VYPR

Vendor CVEs

OpenBSD

All CVEs

337 total · sorted by risk
  • CVE-2004-0414Aug 6, 2004
    risk 0.00cvss epss 0.04

    CVS 1.12.x through 1.12.8, and 1.11.x through 1.11.16, does not properly handle malformed "Entry" lines, which prevents a NULL terminator from being used and may lead to a denial of service (crash), modification of critical program data, or arbitrary code execution.

  • CVE-2004-0417Aug 6, 2004
    risk 0.00cvss epss 0.03

    Integer overflow in the "Max-dotdot" CVS protocol command (serve_max_dotdot) for CVS 1.12.x through 1.12.8, and 1.11.x through 1.11.16, may allow remote attackers to cause a server crash, which could cause temporary data to remain undeleted and consume disk space.

  • CVE-2004-0418Aug 6, 2004
    risk 0.00cvss epss 0.06

    serve_notify in CVS 1.12.x through 1.12.8, and 1.11.x through 1.11.16, does not properly handle empty data lines, which may allow remote attackers to perform an "out-of-bounds" write for a single byte to execute arbitrary code or modify critical program data.

  • CVE-2004-0482Jul 7, 2004
    risk 0.00cvss epss 0.00

    Multiple integer overflows in (1) procfs_cmdline.c, (2) procfs_fpregs.c, (3) procfs_linux.c, (4) procfs_regs.c, (5) procfs_status.c, and (6) procfs_subr.c in procfs for OpenBSD 3.5 and earlier allow local users to read sensitive kernel memory and possibly perform other…

  • CVE-2004-0221May 4, 2004
    risk 0.00cvss epss 0.04

    isakmpd in OpenBSD 3.4 and earlier allows remote attackers to cause a denial of service (crash) via an ISAKMP packet with a delete payload containing a large number of SPIs, which triggers an out-of-bounds read error, as demonstrated by the Striker ISAKMP Protocol Test Suite.

  • CVE-2004-0220May 4, 2004
    risk 0.00cvss epss 0.05

    isakmpd in OpenBSD 3.4 and earlier allows remote attackers to cause a denial of service via an ISAKMP packet with a malformed Cert Request payload, which causes an integer underflow that is used in a malloc operation that is not properly handled, as demonstrated by the Striker…

  • CVE-2004-0222May 4, 2004
    risk 0.00cvss epss 0.04

    Multiple memory leaks in isakmpd in OpenBSD 3.4 and earlier allow remote attackers to cause a denial of service (memory exhaustion) via certain ISAKMP packets, as demonstrated by the Striker ISAKMP Protocol Test Suite.

  • CVE-2004-0218May 4, 2004
    risk 0.00cvss epss 0.03

    isakmpd in OpenBSD 3.4 and earlier allows remote attackers to cause a denial of service (infinite loop) via an ISAKMP packet with a zero-length payload, as demonstrated by the Striker ISAKMP Protocol Test Suite.

  • CVE-2004-0219May 4, 2004
    risk 0.00cvss epss 0.03

    isakmpd in OpenBSD 3.4 and earlier allows remote attackers to cause a denial of service (crash) via an ISAKMP packet with a malformed IPSEC SA payload, as demonstrated by the Striker ISAKMP Protocol Test Suite.

  • CVE-2004-0171Mar 15, 2004
    risk 0.00cvss epss 0.03

    FreeBSD 5.1 and earlier, and Mac OS X before 10.3.4, allows remote attackers to cause a denial of service (resource exhaustion of memory buffers and system crash) via a large number of out-of-sequence TCP packets, which prevents the operating system from creating new connections.

  • CVE-2004-0106Mar 3, 2004
    risk 0.00cvss epss 0.00

    Multiple unknown vulnerabilities in XFree86 4.1.0 to 4.3.0, related to improper handling of font files, a different set of vulnerabilities than CVE-2004-0083 and CVE-2004-0084.

  • CVE-2003-1562Dec 31, 2003
    risk 0.00cvss epss 0.06

    sshd in OpenSSH 3.6.1p2 and earlier, when PermitRootLogin is disabled and using PAM keyboard-interactive authentication, does not insert a delay after a root login attempt with the correct password, which makes it easier for remote attackers to use timing differences to…

  • CVE-2003-0804Nov 17, 2003
    risk 0.00cvss epss 0.01

    The arplookup function in FreeBSD 5.1 and earlier, Mac OS X before 10.2.8, and possibly other BSD-based systems, allows remote attackers on a local subnet to cause a denial of service (resource starvation and panic) via a flood of spoofed ARP requests.

  • CVE-2003-0787Nov 17, 2003
    risk 0.00cvss epss 0.02

    The PAM conversation function in OpenSSH 3.7.1 and 3.7.1p1 interprets an array of structures as an array of pointers, which allows attackers to modify the stack and possibly gain privileges.

  • CVE-2003-0786Nov 17, 2003
    risk 0.00cvss epss 0.03

    The SSH1 PAM challenge response authentication in OpenSSH 3.7.1 and 3.7.1p1, when Privilege Separation is disabled, does not check the result of the authentication attempt, which can allow remote attackers to gain privileges.

  • CVE-2003-0688Oct 20, 2003
    risk 0.00cvss epss 0.03

    The DNS map code in Sendmail 8.12.8 and earlier, when using the "enhdnsbl" feature, does not properly initialize certain data structures, which allows remote attackers to cause a denial of service (process crash) via an invalid DNS response that causes Sendmail to free incorrect…

  • CVE-2003-0695Oct 6, 2003
    risk 0.00cvss epss 0.04

    Multiple "buffer management errors" in OpenSSH before 3.7.1 may allow attackers to cause a denial of service or execute arbitrary code using (1) buffer_init in buffer.c, (2) buffer_free in buffer.c, or (3) a separate function in channels.c, a different vulnerability than…

  • CVE-2003-0693Sep 22, 2003
    risk 0.00cvss epss 0.10

    A "buffer management error" in buffer_append_space of buffer.c for OpenSSH before 3.7 may allow remote attackers to execute arbitrary code by causing an incorrect amount of memory to be freed and corrupting the heap, a different vulnerability than CVE-2003-0695.

  • CVE-2003-0386Jul 2, 2003
    risk 0.00cvss epss 0.06

    OpenSSH 3.6.1 and earlier, when restricting host access by numeric IP addresses and with VerifyReverseMapping disabled, allows remote attackers to bypass "from=" and "user@host" address restrictions by connecting to a host from a system whose reverse DNS hostname contains the…

  • CVE-2002-1420Apr 11, 2003
    risk 0.00cvss epss 0.00

    Integer signedness error in select() on OpenBSD 3.1 and earlier allows local users to overwrite arbitrary kernel memory via a negative value for the size parameter, which satisfies the boundary check as a signed integer, but is later used as an unsigned integer during a data…

  • CVE-2002-2180Dec 31, 2002
    risk 0.00cvss epss 0.01

    The setitimer(2) system call in OpenBSD 2.0 through 3.1 does not properly check certain arguments, which allows local users to write to kernel memory and possibly gain root privileges, possibly via an integer signedness error.

  • CVE-2002-2280Dec 31, 2002
    risk 0.00cvss epss 0.00

    syslogd on OpenBSD 2.9 through 3.2 does not change the source IP address of syslog packets when the machine's IP addressed is changed without rebooting, e.g. via ifconfig, which can cause incorrect information to be sent to the syslog server.

  • CVE-2002-2222Dec 31, 2002
    risk 0.00cvss epss 0.01

    isakmpd/message.c in isakmpd in FreeBSD before isakmpd-20020403_1, and in OpenBSD 3.1, allows remote attackers to cause a denial of service (crash) by sending Internet Key Exchange (IKE) payloads out of sequence.

  • CVE-2002-2188Dec 31, 2002
    risk 0.00cvss epss 0.00

    OpenBSD before 3.2 allows local users to cause a denial of service (kernel crash) via a call to getrlimit(2) with invalid arguments, possibly due to an integer signedness error.

  • CVE-2002-2092Dec 31, 2002
    risk 0.00cvss epss 0.00

    Race condition in exec in OpenBSD 4.0 and earlier, NetBSD 1.5.2 and earlier, and FreeBSD 4.4 and earlier allows local users to gain privileges by attaching a debugger to a process before the kernel has determined that the process is setuid or setgid.

  • CVE-2002-1345Dec 23, 2002
    risk 0.00cvss epss 0.03

    Directory traversal vulnerabilities in multiple FTP clients on UNIX systems allow remote malicious FTP servers to create or overwrite files as the client user via filenames containing /absolute/path or .. (dot dot) sequences.

  • CVE-2002-0766Aug 12, 2002
    risk 0.00cvss epss 0.01

    OpenBSD 2.9 through 3.1 allows local users to cause a denial of service (resource exhaustion) and gain root privileges by filling the kernel's file descriptor table and closing file descriptors 0, 1, or 2 before executing a privileged process, which is not properly handled when…

  • CVE-2002-0414Aug 12, 2002
    risk 0.00cvss epss 0.01

    KAME-derived implementations of IPsec on NetBSD 1.5.2, FreeBSD 4.5, and other operating systems, does not properly consult the Security Policy Database (SPD), which could cause a Security Gateway (SG) that does not use Encapsulating Security Payload (ESP) to forward forged IPv4…

  • CVE-2002-0514Aug 12, 2002
    risk 0.00cvss epss 0.02

    PF in OpenBSD 3.0 with the return-rst rule sets the TTL to 128 in the RST packet, which allows remote attackers to determine if a port is being filtered because the TTL is different than the default TTL.

  • CVE-2000-1208Aug 12, 2002
    risk 0.00cvss epss 0.00

    Format string vulnerability in startprinting() function of printjob.c in BSD-based lpr lpd package may allow local users to gain privileges via an improper syslog call that uses format strings from the checkremote() call.

  • CVE-2002-0765Aug 12, 2002
    risk 0.00cvss epss 0.01

    sshd in OpenSSH 3.2.2, when using YP with netgroups and under certain conditions, may allow users to successfully authenticate and log in with another user's password.

  • CVE-2002-0701Jul 23, 2002
    risk 0.00cvss epss 0.00

    ktrace in BSD-based operating systems allows the owner of a process with special privileges to trace the process after its privileges have been lowered, which may allow the owner to obtain sensitive information that the process obtained while it was running with the extra…

  • CVE-2002-0557Jul 3, 2002
    risk 0.00cvss epss 0.01

    Vulnerability in OpenBSD 3.0, when using YP with netgroups in the password database, causes (1) rexec or (2) rsh to run another user's shell, or (3) atrun to change to a different user's directory, possibly due to memory allocation failures or an incorrect call to…

  • CVE-2002-0640Jul 3, 2002
    risk 0.00cvss epss 0.27

    Buffer overflow in sshd in OpenSSH 2.3.1 through 3.3 may allow remote attackers to execute arbitrary code via a large number of responses during challenge response authentication when OpenBSD is using PAM modules with interactive keyboard authentication…

  • CVE-2002-0381Jun 25, 2002
    risk 0.00cvss epss 0.02

    The TCP implementation in various BSD operating systems (tcp_input.c) does not properly block connections to broadcast addresses, which could allow remote attackers to bypass intended filters via packets with a unicast link layer address and an IP broadcast address.

  • CVE-2001-1585Dec 31, 2001
    risk 0.00cvss epss 0.02

    SSH protocol 2 (aka SSH-2) public key authentication in the development snapshot of OpenSSH 2.3.1, available from 2001-01-18 through 2001-02-08, does not perform a challenge-response step to ensure that the client has the proper private key, which allows remote attackers to…

  • CVE-2001-1507Dec 31, 2001
    risk 0.00cvss epss 0.02

    OpenSSH before 3.0.1 with Kerberos V enabled does not properly authenticate users, which could allow remote attackers to login unchallenged.

  • CVE-2001-0872Dec 21, 2001
    risk 0.00cvss epss 0.01

    OpenSSH 3.0.1 and earlier with UseLogin enabled does not properly cleanse critical environment variables such as LD_PRELOAD, which allows local users to gain root privileges.

  • CVE-2001-0816Dec 6, 2001
    risk 0.00cvss epss 0.02

    OpenSSH before 2.9.9, when running sftp using sftp-server and using restricted keypairs, allows remote authenticated users to bypass authorized_keys2 command= restrictions using sftp commands.

  • CVE-2001-1415Nov 13, 2001
    risk 0.00cvss epss 0.00

    vi.recover in OpenBSD before 3.1 allows local users to remove arbitrary zero-byte files such as device nodes.

  • CVE-2001-1380Oct 18, 2001
    risk 0.00cvss epss 0.03

    OpenSSH before 2.9.9, while using keypairs and multiple keys of different types in the ~/.ssh/authorized_keys2 file, may not properly handle the "from" option associated with a key, which could allow remote attackers to login from unauthorized IP addresses.

  • CVE-2001-1145Aug 17, 2001
    risk 0.00cvss epss 0.00

    fts routines in FreeBSD 4.3 and earlier, NetBSD before 1.5.2, and OpenBSD 2.9 and earlier can be forced to change (chdir) into a different directory than intended when the directory above the current directory is moved, which could cause scripts to perform dangerous actions on…

  • CVE-2001-0529Aug 14, 2001
    risk 0.00cvss epss 0.01

    OpenSSH version 2.9 and earlier, with X forwarding enabled, allows a local attacker to delete any file named 'cookies' via a symlink attack.

  • CVE-2001-1244Jul 7, 2001
    risk 0.00cvss epss 0.35

    Multiple TCP implementations could allow remote attackers to cause a denial of service (bandwidth and CPU exhaustion) by setting the maximum segment size (MSS) to a very small number and requesting large amounts of data, which generates more packets with less TCP-level data that…

  • CVE-2001-0378Jun 27, 2001
    risk 0.00cvss epss 0.00

    readline prior to 4.1, in OpenBSD 2.8 and earlier, creates history files with insecure permissions, which allows a local attacker to recover potentially sensitive information via readline history files.

  • CVE-2001-0361Jun 27, 2001
    risk 0.00cvss epss 0.03

    Implementations of SSH version 1.5, including (1) OpenSSH up to version 2.3.0, (2) AppGate, and (3) ssh-1 up to version 1.2.31, in certain configurations, allow a remote attacker to decrypt and/or alter traffic via a "Bleichenbacher attack" on PKCS#1 version 1.5.

  • CVE-2001-1459Jun 19, 2001
    risk 0.00cvss epss 0.02

    OpenSSH 2.9 and earlier does not initiate a Pluggable Authentication Module (PAM) session if commands are executed with no pty, which allows local users to bypass resource limits (rlimits) set in pam.d.

  • CVE-2001-1047Jun 2, 2001
    risk 0.00cvss epss 0.00

    Race condition in OpenBSD VFS allows local users to cause a denial of service (kernel panic) by (1) creating a pipe in one thread and causing another thread to set one of the file descriptors to NULL via a close, or (2) calling dup2 on a file descriptor in one process, then…

  • CVE-2001-0284May 3, 2001
    risk 0.00cvss epss 0.03

    Buffer overflow in IPSEC authentication mechanism for OpenBSD 2.8 and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary commands via a malformed Authentication header (AH) IPv4 option.

  • CVE-2001-0268May 3, 2001
    risk 0.00cvss epss 0.01

    The i386_set_ldt system call in NetBSD 1.5 and earlier, and OpenBSD 2.8 and earlier, when the USER_LDT kernel option is enabled, does not validate a call gate target, which allows local users to gain root privileges by creating a segment call gate in the Local Descriptor Table…

Page 6 of 7