Vulnerabilities (CVE)

Filtered by vendor Openbsd Subscribe
Filtered by product Openbsd
Total 193 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2005-0637 1 Openbsd 1 Openbsd 2024-11-20 5.0 MEDIUM N/A
The copy functions in locore.s such as copyout in OpenBSD 3.5 and 3.6, and possibly other BSD based operating systems, may allow attackers to exceed certain address boundaries and modify kernel memory.
CVE-2005-0356 9 Alaxala, Cisco, F5 and 6 more 76 Alaxala Networks, Agent Desktop, Aironet Ap1200 and 73 more 2024-11-20 5.0 MEDIUM N/A
Multiple TCP implementations with Protection Against Wrapped Sequence Numbers (PAWS) with the timestamps option enabled allow remote attackers to cause a denial of service (connection loss) via a spoofed packet with a large timer value, which causes the host to discard later packets because they appear to be too old.
CVE-2004-2338 1 Openbsd 1 Openbsd 2024-11-20 7.5 HIGH N/A
OpenBSD 3.3 and 3.4 does not properly parse Accept and Deny rules without netmasks on big-endian 64-bit platforms such as SPARC64, which may allow remote attackers to bypass access restrictions.
CVE-2004-2230 1 Openbsd 1 Openbsd 2024-11-20 2.1 LOW N/A
Heap-based buffer overflow in isakmpd on OpenBSD 3.4 through 3.6 allows local users to cause a denial of service (panic) and corrupt memory via IPSEC credentials on a socket.
CVE-2004-2163 1 Openbsd 1 Openbsd 2024-11-20 7.5 HIGH N/A
login_radius on OpenBSD 3.2, 3.5, and possibly other versions does not verify the shared secret in a response packet from a RADIUS server, which allows remote attackers to bypass authentication by spoofing server replies.
CVE-2004-1799 1 Openbsd 1 Openbsd 2024-11-20 7.5 HIGH N/A
PF in certain OpenBSD versions, when stateful filtering is enabled, does not limit packets for a session to the original interface, which allows remote attackers to bypass intended packet filters via spoofed packets to other interfaces.
CVE-2004-1471 6 Cvs, Freebsd, Gentoo and 3 more 6 Cvs, Freebsd, Linux and 3 more 2024-11-20 7.1 HIGH N/A
Format string vulnerability in wrapper.c in CVS 1.12.x through 1.12.8, and 1.11.x through 1.11.16 allows remote attackers with CVSROOT commit access to cause a denial of service (application crash) and possibly execute arbitrary code via format string specifiers in a wrapper line.
CVE-2004-1082 8 Apache, Apple, Avaya and 5 more 14 Http Server, Apache Mod Digest Apple, Communication Manager and 11 more 2024-11-20 7.5 HIGH N/A
mod_digest_apple for Apache 1.3.31 and 1.3.32 on Mac OS X Server does not properly verify the nonce of a client response, which allows remote attackers to replay credentials.
CVE-2004-0819 1 Openbsd 1 Openbsd 2024-11-20 5.0 MEDIUM N/A
The bridge functionality in OpenBSD 3.4 and 3.5, when running a gateway configured as a bridging firewall with the link2 option for IPSec enabled, allows remote attackers to cause a denial of service (crash) via an ICMP echo (ping) packet.
CVE-2004-0688 4 Openbsd, Suse, X.org and 1 more 4 Openbsd, Suse Linux, X11r6 and 1 more 2024-11-20 7.5 HIGH N/A
Multiple integer overflows in (1) the xpmParseColors function in parse.c, (2) XpmCreateImageFromXpmImage, (3) CreateXImage, (4) ParsePixels, and (5) ParseAndPutPixels for libXpm before 6.8.1 may allow remote attackers to execute arbitrary code via a malformed XPM image file.
CVE-2004-0687 4 Openbsd, Suse, X.org and 1 more 4 Openbsd, Suse Linux, X11r6 and 1 more 2024-11-20 7.5 HIGH N/A
Multiple stack-based buffer overflows in (1) xpmParseColors in parse.c, (2) ParseAndPutPixels in create.c, and (3) ParsePixels in parse.c for libXpm before 6.8.1 allow remote attackers to execute arbitrary code via a malformed XPM image file.
CVE-2004-0492 5 Apache, Hp, Ibm and 2 more 7 Http Server, Virtualvault, Vvos and 4 more 2024-11-20 10.0 HIGH N/A
Heap-based buffer overflow in proxy_util.c for mod_proxy in Apache 1.3.25 to 1.3.31 allows remote attackers to cause a denial of service (process crash) and possibly execute arbitrary code via a negative Content-Length HTTP header field, which causes a large amount of data to be copied.
CVE-2004-0482 1 Openbsd 1 Openbsd 2024-11-20 4.6 MEDIUM N/A
Multiple integer overflows in (1) procfs_cmdline.c, (2) procfs_fpregs.c, (3) procfs_linux.c, (4) procfs_regs.c, (5) procfs_status.c, and (6) procfs_subr.c in procfs for OpenBSD 3.5 and earlier allow local users to read sensitive kernel memory and possibly perform other unauthorized activities.
CVE-2004-0418 5 Cvs, Gentoo, Openbsd and 2 more 5 Cvs, Linux, Openbsd and 2 more 2024-11-20 10.0 HIGH N/A
serve_notify in CVS 1.12.x through 1.12.8, and 1.11.x through 1.11.16, does not properly handle empty data lines, which may allow remote attackers to perform an "out-of-bounds" write for a single byte to execute arbitrary code or modify critical program data.
CVE-2004-0417 5 Cvs, Gentoo, Openbsd and 2 more 5 Cvs, Linux, Openbsd and 2 more 2024-11-20 5.0 MEDIUM N/A
Integer overflow in the "Max-dotdot" CVS protocol command (serve_max_dotdot) for CVS 1.12.x through 1.12.8, and 1.11.x through 1.11.16, may allow remote attackers to cause a server crash, which could cause temporary data to remain undeleted and consume disk space.
CVE-2004-0416 5 Cvs, Gentoo, Openbsd and 2 more 5 Cvs, Linux, Openbsd and 2 more 2024-11-20 10.0 HIGH N/A
Double free vulnerability for the error_prog_name string in CVS 1.12.x through 1.12.8, and 1.11.x through 1.11.16, may allow remote attackers to execute arbitrary code.
CVE-2004-0414 5 Cvs, Gentoo, Openbsd and 2 more 5 Cvs, Linux, Openbsd and 2 more 2024-11-20 10.0 HIGH N/A
CVS 1.12.x through 1.12.8, and 1.11.x through 1.11.16, does not properly handle malformed "Entry" lines, which prevents a NULL terminator from being used and may lead to a denial of service (crash), modification of critical program data, or arbitrary code execution.
CVE-2004-0257 2 Netbsd, Openbsd 2 Netbsd, Openbsd 2024-11-20 5.0 MEDIUM N/A
OpenBSD 3.4 and NetBSD 1.6 and 1.6.1 allow remote attackers to cause a denial of service (crash) by sending an IPv6 packet with a small MTU to a listening port and then issuing a TCP connect to that port.
CVE-2004-0222 1 Openbsd 1 Openbsd 2024-11-20 5.0 MEDIUM N/A
Multiple memory leaks in isakmpd in OpenBSD 3.4 and earlier allow remote attackers to cause a denial of service (memory exhaustion) via certain ISAKMP packets, as demonstrated by the Striker ISAKMP Protocol Test Suite.
CVE-2004-0221 1 Openbsd 1 Openbsd 2024-11-20 5.0 MEDIUM N/A
isakmpd in OpenBSD 3.4 and earlier allows remote attackers to cause a denial of service (crash) via an ISAKMP packet with a delete payload containing a large number of SPIs, which triggers an out-of-bounds read error, as demonstrated by the Striker ISAKMP Protocol Test Suite.