VYPR

Vendor CVEs

OpenBSD

All CVEs

337 total · sorted by risk
  • CVE-2000-0309Mar 12, 2001
    risk 0.00cvss epss 0.00

    The i386 trace-trap handling in OpenBSD 2.4 with DDB enabled allows a local user to cause a denial of service.

  • CVE-2000-0310Mar 12, 2001
    risk 0.00cvss epss 0.01

    IP fragment assembly in OpenBSD 2.4 allows a remote attacker to cause a denial of service by sending a large number of fragmented packets.

  • CVE-2000-0312Mar 12, 2001
    risk 0.00cvss epss 0.01

    cron in OpenBSD 2.5 allows local users to gain root privileges via an argv[] that is not NULL terminated, which is passed to cron's fake popen function.

  • CVE-2000-0313Mar 12, 2001
    risk 0.00cvss epss 0.00

    Vulnerability in OpenBSD 2.6 allows a local user to change interface media configurations.

  • CVE-2000-1169Jan 9, 2001
    risk 0.00cvss epss 0.02

    OpenSSH SSH client before 2.3.0 does not properly disable X11 or agent forwarding, which could allow a malicious SSH server to gain access to the X11 display and sniff X11 events, or gain access to the ssh-agent.

  • CVE-2000-0996Dec 19, 2000
    risk 0.00cvss epss 0.01

    Format string vulnerability in OpenBSD su program (and possibly other BSD-based operating systems) allows local attackers to gain root privileges via a malformed shell.

  • CVE-2000-0962Dec 19, 2000
    risk 0.00cvss epss 0.02

    The IPSEC implementation in OpenBSD 2.7 does not properly handle empty AH/ESP packets, which allows remote attackers to cause a denial of service.

  • CVE-2000-0995Dec 19, 2000
    risk 0.00cvss epss 0.01

    Format string vulnerability in OpenBSD yp_passwd program (and possibly other BSD-based operating systems) allows attackers to gain root privileges a malformed name.

  • CVE-2000-0997Dec 19, 2000
    risk 0.00cvss epss 0.01

    Format string vulnerabilities in eeprom program in OpenBSD, NetBSD, and possibly other operating systems allows local attackers to gain root privileges.

  • CVE-2000-1010Dec 11, 2000
    risk 0.00cvss epss 0.05

    Format string vulnerability in talkd in OpenBSD and possibly other BSD-based OSes allows remote attackers to execute arbitrary commands via a user name that contains format characters.

  • CVE-2000-1004Dec 11, 2000
    risk 0.00cvss epss 0.00

    Format string vulnerability in OpenBSD photurisd allows local users to execute arbitrary commands via a configuration file directory name that contains formatting characters.

  • CVE-2000-0750Oct 20, 2000
    risk 0.00cvss epss 0.02

    Buffer overflow in mopd (Maintenance Operations Protocol loader daemon) allows remote attackers to execute arbitrary commands via a long file name.

  • CVE-2000-0525Jun 8, 2000
    risk 0.00cvss epss 0.03

    OpenSSH does not properly drop privileges when the UseLogin option is enabled, which allows local users to execute arbitrary commands by providing the command to the ssh daemon.

  • CVE-2000-0461May 29, 2000
    risk 0.00cvss epss 0.00

    The undocumented semconfig system call in BSD freezes the state of semaphores, which allows local users to cause a denial of service of the semaphore system by using the semconfig call.

  • CVE-2000-0217Feb 24, 2000
    risk 0.00cvss epss 0.01

    The default configuration of SSH allows X forwarding, which could allow a remote attacker to control a client's X sessions via a malicious xauth program.

  • CVE-2000-0143Feb 11, 2000
    risk 0.00cvss epss 0.00

    The SSH protocol server sshd allows local users without shell access to redirect a TCP connection through a service that uses the standard system password database for authentication, such as POP or FTP.

  • CVE-2000-0092Jan 19, 2000
    risk 0.00cvss epss 0.00

    The BSD make program allows local users to modify files via a symlink attack when the -j option is being used.

  • CVE-1999-0001Dec 30, 1999
    risk 0.00cvss epss 0.03

    ip_input.c in BSD-derived TCP/IP implementations allows remote attackers to cause a denial of service (crash or hang) via crafted packets.

  • CVE-1999-1010Dec 14, 1999
    risk 0.00cvss epss 0.01

    An SSH 1.2.27 server allows a client to use the "none" cipher, even if it is not allowed by the server policy.

  • CVE-1999-0724Aug 12, 1999
    risk 0.00cvss epss 0.00

    Buffer overflow in OpenBSD procfs and fdescfs file systems via uio_offset in the readdir() function.

  • CVE-1999-0727Aug 6, 1999
    risk 0.00cvss epss 0.01

    A kernel leak in the OpenBSD kernel allows IPsec packets to be sent unencrypted.

  • CVE-1999-0703Aug 3, 1999
    risk 0.00cvss epss 0.00

    OpenBSD, BSDI, and other Unix operating systems allow users to set chflags and fchflags on character and block devices.

  • CVE-1999-0481Mar 22, 1999
    risk 0.00cvss epss 0.01

    Denial of service in "poll" in OpenBSD.

  • CVE-1999-0482Mar 21, 1999
    risk 0.00cvss epss 0.01

    OpenBSD kernel crash through TSS handling, as caused by the crashme program.

  • CVE-1999-0483Feb 25, 1999
    risk 0.00cvss epss 0.00

    OpenBSD crash using nlink value in FFS and EXT2FS filesystems.

  • CVE-1999-0484Feb 23, 1999
    risk 0.00cvss epss 0.00

    Buffer overflow in OpenBSD ping.

  • CVE-1999-0485Feb 19, 1999
    risk 0.00cvss epss 0.01

    Remote attackers can cause a system crash through ipintr() in ipq in OpenBSD.

  • CVE-1999-0396Feb 17, 1999
    risk 0.00cvss epss 0.01

    A race condition between the select() and accept() calls in NetBSD TCP servers allows remote attackers to cause a denial of service.

  • CVE-1999-0798Dec 4, 1998
    risk 0.00cvss epss 0.02

    Buffer overflow in bootpd on OpenBSD, FreeBSD, and Linux systems via a malformed header type.

  • CVE-1999-0062Aug 3, 1998
    risk 0.00cvss epss 0.01

    The chpass command in OpenBSD allows a local user to gain root access through file descriptor leakage.

  • CVE-1999-0303May 21, 1998
    risk 0.00cvss epss 0.00

    Buffer overflow in BNU UUCP daemon (uucpd) through long hostnames.

  • CVE-1999-0323Feb 20, 1998
    risk 0.00cvss epss 0.01

    FreeBSD mmap function allows users to modify append-only or immutable files.

  • CVE-1999-0304Feb 1, 1998
    risk 0.00cvss epss 0.00

    mmap function in BSD allows local attackers in the kmem group to modify memory through devices.

  • CVE-1999-0305Feb 1, 1998
    risk 0.00cvss epss 0.01

    The system configuration control (sysctl) facility in BSD based operating systems OpenBSD 2.2 and earlier, and FreeBSD 2.2.5 and earlier, does not properly restrict source routed packets even when the (1) dosourceroute or (2) forwarding variables are set, which allows remote…

  • CVE-1999-0061Oct 2, 1997
    risk 0.00cvss epss 0.02

    File creation and deletion, and remote execution, in the BSD line printer daemon (lpd).

  • CVE-1999-1214Sep 15, 1997
    risk 0.00cvss epss 0.00

    The asynchronous I/O facility in 4.4 BSD kernel does not check user credentials when setting the recipient of I/O notification, which allows local users to cause a denial of service by using certain ioctl and fcntl calls to cause the signal to be sent to an arbitrary process ID.

  • CVE-1999-1225Aug 24, 1997
    risk 0.00cvss epss 0.02

    rpc.mountd on Linux, Ultrix, and possibly other operating systems, allows remote attackers to determine the existence of a file on the server by attempting to mount that file, which generates different error messages depending on whether the file exists or not.

Page 7 of 7