and FreeBSD 4.4 and earlier allows local users to gain privileges by attaching a debugger to a process before the kernel has determined that the process is setuid or setgid.
- CVE-2002-1345Dec 23, 2002risk 0.00cvss —epss 0.03
Directory traversal vulnerabilities in multiple FTP clients on UNIX systems allow remote malicious FTP servers to create or overwrite files as the client user via filenames containing /absolute/path or .. (dot dot) sequences.
- CVE-2002-0766Aug 12, 2002risk 0.00cvss —epss 0.01
OpenBSD 2.9 through 3.1 allows local users to cause a denial of service (resource exhaustion) and gain root privileges by filling the kernel's file descriptor table and closing file descriptors 0, 1, or 2 before executing a privileged process, which is not properly handled when…
- CVE-2002-0414Aug 12, 2002risk 0.00cvss —epss 0.01
KAME-derived implementations of IPsec on NetBSD 1.5.2, FreeBSD 4.5, and other operating systems, does not properly consult the Security Policy Database (SPD), which could cause a Security Gateway (SG) that does not use Encapsulating Security Payload (ESP) to forward forged IPv4…
- CVE-2002-0514Aug 12, 2002risk 0.00cvss —epss 0.02
PF in OpenBSD 3.0 with the return-rst rule sets the TTL to 128 in the RST packet, which allows remote attackers to determine if a port is being filtered because the TTL is different than the default TTL.
- CVE-2000-1208Aug 12, 2002risk 0.00cvss —epss 0.00
Format string vulnerability in startprinting() function of printjob.c in BSD-based lpr lpd package may allow local users to gain privileges via an improper syslog call that uses format strings from the checkremote() call.
- CVE-2002-0765Aug 12, 2002risk 0.00cvss —epss 0.01
sshd in OpenSSH 3.2.2, when using YP with netgroups and under certain conditions, may allow users to successfully authenticate and log in with another user's password.
- CVE-2002-0701Jul 23, 2002risk 0.00cvss —epss 0.00
ktrace in BSD-based operating systems allows the owner of a process with special privileges to trace the process after its privileges have been lowered, which may allow the owner to obtain sensitive information that the process obtained while it was running with the extra…
- CVE-2002-0557Jul 3, 2002risk 0.00cvss —epss 0.01
Vulnerability in OpenBSD 3.0, when using YP with netgroups in the password database, causes (1) rexec or (2) rsh to run another user's shell, or (3) atrun to change to a different user's directory, possibly due to memory allocation failures or an incorrect call to…
- CVE-2002-0640Jul 3, 2002risk 0.00cvss —epss 0.27
Buffer overflow in sshd in OpenSSH 2.3.1 through 3.3 may allow remote attackers to execute arbitrary code via a large number of responses during challenge response authentication when OpenBSD is using PAM modules with interactive keyboard authentication…
- CVE-2002-0381Jun 25, 2002risk 0.00cvss —epss 0.02
The TCP implementation in various BSD operating systems (tcp_input.c) does not properly block connections to broadcast addresses, which could allow remote attackers to bypass intended filters via packets with a unicast link layer address and an IP broadcast address.
- CVE-2001-1585Dec 31, 2001risk 0.00cvss —epss 0.02
SSH protocol 2 (aka SSH-2) public key authentication in the development snapshot of OpenSSH 2.3.1, available from 2001-01-18 through 2001-02-08, does not perform a challenge-response step to ensure that the client has the proper private key, which allows remote attackers to…
- CVE-2001-1507Dec 31, 2001risk 0.00cvss —epss 0.02
OpenSSH before 3.0.1 with Kerberos V enabled does not properly authenticate users, which could allow remote attackers to login unchallenged.
- CVE-2001-0872Dec 21, 2001risk 0.00cvss —epss 0.01
OpenSSH 3.0.1 and earlier with UseLogin enabled does not properly cleanse critical environment variables such as LD_PRELOAD, which allows local users to gain root privileges.
- CVE-2001-0816Dec 6, 2001risk 0.00cvss —epss 0.02
OpenSSH before 2.9.9, when running sftp using sftp-server and using restricted keypairs, allows remote authenticated users to bypass authorized_keys2 command= restrictions using sftp commands.
- CVE-2001-1415Nov 13, 2001risk 0.00cvss —epss 0.00
vi.recover in OpenBSD before 3.1 allows local users to remove arbitrary zero-byte files such as device nodes.
- CVE-2001-1380Oct 18, 2001risk 0.00cvss —epss 0.03
OpenSSH before 2.9.9, while using keypairs and multiple keys of different types in the ~/.ssh/authorized_keys2 file, may not properly handle the "from" option associated with a key, which could allow remote attackers to login from unauthorized IP addresses.
- CVE-2001-1145Aug 17, 2001risk 0.00cvss —epss 0.00
fts routines in FreeBSD 4.3 and earlier, NetBSD before 1.5.2, and OpenBSD 2.9 and earlier can be forced to change (chdir) into a different directory than intended when the directory above the current directory is moved, which could cause scripts to perform dangerous actions on…
- CVE-2001-0529Aug 14, 2001risk 0.00cvss —epss 0.01
OpenSSH version 2.9 and earlier, with X forwarding enabled, allows a local attacker to delete any file named 'cookies' via a symlink attack.
- CVE-2001-1244Jul 7, 2001risk 0.00cvss —epss 0.35
Multiple TCP implementations could allow remote attackers to cause a denial of service (bandwidth and CPU exhaustion) by setting the maximum segment size (MSS) to a very small number and requesting large amounts of data, which generates more packets with less TCP-level data that…
- CVE-2001-0378Jun 27, 2001risk 0.00cvss —epss 0.00
readline prior to 4.1, in OpenBSD 2.8 and earlier, creates history files with insecure permissions, which allows a local attacker to recover potentially sensitive information via readline history files.
- CVE-2001-0361Jun 27, 2001risk 0.00cvss —epss 0.03
Implementations of SSH version 1.5, including (1) OpenSSH up to version 2.3.0, (2) AppGate, and (3) ssh-1 up to version 1.2.31, in certain configurations, allow a remote attacker to decrypt and/or alter traffic via a "Bleichenbacher attack" on PKCS#1 version 1.5.
- CVE-2001-1459Jun 19, 2001risk 0.00cvss —epss 0.02
OpenSSH 2.9 and earlier does not initiate a Pluggable Authentication Module (PAM) session if commands are executed with no pty, which allows local users to bypass resource limits (rlimits) set in pam.d.
- CVE-2001-1047Jun 2, 2001risk 0.00cvss —epss 0.00
Race condition in OpenBSD VFS allows local users to cause a denial of service (kernel panic) by (1) creating a pipe in one thread and causing another thread to set one of the file descriptors to NULL via a close, or (2) calling dup2 on a file descriptor in one process, then…
- CVE-2001-0284May 3, 2001risk 0.00cvss —epss 0.03
Buffer overflow in IPSEC authentication mechanism for OpenBSD 2.8 and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary commands via a malformed Authentication header (AH) IPv4 option.
- CVE-2001-0268May 3, 2001risk 0.00cvss —epss 0.01
The i386_set_ldt system call in NetBSD 1.5 and earlier, and OpenBSD 2.8 and earlier, when the USER_LDT kernel option is enabled, does not validate a call gate target, which allows local users to gain root privileges by creating a segment call gate in the Local Descriptor Table…
Page 6 of 7