Filtered by vendor Openbsd
Subscribe
Total
320 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2006-4435 | 1 Openbsd | 1 Openbsd | 2024-11-21 | 4.9 MEDIUM | N/A |
OpenBSD 3.8, 3.9, and possibly earlier versions allows context-dependent attackers to cause a denial of service (kernel panic) by allocating more semaphores than the default. | |||||
CVE-2006-4304 | 3 Freebsd, Netbsd, Openbsd | 3 Freebsd, Netbsd, Openbsd | 2024-11-21 | 10.0 HIGH | N/A |
Buffer overflow in the sppp driver in FreeBSD 4.11 through 6.1, NetBSD 2.0 through 4.0 beta before 20060823, and OpenBSD 3.8 and 3.9 before 20060902 allows remote attackers to cause a denial of service (panic), obtain sensitive information, and possibly execute arbitrary code via crafted Link Control Protocol (LCP) packets with an option length that exceeds the overall length, which triggers the overflow in (1) pppoe and (2) ippp. NOTE: this issue was originally incorrectly reported for the ppp driver. | |||||
CVE-2006-0883 | 2 Freebsd, Openbsd | 2 Freebsd, Openssh | 2024-11-21 | 5.0 MEDIUM | N/A |
OpenSSH on FreeBSD 5.3 and 5.4, when used with OpenPAM, does not properly handle when a forked child process terminates during PAM authentication, which allows remote attackers to cause a denial of service (client connection refusal) by connecting multiple times to the SSH server, waiting for the password prompt, then disconnecting. | |||||
CVE-2006-0225 | 1 Openbsd | 1 Openssh | 2024-11-21 | 4.6 MEDIUM | N/A |
scp in OpenSSH 4.2p1 allows attackers to execute arbitrary commands via filenames that contain shell metacharacters or spaces, which are expanded twice. | |||||
CVE-2006-0098 | 1 Openbsd | 1 Openbsd | 2024-11-21 | 4.6 MEDIUM | N/A |
The dupfdopen function in sys/kern/kern_descrip.c in OpenBSD 3.7 and 3.8 allows local users to re-open arbitrary files by using setuid programs to access file descriptors using /dev/fd/. | |||||
CVE-2005-4351 | 4 Dragonfly, Freebsd, Linux and 1 more | 4 Dragonfly, Freebsd, Linux Kernel and 1 more | 2024-11-21 | 4.3 MEDIUM | N/A |
The securelevels implementation in FreeBSD 7.0 and earlier, OpenBSD up to 3.8, DragonFly up to 1.2, and Linux up to 2.6.15 allows root users to bypass immutable settings for files by mounting another filesystem that masks the immutable files while the system is running. | |||||
CVE-2005-2798 | 1 Openbsd | 1 Openssh | 2024-11-21 | 5.0 MEDIUM | N/A |
sshd in OpenSSH before 4.2, when GSSAPIDelegateCredentials is enabled, allows GSSAPI credentials to be delegated to clients who log in using non-GSSAPI methods, which could cause those credentials to be exposed to untrusted users or hosts. | |||||
CVE-2005-2797 | 1 Openbsd | 1 Openssh | 2024-11-21 | 5.0 MEDIUM | N/A |
OpenSSH 4.0, and other versions before 4.2, does not properly handle dynamic port forwarding ("-D" option) when a listen address is not provided, which may cause OpenSSH to enable the GatewayPorts functionality. | |||||
CVE-2005-2666 | 1 Openbsd | 1 Openssh | 2024-11-21 | 1.2 LOW | N/A |
SSH, as implemented in OpenSSH before 4.0 and possibly other implementations, stores hostnames, IP addresses, and keys in plaintext in the known_hosts file, which makes it easier for an attacker that has compromised an SSH user's account to generate a list of additional targets that are more likely to have the same password or key. | |||||
CVE-2005-0960 | 1 Openbsd | 1 Openbsd | 2024-11-20 | 5.0 MEDIUM | N/A |
Multiple vulnerabilities in the SACK functionality in (1) tcp_input.c and (2) tcp_usrreq.c OpenBSD 3.5 and 3.6 allow remote attackers to cause a denial of service (memory exhaustion or system crash). | |||||
CVE-2005-0740 | 1 Openbsd | 1 Openbsd | 2024-11-20 | 5.0 MEDIUM | N/A |
The TCP stack (tcp_input.c) in OpenBSD 3.5 and 3.6 allows remote attackers to cause a denial of service (system panic) via crafted values in the TCP timestamp option, which causes invalid arguments to be used when calculating the retransmit timeout. | |||||
CVE-2005-0637 | 1 Openbsd | 1 Openbsd | 2024-11-20 | 5.0 MEDIUM | N/A |
The copy functions in locore.s such as copyout in OpenBSD 3.5 and 3.6, and possibly other BSD based operating systems, may allow attackers to exceed certain address boundaries and modify kernel memory. | |||||
CVE-2005-0356 | 9 Alaxala, Cisco, F5 and 6 more | 76 Alaxala Networks, Agent Desktop, Aironet Ap1200 and 73 more | 2024-11-20 | 5.0 MEDIUM | N/A |
Multiple TCP implementations with Protection Against Wrapped Sequence Numbers (PAWS) with the timestamps option enabled allow remote attackers to cause a denial of service (connection loss) via a spoofed packet with a large timer value, which causes the host to discard later packets because they appear to be too old. | |||||
CVE-2004-2760 | 1 Openbsd | 1 Openssh | 2024-11-20 | 6.8 MEDIUM | N/A |
sshd in OpenSSH 3.5p1, when PermitRootLogin is disabled, immediately closes the TCP connection after a root login attempt with the correct password, but leaves the connection open after an attempt with an incorrect password, which makes it easier for remote attackers to guess the password by observing the connection state, a different vulnerability than CVE-2003-0190. NOTE: it could be argued that in most environments, this does not cross privilege boundaries without requiring leverage of a separate vulnerability. | |||||
CVE-2004-2338 | 1 Openbsd | 1 Openbsd | 2024-11-20 | 7.5 HIGH | N/A |
OpenBSD 3.3 and 3.4 does not properly parse Accept and Deny rules without netmasks on big-endian 64-bit platforms such as SPARC64, which may allow remote attackers to bypass access restrictions. | |||||
CVE-2004-2230 | 1 Openbsd | 1 Openbsd | 2024-11-20 | 2.1 LOW | N/A |
Heap-based buffer overflow in isakmpd on OpenBSD 3.4 through 3.6 allows local users to cause a denial of service (panic) and corrupt memory via IPSEC credentials on a socket. | |||||
CVE-2004-2163 | 1 Openbsd | 1 Openbsd | 2024-11-20 | 7.5 HIGH | N/A |
login_radius on OpenBSD 3.2, 3.5, and possibly other versions does not verify the shared secret in a response packet from a RADIUS server, which allows remote attackers to bypass authentication by spoofing server replies. | |||||
CVE-2004-2069 | 1 Openbsd | 1 Openssh | 2024-11-20 | 5.0 MEDIUM | N/A |
sshd.c in OpenSSH 3.6.1p2 and 3.7.1p2 and possibly other versions, when using privilege separation, does not properly signal the non-privileged process when a session has been terminated after exceeding the LoginGraceTime setting, which leaves the connection open and allows remote attackers to cause a denial of service (connection consumption). | |||||
CVE-2004-1799 | 1 Openbsd | 1 Openbsd | 2024-11-20 | 7.5 HIGH | N/A |
PF in certain OpenBSD versions, when stateful filtering is enabled, does not limit packets for a session to the original interface, which allows remote attackers to bypass intended packet filters via spoofed packets to other interfaces. | |||||
CVE-2004-1653 | 1 Openbsd | 1 Openssh | 2024-11-20 | 6.4 MEDIUM | N/A |
The default configuration for OpenSSH enables AllowTcpForwarding, which could allow remote authenticated users to perform a port bounce, when configured with an anonymous access program such as AnonCVS. |