Total
193 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2005-0740 | 1 Openbsd | 1 Openbsd | 2024-02-28 | 5.0 MEDIUM | N/A |
The TCP stack (tcp_input.c) in OpenBSD 3.5 and 3.6 allows remote attackers to cause a denial of service (system panic) via crafted values in the TCP timestamp option, which causes invalid arguments to be used when calculating the retransmit timeout. | |||||
CVE-2005-0637 | 1 Openbsd | 1 Openbsd | 2024-02-28 | 5.0 MEDIUM | N/A |
The copy functions in locore.s such as copyout in OpenBSD 3.5 and 3.6, and possibly other BSD based operating systems, may allow attackers to exceed certain address boundaries and modify kernel memory. | |||||
CVE-2006-4436 | 1 Openbsd | 1 Openbsd | 2024-02-28 | 5.0 MEDIUM | N/A |
isakmpd in OpenBSD 3.8, 3.9, and possibly earlier versions, creates Security Associations (SA) with a replay window of size 0 when isakmpd acts as a responder during SA negotiation, which allows remote attackers to replay IPSec packets and bypass the replay protection. | |||||
CVE-2006-0098 | 1 Openbsd | 1 Openbsd | 2024-02-28 | 4.6 MEDIUM | N/A |
The dupfdopen function in sys/kern/kern_descrip.c in OpenBSD 3.7 and 3.8 allows local users to re-open arbitrary files by using setuid programs to access file descriptors using /dev/fd/. | |||||
CVE-2004-0492 | 5 Apache, Hp, Ibm and 2 more | 7 Http Server, Virtualvault, Vvos and 4 more | 2024-02-28 | 10.0 HIGH | N/A |
Heap-based buffer overflow in proxy_util.c for mod_proxy in Apache 1.3.25 to 1.3.31 allows remote attackers to cause a denial of service (process crash) and possibly execute arbitrary code via a negative Content-Length HTTP header field, which causes a large amount of data to be copied. | |||||
CVE-2004-0417 | 5 Cvs, Gentoo, Openbsd and 2 more | 5 Cvs, Linux, Openbsd and 2 more | 2024-02-28 | 5.0 MEDIUM | N/A |
Integer overflow in the "Max-dotdot" CVS protocol command (serve_max_dotdot) for CVS 1.12.x through 1.12.8, and 1.11.x through 1.11.16, may allow remote attackers to cause a server crash, which could cause temporary data to remain undeleted and consume disk space. | |||||
CVE-2003-0144 | 4 Bsd, Freebsd, Lprold and 1 more | 4 Lpr, Freebsd, Lprold and 1 more | 2024-02-28 | 7.2 HIGH | N/A |
Buffer overflow in the lprm command in the lprold lpr package on SuSE 7.1 through 7.3, OpenBSD 3.2 and earlier, and possibly other operating systems, allows local users to gain root privileges via long command line arguments such as (1) request ID or (2) user name. | |||||
CVE-1999-0483 | 1 Openbsd | 1 Openbsd | 2024-02-28 | 2.1 LOW | N/A |
OpenBSD crash using nlink value in FFS and EXT2FS filesystems. | |||||
CVE-1999-0727 | 1 Openbsd | 1 Openbsd | 2024-02-28 | 5.0 MEDIUM | N/A |
A kernel leak in the OpenBSD kernel allows IPsec packets to be sent unencrypted. | |||||
CVE-2002-2280 | 1 Openbsd | 1 Openbsd | 2024-02-28 | 2.1 LOW | N/A |
syslogd on OpenBSD 2.9 through 3.2 does not change the source IP address of syslog packets when the machine's IP addressed is changed without rebooting, e.g. via ifconfig, which can cause incorrect information to be sent to the syslog server. | |||||
CVE-2004-0081 | 23 4d, Apple, Avaya and 20 more | 66 Webstar, Mac Os X, Mac Os X Server and 63 more | 2024-02-28 | 5.0 MEDIUM | N/A |
OpenSSL 0.9.6 before 0.9.6d does not properly handle unknown message types, which allows remote attackers to cause a denial of service (infinite loop), as demonstrated using the Codenomicon TLS Test Tool. | |||||
CVE-2000-0996 | 1 Openbsd | 1 Openbsd | 2024-02-28 | 7.2 HIGH | N/A |
Format string vulnerability in OpenBSD su program (and possibly other BSD-based operating systems) allows local attackers to gain root privileges via a malformed shell. | |||||
CVE-2004-0079 | 23 4d, Apple, Avaya and 20 more | 66 Webstar, Mac Os X, Mac Os X Server and 63 more | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
The do_change_cipher_spec function in OpenSSL 0.9.6c to 0.9.6k, and 0.9.7a to 0.9.7c, allows remote attackers to cause a denial of service (crash) via a crafted SSL/TLS handshake that triggers a null dereference. | |||||
CVE-2002-0381 | 3 Freebsd, Netbsd, Openbsd | 3 Freebsd, Netbsd, Openbsd | 2024-02-28 | 5.0 MEDIUM | N/A |
The TCP implementation in various BSD operating systems (tcp_input.c) does not properly block connections to broadcast addresses, which could allow remote attackers to bypass intended filters via packets with a unicast link layer address and an IP broadcast address. | |||||
CVE-2004-0220 | 1 Openbsd | 1 Openbsd | 2024-02-28 | 10.0 HIGH | N/A |
isakmpd in OpenBSD 3.4 and earlier allows remote attackers to cause a denial of service via an ISAKMP packet with a malformed Cert Request payload, which causes an integer underflow that is used in a malloc operation that is not properly handled, as demonstrated by the Striker ISAKMP Protocol Test Suite. | |||||
CVE-2001-0284 | 1 Openbsd | 1 Openbsd | 2024-02-28 | 10.0 HIGH | N/A |
Buffer overflow in IPSEC authentication mechanism for OpenBSD 2.8 and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary commands via a malformed Authentication header (AH) IPv4 option. | |||||
CVE-2002-0391 | 4 Freebsd, Microsoft, Openbsd and 1 more | 7 Freebsd, Windows 2000, Windows Nt and 4 more | 2024-02-28 | 10.0 HIGH | 9.8 CRITICAL |
Integer overflow in xdr_array function in RPC servers for operating systems that use libc, glibc, or other code based on SunRPC including dietlibc, allows remote attackers to execute arbitrary code by passing a large number of arguments to xdr_array through RPC services such as rpc.cmsd and dmispd. | |||||
CVE-2004-0414 | 5 Cvs, Gentoo, Openbsd and 2 more | 5 Cvs, Linux, Openbsd and 2 more | 2024-02-28 | 10.0 HIGH | N/A |
CVS 1.12.x through 1.12.8, and 1.11.x through 1.11.16, does not properly handle malformed "Entry" lines, which prevents a NULL terminator from being used and may lead to a denial of service (crash), modification of critical program data, or arbitrary code execution. | |||||
CVE-2003-0681 | 8 Apple, Gentoo, Hp and 5 more | 14 Mac Os X, Mac Os X Server, Linux and 11 more | 2024-02-28 | 7.5 HIGH | N/A |
A "potential buffer overflow in ruleset parsing" for Sendmail 8.12.9, when using the nonstandard rulesets (1) recipient (2), final, or (3) mailer-specific envelope recipients, has unknown consequences. | |||||
CVE-2002-0765 | 1 Openbsd | 2 Openbsd, Openssh | 2024-02-28 | 7.5 HIGH | N/A |
sshd in OpenSSH 3.2.2, when using YP with netgroups and under certain conditions, may allow users to successfully authenticate and log in with another user's password. |