Filtered by vendor Openbsd
Subscribe
Total
320 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2001-0572 | 2 Openbsd, Ssh | 2 Openssh, Ssh | 2024-02-28 | 7.5 HIGH | N/A |
The SSH protocols 1 and 2 (aka SSH-2) as implemented in OpenSSH and other packages have various weaknesses which can allow a remote attacker to obtain the following information via sniffing: (1) password lengths or ranges of lengths, which simplifies brute force password guessing, (2) whether RSA or DSA authentication is being used, (3) the number of authorized_keys in RSA authentication, or (4) the lengths of shell commands. | |||||
CVE-2002-1420 | 1 Openbsd | 1 Openbsd | 2024-02-28 | 7.2 HIGH | N/A |
Integer signedness error in select() on OpenBSD 3.1 and earlier allows local users to overwrite arbitrary kernel memory via a negative value for the size parameter, which satisfies the boundary check as a signed integer, but is later used as an unsigned integer during a data copying operation. | |||||
CVE-2004-0084 | 2 Openbsd, Xfree86 Project | 2 Openbsd, X11r6 | 2024-02-28 | 10.0 HIGH | N/A |
Buffer overflow in the ReadFontAlias function in XFree86 4.1.0 to 4.3.0, when using the CopyISOLatin1Lowered function, allows local or remote authenticated users to execute arbitrary code via a malformed entry in the font alias (font.alias) file, a different vulnerability than CVE-2004-0083 and CVE-2004-0106. | |||||
CVE-2001-0554 | 9 Debian, Freebsd, Ibm and 6 more | 11 Debian Linux, Freebsd, Aix and 8 more | 2024-02-28 | 10.0 HIGH | N/A |
Buffer overflow in BSD-based telnetd telnet daemon on various operating systems allows remote attackers to execute arbitrary commands via a set of options including AYT (Are You There), which is not properly handled by the telrcv function. | |||||
CVE-2000-0750 | 3 Netbsd, Openbsd, Redhat | 3 Netbsd, Openbsd, Linux | 2024-02-28 | 7.5 HIGH | N/A |
Buffer overflow in mopd (Maintenance Operations Protocol loader daemon) allows remote attackers to execute arbitrary commands via a long file name. | |||||
CVE-1999-0323 | 4 Bsdi, Freebsd, Netbsd and 1 more | 4 Bsd Os, Freebsd, Netbsd and 1 more | 2024-02-28 | 10.0 HIGH | N/A |
FreeBSD mmap function allows users to modify append-only or immutable files. | |||||
CVE-2004-0416 | 5 Cvs, Gentoo, Openbsd and 2 more | 5 Cvs, Linux, Openbsd and 2 more | 2024-02-28 | 10.0 HIGH | N/A |
Double free vulnerability for the error_prog_name string in CVS 1.12.x through 1.12.8, and 1.11.x through 1.11.16, may allow remote attackers to execute arbitrary code. | |||||
CVE-1999-1214 | 5 Bsd, Freebsd, Netbsd and 2 more | 5 Bsd, Freebsd, Netbsd and 2 more | 2024-02-28 | 2.1 LOW | N/A |
The asynchronous I/O facility in 4.4 BSD kernel does not check user credentials when setting the recipient of I/O notification, which allows local users to cause a denial of service by using certain ioctl and fcntl calls to cause the signal to be sent to an arbitrary process ID. | |||||
CVE-2001-0529 | 1 Openbsd | 1 Openssh | 2024-02-28 | 7.2 HIGH | N/A |
OpenSSH version 2.9 and earlier, with X forwarding enabled, allows a local attacker to delete any file named 'cookies' via a symlink attack. | |||||
CVE-2001-1459 | 1 Openbsd | 1 Openssh | 2024-02-28 | 7.5 HIGH | N/A |
OpenSSH 2.9 and earlier does not initiate a Pluggable Authentication Module (PAM) session if commands are executed with no pty, which allows local users to bypass resource limits (rlimits) set in pam.d. | |||||
CVE-2004-1082 | 8 Apache, Apple, Avaya and 5 more | 14 Http Server, Apache Mod Digest Apple, Communication Manager and 11 more | 2024-02-28 | 7.5 HIGH | N/A |
mod_digest_apple for Apache 1.3.31 and 1.3.32 on Mac OS X Server does not properly verify the nonce of a client response, which allows remote attackers to replay credentials. | |||||
CVE-2001-0268 | 2 Netbsd, Openbsd | 2 Netbsd, Openbsd | 2024-02-28 | 7.2 HIGH | N/A |
The i386_set_ldt system call in NetBSD 1.5 and earlier, and OpenBSD 2.8 and earlier, when the USER_LDT kernel option is enabled, does not validate a call gate target, which allows local users to gain root privileges by creating a segment call gate in the Local Descriptor Table (LDT) with a target that specifies an arbitrary kernel address. | |||||
CVE-1999-0703 | 3 Bsdi, Freebsd, Openbsd | 3 Bsd Os, Freebsd, Openbsd | 2024-02-28 | 3.6 LOW | N/A |
OpenBSD, BSDI, and other Unix operating systems allow users to set chflags and fchflags on character and block devices. | |||||
CVE-2000-0313 | 1 Openbsd | 1 Openbsd | 2024-02-28 | 4.6 MEDIUM | N/A |
Vulnerability in OpenBSD 2.6 allows a local user to change interface media configurations. | |||||
CVE-2003-0078 | 3 Freebsd, Openbsd, Openssl | 3 Freebsd, Openbsd, Openssl | 2024-02-28 | 5.0 MEDIUM | N/A |
ssl3_get_record in s3_pkt.c for OpenSSL before 0.9.7a and 0.9.6 before 0.9.6i does not perform a MAC computation if an incorrect block cipher padding is used, which causes an information leak (timing discrepancy) that may make it easier to launch cryptographic attacks that rely on distinguishing between padding and MAC verification errors, possibly leading to extraction of the original plaintext, aka the "Vaudenay timing attack." | |||||
CVE-2002-1345 | 3 Ncftp Software, Openbsd, Sun | 4 Ncftp, Openbsd, Solaris and 1 more | 2024-02-28 | 5.0 MEDIUM | N/A |
Directory traversal vulnerabilities in multiple FTP clients on UNIX systems allow remote malicious FTP servers to create or overwrite files as the client user via filenames containing /absolute/path or .. (dot dot) sequences. | |||||
CVE-1999-1010 | 1 Openbsd | 1 Openssh | 2024-02-28 | 2.1 LOW | N/A |
An SSH 1.2.27 server allows a client to use the "none" cipher, even if it is not allowed by the server policy. | |||||
CVE-2000-0143 | 2 Openbsd, Ssh | 2 Openssh, Ssh | 2024-02-28 | 4.6 MEDIUM | N/A |
The SSH protocol server sshd allows local users without shell access to redirect a TCP connection through a service that uses the standard system password database for authentication, such as POP or FTP. | |||||
CVE-2004-0687 | 4 Openbsd, Suse, X.org and 1 more | 4 Openbsd, Suse Linux, X11r6 and 1 more | 2024-02-28 | 7.5 HIGH | N/A |
Multiple stack-based buffer overflows in (1) xpmParseColors in parse.c, (2) ParseAndPutPixels in create.c, and (3) ParsePixels in parse.c for libXpm before 6.8.1 allow remote attackers to execute arbitrary code via a malformed XPM image file. | |||||
CVE-1999-0724 | 1 Openbsd | 1 Openbsd | 2024-02-28 | 4.6 MEDIUM | N/A |
Buffer overflow in OpenBSD procfs and fdescfs file systems via uio_offset in the readdir() function. |