Vulnerabilities (CVE)

Filtered by vendor Openbsd Subscribe
Total 320 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2003-0144 4 Bsd, Freebsd, Lprold and 1 more 4 Lpr, Freebsd, Lprold and 1 more 2024-11-20 7.2 HIGH N/A
Buffer overflow in the lprm command in the lprold lpr package on SuSE 7.1 through 7.3, OpenBSD 3.2 and earlier, and possibly other operating systems, allows local users to gain root privileges via long command line arguments such as (1) request ID or (2) user name.
CVE-2003-0078 3 Freebsd, Openbsd, Openssl 3 Freebsd, Openbsd, Openssl 2024-11-20 5.0 MEDIUM N/A
ssl3_get_record in s3_pkt.c for OpenSSL before 0.9.7a and 0.9.6 before 0.9.6i does not perform a MAC computation if an incorrect block cipher padding is used, which causes an information leak (timing discrepancy) that may make it easier to launch cryptographic attacks that rely on distinguishing between padding and MAC verification errors, possibly leading to extraction of the original plaintext, aka the "Vaudenay timing attack."
CVE-2003-0028 10 Cray, Freebsd, Gnu and 7 more 13 Unicos, Freebsd, Glibc and 10 more 2024-11-20 7.5 HIGH N/A
Integer overflow in the xdrmem_getbytes() function, and possibly other functions, of XDR (external data representation) libraries derived from SunRPC, including libnsl, libc, glibc, and dietlibc, allows remote attackers to execute arbitrary code via certain integer values in length fields, a different vulnerability than CVE-2002-0391.
CVE-2002-2280 1 Openbsd 1 Openbsd 2024-11-20 2.1 LOW N/A
syslogd on OpenBSD 2.9 through 3.2 does not change the source IP address of syslog packets when the machine's IP addressed is changed without rebooting, e.g. via ifconfig, which can cause incorrect information to be sent to the syslog server.
CVE-2002-2222 2 Freebsd, Openbsd 2 Ports Collection, Openbsd 2024-11-20 5.1 MEDIUM N/A
isakmpd/message.c in isakmpd in FreeBSD before isakmpd-20020403_1, and in OpenBSD 3.1, allows remote attackers to cause a denial of service (crash) by sending Internet Key Exchange (IKE) payloads out of sequence.
CVE-2002-2188 1 Openbsd 1 Openbsd 2024-11-20 4.9 MEDIUM N/A
OpenBSD before 3.2 allows local users to cause a denial of service (kernel crash) via a call to getrlimit(2) with invalid arguments, possibly due to an integer signedness error.
CVE-2002-2180 1 Openbsd 1 Openbsd 2024-11-20 6.8 MEDIUM N/A
The setitimer(2) system call in OpenBSD 2.0 through 3.1 does not properly check certain arguments, which allows local users to write to kernel memory and possibly gain root privileges, possibly via an integer signedness error.
CVE-2002-2092 3 Freebsd, Netbsd, Openbsd 3 Freebsd, Netbsd, Openbsd 2024-11-20 3.7 LOW N/A
Race condition in exec in OpenBSD 4.0 and earlier, NetBSD 1.5.2 and earlier, and FreeBSD 4.4 and earlier allows local users to gain privileges by attaching a debugger to a process before the kernel has determined that the process is setuid or setgid.
CVE-2002-1915 3 Freebsd, Netbsd, Openbsd 3 Freebsd, Netbsd, Openbsd 2024-11-20 2.1 LOW 5.5 MEDIUM
tip on multiple BSD-based operating systems allows local users to cause a denial of service (execution prevention) by using flock() to lock the /var/log/acculog file.
CVE-2002-1420 1 Openbsd 1 Openbsd 2024-11-20 7.2 HIGH N/A
Integer signedness error in select() on OpenBSD 3.1 and earlier allows local users to overwrite arbitrary kernel memory via a negative value for the size parameter, which satisfies the boundary check as a signed integer, but is later used as an unsigned integer during a data copying operation.
CVE-2002-1345 3 Ncftp Software, Openbsd, Sun 4 Ncftp, Openbsd, Solaris and 1 more 2024-11-20 5.0 MEDIUM N/A
Directory traversal vulnerabilities in multiple FTP clients on UNIX systems allow remote malicious FTP servers to create or overwrite files as the client user via filenames containing /absolute/path or .. (dot dot) sequences.
CVE-2002-1221 3 Freebsd, Isc, Openbsd 3 Freebsd, Bind, Openbsd 2024-11-20 5.0 MEDIUM N/A
BIND 8.x through 8.3.3 allows remote attackers to cause a denial of service (crash) via SIG RR elements with invalid expiry times, which are removed from the internal BIND database and later cause a null dereference.
CVE-2002-1220 3 Freebsd, Isc, Openbsd 3 Freebsd, Bind, Openbsd 2024-11-20 5.0 MEDIUM N/A
BIND 8.3.x through 8.3.3 allows remote attackers to cause a denial of service (termination due to assertion failure) via a request for a subdomain that does not exist, with an OPT resource record with a large UDP payload size.
CVE-2002-1219 3 Freebsd, Isc, Openbsd 3 Freebsd, Bind, Openbsd 2024-11-20 7.5 HIGH N/A
Buffer overflow in named in BIND 4 versions 4.9.10 and earlier, and 8 versions 8.3.3 and earlier, allows remote attackers to execute arbitrary code via a certain DNS server response containing SIG resource records (RR).
CVE-2002-0766 1 Openbsd 1 Openbsd 2024-11-20 7.2 HIGH N/A
OpenBSD 2.9 through 3.1 allows local users to cause a denial of service (resource exhaustion) and gain root privileges by filling the kernel's file descriptor table and closing file descriptors 0, 1, or 2 before executing a privileged process, which is not properly handled when OpenBSD fails to open an alternate descriptor.
CVE-2002-0765 1 Openbsd 2 Openbsd, Openssh 2024-11-20 7.5 HIGH N/A
sshd in OpenSSH 3.2.2, when using YP with netgroups and under certain conditions, may allow users to successfully authenticate and log in with another user's password.
CVE-2002-0701 2 Freebsd, Openbsd 2 Freebsd, Openbsd 2024-11-20 2.1 LOW N/A
ktrace in BSD-based operating systems allows the owner of a process with special privileges to trace the process after its privileges have been lowered, which may allow the owner to obtain sensitive information that the process obtained while it was running with the extra privileges.
CVE-2002-0640 1 Openbsd 1 Openssh 2024-11-20 10.0 HIGH N/A
Buffer overflow in sshd in OpenSSH 2.3.1 through 3.3 may allow remote attackers to execute arbitrary code via a large number of responses during challenge response authentication when OpenBSD is using PAM modules with interactive keyboard authentication (PAMAuthenticationViaKbdInt).
CVE-2002-0639 1 Openbsd 1 Openssh 2024-11-20 10.0 HIGH 9.8 CRITICAL
Integer overflow in sshd in OpenSSH 2.9.9 through 3.3 allows remote attackers to execute arbitrary code during challenge response authentication (ChallengeResponseAuthentication) when OpenSSH is using SKEY or BSD_AUTH authentication.
CVE-2002-0575 1 Openbsd 1 Openssh 2024-11-20 7.5 HIGH N/A
Buffer overflow in OpenSSH before 2.9.9, and 3.x before 3.2.1, with Kerberos/AFS support and KerberosTgtPassing or AFSTokenPassing enabled, allows remote and local authenticated users to gain privileges.